[Olsr-dev] "Secure" Mesh networks

John Barrett (spam-protected)
Tue Feb 9 01:16:14 CET 2010 

OK -- just looked over that code -- and its getting close :)

I think I have everything in place to flash a couple of routers -- I'll 
make sure I get the secure module in the build and see if it still works 
as is, then probably base my work off that code :)

L. Aaron Kaplan wrote:
> John, 
>
>   
>> For ongoing security to prevent hijacking an already established 
>> connection, I was thinking to generate key information from the initial 
>> handshake that would be used in an SRP6 style crypto (light weight 
>> mutating XOR scrambling) to generate an additional "I'm here and its me" 
>> packet, this packet to be inserted at the start of each olsrd update 
>> burst, so that the receiving node can quickly decide if the mesh update 
>> comes from a verified node, and continue processing as normal, or does 
>> not, in which case the update is ignored.
>>
>>     
>
> You might want to take a quick look at the secure plugin. It is not useful for a community wireless network (since it uses a single pre shared key) but might be just sufficient for a small centrally maintained ISP style mesh.
> It's functionality is very similar to what you proposed.
>
> Besides, I would be interested if the secure plugin still works (our community wireless networks don't use it and hence there is little testing).
>
> Of course, Henning's ideas and proposals for a distributed secure mesh network go far beyond the simple secure plugin.
>
> You can find the secure plugin in lib/secure.
>
> From the README file:
>
>
> USAGE
>
>   To make olsrd load the secure OLSR plugin add the
>   following in the olsrd configuration file:
>
> LoadPlugin "olsrd_secure.so.0.5"
> {
>     PlParam     "Keyfile"   "FILENAME"
> }
>
>   replacing FILENAME with the full path of the file
>   containing the shared key.
>
>   The plugin uses this shared secret key for signature
>   generation and verification. For nodes to participate 
>   in the OLSR routing domain they need to use the key 
>   used by the other nodes.
>   The key is 128-bits of size and is read from the
>   specified file from the config file or by default from:
>   /etc/olsrd.d/olsrd_secure_key
>
>   Copy the key to this file an all nodes. The plugin
>   will terminate olsrd if this file cannot be found.
>
>   Now start olsrd and the let the plugin do its
>   thing :)
>
>
>
>
>
>

More information about the Olsr-dev mailing list