WPA protocol provides a boost to wireless users

Security concerns have always challenged the uptake of 802.11 based wireless networks. However, a new protocol will be introduced next year that should help to address many of the vulnerabilities of the Wireless Encryption Protocol (WEP).

  • E-Mail
By  Zoe Moleshead Published  December 4, 2002

|~||~||~|Security concerns have always challenged the uptake of 802.11 based wireless networks. However, a new protocol will be introduced next year that should help to address many of the vulnerabilities of the Wireless Encryption Protocol (WEP). The Wi-Fi Protected Access (WPA) standard, developed by the Wi-Fi Alliance, in conjunction with the Institute for Electrical & Electronic Engineers (IEEE), will strengthen encryption and authentication processes.

WPA enables Temporal Key Integrity Protocol (TKIP) encryption and 802.1x/Extensible Authentication Protocol (EAP), which should counter the weaknesses present in WEP that have allowed hackers, or ‘wardrivers’ as they are known, to decrypt static WEP keys.

“It was discovered that some vendors’ implementations of the RC4 algorithm that is used in WEP issued something called Weak Initialisation Vectors (WIVs). If you captured enough of these WIVs you could actually decrypt what the WEP key was,” explains Ian Philips, product marketing manager, Aironet range, Cisco Systems, Europe, Middle East & Africa.

“TKIP is concerned with rotating the WEP keys because if you rotate these keys every so often it limits the potential damage from any hacker — they won’t capture enough packets to decipher the WEP key,” he adds.

Additionally, the WPA standard works with RADIUS and Kerberos authentication servers and offers smaller companies, which typically do not have authentication servers, a preshared option that enables them to manually configure passwords in the access point.

Although Cisco says its wireless products have had TKIP functionality since the beginning of this year, the first Wi-Fi certified WPA vendor products are scheduled for release in the first quarter of 2003.

“We will use WPA in our infrastructure product line access points, cards and so on. We will integrate it into the software as a default,” says Julian Pickess senior manager, wireless product development, Symbol Technologies, Europe, Middle East & Africa.

Despite the criticisms and vulnerabilities of the WEP protocol, vendors stress that when the standard was initiated wireless networks were not expected to scale to the levels they can today. Additionally, users are also placing their wireless LANs at risk by failing to switch on basic security protocols.

“People have been tracking wireless access and they have found that around 65-70% of wireless access points don’t even have WEP switched on. If you have basic security then switch it on and if that basic security is not sufficient in terms of the value of data that you’re transmitting then you should enhance that security,” comments Symbol’s Pickess.

WEP, however, will still have a role to play in the security of wireless networks, with TKIP using it as an encryption protocol. It will also be used to address concerns about the processing capabilties of products in the SOHO market.

“There is a question over vendors’ low end infrastructure products. Those designed for SOHO usage [may not] have enough horsepower to implement WPA. In that case WEP will continue at the lower end of the market, while WPA will be the de facto, higher level benchmark for enterprises,” says Pickess.

WPA, however, is only an interim security protocol as the Wi-Fi Alliance and IEEE work on developing the full 802.11i Robust Security Network standard, which should be finalised around September of next year.

“The initial goal is to put in a security mechanism that is backwards compatible via software and firmware to secure all of those networks that are already out there. Once we have done that it is time to focus on things moving forward,” says Philips.
||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code