To answer a common question in my inbox for the last week, yes, I have left Trapeze. I started at Aerohive Networks on Tuesday, March 23.
Back in July, I wrote that the IEEE Standards Board would consider 802.11n for approval on September 11. That meeting has occurred, the votes have been taken, and the standard has been approved. I received notice by e-mail this morning at 11 am Pacific. I didn’t pick it up immediately, since I was in Australia for the Wireless World conference, and the e-mail came in just after 4 am.
On the train home last night, I read the paper by Ohigashi and Morii that made the news yesterday, and resulted in a good number of electrons being spilled yesterday afternoon.
Before I get started, the key point here is:
If you have concerns about wireless security, JUST USE CCMP.
(CCMP is often referred to as WPA2, but that’s a nomenclature point that I’d rather not get into here.)
I enjoyed reading the paper because the attack is clever, and nicely builds on some work from a year ago by Eric Tews and Martin Beck. Both the Ohigashi/Morii paper and the Tews/Beck paper describe attacks against the TKIP integrity check. Notably, neither attack is able to recover the keys used by TKIP to encrypt frames.
The most important thing to understand about TKIP is that it was intended to be an interim measure. When design work on TKIP started in 2001, there was a two-pronged approach to developing wireless security protocols. The first prong was updating the much-maligned WEP to improve security, but that effort was circumscribed because the design that emerged was constrained by the need to be hardware-compatible with the millions of devices which had already been sold with WEP support. (In technical terms, that restricted TKIP to be based on the RC4 cipher, and prevented development of a message integrity check with significant computational requirements.)
In essence, TKIP is a set of “seat belts” that keep the most vulnerable parts of WEP from being thrown through the windshield or impaled on the steering column. (One of my favorite papers about the weaknesses in WEP is IEEE 802.11 document 11-00/0362, titled Unsafe at Any Key Length, which is where the metaphor comes from.)
I’m not terribly surprised by the increasing number of papers written about flaws in TKIP. Given the severe design constraints, TKIP was a stopgap solution intended to buy time to give wireless LAN users the breathing space to move to the eventual AES-based protocol in development. TKIP had a “design lifetime” of five years, meaning that the intent was to resist cryptanalytic attacks for that length of time. The TKIP specification had matured by 2003, so it is not a surprise that flaws began to be identified last year.
Last year, the Tews/Beck paper exposed a subtle flaw in TKIP’s integrity checking. The attack described in last year’s paper required that a network have quality of service extensions enabled. Ohigashi and Morii did away with that constraint by showing that an attacker clever enough to insinuate himself into the conversation between the network and a client device can perform a similar attack.
The technical impact of this attack is small. Tews and Beck showed that a network with WMM could be subject to attacks against the TKIP integrity check. Ohigashi and Morii have generalized that work to networks in which the attacker does not need WMM to be enabled, but the trade is that the attacker must have a situation in which the victim is outside the range of the AP without relaying. Many vendors developed workarounds a year ago which continue to provide protection against this attack.
What this perceptive paper should do is heighten the disquiet regarding continued use of TKIP. Initial papers on WEP showed flaws that were not fatal, but the accretion of cryptanalytic expertise over time resulted in a complete break of the protocol which enables attackers to swiftly recover encryption keys. TKIP has not suffered this fate yet, but it is difficult to know how far off that day is. The best advice is to start using CCMP today, and make plans to move away from TKIP.
TKIP was intended for use as a stopgap, and it was optimized for use with the existing protocol features at the time of its design. It has not been extended to protect the extended headers defined by 802.11n, which is why the Wi-Fi Alliance has defined tests to prevent the use of TKIP with its 11n certification. It will never provide protection for 802.11 management frames. (To learn more about management frame protection, see the summary video for a talk I’ve submitted to the RSA conference next year.)
The future of wireless LAN security is CCMP. Let’s bury TKIP, and move away from it before it becomes absolutely necessary.
Last week, the IEEE 802.11 working group met in San Francisco. Activity on the long-awaited 802.11n standard has been slowly moving through the process for several meetings now. On Friday, we took what is likely to be the final step as the 802.11 working group. We held our final approval vote, requesting that higher layers of the IEEE 802 group approve 11n for publication.
The vote felt somewhat anti-climactic. In a lightly discussed and debated motion to send the 802.11n draft onward, 53 members (including your correspondent) voted in favor, 1 voted against , and 6 abstained.
Following the working group’s approval, the IEEE 802 executive committee voted unanimously (14 for, none against or abstaining) to send 802.11n to “RevCom,” the IEEE Standards Board Review Committee. The IEEE Standards Board next meets on September 11, 2009.
In an interesting twist, September 11 is a date relevant to the history of 802.11n. Bruce Kraemer, the long-time chair of Task Group N and the current chair of the 802.11 working group, noted that the first meeting of the “High Throughput Study Group,” the precursor to TGn, was September 11, 2002.
If approved, the 802.11n effort will have taken exactly seven years, at least by one measure. We are a long way from the first time 802.11n passed the 75% threshold.
The 802.11 working group is already working on the next step. Two task groups (TGac and TGad) are researching and debating methods to create gigabit-capable physical layers.
This morning, I am flying to Las Vegas for Interop and an OpenSEA Alliance board meeting. Fortunately for me, my flight is not completely disconnected from the ground. As I write this, I’m sitting on American Airlines 1268 behind Lawrence Lavine of Ripplewood, one of the backers of AirCell. AirCell is the company that provides Gogo Inflight Internet on American Airlines planes.
I’ve seen Gogo’s advertising on transcontinental flights (SFO/LAX-JFK), but I’ve never tried the service because I’ve never been on the right plane. Gogo is on the 767-200, but I typically fly the 767-300 flights. I’d heard that AirCell was installing Gogo on the MD-80 planes like the one I’m on right now, but I hadn’t seen it yet.
Mr. Lavine has generously allowed several passengers to try out the service. (He’s probably trying to get us hooked, and in my case, it’s working!) At $9.95 for a one-hour flight to Los Angeles, there’s clearly some work needed on the pricing model. Technically, the service seems fairly solid.
If you’re reading this, Lawrence, thanks for giving me back an hour of my time!
It’s 11:45 pm, and this is the scene outside my hotel room right now:
The Hilton is hosting a Wheel of Fortune taping, and my room is unfortunately right near the set. The crowd is cheering, shrieking, and generally whooping it up. I am a lowly guest in the hotel, so the taping will go on until “sometime soon, but they should be wrapped up by midnight.”
Why, oh why, Hilton, couldn’t you give my room to a cast or crew member, and give me a quiet room near the business meeting I was attending?
I’ve saved the best photos of Nice for last. Next to the conference center stands Sacha Sosno’s TÃªte au CarrÃ©, though most of the English-speaking engineers at the TCG meeting referred to it as the “blockhead building.” It’s apparently the administration building for the public library system in Nice, but it has to be the oddest-looking library administration building ever. Really, where else have you seen an 80-foot-tall square head?
In black and white, at sunset. The face looks across the street towards the convention center:
In color, to capture the flower beds in the nearby park:
One of the joys of eating at restaurants on Cours Saleya in Nice is that it was a focal point for much of the open-air street theater and entertainment. A Brazilian capoeira troupe performed one evening, holding athletic poses I can only dream of, like this one:
After one set, a performer gave a short lesson to a visiting child:
One of the performers flipped down a long stretch of Cours Saleya, head over heels:
With a long distance to build up speed on the return, he vaulted over a line held about six feet in the air. (As an interesting aside, I think Henri Matisse lived in the tan building in the right background of this photo.)
After dinner, I wandered around Vieux Nice, and found an informal concert near Glacier Fenocchio at 2 Place Rossetti. Place Rossetti was the site of my favorite moment in Nice. I was visiting during the Euro 2008 Cup tournament, and Spain and Russia were battling in a scoreless game as I approached Place Rossetti. Suddenly, a roar went up and the ground shook from cheering. The shock was enough to set off car alarms. Spain had scored to take the lead against Russia, and the people in Nice were cheering on Spain almost unanimously.
In the background of the photo is the lit bell tower CathÃ©drale Sainte RÃ©parate, which makes a stunning background for an open-air concert.
Just as with street performances the world over, the concert ended with a hat being passed around to collect donations.
Colline du ChÃ¢teau is between Vieux Nice to the west and the port of Nice to the east. One night, I ate dinner near the port, and couldn’t resist taking a photo of the scrambled departure board:
The port is sheltered from the sea by a long jetty that juts out into the harbor. Protecting the ships is necessary, and I couldn’t help but notice that the ships moored came from all across the world and flew many different flags. This photo was taken from the jetty facing Colline du ChÃ¢teau. The massive monument in the background is a memorial to the war dead of Nice.
Eglise Notre Dame du Port is located at the edge of the harbor. It’s one of the smaller churches in Nice, and was unfortunately closed by dinner time.
The early settlement of Nice occurred on a rocky outcrop next to what is now the old town. Colline du ChÃ¢teau (“Castle Hill” in English) offers sweeping panoramic views of the city, its shoreline, and the deep blue sea. Steps away from the beach lies Cours Saleya, a traditional square lined with cafes and shops, and a daily flower market. In this photo, Cours Saleya is the diagonal area with colored awnings sheltering the flower shops.
From Colline du ChÃ¢teau, Vieux Nice stands out from the rest of the city because of its orange roof tiles, which are a visually striking contrast to the nearby sea.
There are many places to look out over the city from the hill. This shot shows a view over the Promenade des Anglais.