Wireless networks to get more secure

The next version of the Wi-Fi Protected Access standard will meet government requirements for secure wireless networks, an industry executive said this week.

Frank Hanzlik, managing director of the Wi-Fi Alliance, said WPA 2, which will be certified in September, will incorporate AES encryption and be compliant with FIPS 140-2 security measures. It will also comply with the Defense Department's recently released wireless policy, which requires encryption of all data that is wirelessly transmitted.

WPA 2 is the functional equivalent of the new 802.11i wireless standard, which comes out in June. The first version of WPA, a subset of 802.11i, came out last June to supersede the much-maligned wired equivalency privacy (WEP) standard, which critics said was vulnerable to hacking. There are currently more than 300 Wi-Fi devices that incorporate WPA security.

Hanzlik said WPA 2 will be backwards compatible with Wi-Fi devices running first-generation WPA security. However, current Wi-Fi devices will not be software upgradeable to the new standard. Because WPA 2 includes stronger encryption than WPA, Wi-Fi-compliant devices will require an additional chip in order to perform the encryption/decryption functions.

Asked why government agencies would want to replace current Wi-Fi devices with WPA 2 devices if they've already invested in encryption methods, such as virtual private networking, Wi-Fi Alliance Marketing Director Brian Grimm said interoperability is the main reason. Agencies setting up multiple wireless LANs will benefit from a single, interoperable security platform.

The Wi-Fi Alliance is an industry group formed to certify the interoperability of wireless LAN products based on IEEE 802.11 standards. Its members include Cisco Systems Inc., Dell Inc., Hewlett Packard Co., IBM Corp., Intel Corp., Microsoft Corp. and Texas Instruments Inc.