[Olsr-users] Rogue gateways [was: Sticky gateway]

[Henning Rogge]

On Mittwoch 28 Januar 2009 19:33:43 Juliusz Chroboczek wrote:
> Not to my knowledge.
>
> There's a lot of litterature on securing routing protocols.  The approaches
> I'm familiar with include:
>
>   - manually filtering rogue routes in protocoles that allow manual
>     filtering (Google for ``bogons list'');
Difficult for adhoc networks, impossible for mobile networks I think.

>   - securing neighbour associations (the BGP ``hop count'' hack, BGP MD5,
>     OSPF security);
Only helps against outsider attackers... if the attacker controls a node you 
trust, it's get damned hard to prevent him wrecking the network.

>   - using a PKI to secure route announcements (sBGP);
That's a good possibility, unfortunately we don't have enough CPU power to 
secure each routing package with an RSA signed hash.

>   - using a lightweight cryptographic hash to secure router identity
>     (references somewhere in my notes).
Most lightweight authentification systems have huge drawbacks... 

> Obviously, what we'd want for mesh networks is a way to intrinsically
> secure routing information, independent of a PKI.  Some work on that has
> been done with SEND (RFC 3971), but it doesn't directly apply to mesh
> networks.
Most likely we need some kind of "hybrid" stuff... use as much asymmetric 
cryptography as necessary and as less as possible.

Henning
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20090129/e0c0dc7a/attachment.sig>