New Protection for 802.11

Donald Eastlake 3rd dee3 at torque.pothole.com
Wed Nov 6 23:40:51 EST 2002 

Well, you see some of the people working on improving 802.11 security,
in particular some members of 802.11 Task Group i noted that IEEE
procedures have no interoperability demonstration requirements. So they
formed a little group that took a subset of the then current 802.11i
draft and tried to implement it and interoperate. (Problems were found
and fixes feed back into the standards process.) The subset choosen,
called SSN, included the 802.1X authentication and anti-replay features
of 802.11i and the TKIP branch of 802.11i. SSN does not cover ad-hoc 
(station to station) mode, only station <-> access point.

(The current 802.11i draft has three branch,
	TKIP (Temporal Key Ingegrity Protocol) for legacy hardware via
firmware/sofware upgrade that uses RC4, but with a different key for
every packet, plus a specially designed (for weak legacy hardware) keyed
message integrity code with about 22 bits of strength (optional)
	WRAP (Wirelss Robust Authenticated Protocol) for new hardware
that uses AES in OCB mode for encryption and integrity (optional)
	CCMP (CCM Protocol) for new hardware that uses AES in CCM mode,
that is, AES-CTR for encryption and AES-CBC-MAC for integrity.  
(mandatory)

There being a lot of pressure for improved security soon, the WiFi
Alliance essentiallly adopted SSN with some profiling as a security
certification standard and called this WiFi Protected Access (WPA) v1.
The plan is for full 802.11i to be called WiFi Protected Access v2.

Donald

On 6 Nov 2002, Perry E. Metzger wrote:

> Date: 06 Nov 2002 15:32:30 -0500
> From: Perry E. Metzger <perry at piermont.com>
> To: cryptography at wasabisystems.com
> Subject: New Protection for 802.11
> 
> >From Dave Farber's Interesting People list.
> 
> Does anyone know details of the new proposed protocols?
======================================================================
 Donald E. Eastlake 3rd                       dee3 at torque.pothole.com
 155 Beaver Street              +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA                   Donald.Eastlake at motorola.com




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list