RealTime IT News

A New AES Standard For Wireless

A new encryption mode joins 16 others Tuesday for consideration by the National Institute of Standards and Technology (NIST) as a security mode using the advanced encryption standard (AES).

RSA Security, Inc. , Hifn and MacFergus BV teamed up to create Counter with CBC (cipher block chaining) MAC (message authentication code), a packet technology that puts authentication and encryption in a single key.

The 17 AES proposals under consideration are the next step in crypto evolution first started with the public key system introduced by Whitfield Diffie, Marty Hellman and Ralph Merkle back in the 1970s.

AES is a block cipher algorithm developed on a mathematic formula -- called Rijndael after its creators, Belgian cryptographers Joan Daemen and Vincent Rijmen -- and selected by the U.S. government as the next generation in data protection protocols.

The technology standard has been very popular in the private sector, creating a rush for standards using AES in niche market security. The 17 security modes have been created in little under two years since the NIST's approval of the standard.

Like the Diffie-Hellman public key, which drew the ire the National Security Agency (NSA), Hifn is touting CCM's availability to the masses.

"The decision of making CCM freely available in the public domain will greatly enhance its value to the security community; if adopted by NIST it can be deployed very quickly, without the constraints of patented products," said Dr. Doug Whiting, Hifn chief scientist and co-author of the technology.

Normally, encryption and authentication are handled using different algorithms, making a single-key solution unwieldy and boosting the size of data packets sent over the network. CCM authenticates the packet header and packet, but only encrypts the packet contents, using a 128-bit block cipher.

Russ Housley, RSA Security senior consulting architect, said any technology that can simplify the security process is a boon.

"Cryptographic key management is one of the most difficult aspects of a security solution, so any simplification is a real contribution," he said.

The benefits to CCM go beyond the pale of techno-geek advances; because the technology uses only one key, it's easier to implement and data packets are essentially reduced in size. That's important to the burgeoning wireless data industry, which has been looking for a legitimate security standard for years.

Simplifying the process, and reducing the size of a packet, is especially useful for wireless telecommunications. According to Hifn officials, IEEE 802 is planning to use CCM to provide the security for wireless LANs (WLANs) and home networking.

Wireless has been on the mind of NIST officials for some time. Understanding the inherent risk of unsecure wireless networks ripe for the picking using such easy-to-install programs like NetStumbler, the agency put out a call in July asking for recommendations to counter unauthorized users hacking into a wireless network, to include airborne traffic.

"The relative immaturity of the technology coupled with poor security standards, flawed implementations, limited user awareness and lax security and administrative practices is an especially challenging combination," the letter read.

The NIST asked for recommendations at the same time it warned network administrators to test the built-in security measures found in Bluetooth and 802.11 standards, to include the data link level encryption and authentication protocols.