Microsoft offers WPA2 Wi-Fi security
- — 12 May, 2005 23:08
Microsoft has added a key wireless LAN security specification to Windows XP, the company announced Thursday.
The specification, called Wi-Fi Protected Access 2 or WPA2, requires a Wi-Fi client to include the AES (Advanced Encryption Standard) algorithm for encrypting data traversing a Wi-Fi network. AES is the type of encryption used in many government agencies and security-conscious industries.
WPA2 is an implementation of IEEE 802.11i, the wireless LAN security standard established by the Institute of Electrical and Electronics Engineers (IEEE), which oversees wireless LAN standards. The new, free software from Microsoft supports all features of WPA2, according to Taranjeet Athwal, a Microsoft program manager.
Users must have Windows XP Service Pack 2 in order to use the software, Athwal said. The company is investigating the possibility of adding WPA2 to Windows CE, he said.
In order to take advantage of WPA2, users will also need a wireless LAN that includes the new standard and a Wi-Fi network adapter with the processing power to handle AES encryption, Athwal said.
Many of the wireless LAN access points and client adapters being sold today can use WPA2 and come with add-on software for client devices. But having the software built in to Windows XP makes it more likely that managers of wireless LANs will actually use WPA2, according to IDC analyst Abner Germanow.
Windows support may also boost Wi-Fi adoption in government, where some agencies are required to use AES encryption on their network traffic, Germanow said.
Concern about security has been a major barrier to enterprise adoption of Wi-Fi, which has exploded in popularity in the home market over the past several years. The original Wi-Fi security mechanism, WEP (Wired Equivalent Privacy) was easily broken. In 2002, the Wi-Fi Alliance industry group improved upon WEP with the first version of WPA, which required the TKIP (Temporal Key Integrity Protocol) algorithm and included AES as an option. After the stronger IEEE 802.11i standard was completed last year, the group introduced WPA2, which requires AES and includes TKIP as an option.
AES is required under the U.S. Federal Information Processing Standard 140-2 specification, which covers many government agencies, according to Microsoft. In addition, using AES can help health care providers establish compliance with HIPAA (Health Insurance Portability and Accountability Act), and some security-conscious industries have followed the federal government's lead in using AES, said Drew Baron, lead program manager for wireless security at Microsoft.
In addition to AES, WPA2 uses the IEEE 802.1x protocol, a standard for authentication of users on both wired and wireless networks. Use of 802.1x has grown substantially over the past year because it offers a way to ensure that users are who they say they are, before they gain access to the network, IDC's Germanow said.
Microsoft has already provided the first version of WPA for Windows XP Service Pack 2, Athwal said. But that specification didn't meet government requirements, he said.
Microsoft's new software also includes WPS IE (Wireless Positioning Services Information Element), which lets a client detect both secured and non-secured wireless LANs that are operated from one access point. An ISP (Internet service provider) can run multiple networks from a single access point, such as secured and unsecured wireless LANs at a public hot spot, and broadcast the names of all of them. WPS IE lets a client discover all those networks, Microsoft's Baron said.
Users of XP with Service Pack 2 can download the new software from here.