Ubuntu
wpa package

Enable OCV in hostapd and wpa_supplicant

Asked by Michael Yartys

As far as I can see, Operating Channel Validation is not enabled in the compilation options of hostapd and wpa_supplicant. Could this please be enabled since it's a security feature that prevents MITM multi-channel attacks? This can be done by uncommenting #CONFIG_OCV=y in the defconfigs of hostapd and wpa_supplicant. More information on OCV can be found in the following paper: https://papers.mathyvanhoef.com/wisec2018.pdf

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu wpa Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:
Revision history for this message
Best Manfred Hampl (m-hampl) said : 		#1

Ubuntu copies software from Debian (to avoid double packaging work) and as far a I can see Ubuntu did not touch the values for CONFIG_OCV, and just took what Debian has set.
I suggest that you ask Debian to enable Operating Channel Validation, and Ubuntu will (most probably) follow any decision by Debian.

Revision history for this message
Michael Yartys (michael-yartys) said : 		#2

Ok, will do!

Revision history for this message
Michael Yartys (michael-yartys) said : 		#3

Thanks Manfred Hampl, that solved my question.