on Monday rolled out its own alternative for Windows XP users, new software that promises increased security in the areas of data encryption and user authentication.
Microsoft announced the availability of a free XP download with support for the standards-based Wi-Fi Protected Access (WPA), a network security solution from the Wi-Fi Alliance.
Microsoft's XP update would tweak the way the OS communicates with the Wi-Fi protocol. Instead of having one encrypted key for everyone to connect to the network, Microsoft said its WPA update would provide separate keys for each system connecting to the Wi-Fi network.
The move comes as researchers continue to decry weaknesses in WEP, which is the de-facto security tool for the Wi-Fi/802.11 standard. Various WEP vulnerabilities such as the plaintext attack, bit flipping attack, and statistical analysis attack have been well publicized.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iWEP
, which is designed to provide the same level of security as that of a wired LAN, is considered weak because it uses RC4 encryption algorithm, a stream cipher, for encrypting packets. WEP's inability to have per user/session keys and the lack of re-keying support to allow changing the encryption key frequently have also been highlighted as major weaknesses, according to security research.
Microsoft's new initiative is being touted as a replacement for WEP because it offers increased methods of data encryption and network authentication. "The result is a new level of protection for customers taking advantage of the wireless features in Windows XP," the software giant said in a statement.
To improve data encryption, it said WPA would resolve existing cryptographic weaknesses and introduce a method to generate and distribute encryption keys automatically. Each bit of data would be encrypted with a unique encryption key. Microsoft said the update would also introduce an integrity check on the data so an attacker cannot modify packets of information being communicated.
To beef up enterprise-level user authentication, Microsoft said WPA authenticates every user on the network while keeping those users from joining rogue networks.