Mobile Ad Hoc NETworks (MANETs) scale up to several hundreds of routers, connecting often autonomously administrated routers/networks through an ad-hoc infrastructure, typically over wireless channels. This provides challenges, not only for the routing protocols managing the network connectivity, but also for maintaining this network connectivity in face of "open access" to the communication medium between routers.

Network integrity in routed networks is largely preserved by physically controlling access to the communications channel between routers: know thy peers, trust thy peers - and be able to disconnect thy peers if they are not worthy of the trust, e.g. if the topology they present does not match expectations. Routing integrity is thus protected by admitting only trusted peers, assuming that these, once admitted, are well behaving.

In a MANET operated over wireless interfaces, this is less obvious: physical access to the media between routers is not delimited by a cable, but is available to anyone within transmission range; the network topology is time-varying, either due to router mobility or due to time-varying characteristics of the channel -- consequently, determining that a peer does not present an "expected topology" and subsequently "disconnecting" it is difficult.  As such, MANETs do not introduce particularly new security issues for routing protocols, but rather render existing security issues easier to exploit and, therefore, require re-examining counter-measures for routing protocol resilience.

OLSRv2 Security

Borrowing from the above, security in an OLSRv2 network can be thought of as the following elements:

• Understanding the algorithmic vulnerabilities in OLSRv2, and their consequences;
• Providing "admittance control", i.e. the ability to selectively admit routers to the exchange of routing protocol control traffic and thereby exclude non-trusted routers;
• Providing detection mechanisms in order to - recognizing the largely unpredictable nature of MANETs - detect if an advertised topology (even if advertised by a trusted router) is outside of expectations, and take corrective action.

The work on securing OLSRv2 is based around understanding and managing these three elements.

Journal Publications

• "Security Issues in the Optimized Link State Routing Protocol version 2”, U. Herberg, T. Clausen, International Journal of Network Security & Its Applications, Special Issue April, 2010

Conference Publications

• T. Clausen, U. Herberg, "Router and Link Admittance Control in the Optimized Link State Routing Protocol version 2 (OLSRv2)", Proceedings of the 4th International Conference on Network and System Security (NSS), September 2010
• U. Herberg, T. Clausen, J. Milan, "Digital Signatures for Admittance Control in the Optimized Link State Routing Protocol version 2", Proceedings of the International Conference on Internet Technology and Applications (iTAP), August 2010
• T. Clausen, U. Herberg, "Vulnerability Analysis of the Optimized Link State Routing Protocol version 2 (OLSRv2)", Proceedings of the International Conference on Wireless Communications, Networking and Information Security (WCNIS), June 2010

Research Reports

• T. Clausen, U. Herberg, Router and Link Admittance Control in the Optimized Link State Routing Protocol version 2 (OLSRv2), INRIA research report 7248, April 2010
• T. Clausen, U. Herberg, Security Issues in the Optimized Link State Routing Protocol version 2 (OLSRv2), INRIA research report 7218, March 2010
• T. Clausen, U. Herberg, J. Milan, Digital Signatures for Admittance Control in the Optimized Link State Routing Protocol version 2, INRIA research report 7216, February 2010
• T. Clausen, U. Herberg, Vulnerability Analysis of the Optimized Link State Routing Protocol version 2 (OLSRv2), INRIA research report 7203, February 2010

Standardization Body Contributions

• U. Herberg, T. Clausen, MANET Cryptographical Signature TLV Definition, Internet Draft (work in progress), draft-ietf-manet-packetbb-sec-02, November 2010