Solwise pushes powerline Ethernet security - literally Networking specialist Solwise has introduced a powerline Ethernet adaptor it claims offer compete security literally at the push of a button. Solwise PL-200AV-Push Solwise's PL-200AV-Push: 128-bit AES encryption at the push of a button The PL-200AV-Push is based on the 200Mb/s HomePlug AV networking-over-mains-cabling …
By saying "It also claimed the adaptors would be handy for people setting up a network on shared mains wiring and who want to avoid other folk snooping on their data"
Wouldnt that mean that anyone could buy one of these, plug it into the socket and hit the button and then join the network?! That looks pretty unsecure to me?
> It also claimed the adaptors would be handy for people
> setting up a network on shared mains wiring and who
> want to avoid other folk snooping on their data.
..and whose neighbours don't also have Solwise Push adaptors installed presumably ? Think about it.
In one part the article says "It also claimed the adaptors would be handy for people setting up a network on shared mains wiring and who want to avoid other folk snooping on their data."
But above it says "the adaptor will generate an encryption key to 128-bit AES standard and share it among all the other PL-200AV-Push adaptors on the network".
Doesn't that mean if your neighbour has one of the same adaptors he gets sent your key? Or do you have to rush round and set the adaptors into receive mode somehow?
A device that negotiates with *every* device it can reach when you 'press the button'? That can only manage to be secure if nobody else is around whenever you set/reset the little darlings. All your 'snoopy neighbour' needs to do is buy one, plug it in and wait. If they can hear your traffic, your marvellous little bottle of snake-oil will just as happily securely comminucate with their listening device as well as your own.
So you encrypt your data by pushing the button on *any* equivalent unit, which then tells all the other units what the new code is?
How does this stop a passing black hat with a similar unit just plugging it in and pushing his own button (ooer, missus!), thereby performing the classic man-in-the-middle attach?
What aren't they telling us?
Neil
So, let me see...
The devices use 128-bit AES encyption to ensure that unexpected "foreign" devices cannot sniff the data stream. Then there's a simple button to tell all the other connected devices how to read the data stream.
Doesn't this rather defeat the object of having encryption in the first place? After all, if I don't know there are foreign devices connected on the same mains loop as I'm using, then how can I know to ask my neighbour to unplug them while I update the security of my own devices?
Sigh.
Chris
Well, that assumes that's what your neighbour uses, that you know as much, and that there's no meter between your electricity supply and his.
And this'll only work with Solwise kit suitably upgraded, as per the story. Other 200Mb/s HomePlug AV boxes won't change encryption keys if you push the button.
Thanks for that, I was about to post the same clarification myself. I was thinking of modern apartments with non-shared wiring, as well as individual detached housing. And as for shared networks, yes, it still relies on your "nosy neighbour" having purchased the exact same brand and model as you. I know of two PowerLine networks around here, and one runs on A-Link hardware, the other on Linksys stuff, and they're not on the same power network. No problems.
Powerline ethernet is not Windows only, I have both an Xbox running XBMC and a Linux file server using it. The issue the manufacturer is addressing is that in previous iterations you can only set the encryption key on your homeplugs with a Windows program.
It's a fairly moot point for most people as the attenuation in your meter will stop any data leaking out of your house. If an attacker is willing to break in to tap your mains wiring there are generally much more straightforward vectors for them to compromise your network - physical access is more or less equivalent to root access.
Still not the point - they advertise this as a secure device per se. If no-one can reach your 'network' - i.e. your own supposedly isolated bubble of power lines - then you don't need the security; you already have isolation security. If you do need it then a device which has no concept of key privacy is no security at all. Changing keys is not the issue; exchanging keys with any 'suitable' device is the issue.
in order to connect securely.
It's a feature of the new firmware from Intellon, the chipset supplier. Several of the Homeplug suppliers will be making this feature available over the coming 2-3 months. Also, though it's not mentioned here, there is a feature which gives some bandwidth indication - so you can see immediately if there is an issue (I'm not sure if the ODM which Solwise buys their product from - usually Aztech or Gigafast - has implemented this). Usually, with homeplug devices, deterioration in bandwidth is because you have plugged a mobile phone charger, or CCFL lamp, into the next power socket of your power strip (move it and it will improve) or you have plugged into a power strip with "protection" filter...
You don't need to set up a network key in order to use the existing devices, they will work without that - so you can use with your Xbox or Linux box, Mac, etc., but if you want to set up a key, you need to configure by using software on a PC; I believe only Devolo and LEA have software that runs on Linux and Mac at the moment, so this "pushbutton" network key is a good step forward.
BTW, unlike WiFi networks, a powerline network is very unlikely to be seen by your neighbours - as the signal is attenuated by distance and, more importantly, will not pass through the transformer at your electricity meter.
Oh come on Tony - surely you realise how idiotic that article is. It was obvious to me that these devices MUST work in exactly the same way as DECT cordless phones - you need access to BOTH ends of the connection to authorise it. On a DECT phone, you tell the handset to look for a base and you hold down the button on the base for several seconds to cause it to open itself up to new connections for a short period. Thank you to Anon above for going to the effort of confirming that's what really happens, rather than shooting from the hip as most of the rest have done.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
