Responding to criticism that 802.11x's legacy security mechanism, Wired Equivalent Privacy (WEP), is extremely vulnerable to hackers and the prying eyes of "wardrivers," the Wi-Fi Alliance released a new, more secure version that can co-exist with legacy Wi-Fi-certified products.
The new security technology, dubbed Wi-Fi Protected Access (WPA), replaces WEP and was created in conjunction with the Institute of Electrical and Electronics Engineers (IEEE) 802.11 Standards Working Group for Wireless Local Area Networks. WPA, which will be deployed in early 2003 and available to legacy WEP-based gear via software upgrade, is derived from the forthcoming IEEE 802.11i draft standard. The IEEE expects to publish the 802.11i standard by the end of next year.
The Wi-Fi Alliance said it will give vendors the option to ship with WPA turned on or off initially, although vendors eventually will be required to ship with WPA switched on.
Addressing WEP's known vulnerabilities, WPA features improved data encryption through Temporal Key Integrity Protocol (TKIP), which provides a variety of data encryption enhancements such as per-packet key mixing and message integrity checks.