Atheros ad-hoc demo mode and encryption?

24 views
Skip to first unread message

Bill

unread,
Jan 2, 2008, 9:06:16 PM1/2/08
to OpenSourceMesh
At present the open-mesh/RO.B.IN mesh nodes are communicating on an
open wireless interface ( ath0 ), has anyone tried adding encryption
to this adhoc interface?

Some useful information might be found here:
http://www.linuxforums.org/forum/debian-linux-help/60811-problem-setting-up-wep-wpa-adhoc-mode.html

It was mentioned by GuyJ that the LW MeshAP used an ipsec tunnel back
to the gateway node to secure traffic, but the cpu overhead would be
unacceptable here. I know that for broadcom devices like the linksys
wrt actually do WPA-AES encryption in hardware which might also be the
case for the Atheros devices.

Bill

unread,
Jan 2, 2008, 9:42:50 PM1/2/08
to OpenSourceMesh
further reading does suggest there is a problem:
http://madwifi.org/ticket/1306
http://readlist.com/lists/shmoo.com/hostap/0/603.html


Would Lazy WDS links be a better approach than ad-hoc?

802.11s as used by the XO laptop is based around wds:
http://en.wikipedia.org/wiki/IEEE_802.11s

With the availability of application level encryption maybe i should
not be so worried! but there are plenty of protocols which are still
insecure, SIP/VoIP to name just one.

Richie Jarvis

unread,
Jan 3, 2008, 8:17:29 AM1/3/08
to opensou...@googlegroups.com
Hi Bill,

To be honest, I've never seen the point of having encryption on the
node-node links. The reason being that as these devices are essentially
providing an internet connection, which is insecure itself. As you
point out, the solution is to use encrypted application protocols.

Saying all that, my personal preference if we do wish to provide
encryption on the node-node links would be to use openvpn, which is
essentially a VPN using OpenSSL. It also removes all the problems with
IPSEC by being an application level VPN, and is much much easier to
setup. I've been using OpenVPN for my personal VPN, and my work
connection to our datacentre for quite a while, and it works really well.

The nodes should also be able to handle OpenVPN encryption without too
much issue, as they can quite easily handle HTTPS already.

I think the biggest hurdle we have right now is providing authentication
on the nodes.

Cheers,

Richie


Bill

unread,
Jan 5, 2008, 5:27:34 PM1/5/08
to OpenSourceMesh
Sorry, you are totally right.

My only concern was really to do with wireless network sabotage, but
i've realized 2 things. I don't think channel encryption would
actually help sort out my concern of sabotage and secondly in all
reality is the network really going to be hacked around by anyone.

The mesh interface has beacons disabled so average Jo will not even
see the ad-hoc mesh, just the public and private access points.

Thanks,
Bill
Reply all
Reply to author
Forward
0 new messages