Question Can a web app get user to prove they own router?

[david.reynolds353]

Hi,

I'm designing a web app and I am facing a design challenge. If there is a solution, the community at Tom's Hardware can probably come up with it.

The simplest way for me to make the use case and the need very clear, is for me to explain it in terms of a simplified app. If the problem can be solved for the simplified app, it will work for my actual app.

1. The simplified app belongs to a large club/society, and has a secure authentication system.
2. A person (Alice) who owns a WiFi router with a public network has, through the app, registered their own WIFi router/network.
3. A member of the club (Bob) is traveling and has the app on their smartphone.
4. At any time, Bob can use the App and scan available networks. If the app finds in available networks, the network of a club member who has registered their network on the app, it is shown to Bob and they interact with it in some way through the app.

I have no problem knowing how to get all those points done well, except for number 2. I'm stumped for a good solution for number 2. Here are the problems:

Club members are not in general fully trusted, and we do not want someone who is a member of the club, maliciously registering, through the app, a WIFi router which is not actually theirs. If someone maliciously did this, then travelers would be misled that a particular network was registered (legitimately) by a club member. We need security against that.

The problem comes down to: can we set up some system in which the app gets Alice to prove that she "owns" the network/router in question?

The solution has to be cheap, secure and technical. Ideally the same one works for all routers. But it could be useful if I can get a set of solutions which cover most modern routers.

There is an analogous problem with which most of us are familiar with the solution. An app often asks us for our email address when we sign up. This email address is the identifier of a resource (our mailbox) that we must prove we own. A common solution is that the app generates a secret code, sends it to that email address, and the owner must enter it into the app, proving that they own that resource.

ChatGPT is confidently telling me that there are no solutions to this problem with WIFI router current technology. Maybe it is right. However, it puts this forum at the top for where I might find a solution if it exists.

Solutions might entail use of :

If there were some way that an app can get a user to prove that they have the credentials to log into the router.

If routers have some built-in digital certificate.? Do they publish a public key, and then we can an app challenge someone to prove they own the private key.

Thanks
David

 

[USAFRet]

Why does ownership of the router matter?
If my kids/grandkids come over and use my WiFi, they do not in any way 'own' the router. But they use it, with permission.

 

[david.reynolds353]

Hi, thanks, the key is in this paragraph:

>>> Club members are not in general fully trusted, and we do not want someone who is a member of the club, maliciously registering, through the app, a WIFi router which is not actually theirs.

The scene is not at all the same as the intimate, at-home setting you describe. The owner of the router might in fact be a business. Or it may want, in general to keep it secret that they are members of this club (except to other members).

I have edited the question a bit more to make it more clear:

>> Club members are not in general fully trusted, and we do not want someone who is a member of the club, maliciously registering, through the app, a WIFi router which is not actually theirs. If someone maliciously did this, then travelers would be misled that a particular network was registered (legitimately) by a club member. We need security against that.

 

[USAFRet]

Given WiFi passwords, a non authorized user cannot use that WiFi router anyway.
Be it a club member, or some random person on the street.

So your club member Bob would have to be given the WiFi password to use it.
Which can only come from whoever set it up. Owner, manager, whomever.

 

[david.reynolds353]

Thanks, True, but if the owner is a business, he has made his wifi password quite public. And we're back to the same problem. Someone who has the password, and is a member of the club, can maliciously register that router with the club.

Keep in mind that the business owner may not be a member of the club, and may never be.

This is the real problem that I need to solve:

Problem: Can a web app get user to prove they own router?

I have told a simplified story, reducing it to this story about the 'club'. If the problem can be solved as I stated it, with the club, then it can be solved. But if there seem to be some "alternatives" for the club, which do not solve the problem as I stated it, they won't work. I want the example of the 'club' to be there to make it easier to understand the real problem. But not for alternatives which might work for a small club, but not for the real problem.

 

[Deleted member 14196]

Yeah, that whole scenario seems like a security risk. Nobody should have their password out in the open. If you get hacked everybody’s got their Wi-Fi access. Terrible design. Time to go back to the drawing board on this one.

not only do. I think this can’t be done. I think it should never be done. Also, what if they filter Mac addresses.? Bob isn’t going to be using Alice’s Wi-Fi in that case.

The design is further lacking because you have no idea how each router is configured, nor should you be able to dictate that.

so the answer to your question is NO as far as I’m aware

 

[david.reynolds353]

Mandark, I appreciate your comment that it can't be done and you may be right. I jsut do not know what you mean by 'what if they filter Mac addresses'. What do you mean by that? Who would be doing the filtering and why would it be a problem? In the normal situation, BSSIDs (which is the radio's mac address) are essentially public, going out on the beacon frame for all to see.

 

[kanewolf]

Mandark, I appreciate your comment that it can't be done and you may be right. I jsut do not know what you mean by 'what if they filter Mac addresses'. What do you mean by that? Who would be doing the filtering and why would it be a problem? In the normal situation, BSSIDs (which is the radio's mac address) are essentially public, going out on the beacon frame for all to see.

The owner of the router can set a list of allowable MAC addresses that can connect to the router. It is the router that does the filtering. If MAC address X is not in the approved list (created by the router owner) then the device is not allowed to connect.

 

[USAFRet]

So let me see if I have the concept correct:

A club, with members around the city, country, or potentially the world.
Club members should be able to register their WiFi router, to allow visiting club members to connect and use that, when they are in the area.

Correct so far?

Now...
You want only the actual owner to be able to register their router in your system.
So some system to verify "ownership" of that router, before it is on your list of devices.

Correct?


Why not just have the owner or responsible person register the location on your list, and a guest SSID?
The SSID can only be set by someone who has administrator access to the router anyway.

 

[david.reynolds353]

Thanks USAFret, I think you have put me on the the right, and potentially only solution.

When a user tries to indicate to the app that it owns a router, the app requires the user to set the SSID of the router to have a property dictated by the app.

Problem solved. This property of the SSID can be checked by the app.

this is quite like the email solution!

Well done, I came to the right place!!!!!

 

[USAFRet]

Thanks USAFret, I think you have put me on the the right, and potentially only solution.

When a user tries to indicate to the app that it owns a router, the app requires the user to set the SSID of the router to have a property dictated by the app.

Problem solved. This property of the SSID can be checked by the app.

this is quite like the email solution!

Well done, I came to the right place!!!!!

Personally, I would let the owner set his own SSID.
They have to register the location anyway.

In your app:
Router at 123 Main Street
SSID of MyShed12$


Router at 456 Ocean Blvd
SSID of AtTheBeach

 

[bill001g]

If I was the owner of the router why would I be willing to share access with people I do not know.

In effect your app will post the password for my network on the internet. In the best case maybe there is a limited number of people who can see it but the more you have the more risk you take that one of these people does something bad or they give out the password to one or more of their friends so now you have no clue who is using the network.

It is bad enough that you have to share the wifi password with the ignorant children living in the house who either do things they should not or tell the password to people outside the house.

There really is not much need for this. This is why cell data plans exist. Some large cable companies have lots of public hotspots you can use you account credentials to log in with. Only a very large company has the resources and lawyers to protect against misuse. So many mon and pop coffee shops get a visit by law enforcement because someone posted child porn via their IP address. It will take them quite a while to decide that it "wasn't me" actually it the truth.

 

[Deleted member 14196]

Yep. Horrible idea that should never be implemented

 

[david.reynolds353]

Hi USA Fret,

tthe owner of the router would only have to tweak the SSID for a few minutes during the authentication process. Then he can revert it back to its normal state. If this is the owner of a business, he or she could do it during off-hours. It should have no effect on anyone.

You did understand the requirements, but most of the other respondents did not. It is easy for people to get one-tracked about what kind of authentication is being sought. One user here describes the idea as "horrible"-- and it is -- but for the purposes he imagines it being designed, not for the purposes it is being actually designed, for which it is a very good solution.

This problem was for an unusual kind of authentication -- not to show that visitors are trusted to use the wi-fi, which is the kind of authentication we are used to in the circumstances, but to show to an app, that a user had access to the router. Very unusual, and needing special measures.

The sequence of events could play out like this:

1. App user gets app to scan available networks and asks to register himself as owner of particular router (identified by SSID and ultimately by BSSID).
2. The app asks him to proves he owns that router by asking him to modify the SSID by adding random but specific code of the app's choice, such as "ek9s" to the SSID, and to tell the app when he has fone it.
3. The user makes that modification, and tells the app that it is done.
4. The app scans again and finds that he has indeed changed the SSID of the router of the given BSSID to contain the requested code, such as "ek9s" in this case.
5. The app tells him that he has successfully registered himself as owner of the router, and that he can now revert the SSID to what it was.

I was looking into doing this with "informational elements' in the beacon frame. But they are not uniform enough across routers, nor is there a sufficiently uniform way for the users to modify them. Every router allows a user to modify SSID.

This solution is effective, cheap, and works for all routers. it is also perfectly secure to the level we need it.

Thanks for reading my requirements carefully and thanks again for the help.

 

[USAFRet]

the owner of the router would only have to tweak the SSID for a few minutes during the authentication process. Then he can revert it back to its normal state. If this is the owner of a business, he or she could do it during off-hours. It should have no effect on anyone.

And if he changed it later, any of your club members would not know what to connect to.

Additionally, he would have to give out the password for that WiFi resource.
What is to prevent your club members from sharing that log in details with anyone else?

As I told my kids...
Child, I trust you.
I sort of trust your friends.
I really really don't trust your friends friends.

What is the desire behind this globally shared WiFi space?

 

[nigelivey]

What on earth are you actually trying to achieve with this, it makes absolutely no sense! It very much seems like you are asking for a solution to a problem that doesn't exist or an app with no purpose.

 

[kerberos_20]

https://security.stackexchange.com/...do-not-validate-message-for-wifi-network-cert

might be related to this

 

[Corwin65]

I see a way for bad actors to roam the country/city and use internet services for nefarious reasons that the WiFi's owner will be held responsible for.