Vendors make a wireless end run

Microsoft Corp., Cisco Systems Inc. and major wireless LAN hardware manufacturers have joined forces to beef up security for 802.11b wireless LAN products through a project dubbed Safe Secure Networks, Computerworld has learned. An announcement is slated for next month.

The SSN project grew out of a multivendor initiative kicked off earlier this year to address known weaknesses in the Wired Equivalent Privacy protocol, said Warren Barkley, lead program manager for wireless in Microsoft’s Windows division. Building security beyond WEP into wireless LAN products would help users guard against hacker intrusions.

The SSN partners include semiconductor manufacturer Intersil Corp. and enterprise wireless LAN hardware makers Agere Systems Inc., Symbol Technologies Inc. and Proxim Inc. Barkley said the group plans to adopt a technology called Temporal Key Integrity Protocol ahead of its final approval by the Institute of Electrical and Electronics Engineers Inc.’s 802.i standards body. He added that the SSN partners have worked to ensure that the TKIP fix is compatible with the existing installed 802.11b, or Wi-Fi, hardware base. That’s a key issue for businesses as well as home users, who have installed millions of wireless LAN access points and cards.

TKIP defeats hacking by providing users with dynamic keys that can be changed rapidly, rather than the static keys used in WEP. Not only are WEP keys static, but every user working with a particular wireless LAN access point receives the same key, allowing hackers using widely available key-cracking software to crack keys with relative ease.

Barkley said the SSN partners don’t plan to wait until the IEEE issues its final version of the 802.i standard but will instead incorporate TKIP into their products as soon as possible. And rather than wait for the next Windows XP service pack release, Microsoft will incorporate TKIP into XP before the end of the year, he added.

Dennis Eaton, chairman of the Wireless Ethernet Compatibility Alliance (WECA), a wireless LAN industry trade group in Mountain View, Calif., said that final details on an industrywide SSN standard are “very close” and that the WECA plans to make a major announcement next month.

John Pescatore, an analyst at Gartner Inc., said plans by the industry to leapfrog the IEEE 802.1 standards body make sense because the IEEE process “moves very slowly” and the wireless LAN industry needs better security immediately.

Barkley said the first Windows XP service pack, released earlier this month, includes support for Protected Extensible Authentication Protocol (PEAP), which fixes a known vulnerability in the new 802.1x standard that authenticates the identity of a user with a central server. Dan Bailey, director of wireless networking at NTRU Cryptosystems Inc. in Burlington, Mass., said PEAP can help rectify flaws in 802.1x that could possibly let a hacker “hijack a user authentication session” through what he called “a man-in-the-middle attack” on such a session.

Linda Horiuchi, a spokeswoman for Cisco, said the company intends to add PEAP support to its Wireless Security suite this week but declined to provide further details.

Pescatore said that while PEAP and TKIP haven’t gone through the IEEE approval process, they will become de facto standards because of the size and influence of the companies backing them. “They’re better than the [current] alternatives, and [the manufacturers] have to ship something.”