[Olsr-dev] "Secure" Mesh networks

[L. Aaron Kaplan]

John, 

> 
> For ongoing security to prevent hijacking an already established 
> connection, I was thinking to generate key information from the initial 
> handshake that would be used in an SRP6 style crypto (light weight 
> mutating XOR scrambling) to generate an additional "I'm here and its me" 
> packet, this packet to be inserted at the start of each olsrd update 
> burst, so that the receiving node can quickly decide if the mesh update 
> comes from a verified node, and continue processing as normal, or does 
> not, in which case the update is ignored.
> 

You might want to take a quick look at the secure plugin. It is not useful for a community wireless network (since it uses a single pre shared key) but might be just sufficient for a small centrally maintained ISP style mesh.
It's functionality is very similar to what you proposed.

Besides, I would be interested if the secure plugin still works (our community wireless networks don't use it and hence there is little testing).

Of course, Henning's ideas and proposals for a distributed secure mesh network go far beyond the simple secure plugin.

You can find the secure plugin in lib/secure.

From the README file:


USAGE

  To make olsrd load the secure OLSR plugin add the
  following in the olsrd configuration file:

LoadPlugin "olsrd_secure.so.0.5"
{
    PlParam     "Keyfile"   "FILENAME"
}

  replacing FILENAME with the full path of the file
  containing the shared key.

  The plugin uses this shared secret key for signature
  generation and verification. For nodes to participate 
  in the OLSR routing domain they need to use the key 
  used by the other nodes.
  The key is 128-bits of size and is read from the
  specified file from the config file or by default from:
  /etc/olsrd.d/olsrd_secure_key

  Copy the key to this file an all nodes. The plugin
  will terminate olsrd if this file cannot be found.

  Now start olsrd and the let the plugin do its
  thing :)