Wireless access security tool moves past prototype stage
- By William Jackson
- Jul 29, 2005
LAS VEGAS'A wireless authentication scheme for Windows clients called WaveSEC is moving past the prototype stage and toward implementation.
"For Linux, it has always been ready to implement," said Paul Wouter of Xelerance Corp. of Canada. "For Windows, things have been more complicated."
WaveSEC is an open-source tool that uses the IP Security protocol (IPSec) to encrypt IP connections between hosts.
Xelerance maintains and develops Openswan, the Linux IPSec software on which WaveSEC is based. Wouter is working on the implementation of WaveSEC for Windows, which was tested at last year's Black Hat Briefings security conference.
"There has been progress, but there are a couple of months of work to be done yet," Wouter said.
The notorious security shortcomings of the 802.11 family of wireless LAN standards have made security-conscious users leery of hooking up to wireless networks, especially in public places.
WaveSEC uses digital certificates to authenticate wireless clients with a WiFi network gateway so that an encrypted link can be established to help secure the wireless connection from eavesdropping.
At last year's Black Hat Briefings, a WiFi network with a WaveSEC overlay for Windows was provided for attendees. The CD of proceedings distributed at the conference included an X.509 digital certificate that could be used when connecting with the prototype WaveSEC server. The idea was to let attendees help work the bugs out of the tool.
"The goal has been to try to encrypt as much as possible on the network," Wouter said. But WaveSEC is not a final answer to wireless security, he warned. "It is not host-to-host encryption. It just encrypts the wireless link."
Part of the problem of deploying IPSec schemes is that the protocol was designed for version 6 of the IP. Most networks today use IPv4. But Microsoft's IPSec stack now is more easily accessible, making WaveSEC more practical for clients running later versions of the Windows operating systems. Windows now also supports tools to automate the installation of digital certificates on client devices, simplifying that process.
The limitations of earlier operating systems became apparent during the trial at the 2004 briefings, Wouter said. "The problem last year was that a lot of people were still using Windows 95 and 98," he said. "Those are gone now."
Work remaining to be done on a WaveSEC product includes a graphical user interface and a management interface, according to Wouter. WaveSEC is a free open-source tool, but the Xelerance implementation with GUI and management capabilities will be offered as a commercial product.
William Jackson is a Maryland-based freelance writer.