Internet Engineering Task Force (IETF)                        T. Clausen
Request for Comments: 8116
Category: Informational                                       U. Herberg
ISSN: 2070-1721
                                                                   J. Yi
                                                     Ecole Polytechnique
                                                                May 2017
        
Internet Engineering Task Force (IETF)                        T. Clausen
Request for Comments: 8116
Category: Informational                                       U. Herberg
ISSN: 2070-1721
                                                                   J. Yi
                                                     Ecole Polytechnique
                                                                May 2017
        

Security Threats to the Optimized Link State Routing Protocol Version 2 (OLSRv2)

优化链路状态路由协议版本2(OLSRv2)的安全威胁

Abstract

摘要

This document analyzes common security threats to the Optimized Link State Routing Protocol version 2 (OLSRv2) and describes their potential impacts on Mobile Ad Hoc Network (MANET) operations. It also analyzes which of these security vulnerabilities can be mitigated when using the mandatory-to-implement security mechanisms for OLSRv2 and how the vulnerabilities are mitigated.

本文档分析了优化链路状态路由协议版本2(OLSRv2)的常见安全威胁,并描述了它们对移动自组网(MANET)操作的潜在影响。它还分析了在使用强制实施OLSRv2安全机制时可以缓解哪些安全漏洞,以及如何缓解这些漏洞。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 7841.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 7841第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc8116.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc8116.

Copyright Notice

版权公告

Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2017 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
     1.1.  OLSRv2 Overview . . . . . . . . . . . . . . . . . . . . .   5
       1.1.1.  Neighborhood Discovery  . . . . . . . . . . . . . . .   5
       1.1.2.  MPR Selection . . . . . . . . . . . . . . . . . . . .   6
       1.1.3.  Link State Advertisement  . . . . . . . . . . . . . .   6
     1.2.  Link State Vulnerability Taxonomy . . . . . . . . . . . .   6
     1.3.  OLSRv2 Attack Vectors . . . . . . . . . . . . . . . . . .   7
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   7
   3.  Topology Map Acquisition  . . . . . . . . . . . . . . . . . .   7
     3.1.  Attack on Jittering . . . . . . . . . . . . . . . . . . .   8
     3.2.  Hop Count and Hop Limit Attacks . . . . . . . . . . . . .   8
       3.2.1.  Modifying the Hop Limit . . . . . . . . . . . . . . .   8
       3.2.2.  Modifying the Hop Count . . . . . . . . . . . . . . .   9
   4.  Effective Topology  . . . . . . . . . . . . . . . . . . . . .  10
     4.1.  Incorrect Forwarding  . . . . . . . . . . . . . . . . . .  10
     4.2.  Wormholes . . . . . . . . . . . . . . . . . . . . . . . .  11
     4.3.  Sequence Number Attacks . . . . . . . . . . . . . . . . .  12
       4.3.1.  Message Sequence Number . . . . . . . . . . . . . . .  12
       4.3.2.  Advertised Neighbor Sequence Number (ANSN)  . . . . .  12
     4.4.  Indirect Jamming  . . . . . . . . . . . . . . . . . . . .  12
   5.  Inconsistent Topology . . . . . . . . . . . . . . . . . . . .  15
     5.1.  Identity Spoofing . . . . . . . . . . . . . . . . . . . .  15
     5.2.  Link Spoofing . . . . . . . . . . . . . . . . . . . . . .  17
       5.2.1.  Inconsistent Topology Maps Due to Link State
               Advertisements  . . . . . . . . . . . . . . . . . . .  18
   6.  Mitigation of Security Vulnerabilities for OLSRv2 . . . . . .  19
     6.1.  Inherent OLSRv2 Resilience  . . . . . . . . . . . . . . .  19
     6.2.  Resilience by Using RFC 7183 with OLSRv2  . . . . . . . .  20
       6.2.1.  Topology Map Acquisition  . . . . . . . . . . . . . .  21
       6.2.2.  Effective Topology  . . . . . . . . . . . . . . . . .  21
       6.2.3.  Inconsistent Topology . . . . . . . . . . . . . . . .  22
     6.3.  Correct Deployment  . . . . . . . . . . . . . . . . . . .  22
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  22
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  23
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  23
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  23
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  26
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
     1.1.  OLSRv2 Overview . . . . . . . . . . . . . . . . . . . . .   5
       1.1.1.  Neighborhood Discovery  . . . . . . . . . . . . . . .   5
       1.1.2.  MPR Selection . . . . . . . . . . . . . . . . . . . .   6
       1.1.3.  Link State Advertisement  . . . . . . . . . . . . . .   6
     1.2.  Link State Vulnerability Taxonomy . . . . . . . . . . . .   6
     1.3.  OLSRv2 Attack Vectors . . . . . . . . . . . . . . . . . .   7
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   7
   3.  Topology Map Acquisition  . . . . . . . . . . . . . . . . . .   7
     3.1.  Attack on Jittering . . . . . . . . . . . . . . . . . . .   8
     3.2.  Hop Count and Hop Limit Attacks . . . . . . . . . . . . .   8
       3.2.1.  Modifying the Hop Limit . . . . . . . . . . . . . . .   8
       3.2.2.  Modifying the Hop Count . . . . . . . . . . . . . . .   9
   4.  Effective Topology  . . . . . . . . . . . . . . . . . . . . .  10
     4.1.  Incorrect Forwarding  . . . . . . . . . . . . . . . . . .  10
     4.2.  Wormholes . . . . . . . . . . . . . . . . . . . . . . . .  11
     4.3.  Sequence Number Attacks . . . . . . . . . . . . . . . . .  12
       4.3.1.  Message Sequence Number . . . . . . . . . . . . . . .  12
       4.3.2.  Advertised Neighbor Sequence Number (ANSN)  . . . . .  12
     4.4.  Indirect Jamming  . . . . . . . . . . . . . . . . . . . .  12
   5.  Inconsistent Topology . . . . . . . . . . . . . . . . . . . .  15
     5.1.  Identity Spoofing . . . . . . . . . . . . . . . . . . . .  15
     5.2.  Link Spoofing . . . . . . . . . . . . . . . . . . . . . .  17
       5.2.1.  Inconsistent Topology Maps Due to Link State
               Advertisements  . . . . . . . . . . . . . . . . . . .  18
   6.  Mitigation of Security Vulnerabilities for OLSRv2 . . . . . .  19
     6.1.  Inherent OLSRv2 Resilience  . . . . . . . . . . . . . . .  19
     6.2.  Resilience by Using RFC 7183 with OLSRv2  . . . . . . . .  20
       6.2.1.  Topology Map Acquisition  . . . . . . . . . . . . . .  21
       6.2.2.  Effective Topology  . . . . . . . . . . . . . . . . .  21
       6.2.3.  Inconsistent Topology . . . . . . . . . . . . . . . .  22
     6.3.  Correct Deployment  . . . . . . . . . . . . . . . . . . .  22
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  22
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  23
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  23
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  23
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  26
        
1. Introduction
1. 介绍
   The Optimized Link State Routing Protocol version 2 (OLSRv2)
   [RFC7181] is a successor to OLSR [RFC3626] as a routing protocol for
   Mobile Ad Hoc Networks (MANETs).  OLSRv2 retains the same basic
   algorithms as its predecessor; however, it offers various
   improvements, e.g., a modular and flexible architecture allowing
   extensions (such as for security) to be developed as add-ons to the
   basic protocol.  Such building blocks and modules include [RFC5148],
   [RFC5444], [RFC5497], [RFC6130], [RFC7182], [RFC7183], [RFC7187],
   [RFC7188], [RFC7466], etc.
        
   The Optimized Link State Routing Protocol version 2 (OLSRv2)
   [RFC7181] is a successor to OLSR [RFC3626] as a routing protocol for
   Mobile Ad Hoc Networks (MANETs).  OLSRv2 retains the same basic
   algorithms as its predecessor; however, it offers various
   improvements, e.g., a modular and flexible architecture allowing
   extensions (such as for security) to be developed as add-ons to the
   basic protocol.  Such building blocks and modules include [RFC5148],
   [RFC5444], [RFC5497], [RFC6130], [RFC7182], [RFC7183], [RFC7187],
   [RFC7188], [RFC7466], etc.
        

The developments reflected in OLSRv2 have been motivated by increased real-world deployment experiences, e.g., from networks such as FunkFeuer [FUNKFEUER], and the requirements to be addressed for continued successful operation of these networks. With participation in such networks increasing (the FunkFeuer community network has, e.g., roughly 400 individual participants at the time of publication of this document), operating under the assumption that participants can be "trusted" to behave in a non-destructive way, is naive. With deployment in the wider Internet, and a resultant increase in user numbers, an increase in attacks and abuses has followed necessitating a change in recommended practices. For example, SMTP servers, which were initially available for use by everyone on the Internet, require authentication and accounting for users today [RFC5068].

OLSRv2中反映的发展是由现实世界部署经验的增加(例如来自FunkFeuer[FunkFeuer]等网络)以及这些网络持续成功运行所需满足的要求推动的。随着参与此类网络的人数不断增加(FunkFeuer社区网络在本文件发布时约有400名个人参与者),在参与者可以“信任”以非破坏性方式行事的假设下运作是幼稚的。随着在更广泛的互联网上的部署,以及由此导致的用户数量的增加,随之而来的攻击和滥用行为的增加,需要改变推荐的做法。例如,SMTP服务器最初可供Internet上的所有人使用,现在需要对用户进行身份验证和记帐[RFC5068]。

As OLSRv2 is often used in wireless environments, it is potentially exposed to different kinds of security threats, some of which are of greater significance when compared to wired networks. As radio signals can be received as well as transmitted by any compatible wireless device within radio range, there are commonly no physical constraints on the conformation of nodes and communication links that make up the network (as could be expected for wired networks).

由于OLSRv2通常用于无线环境,因此它可能会受到不同类型的安全威胁,与有线网络相比,其中一些安全威胁更为重要。由于无线电信号可以由无线电范围内的任何兼容无线设备接收和传输,因此通常对构成网络的节点和通信链路的构造没有物理限制(有线网络也可能如此)。

A first step towards hardening against attacks disrupting the connectivity of a network is to understand the vulnerabilities of the routing protocol managing the connectivity. Therefore, this document analyzes OLSRv2 in order to understand its inherent vulnerabilities and resilience. The authors do not claim completeness of the analysis but hope that the identified attacks, as presented, form a meaningful starting point for developing and deploying increasingly well-secured OLSRv2 networks.

加强对破坏网络连接的攻击的第一步是了解管理连接的路由协议的漏洞。因此,本文件对OLSRv2进行分析,以了解其固有的脆弱性和弹性。作者并不声称分析的完整性,但希望所提出的已识别的攻击能够成为开发和部署越来越安全的OLSRv2网络的一个有意义的起点。

This document describes security vulnerabilities of OLSRv2 when it is used without the mandatory-to-implement security mechanisms, as specified in Section 23.5 of [RFC7181]. It also analyzes which of these security vulnerabilities can be mitigated when using the mandatory-to-implement security mechanisms for OLSRv2 and how the

如[RFC7181]第23.5节所述,本文件描述了在没有强制实施安全机制的情况下使用OLSRv2时的安全漏洞。它还分析了在使用强制实施OLSRv2安全机制时可以缓解哪些安全漏洞,以及

vulnerabilities are mitigated. This separation is important since, as explicitly stated in [RFC7181]:

漏洞得到缓解。这种分离很重要,因为正如[RFC7181]中明确指出的:

Any deployment of OLSRv2 SHOULD use the security mechanism specified in [RFC7183] but MAY use another mechanism if more appropriate in an OLSRv2 deployment. For example, for longer-term OLSRv2 deployments, alternative security mechanisms (e.g., rekeying) SHOULD be considered.

OLSRv2的任何部署都应使用[RFC7183]中指定的安全机制,但如果在OLSRv2部署中更合适,可以使用另一种机制。例如,对于长期的OLSRv2部署,应考虑替代安全机制(例如,密钥更新)。

Moreover, this document is also based on the assumption that no additional security mechanism such as IPsec is used in the IP layer, or other mechanisms on lower layers, as not all MANET deployments may be able to accommodate such common protection mechanisms (e.g., because of limited resources of MANET routers).

此外,本文档还基于这样的假设,即在IP层中没有使用诸如IPsec之类的附加安全机制,或者在较低层上没有使用其他机制,因为并非所有MANET部署都能够容纳这种通用保护机制(例如,由于MANET路由器的资源有限)。

As NHDP is a fundamental component of OLSRv2, the vulnerabilities of NHDP, discussed in [RFC7186], also apply to OLSRv2.

由于NHDP是OLSRv2的基本组成部分,[RFC7186]中讨论的NHDP漏洞也适用于OLSRv2。

It should be noted that many OLSRv2 implementations are configurable, and so an attack on the configuration system (such as [RFC7939] and [RFC7184]) can be used to adversely affect the operation of an OLSRv2 implementation.

应注意,许多OLSRv2实现是可配置的,因此对配置系统的攻击(如[RFC7939]和[RFC7184])可用于对OLSRv2实现的操作产生不利影响。

1.1. OLSRv2 Overview
1.1. OLSRv2概述

OLSRv2 contains three basic processes: neighborhood discovery, Multipoint Relay (MPR) selection, and Link State Advertisements (LSAs). They are described in the sections below with sufficient details to allow elaboration of the analyses in this document.

OLSRv2包含三个基本过程:邻域发现、多点中继(MPR)选择和链路状态公告(LSA)。下文各节对其进行了详细描述,以详细说明本文件中的分析。

1.1.1. Neighborhood Discovery
1.1.1. 邻域发现

Neighborhood discovery is the process whereby each router discovers the routers that are in direct communication range of itself (1-hop neighbors) and detects with which of these it can establish bidirectional communication. Each router sends HELLO messages periodically, listing the identifiers of all the routers from which it has recently received a HELLO message as well as the "status" of the link (heard or verified bidirectional). A router A receiving a HELLO message from a neighbor router B, in which B indicates it has recently received a HELLO message from A, considers the link A-B to be bidirectional. As B lists identifiers of all its neighbors in its HELLO message, A learns the "neighbors of its neighbors" (2-hop neighbors) through this process. HELLO messages are sent periodically; however, certain events may trigger non-periodic HELLOs. OLSRv2 [RFC7181] uses NHDP [RFC6130] as its neighborhood discovery mechanism. The vulnerabilities of NHDP are analyzed in [RFC7186].

邻域发现是指每个路由器发现其自身直接通信范围内的路由器(1跳邻居)并检测其可以建立双向通信的路由器的过程。每个路由器定期发送HELLO消息,列出最近从中接收HELLO消息的所有路由器的标识符以及链路的“状态”(听到或验证)。从邻居路由器B接收HELLO消息的路由器A,其中B指示其最近从A接收HELLO消息,认为链路A-B是双向的。当B在其HELLO消息中列出其所有邻居的标识符时,A通过此过程学习“其邻居的邻居”(2跳邻居)。HELLO消息定期发送;然而,某些事件可能会触发非周期性Hello。OLSRv2[RFC7181]使用NHDP[RFC6130]作为其邻域发现机制。[RFC7186]中分析了NHDP的漏洞。

1.1.2. MPR Selection
1.1.2. MPR选择

Multipoint Relay (MPR) selection is the process whereby each router is able to identify a set of relays for efficiently conducting network-wide broadcasts. Each router designates, from among its bidirectional neighbors, a subset (the "MPR set") such that an OLSRv2-specific multicast message transmitted by the router and relayed by the MPR set can be received by all its 2-hop neighbors. MPR selection is encoded in outgoing NHDP HELLO messages.

多点中继(MPR)选择是指每个路由器能够识别一组中继以有效地进行网络范围广播的过程。每个路由器从其双向邻居中指定一个子集(“MPR集”),使得由路由器发送并由MPR集中继的OLSRv2特定多播消息可由其所有2跳邻居接收。MPR选择编码在传出NHDP HELLO消息中。

In their HELLO messages, routers may express their "willingness" to be selected as an MPR using an integer between 0 and 7 ("will never" to "will always"). This is taken into consideration for the MPR calculation and is useful, for example, when an OLSRv2 network is "planned". The set of routers having selected a given router as an MPR is the MPR selector set of that router. A study of the MPR flooding algorithm can be found in [MPR-FLOODING].

在它们的HELLO消息中,路由器可以使用0到7之间的整数(“永远”到“永远”)来表示它们“愿意”被选择为MPR。这在MPR计算中得到考虑,例如,当“规划”OLSRv2网络时,这是有用的。选择给定路由器作为MPR的路由器集是该路由器的MPR选择器集。关于MPR泛洪算法的研究可在[MPR-flooding]中找到。

1.1.3. Link State Advertisement
1.1.3. 链接状态广告

Link State Advertisement (LSA) is the process whereby routers determine which link state information to advertise through the network. Each router must advertise, at least, all links between itself and its MPR selectors in order to allow all routers to calculate shortest paths. Such LSAs are carried in Topology Control (TC) messages, which are broadcast through the network using the MPR flooding process described in Section 1.1.2. As a router selects MPRs only from among bidirectional neighbors, links advertised in TC are also bidirectional and routing paths calculated by OLSRv2 contain only bidirectional links. TCs are sent periodically; however, certain events may trigger non-periodic TCs.

链路状态播发(LSA)是路由器确定通过网络播发哪个链路状态信息的过程。每个路由器必须至少公布其自身与其MPR选择器之间的所有链路,以便允许所有路由器计算最短路径。此类LSA包含在拓扑控制(TC)消息中,使用第1.1.2节所述的MPR泛洪过程通过网络进行广播。由于路由器仅从双向邻居中选择MPR,TC中公布的链路也是双向的,并且OLSRv2计算的路由路径仅包含双向链路。tc被周期性地发送;但是,某些事件可能会触发非周期性TCs。

1.2. Link State Vulnerability Taxonomy
1.2. 链接状态漏洞分类法

Proper functioning of OLSRv2 assumes that:

OLSRv2的正常运行假设:

o each router signals its presence in the network and the topology information that it obtained correctly;

o 每个路由器用信号表示其在网络中的存在及其正确获得的拓扑信息;

o each router can acquire and maintain a topology map that accurately reflects the effective network topology; and,

o 每个路由器都可以获取并维护一个准确反映有效网络拓扑的拓扑图;和

o that the network converges, i.e., that all routers in the network will have sufficiently identical topology maps.

o 网络聚合,即网络中的所有路由器将具有足够相同的拓扑图。

An OLSRv2 network can be disrupted by breaking any of these assumptions, specifically that (a) routers may be prevented from acquiring a topology map of the network, (b) routers may acquire a

OLSRv2网络可以通过打破这些假设中的任何一个而中断,具体地说,(a)路由器可以被阻止获取网络的拓扑图,(b)路由器可以获取网络的拓扑图

topology map that does not reflect the effective network topology, and (c) two or more routers may acquire inconsistent topology maps.

不反映有效网络拓扑的拓扑图,以及(c)两个或多个路由器可能获取不一致的拓扑图。

1.3. OLSRv2 Attack Vectors
1.3. OLSRv2攻击向量

Besides "radio jamming", attacks on OLSRv2 consist of a compromised OLSRv2 router injecting apparently correct, but invalid, control traffic (TCs, HELLOs) into the network. A compromised OLSRv2 router can either (a) advertise erroneous information about itself (its identification and its willingness to serve as an MPR), henceforth called identity spoofing, or (b) advertise erroneous information about its relationship to other routers (pretend existence of links to other routers), henceforth called link spoofing. Such attacks may disrupt the LSA process by targeting the MPR flooding mechanism or by causing incorrect link state information to be included in TCs, causing routers to have incomplete, inaccurate, or inconsistent topology maps. In a different class of attacks, a compromised OLSRv2 router injects control traffic designed so as to cause an in-router resource exhaustion, e.g., by causing the algorithms calculating routing tables or MPR sets to be invoked continuously, preventing the internal state of a router from converging, which depletes the energy of battery-driven routers, etc.

除了“无线电干扰”,对OLSRv2的攻击还包括一个受损的OLSRv2路由器向网络中注入明显正确但无效的控制流量(TCs,HELLOs)。受损的OLSRv2路由器可以(A)公布关于自身的错误信息(其标识及其充当MPR的意愿),此后称为身份欺骗,或者(b)公布关于其与其他路由器关系的错误信息(假装存在与其他路由器的链接),此后称为链接欺骗。此类攻击可能会以MPR洪泛机制为目标,或导致TCs中包含不正确的链路状态信息,导致路由器的拓扑图不完整、不准确或不一致,从而中断LSA过程。在不同类别的攻击中,受损的OLSRv2路由器注入控制通信量,以导致路由器内资源耗尽,例如,通过使计算路由表或MPR集的算法被连续调用,防止路由器的内部状态会聚,消耗电池驱动的路由器等的能量。

2. Terminology
2. 术语

This document uses the terminology and notation defined in [RFC5444], [RFC6130], and [RFC7181]. Additionally, it defines the following terminology:

本文件使用[RFC5444]、[RFC6130]和[RFC7181]中定义的术语和符号。此外,它还定义了以下术语:

Compromised OLSRv2 router: An attacker that eavesdrops on the network traffic and/or generates syntactically correct OLSRv2 control messages. Control messages emitted by a compromised OLSRv2 router may contain additional information or omit information, as compared to a control message generated by a non-compromised OLSRv2 router located in the same topological position in the network.

受损的OLSRv2路由器:窃听网络流量和/或生成语法正确的OLSRv2控制消息的攻击者。与位于网络中相同拓扑位置的未受损OLSRv2路由器生成的控制消息相比,受损OLSRv2路由器发出的控制消息可能包含附加信息或省略信息。

Legitimate OLSRv2 router: An OLSRv2 router that is not a compromised OLSRv2 router.

合法OLSRv2路由器:不是受损OLSRv2路由器的OLSRv2路由器。

3. Topology Map Acquisition
3. 拓扑图获取

Topology Map Acquisition relates to the ability for any given router in the network to acquire a representation of the network connectivity. A router that is unable to acquire a topology map is incapable of calculating routing paths and participating in forwarding data. Topology map acquisition can be hindered by (i) TCs

拓扑图获取涉及网络中任何给定路由器获取网络连接表示的能力。无法获取拓扑图的路由器无法计算路由路径和参与转发数据。拓扑图采集可能会受到(i)TCs的阻碍

not being delivered to (all) routers in the network, such as what happens in case of flooding disruption, or (ii) in case of "jamming" of the communication channel.

未交付给网络中的(所有)路由器,如洪水中断时发生的情况,或(ii)通信信道“干扰”时发生的情况。

The jamming and flooding disruption due to identity spoofing and link spoofing have been discussed in [RFC7186].

[RFC7186]中讨论了身份欺骗和链路欺骗导致的干扰和洪水中断。

3.1. Attack on Jittering
3.1. 攻击抖动

OLSRv2 incorporates a jittering mechanism: a random, but bounded, delay on outgoing control traffic [RFC5148]. This may be necessary when link layers (such as 802.11 [IEEE802.11]) are used that do not guarantee collision-free delivery of frames and where jitter can reduce the probability of collisions of frames on lower layers.

OLSRv2包含一种抖动机制:传出控制流量上的随机但有界延迟[RFC5148]。当使用的链路层(例如802.11[IEEE802.11])不能保证帧的无冲突传送,并且抖动可以降低较低层上帧的冲突概率时,这可能是必要的。

In OLSRv2, TC forwarding is jittered by a value between 0 and MAX_JITTER. In order to reduce the number of transmissions, when a control message is due for transmission, OLSRv2 piggybacks all queued messages into a single transmission. Thus, if a compromised OLSRv2 router sends many TCs within a very short time interval, the jitter time of the attacked router tends towards 0. This renders jittering ineffective and can lead to collisions on the link layer.

在OLSRv2中,TC转发受到介于0和最大抖动之间的值的抖动。为了减少传输次数,当控制消息要传输时,OLSRv2将所有排队的消息装载到单个传输中。因此,如果受损的OLSRv2路由器在很短的时间间隔内发送许多TC,则受攻击路由器的抖动时间趋于0。这使得抖动无效,并可能导致链接层上的冲突。

In addition to causing more collisions, forwarding a TC with little or no jittering can make sure that the TC message forwarded by a compromised router arrives before the message forwarded by legitimate routers. The compromised router can thus inject malicious content in the TC: for example, if the message identification is spoofed, the legitimate message will be discarded as a duplicate message. This preemptive action is important for some of the attacks introduced in the following sections.

除了造成更多的冲突外,转发一个几乎没有抖动的TC可以确保被破坏的路由器转发的TC消息在合法路由器转发的消息之前到达。因此,受损路由器可以在TC中注入恶意内容:例如,如果消息标识被欺骗,合法消息将作为重复消息丢弃。这种先发制人的行动对于以下部分介绍的一些攻击非常重要。

3.2. Hop Count and Hop Limit Attacks
3.2. 跳数和跳数限制攻击

The hop count and hop limit fields are the only parts of a TC that are modified when forwarding; therefore, they are not protected by integrity check mechanisms. A compromised OLSRv2 router can modify either of these when forwarding TCs.

跃点计数和跃点限制字段是在转发时修改的TC的唯一部分;因此,它们不受完整性检查机制的保护。受损的OLSRv2路由器在转发TCs时可以修改其中任何一个。

3.2.1. Modifying the Hop Limit
3.2.1. 修改跃点限制

A compromised OLSRv2 router can decrease the hop limit when forwarding a TC. This will reduce the scope of forwarding for the message and may lead to some routers in the network not receiving that TC. Note that this is not necessarily the same as not relaying the message (i.e., setting the hop limit to 0), as is illustrated in Figure 1.

在转发TC时,受损的OLSRv2路由器可以降低跳数限制。这将减少消息的转发范围,并可能导致网络中的某些路由器未接收到该TC。注意,这不一定与不中继消息相同(即,将跃点限制设置为0),如图1所示。

                                 .---.
                                 | X |
                               --'---' __
                              /          \
                             /            \
                         .---.              .---.
             TC ----->   | A |              | C |
                         '---'              '---'
                             \    .---.   /
                              \-- | B |__/
                                  '---'
        
                                 .---.
                                 | X |
                               --'---' __
                              /          \
                             /            \
                         .---.              .---.
             TC ----->   | A |              | C |
                         '---'              '---'
                             \    .---.   /
                              \-- | B |__/
                                  '---'
        

Figure 1: Hop Limit Attack

图1:跳数限制攻击

A TC arrives at and is forwarded by router A such that it is received by both B and the malicious X. X can forward the TC without any delay (including without jitter) such that its transmissions arrive before that of B at C. Before forwarding, it significantly reduces the hop limit of the message. Router C receives the TC, processes (and forwards) it, and marks it as already received -- causing it to discard further copies received from B. Thus, if the TC is forwarded by C, it has a very low hop limit and will not reach the whole network.

TC到达路由器A并由路由器A转发,以便B和恶意X都能接收到它。X可以无延迟(包括无抖动)转发TC,以便其传输在B到C之前到达。在转发之前,它显著降低了消息的跳数限制。路由器C接收TC,处理(并转发)它,并将其标记为已接收——导致它丢弃从B接收的更多副本。因此,如果TC由C转发,它的跳数限制非常低,不会到达整个网络。

3.2.2. Modifying the Hop Count
3.2.2. 修改跃点计数

A compromised OLSRv2 router can modify the hop count when forwarding a TC. This may have two consequences: (i) if the hop count is set to the maximum value, then the TC will be forwarded no further or (ii) artificially manipulating the hop count may affect the validity time as calculated by recipients, when using distance-dependent validity times as defined in [RFC5497] (e.g., as part of a Fish Eye extension to OLSR2 [OLSR-FSR] [OLSR-FSR-Scaling]).

受损的OLSRv2路由器可以在转发TC时修改跃点计数。这可能有两个后果:(i)如果跳数设置为最大值,则TC将不再转发,或者(ii)当使用[RFC5497]中定义的距离相关有效时间(例如,作为OLSR2鱼眼扩展的一部分)时,人为操纵跳数可能会影响接收者计算的有效时间[OLSR-FSR][OLSR-FSR缩放])。

              v_time(3hops)=9s  v_time(4hops)=12s   v_time(5hops)=15s
     .---.           .---.          .---.           .---.
     | A |-- ... --> | B | -------> | X |---------->| C |
     `---'           `---'          `---'           `---'
        
              v_time(3hops)=9s  v_time(4hops)=12s   v_time(5hops)=15s
     .---.           .---.          .---.           .---.
     | A |-- ... --> | B | -------> | X |---------->| C |
     `---'           `---'          `---'           `---'
        

Figure 2: Different Validity Times Based on the Distance in Hops

图2:基于跳跃距离的不同有效时间

In Figure 2, router A sends a TC with a validity time of 9 seconds for routers in a 3-hop distance, 12 seconds for routers in a 4-hop distance, and 15 seconds in a 5-hop distance. If X is a compromised OLSRv2 router and modifies the hop count (say, by decreasing it to 3), then C will calculate the validity time of received information to 9 seconds -- after which it expires unless refreshed. If TCs from

在图2中,路由器A发送一个TC,对于3跳距离的路由器,有效时间为9秒,对于4跳距离的路由器,有效时间为12秒,对于5跳距离的路由器,有效时间为15秒。如果X是一个受损的OLSRv2路由器,并且修改了跳数(比如,将跳数减少到3),那么C将计算接收到的信息的有效时间为9秒——在此之后,除非刷新,否则它将过期。如果TCs来自

A are sent less frequently than that up to 4 hops, this causes links advertised in such TCs to be only intermittently available to C.

A的发送频率低于4跳,这导致在此类tc中广告的链路只能间歇地供C使用。

4. Effective Topology
4. 有效拓扑

Link state protocols assume that each router can acquire an accurate topology map that reflects the effective network topology. This implies that the routing protocol is able to identify a path from a source to a destination, and this path is valid for forwarding data traffic. If an attacker disturbs the correct protocol behavior, the perceived topology map of a router can permanently differ from the effective topology.

链路状态协议假设每个路由器都可以获得反映有效网络拓扑的准确拓扑图。这意味着路由协议能够识别从源到目标的路径,并且该路径对于转发数据流量有效。如果攻击者干扰正确的协议行为,路由器的感知拓扑图可能会与有效拓扑永久不同。

Consider the example in Figure 3(a), which illustrates the topology map as acquired by router S. This topology map indicates that the routing protocol has identified that for S, a path exists to D via B, which it therefore assumes can be used for transmitting data. If B does not forward data traffic from S, then the topology map in S does not accurately reflect the effective network topology. Rather, the effective network topology from the point of view of S would be as indicated in Figure 3(b): D is not part of the network reachable from router S.

考虑图3(a)中的例子,它说明了由路由器S获取的拓扑图。这个拓扑图表明路由协议已经确定了对于S来说,路径存在于D通过B,因此它假定可以用于传输数据。如果B不转发来自S的数据流量,则S中的拓扑图不能准确反映有效的网络拓扑。相反,从S的角度来看,有效的网络拓扑如图3(b)所示:D不是可从路由器S到达的网络的一部分。

           .---.    .---.    .---.           .---.    .---.
           | S |----| B |----| D |           | S |----| B |
           `---'    `---'    `---'           `---'    `---'
        
           .---.    .---.    .---.           .---.    .---.
           | S |----| B |----| D |           | S |----| B |
           `---'    `---'    `---'           `---'    `---'
        

(a) (b)

(a) (b)

Figure 3: Incorrect Data Traffic Forwarding

图3:不正确的数据流量转发

Some of the attacks related to NHDP, such as message timing attacks and indirect channel overloading, are discussed in [RFC7186]. Other threats specific to OLSRv2 are further detailed in this section.

[RFC7186]中讨论了与NHDP相关的一些攻击,如消息定时攻击和间接通道过载。本节将进一步详细介绍OLSRv2特有的其他威胁。

4.1. Incorrect Forwarding
4.1. 不正确的转发

OLSRv2 routers exchange information using link-local transmissions (link-local multicast or limited broadcast) for their control messages, with the routing process in each router retransmitting received messages destined for network-wide diffusion. Thus, if the operating system in a router is not configured to enable forwarding, this will not affect the operating of the routing protocol or the topology map acquired by the routing protocol. It will, however, cause a discrepancy between the effective topology and the topology map, as indicated in Figures 3(a) and 3(b).

OLSRv2路由器使用链路本地传输(链路本地多播或有限广播)为其控制消息交换信息,每个路由器中的路由过程重新传输以网络范围扩散为目的地的接收消息。因此,如果路由器中的操作系统未配置为启用转发,则这不会影响路由协议的操作或路由协议获取的拓扑图。然而,这将导致有效拓扑和拓扑图之间的差异,如图3(a)和3(b)所示。

This situation is not hypothetical. A common error seen when deploying OLSRv2-based networks using a Linux-based computer as a router is to neglect enabling IP forwarding, which effectively becomes an accidental attack of this type.

这种情况不是假设的。使用基于Linux的计算机作为路由器部署基于OLSRv2的网络时出现的一个常见错误是忽略启用IP转发,这实际上成为此类意外攻击。

4.2. Wormholes
4.2. 虫洞

A wormhole, depicted in the example in Figure 4, may be established between two collaborating devices that are connected by an out-of-band channel. These devices send traffic through the "tunnel" to their alter ego, which "replays" the traffic. Thus, routers D and S appear as if direct neighbors and are reachable from each other in 1 hop through the tunnel, with the path through the MANET being 100 hops long.

图4中的示例中描述的虫洞可以在通过带外信道连接的两个协作设备之间建立。这些设备通过“隧道”将流量发送给他们的另一个自我,后者“重放”流量。因此,路由器D和S看起来像是直接邻居,并且通过隧道在1跳内彼此可到达,通过MANET的路径为100跳长。

        .---.                                     .---.
        | S |----   ....100-hop-long path  ... ---| D |
        `---.                                   / `---'
            \                                  /
             \                                /
              \X=============================X
        
        .---.                                     .---.
        | S |----   ....100-hop-long path  ... ---| D |
        `---.                                   / `---'
            \                                  /
             \                                /
              \X=============================X
        

1-hop path via wormhole

通过虫洞的单跳路径

Figure 4: Wormholing between Two Collaborating Devices Not Participating in the Routing Protocol

图4:未参与路由协议的两个协作设备之间的虫洞

The consequences of such a wormhole in the network depend on the detailed behavior of the wormhole. If the wormhole relays only control traffic, but not data traffic, the same considerations as in Section 4.1 apply. If, however, the wormhole relays all traffic (control and data alike), it is identical, connectivity wise, to a usable link - and the routing protocol will correctly generate a topology map reflecting the effective network topology. The efficiency of the topology obtained depends on (i) the wormhole characteristics, (ii) how the wormhole presents itself, and (iii) how paths are calculated.

网络中这种虫洞的后果取决于虫洞的详细行为。如果虫洞中继仅控制通信量,而不控制数据通信量,则第4.1节中的注意事项同样适用。但是,如果虫洞中继所有通信量(控制和数据相似),则虫洞与可用链路的连接完全相同,路由协议将正确生成反映有效网络拓扑的拓扑图。所获得拓扑的效率取决于(i)虫洞特征,(ii)虫洞如何呈现自身,以及(iii)路径如何计算。

Assuming that paths are calculated with unit cost for all links, including the "link" presented by the wormhole, if the real characteristics of the wormhole are as if it were a path of more than 100 hops (e.g., with respect to delay, bandwidth, etc.), then the presence of the wormhole results in a degradation in performance as compared to using the non-wormhole path. Conversely, if the "link" presented by the wormhole has better characteristics, the wormhole results in improved performance.

假设所有链路(包括虫洞呈现的“链路”)的路径均以单位成本计算,如果虫洞的实际特征就好像它是一条超过100跳的路径(例如,关于延迟、带宽等),然后,与使用非虫洞路径相比,虫洞的存在导致性能降低。相反,如果虫洞呈现的“链接”具有更好的特性,则虫洞会导致性能的提高。

If paths are calculated using non-unit-costs for all links, and if the cost of the "link" presented by the wormhole correctly represents the actual cost (e.g., if the cost is established through measurements across the wormhole), then the wormhole may, in the worst case, cause no degradation in performance or, in the best case, improve performance by offering a better path. If the cost of the "link" presented by the wormhole is misrepresented, then the same considerations as for unit-cost links apply.

如果使用所有链路的非单位成本计算路径,并且如果虫洞呈现的“链路”成本正确地表示实际成本(例如,如果通过测量虫洞来确定成本),则虫洞在最坏情况下可能不会导致性能下降,或者在最佳情况下,通过提供更好的路径来提高性能。如果虫洞提供的“链接”的成本被误报,那么与单位成本链接相同的考虑也适用。

An additional consideration with regard to wormholes is that they may present topologically attractive paths for the network; however, it may be undesirable to have data traffic transit such a path. An attacker could, by virtue of introducing a wormhole, acquire the ability to record and inspect transiting data traffic.

关于虫洞的另一个考虑是,它们可能为网络提供拓扑上有吸引力的路径;然而,可能不希望数据流量通过这样的路径传输。通过引入虫洞,攻击者可以获得记录和检查传输数据流量的能力。

4.3. Sequence Number Attacks
4.3. 序列号攻击

OLSRv2 uses two different sequence numbers in TCs to (i) avoid processing and forwarding the same message more than once (Message Sequence Number) and to (ii) ensure that old information, arriving late due to, e.g., long paths or other delays, is not allowed to overwrite more recent information generated (Advertised Neighbor Sequence Number (ANSN)).

OLSRv2在TCs中使用两个不同的序列号,以(i)避免多次处理和转发同一消息(消息序列号)和(ii)确保由于长路径或其他延迟而延迟到达的旧信息不允许覆盖最近生成的信息(公布的邻居序列号(ANSN)).

4.3.1. Message Sequence Number
4.3.1. 消息序列号

An attack may consist of a compromised OLSRv2 router spoofing the identity of another router in the network and transmitting a large number of TCs, each with different Message Sequence Numbers. Subsequent TCs with the same sequence numbers, originating from the router whose identity was spoofed, would hence be ignored until eventually information concerning these "spoofed" TCs expires.

攻击可能包括受损的OLSRv2路由器欺骗网络中另一路由器的身份,并传输大量TCs,每个TCs具有不同的消息序列号。因此,具有相同序列号的后续TCs(源自身份被欺骗的路由器)将被忽略,直到有关这些“欺骗”TCs的信息最终过期。

4.3.2. Advertised Neighbor Sequence Number (ANSN)
4.3.2. 播发邻居序列号(ANSN)

An attack may consist of a compromised OLSRv2 router spoofing the identity of another router in the network and transmitting a single TC with an ANSN significantly larger than that which was last used by the legitimate router. Routers will retain this larger ANSN as "the most recent information" and discard subsequent TCs with lower sequence numbers as being "old".

攻击可能包括受损的OLSRv2路由器欺骗网络中另一个路由器的身份,并使用远大于合法路由器上次使用的ANSN传输单个TC。路由器将保留这个较大的ANSN作为“最新信息”,并丢弃序列号较低的后续TCs作为“旧”。

4.4. Indirect Jamming
4.4. 间接干扰

Indirect jamming is an attack in which a compromised OLSRv2 router is, by its actions, causing legitimate routers to generate inordinate amounts of control traffic, thereby increasing both channel occupation and the overhead incurred in each router for processing this control traffic. This control traffic will be originated from legitimate routers; thus, to the wider network, the malicious device may remain undetected.

间接干扰是一种攻击,其中受损的OLSRv2路由器通过其行为导致合法路由器产生过多的控制流量,从而增加信道占用和每个路由器处理此控制流量所产生的开销。此控制流量将来自合法路由器;因此,对于更广泛的网络,恶意设备可能未被检测到。

The general mechanism whereby a malicious router can cause indirect jamming is for it to participate in the protocol by generating plausible control traffic and to tune this control traffic to in turn trigger receiving routers to generate additional traffic. For OLSRv2, such an indirect attack can be directed at the neighborhood discovery mechanism and the LSA mechanism, respectively.

恶意路由器造成间接干扰的一般机制是,它通过生成合理的控制流量参与协议,并调整此控制流量,从而触发接收路由器生成额外流量。对于OLSRv2,这种间接攻击可以分别针对邻域发现机制和LSA机制。

One efficient indirect jamming attack in OLSRv2 is to target control traffic destined for network-wide diffusion. This is illustrated in Figure 5.

OLSRv2中一种有效的间接干扰攻击是以控制网络范围内扩散的流量为目标。这如图5所示。

The malicious router X selects router A as an MPR at time t0 in a HELLO. This causes X to appear as MPR selector for A and, consequently, A sets X to be advertised in its "Neighbor Set" and increments the associated "Advertised Neighbor Sequence Number" (ANSN). Router A must then advertise the link between itself and X in subsequent outgoing TCs (t1), also including the ANSN in such TCs. Upon X having received this TC, it declares the link between itself and A as no longer valid (t2) in a HELLO (indicating the link to A as LOST). Since only symmetric links are advertised by OLSRv2 routers, A will (upon receipt hereof) remove X from the set of advertised neighbors and increment the ANSN. Router A will then, in subsequent TCs, advertise the remaining set of advertised neighbors (i.e., with X removed) and the corresponding ANSN (t3). Upon X having received this information in another TC from A, it may repeat this cycle, alternating advertising the link A-X as "LOST" and as "MPR".

恶意路由器X在HELLO中的时间t0选择路由器A作为MPR。这导致X显示为A的MPR选择器,因此A将X设置为在其“邻居集”中播发,并增加相关的“播发邻居序列号”(ANSN)。然后,路由器A必须在随后的传出TCs(t1)中公布自身和X之间的链路,也包括此类TCs中的ANSN。当X收到此TC时,它在HELLO中声明自身和A之间的链接不再有效(t2)(表示到A的链接已丢失)。由于OLSRv2路由器仅通告对称链路,因此A将(在收到该通告后)从通告的邻居集中移除X并增加ANSN。然后,路由器A将在随后的TCs中通告其余的通告邻居集(即,移除X)和相应的ANSN(t3)。当X在另一个TC中从A接收到该信息时,它可以重复该循环,交替地将链路A-X广告为“丢失”和“MPR”。

              broadcast TC    ANS={}         TC:()
               (X-A) ANSN      ANSN++          ANSN
      .---.        .---.        .---.        .---.
      | A |        | A |        | A |        | A |
      '---'        '---'        '---'        '---'
        ^            |            ^            |
        |            |            |            |
        | select     |            |indicate    |
        | as MPR     |            |as LOST     |
      .---.        .---.        .---.        .---.
      | X |        | X |        | X |        | X |
      '---'        '---'        '---'        '---'
        
              broadcast TC    ANS={}         TC:()
               (X-A) ANSN      ANSN++          ANSN
      .---.        .---.        .---.        .---.
      | A |        | A |        | A |        | A |
      '---'        '---'        '---'        '---'
        ^            |            ^            |
        |            |            |            |
        | select     |            |indicate    |
        | as MPR     |            |as LOST     |
      .---.        .---.        .---.        .---.
      | X |        | X |        | X |        | X |
      '---'        '---'        '---'        '---'
        

t0 t1 t2 t3

t0 t1 t2 t3

Description: The malicious X flips between link status MPR and LOST.

描述:恶意X在链接状态MPR和丢失之间切换。

Figure 5: Indirect Jamming in Link State Advertisement

图5:链路状态广告中的间接干扰

Routers receiving a TC message will parse and process this message, specifically updating their topology map as a consequence of successful receipt. If the ANSN between two successive TCs from the same router has incremented, then the topology has changed and routing sets are to be recalculated. This has the potential to be a computationally costly operation.

接收TC消息的路由器将解析和处理该消息,特别是在成功接收后更新其拓扑图。如果来自同一路由器的两个连续TC之间的ANSN已增加,则拓扑已更改,将重新计算路由集。这可能是一个计算成本很高的操作。

A compromised OLSRv2 router may chose to conduct this attack against all its neighbors, thus maximizing its disruptive impact on the network with relatively little overhead of its own: other than participating in the neighborhood discovery procedure, the compromised OLSRv2 router will monitor TCs generated by its neighbors and alternate the advertised status for each such neighbor between "MPR" and "LOST". The compromised OLSRv2 router will indicate its willingness to be selected as an MPR as 0 (thus avoiding selection as an MPR) and may ignore all other protocol operations while still remaining effective as an attacker.

受损的OLSRv2路由器可能会选择对其所有邻居进行此攻击,从而以其自身相对较小的开销最大限度地提高其对网络的破坏性影响:除了参与邻居发现过程之外,受损的OLSRv2路由器将监控其邻居生成的TCs,并在“MPR”和“丢失”之间切换每个此类邻居的播发状态。受损的OLSRv2路由器将表明其愿意被选择为0的MPR(从而避免选择为MPR),并可能忽略所有其他协议操作,同时仍然作为攻击者有效。

The basic operation of OLSRv2 employs periodic message emissions, and by this attack it can be ensured that each such periodic message will entail routing table recalculation in all routers in the network.

OLSRv2的基本操作采用周期性消息发射,通过这种攻击,可以确保每个周期性消息都需要在网络中的所有路由器中重新计算路由表。

If the routers in the network have "triggered TCs" enabled, this attack may also cause an increased TC frequency. Triggered TCs are intended to allow a (stable) network to have relatively low TC emission frequencies yet still allow link breakage or link emergence to be advertised through the network rapidly. A minimum message interval (typically much smaller than the regular periodic message interval) is imposed to rate-limit worst-case message emissions.

如果网络中的路由器已启用“触发TC”,则此攻击还可能导致TC频率增加。触发的TC旨在允许(稳定的)网络具有相对较低的TC发射频率,但仍然允许通过网络快速通告链路中断或链路出现。施加最小消息间隔(通常比定期消息间隔小得多)以限制最坏情况下的消息发射速率。

This attack can cause the TC interval to permanently become equal to the minimum message interval. [RFC7181] proposes as default that the minimum TC interval be 0.25 x TC_INTERVAL (TC_INTERVAL being the maximum interval between two TC messages from the same OLSRv2 router).

此攻击可导致TC间隔永久等于最小消息间隔。[RFC7181]默认建议最小TC间隔为0.25 x TC_间隔(TC_间隔是来自同一OLSRv2路由器的两条TC消息之间的最大间隔)。

Indirect jamming by a compromised OLSRv2 router can thus have two effects: (i) it may cause increased frequency of TC generation and transmission, and (ii) it will cause additional routing table recalculation in all routers in the network.

因此,受损OLSRv2路由器的间接干扰会产生两种影响:(i)它可能导致TC生成和传输频率的增加,以及(ii)它将导致网络中所有路由器中额外的路由表重新计算。

5. Inconsistent Topology
5. 不一致拓扑

Inconsistent topology maps can occur by a compromised OLSRv2 router employing either identity spoofing or link spoofing for conducting an attack against an OLSRv2 network. The threats related to NHDP, such as identity spoofing in NHDP, link spoofing in NHDP, and creating loops, have been illustrated in [RFC7186]. This section mainly addresses the vulnerabilities in [RFC7181].

使用身份欺骗或链路欺骗对OLSRv2网络进行攻击的受损OLSRv2路由器可能会出现不一致的拓扑图。[RFC7186]中说明了与NHDP相关的威胁,如NHDP中的身份欺骗、NHDP中的链路欺骗和创建环路。本节主要讨论[RFC7181]中的漏洞。

5.1. Identity Spoofing
5.1. 身份欺骗

Identity spoofing can be employed by a compromised OLSRv2 router via the neighborhood discovery process and via the LSA process. Either of them causes inconsistent topology maps in routers in the network. The creation of inconsistent topology maps due to neighborhood discovery has been discussed in [RFC7186]. For OLSRv2, the attack on the LSA process can also cause inconsistent topology maps.

受损的OLSRv2路由器可通过邻居发现过程和LSA过程使用身份欺骗。它们都会导致网络中路由器的拓扑图不一致。[RFC7186]中讨论了由于邻域发现而创建不一致的拓扑图。对于OLSRv2,对LSA进程的攻击也可能导致拓扑图不一致。

An inconsistent topology map may occur when the compromised OLSRv2 router takes part in the LSA process by selecting a neighbor as an MPR, which in turn advertises the spoofed identities of the compromised OLSRv2 router. This attack will alter the topology maps of all routers of the network.

当受损的OLSRv2路由器通过选择邻居作为MPR参与LSA过程时,可能会出现不一致的拓扑图,这反过来又会公布受损的OLSRv2路由器的伪造身份。此攻击将改变网络中所有路由器的拓扑图。

        A -- B -- C -- D -- E -- F -- X
        
        A -- B -- C -- D -- E -- F -- X
        

(X spoofs A)

(X欺骗A)

Description: A compromised OLSRv2 router X spoofs the identity of A, leading to a wrongly perceived topology.

描述:受损的OLSRv2路由器X伪造了路由器的身份,导致错误感知的拓扑。

Figure 6: Identity Spoofing

图6:身份欺骗

In Figure 6, router X spoofs the address of router A. If X selects F as an MPR, all routers in the network will be informed about the link F-A by the TCs originating from F. Assuming that (the real) A

在图6中,路由器X欺骗路由器A的地址。如果X选择F作为MPR,则网络中的所有路由器都将被来自F的TCs通知链路F-A。假设(真实)A

selects B as an MPR, the link B-A will also be advertised in the network.

选择B作为MPR,链路B-A也将在网络中公布。

When calculating paths, B and C will calculate paths to A via B, as illustrated in Figure 7(a); for these routers, the shortest path to A is via B. E and F will calculate paths to A via F, as illustrated in Figure 7(b); for these routers, the shortest path to A is via the compromised OLSRv2 router X, and these are thus disconnected from the real A. D will have a choice, as the path calculated to A via B is of the same length as the path via the compromised OLSRv2 router X, as illustrated in Figure 7(c).

当计算路径时,B和C将通过B计算到A的路径,如图7(A)所示;对于这些路由器,到A的最短路径是通过B.E,F将通过F计算到A的路径,如图7(B)所示;对于这些路由器,到A的最短路径是通过受损的OLSRv2路由器X,因此它们与真实A断开。D将有一个选择,因为计算到A的路径通过B与通过受损的OLSRv2路由器X的路径长度相同,如图7(c)所示。

In general, the following observations can be made:

一般而言,可以进行以下观察:

o The network will be split in two, with those routers closer to B than to X reaching A, whereas those routers closer to X than to B will be unable to reach A.

o 网络将一分为二,距离B比X近的路由器将到达A,而距离X比B近的路由器将无法到达A。

o Routers beyond B, i.e., routers beyond 1 hop away from A, will be unable to detect this identity spoofing.

o B以外的路由器,即距离A超过1跳的路由器,将无法检测此身份欺骗。

The identity spoofing attack via the LSA procedure has a higher impact than the attack on the neighborhood discovery procedure since it alters the topology maps of all routers in the network and not only in the 2-hop neighborhood. However, the attack is easier to detect by other routers in the network. Since the compromised OLSRv2 router is advertised in the whole network, routers whose identities are spoofed by the compromised OLSRv2 router can detect the attack. For example, when A receives a TC from F advertising the link F-A, it can deduce that some entity is injecting incorrect link state information as it does not have F as one of its direct neighbors.

通过LSA过程的身份欺骗攻击比对邻居发现过程的攻击具有更大的影响,因为它改变了网络中所有路由器的拓扑图,而不仅仅是在2跳邻居中。但是,网络中的其他路由器更容易检测到这种攻击。由于受损的OLSRv2路由器在整个网络中发布广告,其身份被受损的OLSRv2路由器欺骗的路由器可以检测到攻击。例如,当A从F接收到一个TC来宣传链路F-A时,它可以推断出某个实体正在注入不正确的链路状态信息,因为它没有F作为其直接邻居之一。

(X spoofs A)

(X欺骗A)

      A < ---- B < ---- C           E ----> F ----> X
        
      A < ---- B < ---- C           E ----> F ----> X
        

(a) Routers B and C (b) Routers E and F

(a) 路由器B和C(B)路由器E和F

         A < --- B < --- C < --- D ---> E ---> F ----> X
        
         A < --- B < --- C < --- D ---> E ---> F ----> X
        

(X spoofs A)

(X欺骗A)

Description: These paths appear as calculated by the different routers in the network in presence of a compromised OLSRv2 router X, spoofing the address of A.

描述:这些路径显示为网络中的不同路由器在存在受损OLSRv2路由器X的情况下计算的路径,欺骗a的地址。

Figure 7: Routing Paths towards A

图7:通向一个

As the compromised OLSRv2 router X does not itself send the TCs, but rather, by virtue of MPR selection, ensures that the addresses it spoofs are advertised in TCs from its MPR selector F, the attack may be difficult to counter. Simply ignoring TCs that originate from F may also suppress the link state information for other, legitimate, MPR selectors of F.

由于受损的OLSRv2路由器X本身并不发送TCs,而是通过MPR选择确保其欺骗的地址从其MPR选择器F在TCs中公布,因此攻击可能难以反击。简单地忽略源自F的tc也可能抑制F的其他合法MPR选择器的链路状态信息。

Thus, identity spoofing by a compromised OLSRv2 router, participating in the LSA process by selecting MPRs only, creates a situation wherein two or more routers have substantially inconsistent topology maps: traffic for an identified destination is, depending on where in the network it appears, delivered to different routers.

Thus, identity spoofing by a compromised OLSRv2 router, participating in the LSA process by selecting MPRs only, creates a situation wherein two or more routers have substantially inconsistent topology maps: traffic for an identified destination is, depending on where in the network it appears, delivered to different routers.translate error, please retry

5.2. Link Spoofing
5.2. 链接欺骗

Link spoofing is a situation in which a router advertises non-existing links to another router (possibly not present in the network). Essentially, TCs and HELLOs both advertise links to direct neighbor routers with the difference being the scope of the advertisement. Thus, link spoofing consists of a compromised OLSRv2 router reporting that it has neighbors routers that are either not present in the network or are effectively not neighbors of the compromised OLSRv2 router.

链路欺骗是一种路由器向另一路由器(可能不存在于网络中)播发不存在的链路的情况。本质上,TCs和HELLOs都会向直接相邻路由器发布链接,区别在于发布的范围。因此,链路欺骗由受损的OLSRv2路由器组成,该路由器报告其邻居路由器不在网络中,或者实际上不是受损的OLSRv2路由器的邻居。

It can be noted that a situation similar to link spoofing may occur temporarily in an OLSR or OLSRv2 network without compromised OLSRv2 routers: if A was, but is no more, a neighbor of B, then A may still be advertising a link to B for the duration of the time it takes for the neighborhood discovery process to determine this changed neighborhood.

可以注意到,在没有受损的OLSRv2路由器的OLSR或OLSRv2网络中,类似于链路欺骗的情况可能暂时发生:如果a过去是但现在不再是B的邻居,那么a可能仍然在邻居发现过程确定该改变的邻居所需的时间内宣传到B的链路。

In the context of this document, link spoofing refers to a persistent situation where a compromised OLSRv2 router intentionally advertises links to other routers for which it is not a direct neighbor.

在本文档的上下文中,链路欺骗指的是一种持续的情况,其中受损的OLSRv2路由器故意播发到其不是直接邻居的其他路由器的链路。

5.2.1. Inconsistent Topology Maps Due to Link State Advertisements
5.2.1. 链接状态播发导致拓扑映射不一致

Figure 8 illustrates a network in which the compromised OLSRv2 router X spoofs links to an existing router A by participating in the LSA process and including this non-existing link in its advertisements.

图8展示了一个网络,其中受损的OLSRv2路由器X通过参与LSA过程并在其广告中包括该不存在的链接来欺骗到现有路由器a的链接。

   A --- B --- C --- D --- E --- F --- G --- H --- X
        
   A --- B --- C --- D --- E --- F --- G --- H --- X
        

(X spoofs the link to A)

(X欺骗链接到A)

Description: The compromised OLSRv2 router X advertises a spoofed link to A in its TCs; thus, all routers will record both of the links X-A and B-A.

描述:受损的OLSRv2路由器X在其TCs中播发到a的伪造链接;因此,所有路由器都将记录链路X-A和B-A。

Figure 8: Link Spoofing

图8:链接欺骗

As TCs are flooded through the network, all routers will receive and record information describing a link X-A in this link state information. If A has selected router B as an MPR, B will likewise flood this link state information through the network; thus, all routers will receive and record information describing a link B-A.

当TCs通过网络时,所有路由器将接收并记录此链路状态信息中描述链路X-a的信息。如果A选择路由器B作为MPR,B同样将通过网络向该链路状态信息泛洪;因此,所有路由器将接收并记录描述链路B-a的信息。

When calculating routing paths, B, C, and D will calculate paths to A via B, as illustrated in Figure 9(a); for these routers, the shortest path to A is via B. F and G will calculate paths to A via X, as illustrated in Figure 9(b); for these routers, the shortest path to A is via X, and these are thus disconnected from the real router A. E will have a choice: the path calculated to A via B is of the same length as the path via X, as illustrated in Figure 9(b).

当计算路由路径时,B、C和D将通过B计算到A的路径,如图9(A)所示;对于这些路由器,到A的最短路径是通过B。F和G将通过X计算到A的路径,如图9(B)所示;对于这些路由器,到A的最短路径是通过X,因此它们与真实路由器A断开。E将有一个选择:通过B计算到A的路径与通过X的路径长度相同,如图9(B)所示。

   A < --- B < --- C < --- D           F ---> G ---> X ---> A
        
   A < --- B < --- C < --- D           F ---> G ---> X ---> A
        

(a) Routers B, C, and D (b) Routers F and G

(a) 路由器B、C和D(B)路由器F和G

   A < --- B < --- C < --- D < --- E ---> F ---> G ---> X ---> A
        
   A < --- B < --- C < --- D < --- E ---> F ---> G ---> X ---> A
        

(c) Router E

(c) 路由器E

Description: These paths appear as calculated by the different routers in the network in the presence of a compromised OLSRv2 router X, spoofing a link to router A.

描述:这些路径由网络中的不同路由器在存在受损OLSRv2路由器X的情况下计算,欺骗到路由器a的链接。

Figure 9: Routing Paths towards Router A

图9:通向路由器A的路由路径

In general, the following observations can be made:

一般而言,可以进行以下观察:

o The network will be separated in two: routers closer to B than X will reach A, whereas routers closer to X than B will be unable to reach A.

o 网络将分为两部分:距离B比X近的路由器将到达A,而距离X比B近的路由器将无法到达A。

o Routers beyond B, i.e., routers beyond 1 hop away from A, will be unable to detect this link spoofing.

o B以外的路由器,即距离A超过1跳的路由器,将无法检测此链路欺骗。

6. Mitigation of Security Vulnerabilities for OLSRv2
6. 缓解OLSRv2的安全漏洞

As described in Section 1, [RFC7183] specifies a security mechanism for OLSRv2 that is mandatory to implement. However, deployments may choose to use different security mechanisms if more appropriate. Therefore, it is important to understand both the inherent resilience of OLSRv2 against security vulnerabilities when not using the mechanisms specified in [RFC7183] and the protection that [RFC7183] provides when used in a deployment.

如第1节所述,[RFC7183]为OLSRv2指定了强制实施的安全机制。但是,如果更合适,部署可能会选择使用不同的安全机制。因此,了解OLSRv2在不使用[RFC7183]中指定的机制时对安全漏洞的固有弹性以及[RFC7183]在部署中使用时提供的保护非常重要。

6.1. Inherent OLSRv2 Resilience
6.1. 固有OLSRv2弹性

OLSRv2 (even when used without the mandatory-to-implement security mechanisms in [RFC7183]) provides some inherent resilience against part of the attacks described in this document. In particular, it provides the following resilience:

OLSRv2(即使在没有[RFC7183]中强制实施安全机制的情况下使用)提供了一些针对本文档中描述的部分攻击的固有弹性。特别是,它提供了以下弹性:

o Sequence numbers: OLSRv2 employs message sequence numbers, which are specific per the router identity and message type. Routers keep an "information freshness" number (ANSN) incremented each time the content of an LSA from a router changes. This allows rejecting both "old" information and duplicate messages, and it provides some protection against "message replay". However, this also presents an attack vector (Section 4.3).

o 序列号:OLSRv2使用消息序列号,具体取决于路由器标识和消息类型。路由器保持一个“信息新鲜度”数字(ANSN),该数字在每次来自路由器的LSA内容发生变化时递增。这允许拒绝“旧”信息和重复消息,并提供一些防止“消息重播”的保护。然而,这也给出了一个攻击向量(第4.3节)。

o Ignoring unidirectional links: The neighborhood discovery process detects and admits only bidirectional links for use in MPR selection and LSA. Jamming attacks may affect only reception of control traffic; however, OLSRv2 will correctly recognize, and ignore, such a link that is not bidirectional.

o 忽略单向链路:邻域发现过程只检测并允许在MPR选择和LSA中使用双向链路。干扰攻击可能只影响控制流量的接收;但是,OLSRv2将正确识别并忽略这种非双向链路。

o Message interval bounds: The frequency of control messages, with minimum intervals imposed for HELLO and TCs. This may limit the impact from an indirect jamming attack (Section 4.4).

o 消息间隔界限:控制消息的频率,对HELLO和TCs施加最小间隔。这可能会限制间接干扰攻击的影响(第4.4节)。

o Additional reasons for rejecting control messages: The OLSRv2 specification includes a list of reasons for which an incoming control message should be rejected as malformed -- and allows that a protocol extension may recognize additional reasons for OLSRv2 to consider a message malformed. Together with the flexible message format [RFC5444], this allows addition of security mechanisms, such as digital signatures, while remaining compliant with the OLSRv2 standard specification.

o 拒绝控制消息的附加原因:OLSRv2规范包括一个输入控制消息应该被拒绝畸形的原因列表,并且允许协议扩展可以识别OLSRv2考虑到消息失真的附加原因。与灵活的消息格式[RFC5444]一起,这允许添加安全机制,如数字签名,同时仍符合OLSRv2标准规范。

6.2. Resilience by Using RFC 7183 with OLSRv2
6.2. 通过使用RFC 7183和OLSRv2实现弹性

[RFC7183] specifies mechanisms for integrity and replay protection for NHDP and OLSRv2 using the generalized packet/message format described in [RFC5444] and the TLV definitions in [RFC7182]. The specification describes how to add an Integrity Check Value (ICV) in a TLV to each control message, providing integrity protection of the content of the message using Hashed Message Authentication Code (HMAC) / SHA-256. In addition, a timestamp TLV is added to the message prior to creating the ICV, enabling replay protection of messages. The document specifies how to sign outgoing messages and how to verify incoming messages, as well as under which circumstances an invalid message is rejected. Because of the HMAC/SHA-256 ICV, a shared key between all routers in the MANET is assumed. A router without valid credentials is not able to create an ICV that can be correctly verified by other routers in the MANET; therefore, such an incorrectly signed message will be rejected by other MANET routers, and the router cannot participate in the OLSRv2 routing process (i.e., the malicious router will be ignored by other legitimate routers). [RFC7183] does not address the case where a router with valid credentials has been compromised. Such a compromised router will not be excluded from the routing process, and other means of detecting such a router are necessary if required in a deployment: for example, using an asymmetric key extension to [RFC7182] that allows revocation of the access of one particular router.

[RFC7183]使用[RFC5444]中描述的通用数据包/消息格式和[RFC7182]中的TLV定义,指定NHDP和OLSRv2的完整性和重播保护机制。该规范描述了如何将TLV中的完整性检查值(ICV)添加到每个控制消息中,从而使用哈希消息认证码(HMAC)/SHA-256对消息内容提供完整性保护。此外,在创建ICV之前,将时间戳TLV添加到消息中,从而启用消息的重播保护。该文档指定如何对传出消息进行签名,如何验证传入消息,以及在何种情况下拒绝无效消息。由于HMAC/SHA-256 ICV,假设MANET中所有路由器之间存在共享密钥。没有有效凭证的路由器无法创建可由MANET中的其他路由器正确验证的ICV;因此,此类签名错误的消息将被其他MANET路由器拒绝,并且该路由器不能参与OLSRv2路由过程(即,恶意路由器将被其他合法路由器忽略)。[RFC7183]不解决具有有效凭据的路由器被破坏的情况。这种被破坏的路由器不会被排除在路由过程之外,如果在部署中需要,则检测这种路由器的其他方法是必要的:例如,使用[RFC7182]的非对称密钥扩展,允许撤销对一个特定路由器的访问。

In the following sections, each of the vulnerabilities described earlier in this document will be evaluated in terms of whether OLSRv2 with the mechanisms in [RFC7183] provides sufficient protection against the attack. It is implicitly assumed in each of the following sections that [RFC7183] is used with OLSRv2.

在以下章节中,将根据具有[RFC7183]中机制的OLSRv2是否提供足够的攻击防护来评估本文档前面描述的每个漏洞。在以下各节中,均隐式假设[RFC7183]与OLSRv2一起使用。

6.2.1. Topology Map Acquisition
6.2.1. 拓扑图获取

Attack on Jittering: As only OLSRv2 routers with valid credentials can participate in the routing process, a malicious router cannot reduce the jitter time of an attacked router to 0 by sending many TC messages in a short time. The attacked router would reject all the incoming messages as "invalid" and not forward them. The same applies for the case where a malicious router wants to assure that by forcing a 0 jitter interval, the message arrives before the same message forwarded by legitimate routers.

抖动攻击:由于只有具有有效凭据的OLSRv2路由器才能参与路由过程,恶意路由器无法通过在短时间内发送多条TC消息将受攻击路由器的抖动时间减少到0。被攻击的路由器将拒绝所有“无效”的传入消息,而不转发它们。这同样适用于恶意路由器希望通过强制0抖动间隔确保消息在合法路由器转发相同消息之前到达的情况。

Modifying the Hop Limit and the Hop Count: As the hop limit and hop count are not protected by [RFC7183] (since they are mutable fields that change at every hop), this attack is still feasible. It is possible to apply [RFC5444] packet-level protection by using ICV Packet TLV defined in [RFC7182] to provide hop-by-hop integrity protection -- at the expense of a requirement of pairwise trust between all neighbor routers.

修改跃点限制和跃点计数:由于跃点限制和跃点计数不受[RFC7183]的保护(因为它们是可变字段,在每个跃点都会发生变化),因此这种攻击仍然可行。通过使用[RFC7182]中定义的ICV数据包TLV来提供逐跳完整性保护,可以应用[RFC5444]数据包级别的保护——代价是所有相邻路由器之间的成对信任要求。

6.2.2. Effective Topology
6.2.2. 有效拓扑

Incorrect Forwarding: As only OLSRv2 routers with valid credentials can participate in the routing process, a malicious router will not be part of the topology of other legitimate OLSRv2 routers. Therefore, no data traffic will be sent to the malicious router for forwarding.

转发错误:由于只有具有有效凭据的OLSRv2路由器才能参与路由过程,因此恶意路由器不会成为其他合法OLSRv2路由器拓扑的一部分。因此,不会将任何数据流量发送到恶意路由器进行转发。

Wormholes: Since a wormhole consists of at least two devices forwarding (unmodified) traffic, this attack is still feasible and undetectable by the OLSRv2 routing process since the attack does not involve the OLSRv2 protocol itself (but rather lower layers). By using [RFC7183], it can at least be assured that the content of the control messages is not modified while being forwarded via the wormhole. Moreover, the timestamp TLV assures that the forwarding can only be done in a short time window after the actual TC message has been sent.

虫洞:由于虫洞至少由两个转发(未修改)流量的设备组成,因此此攻击仍然可行,且OLSRv2路由过程无法检测到,因为攻击不涉及OLSRv2协议本身(而是较低层)。通过使用[RFC7183],至少可以确保控制消息的内容在通过虫洞转发时不会被修改。此外,时间戳TLV确保转发只能在实际TC消息发送后的短时间窗口内完成。

Message Sequence Number: As the message sequence number is included in the ICV calculation, OLSRv2 is protected against this attack.

消息序列号:由于ICV计算中包含消息序列号,因此OLSRv2受到保护,不受此攻击。

Advertised Neighbor Sequence Number (ANSN): As the ANSN is included in the ICV calculation, OLSRv2 is protected against this attack.

播发邻居序列号(ANSN):由于ANSN包含在ICV计算中,因此OLSRv2可以抵御此攻击。

Indirect Jamming: Since the control messages of a malicious router will be rejected by other legitimate OLSRv2 routers in the MANET, this attack is mitigated.

间接干扰:由于恶意路由器的控制消息将被MANET中的其他合法OLSRv2路由器拒绝,因此此攻击得到缓解。

6.2.3. Inconsistent Topology
6.2.3. 不一致拓扑

Identity Spoofing: Since the control messages of a malicious router will be rejected by other legitimate OLSRv2 routers in the MANET, a router without valid credentials may spoof its identity (e.g., IP source address or message originator address), but the messages will be ignored by other routers. As the mandatory mechanism in [RFC7183] uses shared keys amongst all MANET routers, a single compromised router may spoof its identity and cause harm to the network stability. Removing this one malicious router, once detected, implies rekeying all other routers in the MANET. Asymmetric keys, particularly when using identity-based signatures (such as those specified in [RFC7859]), may give the possibility of revoking single routers and verifying their identity based on the ICV itself.

身份欺骗:由于恶意路由器的控制消息将被MANET中的其他合法OLSRv2路由器拒绝,因此没有有效凭据的路由器可能会欺骗其身份(例如,IP源地址或消息发起人地址),但其他路由器将忽略这些消息。由于[RFC7183]中的强制机制在所有MANET路由器之间使用共享密钥,单个受损路由器可能伪造其身份并对网络稳定性造成损害。一旦检测到这一恶意路由器,删除它意味着重新设置MANET中所有其他路由器的密钥。非对称密钥,特别是在使用基于身份的签名(如[RFC7859]中规定的签名)时,可以撤销单个路由器并基于ICV本身验证其身份。

Link Spoofing: Similar to identity spoofing, a malicious router without valid credentials may spoof links, but its control messages will be rejected by other routers, thereby mitigating the attack.

链接欺骗:与身份欺骗类似,没有有效凭据的恶意路由器可能会欺骗链接,但其控制消息将被其他路由器拒绝,从而减轻攻击。

Inconsistent Topology Maps Due to LSAs: The same considerations for link spoofing apply.

LSA导致的拓扑映射不一致:链接欺骗的注意事项与此相同。

6.3. Correct Deployment
6.3. 正确部署

Other than implementing OLSRv2, including appropriate security mechanisms, the way in which the protocol is deployed is also important to ensure proper functioning and threat mitigation. For example, Section 4.1 discussed considerations due to an incorrect forwarding-policy setting, and Section 4.2 discussed considerations for when intentional wormholes are present in a deployment.

除了实施OLSRv2,包括适当的安全机制外,协议的部署方式对于确保正常运行和减少威胁也很重要。例如,第4.1节讨论了由于不正确的转发策略设置而引起的注意事项,第4.2节讨论了部署中何时存在故意虫洞的注意事项。

7. Security Considerations
7. 安全考虑
   This document does not specify a protocol or a procedure but reflects
   on security considerations for OLSRv2 and for its constituent parts,
   including NHDP.  The document initially analyses threats to topology
   map acquisition, with the assumption that no security mechanism
   (including the mandatory-to-implement mechanisms from [RFC7182] and
   [RFC7183]) is in use.  Then, it proceeds to discuss how the use of
   [RFC7182] and [RFC7183] mitigate the identified threats.  When
   [RFC7183] is used with routers using a single shared key, the
   protection offered is not effective if a compromised router has valid
   credentials.
        
   This document does not specify a protocol or a procedure but reflects
   on security considerations for OLSRv2 and for its constituent parts,
   including NHDP.  The document initially analyses threats to topology
   map acquisition, with the assumption that no security mechanism
   (including the mandatory-to-implement mechanisms from [RFC7182] and
   [RFC7183]) is in use.  Then, it proceeds to discuss how the use of
   [RFC7182] and [RFC7183] mitigate the identified threats.  When
   [RFC7183] is used with routers using a single shared key, the
   protection offered is not effective if a compromised router has valid
   credentials.
        
8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[RFC6130] Clausen, T., Dearlove, C., and J. Dean, "Mobile Ad Hoc Network (MANET) Neighborhood Discovery Protocol (NHDP)", RFC 6130, DOI 10.17487/RFC6130, April 2011, <http://www.rfc-editor.org/info/rfc6130>.

[RFC6130]Clausen,T.,Dearlove,C.,和J.Dean,“移动自组织网络(MANET)邻域发现协议(NHDP)”,RFC 6130,DOI 10.17487/RFC6130,2011年4月<http://www.rfc-editor.org/info/rfc6130>.

[RFC7181] Clausen, T., Dearlove, C., Jacquet, P., and U. Herberg, "The Optimized Link State Routing Protocol Version 2", RFC 7181, DOI 10.17487/RFC7181, April 2014, <http://www.rfc-editor.org/info/rfc7181>.

[RFC7181]Clausen,T.,Dearlove,C.,Jacquet,P.,和U.Herberg,“优化链路状态路由协议版本2”,RFC 7181,DOI 10.17487/RFC7181,2014年4月<http://www.rfc-editor.org/info/rfc7181>.

[RFC7186] Yi, J., Herberg, U., and T. Clausen, "Security Threats for the Neighborhood Discovery Protocol (NHDP)", RFC 7186, DOI 10.17487/RFC7186, April 2014, <http://www.rfc-editor.org/info/rfc7186>.

[RFC7186]Yi,J.,Herberg,U.,和T.Clausen,“邻里发现协议(NHDP)的安全威胁”,RFC 7186,DOI 10.17487/RFC7186,2014年4月<http://www.rfc-editor.org/info/rfc7186>.

8.2. Informative References
8.2. 资料性引用

[FUNKFEUER] Funkfeuer, "Funkfeuer", <https://www.funkfeuer.at/>.

[FUNKFEUER]FUNKFEUER,“FUNKFEUER”<https://www.funkfeuer.at/>.

[IEEE802.11] IEEE, "IEEE Standard for Information technology - Telecommunications and information exchange between systems Local and metropolitan area networks - Specfic requirements Part 11: Wireless LAN Medium Access Control and Physical (PHY) Specifications", IEEE Std 802.11-2016, DOI 10.1109/IEEESTD.2016.7786995, December 2016.

[IEEE802.11]IEEE,“IEEE信息技术标准-系统局域网和城域网之间的电信和信息交换-特殊要求第11部分:无线LAN介质访问控制和物理(PHY)规范”,IEEE标准802.11-2016,DOI 10.1109/IEEESTD.2016.7786995,2016年12月。

[MPR-FLOODING] Qayyum, A., Viennot, L., and A. Laouiti, "Multipoint Relaying: An Efficient Technique for Flooding in Mobile Wireless Networks", Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS '01), IEEE Computer Society, 2001.

[MPR-FLOODING]Qayyum,A.,Vienno,L.,和A.Laouti,“多点中继:移动无线网络中洪水的有效技术”,第35届夏威夷国际系统科学年会论文集(HICSS'01),IEEE计算机学会,2001年。

[OLSR-FSR] Clausen, T., "Combining Temporal and Spatial Partial Topology for MANET routing - Merging OLSR and FSR", Proceedings of the 2003 IEEE Conference of Wireless Personal Multimedia Communications (WPMC '03), 2003.

[OLSR-FSR]Clausen,T.,“结合MANET路由的时间和空间部分拓扑-合并OLSR和FSR”,2003年IEEE无线个人多媒体通信会议记录(WPMC'03),2003年。

[OLSR-FSR-Scaling] Adjih, C., Baccelli, E., Clausen, T., Jacquet, P., and G. Rodolakis, "Fish Eye OLSR Scaling Properties", IEEE Journal of Communication and Networks (JCN), Special Issue on Mobile Ad Hoc Networks, December 2004.

[OLSR-FSR缩放]Adjih,C.,Baccelli,E.,Clausen,T.,Jacquet,P.,和G.Rodolakis,“鱼眼OLSR缩放特性”,IEEE通信与网络杂志(JCN),移动自组织网络特刊,2004年12月。

[RFC3626] Clausen, T., Ed. and P. Jacquet, Ed., "Optimized Link State Routing Protocol (OLSR)", RFC 3626, DOI 10.17487/RFC3626, October 2003, <http://www.rfc-editor.org/info/rfc3626>.

[RFC3626]Clausen,T.,Ed.和P.Jacquet,Ed.,“优化链路状态路由协议(OLSR)”,RFC 3626,DOI 10.17487/RFC3626,2003年10月<http://www.rfc-editor.org/info/rfc3626>.

[RFC5068] Hutzler, C., Crocker, D., Resnick, P., Allman, E., and T. Finch, "Email Submission Operations: Access and Accountability Requirements", BCP 134, RFC 5068, DOI 10.17487/RFC5068, November 2007, <http://www.rfc-editor.org/info/rfc5068>.

[RFC5068]Hutzler,C.,Crocker,D.,Resnick,P.,Allman,E.,和T.Finch,“电子邮件提交操作:访问和责任要求”,BCP 134,RFC 5068,DOI 10.17487/RFC5068,2007年11月<http://www.rfc-editor.org/info/rfc5068>.

[RFC5148] Clausen, T., Dearlove, C., and B. Adamson, "Jitter Considerations in Mobile Ad Hoc Networks (MANETs)", RFC 5148, DOI 10.17487/RFC5148, February 2008, <http://www.rfc-editor.org/info/rfc5148>.

[RFC5148]Clausen,T.,Dearlove,C.,和B.Adamson,“移动自组网(MANET)中的抖动考虑”,RFC 5148,DOI 10.17487/RFC5148,2008年2月<http://www.rfc-editor.org/info/rfc5148>.

[RFC5444] Clausen, T., Dearlove, C., Dean, J., and C. Adjih, "Generalized Mobile Ad Hoc Network (MANET) Packet/Message Format", RFC 5444, DOI 10.17487/RFC5444, February 2009, <http://www.rfc-editor.org/info/rfc5444>.

[RFC5444]Clausen,T.,Dearlove,C.,Dean,J.,和C.Adjih,“通用移动自组网(MANET)数据包/消息格式”,RFC 5444,DOI 10.17487/RFC54442009年2月<http://www.rfc-editor.org/info/rfc5444>.

[RFC5497] Clausen, T. and C. Dearlove, "Representing Multi-Value Time in Mobile Ad Hoc Networks (MANETs)", RFC 5497, DOI 10.17487/RFC5497, March 2009, <http://www.rfc-editor.org/info/rfc5497>.

[RFC5497]Clausen,T.和C.Dearlove,“在移动自组网(MANET)中表示多值时间”,RFC 5497,DOI 10.17487/RFC5497,2009年3月<http://www.rfc-editor.org/info/rfc5497>.

[RFC7182] Herberg, U., Clausen, T., and C. Dearlove, "Integrity Check Value and Timestamp TLV Definitions for Mobile Ad Hoc Networks (MANETs)", RFC 7182, DOI 10.17487/RFC7182, April 2014, <http://www.rfc-editor.org/info/rfc7182>.

[RFC7182]Herberg,U.,Clausen,T.,和C.Dearlove,“移动自组网(MANET)的完整性检查值和时间戳TLV定义”,RFC 7182,DOI 10.17487/RFC7182,2014年4月<http://www.rfc-editor.org/info/rfc7182>.

[RFC7183] Herberg, U., Dearlove, C., and T. Clausen, "Integrity Protection for the Neighborhood Discovery Protocol (NHDP) and Optimized Link State Routing Protocol Version 2 (OLSRv2)", RFC 7183, DOI 10.17487/RFC7183, April 2014, <http://www.rfc-editor.org/info/rfc7183>.

[RFC7183]Herberg,U.,Dearlove,C.,和T.Clausen,“邻域发现协议(NHDP)和优化链路状态路由协议版本2(OLSRv2)的完整性保护”,RFC 7183,DOI 10.17487/RFC7183,2014年4月<http://www.rfc-editor.org/info/rfc7183>.

[RFC7184] Herberg, U., Cole, R., and T. Clausen, "Definition of Managed Objects for the Optimized Link State Routing Protocol Version 2", RFC 7184, DOI 10.17487/RFC7184, April 2014, <http://www.rfc-editor.org/info/rfc7184>.

[RFC7184]Herberg,U.,Cole,R.,和T.Clausen,“优化链路状态路由协议版本2的托管对象定义”,RFC 7184,DOI 10.17487/RFC7184,2014年4月<http://www.rfc-editor.org/info/rfc7184>.

[RFC7187] Dearlove, C. and T. Clausen, "Routing Multipoint Relay Optimization for the Optimized Link State Routing Protocol Version 2 (OLSRv2)", RFC 7187, DOI 10.17487/RFC7187, April 2014, <http://www.rfc-editor.org/info/rfc7187>.

[RFC7187]Dearlove,C.和T.Clausen,“优化链路状态路由协议版本2(OLSRv2)的路由多点中继优化”,RFC 7187,DOI 10.17487/RFC7187,2014年4月<http://www.rfc-editor.org/info/rfc7187>.

[RFC7188] Dearlove, C. and T. Clausen, "Optimized Link State Routing Protocol Version 2 (OLSRv2) and MANET Neighborhood Discovery Protocol (NHDP) Extension TLVs", RFC 7188, DOI 10.17487/RFC7188, April 2014, <http://www.rfc-editor.org/info/rfc7188>.

[RFC7188]Dearlove,C.和T.Clausen,“优化链路状态路由协议版本2(OLSRv2)和MANET邻居发现协议(NHDP)扩展TLV”,RFC 7188,DOI 10.17487/RFC7188,2014年4月<http://www.rfc-editor.org/info/rfc7188>.

[RFC7466] Dearlove, C. and T. Clausen, "An Optimization for the Mobile Ad Hoc Network (MANET) Neighborhood Discovery Protocol (NHDP)", RFC 7466, DOI 10.17487/RFC7466, March 2015, <http://www.rfc-editor.org/info/rfc7466>.

[RFC7466]Dearlove,C.和T.Clausen,“移动自组织网络(MANET)邻域发现协议(NHDP)的优化”,RFC 7466,DOI 10.17487/RFC7466,2015年3月<http://www.rfc-editor.org/info/rfc7466>.

[RFC7859] Dearlove, C., "Identity-Based Signatures for Mobile Ad Hoc Network (MANET) Routing Protocols", RFC 7859, DOI 10.17487/RFC7859, May 2016, <http://www.rfc-editor.org/info/rfc7859>.

[RFC7859]Dearlove,C.,“移动自组网(MANET)路由协议的基于身份的签名”,RFC 7859,DOI 10.17487/RFC7859,2016年5月<http://www.rfc-editor.org/info/rfc7859>.

[RFC7939] Herberg, U., Cole, R., Chakeres, I., and T. Clausen, "Definition of Managed Objects for the Neighborhood Discovery Protocol", RFC 7939, DOI 10.17487/RFC7939, August 2016, <http://www.rfc-editor.org/info/rfc7939>.

[RFC7939]Herberg,U.,Cole,R.,Chakeres,I.,和T.Clausen,“邻域发现协议的托管对象定义”,RFC 7939,DOI 10.17487/RFC7939,2016年8月<http://www.rfc-editor.org/info/rfc7939>.

Authors' Addresses

作者地址

Thomas Clausen

托马斯·克劳森

   Phone: +33-6-6058-9349
   Email: T.Clausen@computer.org
   URI:   http://www.thomasclausen.org
        
   Phone: +33-6-6058-9349
   Email: T.Clausen@computer.org
   URI:   http://www.thomasclausen.org
        

Ulrich Herberg

乌尔里希·赫伯格

   Email: ulrich@herberg.name
   URI:   http://www.herberg.name
        
   Email: ulrich@herberg.name
   URI:   http://www.herberg.name
        

Jiazi Yi Ecole Polytechnique 91128 Palaiseau Cedex France

家子伊理工学院91128法国塞德克斯宫

   Phone: +33 1 77 57 80 85
   Email: jiazi@jiaziyi.com
   URI:   http://www.jiaziyi.com/
        
   Phone: +33 1 77 57 80 85
   Email: jiazi@jiaziyi.com
   URI:   http://www.jiaziyi.com/