open80211s 0.4.0: "Hardimesh" (May 4th 2011)

Last release introduced SAE authentication (contributed by Dan Harkins, open80211s' Chief Security Advisor). This release adds encryption support for data and management frames as well as broadcast management frame protection.

Temporal keys are derived (MTK, MGTK) and a ciphersuite is negotiated via the Authenticated Mesh Peering Exchange protocol. AMPE frames are self-protected and authenticated using AES-SIV (also contributed by Dan).

The end result is a robust mesh network that won't be disrupted by any means other than a full scale microwave oven attack.

Components

New features

  • Super-duper security: protected and authenticated peering frames, encrypted unicast and broadcast data frames, encrypted unicast path selection frames, tamper-proof broadcast management frames.
  • Minor but also relevant: frame format updates, fixed a few locking bugs and replaced some early-draft element identifiers with ANA-approved ones

Bonus

Notes

  • As usual, and until the 11s standard is ratified, we don't support backward compatibility. If you decide to try this release you will need to update all the nodes in your mesh.

Thanks

  • Did we thank Dan Harkins yet? He made this release possible first by designing SAE and second by making his reference implementation available to the world.