WiFi mesh - network address associated with fingerprint of thenode's public key?

Discussion in 'Linux Networking' started by WZab, Feb 28, 2012.

  1. WZab

    WZab Guest


    I've experimented a little with spontaneously created mesh networks based on olsr protocol.
    The idea was, that the net is totally open, without any management nodes (so the network
    should survive as long as sufficient amount of users is on-line, creating the mesh).
    Therefore it was also not possible to provide any DHCP server.
    Everyone could connect selecting any free IP belonging to the pool of the addresses belonging
    to the network.
    Unfortunately, such simplistic scheme is not immune against IP conflicts (either occuring
    due to random selection of IP, or caused by malicious intruders trying to destroy the network).
    The network could be protected, if the IP address could be associated with the public key of
    the node (e.g. it could be based on fingerprint of this key).
    In this case the intruder could not spoof the particular node, unless he has the secret key
    associated with public kay matching that IP.
    When maintaining the network, nodes should check, that the node claiming to have particular
    IP really has the key pair matching it (by sending challenge encrypted with the public key, and
    requesting the response).

    Of course it could be difficult to add such mechanism to the IP4 based network (as with less than 2^32
    possible IP numbers it could could be possible to generate key matching any selected IP - even though
    it should be time consuming), but in IPv6 it should be doable.

    I don't know if this idea is new, neither if it is possible to implement in reasonable way,
    but it seems interesting...
    WZab, Feb 28, 2012
    1. Advertisements

  2. It sounds interesting. Could you explain more why you think DHCP, or
    some derivative, could not be used.
    William Colls, Feb 28, 2012
    1. Advertisements

  3. The problem is, that DHCP requires a server, while the network should be
    fully decentralized (all nodes are peers).
    It should be possible to switch off any node, and as long as sufficient
    amount of nodes is available (to assure routing) the network should be
    Wojtek Zabołotny, Feb 28, 2012
  4. WZab

    Tauno Voipio Guest

    Please re-read the DHCP speicifcation. It is possible to have several
    DHCP servers in the same network segment.
    Tauno Voipio, Feb 28, 2012
  5. WZab

    wzab Guest

    Yes, I know about it, but again this requires somehow centralized
    allocation of IP subnets and addresses.
    What I'm looking for, is a network which is based on peer nodes alone,
    while providing sufficient protection against node spoofing.
    The network should not contain any special nodes, which may be forced
    to go off-line, neither should it rely on any central database.
    The network should be able to function, whenever sufficient amount
    of nodes is available.
    In fact the olsr protocol assures that, however it is not immune
    the node IP spoofing.
    wzab, Feb 28, 2012
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.