Johann's Research
This is some of the stuff that I'm busy with:
High Performance Node - WEP/WPA
One of the requirements of the High Performance Node is to have WEP or WPA enabled between the wireless links of the mesh nodes. WEP and WPA are both methods enable the encryption of data before it is send over the air. WEP (Wired equivalence privacy) is an older standard and it makes use of a WEP encryption engine while the newer WPA standard added the use of an AES encryption engine. WEP encryption has some security flaws embedded into the protocol and there are several tools available on the Internet that can crack WEP keys. These tools are more effective with the cracking of 64bit WEP keys than with 128bit keys and they require a large amount of captured data. Note that not all WEP keys can be cracked, but only weak keys and that in WPA these security flaws were addressed and fixed.
Wireless adapters on Unix Systems can operate in three different modes: Client, Hostap (Access Point) and Adhoc mode. Most of implementations of wireless (802.11) networks are based on a model where there is one Access Point with several wireless clients attached to to it.
AP / client pic
Wireless Mesh networks make use of the less tested Adhoc mode of 802.11.
Mesh network pic
WEP and WPA requires a couple of kld's to be loaded before they can be configured. The following kld's should be added to loader.conf wlan_acl_load="YES" wlan_amrr_load="YES" wlan_ccmp_load="YES" wlan_tkip_load="YES" wlan_wep_load="YES" wlan_xauth_load="YES"
WEP
Enable and test WEP in Adhoc mode on the HPN. WEP makes use of a single PSK that needs to be configured on all the wireless nodes. Any node or wireless device that is configured with this PSK will have the capability to crypt and decrypt these wireless packets. There are two methods to configure WEP in FreeBSD. You can use either use ifconfig directly or you can make use of the WPA supplicant utility.
ifconfig e.g.
mesh-9e69:~ # ifconfig ath0 10.10.1.2/24 wep deftxkey 1 wepkey 128bitwepison mesh-9e69:~ # ifconfig ath0 ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 00:80:48:50:9e:69 inet6 fe80::280:48ff:fe50:9e69%ath0 prefixlen 64 scopeid 0x1 inet6 fd9c:6829:597c:20:280:48ff:fe50:9e69 prefixlen 64 inet6 fd9c:6829:597c:20:: prefixlen 64 anycast inet 10.10.1.2 netmask 0xffffff00 broadcast 10.10.1.255 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <adhoc> status: associated ssid ptamesh channel 13 (2472 Mhz 11g) bssid 56:e5:be:30:14:5a authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit txpower 31.5 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi11g 7 roam:rate11g 5 protmode CTS burst
Test configuration:
Host A ----- wep ------- Host B ----- wep Host C
Enable WEP on three mesh nodes and test connectivity.
mesh-9e69:~ # ping6 ff02::1%ath0 16 bytes from fe80::280:48ff:fe50:9e69%ath0, icmp_seq=87 hlim=64 time=2.122 ms 16 bytes from fe80::280:48ff:fe50:9ddd%ath0, icmp_seq=87 hlim=64 time=5.625 ms(DUP!) 16 bytes from fe80::280:48ff:fe50:9a44%ath0, icmp_seq=87 hlim=64 time=32.358 ms(DUP!)