[Olsr-dev] "Secure" Mesh networks
Henning Rogge
(spam-protected)
Tue Feb 9 08:56:37 CET 2010
On Tue February 9 2010 08:41:51 Roar Bjørgum Rotvik wrote:
> Hi all,
>
> As one of the persons that designed the "secure" plugin, I must point out
> that the purpose of the "secure" plugin is not to encrypt data traffic or
> routing traffic.
>
> It's only purpose is to be a simple addon to olsrd that may protect the
> routing traffic from "unwanted" nodes, i.e. only nodes with the correct
> group key is allowed to participate in the mesh network. Simple,
> lightweight (I admit we did not test this on embedded devices), works with
> olsrd without changing message format or internal code in olsrd.
>
> Regarding the distribution of the shared key; We also designed a system for
> establishing trust and sharing the shared key to new nodes as long as they
> are trusted by one of the nodes already part of the "secure" network. This
> solution was meant to establish a shared key before starting up olsrd with
> the secure plugin using this shared key. I did not work on this part and
> does not remember all the details from my head, sorry.
Do you have a link to this second part ? Without an automatic key distribution
the secure plugin is only usable for very small closed node groups.
My problem with the shared groupkey concept is that it is too easy to evade
once you get the key. For routing security we need some kind of lightweight
signature for OLSR messages, so each message can prove it was created by the
originator. Simply using RSA/ECC is not an option, because it's too slow on
embedded platforms.
Henning
--
Diplom-Informatiker Henning Rogge , Fraunhofer-Institut für
Kommunikation, Informationsverarbeitung und Ergonomie FKIE
Kommunikationssysteme (KOM)
Neuenahrer Straße 20, 53343 Wachtberg, Germany
Telefon +49 228 9435-263, Fax +49 228 9435 685
mailto:(spam-protected) http://www.fkie.fraunhofer.de
GPG: E1C6 0914 490B 3909 D944 F80D 4487 C67C 55EC CFE0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20100209/23a7dccf/attachment.sig>
More information about the Olsr-dev
mailing list