A Warm Welcome to WPA2

By Eric Griffith

September 02, 2004

The Wi-Fi Alliance has announced the first certified products tested to support full 802.11i-based security, complete with AES support.

The Wi-Fi Alliance , the non-profit industry consortium that tests and certifies wireless LAN products for interoperability, announced this week the first round of products certified to support WPA2 (Wi-Fi Protected Access 2).

WPA2 is essentially the Alliance's name for the 802.11i specification, which was ratified by the Institute of Electrical and Electronics Engineers (IEEE) this past June. The Alliance states in its online WPA2 Q&A document that WPA2 is "not being released to address any flaws in WPA," and that "WPA remains secure."

In fact, the original WPA has many of the same attributes of the final 802.11i spec. The main difference is that 802.11i and WPA2 require Advanced Encryption Standard (AES) for encryption of data, while original WPA uses Temporal Key Integrity Protocol (TKIP) for encyrption. AES provides enough security to meet the needs of the Federal Information Processing Standard (FIPS) 140-2 specification, which is required by many government agencies. The downside is that AES support may require new hardware for many existing WLANs, as it needs a dedicated chip to handle the encryption and decryption.

WPA2 is backwards-compatible with products that support WPA. Older WPA products can be upgraded to WPA2 if they can support AES now or can get a hardware upgrade to support AES. However, products running WPA2 cannot support older products using the wired equivalent privacy (WEP) security used by original Wi-Fi products -- and WEP is still the only security found on some Wi-Fi products even to this day.

AES support is not a problem for most of the products in this first round, especially for some reference design products from chip makers Atheros Communications and Broadcom . Both have offered built-in AES hardware since the first 802.11g chips started shipping a couple years ago. Each company offers a dual-band (AKA "tri-mode" supporting 802.11a/b/g) access point and a dual-band CardBus network adapter in the lot of approved products.

In addition to getting WPA2 certification, the Broadcom and Atheros products have also been named as part of the official test bed the Alliance will use for all future testing of WPA2. Alliance member companies can now buy the various Alliance test beds through TerraWave Solutions to do their own internal testing.

Other approved products include the Intel Pro/Wireless 2915 (used in the Centrino chipset), the Realtek 802.11a/g WLAN NIC, Instant802's 7001 Access Point, and the Cisco Aironet 1200 Series with integrated 11a and 11g radios. While some 802.11i supporting products have been out for a while, this lot is the first that the Alliance would guarantee to interoperate in a multi-vendor network deployment.

Security has long been considered the main issue preventing widespread use of wireless LANs in corporate settings. The 802.11i/WPA2 standards are what many consider the panacea past that problem.

WPA2, like the original WPA, will support both an Enterprise and Personal (home) version -- the personal version does not require use of 802.1X and Extensible Authentication Protocol (EAP) authentication with a RADIUS server. The Personal version uses only a pre-shared key (PSK) password to generate the keys needed for authentication.

Originally published on .

Comment and Contribute
(Maximum characters: 1200). You have
characters left.