* [B.A.T.M.A.N.] Adding security on BATMAN-ADV
@ 2014-05-20 13:19 Krishnathiepan Rasanayagam
2014-05-20 14:01 ` Andrew Lunn
0 siblings, 1 reply; 7+ messages in thread
From: Krishnathiepan Rasanayagam @ 2014-05-20 13:19 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
Hello all,
I'm researching on batman-adv about adding security on node authentication.
I'm trying to integrate threshold cryptography in BATMAN-ADV.
Does anyone have worked in that area? or similar researches have been
done on it?
Please let me know.
--
Best regards,
Krishna.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [B.A.T.M.A.N.] Adding security on BATMAN-ADV
2014-05-20 13:19 [B.A.T.M.A.N.] Adding security on BATMAN-ADV Krishnathiepan Rasanayagam
@ 2014-05-20 14:01 ` Andrew Lunn
2014-05-20 19:29 ` Krishnathiepan Rasanayagam
0 siblings, 1 reply; 7+ messages in thread
From: Andrew Lunn @ 2014-05-20 14:01 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
On Tue, May 20, 2014 at 06:49:28PM +0530, Krishnathiepan Rasanayagam wrote:
> Hello all,
> I'm researching on batman-adv about adding security on node authentication.
The EU funded SecFutur project did a bit of work in this direction.
However, as Antonio suggested, it was not in BATMAN itself, it was in
a layer below.
Andrew
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [B.A.T.M.A.N.] Adding security on BATMAN-ADV
2014-05-20 14:01 ` Andrew Lunn
@ 2014-05-20 19:29 ` Krishnathiepan Rasanayagam
2014-05-20 21:41 ` Andrew Lunn
0 siblings, 1 reply; 7+ messages in thread
From: Krishnathiepan Rasanayagam @ 2014-05-20 19:29 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
hello,
layer below does it mean layer 2?
regards,
krishna
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [B.A.T.M.A.N.] Adding security on BATMAN-ADV
2014-05-20 19:29 ` Krishnathiepan Rasanayagam
@ 2014-05-20 21:41 ` Andrew Lunn
2014-05-21 17:00 ` Krishnathiepan Rasanayagam
0 siblings, 1 reply; 7+ messages in thread
From: Andrew Lunn @ 2014-05-20 21:41 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
On Wed, May 21, 2014 at 12:59:29AM +0530, Krishnathiepan Rasanayagam wrote:
> hello,
> layer below does it mean layer 2?
Layer above and layer below does not always map to ISO OSI 7 layer
model. BATMAN is a layer two mesh, and it runs on top of a L2
network. See what i mean?
Are you interested in transitive trust, or end to end trust of BATMAN
peers? If transitive trust is sufficient, then you can do it at L2,
trust the one hop neighbors. However if you want end-to-end trust of
the mesh, you need to be inside the mesh, so inside BATMAN. If you
want end-to-end application trust, you need to be inside the
application, L7, or maybe L4 if you use TLS.
It comes down the basic security questions you should always be
considering:
What are your assets you need to protect.
Who are the attackers.
What compromises are you willing to take.
First figure out your security model, then figure out how to implement
it.
Andrew
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [B.A.T.M.A.N.] Adding security on BATMAN-ADV
2014-05-20 21:41 ` Andrew Lunn
@ 2014-05-21 17:00 ` Krishnathiepan Rasanayagam
2014-05-21 18:18 ` Andrew Lunn
0 siblings, 1 reply; 7+ messages in thread
From: Krishnathiepan Rasanayagam @ 2014-05-21 17:00 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
Hi,
We are trying to add authentication when nodes join the network. Like
when other nodes start adding a node in their routing table. basically
authenticating the node.
We like to do with Threshold cryptography for authenticating.
cheers,
krishna
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [B.A.T.M.A.N.] Adding security on BATMAN-ADV
2014-05-21 17:00 ` Krishnathiepan Rasanayagam
@ 2014-05-21 18:18 ` Andrew Lunn
2014-05-22 5:53 ` Krishnathiepan Rasanayagam
0 siblings, 1 reply; 7+ messages in thread
From: Andrew Lunn @ 2014-05-21 18:18 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
On Wed, May 21, 2014 at 10:30:08PM +0530, Krishnathiepan Rasanayagam wrote:
> Hi,
>
> We are trying to add authentication when nodes join the network. Like
> when other nodes start adding a node in their routing table. basically
> authenticating the node.
So some form of HMAC on the packets between peers, and only accept
them if you can verify the HMAC.
You say here routing tables. So you are trying to authenticate routing
information. You don't care about actual data carried over the mesh?
That is not authenticated?
> We like to do with Threshold cryptography for authenticating.
So you mean you want at least X peers to be able to authenticate a
peer before it is allowed to join the mesh? So how do you boot strap
the system when the mesh is first forming and you don't have X peers?
Andrew
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [B.A.T.M.A.N.] Adding security on BATMAN-ADV
2014-05-21 18:18 ` Andrew Lunn
@ 2014-05-22 5:53 ` Krishnathiepan Rasanayagam
0 siblings, 0 replies; 7+ messages in thread
From: Krishnathiepan Rasanayagam @ 2014-05-22 5:53 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
hi,
The question you asked have made me to rethink
i'll go through my requirements and update it.
cheers,
krishna
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-05-22 5:53 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-20 13:19 [B.A.T.M.A.N.] Adding security on BATMAN-ADV Krishnathiepan Rasanayagam
2014-05-20 14:01 ` Andrew Lunn
2014-05-20 19:29 ` Krishnathiepan Rasanayagam
2014-05-20 21:41 ` Andrew Lunn
2014-05-21 17:00 ` Krishnathiepan Rasanayagam
2014-05-21 18:18 ` Andrew Lunn
2014-05-22 5:53 ` Krishnathiepan Rasanayagam
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox