Network World: NIST dubious about 802.11 TKIP; wants AES

[John Gilmore]

NIST mulls new WLAN security guidelines
By Ellen Messmer

The National Institute of Standards and Technology, the federal 
agency responsible for defining security standards and practices 
for the government, plans to issue new guidelines pertaining to 
wireless LANs in the near future.

The decisions NIST reaches, possibly as early as this month, 
will broadly affect federal agency purchases of WLAN equipment, 
because federal agencies are required to follow NIST 
recommendations. According to William Burr, manager of NIST's 
security technology group, the agency is focusing on whether to 
approve the IEEE's 802.11i WLAN security standard for encryption 
and authentication as a government standard. The IEEE approved 
802.11i last July, but Burr says NIST is not keen on some 
aspects of it.

Specifically, NIST has reservations about the so-called Temporal 
Key Integrity Protocol (TKIP), which is the key management 
protocol in 802.11i that uses the same encryption engine and RC4 
algorithm that was defined for the Wired Equivalent Privacy 
protocol (WEP).

The 40-bit WEP, used in many early WLAN products, was criticized 
widely in the past two years as having too short a key length 
and a poor key management scheme for encryption. TKIP is a 
"wrapper" that goes around WEP encryption and ensures that TKIP 
encryption is 128 bits long.

TKIP was designed to ensure it could operate on WLAN hardware 
that used WEP. In contrast, the 128-bit Advanced Encryption 
Standard (AES), which NIST already has approved, requires a 
hardware change for most older WLAN equipment.

"We just don't feel that the TKIP protocol cuts the grade for 
government encryption," Burr says. He adds that the RC4 
encryption algorithm is not a Federal Information Processing 
(FIPS) standard and probably won't ever be because network 
professionals see RC4 as rather weak in terms of message 
authentication and integrity.

NIST is more inclined to approve AES for WLAN security, and in 
fact Burr pointed to the NIST document 800-38C, published last 
summer, for encryption that includes the AES algorithm.

As far as the key management scheme for key exchange and setup 
is concerned, NIST might introduce a new key-management 
technology that's been jointly developed with the National 
Security Agency.
_______________________________________________________________
Senior Editor Ellen Messmer covers security for Network World. 
Contact her at <mailto:emessmer at nww.com>.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com