[Olsr-dev] olsrd web of trust plug-in

Henning Rogge (spam-protected)
Tue Dec 23 16:03:53 CET 2008


On Dienstag 23 Dezember 2008 15:01:22 Bernd Petrovitsch wrote:
> > A group key does not allow for athentification within the group, so it's
> > useless for securing OLSR routing packages against attackers inside the
> > network (because they will have the group key).
>
> Well, for signing large data chunks, the usual hack is to calculate a
> (relatively) cheap checksum (e.g. MD5[0], SHA-1, ..) and sign that.
> And if the packets are not that large (so that an additional checksum
> field seems too expensive), signing the packet as such should be fast
> enough too.
> Of course the performance will drop compared to an "unsecure" net like
> today - but everything comes at a price IMHO.
A single asymmetric crypto operation with MINIMAL data length does take too 
long to use it for a large meshnet. Of course you don't sign the package, you 
sign the checksum of the package (plus a nounce), but this doesn't help at 
all.

The attack vector of insiders in a meshnet is to forge packages for other 
nodes, this way you can redirect traffic, create routing loops or just prevent 
another node to participate in the network.

You CAN NOT prevent such an attack with a group key...

Henning
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20081223/e3b717a7/attachment.sig>


More information about the Olsr-dev mailing list