Original URL: http://www.theregister.co.uk/2004/05/03/easy_wifi_security/

Broadcom simplifies Wi-Fi security set-up

Full WPA cover in two steps

By Tony Smith

Posted in Broadband, 3rd May 2004 08:41 GMT

Wi-Fi chip maker Broadcom today unveiled software that it says will make setting up secure WLANs significantly easier.

The software, dubbed SecureEZsetup, provides a simple two-step set-up wizard that configures both the access point and the PC client using the Wi-Fi Protected Access (WPA) TKIP security system.

Users setting up a WLAN for the first time are asked to provide the answers to two "easy-to-remember" questions. These answers are used to create the appropriate authentication and data encryption keys, plus the access point's unique SSID, details of which are provided to the user.

If more PC clients are added to the WLAN at a later date, the software asks for that information before configuring the client-side settings.

In order to ensure that the correct access point is configured, the wizard will only talk to access points that have been operational for less than an hour.

"We assume the user has taken the equipment straight out of the box and plugged it in," Gordon Lindsay, Broadcom European product line manager, told The Register.

He acknowledged that there was an inherent security flaw in the system - the initial wireless link between the client and the access point is by necessity unprotected - but he said Broadcom had minimised the risk of interception. "After each communication between client and access point, the two are disassociated," he said. In short, the two talk to each other literally as briefly as possible until they can re-associate permanently over a secure connection.

The system requires both access point and client adaptor contain one of Broadcom's 54g-branded 802.11g chipsets. Lindsay expects devices to ship with the software from mid-May onwards. Older kit will require a firmware update, which Broadcom has made available to its customers.

Broadcom supplies 802.11g chipsets to Linksys, Buffalo, Belkin, Motorola, Apple, Acer, Dell, HP, Gateway and others, and through its product partners claims a 77 per cent share of the US 802.11g retail market.

Since January, the Wi-Fi Alliance, the standard's interoperability and marketing body, has insisted that all WPA-certified devices ship with full security settings in place. In the past, vendors turned security off by default because of the difficulty many users had in setting up secure networks. This, in turn, helped Wi-Fi develop a reputation for being easy to penetrate. WPA certainly improves WLAN security over the older, weaker Wired Equivalent Privacy (WEP) spec, but even WPA is useless if it's not enabled. ®

Related stories

Wi-Fi Alliance preps WPA 2 security spec
Snag in next-gen Wi-Fi security unearthed
Cisco thwarts WLAN dictionary attack
Cisco Wi-Fi kit in minor security flap
Chip start-up boosts Wi-Fi rate by '10-20 times'
Atheros updates Wi-Fi speed booster tech