What Wi-Fi trends are expected in 2020?

Securing Wi-Fi connections is an important crucial networking, and Wi-Fi Alliance® has isbeen on the forefront of evolving Wi-Fi security.

Passpoint mandates the use of Protected Management Frames for all connections and it leverages the EEE 802.11u specification – a version of 802.1x. It’s restricted to access points and devices capable of WPA2 and WPA3 authentication, specifically the EAP authentication protocol,. That’s which is the current industry standard for network security.

Passpoint technologies are key to support mobile data offload and are key enablers for both mobile operators and internet service provider services.

Native support is available in the Android™ O (and later) operating system.

Wi-Fi Aware incorporates enhanced power savings, service discovery, Bluetooth Low Energy triggered initialization, device ranging, as well as native and IP-based data transfer. ​

Hospitality chains may own many brands but a single consolidated rewards program. Without Passpoint, either the rewards program SSID needs to be added at every hotel or users’ phones must be configured with several SSIDs. Passpoint can function with a single profile that identifies the rewards program instead of a hotel SSID. When a user visits an associated property, their device will automatically identify the access point and connect.

Other legacy protocols are earlier generations of Wi-Fi security, which have been updated or replaced over time due to the changing security landscape needs. The original security standard was Wired Equivalent Privacy (WEP). It was replaced by the original Wi-Fi Protected Access (WPA) in 2003 as an interim solution to the limited protection offered by WEP. The WPA program added support for Temporal Key Integrity Protocol (TKIP) encryption, an older form of security technology with some vulnerability to cryptographic attacks. WPA was replaced in 2004 with more advanced protocols of WPA2.

Though the threat of a security compromise is small, users should not purchase new equipment which supports only WPA with TKIP. Only devices supporting WPA3 security should be purchased and used.

Wi-Fi Aware has a longer range than other commonly used technologies. Proximity-based applications are more useful when the connection allows for a longer range. Additionally, once connected, devices can leverage the high-performance, fast speeds, and a high level of security that Wi-Fi delivers. The latest enhancements to Wi-Fi Aware also offer discovery by Bluetooth LE, which will trigger a formal Wi-Fi Aware session by first waking the Wi-Fi radio.

Wi-Fi Aware operates at typical Wi-Fi range.

Wi-Fi Agile Multiband: Fast Basic Service Set (BSS) Transition, also known as Fast Transition, is based on IEEE 802.11r. Fast Transition enables devices to reauthenticate quickly with WPA2 security when roaming within the same Wi-Fi network, improving experience with latency sensitive applications such as voice over Wi-Fi.

Wi-Fi Optimized Connectivity: Fast Initial Link Setup (FILS) Authentication is a mechanism defined in IEEE 802.11ai to enable fast authentication to APs.

Devices that are certified for Wi-Fi Vantage represent the most recent and interoperable Wi-Fi technologies for managed networks. Users will experience fewer connection interruptions during calls or video streaming, even while traversing through a transportation hub like a large airport. These devices, when used in a Wi-Fi Vantage enabled network, bring a more seamless and consistent connection and therefore a better mobile experience.

Managed networks are Wi-Fi networks, such as those operated in airports, stadiums, schools, office buildings, retail and hotel locations and other venues, that are “managed” by network administrators to optimize their coverage, performance, and network access. These networks are frequently open to the public or offer access to subscribers.

Future generations of Wi-Fi Vantage will add enhancements in network access, frequency band and channel management, and reduced connection times, resulting in improved roaming and management of Wi-Fi networks.

Wi-Fi Aware incorporates capabilities enhancing peer-to-peer communications by enabling devices to exchange information and services without the need for network infrastructure or sophisticated setup processes. Within Wi-Fi Aware networks, connections are contextually formed, creating a simple data exchange mechanism based on shared user preferences.​

Wi-Fi Aware mobile device experiences are application-driven; and users can control privacy settings and opt-in to desired notifications. Users can configure an application to offer and/or seek services on nearby devices.  

Wi-Fi Aware was designed to be power efficient by establishing independent networked “clusters” synchronized to a common “heartbeat” to exchange small messages about services available nearby. Continuous discovery occurs in the background without putting undue burden on the battery of a mobile device.

Wi-Fi Aware operates in 2.4 GHz and 5 GHz. Discovery occurs in the 2.4 GHz band, channel 6 (discovery in 5 GHz is optional).

Many devices can receive updates to support Wi-Fi Aware. Whether a device can receive software updates to add the new functionality or not depends upon vendor implementation. Native support for Wi-Fi Aware is available in the Android O (and later) operating system.

Wi-Fi Aware is a similar peer-to-peer connectivity technology to Wi-Fi Direct. However, while Wi-Fi Direct requires a centralized coordinator, called a Group Owner, Wi-Fi Aware creates decentralized, dynamic peer-to-peer connections. Many applications, such as Miracast and direct printer connections, work well with Wi-Fi Direct. Wi-Fi Aware is positioned to provide peer-to-peer connectivity in highly mobile environments, where devices join or leave in a less deterministic manner. Whether it's professionals at a crowded conference to find each other or strangers on a subway momentarily joining a multi-player game, Wi-Fi Aware connections seamlessly adapt to changing environment and usage conditions. 

Mobility is used to describe continuous network connectivity, providing the user with anytime, anywhere access to social media, clinical, or business application data. When Wi-Fi^® client devices and the hospital network to which they connect properly support mobility, a wireless device can access the network while on the move anywhere in the building and sometimes outside of the building (e.g. walkways between buildings). To properly support mobility in hospitals, adherence to best practices in the design, installation, and management of the Wi-Fi network and devices is essential.

Mobile devices refer to those used by an end user who moves about the hospital or healthcare facility and requires a persistent connection. Examples are patient-worn telemetry devices that continuously monitor the vital signs of an ambulatory patient, or a smart phone that provides a physician attending to a patient instant access to all of the clinical systems required to provide care.

There are many reasons why a client will roam from one AP to another, the most common one being when a client moves from the radio frequency (RF) boundary of one AP to another AP. Healthcare environments are often very challenging from an RF planning standpoint, due to their physical structure, with long hallways, isolated patient rooms, and shielded radiology areas. These physical challenges can create abrupt transitions between AP coverage areas and inhibit fast and efficient roaming performance. With the strict performance and availability requirements of medical devices, significant emphasis on establishing a robust and reliable Wi-Fi network is important.

Off-channel scanning is when a Wi-Fi client device tunes its radio to another channel to look for available APs or scans for APs on a channel to which it is not connected (hence “off-channel”). The client scans the off-channel APs looking for a suitable AP to connect to in case it needs to roam from its current ‘on-channel’ AP.

An access point (AP) can also perform off-channel scanning. This process is the same as off-channel scanning for Wi-Fi client devices and essentially allows the AP to tune its radio to a different channel for a finite amount of time. Off-channel scanning is typically used as a method to detect sources of interference, rogue or unauthorized ad-hoc Wi-Fi networks. The operation of performing off-channel scanning is highly dependent in terms of manufacturer implementation and configuration of the WLAN.

When an AP is performing an off channel scan, the client devices that are connected to it will not be able to send traffic to the network. This can be disruptive to real time streaming devices that rely on a persistent connection. Care should be taken in the configuration of off-channel scanning.

The reason for client scanning is to determine a suitable AP to which the client may need to roam now or in the future. A client can use two scanning methods: active and passive. During an active scan, the client radio transmits a probe request and listens for a probe response from an AP. With a passive scan, the client radio listens on each channel for beacons sent periodically by an AP. A passive scan generally takes more time, since the client must listen and wait for a beacon versus actively probing to find an AP. Another limitation with a passive scan is that if the client does not wait long enough on a channel, then the client may miss an AP beacon.

In many countries, regulatory requirements may limit the number of 5 GHz channels available or place additional restrictions on their use because the spectrum is shared with other technologies and services. For instance, in the US and other countries, some of the Unlicensed National Information Infrastructure (U-NII) bands are used by radar systems. Wi-Fi networks operating in those bands are required to employ a radar detection and avoidance capability. The IEEE 802.11h standard addresses this requirement by adding support for DFS and transmit power control (TPC) on every DFS channel.

If a Wi-Fi AP detects a radar system on a channel with DFS enabled, the AP must announce to associated client devices that it is vacating the channel on which the radar is detected and the new channel to which it is moving. The client devices must immediately vacate the channel and are expected to associate to an AP on a different channel.

For the 5 GHz bands that include DFS channels, clients are forbidden from performing active scans and must only use passive scanning. This can increase the time required to identify and select candidate roaming targets. This increase in scanning time may prevent some clients from keeping their connection active while roaming across APs.

When an AP detects radar it is allotted a period of time to search for available channels. This time period may exceed the application connectivity threshold and cause a client to lose its connection even though the DFS rules were strictly followed.

In some environments, it may be preferable to restrict RF usage to channels in which DFS is not mandated. Consult the country-specific regulations to determine which channels are DFS mandated.

The healthcare industry adheres to another layer of security requirements prescribed by laws addressing privacy and a patient’s clinical information (e.g. HIPAA (Health Insurance Portability and Accountability Act, PCI (Payment Card Industry)). Protecting electronic health information is an essential business need for hospital administrators. Fortunately, Wi-Fi has strong encryption and authentication capabilities in the form of WPA2^™ to assist IT managers in implementing security policies.

The basic security principle in IEEE 802.11 is that each time a client connects to an AP it must complete the authentication process. The two main types of security used are WPA2-Personal and WPA2-Enterprise and each has a different impact on roaming behavior because WPA2-Enterprise requires more steps in the authentication process. When the Enterprise version of Wi-Fi Protected Access^® 2 is used, the required authentication when roaming adds time to the authentication or re-authentication process. For mobile devices, this added time may impact real-time streaming client performance. For important clinical applications like telemetry, where mobility is a part of the clinical usage, the use of a fast roaming algorithm such as 802.11r is recommended. As an example, when high quality of service (QoS) applications such as VoIP are used on a properly implemented Wi-Fi network, the combination of WPA2-Enterprise and fast roaming techniques provide a secure and reliable connection. The Wi-Fi Alliance’s Voice-Enterprise certification incorporates these important capabilities and is a key enabler of a high-performing enterprise WLAN.

Passpoint enabled mobile devices can choose networks based on a list of preferred (direct or partner) providers, specific services and/or the best performance characteristics. For service providers offering a managed experience, seamless authentication is a valuable element, and Passpoint networks also support deployments where a click-through screen is essential for acceptance of terms and conditions or branding.

Passpoint devices use industry-agreed uniform mechanisms for discovering and creating secured connections to hotspots. This allows a subscriber to experience seamless Wi-Fi connectivity to a hotspot anywhere in the world a user’s provider has roaming agreements. Passpoint is specified as a requirement for the Wireless Broadband Alliance’s industry work on Wi-Fi roaming.

Passpoint makes use of elements of IEEE 802.1X, 802.11u, 802.11i, and WPA3™-Enterprise security, as well as some Wi-Fi Alliance defined mechanisms.

Members of Wi-Fi Alliance created the program. The group which developed Passpoint includes service providers, mobile operators, fixed line operators, and makers of mobile devices and infrastructure equipment.

Passpoint provides a better Wi-Fi user experience while mobile. Users with certified Passpoint devices can enjoy the benefits of streamlined network selection and secure connectivity at Passpoint enabled hotspots. Passpoint-enabled devices operate based on user preference.

Most of the existing silicon is Passpoint capable. The hardware and software platform of a given device determines whether it can be upgraded in the field. Equipment that has previously undergone certification testing can be updated and resubmitted for Passpoint certification.

Legacy mobile devices can connect to Passpoint access points configured for open system authentication, although they will not enjoy Passpoint features for network selection, automatic authentication, or expanded security. A user connecting to an open network with a legacy mobile device will manually find the available networks and then select and connect to the preferred network.

The access points used in hotspot and enterprise networks are often configured to support multiple SSIDs (networks) on the same equipment; a configuration that offers a Passpoint-certified network and a separate open network allows Passpoint mobile devices to enjoy the full benefits while supporting legacy clients.

Passpoint is a key enabler for many applications. The scope of Passpoint testing is to ensure that the mechanisms for seamless discovery and creation of a secured link are implemented correctly. It is application-agnostic.

Infrastructure equipment such as access points, and mobile and portable devices such as smartphones, tablets, and notebooks have been certified. Passpoint is available on both SIM and non-SIM Wi-Fi devices.

Protected Management Frames (PMF) provide protection for unicast and multicast management action frames. Unicast management action frames are protected from both eavesdropping and forging, and multicast management action frames are protected from forging. They augment privacy protections already in place for data frames with mechanisms to improve the resiliency of mission-critical networks. PMF is required for all new certified devices.

As of July 1, 2020, all new Wi-Fi CERTIFIED devices require WPA3. The only way to be sure that a product meets the latest security standards is to purchase only Wi-Fi CERTIFIED products.

The Converged Wireless Group RF Profile Test is a test plan that was jointly developed by CTIA® and Wi-Fi Alliance® to provide detailed radio frequency performance profile in a mixed-network (Wi-Fi and Cellular) environment. Manufacturers of converged handsets and Wi-Fi networking infrastructure devices (access points) can participate in this test program to provide carriers with independent evaluations of their equipment, and carriers can use the test reports to compare handsets from different manufacturers. Completion of CWG testing does not result in a Wi-Fi certification.

Configure Wi-Fi client devices (laptops, handsets, and other Wi-Fi enabled products) to enable security protections.

Configure for approved connections: Many devices are set by default to sense and automatically connect to any available wireless signal. Wi-Fi Alliance recommends that you configure your device to not automatically connect to an open network without your approval.

Disable sharing: Wi-Fi enabled devices may automatically enable themselves to sharing / connecting with other devices when attaching to a wireless network. File and printer sharing may be common in business and home networks, but this should be avoided in a public network such as a hotel, restaurant, or airport hotspot.

Users may also wish to use complementary security measures to improve the security of their activity over the internet including virtual private networks (VPNs), firewalls, etc.

This industry-supported program provides detailed information about the RF performance of the Wi-Fi radio in a converged handset, as well as how the cellular and Wi-Fi radios impact one another. It provides a uniform evaluation approach that enables a standard way to contrast and compare converged devices.

Compatibility and quality are achieved through testing of Wi-Fi products. Consumers should always look for the Wi-Fi CERTIFIED logo to ensure the best user experience possible.

The comprehensive over-the-air testing program provides detailed measurements on key parameters, described in layperson terms below. The measurements are taken in a 360-degree environment in order to create “real-world” conditions:

• Measurements to provide information about the reach of a Wi-Fi radio signal sent by a converged phone or AP, called transmit power (TRP, or Total Radiated Power)
• Measurements to provide information about how well the Wi-Fi radio can detect an incoming signal in a converged phone or AP, called receive sensitivity (TIS, or Total Isotropic Sensitivity)

In addition, the program includes:

• Measurement of the signals ahead of the Wi-Fi antenna, called conducted power and sensitivity
• Measurement of the reduction in sensitivity (desensitization) of a Wi-Fi receiver caused by the presence of an active cellular transmitter, and to ensure that the performance of the Wi-Fi receiver is within acceptable limits
• Measurements of the desensitization of a cellular receiver caused by the presence of an active Wi-Fi transmitter, and to ensure that the performance of the cellular receiver is within acceptable limits

To complete the testing a device must also be Wi-Fi CERTIFIED™ for core Wi-Fi interoperability and WPA2™ security, and CTIA certified for cellular performance.

In the context of Wi-Fi technology, security means two things. First, controlling who can connect to and configure your network and equipment. Second, it means securing the data travelling wirelessly across your Wi-Fi network from unauthorized view.

Wi-Fi security is just one aspect of security for networks. A protected Wi-Fi network is a great start, but you should also consider measures to protect your computer (virus software, firewall, etc.) and your communications across the internet virtual private network (VPN), etc.