[Commotion-discuss] Ad Hoc WiFi MESH networks

Paltasingh, S. s.paltasingh at student.tue.nl
Fri Mar 17 15:09:02 UTC 2017


Dear Josh,

Thank you for the detailed explanation. I read the commotion construction kit manual completely. 
I could find the security flaws in the layer 2 (MAC or data link layer) communication between routers as follows:
    1. As the MESH link password is the same across all the links between peers in the network, security is vulnerable. 
       If attacker gets the MESH link password then he can eavesdrop messages as well as disrupt the communication between routers.
     
This can be solved by having different keys (for data encryption) for different links in the MESH network instead of the same shared WPA key. 
This can be done by implementing SAE (simultaneous authentication of equals) or 802.1X/EAP security in the router firmware. But I do not know 
how difficult it is and whether it is possible to implement in routers or not (as they are resource constrained devices).  

Is there any reason for NOT implementing better authentication mechanisms for commotion router firmware (such as 802.11i).
I feel there must be some restrictions because of which your team implemented shared WPA key mechanism even though better secure authentication mechanisms existed, such as 802.11i.

After completely reading the Commotion Construction Kit, I still have the following doubts:
    1. When 2 commotion routers form the MESH (or a new commotion router joins an already existing network) then which commotion router assigns the IP address to the newly added nodes. In order words, in which commotion router does the DHCP server run ?

    2. Does the commotion router behave as a router (for the MESH network) and access point (for laptops, phones wanting to connect) at the same time. If Yes, then does the access point and the router operate in the same channel or do they operate on different               channels. If NO, then the best solution is to connect a conventional router/access point to the commotion router through Ethernet. Now the client devices (laptops, phones) can connect to this conventional router/AP wirelessly.

    3. Last time in your reply you mentioned 2 types of keys. First is a shared WPA key. Second is a separate (optional) shared key for signing management traffic. What does signing management traffic in the context of MESH network of routers mean? What purpose does the optional second key (which is shared) serve ?

Please help me in clarifying these doubts as I am trying to understand the commotion implementation to the best possible extent so as to come up with ideas in order to improvise it.

Thanks and Regards,
Sritam Paltasingh.
________________________________________
From: Josh King [jking at chambana.net]
Sent: 14 March 2017 18:11
To: Paltasingh, S.; commotion-discuss at lists.chambana.net
Subject: Re: [Commotion-discuss] Ad Hoc WiFi MESH networks

Hi Sritam,

Your understanding is basically correct, the Commotion firmware is installed on certain routers
which then form a mesh network over wifi. Other, non-mesh devices can then connect to the network
via a conventional wireless access point or via ethernet, at which point they are able to connect to
other services and devices that are connected to the network.

There are innumerable potential security challenges in working with multi-hop wireless networks. If
we're talking about just the challenges in adding new routers to an existing network, they can vary
widely depending on the management model of the network. They include but are not limited to:

* Authenticating a new router to the network. If you want to have a network that only allows
authorized routers to join, then you need a way of making sure that only certain routers are
authorized. This could potentially be accomplished with a PKI, but then requires that authentication
is centralized and also requires managing your own certificate authority (complicated). Commotion
requires by default that every router has a shared WPA key and optionally that it has a separate
shared key for signing management traffic. This has low overhead but requires a shared secret
between every node in the network.
* Being able to identify bad actor nodes in the network. Right now it is not easy to determine that
a particular router is misbehaving, and to drop them from the network. Ideally the authentication
system would allow for being able to drop routers from the network or mitigate their bad behavior
without rekeying the whole network.
* Protecting end-to-end network traffic. Traffic in Commotion is encrypted over each hop but is not
encrypted end-to-end. This means a bad actor node could potentially eavesdrop on user traffic.

These problems and others are made more complicated by some pretty significant constraints:
* Commotion at least has a goal of not relying on any centralized management platform. Therefore,
any fundamental security measure must at least be able to operate without centralized systems.
Commotion also must be capable of operating offline without any connection to the wider internet.
* Routers are bad at cryptography. They have extremely limited storage and processing power, and
little entropy. They also have fairly inaccurate clocks.
* Wifi is vulnerable to interference and jamming, either intentional or unintentional. There's
little that we can do about that.
* Due to the limited resources on routers, any solution must be extremely small (as far as code
size), efficient, and use as little airtime on the network as possible.

The stuff I'm working on will introduce opportunistic end-to-end encryption to much of the network
at very low overhead, while also pushing as much of the crypto to the edges of the network as
possible. But that's only a partial solution to some of these issues. So if you have any thoughts on
stuff you'd like to work on, I'd be interested to hear it! I hope this was helpful.

On Tue, 2017-03-14 at 13:58 +0000, Paltasingh, S. wrote:
> Dear Sir,
>
> My master's thesis project is: Secure Commissioning (Forming/Joining) In Ad Hoc WiFi MESH
> networks.
>
> I read the documentation of commotion and this is what my understanding is:
> 1. Commotion software platform supports formation of Ad Hoc WiFi MESH network but confined to only
> routers.
> 2. In other words Commotion software platform  enables formation of Ad Hoc WiFi MESH network of
> routers.
> 3. Laptops (phones, tablets) will behave as legacy WiFi nodes and will connect to one of the
> commotion routers (in a star topology) which is having MESH connection with other commotion
> routers. The actual MESH is formed between the routers running the commotion software.
>
> Is my understanding correct as per the documentation provided by commotion wireless project ??
>
> If Yes, then is there any MESH security challenges that needs to be incorporated at the time of
> joining of a new router (running commotion firmware) to the existing MESH network. I can work on
> those security challenges and contribute to the commotion community as my master's thesis work is
> also related to finding solutions to those kind of security challenges.
>
> Looking forward to your valuable comments and suggestions.
>
> Thanks and Regards,
> Sritam Paltasingh.
> _______________________________________________
> Commotion-discuss mailing list
> Commotion-discuss at lists.chambana.net
> https://lists.chambana.net/mailman/listinfo/commotion-discuss
--
Josh King
PGP Fingerprint: 8269 ED6F EA3B 7D78 F074 1E99 2FDA 4DA1 69AE 4999


More information about the Commotion-discuss mailing list