IETF Logo Mail Archive

Re: [saag] Would love some feedback on Opportunistic Wireless Encryption

Stefan Winter <stefan.winter@restena.lu> Fri, 28 August 2015 09:24 UTC

Return-Path: <stefan.winter@restena.lu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5549C1B386E for <saag@ietfa.amsl.com>; Fri, 28 Aug 2015 02:24:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.01
X-Spam-Level:
X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, T_RP_MATCHES_RCVD=-0.01, WEIRD_PORT=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOo-VHZr4ff7 for <saag@ietfa.amsl.com>; Fri, 28 Aug 2015 02:24:50 -0700 (PDT)
Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C81D1B3855 for <saag@ietf.org>; Fri, 28 Aug 2015 02:24:49 -0700 (PDT)
Received: from aragorn.restena.lu (aragorn.restena.lu [IPv6:2001:a18:1:8::155]) by smtprelay.restena.lu (Postfix) with ESMTPS id 2DBA843A65 for <saag@ietf.org>; Fri, 28 Aug 2015 11:24:48 +0200 (CEST)
To: saag@ietf.org
References: <CAHw9_iKt39m+tCHYxN4VuVFkJf65Go_V2x0udOtEn32ke+nrkQ@mail.gmail.com> <20150826170138.GB9021@mournblade.imrryr.org> <CAHw9_iJsg3WLRBW-h3nW14aAHF0f1UTAATRBmy5eR3-hS1QDZw@mail.gmail.com> <DM2PR0301MB0655816443EC6146F639C7DFA8600@DM2PR0301MB0655.namprd03.prod.outlook.com> <CAHw9_iJ1BgYWgdEJHivZeabgPUJ9soOrZr1DdxBiH2k4dquoLg@mail.gmail.com>
From: Stefan Winter <stefan.winter@restena.lu>
Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
X-Enigmail-Draft-Status: N1111
Message-ID: <55E028E0.6080803@restena.lu>
Date: Fri, 28 Aug 2015 11:24:48 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <CAHw9_iJ1BgYWgdEJHivZeabgPUJ9soOrZr1DdxBiH2k4dquoLg@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="5VMnuHXNJ4qcChpRJo0PqrkBiBWg31PPK"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/bKj6wWVB-bn6b3eKeXkEn8O_xIo>
Subject: Re: [saag] Would love some feedback on Opportunistic Wireless Encryption
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Aug 2015 09:24:52 -0000

Hi,

> You are right that there will be some initial legacy issues -- but if
> we can convince Windows 10 Mobile, Apple iOS, and Android willing to
> include support (which seems likely, "support" is trivial - basically
> 1: try the SSID as the passphrase and 2: don't bother showing a lock
> icon)

Or, for wireless sniffing kit of your choice:

1) try to decrypt with the SSID as the password
2) win!

Seriously, this way of encrypting traffic stops only one attacker group:
people with a Wi-Fi card in promiscuous mode who use Wireshark to look
at packets ("us" :-) ).

Everyone with only a /slightly/ serious attitude just continues to do
what they do with their upgraded sniffing gear.

I don't see how this improves security in a significant enough way. And
the cost for it *is* high - convince all OS manufacturers to do
something && convince AP admins to do something.

> we could get the *huge* majority of devices doing this before
> the document is published, and way before CPE starts including the
> button.
> Even for devices that don't get support added -- after I've asked at 3
> coffeeshops what the password is, and they all say "It's the same as
> the network name..." I'm likely to start trying the network name if
> the SSID name sounds like it may be open (e.g is the name of the
> establishment, contains -guest, -public, or better yet, -owe).

Funny: right now, an attacker would need to go to the shop to get that
same information. In your future deployment, the binding of SSID to
passphrase comes automatically.

(Besides, my guess is that sniffing gear today probably tries the SSID
as a passphrase anyway - simply because it is rather common).

So, what exactly are we winning with this approach?

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

v2.23.0 | Report a Bug | By Email