Wireless Home Security

Continued from page 1

The company's software, called SecureEasySetup, encrypts data and allows only approved devices that have the encryption keys (a collection of bits that encrypt and decrypt information) to access the network. A person pushes a button on the wireless router that comes loaded with the software, creating and storing a key. Then, after the user installs the software on a computer and follows a few prompts, the software automatically and wirelessly connects the device to the router, so they can share the key. Using the setup software, each device connects to the router wirelessly in a secure network that allows encrypted data to be sent and received.

Broadcom's security solution is already shipping in Linksys routers, Gateway laptops, and Hewlett-Packard printers, says David Cohen, cofounder of the Wi-Fi Alliance and senior product marketing manager for Broadcom. Both the wireless access point and devices need to have SecureEasySetup in order to work together. But, Cohen adds, hardware vendors will offer customers software upgrades for existing laptop or desktop computers without the technology.

Atheros, also a member of the Wi-Fi Alliance, proposes a slightly different user interface with its software, JumpStart. Via computer software, the router and devices also connect wirelessly to share a common password for two specific devices. Then, in an additional step, the password is used to create an encryption key that is stored by the software on each device. Early versions of JumpStart did not employ a push button technology, and relied on flashing LEDs on routers to confirm device authentication, but more recent versions also offer buttons for authentication.*

Unlike SecureEasySetup, JumpStart is open-source software. It can run on any device, from laptops and cell phones to cameras and printers. Additionally, says Andy Davidson, director of software at Atheros, the program doesn't need to run on devices that use wireless chips made by Atheros. "What you need is some commonly accepted or standardized method," Davidson says. "To help this problem, we posted the code in open source, so it's free for anyone to build this into their products."

Although it's unclear which interface or source code approach will prevail -- or whether, as is more likely, there will be a combination of the two -- what is known is the type of encryption protocol to be used. As of March 16, the alliance adopted a security protocol called WPA2, the second generation of Wi-Fi Protected Access, or WPA. WPA2 uses government-grade encryption (called Advanced Encryption Standard), which is much more robust than the original Wi-Fi encryption standard, Wired Equivalent Privacy, or WEP, which was shown to be extremely vulnerable in 2001, says John Hopkins' Stubblefield.

By the end of this year, an estimated 18.1 million homes will have gone wireless, according to Parks Associates, a consumer research firm. Currently, however, just 25 to 30 percent of them have any security on these networks, and even fewer use the WPA2 encryption standard, according to Broadcom.

In the end, though, it may take more than easier setups and a Wi-Fi Alliance certification to make most people take action to secure their networks, suggests Stubblefield. Widespread adoption may come only when device security features are turned on by default. "It's not that people don't want security," he says. "They just don't want to have to do anything about it."

*Correction, March 31, 2006, 6:30 pm EST: The original version of this story suggested that the current user interface for Atheros' system does not use a push button. An earlier version of Atheros’ JumpStart did not rely on a button for authentication, but the most recent version of the technology does.