Slashdot Mirror

← Back to Stories (view on slashdot.org)

China Frustrated In Encryption Talks

Posted by ryuzaki0 on from the can't-always-get-what-we-want dept.

mikesd81 writes "According to an AP article, the Chinese are pushing for the encryption standard called WAPI. It's not going so well, as the majority of countries are taking the IEEE standard 802.11i. From the article: 'An international dispute over a wireless computing standard took a bitter turn this past week with the Chinese delegation walking out of a global meeting to discuss the technology. The delegation's walkout from Wednesday's opening of a two-day meeting in the Czech Republic escalated an already rancorous struggle by China to gain international acceptance for its homegrown encryption technology known as WAPI. It follows Chinese accusations that a U.S.-based standards body used underhanded tactics to prevent global approval of WAPI.'"

25 of 252 comments (clear)

  1. Maybe I'm too paranoid, but... by damburger · · Score: 5, Interesting

    Isn't it possible the Chinese could be pushing an encryption standard because they know a flaw in it they can exploit?

    --
    If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
    1. Re:Maybe I'm too paranoid, but... by prefect42 · · Score: 4, Insightful

      But the US is too lovely and Christian to do the same?

      --

      jh

    2. Re:Maybe I'm too paranoid, but... by Tom+Womack · · Score: 5, Insightful

      It is entirely conceivable, made more so by the enormous Chinese reticence to publish the SMS4 encryption algorithm they're using and to open it to international review.

      AES versus a Chinese government-approved algorithm which you can only get a specification for by agreeing to partner with one of eleven Chinese firms is not a difficult decision.

    3. Re:Maybe I'm too paranoid, but... by ronanbear · · Score: 5, Insightful
      Too paranoid is sorta an oxymoron on subjects like these.

      In fairness, the Chinese could have a legitimate reason to want their own encryption standard: they own the IP on it. Down the road there could be quite large licensing costs on 802.11n devices. Since this would be an area where the chinese would have the same cost base (for export) it would have the effect of making chinese router exporters less competitive relatively speaking. They would both be funding their rivals and any cost savings they could make in manufacturing would make up a smaller proportion of the cost of the device.

      The actual effectiveness (or lack thereof) of the encryption might be as irrelevant as it is in many standards conflicts.

      --
      the more they over-think the plumbing the easier it is to stop up the pipe
    4. Re:Maybe I'm too paranoid, but... by DNS-and-BIND · · Score: 5, Interesting
      Uh...licensing costs? They just steal it. It's standard operating procedure. Seriously.

      Just this weekend, I was at the local expo at my city here in China (I'm an expat). I open up their little guide magazine that comes with the gift bag and city map. Inside, I find content ripped off directly from my own website (I run the local English-language city guide). It's stuff that I wrote, and the freaking government copied it. Of course, there was no use complaining - what am I going to do, sue?

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    5. Re:Maybe I'm too paranoid, but... by WiJO · · Score: 4, Insightful

      The Chinese care about IP when it's their IP. They give tacit approval to those who pirate others intellectual property, but they will not stand for anyone taking theirs.

    6. Re:Maybe I'm too paranoid, but... by Anonymous Coward · · Score: 4, Informative

      It's got nothing to do with the US being better than China - the Chinese delegation is trying to portray it as a national issue, but actually it's about open standards. 802.11i is a published, peer-reviewed standard based on published, peer-reviewed encryption algorithms. In fact the driving force behind 802.11i is the flaws that were found in 802.11b by people outside the IEEE. If 802.11b had been a closed-book standard like WAPI, those flaws would still have existed but they might never have been made public.

  2. It boils down to... by QuietLagoon · · Score: 4, Interesting
    ...who can crack whose encryption.

    The Chinese want their encryption to be the standard so that they can use their backdoor.

    The US wants its encryption to be the standard so they can use their backdoor.

    1. Re:It boils down to... by klmth · · Score: 4, Informative

      The algorithm selected for AES was originally called Rijndael, and was developed by two Belgian cryptographers.

    2. Re:It boils down to... by ynohoo · · Score: 4, Insightful

      The level of independence of the member states helps. Since they don't trust each other, they are more likely to come up with an acceptable standard. While there are reasonable levels of co-operation between their respective security services, there is no top level organisation comparable with the NSA or the Chinese equivelent.

      --
      need a free COBOL editor for Windows?
    3. Re:It boils down to... by hengist · · Score: 4, Informative
      The I in IEEE stands for International.

      It stands for Institute.

  3. No current implementation? by LinuxGeek · · Score: 5, Insightful
    From Wikipedia:
    The WAPI standard requires the use of a symmetric encryption algorithm[1], SMS4, which was declassified in January 2006. The standard and its cryptographic implementation remain unpublished.


    So the Chinese are pushing for a standard that no one can currently verify as being secure and then they get angry?
    --

    Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
  4. censorship by kdougherty · · Score: 4, Interesting

    I'm not trying to be negative, especially towards China... However, I would never accept a security concept from any government that filters and censors their country's internet. Seems like an oxymoron to me.

    --
    The best way to predict the future is to invent it. -Alan Kay
  5. Re:wireless encryption by LinuxGeek · · Score: 4, Insightful

    See my message above yours. The Standard has not been published after being declassified in January 2006. No published code or theory of operation is available to you, me or 6 billion other people to verify that it is secure or that the spec may be secure but the reference source code may have serious bugs that effect the security. Maybe now you can "...see why adding a third is a problem..." and China knows very well why the standard is being rejected by other intelligent nations right now. It dosen't mean that it can't be a standard in the future, just not right now.

    China also seems to be in love with the idea of the central server verifing the security between the client and AP. Centralized key serving scares me even when the implementation is known to be secure. The key servers in China will be controlled by whom?

    --

    Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
  6. I trust neither by Opportunist · · Score: 4, Insightful

    I trust neither China nor the US to provide me with an encryption standard that protects my privacy. Neither government is known for their fondness of people's privacy.

    If anything, a free and most of all open standard could win my heart. But as long as governments are involved, who have an inherent interest in snooping, I will not rely on their security only and use encryption that is under MY (or at least that of about a billion flaw-seekers worldwide) control.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:I trust neither by dpilot · · Score: 4, Informative

      I seem to remember some old stories about the NSA and the DES standard.

      The NSA pushed for a few changes in the standard, without divulging the reasons. Some thought it was to insert a backdoor or vulnerability. Years later, after the outside world developed more crypto expertise, the found that the NSA had actually closed a vulnerability that nobody else even knew about. If the NSA had a backdoor into DES, it was with hardware that could brute-force it.

      --
      The living have better things to do than to continue hating the dead.
  7. And Apple is pushing... by demongeek · · Score: 5, Funny

    i11.208, the white and user-friendly encryption that is so hip only the coolest will use it (or be able to afford it)..

    I jest! I jest! *ducks*

  8. Not so fast Sherlock... by bigmouth_strikes · · Score: 5, Insightful

    There are no "backdoors" in standards, only in implementations.

    --
    Oh, I can't help quoting you because everything that you said rings true
    1. Re:Not so fast Sherlock... by quarkscat · · Score: 4, Informative

      Let's see what the real issues are:

      IEEE / ISO standard == open standard
      Chinese WAPI == closed standard

      The Chinese government requires that any implimentor pay
      licensing costs to China. If you want to embed their WAPI,
      you must incorporate in China with a Chinese entity as the
      majority shareholder. The questions become: "Does Intel
      really want to make the Chinese government their "senior"
      partner in chipset fabs, just to get WAPI embedded?"
      "And considering the potential for Chinese government trojans
      and/or backdoors in their WAPI code, would Intel risk losing
      any /all of their Western government hardware sales by
      adopting WAPI?"

      Leveno quality control, as well as the increased potential for
      trojans / backdoors in their software drivers, has already
      made a negative impact on sales of IBM's former hardware
      company.

    2. Re:Not so fast Sherlock... by jdhutchins · · Score: 4, Interesting

      It's also possible the NSA knew of some weakness, and then subtly changed the algorithm to fix it. The NSA's internal research is possibly many, many years ahead of the rest of the world's research. IIRC, when DES was being developed, the NSA made some changed to it, but didn't say why. Years later, when differential cryptography was invented/discovered, the NSA's changes made perfect sense because it made the algorithm resistant to many of those types of attacks.

  9. This "standard" is fucking ridiculous by WhiteWolf666 · · Score: 5, Insightful

    You have to partner with a bloody Chinese company to build equipment based on it.

    That's fucking ridiculous.

    The standard is unpublished, and will not be published. It checks in security keys with a centralized Chinese government server.

    I cannot imagine a world that would permit this to become an international standard, and if China insists on all equipment manufactured within its borders to have this technology it'll just push electronics manufacturing out of China.

    For a long time, people have predicted that the heavy hand of the Chinese government will one day disrupt the economic boom happening there. I hope to god not; an unstable, economically volatile China sounds like a nightmare to me.

    --
    WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  10. Sounds a lot like DPRK by amightywind · · Score: 4, Funny

    ...a lot of dirty tricks including deception, misinformation, confusion and reckless charging to lobby against WAPI.

    I think China and North Korea use the same publicist.

    --
    an ill wind that blows no good
  11. Poor diplomacy is counterproductive by mclaincausey · · Score: 4, Insightful

    If China wants to be heard in the international community, then they should participate in other global standards, or should have opened up the design and devlopment process of WAPI to either participation or scrutiny. They developed the standard knowing that their was an international effort (NOT American) to come up with the next generation of WLAN encryption, so I have no sympathy for the wasted effort at this stage. If China wants to effectively participate in the global standards game, they should, for instance, start a Common Criteria scheme and become a signatory country. It seems to this casual observer that China often likes to go it alone wrt standards, and when they suddenly start blustering about this international community not subscribing to their arbitrary standard is ridiculous. Why should the IEEE's efforts be thrown out? They lost the vote. They can complain about the vote being rigged or unfair, but a voting system is the closest approximation to a fair way of determining next-gen standards. I hear voting isn't so popular over in China though.

    --
    (%i1) factor(777353);
    (%o1) 777353
  12. Re:I guess the Chinese aren't good diplomats by WhiteWolf666 · · Score: 5, Insightful

    What they did?

    They proposed a secret standard, with a central key repository (located on Chinese government servers). Implementation of this standard was given to 12 Chinese companies, and developing any devices based on this standard requires partnering with these Chinese manufacturers.

    It isn't patent-encumbered, but that's because its a secret, and patenting it would require releasing the details.

    There isn't any debate to win. Not only is it proprietary versus open, its proprietary and exclusively controlled-and-licensed-and-manufactured by the Chinese government and Chinese state-owned companies.

    Everything about WAPI is wrong.

    --
    WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  13. An informative article... by wkcole · · Score: 4, Informative

    EETimes did a fact-rich article in March. The first paragraph of the second page is most illuminating. It seems the "startup" that owns the secret encryption mechanism lacks any visible means of support, and it is a "spinoff" of a government body.

    IMHO there is far too much polite gentility and benefit of the doubt shown in the media, and ISO, and WTO and even /. to the thugs who run China. There's no moral or technical equivalency involved here. The Chinese government presented WAPI late accompanied by protectionist threats and has been whining disingenuously about the world mistreating it in the process ever since. WAPI has received over 2 years of special treatment because the rest of the world relies on Chinese de facto slave labor to build its electronic goods. If the ISO process was being run honestly with a legitimate goal of defining a trustworthy secure standard that can be widely implemented in interoperable and competitive ways, WAPI would have been dismissed when first proposed.