[Olsr-dev] "Secure" Mesh networks

John Barrett (spam-protected)
Tue Feb 9 08:46:44 CET 2010 

But WEP or WPA or whatever can work is in the hardware, doesn't cost us 
any cpu time to use it. And I just checked, WPA-None/TKIP will work on 
ad-hoc networks.

What I'm thinking of is a TLS style handshake, which can either be 
piggybacked on the olsrd broadcasts, or handled through another port 
with a tcp/ip hookup (the more I think about it, the more I like the 
idea of putting it on a seperate port as TCP/IP) -- the TLS handshake 
lets both sides verify the peer certificate against the CA, and then 
provides a secure channel for the responder to pass a key value to the 
initiator that will be used to validate all messages generated by the 
responder over the normal olsrd broadcast channel. This eliminates the 
shared key -- every node generates its own randomly at startup, and 
insures that all peers of a given node know the key to validate traffic 
generated by that node.

The only drawback is that there will be two TLS connections required -- 
one for A to get a key from B, and one for B to get a key from A, but 
that only happens once during the initial hookup when 2 node become 
aware of each other, everything after that can be handled with light 
weight crypto (possible what the plugin uses now, but I have some other 
ideas that I want to think out a little more).

There is another side effect, it will block out all asymmetric links.

OK to summarize:
1. WPA to secure the ether short of the shared key getting compromised
2. TLS handshake to verify the node certificate and exchange unique 
verification keys before allowing a node to send ANY traffic.
3. signing of olsrd updates to insure that the data came from a verified 
node (with perhaps a more robust signing mechanism than is in the 
current code)

That should stop the vast majority of attacks...

Henning Rogge wrote:
> On Tue February 9 2010 01:16:14 John Barrett wrote:
>   
>> OK -- just looked over that code -- and its getting close :)
>>
>> I think I have everything in place to flash a couple of routers -- I'll
>> make sure I get the secure module in the build and see if it still works
>> as is, then probably base my work off that code :)
>>     
> Just a warning about the "secure" plugin. The only thing it does it to use a 
> shared secret to calculate a hash value and put it into each packet (plus a 
> timestamp against replay attacks). You can get more security by just 
> encrypting your Layer 2 with a symmetric key (not WEP because it's broken).
>
> I think that WPA supplicant should support some static shared key for WPA(2) 
> in linux, but I'm not sure.
>
> Henning Rogge
>
>

More information about the Olsr-dev mailing list