In this thesis we have provided an overview of the security problems in wireless networks, focusing on the routing protocols in ad hoc networks, and contributed with some solutions to make OLSR more secure. Wireless ad hoc networks are an emerging technology, and the literature covering the aspects of the security of the routing layer is relatively new, the first papers on this subject having been published a few years ago.
The thesis provides a classification of the attacks against OLSR, which is a topic that has never been studied at this level of detail. We have also proposed several solutions for OLSR, these solutions including at first the addition of a digest or a digital signature to control traffic; this is the canonical protection against intrusions in the routing protocol. More elaborate techniques presented in this thesis focus on the validation of link state information, to avoid compromised nodes issuing false information. This is an advanced level of protection, and assumes that an adversary is able to generate correct signatures for control traffic originating from some nodes. These advanced techniques use additional knowledge, such as previous link state declarations or geographical data concerning the position of nodes, to validate the topology information spreaded in the network by the nodes. The increased security is at the expense of a greater message overhead, as exchanged control messages have of course a larger size and implicate further computations done by both the originating and the receiving node. This may be unsuitable for a network composed of nodes that do not have a sufficient computational power, for a QoS-aimed network that must guarantee high performances concerning the data rate, or for a network that simply does not need such an improved security. On the other hand, these techniques can be associated in order to provide an higher security level.
These systems are aimed at the protection of network topology information. Ad hoc networks are the most adaptable and serviceable type of wireless network; for this reason, they are widely used by the military. In this instance, topology information is of great value, and the network should be protected against intrusions which would have severe consequences.
In addition to the prevention techniques mentioned above, we have also sketched a method for misbehavior detection and elimination. This method aims at detecting those nodes that, by non-respect of the protocol rules, perturb the network functioning. Once that these misbehaving nodes are detected, an alert is broadcast to inform the rest of the network. The other nodes subsequently issue a joint reaction to purge the network of the offending nodes, e.g. by removing them from the routing tables. Of course, this detection system can (and should) be combined with some of the aforementioned prevention techniques.
During our doctoral researches we have found some systems, of different requirements and specifications, to secure OLSR. Other systems may be found by adapting various security techniques and established standards, such as IPsec, always bearing in mind that ad hoc networks have their own characteristics and limitations. These miscellaneous security techniques may also come from other link state protocols, or even reactive routing protocols, with the necessary modifications to conform to OLSR.
Indeed, we have provided just an outline of the signature algorithms utilized
in our security systems. The study of better cryptographic algorithms (from the
point of view of a smaller signature size, reduced computation complexity, and
greater speed) would increase the suitability of the proposed OLSR security
architectures to the reality of an ad hoc protocol.