By Yardena Arar LAS VEGAS
The long-awaited replacement to Wi-Fi's weak built-in security algorithm has finally arrived, with several major vendors at the Networld+Interop trade show in Las Vegas announcing products or plans to support the upgrade in existing products through software upgrades.
The Wi-Fi Alliance, the industry group that certifies interoperability between Wi-Fi products from different vendors, announced Tuesday that nine products from six vendors are the first to be certified under a new program. Atheros Communications, Broadcom, Cisco Systems, Intel, Intersil, and Symbol Technologies products meet specifications for the new security technology, called Wi-Fi Protected Access (WPA).
Those 9 products are a small subset of the nearly 700 products that the Wireless Ethernet Alliance has certified for either 802.11b (11 mbps, 2.4 GHz) or 802.11a (54 Mbps, 5 GHz) Wi-Fi interoperability. Nevertheless, they include reference designs from three Wi-Fi chip vendors — Atheros, Broadcom, and Intersil — that together supply chips for most Wi-Fi adapters and access points. Consequently, the many vendors whose Wi-Fi components use those designs can produce WPA products very quickly.
For example, Buffalo Technology (USA) says that it will ship its first WPA-enabled products in May. Those will include a broadband router/access point, the $US199 54-Mbps draft-802.11g AirStation G54; and its first WPA-enabled PC Card, the $US119 AirStation G54 Wireless Notebook Adapter.
In addition, industry observers expect many vendors to support WPA security in existing products through downloadable software updates within the next few weeks. Vendors will post information on their Web sites. Upgrades may not be available for some older equipment, rendering it unable to access a WAP-secured network.
In general, any equipment based on the draft 802.11g standard (54 Mbps on the 2.4-GHz band) should be software-upgradeable since most of it is based on Broadcom's chips. The Alliance has said that it will begin certifying 802.11g products when that standard is ratified, which is on track to happen in June, according to officials.
Besides products from the trio of chip vendors, a handful of other wares are in the first group of WPA certifications. Products include Cisco's AIR AP1230B access point, Intel's Pro/Wireless 2100 LAN 3B Mini-PCI Adapter (used in Centrino notebooks), and Symbol Technologies Inc.'s Wireless Networker CompactFlash Wireless LAN Adapter Model LA-4137.
Setting the Standard
Announced last fall, WPA is a subset of the IEEE's more complete 802.11i security standard, which remains some 15 months away from certification and may require changes in hardware. The Wireless Ethernet Alliance decided to support WPA with a certification program partly because its members did not want to wait so long for a fix to vulnerabilities in Wired Equivalent Privacy (WEP), the existing Wi-Fi security algorithm. Also, members wanted a security upgrade that a software upgrade could in most cases provide.
WPA improves on WEP in several ways. It uses Temporal Key Integrity Protocol (TKIP), which constructs encryption keys differently; and it also employs the IEEE 802.1x access control protocol (usable on wired networks as well). Though access control requires special server software most commonly found on a corporate network, WPA improves the security of home and small-office networks that don't use such servers, thanks to its use of TKIP.
Eventually, the 802.11i standard will incorporate AES encryption. Thus far, no major flaws in either the TKIP-based WPA or the upcoming AES-based 802.11i technology have been publicized. These new measures are expected to increase the deployment of wireless networks, especially in businesses that have shied away from them because of security concerns.
Products that have passed WPA certification will be able to use a new Wi-Fi Alliance label. By later this year, WPA will be required for Wi-Fi certification of new products, alliance officials say.