Cisco and Aruba prepare for next-generation wireless security

Aruba Wireless Networks claims to support the latest ratified 802.11i security standard, while Cisco Systems is reported to be...

Aruba Wireless Networks claims to support the latest ratified 802.11i security standard, while Cisco Systems is reported to be preparing WLan products with AES encryption, a key feature of 802.11i.

Both companies are taking their cue from the recent completion of 802.11i, a major step forward for the wireless industry, which has struggled to assure customers of adequate security.

Suppliers have introduced their own additional security measures, and the industry created the stopgap WPA (Wireless Protected Access) while awaiting 802.11i, but until last month there was no standardised way of ensuring sufficient protection for WLans.

The standard is expected to fuel a boom in wireless networking in enterprises and government bodies.

"We've been waiting for this for the past three years, really," said Ovum analyst Graham Titterington. "It has got to help the industry in the long term."

The Wi-Fi Alliance will launch interoperability certification testing for 802.11i in September under the brand name WPA2, but Aruba said it is already in field trials with customers, and will begin beta testing in August. The company will not be able to claim 802.11i compliance until it completes testing, but promises it will be able to offer 802.11i before its rivals because of a centralised architecture.

While most WLan equipment makers will implement the standard in each access point, Aruba will carry out all encryption in a centralised, software-programmable hardware engine, the company said.

"This provides investment protection to our customers as well as giving us a time-to-market advantage with new features such as 802.11i, since we don 't need to wait for our radio suppliers to release new drivers," said Aruba chief technology officer Merwyn Andrade.

Centralisation speeds up network performance and allows companies to combine encryption with functions like authentication and security policy enforcement, Aruba said. It also means that traffic stays encrypted across the network until it reaches the Aruba system, and that encryption keys do not need to be exchanged across the network or stored on access points.

"Serious concerns still exist regarding the exchange of encryption keys that are flying around corporate network, completely unprotected," said Farpoint Group analyst Craig Mathias.

Aruba's system will not be for everyone, however, said Ovum's Titterington. Customers will have to decide whether it is necessary to use a dedicated engine for encryption and other security functions instead of simply upgrading access points.

"It would only make sense for installations that are quite large and quite centralised," he said.

One of the most important aspects of 802.11i is the Advanced Encryption Standard (AES), which uses an encryption algorithm developed in Belgium and chosen by the US government as the new Federal Information Processing Standard in 2001. Wireless chip makers Atheros Communications and Broadcom have been shipping AES-enabled silicon since early 2003.

AES support would be a boon for large organisations that have standardised on gear from Cisco, a dominant force in the networking world.

If Cisco has lagged on AES support somewhat, it may be due to some confusion in its overall approach to wireless security, said analyst Titterington.

Matthew Broersma writes for

Read more on Wireless networking