Wi-Fi Hikes Security By Adding to WPA2 Requirements

The Wi-Fi Alliance has expanded its WPA2 certification program to include a tool for secure handoffs between Wi-Fi and 3G networks, as well as an authentication system that uses multiple secured tunnels.

RELATED TOPICS

The Wi-Fi Alliance has expanded its WPA2 certification program to include a tool for secure handoffs between Wi-Fi and 3G networks, as well as an authentication system that uses multiple secured tunnels.

WPA2 (Wi-Fi Protected Access 2) is the most advanced security standard for Wi-Fi. The WPA2 certification program already included five other EAP (extensible authentication protocol) methods. The Wi-Fi Alliance tests routers, access points and client devices for interoperability using certain protocols and certifies them with its logo.

The newly added protocols, EAP-AKA (Authentication and Key Agreement) and EAP-FAST (Flexible Authentication via Secure Tunneling), are designed to better secure enterprise Wi-Fi LANs.

EAP-AKA was developed by the 3GPP (Third-Generation Partnership Project), the main standards body for 3G networks, and has been in use for a few years on both UMTS (Universal Mobile Telecommunications System) and CDMA2000 (Code-Division Multiple Access) networks. It allows for the handoff of calls between cellular and Wi-Fi networks using a single user identifier. As more mobile phones are equipped with Wi-Fi and more laptops and netbooks gain cellular data capability, having a standard way to shift calls from paid carrier networks to free Wi-Fi could be valuable, especially in enterprises that have rolled out Wi-Fi across their offices.

Cisco Systems created EAP-FAST several years ago as a replacement for its LEAP (Lightweight EAP), which was found to be vulnerable to certain types of attacks. Those included "dictionary" attacks, so-called because they generate a series of likely guesses at the network's decryption key or passphrase. EAP-FAST is now an open international standard.

For the next 90 days, support for the two newly added EAP types will be optional in WPA2-certified products, said Edgar Figueroa, executive director of the Wi-Fi Alliance. After that, WPA2 certification will require support for all seven EAP types, except in certain special cases. Any product that gets a firmware upgrade after the grace period will have to be re-certified under the new requirements, Figueroa said.

RELATED TOPICS
CIO.com and Drexel to honor 50 analytics innovators. Nominate your project today!
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies