I want to setup public WiFi Hotspot in very dense tourist zone where there's no single WiFi spot yet.
My worries are the security of such solution, in particular:
I came up with this "solution" to enable only TLS enabled traffic (HTTPS, IMAPS, POP3S, SMTPS) and then pass it via Tor.
Do you think that there's something wrong with this idea?
The point is to not expose users to security risks.
Do you think that there's something wrong with this idea?
Yes, quite a few points. Passing everything through TOR has the following consequences:
TOR doesn't protect against people sniffing WiFi traffic at all. The TOR uplink can only be placed behind the WiFi access point. To prevent users from reaching each other you should enable AP isolation on the access point itself. Only allowing TLS/SSL/HTTPS etc.. traffic doesn't make much sense either. This limits users in what they can do without providing any additional security.
Only allowing TLS enabled traffic would protect users from traffic monitoring on the transport layer, but it's still possible to see which servers a user contacts. So an attacker gets server names and he could still gain useful information from requests/response size, timing, contacted servers. But it's very unlikely that an attacker could extract passwords, personal data or cookies from the data.
The problem is, that this protects only from a passive attacker. An active attacker could set up an evil twin, an access point with the same name. He could allow non-TLS-traffic and even try to strip down TLS traffic. (HSTS mitigates this issue for many websites today, but not completely).
That's a problem that all unencrypted WiFis has today and the only solution would be, that the user authenticates your Access Point. You could do this with WPA-Enterprise set up, but from a usability perspective it's too complicated for the users I think. Another solution would be giving an unique WPA-PSKs (pre-shared keys) to every new user. (If you're giving all users the same PSK, an attacker could set up an evil twin again or decrypting traffic if he has recorded the WPA handshake.)
Using TOR would mitigate the problem that you would be responsible for the things people do over your internet connection, but as @yorick-de-wid already mentioned this has a few usability consequences. In Germany as example there is a project called Freifunk, which is non-commercial initiative for free wireless networks. They provide a gateway, where you can route the traffic of your users through. The connection to the gateway is encrypted using a VPN tunnel. I would recommend using such a service, if available in your area.
Why not setup 802.1x auth? Devices that support any proper form of WiFi crypto will almost always support something like WPA2 Enterprise as well. Instead of then directing users to a simple web captive portal, where they enter their access code (on a non-secured 802.11 network), just have them use that access code as username+password and they'll have their own secure connection. If you want to have an insecure alternative you can just add a second SSID with no crypto for those with older or bad devices.
