Wireless security is a muddle of proprietary and standardized approaches, many of which fall short of their goals and, when it comes to authentication, the situation is no less clear-cut.
Since standardized approaches to wireless security like wireless equivalent privacy (WEP) have proved to be easy to crack, many have begun turning toward authentication -- where users log on with a name and a password that is verified -- as a means of further securing wireless networks.
One popular authentication approach is known as LEAP, short for lightweight extensible authentication protocol. LEAP was developed by San Jose, Calif.-based Cisco Systems Inc. and is proprietary. However, to help grow the market, Cisco has been licensing LEAP for free to vendors to allow them to integrate the protocol into their clients and authentication servers, said Shripati Acharya, a senior product marketing manager with Cisco's wireless unit.
LEAP has been popular with Cisco's customers, said Craig Mathias, a principal with FarPoint Group, a Framingham, Mass.-based research firm. LEAP works across a number of operating systems, making it a flexible system on the client end. However, it only works with Cisco access points, said Chris Kozup, senior research analyst with Stamford, Conn.-based research firm Meta Group
LEAP is popular today and likely to be around for some time, said Kozup. But it is already facing a challenge from a standards-based approach called PEAP, or protected extensible authentication protocol.
PEAP was developed by Cisco, Microsoft Corp. and RSA Security Inc., the Bedford, Mass., security systems vendor. PEAP uses a certificate approach to authentication, where a user's identity is verified through a digital certificate. Some businesses shy away from this approach because it can require more client management than they would like to put into their wireless systems, said Mathias.
While this approach is standards-based, it has not yet been ratified. So today there are still problems with interoperability. For example, Microsoft's variant of PEAP is different from Cisco's, Kozup said. Additionally, since PEAP is relatively new, it only works with Windows 2000 and Windows XP. That has also limited its deployment, said Kozup.
Symbol Technologies Inc., a Holtsville, N.Y.-based wireless systems vendor, sells mobile devices that can be as small and limited in function as hand scanners. Devices like that cannot support sophisticated clients. When faced with providing greater wireless security for its customers, Symbol turned to an open-source approach called Kerberos from the Massachusetts Institute of Technology.
Kerberos is more compatible with the limited memory of many of Symbol's devices and does not have problems with latency, said Phil Ballai, director of product marketing for Symbol. Users need to set up their own inexpensive Kerberos server on-site for authentication.
PEAP today is in its infancy. Once it is standardized and available for more operating systems, Kozup expects that it will take off. In the meantime, Acharya does not expect Cisco to stop selling products with LEAP any time soon.
FOR MORE INFORMATION: