Secure Methodology for RADIUS Key Exchange Proposed by Networking Security Experts; Non-proprietary Techniques for Potential Transfer of 802.11i Encryption Keys.

ROCKVILLE, Md. -- During the 2004 NMCI NMCI Navy/Marine Corps Intranet
NMCI National Multi-Cultural Institute Industry Symposium (co-sponsored by NMCI Office, AFCEA AFCEA Armed Forces Communications & Electronics Association , DONCIO DONCIO Department of Navy Chief Information Officer , and PEO-IT), 3e Technologies International (3eTI) announced that as part of the Internet Engineering Task Force's Network Working Group, 3eTI along with other WLAN See wireless LAN.

WLAN - wireless local area network industry leaders have co-authored a Request for Comment (RFC (Request For Comments) A document that describes the specifications for a recommended technology. Although the word "request" is in the title, if the specification is ratified, it becomes a standards document. ) for "RADIUS Attributes for Key Delivery" (http://www.ietf.org/internet-drafts/draft-zorn-radius-keywrap-00.txt ). If approved and adopted by the IETF, the proposal could lead to a common 802.11i key exchange methodology for highly secure wireless networking. These proposed extensions to RADIUS will enable a set of attributes that can be used to securely transfer 802.11i encryption keys using non-proprietary techniques with well-understood security properties.

Today, the key transfer is accomplished using vendor-specific, proprietary RADIUS attributes with the integrity of the message protected by the RADIUS Response Authenticator. However, the technique has multiple problems - its attributes were designed for use with a specific, proprietary protocol and may be inappropriate for other uses. Also, the encryption method used to hide the keys has unknown security properties and is of questionable strength. Lastly, the MD5 hash technique used in the construction of the Response Authenticator is proprietary and the construct itself is weaker than more modern HMAC HMAC - Keyed-Hashing Message Authentication methods.

For hardened security, the 3eTI co-authored RFC recommends that an AES Key Wrap algorithm be used to transfer keys while a HMAC-SHA1 algorithm be used for packet integrity protection. It goes on to specify that the key encryption key (KEK See CEC. ) and the hash key must be different from each other, should not be based on a password, and that they be cryptographically independent of the RADIUS shared secret used in calculating the Response Authenticator.

This significant step forward in open-systems standards would add another layer of security to the wireless / wired links between mobile users, wireless access points, and security / authentication servers.

"3eTI is a wireless infrastructure and security solutions provider." remarked Steven Chen, President & CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of 3e Technologies International, "We totally support the IETF, its goals and encourage open systems. We are protocol independent innovators and are actively involved with the secure evolution of IEEE (Institute of Electrical and Electronics Engineers, New York, www.ieee.org) A membership organization that includes engineers, scientists and students in electronics and allied fields. 802.11x, Bluetooth(TM), ZigBee(TM), UWB and other networking technologies and solutions."

In the last few years, 3eTI has provided its security-minded Department of Defense customers with a pre-802.11i solution for highly secure wireless LANs which is FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. 140-2 validated. This pre-802.11i solution utilizes AES encryption, Dynamic Key Exchange (DKE), supplemented with user authentication based upon security certificates. The solution is designed as firmware and software upgradeable to the IEEE 802.11i standard once it is ratified.

About 3e Technologies International

3eTI is a wireless infrastructure and secure solutions provider for WLANs, Condition Based Monitoring and Telematics applications. It is active in many industrial standard bodies such as IEEE 802.11x, IEEE 1451.5 (where 3eTI acts as Chair), Bluetooth (where 3eTI acts as Chair for Industrial Automation), ZigBee, etc. 3eTI delivers complete wireless infrastructure solutions, not just security, and offers wireless networking options for: ruggedized enclosures, harsh environments, extreme temperatures, mesh networking, wireless bridging, repeating, RF management, rouge AP detection, etc. For more information, visit www.3eti.com or send inquiries to info@3eti.com.

COPYRIGHT 2004 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Date:	Jun 23, 2004
Words:	529
Previous Article:	eBay Announces Online Directory of Software and Services to Support Trading on the World's Online Marketplace.
Next Article:	PGP Corporation Announces That the Information Systems Security Association Has Selected PGP Universal.

Related Articles
FUNK SOFTWARE: ADMITONE VPN CLIENT FOR POCKET PC.
Wavelink advances wireless LAN security.
Making wireless networks secure. (Security).
Global Enterprise Edition of `Steel-Belted Radius' in UK. (Security Products).
Securing network infrastructures: meshed topographies simultaneously preserve security and accessibility. (Storage Networking).
VPNs and wireless gateways vie for the heart of WLAN security.
SMC's enterprise-class Universal Wireless Access Point available now.
Windows on wireless: windows and wireless are rapidly converging on devices, desktops, and servers.
Wi-Fi upgrade for Intel Centrino.
Wireless security.