Slashdot Mirror

← Back to Stories (view on slashdot.org)

IEEE Approves 802.11i

Posted by michael on from the my-lock-my-key dept.

Dozix007 writes "IEEE has approved a new wireless security protocol dubbed 802.11i, intended to finally provide sufficient security for wireless connections that users don't need to rely on alternate security layers. The new specification works by using AES encryption in the transceiver itself, encrypting data directly at the level just above the actual radio pulses themselves. That makes it transparent for applications sending data through the radio, so legacy programs running on new 802.11i-compliant hardware will automatically get the benefits of the new protocol without the need for modification."

8 of 302 comments (clear)

  1. Ah Finally! by scosol · · Score: 4, Insightful

    "sufficient" security- hahahahah history teaches us nothing apparently

    --
    I browse at +5 Flamebait- moderation for all or moderation for none.
  2. awesome by joel2600 · · Score: 5, Insightful

    Now try explainging to regular people the difference between a/b/i/g/x and which ones work together, which ones don't and why.

    i hope the guys at best buy are up to speed to direct the consumers!

  3. Is this really a good thing? by kabocox · · Score: 5, Insightful

    I know some seemless intergrated security is better than having it tacked on afterward. I've always felt that if folks trusted a default security layer to be perfect, they will get burned when the defaul layer is broken. You should always have application encryption of important data. You shouldn't just trust that your pipe will be encrypted. Sometimes those pipes get used by unauthorized third parties that's when having everything else encrypted comes in handy. I'm just afraid folks will switch to the 802.11i and not bother to encrypt any of their data.

  4. Re:Actually secure? by cmowire · · Score: 4, Insightful

    Perhaps.

    However, you do have to remember that a lot of classified information that would result in really major problems for many governments travels, encrypted, over the airwaves, on a regular basis. A cryptosystem isn't called secure unless it can't be broken in a reasonable amount of time, even if the bad guy knows your algorythm, and even if the bad guy is able to observe your transmissions.

    Basicly, what the entire WEP debacle has shown is that when you are transmitting over the airwaves, the importance of secure encryption increases. And that if you are going to make a widespread standard for encryption, you had better check it out with some folks who know encryption first.

    --
    Gentoo Sucks
  5. OK, but how does it actually work by mamba-mamba · · Score: 4, Insightful

    You can't just say oh, it uses AES. AES is a symmetric cipher, which implies that there is a shared session key.

    How do the nodes generate and exchange a shared session key? Or do you have to enter an AES key manually before you even hook up? That would certainly lock down the node!

    It would be nice if someone posted a link explaining at a medium level how it actually works. I don't want to just go read a draft of the standard, but I wouldn't mind reading a few of the important details.

    MM
    --

    --
    By including this sig, the copyright holders of this work or collection unreservedly place it in the public domain.
  6. Re:Sure but does it require new equipment by tmasssey · · Score: 4, Insightful
    Three things:

    1) It's not likely that the 200MHz CPU in that thing is going to handle 54Mbit worth of traffic. AES is not the easiest to calculate...

    2) Even so, it's highly likely that a firmware update could *possibly* add this. Will Cisco? My guess is no: they are not incented to make your current device more useful. They'd rather sell a new device.

    3) The beauty of OpenSource is that you can add whatever features you want...

    --
    Linux IT Consulting and Domino Development in Michigan
  7. Re:Sure but does it require new equipment by paranode · · Score: 4, Insightful

    Don't see any reason why a device would need to be created specifically for 802.11i.

    Ah, that would be because corporations are greedy. Sure they could give you a firmware upgrade, but they could also peddle a completely new product that costs you money.

  8. Re:Sure but does it require new equipment by tmasssey · · Score: 5, Insightful
    According to this article, the speed of encryping 128 bits of data with a 128-bit AES key is 730 cycles on a 32-bit MIPS processor. To keep it consistent with your numbers, that's actually >45 cycles/byte. At approximately 5 Million bytes/sec (54Mbit wireless), and 45 cycles/byte, that's 225 Million cycles per second right there. IIRC, the processor that's embedded in the router has a single pipeline at 200MHz, or, at best, 200 MIPS.

    In other words, assuming *zero* processing overhead, we're 25 MIPS short for wire-speed encryption.

    These are very rough numbers, but think of it this way: do you think Cisco (or whoever) spec'ed a processor substantially faster than what they needed? From my peronal experience, embedded processors do not usually have more than a few percent more performance than they need: rarely do they have even 30% more performance than they need. Even if they design a system with a way-fast processor, one of two things happen: their code bloats to use that speed (or they quit optimizing because they don't need to), or they end up buying a lower-cost, slower processor for production!

    In short, it's highly unlikely that the Wrt54g will have anywhere near the CPU power to do wire(less)-speed AES at 54Mbit. Half that? Maybe, but not all of it.

    --
    Linux IT Consulting and Domino Development in Michigan