Simple and Secure, Not Your Average Router Software

In July, the Electronic Frontier Foundation (EFF) and a team of ThoughtWorkers joined forces to build an encrypted router software as part of efforts to defend the Internet from surveillance overreach.

Our main objective is to make it simple and secure to open a guest WiFi network on home and office routers. This is a small step towards one of ThoughtWorks’ long-term goals of ensuring that the Internet becomes a “public and democratic space for online collaboration, a forum for information dissemination, and a tool for organizing.”

Users of the software can allot a specified amount of monthly bandwidth to friends, family, and passersby on a separate guest network without requiring a password. They can also configure many settings on their router through the user interface. In addition to all this functionality, the router is also very secure. If you would like to download the software on your router, be sure to check the OpenWireless Project website.

From the beginning EFF asked that the application be designed for “mobile first” which aims to simplify the user experience. The people who are most likely to install this open-source software on their routers would probably prefer to configure their setup via computer, but if the free Internet movement is to expand beyond technologists, then we must plan with other groups in mind.

Keep It Simple, Stupid

Balancing simplicity with security is a key step in bridging the gap between technologists and non-technologists. From the outset our designers, in conjunction with EFF, created a user interface that looked sleek and conveyed implicit meaning. The blue and yellow fields are all clickable; however, their color implies different types of interactions. The blue elements are editable fields that users can manipulate whereas the yellow fields are links that perform actions. This approach helped compartmentalize features and implicitly conveyed meaning to users.

In order to make our application more secure, we had to rethink the administration framework, LuCI, which was built into OpenWrt. LuCI is designed to expose all OpenWrt’s available configuration so that users can easily customize and change their routers. When development on the project began, we started by using LuCI’s JSON-RPC API and wrote additional back-end logic in Lua. As we reviewed the security of the router we realized that this API exposed too large an attack-surface for the use-case we were addressing. LuCI’s approach makes perfect sense where the goal is complete configurability. Our needs were different so we were happy to constrain what was available through the web interface and move more advanced configuration to a more secure SSH connection.

For these reasons EFF decided to switch to a dedicated Python back-end to create a much more constrained API. However, in the process we lost Lua's light footprint so we had to figure out a way to make Python fit on a 16MB router. In order to achieve this Ranga and the EFF team removed many of Python’s standard modules so that only the necessary ones remained. Thanks to the help of CeroWRT’s Dave Täht, we were also able to create a CeroWRT build that included our minimized Python libraries. This allowed us to be on the “bleeding edge” of router firmware and also helped us improve traffic management by reducing “buffer bloat.” The development team then rewrote the back-end code in Python.

While this was a great start to making our application more secure, we also wanted to prevent the router and its networks from becoming compromised. In addition, we implemented CSP protocols to defend against XSS and CSRF attacks. Much of this initiative was led by Jacob Hoffman-Andrews (@j4cob) from EFF who also helped implement the SSH key upload functionality.

One of the biggest challenges we had towards the end of the project was cumulatively tallying monthly bandwidth usage. We needed a way for router owners to track the amount of bandwidth used on their guest networks. We could easily check how much bandwidth had been used at a given time using an IP Accounting utility called ipaccount; however, continuously running iptaccount would hurt router performance. In addition to that, iptaccount does not handle router resets. It took some algorithmic acrobatics, but essentially we ran a Cron Job once every hour to record iptaccount's output and compared that to the router's uptime. If the router was reset then the uptime time would be lower than expect. When we detected a router reset we would then add the byte count before reset to the cumulative byte count. We also added a feature on the settings page so that users could manually reset their accumulated data and restart the count.

Just the Beginning

Looking back on this whole experience, I find it encouraging that a few people from EFF and small team of ThoughtWorkers composed of Stephen Winter, Louis Knapp, Alberto Saavedra, and myself, could develop so much in one month. In the past, router software security has lagged behind the most secure websites, but I believe this project has helped raise the bar for router security standards. EFF has continued to tackle router security issues and recently hosted a router hacking competition at DEF CON 22. The competition helped expose some vulnerabilities in current router models and will help raise the standard of router security. While both of these initiatives are great assets to the Free Internet movement, I think our partnership with EFF was a victory because we united technologists and non-technologists by delivering something both parties will enjoy. Defending the Internet is a long and arduous process, but this project is a step in the right direction.

If you would like more information on the OpenWireless Project or wish to install the software on your router, visit https://openwireless.org/router/download. For those interested in contributing to the project make sure to visit the github repo.