The PLA protocol uses cryptographically strong digital signatures to
ensure integrity, timeliness, non-repudiation, and origin of every IP
packet sent over the (ad hoc) network. On the contrary to traditional
end-to-end solution (such as IPsec), PLA enables every intermediate
node to verify that it is forwarding further only "good packets".
PLA uses standard IP header extension technique to provide extra information
for the intermediate nodes so that they can validate the packet without
prior communication or security association with the originating node.
Additionally, PLA has a feature of rights delegation and authorization
of nodes to participate network and also possibility to revoke
compromised nodes. Thus large variety of attacks against the networks
can be eliminated or radically reduced. Merging and splitting ad hoc
networks that are belonging to different organizations can be done
easily with PLA.
Originally, PLA was designed for wireless military
networks, where the overheads caused by PLA, i.e. extra header in every
packet and additional computation per packet, were justifiable. However,
with HW acceleration of the cryptographic algorithms and new digital
signature schemes, it is possible to scale up the performance of the PLA
protocol to cope with high speed wired network links, such as 10 Gbit/s
Ethernet, economically.