Printer Friendly

Security challenges for routing protocol in AD-HOC networks.

Introduction

In a region, where there is no fixed network infrastructure, or it is costly and time consuming to build up one, ad-hoc networks can provide network connectivity. Two nodes in a mobile ad-hoc network (MANET) can communicate if the distance between them is less than the minimum of their two broadcast ranges [1]. All nodes need to be within the transmission range of one another, so that mobiles may try to maintain the network connectivity via a conventional multi-hop routing mechanism.

Such infrastructure less networks are usually needed in battlefields [2], disaster areas, conferences. Because of their capability of handling node failures and fast topology changes. Examples to such networks could be as Information sharing during a meeting, wireless intranet in a firm building, between buildings, communication within a platoon, and in large scale, disaster/war area rapid deployment of ambulances, tanks, or planes. Those networks provide mobile users with ubiquitous communication capability and information access regardless of location. In Figure 1(a), a very simple example setup for such a network composed of three wireless mobile computers is shown. The radio transmission ranges barely reach each other. Node A, without help of B, cannot communicate with C. Since B can communicate with both of them, it acts as a router and enables communication between A and C. The challenging factor is that, when we have more mobiles, to establish communication to the farthest node in the geography, we need to find a really good route, to be able to make robust communication. We are interested in routing protocols introduced for this purpose. There are four major routing protocols for adhoc networks: Temporally Ordered Routing Algorithm (TORA)[4], Ad Hoc On Demand Distance Vector (AODV) [5], Dynamic Source Routing (DSR) [6] and Destination Sequenced Distance Vector (DSDV) [8].

Ad hoc networks are a new paradigm of wireless communication for mobile hosts (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. Mobile nodes that are within each other's radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology. Figure 1(b) shows such an example: initially, nodes B and D have a direct link between them. When D moves out of B's radio range, the link is broken. However, the network is still connected, because B can reach D through C, E, and F.

Military tactical operations are still the main application of ad hoc networks today. For example, military units (e.g., soldiers, tanks, or planes), equipped with wireless communication devices, could form an ad hoc network when they roam in a battlefield. Ad hoc networks can also be used for emergency, law enforcement, and rescue missions. Since an ad hoc network can be deployed rapidly with relatively low cost, it becomes an attractive option for commercial uses such as sensor networks or virtual classrooms.

Security Goals

Security is an important issue for ad hoc networks, especially for those security-sensitive applications. To secure an ad hoc network, we consider the following attributes: availability, confidentiality, integrity, authentication, and non-repudiation.

[FIGURE 1 OMITTED]

Availability ensures the survivability of network services despite denial of service attacks. A denial of service attack could be launched at any layer of an ad hoc network. On the physical and media access control layers, an adversary could employ jamming to interfere with communication on physical channels. On the network layer, an adversary could disrupt the routing protocol and disconnect the network. On the higher layers, an adversary could bring down high-level services. One such target is the key management service, an essential service for any security framework.

Confidentiality ensures that certain information is never disclosed to unauthorized entities. Network transmission of sensitive information, such as strategic or tactical military information, requires a high level of confidentiality. Leakage of such information to enemies could have devastating consequences. Routing information must also remain confidential in certain cases, because the information might be valuable for enemies to identify and to locate their targets in a battlefield.

Integrity guarantees that a message being transferred is never corrupted. A message could be corrupted because of benign failures, such as radio propagation impairment, or because of malicious attacks on the network.

Authentication enables a node to ensure the identity of the peer node it is communicating with. Without authentication, an adversary could masquerade a node, thus gaining unauthorized access to resource and sensitive information and interfering with the operation of other nodes.

Finally, non-repudiation ensures that the origin of a message cannot deny having sent the message. Non repudiation is useful for detection and isolation of compromised nodes. When a node A receives an erroneous message from a node B, non-repudiation allows A to accuse B using this message and to convince other nodes that B is compromised.

Challenges

Traditional security mechanisms, such as authentication protocols, digital signature, and encryption, still play important roles in achieving confidentiality, integrity, authentication, and non-repudiation of communication in ad hoc networks. However, these mechanisms are not sufficient by themselves.

The salient features of ad hoc networks pose both challenges and opportunities in achieving these security goals.

First, use of wireless links renders an ad hoc network susceptible to link attacks ranging from passive eavesdropping to active impersonation, message replay, and message distortion. Eavesdropping might give an adversary access to secret information, violating confidentiality. Active attacks might allow the adversary to delete messages, to inject erroneous messages, to modify messages, and to impersonate a node, thus violating availability, integrity, authentication, and nonrepudiation.

Secondly, nodes, roaming in a hostile environment (e.g., a battlefield) with relatively poor physical protection, have non-negligible probability of being compromised. Therefore, we should not only consider malicious attacks from outside a network, but also take into account the attacks launched from within the network by compromised nodes. Therefore, to achieve high survivability, ad hoc networks should have a distributed architecture with no central entities. Introducing any central entity into our security solution could lead to significant vulnerability; that is, if this centralized entity is compromised, then the entire network is subverted.

Thirdly, an ad hoc network is dynamic because of frequent changes in both its topology and its membership (i.e., nodes frequently join and leave the network). Trust relationship among nodes also changes, for example, when certain nodes are detected as being compromised. Unlike other wireless mobile networks, such as mobile IP [9,10], nodes in an ad hoc network may dynamically become affiliated with administrative domains. Any security solution with a static configuration would not suffice. It is desirable for our security mechanisms to adapt on-the-fly to these changes.

Finally, an ad hoc network may consist of hundreds or even thousands of nodes. Security mechanisms should be scalable to handle such a large network.

Security of AD-HOC Routing Protocols

Following attributes should be considered for security of ad-hoc networks [11], in routing protocols perspective:

Availability

Are routing protocols open to denial-of-service attacks? Without the following attributes, any mobile node would try to answer any query of an hostile node. It is possible to flood all nodes, and decrease routing protocol performance by misusing protocol messaging. Reactive protocols are more vulnerable than proactive ones, on the other hand they can recover faster.

Confidentiality

All queries and neighborhood discoveries are done, trusting whomever the routing protocol talks to. There are no authentication methods embedded in routing protocols, except IMEP.

Integrity

This guarantees that the message being forwarded is never corrupted intentionally or unintentionally. Latter case is assumed to be taken care by the MAC standard. First case requires an authentication method which could be checked by all neighbor and route nodes. Thus ignoring such packets can slow down denial-of-service attacks.

Authentication

Authorization system is required, to ensure that the peer is the real one, and not masquerading.

Non-repudiation

Ensures that the sender of the routing message cannot deny having sent the message. This is important for detection and isolation, like firewalling of desired nodes.

Routing protocols, are very vulnerable since they can reveal topology information. Listening few DSR messages in promiscuous mode gives valuable information. A GPS based routing algorithm may give exact node locations. ZRP would inform about number and size of enemy regions [11].

Typically, an attacker can playback routing information and easily collapse the network. Consider a huge ad-hoc network, which is partitioned and connected via single hop host. Denial of service attack would break whole communication between two networks. Therefore protocols which are capable of finding multiple paths ie., AODV, TORA, DSR, have an advantage. Diversity coding [12] uses multiple paths to transmit data, and does not make any retransmissions. At the destination node, this allows error detection and correction. A proposal studying vulnerabilities, and providing countermeasures for distance-vector routing protocols for static networks has been given by Simth et.al., [13] . They managed to do it by using the predecessor information specified in the path-finding class of distance-vector proposals, and same method can be adopted for securing MANET distance-vector protocols. As a result, routing messages should be protected as well as the user data, and multiple path transmissions should always be used.

Secure Routing

To achieve availability, routing protocols should be robust against both dynamically changing topology and malicious attacks. Routing protocols [13, 14, 15] proposed for ad hoc networks cope well with the dynamically changing topology. However, none of them, to our knowledge, have accommodated mechanisms to defend against malicious attacks. Routing protocols for ad hoc networks are still under active research. There is no single standard routing protocol. Therefore, we aim to capture the common security threats and to provide guidelines to secure routing protocols.

In most routing protocols, routers exchange information on the topology of the network in order to establish routes between nodes. Such information could become a target for malicious adversaries who intend to bring the network down.

There are two sources of threats to routing protocols. The first comes from external attackers. By injecting erroneous routing information, replaying old routing information, or distorting routing information, an attacker could successfully partition a network or introduce excessive traffic load into the network by causing retransmission and inefficient routing.

The second and also the more severe kind of threats comes from compromised nodes, which might advertise incorrect routing information to other nodes. Detection of such incorrect information is difficult: merely requiring routing information to be signed by each node would not work, because compromised nodes are able to generate valid signatures using their private keys.

To defend against the first kind of threats, nodes can protect routing information in the same way they protect data traffic, i.e., through the use of cryptographic schemes such as digital signature. However, this defense is ineffective against attacks from compromised servers. Worse yet, as we have argued, we cannot neglect the possibility of nodes being compromised in an ad hoc network. Detection of compromised nodes through routing information is also difficult in an ad hoc network because of its dynamically changing topology: when a piece of routing information is found invalid, the information could be generated by a compromised node, or, it could have become invalid as a result of topology changes. It is difficult to distinguish between the two cases.

On the other hand, we can exploit certain properties of ad hoc networks to achieve secure routing.

Note that routing protocols for ad hoc networks must handle outdated routing information to accommodate the dynamically changing topology. False routing information generated by compromised nodes could, to some extent, be considered outdated information. As long as there are sufficiently many correct nodes, the routing protocol should be able to find routes that go around these compromised nodes. Such capability of the routing protocols usually relies on the inherent redundancies--multiple, possibly disjoint, routes between nodes--in ad hoc networks. If routing protocols can discover multiple routes (e.g., protocols in ZRP [16], DSR [6], TORA [4], and AODV [5] all can achieve this), nodes can switch to an alternative route when the primary route appears to have failed.

Diversity coding [12] takes advantage of multiple paths in an efficient way without message retransmission.

The basic idea is to transmit redundant information through additional routes for error detection and correction. For example, if there are n disjoint routes between two nodes, then we can use n-r channels to transmit data and use the other r channels to transmit redundant information. Even if certain routes are compromised, the receiver may still be able to validate messages and to recover messages from errors using the redundant information from the additional r channels.

Secure routing in networks such as the Internet has been extensively studied. Many proposed approaches are also applicable to secure routing in ad hoc networks. To deal with external attacks, standard schemes such as digital signatures to protect information authenticity and integrity have been considered.

Mizrak [17] studies how to protect routing information from compromised routers in the context of Byzantine robustness. The study analyzes the theoretical feasibility of maintaining network connectivity under such assumptions. Kumar [20] recognizes the problem of compromised routers as a hard problem, but provides no solution. Other works [13,19] give only partial solutions. The basic idea underlying these solutions is to detect inconsistency using redundant information and to isolate compromised routers. For example, in [19], where methods to secure distance-vector routing protocols are proposed, extra information of a predecessor in a path to a destination is added into each entry in the routing table. Using this piece of information, a path-traversal technique (by following the predecessor link) can be used to verify the correctness of a path. Such mechanisms usually come with a high cost and are avoided (e.g., in [13]) because routers on networks such as the Internet are usually well protected and rarely compromised.

Power and QOS Aware Protocols

There are protocols which optimize their parameters for power-efficient and good-connectivity networking. One of those studies is Singh's [18]. Their protocol considers the following metrics:

Minimize energy consumed per packet: This implies shortest-hop path.

Maximize time to network partition: Routing protocol tries to divide work amongst nodes to maximize life of the network.

Maximize variance in node power levels: This implies load-sharing of distributed systems, and is equivalent to bin-packing problem.

Minimize cost per packet: Here, the goal is to maximize the life of individual nodes in the network including costs other than energy.

Minimize the maximum node cost: Here the minimization is done for per-node energy consumption of contributing nodes for forwarding packets.

In 1999, Singh et. al., proposes same power-aware metrics based on battery power consumption at nodes for determining only broadcast routes in wireless ad-hoc networks [18,19]. Other power solutions include a higher-level, clustering solution with power control [22] and a lower-level, two-state Markov channel model for shutting off radio interface while an uninteresting transmission is occurring in the medium [23]. Another study is about tuning transmission power for the IEEE 802.11 DSSS WLAN network interface card. Having the similar idea, Kravets also has a proposal for modification of MAC and PHY layer of IEEE 802.11 standard [24]. For more in-depth study on energy efficient battery management techniques, refer to the study of Chiasserini and Rao [25].

There are also QoS related studies [26] on ad-hoc networks. To provide QoS, there is a bandwidth reservation proposal [27] which omits QoS parameters such as packet loss rate etc., and just tries to provide required bandwidth for real-time traffic on a flow path. Another study about QoS is core extraction distributed ad-hoc routing algorithm (CEDAR) [20][21]. In this protocol, QoS information is calculated at specific core nodes and they are propagated as waves for overall QoS awareness in the network. Other QoS related studies [28] introduce QoS requirements of wireless mobile networks and make single modified routing protocol (e.g. DSDV) simulations, in general.

Conclusion

In this paper, we discussed the security threats an ad hoc network faces and presented the security objectives that need to be achieved. On one hand, the security-sensitive applications of ad hoc networks require high degree of security; on the other hand, ad hoc networks are inherently vulnerable to security attacks. Therefore, security mechanisms are indispensable for ad hoc networks. The idiosyncrasy of ad hoc networks poses both challenges and opportunities for these mechanisms.

More work needs to be done to deploy these security mechanisms in an ad hoc network and to investigate the impact of these security mechanisms on the network performance.

Traditional security mechanisms, such as authentication protocols, digital signature, and encryption, still play important roles in achieving confidentiality, integrity, authentication, and non-repudiation of communication in ad hoc networks. However, these mechanisms are not sufficient by themselves.

References

[1] 1 Prosenjit Bose, Pat Morin, Ivan Stojmenovic and Jorge Urrutia, "Routing with Guaranteed Delivery in ad hoc Wireless Networks," Proceedings of the 3rd International Workshop on Discrete Algorithms and Methods for Mobile Computing and Communications, Seattle, WA USA, August 20, 1999.

[2] 2 Joseph B. Evans, Gary J. Minden, K.S. Shanmugan, Glen Prescott, Victor S. Frost, Ben Ewy, Ricardo Sanchez, Craig Sparks, K. Malinimohan, James Roberts, Richard Plumb and Dave Petr, "The Rapidly Deployable Radio Network," IEEE Communications, 1999, Vol. 17, No. 4, pages 689-702.

[3] 3 Vincent D. Park and M. Scott Corson, "A Highly Adaptive Distributed Routing Algorithm for Mobile Wireless Networks," Proceedings of IEEE INFOCOM '97, Kobe, Japan, April 1997.

[4] 4 V. Park and S. Corson, Temporally-Ordered Routing Algorithm (TORA) Version 1 Functional Specification, corson-draft-ietf-manet.tora-spec-00.txt, IETF, Internet draft, 1997.

[5] 5 C.E. Perkins and E.M.Royer, "Ad-hoc On Demand Distance Vector Routing," Proceedings of the 2nd IEEE Workshop on Mobile Computing Systems and Applications, New Orleans, LA, February 1999, pages 90-100.

[6] 6 David B. Johnson and David A. Maltz, "Dynamic Source Routing in Ad Hoc Wireless Networks," Mobile Computing, Kluwer Academic Publishers, pages 153-181, 1996.

[7] 7 David B. Johnson, Davis A. Maltz, The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks, IETF Draft, 49 pages, October 1999.

[8] 8 C.E. Perkins and P. Bhagwat, "Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for Mobile Computers", Computer Communications Review, pages 234-244, October 1994.

[9] 9. Kui Wu and Janelle Harms, "Location Trace Aided Routing in Mobile Ad Hoc Networks," IEEE International Conference on Computer Communications and Networks ICCCN 2000 , Las Vegas, Nevada USA, October 2000

[10] 10. Ching-Chuan Chiang and Mario Gerla, "Routing and Multicast in Multihop, Mobile Wireless Networks,", Proceedings of ICUPC'97, 1997.

[11] 11 Young-Bae Ko and Nitin H. Vaidya, "Location-Aided Routing (LAR) in Mobile Ad Hoc Networks," Proceedings of Mobicom '98 4th Annual ACM/IEEE International Conference on Mobile Computing and Networking, Dallas, TX, pages 66-75, October 1998.

[12] 12. E. Ayanoglu et.al., "Diversity Coding for Transparent Self-Healing and Fault-Tolerant Communication Networks," IEEE Transactions on Communications, vol.41, no. 11, pages 1677-86, November 1993.

[13] 13. Bradley R Smith , Shree Murthy and Garcia-Luna Aceves, J.J,; "Securing Distance--Vector Routing Protocols" Network and Distributed system security, 1997 Proceedings, 1997 symposium on 10-11 feb 1997 page(s): 8592.

[14] 14. Goodman, David J., Wireless Personal Communications Systems, Addison-Wesley Longman Inc., August 1997.

[15] 15. P. Papadimitratos, and Z. Hass, "Secure Routing for Mobile Ad Hoc Networks" CNDS, 2002.

[16] 16. Nicklas Beijar; "Zone Routing Protocol (ZRP)" in Ad Hoc Networking , Licentiate course on Telecommunications, 2002.

[17] 17. Alper Tugay Mizrak , Keit Marzullo and Stefan Savage,; "Fault-Tolerant forwarding in the face of Malicious Routers" University of Clifornia ay San Diego, technical report CS 2004-0789.

[18] 18. Suresh Singh, Mike Woo and C. S. Raghavendra, "Power-Aware Routing in Mobile Ad Hoc Networks," Proceedings of Mobicom '98 4th Annual ACM/IEEE International Conference on Mobile Computing and Networking, Dallas, TX, October 1998.

[19] 19 Suresh Singh, C.S. Raghavendra and James Stepanek, "Power-Aware Broadcasting in Mobile Ad Hoc Networks," Proceedings of IEEE PIMRC'99, Osaka, Japan, September 1999.

[20] 20. Raghupathy Sivakumar, Prasun Sinha and Vaduvur Bharghavan, Core Extraction Distributed Ad hoc Routing (CEDAR) Specification, Internet Draft, draft-ietf-manet-cedar-spec-00.txt, September 1998.

[21] R. Sivakumar, P. Sinha and V. Bharghavan, "CEDAR: A Core-Extraction Distributed Ad Hoc Routing Algorithm," IEEE Journal on Selected Areas in Communications, Vol. 17, No. 8, pages 1454-1465, August 1999.

[22] Taek Jin Kwon and Mario Gerla, "Clustering with Power Control," In Proceedings of IEEE MILCOM'99, Atlantic City, NJ, November 1999.

[23] Carla F. Chiasserini and Ramesh R. Rao, "Energy Efficient Battery Management," Proceedings of INFOCOM 2000, Tel Aviv, Israel, March 2000.

[24] S. Chen and K. Nahrstedt, "Distributed Quality-of-Service Routing in Ad Hoc Networks," IEEE Journal on Selected Areas in Communications, Vol. 17, No. 8, pages 1488-1505, August 1999

[25] Jean-Pierre Ebert, Bjorn Stremmel, Eckhardt Wiederhold and Adam Wolisz, "An Energy-efficient Power Control Approach for WLANs," Journal of Communication and Networks, Vol. 2, No. 3, September 2000.

[26] S. Chen and K. Nahrstedt, "Distributed Quality-of-Service Routing in Ad Hoc Networks," IEEE Journal on Selected Areas in Communications, Vol. 17, No. 8, pages 1488-1505, August 1999.

[27] C.R. Lin and J.-S, Liu, "QoS Routing in Ad Hoc Wireless Networks," IEEE Journal on Selected Areas in Communications, Vol. 17, No. 8, pages 1426-1438, August 1999.

[28] T. W. Chen, J. T. Tsai and M. Gerla, "QoS Routing Performance in Multihop, Wireless Networks," IEEE 6th ICUPC'97, October 1997.

P.V.S. Srinivas (1), V. Kamakshi Prasad (2) and C. Raghavendra Rao (3)

(1.) Jaya Prakash Narayan College of Engineering, Mahaboobnagar, A.P.-509002 E-mail: pvssrinivas_70@yahoo.com

(2.) SIT, Jawaharlal Nehru Technological University, Kukatpally, Hyderabad-500085 E-mail:kamakshiprasad@yahoo.com

(3.) CIS, University of Hyderabad,Hyderabad-500046 E-mail:crrcs@uohyd.ernet.in
COPYRIGHT 2008 Research India Publications
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2008 Gale, Cengage Learning. All rights reserved.

 
Article Details
Printer friendly Cite/link Email Feedback
Author:Srinivas, P.V.S.; Prasad, V. Kamakshi; Rao, C. Raghavendra
Publication:International Journal of Applied Engineering Research
Date:Nov 1, 2008
Words:3617
Previous Article:Design methodology and development of pressure swirl atomizer for micro gas turbine combustion chamber.
Next Article:Distinction between transient and permanent faults using wavelet transform.
Topics:


Related Articles
Ad hoc mobile wireless networks; principles, protocols and applications.
Wireless ad hoc and sensor networks.

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters