[Olsr-dev] olsrd web of trust plug-in

[Daniel Nitzpon]

(spam-protected) schrieb:
> But if we put ourselves in a community network scenario, we can just
> focus on outsider attacks and assume that the neighboring nodes that
> we know and trust will not act maliciously against us.
> (In fact the title of my thesis, "Trusted routing in OLSR MANETs" is
> wrong. It should have been something like "Trusted routing in Wireless
> Community Networks", but thanks to italian bureocracy the title
> couldn't be changed... :/ )

first and foremost i'd like to understand what we are protecting against 
exactly.
i don't think that the insider/outsider distinction is fully applicaple 
to manets; the only real outsiders i could imagine would be, say a small 
but evil company providing dial-up connections at high cost in a rural 
area or a military adversary in military mesh networks. i wouldn't want 
to put too much research effort into it in the second case (and it would 
be a relatively simple problem to solve).
so which kinds of attacks are we talking about? on the routing level, i 
can only imagine things like announcing everybody as a direct neighbour 
and not forwarding any traffic or falsely announcing an hna for 0.0.0.0 
(plus some more subtle variants not killing the network completely, of 
course).
an insider/outsider distinction only makes sense there in an absolute 
way, if you have strict control of new members of the network (say, you 
have a network organisation where the backbone is running on olsr and 
the users actually connect to regular master-aps or the like), which 
normally won't be the case. however, as an attacker, you still have the 
advantage that without authentification, you can just claim to be 
anybody in the network, while with authentification it will be obvious 
that it's you who is manipulating the information.

but now to the interesting point: the "attacks" we are experiencing in 
real life (like false hna announcements) are not by evil willing 
entities but much more by inexperienced (or rather half-exerienced, 
experimenting) users and outdated firmwares. so a web of trust could 
actually serve to judge the reliability of information originating from 
a node based on how and by whom it is configured, rather than just 
exclude evil entities.

however, i would like everybody to keep two things in mind:
- it will always be easy to kill (large parts of) a network, e.g. just 
by creating physical interferences on important links. i.e. there is no 
sense in protecting against decentralized attacks.
- implementing a web of trust suffers from layer 8 issues. if you do not 
base your reliability judgements purely on "hard" facts (say, firmware 
version and a working e-mail adress for contacting the owner) you will 
always have distortions in the metric (e.g. the nodes of the most active 
people in a network will usually be the most trusted. however, these are 
also the ones most likely to run unstable test versions of everything).