Feeds

Wi-Fi Alliance tries again on wireless security

WPA to succeed where WEP failed?

  • alert
  • submit to reddit

HP ProLiant Gen8: Integrated lifecycle automation

The Wi-Fi Alliance aims to make it easier to build robust security into wireless LANS with the announcement yesterday of a successor to the flawed WEP (Wired Equivalent Privacy) protocol.

Wi-Fi Protected Access (WPA) uses a higher level of encryption and brings in dynamic key exchange functions absent with WEP. WPA is designed to work with existing products and is expected to first appear in Wi-Fi certified products during the first quarter of next year.

Most vendors are expected to offer firmware and software updates for Wi-Fi certified products currently in use in order to bring in WPA. Use of the protocol will be mandatory in products certified by the Wi-Fi Alliance from August next year.

WPA is based on a subset of features found in the 802.11i Robust Security Network amendment to the existing wireless LAN standard.

802.11i is not expected to be ratified till the back end of next year and the industry can't afford to wait that long, Kirk Alchorne, European director at the Wi-Fi Alliance and an access product manager at Nokia, told us.

Alchorne was candid in admitting concerns about the security of wireless LANS were hold back deployment.

Virtual Private Networks offer a way to secure 802.11b or 802.11a wireless LANS but they impose a performance overhead and the approach is not suited to everyone, he said. Alchorne added that security appliances (from the likes of Bluesocket) or proprietary extensions to WEP fail to take interoperability and standardisation, hence the need for WPA.

WEP, which is relatively easy to circumvent using tools such as AirSnort, is often not used at all - as this week's second WorldWide WarDrive is expected to confirm. It is better than nothing, though, and the advice from the Wi-Fi Alliance is to continue to use WEP until WPA comes along.

Alchorne said that making WPA far easier to implement and more inherently secure than WEP will encourage wider deployment for WPA than its insecure predecessor every achieved. ®

Related Stories

RSA supplies answer to drive-by hacking?
Tool dumbs down wireless hacking
Rogue WLANS - the next security battlefield?
Wireless security is even flakier than we thought

External Links

FAQ on WPA

Reducing security risks from open source software

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
Carbon tax repeal won't see data centre operators cut prices
Rackspace says electricity isn't a major cost, Equinix promises 'no levy'
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.