[OpenWireless Tech] Open secure wireless
Christopher Byrd
chris at riosec.com
Thu Jun 18 14:22:02 PDT 2015
WPA-Enterprise requires a private key on the authentication server, but the
AS doesn't have to run on the access point. In a distributed scenario like
a community network, it's likely there would be a centralized AS. If you
use good practices and don't use the same RADIUS key for all routers, then
loosing one AP would likely compromise only sessions on that AP. The
exception here is if fast credential roaming (like 802.11r) is used, in
which case other sessions may be cached on the AP as well. Some distributed
wireless systems use a lightweight AP and centralized controller (split-MAC
architecture); in those instances not much of value (other than the
hardware) is lost when an AP is compromised.
Christopher
On Thu, Jun 18, 2015 at 2:55 AM, Russell Senior <russell at personaltelco.net>
wrote:
> Does this idea require a keeping a private key on the router? If so,
> that's a problem, since routers are often quite vulnerable to physical
> access. If an entire community network relied on a single certificate
> for authentication across all of their infrastructure (based on their
> extended SSID), then losing one AP could mean complete compromise.
>
> On Thu, Jun 18, 2015 at 12:18 AM, Diderik van Wingerden
> <diderik at think-innovation.com> wrote:
> > Hi Mitar,
> >
> > Thanks for sharing. I am no expert on the subject, but it sounds like a
> > great addition to open wireless (and wireless networking in general). So
> > would it be possible to implement this in LibreCMC (or OpenWRT) for
> > example? And would it then require something on the client's end? Like a
> > new driver or certificate, as you mention? I mean, the solution would of
> > course be adopted much faster if a client install/config of some sort
> > would not be necessary, or at least be super easy.
> >
> > best regards,
> > Diderik
> >
> >
> > On 17-06-15 21:00, tech-request at openwireless.org wrote:
> >> Send Tech mailing list submissions to
> >> tech at openwireless.org
> >>
> >> To subscribe or unsubscribe via the World Wide Web, visit
> >> https://srv1.openwireless.org/mailman/listinfo/tech
> >> or, via email, send a message with subject or body 'help' to
> >> tech-request at openwireless.org
> >>
> >> You can reach the person managing the list at
> >> tech-owner at openwireless.org
> >>
> >> When replying, please edit your Subject line so it is more specific
> >> than "Re: Contents of Tech digest..."
> >>
> >>
> >> Today's Topics:
> >>
> >> 1. Open secure wireless (Mitar)
> >>
> >>
> >> ----------------------------------------------------------------------
> >>
> >> Message: 1
> >> Date: Wed, 17 Jun 2015 04:33:16 -0700
> >> From: Mitar <mmitar at gmail.com>
> >> To: tech at openwireless.org
> >> Subject: [OpenWireless Tech] Open secure wireless
> >> Message-ID:
> >> <
> CAKLmikP830_XKz2aAiW0wpD7fAOS+OZGUG46sOBC1fG8JHGXHw at mail.gmail.com>
> >> Content-Type: text/plain; charset=UTF-8
> >>
> >> Hi!
> >>
> >> Reading this old post:
> >>
> >> https://www.eff.org/deeplinks/2011/04/open-wireless-movement
> >>
> >> I wanted to point some research done on this some time ago:
> >>
> >> http://www.riosec.com/articles/Open-Secure-Wireless
> >>
> http://www.riosec.com/articles/Open-Secure-Wireless/Open-Secure-Wireless.pdf
> >>
> >> And also some progress:
> >>
> >> http://www.riosec.com/articles/open-secure-wireless-20
> >>
> >> If you are not doing that already, I think EFF should get on board of
> >> supporting those changes to the standard.
> >>
> >> (BTW, originally, as presented in 1.0 paper, WiFi standard does allow
> >> open and secure connections, just no operating system really
> >> implements it because they all first prompt for the password, before
> >> trying to connect to the encrypted WiFi network to figure out the
> >> password is really required.)
> >>
> >>
> >> Mitar
> >>
> >
> > --
> > Warm regards, hartelijke groet,
> >
> > Diderik van Wingerden
> > +31621639148
> > http://www.think-innovation.com/
> >
> > "Do what is right."
> >
> > _______________________________________________
> > Tech mailing list
> > Tech at openwireless.org
> > https://srv1.openwireless.org/mailman/listinfo/tech
> _______________________________________________
> Tech mailing list
> Tech at openwireless.org
> https://srv1.openwireless.org/mailman/listinfo/tech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20150618/aa4b2479/attachment.html>
More information about the Tech
mailing list