3

What is the right way to secure adhoc networks? WPA_NONE is a cruel hack (doesn’t work most of the time, discards important packets, ..), WEP is not secure and Open… open is open. IPSec is a level to high. Does there exists something which works under linux and wifi?

3 Answers3

3

Why is IPSec too high-level ?

If you use a common shared key, and one of your nodes is malicious, the whole system gets compromised. You probably want asymmetric cryptography, so that nodes cannot impersonate each other.

IPSec will allow you to issue individual certificates to your nodes, and you can also use AH mode to get authenticated broadcasts.

I don't know of any protocol that would allow both confidential broadcast and resistance to an inside attacker.

b0fh
  • 3,313
  • 1
  • 20
  • 32
0

MAC filtering and/or VPN.

SF.
  • 277
  • 3
  • 9
  • Mac filtering in adhoc networks is a real bad idea. VPN also doesnt work. It is not possible to route all traffic in a mesh through a single vpn server –  Jan 18 '10 at 12:10
  • 1
    VPN does not have to go through a server. Each node runs its own VPN instance, and maintains security state for every other node it needs to communicate with. You can do this with IKE/IPsec using certificates for authentication. – President James K. Polk Jan 18 '10 at 13:16
  • But how should broadcasts work then? –  Jan 18 '10 at 18:32
0

If you can't use a central AP, best bet with current COTS technology is to setup an IPsec tunnel between the hosts like a mesh.

If they are an application specific network then I would move towards using something like OpenSSL secure sockets to just secure the application communication (if you have that access).

Or invest in an AP that can do your WPA2 and call it a day.

H. Green
  • 111
  • 2