MANHASSET, N.Y. — China's controversial decision to mandate a proprietary encryption scheme for Wi-Fi systems used within its borders has industry groups, chip makers, OEMs and even U.S. government officials scurrying for answers. While China has a history of going its own way on technological standards, few attempts have aroused the ire of this spec.
The staunch proprietary position on what China calls its Wired Authentication and Privacy Infrastructure (WAPI) " implemented on Dec. 1 as part of the nation's GB 15629.11-2003 Wi-Fi standard " caught the wireless-LAN industry off-guard.
The ruling means that any Wi-Fi chip or system imported into China or manufactured there for domestic use must employ the WAPI encryption scheme, which is incompatible with IEEE 802.11. Charges of protectionism and license gouging are flying, along with complaints that a China-only standard will raise equipment costs. Some fear that China will push WAPI as a global standard and thereby fracture the entire WLAN industry.
The effects are bound to be far-ranging, given WLAN market growth in China. In 2002, according to numbers from IDC, China accounted for $17.2 million of a $2.2 billion global WLAN market. The figure "represents 182 percent growth over 2001, while the global market [overall] only grew at 23 percent," said Dennis Eaton, chairman of the Wi-Fi Alliance. "The Chinese market is expected to grow to $50 million by the end of this year and to $500 million by 2007," he added.
But "the ripple effect is even greater," said Eaton, pointing to systems with embedded Wi-Fi connectivity, such as laptop computers and PDAs. "This forces people, such as Dell and iPAQ [Hewlett-Packard's PDA], to revisit their embedded plans. There's some redesign needed here."
Though China's Wi-Fi standard has been nearly two years in the making, the WAPI encryption algorithm seems to have caught the industry by surprise. The standard was created by the China Broadband Wireless Internet Protocol Standards (BWIPS) group, and no details of the encryption algorithm have been disseminated to non-Chinese chip makers (although Intel Corp. said that it's reviewing a copy of the spec).
More worrisome, say observers, is that chip and equipment makers will have only a six-month "grace period" " until June 1 " to comply with the mandatory standard. The products that qualify for the grace period include those imported and produced before Dec. 1 or for which delivery contracts were signed prior to that date.
The standard itself was not discussed publicly until July and was not available for review until August. It was at this point that some industry watchers noted that a core piece of the guideline " namely, WAPI encryption " was a proprietary, mandatory system. This is unusual, since in the past several years China has traditionally gone along with ITU/ISO global standards; with 802.11 and .11b recently elevated to International Organization for Standardization status, many assumed China would do the same again.
Even the domestic standards China has been determinedly crafting " ranging from mobile-phone network protocols (TD-SCDMA) to audio/video compression, optical-disk technology and operating systems " all have been voluntary, relatively open processes that encouraged foreign participation.
China did use the ISO's IOS/IEC8802-11 and -11b versions as the basis for its own new standard. However, pointing to what it saw as security "flaws" in the present version of Wi-Fi that it believes "greatly restrict the spread and application of wireless LAN," the BWIPS organization opted to develop a proprietary encryption algorithm.
Bruce Schneier, chief technology officer of Counterpane Internet Security Inc. and author of several books on cryptography and security, said all indications are that China did not accept IEEE standards because it did not want second-rate encryption. "If the Chinese government wanted crappy security, they would use what's there now," Schneier said.
"From my point of view, 802.11i is a worldwide standard, and maybe they [BWIPS] should come and help us enhance it," said Stuart Kerry, chair of the 802.11 working group. "They need to tell us what .11i does not do and we can make a future amendment."
But the differences between China's WLAN standard and 802.11 may not end at encryption. The BWIPS uses similar language when describing its quality-of-service efforts (GB 15629.1103-2003) as it did when laying out its security spec (GB 15629.1106-2003). This has raised the specter of QoS differentiation also. "There has been nothing official on this yet," said Eaton of the Wi-Fi Alliance. "But it does appear they're also working on .11e-like QoS and other things that might track back into the IEEE's work."
Working off what little information is available at large, Eaton pinned the proprietary component in WAPI as a sort of elliptic-curve encryption with a block cipher. The 802.11i draft standard now calls for the 128-bit Advanced Encryption Standard (AES), which is also a block cipher, and that scheme has already been widely deployed as part of Wi-Fi Protected Access, which uses draft 3.0 of the .11i spec.
"We're now on draft 7.0 and expect to ratify the standard in March or June," said Kerry. "And it will have full-blown AES."With respect to the authentication process, Eaton believes it's architected in a manner similar to the Radius scheme used in 802.11. But he cast doubts on the ability of the WAPI authentication scheme to scale sufficiently to support WLANs without using expensive access points (APs). "With a small AP and, say, 50 users, we think the whole authentication scheme they have set up is going to bog down the network, bring it to a grinding halt," Eaton said.
Colin Macnab, the newly appointed vice president of marketing and business development at Atheros Communications (Sunnyvale, Calif.), put the authentication processing requirement at about 80 Mips per user, vs. 15 to 20 Mips for 802.11i.
Soon after the standard was announced early this month, rumors began to spread that only a handful of Chinese companies would be allowed to see the spec and that those 11 firms would be responsible for licensing it to foreign companies, some of which could be direct competitors. In fact, some small Chinese companies are already at work on 802.11 chips. "We will have an advantage in this niche because we are familiar with the security standard," said Kuang Zhangpu, a manager at Beijing-based LHWT Microelectronics Inc.
"The way that they are trying to implement this makes it clear that, whatever national-security argument there may be for encryption, the real motivator is to promote the interests of certain Chinese companies over other companies," said Anne Stevenson-Yang, the managing director of the U.S. Information Technology Office in Beijing. Ann Rollins, director of technology and trade policy at industry lobby group ITI (Washington), was somewhat more forgiving. "China is a new member of the WTO," she said. "And the people that developed the standard don't quite understand that there are principles and obligations to uphold."
"This is protectionism," said Philip Solis, senior analyst at Allied Business Intelligence (Oyster Bay, N.Y.). "The only result will be higher prices for everyone as the industry loses the economies of scale [associated with a single global standard]."
U.S. vendors have talked to the International Trade Organization and, according to Kerry, the issue has gone up to the presidential level. But so far, "We don't want this to become an international trade issue," said ITI's Rollins."[The Chinese] do have a competitive technology industry and it would really be in their best interest to be a larger player in the international community."
Others fear intellectual-property price gouging by the "anointed" Chinese companies, and the possibility of having to open up their own IP chests to one or more of the 11. "That's a concern of all companies," said Dominic Wilde, director of product marketing at Vernier Networks (Mountain View, Calif.). "IP is your lifeblood."
Though many foreign chip makers are in the dark about the particulars, they are formulating plans to quickly adopt the standard when the IP is made available. "In our design, we can move in two directions," said Jason Tsai, senior manager for the Connectivity Products Division at Taiwan-based Silicon Integrated Systems: "modify the hardware architecture as soon as possible" or "try to implement an ARM core into the chip to have the flexibility to modify the firmware to fit the WAPI spec."
More worrisome, for many, is the possibility that China may leverage its considerable weight to push WAPI as a global spec. Indeed, "It's possible that we'll apply the standard to become an international standard," said BWIPS spokesman Liu Chao-yang. "Currently, I don't have the road map on that. Meanwhile, some U.S. companies have already asked to join our working group. To my knowledge, HP and Cisco are among them, and their admission to the working group is just a matter of time."
Samuel Ni of sister publication EET China and Loring Wirbel contributed to this story.
