IBM to Unveil Secure Open Wireless System at Black Hat

Author: Dennis Fisher
minute read

LAS VEGAS–Researchers from IBM’s ISS X-Force plan to unveil a new system for running an open wireless network in a secure mode at the Black Hat conference here this week. The system mimics the way that Web sites browsers use digital certificates to establish a trusted connection with one another.

X-ForceLAS VEGAS–Researchers from IBM’s ISS X-Force plan to unveil a new system for running an open wireless network in a secure mode at the Black Hat conference here this week. The system mimics the way that Web sites browsers use digital certificates to establish a trusted connection with one another.

X-Force researchers have been working on the system for a while now and the company plans to demonstrate the technology on Thursday during the conference. One of the main problems with public wireless networks is that they’re susceptible to a number of simple attacks, including passive sniffing and man-in-the-middle. The X-Force system is designed to get around these problems by using a digital certificate to assure users that they are communicating with the wireless hotspot that they think they are.

“In our proposal, wireless networks would establish encrypted
connections with their clients by presenting a digital certificate
demonstrating that the operator of the access point is the legitimate
user of the SSID associated with that access point. You could even use
domain names as SSIDs and use off the shelf SSL certificates,” Tom Cross and Takehiro Takahashi of the X-Force wrote in a blog post in October. 

“For example, IBM could set up an open wireless network with the SSID ‘ibm.com.’ When you connect, our access point would send down a digital
certificate for ‘ibm.com,’ and your wireless client would establish an
encrypted connection with us, knowing that because the name in the
certificate is the same as the SSID, the network you are connecting to
must be run by IBM. 

The result would be that when you open up your wireless client you
could establish secure, encrypted connections to networks operated by
people (or companies) that you trust, knowing that those networks are
really operated by the people (or companies) that they claim they are
operated by without needing to have a password.”

Cross said in a separate post Monday that the company plans to demo the secure wireless system at Black Hat Thursday as part of the conference’s Arsenal tools demo presentations.

“It completely eliminates the risk of passive sniffers like Firesheep,
and also substantially reduces the threat of rogue access points by
providing wireless users with a cryptographically protected way to
identity the operator of the network they are connecting to,” Cross said in the post.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.