WLAN Authentication and Privacy Infrastructure

WLAN Authentication and Privacy Infrastructure (WAPI) is a Chinese National Standard for Wireless LANs (GB 15629.11-2003). Although it was allegedly designed to operate on top of WiFi, compatibility with the security protocol used by the 802.11 wireless networking standard developed by the IEEE is in dispute. Due to the limited access of the standard (only eleven Chinese companies had access), it was the focus of a U.S.-China trade dispute. Following this it was submitted to, and rejected by the ISO. It currently has been resubmitted to the ISO.

Contents

How the Standard Works

Main article: SMS4

WAPI, which was initiated to resolve the existing security loopholes (WEP) in WLAN international standard (ISO/IEC 8802-11), was issued to be Chinese national standard in 2003. WAPI works by having a central Authentication Service Unit (ASU) which is known to both the wireless user and the access point and which acts as a central authority verifying both. The WAPI standard (draft JTC1/SC6/N14619) allows selection of the symmetric encryption algorithm, either AES or SMS4, which has been declassified in January 2006 and passed evaluation by independent experts.

Criticism

One argument was WAPI standard used security through obscurity, another is that it was designed to limit trade into China, as well as requiring foreign companies to provide confidential trade secrets to Chinese corporations.

History

US-China Trade Dispute

In late 2003, the Chinese government announced a policy requiring that wireless devices sold in China include WAPI support and foreign companies wanting access to the Chinese market could produce WAPI-compliant products independently or partner with one of 11 Chinese firms to which the standard was disclosed. This issue became a point of trade discussions between the then United States Secretary of State Colin Powell and his Chinese Government equivalent. China agreed to indefinitely postpone implementation of the policy.[1]

ISO Rejection

The Chinese Standards Association (SAC: Standardization Administration of the People's Republic of China) subsequently submitted WAPI to the ISO standards organization for recognition as an international standard, at about the same time as the IEEE 802.11i standard. After much debate related to both process issues and technical issues, the IEC/ISO Secretaries General decided to send the proposals to parallel fast track ballots. In March 2006, the 802.11i proposal was approved and the WAPI proposal was rejected. This result was confirmed at a Ballot Resolution meeting held in June 2006, during which the SAC delegation walked out.

The result was subject to two appeals by SAC to the ISO/IEC Secretaries General that alleged "unethical" and "amoral" behavior during the balloting process and irregularities during the ballot resolution process. The official Chinese news agency Xinhua said on May 29, 2006, that appeals were filed in April and May 2006 and, the agency said, alleged that the IEEE was involved in "organizing a conspiracy against the China-developed WAPI, insulting China and other national bodies, and intimidation and threats." Xinhua did not make these allegations specific. In July 2006, 802.11i was published as an ISO/IEC standard. WAPI is no longer being considered by ISO/IEC and all appeals have been dismissed.

After the preliminary results were announced in March 2006, various press reports from China suggested that WAPI may still be mandated in China. TBT (Technical Barrier to Trade) declarations to the WTO in January 2006 and a statement in June 2006 to ISO/IEC JTC1/SC6, in which SAC said they would not respect the status of 802.11i as an international standard, seemed to support this possibility. However, as of early 2007, the only official Chinese policy related to WAPI is a "government preference" for WAPI in government and government funded systems. It is unclear how strongly this preference has been enforced, and it seems to have had little effect on the non government market, which is overwhelmingly based on WiFi certified equipment using WPA2, a subset of 802.11i.[2]

ISO Resubmission

In 2009 the Chinese government received a favorable ISO decision to allow a resubmission of the standard, and resubmitted the WAPI standard to the ISO.[3] It was allocated the standard number ISO/IEC 20011, but the proposal was withdrawn in 2011 (document JTC1/SC6N15030).

Chinese Cell Phone Usage

Mobile phones in China are controlled by MIIT. Mobile phones coming out in China in 2009 required to support the WAPI standard.[2] One of the sticking points behind the iPhone in China was the support of WiFi without the WAPI standard.[4] In the end, it was released without any WLAN at all.

According to China's State Radio Monitoring Center Chinese in April 2011 regulators approved the frequency ranges used by a new Apple mobile phone with 3G and wireless LAN support including WAPI.[5] Dell Inc's Mini 3 phones have also received network access licenses for China.[6]

The Chinese government's preference for the WAPI standard in some respects is similar to their preference for the TD-SCDMA for their 3G network.

See also

References

  1. ^ Shim, Richard. China reaches trade accord, postpones WAPI requirements indefinitely. http://news.zdnet.com/2100-9584_22-5197087.html. Retrieved 2009-07-14. 
  2. ^ a b Fletcher, Owen. Years on, China Pushes WAPI in Mobile Phones. http://www.cio.com/article/492084/Years_on_China_Pushes_WAPI_in_Mobile_Phones. Retrieved 2009-07-14. 
  3. ^ Made-in-China WAPI standard resubmitted for global use. http://en.apa.az/news.php?id=104668. Retrieved 2009-07-14. 
  4. ^ Burrows, Peter. Apple Will Strike iPhone Deal In China Three Months Earlier Than Expected, Says Analyst. http://www.businessweek.com/technology/ByteOfTheApple/blog/archives/2009/07/apple_will_stri.html. Retrieved 2009-07-14. 
  5. ^ Fletcher, Owen. Apple Tweaks Wi-Fi in IPhone to Use China Protocol. http://www.pcworld.com/article/195524/. Retrieved 2010-05-04. 
  6. ^ Fletcher, Owen. Pictures of New Dell 3G Phone Put on China Regulator Site. http://www.pcworld.com/businesscenter/article/194002/pictures_of_new_dell_3g_phone_put_on_china_regulator_site.html. Retrieved 2010-05-04. 

External links