Hello Adrian,
quite good answers have already been on the list. Maybe it is helpful to create VLANs for your purpose on top of the mesh, e.g.: 1. An open patient/customer VLAN for internet traffic etc 2. a hospital internal VLAN for your sensitive information 3. an administration VLAN for maintainance on your nodes
These VLANs should be configured ontop of the meshnodes and should be controlled by the nodes, means that the patients should not be able to access the internal VLAN.
Additionally, you should secure the mesh with WPA-NONE, but as stated before the security of this method is not well researched and might be weaker than WPA2/CCMP. It basically use static keys with either TKIP or CCMP(AES).
best regards, Simon
On Sun, Apr 25, 2010 at 09:36:25PM +0200, Adrian Byszuk wrote:
Hello,
I'm currently working on project (part of my Bachelor work) which will use to transfer very sensitive data over the network, and I'd like to use mesh networks to transfer this data. Additionally, it should also be possible for "normal people" to connect to this network (e.g. to surf internet). Preliminary, I've chosen BATMAN to build this network. But I've got a few questions regarding security of this solution:
- Does BATMAN provide any method of *authenticating* nodes?
As I've said earlier, sometimes transferred data will be highly sensitive (for example: information of patients health in hospital), so it's absolutely critical to not allow leaking this information. I can imagine situation when some fake nodes claim "Hey, I'm the server collecting this data"... I think this is also important when someone would try to destroy our mesh network by placing some fake nodes in it. 2. If point nr one isn't possible, maybe there is some other way to ensure security? I don't know too much about security or cryptography, but I can think of solutions such as openVPN or IPsec.
Generally, the goal is to assert security of transmitting some data *without* losing open characteristics of mesh network.
I will very thankful for any answers.
Kind regards, Adrian