Mobile Ad Hoc NETworks (MANETs) scale up to several hundreds of routers, connecting often autonomously administrated routers/networks through an ad-hoc infrastructure, typically over wireless channels. This provides challenges, not only for the routing protocols managing the network connectivity, but also for maintaining this network connectivity in face of "open access" to the communication medium between routers.

Network integrity in routed networks is largely preserved by physically controlling access to the communications channel between routers: know thy peers, trust thy peers - and be able to disconnect thy peers if they are not worthy of the trust, e.g. if the topology they present does not match expectations. Routing integrity is thus protected by admitting only trusted peers, assuming that these, once admitted, are well behaving.

In a MANET operated over wireless interfaces, this is less obvious: physical access to the media between routers is not delimited by a cable, but is available to anyone within transmission range; the network topology is time-varying, either due to router mobility or due to time-varying characteristics of the channel -- consequently, determining that a peer does not present an "expected topology" and subsequently "disconnecting" it is difficult. As such, MANETs do not introduce particularly new security issues for routing protocols, but rather render existing security issues easier to exploit and, therefore, require re-examining counter-measures for routing protocol resilience.

OLSRv2 Security

Borrowing from the above, security in an OLSRv2 network can be thought of as the following elements:

Understanding the algorithmic vulnerabilities in OLSRv2, and their consequences;
Providing "admittance control", i.e. the ability to selectively admit routers to the exchange of routing protocol control traffic and thereby exclude non-trusted routers;
Providing detection mechanisms in order to - recognizing the largely unpredictable nature of MANETs - detect if an advertised topology (even if advertised by a trusted router) is outside of expectations, and take corrective action.

The work on securing OLSRv2 is based around understanding and managing these three elements.

Journal Publications

"Security Issues in the Optimized Link State Routing Protocol version 2”, U. Herberg, T. Clausen, International Journal of Network Security & Its Applications, Special Issue April, 2010

Conference Publications

"Router and Link Admittance Control in the Optimized Link State Routing Protocol version 2 (OLSRv2))” (Accepted, To Appear), T. Clausen, U. Herberg, in Proceedings of the 4th International Conference on Networking and System Security (NSS2010), Melbourne, Australia, 2010
"Digital Signatures for Admittance Control in the Optimized Link State Routing Protocol version 2", T. Clausen, U. Herberg, in Proceedings of the International Conference on Internet Technology and Applications (iTAP 2010), Wuhan, China.
"Vulnerability Analysis of the Optimized Link State Routing Protocol version 2 (OLSRv2)", T. Clausen, U. Herberg, in Proceedings of the 2010 IEEE International Conference on Wireless Communications, Networking and Information Security (WCNIS2010), Beijing, China.

Research Reports

“Router and Link Admittance Control in the Optimized Link State Routing Protocol version 2 (OLSRv2)”, T.Clausen, U. Herberg - INRIA RR-7248.pdf - (Open Archive)
“Security Issues in the Optimized Link State Routing Protocol version 2 (OLSRv2))”, T.Clausen, U. Herberg - INRIA RR-7218.pdf - (Open Archive)
"Digital Signatures for Admittance Control in the Optimized Link State Routing Protocol version 2", T.Clausen, U. Herberg, J. Milan - INRIA RR-7216.pdf - (Open Archive)
"Vulnerability Analysis of the Optimized Link State Routing Protocol version 2 (OLSRv2)", T.Clausen, U. Herberg - INRIA RR-7203.pdf - (Open Archive)

Standardization Body Contributions

"MANET Cryptographical Signature TLV Definition", U. Herberg, T. Clausen, , Internet Draft (work in progress), draft-ietf-manet-packetbb-sec-01, July 2010

"Security Threats for NHDP", U. Herberg, T. Clausen, Internet Draft (work in progress), draft-herberg-manet-nhdp-sec-threats-00, November 2009
"Cryptographical Signatures in NHDP", U. Herberg, T. Clausen, Internet Draft (work in progress), draft-herberg-manet-nhdp-sec-00, November 2009

T. Clausen and U. Herberg at IEEE-NSS 2010 in Melbourne, Australia, September 1-3
They will present the paper "Router and Link Admittance Control in the Optimized Link State Routing Protocol version 2 (OLSRv2))". Part of the OLSRv2 Security series of publications documenting efforts on providing secure, OLSRv2-based networks, this paper studies the use and performance of "fine-grained signatures".

Here's some more OLSRv2-security-related information on the Hipercom@LIX website:
Securing OLSRv2
+ More

T. Clausen and U. Herberg at IEEE-iTAP 2010 in Wuhan, China, August 21-23
They will present the paper "Digital Signatures for Admittance Control in the Optimized Link State Routing Protocol version 2". Part of the OLSRv2 Security series of publications documenting efforts on providing secure, OLSRv2-based networks, this paper emphasizes the use and performance of ECC for admittance control in OLSRv2-based networks.

Here's some more OLSRv2-security-related information on the Hipercom@LIX website:
Securing OLSRv2
+ More

IETF in Maastricht
Before and during the IETF in Maastricht, July 25-30 2010 a new slew of I-Ds happened, from the quills of Hipercom@LIX:

NHDP was updated after AD review, and IESG evaluation started - hopefully, this is the second-to-last document in the core OLSRv2 protocol suite.

The OLSRv2 mib document also was updated as was the NHDP mib document and the the PacketBB-SEC document -- the latter of which now is a working group document (yay!).

A new I-D, YAAP was published, detailing one current ad hoc address autoconfiguration protocol.

In the Wireless Sensor Networking area, two new documents were published: a p2p (sensor-to-sensor) extension to RPL and a performance study hereof.
+ More