WLAN Authentication and Privacy Infrastructure

Last updated

WLAN Authentication and Privacy Infrastructure (WAPI) is a Chinese National Standard for Wireless LANs (GB 15629.11-2003). Although it was allegedly designed to operate on top of Wi-Fi, compatibility with the security protocol used by the 802.11 wireless networking standard developed by the IEEE is in dispute. Due to the limited access of the standard (only eleven Chinese companies had access), it was the focus of a U.S.–China trade dispute. Following this it was submitted to, and rejected by the ISO. It was resubmitted to ISO in 2010, but was cancelled as a project on 21 November 2011 after being withdrawn by China. [1]

Contents

How the standard works

WAPI, which was initiated to resolve the existing security loopholes (WEP) in WLAN international standard (ISO/IEC 8802-11), was issued to be Chinese national standard in 2003. WAPI works by having a central Authentication Service Unit (ASU) which is known to both the wireless user and the access point and which acts as a central authority verifying both. The WAPI standard (draft JTC1/SC6 N14619) allows selection of the symmetric encryption algorithm, either AES or SMS4, which has been declassified in January 2006 and passed evaluation by independent experts[ who? ].

History

US–China trade dispute

In late 2003, the Chinese government announced a policy requiring that wireless devices sold in China include WAPI support and foreign companies wanting access to the Chinese market could produce WAPI-compliant products independently or partner with one of 11 Chinese firms to which the standard was disclosed. This issue became a point of trade discussions between the then United States Secretary of State Colin Powell and his Chinese government equivalent. China agreed to indefinitely postpone implementation of the policy. [2]

ISO rejection

The Chinese Standards Association (SAC: Standardization Administration of the People's Republic of China) subsequently submitted WAPI (ISO/IEC JTC1 N7904) to the ISO standards organization for recognition as an international standard, at about the same time as the IEEE 802.11i standard. After much debate related to both process issues and technical issues, the IEC/ISO Secretaries General decided to send the proposals to parallel fast track ballots. In March 2006, the 802.11i proposal was approved and the WAPI proposal was rejected. This result was confirmed at a Ballot Resolution meeting held in June 2006[ citation needed ].

The result was subject to two appeals by SAC to the ISO/IEC Secretaries General that alleged "unethical" and "amoral" behavior during the balloting process and irregularities during the ballot resolution process[ citation needed ]. The official Chinese news agency Xinhua said on May 29, 2006, that appeals were filed in April and May 2006 and, the agency said, alleged that the IEEE was involved in "organizing a conspiracy against the China-developed WAPI, insulting China and other national bodies, and intimidation and threats."[ citation needed ] Xinhua did not make these allegations specific. In July 2006, 802.11i was published as an ISO/IEC standard. WAPI is no longer being considered by ISO/IEC and all appeals have been dismissed.

After the preliminary results were announced in March 2006, various press reports from China suggested that WAPI may still be mandated in China[ citation needed ]. TBT (Technical Barrier to Trade) declarations to the WTO in January 2006 and a statement in June 2006 to ISO/IEC JTC1/SC6, in which SAC said they would not respect the status of 802.11i as an international standard, seemed to support this possibility[ citation needed ]. However, as of early 2007, the only official Chinese policy related to WAPI is a "government preference" for WAPI in government and government-funded systems. It is unclear how strongly this preference has been enforced, and it seems to have had little effect on the non-government market. [3]

ISO resubmission

In 2009, the China NB was encouraged by SC6 to resubmit WAPI to SC6. [4] It was allocated the standard number ISO/IEC 20011 after passing the first stage of balloting. Positive votes and commitments to participate in the standardisation process were received from China, Korea, Czech Republic, Switzerland and Kenya. Negative votes were received from the US and the UK[ citation needed ]. The US and the IEEE 802.11 Working Group provided numerous detailed comments rebutting the case for standardisation made by the China NB in the New Project proposal.

The required comment resolution on the ballot only started in June 2011, with the US, UK, China, Korea and Switzerland NBs and the IEEE 802.11 Working Group all participating. The Swiss NB representative admitted during the process that he was a paid consultant to IWNCOMM, the Chinese source of the WAPI technology[ citation needed ]. The Kenya and Czech NBs did not participate in the comment resolution process or in any other discussions related to WAPI after the close of the ballot in early 2010.

The comment resolution process failed after agreement could not be established on a variety of fundamental issues. For example, the China NB continued to insist that WAPI was justified because 802.11 included WEP, which is known to be broken. On the other side, the US NB and the IEEE 802.11 NB noted that WEP-based security had been deprecated in favour of WPA2-based security in IEEE 802.11-2007, and that no one had ever alleged any issues with WPA2-based security. In addition, the IEEE 802.11 WG noted that the functionality offered by WAPI systems was equivalent to only a small subset of the security offered by WPA2-based systems.

The China NB eventually withdrew WAPI in October 2011 (document JTC1/SC6 N15030) and the project was formally cancelled by SC6 in February 2012. The reasons for the withdrawal are unclear. The Chinese proponents of WAPI from IWNCOMM were clearly very unhappy when the withdrawal was announced. It has been speculated[ by whom? ] that Chinese government authorities ordered the withdrawal on the basis that WAPI had failed to be standardised by ISO/IEC after eight years. In addition, despite mandates for WAPI to be implemented in China in Wi-Fi enabled mobile phones and by the three Chinese service providers, it is very rarely used in practice.

Chinese cell phone usage

Mobile phones in China are controlled by MIIT. The "indefinite postponing" of the WAPI requirement in 2003 caused the MIIT to stop the certification of any phones with Wi-Fi capability. In 2009, a requirement for Chinese phones to support WAPI if there is any WLAN capability was made, effectively un-banning WLAN hardware from Chinese phones. [5] [3] One of the sticking points behind the iPhone in China was the support of WiFi without the WAPI standard. In the end, it was released without any WLAN at all. [6]

According to China's State Radio Monitoring Center Chinese, in April 2011 regulators approved the frequency ranges used by a new Apple mobile phone with 3G and wireless LAN support including WAPI. [7] Dell Inc's Mini 3 phones have also received network access licenses for China. [8]

The Chinese government's preference for the WAPI standard in some respects is similar to their preference for the TD-SCDMA for their 3G network.

WAPI Alliance

A "WAPI Alliance" analogous to the Wi-Fi Alliance exists in China. [9]

See also

Related Research Articles

<span class="mw-page-title-main">IEEE 802.11</span> Specifications for Wi-Fi wireless networks

IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer communication. The standard and amendments provide the basis for wireless network products using the Wi-Fi brand and are the world's most widely used wireless computer networking standards. IEEE 802.11 is used in most home and office networks to allow laptops, printers, smartphones, and other devices to communicate with each other and access the Internet without connecting wires. IEEE 802.11 is also a basis for vehicle-based communication networks with IEEE 802.11p.

<span class="mw-page-title-main">Wireless LAN</span> Computer network that links devices using wireless communication within a limited area

A wireless LAN (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office building. This gives users the ability to move around within the area and remain connected to the network. Through a gateway, a WLAN can also provide a connection to the wider Internet.

<span class="mw-page-title-main">Wi-Fi</span> Wireless local area network

Wi-Fi is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves. These are the most widely used computer networks in the world, used globally in home and small office networks to link desktop and laptop computers, tablet computers, smartphones, smart TVs, printers, and smart speakers together and to a wireless router to connect them to the Internet, and in wireless access points in public places like coffee shops, hotels, libraries, and airports to provide visitors with Internet connectivity for their mobile devices.

Wired Equivalent Privacy (WEP) was a security algorithm for 802.11 wireless networks. Introduced as part of the original IEEE 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network. WEP, recognizable by its key of 10 or 26 hexadecimal digits, was at one time widely used, and was often the first security choice presented to users by router configuration tools.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security and security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer network. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

IEEE 802.11i-2004, or 802.11i for short, is an amendment to the original IEEE 802.11, implemented as Wi-Fi Protected Access II (WPA2). The draft standard was ratified on 24 June 2004. This standard specifies security mechanisms for wireless networks, replacing the short Authentication and privacy clause of the original standard with a detailed Security clause. In the process, the amendment deprecated broken Wired Equivalent Privacy (WEP), while it was later incorporated into the published IEEE 802.11-2007 standard.

Temporal Key Integrity Protocol is a security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an interim solution to replace WEP without requiring the replacement of legacy hardware. This was necessary because the breaking of WEP had left Wi-Fi networks without viable link-layer security, and a solution was required for already deployed hardware. However, TKIP itself is no longer considered secure, and was deprecated in the 2012 revision of the 802.11 standard.

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

IEEE 802.11n-2009 or 802.11n is a wireless-networking standard that uses multiple antennas to increase data rates. The Wi-Fi Alliance has also retroactively labelled the technology for the standard as Wi-Fi 4. It standardized support for multiple-input multiple-output, frame aggregation, and security improvements, among other features, and can be used in the 2.4 GHz or 5 GHz frequency bands.

IEEE 802.11y-2008 is an amendment to the IEEE 802.11-2007 standard that enables data transfer equipment to operate using the 802.11a protocol on a co-primary basis in the 3650 to 3700 MHz band except when near a grandfathered satellite earth station. IEEE 802.11y is only being allowed as a licensed band. It was approved for publication by the IEEE on September 26, 2008.

<span class="mw-page-title-main">WiMedia Alliance</span>

The WiMedia Alliance was a non-profit industry trade group that promoted the adoption, regulation, standardization and multi-vendor interoperability of ultra-wideband (UWB) technologies. It existed from about 2002 through 2009.

WiFi-Where is a tool that facilitates detecting wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. Versions exist for the operating systems iOS and Palm OS. Originally created in June 2004 for the Palm OS by Jonathan Hays of Hazelware Software, the IP for WiFi-Where was licensed to 3Jacks Software in 2009. An iPhone version of the application was released in January 2010, but was pulled from the App Store by Apple in March 2010. As of 2010, it is available in the Jailbroken Cydia store.

IEEE 802.11s is a wireless local area network (WLAN) standard and an IEEE 802.11 amendment for mesh networking, defining how wireless devices can interconnect to create a wireless LAN mesh network, which may be used for relatively fixed topologies and wireless ad hoc networks. The IEEE 802.11s task group drew upon volunteers from university and industry to provide specifications and possible design solutions for wireless mesh networking. As a standard, the document was iterated and revised many times prior to finalization.

ISO/IEC JTC 1/SC 7 Software and systems engineering is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), that develops and facilitates standards within the field of engineering of software products and systems. The international secretariat of ISO/IEC JTC 1/SC 7 is the Bureau of Indian Standards (BIS) located in India.

ISO/IEC JTC 1/SC 25 Interconnection of information technology equipment is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1, of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), which develops and facilitates standards within the field of interconnection of information technology equipment. The international secretariat of ISO/IEC JTC 1/SC 25 is the Deutsches Institut für Normung (DIN) located in Germany.

ISO/IEC JTC 1/SC 29, entitled Coding of audio, picture, multimedia and hypermedia information, is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It develops and facilitates international standards, technical reports, and technical specifications within the field of audio, picture, multimedia, and hypermedia information coding. SC 29 includes the well-known JPEG and MPEG experts groups, and the standards developed by SC 29 have been recognized by nine Emmy Awards.

ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1. It is part of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), which develops and facilitates standards within the field of telecommunications and information exchange between systems.

A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.

IEEE 802.11ax, officially marketed by the Wi-Fi Alliance as Wi-Fi 6 and Wi-Fi 6E (6 GHz), is an IEEE standard for wireless local-area networks (WLANs) and the successor of 802.11ac. It is also known as High EfficiencyWi-Fi, for the overall improvements to Wi-Fi 6 clients in dense environments. It is designed to operate in license-exempt bands between 1 and 7.125 GHz, including the 2.4 and 5 GHz bands already in common use as well as the much wider 6 GHz band.

References

  1. Minutes of JTC1 Ad Hoc Meeting Thursday PM1, 19 Jan 2012. IEEE Standards Association.
  2. Shim, Richard. "China reaches trade accord, postpones WAPI requirements indefinitely". Archived from the original on April 7, 2005. Retrieved July 14, 2009.{{cite journal}}: Cite journal requires |journal= (help)
  3. 1 2 Fletcher, Owen. "Years on, China Pushes WAPI in Mobile Phones" . Retrieved 2009-07-14.{{cite journal}}: Cite journal requires |journal= (help)
  4. "Made-in-China WAPI standard resubmitted for global use" . Retrieved 2009-07-14.{{cite journal}}: Cite journal requires |journal= (help)
  5. WiFi圈地之战 Archived 2012-09-07 at archive.today - 南方周末
  6. Burrows, Peter. "Apple Will Strike iPhone Deal In China Three Months Earlier Than Expected, Says Analyst" . Retrieved 2009-07-14.{{cite journal}}: Cite journal requires |journal= (help)
  7. Fletcher, Owen (3 May 2010). "Apple Tweaks Wi-Fi in IPhone to Use China Protocol" . Retrieved 2010-05-04.{{cite journal}}: Cite journal requires |journal= (help)
  8. Fletcher, Owen (12 April 2010). "Pictures of New Dell 3G Phone Put on China Regulator Site" . Retrieved 2010-05-04.{{cite journal}}: Cite journal requires |journal= (help)
  9. "WAPI产业联盟". wapia.org.cn (in English and Chinese). Retrieved March 20, 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.