WiFi Alliance scores pass marks for new security standard

by Staff Writer | posted on 05 May 2003

The new - interim - standard is WiFi Protected Access, which replaces the discredited Wired Equivalent Privacy, or WEP standard.

There are now nine approved products supporting the new WPA standard, which offers a workmanlike sense of protection from hackers - but not a truly satisfactory level of security. Nonetheless, by the end of this year, no product that doesn't have WPA will be able to be approved with the WiFi Alliance stamp.

The trouble with WEP was that it provided more security than most users wanted - most networks don't even turn WEP encryption on - but it was not sophisticated enough for the most demanding. It has a flaw which is highly unlikely to be exposed, but can be. WEP is now replaced by WPA; but although this is a better solution, a really robust standard will have to wait till the IEEE finishes 802.11i, say security experts.

The nine products were listed by the WiFi Alliance in its announcement last week - they include a reference design cardbus product, access points, and adapters for portable gear.

This is the third WiFi product certification developed by the WiFi Alliance - the first two being for the 802.11b, then 802.11a networking. The program began in March 2000. To date, over 650 products from 120 companies have received WiFi certification. The next round of approvals will be for 802.11g - when that is finalised.

"With this first round of WiFi Protected Access product certifications, strong, standards-based interoperable security is available for WiFi networks," said Dennis Eaton, Chairman of the WiFi Alliance.

He added: "The first WiFi Protected Access-enabled products will be available in May, and later this year WiFi Protected Access support will be required in selected WiFi certified PC and PC peripheral products."

Software upgrades will allow users of existing devices to upgrade in most cases, predicted Eaton.

You can discuss this article on our discussion board.