Hi all,
Is there any way to secure the traffic on the adhoc NIC with BATMAN - like the secure plugin in OLSRd?
thanks,
Derek
Hello Derek,
no, there isn't something like this in BATMAN. You might want to have a look at WPA-NONE though, which can encrypt both data and routing traffic on the 802.11 layer for Ad-Hoc networks with TKIP or AES/CCMP (beware, it's pretty undocumented ...).
For both, the OLSR security routing plugin (as far as i understood it) and WPA NONE, you have the problem of a shared, symmetric key. If each node has the key and you have a pretty decentralized setup, you might see your key on a website or ebay before you can even think about it. ;)
So the first question should be what you secure against whom, which possible attackers are to be considered etc. We can discuss this further if you want. Not implementing a security feature in BATMAN was not only a design decision for minimalism, but we also could not find a scenario where this "protection" would be useful or would handle the situation better than conventional mechanisms.
best regards, Simon
On Mon, Nov 17, 2008 at 09:19:27PM -0000, Derek C wrote:
Hi all,
Is there any way to secure the traffic on the adhoc NIC with BATMAN - like the secure plugin in OLSRd?
thanks,
Derek
-- Derek C
B.A.T.M.A.N mailing list B.A.T.M.A.N@open-mesh.net https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n
Hi Simon,
I'll look into WPA-NONE (I haven't found much information yet all right). I'm just a bit concerned about no encryption at all - although you are right about using a shared key when its fully considered).
I'm planning on controlling the MESH boxes myself and giving people free broadband (I need to control the boxes because its very hard to get things working exactly right). But still - I'm sure some bright people will get into a box and thats the key out. But people worry about encryption, or lack of, even if its flawed
Derek
On Mon, November 17, 2008 10:00 pm, Simon Wunderlich wrote:
Hello Derek,
no, there isn't something like this in BATMAN. You might want to have a look at WPA-NONE though, which can encrypt both data and routing traffic on the 802.11 layer for Ad-Hoc networks with TKIP or AES/CCMP (beware, it's pretty undocumented ...).
For both, the OLSR security routing plugin (as far as i understood it) and WPA NONE, you have the problem of a shared, symmetric key. If each node has the key and you have a pretty decentralized setup, you might see your key on a website or ebay before you can even think about it. ;)
So the first question should be what you secure against whom, which possible attackers are to be considered etc. We can discuss this further if you want. Not implementing a security feature in BATMAN was not only a design decision for minimalism, but we also could not find a scenario where this "protection" would be useful or would handle the situation better than conventional mechanisms.
best regards, Simon
On Mon, Nov 17, 2008 at 09:19:27PM -0000, Derek C wrote:
Hi all,
Is there any way to secure the traffic on the adhoc NIC with BATMAN - like the secure plugin in OLSRd?
thanks,
Derek
-- Derek C
B.A.T.M.A.N mailing list B.A.T.M.A.N@open-mesh.net https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n
B.A.T.M.A.N mailing list B.A.T.M.A.N@open-mesh.net https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n
Hey Derek,
yep, thats the point: people want encryption, but personally i think no encryption is better than a flawed encryption which leads to the assumption that "your data is safe". People will bother about securing their own connection, using SSL or VPNs, and that's generally a good thing. :)
Maybe using a VPN from each AP to a central server is an option for you. In this case you could give each AP its own certificate, and only one node is compromised if a bright person hacks it. (On the other hand, if the bright person knows how to hack one box, he can easily hack another ... ;)
regards, Simon
On Mon, Nov 17, 2008 at 11:48:11PM -0000, Derek C wrote:
Hi Simon,
I'll look into WPA-NONE (I haven't found much information yet all right). I'm just a bit concerned about no encryption at all - although you are right about using a shared key when its fully considered).
I'm planning on controlling the MESH boxes myself and giving people free broadband (I need to control the boxes because its very hard to get things working exactly right). But still - I'm sure some bright people will get into a box and thats the key out. But people worry about encryption, or lack of, even if its flawed
Derek
On Mon, November 17, 2008 10:00 pm, Simon Wunderlich wrote:
Hello Derek,
no, there isn't something like this in BATMAN. You might want to have a look at WPA-NONE though, which can encrypt both data and routing traffic on the 802.11 layer for Ad-Hoc networks with TKIP or AES/CCMP (beware, it's pretty undocumented ...).
For both, the OLSR security routing plugin (as far as i understood it) and WPA NONE, you have the problem of a shared, symmetric key. If each node has the key and you have a pretty decentralized setup, you might see your key on a website or ebay before you can even think about it. ;)
So the first question should be what you secure against whom, which possible attackers are to be considered etc. We can discuss this further if you want. Not implementing a security feature in BATMAN was not only a design decision for minimalism, but we also could not find a scenario where this "protection" would be useful or would handle the situation better than conventional mechanisms.
best regards, Simon
On Mon, Nov 17, 2008 at 09:19:27PM -0000, Derek C wrote:
Hi all,
Is there any way to secure the traffic on the adhoc NIC with BATMAN - like the secure plugin in OLSRd?
thanks,
Derek
-- Derek C
B.A.T.M.A.N mailing list B.A.T.M.A.N@open-mesh.net https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n
B.A.T.M.A.N mailing list B.A.T.M.A.N@open-mesh.net https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n
-- Derek C
B.A.T.M.A.N mailing list B.A.T.M.A.N@open-mesh.net https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n
b.a.t.m.a.n@lists.open-mesh.org