Hi,
I'm designing a web app and I am facing a design challenge. If there is a solution, the community at Tom's Hardware can probably come up with it.
The simplest way for me to make the use case and the need very clear, is for me to explain it in terms of a simplified app. If the problem can be solved for the simplified app, it will work for my actual app.
Club members are not in general fully trusted, and we do not want someone who is a member of the club, maliciously registering, through the app, a WIFi router which is not actually theirs. If someone maliciously did this, then travelers would be misled that a particular network was registered (legitimately) by a club member. We need security against that.
The problem comes down to: can we set up some system in which the app gets Alice to prove that she "owns" the network/router in question?
The solution has to be cheap, secure and technical. Ideally the same one works for all routers. But it could be useful if I can get a set of solutions which cover most modern routers.
There is an analogous problem with which most of us are familiar with the solution. An app often asks us for our email address when we sign up. This email address is the identifier of a resource (our mailbox) that we must prove we own. A common solution is that the app generates a secret code, sends it to that email address, and the owner must enter it into the app, proving that they own that resource.
ChatGPT is confidently telling me that there are no solutions to this problem with WIFI router current technology. Maybe it is right. However, it puts this forum at the top for where I might find a solution if it exists.
Solutions might entail use of :
If there were some way that an app can get a user to prove that they have the credentials to log into the router.
If routers have some built-in digital certificate.? Do they publish a public key, and then we can an app challenge someone to prove they own the private key.
Thanks
David
I'm designing a web app and I am facing a design challenge. If there is a solution, the community at Tom's Hardware can probably come up with it.
The simplest way for me to make the use case and the need very clear, is for me to explain it in terms of a simplified app. If the problem can be solved for the simplified app, it will work for my actual app.
- The simplified app belongs to a large club/society, and has a secure authentication system.
- A person (Alice) who owns a WiFi router with a public network has, through the app, registered their own WIFi router/network.
- A member of the club (Bob) is traveling and has the app on their smartphone.
- At any time, Bob can use the App and scan available networks. If the app finds in available networks, the network of a club member who has registered their network on the app, it is shown to Bob and they interact with it in some way through the app.
Club members are not in general fully trusted, and we do not want someone who is a member of the club, maliciously registering, through the app, a WIFi router which is not actually theirs. If someone maliciously did this, then travelers would be misled that a particular network was registered (legitimately) by a club member. We need security against that.
The problem comes down to: can we set up some system in which the app gets Alice to prove that she "owns" the network/router in question?
The solution has to be cheap, secure and technical. Ideally the same one works for all routers. But it could be useful if I can get a set of solutions which cover most modern routers.
There is an analogous problem with which most of us are familiar with the solution. An app often asks us for our email address when we sign up. This email address is the identifier of a resource (our mailbox) that we must prove we own. A common solution is that the app generates a secret code, sends it to that email address, and the owner must enter it into the app, proving that they own that resource.
ChatGPT is confidently telling me that there are no solutions to this problem with WIFI router current technology. Maybe it is right. However, it puts this forum at the top for where I might find a solution if it exists.
Solutions might entail use of :
If there were some way that an app can get a user to prove that they have the credentials to log into the router.
If routers have some built-in digital certificate.? Do they publish a public key, and then we can an app challenge someone to prove they own the private key.
Thanks
David
Last edited: