1 / 12

Opportunistic Wireless Encryption

Opportunistic Wireless Encryption. Authors:. Date: 2015-09-13. Abstract. This submission presents an idea for addressing a problem with public wi-fi hotspots. The Situation. Wireless Internet access as an entitlement– “ oh, no wi-fi, let ’ s go somewhere else ”

bburger
Download Presentation

Opportunistic Wireless Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Dan Harkins, Aruba Networks (an HP company) Opportunistic Wireless Encryption Authors: • Date: 2015-09-13

  2. Dan Harkins, Aruba Networks (an HP company) Abstract • This submission presents an idea for addressing a problem with public wi-fi hotspots

  3. Dan Harkins, Aruba Networks (an HP company) The Situation • Wireless Internet access as an entitlement– “oh, no wi-fi, let’s go somewhere else” • Coffee shop, bar, or restaurant wants to offer patrons “free wi-fi” • They want to provide a service but don’t want it to be a pain to configure or use • They want to provide some notion of both service and security to customers

  4. Dan Harkins, Aruba Networks (an HP company) The Problem • Perpetual battle: Security vs Ease-of-Use • They want it to be easy-to-use • Don’t bug the staff too much– “no I said the L is capital” • Don’t irritate the customer– “wait, what? say that again” • Don’t require specialized knowledge– “what’s an EAP method? How do I configure an ‘anonymous identity’?” • They want some notion of security • Want it to be better-than-nothing security • Don’t want to have to get/generate/install a certificate • Secure access by patrons has to scale (see easy-to-use) • Result: Both sides lose

  5. FAIL Dan Harkins, Aruba Networks (an HP company)

  6. Dan Harkins, Aruba Networks (an HP company) The Solution? OWE • Make it simple to provision– just switch it on • Make it virtually impossible to misconfigure– no user entry required • Make public wi-fi “suck less” than it does when using a shared PSK • Raise the bar that is necessary to perform pervasive monitoring just a bit higher • OWE is an outgrowth of an IETF BOF on improving the captive portal experience

  7. Dan Harkins, Aruba Networks (an HP company) IETF Proposal • https://tools.ietf.org/html/draft-wkumari-owe-00 • Network appears “open” to the user (no lock icon), uses a Vendor Specific Element in beacons and probe responses to indicate OWE • After association in an OWE network, STA and AP do the PSK authentication using the SSID as the password • Upside • No need to explain/enter anything, just works • Code changes AP side are trivial; STA side, manageable • Downside • Inherits all the security problems of shared PSK • Publicly advertises the PSK so arguably worse!

  8. Dan Harkins, Aruba Networks (an HP company) My Proposal • Don’t do it in the IETF, let’s do it here • AP advertises an OWE AKM • When associating to an SSID with OWE include Diffie-Hellman exponentials in (Re)Associate Request and Resonse • STA and AP perform Diffie-Hellman, use shared secret to derive a PMK • Use this (truly pairwise) PMK with 4-way HS

  9. Dan Harkins, Aruba Networks (an HP company) Benefits • More secure than a shared PSK • Not susceptible to passive attack • All those tools downloadable from Internet to crack PSKs won’t work! • Easier to set-up than PSK • Nothing to provision or describe, no user error • Easier to use by customers • Absolutely nothing needed to do! It just works. • Makes pervasive monitoring harder • Easier to use plus better security! Winner, winner!

  10. Dan Harkins, Aruba Networks (an HP company) ขอขอบคณ ุ Thank You!

  11. Dan Harkins, Aruba Networks (an HP company) Questions?

  12. Dan Harkins, Aruba Networks (an HP company) OWE Straw Poll • Option 1: Good idea, we should do it! • Option 2: Bad idea, let the IETF do it! • Option 3: I was reading my email and not paying attention, sorry.

More Related