[OpenWireless Tech] My thoughts on deploying a secure mesh network.

Mattias Eliasson mattias.eliasson at medsa.se
Wed Jul 29 01:42:28 PDT 2015 

Hi


For quite some time I've been thinking about how to release Internet 
from various problems and now that I found the OpenWireless project I'll 
share some of my ideas to see what response I get. I've spent a lot of 
time thinking about usability and cost of deployment rather than just 
focusing on technical issues. I think that the usability perspective is 
very important. The easier it is for users to open up their networks, 
the more users will join.


While analysing the technical and security aspect of this idea please 
also consider the usability aspect. This idea is very plug and play and 
allows for the creation of a router and installable software that will 
connect users without additional configuration. Its usage as a flexible 
VPN technology alone makes it a free alternative to Cisco:s Dynamic 
Multipoint VPN. Of course the latter will require some configuration but 
not more than any VPN service. For the network administrator it will 
probably be far easier to set up this as a VPN than any traditional 
technology.


My suggestion is to make a new network-level protocol that allows for 
automatic configuration of mesh networking. Let's call it the CIP, 
Cryptographic Internet Protocol. It's inspired by Serval Project’s MDP, 
Mesh Datagram Protocol.


Like MDP and other cryptographic protocols like TOR and I2P it relies on 
self generated public keys for addressing, and encryption to secure its 
contents and provide some degree of anonymity. From MDP we can derive 
automatic routing. This makes it fully distributed and "plug and play". 
Fast autonomous mesh networking was the main design goal, not anonymity. 
Whatever anonymity it provides that’s just a bonus.


My main problem with MDP is that it’s included in the larger “BatPhone” 
bundle which is an Android application which makes it hard to implement 
in routers and other network-level hardware which is required in order 
to make it a fast and very available protocol. As you can guess from my 
CIP name choice I think that a network level protocol that exists in 
parallel with the IP protocol(s) is the best way to go. Unlike other 
cryptographic protocol I suggest keeping it lightweight, easy to 
implement at a router/kernel level. Having an OpenWRT implementation is 
a necessity in order to perform mass deployment.


In order to utilise existing infrastructures it should be able to send 
data on top of IP. For non obscured fast connection there could be a 
dictionary where IP endpoints close to the target CIP address can be 
looked up. For higher anonymity onion or garlic routing can be used. 
This would make CIP both a mesh networking protocol and a high level 
protocol like TOR and I2P. The success of CIP would very much depend on 
this interoperability.


A complex scenario would be people setting up CIP over IP in LAN:s that 
are filtered enough to not support passing such traffic onto the 
Internet. In such a case they would be able to leverage existing IP 
infrastructure locally but they would need to connect their networks to 
the a mesh network to communicate across networks. It becomes even more 
complex if there are internet connections somewhere in the mesh network 
that can become a shortcut. That’s scenarios that neither MDP nor 
TOR/I2P is fully tested in, as neither does both mesh networking and 
internet tunneling.


Now that I introduced CIP over IP the next part is IP over CIP. It can 
be a powerful way to secure IP traffic, even locally on LAN:s. Here an 
IP2CIP directory service would be a simple and secure way to let the IP 
stack know where to send packages, similar to ARP on ethernet networks. 
Using multiple such directories would be similar to connecting to 
multiple VPN:s but more like Cisco’s DMVPN. This should be implemented 
in the hosts IP stack for end to end security. Ideally when 
communicating over an IP network I would want to lock down my 
unprotected IP traffic to just allow CIP over IP and then use IP over 
CIP in order to use IP-based software.


When accessing the unprotected internet there could be something similar 
to TOR out proxies or commercial VPN services that provides an 
anonymized bridge. However I probably eventually would prefer to stop 
using non-encrypted communication. A middle road would be to have exit 
nodes but only allow encrypted protocols like TLS and SSH to pass, but 
that may be a problem because many TLS implementations defaults to 
broken ciphers and SSH can easily be configured in an insecure way.. 
Perhaps the best thing would be the ability to mark a package as 
encryption-only and therefore allow the sender's IP stack and local 
configuration (firewall) to decide.


My next idea is to bridge gaps in mesh networking/internet by using 
DTN-based/like technology by the means of DTN mules in order to extend 
internet far beyond the reach of network equipment. Flash drives carried 
by mules are so much cheaper than building satellite networks, and field 
tests have shown it to work real well. But that’s a higher level project 
so I’ll save that for later. :)


//Mattias Eliasson

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20150729/8a6dcb83/attachment.html>

More information about the Tech mailing list