[Olsr-dev] olsrd web of trust plug-in
Henning Rogge
(spam-protected)
Mon Dec 22 19:38:05 CET 2008
On Montag 22 Dezember 2008 18:04:07 you wrote:
> > If you just do "link based" security (you authentificate that the
> > packages you receive are send by the one-hop neighbor it pretends to be)
> > an attacker can just use his legal key to "retransmit" a forged packet.
> > The attacker will just pretend that he got a package from someone else
> > and you have no chance to validate it's claim.
>
> Yes, that's right. But otherwise each node should store all the public
> keys of the other nodes in the network (or download a key each time it
> needs it), and, unless we use synchronized time (argh), to prevent
> replay attacks, perform a timestamp exchange with every other node in
> the network...
Replay attacks can be prevented by sequence numbers I think, unless the
attacker controls all communication between two stations.
> But if we put ourselves in a community network scenario, we can just
> focus on outsider attacks and assume that the neighboring nodes that
> we know and trust will not act maliciously against us.
> (In fact the title of my thesis, "Trusted routing in OLSR MANETs" is
> wrong. It should have been something like "Trusted routing in Wireless
> Community Networks", but thanks to italian bureocracy the title
> couldn't be changed... :/ )
I think community based networks are very VULNERABLE against insider
attackers. An attacker who plans to disrupt a larger mesh net will have to use
lot's of resources (time, work, equipment) to do it... so it's very likely the
attacker will just join the network.
As soon as the attacker is inside the net forged packages can be used to
disrupt the network and blame someone else. Forged packages are a very
efficient method to disrupt mesh networks and blame someone else.
Henning
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20081222/53e95ecf/attachment.sig>
More information about the Olsr-dev
mailing list