Wi-Fi group toughens security standards for mobile devices

As the number of Wi-Fi equipped cellphones increases, so does the anxiety of IT administrators over whether the devices can safely sign on to their networks.

To meet those concerns, the Wi-Fi Alliance, an industry group promoting the technology, has added two more authentication standards for access points and handsets. That means equipment makers who want WPA-2 enterprise certification for their gear will have to now pass seven tests instead of five.

“This is keeping with the latest developments and state-of-the art in terms of authentication into enterprise,” said Edgar Figueroa, executive director of the Wi-Fi Alliance. The new protocols are:

–EAP-FAST (Flexible Authentication via Secure Tunneling) uses multiple secure tunnels during authentication but doesn’t require added servers to create certificates. Instead it manages authentication through a password domain generated on an ad hoc basis, which will be appealing to administrators. Created by Cisco Systems several years ago, it’s a protocol that some administrators may already be familiar with. “Its secure, it’s accepted, it’s popular,” said Figueroa.;

–EAP-AKA is a network authentication that can determine which services a user can access. “Its sort of the gatekeeper into the network,” Figueroa said, based on the Universal Mobile Telecommunications System (UMTS) Subscriber Identity Module. Sometimes called “micro SIM”, Figueroa said EAP-AKA is expected to be adopted by 3G network operators because it is newer than SIM.

The new tests “reflect our spirit in keep up with the latest in security,” he said. Product buyer can check which products have passed the alliance’s tests on its Web site.

Stan Schatt, vice-president of broadband and wireless network research at ABI Research, said the additions would be valuable. “When you look at the enterprise environment you’re starting to see a real pickup in wireless voice over Wi-Fi,” he said in an interview. “You’re also starting to see fixed mobile convergence take off in some vertical markets – health care being one, and higher education.”

The alliance’s move is part of a shift to replacing proprietary protocols with industry standards. “The problem with authentication schemes is they require a lot of support — they’re complicated, expensive in some cases. So it’s important for enterprises to have multiple options because they have different kinds of devices.”

He sees the addition of EAP-AKA as more significant because it is designed to oversee handoffs between a 3G and Wi-Fi network using a single user identifier. That’s important because the use fixed mobile convergence in the enterprise is increasing, he said.

According to an ABI survey, 44 per cent of all smartphones is use today have Wi-Fi capability. By 2014, it estimates 90 per cent will have the dual-mode capability.

A quick check of Canadian wireless operator Web sites indicates that Rogers Communcations has about a dozen Wi-Fi-capable phones, Bell Mobilty has about a half dozen. A spokesman for Telus said five of the cellphones in its lineup are Wi-Fi enabled.

The Wi-Fi Alliance is anxious to promote the technology in part because networks capable of running the faster WiMAX standard are starting to be built, while LTE-capable networks are expected in the U.S. by the end of the year.

Being able to switch from cellular to a less expensive wireless network will be increasingly appreciated by corporate managers. Schatt noted that wireless chipmaker Qualcomm believes every mobile device will have a phone in it one day. That could be, he said, if authentication schemes are light enough.