Aruba Wireless Gets Wi-Fi Certified
Aruba Wireless Networks (Aruba) announced that it is the first centralized wireless LAN (WLAN) systems supplier to obtain 802.11i (Wi-Fi Protected Access 2) certification from the Wi-Fi Alliance.
With this certification, the Aruba WLAN system offers corporate and government customers the highest level of wireless security available today. The Aruba system delivers security services through its unique wireless grid architecture — a structured, high-performance approach to deploying mission-critical WLANs.
WPA2 is based on the Institute for Electrical and Electronics Engineers’ (IEEE) 802.11i amendment to the 802.11 standard, which was ratified on July 29, 2004. WPA2 uses a more advanced encryption technique called the Advanced Encryption Standard (AES) and is backwards compatible with WPA(TM), ensuring that organizations that have already implemented WPA can easily migrate to the new 802.11i standard.
“Aruba is commended for receiving WPA2 certification for its centralized WLAN switching system. This level of commitment to interoperability and security is a clear commitment to the evolving needs of their customers,” commented Frank Hanzlik, Managing Director of the Wi-Fi Alliance.
“Enterprises continue to view security as a key roadblock to the pervasive deployment of Wi-Fi(R),” said Merwyn Andrade, chief technology officer for Aruba. “The WPA2(TM) standard and Aruba’s certification are major milestones for enterprises and government organizations planning to deploy wireless. By integrating WPA2 into a centralized WLAN switching system, enterprises can now confidently enable mobile access to their existing data-center applications without sacrificing security or performance.”
Centralized WPA2 Security Delivers Device-To-Datacenter Encryption Aruba’s WLAN systems uniquely centralize all 802.11i security functions, including wireless encryption, authentication and user access controls to deliver the highest levels of security for enterprise deployments. Unlike other WLAN approaches, Aruba’s WLAN system performs AES encryption inside the WLAN switch rather than in access points (APs). This approach ensures that encrypted wireless traffic is carried over the wired network and immune to security threats.
“WPA2 is a great leap forward in securing the air,” said Keerti Melkote, Vice President of Product Management and Marketing for Aruba. “However, terminating WPA2 encryption in the access point effectively limits the benefits of WPA2 to airborne traffic alone. It is well known that the internal wired network is insecure and exposed to misuse. By terminating encryption in a centralized WLAN switch instead of the edge access point, Aruba is delivering the industry’s only device-to-datacenter encryption solution based on WPA2 and protects wireless traffic from the threats in the air and in the wired network.”
Centralized Encryption Enables Low-Cost Workspace Deployment of Access Points
Since all encryption is performed directly within each Aruba WLAN system, encryption keys remain completely secure thereby avoiding the latencies and insecurities associated with distributing encryption keys to each AP. In addition, centralized encryption enables enterprises to safely deploy APs in user workspace rather than in the ceiling. This can dramatically lower installation costs and improve wireless performance through the dense deployment of APs.
Because encryption is performed through a hardware-based cryptographic engine, Aruba’s modular WLAN system delivers industry leading WPA2 performance. A single Aruba 5100 can process up to 3.6 Gbps of encrypted user traffic — a key metric in determining WLAN system performance and scalability.
Pre-Authentication and Key Reuse Enables Faster Roaming
802.11i delivers strong link layer security using digital encryption keys that are generated when a client authenticates with the network. However 802.11i must be adapted to meet the stringent mobility needs of real-time communications such as voice and video.
When a user roams from one AP to another, fresh encryption keys must be renegotiated according to the 802.11i specification. This renegotiation often proves fatal for voice and other real-time communications — taking hundreds of milliseconds, or even seconds. This results in high latencies, scalability problems and multiple points of failure.
Aruba’s centralized encryption breaks new ground for 802.11i deployments by integrating all necessary components for seamless and secure mobility directly within the WLAN system. Key benefits include:
— Improved WLAN scalability from not having to distribute and synchronize encryption keys to access points when a station roams,
— Improved RADIUS scalability by offloading authentication for every client roaming event, and
— Faster secure roaming via centralized key management for 802.11i
With Aruba’s centralized encryption model, user encryption keys are stored in a centralized wireless system and do not get propagated to the APs. Faster handoffs and greater scalability are a natural result. In addition, since the pair-wise master key (PMK) is stored centrally and never gets propagated out of the switch, its integrity is assured for much longer periods providing better mobile security.
Distributed or hybrid approaches, where encryption is performed at the AP, must anticipate user mobility by proactively pushing encryption keys to different APs. Aruba eliminates this problem and its associated inefficiencies by centralizing the encryption, mobility state and traffic policies for each user directly within the WLAN system.