[Olsr-dev] "Secure" Mesh networks
Tue Feb 9 08:46:44 CET 2010
But WEP or WPA or whatever can work is in the hardware, doesn't cost us
any cpu time to use it. And I just checked, WPA-None/TKIP will work on
What I'm thinking of is a TLS style handshake, which can either be
piggybacked on the olsrd broadcasts, or handled through another port
with a tcp/ip hookup (the more I think about it, the more I like the
idea of putting it on a seperate port as TCP/IP) -- the TLS handshake
lets both sides verify the peer certificate against the CA, and then
provides a secure channel for the responder to pass a key value to the
initiator that will be used to validate all messages generated by the
responder over the normal olsrd broadcast channel. This eliminates the
shared key -- every node generates its own randomly at startup, and
insures that all peers of a given node know the key to validate traffic
generated by that node.
The only drawback is that there will be two TLS connections required --
one for A to get a key from B, and one for B to get a key from A, but
that only happens once during the initial hookup when 2 node become
aware of each other, everything after that can be handled with light
weight crypto (possible what the plugin uses now, but I have some other
ideas that I want to think out a little more).
There is another side effect, it will block out all asymmetric links.
OK to summarize:
1. WPA to secure the ether short of the shared key getting compromised
2. TLS handshake to verify the node certificate and exchange unique
verification keys before allowing a node to send ANY traffic.
3. signing of olsrd updates to insure that the data came from a verified
node (with perhaps a more robust signing mechanism than is in the
That should stop the vast majority of attacks...
Henning Rogge wrote:
> On Tue February 9 2010 01:16:14 John Barrett wrote:
>> OK -- just looked over that code -- and its getting close :)
>> I think I have everything in place to flash a couple of routers -- I'll
>> make sure I get the secure module in the build and see if it still works
>> as is, then probably base my work off that code :)
> Just a warning about the "secure" plugin. The only thing it does it to use a
> shared secret to calculate a hash value and put it into each packet (plus a
> timestamp against replay attacks). You can get more security by just
> encrypting your Layer 2 with a symmetric key (not WEP because it's broken).
> I think that WPA supplicant should support some static shared key for WPA(2)
> in linux, but I'm not sure.
> Henning Rogge
More information about the Olsr-dev