WLANs Made Easy?

Xerox PARC homes in on wireless interoperability, security.

Researchers at Xerox Corp.s Palo Alto Research Center are focusing on two key areas of concern in the wireless industry—security and interoperability—with efforts to automate public- and private-key infrastructures and to improve the way devices communicate.

PARCs new security method is called "gesture-directed automatic configuration," and officials promise that the system makes it possible for clients to get WLAN (wireless LAN) security protocols to a user in less than a minute.

PARC researchers argue that every time the industry comes up with a new wireless security protocol, such as the IEEE 802.1x specification, setting up a network becomes more complicated. "Weve developed a technology that allows people to set up secure wireless networks easily," said Dirk Balfanz, a researcher at Xerox PARC, in Palo Alto, Calif. "Something thats both easy to use and secure is kind of a new thing. People are shying away from 802.1x because digital certificates are a pain to set up."

Gesture-directed automatic configuration is basically a point-and-click approach to key exchange. PARC researchers have created what they call a "Network-in-a-Box," essentially a customized access point that includes the 802.1x security protocol, client software and an infrared port.

A user gains authentication and initial access to the network by pointing a notebook or PDA at the access point and downloading the necessary software via the infrared port. The software creates a cryptographic key pair, then the access point sends the name of its wireless network, along with a digital certificate for the client. From there, the client can use the 802.11 network, and the infrared connection is no longer necessary.

PARC officials said that infrareds technical limitations give it location-based security. Because infrared communication requires a line-of-sight connection, anyone trying to hack into the connection would need to be near the access point.

"Infrared is not digitally secure, but nobody who isnt in the room can use it," Balfanz said. PARC is suggesting that users just lock up the access point when it isnt in use.

The idea of simplifying WLAN security isnt new. For example, Meru Networks Inc., of Sunnyvale, Calif., introduced this month a WLAN VPN module that supports Secure Sockets Layer, allowing for Web browsers to handle the key exchange. That means remote users who connect to the network can hook up to the VPN automatically, without having to install VPN software in every client. But PARC is novel in its approach to exchanging WLAN protocols via a wireless connection thats even more local than the WLAN itself.

No hardware makers have committed to the technology yet, but "were at the point where were confident we can license it," Balfanz said.

Meanwhile, a separate team of PARC researchers has created the Obje Interoperability Platform, a software architecture designed to let devices talk to one another regardless of which standards they support. Officials said that while industry standards are fine in theory, in practice they tend to be somewhat capricious—requiring new profiles and services as new devices and applications hit the market.

"The problem thats true with Bluetooth and Universal Plug and Play [wireless industry groups] is that even though these are wonderful standards that supposedly let you do interoperability, any time you get a new device or service, you have to go back to the meeting room and create a new standard," said Hermann Calabria, principal of business development for the Obje team at PARC.

With Obje, prior agreement on specific standard interfaces isnt necessary. Rather, the devices essentially teach one another how to communicate on the fly, using what officials call "meta-interfaces." These let devices exchange new data transfer and discovery protocols, media formats, network transports, and other information necessary for devices to talk to one another.

Officials were vague about plans for the commercial availability of Obje.

"The basic framework is mature, but we dont have software thats at the deliverable stage yet," Calabria said.

The Obje project is partially funded by the U.S. Commerce Departments National Institute of Standards and Technology, or NIST. Ideally, Obje could mean good things not only for existing devices but also for getting new devices to market. Hardware companies could ship products that are fully compatible with one another without having to wait around for standards.