The next key wireless LAN security standard should be approved this year, but some users are up in arms over the specification, which could force massive hardware upgrades and make Wi-Fi network management more complex.
The Institute of Electrical and Electronics Engineers (IEEE), an important networking standards body, is on track to ratify the 802.11i security standard at some point this year, though the timetable is uncertain.
Among other security improvements , 802.11i will replace the Wi-Fi Protected Access (WPA) encryption protocol with Advanced Encryption Standard (AES), a much more computing-intensive algorithm.
Chris Bolinger, a product marketing manager for Cisco Systems Inc.'s wireless network business unit, said that because access points may be decrypting signals from multiple devices, they will need hardware upgrades to avoid significant losses of throughput. Most enterprise class access points that are being manufactured today will be able to use 802.11i with only a software upgrade.
Many newer devices, such as laptops and handhelds, will only need a software upgrade to use 802.11i, since they have enough native computing power to decrypt AES without hurting performance, said Bolinger. He added that many older scanner-type devices that run on DOS won't be able to use 802.11i at all.
That means that, in order to take advantage of AES, many users could be forced to replace significant amounts of hardware, though some products will only require the installation of new radio modules.
This upgrade requirement for hardware that may be no more than 24 months old has left some users frustrated, and even shying away from wireless LAN implementations altogether.
Rick Scholl, an electronic system engineer with the Milwaukee Museum, has put his Wi-Fi plans on hold. The museum wants to install a Wi-Fi system for use by both museum staff and the public, but it has delayed purchasing equipment until after the 802.11i specification is ratified.
"I don't want to make a major investment in a lot of equipment that is just going to become obsolete later," Scholl said.
Scholl may be right to wait, Kozup said. 802.11i will be ratified perhaps as early as this summer, he said. Products could be on the market by the fall.
Scholl, however, finds little solace in waiting. He said that the IEEE should be able to find a more secure path for Wi-Fi without requiring costly and expensive hardware upgrades.
Still, Brian Mathews, the publicity chair for the IEEE's 802.11 committee, defended his group's work. He said the Wi-Fi market has already suffered from serious security problems with Wired Equivalent Privacy (WEP), the predecessor to WPA that was widely considered flawed. It is important that the group find the best security solution it can, he said.
"If we don't address security to the fullest extent possible, we'll get slammed as an industry," he said. "Hardware upgrades are unfortunate, but it is unacceptable to have a system that is not secure."
Kozup said that, when 802.11i-enabled equipment is available, businesses will have to segment the network using virtual local area networks to keep traffic with different security levels separate from each other. Using a service set identifiers (SSIDs), which are special wireless LAN naming conventions, administrators can set policies that segregate users based on the forms of security they are using. Those with lower levels of security may have access to less important data.
With so many different levels of security, networks could become more vulnerable, Kozup said. At the very least, they will become much more complicated to manage.