Security tools for Wi-Fi networks are sufficiently robust to ensure the platform’s success, a recent conference in Toronto was told. In a breakout session on Wi-Fi: Strategies for Success at EXPO COMM Canada 2004 last month, panelists explained that current security standards can be an integral component to a successful Wi-Fi strategy. Session participants didn’t delve into ensuring success for the plethora of Wi-Fi business models, but instead chose to focus on the technical requirements needed for a successful Wi-Fi plan. Brian Bourne, president of CMS Consulting, flatly stated that the tools already exist to ensure a secure wireless hotspot environment. Citing the example of Microsoft Corp. outfitting its campuses with a wireless local area network (WLAN), he said that the software giant secures the campus’ networks using the existing Wireless Protected Access (WPA) standard. He notes that WPA is now available in the $100 access points and is a significant step up from Wireless Encryption Protocol (WEP). With WPA, he said, "unless you’re allowed to authenticate, you can’t." Tim Allwine, director of product management and development at VeriSign, agreed that existing security tools are robust enough to ensure a high level of security in WLANs and that this level of security can also help in promoting greater hotspot roaming. "We want to securely authenticate users, and I’ll say roamers, regardless of the devices they’re using and regardless of the networks they’re (using)," Allwine said of the company’s vision of "universal strong authentication." The company believes that the Institute of Electrical and Electronics Engineers’ 802.1x framework, which defines extensible authentication protocol over LAN (EAPOL), is an ideal solution for both securing Wi-Fi networks and enabling greater roaming among hotspots of different operators. Allwine explained that this protocol has been used in wired LANs and is now beginning to make its mark in the wireless LAN space. It can also be extended to other types of networks such as metropolitan and wide area networks. "The neat thing about EAP in general is that it allows a secure tunnel to be set up between (the user) and the authenticator," he said during his presentation. On the roaming front, Allwine believes that the country’s wireless operators should look to a certificate-based model of authentication as opposed to a one-time password method for their inter-carrier roaming agreement (RoW, May 10/04). Certificates are a secure credential and can be deployed in software or on a hardware token, he adds. The combination of the 802.1x framework and the use of certificates in authentication create a larger "trust" network, Allwine explains. He cites the cable TV industry’s use of certificates for authenticating pay-per-view movie requests as an example and a model that could be adopted by players in the Wi-Fi space. "It will take the industry, though, to step up and establish this trust (network) through a certificate authority. It could be an industry body such as the CWTA (Canadian Wireless Telecommunications Association)," he said. "This model supports authentication of roamers back to their home service provider without replicating profiles across the network."