New Encryption System Design that works with wireless drivers.

Robert Denier denier at umr.edu
Sat Feb 19 12:13:17 EST 2005


This is slightly OT since this test system design works by minor patches
to the orinoco drivers, however creating a patch for hostap, or perhaps
coming up with a more generic interface for this shouldn't be that hard.
Let me know if you use this and areas where you would like improvements.
Actual work on it will depend on time available of course.  

As part of my PhD work at the University of Missouri Rolla I developed a
new encryption system and released it under the GPL.  It uses elliptic
curve cryptography to create a system for secure and private
communications at the network level.  I have tested it and it works well
in my test environment.  (The  html post was required to get the
information copy pasted at the end to look right.)

Specific Details

163 bit elliptic curve encryption -- equivalent to 1024bit RSA
128 bit AES encryption for established links.  (Every possible path uses
a unique key.)
Elliptic Curve Digital Signature algorithm signatures for verification
of packet sources as necessary.
To the extent feasible, all insiders are limited in even determining the
source or destination of packets.  (The full design requires new
hardware to perfect this idea.)

The sourceforge page for the project is still pending since the unix
name ses was in use.  For now I am putting a release at.  I'm using
http://www.finiteinfinity.com/ses/index.html as a seperate web page for
the project.

http://www.finiteinfinity.com/ses/releases/ses-0.1.tar.gz

>md5sum ses-0.1.tar.gz
42825beec7caea06e4ca896d7adfbe52   ses-0.1.tar.gz

------------------

For the curious a sample station printout from a running system follows.
The traffic was fairly light.  It was just an internet radio station to
one pc and a couple pings to make sure the links from 2 other stations
were current.  I haven't decided how much documentation to put online or
under what license at this time.

----------------------

Since this is somewhat off topic for this list it might be best to
contact me off list with questions unless of course the maintainers are
really interested in this topic.  Note that I cannot accept any
patches/additions that are not free code since I hope to eventually have
a chance to sell a later version under another license so I can pay
bills/loans/etc...

---------------------


SES: Doing full printout of all stations.
SES: ------------------Begin Listing -------------------------
SES: print_station() -
[real_mac=00:06:25:2B:60:A4][fake_mac=E6:86:89:24:7B:F1][Ipv4=192.168.1.3]
Public_Key=0700000068B077399FE7C6C75C93CD01BE5A67720432DBE602000000FEDFE15C0EE3D6E8427520203E5E16FF58DA9E5B
    [Age A = 028:10][Path A = 0x3F3019EA][Key confirmed][Up to date]
    Send A
[key=FA65C0B3EE616CE9269BBDA784A27C16][iv=6B9D03A7D85CACB879D400BA51F1CC67]
Received A
[key=3088AF4F0DDA62B8FD5D9783827868EC][iv=A41CAEEF7FF91E19A2586D7870759FFE]
    [Age B = 059:40][Path B = 0x7FF0988D][Key confirmed][Useable]
    Send B
[key=6072C239575E1224C0C7B9093E6F300B][iv=D1AFAEDBC4BF5067C002FEC33CAA81AC]
Received B
[key=CD733643AE6B0012CE9152B5E04F67E8][iv=CB9194827DF1D5E5430A30438D454507]
A possible next key is the UNICAST_A key.

SES: print_station() -
[real_mac=00:09:5B:68:4D:62][fake_mac=00:00:00:00:00:00][Ipv4=192.168.1.4]
Public_Key=0400000003603846BFCF5BDD3CD5310C5EB69A9C576E335A070000006B983178559D71C0E0018A472BDB5F05A8A6BE64
A possible next key is the UNKNOWN key.

SES: print_station() -
[real_mac=00:09:5B:91:66:82][fake_mac=00:00:00:00:00:00][Ipv4=192.168.1.11]
Public_Key=07000000684F58E808B5BED186EDE5A467DDF2EAD2B49EEC0400000097548379788B7EF13769D78B8DEAC76D076A0F7B
A possible next key is the UNKNOWN key.

SES: print_station() -
[real_mac=00:09:5B:67:91:EA][fake_mac=32:E7:7C:38:3E:08][Ipv4=192.168.1.2]
Public_Key=01000000EB841297954D0A171E494E978E287128D52CD592060000002F84386C8C17CA033B4F98A89AD4CB06424C69A7
    [Age B = 000:28][Path B = 0x4F0BE95F][Key confirmed][Up to date]
    Send B
[key=6925EE7C77CAB63218B3376372743788][iv=7AB51628931DD26564EB79F49A96A382]
Received B
[key=DD72DE074F449E685D927A8EB7A7B5CE][iv=B54F6FE437829C331D5EDEDDF388CD63]
    [Age D = 000:19][Path D = 0x247D0A1A][Key confirmed][Up to date]
    Send D
[key=9CF5D9C4CFB596FA4176F5C2A86D0017][iv=E6B3A198A0FF2DE0CE31D360640054D5]
Received D
[key=A5A25EE5482F15A871E4CB52AF087D81][iv=F1120B8C1D9E03F4FC2412B2D92E159E]
A possible next key is the UNICAST_B key.

SES: print_station() -
[real_mac=00:09:5B:91:69:CE][fake_mac=E2:A8:07:5A:B6:23][Ipv4=192.168.1.1]
Public_Key=03000000569F54F63EE3D277B0EAE3CFF015C58F1C7B619E07000000197E2C732E79A1D578AA107BE96B85AE8A16B297
    [Age A = 000:39][Path A = 0x4F4FDA30][Key confirmed][Up to date]
    Send A
[key=2BA71540441027AB259DB1B3CEEF9CA8][iv=3882A8300207A2453F6D0B48CF3F3A0F]
Received A
[key=1BA3D2801DABBFEE0AB4D361B511F80A][iv=6585995141F8B885143234007E345CE6]
    [Age B = 888:01][Path B = 0x48259293][Key confirmed][Expired]
    Send B
[key=EDC26AAE216FEDD5E96356004863FD40][iv=BC04A0B63C2225791C84D66A03D4F82B]
Received B
[key=2537B8623A39CC525E6B924A1A540360][iv=CD0CFFF0B890CDCDA04F1A5F0F18F4D0]
    [Age C = 000:31][Path C = 0x3043EA4A][Key confirmed][Up to date]
    Send C
[key=EEFD438DF405FDC93788E2B3B50FE7CC][iv=86AF4E18ADC845DCB68CA972D9146AB5]
Received C
[key=28AD6A27DA2E1FC6F4BE37827809DBB1][iv=342FC1C3C492ADE4681E22D939E1C2CF]
    [Age D = 887:53][Path D = 0x432B949B][Key confirmed][Expired]
    Send D
[key=C1E132EC89A49C275CD819FE6A2DF930][iv=0136843C5AEA1F5B9987D9E77DCCBE43]
Received D
[key=AFF3D218CE944222B573C34836C4857F][iv=7B50256CA2C65B85E546C78FCD62A2EB]
A possible next key is the UNICAST_A key.

SES: -------------------End Listing---------------------------
SES: Moving average of pad bytes per packet multiplied by 1000 = 4416
SES: Listing Ends.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050219/bc03bd08/attachment.htm 


More information about the HostAP mailing list