[Olsr-dev] "Secure" Mesh networks

John Barrett (spam-protected)
Sun Feb 7 22:12:43 CET 2010

I'm looking at a few ideas for setting up secured mesh networks and was 
wondering what, if any, discussion has already taken place on the subject.

My goal is NOT 100% security, crypto overhead would kill the performance 
of the mesh. I just need "good enough" to keep casual nodes out of the 
mesh, and a reasonable chance of keeping your run of the mill hacker 
blocked out.

My current ideas revolve around using a key system similar to OpenVPN 
except that all keys are "server" keys, with the heavy crypto limited to 
the initial hookup between 2 mesh nodes, and some additional checks such 
that if you dont pass the initial crypto handshake, your presence is not 
advertised to the mesh, and traffic from your node is dumped in the 
trash bin, effectively isolating the "unverified" node.

For ongoing security to prevent hijacking an already established 
connection, I was thinking to generate key information from the initial 
handshake that would be used in an SRP6 style crypto (light weight 
mutating XOR scrambling) to generate an additional "I'm here and its me" 
packet, this packet to be inserted at the start of each olsrd update 
burst, so that the receiving node can quickly decide if the mesh update 
comes from a verified node, and continue processing as normal, or does 
not, in which case the update is ignored.

More information about the Olsr-dev mailing list