[Babel-users] Babel and HMAC authentication

[Juliusz Chroboczek]

Hi Mathieu,

> I was looking at RFC7298 about HMAC authentication in babeld and was
> wondering whether it would be usable on an open mesh network, such as the
> Montreal mesh network (reseaulibre.ca), where people basically put
> antennas on their roofs and join the mesh, but we would like some way to
> authenticate routes in order to avoid attacks on the network.

RFC 7298 performs hop-to-hop authentication of packets, not end-to-end
authentication of routes.  The former is relatively doable, and very
useful for closed networks; the latter is more widely applicable, but very
difficult to do right (search for "SBGP").

> * how would the shared secret work on a distributed mesh? Having a unique
> key for all would be too risky (it would not stay secret long, and
> changing it would be hard), but we could imagine having something like
> a key per city district/borough (arrondissement), or filtering on
> super-nodes (backbones) to limit scope of attacks.

Either that, or work with Denis to implement asymmetric keying.

> * how does the optional aspect of the authentication work? Could network
> participants decide, on a per-relay basis, which routes/keys to trust?

That's the main problem -- keys authenticate packets, not routes.  Some
weak form of route authentication could be achieved by filtering depending
on authentication results, but I'm pretty sure Denis hasn't implemented
that.

> * it seems implemented in Quagga. Any blockers to having it in the main
> babeld package?

No particular issues, and I'd be glad to consider a patch that does that.
Please make sure you make it compile-time optional, and that you integrate
cleanly with the existing configuration parser.

-- Juliusz