Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


Share this Page URL
Help

7 Security for Mobile Ad Hoc Networks > 7.7 Secure AD HOC Routing - Pg. 162

162 CHAPTER 7 Security for Mobile Ad Hoc Networks routing protocols using different cryptographic tools. Some representative secure routing proto- cols are presented in the following sections. established are trustworthy. Several secure rout- ing protocols assume the existence of a central- ized or a distributed third party in the network and establishment of encryption keys prior to joining the network. Cryptographic techniques are known to be computationally expensive, which does not lend well to incorporating them in resource-constraint mobile devices. Hence, in an attempt to prevent some attacks, these pro- tocols create new avenues for denial-of-services (DoS) attacks [30]. A secure routing protocol may not be able to prevent all kinds of attacks. And if it were that a secure routing protocol would come up, which takes care of all known attacks, yet, one can never say when a different kind of attack which has not been envisaged before will suddenly rear up its ugly head, exploiting the weaknesses in the ever ­ increasingly complex systems due to design and programming errors. This would require the modification of the secure routing protocol to be able to handle this new attack. In other words, one can never claim that a prevention mechanism is foolproof. Hence, the need arises for a sec- ond wall of defense: an intrusion detection sys- tem. The idea is that in the unfortunate event of a MANET being intruded, if there exists a sys- tem for detection of such an intrusion, it could be detected as early as possible, and the MANET could be saved before any extensive harm can be done, if it cannot be avoided altogether. Research efforts are going on to develop Intrusion Detec- tion Systems (IDSs) to detect intrusion, identify the malicious nodes, and isolate them from the rest of the network. Further, the presence of a detection system will discourage malicious nodes from attempting intrusion in future. 7.7.1. Authenticated Routing for Ad Hoc Networks (ARAN) ARAN [31] uses cryptographic certificates to pre- vent attacks aimed at disrupting the correct route discovery from source to destination. ARAN consists of a preliminary certification process followed by a route instantiation process that guarantees end-to-end authentication. Route dis- covery in ARAN is accomplished by a broadcast route discovery message from a source node that is replied to by the destination node. The routing messages are authenticated end-to-end and only authorized nodes participate at each hop between source and destination. · Preliminary certification. ARAN assumes the existence of a trusted certificate server T . T could be any one of the schemes discussed in Section 7.5 that implements a Certification Authority (CA) that issues certificates. Prior to entering the net- work, each node has to request a certificate from T . For example, T serves a certificate Cert A to a node A as follows: T A : Cert A = [IP A , K A + , t , e]K T - The certificate contains the IP address of A (IP A ), the public key of A (K A + ), a timestamp t of when the certificate was created, and a time e at which the certificate expires. These variables are concatenated and signed by T using its private key K T - . All nodes must maintain fresh certifi- cates with the trusted server and how a node does that is dependent on the key management scheme adopted by ARAN for its certificate server. ARAN assumes the existence of such a key management scheme, whose service it uses. · Authenticated route discovery and setup. The process of authenticated route discovery and setup can be illustrated with an example as shown below: a. A broadcast : [RDP , IP X , N A ]K A - , Cert A b. B broadcast : [[RDP , IP X , N A ]K A - ]K B - , Cert A , Cert B 7.7. SECURE AD HOC ROUTING All secure ad hoc routing protocols must ensure that path discovery from source to destination functions correctly in the presence of malicious nodes. Cryptographic techniques may be used for securing routing protocols to achieve this goal. Researchers have proposed a variety of secure