 |
Secure Ad-Hoc Network Routing
|
|
|
Several routing protocols have been proposed for routing in ad hoc
networks; however, until recently, security in such networks has not
yet enjoyed much attention from the research community. As a result,
ad hoc network routing protocols that assume a trusted environment are
highly vulnerable to attack; for example using the wormhole or rushing
attacks, an adversary can paralyze ad hoc networks. Based on efficient
cryptographic constructions, we designed secure routing protocols that
are robust to attack: Ariadne, SEAD, and RAP.
|
|
Survey Article about Secure Ad Hoc Network Routing Protocols
In this article we present an overview of
the existing work in securing ad hoc network
routing. We first review attacks on ad hoc
networks and discuss current approaches for
establishing cryptographic keys in ad hoc
networks. We then present the current state
of research in secure ad hoc routing
protocols, and conclude with research
challenges.
|
|
 Papers
Hu, Yih-Chun, and Adrian Perrig.
"A Survey of Secure Wireless Ad Hoc Routing."
In IEEE Security & Privacy, special issue on Making Wireless Work, 2(3):28-39, May/June 2004.
[ PDF ]
|
|
The Ariadne Secure Ad-Hoc Network Routing Protocol
In this research project, we present attacks
against routing in ad hoc networks, and we
present the design and performance
evaluation of a new secure on-demand ad hoc
network routing protocol, called Ariadne.
Ariadne prevents attackers or compromised
nodes from tampering with uncompromised
routes consisting of uncompromised nodes,
and also prevents many types of
Denial-of-Service attacks.
|
|
 Papers
Hu, Yih-Chun, Adrian Perrig, and Dave Johnson.
"Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks."
In Wireless Networks Journal, 11(1), 2005.
[ PDF ]
Hu, Yih-Chun, Adrian Perrig, and Dave Johnson.
"Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks."
In Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (ACM Mobicom), Atlanta, Georgia, September 23 - 28, 2002.
[ PDF ]
|
|
The SEAD Secure Ad-Hoc Network Routing Protocol
Although many previous ad hoc network
routing protocols have been based in part on
distance vector approaches, they have
generally assumed a trusted environment. In
this research project, we design and evaluate the
Secure Efficient Ad hoc Distance vector
routing protocol (SEAD), a secure ad hoc
network routing protocol based on the design
of the Destination-Sequenced Distance-Vector
routing protocol (DSDV). In order to
support use with nodes of limited CPU
processing capability, and to guard against
Denial-of-Service (DoS) attacks in which an
attacker attempts to cause other nodes to
consume excess network bandwidth or
processing time, we use efficient one-way
hash functions and do not use asymmetric
cryptographic operations in the protocol.
SEAD performs well over the range of
scenarios we tested, and is robust against
multiple uncoordinated attackers creating
incorrect routing state in any other node,
even in spite of any active attackers or
compromised nodes in the network.
|
|
 Papers
Hu, Yih-Chun, Dave Johnson, and Adrian Perrig.
"SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks."
In Ad Hoc Networks Journal, 1(1):175-192, 2003.
[ PDF ]
Hu, Yih-Chun, Dave Johnson, and Adrian Perrig.
"SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks."
In Proceedings of the IEEE Workshop on Mobile Computing Systems and Applications (WMCSA), June 2002.
[ PDF ]
|
|
The RAP Secure Ad-Hoc Network Routing Protocol
Many proposed routing protocols for ad hoc
networks operate in an on-demand fashion, as
on-demand routing protocols have been shown
to often have lower overhead and faster
reaction time than other types of routing
based on periodic (proactive) mechanisms.
Significant attention recently has been
devoted to developing secure routing
protocols for ad hoc networks, including a
number of secure on-demand routing
protocols, that defend against a variety of
possible attacks on network routing. In
this research project, we present the
rushing attack, a new attack that results in
denial-of-service when used against all
previous on-demand ad hoc network routing
protocols. For example, DSR, AODV, and
secure protocols based on them, such as
Ariadne, ARAN, and SAODV, are unable to
discover routes longer than two hops when
subject to this attack. This attack is also
particularly damaging because it can be
performed by a relatively weak attacker. We
analyze why previous protocols fail under
this attack. We then develop Rushing Attack
Prevention (RAP), a generic defense against
the rushing attack for on-demand protocols.
RAP incurs no cost unless the underlying
protocol fails to find a working route, and
it provides provable security properties
even against the strongest rushing
attackers.
|
|
 Papers
Hu, Yih-Chun, Adrian Perrig, and Dave Johnson.
"Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols."
In Proceedings of the ACM Workshop on Wireless Security (WiSe), San Diego, California, September 2003.
[ PDF ]
|
|
General mechanisms to secure routing protocols.
In this paper, we present four new
mechanisms as tools for securing distance
vector and path vector routing protocols.
For securing distance vector protocols, our
hash tree chain mechanism forces a router to
increase the distance (metric) when
forwarding a routing table entry. To
provide authentication of a received routing
update in bounded time, we present a new
mechanism, similar to hash chains, that we
call tree-authenticated one-way chains. For
cases in which the maximum metric is large,
we present skipchains, which provides more
efficient initial computation cost and more
efficient element verification; this
mechanism is based on a new cryptographic
mechanism, called MW-chains, which we also
present. For securing path vector
protocols, our cumulative authentication
mechanism authenticates the list of routers
on the path in a routing update, preventing
removal or reordering of the router
addresses in the list; the mechanism uses
only a single authenticator in the routing
update rather than one per router address.
We also present a simple mechanism to
securely switch one-way chains, by
authenticating the next one-way chain using
the previous one. These mechanisms are all
based on efficient symmetric cryptographic
techniques and can be used as building
blocks for securing routing protocols.
|
|
 Papers
Hu, Yih-Chun, Adrian Perrig, and Dave Johnson.
"Efficient Security Mechanisms for Routing Protocols."
In Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2003.
[ PDF ]
|