HomeNews

Interlink SPEKEs Up

Eric Griffith
By Eric Griffith

Ann Arbor, MI-based Interlink Networks
makes Secure.XS (pronounced "Secure Access"), a $2500+ Linux and Windows-based
solution for 802.1X authentication, authorization, and accounting (AAA). In
the last few months the company has announced that Secure.XS support for a variety
of Extensible Authentication Protocols (EAP) including PEAP, TLS, TTLS, LEAP,
MD5, and others.

Now they are adding a new protocol called SPEKE — Simple Password
Exponential Key Exchange — to that list.

SPEKE comes from Phoenix Technologies of San Jose,
CA, the company behind the "global core systems software" — the BIOS
— found in thousands of personal computers. Phoenix got the technology in an
acquisition of Integrity Sciences in early 2001.

The reason to integrate SPEKE? No certificates for authentication. Instead,
according to Mike Klein, CEO and president at Interlink, "it allows you
to establish a strong username and password approach."

Phoenix calls SPEKE a "leading cryptographic system for zero-knowledge
password proof." That means when in use for authentication the password
is not actually revealed to either the server or the client — they only know
they share it.

The password never travels on the network so potential attackers using man-in-the-middle
attacks can never find out what it is. The password doesn’t travel the network
because SPEKE instead uses a hash of the password to generate a key (using Diffie-Hellman
Key Exchange) which is sent instead. Since both parties have the password,
the generated key is also the same, but without knowing the hidden exponent
on the other end.

In short, this makes security much easier on the end users and administrators.
"The feedback we got consistently was that having certificates and establishing
certificate authority was a real barrier for enterprises that want to get wireless
security," says Klein.

SPEKE is provided by Phoenix in a software development kit (SDK) for developers
to use when embedding the technology. Thus SPEKE is not exclusive to Interlink’s
Secure.XS program, but they are the first to integrate it. Right now, Interlink
still has use of SPEKE in Secure.XS in beta, but Klein expects availability
by the end of the first quarter. Pricing for the SPEKE add-on to Secure.XS has
not yet been established.

Eric Griffith
Eric Griffith
Previous article
E-Mail Delivery Rates Fall in Q4
Next article
Study Shows Security Market Doubling By 2006

Similar Posts

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Advertisers

Advertise with TechnologyAdvice on InternetNews and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.