Light Reading

WPA's Insecure Legacy

Light Reading
LR Mobile News Analysis
Light Reading
4/14/2003
50%
50%

A coming upgrade for the 802.11 specification that is being promoted by the Wi-Fi Alliance cannot be supported by the majority of wireless LAN equipment already in use, prompting concern among analysts and vendors that older infrastructure could still be used as a backdoor into supposedly secure new networks.

WiFi Protected Access (WPA) is being promoted by the WiFi Alliance as a solution to the security issues that have dogged the adoption of 802.11, especially in the enterprise (see 802.11 Security Issues Sorted?). WPA is a security system comprising the elements already fixed and agreed upon by the Institute of Electrical and Electronics Engineers Inc. (IEEE) security task group, including: Temporal Key Integrity Protocol (TKIP) and Counter Mode with CBC-MAC Protocol (CCMP) for over-the-air encryption, and access control standard for user authentication and encryption key distribution. It is supposed to be more secure than the current WEP (wired equivalent privacy) security standard.

Products incorporating WPA are now being tested and should be certified and available in May. However, while the move is a step in the right direction, WPA will be of no benefit to anyone using existing 802.11b (11-Mbit/s over 2.4GHz) networks. The technology can only be incorporated in new 802.11b, 802.11a (54-Mbit/s over 5GHz) and 802.11g (54-Mbit/s over 2.4GHz) products. This is leading to concerns about enterprises mixing newly ratified WPA products with original hardware, as the network can only be as secure as the weakest access point.

“There are issues with WPA backwards compatibility with some products,” confirms Ian Keene, vice president of telecommunications research at Gartner Inc. “If an enterprise or home user went for a single vendor solution then we don’t expect too many problems, but it is a problem for interoperability between different vendors.”

Such issues could cause a major headache for the growing number of enterprises rolling out wireless LAN networks to their employees (see 802.11 WLAN Shipments Double and Europe Set for WLAN Boom). “It is not going to be possible to buy WiFi-Alliance-tested WPA products that are backwards compatible with every previous product, and that could be a big obstacle,” says Keene, adding that he expects to see compatibility problems with the current crop of wireless LAN cards on the market.

The vendors Unstrung spoke to claim to be tackling the compatibility issue. “We are looking into it because there are certainly areas that need to be resolved,” says Proxim Corp.'s (Nasdaq: PROX) solutions marketing manager, Jan Buis. “We are aware of this problem. Security is the hottest issue in wireless LAN at the moment, and as a vendor we must make it our highest priority.”

“We are trying to educate the enterprise user by telling them about these issues,” comments 3Com Corp.’s (Nasdaq: COMS) international segment manager for wireless and security, Angelo Lamme. “A network, after all, can only be as secure as the weakest link.”

While no enterprise is immune to the compatibility problems, both vendors point out that it is the latest adopters of wireless LAN, rather than the earlier, tech-savvy enterprises, that require the greatest amounts of education as to the potential for security holes in the network. “The early adopters of wireless LAN accept some of the insecurities that exist today,” says Buis. “The primary reason why new security features have entered this market is because of the number of customers unwilling to use wireless LAN at present.”

In the short term, at least, vendors in this space face the task of informing users of the pitfalls involved in mixing old and new infrastructure. “This is an ongoing problem,” concludes Gartner’s Keene. “We expect it to be resolved in the next two years, but it isn’t going to happen overnight. It really depends on how well vendors can work with each other to help iron out the problems.”

These latest concerns will do little to combat the growing fear of security problems with enterprise wireless LAN use. In a recent Unstrung poll of readers, 72 percent of respondents perceived security as the major drag on wireless LAN deployment within corporations (see Poll: WLAN Has Limited Life). Recently, RSA Security added fuel to the fire by highlighting the ease with which corporate networks can be hacked (see Hackers Crack London WLANs).

— Justin Springham, Senior Editor, Europe, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Flash Poll
From The Founder
It's clear to me that the communications industry is divided into two types of people, and only one is living in the real world.
LRTV Interviews
CenturyLink: Building the Case for NFV

12|19|14   |   02:14   |   (0) comments


At the 2020 Vision Executive Summit, James Feger, VP, Network Strategy & Development at CenturyLink, talks about how the US operator is approaching virtual network functions from an operational and business case perspective.
LRTV Interviews
Liberty Global Sees Business Goldmine

12|18|14   |     |   (0) comments


Steen Sorensen, VP of business services for Liberty Global, explains where the giant international MSO sees growth potential.
LRTV Documentaries
EE: The Road to 5G

12|16|14   |   16:02   |   (1) comment


Andy Sutton, the principal network architect at UK mobile operator EE, explains how his company is using Wembley stadium as a wireless test bed and how that's helping EE to plan the evolution to 5G.
LRTV Huawei Video Resource Center
Highlights of Huawei's NFV Open Cloud Forum 2014

12|16|14   |     |   (0) comments


Huawei hosted its inaugural NFV Open Cloud Forum during the SDN & OpenFlow World Congress 2014 in Düsseldorf, Germany. The Forum brought together technology thought leaders, senior executives and telecom professionals from global carriers, industry associations, as well as other partner companies in the ecosystem, to exchange views on and collectively explore how ...
LRTV Custom TV
Realizing Operators' Digital Vision

12|16|14   |   5:23   |   (0) comments


Leveraging technology is fundamental to digital transformation but understanding customers and serving them really well is at the heart of digital businesses. TM Forum lists the following as the strategic pillars of the digital business: business agility and rapid innovation, operational agility and effectiveness, IT and data centricity, plus customer centricity. ...
LRTV Documentaries
US Cellular Injects Analytics Into LTE

12|16|14   |   2:57   |   (1) comment


US Cellular's Mario Vela explains how the operator uses analytics for network planning and what comes next as the carrier looks to eke more value out of its metrics.
LRTV Interviews
How Cox Biz Plans to Keep Growing

12|15|14   |     |   (2) comments


Steve Rowley, SVP of Cox Business, details how the third-biggest US MSO intends to boost its revenues to $2 billion and beyond over the rest of the decade
LRTV Huawei Video Resource Center
Interview With Bill Zhang, Director of SoftCOM Product Management, Huawei

12|15|14   |   2:50   |   (0) comments


Bill Zhang elaborated on Huawei's open philosophy in NFV solution development and network architecture design at the SDN & OpenFlow World Congress 2014.
LRTV Huawei Video Resource Center
Event Highlights: Huawei at SDN & OpenFlow World Congress 2014

12|15|14   |   3:43   |   (0) comments


Huawei joined the 2014 SDN & OpenFlow Congress as one of the key sponsors and contributors. At the event, Huawei reinforced the openness and flexibility of its network infrastructure strategies, and provided updates on its SDN and NVF innovations. Through participations at the exhibitions, forums and speeches, Huawei encouraged the industry to "think bigger and ...
LRTV Interviews
How Cable Biz Services Hit $10B Mark

12|12|14   |     |   (1) comment


Cable operators reached $10 billion in annual business services revenues by delving deeper into their vertical markets and expanding beyond the smallest firms.
LRTV Documentaries
Mediacom Aims to Test Connected Tractors

12|11|14   |   05:07   |   (3) comments


Cable business service provider is taking its services to the 'agribusiness' sector in partnership with farm equipment specialist John Deere and is getting involved in Gigabit Cities developments.
LRTV Interviews
TWC Business Looks Beyond $3B

12|10|14   |     |   (0) comments


TWC Business Services chief Phil Meeks explains how his unit has reached $3 billion in annual revenues and what its plans are for next year.
Upcoming Live Events
February 10, 2015, The Westin Peachtree Plaza, Atlanta, GA
March 17, 2015, The Cable Center, Denver, CO
April 14, 2015, The Westin Times Square, New York City, NY
May 6, 2015, McCormick Convention Center, Chicago, IL
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 9-10, 2015, Chicago, IL
Hot Topics
T-Mobile, BlackBerry Flirt With Reuniting
Sarah Reedy, Senior Editor, 12/17/2014
1-Gig: Coming to a Small Town Near You
Jason Meyers, Senior Editor, Gigabit Cities/IoT, 12/17/2014
Comcast Launches 4K Streaming Service
Alan Breznick, Cable/Video Practice Leader, 12/18/2014
US Carriers, You're Going to Cuba!
Mitch Wagner, West Coast Bureau Chief, Light Reading, 12/18/2014
T-Mobile Lights Up 27 Wideband LTE Cities
Sarah Reedy, Senior Editor, 12/15/2014
Like Us on Facebook
Twitter Feed
Webinar Archive