The goal of this project is to develop innovative security mechanism for protecting critical infrastructure – in particular, routing and forwarding infrastructure, and for unicast and multicast routing and forwarding, both. This includes rigorous security vulnerability and threat analysis, development of (when possible, cryptosystem-agnostic) protocol extensions – but, also, application of innovative cryptological tools for developing compact, efficient new features, e.g. use of aggregate signatures based on elliptic curves, permitting tractable mutable messages with highly compact signatures, Of particular interest here is satisfying complexity constraints (MTU, power ,CPU, …) for use in sensor-type devices.
Publications
Clausen, Thomas; Herberg, Ulrich; Yi, Jiazi
RFC8116: Security Threats to the Optimized Link State Routing Protocol Version 2 (OLSRv2) Miscellaneous
RFC 8116, 2017.
@misc{rfc8116,
title = {RFC8116: Security Threats to the Optimized Link State Routing Protocol Version 2 (OLSRv2)},
author = {Thomas Clausen and Ulrich Herberg and Jiazi Yi},
url = {http://www.thomasclausen.net/wp-content/uploads/2017/05/rfc8116.pdf},
doi = {10.17487/rfc8116},
year = {2017},
date = {2017-01-01},
number = {8116},
publisher = {RFC Editor},
series = {Request for Comments},
abstract = {This document analyzes common security threats to the Optimized Link State Routing Protocol version 2 (OLSRv2) and describes their potential impacts on Mobile Ad Hoc Network (MANET) operations. It also analyzes which of these security vulnerabilities can be mitigated when using the mandatory-to-implement security mechanisms for OLSRv2 and how the vulnerabilities are mitigated.},
howpublished = {RFC 8116},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Herberg, Ulrich; Dearlove, Christopher; Clausen, Thomas
IETF - Proposed Standard RFC 7183, 2014, ISSN: 2070-1721, (http://tools.ietf.org/html/rfc7183).
@misc{RFC7183,
title = {RFC7183: Integrity Protection for the Neighborhood Discovery Protocol (NHDP) and Optimized Link State Routing Protocol Version 2 (OLSRv2)},
author = {Ulrich Herberg and Christopher Dearlove and Thomas Clausen},
url = {https://epizeuxis.net/site/wp-content/uploads/2015/12/rfc7183.pdf},
doi = {10.17487/RFC7183},
issn = {2070-1721},
year = {2014},
date = {2014-04-01},
abstract = {This document specifies integrity and replay protection for the Mobile Ad Hoc Network (MANET) Neighborhood Discovery Protocol (NHDP) and the Optimized Link State Routing Protocol version 2 (OLSRv2). This protection is achieved by using an HMAC-SHA-256 Integrity Check Value (ICV) TLV and a Timestamp TLV based on Portable Operating System Interface (POSIX) time. The mechanism in this specification can also be used for other protocols that use the generalized packet/message format described in RFC 5444. This document updates RFC 6130 and RFC 7181 by mandating the implementation of this integrity and replay protection in NHDP and OLSRv2.},
howpublished = {IETF - Proposed Standard RFC 7183},
note = {http://tools.ietf.org/html/rfc7183},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Yi, Jiazi; Herberg, Ulrich; Clausen, Thomas
RFC7186: Security Threats for the Neighborhood Discovery Protocol (NHDP) Miscellaneous
IETF - Informational RFC 7186, 2014, ISSN: 2070-1721, (http://tools.ietf.org/html/rfc7186).
@misc{RFC7186,
title = {RFC7186: Security Threats for the Neighborhood Discovery Protocol (NHDP)},
author = {Jiazi Yi and Ulrich Herberg and Thomas Clausen},
url = {http://www.thomasclausen.net/wp-content/uploads/2015/12/rfc7186.pdf},
doi = {10.17487/RFC7186},
issn = {2070-1721},
year = {2014},
date = {2014-04-01},
abstract = {This document analyzes common security threats of the Neighborhood Discovery Protocol (NHDP) and describes their potential impacts on Mobile Ad Hoc Network (MANET) routing protocols using NHDP. This document is not intended to propose solutions to the threats described.},
howpublished = {IETF - Informational RFC 7186},
note = {http://tools.ietf.org/html/rfc7186},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Clausen, Thomas; Herberg, Ulrich
RFC6622: Integrity Check Value and Timestamp TLV Definitions for Mobile Ad Hoc Networks (MANETs) Miscellaneous
2012, (http://tools.ietf.org/html/rfc6622).
@misc{Clausen2012b,
title = {RFC6622: Integrity Check Value and Timestamp TLV Definitions for Mobile Ad Hoc Networks (MANETs)},
author = {Thomas Clausen and Ulrich Herberg},
url = {http://www.thomasclausen.net/wp-content/uploads/2015/12/rfc6622.txt.pdf},
doi = {10.17487/RFC6622},
year = {2012},
date = {2012-05-01},
publisher = {IETF - Std. Track RFC 6622},
organization = {The Internet Engineering Task Force},
abstract = {This document describes general and flexible TLVs for representing cryptographic Integrity Check Values (ICVs) (i.e., digital signatures or Message Authentication Codes (MACs)) as well as timestamps, using the generalized Mobile Ad Hoc Network (MANET) packet/message format defined in RFC 5444. It defines two Packet TLVs, two Message TLVs, and two Address Block TLVs for affixing ICVs and timestamps to a packet, a message, and an address, respectively.},
note = {http://tools.ietf.org/html/rfc6622},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Clausen, Thomas; Herberg, Ulrich
Router and Link Admittance Control in the Optimized Link State Routing Protocol version 2 (OLSRv2) Proceedings Article
In: Proceedings of the 4th International Conference on Network and System Security (NSS 2010), 2010, ISBN: 978-1-4244-8484-3.
@inproceedings{Clausen2010i,
title = {Router and Link Admittance Control in the Optimized Link State Routing Protocol version 2 (OLSRv2)},
author = {Thomas Clausen and Ulrich Herberg},
url = {http://www.thomasclausen.net/wp-content/uploads/2015/12/2010-NSS-Router-and-Link-Admittance-Control-in-the-Optimized-Link-State-Routing-Protocol-version-2-OLSRv2.pdf},
doi = {10.1109/NSS.2010.20},
isbn = {978-1-4244-8484-3},
year = {2010},
date = {2010-09-01},
publisher = {Proceedings of the 4th International Conference on Network and System Security (NSS 2010)},
abstract = {This paper presents security mechanisms for router and link admittance control in OLSRv2. Digitally signing OLSRv2 control messages allows recipient routers to – individually – choose to admit or exclude the originating router for when populating link-state databases, calculating MPR sets etc. By additionally embedding signatures for each advertised link, recipient routers can also control admittance of each advertised link in the message, rendering an OLSRv2 network resilient to both identity-spoofing and link-spoofing attacks. The flip-side of the coin when using such a link-admittance mechanism is, that the number of signatures to include in each OLSRv2 control message is a function of the number of links advertised. For HELLO messages, this is essentially the number of neighbor routers, for TC messages, this is the number of MPR Selectors of the originator of the message. Also, upon receipt of a control message, these signatures are to be verified. This paper studies the impact of adding a link-admittance control mechanism to OLSRv2, both in terms of additional control-traffic overhead and additional in-router processing resources, using several cryptographic algorithms, such as RSA and Elliptic Curve Cryptography for very short signatures. Index Terms—OLSRv2, MANET, security, router, link admit-tance control, digital signatures},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Herberg, Ulrich; Clausen, Thomas; Milan, Jerome
Digital Signatures for Admittance Control in the Optimized Link State Routing Protocol version 2 Proceedings Article
In: Proceedings of the International Conference on Internet Technology and Applications (iTAP 2010), 2010, ISBN: 978-1-4244-5142-5.
@inproceedings{Clausen2010j,
title = {Digital Signatures for Admittance Control in the Optimized Link State Routing Protocol version 2},
author = {Ulrich Herberg and Thomas Clausen and Jerome Milan},
url = {http://www.thomasclausen.net/wp-content/uploads/2015/12/2010-ITAP-Digital-Signatures-for-Admittance-Control-in-OLSRv2.pdf},
doi = {10.1109/ITAPP.2010.5566285},
isbn = {978-1-4244-5142-5},
year = {2010},
date = {2010-08-01},
publisher = {Proceedings of the International Conference on Internet Technology and Applications (iTAP 2010)},
abstract = {Public community Mobile Ad Hoc NETworks (MANETs), such as the “Funkfeuer” or “Freifunk” networks, scale up to several hundreds of routers, connecting users with each other, and with the Internet. As MANETs are typically operated over wireless channels (e.g. WiFi), access to these networks is granted to anyone in the radio range of another router in the MANET, and running the same MANET routing protocol. In order to protect the stability of the networks from malicious intruders, it is important to ensure that only trusted peers are admitted to participate in the control message exchange, and to provide means for logically “disconnecting” a non-trustworthy peer. This paper presents the concept of admittance control for the Optimized Link State Routing Protocol version 2 (OLSRv2), and suggests a security extension based on digital signatures. Due to the flexible message format of OLSRv2, this extension keeps compatibility with the core OLSRv2 specification. Several standard digital signature algorithms (RSA, DSA, ECDSA), as well as HMAC, are compared in terms of message overhead and CPU time for generating and processing signatures.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Clausen, Thomas; Herberg, Ulrich
Vulnerability Analysis of the Optimized Link State Routing Protocol version 2 (OLSRv2) Proceedings Article
In: Proceedings of the IEEE International Conference on Wireless Communications, Networking and Information Security (WCNIS2010), 2010, ISBN: 978-1-4244-5850-9.
@inproceedings{Clausen2010k,
title = {Vulnerability Analysis of the Optimized Link State Routing Protocol version 2 (OLSRv2)},
author = {Thomas Clausen and Ulrich Herberg},
url = {http://www.thomasclausen.net/wp-content/uploads/2015/12/2010-WCNIS-Vulnerability-Analysis-of-the-Optimized-Link-State-Routing-Protocol-version-2-OLSRv2.pdf},
doi = {10.1109/WCINS.2010.5544732},
isbn = {978-1-4244-5850-9},
year = {2010},
date = {2010-06-01},
publisher = {Proceedings of the IEEE International Conference on Wireless Communications, Networking and Information Security (WCNIS2010)},
abstract = {Mobile Ad hoc NETworks (MANETs) are leaving the confines of research laboratories, to find place in real-world deploy-ments. Outside specialized domains (military, vehicular, etc.), city-wide community-networks are emerging, connecting regular Internet users with each other, and with the Internet, via MANETs. Growing to encompass more than a handful of “trusted participants”, the question of preserving the MANET network connectivity, even when faced with careless or malicious participants, arises, and must be addressed. A first step towards protecting a MANET is to analyze the vulnerabilities of the routing protocol, managing the connectivity. By understanding how the algorithms of the routing protocol operate, and how these can be exploited by those with ill intent, countermeasures can be developed, readying MANETs for wider deployment and use. This paper takes an abstract look at the algorithms that constitute the Optimized Link State Routing Protocol version 2 (OLSRv2), and identifies for each protocol element the possible vulnerabilities and attacks – in a certain way, provides a “cookbook” for how to best attack an operational OLSRv2 network, or for how to proceed with developing protective countermeasures against these attacks.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Herberg, Ulrich; Clausen, Thomas
Security Issues in the Optimized Link State Routing Protocol Version 2 (OLSRV2) Journal Article
In: International Journal of Network Security & Its Applications (IJNSA), 2010.
@article{LIX-NET-journal-70,
title = {Security Issues in the Optimized Link State Routing Protocol Version 2 (OLSRV2)},
author = {Ulrich Herberg and Thomas Clausen},
url = {http://www.thomasclausen.net/wp-content/uploads/2015/12/2010-IJNSA-Security-Issues-in-the-Optimized-Link-State-Routing-Protocol-version-2-OLSRv2-1.pdf},
year = {2010},
date = {2010-04-01},
journal = {International Journal of Network Security & Its Applications (IJNSA)},
abstract = {Mobile Ad hoc NETworks (MANETs) are leaving the confines of research laboratories, to find place in real-world deployments. Outside specialized domains (military, vehicular, etc.), city-wide community- networks are emerging, connecting regular Internet users with each other, and with the Internet, via MANETs. Growing to encompass more than a handful of “trusted participants”, the question of preserving the MANET network connectivity, even when faced with careless or malicious participants, arises, and must be addressed. A first step towards protecting a MANET is to analyze the vulnerabilities of the routing protocol, managing the connectivity. By understanding how the algorithms of the routing protocol operate, and how these can be exploited by those with ill intent, countermeasures can be developed, readying MANETs for wider deployment and use. This paper takes an abstract look at the algorithms that constitute the Optimized Link State Routing Protocol version 2 (OLSRv2), and identifies for each protocol element the possible vulnerabilities and attacks – in a certain way, provides a “cookbook” for how to best attack an operational OLSRv2 network, or for how to proceed with developing protective countermeasures against these attacks.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Raffo, Daniele; Adjih, Cédric; Clausen, Thomas; Mühlethaler, Paul
An advanced signature system for OLSR Proceedings Article
In: workshop on security of ad hoc and sensor networks, pp. 10–16, 2004.
@inproceedings{Clausen2004d,
title = {An advanced signature system for OLSR},
author = {Daniele Raffo and Cédric Adjih and Thomas Clausen and Paul Mühlethaler},
url = {http://www.thomasclausen.net/wp-content/uploads/2015/12/2003-SASN-An-advanced-signature-system-for-OLSR..pdf},
doi = {10.1145/1029102.1029106},
year = {2004},
date = {2004-01-01},
booktitle = {workshop on security of ad hoc and sensor networks},
pages = {10--16},
abstract = {In this paper we investigate security issues related to the Optimized Link State Routing Protocol -- one example of a proactive routing protocol for MANETs. We inventory the possible attacks against the integrity of the OLSR network routing infrastructure, and present a technique for securing the network. In particular, assuming that a mechanism for routing message authentication (digital signatures) has been deployed, we concentrate on the problem where otherwise "trusted" nodes have been compromised by attackers, which could then inject false (however correctly signed) routing messages. Our main approach is based on authentication checks of information injected into the network, and reuse of this information by a node to prove its link state at a later time. We finally synthetize the overhead and the remaining vulnerabilities of the proposed solution.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Adjih, Cedric; Clausen, Thomas; Laouiti, Anis; Mühlethaler, Paul; Raffo, Daniele
Securing the OLSR protocol Proceedings Article
In: In 2nd IFIP Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net 2003), Mahdia, pp. 25–27, 2003.
@inproceedings{Clausen2003e,
title = {Securing the OLSR protocol},
author = {Cedric Adjih and Thomas Clausen and Anis Laouiti and Paul Mühlethaler and Daniele Raffo},
url = {http://www.thomasclausen.net/wp-content/uploads/2015/12/securing-olsr.pdf},
year = {2003},
date = {2003-01-01},
booktitle = {In 2nd IFIP Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net 2003), Mahdia},
pages = {25--27},
abstract = {In this paper, we examine security issues related to proactive routing protocols for MANETs. Specifically, we investigate security properties of the Optimized Link-State Routing Protocol- one example of a proactive routing protocol for MANETs. We investigate the possible attacks against the integrity of the network routing infrastructure, and present techniques for countering a variety of such attacks. Our main approach is based on authentication checks of information injected into the network. However even with perfect authentication check, replay attacks are still possible. Hence, we develop a distributed timestamp-based approach for verifying if a message is “old ” or “current”. We finally present two different, simple algorithms for distributing public keys in a MANET, in order to provide a mechanism permitting authentication checks to be conducted. While we use OLSR as an example protocol for our studies, we argue that the presented techniques apply equally to any proactive routing protocol for MANETs.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}