In 1996, Edney co founded InTalk, Inc., the first IEEE 802.11 company to develop WLAN access points. After InTalk was acquired by Nokia Corporation, he focused on the application of Wi-Fi to public access networks. He is an active member of the IEEE 802.11 TGi security group.
How did you get interested in wireless security?
I've been involved in IEEE802.11 since the early days. In the early 1990's there was hardly more than a roomful of people involved in the standards work - now there are more than 500 people at every meeting. In those days the application were specialized and small scale but some of us could see the potential for the technology to challenge Ethernet. The first requirement was to get to 10Mbps (the original standard was only 1-2 Mbps). The second issue was security. Every customer was concerned about security and, quite frankly, a lot of bunk was talked on the issue. There was no real security in the original standard. Everybody knew that WEP was only a lightweight privacy protocol because with the short key (40bits) it was open to brute force attack. The intent, even at that time, was that it you needed "military grade" security you had to add this on top. The problem really set in when vendors started marketing "128 bit" security. They lengthened the key but did not look at the protocol to see where the other weaknesses were. It raised expectations among customers that could not be achieved in practice. In my opinion it was the introduction of "128 bit" WEP keys that created a problem - something that was never adopted by the official IEEE802.11 standard.
When the weaknesses of WEP became public and the IEEE802.11 standards group opened up a task group on security I welcomed the opportunity to sign-up. There were only about 10 people in the early meetings but this grew to 70 or 80 people at the peak. Security is a fascinating subject embracing advanced mathematics, systems analysis, lateral thinking and plain cunning.
How long did it take you to write "Real 802.11 Security: Wi-Fi Protected Access and 802.11i" and what was it like? Any major difficulties?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.