IEEE Approves 802.11i

Dozix007 writes "IEEE has approved a new wireless security protocol dubbed 802.11i, intended to finally provide sufficient security for wireless connections that users don't need to rely on alternate security layers. The new specification works by using AES encryption in the transceiver itself, encrypting data directly at the level just above the actual radio pulses themselves. That makes it transparent for applications sending data through the radio, so legacy programs running on new 802.11i-compliant hardware will automatically get the benefits of the new protocol without the need for modification."

Sure but does it require new equipment

[Bruha]

Or can I do a firmware upgrade on my Linksys WRT54GS.

$$$$ Dude.

Re:Sure but does it require new equipment

[spellraiser]

Well, since encryption only involves standard processing, a firmware upgrade should be all that's required. Don't see any reason why a device would need to be created specifically for 802.11i. This is also interesting (taken from here):

Cisco, one of the largest providers of enterprise APs, said AES is supported in hardware on the IEEE 802.11g versions of AP models 1100, 1200, and the newly announced 1300 outdoor AP/bridge. However, a software upgrade for those devices will be required. Software upgrades will also be available for 802.11a, b and g card-bus and NIC cards.

Although they don't state it explicitly, it's a pretty fair bet that firmware upgrades for Linksys APs will be available at some point.

Re:Sure but does it require new equipment

[Beryllium+Sphere(tm)]

The conventional wisdom has been that most cheap Wi-Fi gear wasn't built with enough spare cycles to do AES at network speeds, so new hardware would be needed. Another respondent said Ciscos would be just a firmware upgrade, and I could believe that their enterprise boxes have the CPU capacity.

Security advice for the non-technical: http://besphere.blogspot.com

Re:Sure but does it require new equipment

[Splork]

the wrt54gs does not have a beefy enough CPU to sustain AES at full 802.11g speeds (200mhz mipsel just doesn't cut it).

Re:Sure but does it require new equipment

[tmasssey]

Three things:

1) It's not likely that the 200MHz CPU in that thing is going to handle 54Mbit worth of traffic. AES is not the easiest to calculate...

2) Even so, it's highly likely that a firmware update could *possibly* add this. Will Cisco? My guess is no: they are not incented to make your current device more useful. They'd rather sell a new device.

3) The beauty of OpenSource is that you can add whatever features you want...

Re:Sure but does it require new equipment

[paranode]

Don't see any reason why a device would need to be created specifically for 802.11i.

Ah, that would be because corporations are greedy. Sure they could give you a firmware upgrade, but they could also peddle a completely new product that costs you money.

Re:Sure but does it require new equipment

[harlows_monkeys]

It's not likely that the 200MHz CPU in that thing is going to handle 54Mbit worth of traffic. AES is not the easiest to calculate...

On x86, AES can be done in under 25 clock cycles per byte, so if that is an x86, a 200 MHz CPU could handle 54 mbit/second, although it wouldn't leave much for other stuff.

Re:Sure but does it require new equipment

[GoneGaryT]

Yes, says this guy here.

Synopsis: All new kit to have embedded encryption co-processors, available September. Throw the old stuff away.

Re:Sure but does it require new equipment

[rsmith-mac]

Being inept can also be an issue. With Linksys's 802.11b wireless routers(the BEFW11S4 series), they only attempted to even implement WPA on the v4, and that implementation doesn't reliably work, even though it's entirely possible to get it reliably working on all 802.11b equipment. For a lot of these routers, just getting them to work well with the company-custom firmware is hard enough; for new features, they might as well let their chipset supplier(Broadcom, etc) take care of it, and roll the stuff in to a new chipset and its associated base firmware.

Re:Sure but does it require new equipment

[tmasssey]

According to this article, the speed of encryping 128 bits of data with a 128-bit AES key is 730 cycles on a 32-bit MIPS processor. To keep it consistent with your numbers, that's actually >45 cycles/byte. At approximately 5 Million bytes/sec (54Mbit wireless), and 45 cycles/byte, that's 225 Million cycles per second right there. IIRC, the processor that's embedded in the router has a single pipeline at 200MHz, or, at best, 200 MIPS.

In other words, assuming *zero* processing overhead, we're 25 MIPS short for wire-speed encryption.

These are very rough numbers, but think of it this way: do you think Cisco (or whoever) spec'ed a processor substantially faster than what they needed? From my peronal experience, embedded processors do not usually have more than a few percent more performance than they need: rarely do they have even 30% more performance than they need. Even if they design a system with a way-fast processor, one of two things happen: their code bloats to use that speed (or they quit optimizing because they don't need to), or they end up buying a lower-cost, slower processor for production!

In short, it's highly unlikely that the Wrt54g will have anywhere near the CPU power to do wire(less)-speed AES at 54Mbit. Half that? Maybe, but not all of it.

Re:Sure but does it require new equipment

[KarmaMB84]

Do they even normally reach 54Mbit at all?

Re:Sure but does it require new equipment

[ericesposito]

Actually, AES was designed to run on all sorts of hardware. It should actually be less processor intensive to calculate AES than DES, for the same key length.

Re:Sure but does it require new equipment

[timeOday]

You took the words out of my mouth. My 80211.b equipment never breaks about 4 Mbit in practice. For that matter, I'd happily accept 1 Mbit throughput in exchange for real security on legacy cards. 1 Mbit is enough to do most everything except stream video. (And of course for copying large files you can never have enough).

Re:Sure but does it require new equipment

[Karrots]

The cisco wireless people came and talked to us at work. They made sure the menioned that all their hardware had an ASIC just for doing AES encryption so it would be fast. They talked about it being in their AP's though. He also made mention that they would be software upgradeable to support 802.11i when it was aproved. It seems they also said that it was also in beta firmware also.

Re:Sure but does it require new equipment

Maybe yes it will require new hardware. This is because we're not talking about data-level crypto but even more lower level stuff immediatly before the RF transmitter.

My guess is that it may require hardware modifications. I don't think Linksys have firmware per se. It's more of a packed Linux distribution for an ARM single board computer with ram/ethernet only...

just my 2 cents...

Re:Sure but does it require new equipment

[David+M.+Andersen]

From Broadcom's site:

Broadcom's new solutions provide the enhanced features, performance and software drivers required for the demanding enterprise WLAN market. The software has been extensively tested in system verification test labs at Broadcom and at customer sites. The BCM4306 and the BCM4309 incorporate hardware support for WEP and AES and system support for the leading security protocols, WPA, TKIP and 802.1x, and software can be upgraded to the forthcoming 802.11i security standard.

From the dmesg dump on a WAP54G (based on the same hardware):

eth2: Broadcom BCM4306 Wireless 802.11b/g Controller 3.11.30.5 (Compiled in . at 17:23:17 on Feb 12 2003)

They COULD probably do it. Apparently, the hardware acceleration was in there all along.

Also see: Hardware specs

Re:Sure but does it require new equipment

[Bob+4knee]

they are not incented

Did you just architect a new word?

Re:Sure but does it require new equipment

[hanson_mark]

802.11g has a true maximum throughput of around 20 Million bits/sec or around 2.5 Million bytes/sec. Although they call it 54Mbit wireless this is the raw data rate and not an achievable throughput rate. So your 200MHz chip would be capable of encrypting this if there were no other overhead.

Re:Sure but does it require new equipment

[tmasssey]

It seems that about 6,000 other people have used it before me. Though not everyone seems to enjoy it...

Re:Sure but does it require new equipment

[AusG4]

Linksys WRT54G routers (as well as their WAP546 access points) already provide AES (and TKIP) encryption if you enable WPA support.

Also, as I understand it, WPA is simply a subset of 802.11i that most access point vendors began adopting as a short term solution between WEP and 802.11i ratification.

That said, it should be trivial for anyone already supporting WPA (the only 11g stations I've used are Linksys and Airport Extreme, both of which do both WPA Personal as well as WPA Enterprise) to support 802.11i via a firmware upgrade. The Airport Extreme hardware currently only provides TKIP encryption, but I don't think that AES would be too much trouble to add.

Re:Sure but does it require new equipment

[AusG4]

Oh, I forgot to mention...

I'm pretty sure 802.11i also calls for TKIP as an accepted encryption method.

Can anyone comment on the CPU power required for wire speed TKIP, assuming 802.11g (54Mbps). A few people have pointed out that the Linksys gear probably couldn't handle AES at full speed, but would TKIP work on the hardware instead?

Re:Sure but does it require new equipment

[AusG4]

I've answered my own question.

For those wondering what I'm rambling about with WPA and TKIP, you can read this. It explains the relationship between WPA and 802.11i, as well as what TKIP is and why TKIP will work on any processor that can handle RC4.

Re:Sure but does it require new equipment

[mdielmann]

I'm gonna make a tinfoil hat, just for you. On the brim, I'll etch my .sig.

Re:Sure but does it require new equipment

[bentcd]

"Verbing weirds language."

(A Calvin quote I think)

Re:Sure but does it require new equipment

[AcornWeb]

There is no such word as incented :-(

My marketing teacher uses it all the time and it drives me bonkers.

Watch your Head!

[Braingoo]

Oh no another wireless radio wave flying through the air! Oh well maybe I can pic up the internet if i tune my radio just right!

Re:Watch your Head!

It's not my fault I'm thinking dirty thoughts. Someone must be surfing a porn site on a wireless connection.

Re:Watch your Head!

[pilgrim23]

So...it I attach a Pringles can to my tinfoil hat will the bad 802.11 be purged from the good 802.11?

802******* and beyond

[i621148]

i am not buying or upgrading anymore 802***** equipment until someone comes out with a standard that allows me to broadcast to unused radio stations in my car stereo ;)

Re:802******* and beyond

[jbeall]

You can go to radioshack and buy a gizmo to do that for, like, $20. Old news.

Re:802******* and beyond

Here you go. Pirate radio, on the cheap!

Re:802******* and beyond

[i621148]

yes, but i want that contained in the cf card for my pda so you don't have some other piece of crap attached to it or put batteries in it...

Re:802******* and beyond

I'm sure you could make one with a soldering iron and some other stuff.

Re:802******* and beyond

[slashjames]

One popular solution I've seen is to use a Belkin TuneCast or similar item. Plugs into your speaker jack/line out/whatever and broadcasts a (short range. 50 yard) FM signal that you can tune in to. This one offers a choice of 4 different broadcast frequencies.

Ah Finally!

[scosol]

"sufficient" security- hahahahah history teaches us nothing apparently

Re:Ah Finally!

[Omega1045]

I was going to post something about "sufficient security", but figured I would getted modded hard on troll. That is the type of phrase that comes back to bite you in the arse.

Re:Ah Finally!

[nazsco]

encription in EVERY protocol layer and then some encription in the software, that's runing trhu ssh... so i can safely read my mail that i protected with my birtday as the password.

Re:Ah Finally!

[ThogScully]

Even the best security is only sufficient. Eventually, everything can be cracked. Eventually, enough computing power will be available to make today's encryption algorithms useless. But eventually, security options will be sifficiently better to protect those that want it.
-N

Re:Ah Finally!

"Sufficient" is actually the goal.

"Total" security would be a problem, because it could be used by drug dealers, etc.

Re:Ah Finally!

[Fussen]

Yep I couldn't agree with you more. Sure we've got the security being encrypted on a hardware level just before the radio transmition.. but .... every lock has a keyhole doesn't it.

Re:Ah Finally!

[Joe+the+Lesser]

Sufficient is part of the American way.

Re:Ah Finally!

Ever hear of a one time pad?

Re:Ah Finally!

"sufficient" security for encryption for me means that it takes longer to crack the encrypted message than I need the message to remain secret. For example, if my credit card expires in one year, then I want the encryption protecting a transmission of that number to take more than a year to crack.

Two caveats:

1. I do not know if their implementation of AES is strong enough for my need to protect my credit card number.

2. If the hardware that does the encryption at either end is compromised, then all bets are off, because they can then just as easily grab the data before encryption or after decryption. Encrypting in this case only protects you from people who "listen in" on the encrypted communications channel.

Re:Ah Finally!

[Kymermosst]

encription in EVERY protocol layer and then some encription in the software, that's runing trhu ssh... so i can safely read my mail that i protected with my birtday as the password.

I'd say your spelling problems provide enough encryption at the user level.

Re:Ah Finally!

Ever heard of key-exchange protocols?

In theory, on-time pads are unbreakable except for that "practical problem".

Re:Ah Finally!

[gnu-generation-one]

"encription in EVERY protocol layer and then some encription in the software, that's runing trhu ssh... so i can safely read my mail that i protected with my birtday as the password."

and typed on a wireless keyboard attached to a computer running Windows.

Re:Ah Finally!

[zogger]

But you still have no way to verify all the people who have access to your info at the vendors store, nor at the CC company. Encrypt it all you want, there's always some humans you have no idea of have access to the information.

Best bet is to have a dedicated CC just for online or casual store purchases, and transfer just enough funds to it to cover the cost of the purchase right before you actually make the purchase.

Re:Ah Finally!

[Nevo]

I haven't RTFA, but encryption by itself is meaningless. Where/how is the key exchange done? All the encryption in the world won't do a damned thing to protect your communications if I can easily obtain they key.

Re:Ah Finally!

and typed on a wireless keyboard attached to a computer running Windows.

That why I used end-to-end encryption. Of course it's a pain doing all that math in my head and very few people can communicate with me, but it's secure.

Re:Ah Finally!

[nazsco]

true. not even a 100TB wordlist can unveil my m5hashs that way. I'm a genius i know

Re:Ah Finally!

[nazsco]

true... just the same *crap* as https in the end

Actually secure?

I'll believe it when I see it... and after it's been out in the open for at least a year for the world to try to hack it to pieces first. Anytime you broadcast any signal into the airwaves, you're handing its content on a silver platter to anyone with the equipment and know-how to receive and decode it.

Re:Actually secure?

[cmowire]

Perhaps.

However, you do have to remember that a lot of classified information that would result in really major problems for many governments travels, encrypted, over the airwaves, on a regular basis. A cryptosystem isn't called secure unless it can't be broken in a reasonable amount of time, even if the bad guy knows your algorythm, and even if the bad guy is able to observe your transmissions.

Basicly, what the entire WEP debacle has shown is that when you are transmitting over the airwaves, the importance of secure encryption increases. And that if you are going to make a widespread standard for encryption, you had better check it out with some folks who know encryption first.

Long Time Until it Replaces B/G

[artlu]

Even if I is going to be the new wireless standard, there is going to be many years until it becomes it. G was supposed to become the new standard, and I am rarely in a situation where my Powerbook picks up a G signal.

Does anyone have any figures on how long between products get rolled out until inception in the digital world? I would be curious to see the timeliens of some products such as: 3.0megapixel cameras, DSL/Cable, 802.11b/g, etc.

GroupShares Inc. - A Free and Interactive Investment Community

Re:Long Time Until it Replaces B/G

[radixvir]

thats probably because for most purposes B is fine. i mean who is going to spend more on G when typical internet speeds never even reach 11Mps? G maybe is fine for the office or home where you are talking to local servers or other clients, but starbucks doesnt need more than a B.

Re:Long Time Until it Replaces B/G

[Jeff+DeMaagd]

I am rarely in a situation where my Powerbook picks up a G signal.

That's why you make a G signal.

For internet access spots, B should do fine.

The idea is to get a more recent standard such that when it gets widely adopted, you are ready for it, rather than having to upgrade or add cards when it does become popular.

Re:Long Time Until it Replaces B/G

[NanoGator]

"G was supposed to become the new standard, and I am rarely in a situation where my Powerbook picks up a G signal."

G recently became rather affordable. Just a few days ago I bought a wireless router using G. It was only $10 more expensive than B. I figured what the hell?

I doubt you'll find G at public places, though. Little need for it since it isn't so popular to do transfers that require the megabits range.

Re:Long Time Until it Replaces B/G

[otterpop81]

The idea is to get a more recent standard such that when it gets widely adopted, you are ready for it, rather than having to upgrade or add cards when it does become popular.

Oh, I see. So buy it now while it's new and expensive and no one else uses it (making it no better than the older standard), so you don't have to do a cheap upgrade later when it gets popular.

Re:Long Time Until it Replaces B/G

[m0rningstar]

It's not designed to replace a/b/g. It's an add on to secure a/b/g.

We saw relatively rapid deployment of WPA into firmware upgrades. The real question will be if the AES encryption can be off-loaded to the processor (as suggested by the article referenced) or if it has to be in hardware.

The latter will be a massive slow-down in deployment. Even the former requires re-writing drivers and software, and it looks like it won't even be really in testing until September.

Re:Long Time Until it Replaces B/G

[XMyth]

Ironic....I ignored his sig until you mentioned it. Now I'm checking out the site.

=)

Re:Long Time Until it Replaces B/G

you obviously didn't read the article. .11i is a _security_ protocol just like .1x is.

Re:Long Time Until it Replaces B/G

[zaffir]

Why buy a 13 MPG SUV for driving 10 minutes to work?

Re:Long Time Until it Replaces B/G

[zogger]

because it's more fun to mod your H2 on the weekend than a 73 corolla? Chicks dig it? Because you never know when you are driving home and see a yardasle with a pile of SGIs at a yardaslwe for 10$?

I dunno, got to be some reason for the phenomenon though.

Mostly I think guys buy them for the ole lady to haul the kids around in and haul crap to the beach and mountains on the weekend, plus you can drag your camper or boat behind them easy. Then they get to driving it and get used to sitting up high and having tons of leg room, and before ya know it, it's a daily driver because it's so expensive it's the only thing you can afford that will do all that stuff. it's the vehicle equivalent of having a pda that plays movies, surfs, emails, does calendar and calculator, long distance and cell phone action, plus play your tunes, plus games, all in one package.

Besides that, I dunno. I like old detroit full size vans meselfs the best. Almost like a SUV, and it's because it's a universal do most anything vehicle.

Re:Long Time Until it Replaces B/G

[evilviper]

who is going to spend more on G when typical internet speeds never even reach 11Mps?

EXACTLY! Who are these morons buying 100BaseTx network cards when 10BaseT is more than they need for internet access. Surely they aren't transfering files on their local network, where internet transfer speeds are irrelevant... Why, that would be illegial, wouldn't it?

Re:Long Time Until it Replaces B/G

[zaffir]

I'm also a big fan of the full size vans. Not only are they better people-haulers than SUVs, they're just plain cool. If i didn't enjoy driving sporty cars so much, i'd buy one.

The way things ought to be

[joNDoty]

Hardware enforced encryption? Now that's a good idea. Why not incorporate this into all networking technology at the hardware level. No risk of hack-arounds, seamless integration, automatic reaping of benefits.

Re:The way things ought to be

That's a terrible idea. What a huge pain in the ass it would be to have to collect the key for every NIC you wanted to use a sniffer on for troubleshooting purposes. I'd bet that 90% of packet sniffing is done by the powers of good, and forcing encryption in hardware would make life that much more difficult.

Re:The way things ought to be

[biz0r]

Hold on a second there...this new method of encryption is purely for keeping people from 'grabbing' your data out of the air and decrypting it (I didn't RTFA, maybe it's also used to prevent others from jumping on your wifi as well). Your CAT5(/etc) hardwired cable is not going to 'leak' your information out to other local CAT5 users, as wireless very well might.

So uh...in case I am totally off base here, care to explain your idea more thoroughly?

Re:The way things ought to be

A cat5 hubs broadcasts all packets to all other cat5 users. The only thing WiFi security is good for is for keeping people from plugging into your network. I can care less about data security, that's what IPSec, SSL, SSH, etc is for.

Re:The way things ought to be

[Vengeful+weenie]

Just run IPSec over your network. Fixed.

Re:The way things ought to be

[AusG4]

People still use hubs?

Perfect?

[Hexedian]

Is there anything now to stand in the way of 802.11? It seems to me that it will become The one standard to comply to...

Re:Perfect?

[lukewarmfusion]

Yeah - the eye chart of 802.11a/b/g/i, the crappy security that goes with all of those (wait a year or two, and see if i is all that secure), and the interoperability problems between them (and between different manufacturers, even within the same standard!).

I hope I'm wrong about 802.11i, but I have more faith in history than I do in companies and their marketing deparments.

Re:Perfect?

802.16. 802.20.

It's about time...

[Shoeler]

Hopefully the approval of the standard will reel in the multiple competing vendor solutions that have been out there. From Cisco's LEAP to TKIP (Aka WEP2), most still would not encrypt things like the MAC address or ESSID. For companies who are actually security-minded and wouldn't deploy wireless without a truely secure standard, this should be their open door to some real mobility.

Now if only I can convince my employer so I can use Trillian to get me through those boring meetings. :)

Suspicious

[gUmbi]

What happened to 802.11h? Was it brushed under the rug by the NSA? The CIA? The Bush family?

Get out the tin foil hats boys, this is a big one.

Re:Suspicious

They wanted to stick with the trend of naming everything with an "i". The original name was to be i802.11.

Re:Suspicious

[Bog+Standard]

http://www.devx.com/wireless/Door/11412 Just because the letters follow doesn't.... BS

Re:Suspicious

[shigelojoe]

You think that's big, what about 802.11c through 802.11f?

This one calls for a freaking tin foil *bodysuit*.

Re:Suspicious

[darkmeridian]

You think that's big, what about 802.11c through 802.11f?

This one calls for a freaking tin foil *bodysuit*.

The Bush Administration flew them out of the country back to Saudi Arabia.

This is either going to be modded really high or really low. Unless no one saw Fahrenheit 9/11, in which case I'm screwed.

Re:Suspicious

Actually, Richard Clark did that, with no input from the White House...

Re:Suspicious

[commodoresloat]

You mean iFi?

Re:Suspicious

[mvs]

while preperation a-g were quite succesful, preperation h was a total disasster.

awesome

[joel2600]

Now try explainging to regular people the difference between a/b/i/g/x and which ones work together, which ones don't and why.

i hope the guys at best buy are up to speed to direct the consumers!

Re:awesome

[servognome]

Consumer: So which router should I get
Best buy guy: You definately should get x, the letter is umm, a speed rating, like on car tires
Consumer: Will it work with my existing system
Best buy guy: Yes it works on the 802.11 standard

Re:awesome

[hackstraw]

Its clear. a/b/g are transmition protocols. /i and /x are security protocols /a can be faster than /b, but not necessarily faster than /g /a is usually compatable with /b stuff, /g stuff is usually compatable with /a and /b. something labeled as /a or /b will probably work with a /g at some negotiated speed

I could care less about /i and /x, I do my own encryption, thank you very much

Re:awesome

[pHDNgell]

Don't forget 802.11d, which is country code, channel, and power mappings. Of course.

Re:awesome

[Dwonis]

With what? I've been having problems getting IPSEC to work on Linux (mainly problems with Path MTU discovery... it doesn't seem to do any PMTU at all.)

Re:awesome

I think they all stink. I give em all A BIG X.

Re:awesome

[Hes+Nikke]

bzzz

802.11a running at 5.7 GHz is not compatible with either b or g, as they run at 2.4 GHz.

802.11b runs at 11 megabits per second, whereas both 802.11a and 802.11g both run at 54 megabits per second. since 802.11b, and 802.11g both run at the same frequency, they are mostly compatible, but once you get an 802.11b node on a g network, everything slows down to (near) 802.11b speeds for all the g nodes.

802.11a never really took off because it didn't work with existing infrastructure, but since b and g can interoperate, 802.11g is the future as 802.11b quickly becomes an also-ran.

802.11i is the new security protocol that is implemented ontop of 802.11g and presumably a and b. sadly, i'm not familiar with 802.11x so i can't comment on it.

[more info]

Re:awesome

[ohsoot]

sadly, i'm not familiar with 802.11x so i can't comment on it.

he he.
Well, that shows you how complicated it has become. The notation 802.11x refers to any/all of the 802.11 standards. (the x is a variable)

In Soviet Russia

802.11i approves YOU!

(Come on folks, this really IS funny if you think about it)

802.11h?

[BoldAC]

I hope this means that everybody is respecting my patent for 802.11h--which is, of course, packet transmission by horsepack. We are also trying to teach dolphins... the squeaks are tough to error correct. :(

Re:802.11h?

802.11h

This standard is supplementary to the MAC layer to comply with European regulations for 5GHz WLANs. European radio regulations for the 5GHz band require products to have transmission power control (TPC) and dynamic frequency selection (DFS). TPC limits the transmitted power to the minimum needed to reach the furthest user. DFS selects the radio channel at the access point to minimize interference with other systems, particularly radar. Pan-European approval of 802.11h is not expected until the end of 2003.

Re:802.11h?

[lukewarmfusion]

Indeed, horsepack is a very strong wireless method. It's powerful, but it's also resource consuming. You have to power it with hay, and the maintenance is demanding. It's not as fast as other wireless protocols, but the pipe is huge. And the range is much better than any of our existing methods - horses can travel over hundreds of miles. Unfortunately, line of sight isn't quite enough for the packets to get there.

Pinging www.slashdot.org via 802.11horse...
Response received in 32 days, 4 hours, 7 minutes, 51 seconds.

Re:802.11h?

Pan-European approval of 802.11h is not expected until the end of 2003.
I can't wait until last year, so I can buy one! :)

The i stands for...

[calebb]

The i is for incryption! [groan]

Hey, if you don't think anyone makes that spelling mistake, check out this link!

Re:The i stands for...

Sure... You use incryption on the intranet in the same way you'd use encryption on the extranet.

Re:The i stands for...

[darkmeridian]

"Incryption"? That's not a typo, silly. It's security through obscurity.

Re:The i stands for...

[Ignominious+Cow+Herd]

Oh, I thought it was incryption when downloading and outcryption when uploading.

I got a bunch of code to go fix now...

Re:The i stands for...

[Inda]

You had me worried for a minute. Incryption on /. phew

uncrypted is funnier

Firmware

[kinzillah]

Is there any news on if this will be available as a firmware update for existing equipment? Or will our access points not have the required processing power to handle it?

If thats the case, running a VPN over the wireless may still be the best option.

Re:Firmware

[afidel]

Doubtfull. Even the Cisco cards which do a bunch of the crypto in hardware will not have the functions for AES onboard and the crypto is in the ASIC which is not flash upgradable. Some cards which offload the crypto to the host CPU might be able to be upgraded, but will a general purpose CPU be able to do the AES at 54Mbit/sec??

Re:Firmware

[Beryllium+Sphere(tm)]

In fact, WPA (Wireless Protected Access) which is shipping now is a pre-ratification subset of 802.11i. WPA doesn't include AES because WPA is designed to be available as a firmware upgrade.

Re:Firmware

[pclminion]

will a general purpose CPU be able to do the AES at 54Mbit/sec??

Having actually implemented the AES algorithm, I would guess it is possible if the code were carefully optimized. It would peg the CPU completely, though. And what are we talking about when you say "general purpose CPU?" A Pentium 4? Or a 200 MHz MIPS chip?

AES isn't a very complicated cipher (from an implementation standpoint).

Lack of equipment or how it's supposed to work?

[swb]

IANA wireless expert, but isn't one of the annoying gotchas of 802.11g that the presence of a B client drops all connected nodes down to B speeds?

If I'm remembering that right, then what you're experiencing may not be a lack of standards uptake -- you could be connecting to a ton of 802.11g stations, but somebody's got a B card running.

Re:Lack of equipment or how it's supposed to work?

[mcbridematt]

The Conexant (who bought wireless off Intersil) Prism54 chipset has a feature called 'Nitro' mode which allows b and g clients to work together in the same environment.

I don't think the chipset is as widely used as it's 802.11b counterpart, the Prism 2 though.

Is this really a good thing?

[kabocox]

I know some seemless intergrated security is better than having it tacked on afterward. I've always felt that if folks trusted a default security layer to be perfect, they will get burned when the defaul layer is broken. You should always have application encryption of important data. You shouldn't just trust that your pipe will be encrypted. Sometimes those pipes get used by unauthorized third parties that's when having everything else encrypted comes in handy. I'm just afraid folks will switch to the 802.11i and not bother to encrypt any of their data.

Re:Is this really a good thing?

[DAldredge]

And them not encrypting their data is different for how they do things now?

Re:Is this really a good thing?

[aredubya74]

That's a bold statement.

Hee hee.

Re:Is this really a good thing?

[MagicM]

That's the funniest thing I've read today. Thank you!

Re:Is this really a good thing?

Yeah, I definitely don't want my pipe being used by unauthorized third parties. Kinda like King Missile's Detachable Penis.

Re:Is this really a good thing?

[VirtualAdept]

Well, the problem is that they need to solve the problem that the pipe can be spied upon and used by unauthorized third parties somehow. This seems like a good solution. Yes, a listener who is authorized to be on the pipe can read any traffic going over the pipe. Unfortunately, that's a seperate problem. Trying to combine the two just leads to monolithic, difficult to use solutions.

Re:Is this really a good thing?

I know some seemless intergrated security

Seamless. Integrated. Learn to spell.

Re:Is this really a good thing?

[upsidedown_duck]

Hardware encryption is good.
Application encryption is also good.

Thus, 802.11i plus SSH is doubly good?

Re:Is this really a good thing?

[bloo9298]

The parent should be modded up. I'd add that you should be suspicious of key management carried out below the application layer. Even the submitter emphasizes the wrong point, IMNSHO, when he/she says that AES will be used to secure the connection. The choice of encryption algorithm is almost inconsequential because the world has plenty of good encryption algorithms, but the key management is the really difficult part. Designing a protocol is moderately difficult too (read Peter Gutmann's VPN rant to see some examples of poor protocols).

Layers are the key

[Bog+Standard]

Hopefully implementing encryption PROPERLY in the APIC layer will avoid all of the crap we had to put with regarding the mismatched client standards, chipsets, hacks and OS's It is about time wlan wasn't fscked for 50 quid MAC layer encryption is great until some smart person breaks it. Implement it correctly and you wont look like an arse. This is your last chance at getting 802.11 security correct!!!!! BS doesn't have a sig. But Apu asks you to come again

Re:Layers are the key

[Bog+Standard]

yes I have a busted return and . key :)

Tinfoil free?

[whitelabrat]

Does this mean I can take the tinfoil off my house if I upgrade???

Change hardware *again*? No thanks

[jeffmeden]

That makes it transparent for applications sending data through the radio, so legacy programs running on new 802.11i-compliant hardware will automatically get the benefits of the new protocol without the need for modification.

And exactly 0% of the hardware will be backwards compatible. Who trusts data privacy flying across a network anyway? Isnt that what we have VPN, SSH, HTTPS, etc. for? IMHO we have more things to concern ourselves with, like interference countermeasures, signal efficiency, etc. Who is going to switch to a new hardware platform just because it offers a different (read: not necessarily better) encryption method?

This is terrible news

[piecewise]

More security and more awareness for security means that I won't be able to leach off my neighbor's wireless and in turn that means I will not be able to sit on the toilet with my PowerBook and in turn that means I will have to stretch Ethernet clear across into the bathroom and THAT can create a fire hazard.

Need I say more.

Re:This is terrible news

How is ethernet a fire hazard? It might spark and ignite the enormous stench you're unleashing in the bathroom?

Re:This is terrible news

[pediddle]

I've tried that... my powerbook heats up until it burns my bare legs.

Re:This is terrible news

[spectasaurus]

I think the bigger problem is the choking hazard. But not to your neck.

Key Exchange

Can anyone tell me (us?) how key exchange is done in 802.11i? AES is very strong, but if the key is sent over the link in the clear it will obviously be bad news. So how does it do it? PKI? Something else? Any info would be appreciated.

Re:Key Exchange

[Luyseyal]

If I had my guess, most home installations will have manually entered shared keys.
-l

Re:Key Exchange

[horvathcom]

My Motorola WR850G has manually enterered keys for AES encryption.

Re:Key Exchange

The Linksys routers I know of (I have a WRT54G), you have to enter the key manually for each client. So it is not exchanged through the air. :)

Re:Key Exchange

In WPA and in 802.11i, the access point and the stations never send Pairwise radio keys over the link at all.

Both sides start with a secret master key, then derive other keys from it, as they try to complete an encryption handshake. If the handshake finishes OK, they have the same master key, and they each install the independently-derived Pairwise radio key. The AP also uses derived keys to encrypt the Group key sent to the client.

The master key can be a preshared key (typical for home environments), or can come from 802.1X authentication (using an authentication server, and a suitable form of EAP).

If you want all the gory details, get a copy of the 802.11i specification, and prepare to spend lots of time reading.

Let's hope 802.11 stops soon

[FerretFrottage]

...because once we get to 802.11l we're really going to be screwed and nevermind the marketing nightmares.

Sample tech support eamil exchange
"I'm having problems with my 802.11l wireless router"

"Did you say 802.111?"

"No, 802.11l"

"That's what I said"

"No, you said 802.111, that's not due out til next month according to /."

"Sorry sir, so you have our 802.11/. router?"

Re:Let's hope 802.11 stops soon

[morcheeba]

Military connectors (and many others, I'm sure) skip the confusing letters (like "I", "O", and "Q") in their numbering. I'm sure IEEE could do the same.

Re:Let's hope 802.11 stops soon

"Did you say 802.111?"
"No, 802.11l"

Except that "EL" sounds nothing like "ONE". Maybe email support though?

Re:Let's hope 802.11 stops soon

[mopslik]

I'm sure IEEE could do the same.

So would that be the 1EEE then? :)

Re:Let's hope 802.11 stops soon

> Sorry sir, so you have our 802.11/. router?

Yeah, and it's getting /.'d.

Re:Let's hope 802.11 stops soon

[morcheeba]

Ha Ha. No, I type LEEE, but with a lowercase L. It's the group of Laser, Electrical, and Electronics Engineers -- it's been expanded to include fiber optic people, too. :-)

Remember the old electric typewriters that didn't have a '1' (one) or a '0' (zero) key? You had to use letters instead.

Re:Let's hope 802.11 stops soon

[sydb]

1333 would have been 13373R.

Re:Let's hope 802.11 stops soon

Don't get me wrong, I love 802.whatever stuff. But "802" isn't Y2K compliant, for one thing. It should be "19802" or "198002" if you didn't want to mess up the month digits too badly.

Seeing as it's 2004 now, shouldn't the protocol be called 200406.1a or something along those lines? (I'd put another . between the numbers and the 'i', or avoid the alphabet entirely.)

No, I'm not entirely serious.

Now we can start waiting for a total break of AES

[Slinky+Saves+the+Wor]

Now, let's put on our tinfoil hats and start waiting for a total break of AES, or faults in the implementation of AES in the devices (at least the major ones).

Too many goddamn wireless standards.

[TyrranzzX]

Why can't they just settle on one standard and go from there?

Re:Too many goddamn wireless standards.

I'm sure they are reading your comment right now and are astounded that they didn't think of that before. As we speak millions of dollars in research funds are going into settling on one standard and going from there. Congratulations sir, you are brilliant.

Re:Too many goddamn wireless standards.

[Dun+Malg]

Why can't they just settle on one standard and go from there?

That's essentially what's happening already. They settle on a standard, people adopt it. The trouble comes with the "go from there" part. Whenever you "go" anywhere new with a standard, the old stuff is non-compliant, thus requiring a new standard.

Re:Too many goddamn wireless standards.

While we're at it, why can't all Americans agree on which SUV is best and just buy that one?

Re:Too many goddamn wireless standards.

[timeOday]

Well, here's my prediction: 802.11b is so entrenched that everything wireless for at least the next 10 years will be compatible with it. In other words products labelled "802.11i" will have 80211.b fallback mode.

You naturally won't get the added security or speed of subsequent standards if you stick with a "b" access point, but it will still work.

Better than IPSec over wi-fi...

[Vexler]

Until recently, some people advocated IPSec over wi-fi as a stop-gap solution. But that's just that: A stop-gap. I for one am glad to see that the standard takes into consideration lower layer security (and tosses WEP out the window).

Re:Better than IPSec over wi-fi...

[Abcd1234]

How is that a stop-gap? IPSec has one purpose: to protect IP traffic data over an insecure link. Sounds like it fits right into the wifi game. And given that it's a proven standard with many interoperable implementations, it still strikes me as an excellent option for people who wish to secure their wireless transmissions. This is especially true given that 802.11i won't be fully adopted in the market place for at least a year or two.

Besides, there are *many* issues regarding security aside from the wire protocol. As one other posted mentioned, key management is one of these issues. How does 802.11i deal with this? I know IPSec has many different solutions available for key management, meaning I can make it fit into my network infrastructure. How does 802.11i fit into this picture?

Re:Better than IPSec over wi-fi...

``IPsec Over Wi-Fi''. Dang, I wish the Ramones were still around to make a song of that.

Re:Better than IPSec over wi-fi...

[sydb]

Quite, most importantly because it's rare that you make a purely wireless connection to a remote host.

IPSEC means encrypted end-to-end, not just over the wireless segment of the network.

All this faffing with wireless-specific encryption is just a stopgap until we get broad adoption of IPSEC or similar.

Re:Better than IPSec over wi-fi...

[sydb]

Bad form to reply to my own post but the other side of the coin just slapped me in the face.

The downside of broad adoption of encryption technologies is that it makes the job of protocol analysis (when finding bugs) nearly impossible.

There are several occasions when I've had to take tcpdumps to identify a bug in a vendor's product (IBM WebSphere! Shoddy! well, getting better now). When the traffic's encrypted, the games a bogey, unless application-layer tools exist to dump the protocol details.

Re:Better than IPSec over wi-fi...

How is that a stop-gap? IPSec has one purpose: to protect IP traffic data over an insecure link. Sounds like it fits right into the wifi game. And given that it's a proven standard with many interoperable implementations, it still strikes me as an excellent option for people who wish to secure their wireless transmissions. This is especially true given that 802.11i won't be fully adopted in the market place for at least a year or two.

Key-management is usually the weak-link in IPSec.

Re:Better than IPSec over wi-fi...

[Abcd1234]

IPSEC means encrypted end-to-end, not just over the wireless segment of the network.

Umm... no. IPSec just means encryption between two IP route points. So, for example, the plan for my wireless network involves an IPSec connection between any wireless end-points and my IPSec-enabled firewall.

Re:Better than IPSec over wi-fi...

You absolutely need security at a higher layer
than 802.11i.

Even with 802.11i in place, anyone who's a
legitimate network user can still pull ARP
spoofing tricks, which utterly defeats any
privacy guarantees offerred by 802.11i.

Re:Better than IPSec over wi-fi...

[smcavoy]

how was he incorrect? IPsec clearly is for end to end encryption. The fact that it could be used between two "route points" shows one of the many applications (i.e. l2tp between to IPSec hosts).

End to end meaning if I setup IPsec between two hosts accross the internet, the data stays encrypted and unaltered during the transmission.

Re:Better than IPSec over wi-fi...

[rkit]

This is not a problem with SSL as long as you have access to the private keys involved. Usually, there is no client authentication required in a web application, so no problem to trace the traffic.
google for ssldump, a great tool written by Eric Rescorla.

Re:Better than IPSec over wi-fi...

[sydb]

Thanks, very useful.

Re:Better than IPSec over wi-fi...

[Abcd1234]

End to end meaning if I setup IPsec between two hosts accross the internet, the data stays encrypted and unaltered during the transmission.

And you and I know full well that's not what the grandparent meant. He said:

IPSEC means encrypted end-to-end, not just over the wireless segment of the network.

This is obviously wrong, as per my post. So, tell me again, how was he *not* wrong?

Re:Better than IPSec over wi-fi...

Key management may be a pain in the ass, but NAT traversal is the real deal breaker for IPSEC. The NAT traversal part of the spec is encumbered by patents.

Re:Better than IPSec over wi-fi...

[CarlDenny]

Two words: ARP poisoning

This lets you do the equivalent of key-stroke logging at the MAC layer, to which IPSEC is blind. You can set up a man-in-the-middle which intercepts all the IPSEC negotations, gets the keys/password, never gets noticed, and walks away whistling.

Re:Better than IPSec over wi-fi...

[Abcd1234]

Well, first off, as the document mentions, one of the best ways to minimize this problem is through the use of... tada! *VPNs*. In fact, according to the very article you mentioned:

"Deploying a Virtual Private Network (VPN) to provide authentication and client-togateway security of transmitted data will also provide a partial solution ... Note that completely securing a wireless network using a VPN solution involves more than simply setting up an external VPN server on the wired backbone network. While such a set up will protect wired traffic and wireless-to-wired connections, traffic between two wireless hosts will remain outside the scope of the VPN. To address this problem, several vendors have recently announced IPsec aware access points that will block all traffic from or to a host unless a secured connection with this host has been established."

Well, isn't that interesting.

Moreover, IPSec, SSL, and SSH are not easily compromised with MITM attacks... typically the attack is detected (the host key changes), meaning the user has some level of warning. IOW, IPSec (and others) are hardly "blind". Of course, in the case of IPSec, that depends greatly on the key exchange mechanism selected, but it's not nearly so bad as you imply.

Not very helpful...

[razmaspaz]

Definitive studies on the matter are as yet unavailable

As are definitive articles.

Couldn't this be used by terrorists.

Isn't untappable wireless communication at least as much of a threat to homeland security as model rockets ?

Re:Couldn't this be used by terrorists.

[AusG4]

I understand there is a flamebait mod that would provide a "-1"... but is there a mod that would provide "-a million for being a redneck, flamebaiting fsckwit".

It's nice to see they finally were able to teach monkeys to use computers.

Re:Couldn't this be used by terrorists.

[AusG4]

SHHHHH!

Bush probably doesn't know about this yet. If you keep flapping your lips, you're gonna get us all thrown into a prison somewhere, stripped naked, tied up with leashes and then finally piled on to of each other like refuse.

But there is no -mandated- torture/humiliation policy or anything... Rumsfeld said so.

Step in the right direction

[UsedToCould]

What needs to be understood here is that this is a step in the right direction. It will be some time till it is mainstream(face it, everyone has b/g, and it costs money to upgrade), and while it is MORE secure, it's made by a human.
There will be another one who can bypass it. That's just how things work. If someone wants it bad enough, they'll get it.

Poor Starbucks

What the hell am I supposed to do at starbucks now If I can't sit around and sniff wirelessness??. Read the newspaper?!?!?!

Re:Poor Starbucks

[sharkey]

Sniff something else?

Key Management

[provolt]

Did anyone else notice that there was no mention of key management? Who cares what algorithm it uses if there isn't secure key management. AES is a good choice for the encryption algorithm, but it might as well be plaintext if the key managment isn't handled properly.

Is they key negotiated as part of the protocol? How is that exchange authenticated? How is access control done? Can anyone enter the network?

Does it use a pre-placed key? How do you make sure the AP has every clients key? Can you access the AP without encryption? Do users have to type keys in?

Re:Key Management

[Beryllium+Sphere(tm)]

It Depends, but one of the options is called Pre-Shared Keys or PSK, and that involves typing a passphrase into the units, and the over-the-air protocol turns out to be vulnerable to dictionary attacks.

I fearlessly predict that some of those passphrases will be chosen poorly.

Security advice for your Aunt Tillie and Cousin Homebuilder: http://besphere.blogspot.com.

Re:Key Management

[DdJ]

I'll be really shocked if it works in a way fundamentally different, from a user experience standpoint, than today's systems.

This means I'd bet someone $20 that it'll use a single shared key across the entire network, and client machines will obtain it from a user-entered password.

But since it uses AES, all sorts of people will get excited and believe it's secure.

So I see this as little more than a marketing ploy.

Is it more secure than WEP and WPA? Yes. Yes, it's more secure, because in order to get the password that lets you get on the network and steal network resources and intercept everyone's data, you'll need to run a key logger or watch over someone's shoulder or get a virus on to their machine instead of just watching network traffic.

Re:Key Management

[DeathBunny]

802.11i includes the 802.1x (ie. EAP) authentication and key management included in WPA. It's a superset of WPA.

Re:Key Management

[VirtualAdept]

You seem to be saying its a marketing ploy because its not an absolutely perfect solution, just one that's better than the solutions out there today. By that logic, I declare the internet to be little more than a marketing ploy because it doesn't provide totally perfect, secure communications between two parties. Sometimes, a router can go down!

Re:Key Management

[DdJ]

No, I'm saying that it's a marketing ploy be cause it is in actual fact not better than the solutions out there today, but decisions were made and messages were communicated merely to create the impresssion that it is. But I was a bit subtle about saying that, which can sometimes be a mistake in public forums.

If you rely on encryption that behaves like that, you're foolish and will have problems.

If you believe this is better than what has come before, you are more likely to rely on it.

Therefore, I actually think this will in practice cause more harm than good with regard to actual security.

IMHO, we need totally wide-open unencrypted wireless, with IPSec and nothing else running on top of that, with secure apps running on top of that. I think any crypto at this layer is essentially smoke and mirrors.

Re:Key Management

[cortana]

Can't this be used to keep unauthorised users off the network? That is what I thought WEP, WPA and now WPA2 were for.

Re:Key Management

[DeathBunny]

Here's links with some more info on 802.11i, also called WPA2.

This PDF http://www.wi-fi.org/opensection/pdf/whitepaper_wi -fi_security4-29-03.pdf from the WIFI alliance talks about WPA2 near the very end of the document. According to this, WPA2 will use the same 802.1x authentication current used by WPA in enterprise deployments or the PSK mode currently used in home deployments of WPA.

This PDF http://jcbserver.uwaterloo.ca/cs436/handouts/misce llaneous/Intel_Wireless_3.pdf has some interesting technical details about how the AES encryption in 802.11i works.

Unfortunately, it looks like the actual 802.11i specification isn't publically available yet. According to this page http://standards.ieee.org/getieee802/ IEEE 802 drafts are publicly available 6 months after they are first published in PDF. I'm assuming this means that the 802.11i standard will be publicly available in 6 months?

Re:Key Management

[doneWithMyTattoo]

(from a quick read of some web searching...) WPA (the precursor of 802.11i) used RC4 with a per-packet key transmorgifier called TKIP and authenticated both peers using either Extensible Authentication Protocol (EAP - useful in coprorate contexts with RADIUS or NT-Domain password servers) or Preshared Key (PSK - useful in home contexts where not password servers are available). 802.11i (seems to... quick read equivocation) add the option of replacing RC4-TKIP with AES-CCMP but the peer authentications (your choice of EAP or PSK) remain unchanged. This CCMP mode of AES keeps the temporal key and integrity features of RC4-TKIP but is (assumed to be) stronger encryption. Both encryption options, RC4-TKIP and AES-CCMP, require an intial key (same on both peers). Where this initial key comes from is an application layer decision and is beyond the scope of 802.11i.

Re:Key Management

[dubiousmike]

and if it is the neighbor's free internet you want, you will have to simply resort to going over to ask for sugar and sneek a look under their router/keyboard which will surly have a paper with all of their passwords. Tighter technological security means social engineering will be the easier route to hacking someone's wireless internet.

Re:Key Management

[dark+druid]

And how exactly were you planning on doing the key management for IPSec? :)

Re:Key Management

[swillden]

Did anyone else notice that there was no mention of key management? Who cares what algorithm it uses if there isn't secure key management. AES is a good choice for the encryption algorithm, but it might as well be plaintext if the key managment isn't handled properly.

As evidenced by the failure of WEP. WEP uses RC-4, which is a good, secure stream cipher (actually, a stream cipher makes a whole lot more sense for this sort of application than a block cipher like AES). WEP isn't weak because of RC-4, WEP is weak because RC-4 was used poorly. If AES is applied as foolishly as RC-4 was, the result will be just as bad.

I expect that after the very public failure of WEP, 802.11i will be better-designed. Hopefully they published the protocol and got it thoroughly reviewed.

Re:Key Management

This means I'd bet someone $20 that it'll use a single shared key across the entire network, and client machines will obtain it from a user-entered password.

You'd lose that $20 if you were talking about enterprise-class networks. Both WPA and 802.11i allow automatic distribution of master keys (unique per client/session) when the network is set up to use 802.1X authentication and a suitable authentication server.

FW Upgrades for non-router 802.11x equipment?

[Geiger581]

My router claims to be firmware-upgradeable to 802.11i/AES 'when the time comes,' but what about other stuff? If given the option, I would a sufficiently upgradeable AP or wireless NIC. It seems that only routers have enough CPU horsepower to spare to do be indefinitely upgradeable, but could I be wrong?

Re:FW Upgrades for non-router 802.11x equipment?

[tom+taylor]

Out of interest - what make/model router have you got?

Does this finally solve the *other* major problem?

[ConsumedByTV]

You know, the one that makes it that anyone on the wifi network can see all the other traffic?

I personally think a HUB is still a bad idea, even if the main transports are encrypted to the outside. The insider doesn't need to be able to see anyones traffic unless it's repeated to the target. It would be great if it was encrypted and acted like a switch.

I would still use my VPN with this.

OK, but how does it actually work

[mamba-mamba]

You can't just say oh, it uses AES. AES is a symmetric cipher, which implies that there is a shared session key.

How do the nodes generate and exchange a shared session key? Or do you have to enter an AES key manually before you even hook up? That would certainly lock down the node!

It would be nice if someone posted a link explaining at a medium level how it actually works. I don't want to just go read a draft of the standard, but I wouldn't mind reading a few of the important details.

MM
--

Re:OK, but how does it actually work

[j+h+woodyatt]

I am a wireless expert.

802.11i uses AES for privacy, HMAC-SHA1 for integrity, and it defines its own protocol for establishing transient unicast and group session keys. You can use it with a pre-shared master key (derived from a simple passphrase), or you can use it conjunction with 802.1X and get per-user pairwise master keys derived from the authentication service.

The Wi-Fi Alliance (I'm told) is calling 802.11i by the name WPA2. If you have hardware that supports the AES variant of WPA, then your vendor should be able to supply a firmware upgrade soon that will support WPA2.

Re:OK, but how does it actually work

[pclminion]

How do the nodes generate and exchange a shared session key? Or do you have to enter an AES key manually before you even hook up?

You would not have to ask this question if you had even a basic understanding of cryptography.

The Diffie-Hellman key agreement protocol is well known and very secure.

Alternatively, it could be done how SSL does it: use a public-key method to exchange the symmetric-key cipher keys. You didn't actually think SSL sent all the data through a public-key cryptosystem, did you?

Public-key systems are very rarely used to encrypt large amounts of data. They are too computationally expensive. Rather, they are typically used in order to exchange a symmetric key, and the actual data channel is encrypted using a symmetric cipher.

Go pick up any basic cryptography book.

Re:OK, but how does it actually work

[John+Meacham]

That does not answer the question, in order for public key to work, you STILL need a trusted (but not secret as in symmetric encryption) piece of info. the public key of who you want to talk to. Without foreknowledge of that, you cannot be sure whomever is talking to you is who they claim to be. The session will still be quite secure, but it could be with a bad guy.

the key distribution problem is a very interesting one. there are various solutions. a shared secret like an SSID still leaves you open to man-in-the-middle attacks. I too am curious how 802.11i solves this, as it really is the more likely place for a protocol to fail.

Re:OK, but how does it actually work

I am a wireless security guy who has actually worked on 802.11i! 802.11i uses AES in a mode that provides both encryption and integrity check: CCMP. It uses a protocol similar to WPA/TKIP to create transient unicast keys and to transfer the group key to the client (the group key is NOT transient).

The WiFi alliance is indeed calling 802.11i WPA2, which is a real pain because now all the following terms mean the same: 802.11i, WPA2, RSN. We are bound to get calls from customers saying: "You only say you support 802.11i, do you support WPA2?"...

Most vendors will be able to support CCMP/WPA2 with firmware upgrades, but some will need new hardware. AES demands more resources than WEP, and especially on the access point side, beefier hardware might be needed.

Re:OK, but how does it actually work

> 802.11i uses AES for privacy, HMAC-SHA1 for integrity

Nope. The CCMP protocol that 802.11i uses, does use AES for privacy but NOT HMAC-SHA1 for integrity. CCMP is a protocol that could use any block cipher (AES with 128 bit keys was specified) and provide both privacy and integrity check.

Re:OK, but how does it actually work

[mamba-mamba]

I am well aware that public key crypto is usually used only to encrypt symmetric cipher keys.

My question still stands. How does the key exchange work? If you use public key cryptography, how do you get the public key for the node you are negotiating with? If you just accept the key the node offers, then you could actually be negotiating with a man in the middle.

The SSL example doesn't really apply, because web browsers have a trust mechanism where they can verify public keys because they are signed by root authorities.

But in the wireless scenario, you have to negotiate a key before you even bring the link up, so you might have a problem. Then again, maybe not. Maybe the card stores some root authorities on board, or maybe the OS can get involved and check a signature on the proferred public key.

If they use diffie-hellman, they can be sure that no one is evesdropping, but there is still the man in the middle problem. It's a basic fact of cryptography that you have to have out-of-band communication prior to setting up a secure link over a public channel.

MM
--

Re:OK, but how does it actually work

[j+h+woodyatt]

The privacy and integrity of the transport data is protected by CCMP in each packet, but the HMAC-SHA1 function protects the integrity of the key exchange handshake-- which happens in the clear.

If you're worried about the integrity of your data, you care about what steps the protocol takes to prevent rogue access points from spoofing the exchange that negotiates the key that will be used for integrity checks on all your transport payloads.

My apologies for not explaining my thinking in my first post. Bad language on my part. Thanks for catching it.

Re:802.11? and beyond

[TechniMyoko]

better yet, used radio stations in neighboring cars.

so you wanna turn your rap up loud eh? take this!

In related news...

[genka]

Apple anounced it's own version, called i802.11

Re:In related news...

In other other news, KDE has added a utility for wireless connections called K802.11

GNOME has plans to develop an individual setup utility called g802.11conf to add to the 317 existing GNOME Preferences applications. Fedora Core users rejoice.

Re:In related news...

[sharkey]

Will that be better than Sony's 802.11i-Link?

Is this the end?

[bool+morpheus()]

So does this mean the end of wardriving?

Re:Is this the end?

[petabyte]

Why would it? People don't turn on WEP/WAP today as it is. I can fire up kismet and litterally walk down the street and get a half dozen "linksys" hotspots without any WEP whatsoever.

Mine actually doesn't have WEP on it either but the AES ipsec configuration and the OBSD router keep the flies away.

Re:Is this the end?

[KarmaMB84]

Maybe this will spell the end of people being arrested for masturbating while driving around with a laptop...

Mr. Microphone

Ron Popeil has "invented" a lot of shit for your kitchen. His company markets a small rotisserie oven for that white trash buffet taste in your very own home. He sells a dehydrator for ridding food of that pesky moisture and a sausage maker for people with their own ... I don't know, pigs? Popeil has cured baldness with hair in a spray can. And in 1979, he cured the common zit. As part of a program to teach mathematics, science and grammar, we were forced to take health class in high school. Part of that instruction concerned skin care. Rather than bore you with detail, I'll summarize the conclusion. I quote, "Douche bag, you're NEVER gonna get laid with a zit on your face." This was not well recieved as I was the Fry Guy at Wendy's Old Fashioned Hamburgers. Enter Ron Popeil.
In 1979, Popeil's company, Ronco, marketed a product named Mr. Microphone. This name was chosen over Mr. Douchebag, since it was a microphone and not a feminine hygiene system. Mr. Microphone plugged into a common radio and turned a common schmo into a sex magnate. As the commercial demonstrated, getting laid was as simple as cruising the street and dictating your intentions to hapless pedestrians. "Hey, good-looking, we'll be back to pick you up later!" Ah, yeah. Chicks dig assertiveness. Zit, schmit. Mr. Microphone was the ticket to a bedroom full of many beautiful ladies.
Skeptics may doubt the effectiveness of Mr. Microphone as a cure for common acne. But I can attest to the fact that I never had a Mr. Microphone yet my bedroom was never filled with many beautiful ladies. Coincidence?
I don't think so.

Now I'm confused.

[JayJay.br]

Maybe I do not have enough knowledge to know shit about this, but it looks to me that this is a standard for encryption, and it obviously would be public key encryption, and transceivers would exchange public keys to talk.

While this clearly means that now no one can sniff the SSID, is this going to be any better for those who leave it at the default? And without any kind of MAC authentication or network protection at upper levels, would knowing the SSID the only difficult imposed against abuse of the network?

Not trolling, I just want to know if stupid admins can still mess this one up.

Re:Now I'm confused.

Stupid people can mess up anything.

Re:Now I'm confused.

[David+Byers]

Stupid admins can mess anything up.

IEEE 802.11i uses AES, which is not a public key algorithm, but it does provide for a key exchange process which can be based on public key cryptography (but doesn't have to be).

As for hiding the SSID, I question the accuracy of tha article. It doesn't tally with what I've read about 802.11i over the last year. I don't think 802.11i provides for encryption of the entire frame any more than WEP or WPA does, and AFAIK it doesn't provide any security for management frames, so the SSID should still be in the open.

MAC-based authentication is useless for deterring a serious attacker, but 802.11i provides for 802.1x port-based authentication, which typically will operate at the user level.

Although 802.11i provides for generating the master key on-the-fly, I suspect that many installations (expecially home networks) will use pre-shared keys, which are usually hashed passwords and thus vulnerable to dictionary attacks.

Re:Now we can start waiting for a total break of A

[m0rningstar]

AES, like DES and 3DES is a public algorithm and was subject to extensive peer review prior to adoption by the US government. (It's not a US algorithm; the original name was Rijndael). It was chosen for key length, security and efficiency of the algorithm and memory footprint among other things.

While this doesn't guarantee the security, it certainly improves the chances of it being as secure as possible. AFAIK, DES/3DES, a 20+ year old algorithm is still only vulnerable to brute force attacks.

The real fear here -- as in any encrytion system -- is the security of the key handling protocol. It's TKIP not AES that'll be the key to the security of 802.11i.

Some people still care about efficiency

[fiftyvolts]

I am all for encryption. In fact I have sent a few letters to my congressmen about the issues surrounding it; However, some things just don't need to be secure. Encryption takes time and to be quite honest If I am downloading, say, the Slackware-10 distribution the last thing I want to have to wait for is each of a bajillion packets to be encoded and then decoded. Especially when I couldn't care less who gets a hold of said packets.

In most cases only specific sensitive pieces of information need to be encrypted.

No

[billybob]

I have a netgear wireless router that does G and B. It can handle both at the same time just fine, and does not drop the G down to B speeds if there is a B client. :)

Maybe some routers do this, honestly I wouldnt be surprised, but I'm just letting you know that mine doesn't.

Re:No

[scd]

The actual issue is that some of the 802.11 protocol has to be done at speeds that all possible connecting units can understand. What this amounts to is that 'handshaking' is done at B speeds to allow B units to communicate, while the actual data transfer for G units is done at G speeds.

This causes some slowdown for G units. If an access point has proper settings, you should be able to make it do G only, thereby speeding up all G units at the expense of disallowing B units from connecting at all.

At least, the 802.11 protocol allows this, don't know if APs do or not.

Re:No

[hostyle]

Yeah. Me too. Netgear DG834G router. Various mixes of B and G cards between myself and next door running in B/G mode. Until someone new moved in next door with some sort of no-name B spec crap PCMCIA card. Everything suddenly dropped to B speeds. I can't complain too much - I bought the router, but everyone else bought their own cards and I get the DSL free, neighbours pay for that.

DEFCON 2nd hit.. hahaah

[apachetoolbox]

of course the Defcon Forums - need help would be the 2nd and 3rd hits...

Re:Change hardware *again*? No thanks

[Jonsey]

Hi, did you read the article or comments posted chronologically before yours?

I'm going to guess no, but the article explictly states that all that will be required for many routers (and I believe all Cisco routers) is a software (firmware) update.

Thanks! : p

802.11 in a nutshell

1. Most of your newer products should be upgradeable to 802.11 via SOFTWARE.
2. 802.11 includes both security for your data (AES) and authentication (using a RADIUS server approach)
3. If you wanted to fully utilize it at home on a server then you would need to run a server that could manage the keys
4. It is not another Radio standard, it is separate from 802.11b,g,a etc.....
5. My guess is home users will just use the AES part of it which will help things and that corporations will use the whole Auth and AES solution that will make it pretty dang secure.

Re:802.11 in a nutshell

[horvathcom]

Most of the "newer" products is the key. AIU, the encryption in many routers would require some extra hardware horsepower.

Quantum security

[edgar_is_good]

You could get perfect security if you did quantum encryption. (The eavesdropper modifies the signal by listening.) Of course, the technology is theoretical, and not likely to be found in a laptop soon. Still, though, interesting that perfect security is possible, even in principle...

Re:Quantum security

[zombie-m]

Excuse my ignorance about quantum encryption, and my lack of time to look it up at the moment, but doesn't that just let you know when there IS an eavesdropper (since the intended receipient can't receive the message)? How is that "perfect" security?

Re:Quantum security

[edgar_is_good]

What you do is transfer the encryption key, which is chosen randomly, and periodically. If you see you are being heard, you merely do not transmit the secret information until you know you have sent an undetected key. At least that's the implimentation I've heard about.

Re:Quantum security

[Ignominious+Cow+Herd]

Yeah, it isn't. At best I guess as soon as you detect the eavesdropper you stop transmitting. (requires an ack/nak system) Then there is only a small amount of encrypted(?) data stolen that would not be sufficient(that word again) to be useful, or cracked. You'd still want to encrypt though.

MAC encryption

[m0rningstar]

From what I can read on the NIST 802.11 overview it's still not designed to protect identity.

Thus it will still not encrypt ESSID (used as a clue for what encryption credentials you need, NOT as a security measure) or the MAC address of the systems using it. (Page 29 of the above referenced article).

It's designed to address two of the three of the CIA principles, those being confidentiality and integrity of your data. Not to hide who is on the wireless network.

Re:MAC encryption

[m0rningstar]

Forgot the URL of the NIST overview: NIST overview

Adds strong authentication though

[Beryllium+Sphere(tm)]

Even when the content encryption is useless to you, 802.11i will be good for keeping the child molestor down the block from associating with your network and using your IP address to trade illegal pictures.

How many bits are used?

AES won't do much if they use only less than 128 bits...

Re:Does this finally solve the *other* major probl

[zerOnIne]

so, how exactly do you propose we do a separate physical wire over radio? and don't give me a set-frequency-per-endpoint response, because that doesn't address the scan-all-frequencies-and-listen approach.

i'm not trolling here, i'm really wondering.

Re:Change hardware *again*? No thanks

[jeffmeden]

The summary information was vauge, and I have yet to read the entire documentation from the IEEE. What I know is that it has been described as an 'encryption system working in hardware just above the transciever'. Good for cisco that their hardware supports recoding the signal layer, but how many other vendors do you suppose can/will do the same?

802.11i, ruler of Middle Earth

One standard to rule them all
One wireless card to find them
Many geeks that bring them all
And with their laptops bind them

Some fool...

... wrote the RFC using IPv5.

Re:Does this finally solve the *other* major probl

[srwalter]

You know, the one that makes it that anyone on the wifi network can see all the other traffic?

I can't help but think that you don't know what you're talking about. The whole nature of RF is that if one person can receive the radio waves, so can several other people. You can't just select a single point to broadcast to. Sure, you can make sure that those RF waves are encrypted, and that's what this standard does. However, it's physically impossible to keep other parties from receiving the encrypted waves.

To utilize the (perhaps overused) broadcasting <-> speaking metaphor, assume that you have four people standing an equal distance apart from each other. If you say something to one, the others are going to hear it. Not much you can do about that. However, you can speak in code.

I doubt that the block cipher was the problem

[harlows_monkeys]

I don't think the problems with previous wireless security systems were with the block ciphers used.

The hard part in practical cryptography is not the block ciphers (there are plenty of those to choose from, off the shelf, that are good--AES, RC4, Twofish, Serpent, triple DES, etc). The hard part is using them properly--picking an appropriate mode, key management, padding, and stuff like that.

Re:I doubt that the block cipher was the problem

[David+Byers]

One of the most serious problems with WEP was the presence of weak keys in RC4. To make a long story short, an attacker could exploit these to discover the WEP key.

With better protocol design, the problem would have been avoided, but the fact is that there WAS an exploitable weakness in the ciper that was used.

By the way, RC4 is a stream ciper, not a block cipher.

hardware-level encryption = crap

[rsw]

Anyone ever heard of the end-to-end argument?

Putting encryption at this level is useless because secure communication with e.g. a webserver still requires that I encrypt over HTTPS, since my link to the server goes over more than just the wireless link. Thus, hardware AES only duplicates functionality. This is one of the premises of the end-to-end argument: put functionality at the highest layer possible to avoid duplication.

The argument that this is useful to keep "baddies" out of your network is weak, too. If you want to keep your wireless network secure, tie MAC addresses to IP addresses, and presto! no one can wardrive your wireless network. No, this is not perfectly secure, but you can secure yourself against a better-than-casual attacker by pushing the necessary authentication up to a higher layer. This approach is more flexible and doesn't require specialized hardware. Plus, when it's shown in five years that AES is breakable in faster than brute-force time, we don't need massive hardware (or firmware) upgrades; just apt-get install openswan.

802.11b should be a standard with the same scope as 802.3 (ethernet)---define the hardware link level and be done with it. Security at the link layer has been shown time and again to be worthless in even the best of cases. Rolling AES into the hardware spec of 802.11i is just window-dressing. The people who decided to do it should be beaten with a stick and forced to read the Saltzer paper until they recite it in their sleep.

(If you haven't read Saltzer's paper on the end-to-end argument, google should provide ample background.)

Re:hardware-level encryption = crap

[pclminion]

In mountaineering, it is very common to place "protection" (anchors in the rock) even when it isn't obvious whether they will hold or not.

Suppose you've got a really good placement (what a climber would call a "bomber" anchor) and you're sure it will hold. Do you place another, potentially less secure anchor in parallel, given the opportunity? Of course you do. You never pass up the chance to add a layer of protection. Even if you don't think it will be needed, and especially even if you don't think it will hold you. A terrible anchor is better than no anchor. And a good anchor plus a terrible anchor is better than a good anchor.

Adding more layers of protection is never the wrong decision. Regardless of the academic whinging of some researcher in a basement somewhere.

Re:hardware-level encryption = crap

[NerveGas]

If you want to keep your wireless network secure, tie MAC addresses to IP addresses, and presto!

Presto, you're screwed? What keeps a "baddie" from sniffing your traffic, waiting until you're not on, then changing his MAC address to be the same as yours? Oh, gee... I guess that doesn't buy you very much, either.

Even if it did, that still doesn't keep them from *sniffing* your network. Any data you transmit, they have. Just checked your email? Chances are they have your password. And all of those pictures that your girlfriend sent to you in those pictures. And those are just benign examples.

Putting encryption at this level is useless because secure communication with e.g. a webserver still requires that I encrypt over HTTPS

Until *every* protocol that goes over your network has reliable encryption, then this is still useful.

steve

Re:hardware-level encryption = crap

[rsw]

Regardless of the academic whinging of some researcher in a basement somewhere.

Uhm, a little respect is in order. These are the guys that invented the internet, Al Gore's claims notwithstanding.

Re:hardware-level encryption = crap

[bunco]

In a perfect world, we'd encrypt end to end. Welcome to the real world...

Would you rather a user use SSL for everything they do? You want to push security up to top layers.. this seems incredibly more complex to maintain than providing security @ L1 thru L3. I'm sorry but far too many companies utilize applications that do not provide encryption at the application layer.

I welcome the technology. I'm sick of running all my apps over ssh tunnel while on wireless link.

Re:hardware-level encryption = crap

[rsw]

that still doesn't keep them from *sniffing* your network

As I said, this doesn't prevent against more than a casual wardriving effort. For better protection, use a VPN. There's no reason to do that in hardware, since you've just added a level of specialization to a layer where it doesn't belong.

Moreover, 802.11i encryption only prevents someone from sniffing you on the local wireless segment. There's still ample opportunity for sniffing upstream. It's inconsistent to argue that you need the anti-sniffing measures of 802.11i when you're not taking the same measures for the rest of the lifetime of your packet. If you _are_ taking steps to prevent upstream sniffing, there's no point in encrypting the wireless network as well.


Until *every* protocol that goes over your network has reliable encryption, then this is still useful.


And, in fact, every protocol that requires encryption should already implement that itself. As I argued above, you can't rely on not being sniffed further down the chain, which means that if you require security you'll still have to encrypt to keep the rest of the route secure.

The fact is, the only remotely useful part of the 802.11i encryption is the implicit authentication, and there are better ways of handling this higher in the protocol stack.

Re:hardware-level encryption = crap

[dago]

I still have some interrogations concerning the psychological effects ...

I wonder if the data transmitted will feel more secure with a bad protection and will avoid being eavesdropped ;)

not to contradict you, but making analogies isn't always a good idea ... information wants to be free but is brainless ...

Re:hardware-level encryption = crap

[peacefinder]

I'd love it if my main-line application used end-to-end encryption. It doesn't, and there isn't a darn thing I can do about it. It's a closed system that my users are locked into, one they absolutely require, and one for which no viable alternative yet exists. I have a real-world problem, and I can't hold out for the ideal solution.

Due to the nature of my company's business, I personally may be criminally and civilly liable for disclosure of my network's data. My network's big vulnerability is the wireless network, which is crucial to our operations. The critical data is protected in wireless transit by another layer of encryption, but what if that has an unknown flaw?

I met a local wardriver one night. We had a nice chat, and I asked him where he'd looked... his list included my street. I am certain that they sniffed my wireless. I have to presume that they could have broken my pathetic WEP had they wanted to, and that they probably did. If so, they were kind enough not to mess with anything, because they were just hackers, not crackers. I have no evidence they even saw any of the encrypted wireless traffic, because no one was working at that time, but it's not a comfortable thing.

Hell yes I want a better hardware encryption layer on my wireless!

I seem to recall Schneier or Anderson saying something about making sure that one's security measures fail gracefully. Among other things, that pretty much requires a layered defense, no matter how inefficient. Just because hardware-layer encryption is inefficient doesn't mean it's not an effective and useful defensive layer. The inefficiency is not a liability, it's a bonus called redundancy.

Re:hardware-level encryption = crap

[evilviper]

secure communication with e.g. a webserver still requires that I encrypt over HTTPS, since my link to the server goes over more than just the wireless link. Thus, hardware AES only duplicates functionality.

If you are only doing SSL/TSL, then any idiot can close your connection trivially. They might not be able to intercept your session, but they can do a hell of a DoS on you, and make sure you can't get anything done.

If you want to keep your wireless network secure, tie MAC addresses to IP addresses, and presto!

Sniff data for a few minutes, then change your MAC address to match what somebody else was doing, and PRESTO!

Plus, when it's shown in five years that AES is breakable in faster than brute-force time

Like DES? Oh, wait, DES was never cracked, and 3DES is the most secure crypto in common use.

No, the government hasn't screwed up yet in recomending secure encryption methods, and AES has had better peer-review than just about any other crypto out there.

802.11b should be a standard with the same scope as 802.3 (ethernet)---define the hardware link level and be done with it.

In the non-wireless world, physical security is enough. In wireless, you don't have physical security, so you need cryptographic security to make-up for it.

I can't see what arguement you can make that this is bad. It doesn't stop you from using PGP/SSL/SSH, it just adds extra encryption on top of things. I'd be much happier if people just switched over to IPv6 or IPsec, but since there's no sign of that switch happening soon, this is a good measure to address the current security hole.

Re:hardware-level encryption = crap

[NerveGas]

The reason for doing it in hardware is so that Joe Average, who couldn't set up a VPN if his life depended on it, isn't left completely open.

Don't get me wrong, this isn't going to suddenly make every network completely safe. But it's certainly a step up from a completely non-encrypted network, even if only a small or medium step.

As for every protocol handling encryption itself, handling ecryption reliably isn't easy. I'd much rather trust one central, *well designed* security model than fifty that ranged from well-done to half-baked. We see that all the time from people who try to implement their own encryption mechanisms instead of using the libraries that have tens of thousands of man-hours from well-educated people behind them.

Now, whether this is a "well designed" security model, that's another question all together, and one to which the answer very well may be "no".

steve

Re:Change hardware *again*? No thanks

[jeffmeden]

And oh yeah, the line I quoted said exactly 'NEW HARDWARE'. thanks.

Re:Now we can start waiting for a total break of A

[pclminion]

It's not a US algorithm; the original name was Rijndael

Although it is correct that it was not invented by Americans, the term "Rijndael" is not a foreign word. It is simply a contraction of the names of the two inventors: Vincent Rijmen and Joan Daemen.

Link Layer Encrytption in EEPROM - Hopefully

[Gigantic1]

One, I like the encryption at the Link Layer because no software needs to be patched or re-written at other layers. However, since this is a new spec, I bet at first various vendors devices will be incompatible, and no doubt someone will hose up the encryption on a production build. So..HOPEFULLY - the encryption algorithims will be in EEPROM so they can be patched at a later date. Hopefully.

Re:Does this finally solve the *other* major probl

[wiedmann]

Yes, it does solve this problem. Since every wireless client (insider as you call it) is using a different key, one client can't decrypt another's traffic.

The key is negotiated at authentication time and is valid only for the given client and sesion. Without the client's authentication credential (certificate or otherwise), you can't get a hold of the key.

wait for 802.11n

[timts]

I saw it on maximumpc, it's going to be introduced and it will be efficient at compression, making the real transportation faster than 100MBytes even at further distance. :D

How long until APs are $80 and cards $40?

[MMHere]

How long do you think it will be until retail-ready devices support .11i out of the box?

How long until the AP is $80 at Fry's (like current models), and cards are also cheap?

Not the end of wardriving, just the beginning!

[drewzhrodague]

There's an entire universe of devices to wardrive, and locate. This is only the beginning -- or rather a continuation.

don't worry

[waspleg]

best buy doesn't support end users

it'll be you explaining the differences and doing the troubleshooting

enjoy

Re:Ah Finally! [OT]

[tntguy]

Hopefully this won't have the same packet corruption issues your current protocol seems to have.

Otherwise: +1, Chuckle

OSS to the rescue(?)

[timeOday]

If we're lucky anyways.

The HostAP driver does encryption in software.

My home server is (among other things) a wireless access point. The card I have is a few years old and doesn't support WEP at all, but thanks to this driver it does! In fact it also supports a bunch of other security features for encryption and authentication, which I have not delved into.

That said, it sounds like this new encryption may be at a lower level, which for all I know may necessitate new firmware.

Re:But Linksys has a history of good updates

[cbreaker]

I wouldn't really count Linksys on that bandwagon yet. They've been really good about keeping their firmware up to date even on old devices. If you have any of their "G" products and even some of the not-too-old 802.11b ones, they've provided updates that now include WPA instead of just WEP.

Linksys usually keeps their products updated to the latest capabilities within two years, and past that they still provide bug fixes.

This new encryption thing might be different and/or it might require new hardware or faster processors. Who knows. But if they can do it in software, you'll probably get it for nothing on your existing Linksys product.

Damnit...

[commodoresloat]

It's iFi. Get it right.

Twits

[jaghatarjankare]

to finally provide sufficient security for wireless connections

There are two kinds of people working in these IEEE groups.

1. Seasoned engineers; and
2. Twits.

The former have from the beginning been clamouring for security. They were literally brushed off by the latter. The former will roll their eyes and tell you of how these twits use Windoze and LookOut and get infected all over the place and literally have no clue - and this is years ago, before Sasser and Blaster and Donner and Blixen...

How did they get in? Good question, next question. All security issues were shelved for the first standard...

And now? Now they're talking about 'finally' having security? These same morons?

Sorry - I have friends who've worked on all these standards and pulled their hair out all along, and I just don't trust the IEEE anymore if the pros are tired of trying. Make it secure? I won't believe it. I don't care enough to even try.

Re:Twits

[0x0d0a]

There are two kinds of people working in these IEEE groups.

1. Seasoned engineers; and
2. Twits.

You're not being nearly cynical enough.

This is a bunch of people from industry Businesses pay their engineers to go to these things so that they can advance their interests. These are networking hardware companies.

If the first spec is updated, all the companies involved get to enjoy the sublime pleasure of consumers re-purchasing all their hardware all over again (and if they get really lucky, to differentiate between "business" hardware and "home" hardware).

It *might* just be incompetence, but I'm more inclined to blame plain old cold-bloodedness.

Re:Change hardware *again*? No thanks

Who trusts data privacy flying across a network anyway? ...SSH...

Link-layer encryption and end-to-end encryption serve different purposes. Link-layer encryption encrypts things like IP addresses and DNS traffic, which I don't want my neighbours to sniff. End-to-end encryption is, well, end-to-end, and protects me from people who control the lower layers such as my ISP and my boss.

Re:Does this finally solve the *other* major probl

[mrchaotica]

I think he means it should encrypt with different keys for each user.

Was there ever just a 802.11 -- no bloody A, B ...

[vdo2000]

Montgomery Scott would like to know.

802.11 Task Groups.

[ofdm]

802.11h is a work in progress - referred to as Task Group h. After a task group completes and its subject is ratified, it is referred to (for instance) as 802.11h, until then, it's just a task group.

• TGa 5GHz (UNII) PHY (OFDM, 6-54Mbps))
• TGb Higher rate PHY for 2.4 GHz ISM-band (CCK, 5.5 + 11 Mbps)
• TGb_cor1 Corrections to 802.11b
• TGc 802.11 bridging (802.1)
• TGd Operation in new regulatory domains, roaming
• TGe QoS (previously also security, authentication)
• TGf Inter-AP protocol, interoperability
• TGg Higher data rates for 802.11b, > 20 Mb/s (OFDM at 2.4GHz)
• TGh Radar Detection, Regulatory, Enhance MAC and 802.11a PHY (for CEPT approval) at 5GHz.
• TGi Enhanced security and authentication
• TGj 802.11 and 802.11a PHY 5 GHz operation in Japan
• TGk Radio resource measurements (for higher layers)
• TGl ?
• TGm 802.11 standard corrections maintenance
• TGn High throughput PHY (Next Generation PHY)

Re:Was there ever just a 802.11 -- no bloody A, B

[ollie_ob]

It's the greek alphabet:

802.11a(lpha) (ie. the *first* letter of the greek alphabet)
802.11b(eta)
802.11g(amma)

The next of course is 802.11d(elta) but having a "d" building on a "g" would never work for marketing, huh.

full text standards

[ohsoot]

Unfortunately 802.11i isn't listed here yet, but here is a link to the full text of the other 802.11 standards. (Free, no registration required)

Re:Now we can start waiting for a total break of A

[Slinky+Saves+the+Wor]

AFAIK, DES/3DES, a 20+ year old algorithm is still only vulnerable to brute force attacks.

Actually, DES is vulnerable to some attacks (differential, linear) which have a smaller workload than using brute force, but they're quite not as practical and straightforward. And much depends on the implementation. If improperly done, you can extract some key bits with cleverly examining the device while it works.

As for AES, once you come up with a system of efficiently solving "an overdefined system of multivariate quadratic equations", you can recover the key. I think nobody has come up with such a method, at least in public.

802.11i

[thing2b]

802.11i? Ohh wow. I think the title is correct.. News for nerds.

AES?

[JamesKPolk]

Is it really time to start using such a new cipher like AES yet?

Yes, I know how expensive Triple DES is to compute, but nobody said encryption is free.

Re:AES?

AES is ratified by NIST and is the US Govt standard for encryption _today_. Its no longer just a "new cipher".

Re:AES?

[JamesKPolk]

I bet the NSA isn't having the Pentagon use AES.

MOD PARENT UP

Informative

Re:Does this finally solve the *other* major probl

[Super_Z]

You could use frequency jumping - with one pattern per client.

Re:But Linksys has a history of good updates

[virtual_mps]

I wouldn't really count Linksys on that bandwagon yet. They've been really good about keeping their firmware up to date even on old devices.

Bullshit. They drop support just about as soon as they can. I've got a first-gen WPA11 for which linksys never released a single firmware update and which never had a reliable driver. I've also got a WAP11 that's in the same boat. You may be confused by the fact that linksys generally keeps the same name when they change the chipset on their products. So they have updates for WAP11's, but only the very latest hardware rev of it. If you buy a linksys product consider it to be disposable.

vans

[zogger]

Mine has paid for itself over and over again. For years I used it as both a daily driver and in my side jobs of remodeling and landscaping. I only drive it a short distance now like to town once or twice a month because it has so many miles on it, but it's still nice to climb in it and have an "enterprise" class cockpit. It's just fun, and comfortable. Taken it all over so many places, done so much stuff with it I'll never get rid of it. One of these days I'll rebuild the engine or replace it. I'd like to make it a 4wd some time too, I've looked into it and it's doable for around 3 grand. The one I have is also a factory high top mini camper. I tore out the sink and water tank though, but I left in the furnace, stove, and refrigerator that are all propane powered with an onboard tank welded/bolted on up under the frame. Just had too many cool times with it. I want to make it 4wd so I can get back into amateur prospecting. Living in north georgia I am reasonable driving distance to places you can still get some good dust. We have a jeep, a cj7, that can get back in most anywhere, but it has severely limited cargo capacity. Probably in the meantime I might just get a towbar for the jeep and haul it with the van to the nearest campground, then use the jeep to get back into the good areas. Maybe, right now I'm busy as heck with this job and the new garden, finishing it off, and I got too many other infernal combustion devices to work on and fix..

I had a couple old ratty sportscars before, both "fix it again tony's". My fav was the 69 spyder with the tiny rear engine. Man that thing was fun and got decent mileage and the easiest car I ever owned to work on, bar none. It had around a 960 cc engine after I built it, went maybe 70 top speed, but got 50 MPG. I had both tops too, a removable fiberglass hardtop and the rag top. Big fun even though it was in no way a "performance" car. And I'm not really sure why but it was a for-real babe magnet for some reason. They thought it was "cute". That part didn't bother me one bit...

%^)

USRobotics & WPA

[deepsky]

Most USRobotics products claim to support WPA in big letters, then a nasty footnote says that "WPA will be supported upon ratification".
I hope that now that 802.11i has been finally ratified, my USR5410 Wireless PC card will be blessed by WPA...

Re:But Linksys has a history of good updates

[cbreaker]

Well, I don't know what to tell you man.

I am forced to work with these things a lot, and every time I've been able to get a firmware update for them. Be they the wireless routers or the wireless access points.

I guess you got unlucky. But in my case, I've handled a lot of these things, from old to new, and I've always found there to be a fairly recent update for them. If the device is new enough (anything in the G family) then the updates add WPA and other nice functionality.

The idea was, if this new encryption can be done in firmware, then I'm willing to bet that you'll be able to get the added features from Linksys without extra cost, assuming your device isn't two years old.

Re:But Linksys has a history of good updates

[virtual_mps]

I guess you got unlucky. But in my case, I've handled a lot of these things, from old to new, and I've always found there to be a fairly recent update for them. If the device is new enough (anything in the G family) then the updates add WPA and other nice functionality.

I think that's what I said--they'll support their latest, but when their next model comes out you're screwed. I'm sure they'll be revving soon to provide a new model that says "802.11i" on the box, at which point you'll never see another update again. Hope they get it right the first time...

Re:Does this finally solve the *other* major probl

[ConsumedByTV]

I can't help but think that you don't know what you're talking about.

Well then that would be your problem, no?

It's not impossible to build a radio system where each person has entirely different encrypted stream of data sent to them. Much like CSMA/CD only with some sort of encryption where if it's not decrypting, it's not for you and it should be ignored.

I am just tossing it out there off the top of my head.

If it uses different keys for each user, it would be solved. No complicated radio hopping needed (nor would that be useful as an attacker can always program the card to hop).

Re:Does this finally solve the *other* major probl

[ConsumedByTV]

That sounds really great. How does the traffic between all the hosts reach each other?

If you have a give host on the wifi and you attempt to ping it from another wireless host, what happens?
What's the process?

Also is the encryption going to be done in firmware of the card? For the client, will all the traffic that reaches it will be decrypted before the host operating system knows it?
Will it drop all data that isn't able to be decrypted?

Re:Does this finally solve the *other* major probl

[srwalter]

It's not impossible to build a radio system where each person has entirely different encrypted stream of data sent to them.

Yeah, but all the stations could still receive each of the encrypted streams if they simply willed to tune it in. Granted, they wouldn't necessarily be able to decrypt it, which perhaps is what the original poster meant. However, you can't block them from receiving the encrypted signal.