Wireless network certification body the Wi-Fi Alliance has unveiled new mechanisms today to help Wi-Fi vendors make their products more secure.
The new security specifications are intended to replace the existing WEP (Wired Equivalent Privacy), which has drawn heavy criticism. They will be laid out as optional features from February and will become required for WiFi compliance about six months later, said Dennis Eaton, chairman of the Wi-Fi Alliance.
WEP has been under fire from critics who believe it is too easy to circumvent. The keys it uses to encrypt data passing over the network can be cracked just by examining a brief sample of packets, according to Peter Shipley, an independent security consultant.
The Wi-Fi Alliance’s new specifications, called WPA (Wireless Protected Access), include mechanisms from the emerging Institute of Electrical and Electronic Engineers (IEEE) 802.11i standard for both data encryption and network access control.
For encryption, WPA specifies TKIP (Temporal Key Integrity Protocol), which uses the same algorithm as WEP, but constructs keys in a different way. With WPA, each user will have his or her own encryption key, which can be set to change periodically.
The draft test plan for WPA is expected to be completed by 8 November and interoperability testing will begin 22 November. Certification is set to begin 3 February, according to Eaton.
It is hoped that such moves will help to bring an end to activities such as warchalking and wardialling, whereby hackers can identify and gain unauthorised access to wireless networks. If such issues can be resolved it is anticipated that more businesses will commit to wireless networking.
Stephen Lawson is a San Francisco-based U.S. correspondent for the IDG News Service.