Slashdot Mirror
China Releases Own WLAN Security Standard
Lownewulf writes "This NetworkWorldFusion article describes the release of the GB15629.11-2003 wireless networking standard in China, a wireless standard similar to 802.11, but with better security. The IEEE is worried that this may lead to the need to support two different standards in wireless networking hardware." ziggyboy adds a link to CNET's article, noting that
"all wireless devices sold in China are required to comply to this standard from December 1."
"all wireless devices sold in China are required to comply to this standard from December 1."
China: Folding space and time for the people since 1949!
While WLAN equipment sold in China is required to comply with this standard from Dec. 1, a transition period has been granted that extends the compliance deadline for some WLAN products until June 1, 2004.
This sounds terribly rushed. How long have they been working on GB15629.11-2003 for (the
These questions lead me to believe that there are two possibilities here:
- B: The Chinese
government is rushing to get beat the IEEE people to make this an
early standard which will make worldwide adoption easier. Now re-read
A and drop the "on its people". Tell me if you feel better.
That all said, you don't need to wait for these committees to finish fighting to harden your wireless LAN. At work we use IPSec over our 802.11[bg] stuff which is all VLAN'd and routed to an outside interface of our Cisco PIX.Trolling is a art,
Maybe our government agencies should consider a more secure standard after receiving a 'D'.
I disagree with the assertion of the poster that the Chineese standard has better security. For starters it does not use AES (the new advanced encryption standard) and the article does not specify what (if any) encryption protocol the Chineese standard uses. What this seems to me to be is an attempt to give the Chineese government a larger voice in the implementation of new networking standards. If hardware vendors and the IEEE roll over on this one the next thing you will see out of China (and other like minded countries who will follow suit) are the emergence of protocols which make it easier to censor and control content on the web. The market pressure to comply with this standard will be huge however. Given the size and growth of the Chineese market the financial rewards for early adopters will be great not to mention the potential to establish a major vendor footprint in an emerging market.
a wireless standard similar to 802.11, but with better security
If it has better security why isn't it a worldwide standard?
When anger rises, think of the consequences.
Confucius (551 BC - 479 BC)
I must say I've never heard of 802.11i before; have I missed everybody talking about it, or is it underreported? I don't pretend to be an expert in wireless technology, but I've not seen it mentioned anywhere... Then again, their status page (quickly looked up, yay Mysterious Future...) uses <blink>, was exported by MS Word, was "cleaned up" by Netscape 4, and has an incorrectly capitalised DOCTYPE, and I'm not sure if I'd trust wireless security to a group with a status page like that :-P (I know, they probably didn't make the page, but it still gives a bad impression).
They have reasonable fears but prehaps they are more scared as its a better standard
Rus
Cheap UK and US VPS
...a country with one of the worst records of human rights violations now has their own:
Flavor of linux (RedFlag)
DVD standards
wireless encryption
Video compression (AVS)
Taikonauts
Access to windows source code
Web searching (Chinese Search Alliance)
CPU architecture (Dragon)
Is anybody else out there as concerned as I am about this?
Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose.
well you have the choices, of having the current standard, or you can have the more secure standard (which I am sure China can easily hack into) so I think the choice is clear, I am going to surrender all my files to china.
30% Troll, 50% Underrated, 10% Interesting
Score:5, Troll
Having two standards could cause a huge problem from manufatures as well as consumers. Its a nightmare to find out you bought a wireless card only to see your router uses the other standard. This also presents a problem to the makers of these network devices cause now they need to add in support for the new standard. What happens if these standards overlap in some way? What about companies who have built a network with the old standard and now require a more secure standard, its going to put thier budget through the roof. Though compition is great, it also can create problems.
-Certified TechnoWeinie
now the chinese government can be EVEN MORE oppressive. Super!
The HTML configuration pages are all in Chinese, and the devices have strict orders to not talk to foreign capitalist pigdogs, under penalty of immediate brutal termination and dismantlement.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
"The great thing about standards, is that there are so many to choose from"
www.rexguo.com - Technologist + Designer
The government wirelessly standardizes you
/-1 Troll
China is likely to become the world's largest economy in the not so distant future. The technical community there _will_ want to make their mark on important standards in IT. The real way around this for the United States and the EU is to cultivate technical excellence among their own citizens-something the current corrupt governments and corporate elites are hesitant to do.
...wouldn't Wi-Chi be better?
Tubal-Cain smokes the white owl.
This is why Black Lotus and your hordes of hackers say "I can hack into anything."
Forget accounting fraud and unethical stock manipulations... The real threat will be obvious when hundreds of men from China gather on the lawn 100 feet away from the Pentagon and pull out their laptops.
That said, I reiterate my previous epithet...asshats.
"Murphy was an optimist" - O'Toole's commentary on Murphy's Law
Why is it a more secure standard? The poster asserts that it is more secure but nothing in the articles indicate this. All I see is the standard from China NOT using AES for encryption. This would seem to make it less secure.
I still don't understand why people get so wrapped up on encryption at the AP level. Wired switches and routers don't encrypt data. That is reserved for firewall/vpn devices which makes sense because the overhead associated (beyond security concerns) doesn't make sense to burden your transport mechanism.
What do people want encrypted? Their credit card numbers? Encryption of sensitive information like CC#'s is (should) be handled by SSL where the data is encrypted BEFORE it leaves the pc. No wireless encryption needed. Their e-mail? If they are sending that sensitive of information, they probably shouldn't use standard e-mail in the first place. They should encrypt a document and then e-mail it or encrypt the e-mail itself.
I am still yet to find a situation where encrypted wireless signals make sense for home or even business situations. If it is a business that is in need of securing their communications, they should use VPN's anyway.
I think it makes more sense for an additional independent circuitry to be installed on AP's that does VPN's and build into wireless cards a VPN client or include VPN software. Hell, even make an externally pluggable device that attaches to an AP so that it can be upgraded as future VPN's get stronger in encryption.
Leave AP's to do what the do best--serve wireless clients.
Be realistic. China could probably hack into any wirelesss security standard that you will be allowed to use anyway, not to mention the NSA, or any other self respecting intelligence agency. If you're that important that China wants to spy on you, you shouldn't be using a wireless lan to transfer sensitive data.
If I seem short sighted, it is because I stand on the shoulders of midgets
is there are so many to choose from.
As general-purpose chips get smaller and cooler, there is less and less need to code a particular radio standard into the chips - it becomes possible to support multiple standards (Wifi, BlueTooth, GSM, etc.) Either switching between them, or even in parallel.
Ceci n'est pas une signature
Most vendors refuse to release updated drivers with WPA/TKIP support for their 802.11b gear. They knowingly sell broken (read: WEP) hardware that they don't intend to fix. They rather want you to buy 802.11g gear for WPA support!
You know what, I'm fed up with this. Might just as well buy this Chinese gear then... (And run IPsec over it).
-------
Warning: Slashdot may contain traces of nuts.
We've never heard of that before (like 802.11a, not compatible with 802.11b, and the lack of standardisation in bluetooth devices)
Coincidentally, the majority of members of the WI-FI Alliance are American companies, so I would be skeptical to pass this off as nothing more than a `shit China is gonna kill us with their low manufacturing costs' response. If the security is supposedly better as the post states, than why not verify this, and migrate to it. Wouldn't that make more sense than basically stating "you're security is good! but it's not a standard so we don't want it"
MoFscker
The IEEE is worried that this may lead to the need to support two different standards in wireless networking hardware.
...or any other 'standards' for that matter.
MHO: I do not think the IEEE has anything to worry about. For all I care, any Government can release their own home grown networking stack/protocol standard in regards to IEEE's 802.3
Will people accept this new standard? Who will manufactures trust: One Government/Country, or a respected body encompassing more than 380,000 individual members in 150 countries..promoting consensus-based standards?
As a consumer, which would you choose/trust?
Stop bashing China people... How many times have some American company came out with their own standard that's different from IEEE's? TOO MANY TIMES! A new standard from China is just another drop of water in an ocean full of non compatible standards......
What good are standards, when everyone has their own?
"For every expert, there is an equal and opposite expert"
Has been dead a long time, so stop beating it. 802.11b is not a standard, Linksys has their own proprietary 22mb scheme. 802.11g uhh Dlink/Linksys etc all have their "own" 72+ mb g network products. Even the standards have been bastardized with (I'm guessing) compression layers. WEP is horrible, there are ways to get around it (that require nearly as much bitspace overhead per/packet) ssh, openvpn, winblows vpn, ipsec etc etc.
So what if china wants their own wireless standard, there are so damn many already, one more quasi-secure wireless network isn't going to be revolutionary.
Have some Chai as you surf to your doom on our Wi-Chi HotSpot!
Why could China not make a system with encryption more secure than AES? Nothing indicates it is less secure, either (unless we assume that AES is the insurmountable pinnacle of encryption technology).
My statement was meant to mention what the poster said (that it was supposedly more secure) in a way that pointed out the stupidity of vendors ignoring a (supposedly) more secure option.
"Murphy was an optimist" - O'Toole's commentary on Murphy's Law
All the article says is: ..it is similiar in many ways...but with a difference, it uses a different protocol called WAPI... And that makes it more secure how? Because it is less known? Because it is different? Or is there someone that actually has hard facts that about WAPI being more seucure? To add to that, if there will be a fragmentation, the only thing fragmented here is China itself. Yes, the concern would be if more countries followed in China's path, but so far none have. China so far has not shown to be a consumer market, nor does it seem to turn into one any time soon, so why do we worry that much? Last year US exported to China 1/12 of what it imported. IfChina want to make it harder for themselves and it's own people that's fine, afer all how much worst than living under a communist sytem can it get for those people?
The phaomnneil pweor of the hmuan mnid. Fcuknig amzanig eh!
Example: the NTSC, PAL, SECAM, MESECAM, etc standards for broadcast TV. Why do we have so many of them?
Another example: HDTV (US picked 8-VSB, Japan picked COFDM).
China has now realised that it is heavy enough (in "Gorilla" terms) that it is beginning to throw its weight around. A recent example was the new DVD format, EVD
Whether the bureaucrats involved will succeed at saying "we're a command economy, and the market will do what we tell it to" or not remains to be seen. Whether anybody outside China will end up making the equipment the bureaucrats are ordering everybody to use remains to be seen. If they don't, then either nobody in China will be able to deploy WiFi anywhere, or else everybody will ignore the bureaucrats and deploy world standard equipment anyway.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
as in, better ability for the CCP to spy on dissidents, throw democrats in jail, and execute them, making the family pay for the bullet?
That's not what this is about, since anyone with half a brain can secure a wireless connection themselves using VPN or connecting by SSH.
If the Chinese want to track dissidents, they can do so much more easily through old-fashion means like listening devices, moles, etc.
EDAEOUOOOOiNOIoOaNu? I mean, seriously. Can you break that encryption scheme?
REM Old programmers don't die. They just GOSUB without RETURN.
Oh, for those trolls who might want to respond, "Yeah, but that was a hundred years ago..." might do well to read this link. Here's a short excerpt;
So governments are NOT the only organization that oppresses people!Debunking the "59 Deceits"
Sounds like the Chinese government are learning from the experts. Take a standard. Modify it a bit. Use your monopoly (whether commercial or state) to make everyone use your version. The US justice system has made it clear it is okay to behave this way so why shouldn't the rest of the world?
1. Chinese company with strong ties to government/ministry officals hacks up a quick-and-dirty security scheme for their own APs.
2. Government declares this technique to be the Chinese standard, effective immediately.
3. Profit!
I always thought that China already had great wireless security. I mean even if you sniffed a wireless conversation, the text is encoded using a system of complex lines and dashes that would take years to decipher.
From excellent karma to terible karma with a single +5 funny post...
Imagine what would happen if we standardized on one breakfast cereal. The lack of "Made in China" plastic toys would be appalling. We could then sieze the opportunity to set a new plastic toy standard, and make them in the U.S.A.
Why should I or the Chinese or anyone else care?
Since when did the IEEE become the ultimate authority on standards? It's a USA institution remember. Other countries have their own institutions for this..
And it's not as if the IEEE is the most unbiased institution of them all. Corporate money decides what's a standard more often than not nowadays...
As far as the issue of standards themeselves. Since when do we have to always follow standards, especially others'? If something works better for more people, then bring it on. Progress occurs when breaking with tradition/standards and there is merit to the new system/whatever. Not by blindly following the old standards.
/. Where the truth
God damn Europeans aren't you overdue for a war, you are overdue for some ethnic cleaning. Oh yea, looks like you're getting started again
I still don't understand why people get so wrapped up on encryption at the AP level.
snip..
Encryption of sensitive information like CC#'s is (should) be handled by SSL
Well, for one thing because not everything we want to do is over the HTTPS (or similarly encrypted) protocols. For example, I may not want people to track my web surfing habits, even if its only non-SSL sites.
For another thing, I may not want people to know the hosts I communicate with, even if the payload is encrypted. I don't want them to know I read 2600, even if the articles I'm reading are obscured. They may even be able to infer which articles I read by their approximate length.
And for yet another thing I also may have legacy applications that don't provide encrypted network transmission. Granted I could set up openssh tunnels, but that assumes I have the authority to make sure ssh is installed on my target machines.
Encryption at the physical level is the only way to ensure that eavesdroppers can infer nothing about what I am up to, other than can be gleaned by data volumes alone.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
This poses a couple of issues for international companies. Why spend development money on both a US and China standard? The US does not mandate that you have to use 802.11b, so why not ditch it and go with the Chinese standard, cutting development and support costs in half?
I work in retail. Trust me, consumers really don't care. Hell, half the time they don't even care if what they buy works, so long as they like what it looks like and it's cheap.
The IEEE is worried that this may lead to the need to support two different standards in wireless networking hardware."
That concern is entirely unjustified: 802.11 currently doesn't have any meaningful security. So, there won't be "two different standards", there will be just one: the Chinese one. Let's hope it catches on.
The IEEE should bow its head in shame--802.11's WEP was a complete fiasco and an embarrassment to engineering profession.
I think this maybe a good thing for China. China can force foreign companies not to sell inside of China by noncompliance of the standard while all domestic companies will be following the national standard. The domestic companies can also export the standard while including others... China could force its domestic companies to make its standard the "default." We could find it becoming a US standard if it is cheap.
How about in a doctor's office? Don't tell me that wireless is of no use to doctors, that's short sighted. Wirelessly checking your mail with anthing other than a ssh connection on a university campus is a bad idea. Web browsing with passwords might is a bad idea unless you are 100% sure the website in question encrypts identifying information and anything else you might consider sensitive. Visiting, http://www.herpesrelief.com, on a campus or company wifi might also be a bad idea. While you might trust your company or your university, you should not trust that people are not data mining their network or just laughing at you. At home, the situation is much as you describe it - you are less likely to be embarassed by your neighbors or Osama in da Bushes than you are by Microsoft remote exploit.
Your chief concern, the overhead of encryption, is misplaced, but your dislike of ecryption at routers is not. The problems are mostly user control, quality control, updates and segregation of function. Like you say, it makes sense to encrypt sensitive information at the source. My idea of the source is the originating computer.
I use ssh internally for all my networking and don't see any difference over ftp and telnet. It may be paranoid, but it does not hurt. So I don't need hardware encryption, regardless of merit.
Lesser quality and rootable encryption at the router level is a waste. Even if China's standard has merit and is reasonably secure and free implementations are made, there are problems of updates and user control. How do you apt-get upgrade your network card? All I want my network cards and access points to do is transmit information. I'm not going to trust it and I'm going to keep using OpenSSH which I do trust.
Friends don't help friends install M$ junk.
Step 1: Choose password
Step 2: Send to us.
If you think of a hub or switch, you control who gets plugged into it and can therefore talk to other machines on the network. With standard wireless and even the WEPs, you don't realistically have that control, it's trivially simply to bypass and gain Wired Equivalency.
Government of the people, by corporate executives, for corporate profits.
I'd be happy to have a Cuba style trade embargo in place with China till they have something aproaching free speach and many of the other provisions of the much abused US Bill of Rights. The idea that we will destabilize their governemt by pouring wealth into China is false.
Friends don't help friends install M$ junk.
Where does this leave WPA security then? My Airport Extreme base station just let me start using it and I feel more secure already!
Once again another country has proved your worthlessness.
No longer can you sit back and eat huge grease filled meals while dictating your will to the world. Bow down to your new Chinese masters.
All your (wireless) bases are belong to us.
Sorry, couldn't resist.
Think about it
...). While in the USA this isn't such a big problem (yet), it might be a bigger on in China where bandwidth isn't as cheap nor plentiful.
In the USA, having bucket loads of bandwidth is easy and cheap. However I suppose that isn't the case in China.
Wifi makes it real easy for one to steal another's bandwidth. (Especially with WEP
While China is a communist gov't that doesn't care for freedom of speeh blah blah blah blah. It does need to look out for its own people. I for one see this only has a preemptive measure against what might be a serious problem in the future (especially for China's high population density).
Sunny Dubey
...it's because you can't do anything right...even when you behave exactly like a real capitalist. Do you realize how brain-washed some of you are about china? You even live in a sociaty with free press :(
Because TV was invented before the computer chip. Back in the dark mists of time you needed a way to get a clock cycle for your video signal. The easiest way to do this was to use the cycles in your AC mains power. In the US that is 60Hz while in Europe 50Hz was used, leading to two different framerate standards (NTSC is not 30 fps because of a hack performed when color was added to the broadcast signal.) PAL was developed after NTSC and fixed a few problems with the earlier standard, and Brazil created a PAL variant (M-PAL) that worked with a 60 Hz clock signal from the mains power.
SECAM was closer to the example being set here with the China wireless standard, it was created to be different for the sake of being different (we are French so our standard must be different, vive la difference...) as a way to help the French electronics industry of the time. Of course it was then chosen as the Soviet-block standard and then modified for the Middle East market into MESECAM.
It is all too wierd for words, but there was a method to the madness...
How about instead of standardizing on poorly designed closed security standards, why don't we standardize on a DSP/software based pluggable security modules? I mean, heaven forbid we be able to choose our OWN security methodologies! I forgot, we have to have a stranglehold on our customer base, even if it means that security on the internet will continue to be fucked for another decade.
Now, how nice would it be to use an SSL/SSH type connection to your access point? If that wasn't good enough, code a better module. I think we (the open source community) should look into our OWN standards for something like this. Screw these other organizations, they clearly don't have OUR best interests at heart.
Bryan
Sounds like Clipper/Skipjack.
IANACryptogrypher, but isn't Elliptic Curve cryptography the most thoroughly patent-laden field out there? Working, strong security is an already-solved problem, implemented in both SSL and SSH, [3DES/AES, RSA/DSA, SHA]
o/~ Join us now and share the software
Here's a tip on how to use "standard." If China releases its own specificiation, it's a propiertary spec, not a standard.
If I was to release my own specification, that doesn't make it a standard. Standards, by definition, are standard. You can't have a unilaterial standard.
That's why we have multiple words in the English language. Think of language like a multiple choice test -- choose the word that fits best. They didn't release a standard, they released a specification.
Since it is for China ONLY, then we can easily see how the word standard does not apply. The rest of the world is using the standard.
Ok, questions?
American multi-national corporations have to go to developing nations to get away with that. Check out the movie "Missing" if you want to see the dark underbelly of the American dream.
These technologies help China produce things that people want to buy, which brings in money and improves the standard of living. These technologies also improve the informational infrastructure of the country. Essentially the Chinese government is giving its citizens rope to hang itself with. History shows that an affluent, well-informed citizenry will not tolerate a dictatorship forever.
Now instead of crappy WEP I'll have to buy devices that have better security and are made in China so they'll be cheaper! DAMN IT!
Cool, now we can have substandard wireless units in the US to match our crappy cell phone network...
man rtfm
If you implement a Chinese wireless networking standard, half an hour later you'll want to adopt another one.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Not long time ago, Micro$oft was beaten by Chinese government because its Office suit didn't comply GB18030. And I just checked my Firebird, it does support GB18030.
There is a spark in every single flame bait point.
How about this: the LSB is about to formalise its own unix standard based upon Linux at ISO, despite the 90% similarity between LSB and POSIX. Apparently, the LSB folks claim Linux is sufficiently different and many other bogus Microsoft like arguments.
You think that I am joking ?
Here's a tip on how to use "standard." If China releases its own specificiation, it's a propiertary spec, not a standard.
If I was to release my own specification, that doesn't make it a standard. Standards, by definition, are standard. You can't have a unilaterial standard.
Wrong. Standards are a set of rules to which an implimentation may comply or fail to comply. There may be competing standards
If China releases a standard, it's a Chinese National Standard.
If I release a standard, it's an Ungrounded Lightning Rod standard.
If the International Telecommunications Union releases a standard, it's an ITU standard. Similarly with IEEE, ANSI, etc.
Now you, or I, MIGHT try to get some international standards organization to adopt OUR standard as THEIR standard. And if our proposed standard doesn't ruffle their feathers they MIGHT do it. And there's a vanishingly small probability that they might adopt it completely unchanged (except for the standard boilerplate). If they do that, then it's an ITU, ANSI, IEEE, Chinese National, or what-have-you standard TOO.
But standards organizations almost never adopt a standard without making SOME change to it. And once one standards organization promulgates a standard, the others usually defer to them and incorporate it by reference rather than adopting an equivalent standard. (This is to prevent incompatibilities arising from minor differences and settle the issue of who makes the updated version if something needs tweaking.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
If we are going to go for the conspiracy theory I would be more afraid of IEEE's standards being compromised ... by sheer force of evidence.
Although if they keep fucking around with self-censorship in response to every bit of US legislation most foreigners will soon realise that they are only there to provide money, not to be a real voice.
The only real point to being in the IEEE as a foreigner is because you are planning to emigrate to the US.
This reads so much better without the final word:
The real threat will be obvious when hundreds of men from China gather on the lawn 100 feet away from the Pentagon and pull out their ...
Soylent Green is peoplicious!
Customer: "I'd like to purchase one of those new gee-bee-one-five-six-two-nine-dot-eleven-dash-two- thousand-and-three routers"
What would the Chinese character for GB15629.11-2003 be?
Boy trapped in refrigerator eats own foot.
But, why?
My blog can kick your blog's ass
On this part I have to contest. The current government *WAS* most definitely chosen by the people. During WW2 neither the nationalists (who now fled to Taiwan, to the dismay of many native taiwanese), nor the (supposedly) allied friends (say, the US), did very much to stop the invasion from Japan, and it was - have to give credit where credit is due - Mao Tse Tung and the revolutionary army that basically preserved China from becoming gutted by Japan and western forces.
Now, I do not condone a good deal of things that happened afterwards - cultural revolution, Tian-an-men square, amongst others; However, the communist party rose to power in many ways the US gained independence: they had the interest of the people in mind, and consequentially was awarded with the people's support.
Eventually, governments have this tendency to lose track of this original purpose, but I don't see how it is much better in the US than it is in China, actually - Constitution or not, if the US government wants to f*** you, they'll simply ship you somewhere that the constitution doesn't apply. (Cuba anyone?)
My life in the land of the rising sun.
the thing is, you do need security, just not encryption. By setting up MAC filters in the AP, you prevent access to unauthorized clients (OK, so MAC adresses can be spoofed, at least on Prism2 cards, but how will the attacker find the list of authorized MACs in the first place?).
While MAC filtering should be done on the AP, encryption (if needed) should be done by a separate, upgradeable device, or by software. The bills really start to add up when you have to replace the whole AP+VPN+router combo when a new security protocol comes out.
It is always a good idea to keep things modular, in my experience.
Investing forum
since when are we for a sole reigning standards?
i undestand the drive to have everyone communicating, however i also think that our industry benifits when disperate products and their protocols are forced to interoperate.
"Nothing in education is so astonishing as the amount of ignorance it accumulates in the form of inert facts." - Henry A