RealTime IT News

Interlink SPEKEs Up

Ann Arbor, MI-based Interlink Networks makes Secure.XS (pronounced "Secure Access"), a $2500+ Linux and Windows-based solution for 802.1X authentication, authorization, and accounting (AAA). In the last few months the company has announced that Secure.XS support for a variety of Extensible Authentication Protocols (EAP) including PEAP, TLS, TTLS, LEAP, MD5, and others.

Now they are adding a new protocol called SPEKE -- Simple Password Exponential Key Exchange -- to that list.

SPEKE comes from Phoenix Technologies of San Jose, CA, the company behind the "global core systems software" -- the BIOS -- found in thousands of personal computers. Phoenix got the technology in an acquisition of Integrity Sciences in early 2001.

The reason to integrate SPEKE? No certificates for authentication. Instead, according to Mike Klein, CEO and president at Interlink, "it allows you to establish a strong username and password approach."

Phoenix calls SPEKE a "leading cryptographic system for zero-knowledge password proof." That means when in use for authentication the password is not actually revealed to either the server or the client -- they only know they share it.

The password never travels on the network so potential attackers using man-in-the-middle attacks can never find out what it is. The password doesn't travel the network because SPEKE instead uses a hash of the password to generate a key (using Diffie-Hellman Key Exchange) which is sent instead. Since both parties have the password, the generated key is also the same, but without knowing the hidden exponent on the other end.

In short, this makes security much easier on the end users and administrators. "The feedback we got consistently was that having certificates and establishing certificate authority was a real barrier for enterprises that want to get wireless security," says Klein.

SPEKE is provided by Phoenix in a software development kit (SDK) for developers to use when embedding the technology. Thus SPEKE is not exclusive to Interlink's Secure.XS program, but they are the first to integrate it. Right now, Interlink still has use of SPEKE in Secure.XS in beta, but Klein expects availability by the end of the first quarter. Pricing for the SPEKE add-on to Secure.XS has not yet been established.