informa
/
3 min read
article

Wireless Security The Latest Segment To See Open-Source Strategy

Chipmaker Atheros is making its JumpStart configuration software available as part of an open-source project.
The open-source programming paradigm first made its mark in operating systems and infrastructure applications. Since then, the open-source model has been extended to database, reporting, and a variety of other business software. Wireless-security-configuration software entered the fray this week when Atheros Communications Inc. open sourced its JumpStart Developer's Kit on Sourceforge.net.

JumpStart, originally released in January as a proprietary product, is designed to let wireless laptop PCs, cell phones, cameras, printers, and MP3 players running Windows establish a secure session with any access point that supports Atheros technology. So far, these access points have been made predominantly by D-Link Systems Inc. and Corega Holdings KK in Japan.

Atheros' primary business is selling wireless chipsets. Its motive for making JumpStart's source code available is to expand the home and small-business wireless market by making security configuration easier. "Open source allows JumpStart to be included into products that we don't control," says Kevin Hayes, Atheros' distinguished engineer and JumpStart's principal architect.

JumpStart was created to help users configure and secure wireless networks. Using JumpStart, the user can guard against rogue access points hijacking their wireless connections. JumpStart then creates an encryption key using the Diffie-Hellman protocol, which is best known as part of the broader Secure Sockets Layer data-security protocol. Through JumpStart, the user can then create a password to provide secure network access for configuring and adding devices to the wireless network.

Atheros earlier this week set JumpStart up as an open-source project on Sourceforge and by the end of the week plans to post the application's source code. The company hopes the open-source community of developers will put the technology through its paces. "Security protocols aren't by definition secure until they've been scrutinized by the public," Hayes says.

Atheros is licensing the JumpStart open-source project via the Sun Industry Standards Source License, which Sun Microsystems uses for its OpenOffice product. Under the license, significant changes to JumpStart's source code must be contributed back to the open-source project.

Exposing its proprietary software is a risk for Atheros, since the company relinquishes some control over the code once it's open sourced. Open-source developers can take the code and use it in their own applications, but they can also make their own contributions to the code. This introduces a risk that derivative versions of JumpStart that don't interoperate on all platforms could be created.

To mitigate the risk of fragmenting JumpStart, Atheros is posting guidelines for developers to follow, hoping to ensure that JumpStart downloaded from Sourceforge works with user devices and access points without compatibility problems.