Friday, February 29, 2008

Scanning and Jamming Wireless

So, I was kicked back, having a drink or two and enjoying my time away from vista (more on that in another blog) and thinking. For some reason, my mind went to WWII, and America's invention of a radio jamming defense system. It dawned on me that the same technique could be applied in reverse to protect wireless access points.

Current wireless protection depends on encryption standards. While these standards can be rather good, they rely on the premise that the data will be long out dated and useless by the time an attacker could crack the encryption protecting it. Indeed, (theoretically speaking), a 16 character password using upper case, lowercase, special characters (not on the top row) and numbers would take more than one person's life time to break.

However, as computers and processors become more and more powerful, the time required to break encryption dramatically falls to a mere fraction of what it once was. Current computers would take only a few seconds to crack the encryption that enigma machines used in WW2.

So why bother with a jamming procedure which was invented in WW2? Because it is the basic premise that can be replicated and updated to fit our needs today. The machine that I am talking about worked using a device similar to the old rotating drum inside a piano. The device would cycle channels, and only using another key that matched exactly would allow you to change channels in sync with anyone else you needed to communicate with. By the end of the war, the German's could not listen in on American or British communication, and could not jam a broad enough spectrum of channels to prevent communication either. Here is the basic outline:

You have a large corporate campus. AP's are scattered all over it so that employees can use laptops to complete work. Each laptop is set up with special software that syncs with the AP controllers. Every one second (probably less, 250ms would probably be better) the channel changes on the AP's. The laptops change along with the AP's, so the connection is not lost.

Now, this prevents someone from simply pulling ivs (you did read my wep hacking tut, correct?) But it doesn't prevent them from scanning channels, and eventually discovering the pattern.

So you have to use a jammer as well. This operates at the same rate as the AP's, except it jams every channel except for the one in use. This way, their AP should continue to fail to find any transmissions, and should hopefully be instantly disconnected from any connection they may get on accident.

Just a thought, and requires a lot more in depth though and engineering than this blog entry includes.

No comments: