[Mesh] Changing your MAC address

Mitar mitar at tnode.com
Thu Nov 21 14:13:20 PST 2013 

Hi!

No problem, it just made me realize that my e-mail was depressing. :-)

In any case, we might first try to define:
- who is adversary and adversary's capabilities, so, a security model
- what features would we want of the network

For example, do we want that anybody can attach a new routing device to
the network without any registration somewhere, and verification,
anything? Do we want to provide end-users with roaming? And so on.

Having a clear list of all this would help us then see possible
conflicting or aligned concerns.


Mitar

> My last email was poorly timed with the reception of your previous
> email, no relation sorry, always enjoying your insight :)
> 
> --
> -- rhodey ˙ ͜ʟ˙
> 
> On 11/21/2013 02:01 PM, Mitar wrote:
>> Hi!
>>
>> Just to make sure, because I now see my last e-mail as very depressing.
>> I just explained where most of open source effort in mesh routing
>> protocols was spend until now, but I do think that it is maybe time that
>> we are start spending energy on privacy and security of mesh networks as
>> well. But to my knowledge there is no clean and already made solution
>> out there yet. But let's make it!
>>
>>
>> Mitar
>>
>>> Hi!
>>>
>>> Mesh networks and open source routing protocols we are using in general
>>> have a lousy security properties because at least until know development
>>> was mostly concentrated on getting routing itself to work properly (no
>>> loops and so on) in a all the time changing wireless networks with
>>> packet losses, where anybody can join in and add their own routing
>>> device. In comparison, Internet itself has very similar bad security
>>> properties, but there not everybody can deploy a BGP router. In mesh
>>> networks, people can deploy an equivalent to the BGP router. Which is
>>> what we want.
>>>
>>> Cjdns is trying to address some of this issues:
>>>
>>> https://en.wikipedia.org/wiki/Cjdns
>>>
>>> But from what I understand it is more of a Internet overlay network, so
>>> using VPN tunnels, and not really for wireless mesh networks. It can
>>> work in wireless mesh as it is transport agnostic, but I am a bit
>>> skeptical about performances there. Which is probably reasonable,
>>> because it is a trade-off between security and usability. Still, the
>>> security and privacy of end-users (those connecting through APs) is
>>> another question.
>>>
>>> There were some other proposals made in time, but at general you have
>>> always the same issue: if you allow untrusted (in security sense of
>>> trusted) devices to route in your network, you have a hard problem. A
>>> problem which is scope of much scholarly research and publications.
>>>
>>>
>>> Mitar
>>>
>>>> On Wed, Nov 20, 2013 at 10:50 PM, Mitar <mitar at tnode.com> wrote:
>>>>> I would be more interested in what happens to the arp table. Does it grow?
>>>>
>>>> It appears to be staying up-to-date. At this very moment there are 5
>>>> obsolete dhcp leases hanging around, but none shows up in
>>>> /proc/net/arp
>>>>
>>>> After a week of this, I'm wondering if it's better to dissociate this
>>>> stuff entirely from the network logic. Maybe all interfaces should
>>>> just be randomized at boot time and/or every 24 hours, no matter what
>>>> the network is doing. Seems a lot less complicated.
>>>>
>>>> I'm also now skeptical that a malicious network couldn't work around
>>>> any of these tricks as long as you remain in their range. If one
>>>> device appears as soon as the other leaves, at the same location, they
>>>> can make a good guess that it's still you.
>>>> _______________________________________________
>>>> mesh mailing list
>>>> mesh at lists.sudoroom.org
>>>> http://lists.sudoroom.org/listinfo/mesh
>>>>
>>>
>>
> _______________________________________________
> mesh mailing list
> mesh at lists.sudoroom.org
> http://lists.sudoroom.org/listinfo/mesh
> 

-- 
http://mitar.tnode.com/
https://twitter.com/mitar_m

More information about the mesh mailing list