IT GRaCkle #3 Secure Open Wireless Access
powers-old-account 270000NC1K Visits (1941)
Tom Cross talks about the Secure Open Wireless Access prototype.
My guest is Tom Cross,
Manager of X-Force strategy and Threat Intelligence
Visit the Frequency X Blog to read more about the work his group does.
-- Announcement for Black Hat 2011
Presented a paper, presentation, and prototype code on Linux for a new wireless access protocol you are calling Secure Open Wireless Access(SOWA)
Frequency X Blog post with links to the paper, presentation, and code.
What is the Secure Open Wireless Protocol?
Open Wireless addresses fundamental security problems with open
wireless networks by allowing users to establish secure, encrypted
connections to wireless networks run by operators who they know and
trust, without having a previously established access credential."
-- Problem 1: How do you trust a wireless access point?
can name an SSID anything. Example, Bad Guy puts a my wifi access point
in a Starbucks and labels in "Starbucks". Pretty soon everyone in the
coffee shop is connected to his access point. The Bad guy can then lure
people in to divulging credit card numbers by making them think they are
logging on to a pay access point. There are places where people can by
"rogue access points in a box" to do exactly this.
-- Problem 2: Encrypting Without Credentials
The whole point of an open wi-fi access point is to allow anyone to connect.
Requiring everyone who wants to connect to have a credential like an ID/Password,before connecting is usually impossible because either the access point is unattended or it is managed by a clerk / customer service rep who is busy serving customers. So usually the access points are configured to not require encryption.
The problem with that, is that other machines connected to access point can snoop on the traffic. E.g. Firesheep.
-- Fixing The Trust Problem
Use same techniques that are used in https protocol.in HTTPS, the server presents a public certificate to the browser. The browser verifies the certificate as being valid and coming from a known, trusted certificate authorty.
Then the client encrypts a randomly generated secret using the public key in the certificate.
If the server is really who it says it is, it can decrypt the randomly generated secret key. The secret key is used to generated another key that's used to encrypt the data in the http session.So to fix the problem with not being able to trust the SSID, you apply the same type of protocol and the same type of public/private key encrytion
1) associate a certificate with an SSID name.
2) when a laptop or mobile device connects, the access point and the laptop's wireless access software go through a protocol very similar to the https protocol to enable the laptop to verify the identity of the access point. If the access point is a rogue access point, it will not have access to the private key and will not be able to complete the protocol.
-- Fixing the Encrypting without CredentialsProblem
In addition to letting the client authenticate the server, the SSL protocol also provides a way for the two ends to negotiate an agreed upon encryption protocol and securely generate a session key that only they know. At the conclusion of the protocol, they start encrypting the traffic with their session key. This creates a unique secure communication channel between the browser and the web server.
SOWA uses a very similar protocol to enable the wireless access sofware on the laptop to negotiate a secure session key to use for encryption so that other machines on the access point can't determine because they don't have access to the private key either.--State of SOWA
Prototype implementation available for anyone to download.
Work on getting Open Access providers to get certificates for their SSIDs.
Work on getting client wireless access software to support the authentication of the SSID using the SOWA protocol.
The call of the grackle was contributed to the public domain by G. McGrane and is hosted in the WikiCommons. This podcast is hosted by IBM developerWorks but the opinions expressed are only those of the hosts and guests.