WiFi phones have to make a trade-off between security and fast re-authentication. They need to allow real-time voice conversations to continue, even when a user roams from one access point to another.

With processing power, battery life and memory at a premium in most WiFi phones, they tend not to support the latest security specifications.

The WiFi Alliance has addressed this in its full agenda of new interoperability and RF performance tests (see A WLAN technology maturity update). What's happening with certification for WPA/WPA2 Enterprise, the latest WiFi-security technology standard still missing from WiFi phones?

Getting WPA/WPA2 Enterprise, which operates at the link layer, into WiFi phones "is a challenge for the whole industry," Greg Ennis, technical director of the WiFi Alliance, acknowledged at the Burton Group Catalyst conference last week in San Francisco.

He said the alliance is developing some test tools to "make it easier for the industry to converge" strong data and voice security using WPA2, also known as 802.11i.

One of the issues with supporting WPA and WPA2 in devices running real-time voice sessions is that the authentication/encryption services require user re-authentication as a user roams from access point to AP. The resulting latency can degrade voice quality or cause calls to drop.

Here's a sampling of the highest version of 802.11-standard link-layer security supported by some of today's popular enterprise-class WiFi phones. WPA2 adds strong AES encryption to WPA's message integrity check and per-packet key rotation.

SpectraLink NetLink Wireless Phones
The phones support the home/consumer flavour of WPA2 (WPA2 Personal), which uses a pre-shared key (PSK) for authentication. WPA/WPA2 Enterprise, by contrast, requires authentication to a central AAA server using the 802.1x Extensible Authentication Protocol (EAP) framework.

A SpectraLink spokeswoman said Voice over Wireless (VoFi) handsets will likely gain WPA2 Enterprise around the time that 802.11r roaming and 802.11k radio resource management standards are ratified (expected the second quarter of 2007), because these technologies will alleviate inter-AP roaming latency.

Cisco Wireless IP Phone 7920
Supports WPA Personal. Cisco recommends separate data and voice wireless virtual LANs (VLAN). It cautions that the 7920 authenticates automatically, regardless of the specific individual using it, so the password for the phone should not be the same password used on the data VLAN.

Symbol MC50 and MC70
The ruggedised WiFi voice/data MC50 carries the WPA Personal (PSK) certification. The Symbol radio used in the MC50's bigbrother, the WiFi/cellular voice/data MC70, was certified by WiFi Alliance for WPA and WPA2 (personal and enterprise modes for each), on June 7. At press time though, the MC70 certifications had yet to be officially listed on the alliance's Web site.

Vocera Communications System
The company's wearable badges, which voice-activate dialing, answering, and other workflow applications using a centralised Vocera server, support WPA Enterprise (using Protected-EAP, or PEAP).