Wi-Fi hikes security by adding to WPA2 requirements

Vendors will need to support a cell-to-Wi-Fi handoff standard and a tunneled authentication system

The Wi-Fi Alliance has expanded its WPA2 certification program to include a tool for secure handoffs between Wi-Fi and 3G networks, as well as an authentication system that uses multiple secured tunnels.

WPA2 (Wi-Fi Protected Access 2) is the most advanced security standard for Wi-Fi. The WPA2 certification program already included five other EAP (extensible authentication protocol) methods.

The Wi-Fi Alliance tests routers, access points and client devices for interoperability using certain protocols and certifies them with its logo.

The newly added protocols, EAP-AKA (Authentication and Key Agreement) and EAP-FAST (Flexible Authentication via Secure Tunneling), are designed to better secure enterprise Wi-Fi LANs.

EAP-AKA was developed by the 3GPP (Third-Generation Partnership Project), the main standards body for 3G networks, and has been in use for a few years on both UMTS (Universal Mobile Telecommunications System) and CDMA2000 (Code-Division Multiple Access) networks.

It allows for the handoff of calls between cellular and Wi-Fi networks using a single user identifier.

As more mobile phones are equipped with Wi-Fi and more laptops and netbooks gain cellular data capability, having a standard way to shift calls from paid carrier networks to free Wi-Fi could be valuable, especially in enterprises that have rolled out Wi-Fi across their offices.

Cisco Systems created EAP-FAST several years ago as a replacement for its LEAP (Lightweight EAP), which was found to be vulnerable to certain types of attacks.

Those included "dictionary" attacks, so-called because they generate a series of likely guesses at the network's decryption key or passphrase. EAP-FAST is now an open international standard.

For the next 90 days, support for the two newly added EAP types will be optional in WPA2-certified products, said Edgar Figueroa, executive director of the Wi-Fi Alliance.

After that, WPA2 certification will require support for all seven EAP types, except in certain special cases.

Any product that gets a firmware upgrade after the grace period will have to be re-certified under the new requirements, Figueroa said.

Join the CSO newsletter!

Error: Please check your email address.

Tags Wi-Fiwpa2wirelesswireless security

More about ASTCiscoCiscoDMAUMTS

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Lawson

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place