WLAN industry rolls out new Wi-Fi security plan

Computerworld - Wireless LAN manufacturers plan to beef up security for their products with harder-to-break keys and an industrywide authentication plan targeted at corporate users through a program called Wi-Fi Protected Access (WPA) (download PDF).
The effort was announced today by the Wi-Fi Alliance industry trade group.
Dennis Eaton, chairman of the Mountain View, Calif.-based Wi-Fi Alliance, said vendors in February should start rolling out certified products featuring key components of WPA. WPA provides companies with a built-in mechanism based on the Extensible Authentication Protocol to authenticate the identity of users. The protocol runs on Remote Authentication Dial-In User Service network servers.
WPA also replaces the static encryption keys incorporated into the current Wi-Fi Wired Equivalent Protocol (WEP) with harder-to-crack dynamic keys through use of the Temporal Key Integrity Protocol (TKIP), part of the draft Institute for Electrical and Electronics 802.i standard expected to be approved in 2004.
In addition, WPA includes a message integrity check-sum called "Michael" that will help network administrators determine whether or not an unauthorized user has tried to intercept and decode TKIP keys.
Home Wi-Fi users will be able to take advantage of the TKIP portion of WPA, but not the authentication portion, Eaton said.
John Pescatore, an analyst at Gartner Inc. in Stamford, Conn., said WPA marks industrywide acceptance of the Safe Secure Networks project developed by industry heavyweights such as Microsoft Corp. and Cisco Systems Inc. this spring to improve wireless LAN security (see story).
The fix comes none too soon for an industry that is enjoying phenomenal growth, analysts said. In-Stat MDR, a Scottsdale, Ariz.-based research firm, predicted that Wi-Fi WLAN hardware shipments will hit 33 million units in 2006, up from 6 million this year, with the majority used for home networking.
Eaton said WPA is the industry effort to correct well-known flaws in WEP and counter individual and organized WLAN sniffing projects such as the ongoing, second WorldWide WarDrive in which hobbyists detect and map WLAN access points. He emphasized that WPA is an interim fix until the IEEE approves the 802.1 standard, which besides TKIP also includes the new, strong federally backed Advanced Encryption Standard (AES).
WPA is designed to be backward-compatible with existing WLAN hardware and forward-compatible with the 802.1 standard, Eaton said. Vendors are developing fixes that users can download from Web sites once their WPA products are certified next year. Some of these fixes will be in firmware, while others may have to run as client software, Eaton added.
Eric Wolbrom, president of Safe Harbor Technologies, a Katonah,