Internet Security Systems - AlertCon(TM)

Secure Open Wireless in the Blackhat Arsenal

Posted by Tom Cross on August 01, 2011 at 1:12 PM EDT.

I'm excited to announce that we will be demoing Secure Open Wireless at Blackhat Briefings in Las Vegas on Thursday afternoon, in Blackhat Arsenal Pod 6.

Secure Open Wireless is a project we've been working on that promises to significantly reduce the security problems that plague 802.11 wireless networking today. We first discussed it on this blog back in October, when Firesheep was released. Today, 802.11 wireless networks either require an access credential like a username and password, or they are completely unencrypted and subject to passive sniffing and other attacks. Secure Open Wireless provides a way to operate an open wireless network that does not require client authentication, but still provides privacy encryption. It completely eliminates the risk of passive sniffers like Firesheep, and also substantially reduces the threat of rogue access points by providing wireless users with a cryptographically protected way to identity the operator of the network they are connecting to.

In conjunction with Blackhat we will be releasing our full research paper, a detailed presentation, and a GPLv2 licensed proof of concept implementation, all of which will be posted to this blog in the coming days.

So, stay tuned, and if you're at Blackhat, please come by and see us on Thursday!

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.