[Olsr-users] Authentication, Authorization and Accouting in OLSR (AAA)
Henning Rogge
(spam-protected)
Tue Nov 3 09:21:13 CET 2009
Am Dienstag 03 November 2009 04:26:40 schrieb (spam-protected):
> Thanks Henning for comments........
>
> I have one more question.... Suppose a particular node is in network and
> discovered the neighbors using OLSR TC and hello messages.
> Now without using the crypto keys any node cannot get the message or
> data correctly.. Am I right?
>
> Then If we use X-supplicant (open source which use EAP massages over
> Ethernet or radius) and/or Radius (open source) then the user can be
> authenticated and registered before starting communication using TLS
> certificates. We used this TLS (Transport Layer Security) mechanism in
> mobile IP. Is it fesiable with OLSR?
The problem with "authenticated OLSR" is that OLSR is a mesh of nodes where
each node forwards/floods protocol messages for all other nodes. Because of
this it's trivial to fake a protocol message originator.
All OLSR messages are flooded, so they are 1-to-many transmissions, which are
difficult to encrypt and timeconsuming to authenticate.
In Vienna (as an example) we get hundreds of OLSR messages per second on each
node, so signing each of them with a small RSA key would overload our
hardware.
Henning Rogge
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20091103/2ccd5d8c/attachment.sig>
More information about the Olsr-users
mailing list