Main News Introduction Documentation Download Contact


The PLA protocol uses cryptographically strong digital signatures to ensure integrity, timeliness, non-repudiation, and origin of every IP packet sent over the (ad hoc) network. On the contrary to traditional end-to-end solution (such as IPsec), PLA enables every intermediate node to verify that it is forwarding further only "good packets".

PLA uses standard IP header extension technique to provide extra information for the intermediate nodes so that they can validate the packet without prior communication or security association with the originating node. Additionally, PLA has a feature of rights delegation and authorization of nodes to participate network and also possibility to revoke compromised nodes. Thus large variety of attacks against the networks can be eliminated or radically reduced. Merging and splitting ad hoc networks that are belonging to different organizations can be done easily with PLA.

Originally, PLA was designed for wireless military networks, where the overheads caused by PLA, i.e. extra header in every packet and additional computation per packet, were justifiable. However, with HW acceleration of the cryptographic algorithms and new digital signature schemes, it is possible to scale up the performance of the PLA protocol to cope with high speed wired network links, such as 10 Gbit/s Ethernet, economically.

Last modified: 27.7.2006