Interview: Matthew Gast, Trapeze Networks and 802.11 Task Group Chair

SearchNetworking talks to Matthew Gast, Chair of the IEEE 802.11Task Group and Chief Strategist in the Office of the CTO at wireless specialists Trapeze Networks.

As chair of the IEEE Task Force charged with consolidating “accumulated maintenance changes” to the WiFi Standard, co-founder of the security-focused OpenSEA Alliance, I could be forgiven for expecting Trapeze Networks' Matthew Gast to have nothing on his mind but security. However, in this interview, SearchNetworking finds that there's much more on Gast's mind than just keeping the bad guys at bay.

SearchNetworking: Beyond 802.11n, what next??

Gast: "If you look at the development of 802.11n, the big thing that we did there was allow the transmission of multiple streams over the same channel, and that allowed for much greater spectral efficiency."

However, Gast emphasises that 802.11n is just the first iteration of the use of MIMO in WiFi. "There's so much you can do with improved processing technology ... 802.11n is the first MIMO spec - but compared to the coding that's used in, say, a mobile phone, 802.11n is not yet that sophisticated.

"We have a lot of technology we could borrow from other types of radio communications, to make it much more efficient."

SearchNetworking: What could the WiFi world borrow from the cellular world??

Gast believes how 802.11n encodes signals on the air interface offer opportunities to get more out of the technology.

"There are high-performance decoders using, say, the Viterbi algorithm, or something with similar performance. We could look at using developments in coding like Turbo-codes, which have much higher performance, and that would allow us to sustain higher error rates over the air, and correct them.

"There's a whole variety of codes that were developed in the cellular industry - trellis coding springs to mind - something that might potentially be looked at as well."

SearchNetworking: What's happening in wireless security to "close the gap" with wired Ethernet??

Gast: " I do think there's a gap between wireless and wired security, in that wireless networks are more secure.

"Wireless networks typically do user authentication, so you know who is using the network where, and you know what they're doing.

"Simply by forcing users to authenticate - I am Matthew Gast - and you assign a user identity to the traffic stream, then you know who's doing things that they shouldn't be. And you can take alternative measures, not necessarily technical ones, to discourage usage of the network in a way that you find inappropriate."

SearchNetworking: What are the next developments in wireless security we should watch out for?

Gast: "We still need to continue to build on the cryptographic foundations of wireless security. There's a really interesting development that's been overshadowed by the impending ratification of 802.11n - on Saturday here in Australia, when the IEEE standards association meets, they'll be considering both the 802.11n standard, of which many people have heard a great deal about - but they're also looking at a similar milestone for the 802.11w standard.

"That is an effort to provide protection for 802.11 management frames. We've done a great amount of work on 802.11 data frames.

"Typically in the past, management frames are things like association - I want to connect to this network; and, from a security perspective even worse, disassociation: get off my network. That message was completely unauthenticated. All you needed to know was the very secret MAC address of the AP - which is of course very easy to find. 802.11w is providing cryptographic protection for those messages.

"Given the number of attacks that begin by repeatedly taking somebody off the network - [802.11w] has the potential to dramatically increase security.

"The attacks against WPA's pre-shared keys work by dictionary attacks. You kick somebody off the network, force them to re-authenticate, observe the exchange, and you repeat this as many times as you need. If the message that kicks off the attack by removing a user from the network is authenticated, that makes it very hard to just do.

"In the future, management frames will become more important - because they're not just the messages that are used for network operations like connect and disconnect; many of the fast roaming and network management messages are also in management frames, so protecting them also has the ability to protect the 802.11 management protocol, so that these operations run more smoothly, and are not as susceptible to interruption by attacks."

SearchNetworking: Where else is 802.11w important?

Gest: "There's a message in the 802.11k standard, that provides what's called a neighbour report. A device that's associated with an access point - say it's a voice device - needs to transfer to another AP as quickly as possible. So you can send a neighbour report, and find out where you might go to another AP to serve this voice conversation.

"You could do a great deal of mischief by sending a neighbour report that didn't have the closest devices, which is part of the reason why, from the standpoint of keeping this voice conversation running, [you want to] protect the neighbour report, so that the voice device has some guarantee of authenticity."

SearchNetworking: We're seeing huge growth in the number and variety of devices using WiFi. What implications does this have for the corporate network?

Gast: "The trend clearly is towards smaller devices, towards devices which are tailored to specific tasks, and what that means is more devices on your network.

"You have all these devices connected to the network, and they all can't connect in the same place. A huge problem that we've seen with some of our university customers is that many consumer devices tend to be b-g - they work in the 2.4 GHz band. Many laptops are a-b-g - the trouble is that there is, in some devices, a preference to use the b-g band.

"So if you didn't do anything, all these devices would connect to the 2GHz band. They have three channels to choose from, and they're all incredibly overloaded ... that's become an increasing component of managing the radio, making sure you use the radio as efficiently as possible.

"In the corporate environment, people want to have meetings, so what we've done for many years is to put more access in hot spots, and you depend on load-sharing capabilities in order to even out the load.

"And you try to use as much of the 5GHz spectrum as you can, in case of 11n, and in these hotspots have overlapping areas with the wide 40 MHz channels, to try and offload as much of the heavy use as you can from the b-g band."

SearchNetworking: What about network layout - is it different for 802.11n?

Gast: Because 802.11a b and g all were built around the idea of having a single transmission channel, multipath was our enemy. And now it's not anymore.

"Trying to build a network in the transition phase is where the challenge comes in. Because if you look forward to a world in which everybody has 11n, multipath is good. In practice, based on what I've seen in early 11n deployments, the indoor environment tends to have a lot of reflections, it's not a devilishly complicated fine-tuning procedure that you need to have."

SearchNetworking: Where are the good opportunities for Trapeze in the Australian market?

Gast: "We're doing some interesting work with location right now. Because wireless networks have the ability to know where you are, this has the ability to create new applications.

"You can use it a bit for security, that's where some of the initial applications come in, but the really big gains come when you can use location to effect the business that you do.

"It's funny how simple some of these applications are. The feedback we got from our initial customers was that just locating equipment is a huge deal.

"You might have these expensive devices which generally tend to be attached to patients - infusion pumps are a big deal. They get used a lot, but they're small and expensive and easy to hide. So you will have - they get hoarded, just because I need one of these, I'm going to keep it in a location no-one else knows about.

"When the network knows where they are, it means first of all, you can't hide it, and second, when somebody needs one, you don't have to find it. You don't have to look hard - you just ask the network where it is.

"You also can use location to do things like track patients, make the medical records available to patients wherever they are. Given that patients move around facilities, as well as staff moving around facilities, being able to automate that has proven to be very useful."

Read more on Wireless networking