hank you to everyone who corrected the errors in my earlier
post. As has
been pointed out, the SMS4 block cipher was disclosed
earlier this year.
Nonetheless, many of my concerns about the security of WAPI
remain.
We already have a perfectly good solution out there; 802.11i
is a good
scheme, and has been vetted by many folks. In contrast,
WAPI has
received very little analysis by security folks. WAPI's
underlying
block cipher is some special proprietary design that has
never been
published in a peer-reviewed academic conference and does
not seem to
have received much, if any, scrutiny from experts in block
cipher design
-- and certainly nothing approaching the degree of scrutiny
that AES
(the cipher used in 802.11i) has seen. Similar comments
apply to the
protocols in 802.11i vs the protocols in WAPI.
The 802.11 working group has put together a lengthy, 40+
page technical
analysis full of defects, ambiguities, and security risks in
WAPI.
Their technical analysis is compelling and pretty damning,
in my view.
I think we should commend the IEEE 802.11 group for doing
such an outstanding
job of technical analysis.
In comparison, when you read the documents from the Chinese
national
body, you get a very different impression. For instance,
the Chinese
rebuttal tries to defend the use of a secret proprietary
block cipher.
What the heck are they thinking? Don't they know anything
about how to
design secure systems? It seems clear that the people who
are writing the
Chinese advocacy documents are not technical experts in
security; perhaps
they are politicians or lawyers, but they're not security
engineers.
Of course, the elephant in the room is that China is a giant
and growing
market. China knows that, and seems to want to exploit that
fact to
ensure kickbacks and profits for local Chinese companies.
Everyone who
is anyone wants to sell to that marketplace, and I'm sure
they have
to be somewhat circumspect to avoid alienating potential
customers.
I'm not trying to sell anything to China, so I guess I'm
free to speak
my mind. I persuaded by the analysis I've seen that WAPI
is poorly
thought out, not ready for standardization, and shouldn't
be approved
at this time. It tries to solve an already-solved problem,
and does
it in an inferior way. I'm concerned about the security
risks of WAPI.
The Chinese national body gives no appearance of seeking the
best solution
and gives every appearance of allowing profit and political
considerations
to trump technical merit. I think ISO has been put in a
tough position,
and I think we should applaud them for (so far) resisting
the pressure
to adopt WAPI despite the intense pressure that has been
applied to them.
I remain concerned about the security risks of WAPI, even to
those of us
who live outside China. Anytime you ship a wireless card
that supports
two different wireless standards, you run the risk of
attacks that reduce
your strength to the weaker of the two standard. For
instance, one can
imagine "You are now in China" attacks that fool
a wireless card into
(wrongly) thinking it is in China and entering the
less-secure WAPI mode.
If WAPI has any security vulnerabilities, this could
endanger everyone
whose wireless card supports WAPI, whether they think they
are using
WAPI or not. One can hope that such a risk won't come to
pass, but why
take any chances?
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomo metzdowd.com
|