Security crunch for WiFi as standard looms; but will it work?

by Guy Kewney | posted on 24 June 2004

Nothing could be better than a universal standard for WiFi security. But the news that the 802.11i security standard is on the brink of being approved by the IEEE doesn't mean that things will magically work as soon as people start upgrading.

Guy Kewney

Unfortunately, there are already signs that WLAN security on a huge majority of access points won't work unless the operators ban insecure users.

Tests conducted by an associate of NewsWireless Net show that in the case of public hot spots, security can only be enabled if all clients are set up for secure access.

The access points are built to a price, said one source. "They don't have the processing power to support three clients using encryption, and two without. The software they have simply won't allow it; so if you log on without security/encryption then all other clients will have to be the same."

Apparently, the opposite is also true. If the hot spot allows one client to log on with security, no other client will be able to log on without.

Commercially, this would be suicidal for most hotspot operators. Sign-on for the typical hotspot is a complex enough ritual, requiring you to select the SSID, launch a browser, enter complex passwords and authorise payments. Nobody wants to have an extra layer of confusion, with un-expert users trying to understand the difference between 64-bit and 128-bit encryption and find a key, before they can spend money.

So the likely result is that corporate users will be compulsorily upgraded to full IEEE 802.11i security on their Centrino laptops, while public access providers will require no security.

None of this is the fault of the standard. The problem arises because certain WLAN makers have chosen to focus on home markets, where price is the prime factor. Some of them have even chosen to avoid IEEE compatibility in the hope of establishing their own standards as de facto "improvements" to the accepted platform.

According to the new standard could be embedded in components in the field within weeks. Mark Hachman reports: "If the specification is approved, most manufacturers will be able to push out firmware upgrades in a matter of weeks, if not sooner, via firmware upgrades," and adds: "Actual 802.11i hardware-based support will probably be baked into the next revision of chips, sources said."

But when the WiFi Alliance will ratify this, is another question. And when it is embedded in sufficient hardware to allow a smooth switch to secure working, is yet another issue.

You can discuss this article on our discussion board.