Does anyone have any experience with securing batman networks (or more to the point the adhoc networks it is based on)? My setup will be a relatively planned infrastructure with all units controlled by myself, so embedding keys etc won't really be an issue.
Can you use WPA2 with adhoc networks? How does this work with wpa_supplicant & hostapd (which are obviously designed for use with access point infrastructure).
When I use the term "security" I am looking at it at several levels:-
1) Stopping rogue units joining the network. 2) Encrypting the traffic to stop eavesdropping. 3) Stopping others from hijacking the connections (either between nodes or via the gateways).
I realise this is a different style from the community mesh network, open to everyone, that Batman appears to have been part of up to now. In Australia bandwidth is so limited (and expensive) that people here are generally not willing to share it, so there is almost no chance of a community arising of its own accord.
Damian
Hello Damian,
maybe WPA-NONE can help you. It is basicly WPA with pre-shared keys which works on Ad-Hoc, but misses a lot of security features like replay attack detection (would not make sense in adhoc networks) or having different session keys, as usually access points manage these. So i don't know how "secure" this actually is.
Furthermore, WPA-NONE is not included in any standard afaik. But at least wpa_supplicant and Windows support it. However it is not guaranteed that it works with any driver ... at least madwifi did not work with it out of the box (but after some patches ;) when i tried it.
best regards, Simon
On Sun, Jun 15, 2008 at 09:45:32AM +1000, Damian Ivereigh wrote:
Does anyone have any experience with securing batman networks (or more to the point the adhoc networks it is based on)? My setup will be a relatively planned infrastructure with all units controlled by myself, so embedding keys etc won't really be an issue.
Can you use WPA2 with adhoc networks? How does this work with wpa_supplicant & hostapd (which are obviously designed for use with access point infrastructure).
When I use the term "security" I am looking at it at several levels:-
- Stopping rogue units joining the network.
- Encrypting the traffic to stop eavesdropping.
- Stopping others from hijacking the connections (either between nodes
or via the gateways).
I realise this is a different style from the community mesh network, open to everyone, that Batman appears to have been part of up to now. In Australia bandwidth is so limited (and expensive) that people here are generally not willing to share it, so there is almost no chance of a community arising of its own accord.
Damian
-- Launtel - Plugging Tassie into the world Tel: 1800LAUNTEL (1800528683) Mob: 0418217582 Fax: 1300784109 http://www.launtel.net.au
B.A.T.M.A.N mailing list B.A.T.M.A.N@open-mesh.net https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n
b.a.t.m.a.n@lists.open-mesh.org
-
Damian Ivereigh -
Simon Wunderlich