Sending bills or medical diagnosis through cleartext email has obvious security problems, but forcing users to log into every service provider webpage to download updates has major usability problems and doesn't scale. I propose a third alternative.
Why For analysing what devices do on a network - specifically the shared medium of a wireless LAN - just packet tracing based on IP address is often not sufficient. There are multicasts, the initial DHCP requests, and potentially other types of traffic not captured by that. Even MAC address based packet tracing is problematic given recent defaults of MAC address randomization e.g. on Android (default since Android 10, optional before).
Why Tor allows to anonymize Internet traffic through onion routing, typically via 3 separate hops. At INS, we run one of the fastest Tor exit nodes in Austria, and provide statistical data on its usage. For more details, please check those project websites.
On my personal home network, I use Tor - among other reasons - to test various devices such as mobile phones, tablets, etc. with apps I do not necessarily trust, “smart home” / IoT style devices, or wearables.
[Finished Jan. 2008] Research into context-based device-to-device authentication.
[Finished Sept. 2014] Open source Ubiquitous Authentication Toolkit
[Finished Jan. 2008] Relative spatial positioning
[Finished/closed] A Linux firewall/UTM distribution with read-only root file system.
In this work we propose a secure communication concept for the protection of critical power supply and distribution infrastructure. Especially, we consider the line current differential protection method for modern smart grid implementations. This …
[Running] High-bandwidth Tor exit node at JKU/INS for research on use of anonymization
[Finished/stopped] A personal Dropbox replacement based on Git
How to set up an OpenWRT router/gateway as an IPsec/L2TP gateway for Andoid and iPhone clients The only “reasonable” (that is, not counting PPTP due to its known security issues) VPN protocol supported by default on non-rooted / non-jailbroken Android / iPhone phones as clients is the combination of IPsec and L2TP. Most probably, this was chosen due to its out-of-the-box support by newer Windows clients and MacOS/X as well.
Introduction After some work on getting the Austrian Bürgerkarte to work under Linux, I have now decided to acquire some know-how about using more general smart cards under Linux. After some quick research, the Aladdin smart cards seem to be supported fairly well, so I ordered a bunch of different types. This page details how to make them work (my principal systems are running Debian or Ubuntu, but most should be applicable to any Linux distribution).
Imagine the following setting: there is some (possibly 802.11a/b/g wireless) network, which can range from a single access point to a complete backbone network of access points working together via WDS, or even a wired network infrastructure. This (W)LAN should serve two purposes:
act as an open “hotspot” type network where users do not need any special client configuration to use it (other than maybe a username/password combination or some prepaid account) simultaneously allow registered/special users to use it for purposes that are not open to the first public group These are usually seen as two different use cases, and both are already in extensive use.
[Finished] Filtering patches for Squid proxy