China seeks standard for WLAN security technology

The row over Chinese companies’ battle to get their wireless LAN security protocol the blessing of the international community reflects how touchy folks can be about both security and international standards.

As the IDG News Service’s Sumner Lemon reported last week, Chinese companies were pushing hard for international adoption of WLAN Authentication and Privacy Infrastructure, or WAPI, although it appeared such efforts weren’t going anywhere. Reports have surfaced since then that the International Organization for Standardization has in fact rejected WAPI as a standard.

Because they transmit data over the airwaves, WLANs are particularly vulnerable to unauthorized access. The first attempt to address this, Wired Equivalent Privacy, became notorious for its problems. (To see just how bad it is, see our October 2004 test.)

The Wi-Fi Alliance plugged the holes with Wi-Fi Protected Access, or WPA, but IEEE 802.11i offers better wireless security. Still, WAPI advocates say they have a superior technology.

Lemon reports that Intel and the U.S. government were among those opposing China’s plans to force foreign companies to license WAPI, and China dropped those plans and tried to get the technology standardized internationally by the ISO and IEEE. Lemon further reports that the secrecy surrounding WAPI’s encryption algorithm has caused the greatest concern among those who establish such standards.

Still, 22 companies in China last week formed the WAPI Industry Union to promote adoption of WAPI, claiming it provides better security that 802.11i. There is speculation now that the security standard will find a niche within China, particularly around government customers concerned about using Western encryption.