Getting strong security into Wi-Fi phones

* WPA2 for Vo-Fi may hinge on other standards

The Wi-Fi Alliance has a full agenda for new interoperability and RF performance tests that it intends to conduct (see A WLAN technology maturity update). Now, what’s happening with certification for WPA/WPA2 Enterprise, the latest Wi-Fi-security technology standard still missing from Wi-Fi phones?

Getting WPA/WPA2 Enterprise, which operates at the link layer, into Wi-Fi phones “is a challenge for the whole industry,” Greg Ennis, technical director of the Wi-Fi Alliance, acknowledged at the Burton Group Catalyst conference last week in San Francisco. He said the alliance is developing some test tools to “make it easier for the industry to converge” strong data and voice security using WPA2, also known as 802.11i.

One of the issues with supporting WPA and WPA2 in devices running real-time voice sessions is that the authentication/encryption services require user reauthentication as a user roams from access point to AP. The resulting latency can degrade voice quality or cause calls to drop.

Here’s a sampling of the highest version of 802.11-standard link-layer security supported by some of today’s popular enterprise-class Wi-Fi phones. WPA2 adds strong AES encryption to WPA’s message integrity check and per-packet key rotation.

* SpectraLink NetLink Wireless Phones

The phones support the home/consumer flavor of WPA2 (WPA2 Personal), which uses a pre-shared key (PSK) for authentication. WPA/WPA2 Enterprise, by contrast, require authentication to a central AAA server using the 802.1x Extensible Authentication Protocol (EAP) framework. A SpectraLink spokeswoman said Vo-Fi handsets will likely gain WPA2 Enterprise around the time that 802.11r roaming and 802.11k radio resource management standards are ratified (expected the second quarter of 2007), because these technologies will alleviate inter-AP roaming latency.

* Cisco Wireless IP Phone 7920

Supports WPA Personal. Cisco recommends separate data and voice wireless virtual LANs (VLAN). It cautions that the 7920 authenticates automatically, regardless of the specific individual using it, so the password for the phone should not be the same password used on the data VLAN.

* Symbol MC50 and MC70

The ruggedized Wi-Fi voice/data MC50 carries the WPA Personal (PSK) certification. The Symbol radio used in the MC50’s big brother, the Wi-Fi/cellular voice/data MC70, was certified by Wi-Fi Alliance for WPA and WPA2 (personal and enterprise modes for each), on June 7. At press time, though, the MC70 certifications had yet to be officially listed on the alliance’s Web site.

* Vocera Communications System

The company’s wearable badges, which voice-activate dialing, answering, and other workflow applications using a centralized Vocera server, support WPA Enterprise (using Protected-EAP, or PEAP).

Copyright © 2006 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022