Enterprise Wi-Fi Gets a Security BoostMay 19, 2009 – 2:22 PM
The Wi-Fi Alliance has expanded its WPA2 certification program to include a tool for secure handoffs between Wi-Fi and 3G networks, as well as an authentication system that uses multiple secured tunnels.
WPA2 (Wi-Fi Protected Access 2) is the most advanced security standard for Wi-Fi. The WPA2 certification program already included five other EAP (extensible authentication protocol) methods. The Wi-Fi Alliance tests routers, access points and client devices for interoperability using certain protocols and certifies them with its logo.
The newly added protocols, EAP-AKA (Authentication and Key Agreement) and EAP-FAST (Flexible Authentication via Secure Tunneling), are designed to better secure enterprise Wi-Fi LANs.
EAP-AKA was developed by the 3GPP (Third-Generation Partnership Project), the main standards body for 3G networks, and has been in use for a few years on both UMTS (Universal Mobile Telecommunications System) and CDMA2000 (Code-Division Multiple Access) networks. It allows for the handoff of calls between cellular and Wi-Fi networks using a single user identifier. As more mobile phones are equipped with Wi-Fi and more laptops and netbooks gain cellular data capability, having a standard way to shift calls from paid carrier networks to free Wi-Fi could be valuable, especially in enterprises that have rolled out Wi-Fi across their offices.
Cisco Systems created EAP-FAST several years ago as a replacement for its LEAP (Lightweight EAP), which was found to be vulnerable to certain types of attacks. Those included “dictionary” attacks, so-called because they generate a series of likely guesses at the network’s decryption key or passphrase. EAP-FAST is now an open international standard.