SRDP: Secure route discovery for dynamic source routing in MANETs

doi:10.1016/j.adhoc.2008.09.007

Ad Hoc Networks

Volume 7, Issue 6, August 2009, Pages 1097-1109

https://doi.org/10.1016/j.adhoc.2008.09.007 Get rights and content

Abstract

Routing is a critical function in multi-hop mobile ad hoc networks (MANETs). A number of MANET-oriented routing protocols have been proposed, of which DSR is widely considered both the simplest and the most effective. At the same time, security in MANETs – especially, routing security – presents a number of new and interesting challenges. Many security techniques geared for MANETs have been developed, among which Ariadne is the flagship protocol for securing DSR.

The focus of this work is on securing the route discovery process in DSR. Our goal is to explore a range of suitable cryptographic techniques with varying flavors of security, efficiency and robustness. The Ariadne approach (with TESLA), while very efficient, assumes loose time synchronization among MANET nodes and does not offer non-repudiation. If the former is not possible or the latter is desired, an alternative approach is necessary. To this end, we construct a secure route discovery protocol (SRDP) which allows the source to securely discover an authenticated route to the destination using either aggregated message authentication codes (MACs) or multi-signatures. Several concrete techniques are presented and their efficiency and security are compared and evaluated.

Introduction

Multi-hop mobile ad hoc networks (MANETs) have been studied extensively in recent years and a large body of relevant research has been accumulated, especially pertaining to routing security.

One of the key MANET characteristics – absence of fixed infrastructure – makes it difficult to re-use results from more traditional wired networks. In particular, popular IP routing protocols (used both in the internet and in private intranets) are not suitable for MANETs, due mostly to node mobility. Consequently, a lot of effort has gone into developing MANET-geared routing protocols. Most of these protocols have, for various reasons, remained on paper, only a few have been implemented and even fewer have made into real MANETs.

Since the focus of this paper is on security, rather than routing, we do not review the relevant routing literature. Suffice it to say, that the most popular MANET routing protocol is also one of the conceptually simplest, dynamic source routing (DSR), developed by Johnson and Maltz. The centerpiece of DSR is the route discovery (RD) protocol which uses flooding to discover routes on-demand. (See Section 2 below for a detailed description.) On-demand routing protocols have been demonstrated to perform better with significantly lower overheads than periodic (or proactive) routing protocols in many situations [2], [3], [4], since they are able to react quickly to the many changes that may occur in node connectivity, yet are able to reduce routing overhead in periods or areas of the network in which changes are less frequent.

Like most network protocols, MANET routing protocols (including DSR) are often designed for non-adversarial networks and thus forgo security features. This follows the traditional model of first designing a protocol and later (sometimes much later) retrofitting it with security features. Being a popular protocol, DSR has received a lot of attention from the security community. The state-of-the-art of MANET routing security is represented by Ariadne [13] which is a DSR-specific security mechanism based on the earlier TESLA protocol [8]. Ariadne’s security is based on message authentication codes (MACs) and loose time synchronization among nodes is required; the latter feature is inherited from TESLA.

The motivation for the work presented in this paper is very similar to Ariadne’s. Our goal is to efficiently secure the route discovery process in DSR.¹ However, in doing so, we aim to address the needs of MANETs where either (or both) stronger security is necessary or loose time synchronization is not possible. Protocol efficiency is also one of our goals, especially, the minimization of communication (bandwidth) overhead. This contrasts with Ariadne which focuses more on lowering computation costs.

With the above goals in mind, we develop secure route discovery protocol (SRDP). It is a generic protocol which works with a range of cryptographic primitives, some based on aggregated MACs and others – on digital signatures amenable to aggregation. (Aggregation is essential as it allows us to compress authentication tags thus saving bandwidth and reduces verification costs.) We explore five cryptographic techniques and evaluate/analyze their respective security features and efficiency features. One of the interesting aspects of our work is the novel application of aggregated signature and multi-signature schemes.

Viewed from the higher-level perspective, SRDP enhances the functionality of DSR with the feature we term route integrity. Informally, this means that all nodes in a putative route agree on the exact sequence (order) of nodes traversed in that route. Moreover, the source is able to ascertain that all intermediate nodes vouch for the integrity of the same route. (See Section 4 for further details.) However, route integrity does not imply viability of the discovered route, since an adversarial node that behaves honestly during route discovery may behave in an arbitrarily malicious manner during subsequent forwarding of data packets.

SRDP is a provably secure routing protocol. Especially, we prove that the generic SRDP scheme based on signatures is secure in a mathematical framework proposed by Acs et al. in [1]. Instead, we add more assumptions and modify the attacker model s.t. the assumptions and the model are fit to the framework. The security goal achieved in the framework is minimal in the sense that it guarantees only that the route list is an existent path. The framework does not detect if the adversary changes the route or modifies it as long as the route is plausible. Still, it is useful in that the security model helps the route discovery protocol find any existing path.

Organization: the remainder of this paper is organized as follows: Section 2 summarizes the basic operation of DSR. Then, Section 3 presents our network assumption, attack model and defines necessary security properties. Section 4, describes SRDP and several cryptographic techniques. Then, Section 5 explains the mathematical framework and proves the security of SRDP in the framework. SRDP’s efficiency is discussed in Section 6. Finally, Section 7 overviews relevant prior work.

Section snippets

DSR overview

Since our work is specific to DSR, this section provides a brief re-cap of the DSR route discovery process. For further details we refer to [14].

DSR is a purely on-demand ad hoc network routing protocol. This means that a route is discovered only when it is needed and no pre-distribution of connectivity is performed. Since route discovery is done via flooding, nodes do not accumulate network topology information except for cached routes.

DSR includes two main mechanisms: route discovery and

Security setting

In this section, we discuss our attack model and associated threats.

As usual, we distinguish among passive and active adversaries. A typical passive adversary only eavesdrops and aims to compromise communication privacy. Since routing is not usually a private function (except in military and other critical settings), we do not consider passive threats in our model.

An active adversary has far stronger capabilities. It can introduce its own packets as well as delete, delay and modify packets

Secure route discovery protocol (SRDP)

We begin by stating some environmental assumptions and summarizing our notation.

We assume bidirectional communication on each link: if node S is able to send a message to node D, then node D is able to send to node S. This assumption is justified, since many wireless MAC-layer protocols, including IEEE 802.11, require bidirectional communication.

We do not assume that a node is aware of the exact set of its current immediate neighbors. Some MANET types have built-in neighbor discovery but we

A provably secure route discovery protocol

In [1], Acs et al. propose a mathematical framework wherein security can be precisely defined, and allegedly secure routing protocols can be proven secure in a rigorous manner. This framework is well-suited for dynamic source routing protocols. In this section, we overview the framework proposed in [1] and prove the security of SRDP with slight modifications in assumptions and the attacker model.

Performance assessment

We now assess the efficiency of the schemes described above; first from the conceptual perspective and then, in Section 6.2, based on experimental results.

Related work

In this section, we briefly overview relevant prior work. The most closely related prior work is the Ariadne scheme by Hu et al. [13]. Ariadne is based on TESLA – an earlier broadcast authentication scheme. Ariadne is very efficient since it uses MACs and reduces the setup cost of pair-wise shared keys by using TESLA. Also, Ariadne offers some protection against DoS attacks by requiring the destination to authenticate the source.

Ariadne inherits from TESLA the requirement for loose time

Jihye Kim is currently a Ph.D. candidate in the Computer Science Department, at University of California at Irvine. She received her B.S. and M.S. degrees in Computer Science and Engineering from Seoul National University in 1999 and 2003, respectively. (She worked at Dacom System Technologies in 2000 before starting her M.S. degree program.) Her research interests are computer security and applied cryptography. Further information about her research is available at: //www.ics.uci.edu/jihyek

References (22)

G. Acs, L. Buttyan, I. Vajda, Provably secure on-demand source routing in mobile ad hoc networks, in: IEEE Transactions...
J. Broch, D.A. Maltz, D.B. Johnson, Y.-C. Hu, J.G. Jetcheva, A performance comparison of multi-hop wireless ad hoc...
P. Johansson, T. Larsson, N. Hedman, B. Mielczarek, M. Degermark, Scenario-based performance analysis of routing...
C.E. Perkins, E.M. Royer, Ad-hoc on-demand distance vector routing, in: The Second IEEE Workshop on Mobile Computing...
D. Boneh, C. Gentry, H. Shacham, B. Lynn, Aggregate and verifiably encrypted signatures from bilinear maps,...
OpenSSL project....
Miracl project....
A. Perrig, R. Canetti, J.D. Tygar, Dawn Xiaodong Song, Efficient authentication and signing of multicast streams over...
David Pointcheval, Jacques Stern, Security Proofs for Signature Schemes, Lecture Notes in Computer Science,...
W. Diffie, M.E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory,...

M. Bellare, R. Canetti, Hugo Krawczyk, Keying Hash Functions for Message Authentication, Lecture Notes in Computer...

Cited by (40)

HSecGR: Highly Secure Geographic Routing
2017, Journal of Network and Computer Applications
Citation Excerpt :
Most of the earlier works deal with only one type of attacks but not with a variety of attacks that can be launched against a routing protocol. For example, solutions proposed in (Perrig et al., 2005; Kim and Tsudik, 2009; Tygar et al., 2002; Buttyan et al., 2006; Yi et al., 2001; Levine et al., 2002; Zapata and Asokan, 2002; Johnson et al., 2003; Wang et al., 2010) protect route discovery packets against modification attacks. However, these solutions don’t protect against packet dropping attacks.
An ad hoc wireless network is a set of nodes connected by wireless links in which nodes cooperate to forward packets from a source to a destination. Geographic routing (or position-based routing) has become an attractive solution for such networks since it reduces routing control overhead flooded in the network to construct routes (routes discovery). Many geographic routing protocols have been designed to guarantee packet delivery in such networks. However, these protocols consider that all nodes in the network are trustworthy which allows malicious nodes to violate network security and disrupt packet forwarding. In this paper, we propose and evaluate a new security approach that secures geographic routing protocols against a variety of attacks. Our approach is based on the use of MACs to allow intermediate nodes to verify the authenticity and the integrity of forwarded packets and uses authenticated acknowledgements to prevent packet dropping attacks. To meet node's resource constraints, we have based our solution on symmetric cryptography. Our solution is robust against modification and dropping attacks even in the presence of compromised nodes in the network.
Modeling and verifying ad hoc routing protocols
2014, Information and Computation
Citation Excerpt :
We have modeled route validity in Example 5 for the protocol SRP applied to DSR. The same modeling can be applied to most source routing protocols such as Ariadne [18], endairA [11], SRDP [23], BISS [12]. However, source routing protocols may also perform recursive tests.
Mobile ad hoc networks consist of mobile wireless devices which autonomously organize their infrastructure. In such networks, a central issue, addressed by routing protocols, is to find a route from one device to another. These protocols use cryptographic mechanisms in order to prevent malicious nodes from compromising the discovered route.
Our contribution is twofold. We first propose a calculus for modeling and reasoning about security protocols, including in particular secured routing protocols. Our calculus extends standard symbolic models to take into account the characteristics of routing protocols and to model wireless communication in a more accurate way. Our second main contribution is a decision procedure for analyzing routing protocols for any network topology. By using constraint solving techniques, we show that it is possible to automatically discover (in NPTIME) whether there exists a network topology that would allow malicious nodes to mount an attack against the protocol, for a bounded number of sessions. We also provide a decision procedure for detecting attacks in case the network topology is given a priori. We demonstrate the usage and usefulness of our approach by analyzing protocols of the literature, such as SRP applied to DSR and SDMSR.
Enhanced security using multiple paths routine scheme in cloud-MANETs
2023, Journal of Cloud Computing
Enhanced Security using Multiple paths routine scheme in Cloud-MANETs
2022, Research Square
A secured multiplicative Diffie Hellman key exchange routing approach for mobile ad hoc network
2021, Journal of Ambient Intelligence and Humanized Computing
Robust and Secure Routing Protocols for MANET-Based Internet of Things Systems—A Survey
2021, Advances in Science, Technology and Innovation

View all citing articles on Scopus

Gene Tsudik is a Professor in the Department of Computer Science at the University of California, Irvine. He has been conducting research in internetworking, network security and applied cryptography since 1987. He obtained his Ph.D. in Computer Science from USC in 1991 for research on firewalls and Internet access control. Before coming to UC Irvine in 2000, he was a Project Leader at IBM Zurich Research Laboratory (1991–1996) and USC Information Science Institute (1996–2000). Over the years, his research interests included: routing, firewalls, authentication, mobile networks, e-commerce, anonymity, group communication, digital signatures, key management, ad hoc networks, as well as database privacy and secure storage. Since 1993, he has been serving as Associate Dean of Research and Graduate Studies in the Bren School of Information and Computer Sciences at UCI. In Spring 2007, he will be going to Italy as a Fulbright Scholar to lecture and conduct research at the University of Rome (La Sapienza) on the subject of electronic privacy.

View full text