[Olsr-dev] "Secure" Mesh networks
Sun Feb 7 22:12:43 CET 2010
I'm looking at a few ideas for setting up secured mesh networks and was
wondering what, if any, discussion has already taken place on the subject.
My goal is NOT 100% security, crypto overhead would kill the performance
of the mesh. I just need "good enough" to keep casual nodes out of the
mesh, and a reasonable chance of keeping your run of the mill hacker
My current ideas revolve around using a key system similar to OpenVPN
except that all keys are "server" keys, with the heavy crypto limited to
the initial hookup between 2 mesh nodes, and some additional checks such
that if you dont pass the initial crypto handshake, your presence is not
advertised to the mesh, and traffic from your node is dumped in the
trash bin, effectively isolating the "unverified" node.
For ongoing security to prevent hijacking an already established
connection, I was thinking to generate key information from the initial
handshake that would be used in an SRP6 style crypto (light weight
mutating XOR scrambling) to generate an additional "I'm here and its me"
packet, this packet to be inserted at the start of each olsrd update
burst, so that the receiving node can quickly decide if the mesh update
comes from a verified node, and continue processing as normal, or does
not, in which case the update is ignored.
More information about the Olsr-dev