[Olsr-dev] "Secure" Mesh networks

Henning Rogge (spam-protected)
Mon Feb 8 21:40:23 CET 2010 

Am Montag 08 Februar 2010 20:15:29 schrieb John Barrett:
> Henning: The rest of the message pretty much defined the goals. Anyone
> can listen in given they can break the WEP key,
Mostly within seconds to minutes (within 40000-80000 ip packets to be more 
specific ^^).

> and that would be
> limited to nodes that they can hear, but attempting to connect to the
> mesh and use it should be as difficult as possible consistent with
> keeping overhead in the routers to a minimum (limiting heavy crypto
> processing to the start of the session between 2 routers, and using
> something much lighter weight for ongoing verification).
My point is that there are several different ways to secure a mesh net.

You could just defend it against attackers outside your network. Just encrypt 
(with AES for example) everything with a shared group key and you are fine. 
The problem with this method is that you have to keep the shared key secret. 
That's bad for meshs with a lot of different members.

> If someone is
> "inside" (has a valid cert for the network) then there isn't a whole lot
> we can do if they start injecting bogus data except revoke the certificate.
I disagree.

You could protect your networks traffic against evasdropping and manipulation. 
Thats "point to point" security and can be done with IPsec (or similar 
protocols). It does not help the attacker to be a valid member of the network, 
he cannot read foreign traffic or inject bogus one (except with his 
signature).

The most difficult part (in my oppinion) of mesh security is to secure the 
OLSR routing itself. Becase of the flooding mechanism this is a "one to many" 
signature problem, so you cannot simplify it by using a session key. Everyone 
in the network has to read all flooded OLSR messages.

Henning Rogge

P.S.: please send your answers to the mailing list ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20100208/8e7b9929/attachment.sig>

More information about the Olsr-dev mailing list