Open Wireless and the Illusion of Security

Bruce Schneier is something of a legend in the computer security community. He's the author of the classic, oft-cited 1994 book Applied Cryptography, as well as several well-known cryptography algorithms.

This is a companion discussion topic for the original blog entry at:

I would think that if your ISP ever accused you of violations in the terms of service, you would certainly like to know if it were you and not some nosy teenager within range running a bunch of Pirate Bay seeds.

My router should configured with some level of security to disprove negligence on my part. With a layer of security in place, however superficial, I can say that someone had to hack into my network. This, I argue, stands to relieve me of responsibility of that person’s actions. I don’t want the RIAA or MPAA coming after me. :slight_smile:

If you choose WEP, you have effectively chosen to run an open wireless network. There’s no difference.
I disagree, computer security as such doesn’t exist, it is an illusion, and if you don’t know that, that is the first problem and biggest problem you have

ALL you can do is raise the bar as high as you can, and as weak as WEP can be, it does prevent most people from connecting, and for most people that’s the only purpose

For me, protecting my wireless connection is necessary simply because of the RIAA and MPAA. The thought of being sued for thousands of dollars just because I was too lazy to password protect my WiFi router, makes me quite sad and mad at the same time.

I have already received a warning from my ISP because someone was using my unprotected WiFi connection to download WinXP. After that email, I locked down my router and that, they say, was that.

not subverting the security of your encryption itself

He didn’t say the encryption is crackable. He said the network is, which is true, as you admit yourself. Anybody even remotely involved with security will tell you that these days, encryption is rarely being broken by attacking the algorithm itself – it’s waste of time, implementations are often so poor you’re better off attacking weaknesses in the implementation (or, of course, simply confusing people into giving you the access you needed).

I’d say the blame should go to who ever designed such an unusable security system for Wifi.

In a context like corporation network, manned with an army of system administrators, current way of managing wifi network security makes perfect sense. Some security guru makes a decision to use this or that encryption, mandates that its passwords shall be 300 characters long Klingon haikus, and sends his henchadmins to configure all company devices accordingly.

Meanwhile I have exactly one laptop, one wireless router and no spare system administrators to set them up. Since I have physical access to both my laptop and my router, why can’t I just push a button on both to make them seek each other and negotiate an encryption and its password. Something similar already works fine on Bluetooth, just otherwise poorly designed, but the basic idea is good.

Obviously that sort of system wouldn’t replace the flexibility of just writing a network password for unaccessible routers. but it would eliminate configuration difficulties on private routers.

With an open network, the RIAA or MPAA are the least of your worries. All it takes is one freeloader hitting a child pornography site with your IP address to ruin your life. By the time you prove it wasn’t you (assuming you even can), the damage has been done. That, more than anything else, is reason to lock down your network.

As for for the DS - they sell a USB Wifi adapter for it; you can plug that into your PC and bridge the connection, allowing you to use WPA for the rest of your network.

For that matter, add a MAC filter and turn off SSID broadcasting; they’re trivial measures to beat, but every little roadblock pushes the freeloaders toward your (easier to exploit) neighbors.

Mac whitelisting is a false sense of security. It is easily possible to change the mac-address of a device (in software). And the mac is in the unencrypted part of a wifi-packet. Therefore you only need to capture one packet to get a valid, whitelistet mac.

Any cryptographic, social or physical lock is always best attacked and defeated at the weakest point.

Failure of security is (almost) always due to the squishy bits found between keyboards and monitors. Attack there.

Example: You generated a 8192 bit private/public key pair, and then applied a password to that private key for its protection. Fine, breaking the generated key would presently require eternity or quantum computing (barring algorithmic flaws). But, the fact that the private key password is your pet dog’s name, just because it’s easy to remember and to type for you … well, as soon as someone gets your ‘password protected’ private key file by whatever means, the squishy bit which decided to use your pet dog’s name has ensured that the locks protected by it will be compromised in short order.

To try to combat this, the logic which is (and should be) applied is one of an onion skin. It’s not a single layer which will protect you, but multiple layers, each (unfortunately) with their own squishy bits. Any one of these layers may be ‘broken’ in sequence, but it is the depth of these layers which will keep you (as best as can be hoped for) secure. A critical fact which many miss, is that each of these layers also needs to be independent and distinct from each other in order to be effective. Chaining the ‘locks’ is all too common, and often once the first key is in the lock, all other tumblers fall easily.

Using the example of Wireless Security:

For a personal home user, they could readily set up difficult to break security with relatively inexpensive equipment - i.e. just a suitable Wireless Router and a (PC based) firewall.

Configure Wireless Router to WPA-PSK appropriately.
Apply MAC filtering to only permit specific devices to connect to the Router.
Disable DHCP and use fixed IP addresses (just because we can).
Connect it to the firewall and create a Blue(Wireless) Network interface.
Only permit the MAC address of the Wireless Router for Blue Access.
Configure the firewall to only permit a VPN tunnel from Blue(Wireless) to Green(Internal).
Generate the corresponding key pair for the VPN access requirements.
Protect the internal machines (Windows/Linux) with suitable network access requirements (Domain/Workgroup/Usernames/Passwords/etc.)

From the onset, it would appear that we have to break, in order, WPA-PSK, then the Routers MAC filtering, then determine the network address range, then the firewall MAC filtering, then the firewall VPN tunnelling, then the target machine security … sounds hard, and it would be.

However, examine the actual ‘lock’ usage case of the (assumed) ‘squishy bit’ user’s laptop … which was left sitting on the desk …

Open the door, smash a window, use social engineering, whatever means for access …

(Domain/Machine) Logon Password = pet dog’s name.

The laptop will then log in, auto-connect to the wireless network (saved configuration), run up the VPN connection, and use the (already supplied or saved) password to connect to the network shares and/or domain, regardless of the WPA-PSK and VPN passwords chosen, or the length of VPN Keys used.

Impossible to crack locks have all tumbled in order. One very weak password, and we’re done.

The locks broken in this case were the physical access lock and the social lock (squishy could choose the domain/machine password), which are often not considered.

Then again, maybe it was already left on the desk, logged on … wouldn’t that have been the ultimate in easy?

If you believe every potential entry point is hostile, then the onion skin method makes it as dificult as possible. Unfortunately, it’s the best you can do, when dealing with squishy bits.

Never leave the locks unattended when unlocked.
Never chain your locks, for any reason.
And never, ever use weak locks (passwords).

As E.Z. just pointed out, you only have to be more secure than your neighbors are. It’s like the old joke about not having to be able to outrun the mountain lion. You only need to be able to outrun your buddy.

The only reason I use WEP is to stop someone from stumbling on to my wifi and stealing my bandwidth. WEP and simple passcode is enough to keep 99.9% out, for that 0.1%, using WPA or other would makes little difference.

Sounds like a job for KeePass.

Try entering a 33 character password on an AppleTV using that crappy remote with the on-screen keyboard :frowning:

European old built house helps better : walls are so thick the signal hardly leaks outside :slight_smile: :slight_smile: Back to basics back to physics.

And for the record, I have been working in a famous bank. Its very secure unusable authentification system was down for one day : the QA team forgot to renew the security certificate in time, they discovered it in the morning when 15000 could not log in.

Security relies on the fact there is a chain of competent people doing their job correctly ; the longer the chain, the weaker the chain, especially when security guru claim another complicated tool that elongates the chain is needed to enforce it.

Am I the only one here thinking that major one threat in security are security gurus ?

I don’t know where you get the Experts recommend you shoot for a 33 character passphrase bit from. The page you cite talks about

[…] passphrases longer than 20 characters are needed to start deterring attacks.

Anyway, a really good way to create good passphrases that you still can remember is Diceware

treating computer security as a problem that can be solved with increasingly clever cryptography algorithms
I’m not ok with him in this point, cryptography is one way and I think we could find others better solutions


I agree completely … squishies are the problem. No matter how many layers, no matter how good the technology … one bad squishy and everything collapses.

Social, physical or cryptographic locks … leave any one unlocked or weak, and that’s where to go attack …

A competent ‘guru’ is one who considers everything, and tries to spot the problems without introducing unnecessary complexity to hide the true issue. (i.e. protecting a 4096 Bit key with a dictionary word, unencrypted laptops, auto-login, auto-connect, auto … anything)

Anywho … leaving a WiFi network open is equivalent to inviting others to steal from you (bandwidth), to implicate you (copyrighted content), to become you (identity theft), to damage you (malicious destruction), to finance them (botnet, zombie, spam), to … well, you get the picture. :slight_smile:

WEP is fine for me. I don’t think many of the chavs in this area have the intelligence necessary to gain access to my network…

Since I live in a less populated area (my neighbors’ houses are about 100 feet away in either direction), I don’t have many problems with people showing up on my network (I got in the habit of checking the logs fairly regularly and banning mac addresses of my neighbors just so they didn’t accidentally log in to my network when I lived in a townhouse). People parked in the street will generally be approached by someone asking if they’re lost or making sure they’re not up to something.

It comes down to the same idea as not having virus scans running in the background on your computer. If you pay attention to the environment you generally won’t have these types of problems.

Of course, if you’re in a hostile environment, there’s no reason not to take measures to secure yourself, or at least make yourself a less likely target than someone else. If I don’t know my neighbors, there are a lot of them, or no one bothers approaching the guy in the strange car parked out front, it’s probably a good idea to at least put a couple of roadblocks on the access point, and make sure you have a good lock on the door while you’re at it.

The problem with WEP is that it’s the only connection option available on my Nintendo DS. DS vs secure network… dude, that’s a tough choice.