Wi-Fi security standard to require new hardware

In June the IEEE is expected to finally ratify the 802.11i security standard that uses for the first time AES (Advanced Encryption Standard) technology, a powerful 128-bit encryption technology.

While AES, a standard currently approved for government use, FIPS 140-2, (Federal Information Processing) will give the enterprise the kind of strong encryption and sophisticated ciphers it has been asking for, it will also require new access cards and in many cases new APs (access points), according to Frank Hanzlik, managing director of the Wi-Fi Alliance.

Current processors in Wi-Fi cards and in many APs are not powerful enough to encrypt and decrypt 128-bit ciphers.

"Because WPA2 uses AES at its core, it requires an upgrade to support the co-processing needed," Hanzlik said.

WPA2 is the name the Wi-Fi Alliance has chosen to identify IEEE 802.11i standard.

A spokesperson for Cisco, one of the largest providers of enterprise APs, said AES is supported in hardware on the IEEE 802.11g versions of AP models 1100, 1200, and the newly announced 1300 outdoor AP/bridge. However, a software upgrade for those devices will be required and will be available free immediately after ratification by the IEEE of the 802.11i standard. Software upgrades will also be available for 802.11a, b and g card-bus and NIC cards.

Karen Pearson, principal marketing manger for wireless products at Intermec Technology, said current WA 21 and WA 22 access points with dual b/g radios will need to be upgraded. A radio module that has the AES encryption chip on it will be available in the late second quarter. In September a software upgrade that is also required will be available.

Ed Casas, chief architect at Vivato, said the current base station, the Vivato Wi-Fi Switch, has an AES encryption co-processor built in. However, the software for AES is not available and there is no time commitment from the company when it will be available. The next generation product, the VP 2200 base station, will be both 802.11b/g-compatible and will have both hardware and software compatibility with AES.

An Intel spokesperson said its current Centrino processors are compatible with AES. However, AES does require a software upgrade that will be available in the second half of 2004. Also, only Intel dual APs, 802.11/bg will support AES.

The IEEE is also expected to ratify, at the earliest the end of this year, a QoS spec, IEEE 802.11e.

The spec will have two components, WME (Wi-Fi Multimedia Extensions), which can be used by developers to assign priority to packets.

The second piece of the spec is WSM, (Wi-Fi Scheduled MultiMedia), and it will control resource management for bandwidth.

On the business side QoS will be mainly targeted in voice over Wi-Fi applications on VoIP (voice over IP) devices, according to Hanzlik.

"Eventually it will manage cell phones that include Wi-Fi and switch between networks as appropriate," Hanzlik said.

On the consumer side, QoS services will be required as consumer electronics vendors put Wi-Fi into TVs, DVD players, and home entertainment systems.

"You need to be able to manage bandwidth and prioritize the packets if you're sending a video image from your PC to your television," said Hanzlik.

Seeking to expedite the QoS standard, as it did with the 802.11i security standard when it took the stable portions of the specification to create WPA, the Wi-Fi Alliance will start a certification program for the WME component of the 802.11e spec in September.