Wi-Fi Increases Security -- What's Next?
We have written before about the Wi-Fi Alliance, until recently known as the Wireless Ethernet Compatibility Alliance (WECA). The Alliance's efforts until now have been to promote "Wi-Fi" branding for wireless networking products based on the IEEE 802.11 standards, and to certify devices built to those standards for interoperability. The Alliance has done a great promotional job -- we see "Wi-Fi" used in the popular press to mean just about anything wireless. Last month we wrote about extending the brand to include products based on the 802.11a high-speed standard, and we expect to see these products bearing a Wi-Fi CERTIFIED sticker in the near future.
Standards processes move slowly, and sometimes get behind the curve when markets cry for solutions. Security has been a serious problem for wireless networking -- most knowledgeable people know that the "WEP security" in current Wi-Fi products has serious exposures and the popular press is full of articles on “wardrivers” finding and exploiting security holes. A standards body -- IEEE 802.11i -- has been working for nearly three years to define a more bullet-proof approach, but these standards won't be ratified until some time in 2003. Many believe that only new devices will be able to meet these new standards.
The Wi-Fi Alliance has just announced “a security solution based on an IEEE standards effort called Wi-Fi Protected Access (WPA) to replace the existing WEP (Wired Equivalent Privacy).” This program will certify devices with additional security features, prior to IEEE completing work on the full 802.11i security standard. The Alliance says that WPA will be included in 802.11i when it is completed, and is the key part of .11i that can be implemented on existing products. Vendors are expected to offer software upgrades for current Wi-Fi CERTIFIED products early next year, and new products will need to conform with WPA to achieve certification.
Moving in front of standards represents a new direction for the Alliance, and shows its members' sensitivity to market needs. The Alliance has been working for some time on the interoperability of wireless hotspots under the name "WISPr" (Wireless ISP Roaming). We view the WPA announcement as a key step in this direction, since it provides a key-exchange mechanism which appears well suited to roaming users.
So we wouldn't be surprised to see the Alliance extend the Wi-Fi brand to include an open architecture for roaming among hotspots. Wouldn't it be great if the same software load would let you use any hotspot in range, with a settlement process between the service providers to divide up your payments so you'd only need to subscribe to one service?
( www.wi-fi.org )