October 31, 2002 11:33 AM PST
Wi-Fi getting new security standard
Among those backing the new security protocols are chipmakers Intersil, Texas Instruments and Proxim.
Texas Instruments intends to ship a set of Wi-Fi chips in the coming weeks that will have the new security measures inside, said Bill Carney, director of business development for TI's wireless networking business.
"Everybody is going to do it, because it works," said Mark Shapiro, a representative for Proxim. The company plans to "put WPA into all our new products."
Wi-Fi, also known as 802.11b, is a technology that allows the creation of wireless networks with a radius of around 300 feet. It has started to catch on for home use, and some companies have begun installing the networks in public places such as airports. A central feature of the system is that laptops and personal digital assistants configured for the technology are able to automatically detect when their owners enter a Wi-Fi "hot spot" and log on to the Internet.
But business users remain cautious about the technology out of worries about security breaches. Because of the way the technology works, it is possible for people to tap into a network without the knowledge or permission of the person who set it up.
WPA includes two new security measures.
TKIP, or the temporal key integrity protocol, packages three improvements to replace the flawed wired equivalent privacy protocol (WEP). With Wi-Fi, data sent over the wireless network is encrypted, but sharing the keys that encrypted the information has always been a problem. TKIP scrambles the keys using a so-called hashing algorithm and ensures the keys haven't been tampered with by adding integrity checking.
TKIP is also designed to allow for better management of the keys, a prerequisite for easier administration on corporate networks. Most of today's networks that use WEP rely on manually configured keys, because key management is so difficult. Several companies have marketed proprietary solutions to help manage keys to fill the gap in WEP.
The second WPA-enforced addition is a way to authenticate users trying to log onto a network. Today, access to a wireless network is regulated by using a hardware-specific serial number, known as a MAC (medium access control) address. Every Ethernet card has one, but machines can sniff out an allowed MAC address and steal the computer's identity. The extensible authentication protocol (EAP) replaces the access restrictions based on MAC with one built on a far more secure public-key encryption system.
"Enterprises, small businesses and home users need a stronger standards-based security solution than WEP, and they need it now," Dennis Eaton, the alliance's chairman, said in a release.
The WPA standard is designed to work with existing Wi-Fi products and should first appear in Wi-Fi-certified products in the first quarter of 2003. Several companies, including Intersil, Funk Software and Atmel, have already announced their support for the new standard.
Major Wi-Fi makers on board
WPA is meant to be a temporary fix while a broader, more effective security standard called 802.11i makes its way through the standards bodies. But that measure isn't expected to be available in final form until sometime in September 2003, too far away to sit and wait, Carney said.
"A year is a very, very long time in this business," Carney said of TI's decision to add WPA to a new set of chips, which will ship in the next few weeks.
Other backers of the new standard are Intersil and Proxim, two competing Wi-Fi chipmakers.
"We are working with key customers right now on sampling and testing," said Intersil representative Ron Paciello, who declined to name the customers. Paciello believes Intersil is the furthest along of any of the 30 or so Wi-Fi Alliance members now busily adding WPA to products.
Like most Wi-Fi makers, Intersil will provide free software for upgrading to WPA. Paciello said the coding will be available sometime in December.
News.com's Ben Charny and Robert Lemos contributed to this report.