[Olsr-dev] olsrd web of trust plug-in
Tue Dec 23 12:56:12 CET 2008
> But if we put ourselves in a community network scenario, we can just
> focus on outsider attacks and assume that the neighboring nodes that
> we know and trust will not act maliciously against us.
> (In fact the title of my thesis, "Trusted routing in OLSR MANETs" is
> wrong. It should have been something like "Trusted routing in Wireless
> Community Networks", but thanks to italian bureocracy the title
> couldn't be changed... :/ )
first and foremost i'd like to understand what we are protecting against
i don't think that the insider/outsider distinction is fully applicaple
to manets; the only real outsiders i could imagine would be, say a small
but evil company providing dial-up connections at high cost in a rural
area or a military adversary in military mesh networks. i wouldn't want
to put too much research effort into it in the second case (and it would
be a relatively simple problem to solve).
so which kinds of attacks are we talking about? on the routing level, i
can only imagine things like announcing everybody as a direct neighbour
and not forwarding any traffic or falsely announcing an hna for 0.0.0.0
(plus some more subtle variants not killing the network completely, of
an insider/outsider distinction only makes sense there in an absolute
way, if you have strict control of new members of the network (say, you
have a network organisation where the backbone is running on olsr and
the users actually connect to regular master-aps or the like), which
normally won't be the case. however, as an attacker, you still have the
advantage that without authentification, you can just claim to be
anybody in the network, while with authentification it will be obvious
that it's you who is manipulating the information.
but now to the interesting point: the "attacks" we are experiencing in
real life (like false hna announcements) are not by evil willing
entities but much more by inexperienced (or rather half-exerienced,
experimenting) users and outdated firmwares. so a web of trust could
actually serve to judge the reliability of information originating from
a node based on how and by whom it is configured, rather than just
exclude evil entities.
however, i would like everybody to keep two things in mind:
- it will always be easy to kill (large parts of) a network, e.g. just
by creating physical interferences on important links. i.e. there is no
sense in protecting against decentralized attacks.
- implementing a web of trust suffers from layer 8 issues. if you do not
base your reliability judgements purely on "hard" facts (say, firmware
version and a working e-mail adress for contacting the owner) you will
always have distortions in the metric (e.g. the nodes of the most active
people in a network will usually be the most trusted. however, these are
also the ones most likely to run unstable test versions of everything).
More information about the Olsr-dev