Networking specialist Solwise has introduced a powerline Ethernet adaptor it claims offer compete security literally at the push of a button. Solwise PL-200AV-Push Solwise's PL-200AV-Push: 128-bit AES encryption at the push of a button The PL-200AV-Push is based on the 200Mb/s HomePlug AV networking-over-mains-cabling standard …
"Want to add another device at a later date? Plug it in and push the button again."
Want to snoop on your neighbour's network? Buy one of these, plug it in and press the button - then it will add itself to the existing network!
Okay, it's Windows-only (for the time being), but this is beginning to look like a good, easy, fast, secure networking solution you can give to granny or other computer-illiterates for home use. Yay for progress!
Good idea, but errr
By saying "It also claimed the adaptors would be handy for people setting up a network on shared mains wiring and who want to avoid other folk snooping on their data"
Wouldnt that mean that anyone could buy one of these, plug it into the socket and hit the button and then join the network?! That looks pretty unsecure to me?
Thou shalt not encrypt thy neighbours life
> It also claimed the adaptors would be handy for people
> setting up a network on shared mains wiring and who
> want to avoid other folk snooping on their data.
..and whose neighbours don't also have Solwise Push adaptors installed presumably ? Think about it.
How does that work then?
In one part the article says "It also claimed the adaptors would be handy for people setting up a network on shared mains wiring and who want to avoid other folk snooping on their data."
But above it says "the adaptor will generate an encryption key to 128-bit AES standard and share it among all the other PL-200AV-Push adaptors on the network".
Doesn't that mean if your neighbour has one of the same adaptors he gets sent your key? Or do you have to rush round and set the adaptors into receive mode somehow?
A device that negotiates with *every* device it can reach when you 'press the button'? That can only manage to be secure if nobody else is around whenever you set/reset the little darlings. All your 'snoopy neighbour' needs to do is buy one, plug it in and wait. If they can hear your traffic, your marvellous little bottle of snake-oil will just as happily securely comminucate with their listening device as well as your own.
"It also claimed the adaptors would be handy for people setting up a network on shared mains wiring and who want to avoid other folk snooping on their data."
Doesn't evil Bob just have to plug in his own adapter and press the button on it ?
What's to stop my neighbour from buying the same model plug, pressing the button, and having full access to my network? How does this improve security at all, if nodes can be added arbitrarily without my permission, or even my knowledge?
I must be missing something...
Am I missing something?
So you encrypt your data by pushing the button on *any* equivalent unit, which then tells all the other units what the new code is?
How does this stop a passing black hat with a similar unit just plugging it in and pushing his own button (ooer, missus!), thereby performing the classic man-in-the-middle attach?
What aren't they telling us?
AES security misses the mark completely
So, let me see...
The devices use 128-bit AES encyption to ensure that unexpected "foreign" devices cannot sniff the data stream. Then there's a simple button to tell all the other connected devices how to read the data stream.
Doesn't this rather defeat the object of having encryption in the first place? After all, if I don't know there are foreign devices connected on the same mains loop as I'm using, then how can I know to ask my neighbour to unplug them while I update the security of my own devices?
Re. Nosey neighbours
Well, that assumes that's what your neighbour uses, that you know as much, and that there's no meter between your electricity supply and his.
And this'll only work with Solwise kit suitably upgraded, as per the story. Other 200Mb/s HomePlug AV boxes won't change encryption keys if you push the button.
@ Tony Smith
Thanks for that, I was about to post the same clarification myself. I was thinking of modern apartments with non-shared wiring, as well as individual detached housing. And as for shared networks, yes, it still relies on your "nosy neighbour" having purchased the exact same brand and model as you. I know of two PowerLine networks around here, and one runs on A-Link hardware, the other on Linksys stuff, and they're not on the same power network. No problems.
Works with anything...
Powerline ethernet is not Windows only, I have both an Xbox running XBMC and a Linux file server using it. The issue the manufacturer is addressing is that in previous iterations you can only set the encryption key on your homeplugs with a Windows program.
It's a fairly moot point for most people as the attenuation in your meter will stop any data leaking out of your house. If an attacker is willing to break in to tap your mains wiring there are generally much more straightforward vectors for them to compromise your network - physical access is more or less equivalent to root access.
Still not the point - they advertise this as a secure device per se. If no-one can reach your 'network' - i.e. your own supposedly isolated bubble of power lines - then you don't need the security; you already have isolation security. If you do need it then a device which has no concept of key privacy is no security at all. Changing keys is not the issue; exchanging keys with any 'suitable' device is the issue.
Need physical access to existing device to pair
You can download the manual from the solwise website, you need physical access to a device that has already paired it's network name to enable the new device to connect, so not as bad as previous comments make out.
Yes, you need to press a button on one of the existing paired devices
in order to connect securely.
It's a feature of the new firmware from Intellon, the chipset supplier. Several of the Homeplug suppliers will be making this feature available over the coming 2-3 months. Also, though it's not mentioned here, there is a feature which gives some bandwidth indication - so you can see immediately if there is an issue (I'm not sure if the ODM which Solwise buys their product from - usually Aztech or Gigafast - has implemented this). Usually, with homeplug devices, deterioration in bandwidth is because you have plugged a mobile phone charger, or CCFL lamp, into the next power socket of your power strip (move it and it will improve) or you have plugged into a power strip with "protection" filter...
You don't need to set up a network key in order to use the existing devices, they will work without that - so you can use with your Xbox or Linux box, Mac, etc., but if you want to set up a key, you need to configure by using software on a PC; I believe only Devolo and LEA have software that runs on Linux and Mac at the moment, so this "pushbutton" network key is a good step forward.
BTW, unlike WiFi networks, a powerline network is very unlikely to be seen by your neighbours - as the signal is attenuated by distance and, more importantly, will not pass through the transformer at your electricity meter.
Oh come on Tony - surely you realise how idiotic that article is. It was obvious to me that these devices MUST work in exactly the same way as DECT cordless phones - you need access to BOTH ends of the connection to authorise it. On a DECT phone, you tell the handset to look for a base and you hold down the button on the base for several seconds to cause it to open itself up to new connections for a short period. Thank you to Anon above for going to the effort of confirming that's what really happens, rather than shooting from the hip as most of the rest have done.