[Commotion-dev] Whether to use encrypted meshing, how to accept new nodes?

Will Hawkins hawkinsw at opentechinstitute.org
Wed Jun 12 17:38:20 UTC 2013 

Sense: No impact. Reality: Not sure.

On 06/12/2013 01:34 PM, Dan Staples wrote:
> Any sense of whether doing fully-software encryption for this would
> negatively affect it's security?
> 
> On 06/12/2013 11:10 AM, Will Hawkins wrote:
>> Dan's correct. We thought that they were going to start using some other
>> form of encryption. I am going to dig into these patches and see which
>> version of the authsae code they are pulling. Hopefully they are pulling
>> one that already has the patches I submitted last summer. That would
>> make things really pretty easy.
>>
>> And, yes, you do have to disable HW encryption to get this to work. It's
>> not a big deal, as far as I can tell, but definitely something to be
>> aware of. It could negatively affect throughput but, again, I've yet to
>> confirm.
>>
>> Will
>>
>> On 06/12/2013 08:11 AM, Dan Staples wrote:
>>> That's very interesting, considering that one of the reasons we moved
>>> away from authsae towards IBSS-RSN is that we heard on the openwrt list
>>> that authsae support was going the way of the dinosaurs...
>>>
>>> On 06/11/2013 06:12 PM, Ben West wrote:
>>>> FYI, recent patches that appeared on OpenWRT-dev listserv for authsae
>>>> support.  However, this may require disabling hardware encryption?
>>>>
>>>> [PATCH] Add elliptic curve crypto compilation options to openssl
>>>> https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020268.html
>>>>
>>>> [PATCH v3] authsae 80211s authentication daemon
>>>> https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020269.html
>>>>
>>>> [PATCH v2] authsae: adapt uci scripts to use authsae
>>>> https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020346.html
>>>> https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020371.html (must
>>>> disable hwcrypt?)
>>>>
>>>>
>>>> On Wed, Dec 19, 2012 at 12:15 PM, Will Hawkins
>>>> <hawkinsw at opentechinstitute.org
>>>> <mailto:hawkinsw at opentechinstitute.org>> wrote:
>>>>
>>>>     Ben,
>>>>
>>>>     Sorry for just now responding!
>>>>
>>>>     On 12/12/2012 07:18 PM, Ben West wrote:
>>>>     > Likewise, thank you every for the detailed responses, and
>>>>     especially for
>>>>     > providing all the background on what is clearly a well known
>>>>     problem.
>>>>     >
>>>>     > W.r.t. authsae mentioned by Daniel, I do find this patch for
>>>>     adding an
>>>>     > authsae daemon to OpenWRT, although I believe this patch is
>>>>     targeted for
>>>>     > 802.11s.
>>>>     > http://patchwork.openwrt.org/patch/1350/
>>>>     >
>>>>     > Likewise this ticket in the OpenWRT queue:
>>>>     > https://dev.openwrt.org/ticket/12078
>>>>     >
>>>>     > Further investigation into authsae options for 802.11n adhoc
>>>>     leads to
>>>>     > this issue filed by Will Hawkins on a very familiar looking website:
>>>>     > https://code.commotionwireless.net/issues/305
>>>>     >
>>>>     > "Submitted some patches upstream to cozybit authsae project.
>>>>     Next up,
>>>>     > attempting to upstream patches to the kernel."
>>>>     >
>>>>     > Will, do you happen to links to the patch submissions you made for
>>>>     > kernel and authsae?  I'm curious when this makes its way into
>>>>     OpenWRT
>>>>     > trunk.  (No mention of authsae in recent OpenWRT-devel chatter.)
>>>>
>>>>     I have links to the patches that I submitted for the Linux kernel to
>>>>     make authsae possible over adhoc networks. The change is a rather
>>>>     modest
>>>>     two lines and was accepted into the kernel months ago. If you are
>>>>     running compat-wireless or a recent kernel you probably already
>>>>     have the
>>>>     change. Otherwise, you can look here:
>>>>     http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=3bfda62c50b0a4b118dcfce36686508ca2892292
>>>>     http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=452a6d22615bb8262a932b362f41fc5d89f03293
>>>>     http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=6abe0563224f8540c88e1d84d2bb394bd408c951
>>>>
>>>>     As for the authsae patches, I submitted them to the Cozybit
>>>>     developers.
>>>>     They suggested improvements/changes and we went back and forth several
>>>>     times. We stopped going down that path because we decided that it
>>>>     would
>>>>     ultimately be better to integrate authsae directly with wpa_supplicant
>>>>     so that we would not need to add an extra binary into Commotion.
>>>>     But, if
>>>>     you are curious, you can look here:
>>>>     https://github.com/hawkinswnaf/authsae
>>>>
>>>>     Fortunately, the cozybit people already have a "custom" wpa_supplicant
>>>>     with authsae support. Yet, that's not the end of the issue. The signal
>>>>     that they used to trigger an authsae handshake was not available for
>>>>     adhoc nodes. That recently changed. Within the last week there was a
>>>>     kernel patch that will allow us to grab a signal when a new peer adhoc
>>>>     node is available for authentication. This means that we'll have an
>>>>     easier time integrating authsae for mesh in wpa_supplicant.
>>>>
>>>>     I hope this information helped provide a little bit of background
>>>>     about
>>>>     what we are working on with authsae. It's a pretty long-winded way of
>>>>     saying, "we're working on it". :-)  Let me know your thoughts!
>>>>
>>>>     Talk to you soon!
>>>>     Will
>>>>
>>>>     >
>>>>     > --
>>>>     > Ben West
>>>>     > http://gowasabi.net
>>>>     > ben at gowasabi.net <mailto:ben at gowasabi.net>
>>>>     <mailto:ben at gowasabi.net <mailto:ben at gowasabi.net>>
>>>>     > 314-246-9434 <tel:314-246-9434>
>>>>     >
>>>>     >
>>>>     >
>>>>     > _______________________________________________
>>>>     > Commotion-dev mailing list
>>>>     > Commotion-dev at lists.chambana.net
>>>>     <mailto:Commotion-dev at lists.chambana.net>
>>>>     > http://lists.chambana.net/mailman/listinfo/commotion-dev
>>>>     >
>>>>     _______________________________________________
>>>>     Commotion-dev mailing list
>>>>     Commotion-dev at lists.chambana.net
>>>>     <mailto:Commotion-dev at lists.chambana.net>
>>>>     http://lists.chambana.net/mailman/listinfo/commotion-dev
>>>>
>>>>
>>>>
>>>>
>>>> -- 
>>>> Ben West
>>>> http://gowasabi.net
>>>> ben at gowasabi.net <mailto:ben at gowasabi.net>
>>>> 314-246-9434
>>>>
>>>>
>>>> _______________________________________________
>>>> Commotion-dev mailing list
>>>> Commotion-dev at lists.chambana.net
>>>> https://lists.chambana.net/mailman/listinfo/commotion-dev
>>> -- 
>>> Dan Staples
>>>
>>> Open Technology Institute
>>> https://commotionwireless.net
>>>
>>>
>>>
>>> _______________________________________________
>>> Commotion-dev mailing list
>>> Commotion-dev at lists.chambana.net
>>> https://lists.chambana.net/mailman/listinfo/commotion-dev
>>>
>> _______________________________________________
>> Commotion-dev mailing list
>> Commotion-dev at lists.chambana.net
>> https://lists.chambana.net/mailman/listinfo/commotion-dev
>

More information about the Commotion-dev mailing list