[Olsr-users] Rogue gateways [was: Sticky gateway]
Thu Jan 29 19:19:42 CET 2009
On Mittwoch 28 Januar 2009 19:33:43 Juliusz Chroboczek wrote:
> Not to my knowledge.
> There's a lot of litterature on securing routing protocols. The approaches
> I'm familiar with include:
> - manually filtering rogue routes in protocoles that allow manual
> filtering (Google for ``bogons list'');
Difficult for adhoc networks, impossible for mobile networks I think.
> - securing neighbour associations (the BGP ``hop count'' hack, BGP MD5,
> OSPF security);
Only helps against outsider attackers... if the attacker controls a node you
trust, it's get damned hard to prevent him wrecking the network.
> - using a PKI to secure route announcements (sBGP);
That's a good possibility, unfortunately we don't have enough CPU power to
secure each routing package with an RSA signed hash.
> - using a lightweight cryptographic hash to secure router identity
> (references somewhere in my notes).
Most lightweight authentification systems have huge drawbacks...
> Obviously, what we'd want for mesh networks is a way to intrinsically
> secure routing information, independent of a PKI. Some work on that has
> been done with SEND (RFC 3971), but it doesn't directly apply to mesh
Most likely we need some kind of "hybrid" stuff... use as much asymmetric
cryptography as necessary and as less as possible.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: This is a digitally signed message part.
More information about the Olsr-users