Title: Diapositive 1
1 Securing OLSR Using Node Locations Daniele
Raffo Cédric Adjih Thomas Clausen
Paul Mühlethaler 11th European Wireless
Conference 2005 (EW 2005) April 10-13
2005 Nicosia, Cyprus
2Index
- The OLSR protocol
- Attacks against OLSR
- Overview of the GPS-based security extension to
OLSR - The SIGLOC control message
- Evaluating a nodes distance
- Evaluating a nodes movement
- Evaluating a nodes position
- Possible improvements to standard OLSR
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
1 / 12
3The OLSR protocol
OLSR is a proactive link state routing protocol
for ad hoc networks. Control messages containing
topology information are sent periodically HELLOs
links with neighbors (link state), MPR
selection 1 hop only, not forwarded TCs bi-dire
ctional links with nodes flooded via MPRs in
the entire network
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
2 / 12
4The OLSR protocol
Flooding is optimized via Multipoint Relays
(MPRs). Each node selects MPRs from among its
neighbors, such that a message emitted by that
node and relayed by its MPRs will be received by
all nodes 2 hops away. standard flooding
MPR broadcast
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
3 / 12
5Attacks against OLSR
Incorrect control traffic generation Identity
spoofing (spoofed originator of a HELLO or
TC) ? Wrong topology Link spoofing (false
HELLO or TC) ? Connectivity loss / Wrong MPR
selection Incorrect control traffic
relaying Failure to forward traffic ?
Connectivity loss Packet tampering ? Wrong
topology / Denial of Service Replay attack /
Wormhole attack ? Wrong topology
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
4 / 12
6Overview
The network is secured with a PKI, but a node X
may have been compromised. Problem How to
evaluate the correctness of X s control
messages? (from the point of view of link
state, topological information, etc) Solution
Add redundant information to control
messages. Information about node location
(obtained by an embedded GPS device) is included
in control messages to bound the nodes area of
effect. The position information is cross-checked
with link state information to spot any
inconsistency.
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
5 / 12
7SIGLOC control message
0 1 2
3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7
8 9 0 1 2 3 4 5 6 7 8 9 0 1 -----------
---------------------
Sign. Method Reserved MSN
Referrer ---------------
-----------------
Node location
------------------------
--------
Timestamp
------------------------
--------
Signature
------------------------
--------
This is done via a new OLSR control message
(SIGLOC), which contains GPS information as well
as a timestamped signature. Each node also
maintains a Position Table storing a set of
tuples lt node IP address, position, timestamp
gt containing the most recent geographical
positions of all other nodes.
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
6 / 12
8Evaluating a nodes distance
pA position of node A receiving B s message
at time tA (A s clock) pB position of sending
node B at time tB (B s clock) ?t max error of
synchronization between nodes ?d max error in
position information v max velocity of
nodes r max transmission range
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
7 / 12
9Evaluating a nodes distance
When this formula is false, the distance AB is
too great for the message to be heard. Therefore,
the message is probably a fake. Protection
against wormholing A receives a control message
from B. A checks if B is truly a neighbor by
evaluating the distance AB.
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
8 / 12
10Evaluating a nodes distance
Protection against link spoofing A advertises
a link with B. C receives A s control message
and checks the likelihood of the AB link by
evaluating the distance AB.
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
9 / 12
11Evaluating a nodes movement
Protection against false position
information Let pA and pB be the position of the
same node at instants tA and tB respectively. For
r0, this formula can be used to check if the
node is lying about its geographical
location. The values of pA , pB , tA , tB are
retrieved from the Position Table. If the formula
is false, the node is lying about where it
pretends to be (or about where it pretended to be
in the past).
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
10 / 12
12Evaluating a nodes position
Additional security comes from the use of a
directional antenna. This allows a node to
evaluate the direction from which the signal is
coming. In this case, the node can use this
formula to derive the sector in which the sender
should be.
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
11 / 12
13Improvements to standard OLSR
- Geographical information could also be used to
improve the standard OLSR protocol - improved MPR selection
- improved MPR flooding
- forecast of link breaks
Securing OLSR Using Node Locations
Daniele Raffo EW 2005
12 / 12