Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Solution To the Security Guidelines Proposed By FCC For Home Routers (imgtec.com)

Posted by msmash on from the within-the-law dept.

An anonymous reader writes: Back in March 2015, the United States Federal Communications Commission (FCC) issued a security document that included a series of provisions related to the use of wireless devices. In order to comply with these security guidelines, some manufacturers of home routers and other networking equipment decided to lock down the software powering these devices. This caused an outcry from the open source community who demanded that the FCC and manufacturers would not restrict the free use of the operating system and associated software running on their devices. Now Imagination Technologies is presenting a proof of concept demonstration that addresses the next-generation security requirements mandated by the FCC and other similar agencies. The demo makes use of a feature of MIPS Warrior CPUs called multi-domain, secure hardware virtualization. This technology allows developers to create system-wide, hardware-enforced trusted environments that are much secure compared to current solutions. The platform used for the demonstration runs three virtual machines (VMs) on a MIPS P-class CPU integrated in a router-type evaluation kit; this approach securely separates the OpenWrt operating system from the Wi-Fi driver, allowing them to co-exist in isolation and thus comply with the FCC guidelines.Ars Technica has more details.

29 of 55 comments (clear)

  1. That makes it impossible to use open wifi-drivers by Anonymous Coward · · Score: 5, Insightful

    As I see it, this non-solution is incompatible with open source. How about just simply shipping them with an OS that complies with the FCC rules and let it be the user's responsibility not to put software on it that doesn't comply with the FCC rules?

  2. Price premium by QuietLagoon · · Score: 1
    How much of a price premium will Imagination Technologies place upon their product? Will the price be what-the-market-will-bear-based, or cost-based?

    .

    "...system-wide, hardware-enforced trusted environments..."

    Sounds expensive already...

  3. Re: That makes it impossible to use open wifi-driv by Yvan256 · · Score: 1

    Really? I thought reporting news was supposed to be unbiased.

  4. Re:That makes it impossible to use open wifi-drive by suutar · · Score: 1

    since the summary explicitly mentions that one of the VMs is running OpenWRT, I'm unsure quite how you mean this. Can you explain?

  5. Re:VMs need to be able to talk to each other by desdinova+216 · · Score: 1

    you think there's a grammar and spell checking subsystem? You must be new here?

  6. Re: That makes it impossible to use open wifi-driv by ArmoredDragon · · Score: 5, Interesting

    The FCC rules mandate that the end user isn't able to, in any practical manner, use Wi-Fi channels that aren't part of the unlicensed spectrum in the US. This whole thing came about precisely because people running open source software on their routers were using channels that are only legal in Europe and Japan, thus causing interference with other equipment that's licensed to use that spectrum in the US.

    Essentially, they just need a way to make it so that radios shipped in the US aren't capable of hitting licensed spectrum, but that's not practical from an economies of scale perspective (I.e manufacturers save on cost by making the same chips for all markets, and then using software to disable different channels on a regional basis.)

    In principle, I like the idea of making the radio subsystem be virtualized, and just have a software interface that controls the radio. This could actually improve open source compatibility because you don't even need to worry about i.e closed source broadcom drivers. Kind of like how running Linux or BSD in a virtual machine means you don't have to worry about whether or not your physical hardware is compatible with your chosen OS.

  7. FCC isn't doing this for us... by bored · · Score: 1

    It seems a huge part of what the FCC doesn't like are people setting their radios to other regulatory areas and using the nice "clean" spectrum allocated for commercial/government use. None of their proposed solutions really solve the problem, as motivated individuals can just pick up a device next time they are out of the country and put it in their apartment building anyway. Given how low power wifi is already, its likely they would never catch you.

    But all this is just BS, because running an out of spec wifi AP doesn't really solve anything. Its not like anyone is going to go to the trouble of modifying all their devices to talk to an AP using a licensed band, or can communicate back to a wifi device attached to an amplifier.

    The FCC/congress though is the real problem. Their corprate first attitude, has basically sold/given all the spectrum to organizations which hate the idea of individuals not having to be locked into paying monthly extortion..

    Just imagine what the US would be like if instead of selling the spectrum used for just one of the recent spectrum auctions (take wimax for starters) they had instead allowed unlicensed use... The explosion of technologies in the extremely limited ISM bands suggests at just how useful this spectrum could be, instead of sitting around mostly unused.

    1. Re:FCC isn't doing this for us... by stilwebm · · Score: 1

      The problem isn't just use of bands outside of the permissible frequencies, it's also power levels and broadcast patterns. Ultimately it all falls under limiting interference, and with both licensed and unlicensed spectrum.

    2. Re:FCC isn't doing this for us... by Obfuscant · · Score: 1

      The explosion of technologies in the extremely limited ISM bands suggests at just how useful this spectrum could be, instead of sitting around mostly unused.

      There are valid reasons to have licensed spectrum and communications systems that don't have to be at the mercy of a yahoo with an unlicensed source of interference.

      Imagine the result had that joker with the cellphone jammer in his car been stuck in a traffic jam because of and near a multi-car accident, and his jammer was happily disrupting the emergency service providers trying to handle the situation. Is that how you want all communication systems to operate?

      Imagine an "open airwaves" white-space network your neighbor installs next door when you have an OTA antenna trying to pick up the distant broadcast station. The FCC won't catch him, it will be YOUR problem to find him and get him to stop. How nice for everyone.

    3. Re:FCC isn't doing this for us... by AHuxley · · Score: 1

      Re "Their corprate first attitude, has basically sold/given all the spectrum to organizations which hate the idea of individuals not having to be locked into paying monthly extortion.."
      The idea is just to stay with local gov approved provider(s) no matter the low speed or lack of any local network investment. With ever more gov regulations its back to POTS, costly last mile partial networks of optical or coax from your gov approved monopoly or cozy duopoly network provider.

      How a group of neighbors created their own Internet service (Nov 2, 2015) http://arstechnica.com/informa...

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:FCC isn't doing this for us... by Agripa · · Score: 1

      Just imagine what the US would be like if instead of selling the spectrum used for just one of the recent spectrum auctions (take wimax for starters) they had instead allowed unlicensed use... The explosion of technologies in the extremely limited ISM bands suggests at just how useful this spectrum could be, instead of sitting around mostly unused.

      Any solution which does not include rent seeking is not a solution.

    5. Re:FCC isn't doing this for us... by Agripa · · Score: 1

      With ever more gov regulations its back to POTS, costly last mile partial networks of optical or coax from your gov approved monopoly or cozy duopoly network provider.

      I have AT&T U-Verse and it is already slower and more expensive than the 768/768 SDSL that I had 10+ years ago.

    6. Re:FCC isn't doing this for us... by bored · · Score: 1

      Wifi is 2 way, you need a way to be able to receive signals from the other wifi devices on the network. Boosting the power through the sky on the AP, and attaching large MMIO antennas won't really get you that far picking up signals from someones cheap cellphone. Yah, you will boost your range, but not by much.

    7. Re:FCC isn't doing this for us... by bored · · Score: 1

      There are valid reasons to have licensed spectrum and communications systems that don't have to be at the mercy of a yahoo with an unlicensed source of interference.

      Sure there are, but by percentage what portion of all the spectrum the FCC allocates is open? There are what the ISM bands and CB. The ham guys have a little more, but we aren't really talking a complete free for all. Licensed devices != licensed operators.

  8. Or... by thegarbz · · Score: 1

    Maybe we should just stop looking for solutions and legislation to fix things that aren't a problem?

    I mean it's not like the FCC is very good in enforcing the rules they have.

  9. Licensed amateur operation by Larry_Dillon · · Score: 2

    Does this address the problem of FCC licensed amateur operators that can legally operate on adjacent frequencies and higher power levels?

    --
    Competition Good, Monopoly Bad.
  10. I thought that the solution.... by mark-t · · Score: 1

    ... was to lock down the radio while still allowing user-updates to the firmware? I seem to recall a recent slashdot article (don't have a link handy sorry) that announced that this is exactly what Linksys was choosing to do.

    --
    File under 'M' for 'Manic ranting'
  11. Re:I'll say it again: by Immerman · · Score: 1

    The problem I imagine (being only minimally aware of the field), is that the entire point of software-defined radio (SDR) is that you save tons of money by letting a cheap commodity computer handle all the signal processing instead of having hardware do it. Looking at this image as reference:
    https://en.wikipedia.org/wiki/...
    It appears that the software is probably completely responsible for generating a digitally encoded waveform that's then fed to the hardware - a simple D-to-A converter and amplifier driving the antenna. Not unlike the final steps of playing a digital audio file - essentially you've reduced the hardware to little more than a simple amplifier driving an antenna "speaker", and there's no way to then filter the allowed output without reintroducing a lot of the costly hardware you just managed to remove.

    You could conceivably host the SDR in a separate CPU that implements whatever restrictions the jumpers indicate, but that's probably almost as expensive. The big draw of SDR is that you already have a high-power CPU doing all the "router" stuff, and can get the "radio" stuff done essentially for free by the same hardware.

    --
    --- Most topics have many sides worth arguing, allow me to take one opposite you.
  12. Secure?? by NotInHere · · Score: 1

    So one of the VMs can nicely include the NSA backdoor? How convenient.

  13. Not a solution by Bruce+Perens · · Score: 1

    Having a WiFi driver that the developer is locked out of repairing is no kind of solution. Having a WiFi driver that can't handle new features developed after the user gets the product is no solution either. And locking hams, who can legally use different frequencies and more power, out of the system is no solution either.

    --
    Bruce Perens.
  14. Alternate solution by joemck · · Score: 1

    Stop buying routers. Instead get a Raspi and USB wifi adapter capable of master mode. Put together a preconfigured "router" distro for it that can simply be loaded onto an SD card and configured via a web interface like a normal router.

    1. Re:Alternate solution by klapaucjusz · · Score: 1

      Stop buying routers. Instead get a Raspi and USB wifi adapter capable of master mode.

      The Pi has a single 100Mbit Ethernet hooked off the USB 2.0 bus. You're putting both the Ethernet and the wifi on the USB, which is going to get congested.

      A typical home router has one or two gigabit Ethernet ports hooked directly to the SoC, with one of the interfaces connected to an internal manageable switch. It has one or two WiFi interfaces connected to a high-speed, low-latency bus. The WNDR3700 is a good example of the type of hardware people like to run OpenWRT on.

      As far as I am aware, there is no cheap, hackable board that has the kind of connectivity you need for decent WiFi router.

  15. Re: That makes it impossible to use open wifi-driv by klapaucjusz · · Score: 1

    This whole thing came about precisely because people running open source software on their routers were using channels that are only legal in Europe and Japan, thus causing interference with other equipment that's licensed to use that spectrum in the US.

    The report originally cited by the FCC doesn't say anything about open source firmware. As far as we can tell, the interference was caused by devices running proprietary software that either was buggy or had been modified to not comply with the local regulation. If you know otherwise, please share your sources.

  16. Re:That makes it impossible to use open wifi-drive by DRJlaw · · Score: 1

    How about just simply shipping them with an OS that complies with the FCC rules and let it be the user's responsibility not to put software on it that doesn't comply with the FCC rules?

    We tried that. Too many open source users can't be arsed to comply with the FCC rules, or expose every option possible and damn the rules (not their responsibility, as you suggest), so that now open source as a whole will pay the price.

    Now you've lost open source access to Wi-Fi radios. Police your community or you can bet that software defined radios will go the same way.

  17. Re:That makes it impossible to use open wifi-drive by currently_awake · · Score: 1

    The router is running a closed source unchangeable OS, that is running some VM's on it. A true open source solution would have all the software running on the router chosen by the owner, not just a subset.

  18. Or just make your own router by the_humeister · · Score: 1

    Cheapo Mini-itx system that has on-board ethernet with a wireless card adaptor. That's what I have at my house.

  19. Re:That makes it impossible to use open wifi-drive by dgatwood · · Score: 1

    Then move to a remote island. In the civilized world, you do not own the public airwaves and your rights do not allow you to not cause interference for others.

    FTFY.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  20. Re:That makes it impossible to use open wifi-drive by suutar · · Score: 1

    Ah, gotcha. I had interpreted it as meaning "you can't put any open software on it". Barring hardware-only enforcement of the radio restrictions (unlikely for economic reasons) I don't see a solution that doesn't have some proprietary unchangeable software, but I see your point.

  21. Re: That makes it impossible to use open wifi-driv by ArmoredDragon · · Score: 1

    or had been modified to not comply with the local regulation.

    And how, pray tell, was it modified? Be specific.