Re: Wireless Device Security

[Joe Shaw <jshaw () darkside org>]

On Tue, 18 Mar 2003, Akash Malhotra wrote:

> Hi All,
>
> I have a question about security in wireless system.
>
> 1> Is it possible for me to have AES encryption in physical layer.
>
> I dont want to have any kind of security feature at the MAC layer.

What form of wireless are you talking about?  I'm assuming 802.11.
You're not going to be adding AES to the physical layer of 802.11 without
re-writing some firmware, as the physical layer controls are hardcoded.
The operating systems have no control over the physical layer of 802.11.

Furthermore, what effect do you hope to achieve by doing so?  Deny sync to
rogue devices?  By putting encryption at layer 1, you're going to have to
know a shared secret in order to even talk to any other device.  You're
going to be encrypting Sync, Start Frame Delimeter, Signal Rate, Service,
Length, Frame Check Sequence, and PSDU along with everything else from the
upper layers, which to me seems to be a waste.  Putting encryption and
authenticaion at the MAC layer of the Datalink is much more advisable, as
that is where all of 802.11's security flaws lie.

> 2> Will this reduce power consumption( battery will last longer)

Why would it?  You've just increased the amount of data that is going to
be encrypted, which should increase load and power consumption in theory.
In contrast, WEP only encrypts the payload, not the framing information.
While WEP has it's drawbacks, mostly in algorithm and implementation, what
data it does encrypt is satisfactory.  Replace the static WEP key with
dynamic keys, improve the WEP algorithm, provide an authentication
mechanism for the 802.11 control/management frames and you've effectively
secured wireless.

--
Joseph
I survived Enron, but I still need a job.  Hire me.