Secure Open Wireless in the Blackhat Arsenal
Posted by Tom Cross on August 01, 2011 at 1:12 PM EDT.
Secure Open Wireless is a project we've been working on that promises to significantly reduce the security problems that plague 802.11 wireless networking today. We first discussed it on this blog back in October, when Firesheep was released. Today, 802.11 wireless networks either require an access credential like a username and password, or they are completely unencrypted and subject to passive sniffing and other attacks. Secure Open Wireless provides a way to operate an open wireless network that does not require client authentication, but still provides privacy encryption. It completely eliminates the risk of passive sniffers like Firesheep, and also substantially reduces the threat of rogue access points by providing wireless users with a cryptographically protected way to identity the operator of the network they are connecting to.
In conjunction with Blackhat we will be releasing our full research paper, a detailed presentation, and a GPLv2 licensed proof of concept implementation, all of which will be posted to this blog in the coming days.
So, stay tuned, and if you're at Blackhat, please come by and see us on Thursday!