& cplSiteName &

WPA's Insecure Legacy

Light Reading
LR Mobile News Analysis
Light Reading
4/14/2003
50%
50%

A coming upgrade for the 802.11 specification that is being promoted by the Wi-Fi Alliance cannot be supported by the majority of wireless LAN equipment already in use, prompting concern among analysts and vendors that older infrastructure could still be used as a backdoor into supposedly secure new networks.

WiFi Protected Access (WPA) is being promoted by the WiFi Alliance as a solution to the security issues that have dogged the adoption of 802.11, especially in the enterprise (see 802.11 Security Issues Sorted?). WPA is a security system comprising the elements already fixed and agreed upon by the Institute of Electrical and Electronics Engineers Inc. (IEEE) security task group, including: Temporal Key Integrity Protocol (TKIP) and Counter Mode with CBC-MAC Protocol (CCMP) for over-the-air encryption, and access control standard for user authentication and encryption key distribution. It is supposed to be more secure than the current WEP (wired equivalent privacy) security standard.

Products incorporating WPA are now being tested and should be certified and available in May. However, while the move is a step in the right direction, WPA will be of no benefit to anyone using existing 802.11b (11-Mbit/s over 2.4GHz) networks. The technology can only be incorporated in new 802.11b, 802.11a (54-Mbit/s over 5GHz) and 802.11g (54-Mbit/s over 2.4GHz) products. This is leading to concerns about enterprises mixing newly ratified WPA products with original hardware, as the network can only be as secure as the weakest access point.

“There are issues with WPA backwards compatibility with some products,” confirms Ian Keene, vice president of telecommunications research at Gartner Inc. “If an enterprise or home user went for a single vendor solution then we don’t expect too many problems, but it is a problem for interoperability between different vendors.”

Such issues could cause a major headache for the growing number of enterprises rolling out wireless LAN networks to their employees (see 802.11 WLAN Shipments Double and Europe Set for WLAN Boom). “It is not going to be possible to buy WiFi-Alliance-tested WPA products that are backwards compatible with every previous product, and that could be a big obstacle,” says Keene, adding that he expects to see compatibility problems with the current crop of wireless LAN cards on the market.

The vendors Unstrung spoke to claim to be tackling the compatibility issue. “We are looking into it because there are certainly areas that need to be resolved,” says Proxim Corp.'s (Nasdaq: PROX) solutions marketing manager, Jan Buis. “We are aware of this problem. Security is the hottest issue in wireless LAN at the moment, and as a vendor we must make it our highest priority.”

“We are trying to educate the enterprise user by telling them about these issues,” comments 3Com Corp.’s (Nasdaq: COMS) international segment manager for wireless and security, Angelo Lamme. “A network, after all, can only be as secure as the weakest link.”

While no enterprise is immune to the compatibility problems, both vendors point out that it is the latest adopters of wireless LAN, rather than the earlier, tech-savvy enterprises, that require the greatest amounts of education as to the potential for security holes in the network. “The early adopters of wireless LAN accept some of the insecurities that exist today,” says Buis. “The primary reason why new security features have entered this market is because of the number of customers unwilling to use wireless LAN at present.”

In the short term, at least, vendors in this space face the task of informing users of the pitfalls involved in mixing old and new infrastructure. “This is an ongoing problem,” concludes Gartner’s Keene. “We expect it to be resolved in the next two years, but it isn’t going to happen overnight. It really depends on how well vendors can work with each other to help iron out the problems.”

These latest concerns will do little to combat the growing fear of security problems with enterprise wireless LAN use. In a recent Unstrung poll of readers, 72 percent of respondents perceived security as the major drag on wireless LAN deployment within corporations (see Poll: WLAN Has Limited Life). Recently, RSA Security added fuel to the fire by highlighting the ease with which corporate networks can be hacked (see Hackers Crack London WLANs).

— Justin Springham, Senior Editor, Europe, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
From The Founder
Cisco's Conrad Clemson, recently promoted to head up the company's Service Provider Apps & Platforms developments, talks to Light Reading's Founder and CEO Steve Saunders about how he's bringing cloud video, mobile and virtualization together to empower network operators.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Custom TV
4.5G Evolution: Peter Zhou on Advanced MIMO Technologies & 5G Business Prep

2|25|17   |     |   (0) comments


In the process of service transformation, operators need to catch three major opportunities and start deploying in 4.5G networks, such as video, household broadband access and digital transformation of vertical industries. 5G is coming. Operators don't need to wait for it to happen but should progressively deploy 4.5G networks by introducing 5G-oriented ...
LRTV Custom TV
What WTTX Can Deliver

2|23|17   |     |   (0) comments


Mohamed Madkour explains the benefits of WTTX while Dimitris Mavrakis discusses the challenges of delivering home broadband access.
LRTV Custom TV
Huawei on Mobile Broadband

2|23|17   |     |   (0) comments


Mohamed Madkour shares his vision on MBB for the next three years.
LRTV Custom TV
Analysys Mason Talks About the Future of Digital Operations

2|23|17   |     |   (0) comments


The future of digital operations has three key aspects: 1. Highly automated operations for both service and network; 2. Highly converged BSS/OSS for business and resources; 3. Highly merged management and control for real-time cloud native operations.
LRTV Interviews
Software Trends in the Telecom Sector

2|23|17   |   03:40   |   (0) comments


Heavy Reading senior analyst James Crawshaw talks with Telecoms.com Editorial Director Scott Bicheno about trends and developments in the telecoms software sector and what to expect at MWC 2017.
LRTV Custom TV
Huawei's Pre-MWC Analyst Briefing 2017 Highlights

2|22|17   |     |   (0) comments


Huawei shares its vision for this year's MWC.
LRTV Interviews
MWC17: 5G, Cloud RAN & More

2|21|17   |   04:35   |   (0) comments


Ovum Senior Analyst Julian Bright talks to Scott Bicheno from Telecoms.com about all things MWC, including Cloud RAN, Huawei's pitch to the industry and the road to 5G.
LRTV Interviews
MWC 2017's Key 2-Letter Terms

2|20|17   |   08:29   |   (1) comment


5G, AI, VR... these are just some of the two-letter terms that will dominate show-floor chat at MWC 2017 in Barcelona, according to these two blow-hards (a.k.a. Scott Bicheno of Telecoms.com and Light Reading's Ray Le Maistre). And then there's PB...
LRTV Interviews
Key Trends for Mobile Operators in Developing Markets

2|20|17   |   06:37   |   (0) comments


Ovum's Matthew Reed talks to Scott Bicheno from Telecoms.com about the challenges and opportunities facing mobile operators in the developing markets of Africa and the Middle East.
LRTV Documentaries
YouTube Takes on Facebook Live-Streaming

2|17|17   |     |   (0) comments


Popular 'YouTubers' will be the first to get the new service on their smartphones. You have been warned.
LRTV Custom TV
Open Source NFV/SDN Automation

2|17|17   |   05:54   |   (0) comments


AT&T ECOMP (Enhanced Control, Orchestration, Management and Policy) code is transitioning into the Linux Foundation for placement into open source. In this video, Carol Wilson provides an update on the maturation of open source ECOMP and meets with industry leaders from AT&T, Bell Canada, Orange, Linux Foundation and Amdocs to discuss what this means for the ...
LRTV Documentaries
Uber & NASA Collaborate on Flying Car Project

2|16|17   |     |   (0) comments


Is Uber for real? Well, it's hired NASA engineer Mark Moore to lead the project, and he wouldn't come cheap.
Upcoming Live Events
March 21-22, 2017, The Curtis Hotel, Denver, CO
March 22, 2017, The Curtis Hotel, Denver, CO
March 22, 2017, The Curtis Hotel, Denver, CO
May 15-17, 2017, Austin Convention Center, Austin, TX
May 15, 2017, Austin Convention Center - Austin, TX
June 6, 2017, The Joule Hotel, Dallas, TX
All Upcoming Live Events
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Uber's HR Nightmare: Company Investigates Sexual Harassment Claims
Sarah Thomas, Director, Women in Comms, 2/21/2017
Broadband Has a Problem on the Pole
Mari Silbey, Senior Editor, Cable/Video, 2/21/2017
Verizon to Start Fixed 5G Customer Trials in April
Dan Jones, Mobile Editor, 2/22/2017
Cloud Rains on HPE Earnings
Mitch Wagner, Editor, Enterprise Cloud, 2/24/2017
Verizon Fixed 5G Tests to Top 3Gbit/s?
Dan Jones, Mobile Editor, 2/23/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
Light Reading founder and CEO Steve Saunders chats with Sportlogiq CEO Craig Buntin about sports data analysis.
Eyal Waldman, CEO of Mellanox Technologies, speaks to Steve Saunders, CEO of Light Reading, for an exclusive interview about the 100 GB cable challenge, cybersecurity and much more.
Animals with Phones
No One Likes This Click Here
Take a hint!
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.