Wireless-Security Threats Come of Age

By Cheryl Ajluni

In today's technologically advanced society, security threats are a constant source of frustration and pain. Unfortunately, such threats come in a wide range of variations. For example, phishing is the practice of sending fraudulent e-mails to encourage users to divulge personal or financial information. In contrast, computer worms leave an operating system vulnerable to insider data leaks. Another example is voice spam, which resulted from the adoption of voice-over-Internet-Protocol (VoIP) applications. As security systems become more sophisticated, the threats will only get worse. Those threats will have to become increasingly complex in an effort to stay ahead.

Not too surprisingly, security has always been a problem for wireless technologies. After all, these technologies aren't restricted by the physical constraints of cabling and walls. Wireless local-area networks (WLANs) have proved especially tricky to secure. Technologies like Wi-Fi have become more widespread. Yet users are still ignorant about the security measures that they must employ to keep hackers at bay. As Wi-Fi moves into new venues, such as airplanes and trains, cyber-criminals will attempt to exploit this lack of knowledge even further.

Current wireless technologies are particularly vulnerable. Cyber-criminals and hackers are now working to exploit the low levels of security in mobile communications. They can then gain access to the data in laptops and other devices that contain people's private information. According to security experts, 2006 may well be the year that the threats of wireless networks come of age. Business users' laptops-with their e-mail security and management services-will be prime targets.

Luckily, most high-tech companies have opted to be pro-active rather than reactive to possible security threats. Microsoft is one such company. Its Vista operating system (OS), which is due out toward the end of the year, will act as a kind of base of operations for identifying and fighting off attackers. Among its many features, the OS lets people know when they're visiting suspicious web sites. It also can quarantine suspicious downloads so that they don't infect vital computer processes.

Windows Vista promises to improve the wireless experience in a number of ways. For example, it allows the user to easily configure a secure wireless network. PCs and devices like wireless cameras, networked printers and scanners, and networked media devices can then be quickly and easily connected to that secure wireless network. With Windows Vista, wireless devices are automatically discovered and drivers are automatically installed. The OS therefore provides the same ease of use as physically connected devices.

Windows Vista also supports the discovery of people who are physically nearby on any shared network. It automatically identifies those people and makes them available for collaboration-as long as they choose to participate. These features spell good news for consumers-especially as wireless networking continues to proliferate at a rapid pace.

In addition, Microsoft has developed the InfoCard authentication technology as a way to combat security threats. This technology also enables consumers to better manage their digital identities. With InfoCards, users save personal information on virtual cards located on their computers. Each card contains varying levels of information. The user is able to choose which card to use for each web transaction. Web sites will be configured to recognize the encrypted and secure InfoCard data. Those sites will allow secure information to be transmitted to them. As a result, user names and passwords will no longer be needed to sign into a web site.

IEEE 802.11i is an amendment to the WLAN 802.11 standard that specifies security measures for wireless networks. It requires new encryption key protocols, which are known as Temporal Key Integrity Protocol (TKIP) and the Advanced Encryption Standard (AES) cipher. AES requires a dedicated chip, which may mean hardware upgrades for most existing Wi-Fi networks. Other features of 802.11i include key caching, which facilitates fast reconnection to the server for users who have temporarily gone offline. In addition, pre-authentication allows fast roaming and is ideal for use with advanced applications like VoIP.

On the WLAN front, companies like Cisco and Intel have emerged with a strong presence. Intel, for example, has been a key member of the task group that authored the 802.11i wireless-security specification as well as the version produced by the WiFi Alliance (known as WiFi Protected Access or WPA). Plus, the Intel Centrino mobile-technology-based processors incorporate 802.11i security. For its part, Cisco offers a number of products that take advantage of 802.11i security standards. An example is the Cisco Aironet 1200 Series Access Point.

Windows Vista includes new features that make the user's network easier to set up and use. The network also will be more secure and reliable.

Despite the progress of 802.11i, many challenges lie ahead. Its adoption could be slowed by the cost of new hardware as well as complexity and interoperability issues. Some minor security-related issues also need to be resolved, although they don't appear to be related to the security of data. A new 802.11 study group has been approved to find a consensus on how to protect the control messages in a wireless network.

Another issue that needs to be addressed is the fact that 802.11i keying and authentication are too slow to support real-time applications like voice. Voice sounds fine until the user starts walking around, which causes him or her to disconnect from one access point and connect to another. The 802.11r task group, which includes Intel, has been created to solve this problem. Intel has been working on a solution with Cisco and Texas Instruments.

These days, wireless devices seem to be everywhere. Hot spots are popping up worldwide in coffee shops, airports, and even sports venues. Tens of millions of wireless devices will be sold this year. That number will include the majority of notebook computers as well as cell phones and personal digital assistants (PDAs). At every level-whether at a hot spot or on a cell phone or PDA-security breaches remain a real and potentially dangerous risk. That risk will need to be effectively addressed if the wireless and networking industries are to reach their full potential.

Cheryl Ajluni is the owner of Custom Media Solutions, specializing in technology-based content for publications and tradeshows. She can be reached at cherylajluni@yahoo.com.