[Commotion-dev] What would you do with the USB port on your Commotion access point?

Dan Staples danstaples at opentechinstitute.org
Fri Feb 22 21:49:49 UTC 2013 

That's an interesting (and complicated) idea! :)

Would the risk of relying on a single node for entropy outweigh the 
limitations of having individual nodes generate their own keys with 
less-than-ideal entropy?

On Mon 11 Feb 2013 11:16:55 PM EST, Ben West wrote:
> Leading on Josh's excellent suggestion for attaching an entropy key to
> an access point's spare USB port (whether TP-Link, Buffalo, or some
> other USB capable device), what are thoughts about using a /single/
> such entropy key within a mesh to improve the entire mesh's encryption
> strength?
>
> That is, imagine a mesh which begins with no encryption (whether
> IBSS-RSN on the adhoc or WPA2 on the virtual APs).  Now, add a single
> TP-Link box with the entropy key to the mesh.  Next, systematically
> use the output of that key to regenerate the DSA hostkeys of all nodes
> w/in the mesh (administered via SSH sessions).  Then turn on IBSS-RSN
> on the adhoc mesh, along with WPA2 on all nodes' virtual access
> points, again using the output of the entropy key.  Next, have all
> nodes regenerate their hostkeys /again/, and the iterate so forth
> until an appealing degree encryption has been reached.  At this point,
> the nodes then could mutually adhere to a regular schedule of renewing
> their WPA2 and RSN keys.
>
> Whenever an event occurs where the mesh's security have been deemed
> compromised (e.g. an unknown MAC address joins the IBSS-RSN encrypted
> mesh), all mesh users could be alerted of this event, the mesh could
> switch to 'insecure' mode, and this process of renewing all keys could
> start from scratch.
>
> Such a scheme would still have the fundamental weakness that having an
> "untrusted" node within the mesh at t = 0 undermines any subsequent
> effort at maintaining security via encryption, and really this
> limitation is going to be inherent to the social nature of a community
> mesh.  However, could an automated, mesh-wide process of repeatedly
> renewing nodes' encryption keys using the output of a single device
> like the entropy key still yield a usable degree of encryption?
>
> On Wed, Jan 23, 2013 at 8:22 AM, Josh King <jking at chambana.net
> <mailto:jking at chambana.net>> wrote:
>
>     Probably an Entropy Key or other RNG for stronger crypto?
>
>     http://www.entropykey.co.uk/
>
>     On Wed 23 Jan 2013 09:09:55 AM EST, Dan Staples wrote:
>     > A USRP for OpenBTS! Although I doubt a router has the processing
>     power
>     > needed to encode voice data and the like... A HackRF would also be a
>     > great peripheral to use once those are publicly available:
>     > http://ossmann.blogspot.com/2012/06/introducing-hackrf.html.
>     >
>     > I currently have a router with a USB port, that I run DD-WRT on.
>     I have
>     > a 250GB HDD plugged into it, which I use for automated backups of a
>     > website I run, plus a SFTP server. A USB port was a deciding
>     factor in
>     > the router I decided to buy...It's an ASUS WL-520GU. But I could
>     also
>     > see a 3G dongle as a big appeal for a USB port.
>     >
>     > Another idea is to use a USB drive as a crypto device. Insert
>     the USB
>     > flash drive to unlock a keyring or some private key material.
>     That would
>     > be an easy way to deploy multiple routers on a network that need
>     to use
>     > a common encryption key(s).
>     >
>     > Dan
>     >
>     > On Wed 23 Jan 2013 03:46:25 AM EST, Christian Huldt wrote:
>     >>
>     >> Ben West skrev 2013-01-22 22:15:
>     >>>
>     >>>
>     >>> What could this USB port do for you?
>     >>>
>     >>> - Filesystem for squid proxy? (Probably not very practical)
>     >>> - 3G/4G modem for Internet gateway?
>     >>> - USB sound adapter for streaming MP3 applications?
>     >>> - Control this desktop rocket launcher
>     >>> http://www.thinkgeek.com/product/8a0f/ ?
>     >>
>     >>
>     >> 3G/4G modem and/or a tellstick to control some equipment
>     >> http://www.telldus.se/products/tellstick
>     >>
>     >>
>     >> _______________________________________________
>     >> Commotion-dev mailing list
>     >> Commotion-dev at lists.chambana.net
>     <mailto:Commotion-dev at lists.chambana.net>
>     >> https://lists.chambana.net/mailman/listinfo/commotion-dev
>     >>
>     >> --
>     >> Dan Staples
>     >>
>     >> Open Technology Institute
>     >> https://commotionwireless.net
>     > _______________________________________________
>     > Commotion-dev mailing list
>     > Commotion-dev at lists.chambana.net
>     <mailto:Commotion-dev at lists.chambana.net>
>     > https://lists.chambana.net/mailman/listinfo/commotion-dev
>     >
>
>     --
>     Josh King
>
>     "I am an Anarchist not because I believe Anarchism is the final goal,
>     but because there is no such thing as a final goal." -Rudolf Rocker
>
>
>     _______________________________________________
>     Commotion-dev mailing list
>     Commotion-dev at lists.chambana.net
>     <mailto:Commotion-dev at lists.chambana.net>
>     https://lists.chambana.net/mailman/listinfo/commotion-dev
>
>
>
>
> --
> Ben West
> http://gowasabi.net
> ben at gowasabi.net <mailto:ben at gowasabi.net>
> 314-246-9434

--
Dan Staples

Open Technology Institute
https://commotionwireless.net

More information about the Commotion-dev mailing list