Earlier I spoke about email encryption and how surprising it is that we got this far with such insecure communications.
More recently there was a story about Internet café’s here in San Francisco and how one of the premier hotspots is just a few blocks from my house.
I would love to walk down and do some work in that environment, but open wi-fi means no encryption between your laptop and the base station. That means anyone nearby can sniff my packets and monitor my communications. Easily, and with no special tech knowledge. Hacking has become a point-and-click endeavor.
To make matters worse, AT&T (was: SBC, was: PacBell) does not encrypt email communications. If I open my email application, every few minutes it will connect to the server, broadcasting my password in the clear for all nearby hackers. Not a bright idea in an Internet café teeming with San Francisco’s nouveau dot commers.
It got me wondering why it was this way. Today, for Wi-Fi communications to be encrypted it means each user must enter a password. Not very convenient for patrons of Internet café’s. But if you turn off password protection you also lose encryption to the base station. It’s an either-or situation.
And the issue is not relegated to Wi-Fi communications. Ethernet LAN connections are similarly insecure. Anyone else on your network can sniff your packets.
For precision and clarity, here is the problem statement rendered as SSNiFs scenarios:
| Stakeholder | Situation | Need |
|---|---|---|
| Café owner (or anyone running an open wireless network) | • It’s inconvenient to hand out passwords to patrons. | • … for patrons to get Internet access with low overhead on staff |
| Café patron | • Travels among many open Wi-Fi networks. Transfers private information. | • … for the convenience of automatic Wi-Fi connections, with the security of encryption |
| Anyone user of Ethernet LANs | • Transfers private information | • … for the secure communications, free from sniffing by others on the LAN |
Can’t we have our cake and eat it too? Why can’t the base station establish secure communications to user even without a password? The router and the laptop would each generate key pairs and exchange public keys for the session. No passwords, high encryption standards. As for wired, Ethernet connections, why can’t they do the same?
Seems like a pretty obvious need and idea, doesn’t it? Surely I’m not the first to have thought of this.
Turns out I’m not. I asked my friend David Creemer, who is in possession of sixty percent of all human knowledge and therefore usually a useful resource. He wrote:
The capability you ask for is slowly getting deployed, and is part of the 802.1x authentication standard. 802.1x is mostly associated with WiFi, but works perfectly well on ethernet, etc. It provides for per-port or per-connection authentication, authorization, and encryption. On the Mac, you might see it as “WPA2-Enterprise” on the WiFi password panel. Though generally used with a password or other credential, it can do encryption with no or trivial authentication.
So, it’s coming. Eventually. Deployment of this sort of thing takes years so it could be a while.
Which begs the broader question about product vision. This scenarios is pretty straightforward, isn’t it? Obvious even, at least in retrospect? How could the purveyors of wireless networking standards have missed this use case, dooming years of users to the invisible perils of insecure communications? Moreover, Ethernet LANs have been around for decades now. How did they miss it?
Was it a fear of performance degradation due to encrypting all packets? Was it because customers do not appreciate security risks and hence do not demand stronger solutions from vendors? Or was it a lack of foresight on the part of the standards bodies — a lapse of vision into this core, critical scenario?
—
One final note: Even with the secure WiFi connection described here, your data is only safe within the café, not on its journey between the café and its destination. For that you need to establish a VPN connection. And we continue to wait for widespread, facilitated email encryption.
I’m commmenting on this even though it’s old because it is at the top of my google search results:
Use OpenSSH. You can encrypt all of your network connections for free, very easily. There are many, many articles online on how to do this, but I’ll give you some tips:
If you use windows, consider getting cygwin.
If you use a mac, you are okay.
Set up an ssh server at home, register a dyndns address on your router, and have your router forward port 22 to your ssh server.
Then, tunnel. You can use -w or -D, it’s really a matter of style. Lock down sshd.conf by allowing public key access only – this will stop the bots from getting into your ssh server.
Thanks boR, for the tips. This will be of benefit to those who really need it.
However this is in no way easy for regular people.
It also requires having a machine at home for this task. It adds more steps in the chain that can break. The machine must be on (consuming power) and the server running. It also requires sending all traffic through your home machine, adding overhead.
We still need open, yet encrypted WiFi from the café table to the café router, and that it should be completely automatic. Your mom could open her MacBook and surf privately.
It’s been two years since I posted this article. Is this on the horizon anywhere?
There’s ipsec, which is part of ipv6, the next generation ip protocol. IPSec allows x.509-based encryption, which could be negotiated without the need to enter a password using the same kind of key exchange technologies used by e-commerce worldwide. The problem with the widespread implementation of ipsec at the moment is that Microsoft is up to its usual “embrace and extend” games with its (unnecessary and unhelpful) proprietary extensions to ipsec.