My question is regarding how to implement a secure connection between the PDA and a wireless access point and eliminate the risk of spoofing. Is it possible to implement an overlay point-to-point connection over a broadcast medium? Could you please explain what layer 2 security really means in the wireless context?
It's tough to completely eliminate the chances of spoofing, but a good solution is implementing host-based authentication on your access point(s). Given enough time, effort, and money, you could implement practically any type of point to point protocol over your wireless network that you could over a wired network. I would suggest looking into Extensible Authentication Protocol (EAP) or Lightweight Extensible Authentication Protocol (LEAP) for integration into your wireless apps. Check out the WPA, 802.11i, and 802.1x standards, which all address these issues.
If I understand your layer 2 security question correctly, this is basically referring to what I've mentioned above -- authentication using EAP/802.1x that requires the user/client to authenticate itself to the network via a password, token, digital certificate, etc. This is in contrast to a standard layer 3 solution such as a standard VPN running across a wireless network.