Secure WLAN Access - IEEE 802.11i/WPA2 II
  • We need a clean implementation from scratch
    • IEEE 802.11i/WPA hardware for interop testing (HP 420wl) OK
    • The net80211 wireless software stack OK
    • A basic IEEE 802.1x implementation
      • Generic port access for wired and wireless networks
      • Supplicant, optional: Authenticator
      • EAP subtypes: EAP-MD5, EAP-TTLS, EAP-PEAP, ... any more?
    • IEEE 802.11i/WPA crypto implementation
      • AES-CTR, MIC Michael, ARC4, TKIP, CCMP
  • Work just started in OpenBSD 3.9-current
  • We want to keep it simple, unlike other implementations
"Proactive Wireless Networks With OpenBSD", BSDCan 2006, Ottawa, Canada, 2006-05-13
Reyk Floeter (
.vantronix | secure systems GmbH (