Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Approves First 802.11b Product for Secret Data

Posted by michael on from the modprobe-orinoco dept.

joehoya writes "I realize this is a couple of days old, but the National Security Agency recently certified the Harris Corp's Secnet-11 as the first 802.11b system permitted to carry US SECRET level data. See press release. The system integrates NSA crypto with commercial chipset based 802.11b PCMCIA cards and access points to create a secure wireless LAN. Unfortunately, you and I won't be able to buy them, as they are only available to organizations with an NSA COMSEC account."

14 of 252 comments (clear)

  1. Proprietary crypto is lame by BalkanBoy · · Score: 4, Insightful

    ... Bruce Schneier has said this over and over again - it will be a cold day in hell before a proprietary cryptographic algorithm is going to be nearly as scrutinized as a publically available one. I don't see that the algorithm the NSA's using has been disclosed (in the article), and I doubt it will be. Granted, the NSA has probably more cryptographers on staff than anyone else, but that is no guarantee for the quality of the algorithm they are using. This way they may be potentially running on borrowed time until someone figures out a way to attack it...

    --
    'A lie if repeated often enough, becomes the truth.' - Goebbels
    1. Re:Proprietary crypto is lame by photon317 · · Score: 5, Insightful

      However, the NSA is somewhat of an exception to this rule. It is widely known that they are the largest employer of mathemeticians worldwide, compared to any other governmental or private organization, including universities. Therefore, widespread solid peer-review of cryptography can actually happen *inside* the NSA without making anything public to the outside world and they would still get decent results. Add on that the NSA's cryptographers and mathematicians tend to be about a decade ahead of the public/academic world, and it all adds up to the NSA not needing to follow the conventional cryptography peer review mantra.

      --
      11*43+456^2
    2. Re:Proprietary crypto is lame by nrjyzerbuny · · Score: 2, Insightful

      "it will be a cold day in hell before a proprietary cryptographic algorithm is going to be nearly as scrutinized as a publically available one."

      The NSA is the largest employer of mathematicians and cryptographers in the world. World-class peer review is possible within the NSA. How many people peer review crypto? Honestly? This is the same argument used for Open Source software, and the same thing applies, plenty of people use it, and a few actually look over the source, if they break it, or find something they don't like. I would bet that more people look over NSA internal crypto than have looked over most public source crypto. In addition, the people looking at NSA source are all qualified individuals, people who know an S-Box from their asshole.

      The NSA is consistantly 10-20 years ahead of the private and scholastic sector. The NSA for example was involved in the creation of the S-boxes for DES. While many people argued that the NSA would weaken the algorithm in an attempt to make it more easily crackable, only later was it discovered that the original boxes were vulnerable to an attack that had not even been discovered by the non-government sector.

      You may not trust the NSA, but their in-house review is as good and better than anything you will find elsewhere, even in the much-vaunted open-source community.

    3. Re:Proprietary crypto is lame by Anonymous Coward · · Score: 1, Insightful

      *without the rotor wirings* and without the breadboard connections? I don't think so. I am very familiar with the public C/A of Enigma. One of the most interesting is a shotgun hillclimbing approach that, WITH candidate rotor wirings known, reconstructs the rotors used, their order, and the breadboard connections up to 5 pairs. It can be extended to the 4 rotor systems fairly easily and with some tinkering, I would not be surprised if the breadboards could also be reconstructed. But this is not the same as cracking Enigma without knowing both its general structure (ie. self-inverse geared rotor machine with a post-processing step) and the specific rotor wirings.

  2. speak for yourself by tps12 · · Score: 5, Insightful

    you and I won't be able to buy them

    While you're correct that most citizens (including Slashdot editors, I'd guess!) won't be able to buy these babies, please remember that a large portion of Slashdot's readership is in IT, some of us in positions where we may, in fact, purchase equipment through an NSA COMSEC account. Industries and corporations deemed "essential to the National Security" under conditions set forth in the NPHG Protection Act have been given this priveledge since its passage in 1973, in response to the Viet-nam War. I work at a major corn distributor (food being an essential supply during potential siege or embargo, and breakfast being the most important meal of the day), and I can tell you that I hope to have my hands on these sometime this month, before Christmas or President's Day at the very most. It should speed up our processes considerably to not have to be tied to "wired" networks. It's a fun time to be in IT, and this cloak-and-dagger stuff just makes it better.

    --

    Karma: Good (despite my invention of the Karma: sig)
    1. Re:speak for yourself by treat · · Score: 5, Insightful
      It should speed up our processes considerably to not have to be tied to "wired" networks.

      Then why didn't you just run ipsec over conventional 802.11? It will be just as secure as this, and can be done on commodity hardware and with free software.

  3. Re:hum.... by Syncdata · · Score: 3, Insightful

    When will someone take one apart
    Excellent Question, especially given the well publicized trouble government employees have in holding on to their laptops. Just cause it's technically secure doesn't mean the laptop itself can't just get picked from an unnattentive employee.

    --
    "Inattention makes clowns of us all" -Bean
  4. Do it at higher level anyway by Goonie · · Score: 3, Insightful

    Better still, don't bother with encryption at the hardware or driver level at all - do it at the application level where the algorithm can be changed without too much hassle if it is discovered to be insecure.

    --

    Any sufficiently advanced technology is indistinguishable from a rigged demo
    --Andy Finkel (J. Klass?)
  5. Sounds like... by sheWhoWalksWithToesL · · Score: 2, Insightful
    Security via obscurity. I wonder how long THAT will last.

    --
    -SheWhoWalksWithToesLikeCobras Please enter any 11-digit prime number to continue...
  6. Re:why not in software? by pVoid · · Score: 2, Insightful

    Remember, what can run, can be reverse engineered. Them making a software driver is an invitation for people to reverse engineer the stuff going on in the card.

    Eventually, yes, a smart person will make a software version of this (that's the outcome of it all). But the reason they use hardware is to make life harder. Maybe even impossible (if enough effort were to go into the hw design).

  7. Re:How is this unfortunate? by Cadre · · Score: 3, Insightful
    I have a question that's related: how do I make sure that nobody unauthorized is connected to my network?

    IPsec

    --
    All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
  8. PCMCIA still good?? by myowntrueself · · Score: 3, Insightful

    Isn't it about time that PCMCIA were replaced so that people have to buy new laptops etc?

    (I imagine it wont be long before you won't be able to buy a MB with PCI; VLB started out as a purely graphics bus (VESA local bus) and it wasn't long before it was used for SCSI, Multi IO and probably others. Were there ever VLB NICs?

    With this history it is a little surprising that manufacturers arn't producing multi-AGP boards and SCSI cards etc on AGP, eventually replacing PCI.

    I know its not an exact match, and maybe theres something about the AGP standard that makes this impossible, but you get the picture;

    Market saturation requires forced obsolescence and upgrade fever to achieve constant economic growth. Any stability spells doom for the market for some reason; its a self destabilising system. Any trends of economic stability as opposed to economic growth causes instability and either growth or shrinkage, thereby producing instability again.
    I dunno about the commas in those sentences. Feel free to rearrange them to taste.

    --
    In the free world the media isn't government run; the government is media run.
    1. Re:PCMCIA still good?? by Anonymous Coward · · Score: 1, Insightful

      You're confusing your acronyms. PC Card is the new name for PCMCIA.

      You are thinking of CardBus. Cardbus _is_ PCI, running over a PCMCIA slot - it has a slightly differently keyed connector, so you can't plug a CardBus card into an old 16 bit PCMCIA connector, but you can plug any card into a CardBus slot.

      You can even get a PCI to PCI/CardBus bridge setup, and get external PCI slots for your laptop.

  9. oh NO, we're all doomed... DOOOOOMED by Anonymous Coward · · Score: 1, Insightful
    Encrypted or not, it is fools work to allow classified data over the air! Physical restrictions are the main arm of secure networking here!

    This makes me sick! Almost sick enough to fire up a Ku band reciever and get a hold of the plethora of Secret level data being beamed in various places on the planet... ehhh, errr... well it sounded great in my head!

    To all those who excel in only one thing, Nay-saying, let it be known that this is only significant because of it being 802.11b and all the growing devices supporting that. Airwaves have been carrying steady streams of video, voice and data classified as SECRET for quite some time. This is very significant for the ability to quickly deploy COTS components like laptops and the like (assuming the crypto keying is handled as normal... blah blah blah). This CAN reduce costs significantly but then never underestimate the power of incompetence and negligence by disfunctional bureaucracies.