[B.A.T.M.A.N.] AHdemo mode

[B.A.T.M.A.N.] AHdemo mode

[GUSL]

Hi all !

I found this post : http://robin.forumup.it/about107-robin.html

I like to hear opinions about this possible security issue.

Thx in advance !

Re: [B.A.T.M.A.N.] AHdemo mode

[Marek Lindner]

Hi,

> I found this post : http://robin.forumup.it/about107-robin.html
>
> I like to hear opinions about this possible security issue.

why do the security experts always find the same bug ?  :D

As far as I know the WPA encryption is not supposed to secure _all_ your 
traffic. It is supposed to encrypt the traffic between your notebook and your 
accesspoint. 

For meshing you need ad-hoc mode and in this mode you don't have a single 
authority to authenticate against. How should "mesh encryption" work - all 
nodes are "equal" ?

If you want to secure your network traffic, please use the higher security 
layers as SSL or similar technologies. They do _proper_ end to end 
encryption. Even if the WPA would work your traffic is not secure as the 
internet gateway and all stations after it still could sniff your traffic.

I would be very interested to hear from "williamruckman" what kind of packets 
he would inject to "capture all traffic or perform a man-in-the-middle 
attack". I suggest reading the "security considerations" section of this 
document first:
https://www.open-mesh.net/batman/doc/draft-openmesh-b-a-t-m-a-n-00.txt
 
Regards,
Marek

Re: [B.A.T.M.A.N.] AHdemo mode

[GUSL]

El Wednesday 09 April 2008 21:52:50 Marek Lindner escribió:
> Hi,
>
> > I found this post : http://robin.forumup.it/about107-robin.html
> >
> > I like to hear opinions about this possible security issue.
>
> why do the security experts always find the same bug ?  :D
>
> As far as I know the WPA encryption is not supposed to secure _all_ your
> traffic. It is supposed to encrypt the traffic between your notebook and
> your accesspoint.
>
> For meshing you need ad-hoc mode and in this mode you don't have a single
> authority to authenticate against. How should "mesh encryption" work - all
> nodes are "equal" ?
>
> If you want to secure your network traffic, please use the higher security
> layers as SSL or similar technologies. They do _proper_ end to end
> encryption. Even if the WPA would work your traffic is not secure as the
> internet gateway and all stations after it still could sniff your traffic.
>
> I would be very interested to hear from "williamruckman" what kind of
> packets he would inject to "capture all traffic or perform a
> man-in-the-middle attack". I suggest reading the "security considerations"
> section of this document first:
> https://www.open-mesh.net/batman/doc/draft-openmesh-b-a-t-m-a-n-00.txt
>
> Regards,
> Marek
> _______________________________________________
> B.A.T.M.A.N mailing list
> B.A.T.M.A.N@open-mesh.net
> https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n

Thanks for your reply.
I hope I am not being annoying.

Obviously there are too many "security experts" out there.... :P

Regards,
GUSL

Re: [B.A.T.M.A.N.] AHdemo mode

[Vinay Menon]

The problem I see here is the possibility of unwanted batman nodes  
joining in and announcing wrong/ false gateway. Since adhoc will only  
support WEP and imo its not viable having batman run only over VPN, i  
think a symmetric key arrangement where in all nodes have the same  
password to join in routing would be a great addition. This basically  
is the concept of olsr secure plugin.


Regards,
Vinay Menon

On Apr 10, 2008, at 7:25 AM, GUSL <gfjl@ubbi.com> wrote:

> El Wednesday 09 April 2008 21:52:50 Marek Lindner escribió:
>> Hi,
>>
>>> I found this post : http://robin.forumup.it/about107-robin.html
>>>
>>> I like to hear opinions about this possible security issue.
>>
>> why do the security experts always find the same bug ?  :D
>>
>> As far as I know the WPA encryption is not supposed to secure _all_  
>> your
>> traffic. It is supposed to encrypt the traffic between your  
>> notebook and
>> your accesspoint.
>>
>> For meshing you need ad-hoc mode and in this mode you don't have a  
>> single
>> authority to authenticate against. How should "mesh encryption"  
>> work - all
>> nodes are "equal" ?
>>
>> If you want to secure your network traffic, please use the higher  
>> security
>> layers as SSL or similar technologies. They do _proper_ end to end
>> encryption. Even if the WPA would work your traffic is not secure  
>> as the
>> internet gateway and all stations after it still could sniff your  
>> traffic.
>>
>> I would be very interested to hear from "williamruckman" what kind of
>> packets he would inject to "capture all traffic or perform a
>> man-in-the-middle attack". I suggest reading the "security  
>> considerations"
>> section of this document first:
>> https://www.open-mesh.net/batman/doc/draft-openmesh-b-a-t-m-a- 
>> n-00.txt
>>
>> Regards,
>> Marek
>> _______________________________________________
>> B.A.T.M.A.N mailing list
>> B.A.T.M.A.N@open-mesh.net
>> https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n
>
> Thanks for your reply.
> I hope I am not being annoying.
>
> Obviously there are too many "security experts" out there.... :P
>
> Regards,
> GUSL
>
> _______________________________________________
> B.A.T.M.A.N mailing list
> B.A.T.M.A.N@open-mesh.net
> https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n

Re: [B.A.T.M.A.N.] AHdemo mode

[Marek Lindner]

On Thursday, 10. April 2008 10:23:58 Vinay Menon wrote:
> The problem I see here is the possibility of unwanted batman nodes
> joining in and announcing wrong/ false gateway. Since adhoc will only
> support WEP and imo its not viable having batman run only over VPN, i
> think a symmetric key arrangement where in all nodes have the same
> password to join in routing would be a great addition. This basically
> is the concept of olsr secure plugin.

But announcing a wrong/false gateway wont help - that is why we have a 
blackhole detection or the preferred gateway option. You can choose your 
gateway.

IMHO the olsr secure plugin idea has a good intention but the concept is 
broken. There are several aspects:
- As long as only a single instance (one admin) knows the key everything is 
fine. But every node joining the mesh will need that key. Either the admin 
has a _lot_ of freetime or you have to hand out the key. In the later case 
check Ebay from to time to time to find out about the value of your key.  ;-)
- Furthermore, batman is used for _community_ meshing. Everybody should be 
able to join quickly ...
- You give your users a FALSE impression of security: "We have the secure 
plugin enabled - we are secure!". Still everybody can sniff the data, man in 
the middle, etc
- Encryption on an embedded device like a router is a performance killer if 
the encryption is not done in the hardware itself.
- Most important: Nothing is better than end to end encryption / 
authentication / authorization.

Greetings,
Marek

Re: [B.A.T.M.A.N.] AHdemo mode

[bruno randolf]

On Thursday 10 April 2008 13:22:16 Marek Lindner wrote:
> IMHO the olsr secure plugin idea has a good intention but the concept is
> broken. There are several aspects:
> - As long as only a single instance (one admin) knows the key everything is
> fine. But every node joining the mesh will need that key. Either the admin
> has a _lot_ of freetime or you have to hand out the key. In the later case
> check Ebay from to time to time to find out about the value of your key. 

still that can be better than no security at all...

> ;-) - Furthermore, batman is used for _community_ meshing. Everybody should
> be able to join quickly ...

i basically agree, but some people might like to set up a more controlled 
environment. even in a community network this might be useful at times, for 
example if you want to set up a backbone network.

one way to solve this without a static key which has to be known to all nodes 
is using a public key infrastructure (PKI) with a certificate authority (CA). 
the clients can generate their own private and public keys and send the 
public key to be signed by the CA. that could go hand in hand with adding 
their nodes to a map and accepting some basic agreement (pico peering). after 
it has been signed they could start using encryption for an extra level of 
mesh security.

> - You give your users a FALSE impression of security: "We have the secure
> plugin enabled - we are secure!". Still everybody can sniff the data, man
> in the middle, etc

yes people have to understand that only the mesh protocol will be encrypted, 
not the data.

> - Encryption on an embedded device like a router is a performance killer if
> the encryption is not done in the hardware itself.

it's not too bad as long as the bandwith is low, as it would be the case with 
protocol traffic.

> - Most important: Nothing is better than end to end encryption /
> authentication / authorization.

that's true, but it doesn't help if the underlying mesh protocol can be 
disturbed easily by un-authenticated nodes and your traffic never reaches the 
other endpoint.

there are two different layers of adding authentication and encryption. one is 
the mesh protocol itself the other one is end-to-end user encryption. both 
are necessary if you want to make your network secure.

bruno

Re: [B.A.T.M.A.N.] AHdemo mode

[Vinay Menon]

[-- Attachment #1: Type: text/plain, Size: 3134 bytes --]

ditto bruno .

End to end encryption for clients is better done with openssl .
Having to choose our gateway too is similar to having to choose then option
or having secure routing or not more over .Entering the prefered gateway is
same as entering preferred password the password is more dynamic and a bit
more secure imo .
If the admin wants he can secure the system and if its a open mesh then no
need of security.....well oss is all about options isnt it?

Regards,

On Thu, Apr 10, 2008 at 2:04 AM, bruno randolf <bruno@thinktube.com> wrote:

> On Thursday 10 April 2008 13:22:16 Marek Lindner wrote:
> > IMHO the olsr secure plugin idea has a good intention but the concept is
> > broken. There are several aspects:
> > - As long as only a single instance (one admin) knows the key everything
> is
> > fine. But every node joining the mesh will need that key. Either the
> admin
> > has a _lot_ of freetime or you have to hand out the key. In the later
> case
> > check Ebay from to time to time to find out about the value of your key.
>
> still that can be better than no security at all...
>
> > ;-) - Furthermore, batman is used for _community_ meshing. Everybody
> should
> > be able to join quickly ...
>
> i basically agree, but some people might like to set up a more controlled
> environment. even in a community network this might be useful at times,
> for
> example if you want to set up a backbone network.
>
> one way to solve this without a static key which has to be known to all
> nodes
> is using a public key infrastructure (PKI) with a certificate authority
> (CA).
> the clients can generate their own private and public keys and send the
> public key to be signed by the CA. that could go hand in hand with adding
> their nodes to a map and accepting some basic agreement (pico peering).
> after
> it has been signed they could start using encryption for an extra level of
> mesh security.
>
> > - You give your users a FALSE impression of security: "We have the
> secure
> > plugin enabled - we are secure!". Still everybody can sniff the data,
> man
> > in the middle, etc
>
> yes people have to understand that only the mesh protocol will be
> encrypted,
> not the data.
>
> > - Encryption on an embedded device like a router is a performance killer
> if
> > the encryption is not done in the hardware itself.
>
> it's not too bad as long as the bandwith is low, as it would be the case
> with
> protocol traffic.
>
> > - Most important: Nothing is better than end to end encryption /
> > authentication / authorization.
>
> that's true, but it doesn't help if the underlying mesh protocol can be
> disturbed easily by un-authenticated nodes and your traffic never reaches
> the
> other endpoint.
>
> there are two different layers of adding authentication and encryption.
> one is
> the mesh protocol itself the other one is end-to-end user encryption. both
> are necessary if you want to make your network secure.
>
> bruno
> _______________________________________________
> B.A.T.M.A.N mailing list
> B.A.T.M.A.N@open-mesh.net
> https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n
>



-- 
Vinay Menon

[-- Attachment #2: Type: text/html, Size: 3896 bytes --]

Re: [B.A.T.M.A.N.] AHdemo mode

[Simon Wunderlich]

[-- Attachment #1: Type: text/plain, Size: 1799 bytes --]

Hello,

i agree to Marek, just encryption won't give us security, and i think
it's better to keep the mesh open and "unsafe" than having people a
delusion of "security", which would probably make things worse.

Anyway, i'd like to add that there is more than WEP for Adhoc:

There is WPA-NONE, which can be used with wpa_supplicant. Basicly it
works with static keys, but doesn't support re-keying, replay attack
detection and such as there is of course no AP which would regulate
these features. So this is probably much weaker than "normal" WPA-PSK. 
(I'd be interested in a proper "security" discussion/documentation 
about this).

Btw, this does not seem to be a standard thing (couldn't find it in 
802.11i), and there is no proper documentation as far as i can see. If
anyone finds something usable, please let me know. ;)

You can give it a try, have a look at [1] and search for WPA-NONE in the
document. Be aware that drivers might not (yet?) work with that. I know
from madwifi that it still tries to apply replay rules even in IBSS mode
and thus won't work with more than 2 particapants (that would give a
boring mesh, right?). :D

Best Regards,
	Simon




[1] http://user.uni-frankfurt.de/~testrad/wpa_supplicant/wpa_supplicant.conf.examples

On Thu, Apr 10, 2008 at 07:53:58AM +0530, Vinay Menon wrote:
> The problem I see here is the possibility of unwanted batman nodes  
> joining in and announcing wrong/ false gateway. Since adhoc will only  
> support WEP and imo its not viable having batman run only over VPN, i  
> think a symmetric key arrangement where in all nodes have the same  
> password to join in routing would be a great addition. This basically  
> is the concept of olsr secure plugin.
> 
> 
> Regards,
> Vinay Menon
> 

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [B.A.T.M.A.N.] AHdemo mode

[Marek Lindner]

> Thanks for your reply.
> I hope I am not being annoying.
>
> Obviously there are too many "security experts" out there.... :P

No, you are not anoying - I simply here that question over and over again. I'm 
sorry if my mail sounded too rough. May be I should prepare a template 
somewhere ..  ;-)

If you or somebody else want to discuss / improve security I happily join the 
discussion.

Greetings,
Marek

Re: [B.A.T.M.A.N.] AHdemo mode

[Marek Lindner]

> still that can be better than no security at all...

I think before you start throwing crypto, keys, certificates, etc on something 
you/we should evaluate whether there are others ways.
Also, it is important to realize that encryption itself does not make things 
secure (encryption != security). If we start talking about "no security at 
all" I'd rather ask first what we are securing and against whom ...


> i basically agree, but some people might like to set up a more controlled
> environment. even in a community network this might be useful at times, for
> example if you want to set up a backbone network.

So, we are starting to talk about these rare cases, right ?


> one way to solve this without a static key which has to be known to all
> nodes is using a public key infrastructure (PKI) with a certificate
> authority (CA). the clients can generate their own private and public keys
> and send the public key to be signed by the CA. that could go hand in hand
> with adding their nodes to a map and accepting some basic agreement (pico
> peering). after it has been signed they could start using encryption for an
> extra level of mesh security.

I think many things would be _possible_ but I don't see that happen. But why 
everything has to be so complicated ? Do you read that: static key, PKI, CA, 
private and public keys, signed by the CA, ....
Only a few people master this kind of security properly. The only end user PKI 
that "works" out there are web certificates and their level of security is 
more ashaming.


> that's true, but it doesn't help if the underlying mesh protocol can be
> disturbed easily by un-authenticated nodes and your traffic never reaches
> the other endpoint.
>
> there are two different layers of adding authentication and encryption. one
> is the mesh protocol itself the other one is end-to-end user encryption.
> both are necessary if you want to make your network secure.

I can't agree here. I believe a well designed mesh protocol which is more 
resistant out of the box is mucher better than this encryption bloat. 
If you *really* need the encryption, please use one of the established and 
widely tested security protocols for the lower layers. Encryption is 
incredible hard to do right and we are definitely no experts in this area. We 
want to develop a slick, fast routing protocol. If you want this level of 
security I *strongly* vote against a home made "security plugin".

Keep in mind that security is a concept and not something you can simply 
enable.

Greetings,
Marek

Re: [B.A.T.M.A.N.] AHdemo mode

[elektra]

Hi -

have to say I fully agree with Marek.

cu elektra


>   
>> still that can be better than no security at all...
>>     
>
> I think before you start throwing crypto, keys, certificates, etc on something 
> you/we should evaluate whether there are others ways.
> Also, it is important to realize that encryption itself does not make things 
> secure (encryption != security). If we start talking about "no security at 
> all" I'd rather ask first what we are securing and against whom ...
>
>
>   
>> i basically agree, but some people might like to set up a more controlled
>> environment. even in a community network this might be useful at times, for
>> example if you want to set up a backbone network.
>>     
>
> So, we are starting to talk about these rare cases, right ?
>
>
>   
>> one way to solve this without a static key which has to be known to all
>> nodes is using a public key infrastructure (PKI) with a certificate
>> authority (CA). the clients can generate their own private and public keys
>> and send the public key to be signed by the CA. that could go hand in hand
>> with adding their nodes to a map and accepting some basic agreement (pico
>> peering). after it has been signed they could start using encryption for an
>> extra level of mesh security.
>>     
>
> I think many things would be _possible_ but I don't see that happen. But why 
> everything has to be so complicated ? Do you read that: static key, PKI, CA, 
> private and public keys, signed by the CA, ....
> Only a few people master this kind of security properly. The only end user PKI 
> that "works" out there are web certificates and their level of security is 
> more ashaming.
>
>
>   
>> that's true, but it doesn't help if the underlying mesh protocol can be
>> disturbed easily by un-authenticated nodes and your traffic never reaches
>> the other endpoint.
>>
>> there are two different layers of adding authentication and encryption. one
>> is the mesh protocol itself the other one is end-to-end user encryption.
>> both are necessary if you want to make your network secure.
>>     
>
> I can't agree here. I believe a well designed mesh protocol which is more 
> resistant out of the box is mucher better than this encryption bloat. 
> If you *really* need the encryption, please use one of the established and 
> widely tested security protocols for the lower layers. Encryption is 
> incredible hard to do right and we are definitely no experts in this area. We 
> want to develop a slick, fast routing protocol. If you want this level of 
> security I *strongly* vote against a home made "security plugin".
>
> Keep in mind that security is a concept and not something you can simply 
> enable.
>
> Greetings,
> Marek
> _______________________________________________
> B.A.T.M.A.N mailing list
> B.A.T.M.A.N@open-mesh.net
> https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n
>
>   

Re: [B.A.T.M.A.N.] AHdemo mode

[Aaron Kaplan]

On Apr 10, 2008, at 11:41 AM, Marek Lindner wrote:
>
>
>> i basically agree, but some people might like to set up a more  
>> controlled
>> environment. even in a community network this might be useful at  
>> times, for
>> example if you want to set up a backbone network.
>
> So, we are starting to talk about these rare cases, right ?

I don't think it is so rare. Non community wireless networks will  
probably like to sign their routing packets in addition to other  
crypt layers.

a.