[Commotion-admin] [commotion-feed] Serval route signing key in olsr-mdp is static (#16)

[areynold]

**FINDING ID:** iSEC-COMMO13-10

**TARGETS:** The Serval route signing key.

**DESCRIPTION:** The Serval route signing key is static across all Commotion instances. This provides no security, as anyone with the key can publish signed routes that all other routers will accept. The key can either be extracted from the firmware or downloaded on GitHub to be later leveraged by attackers.

Additionally, iSEC is unaware of a method within the web interface to change or rotate these keys. 

**EXPLOIT SCENARIO:** An attacker joins the backhaul wireless mesh network by brute forcing WEP. The attacker generates malicious OLSR route advertisements and signs them with the known secret key. The routers will identify the signature as valid and update their routing tables accordingly, allowing the malicious user to redirect traffic as he sees fit.

**SHORT TERM SOLUTION:** Several options:
* Allow a device administrator to change the key
* Use a key derivation function (KDF) 7 based on the network key

**LONG TERM SOLUTION: Handling secure key generation and distribution is a difficult problem with both technical and UI/UX challenges. Consider policies related to the security level of the router as described in commotion-openwrt issue 23

---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/commotion-feed/issues/16
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20130911/edc12556/attachment.html>