[Olsr-dev] "Secure" Mesh networks

(spam-protected) (spam-protected)
Wed Feb 10 08:33:40 CET 2010


On 02/07/2010 10:12 PM, John Barrett wrote:
> I'm looking at a few ideas for setting up secured mesh networks and was 
> wondering what, if any, discussion has already taken place on the subject.
> 
> My goal is NOT 100% security, crypto overhead would kill the performance 
> of the mesh. I just need "good enough" to keep casual nodes out of the 
> mesh, and a reasonable chance of keeping your run of the mill hacker 
> blocked out.
> 
> My current ideas revolve around using a key system similar to OpenVPN 
> except that all keys are "server" keys, with the heavy crypto limited to 
> the initial hookup between 2 mesh nodes, and some additional checks such 
> that if you dont pass the initial crypto handshake, your presence is not 
> advertised to the mesh, and traffic from your node is dumped in the 
> trash bin, effectively isolating the "unverified" node.
> 
> For ongoing security to prevent hijacking an already established 
> connection, I was thinking to generate key information from the initial 
> handshake that would be used in an SRP6 style crypto (light weight 
> mutating XOR scrambling) to generate an additional "I'm here and its me" 
> packet, this packet to be inserted at the start of each olsrd update 
> burst, so that the receiving node can quickly decide if the mesh update 
> comes from a verified node, and continue processing as normal, or does 
> not, in which case the update is ignored.

Hello.
You may have a look also to this:
http://wiki.ninux.org/Tesi?action=AttachFile&do=get&target=Tesi_di_Claudio_Pisa_rc6_Trusted_Routing_In_OLSR_MANETs.pdf

The idea was to sign OLSR packets with PGP, i.e. no security for user
traffic, nor encrytption. Then, using PGP's web of trust, a trust value
was calculated locally, and routes where injected in different routing
tables associated to these different levels of trust.

It was implemented as an olsrd plug-in (the website with the source code
is hg.ninux.org, but is currently down, sorry), and it has many (many!)
defects, some of which were summarized in this presentation (from the
wireless community weekend 2009 in Berlin):
http://wiki.ninux.org/Presentazioni?action=AttachFile&do=get&target=wotplugin.ninux.org.wcw2009.pdf

Bye,
Clauz


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20100210/a45336e5/attachment.sig>


More information about the Olsr-dev mailing list