Today's 802.11b Networking News could be sponsored by you, reaching thousands of lucky readers every day.
The above could have been a paid, sponsored link. Contact us for more information.
Wi-Fi Alliance pushes interim WEP replacement [InfoWorld] and press release: The Wi-Fi Alliance, the trade group that certifies the Wi-Fi interoperability standard for 802.11a and 802.11b networking equipment, announced today that it would require a new interim security specification called Wi-Fi Protected Access (WPA) to be included in devices by next fall. WPA relies on the interim version of work coming from the IEEE 802.11i task group, which is producing both a backwards compatible and more robust encryption protocol that will work as a first line of defense for Wi-Fi. WPA also supports 802.1x and EAP to allow simply integration with existing enterprise authentication systems.
WPA instead of relying on fixed WEP encryption keys will use instead a network password that will initiate key rotation every 10,000 bytes of data using the 802.11i's Temporal Key Integrity Protocol (TKIP). TKIP is seen as an upgradable option for equipment already on the market. The Wi-Fi Alliance will begin certifying compliance with WPA in February 2003, and require it in all devices for certification by next fall. All devices in a Wi-Fi network would need to be upgraded to WPA for the system to work.
WPA can't be seen as a panacea for securing Wi-Fi connections, but it does represent an appropriate secure alternative for home users and small businesses that otherwise lack the resources or simply don't need more robust secure connections. WPA uses a larger initialization vector and fixes the integrity problem that could allow modified packets to transit, but for non-802.1x/EAP installations doesn't rekey. This means that it's still possible for a user with access to the actual keys (by which mechanism, I don't know) to view all traffic on a wireless segment. It definitely raises the bar, however, because of the key rotation issue. Of course, WPA is secure just from an access point to a client. Plugging into an Ethernet port on an untrusted network would allow full snooping capability. WPA stops wireless sniffing and unauthorized access.
Proxim has already announced support for the WPA standard in a news release this morning. Proxim has several lines of 802.11a and 802.11b equipment, including their recently concluded acquisition of the Orinoco line from Agere. Texas Instruments sent a release out later in the morning also pledging near-term support for WPA for existing products. Colubris announced support as well. A report indicated that Intersil and Atmel will also support the standard.
Forbes covered WPA later in the day but got the story wrong. Wardriving and snooping won't stop because of WPA. Rather, WPA puts a potentially realistic first line of defense into effect. The writer's optimistic final line that wardriving will be over in a year neglects the fact that most people aren't turning WEP on. WPA doesn't make encryption mandatory, it just simplifies the process of deciding on a network key while simultaneously fixing encryption failings.
Other News
Bell Canada to install WLANs: Bell Canada will build robust, authenticated enterprise WLANs for businesses. They're another entrant into the WLAN services market, which IBM Global Services and a division of HP are already ostensibly producing 7-digit revenue from. [via Alan Reiter]