& cplSiteName &

WPA's Insecure Legacy

Light Reading
LR Mobile News Analysis
Light Reading
4/14/2003
50%
50%

A coming upgrade for the 802.11 specification that is being promoted by the Wi-Fi Alliance cannot be supported by the majority of wireless LAN equipment already in use, prompting concern among analysts and vendors that older infrastructure could still be used as a backdoor into supposedly secure new networks.

WiFi Protected Access (WPA) is being promoted by the WiFi Alliance as a solution to the security issues that have dogged the adoption of 802.11, especially in the enterprise (see 802.11 Security Issues Sorted?). WPA is a security system comprising the elements already fixed and agreed upon by the Institute of Electrical and Electronics Engineers Inc. (IEEE) security task group, including: Temporal Key Integrity Protocol (TKIP) and Counter Mode with CBC-MAC Protocol (CCMP) for over-the-air encryption, and access control standard for user authentication and encryption key distribution. It is supposed to be more secure than the current WEP (wired equivalent privacy) security standard.

Products incorporating WPA are now being tested and should be certified and available in May. However, while the move is a step in the right direction, WPA will be of no benefit to anyone using existing 802.11b (11-Mbit/s over 2.4GHz) networks. The technology can only be incorporated in new 802.11b, 802.11a (54-Mbit/s over 5GHz) and 802.11g (54-Mbit/s over 2.4GHz) products. This is leading to concerns about enterprises mixing newly ratified WPA products with original hardware, as the network can only be as secure as the weakest access point.

“There are issues with WPA backwards compatibility with some products,” confirms Ian Keene, vice president of telecommunications research at Gartner Inc. “If an enterprise or home user went for a single vendor solution then we don’t expect too many problems, but it is a problem for interoperability between different vendors.”

Such issues could cause a major headache for the growing number of enterprises rolling out wireless LAN networks to their employees (see 802.11 WLAN Shipments Double and Europe Set for WLAN Boom). “It is not going to be possible to buy WiFi-Alliance-tested WPA products that are backwards compatible with every previous product, and that could be a big obstacle,” says Keene, adding that he expects to see compatibility problems with the current crop of wireless LAN cards on the market.

The vendors Unstrung spoke to claim to be tackling the compatibility issue. “We are looking into it because there are certainly areas that need to be resolved,” says Proxim Corp.'s (Nasdaq: PROX) solutions marketing manager, Jan Buis. “We are aware of this problem. Security is the hottest issue in wireless LAN at the moment, and as a vendor we must make it our highest priority.”

“We are trying to educate the enterprise user by telling them about these issues,” comments 3Com Corp.’s (Nasdaq: COMS) international segment manager for wireless and security, Angelo Lamme. “A network, after all, can only be as secure as the weakest link.”

While no enterprise is immune to the compatibility problems, both vendors point out that it is the latest adopters of wireless LAN, rather than the earlier, tech-savvy enterprises, that require the greatest amounts of education as to the potential for security holes in the network. “The early adopters of wireless LAN accept some of the insecurities that exist today,” says Buis. “The primary reason why new security features have entered this market is because of the number of customers unwilling to use wireless LAN at present.”

In the short term, at least, vendors in this space face the task of informing users of the pitfalls involved in mixing old and new infrastructure. “This is an ongoing problem,” concludes Gartner’s Keene. “We expect it to be resolved in the next two years, but it isn’t going to happen overnight. It really depends on how well vendors can work with each other to help iron out the problems.”

These latest concerns will do little to combat the growing fear of security problems with enterprise wireless LAN use. In a recent Unstrung poll of readers, 72 percent of respondents perceived security as the major drag on wireless LAN deployment within corporations (see Poll: WLAN Has Limited Life). Recently, RSA Security added fuel to the fire by highlighting the ease with which corporate networks can be hacked (see Hackers Crack London WLANs).

— Justin Springham, Senior Editor, Europe, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
From The Founder
Download our complete guide to de-risking NFV deployment in 2016, including:
  • An eight-step strategy to deploying NFV safely, based on input from the companies that have already started virtualizing their production networks.
  • Interviews with leading executives at Colt, AT&T, Deutsche Telekom, Cisco, Nokia, ZTE, Ericsson and Heavy Reading.
  • Flash Poll
    Live Streaming Video
    Prepping for the Future: Upskill U Explained
    During this short kick-off video, Doug Webster, Vice President of Service Provider Marketing, Cisco, and Light Reading’s CEO & Founder Steve Saunders give an overview of Upskill U.
    LRTV Documentaries
    LRTV Report: Mobile Core Innovation

    4|28|16   |   25:32   |   (0) comments


    Hear from multiple industry experts from Deutsche Telekom, SK Telecom, Heavy Reading, Huawei, Cisco, Ericsson, Nokia, NEC and many more about developments in the mobile core as operators virtualize their IMS and evolved packet core systems and prepare for a 5G world.
    LRTV Huawei Video Resource Center
    NFV World Congress Highlight

    4|26|16   |     |   (0) comments


    The highlight of the NFV World Congress contains exciting telecom news. Join us for an inside look at Huawei's ICT 2020 plan and its latest collaboration with industry leaders.
    LRTV Interviews
    Unified Comms Finds Its Voice

    4|25|16   |   03:44   |   (0) comments


    Peter Quinlan, VP of UCC Product Management at Tata Communications, talks about the evolution of the unified communications and collaboration services sector and how voice is now a big part of current developments.
    LRTV Documentaries
    So... What Do We Do Now?

    4|25|16   |   03:24   |   (0) comments


    After a long hiatus, Max Dingman, the CEO of a GeeGhiz, returns for a motivational board room pep talk.
    LRTV Documentaries
    NAB 2016 Highlights

    4|21|16   |     |   (0) comments


    Light Reading's Cable/Video Practice Leader Alan Breznick climbs down from the slots to tell us about the latest news in broadcast technology at NAB 2016 in Las Vegas.
    Between the CEOs
    CEO Chat: Deepfield's Craig Labovitz

    4|21|16   |     |   (0) comments


    In this latest installment of the CEO Chat series, Craig Labovitz, co-founder and CEO of Deepfield, sits down with Light Reading's Steve Saunders in Light Reading's New York City office to discuss how Deepfield fits in with the big data trend and more.
    Shades of Ray
    Leading Lights 2016: Shortlists Announced

    4|20|16   |   0:53   |   (0) comments


    The judging is over and the Leading Lights 2016 shortlists have been published -- you can see who made the cut by clicking on this link.
    LRTV Custom TV
    Introducing MulteFire – Qualcomm at MWC 2016

    4|18|16   |   3.29   |   (0) comments


    MulteFire is the latest option for using LTE in unlicensed spectrum. As oppose to its close 'siblings', LAA and LTE-U, MulteFire operates solely in unlicensed spectrum, which enables it to offer the best of two worlds – LTE-like performance with WiFi-like deployment simplicity. In this interview, Sanjeev Athalye, Sr. Director, Product Management at Qualcomm ...
    Between the CEOs
    CEO Chat: Grant Van Rooyen of Cologix

    4|18|16   |     |   (0) comments


    Grant van Rooyen, president and CEO of Cologix, sits down with Steve Saunders, founder and CEO of Light Reading, in the vendor's New Jersey facility to offer an inside look at the company's success story and discuss the importance of security in the telecom industry.
    LRTV Huawei Video Resource Center
    ONS 2016 – Demonstration of Huawei's NetMatrix Multi-Vendor SDN Orchestrator

    4|15|16   |     |   (0) comments


    This demonstration shows how Huawei's NetMatrix SDN Orchestrator (SDN-O) addresses an operator's core service agility needs for services spanning multi-domain, multivendor networks: it includes a demonstration of:
    - Rapid New Service Design: using YANG to model a complex example of multi-domain, multivendor L3VPN network connectivity service that ...
    LRTV Custom TV
    AT&T Wants to Own North Carolina

    4|15|16   |     |   (1) comment


    Venessa Harrison, president of North Carolina for AT&T, tells how the company will expand its GigaPower service beyond the seven N.C. cities it already serves.

  • This blog, sponsored by AT&T, is the second part of a ten-part series examining next-generation broadband technologies titled "Behind the Speeds."
  • LRTV Interviews
    Will NC Be First Gigabit State?

    4|15|16   |     |   (1) comment


    Alan Fitzpatrick, co-founder of Charlotte Hearts Gigabit, spells out the state's progress in at least starting to wire nearly every major market for gigabit service.
    Upcoming Live Events
    May 23, 2016, Austin, TX
    May 23, 2016, Austin Convention Center
    May 24-25, 2016, Austin Convention Center, Austin, TX
    September 13-14, 2016, The Curtis Hotel, Denver, CO
    December 6-8, 2016,
    June 16-18, 2017, Austin Convention Center, Austin, TX
    All Upcoming Live Events
    Infographics
    A new survey conducted by Heavy Reading and TM Forum shows that CSPs around the world see the move to digital operations as a necessary part of their overall virtualization strategies.
    Hot Topics
    Ultra-Broadband Summit, Hong Kong
    Iain Morris, News Editor, 4/27/2016
    GoT Fans Curse HBO (Not Right) Now
    Mari Silbey, Senior Editor, Cable/Video, 4/25/2016
    Mitel Asks: What Time of Day Do You Shower?
    Mitch Wagner, West Coast Bureau Chief, Light Reading, 4/25/2016
    Analysts More Than Bullish on Comcast MVNO
    Mari Silbey, Senior Editor, Cable/Video, 4/22/2016
    Charter Jumps Gun on TWC Restructuring
    Mari Silbey, Senior Editor, Cable/Video, 4/26/2016
    Like Us on Facebook
    Twitter Feed
    BETWEEN THE CEOs - Executive Interviews
    In this latest installment of the CEO Chat series, Craig Labovitz, co-founder and CEO of Deepfield, sits down with Light Reading's Steve Saunders in Light Reading's New York City office to discuss how Deepfield fits in with the big data trend and more.
    Grant van Rooyen, president and CEO of Cologix, sits down with Steve Saunders, founder and CEO of Light Reading, in the vendor's New Jersey facility to offer an inside look at the company's success story and discuss the importance of security in the telecom industry.
    Animals with Phones
    Live Digital Audio

    Of all the tech companies in the Valley, Intel has made the most aggressive commitment to building a diverse and inclusive workplace culture. It's doing so by taking concrete, measurable steps, making a large financial investment and through a commitment to complete transparency about its progress. In this radio show, WiC Director Sarah Thomas will be joined by Shlomit Weiss, Intel's Vice President, Data Center Group, and General Manager of Networking Engineering, who will share with us why Intel is tackling this huge challenge, how and to what effect. She will also discuss her unique experiences leading development of Client SOC development in the past and today leading development of all of the chipmaker's silicon hardware for networking IPs and discrete devices and managing a team of 600 engineers across Israel, Europe and the US.