An .public white paper by Alf Watt.
Recent articles in the NYT1 and other outlets lead people to believe that unrestricted access to the internet over open wireless networks is tantamount to walking down the street naked while providing aid to criminals. This sentiment appears in print, on the web and on news broadcasts every day and a drumbeat of security warnings are issued to spur people to purchase network security devices and software which claims to protect them from unspecified threats to their computers and personal information.
A survey of the computer security landscape shows that current practice is badly broken for end users[*]. The common use of insecure protocols over public networks has led to degraded privacy for individuals and businesses[*] and the reliance on perimeter security has created a large population of insecure computers attached to the internet. These conditions have given rise to pandemic spyware and ad-ware infection rates[*] and the formation of huge bot-nets of 'zombie' computers[*], which are no longer under their owners control.
In this white-paper I intend to show that open networks and secure protocols are the only reasonable way to protect users from these threats because only secure application level protocols provide levels of security, ease of use and cost efficiency which match the expectations of end users.
These arguments apply equally to wired and wireless links, although the focus is on wireless due to it's lack of physical security.
The basic argument for encryption is that network security can be provided by creating a secure perimeter around a private network[*]. At the network gateway there is a firewall or NAT preventing connections to internal machines form the public internet and on the wireless side there are various encryption technologies available to protect wireless links[*], wired equipment is generally presumed to be protected by physical security[*]. Once perimeter security is established the network is declared secure and all internal communication is considered private.
In this private network protocols can be used unencrypted, passwords can be simple and the network administrator sleeps well at night secure in the knowledge that all the evil on the network is safe outside.
Unfortunately, this argument ignores many realities of modern networks: increased mobility leading to spy-ware and viral infections contracted when outside the security perimeter turns private networks into the petrie dishes of the internet. Their border security completely unaware of and unable to mitigate the threats brewing within. In this scenario a breach of border security can be disastrous if the internal network uses insecure protocols and other relaxed security measures since it gives an attacker an internal platform to launch further exploits.
Wireless networking is new technology quickly making inroads into many peoples lives, at the same time it involves complicated systems and invisible waves. Many people have a hard time understanding how wired networks function and adding wireless to the mix makes it particularly easy to provoke a fear response[*]. Media and industry have both taken advantage of this to increase readership and sales without improving the security situation for end users.
Open networks and secure protocols make for better security, improved performance, easier configuration and encourage open access to the internet while allowing for maintenance and analysis. Performance comes from removing the overhead associated with encryption, access is improved by making it simpler to connect new computers to the network.
Encryption takes time and space, time to encrypt and decrypt the message and space to transmit the key material in the encryption phase. By encrypting the link layer in bulk the overall performance of the network is reduced and latency is increased. Transmitting 100 bits in plan-text takes exactly 100 bits, the same encrypted data will be the same size but additional cryptographic material must be transmitted on a regular basis to provide proper security[*]. Those using secure protocols on encrypted networks are effectively double taxed by link layer encryption, as are applications which do not require privacy such as streaming audio as well as broadcast protocols.
Network throughput and latency degrade further when multicast and broadcast packets are sent to encrypted networks, especially those which utilize per-client keys as they must be rebroadcast on using a separate key for each client. Tests against some common access points show a XX% degradation in throughput for WPA networks vs. open systems. WEP does not typically suffer in terms of throughput but latency can suffer as a result of time taken for the block cypher to encrypt and decrypt packets.
Closing your network generally serves network providers purposes by discouraging bandwidth sharing which can undercut their over-subscription model. It also eliminates a method for attaining real anonymous use of the network, something which creates real freedom of speech in the digital era.
On a more practical level incompatible security implementations mean that granting access to a visitor can become a major hurdle and adding devices to the network can require outside assistance due to the complexities of working security systems.
Since open networks do not provide inherent security, the application layer must provide it by adding secure features to it's communications protocols. This is preferable to relying on the underlying link for security because the application can tightly control the security of it's network while escaping the performance penalties discussed in the performance argument. Secure protocols also have the extra benefit of being easily upgraded, unlike encrypted links which require that hardware be replaced or upgraded before flaws can be patched.
When dealing with public networks such as the internet, relying on the privacy of the link layer is never a secure solution. Even with encrypted links most of the time users on the same network will be able to see each other's traffic in plain text, since they all share the same key. This is desirable from a interoperability point of view but it completely removes any expectation of privacy.
Security is the job of application layer protocols, only at that layer can the encryption be trusted by the end user application, such as a web browser and only then
The networks link layer is almost universally handled by dedicated hardware, adding encryption and security features to hardware removes the opportunity for easily upgrading the encryption scheme when vulnerabilities are found. Consider the fate of WEP, still a standard on all access points even though it's been known for years that it provides weak protection but the installed base of hardware demands future support from vendors to retain Wi-Fi certification and backwards compatibility.
The arguments typically presented for securing wireless networks are problematic at best, while there are situations when the tradeoff in performance and ease of use is appropriate the resulting security stance is difficult to defend when combined with the very mobile devices it is intended to protect.
The burden here rests firmly on the shoulders of software developers and network service providers to immediately transition to the use of secure application layer protocols, unfortunately there is little economic incentive for them to do so and we find ourselves in a situation where security and privacy of users take a back seat.