A shared secret-based algorithm for securing the OLSR routing protocol

The strongest feature of ad hoc networks is its capability to be rapidly deployed anywhere and anytime without relying on a pre-existing infrastructure. From there, ad hoc networks offer the advantages to be auto-organized, ubiquitous, dynamic and completely autonomous. As a counter part, securing them becomes a more difficult task, especially because of the absence of centralized entities in the network. Inevitably, the security problem presents currently a hot topic raising more and more challenges within industrials and researchers, and many interesting securing solutions were meanwhile proposed, omitting however to suit to ad hoc networks characteristics and therefore disadvantaging them. In this paper, we propose a securing scheme for the OLSR routing protocol based on the secret sharing idea. We initially expose the general characteristics and the security problems related to ad hoc routing protocols. We then address the security requirements of ad hoc routing protocols and the security requirements we focus on. Finally, we define our completely and distributed securing algorithm based on threshold cryptography. A primary main conception objective being to suit as much as possible to ad hoc networks characteristics by avoiding as much as possible assumptions contradictory with the auto-organized and dynamic nature of ad hoc networks. Simulation results depict the additional delay due to security enhancements. Results show that this delay stills suitable to OLSR routing specifications.     

Securing ad hoc networks

Ad hoc networks are a new wireless networking paradigm for mobile hosts. Unlike traditional mobile wireless networks, ad hoc networks do not rely on any fixed infrastructure. Instead, hosts rely on each other to keep the network connected. Military tactical and other security-sensitive operations are still the main applications of ad hoc networks, although there is a trend to adopt ad hoc networks for commercial uses due to their unique properties. One main challenge in the design of these networks is their vulnerability to security attacks. In this article, we study the threats on ad hoc network faces and the security goals to be achieved. We identify the new challenges and opportunities posed by this new networking environment and explore new approaches to secure its communication. In particular, we take advantage of the inherent redundancy in ad hoc networks-multiple routes between nodes-to defend routing against denial-of-service attacks. We also use replication and new cryptographic schemes, such as threshold cryptography, to build a highly secure and highly available key management service, which terms the core of our security framework     

移动自组网中基于声誉机制的安全路由协议设计与分析

移动自组网是一种有特殊用途的对等式网络,具有无中心、自组织、可快速展开、可移动等特点,这些特点使得它在战场、救灾等特殊场合的应用日渐受到人们的重视.由于在移动自组网络中每节点既是主机又是路由器,所以容易遭受基于路由信息的攻击,而现今的路由协议基本没有考虑到该问题.本文在分析移动自组网络安全特性的基础上,综述了该方面的研究工作,建立了基于声誉机制评价体系,并给出了具体的评价方法和计算模型.在此基础上,提出了基于声誉机制的安全路由协议S-DSR.仿真结果表明在存在攻击节点的情况下S-DSR协议比DSR协议具有更好的包传输率、包丢失率等属性.     

路由信息的攻击对AODV协议性能的影响分析

AODV协议是移动自组网络中一种按需反应的表驱动路由协议。在移动自组网中，每个节点既是计算机又是路由器，容易遭受基于路由信息的网络攻击，而现今的路由协议基本没有考虑到该问题。本文在分析移动自组网中针对路由信息主要攻击方法的基础上，建立了主动性和自私性两个攻击模型，并且在AODV协议中扩充实现了这两类攻击行为。通过对模拟结果的分析和比较，讨论了路由信息的攻击对AODV协议性能的影响，并进一步探讨了针对基于路由信息攻击的防御措施。     

移动Ad Hoc网络安全按需路由协议

Ad Hoc网络的安全性问题越来越引起人们的关注,如何确保Ad Hoc网络路由协议的安全成为Ad Hoc研究的一项关键技术。提出一种适用于移动Ad Hoc网络的安全按需源路由协议,利用移动节点之间的会话密钥和基于散列函数的消息鉴别码HMAC一起来验证路由发现和路由应答的有效性。提出的邻居节点维护机制通过把MAC地址和每个节点的ID绑定来防御各种复杂的攻击如虫洞攻击。NS-2仿真表明该协议能有效地探测和阻止针对Ad Hoc网络的大部分攻击。     

Authenticated routing for ad hoc networks

Initial work in ad hoc routing has considered only the problem of providing efficient mechanisms for finding paths in very dynamic networks, without considering security. Because of this, there are a number of attacks that can be used to manipulate the routing in an ad hoc network. In this paper, we describe these threats, specifically showing their effects on ad hoc on-demand distance vector and dynamic source routing. Our protocol, named authenticated routing for ad hoc networks (ARAN), uses public-key cryptographic mechanisms to defeat all identified attacks. We detail how ARAN can secure routing in environments where nodes are authorized to participate but untrusted to cooperate, as well as environments where participants do not need to be authorized to participate. Through both simulation and experimentation with our publicly available implementation, we characterize and evaluate ARAN and show that it is able to effectively and efficiently discover secure routes within an ad hoc network.     

A survey of routing attacks in mobile ad hoc networks

Recently, mobile ad hoc networks became a hot research topic among researchers due to their flexibility and independence of network infrastructures, such as base stations. Due to unique characteristics, such as dynamic network topology, limited bandwidth, and limited battery power, routing in a MANET is a particularly challenging task compared to a conventional network. Early work in MANET research has mainly focused on developing an efficient routing mechanism in such a highly dynamic and resource-constrained network. At present, several efficient routing protocols have been proposed for MANET. Most of these protocols assume a trusted and cooperative environment. However, in the presence of malicious nodes, the networks are vulnerable to various kinds of attacks. In MANET, routing attacks are particularly serious. In this article, we investigate the state-of-the-art of security issues in MANET. In particular, we examine routing attacks, such as link spoofing and colluding misrelay attacks, as well as countermeasures against such attacks in existing MANET protocols.     

Wormhole attacks in wireless networks

As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a general mechanism, called packet leashes, for detecting and, thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. We also discuss topology-based wormhole detection, and show that it is impossible for these approaches to detect some wormhole topologies.     

Provably Secure On-Demand Source Routing in Mobile Ad Hoc Networks

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols has mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined and routing protocols for mobile ad hoc networks can be proved to be secure in a rigorous manner. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but, to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the use of our framework by proving that it is secure in our model     

ETUS: An enhanced triple umpiring system for security and performance improvement of mobile ad hoc networks

A mobile ad hoc network is a self‐created, self‐organized and self‐administering set of nodes connected via wireless links without the aid of any fixed infrastructure or administrator. Protecting the network layer from malicious attacks is an important and challenging issue in both wired and wireless networks and the issue becomes even more challenging in the case of wireless mobile ad hoc networks. In this paper we propose a solution using a triple umpiring system (TUS), which provides security for routing and data‐forwarding operations. In our system each node's behaviour from source to destination is closely monitored by a set of three umpires. If any misbehaviour is noticed, umpires flag off the guilty node from the circuit. We have proposed two enhancements to the basic TUS for salvaging the circuit during disruptions in route reply and data‐forwarding phases. The model with these two enhancements is called ETUS. We have implemented TUS and ETUS by modifying the popular Ad hoc On‐Demand Distance Vector protocol. Extensive simulation studies using QualNet 5.0 establish the soundness of the proposal. Copyright © 2010 John Wiley & Sons, Ltd.     

Secure routing in mobile wireless ad hoc networks

We discuss several well known contemporary protocols aimed at securing routing in mobile wireless ad hoc networks. We analyze each of these protocols against requirements of ad hoc routing and in some cases identify fallibilities and make recommendations to overcome these problems so as to improve the overall efficacy of these protocols in securing ad hoc routing, without adding any significant computational or communication overhead.     

A heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks

A mobile ad hoc network does not require fixed infrastructure to construct connections among nodes. Due to the particular characteristics of mobile ad hoc networks, most existing secure protocols in wired networks do not meet the security requirements for mobile ad hoc networks. Most secure protocols in mobile ad hoc networks, such as secure routing, key agreement and secure group communication protocols, assume that all nodes must have pre‐shared a secret, or pre‐obtained public‐key certificates before joining the network. However, this assumption has a practical weakness for some emergency applications, because some nodes without pre‐obtained certificates will be unable to join the network. In this paper, a heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks is proposed to remedy this weakness. Several heterogeneous networks (such as satellite, unmanned aerial vehicle, or cellular networks) provide wider service areas and ubiquitous connectivity. We adopt these wide‐covered heterogeneous networks to design a secure certificate distribution scheme that allows a mobile node without a pre‐obtained certificate to instantly get a certificate using the communication channel constructed by these wide‐covered heterogeneous networks. Therefore, this scheme enhances the security infrastructure of public key management for mobile ad hoc networks. Copyright © 2006 John Wiley & Sons, Ltd.     

Game Theoretic Analysis of Cooperation Stimulation and Security in Autonomous Mobile Ad Hoc Networks

In autonomous mobile ad hoc networks, nodes belong to different authorities and pursue different goals; therefore, cooperation among them cannot be taken for granted. Meanwhile, some nodes may be malicious, whose objective is to damage the network. In this paper, we present a joint analysis of cooperation stimulation and security in autonomous mobile ad hoc networks under a game theoretic framework. We first investigate a simple yet illuminating two-player packet forwarding game and derive the optimal and cheat-proof packet forwarding strategies. We then investigate the secure routing and packet forwarding game for autonomous ad hoc networks in noisy and hostile environments and derive a set of reputation-based cheat-proof and attack-resistant cooperation stimulation strategies. When analyzing the cooperation strategies, besides Nash equilibrium, other optimality criteria, such as Pareto optimality, subgame perfection, fairness, and cheat-proofing, have also been considered. Both analysis and simulation studies have shown that the proposed strategies can effectively stimulate cooperation among selfish nodes in autonomous mobile ad hoc networks under noise and attacks, and the damage that can be caused by attackers is bounded and limited     

SCAN: self-organized network-layer security in mobile ad hoc networks

Protecting the network layer from malicious attacks is an important yet challenging security issue in mobile ad hoc networks. In this paper, we describe SCAN, a unified network-layer security solution for such networks that protects both routing and data forwarding operations through the same reactive approach. SCAN does not apply any cryptographic primitives on the routing messages. Instead, it protects the network by detecting and reacting to the malicious nodes. In SCAN, local neighboring nodes collaboratively monitor each other and sustain each other, while no single node is superior to the others. SCAN also adopts a novel credit strategy to decrease its overhead as time evolves. In essence, SCAN exploits localized collaboration and information cross-validation to protect the network in a self-organized manner. Through both analysis and simulation results, we demonstrate the effectiveness of SCAN even in a highly mobile and hostile environment.     

Integrating Heterogeneous Wireless Technologies: A Cellular Aided Mobile Ad Hoc Network (CAMA)

A mobile ad hoc network is a collection of wireless terminals that can be deployed rapidly. Its deficiencies include limited wireless bandwidth efficiency, low throughput, large delays, and weak security. Integrating it with a well-established cellular network can improve communication and security in ad hoc networks, as well as enrich the cellular services. This research proposes a cellular-aided mobile ad hoc network (CAMA) architecture, in which a CAMA agent in the cellular network manages the control information, while the data is delivered through the mobile terminals (MTs). The routing and security information is exchanged between MTs and the agent through cellular radio channels. A position-based routing protocol, the multi-selection greedy positioning routing (MSGPR) protocol, is proposed. At times due to the complicated radio environment, the position information is not precise. Even in these cases, the MT can still find its reachable neighbors (the association) by exchanging hello messages. This association is used in complement with the position information to make more accurate routing decisions. Simulation results show that the delivery ratio in the ad hoc network is greatly improved with very low cellular overhead. The security issues in the proposed architecture and the corresponding solutions are addressed. The experimental study shows that CAMA is much less vulnerable than a pure ad hoc network.     

Ad Hoc网络的安全问题和安全策略

AdHoc网络作为一种无线移动网络正成为网络研究,特别是军事研究的一个热点。由于AdHoc网络的特点,其安全问题和安全策略正受到越来越广播的重视。文中介绍了AdHoc网络的特点,论述了AdHoc网络和路由协议的安全问题,最后讨论并提出了AdHoc网络的一些安全策略。     

A Secure Path Selection Scheme for Mobile Ad Hoc Network

Mobile ad hoc network is open medium, infrastructure-less and easy to install. Despite these features, mobile ad hoc network is vulnerable to various security attacks. Black hole and gray hole security attacks outrank among all security attacks. This paper proposes a distributed delegation-based scheme, namely, a secure path selection scheme. The proposed scheme identifies and allows only trusted nodes to become part of active path. The simulation results revealed that proposed scheme improved the packet delivery ratio, packet loss rate, throughput by 8% and routing overhead by 5% as compared to other system.

     

Power-aware routing protocols in ad hoc wireless networks

An ad hoc wireless network has no fixed networking infrastructure. It consists of multiple, possibly mobile, nodes that maintain network connectivity through wireless communications. Such a network has practical applications in areas where it may not be economically practical or physically possible to provide a conventional networking infrastructure. The nodes in an ad hoc wireless network are typically powered by batteries with a limited energy supply. One of the most important and challenging issues in ad hoc wireless networks is how to conserve energy, maximizing the lifetime of its nodes and thus of the network itself. Since routing is an essential function in these networks, developing power-aware routing protocols for ad hoc wireless networks has been an intensive research area in recent years. As a result, many power-aware routing protocols have been proposed from a variety of perspectives. This article surveys the current state of power-aware routing protocols in ad hoc wireless networks.     

Information theoretic framework of trust modeling and evaluation for ad hoc networks

The performance of ad hoc networks depends on cooperation and trust among distributed nodes. To enhance security in ad hoc networks, it is important to evaluate trustworthiness of other nodes without centralized authorities. In this paper, we present an information theoretic framework to quantitatively measure trust and model trust propagation in ad hoc networks. In the proposed framework, trust is a measure of uncertainty with its value represented by entropy. We develop four Axioms that address the basic understanding of trust and the rules for trust propagation. Based on these axioms, we present two trust models: entropy-based model and probability-based model, which satisfy all the axioms. Techniques of trust establishment and trust update are presented to obtain trust values from observation. The proposed trust evaluation method and trust models are employed in ad hoc networks for secure ad hoc routing and malicious node detection. A distributed scheme is designed to acquire, maintain, and update trust records associated with the behaviors of nodes' forwarding packets and the behaviors of making recommendations about other nodes. Simulations show that the proposed trust evaluation system can significantly improve the network throughput as well as effectively detect malicious behaviors in ad hoc networks.     

Secure interconnection protocol for integrated Internet and ad hoc networks

Integration of ad hoc networks with the Internet provides global Internet connectivity for ad hoc hosts through the coordination of mobile IP and ad hoc protocols. In a pure ad hoc network, it is difficult to establish trust relationship between two ad hoc hosts due to lack of infrastructure or centralized administration. In this paper, an infrastructure‐supported and distributed authentication protocol is proposed to enhance trust relationships amongst ad hoc hosts. In addition, an effective secure routing protocol (SRP) is discussed to protect the multi‐hop route for Internet and ad hoc communication. In the integrated ad hoc networks with Internet accessibility, the ad hoc routing security deployed with the help of infrastructure has a fundamental impact on ad hoc hosts in term of Internet access, integrity, and authentication. Both analysis and simulation results demonstrate the effectiveness of the proposed security protocol. Copyright © 2007 John Wiley & Sons, Ltd.