Wikipedia

WLAN Authentication and Privacy Infrastructure: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Corrected 'Wi-Fi' to standard.
Tags: Mobile edit Mobile app edit iOS app edit
No edit summary
Line 6:
 
WAPI, which was initiated to resolve the existing security loopholes (WEP) in WLAN international standard (ISO/IEC 8802-11), was issued to be Chinese national standard in 2003. WAPI works by having a central Authentication Service Unit (ASU) which is known to both the wireless user and the [[wireless access point|access point]] and which acts as a central authority verifying both.
The WAPI standard (draft JTC1/SC6/ N14619) allows selection of the [[symmetric encryption]] algorithm, either [[Advanced Encryption Standard|AES]] or [[SMS4]], which has been declassified in January 2006 and passed evaluation by independent experts{{who|date=August 2014}}.
 
==History==
Line 14:
 
===ISO rejection===
The Chinese Standards Association (SAC: Standardization Administration of the People's Republic of China) subsequently submitted WAPI (ISO/IEC JTC1 N7904) to the [[International Organization for Standardization|ISO]] standards organization for recognition as an international standard, at about the same time as the [[IEEE 802.11i]] standard. After much debate related to both process issues and technical issues, the IEC/[[International Organization for Standardization|ISO]] Secretaries General decided to send the proposals to parallel fast track ballots. In March 2006, the 802.11i proposal was approved and the WAPI proposal was rejected. This result was confirmed at a Ballot Resolution meeting held in June 2006{{citation needed|date=August 2014}}.
 
The result was subject to two appeals by SAC to the ISO/IEC Secretaries General that alleged "unethical" and "amoral" behavior during the balloting process and irregularities during the ballot resolution process{{citation needed|date=August 2014}}. The official Chinese news agency [[Xinhua]] said on May 29, 2006, that appeals were filed in April and May 2006 and, the agency said, alleged that the IEEE was involved in "organizing a conspiracy against the China-developed WAPI, insulting China and other national bodies, and intimidation and threats."{{Citation needed|date=June 2010}} Xinhua did not make these allegations specific. In July 2006, 802.11i was published as an ISO/IEC standard. WAPI is no longer being considered by ISO/IEC and all appeals have been dismissed.
Line 28:
The comment resolution process failed after agreement could not be established on a variety of fundamental issues. For example, the China NB continued to insist that WAPI was justified because 802.11 included WEP, which is known to be broken. On the other side, the US NB and the IEEE 802.11 NB noted that WEP-based security had been deprecated in favour of WPA2-based security in IEEE 802.11-2007, and that no one had ever alleged any issues with WPA2-based security. In addition, the IEEE 802.11 WG noted that the functionality offered by WAPI systems was equivalent to only a small subset of the security offered by WPA2-based systems.
 
The China NB eventually withdrew WAPI in October 2011 (document JTC1/SC6N15030SC6 N15030) and the project was formally cancelled by SC6 in February 2012. The reasons for the withdrawal are unclear. The Chinese proponents of WAPI from IWNCOMM were clearly very unhappy when the withdrawal was announced. It has been speculated{{by whom|date=August 2014}} that Chinese government authorities ordered the withdrawal on the basis that WAPI had failed to be standardised by ISO/IEC after eight years. In addition, despite mandates for WAPI to be implemented in China in Wi-Fi enabled mobile phones and by the three Chinese service providers, it is very rarely used in practice.
 
===Chinese cell phone usage===
Line 47:
 
==External links==
* Standard texts:
** [https://web.archive.org/web/20060824024454/https://committees.standards.org.au/COMMITTEES/I-000/X0001/JTC001-N-7904.pdf ISO/IEC JTC 1JTC1 N7904], 2005
** [http://www.gb688.cn/bzgk/gb/newGbInfo?hcno=74B9DD11287E72408C19C4D3A360D1BD GB 15629.11-2003] (Chinese, DRMed PDF, Free access from Standardization Administration of China)
* [https://web.archive.org/web/20110716163801/http://www.suntzureport.com/wapi/ SunTzu International LLC on WAPI]
* [http://www.chinatechnews.com/index.php?action=show&type=news&id=2639 The Chinese WAPI Delegation has returned from Geneva, where at the headquarters of the International Organization for Standardization it took part in a meeting with a group promoting IEEE 802.11i]
* [http://www.eet.com/news/semi/showArticle.jhtml?articleID=181502994&pgno=1 The International Organization for Standardization (ISO) rejected China's domestic wireless LAN technology to become an international standard]
* [https://web.archive.org/web/20060824024454/https://committees.standards.org.au/COMMITTEES/I-000/X0001/JTC001-N-7904.pdf ISO/IEC JTC 1 N7904]
* [http://english.people.com.cn/200605/29/eng20060529_269419.html Xinhua May 29, 2006, report on appeals to ISO]
 
Retrieved from "https://en.wikipedia.org/wiki/WLAN_Authentication_and_Privacy_Infrastructure"