LAMBA Jaideep wrote:
I tried WPA_NONE and CCMP with wpa_supplicant on both the sides with preshared keys. By doing this you are right nobody can see the data and I get encryption and authentication. But here comes a twist. Lets say I power off one node completely after initial secure session. When he comes up wpa_supplicant starts off with 0 as sequence number. On the other node sequence number might be greater (or way greater) which causes other node to believe that he is experiencing a MIC_FAILURE attack.
It is a bit late here, so I am maybe a little bit off topic. I guess you mean the problem you asked at http://lists.shmoo.com/pipermail/hostap/2009-December/020741.html
As far as I know it can be fixed by disabling the check just for ahdemo/adhoc in madwifi.
So try to replace
if (pn && pn <= k->wk_keyrsc[tid]) {
with something like
if ((pn <= k->wk_keyrsc[tid]) && (vap->iv_opmode != IEEE80211_M_IBSS) && (vap->iv_opmode != IEEE80211_M_AHDEMO) {
and try again. As far as I know WPA_NONE has nothing like a real session (no session keys and so on), but I could be wrong right now (don't have the inner workings of WPA_NONE in my head right now).
But yes, it is right that WPA_NONE is a more or less undocumented hack which is far away from being perfect and gives long sleepless nights, but is exactly what you can expect from adhoc encryption at that layer.
Best regards, Sven
PS: Is there any research done by Alcatel-Lucent in the topic mesh networks?