IBM researchers are proposing an approach to WiFi security they call Secure Open Wireless in light of the release of the Firesheep tool.
IBM is proposing a new approach to address WiFi security in the wake of the Firesheep plug-in for Firefox.
The Firesheep extension
can be used to hijack the sessions of people using unencrypted sites such as Facebook and Twitter
an open wireless network. The tool was released less than a week ago at
the ToorCon 12 conference in San Diego, Calif., and has since been
downloaded more than 440,000 times.
In response, IBM's X-Force team has gone public with what it calls "Secure Open Wireless." In a joint blog post
Tom Cross, manager of IBM Internet Security System X-Force Advanced
Research Team, and X-Force researcher Takehiro Takahashi, explained the
company has been working on a secure way to "set up an open access
point that has encryption and authentication of the network provider."
"If you think about how HTTPS works, you're establishing an encrypted connection
a Website, but you don't have to have a password set up with that
Website in order to establish that encrypted connection," they blogged.
"The security of an HTTPS session comes from the fact that the Website
you are connecting to presents a digital certificate, signed by a
trusted third-party certificate authority, demonstrating that the
Website you are connecting to legitimately controls the domain name you
are trying to reach."
In IBM's proposal, "the wireless networks would establish encrypted
connections with their clients by presenting a digital certificate
demonstrating that the operator of the access point is the legitimate
user of the SSID associated with that access point," the
Cross told eWEEK that X-Force has created a working demo using
Linux machines and a consumer-grade access point with minor changes to
a few open-source software packages.
"We have an approach that could allow home users and small
businesses to use unsigned certificates with a security model similar
to the one employed by SSH, where the first time you connect to an
access point your client caches the certificate that was used in
association with the access point's SSID, and then the next time you
connect to that SSID your computer will warn you if the certificate has
changed," he said. "This model has worked well with SSH and it is
certainly preferable to not having any encryption at all."
In the blog post, Cross and Takahashi used the example of an
open wireless network with the service set identifier (SSID) "ibm.com."
When a user connects, "our access point would send down a digital
certificate for 'ibm.com,' and your wireless client would establish an
encrypted connection with us, knowing that because the name in the
certificate is the same as the SSID, the network you are connecting to
must be run by IBM," according to the blog.
"The result would be that when you open up your wireless client you
could establish secure, encrypted connections to networks operated by
people (or companies) that you trust, knowing that those networks are
really operated by the people (or companies) that they claim they are
operated by without needing to have a password," the pair blogged.
This approach goes beyond SSL VPN (secure sockets layer virtual
private network) used by companies to enable remote intranet access
because those VPNs do not protect access to the entire Internet, Cross
Right now, Secure Open Wireless remains in the early stages - IBM
has a patent pending, as well as a paper with a technical
discussion on the subject that is a few months away from being
published. In the blog post, the researchers urged certificate
authorities, wireless access point manufacturers and others to get in
touch with X-Force on the issue.
"Our proposal is actually very easy to implement...The real challenge
is raising awareness about this approach and getting industry to adopt
it," Cross said.