[Babel-users] SEMTOR mesh security mechanism

[Denis Ovsienko]

Hello all.

Regarding the paper titled "Securely-Entrusted Multi-Topology Routing for Community Networks" by Axel Neumann (CC'd) et al., I failed to find which of the mailing lists the PDF link was posted to originally (and by whom), but now I have looked through my hard copy of the paper and would like to note a couple things of interest.

My current understanding of SEMTOR mechanism is that it uses an explicit pre-agreed list of node IDs that belong to a trusted sub-graph. This list would then be provisioned into each node, which would then filter non-trusted nodes out when routing a specific set of network prefixes of concern.

I have thought about it and it seems to me as the size of the trusted graph grows, the total combined size of the deployed configuration will grow faster (n*n). This makes it much more difficult to add the 100th node to a 99-node graph than it is to add 10th node to 9-node graph. Also as far as I understand it, the pre-agreed list of the trusted nodes cannot be amended online without losing the association with the peer nodes because the set is represented by the hash value of its contents and as soon as one has changed it in one place, the old [different] hash will be filtered out. In other words, compared to a pre-shared key method I see operational disadvantages and don't see a gain. If anyone can point me in a better direction to understand, that would be nice.

Another thing, as the paper explains, is the same old link spoofing attack and the same attacks things a rogue node can do on the transit payload. For this SEMTOR doesn't itself claim to be a solution and doesn't refer to some other ultimate solution but does include a discussion of possible detection by means of monitoring. So the good news is problem statement is consistently understood by different people. That said, the solution is still unknown. I would be glad to hear if anyone has to add to this.

-- 
    Denis Ovsienko