[Olsr-dev] New OLSRd Plugin (derivative of olsrd_secure)

Henning Rogge (spam-protected)
Thu Dec 27 10:03:21 CET 2012


Exactly.

Which means (in terms of security) that signing packets is only hop-by-hop
security, not end-to-end security. Signing the outgoing multicast-packets
with a static shared key would do the same job.

Henning
On Dec 27, 2012 9:32 AM, "Saverio Proto" <(spam-protected)> wrote:

> > I'm not 100% sure that I understand the distinction, but I believe that
> we
>
> OLSR messages such as HELLO, TC, HNA have their structure, see RFC or
> the structs defined in the C code.
>
> The OLSR packet is a network packet that can hold many OLSR messages
> at the same time.
>
> OLSR packets are exchanged just within 1-hop neighbors, OLSR messages
> are flooded all around the network.
>
> Saverio
>
>
>
> > do both. We sign the messages for negotiating signing parameters with
> > neighbors and then we sign the OLSR packets as they are being prepared
> for
> > transmission to neighbors. The plugin adds itself to OLSR as a packet
> > transform function and as a preprocessor.
> >
> > The structure of this plugin is taken directly from the olsrd-secure
> plugin.
> > It's possible that the authors of that plugin might know better how to
> > answer this question.
> >
> > I hope that answers your question!
> >
> > Will
> >
> >
> >>
> >> Henning
> >>
> >> On Sun, Dec 23, 2012 at 5:46 AM, Will Hawkins
> >> <(spam-protected)> wrote:
> >>>
> >>> On 12/22/2012 03:27 AM, Henning Rogge wrote:
> >>>>
> >>>>
> >>>> I am just curious,
> >>>>
> >>>> do you have also experimented with using IPsec with a static shared
> >>>> key to encrypt/sign your traffic hop-by-hop ?
> >>>
> >>>
> >>>
> >>> Hello Henning!
> >>>
> >>> Yes, we have experimented with that. We are also actively pursuing
> >>> AuthSAE
> >>> support (from the 802.11s protocol) for doing zero-knowledge link
> >>> encryption. We plan on using both link encryption and route signing as
> >>> part
> >>> of a defense-in-depth strategy.
> >>>
> >>> Thank you for taking the time to review this submission. Please
> continue
> >>> to
> >>> email questions and I will continue to answer them as I am able. :-)
> >>>
> >>> Will
> >>>
> >>>
> >>>>
> >>>> Henning Rogge
> >>>>
> >>>> On Fri, Dec 21, 2012 at 9:25 PM, Will Hawkins
> >>>> <(spam-protected)> wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> On 12/21/2012 12:25 PM, Ferry Huberts wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On 21/12/12 17:54, Will Hawkins wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> On 12/21/2012 07:51 AM, Saverio Proto wrote:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Hello,
> >>>>>>>>
> >>>>>>>> do you have your git branch published somewhere on the web  ?
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> No, but I could easily make that happen. You could just pull from
> >>>>>>> that
> >>>>>>> to review the code then, right?
> >>>>>>>
> >>>>>>
> >>>>>> I think we would happily look at your code but you have to make it
> >>>>>> easy
> >>>>>> for us to understand it ;-)
> >>>>>
> >>>>>
> >>>>>
> >>>>> I'm happy to make it easy for you to understand, once I understand it
> >>>>> :-) Just kidding, of course.
> >>>>>
> >>>>> I posted the repo with the mdp branch to github under
> >>>>> https://github.com/opentechinstitute/olsrd-mdp
> >>>>>
> >>>>> As I said previously, this relies heavily on olsrd-secure and I
> >>>>> followed
> >>>>> their style (which hopefully matches up with the project's general
> >>>>> style).
> >>>>>
> >>>>> I look forward to your feedback. Happy Friday everyone!
> >>>>>
> >>>>> Will
> >>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> Will
> >>>>>>>
> >>>>>>>>
> >>>>>>>> Saverio
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> 2012/12/20 Will Hawkins <(spam-protected)>:
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Hello everyone!
> >>>>>>>>>
> >>>>>>>>> The Open Technology Institute has created a new plugin for OLSRd
> >>>>>>>>> known
> >>>>>>>>> as olsrd_mdp (Mesh Datagram Protocol [MDP] Secure OLSR). The
> plugin
> >>>>>>>>> integrates OLSRd with Serval to create a mechanism for signing
> OLSR
> >>>>>>>>> packets with a shared private key stored in a Serval keyring.
> This
> >>>>>>>>> plugin is a derivative of the olsrd_secure plugin.
> >>>>>>>>>
> >>>>>>>>> Serval is a mesh networking project out of Australia
> >>>>>>>>> (http://www.servalproject.org). One of their main products,
> >>>>>>>>> serval-dna,
> >>>>>>>>> includes a keyring that stores (and optionally locks) a set of
> >>>>>>>>> public/private keypairs. olsrd_mdp takes a private key from
> >>>>>>>>> Serval's
> >>>>>>>>> key
> >>>>>>>>> ring and uses it to sign OLSR packets.
> >>>>>>>>>
> >>>>>>>>> It differs from olsrd_secure in a few ways:
> >>>>>>>>>
> >>>>>>>>> 1. olsrd_mdp is configured with a key identifier. The key
> >>>>>>>>> identifier
> >>>>>>>>> allows the user to specify which keypair from the Serval keyring
> >>>>>>>>> will
> >>>>>>>>> sign packets.
> >>>>>>>>>
> >>>>>>>>> 2. olsrd_mdp allows for variable-length keys.
> >>>>>>>>>
> >>>>>>>>> 3. olsrd_mdp salts AND signs OLSR packets with a private key.
> >>>>>>>>>
> >>>>>>>>> We would really like to share this plugin with the OLSRd
> community.
> >>>>>>>>> We
> >>>>>>>>> developed the plugin in a branch off of master but the plugin
> >>>>>>>>> requires
> >>>>>>>>> Serval's serval-dna development kit to compile. This brings up
> two
> >>>>>>>>> questions:
> >>>>>>>>>
> >>>>>>>>> 1. How do plugin makefiles alert the user that they need
> >>>>>>>>> configuration
> >>>>>>>>> to compile correctly? The necessary parameter is documented in
> the
> >>>>>>>>> olsrd_mdp README file. Is there another better way to document
> >>>>>>>>> this?
> >>>>>>>>>
> >>>>>>>>> 2. What is the best way to submit the plugin for review for
> >>>>>>>>> possible
> >>>>>>>>> inclusion? I did my best to follow OLSRd code standards while
> >>>>>>>>> developing, but I'd appreciate your feedback in spotting the
> places
> >>>>>>>>> where I inevitably messed up.
> >>>>>>>>>
> >>>>>>>>> Thanks for reading this rather long message. We are really
> excited
> >>>>>>>>> about
> >>>>>>>>> the possibility of sharing this plugin with the OLSRd community.
> >>>>>>>>>
> >>>>>>>>> Talk to you soon!
> >>>>>>>>> Will
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> --
> >>>>>>>>> Olsr-dev mailing list
> >>>>>>>>> (spam-protected)
> >>>>>>>>> https://lists.olsr.org/mailman/listinfo/olsr-dev
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>> --
> >>>>> Olsr-dev mailing list
> >>>>> (spam-protected)
> >>>>> https://lists.olsr.org/mailman/listinfo/olsr-dev
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>
> >>
> >>
> >
> >
> > --
> > Olsr-dev mailing list
> > (spam-protected)
> > https://lists.olsr.org/mailman/listinfo/olsr-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20121227/1057fd91/attachment.html>


More information about the Olsr-dev mailing list