The Wi-Fi Alliance has expanded WPA2 to include two additional EAP types, and has affirmed that its 802.11n certification program will not have to change with the finalization of the standard.
The Wi-Fi Alliance recently announced the expansion of its Wi-Fi Protected Access (WPA2) Enterprise security support to include two additional extensible authentication protocol (EAP) types, EAP-FAST and EAP-AKA. A number of additional enterprise certification programs are planned for the coming months, along with the anticipated finalization of the 802.11n standard in September of this year.
Rachna Ahlawat, vice president of marketing at Meru Networks, says the key benefit of the addition of EAP-FAST and EAP-AKA to WPA2 lies in the fact that doing so expands the role of the wireless LAN by vastly improving support for fixed/mobile convergence. “The two new [EAP types] that they’ve introduced, compared to the ones that they had earlier, these are more cellular-focused… and that’s good news for Wi-Fi vendors like us, because it allows us to expand the role of wireless networking,” she says.
Wi-Fi Alliance executive director Edgar Figueroa agrees, describing EAP-AKA as a next-generation SIM protocol. “We already have EAP-SIM as a part of our program, but this EAP-AKA addition really supports in a strong way what’s happening in the 3G space… Wi-Fi is expected to see large volumes into the handset space—there are a lot of converged services that we’re seeing out there—and this EAP-AKA authentication will allow service providers and end users to experience more seamless authentication and security on their handsets,” he says.
And EAP-FAST, which was initially developed by Cisco, can significantly improve ease of deployment. “Many of the EAP protocols require equipment and configuration of the clients, and so there’s a lot of planning and time investment and effort up front,” Figueroa says. “EAP-FAST eliminates some of that, and instead allows you to do a deployment that requires less investment up front—and then the clients as they join the network are authenticated through password mechanisms.”
The larger purpose of adding these EAP types, Figueroa says, is simply to make life easier for systems administrators by maximizing interoperability and flexibility. “It’s really to allow them to pick and choose the authentication, the network entry mechanism, that they’re most comfortable with—and to have Wi-Fi seamlessly integrate into that framework… ultimately, the goal is to have Wi-Fi be as seamless a network service as possible, and to have that just plug into whatever a network administrator already wished to do with their security encryption and authentication,” he says.
One of the additional programs planned for the coming months, Figueroa says, is WMM-Admission Control. “It will leverage some of the QoS mechanisms of 802.11e to manage access to network resources and optimize QoS,” he says. “I think of this as the ‘busy signal’ on the network—by having that, we’re able to ensure the quality of the communications that are presently on the network… and an elegant management of any new multimedia communications that may be requested to come into the network.”
Similarly, the planned Voice-Enterprise program is an enterprise-level follow-up to the Wi-Fi Alliance’s Voice-Personal certification. “In the Voice-Personal program, which is available now, we are testing up to four concurrent calls, and we’re testing some very strict metrics that must be maintained in order for equipment to gain that certification, things like under 50ms latency and jitter, and less than one percent packet loss… with the Voice-Enterprise program, we’re taking that to dozens of concurrent calls, and we’re testing the voice performance on Wi-Fi networks with multiple access points,” Figueroa says.
A third program, Wireless Network Management, provides additional management and performance capabilities. “Wireless Network Management delivers improved power management and power savings, and it delivers mechanisms for network analysis, network performance, debugging and troubleshooting… it pulls in a number of ingredients from a range of technologies to deliver a network administrator a very robust set of tools to monitor, troubleshoot and manage a wireless network—and it also provides some intelligence that enables the network itself to function more dynamically and self-tune,” Figueroa says.
And an additional update is planned for WPA2 security testing to include management frame protection. “This will protect against network disruptions caused by requests from invalid equipment,” Figueroa says. “And naturally, with WPA, we are also going to continue to monitor the authentication protocol landscape—and whenever there’s a change warranted, we’ll do that.”
Finally, with the IEEE’s finalization of 802.11n anticipated in September of this year, the Wi-Fi Alliance is now stating that the baseline requirements of its 802.11n certification program will not have to change. “Our Draft 2.0 equipment will be fully interoperable with the full 802.11n protocol, and we will update our program just to include some additional features that are included in the final n program from IEEE… in fact, Draft 2.0 products will be allowed to claim to be fully 802.11n certified now,” said Figueroa.