Security Threats to the Optimized Link State Routing Protocol Version 2 (OLSRv2)
RFC 8116
Internet Engineering Task Force (IETF) T. Clausen
Request for Comments: 8116
Category: Informational U. Herberg
ISSN: 2070-1721
J. Yi
Ecole Polytechnique
May 2017
Security Threats to the
Optimized Link State Routing Protocol Version 2 (OLSRv2)
Abstract
This document analyzes common security threats to the Optimized Link
State Routing Protocol version 2 (OLSRv2) and describes their
potential impacts on Mobile Ad Hoc Network (MANET) operations. It
also analyzes which of these security vulnerabilities can be
mitigated when using the mandatory-to-implement security mechanisms
for OLSRv2 and how the vulnerabilities are mitigated.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc8116.
Clausen, et al. Informational [Page 1]
RFC 8116 OLSRv2 Threats May 2017
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Clausen, et al. Informational [Page 2]
RFC 8116 OLSRv2 Threats May 2017
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. OLSRv2 Overview . . . . . . . . . . . . . . . . . . . . . 5
1.1.1. Neighborhood Discovery . . . . . . . . . . . . . . . 5
1.1.2. MPR Selection . . . . . . . . . . . . . . . . . . . . 6
1.1.3. Link State Advertisement . . . . . . . . . . . . . . 6
1.2. Link State Vulnerability Taxonomy . . . . . . . . . . . . 6
1.3. OLSRv2 Attack Vectors . . . . . . . . . . . . . . . . . . 7
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Topology Map Acquisition . . . . . . . . . . . . . . . . . . 7
3.1. Attack on Jittering . . . . . . . . . . . . . . . . . . . 8
3.2. Hop Count and Hop Limit Attacks . . . . . . . . . . . . . 8
3.2.1. Modifying the Hop Limit . . . . . . . . . . . . . . . 8
3.2.2. Modifying the Hop Count . . . . . . . . . . . . . . . 9
4. Effective Topology . . . . . . . . . . . . . . . . . . . . . 10
4.1. Incorrect Forwarding . . . . . . . . . . . . . . . . . . 10
4.2. Wormholes . . . . . . . . . . . . . . . . . . . . . . . . 11
4.3. Sequence Number Attacks . . . . . . . . . . . . . . . . . 12
4.3.1. Message Sequence Number . . . . . . . . . . . . . . . 12
4.3.2. Advertised Neighbor Sequence Number (ANSN) . . . . . 12
4.4. Indirect Jamming . . . . . . . . . . . . . . . . . . . . 12
5. Inconsistent Topology . . . . . . . . . . . . . . . . . . . . 15
5.1. Identity Spoofing . . . . . . . . . . . . . . . . . . . . 15
5.2. Link Spoofing . . . . . . . . . . . . . . . . . . . . . . 17
5.2.1. Inconsistent Topology Maps Due to Link State
Advertisements . . . . . . . . . . . . . . . . . . . 18
6. Mitigation of Security Vulnerabilities for OLSRv2 . . . . . . 19
6.1. Inherent OLSRv2 Resilience . . . . . . . . . . . . . . . 19
6.2. Resilience by Using RFC 7183 with OLSRv2 . . . . . . . . 20
6.2.1. Topology Map Acquisition . . . . . . . . . . . . . . 21
6.2.2. Effective Topology . . . . . . . . . . . . . . . . . 21
6.2.3. Inconsistent Topology . . . . . . . . . . . . . . . . 22
6.3. Correct Deployment . . . . . . . . . . . . . . . . . . . 22
Show full document text