[OpenWireless Tech] My thoughts on deploying a secure mesh network.
Mattias Eliasson
mattias.eliasson at medsa.se
Wed Jul 29 01:42:28 PDT 2015
Hi
For quite some time I've been thinking about how to release Internet
from various problems and now that I found the OpenWireless project I'll
share some of my ideas to see what response I get. I've spent a lot of
time thinking about usability and cost of deployment rather than just
focusing on technical issues. I think that the usability perspective is
very important. The easier it is for users to open up their networks,
the more users will join.
While analysing the technical and security aspect of this idea please
also consider the usability aspect. This idea is very plug and play and
allows for the creation of a router and installable software that will
connect users without additional configuration. Its usage as a flexible
VPN technology alone makes it a free alternative to Cisco:s Dynamic
Multipoint VPN. Of course the latter will require some configuration but
not more than any VPN service. For the network administrator it will
probably be far easier to set up this as a VPN than any traditional
technology.
My suggestion is to make a new network-level protocol that allows for
automatic configuration of mesh networking. Let's call it the CIP,
Cryptographic Internet Protocol. It's inspired by Serval Project’s MDP,
Mesh Datagram Protocol.
Like MDP and other cryptographic protocols like TOR and I2P it relies on
self generated public keys for addressing, and encryption to secure its
contents and provide some degree of anonymity. From MDP we can derive
automatic routing. This makes it fully distributed and "plug and play".
Fast autonomous mesh networking was the main design goal, not anonymity.
Whatever anonymity it provides that’s just a bonus.
My main problem with MDP is that it’s included in the larger “BatPhone”
bundle which is an Android application which makes it hard to implement
in routers and other network-level hardware which is required in order
to make it a fast and very available protocol. As you can guess from my
CIP name choice I think that a network level protocol that exists in
parallel with the IP protocol(s) is the best way to go. Unlike other
cryptographic protocol I suggest keeping it lightweight, easy to
implement at a router/kernel level. Having an OpenWRT implementation is
a necessity in order to perform mass deployment.
In order to utilise existing infrastructures it should be able to send
data on top of IP. For non obscured fast connection there could be a
dictionary where IP endpoints close to the target CIP address can be
looked up. For higher anonymity onion or garlic routing can be used.
This would make CIP both a mesh networking protocol and a high level
protocol like TOR and I2P. The success of CIP would very much depend on
this interoperability.
A complex scenario would be people setting up CIP over IP in LAN:s that
are filtered enough to not support passing such traffic onto the
Internet. In such a case they would be able to leverage existing IP
infrastructure locally but they would need to connect their networks to
the a mesh network to communicate across networks. It becomes even more
complex if there are internet connections somewhere in the mesh network
that can become a shortcut. That’s scenarios that neither MDP nor
TOR/I2P is fully tested in, as neither does both mesh networking and
internet tunneling.
Now that I introduced CIP over IP the next part is IP over CIP. It can
be a powerful way to secure IP traffic, even locally on LAN:s. Here an
IP2CIP directory service would be a simple and secure way to let the IP
stack know where to send packages, similar to ARP on ethernet networks.
Using multiple such directories would be similar to connecting to
multiple VPN:s but more like Cisco’s DMVPN. This should be implemented
in the hosts IP stack for end to end security. Ideally when
communicating over an IP network I would want to lock down my
unprotected IP traffic to just allow CIP over IP and then use IP over
CIP in order to use IP-based software.
When accessing the unprotected internet there could be something similar
to TOR out proxies or commercial VPN services that provides an
anonymized bridge. However I probably eventually would prefer to stop
using non-encrypted communication. A middle road would be to have exit
nodes but only allow encrypted protocols like TLS and SSH to pass, but
that may be a problem because many TLS implementations defaults to
broken ciphers and SSH can easily be configured in an insecure way..
Perhaps the best thing would be the ability to mark a package as
encryption-only and therefore allow the sender's IP stack and local
configuration (firewall) to decide.
My next idea is to bridge gaps in mesh networking/internet by using
DTN-based/like technology by the means of DTN mules in order to extend
internet far beyond the reach of network equipment. Flash drives carried
by mules are so much cheaper than building satellite networks, and field
tests have shown it to work real well. But that’s a higher level project
so I’ll save that for later. :)
//Mattias Eliasson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20150729/8a6dcb83/attachment.html>
More information about the Tech
mailing list