Wi-Fi Alliance to test EAP types

* Alliance to deepen Wi-Fi test bed

Currently, the Wi-Fi Alliance, which certifies wireless LAN products for interoperability, tests hardware components only. However, the multivendor consortium has said it will soon likely also certify supplicant (client) and authentication server security software.

The 802.11i (WPA2) WLAN security standard, approved last June, specifies use of the 802.1X authentication framework for enterprise deployments. Within that framework, enterprises can choose which Extensible Authentication Protocol (EAP) algorithm they'd like to use.

Currently, when testing interoperability of products supporting 802.11i/WPA2, the alliance defaults to using EAP-Transport Layer Security (TLS), an EAP method requiring client- and server-side digital certificates, for purposes of the test, explains David Cohen, the chairman of the alliance's security marketing task group.

However, many enterprises have chosen (or, as they adopt 802.1X-based infrastructures, are likely to choose) any number of other industry-standard EAP types, including those that don't require the complexity of a public-key infrastructure. Among these are Protected-EAP (PEAP) and EAP-Tunneled TLS (TTLS).

"In the spring, we'll be deepening our interoperability testing," Cohen says. We will add PEAP and TTLS to our testbed. And we'll be looking at possibly adding EAP-SIM [Subscriber Identity Management]."

SIM cards used in cell phones identify the user at hand to a mobile network operator. Cohen said EAP-SIM could become important as Wi-Fi and cellular radios become combined in user handsets.

"Today, you hardly ever see [EAP-SIM] on the LAN, but we're trying to stay ahead of curve," Cohen says.

In fact, the alliance recently formed a task group focused on certification requirements for Wi-Fi functions in cellular devices. It has already Wi-Fi-certified the WLAN components of the HP iPAQ Pocket PC h6315 and Intermec 760 handheld mobile computer, both available now, as well as the Nokia 9500 Communicator and Motorola MPx, both scheduled to ship in the U.S. within the next six months. 

Today, when a vendor product is submitted to the alliance for Wi-Fi certification, it is tested against two supplicants and two authentication servers, each running EAP-TLS. In late first quarter or early second quarter 2005, products will be tested against four or five supplicants and authentication servers representing each of at least the three EAP types mentioned, greatly expanding the degree of interoperability testing, Cohen says.

Learn more about this topic

802.1X: A stepping stone

Network World, 10/04/04

Multi-radio smartphones emerge

Network World Wireless in the Enterprise Newsletter, 11/22/04

Vendors hit the 802.1X mark for access, but security holes remain

Network World, 05/10/04

Bluesocket to secure branch WLANs

Network World, 12/06/04

Strix to add outdoor WLAN mesh to product mix

Network World, 12/06/04

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2004 IDG Communications, Inc.