WLAN Authentication and Privacy Infrastructure

WAPI (WLAN Authentication and Privacy Infrastructure) is a Chinese security technology for wireless networks. WAPI is an alternative to security protocol, which is defined in the IEEE 802.11 standard.

Technology

WAPI has two architecture- elle components:

• WAI (WLAN Authentication Infrastructure) for mutual authentication of users and wireless Access Point
• WPI (WLAN Privacy Infrastructure) for the message confidentiality and integrity.

WPI allows the selection of the AES or the SMS4 cipher algorithm.

WAI has two options for the cryptographic keys:

• WAPI - PSK uses pre-shared keys
• WAPI -CERT uses X.509 certificates

WAPI -PSK differs only slightly from the pre-shared key option of IEEE 802.11, while WAPI -CERT has a much different approach, other functions and other cryptographic mechanisms.

WAPI -CERT has a central component, the Authentication Service Unit ( ASU). Their certificate is known to both the user as well as the access point, and they verified when connecting as the central authority, the validity of the certificates of the user and the access point. Access point and users authenticate each other with their certificates and establish the so-called Base Key (BK ) using Diffie -Hellman key exchange. The WAI mechanism corresponds to the ISO / IEC 9798-3 Amendment 1 " Information technology - Security techniques - Entity authentication - Part 3: Mechanisms using digital signature techniques AMENDMENT 1: Mechanisms Involving a trusted third party".

Historical Background

National

WAPI was published by the Standardization Administration of the People 's Republic of China ( SAC) as a national standard in 2003. The Chinese government gave 2003 that each was selling device must have support for WAPI. Foreign companies must cooperate with this one of eleven authorized Chinese companies that are owned by the proprietary details of the implementation.

Internationally

The first two attempts to launch WAPI as an international standard, failed. On the ISO / IEC JTC/SC06/WG1-Konferenz in Frankfurt am Main, the ISO rejected the application, WAPI and IEEE 802.11i to discuss. The standard was submitted again in October 2005, in revised form, and ultimately rejected in a vote on 7 March 2006 as the standard. On the same day the Chinese Ministry of Information Industry announced the formation of WAPI Industry Union. It consists of a total of 22 members. These include Lenovo, Huawei and China's four telecommunication companies.

In 2006, the original secret SMS4 algorithm was declassified and reviewed in the following years by independent experts.

In 2009, SAC submitted a revised proposal to the International Organization for Standardization, which in January 2010 by the members of JTC1/SC6 ( against the votes of UK and U.S.) was adopted ( see document JTC1/Sc6/6N14228 ). The standardization project is currently under the standard number ISO / IEC 20011 is in progress. The current draft of the ISO standard carries the document number JTC1/Sc6/N14619.

In October 2011, however, China withdrew the proposal and passed the ISO Central Secretariat a complaint. This is currently still pending.