What's the Difference Between a Bluetooth and a WiFi? By Tim Cormier
onsumers are increasingly going wireless and with that WiFi has become the technology of choice in a majority of devices in homes and businesses across North America. The availability of low cost WiFi equipment, access points and airtime has driven the industry to continue to evolve the standard.
While Bluetooth, another wireless option, has many supporters, a few limitations in this technology hinder its implementation as the standard of choice at the POS.
Bluetooth may eventually become a credible wireless alternative for payment applications, but that day is not now. Problems with WiFi implementation early on were identified, but Bluetooth's security flaws are just starting to surface. When Bluetooth was first introduced, the wireless industry over-hyped the technology. Then Bluetooth began showing its insecurities and users' expectations were not met.
Bluetooth is and always will be a short-range cable replacement technology-something intended to connect a device to a peripheral, such as a telephone to a wireless headphone, or to synchronize your cellphone address book with that of your PDA. It falls into a category the Institute of Electrical and Electronics Engineers (IEEE) calls a Personal Area Network (PAN).
Bluetooth-enabled wireless phones used as wireless ATMs, where customers can beam their payment information to a card terminal and quickly authorize electronic payment, is one way supporters envision applying the technology. Unfortunately, the recent exposure of security vulnerabilities make it extremely unlikely Bluetooth will win consumer confidence in payment applications anytime soon.
Security holes in Bluetooth became evident over the past year with the seemingly innocent and mischievous pastime called "Bluejacking." Someone with a Bluetooth phone creates a message as a contact entry in the address book, then instructs the phone to send it via Bluetooth. The phone seeks out any other Bluetooth-enabled phone within range and the message pops up on the other phone's screen.
Bluejacking took on a more sinister character late last year; "Bluesnarfing" or "Bluestumbling" have more far-reaching implications than sending silly messages. A security consultant in the United Kingdom discovered it's possible to connect Bluetooth devices without the other users knowing and gain access to data stored on the other device. Subsequent testing has determined that some phones may be vulnerable even when the Bluetooth function is set to invisible or undiscoverable mode.
Even the most recent update of the Bluetooth specification, version 1.2, is apparently vulnerable. Ollie Whitehouse, a researcher for digital security consulting firm @Stake Inc., said in an April 2004 CNET News.com report that PINs in Bluetooth 1.2 can be broken by specialized hardware that captures data transferred between Bluetooth-enabled devices when they first contact each other.
Once broken, an interloper could counterfeit signals from one device to the other. "People who use Bluetooth, if they use short PINs, are exposing data on the device," Whitehouse said in the report. Information like that will hardly persuade consumers to use this technology for payment applications.
Bluetooth may ultimately be overtaken by yet another wireless technology. Many industry vendors, including Intel and Texas Instruments, are promoting Ultrawideband (UWB) as the next PAN standard. UWB has a much higher throughput than Bluetooth's one megabit-per-second rate and could even become a complement to WiFi, according to some proponents.
In contrast to the continued growing pains of Bluetooth, WiFi seems unstoppable. Various market research firms have reported that WiFi hardware shipments in 2003 amounted to somewhere from $1.7 billion to $2.5 billion, with home and small office sales accounting for 65% of the total. WiFi hot spots are popping up everywhere from airports to McDonald's restaurants.
Sometime this summer, the IEEE will formally approve 802.11i, the latest security standard that will reinforce WiFi with industrial-strength encryption. These capabilities have already been partially implemented with the widely disseminated WiFi Protected Access (WPA) technology currently shipping with most WiFi products.
WPA is a subset of the in-progress 802.11i security standard and uses 128-bit encryption keys and dynamic session keys to ensure a wireless network's privacy and enterprise security. There were a number of security limitations with the earliest shipments of 802.11b products-the 11 megabit version of WiFi. These products used a now discredited security scheme called Wired Equivalent Privacy (WEP).
The biggest problem with WEP was that for the most part, manufacturers ship WiFi routers with the security turned off so that users can easily install them; the newness of the technology resulted in many devices being installed without any security implemented. Even more fundamentally, the method used in encrypting WEP turned out to be relatively vulnerable to cracking, a problem that was disclosed in a report issued at the end of 2001.
As WiFi popularity soared, the industry rushed to implement WPA. The WiFi Industry Alliance announced that more than 175 products from more than 40 of the world's leading technology manufacturers have received WPA security certification since testing began in April 2003. Many products currently shipping will be upgradeable to the 802.11i standard, which incorporates the Advanced Encryption Standard (AES) and a variety of highly sophisticated security technologies.
One main criticism of WiFi has been its power consumption, which limits its ability to be used in handheld devices. Phil Solis, Senior WiFi Analyst at ABI Research, a think tank specializing in technology, said in a report that recent breakthroughs in WiFi integrated circuit (IC) design have allowed the integration of the three subsystems (radio, baseband and Media Access Control) onto one chip offering 802.11b and/or 802.11g communication. This result allows smaller ICs that use less power, especially in the "sleep" or "standby" modes that take up most of a Wi-Fi device's running time, according to Solis.
That's good news for organizations interested in utilizing WiFi broadly in retail and other payment settings. Wi-Fi based payment solutions offer distinct advantages compared with other countertop POS installations. First, relatively easy installation means systems are up and processing more quickly than standard implementations. Second, all dial-up traffic can be consolidated on a single line or high-speed link, delivering a tremendous cost savings by not requiring additional phone lines.
A significant consideration is the increasing prospect that telecom service providers will offer interoperability of WiFi and Third Generation (3G) transmission such as CDMA 1x and GSM/GPRS. With Voice-over Internet Protocol providing yet another utilitarian use for WiFi, many analysts and observers forecast that enterprises and service providers will have to make it possible for mobile phone users to "roam" between WiFi and 3G networks.
Finally, WiFi is one of the most cost effective methods of implementing Internet Protocol (IP) in the terminal. Using an IP-enabled POS terminal to route payment data offers important benefits including, speed, security and versatility. IP networks offer greater bandwidth and faster processing, resulting in faster transaction times, the ability to handle data intensive applications such as check conversion with imaging, and end-to-end secure socket layer (SSL) security to encrypt the data that will be routed over the network.
Wireless is still a young technology. Undoubtedly there will be mistakes in implementation and continued efforts to crack security; unfortunately, that's the nature of the computer age, whether wired or wireless. But the computer industry, through the WPA and 802.11i effort, has shown it's committed to providing the best security methods available.
Overwhelmingly, consumers are voting for WiFi with their pocketbooks. The payments industry will benefit by taking advantage of the accessibility, security and cost benefits that WiFi offers.
Tim Cormier is VeriFone Inc.'s Senior Network Engineer focused on providing customer solutions that use VeriFone's suite of advanced communication products. Reach him at Tim_Cormier@verifone.com
|