Related link: http://www2.marketwatch.com/news/story.asp?guid=%7B57F9C65B%2D0C16%2D4AC4%2DAC3E…

John C. Dvorak reminds me of Andy Rooney from 60 Minutes, an impressive commentator who entertains his audience by complaining. One thing these two pundits have in common is a seeming fear of new developments, expressed through skepticism. For example, every time a major software developer updates Dvorak’s favorite programs, his tendency is to “stick with the current version a little longer”.

But that’s not where the similarities end. Andy and John also have a tendency to nitpick with incredulity the truly mundane morsels of day-to-day life, whether on the subject of computing or in general. For example, I recall Andy Rooney once complaining on prime time TV that he couldn’t measure the correct serving size of potato chips because when he got to the bottom third of the bag, the chips were all smashed into crumbs–hence, he couldn’t count out 14 chips to get the recommended serving. This is the kind of complaining guys like Rooney and Dvorak do.

Today, Mr. Dvorak gave us a lengthy dissection of the iPod’s U2 edition, which comes bundled with hundreds of U2 songs at a highly discounted per-song rate. Dvorak claims this will start a “controversy”.

Somehow, I doubt it. I would think that Apple’s competitors will probably end up doing something similar. No controversy there, John. Sorry.

And, for crying out loud, will somebody tell Mr. Dvorak that he’s using the most absurd capitalization in his spelling of iPod? He keeps writing “iPOD” instead of “iPod” and it’s really distracting. It’s as if he thinks iPOD is some kind of acronym, or he’s got some obsessive-compulsive disorder that doesn’t let him put a capital in the middle of a word without capitalizing the rest of it. My 6-year-old daughter knows how to spell iPod. Why doesn’t Dvorak?

Maybe we should start calling him John C. dVORAK.

John C. made me wonder, if the iPod’s name were an acronym, what would it be? Itty-bitty POrtable Device? Internet POwer Dongle? Something else?

Related link: http://news.com.com/Cisco+tightens+security+on+voice+products/2100-7355_3-542581…

Cisco introduced a patch to its CallManager softPBX that adds encryption of voice channels on its mid-range 7940 and 7960 IP phones. This feature has cost them a lot of business to Avaya over the last year. Naturally, since voice encryption is something freeware softphones already do, it was definitely a conspicuous omission on Cisco’s voice roster. Check the link for more info.

How important is phone call encryption to you?

My main reason for attending the GCN/Wi-Fi Alliance show that I wrote about previously is that I was invited to be part of a panel on WPA2. I was joined on the panel by Jim Burns of Meetinghouse Data Communications, who has been extensively involved in the 802.11 and 802.1 working groups. Our moderator was David Cohen of Broadcom, who is also the chair of the Wi-Fi Alliance Security Group. David started off with presentation about WPA2, and then opened the floor to the questions:

Question: How often is the temporal key changed in WPA, and what is the impact of key change messages?
This question was motivated by the presentation, which noted that every frame has a unique key. I answered that the impact of key change messages isn’t what it appears to be because of the key hierarchy. Unlike WEP, TKIP and CCMP (WPA & WPA2) take the authentication data and compute keys from it. The authentication exchange derives a “pre-master key,” which is the source of all the keys used to encrypt frames. Pre-master keys are used as the basis for deriving “temporal keys” for unicast and broadcast/multicast data with the key handshake messages. The temporal key is combined with sequence numbers and other data to further derive a key used to encrypt the frame. So, there is a unique key used for each frame, but it does not require refreshing the temporal key. The temporal key timeout can be set for whatever you like, and does not need to be set to a short time-out.

Jim pointed out that the per-frame keying is often confused with WEP. Dynamic WEP doesn’t have a key hierarchy. The master key is used directly in frame encryption, so it is unprotected from attacks like Fluhrer/Mantin/Shamir. In WEP, the re-key interval is vital. In TKIP and CCMP, it is not required.

Question: How can WPA and WPA2 co-exist?
David noted that most cards have AES support burned into the radio chipset, which enables cards to support either TKIP (WPA) or CCMP (WPA2), and that the standards allow a network to use both encryption types simultaneously.

I added that there’s a difference between theory and practice. Although the standard supports using both TKIP and CCMP simultaneously, it does not yet work in practice. In a mixed-encryption network, the broadcast/multicast (”group”) key must be the lowest common denominator encryption. If there are CCMP- and TKIP-capable stations, the group key must be TKIP. If you throw dynamic WEP stations into the mix, the group key must be dynamic WEP. Infrastructure devices do support mixing the encryption type. Every client I have yet encountered has one notable exception. All the clients that support WPA are able to mix the RC4-based encryption methods (dynamic WEP and TKIP), but are not yet able to do CCMP for unicast frames while using an RC4-based encryption method for group frames.

David said that support for coexistence would be required in a future Wi-Fi certification test plan.

Question: How is WPA affected by EAP methods, and how can users choose an EAP method?
EAP methods are not formally part of the Wi-Fi Alliance certification test plan, but may be in the future. Right now, users have to know the EAP methods and make the trade-off on their own. Navigating the forest of EAP methods is one of the major areas in which network deployment could be simplified.

After our panel, Jim said that the Wi-Fi Alliance was not a standards body, though they’ve done a good job of marketing the WPA standards. WPA is a brilliant job of “standards packaging” into a comprehensible, easy-to-look for single checkbox. By incorporating pieces of 802.11i, 802.1X, and several IETF standards, WPA makes it easy for the average user to buy.

Question: Are there FIPS-certified WPA systems?
The short answer is no. I gave the long answer first, and a member of the audience asked a follow up question asking whether I meant yes or no.

FIPS-140 is a tough requirement. The baseline to get in the door for testing is that you need to use an approved algorithm (such as DES or AES), in an approved mode. You wouldn’t want systems using good cryptographic algorithms (DES) in weak modes (ECB), after all. 802.11i uses the Counter Mode with CBC-MAC, which was not an approved mode until late May of this year. So, 802.11i-based solutions can now apply for certification because they use the “right stuff.”

However, there’s a lot more to FIPS than that. It involves a detailed review of coding practices, the architecture of the software, and so on. After a vendor pulls the trigger and decides to FIPS-certify, it takes a significant amount of time. A year from the decision to seek certification is considered fast. I would have expected a FIPS-certified 802.11i system on the market because I assumed that some of the vendors started the certification process before the approval of CCM mode. (For the record, I don’t know if this is permissible or not.) I would have to believe we’ll see FIPS-certified equipment by this time next year at the latest, but I’d bet even money we get something by next summer.

Question: Is there any way to make the certificate deployment easier?
Jim said that certificate deployment was the weak point of many of the EAP methods in common use (PEAP, TTLS, and EAP-TLS). However, that’s the rationale for the development of pre-shared key EAP methods such as EAP-FAST.

On a follow-up, an audience member asked if there was a tool that could automatically generate and deploy certificates. With a great deal of trepidation, I answered that there was. Microsoft’s Active Directory can be combined with domain policies to automatically generate and push out a certificate when a machine is joined to the domain. However, this is only useful if you have deployed Active Directory and run a pure Windows environment, which is almost never true in practice. There’s usually a little island of MacOS or Unix somewhere.

Yesterday, I was flying back home to San Francisco. After boarding the plane, I received a phone call from my parents, who told me that Jon Stewart had appeared on 60 Minutes, but they had missed all but three minutes of his appearance and there would be no re-run. (Perhaps they were looking at their own TiVo guide data.)

My parents live in Chicago, in the Central time zone. Due to the time zones, network programs will air in the Pacific time zone two or three hours after the Central time zone. With TiVo’s remote scheduling feature, I could schedule a recording on their Web site, but I’d just stepped out of range of the nearest hot spot when I went down the jetway. Thankfully, TiVo’s Web site isn’t a graphics-laden monstrosity. From my seat on the plane, I fired up my laptop, connected to the Internet with GRPS, and logged in to the TiVo Web site. A quick search later, and I’d set the show to record on my TiVo in California just as the flight crew was ordering the deactivation of electronic devices. When I arrived home, the program was waiting for me!

Related link: http://wifinetnews.com/archives/004183.html

Earlier this month, T-Mobile announced that they have made 802.1X available nationwide. (I haven’t used it yet because I haven’t found instructions on how to configure my supplicant, and I don’t want to load their connection manager software yet.) In the interview with Glenn Fleischman, Joe Sims of T-Mobile says that one of the limitations of 802.11 adoption has been security. By implication, T-Mobile has deployed 802.1X to enhance security for their subscribers.

There are additional benefits for T-Mobile. The first-generation wireless “security” devices were captive Web portals. Although the user’s authentication credentials can be encrypted over the Web session, there is nothing that prevents hijacking an open connection. How can a Web-based authentication device, which operates on IP packets and TCP segments, tell whether a given frame is from a subscriber or a marginally sophisticated attacker who has started using the same IP address as a subscriber. (There are a variety of tricks that can be done to defeat this attack, but bear with me.)

Part of the purpose of 802.1X authentication is to derive shared cryptographic keys between the client and the network. One of the goals of 802.11i, and hence WPA, is to provide source authentication. Rather than accepting a source address on faith, it is “signed” by the sender, using a shared cryptographic key. Only the authorized station has possession of the key and can come up with the correct signature. In this environment, session hijacking is much more difficult. (Technically, the operation is a cryptographic checksum, not a cryptographic signature, but the principle holds. WPA2 uses a slightly different cryptographic operation that accomplishes the same result.)

Limiting network access to subscribers helps protect T-Mobile’s revenue, so they have a strong incentive to roll out security features that prevent connection hijacking. Happily, in this case, the new security system results in better security for the users as well.

T-Mobile bought into the hot spot game to offload some of the traffic from the expensive telecommunications network. By pushing voice traffic to the hot spot, they may not need to upgrade or expand the existing expensive cellular network. Most handsets won’t have Web browsers to authenticate to the network; anyway, keeping the same telephone user experience requires an alternative form of authentication. (EAP-SIM anybody?)

Related link: http://www.wwise.org/11-04-0886-03-000n-WWiSE-proposal-HT-spec.doc

At the end of last week, I attended the symposium put on by the Wireless Networking and Computing Group in Austin, Texas. On Friday, I spoke as part of the Wireless LAN technical track, comparing security protocols used on 802.11 networks. Immediately before I spoke, I attended a talk by Sean Coffey of Texas Instruments about 802.11n.

802.11 task group N has a goal of 100 Mbps of net throughput, after subtracting all the overhead for protocol management features like preambles, interframe spacing, and acknowledgements. TGn’s goal is interesting in that most other IEEE groups tend to focus on the peak throughput, but TGn was founded with a user throughput goal in mind.

Coffey’s talk was titled “Robust High Throughput High Spectral Efficiency Wireless LANs for 802.11n.” Spectral efficiency has been a sore point for 802.11 users. At the beginning, Coffey noted that although 802.11a and 802.11g have a peak “headline” rate of 54 Mbps, you can only expect about 25 Mbps net throughput, after accounting for the protocol. The net throughput is only about 45% of peak throughput. To get to 100 Mbps net throughput, you have two options: increase the peak speed way past 100 Mbps, or increase the efficiency of the protocol. Different proposals to TGn have placed different emphasis on these tasks.

(His point about efficiency is well taken. As a broad rule of thumb, the 802.11 MAC can move user payload data at about half the peak rate. I recently ran an AP forwarding test that came in at 31 Mbps, but that was in the ideal conditions of an RF isolation unit. 31 Mbps significantly higher than 25 Mbps, but it is still only 57% of the peak rate.)

Efficiency can be improved by reducing the amount of air time devoted to protocol operations. Some of these are already available in proprietary “turbo” modes in existing 802.11g hardware. First, larger frame sizes boost efficiency by improving the ratio of payload data bits to overhead bits. (This is the same argument for jumbo frames on Ethernet.) Second, block acknowledgements can further improve that ratio by requiring fewer acknowledgements. (TCP already does this.) Using larger frames does not help unless they can be reliably transmitted. Modulation must be designed to keep the packet error rate down. Larger frames do improve efficiency, but only if they are received intact. Retransmissions will quickly eliminate the benefit of larger frames, especially if a block acknowledgement is lost and the entire block must be retransmitted.

TGn received several proposals. Four complete proposals were received from WWiSE, TGnSync, Mitsubishi and Motorola, and Qualcomm. (Texas Instruments, with whom Coffey is affiliated, is part of WWiSE.) Several features are common to the leading proposals. All use 2×2 MIMO, which uses two input and two output antennas. (As an interesting aside, a student from UT-Austin who attends IEEE meetings told me that there was a vote on the pronunciation of MIMO, and it’s been standardized as “MyMoe.”) All of them also retain the 20 MHz channels in use by 802.11a. At this point, not all regulators will allow wider channels. Many optional features have also been proposed, most notably 40 MHz channels and the use of more than two antennas.

Mathematically, WWiSE gets to 100 Mbps net throughput by defining a new peak rate modulation that runs at 135 Mbps, and improving the efficiency of the protocol through the use of a burst transmission and block acknowledgements. In the WWiSE proposal, three 4,000 byte frames can be transmitted as a single block. To achieve 100 Mbps throughput, the three frames must be transmitted in 960 microseconds. WWiSE’s 135 Mbps modulation will move the frames in 711 microseconds, with the extra 249 microseconds used for backwards-compatible preambles, the interframe spaces, and the block acknowledgement.

To run at 135 Mbps, WWiSE uses the channel slightly differently from 802.11a. 802.11a divides the 20 MHz channel into 54 subcarriers. It uses 48 to carry data, and four for “pilot” carriers used to calibrate the data carriers. WWiSE divides the channel into 56 carriers. 54 are used for data, and 2 are pilots. Coffey said that the use of MIMO means that the two carriers go through two receivers each, and are as effective as four pilot carriers through one antenna. Each of the 54 carriers can be modulated using the same techniques as 802.11a, but a new 5/6 convolution code is used for the top data rate of 135 MHz. (The top code rate in 802.11a is 3/4.) 40 MHz channels can also be used with WWiSE, and it doubles the channel capacity.

Coffey believes that receivers need to operate at a signal-to-noise 30 dB to be viable. Any less than that, and the range will be short as receivers struggle to decode the radio signal. Part of the reason WWiSE kept the peak data rate low and focused on improving efficiency is so that the receivers could be kept relatively simple and inexpensive. (In fact, channel simulations using various modulation techniques showed that the packet error rate at 30 dB was probably too high using the modulation already used by 802.11a, which is why WWiSE includes a new error correcting code.)

All in all, it was an interesting session for me. My 802.11 background is from the MAC layer up. Although I enjoyed the peek into a new PHY in progress, I haven’t read the technical proposal from TGnSync yet, so I can’t compare the two.

Related link: http://blog.tmcnet.com/blog/tom-keating/voip/voip-blog/skype-keynote.asp

Tom Keating’s got the right idea when he raises the question– Where is Skype’s support for hardphones? The new SkypeIN feature, which allows you to have Skype be your carrier for inbound phone calls, would be so much more appealing if you could use it with an actual telephone.

I don’t think Skype believes it can be a total phone replacement without being compatible with regular phones. SIP providers like Vonage and Broadvox give you an Analog Telephone Adapter, but Skype’s solution is to have you plug a USB handset into the PC running skype? OUCH. Echos of that dismal, gimmicky mid-90’s software, ‘Internet Phone’.

Something tells me Skype’s got a much bigger plan indeed.

Here’s hoping that, at the ‘05 Internet Telephony expo, Skype is talking about things that can really help it displace the Baby Bells: Some kind SIP compatibility or gateway, universal analog phone compatibility via an ATA or on-premise VoIP gateway, and a less dimissive attitude towards Quality of Service. I.e., a real enterprise posture.

I’m pulling for you, Skype, but you’ve got a long way to go.

Can you imagine not “reaching for the phone” when it rings?