>We need WiFi that is open and encrypted at the same time!
There is currently no WiFi protocol that allows anybody to join the network, while using link-layer encryption to prevent each network member from eavesdropping on the others. But such a protocol should exist.
It boggled my mind, repeatedly, when I discovered that non-password-protected wireless networks don't generate a unique encryption key for each connection. Boggle, I say. Sure, public key cryptography used to be too computationally expensive, but not any more. And even if it were, Diffie-Hellman has been around for quite a while, go ahead and use symmetric keys.
What the hell is wrong with our standards groups? And hardware manufacturers? There are trivial solutions to this, why haven't they pushed them?
that's surprisingly brilliant (and ranks up there in the "why didn't I think of that it's so obvious (but I didn't)" hierarchy of things that include the wheel)!
Of course, the problem is that using public key cryptography by themselves would not prevent MITM attacks. This can be solved using a certificate. In fact, such a protocol already exists, It is called EAP-TLS:
http://riosec.com/files/Open-Secure-Wireless.pdf
Windows already lets you trust specific root CAs for EAP, as well as server host names.
No, but for wireless, MITM is a bit harder. They need to be broadcasting and interfering with the station you're trying to connect to - that should be at least somewhat detectable, and alert people to the possibility. And certificates are a known system, implementing them is beyond "doable" and into the "easy" realm.
In any case, current MITM-prevention techniques should work just fine w/o a password. Unless someone knows otherwise, I don't really see why a default-encrypted system would be any more vulnerable than something behind a password.
> They need to be broadcasting and interfering with the station you're trying to connect to
The article raises the point that if you're just looking for a connection, you might not know the ID of the access point you want. Most of the time, if you want to snoop on people's traffic all you'd need to do is set up an AP with a higher signal strength than your neighbour's (and just forward the traffic on to the neighbour to get the bits onto the internet.)
More to the point, even if you do know the ID of the access point they want, you may not know that it's trustworthy. Even if the link between you and it is encrypted, it still gets to see your packets in the clear.
Yes, but if you're randomly connecting to un-trusted networks, you're... randomly connecting to un-trusted networks. Protect yourself with an SSH tunnel, or some other kind of VPN, and / or only run on https sites / fully-encrypted protocols.
Seriously, you're asking to be MITM'd if you're connecting to un-trusted networks. Literally. If you don't understand that, then you deserve what's coming to you. As long as you're not protecting yourself by somehow tunneling to only trusted end-points, there's no way to secure yourself.
Sounds like a great opportunity for some hackers (hardware and software) to get together and put together a Secure Open Wifi protocol and reference designs.
I honestly believe this is solvable. Maybe there's no financial market, but it seems like a tremendous good.
Seriously? We want a new network that big brother can't shut down or spy on so easy so your solution is to let the company that said "If you're worried about others seeing what you're doing maybe you shouldn't be doing it" running the show? I would trust Facebook with this before I'd trust Google with it.
I think we are talking about a protocol included in the WiFi standard which is implemented by whoever makes these devices. I'm not saying it should be some closed source proprietary 'Google' connection. They just have enough say in these matters that they could drive it forward.
It's irrelevant what exactly he meant. The bottom line is that Google can't be trusted and he said this explicitly in the interview. Whether that be because Google doesn't care about your privacy or because they are afraid of fighting with the Government is immaterial. The end result is the same: don't trust Google.
If you don't want to use Gmail for sensitive email, by all means don't. But this is just a silly knee-jerk reaction. Even if Google is the evilest company in the world, how could their development and championing of an open WiFi standard possibly compromise your privacy?
Eckersley overlooks one other useful permutation: an open wifi node that only lets people tunnel to a remote VPN.
This neatly solves both the problem with local eavesdroppers, and much of the problem where an ISP or law-enforcement fingers you, the billing contact, for the activity of third parties. Their traffic emerges at the other end of the VPN tunnel – somebody else's problem.
And, it doesn't require any new local crypto protocols – just mundane destination/port filtering.
Combined with the idea from the article to offer two distinct networks (one traditional, private, WPA2 and one open, only allowing VPN connections out) this sounds like a very practical idea. Is there any good reason not to do it this way other than to protect financial interest of mobile carriers?
A very paranoid regime could even establish rules to only allow certain accredited VPN providers (e.g. ISPs) to free people who offer open WiFi from the fear of being prosecuted.
Unless you do deep packet inspection, people may get clued in to your "mundane destination / port filtering" setup and start using other protocols like bittorrent on that port.
I actually saw this back when I ran an open network, in trying to prioritize bittorrent below ssh and interactive traffic. Some remote seeders will operate on port 22 or 443 because that's the only way they can reach the outside world. If an "Open Wireless Movement" using a standard VPN setup took hold, a similar thing might happen with that port.
Of course, without DNS only the savviest users would initially be able to exploit mundane destination port filtering, but it's only a matter of time before one of these users puts together a tool for the masses. So I still wonder about the plausible deniability of such a setup.
Couldn't you just limit each mac address to a single destination IP address? Put up a welcome page that explains what and why, maybe whitelist a few websites that help / provide software, and then lock them down to a single path beyond those.
I was primarily thinking of a whitelist of known VPN-only contact points, perhaps even a single public-interest VPN explicitly for this purpose. (Perhaps the EFF itself could run one.)
With that, you could only use other protocols with those limited destinations if they agree... which typically they wouldn't.
I ran an open network for years, only giving up on it a couple of months ago. I tried to set up DD-WRT like they suggest in the article (high bandwidth encrypted network + and open encrypted network), but I didn't get it working properly and gave up. I'll switch my network over to this setup if somebody gives me pointers on an easy way to do it.
The "sharing a certain amount of bandwidth" idea from the article is way more difficult than it sounds.
Fundamentally, anyone with access to a network segment can saturate it. Like you, I ran an open network for years (this was pre DD/Open-WRT, using pebble linux), and saw some pretty crazy stuff. Eventually I got tired of fighting to maintain a fair and usable network and just went encrypted.
However -- this piece and your request for pointers has inspired me to publish my bandwidth sharing and traffic shaping scripts from those days [1], in the hopes that some of the problems can be solved. I really would like to run an open network again, I just need to get things done using my internet connection from time to time. :)
EDIT: I need to have a fresh look at the high bandwidth encrypted / low bandwidth unencrypted setup you mention, because sharing bandwidth across separate network segments seems like it might work.
Pfft. My ISP got two nastygrams from the MPAA for people riding on my open WiFi, and said on the third one they'd shut me down, so secure it immediately.
Set up firewall rules that prevent torrents from coming through on the open network, and do a bunch of other stuff. You can make open access points pretty robust if you're willing to put in the effort.
I had big problems with bittorrent and QoS back when I ran an open network. It's not uncommon for remote seeds to run on an alternate port like 22 or 443 to get past their own firewalls. At that point, you have to do deep packet inspection, and I'm not sure how feasible this is on consumer grade routers.
Hahaha, but more seriously this has been an idea I've thrown around for a while. Really glad people are currently working on stuff like this. Hope it gets big enough (or something like it) to have a mesh network come out of it. Then things will get REALLY interesting.
In the UK something like this exists already, in a limited form: British Telecom has a service called FON which anyone with one of their wifi routers can opt in to for free. When you opt in, you agree to share a limited amount of the bandwidth on your router; in return, you get the ability to connect through the router of anyone else who's opted in.
It doesn't always work quite as well as you might hope - connecting can be a bit of a pain sometimes - but it's a great idea. They've provided a real incentive for people to share their bandwidth.
Is it sufficiently secure if the WiFi is setup with WPA2 TKIP and the SSID and passphrase are set to the same value? By sufficiently secure, I mean one node on the WiFi cannot snoop in on other nodes even for HTTP traffic. What if we all open WiFi SSIDs are set to "Open*" and the passphrase is easily guessable (could be same as the SSID, could be the zipcode, could be just OpenOpenOpen)?
The goal is not to prevent someone some getting on the network but rather to keep all clients separated. Is that possible using existing devices/protocols?
Forgive my ignorance, but are you saying that if I know the key to a WPA-PSK secured network, I can listen in to other connections accessing that same network?
This is the way a normal ethernet network works. Consumers expect it. For instance, I have a printer that connects to my WPA2 network, how else would I print stuff?
> Wired != wireless. One is passively observable, the other isn't.
Not true. Ever heard of promiscuous mode?
> How does the printer having its own encrypted channel prevent it from printing stuff?
It doesn't. You can set up an encrypted channel between your computer and the printer by using a secure printing protocol. The point is that "the network" doesn't provide secure channels between all pairs of clients; it's up to the clients.
Promiscuous mode in a wired network still requires you to physically connect to the network. At best you can use a passive EM detector to see all the traffic on a set of wires, so you don't have to cut them temporarily, but that still requires physical contact, and can only see things which are routed down that cable. For any business that guards its doors and ethernet ports, and has routers/switches instead of hubs, this is pretty much complete security.
For wireless, you... sit up to a few hundred feet away (miles if you have a good parabolic antenna), and run Wireshark. It's entirely passive and undetectable.
The article misses one critical security aspect, which is probably the most important aspect. Security in WiFi is only partially about encrypting the traffic such that no other users in the same WiFi can eavesdrop on your data. Most mail providers offer some sort of encryption (HTTPS, POPS, ...) that can be used to transfer data from the own computer to a server securely.
However, the main security concern with open WiFi networks is that everybody can use them to do anything on the web. The person who runs the hotspot is responsible for the traffic that comes from this hotspot. If someone is using your internet connection to do anything illegal such as downloading child porn or something like that, there's no way to trace that back to the person who uses your WiFi.
The real issue is not about encryption, it is about identifying the users of a WiFi such that it holds strong in court if there are claims and one wants to prove his innocence. And I personally can't think of a secure out-of-the-box and easy-to-use solution that offers exactly that: protection from actions/attacks performed by others in your name over your WiFi without making them register and somehow prove their identity.
In legal regimes where you don't have vicarious liability for any activity short of activity that is authorised or abetted, having an open wifi could actually be a useful legal defence, compared to a situation where even though there is security on your wifi, you either get hacked or someone does something naughty but you're not sure who it was. You'd have a hard time proving this happened, and if you failed, the suspicion falls right back onto you; with open wifi, "ignorance is bliss"; the prosecution would probably have to downright prove it was your doing, because it would be hard for the court not to (rebuttably) presume it was an unknown user. At least in the UK, this is largely the case, though rightsholders have tried to force case law (Brown & ors v Polydor & ors) and legislation (Digital Economy Act 2010) in the direction of harsher vicarious liability.
Good point. So the discussed aspect depends on the country you're in. In Germany, the WiFi operator is held responsible for everything coming from his IP address. This resulted in some very ridiculous court cases in which 70 year old people are accused of downloading music and movies via BitTorrent.
Is there any way that someone could hack you via this setup? Does really WPA2 protects all connected parties when you share your password with everyone?
Something I didn't see mentioned in the piece that I see as THE major hurdle to that noble, if utopian, idea is that more and more ISPs in the US are capping bandwidth (Comcast, AT&T U-Verse to name the biggest ones).
I guess you could have a setting at the router level that could be used to limit the amount of data going through the open part of the WiFi but I still don't think most people would agree to that kind of selfless generosity.
In any case, no such idea can be implemented while the capping issue is left out of the equation.
Same problem here in Aus, except I think things might be a wee bit more competitive here than NZ (judging from when my mate lived there a few years ago). Still it's not enough to make people want to share their tight quotas.
There is currently no WiFi protocol that allows anybody to join the network, while using link-layer encryption to prevent each network member from eavesdropping on the others. But such a protocol should exist.
It boggled my mind, repeatedly, when I discovered that non-password-protected wireless networks don't generate a unique encryption key for each connection. Boggle, I say. Sure, public key cryptography used to be too computationally expensive, but not any more. And even if it were, Diffie-Hellman has been around for quite a while, go ahead and use symmetric keys.
What the hell is wrong with our standards groups? And hardware manufacturers? There are trivial solutions to this, why haven't they pushed them?