>and that claims to the contrary are chicken little grandstanding.
Err, lets wait a second here. A few months ago you would have said the same about WPA+TKIP. Yet, its completely broken. How do you know is WPA+AES is much better? What research have you done? Your consultant is supposed to have an eye on the future and predict trends.
That said, I still think that WPA is not a good protocol and that VPN or application level security is the only responsible way to go. The wifi consortium, to me, is not a security minded organization and rushes out half-assed protocols becase they are more interested in selling routers than anything else.
I know people who routinely break WPA/WPA2 with AES. Sure, its complex dictionary attacks, but there’s a vector right there that a lot of people dont understand.
Seriously, whats a VPN concentrator cost your business? A few hundred? Pushing out the client to all the laptops? A few hours? We’re talking minimal cost here for quite a bit of security.
Entirely possible (thanks for making that explicit).
My worry is people eavesdropping by receiving the radio communications between my computer and the wireless router. I’m not talking about somebody with a wired ethernet connection, who, I presume, could get around WPA2 as well. Unencrypted packets will never be sent on the wireless interface, right?
They dont need a wired connection. Wifi is wireless ethernet. Essentially they would just connect to your router wirelessly, as it is open, and run wireshark or ettercap and get all the packets.
Essentially, when you are connected its just like being on a switch or a hub. The encryption stops on the network/link level. This is where the sniffing tools operate.
>My worry is people eavesdropping by receiving the radio communications between my computer and the wireless router.
If the person is close enough to eavesdrop on the radio communications, he’s close enough to connect to your router wirelessly and run a sniffer.
I’m not sure what you mean. I understand that, although the LAN side traffic is encrypted, the WAN side traffic is not. But somebody who connects wirelessly is on the LAN side. Unencrypted packets never make it to the wireless signal. If they did, WPA could be sniffed without knowledge of the encryption key.
There is no LAN side vs WAN side. You are on a LAN. Period. How you get there doesnt matter (AES, WEP, etc). Once you are on the LAN you are sniffable.
You can see the wireless as just an invisible ethernet cable. Now you know that you can sniff a switch or a hub, right? Same applies to your wireless. Eventually its all just a switch and suffers from the same exploits switches do.
Sure there is. The wireless router sitting on my desk has 1. a LAN side, which includes the wireless network, with local ip addresses (192.168.1.x) for both the router and the connected machines, and 2. a WAN side, which connects to my DSL modem, and has a non-local ip address. The manual even refers to them that way.
All of the data on the wireless side is encrypted. It’s only decrypted on the side that connects to the modem.
All you can sniff are encrypted packets.
An invisible ethernet cable that’s carrying encrypted data.
Where’s the encryption in the “switch or hub” analogy?
How do you claim that unencrypted packets find their way onto the wireless network? My computer sends an encrypted packet to the wireless router. You think the wireless router echoes the packet on the wireless network, but decrypted? No way; not only is there no reason to, but it would obviously make encryption useless (whether WPA or SSL). Incoming packets for my computer are sent to it encrypted over the wireless network. There are no unencrypted packets on the wireless network.
No, all the data on the wireless side is encrypted when it’s flying through the air. As soon as it lands on a machine that is part of the network, it gets decrypted. If anyone is allowed to be part of the network, anyone gets to see the decrypted traffic (unless the packets are using a higher level encryption protocol like SSL). This is HorseloverFat’s point. Everyone using this encrypted network has the encryption keys, and you’ve said anyone can use the network by definition, so everyone has the keys.
We’re talking about my proposal to use a system like SSL. I proposed using something like SSL precisely as a way to allow anybody to use the wireless connection while also preventing eavesdropping (back in post #10). It sounds like you’re saying that that would work?
With WPA, yes. But with the public-key encryption I’m suggesting, no, which is the whole point.
So my question was, why isn’t there a standard wireless option for letting anybody connect and using SSL-like encryption? This would allow a wireless network that is open but encrypted, which would be quite useful.
The main problem I see with the scheme is that somebody could pretend to be the router and get you to connect, which they couldn’t do with a pre-shared key that they didn’t have (that’s what I meant by “the authentication problem”). I could imagine some ways to minimize this possibility.
>My computer sends an encrypted packet to the wireless router. You think the wireless router echoes the packet on the wireless network, but decrypted?
When I run a sniffer like ettercap I can fool it to tell me what you are sending on the switch. So, yes, it does exactly that. If I am on the same LAN as you, there are a lot of attacks I can do. Thats why we dont have encryption with open authentication. One is useless without the other.
It is incredibly hard to protect yourself from an attacker on your LAN. Ethernet and TCPIP work with the idea that those on your LAN are trusted and wont be doing things like arp poisoning or running sniffers.
So yes, its an edge case and not a smart way to manage a network. Id rather have no encryption and a closed access point than encryption and an open access point. In the former scenario I can run SSL, VPN, SSH, etc and be safe. In the latter the malicious user can just join the LAN and perform all sorts of attacks like man in the middle, arp poisoning, etc.
>So my question was, why isn’t there a standard wireless option for letting anybody connect and using SSL-like encryption?
I have WW-DRT set on my router. I can use a built in VPN service if I chose, but if I let everyone on my LAN then they can perform all sorts of attacks. They could send out a false arp saying “Hey, 192.168.1.1 is here” and make all my traffic go through them. They could do the same with my DNS servers and perform a man in the middle attack.
Wireless security has two components: keeping people off the LAN and keeping people from sniffing the air interface. You need both.
No offense, but if you dont understand MITM attacks, arp poisoning, basic ethernet, and a whole host of networking concepts then you’re just not going to understand what I am writing. Go buy ‘Hacking Exposed’ and study up on LAN-based exploits and you’ll figure it out.
The router sends wireless data in plaintext? A router could be trivially designed so that it never sends plaintext over wireless. Presumably they are designed that way.
If you were to tell me that you can fool the router into sending the data encrypted with your key, that’s another story. It seems to me that that could be prevented easily enough.
That I can believe. That’s the sort of thing I was asking about. To what extent such attacks depend on vulnerabilities of SSL that are fixed by TLS I don’t know. I also don’t know to what extent they depend on the fact that a LAN supports communication between the machines on the LAN, which is unnecessary for public wireless access.
As I mentioned above, I imagine that the biggest problem is authenticating the router. This relates to some of the attacks that you mention. A third-party certification authority is not practical in this situation. There may be other ways around the problem, such as obtaining the router’s public key through non-electronic means.
The effect that I was hoping for–open access but data privacy–would be extremely useful. Whether it’s feasible is a different question.
OK, but that doesn’t help in the public wireless situation I’m asking about.
I imagine that some offense was intended, but that seems to be par for the course on the SDMB.
LEAP, 802.1x, EAP, etc already do what he is suggesting. They can give a per user key that the other users dont know. That’s not a problem and its not a new idea.
What he is suggesting is leaving the AP open. Like I wrote above, just because all of you are using a different key to talk to the exact same router, doesnt mean anything security wise to the people on that router. All the attacks I listed will still work. I think you need to think of it like this: WPA, LEAP, whatever will get you on the router. That’s it. At that point its exactly like being on a switch with all the vulnerabilities of being on a switch with someone else.
>Aren’t SSL/TLS and similar designed to mitigate the very MITM attacks that you’re talking about?
No, because youre on a shared resource (the switch in the router) and at that point its all plain-text. There isnt an encrypted tunnel all the way to the gateway. Your bits get dumped on the LAN. You can send a malicious arp message and fool the client into thinking youre the router’s gateway.
Im assume you are thinking that there’s some kind of vpn-like tunnel to the gateway. Nope, youre on a switch at a certain point.
The point here is that an open router is a much, much bigger vulnerability than not having encryption. So bad that its foolish to apply encryption in this scenario. Or least its an edge-case that most manufacturers dont support. Its like having a great big castle wall but with a revolving door that lets people in and out all they want.
Hi. You can pretty much achieve this using existing technology such as RADIUS, NAP and client certificates. Wikipedia has a pretty good explanation of RADIUS at RADIUS - Wikipedia
The setup isn’t the easiest thing in the world but in principle I’d have users auto-register for a client certificate and then use this against the RADIUS server for client authentication and encryption.
I don’t have time to fully explain the config and how it would work now but I will come back later if there is interest (and time!)