Integrity Protection for the Neighborhood Discovery Protocol (NHDP) and Optimized Link State Routing Protocol Version 2 (OLSRv2)
RFC 7183
Internet Engineering Task Force (IETF) U. Herberg
Request for Comments: 7183 Fujitsu Laboratories of America
Updates: 6130, 7181 C. Dearlove
Category: Standards Track BAE Systems ATC
ISSN: 2070-1721 T. Clausen
LIX, Ecole Polytechnique
April 2014
Integrity Protection for the Neighborhood Discovery Protocol (NHDP) and
Optimized Link State Routing Protocol Version 2 (OLSRv2)
Abstract
This document specifies integrity and replay protection for the
Mobile Ad Hoc Network (MANET) Neighborhood Discovery Protocol (NHDP)
and the Optimized Link State Routing Protocol version 2 (OLSRv2).
This protection is achieved by using an HMAC-SHA-256 Integrity Check
Value (ICV) TLV and a Timestamp TLV based on Portable Operating
System Interface (POSIX) time.
The mechanism in this specification can also be used for other
protocols that use the generalized packet/message format described in
RFC 5444.
This document updates RFC 6130 and RFC 7181 by mandating the
implementation of this integrity and replay protection in NHDP and
OLSRv2.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7183.
Herberg, et al. Standards Track [Page 1]
RFC 7183 Integrity Protection for NHDP and OLSRv2 April 2014
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
2. Terminology .....................................................4
3. Applicability Statement .........................................5
4. Protocol Overview and Functioning ...............................6
5. Parameters ......................................................7
6. Message Generation and Processing ...............................9
6.1. Message Content ............................................9
6.2. Message Generation ........................................10
6.3. Message Processing ........................................11
6.3.1. Validating a Message Based on Timestamp ............11
6.3.2. Validating a Message Based on Integrity Check ......12
7. Provisioning of Routers ........................................12
8. Security Considerations ........................................12
8.1. Mitigated Attacks .........................................13
8.1.1. Identity Spoofing ..................................13
8.1.2. Link Spoofing ......................................13
8.1.3. Replay Attack ......................................13
8.2. Limitations ...............................................13
9. Acknowledgments ................................................14
10. References ....................................................14
10.1. Normative References .....................................14
10.2. Informative References ...................................14
Herberg, et al. Standards Track [Page 2]
RFC 7183 Integrity Protection for NHDP and OLSRv2 April 2014
1. Introduction
This specification updates [RFC6130] and [RFC7181] by defining
mandatory-to-implement security mechanisms (for integrity and replay
protection). A deployment of these protocols may choose to employ an
alternative(s) to these mechanisms; in particular, it may choose to
protect packets rather than messages, it may choose to use an
alternative Integrity Check Value (ICV) with preferred properties,
Show full document text