August 3, 2011, 9:50AM
IBM to Unveil Secure Open Wireless System at Black Hat
4 Comments
LAS VEGAS--Researchers from IBM's ISS X-Force plan to unveil a new system for running an open wireless network in a secure mode at the Black Hat conference here this week. The system mimics the way that Web sites browsers use digital certificates to establish a trusted connection with one another.
X-Force researchers have been working on the system for a while now and the company plans to demonstrate the technology on Thursday during the conference. One of the main problems with public wireless networks is that they're susceptible to a number of simple attacks, including passive sniffing and man-in-the-middle. The X-Force system is designed to get around these problems by using a digital certificate to assure users that they are communicating with the wireless hotspot that they think they are.
"In our proposal, wireless networks would establish encrypted connections with their clients by presenting a digital certificate demonstrating that the operator of the access point is the legitimate user of the SSID associated with that access point. You could even use domain names as SSIDs and use off the shelf SSL certificates," Tom Cross and Takehiro Takahashi of the X-Force wrote in a blog post in October.
Editor's Pick
"For example, IBM could set up an open wireless network with the SSID 'ibm.com.' When you connect, our access point would send down a digital certificate for 'ibm.com,' and your wireless client would establish an encrypted connection with us, knowing that because the name in the certificate is the same as the SSID, the network you are connecting to must be run by IBM.
The result would be that when you open up your wireless client you could establish secure, encrypted connections to networks operated by people (or companies) that you trust, knowing that those networks are really operated by the people (or companies) that they claim they are operated by without needing to have a password."
Cross said in a separate post Monday that the company plans to demo the secure wireless system at Black Hat Thursday as part of the conference's Arsenal tools demo presentations.
"It completely eliminates the risk of passive sniffers like Firesheep, and also substantially reduces the threat of rogue access points by providing wireless users with a cryptographically protected way to identity the operator of the network they are connecting to," Cross said in the post.
Commenting on this Article is closed.
Today's Most Popular
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Iranian Students Claim to have Stolen Thousands of Researcher's Records
- Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends
- Why Google Won't Protect You From Big Brother
- Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest
Most Commented Stories
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
Don't Cisco, Aruba, and <fill in the name of your favorite modern wireless company here> all support this already via 802.1X?
I've been running secure open WiFi networks for the past three years. Using hostapd and a patched radius server to ignore the password. I.e. the user asks for a connection, gets the certificate from the radius server through EAP, then the user is prompted for a username/password. The user is allowed to enter *any* username and *any* password, the "authentication" proceeds and simply grants access.
Presto, open WiFi, with private WPA2 encryption per client, and an SSL certificate from the access point which can be validated against. I don't know what IBM et al have been doing, but this is readily available tech (patching the radius server was/is not exactly rocket science) and it works since 2008, and it certainly is nothing exciting to get all fussy about at a black hat conference.
I see that they have a patent pending; this must be a joke (then again, the whole software patent system is a joke).
Certificates are one method for 802.1X authentication. Simpler traditional credentials like user name and password are also an option by using RADIUS. However, even with certificates or RADIUS behind Enterprise WPA2, you have to have the infrastructure that this proprosal would not. It sounds like the client would be checking known CAs for authenticity just like your OS, JVM, or browser currently do today. In other words, this proposal and 802.1X can both use PKI but this new model proposes to eliminate a lot of behind the scenes infrastructure that's currently required for enterprise deployments.
"the network you are connecting to must be run by IBM"
Of course it must...