[Commotion-dev] What would you do with the USB port on your Commotion access point?

Ben West ben at gowasabi.net
Tue Feb 12 04:16:55 UTC 2013 

Leading on Josh's excellent suggestion for attaching an entropy key to an
access point's spare USB port (whether TP-Link, Buffalo, or some other USB
capable device), what are thoughts about using a *single* such entropy key
within a mesh to improve the entire mesh's encryption strength?

That is, imagine a mesh which begins with no encryption (whether IBSS-RSN
on the adhoc or WPA2 on the virtual APs).  Now, add a single TP-Link box
with the entropy key to the mesh.  Next, systematically use the output of
that key to regenerate the DSA hostkeys of all nodes w/in the mesh
(administered via SSH sessions).  Then turn on IBSS-RSN on the adhoc mesh,
along with WPA2 on all nodes' virtual access points, again using the output
of the entropy key.  Next, have all nodes regenerate their hostkeys *again*,
and the iterate so forth until an appealing degree encryption has been
reached.  At this point, the nodes then could mutually adhere to a regular
schedule of renewing their WPA2 and RSN keys.

Whenever an event occurs where the mesh's security have been deemed
compromised (e.g. an unknown MAC address joins the IBSS-RSN encrypted
mesh), all mesh users could be alerted of this event, the mesh could switch
to 'insecure' mode, and this process of renewing all keys could start from
scratch.

Such a scheme would still have the fundamental weakness that having an
"untrusted" node within the mesh at t = 0 undermines any subsequent effort
at maintaining security via encryption, and really this limitation is going
to be inherent to the social nature of a community mesh.  However, could an
automated, mesh-wide process of repeatedly renewing nodes' encryption keys
using the output of a single device like the entropy key still yield a
usable degree of encryption?

On Wed, Jan 23, 2013 at 8:22 AM, Josh King <jking at chambana.net> wrote:

> Probably an Entropy Key or other RNG for stronger crypto?
>
> http://www.entropykey.co.uk/
>
> On Wed 23 Jan 2013 09:09:55 AM EST, Dan Staples wrote:
> > A USRP for OpenBTS! Although I doubt a router has the processing power
> > needed to encode voice data and the like... A HackRF would also be a
> > great peripheral to use once those are publicly available:
> > http://ossmann.blogspot.com/2012/06/introducing-hackrf.html.
> >
> > I currently have a router with a USB port, that I run DD-WRT on. I have
> > a 250GB HDD plugged into it, which I use for automated backups of a
> > website I run, plus a SFTP server. A USB port was a deciding factor in
> > the router I decided to buy...It's an ASUS WL-520GU. But I could also
> > see a 3G dongle as a big appeal for a USB port.
> >
> > Another idea is to use a USB drive as a crypto device. Insert the USB
> > flash drive to unlock a keyring or some private key material. That would
> > be an easy way to deploy multiple routers on a network that need to use
> > a common encryption key(s).
> >
> > Dan
> >
> > On Wed 23 Jan 2013 03:46:25 AM EST, Christian Huldt wrote:
> >>
> >> Ben West skrev 2013-01-22 22:15:
> >>>
> >>>
> >>> What could this USB port do for you?
> >>>
> >>> - Filesystem for squid proxy? (Probably not very practical)
> >>> - 3G/4G modem for Internet gateway?
> >>> - USB sound adapter for streaming MP3 applications?
> >>> - Control this desktop rocket launcher
> >>> http://www.thinkgeek.com/product/8a0f/ ?
> >>
> >>
> >> 3G/4G modem and/or a tellstick to control some equipment
> >> http://www.telldus.se/products/tellstick
> >>
> >>
> >> _______________________________________________
> >> Commotion-dev mailing list
> >> Commotion-dev at lists.chambana.net
> >> https://lists.chambana.net/mailman/listinfo/commotion-dev
> >>
> >> --
> >> Dan Staples
> >>
> >> Open Technology Institute
> >> https://commotionwireless.net
> > _______________________________________________
> > Commotion-dev mailing list
> > Commotion-dev at lists.chambana.net
> > https://lists.chambana.net/mailman/listinfo/commotion-dev
> >
>
> --
> Josh King
>
> "I am an Anarchist not because I believe Anarchism is the final goal,
> but because there is no such thing as a final goal." -Rudolf Rocker
>
>
> _______________________________________________
> Commotion-dev mailing list
> Commotion-dev at lists.chambana.net
> https://lists.chambana.net/mailman/listinfo/commotion-dev
>
>


-- 
Ben West
http://gowasabi.net
ben at gowasabi.net
314-246-9434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-dev/attachments/20130211/67ad8fee/attachment-0001.html>

More information about the Commotion-dev mailing list