[Olsr-dev] "Secure" Mesh networks
Mon Feb 8 21:40:23 CET 2010
Am Montag 08 Februar 2010 20:15:29 schrieb John Barrett:
> Henning: The rest of the message pretty much defined the goals. Anyone
> can listen in given they can break the WEP key,
Mostly within seconds to minutes (within 40000-80000 ip packets to be more
> and that would be
> limited to nodes that they can hear, but attempting to connect to the
> mesh and use it should be as difficult as possible consistent with
> keeping overhead in the routers to a minimum (limiting heavy crypto
> processing to the start of the session between 2 routers, and using
> something much lighter weight for ongoing verification).
My point is that there are several different ways to secure a mesh net.
You could just defend it against attackers outside your network. Just encrypt
(with AES for example) everything with a shared group key and you are fine.
The problem with this method is that you have to keep the shared key secret.
That's bad for meshs with a lot of different members.
> If someone is
> "inside" (has a valid cert for the network) then there isn't a whole lot
> we can do if they start injecting bogus data except revoke the certificate.
You could protect your networks traffic against evasdropping and manipulation.
Thats "point to point" security and can be done with IPsec (or similar
protocols). It does not help the attacker to be a valid member of the network,
he cannot read foreign traffic or inject bogus one (except with his
The most difficult part (in my oppinion) of mesh security is to secure the
OLSR routing itself. Becase of the flooding mechanism this is a "one to many"
signature problem, so you cannot simplify it by using a session key. Everyone
in the network has to read all flooded OLSR messages.
P.S.: please send your answers to the mailing list ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the Olsr-dev