SAN MATEO, Calif. Microsoft released Monday (March 31) for download a free patch that adds Wi-Fi Protected Access (WPA) to both consumer and business versions of its Windows XP operating system. WPA offers an interim boost in security for 802.11 networks while the 802.11i standards effort continues its work.
WPA uses two 128-bit keys for authentication and those keys can be dynamically generated. Existing 802.11 security only uses one static key.
"We engaged Dell, Intel and others to take some of the good ideas in 802.11i and bring them forward now," said Jawad Khaki, vice president of Windows networking and communications at Microsoft.
Khaki said the new capabilities are designed to ensure users that 801.11 networks are safe to use today in the wake of well-publicized holes in existing wireless LAN networks. "A lot of the things people need to secure their wireless networks are here today," said Khaki.
The 802.11i work will provide a more rigorous security scheme but is probably about a year away from completion. However silicon based on the standard is already in development, said Jesse Walker, who edits the 802.11i standard and is a wireless engineer at Intel.
The 802.11i work seeks to overcome the "fundamental problem in weak encryption [in 802.11] that was not appropriate for a data link network and was cast in silicon accompanied by access points built around low-end CPUs that could not power a robust security solution." Walker said.
The new spec adopts the Advanced Encryption Standard and defines two new protocols to boost 802.11 security. Work on the protocols is essentially done, opening the door to chip developers to start work on new 802.11i-compliant devices.
However software work on key management is still ongoing, particularly for roaming across 802.11 networks. That's because the new standard requires independent keys essentially random bit sequences for every session.
Microsoft's WPA download can be found here.