Encryption Tools for Securing Public Hotspot Connections
Browser Extensions and HTTPS
One of the biggest problems with the Internet is that the infrastructure was not designed for secure communication. The inherent lack of encryption support or native authentication left a gap that was later filled by Secure Socket Layer (SSL) and other, tunneled encryption techniques. For the majority of websites, SSL is used to encrypt communication when private information is being conveyed. This is used for logins, financial transactions, and e-commerce. Typically, this is referred to as HTTPS or secure HTTP. To save processing power, many websites choose to not serve all of their pages securely, encrypting necessary content, but leaving seemingly inane content unencrypted. This unencrypted content, such as session cookies that identify a user on a website, can be used to sidejack a connection. Using free browser extensions such as HTTPS Everywhere for Firefox, you can force a website to serve encrypted pages, securing your hotspot connection from a sidejacking attack. Unfortunately, the lack of a suitable extension framework for Google Chrome and Microsoft Internet Explorer make extensions for other popular browsers difficult.
Virtual Private Networks
Virtual Private Networks (VPNs) create an encrypted tunnel between your machine and a trusted network. Often times, VPNs are used for remote access to files and network resources, but they can also be used to tunnel web traffic out of a hotspot and to a secure connection. Many routers come with Layer 2 Tunneling Protocol (L2TP) VPN support that can be easily set up at home by logging into the router’s web-based configuration page. Another popular VPN solution involves OpenVPN, an open source VPN solution for creating both SSL-VPN connections (web-based solutions for easy set up) or client -based solutions like L2TP. A VPN is one of the best ways to have remote access to your home machine and maintain a secure network connection while using highly insecure public Wi-fi hotspots.
SSH Tunneling
Another popular method for securing a public Wi-fi hotspot connection is to use Secure Shell (SSH) to tunnel traffic to a trusted server. Using SSH, you can connect to any remote shell account and forward either a single port or everything from your machine using a dynamic proxy. SSH can be easily set up using PuTTY on Windows, a graphical SSH client, or using the standard “ssh” command from any console on a UNIX-like system such as Mac OS X or GNU/Linux. One of the advantages of SSH tunneling is that the process uses port 22, a port that is commonly unblocked by many Wi-fi hotspots. Using SSH tunneling, you can bypass many paywalls and other network restrictions all while encrypting your own connection.
Encrypted Darknets
Although a more technical tool, darknets such as Invisible Internet Protocol (I2P) anonymize, distribute, and encrypt your
traffic to facilitate a secure connection on any Internet connection. Often times, these darknets are used by subversives in restrictive governments, undercover law enforcement, and journalists to protect their identity and maintain a secure connection when in dangerous environments. These tools can be used by the public as well since they are freely available. The Onion Router (TOR) is another popular service, but TOR does not encrypt all communication by default like I2P does. Both services are free and cross-platform open source applications.
Resources
I2P screenshot by the author.
OpenVPN screenshot from AndroidZoom.
