06-06-2010, 10:34 PM
[attachment=3697]
SECURITY RISKS AND SOLUTIONS IN AD-HOC ROUTING PROTOCOLS
Presented By:
Dr.H.B.Kekre
Professor, Thadomal Sahhani Engineering College, Bandra(w), Mumbai,India
ABSTRACT
Mobile Ad-Hoc Networks (MANETs) are becoming
increasingly popular as more and more mobile devices
find their way to the public, besides traditional uses
such as military battlefields and disaster situations they
are being used more and more in every-day situations.
With this increased usage comes the need for making the
networks secure as well as efficient, something that is not
easily done as many of the demands of network security
conflicts with the demands on mobile networks due to the
nature of the mobile devices (e.g. low power consumption,
low processing load). The concept and structure of
MANETs make them prone to be easily attacked using
several techniques often used against wired networks as
well as new methods particular to MANETs. Security
issues arise in many different areas including physical
security, key management, routing and intrusion
detection, many of which are vital to a functional
MANET.
In this study we focus on the security issues related to ad
hoc routing protocols in particular. The routing in ad hoc
networks remains a key issue since without properly
functioning routing protocols, the network simply will not
work the way itâ„¢s intended to. Unfortunately, routing may
also be one of the most difficult areas to protect against
attacks because of the ad hoc nature of MANETs. We will
present the main security risks involved in ad-hoc routing
as well as the solutions to these problems that are
available today.
Key-words : MANET, AD-HOC Routing, Security
1. INTRODUCTION
An Ad-hoc network is a very particular network because
it has no established infrastructure: it is a self-organized
network where each mobile node is equipped with
wireless interfaces. There is no centralized control; (then,
if a node fails, it wonâ„¢t cause the collapsing of all the
network);then each node have to forward packets and so
act as a router in order to allow the transit of information
from a node to another. Another important fact is that the
network topology changes dynamically(as we have
mobile nodes), thatâ„¢s why we have to deal with many
other requirements. We also have to consider that mobile
devices have power constraints (limited power, CPU,
bandwidth and storage capacity), which canâ„¢t enable them
to do everything like the fixed devices. This particular
architecture involves certain problems, especially in term
of security, because wireless networks have a physical
vulnerability. There are two different kinds of wireless
networks:
- The first kind is the simplest one, where each node is
able to reach all the other nodes with a traditional radio
relay system with a big range. There is no use of routing
protocols with this kind of network because all nodes can
see the others.
- The second kind uses also the radio relay system but
each node has a smaller range, therefore one node has to
use neighboring nodes to reach another node that is not
within its transmission range. Then, the intermediate
nodes are the routers. In this study, we will focus on the
security of the routing protocols used in the second kind
of ad-hoc networks. Indeed, the specifications of mobile
Ad-Hoc networks imply a need for special routing
protocols created to supply the mobile world with adapted
systems.
Part 2 describes the general principles of the most
common routing protocols in use today. It also gives an
introduction to the kind of problems that are unique to the
mobile environments.
Part 3 outlines the security risks involved in mobile
networking routing protocols and the different kind of
attacks possible due to the nature of the mobile
environments.
Part 4 finally presents some of the many existing solutions
to the different problems and protection against the
possible attacks. It describes both additions to existing
protocols as well as new protocols designed to avoid the
problems mentioned.
2. AD-HOC ROUTING PROTOCOLS
2.1. General considerations about ad-hoc routing
protocols
2.1.1. Types of ad-hoc Routing protocols
There are mainly two types of ad-hoc routing protocols:
- Proactive routing protocols, where the nodes keep
updating their routing tables, by sending periodical
messages. We have, for example, OLSR (Optimized Link
State Routing protocol) and TBRPF (Topology Broadcast
based on Reverse Path Forwarding)
- Reactive (On Demand) routing protocols, where routes
are created only when needed. We have, for example,
DSR (Dynamic Source Routing protocol) and AODV (Ad
hoc On- Demand Distance Vector Routing protocol)
unauthorized entities. In ad-hoc networks this is more
difficult to achieve because intermediates nodes (that act
as routers) receive the packets for other recipients, so they
can easily eavesdrop the information being routed. -
Integrity: This attribute aims to provide the certainty that
a message being transferred is never corrupted.
- Authentication: The aim is to provide to a node a way to
ensure the identity of the peer node it is communicating
with. - Non-repudiation: This attribute ensures that a node
having sent a message cannot deny it. Itâ„¢s particularly
useful to detect compromise nodes.
2.2. Problems with ad-hoc routing protocols
(causes)
In ad-hoc routing protocols, nodes exchange information
with each other about the network topology, because the
nodes are also routers. This information allows them to
create, delete and update routes between the nodes of the
network. This fact is also an important weakness because
a compromised node could give bad information to
2.1.2. Desired
protocols
characteristics
ad-hoc
routing
redirect traffic or simply stop it. Moreover, we can say
that routing protocols are very brittle in term of security
and this fact can be used by adversaries to bring the
Ad-hoc routing protocols have some special requirements:
- Distributed operation: the network has to deal with
distributed operations because there isnâ„¢t any centralized
authority. - Loop freedom: Looping packets which use
bandwidth, power, and computer resources make the
system lose efficiency. - Demand-based operation: the
routes should be determined only when needed, to avoid
network useless traffic to conserve power - Sleep period
operation: the protocol should support sleeping nodes,
i.e. nodes that stop communications for a while (for
example, to conserve power) - Unidirectional link
support: unlike a fixed wired network, the data
communication is not bidirectional. - Security: Ad hoc
networks are more vulnerable to security attacks than
fixed wired
networks.
2.1.3. Ad-hoc networkâ„¢s security characteristics
Security is an important focus of study. As already stated
below, routing protocols robust against potential attacks
have to be designed. These protocols must respect these
following elements:
- Availability: This attribute refers to the ability to use the
information desired. The principal way to block
availability is denial of service attacks (DoS attacks).
Indeed an adversary just has to use jamming. In routing
protocols, such an attribute can be impacted if a malicious
node in the network intercepts the packets and donâ„¢t
forwa rd them to the next node. - Confidentiality: It
network down. But routing protocols should be able to
recover quickly from an attack: an intruder should not be
able to permanently disable a network. This part aims to
provide a description of the causes of the problems with
ad-hoc routing protocols.
2.2.1. Infrastructure of ad-hoc networks
Ad-hoc networks have no predetermined fixed
infrastructure, thatâ„¢s why the nodes themselves have to
deal with the routing of packets. Each node relies on the
other neighboring nodes to route packets for them. The
special infrastructure of ad-hoc networks is then the main
cause of their problem
2.2.2. Dynamic topology of ad-hoc networks
The organization of the nodes may change because of the
mobility-aspect of ad-hoc networks: they contain nodes
that may frequently change their locations. Because of
this fact, we talk about the dynamic topology of these
networks, which is a main characteristic that causes
problems. Indeed, in all kind of networks, the nodes have
to be uniquely identified; but in wireless networks, the IP
addresses are chosen randomly so as to be unique, and
this can be a problem when moving: when several ad-hoc
networks mix together, there can be duplications of IP
addresses, and resolving it is not so simple. Then, attacks
can easily occur by using this duplication of IP address
(attacks using impersonation)
ensures that certain information is never disclosed to
2.2.3.
Problems
associated
with
wireless
topology. Indeed in AODV and DSR protocols, the route
communication
Wireless channels have a poor protection to noise and
signal interferences, therefore routing related control
messages can be tampered. A malicious intruder can just
spy on the line, jam, interrupt or distort the information
circulating within this network.
2.2.4. Implicit trust relationship between neighbors
Actual ad-hoc routing protocols suppose that all
participants are honest. Then, this directly allows
malicious nodes to operate and try to paralyze the whole
network, just by providing wrong information.
2.2.5. Throughput
Ad-hoc networks try to use all available nodes for routing
and forwarding packets, so that the throughput of the
network is maximized. However, misbehaving nodes can
be quite a big problem, insofar as they may agree to
forward packets and then fail to do it, because they are
malicious, selfish, broken, or they are encountering
temporary problems such as overload or low battery. But
the thing is that the existing ad-hoc routing protocols
donâ„¢t have any mechanism to identify these misbehaving
nodes. Misbehaving nodes should be clearly defined, to
prevent problems: a routing protocol should be able to
identify misbehaving nodes and isolate them during route
discovery operation.
discovery packets are carried in clear text. So a malicious
node can discover the network structure just by analyzing
this kind of packets and may be able to determine the role
of each node in the network. With all these information
more serious attacks can be performed in order to disturb
the network operation by isolate important nodes, etc.
Now we will study in details the different attacks possible
by using modification first, then by using impersonation
and finally the attacks using fabrication.
3.1. Attacks using modification
One of the simplest ways for a malicious node to disturb
the good operation of an ad-hoc network is to announce
better routes (to reach other nodes or just a specific one)
than the other nodes. This kind of attack is based on the
modification of the metric value for a route or by altering
control message fields (Denial Of Service attacks).
3.1.1. Re direction by changing the route sequence
number
In ad-hoc networks, like in wired networks, the better path
to reach a destination node is determined by a specific
value which is the metric and is often the element which
determines the better route. Smaller this value is,
better is the route. Thatâ„¢s why a simple way to attack a
network is to change this value with a smaller number
than the last better value.
3.1.2. Redirection with modified hop count (specific to
AODV protocol)
3. POSSIBLE ATTACKS IN AD-HOC
ROUTING PROTOCOLS
Because of their particular architecture, ad-hoc networks
are more easily attacked than wired network. We can
distinguish two kinds of attack: the passive attacks and the
active attacks. A passive attack does not disrupt the
operation of the protocol, but tries to discover valuable
information by listening to traffic. Instead, an active
attack injects arbitrary packets and tries to disrupt the
operation of the protocol in order to limit availability,
gain authentication, or attract packets destined to other
nodes. In this part, we will present the different attacks
possible against ad-hoc networks and most of the attacks
presented will be active attacks. Before presenting these
attacks it may be interesting to say that the most common
ad-hoc protocols are AODV (Ad-hoc On-demand
Distance Vector routing), DSDV (Destination- Sequenced
Distance-Vector routing) and DSR (Dynamic Source
Routing).
These routing protocols are quite insecure because
attackers can easily obtain information about network
When a node cannot decide what the best route is
regarding to different metrics, it can use the number of
hops to decide which path is the best route to reach a
specific node. This is the case in the AODV protocol. In
this case, the protocol uses the hop count value to
determine the best route. Also a malicious node can
disturb the network too, by announcing a smallest hop
count value to reach the node. In general, hackers use the
value zero to be sure to have the smallest hop count value.
3.1.3. Denial Of Service (DOS) attacks with modified
source routes
The DOS attack is well-known in computer security and
can be efficient in ad-hoc networks without secure routing
protocols.
3.2Attacks using impersonation
These attacks are called spoofing since the malicious node
hide its real IP address or MAC address and uses another
one. As current ad-hoc routing protocols like AODV and
DSR do not authenticate source IP address, a malicious
node can launch many attacks by using spoofing. For
example, a hacker can create loops in the network to
isolate a node from the remainder of the network. To do
this, the hacker just has to take IP address of other node in
the network and then use them to announce new route
(with smallest metric) to the others nodes. By doing this,
he can easily modify the network topology as he wants.
3.3. Attacks using fabrication
We can distinguish three kinds of attacks using
fabrication. The first one consists to generate false routing
messages, the second one consists to corrupt routing state
and the third one consists by creating a lot of false routes
to overwhelm the protocol and also to avoid him to create
new routes. In all the cases, these attacks are quite
difficult to detect.
3.3.1. Falsifying route error messages
3.3.3. Routing table overflow attack
If the ad-hoc network is using a proactive protocol, it
means that the protocol algorithm try to find routing
information even before they are needed. (Instead of
reactive protocol which do this after). This is a
vulnerability used by this attack, because the attacker
attempts to create route to non-existent nodes. If he
creates enough routes, new routes cannot be created
anymore because of an overwhelming pressure of the
protocol.
3.3.4. Other attacks using fabrication
Replay attack: an attacker sends old advertisements to a
node causing it to update its routing table with stale
routes. Black hole: an attacker advertises a zero metric for
all destinations causing all nodes around it to route
packets towards it.
The first attack is quite common in AODV and DSR
because these two protocols are using path maintenance to
recover the good path when some nodes have moved. The
weakness of this architecture is that when a node moves,
the closest node sends an error message to the others to
inform them that the route is no more available. If a
malicious node usurps the identity of another node by
using spoofing and send error messages to the others, the
other nodes will update their routing tables with these
information. Also the malicious node may insulate any
node quite easily.
3.3.2. Corrupting routing state: route cache
Poisoning
This is a passive attack that can occur in DSR especially
because of the promiscuous mode of updating routing
table which is employed by DSR. This occurs when
information stored in outing table at routers is deleted,
altered or injected with false information. Indeed, in
addition to learning routes from headers of packets, which
a node is processing along a path, routes in DSR may also
be learned from promiscuously received packets. A node
overhearing any packet may add the routing information
contained in that packet's header to its own route cache,
even if that node is not on the path from source to
destination. The vulnerability of this system is that an
attacker could easily exploit this method of learning
routes and poison route caches. For example, the hacker
just has to broadcast a message with a spoofed IP address
in the other nodes around. When they will receive this
message, the nodes would add this new route to their
cache and also communicate now with this route to reach
a special node (the malicious node in fact instead of the
one with the same IP address as the hackerâ„¢s node).
3.4. Conclusion about attacks
After studying all these attacks, we have to find a routing
protocol which establishes routes free from any malicious
nodes. We know that when a route is established, the
problem is pretty much solved thatâ„¢s why we have to
focus solutions which take care of the first step also the
topology discovery rather than the data forwarding. A
good routing protocol should be able too, to detect the
malicious nodes and to react in consequence, by changing
routes, etc. Indeed malicious nodes can be potential
attacker but also a regular node which encountered
problems (low battery, etc.). In the following part, we will
present the most popular way of research to solve the
problems of security seen above.
4. SOLUTIONS TO SECURITY
PROBLEMS IN AD-HOC ROUTING
PROTOCOLS
In order to provide solutions to the security issues
involved we mu st first establish that there are different
kinds of ad-hoc networks and the different types of
networks put different demands on the infrastructure and
also determines what means are available to improve
security. Mainly ad-hoc networks are divided into the
following categories:
Open : This type of environment is characterized by the
lack of any infrastructure that one can use in order to
maintain security. The nodes present in an open
environment can be of any type and not necessarily
known beforehand. Therefore any kind of central
authority system that requires prior knowledge of the
nodes in the network is not going to work. Typically this
is not a very common environment and the extreme
openness it presumes also limits the available security
measures a great deal.
Managed-Open : The managed-open environment is
probably the one where most research is being done today
as it is the type of environment we are most likely to see
expand in the nearest future [9]. In this type of
environment there the possibility to use already
established infrastructure to some extent to help us secure
the ad-hoc network. This opens up a whole new range of
strategies using certificate servers and other similar
software to provide a starting point of the security in the
network.
Managed-Hostile : This is perhaps the classic ad-hoc
environment and itâ„¢s described as nodes in a military war-
zone, or perhaps in a disaster area. Here security is the
primary goal and even information such as the location of
the nodes involved is considered very sensitive
information. In this type of environment security is
considered to be much more important than performance
and as such the security measures can be made a bit more
extreme. Depending on the type of network environment,
different types of security enhancing techniques have
been developed, each of which tries to minimize the
security risks while still keeping within the bounds set up
by the particular environment. There are two main
different approaches to designing the techniques: adding
enhancements to existing protocols and creating new
protocols from the ground up. We now present a few of
these that represent current research within the area and
outline the advantages and disadvantages of each.
4.1. Protocol enhancements
These techniques are basically enhancements that, if not
mentioned otherwise, can be applied to any of the current
ad-hoc routing protocols in use today.
4.1.1. Security-Aware ad hoc Routing, SAR
SAR is an attempt to use traditional shared symmetric key
encryption in order to provide a higher level of security in
ad-hoc networks. SAR can basically extend any of the
current ad hoc routing protocols without any major issues.
While current ad hoc routing protocols are successful at
finding the shortest path to any node within the network,
SAR extends this function by finding the shortest path
providing a requested trust level. The different trust levels
are implemented using shared symmetric keys. In order
for a node to forward or receive a packet it first has to
nodes not on the requested trust level will not have the
key and cannot forward or read the packets. Every node
sending a packet decides what trust level to use for the
transfer and thereby decides the trust level required by
every node that will forward the packet to its final
destination
SAR is indeed secure in the way that it does ensure that
only nodes having the required trust level will read and
reroute the packets being sent. Unfortunately, SAR still
leaves a lot of security issues uncovered and still open for
attacks:
? Nothing is done to prevent misbehaving (and thereby
possibly malicious) nodes from being used for routing, as
long as they have the required key
? If a malicious node somehow retrieves the required key
the protocol is still open for all kinds of attacks mentioned
previously There is one other main drawback to using
SAR and that is the excessive encrypting and decrypting
required at each hop. Because we are dealing with mobile
environments the extra processing leading to increased
power consumption can be a problem, depending on the
kind of mobile devices being used. SAR is intended for
the managed-open environment as it requires some sort of
key distribution system in order to distribute the trust
level keys to the correct devices.
4.1.2. Secure Routing Protocol, SRP
Secure Routing Protocol, SRP, is another protocol
extension that can be applied to any of the most
commonly used protocols today. The basic idea of SRP is
to set up a security association (SA) between the source
and the destination node. The SA is usually set up by
negotiating a shared key based on the other partyâ„¢s public
key, and after that the key can be used to encrypt and
decrypt the messages. The routing path is always sent
along with the packets, unencrypted though (since none of
the intermediate nodes have knowledge of the shared
key), thus exposing network infrastructure information to
potential attackers. In fact one of the main security issues
in SRP is that it has no defense against the invisible
node attack that simply puts itself (and possibly a large
number of other invisible nodes) somewhere along the
message path without adding itself to the path, thereby
causing potentially big problems as far as routing goes.
4.1.3. The Selfish Node
The selfish node is based on one of Darwinâ„¢s theories of
evolution within birds, where birds are divided into
suckers (always helping others), cheats (never helping,
always receiving help) and grudgers (help those that help
them). The theory states that eventually the suckers die
first, and then the cheats (since the grudgers wonâ„¢t help
decrypt it and therefore it needs the required key. Any
them) and the grudgers will reign. This concept is moved
to the open environment ad hoc networks in order to help
avoid maliciously behaving nodes. The open environment
poses quite a few new threats to ad-hoc networks. Among
others, it is very difficult to recognize a malicious node
using certificates since the idea of this kind of
environment is that different devices, presumably from
very different locations and owners, cooperate to create a
functioning network. Since the main goal of such a
network is high throughput the simplest and therefore
most probable form of attack targeting the main goal is a
DOS-attack, and this is what theyâ„¢re trying to prevent.
Using suitably sized cost and profit to routing and
forwarding the goal is to more or less isolate misbehaving
(possibly malicious) nodes. The following components
are used in order to try and keep network throughput at a
maximum:
The Monitor : This component acts as a sort of a
neighborhood-watch, where nodes try to detect bad
behavior in nodes in their vicinity. Bad behavior that can
be detected can be unusually high routing traffic (possible
Black Hole attack ), unusually frequent routing updates
(flooding) and more. Of course, reasonable thresholds
must be used in order for this to work. When bad behavior
is detected an alarm signal is sent to the reputation
system.
The Reputation System: This is basically a rating of
nodes and what their reputation is. Depending on reported
alarms and alarms experienced by the node itself different
nodes are rated differently. This component can also use a
rumor spreading system to inform other nodes of bad
behaving nodes reputation. This way a malicious node
will quickly become notorious among the other nodes.
The Path Manager : The path manager is responsible for
taking the appropriate changes in routing tables as alarms
and reputations changes in the system, deletion of
malicious behaving nodes from routing tables for
instance.
The Trust Manager : The trust manager maintains a list
of nodes and how much they are trusted. When an alarm
is received depending on how trustworthy the reporting
node is, different actions can be taken, since we of course
donâ„¢t want to leave ourselves open for attacks where
malicious nodes tries to ban other nodes by sending false
alarms. Each of these components exists within each node
and they all help to keep the network alive. The result is a
network that in a sense learns that some of the nodes are
malicious and therefore isolate them. Indeed this is a very
different approach then the other mentioned systems but
keep in mind that this is the only one really intended for
the open environment, with nodes of unknown origin
cooperating to achieve maximum network throughput.
That is why it is focused on different kinds of DOS
attacks and not concentrating on encrypting traffic and
such. Also note that in the open environment no use of
existing infrastructure is to be used, which leaves the
previously mentioned systems useless since they more or
less all require existing infrastructure(i.e. certificate
servers).
4.2. Secure protocols
These are protocols designed from the ground up to
provide ad-hoc networks with all the required features
described earlier.
4.2.1. Authenticated Routing for Ad-hoc
Networks, ARAN
ARAN is a protocol designed to provide secure
communications in managed-open environments. Like
SAR it makes use of existing infrastructure in the form of
certificate servers. The protocol has two phases,
authentication and transmission.
4.2.1.1.Authentication :
The goal of the first phase is to make sure that a secure
path from the source node A and the destination node B
can be established. The phase requires that each node has
received a certificate from a trusted certificate server. The
certificate contains a nodeâ„¢s IP number, public key as well
as the time of issuing and expiration. Node A broadcasts
a signed (using Aâ„¢s key) route discovery packet (RDP) to
all its neighboring nodes in order to find a route to B.
Each node that receives the RDP for the first
time removes any other intermediate(not A) nodeâ„¢s
signature, signs the RDP using its own key and broadcasts
it to all its neighboring nodes, saving a route pair (A,B) in
its routing table. This continues until node B eventually
receives the packet. Node B then sends a reply packet
containing its own certificate and signed using its key,
the packet is sent along the reverse path (each
intermediate node sends it back to where the original RDP
came from). When A receives the REP packet, itâ„¢s checks
that the signature is correct and stores node Bâ„¢s certificate
to use in the next phase. The procedure does ensure loop
freedom as well as makes sure that B really is B using the
certificates (providing of course that the certificate server
has not been compromised). One of the downsides to this
procedure is that each node has to store the source-
destination routing pairs instead of just routing based on
destination which is used in other protocols.
4.2.1.2. Transmission:
A now needs to discover the shortest path to B and
therefore sends a Shortest Path Confirmation, SPC,
packet to all its neighbors, encrypted using Bâ„¢s public
key. Each successive intermediate node encrypts the
message again using Bâ„¢s public key, including its own
certificate, and forwards it to its neighbors. When B
eventually receives the SPC packet it checks all of the
signatures and replies to the first SPC received, as well as
all other SPCs having a shorter recorded path (the path is
recorded in the encrypted keys). B then sends a
Recorded Shortest Path, RSP, packet back to A,
including the path to use in the packet. A can safely verify
that it comes from B and that it corresponds to the original
SPC sent. This way A now has a shortest, secure path to B
to transmit data over. Since at all forwarding the packet is
reencrypted using Bâ„¢s public key, only B is able to
discover the actual route taken. This way any spoofing
attacks or other attemp ts to misdirect the packets will fail
since the malicious nodes first would have to crack the
encryption. Only using Bâ„¢s private key would that be
possible. The so called invisible node-attack is also
prevented using this protocol since the source-destination
pairs stored at each intermediate node will unable the REP
packet to make it all the way back since every
intermediate node uses the certificate of the previous one
in the path. Without adding a certificate the node will
simply create an illegal path that will not be used,
although it may delay the authentication process if several
invisible nodes are active. One of the main issues using
ARAN is the required certificate server, which means that
the integrity of that server is vital. This is by design
though and as it is intended for an managed-open
environment it shouldnâ„¢t be considered a big issue.
4.2.2. Secure Position Aided Ad hoc Routing,
SPAAR
The Secure Position Aided Ad hoc Routing, SPAAR,
protocol was developed with the classical managed-
hostile environment in mind, thus meant to provide a very
high level of security, sometimes at the cost of
performance. Among other things, SPAAR also requires
that each device uses a GPS locator to determine its
position, although some leeway is given to nodes using a
so called locator-proxy if absolute security is not
required. The certificate system is similar to ARAN in
that a combination of a public key and the public key of
the certificate server is used, although in SPAAR a third
key is also generated, a group neighborhood key that is
used to decrypt Route Request packets, RREQ. In
SPAAR packets are only accepted between neighboring
nodes one hop away from each other, this is to avoid the
invisible node-attack. Besides certificates nodes also
use the location of the other nodes when attempting to
The basic transmission procedure is quite similar to
ARAN, although the group neighborhood key is used for
encryption in order to ensure one-hop communication
only. Since all nodes also have information on their
location they only forward RREQs if their position is
closer to the destination position. In the destination node
reply the location and velocityvector of the destination is
returned, this is necessary since the source node needs to
know the approximate location of the destination in order
for the routing to be efficient.
SPAAR may seem a bit extreme, using multiple keys and
GPS location-dependent routing. Considering the nature
of the managedhostile environment this is not very
strange. In the situations this environment presents,
finding the geographically shortest path can be at least as
important as finding the fastest path, whether its in a
battle field or a disaster area. Also, it reveals no
information on the network layout to any non-authorized
nodes, something which also can be essential when relay
stations are secret. The only real security problem
currently discovered in SPAAR is once again the usage of
the certificate server and the extreme need to keep this
server uncompromised. Also, issues still exist with
compromised nodes already having valid certificates.
4.2.3. Zone Routing Protocol, ZRP
Zone Routing Protocol, ZRP, is based on the network
divided into different zones, with different algorithms
being used for intra-zone communication and inter-zone
communications. This is more of a framework and the
specific details and algorithms is up to the
implementation. Although this technique doesnâ„¢t offer
any real security protection as is, it is meant that smart
algorithms can be used in order to keep intrusion local
within the zone under attack. Even if one zone is
compromised it doesnâ„¢t have to imply that the rest of the
network is compromised. ZRP is usually implemented as
a hybrid of reactive and proactive protocols.
5. CONCLUSION
communicate, a maximum distance N is set that decides
how far away a node can be and still be called a neighbor.
Different Environments require different solutions for
making Ad-Hoc Routing secure. The expected security
level of Ad-Hoc Routing Protocols depends on situation,
context and availability of infrastructure. Solutions to the
problems of Ad-Hoc Routing exists, but all have
drawbacks. So the decision should be based on which
security aspects are most important. Overall comparison
of the protocols is given in table below..
REFERENCES
[1] The Resurrecting Duckling: Security Issues for Wireless Ad
Hoc Mobile Networks, F.Stajano and R. Anderson, 1999,
University of Cambridge, http:// uk.research.att.com
/pub/docs/att/tr.1999.2b.pdf
A Secure Routing Protocol for Ad Hoc Networks, Bridget
Dahill, Brian Neil, Elizabeth Royer, Clay Shields, 2000,
http://cs.umn.edu/research/mobile/sem
inar/SUMMER03/WNfiles/aran.icnp02.pdf
[3] Security-Aware Routing Protocol for Wireless Ad-Hoc
Networks, Seung Yi, Prasad Naldurg, Robin Kravets, 2001,
University of Illinois, http://wwwold. cs.uiuc.edu/ Dienst/
Repository/2.0/Body/
ncstrl.uiuc_cs/UIUCDCS-R-2001-
2241/pdf
[4] Securing Ad-hoc Networks, L. Zhou, Z.J.Haas, 1999,
Cornell University, http://cs.cornell.edu/home
/ldzhou/adh oc.pdf
[5] Secure Position Aided Ad hoc Routing , Alec Yasinsac and
Stephen Carter, 2002, Florida State University,
http://cs.fsu.edu/~yasinsac/Papers/CY 02.pdf
Mobile Ad Hoc Networking (MANET): Routing Protocol
Performance Issues and Evaluation Consideration (RFC
2501), S. Corson, J. Macker, 1999, University of
Maryland,http://faqs rfcs/rfc2501.html
AUTHOR PROFILE
Dr.H.B.Kekre,Educational Background:Received
B.E.Hons.
( Telecommunication Engg.)
degree from Jabalpur University in 1958, M.Tech
(Industrial Electronics) from IIT Bombay in
1960, M.S.Engg. (Electrical Engg.) from
University of Ottawa in 1965 and Ph.D.(System
Identification) from IIT Bombay n 1970.Areas
of Interest:
Computer Networks, Digital
Signal
processing
and
Image
Processing.Experience Details:Over 35 years as
Faculty and HOD Computer science and Engg.
At IIT Bombay.From last 11 years working as a
professor in Dept. of Computer Engg. at
Thadomal Shahani Engg. College, Mumbai-50.
Sudeep D.
Thepade,Educational Background:Received B.E.(
Computer) degree from North Maharashtra
University with Distinction in 2003, currently
doing M.E.in Computer Engineering from
University of Mumbai.Areas of
Interest:Computer Networks and Image
Processing.Experience Details:More than 03
years of experience in teaching. Currently
working as a lecturer i8n Dept. of Information
Technology at Thadomal Shahani Engg. College,
Mumbai-50. (209)
