IBM to Unveil Secure Open Wireless System at Black Hat

LAS VEGAS–Researchers from IBM’s ISS X-Force plan to unveil a new system for running an open wireless network in a secure mode at the Black Hat conference here this week. The system mimics the way that Web sites browsers use digital certificates to establish a trusted connection with one another.

X-ForceLAS VEGAS–Researchers from IBM’s ISS X-Force plan to unveil a new system for running an open wireless network in a secure mode at the Black Hat conference here this week. The system mimics the way that Web sites browsers use digital certificates to establish a trusted connection with one another.

X-Force researchers have been working on the system for a while now and the company plans to demonstrate the technology on Thursday during the conference. One of the main problems with public wireless networks is that they’re susceptible to a number of simple attacks, including passive sniffing and man-in-the-middle. The X-Force system is designed to get around these problems by using a digital certificate to assure users that they are communicating with the wireless hotspot that they think they are.

“In our proposal, wireless networks would establish encrypted
connections with their clients by presenting a digital certificate
demonstrating that the operator of the access point is the legitimate
user of the SSID associated with that access point. You could even use
domain names as SSIDs and use off the shelf SSL certificates,” Tom Cross and Takehiro Takahashi of the X-Force wrote in a blog post in October. 

“For example, IBM could set up an open wireless network with the SSID ‘ibm.com.’ When you connect, our access point would send down a digital
certificate for ‘ibm.com,’ and your wireless client would establish an
encrypted connection with us, knowing that because the name in the
certificate is the same as the SSID, the network you are connecting to
must be run by IBM. 

The result would be that when you open up your wireless client you
could establish secure, encrypted connections to networks operated by
people (or companies) that you trust, knowing that those networks are
really operated by the people (or companies) that they claim they are
operated by without needing to have a password.”

Cross said in a separate post Monday that the company plans to demo the secure wireless system at Black Hat Thursday as part of the conference’s Arsenal tools demo presentations.

“It completely eliminates the risk of passive sniffers like Firesheep,
and also substantially reduces the threat of rogue access points by
providing wireless users with a cryptographically protected way to
identity the operator of the network they are connecting to,” Cross said in the post.

Suggested articles

Discussion

  • Anonymous on

    Don't Cisco, Aruba, and <fill in the name of your favorite modern wireless company here> all support this already via 802.1X?

  • Stephen R. van den Berg on

    I've been running secure open WiFi networks for the past three years. Using hostapd and a patched radius server to ignore the password. I.e. the user asks for a connection, gets the certificate from the radius server through EAP, then the user is prompted for a username/password. The user is allowed to enter *any* username and *any* password, the "authentication" proceeds and simply grants access.

    Presto, open WiFi, with private WPA2 encryption per client, and an SSL certificate from the access point which can be validated against. I don't know what IBM et al have been doing, but this is readily available tech (patching the radius server was/is not exactly rocket science) and it works since 2008, and it certainly is nothing exciting to get all fussy about at a black hat conference.

    I see that they have a patent pending; this must be a joke (then again, the whole software patent system is a joke).

  • Gary D on

    Certificates are one method for 802.1X authentication. Simpler traditional credentials like user name and password are also an option by using RADIUS. However, even with certificates or RADIUS behind Enterprise WPA2, you have to have the infrastructure that this proprosal would not. It sounds like the client would be checking known CAs for authenticity just like your OS, JVM, or browser currently do today. In other words, this proposal and 802.1X can both use PKI but this new model proposes to eliminate a lot of behind the scenes infrastructure that's currently required for enterprise deployments.

  • Anonymous on

    "the network you are connecting to must be run by IBM"

    Of course it must...

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.