Just one thought: we have used a commercial encryption package from Ntru for asymmetric encryption on wireless devices (we're using it for a two-factor authentication system). It is incredibly fast and incredibly small. The keys are 5k, our entire J2ME package is about 32k. The key strengths are equivalent to 1024 bit RSA. On a J2ME phone, key gen takes about 14 seconds, compared to 14 hours or so for ECC and 2+ days for RSA (had to kill it). We were using the Nextel 1st generation phones as well, the newer ones are faster. On a Blackberry or Palm, you hardly notice the key gen or encryption, in fact, the network lag is the key drag.
I know that Ntru did some implementation for a Wi-Fi project. I think that it would be a great solution for asymmetric encryption for Wi-fi, if you had a particular need that warranted it. My assumption is that it was not considered for WEP because it's a commercial product. Nick Owen -- Nick Owen CEO WiKID Systems, Inc. 404-879-5227 [EMAIL PROTECTED] http://www.wikidsystems.com The End of Passwords -- > -----Original Message----- > From: Michael Sconzo [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 22, 2003 2:26 PM > To: Kristian Kristensen; [EMAIL PROTECTED] > Subject: Re: IEEE 802.11 security (public key encryption?) > > > *Note* Spelling errors may follow. > > Ok, well I had some suspicions as to why PKI is not used/considered for > things like WEP, but I wanted to check with an authorative voice on the > subject of crypto. > > My original thoughts were key size and types of operations have a > lot to do > with this. If you look at sym. vs. asym key size. Asym is much > larger (for > what is considered standard) for example (2048bit RSA vs 256bit AES). And > as it turns out a man by the name of Gus Simmons stated that an asym key > should be about the square of a sym for approx equiv. security levels. > Which means that 4096bit RSA is about on part with 64bit Rijndael. There > are also some interesting things pointed out to me about unicity distace > etc...but I won't go into that here. But if anybody would like more info > email me. So, to sum that up: smaller key sizes in sym schemes > can provide > about the approx amnt of security as a large asym key scheme. > > Next. > > This is where the light should shine brightly. Think of the number of > operations to decrypt a 4096bit RSA 'word' (on the order of the > billions of > 32bit operations). While on the order of low millions to decrypt 4096bits > of DES Traffic. Which means that using symmetric key encryption is > generally 1000 times faster then asym key. Naturally there are > things that > can be done to speed both of these up...but we are going on rule of thumb. > > I also recieved some interesting stats as to hardware > implementations...but > those are/would be a bit expensive for 'home use'. > > Hope this adds some insight as to why PKI is not commonly used for WEP and > some other applications. You could probably get away with what I > would call > a PGP-style implementation. Encrypt the message with sym key, and encrypt > the sym key with a PKI scheme. > > Thoughts? > Thanks, > -Mike > > I would like to thank Bob Blakley for helping me confirm my > suspicions as to > why PKI is much slower. Thanks! > > ----- Original Message ----- > From: "Kristian Kristensen" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, July 20, 2003 1:28 PM > Subject: IEEE 802.11 security (public key encryption?) > > > > Hi > > > > I am currently doing some research on the security aspects of IEEE > > 802.11 networks. In that I wondered why Public Key encryption schemes > > are never seemed to be considered (not for WEP or IEEE 802.11i/WPA). Can > > anyone give me reason for that. Is it due to the fact of lower > > performance of pub key schemes. If so can anyone provide me with some > > references on why performance is that much lower for pub key ciphers > > than symmetric ciphers? Or are they too difficult to implement in > > hardware? Or are there some other reasons I just do not see? > > > > Thanx in advance.... > > -- > > Med venlig Hilsen / Best Regards Kristian > > > > IT-Coordinator Kristian Kristensen > > Denmarks Technical University > > Center for Tele-Information > > Building 371 > > 2800 Lyngby, DENMARK > > > > Phone: +45 45255209 > > > > > > > -------------------------------------------------------------------------- > - > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top > analysts! > > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > > while InStat has confirmed Neoteris as the leader in marketshare. > > > > Find out why, and see how you can get plug-n-play secure remote > access in > > about an hour, with no client, server changes, or ongoing maintenance. > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > > > -------------------------------------------------------------------------- > -- > > > > > > ------------------------------------------------------------------ > --------- > ------------------------------------------------------------------ > ---------- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
