Wireless access security scheme gets tryout

LAS VEGAS'Paul Wouter of Xelerence Corp. of Canada, is a fan of IPsec. The company maintains and develops Opswan, the Linux IPsec implementation, and he thinks IPsec should be the default tool for wireless connections.

Wouter used the Black Hat Briefings this week to test a prototype IPsec wireless authentication scheme called WaveSEC for Windows clients.

The computer security conference provides wireless network connections for its attendees, but the security-conscious crowd is leery of the notorious shortcomings of the 802.11 family of wireless LANs. Instructions for using the conference's network carry the warning, 'surf at your own risk.'

But this year's conference is using a WaveSEC overlay on the network and the CD of proceedings includes an X.509 digital certificate that lets users help work the bugs out of the tool.

'It's not magic,' Wouter said. 'It is not host-to-host encryption. It just encrypts the wireless.'

The WaveSEC prototype is loaded on a separate server and uses X.509 certificates or an access point 'fingerprint' to authenticate users on the system. Wouter said the next step in WaveSEC development is to incorporate it on a commercial Linksys access point, which uses Linux.

But tests at an earlier Black Hat conference in Europe demonstrated a number of problems that need to be solved before it is ready for commercialization. For instance, the IPsec-off function does not always work on a notebook computer when it is shut down.

'You could lose all connectivity with your laptop' when it is restarted if Windows re-installs the IPsec policies, Wouter said.

Like the instructions say, 'surf at your own risk.'

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • system security (Titima Ongkantong/Shutterstock.com)

    The 2016 election: A lesson on integrity

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group