Several routing protocols have been proposed for routing in ad hoc networks; however, until recently, security in such networks has not yet enjoyed much attention from the research community. As a result, ad hoc network routing protocols that assume a trusted environment are highly vulnerable to attack; for example using the wormhole or rushing attacks, an adversary can paralyze ad hoc networks. Based on efficient cryptographic constructions, we designed secure routing protocols that are robust to attack: Ariadne, SEAD, and RAP.

Survey Article about Secure Ad Hoc Network Routing Protocols

In this article we present an overview of the existing work in securing ad hoc network routing. We first review attacks on ad hoc networks and discuss current approaches for establishing cryptographic keys in ad hoc networks. We then present the current state of research in secure ad hoc routing protocols, and conclude with research challenges.

The Ariadne Secure Ad-Hoc Network Routing Protocol

In this research project, we present attacks against routing in ad hoc networks, and we present the design and performance evaluation of a new secure on-demand ad hoc network routing protocol, called Ariadne. Ariadne prevents attackers or compromised nodes from tampering with uncompromised routes consisting of uncompromised nodes, and also prevents many types of Denial-of-Service attacks.

The SEAD Secure Ad-Hoc Network Routing Protocol

Although many previous ad hoc network routing protocols have been based in part on distance vector approaches, they have generally assumed a trusted environment. In this research project, we design and evaluate the Secure Efficient Ad hoc Distance vector routing protocol (SEAD), a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol (DSDV). In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service (DoS) attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. SEAD performs well over the range of scenarios we tested, and is robust against multiple uncoordinated attackers creating incorrect routing state in any other node, even in spite of any active attackers or compromised nodes in the network.

The RAP Secure Ad-Hoc Network Routing Protocol

Many proposed routing protocols for ad hoc networks operate in an on-demand fashion, as on-demand routing protocols have been shown to often have lower overhead and faster reaction time than other types of routing based on periodic (proactive) mechanisms. Significant attention recently has been devoted to developing secure routing protocols for ad hoc networks, including a number of secure on-demand routing protocols, that defend against a variety of possible attacks on network routing. In this research project, we present the rushing attack, a new attack that results in denial-of-service when used against all previous on-demand ad hoc network routing protocols. For example, DSR, AODV, and secure protocols based on them, such as Ariadne, ARAN, and SAODV, are unable to discover routes longer than two hops when subject to this attack. This attack is also particularly damaging because it can be performed by a relatively weak attacker. We analyze why previous protocols fail under this attack. We then develop Rushing Attack Prevention (RAP), a generic defense against the rushing attack for on-demand protocols. RAP incurs no cost unless the underlying protocol fails to find a working route, and it provides provable security properties even against the strongest rushing attackers.

General mechanisms to secure routing protocols.

In this paper, we present four new mechanisms as tools for securing distance vector and path vector routing protocols. For securing distance vector protocols, our hash tree chain mechanism forces a router to increase the distance (metric) when forwarding a routing table entry. To provide authentication of a received routing update in bounded time, we present a new mechanism, similar to hash chains, that we call tree-authenticated one-way chains. For cases in which the maximum metric is large, we present skipchains, which provides more efficient initial computation cost and more efficient element verification; this mechanism is based on a new cryptographic mechanism, called MW-chains, which we also present. For securing path vector protocols, our cumulative authentication mechanism authenticates the list of routers on the path in a routing update, preventing removal or reordering of the router addresses in the list; the mechanism uses only a single authenticator in the routing update rather than one per router address. We also present a simple mechanism to securely switch one-way chains, by authenticating the next one-way chain using the previous one. These mechanisms are all based on efficient symmetric cryptographic techniques and can be used as building blocks for securing routing protocols.