2003 Elsevier Secure Routing in Mobile Wireless Ad Hoc Networks
2003 Elsevier Secure Routing in Mobile Wireless Ad Hoc Networks
www.elsevier.com/locate/adhoc
Abstract
We discuss several well known contemporary protocols aimed at securing routing in mobile wireless ad hoc net-
works. We analyze each of these protocols against requirements of ad hoc routing and in some cases identify fallibilities
and make recommendations to overcome these problems so as to improve the overall efficacy of these protocols in
securing ad hoc routing, without adding any significant computational or communication overhead.
Ó 2003 Published by Elsevier B.V.
Keywords: Active attacks; Passive attacks; Wormhole attack; Byzantine failures; Secure routing; Ad hoc networks
and DSR, the route discovery is initiated whenever and request id which uniquely identify a request. If
data packets need to be sent, whereas in proactive it has already handled this request, it is dropped.
protocols like DSDV, nodes proactively maintain Otherwise, the node appends its address to the
routes even if no data packets need to be currently Ôroute recordÕ in the route request packet and
sent. forward broadcasts the packet.
In DSR [12], the sender node determines the In the reactive protocol AODV [11], a node
path along which a packet needs to be forwarded discovers or maintains route to a destination if and
for a particular destination. This path is listed in only if it is the initiator of the route to that des-
the data packet header and is referred to as the tination or is an intermediate node on an active
Ôsource routeÕ. Every node in the network stores route to that destination. Otherwise, it does not
route to other nodes in the network by maintain- maintain routing information to that destination
ing a dynamic route cache. A node learns routes to (no promiscuous listening in AODV). AODV
other nodes in one out of two ways––when it itself maintains loop-free routes, even when the local
initiates a route to a particular destination or when connectivity for a node on the route changes. This
the node lies on an active path to that destination. is achieved by maintaining a counter for each
In addition to these, a node may also learn a route node, called a sequence number. This sequence
by overhearing transmissions along the routes of number of a node is incremented every time the
which it is not a part. This is referred to as the local connectivity of the node changes.
promiscuous listening. In AODV, the route discovery is initiated by the
When a node needs to send a packet to another source by generating and broadcasting a route re-
node, it first checks if an entry for the source route quest packet RREQ. The RREQ packet contains
to that destination exists in the route cache. If such sequence numbers for both source as well as des-
an entry already exists, the node inserts the source tination nodes, called source_sequence_num and
route into the header of the data packet. The destination_sequence_num, respectively. When a
source routes into the list of nodes along which node receives a RREQ packet, if the node is itself
the packet needs to be forwarded in order to reach the destination or it has a valid route to that des-
the destination. The sender forwards the packet tination, it determines the freshness of its route
to the first node on the route list. This intermediate table entry (provided such an entry exists) for that
node in turn forwards the packet to the next node destination by comparing the destination_se-
in the list and this continues till the packet reaches quence_num in the RREQ with that of its route
the intended destination. table entry. The node then either responds with a
If the sender does not have a cache entry with route reply RREP (if it itself is the destination or
the source route for that destination, DSR route has a fresh route to that destination) or rebroad-
discovery process is initiated for that destination casts the RREQ to its neighbors. The node makes
node. The sender broadcasts a ÔROUTE RE- an entry for this route request in the route table and
QUESTÕ. This route request is uniquely identified stores the address of the node from which it re-
by the source address, the destination address and ceived this request as the next hop in the route to
the request id. When a node receives this route the source of this request packet. Similarly when a
request, it checks if it itself is the target or if it has node receives a response RREP for the request it
a source route cache entry for the intended desti- stores the address of the node from which it re-
nation. If either of the above two cases holds, the ceived the response RREP as the next hop in the
node responds with a route reply packet to the route to that destination. As the RREP travels
sender. The route reply consists of a Ôroute recordÕ, back to the source, the intermediate nodes for-
which is a list of nodes forming the path from the warding the RREP, update their routing tables
sender to the destination. If the node does not have with a route to the destination. The RREP has a
a source route cache entry to that destination, it field for destination_sequence_num.
checks if it has already processed this request by The rest of the paper is organized as follows: In
checking the source address, destination address Section 2, we discuss different possible attacks on
S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174 153
the routing protocols and in Sections 4–12, we (i) Black holes: The attacker drops all types of
analyze contemporary SRPs with respect to pre- packets both control as well as data. This attack
vention of these attacks. can be prevented by establishing routes free of the
black holes or by precluding such type of nodes
from existing routes.
(ii) Gray holes: The attacker is selective in
2. Possible attacks on routing protocols
dropping packets (drops data packets but not
control messages). This is not so simple attack to
In this paper, we are primarily concerned with
detect. There needs to be some kind of a promis-
the attacks targeting the routing protocols. These
cuous mode of operation in place within the
attacks can be broadly classified into two main
routing protocol wherein nodes can listen to the
categories:
transmissions of the nodes within the radio range.
If a node is found to exhibit such a gray hole be-
1. Passive attacks and
havior, then other nodes need to be alerted about
2. Active attacks.
it. Again some kind of trust hierarchy needs to be
in place such that the reporting node has to have
2.1. Passive attacks
some trust standing, otherwise, it becomes a basis
of yet another attack called blackmail attack
Passive attacks are the attacks in which an at-
where a malicious node may report a benign node
tacker does not actively participate in bringing the
to be misbehaving, thereby launching a denial of
network down. An attacker just eavesdrops on the
service attack against that node.
network traffic as to determine which nodes are
trying to establish routes to which nodes or which
2.2.2. Attacks using modification of protocol mes-
nodes are pivotal to proper operation of the net-
sages fields
work and hence can be potential candidates for
Current routing protocols assume that nodes do
subversion and launching denial of service attacks.
not alter the protocol fields of messages passed
The attacker can then forward this information to
among nodes. Routing protocol packets carry
an accomplice who in turn can use it to launch
important control information that governs the
attacks to bring down the network.
behavior of data transmission in ad hoc networks.
Since the level of trust in a traditional ad hoc
2.2. Active attacks network cannot be measured or enforced, mali-
cious nodes or compromised nodes may partici-
Active attacks are the attacks in which an pate directly in the route discovery and may
attacker actively participates in disrupting the intercept and filter routing protocol packets to
normal operation of the network services. The disrupt communication. Malicious nodes can eas-
attacker drops packets, modifies packets, replays ily cause redirection of network traffic and DOS
packets, fabricates messages or impersonates as attacks by simply altering these fields [7].
some other nodes, nodes rush packets or tunnel For example, in the network illustrated in Fig.
them over high-speed private networks to an ac- 1a, a malicious node M could keep traffic from
complice in other part of the network, etc.
stituent. The node adds this routing information to In case of proactive routing protocols like
its own cache. DSDV, where nodes detect neighbors by sending
The vulnerability is that an attacker could easily HELLO packets, an attacker could tunnel a
exploit this method of learning routes and poison HELLO packet from A to B and from B to A
route caches. If a malicious node M wants to leading A and B to believe that they are neighbors
launch a denial of service attack on node X , it and when in reality they are not. This could lead to
would simply broadcast spoofed packets with no route being established because of wrong
source routes to X via itself. Any neighboring neighborhood perception.
nodes that overhear the packet transmission may The wormhole attacks can be thwarted by
add the route to their route cache. using a notion of packet leashes. A leash is any
(iii) Routing table overflow attack: A malicious information added to a packet to limit the packetÕs
node may attempt to overwhelm the protocol by maximum allowed transmission distance. A geo-
initiating route discovery to non-existent nodes. graphical leash ensures that the recipient of the
The rationale behind this attack is to create so packet is within a certain distance from the sen-
many routes that no further routes could be cre- der. A temporal leash ensures that the packet has
ated as the routing tables of nodes are already an upper bound on its lifetime, thus outing an
overflowing. Proactive routing algorithms attempt upper bound on the distance it can travel, since
to discover routing information even before they the speed of packet cannot be more than that of
are needed, while reactive algorithms create only light. Any of these leashes can thwart a wormhole
when they are needed. This makes proactive al- attack, as they allow the receiver to detect if the
gorithms more vulnerable to table overflow at- packet has traveled more distance than the leash
tacks. allows.
protocol in the form of additional fields to the mation and can discard such malevolent replies.
RREQ and RREP packets. Both RREQ and This is realized through the existence of a security
RREP packets have two additional fields, viz., RQ_ association (SA) between the pair of end nodes,
SEC_REQUIREMENT (RP_SEC_REQUIRE- i.e., source and destination without the interme-
MENT is the corresponding one in RREP) and diate nodes having to cryptographically validate
RQ_SEC_GUARANTEE (RP_SEC_GUARAN- the control traffic. Such a security association is
TEE is the corresponding one for RREP). assumed to exist priori to the route initiation. This
RQ_SEC_REQUIREMENT value in the RREQ protocol assumes that this SA can be achieved
is set by the route initiator and is immutable, i.e., through a shared key KST between the source S and
no intermediate node can change this field in target T . This is a strong assumption given the
transit. This value indicates the minimum security nature of ad hoc networks. It is as good as as-
rating that an intermediate node should possess in suming a SA through a shared secret among two
order to be part of the route. When an interme- strangers.
diate node receives a RREQ packet, it checks the The source S initiates the route discovery by
RQ_SEC_REQUIREMENT field and compares putting together a route request packet as shown
the value to its own security rating (i.e., the trust in Fig. 3.
level). If the nodeÕs security rating is more than The SRP adds an additional header called SRP
RQ_SEC_REQUIREMENT, the node forwards header to the underlying routing protocol packet.
the packet, otherwise the node drops the packet. The SRP header is as shown in Fig. 4.
When an intermediate node decides to forward the The query sequence number, QSEQ , is a mono-
request, the RQ_SEC_GUARANTEE is set to a tonically increasing 32 bit sequence number
value which indicates the maximum security level maintained by the source node S for each desti-
afforded by the discovered paths. This field is nation T it has a security association with. It in-
useful in the case where route discovery comes up creases monotonically for every route request
with a route which is more secure than the one generated by S for T , thus allowing T to detect
requested by the initiator. outdated/replayed requests. QSEQ is initialized at
Since the security aware ad hoc routing proto- the establishment of the SA and is generally not
col tries to implement the trust level among nodes allowed to wrap around.
by having a key for every trust level, another cause
for concern is the nature of ad hoc networks,
where membership keeps on changing, i.e., nodes
0123456789 0123456789 0123456789 01234567890
come and go regularly. Hence fresh keys have to TYPE RESERVED
be generated and distributed every time any new
node comes in or a node goes out, thus augment- QUERY IDENTIFIER
ing the computational overhead. If the keys are QUERY SEQUENCE NUMBER
not generated afresh when a member node leaves SRP MAC
the network, there is a likelihood that this node
might give the keys to a malicious node or give a Fig. 3. Route request packet.
higher trust level keys to a node with a lower trust
level.
0123456789012345678901234567890
IP HEADER
5. Secure routing protocol
BASIC ROUTING PROTOCOL PACKET
The SRP [2] attempts to guarantee that the
SRP HEADER
node initiating the route discovery will be able to
differentiate between the legitimate replies and the
replies meant to provide false topological infor- Fig. 4. SRP header.
158 S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174
The query identifier QID is a random 32 bit The equality validates the integrity of the request
identifier generated by S and is used by the inter- as well as the authenticity of the sender.
mediate nodes as a means to identify the request. The destination broadcasts a route reply to its
Since QID is an output of a secure pseudo-random one hop neighbors in order to thwart a potentially
number generator and is unpredictable by an ad- malicious neighbor from controlling multiple re-
versary, it providing protection against attackers plies. For each valid request, the destination puts
who fabricate requests only to cause subsequent the accumulated route in the form of IP addresses
requests to be dropped. of intermediate nodes into the route reply packet.
SRP MAC is a 96 bit value calculated using the The QSEQ and QID fields from the route request are
shared key KST over IP addresses of the source S copied into the corresponding fields of the reply
and target T and the two identifiers QSEQ and QID . packet. MAC is calculated to preserve the integrity
It not only validates the integrity of the request but of the packet in transit. The QSEQ and QID fields
also authenticates the origin of the packet to the verify the freshness of the packet to the source.
target, as the MAC could have been calculated by When the source S receives the route reply
the node that has the knowledge of KST and packet, it checks source and destination addresses,
knowledge of KST is only with the node that has QID and QSEQ and discards the reply if it does not
security association with the target. correspond to the currently pending query. Other-
When an intermediate node receives such a wise, it compares the reply IP source-route with
route request, it checks if an SRP header is present the reverse of the route carried in the reply pay-
or not. If not present, the packet is discarded, load. If the two routes match, MAC is calculated
otherwise the node extracts the IP address of the using the replied route the SRP header fields and
source and destination as well as the QID from KST . The successful verification confirms that the
the request and creates an entry for the request in request did indeed reach the intended destination
the query table. If an entry already exists for the T and the reply was not corrupted on the way back
request that source destination pair with the same from T to S. Furthermore, since the reply packet
QID , the request is dropped by the node. Other- has been routed and successfully received over the
wise, the node appends its IP address to the reverse of the route it carries, the routing infor-
request and rebroadcasts the request. Thus IP mation has not been compromised during the re-
addresses of the intermediate nodes keep on ac- quest propagation.
cumulating on the route request. Intermediate nodes also measure the frequency
The above situation warrants that the QID of queries received from their neighbors. Inter-
should be sufficiently random and an adversary mediate nodes maintain a priority ranking of their
with finite computation capacity should not be neighbors––highest priority to nodes generating
able to predict it. Otherwise, the attacker can requests at the lowest rate and the lowest rating for
prevent route from being established between the those with highest rate. In case when two packets
given source destination pair, as it would fabricate arrive at the same time, the neighbor whose
request packets with this QID and the intermediate ranking is high, is given a priority in routing over
nodes will not forward the legitimate requests the one with the lower ranking.
when they get to them as an entry already exists in This SRP guarantees the discovery of a correct
the query table for that particular QID . route, even in the presence of malicious nodes. The
When the target T receives this request packet, protocol obviates the need of a certification au-
it verifies that the packet has originated from the thority, thereby suiting itself to the ad hoc para-
node with which it has SA. QSEQ is then compared digm. The protocol also does not necessitate the
with SMAX , the maximum query sequence number knowledge of keys of all member nodes. The only
received from S. If QSEQ 6 SMAX , the request is requirement of this protocol is that there should be
considered to be outdated/replayed and is dis- a prior security association between the two nodes
carded. Else the keyed hash of the request field is that need to communicate with each other. This
calculated and matched against the SRP MAC. kind of a security association is realized through
S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174 159
shared secret keys between any two pair of nodes. stage. It is a lightweight stage and does not de-
However, when malicious nodes succeed in sub- mand too many resources.
verting benign nodes, the malicious nodes could
easily gain access to the shared secret keys. The 6.1.1.1. Preliminary certification. ARAN uses a
malicious node can then masquerade as the sub- trusted certificate server T . Before entering the
verted good node and initiate communication with ad hoc network, each node has to request a cer-
other good node with whom the subverted good tificate from T . In case of node A, the certificate
node has a security association. looks as shown below:
T ! A : CertA ¼ ½IPA ; KAþ ; t; eKT
The certificate contains the IP address of A, the
6. Routing using pre-deployed security infrastruc-
public key of A, a timestamp t of when the certif-
ture
icate was created, and a time e at which the cer-
tificate expires. These variables are concatenated
We assume the existence of certain amount of
and signed by T . All nodes must maintain fresh
security infrastructure. The type of ad hoc envi-
certificates with the trusted server and must know
ronment that we are dealing with here is called
T Õs public key.
managed-open environment. A managed-open
environment assumes that there is an opportunity
6.1.1.2. End-to-end authentication. End-to-end au-
for pre-deployment. That is nodes wishing to
thentication verifies whether the intended destina-
communicate can exchange initialization parame-
tion was reached. In this stage, the source trusts
ters beforehand, perhaps within the security of an
the destination to choose the return path.
infrastructured network where session keys may be
(i) Source node: The source node A broadcasts a
exchanged or through a trusted third party like a
route discovery packet (RDP) and thus initiates
certification authority.
the route discovery to destination X .
A ! broadcast : ½RDP; IPX ; CertA ; NA ; tKA
6.1. ARAN protocol in managed-open environment
The RDP includes a packet type identifier
ARAN or authenticated routing for ad hoc (‘‘RDP’’), the IP address of the destination (IPx ),
networks [7] detects and protects against malicious AÕs certificate (CertA ), a nonce NA , and the current
actions by third parties and peers in ad hoc envi- time t, all signed with AÕs private key. Each time
ronment. ARAN introduces authentication, mes- node A performs route discovery, it monotonically
sage integrity and non-repudiation to an ad hoc increases the nonce. Nodes store the nonce they
environment. have last seen with its timestamp.
ARAN is composed of two distinct stages. The (ii) Intermediate node: Each node keeps track of
first stage is simple and requires little extra work the predecessor node from which it received the
from peers beyond traditional ad hoc protocols. RDP packet. It then forwards the RDP to each of
Nodes that perform the optional second stage in- its neighbors, signing the contents of the message.
crease the security of their route, but incur addi- This signature prevents spoofing attacks that may
tional cost for their ad hoc peers who may not alter the route or form loops. Let AÕs neighbor be B.
comply (e.g., if they are low on battery resources). B ! broadcast
ARAN makes use of cryptographic certificates : ½½RDP; IPX ; CertA ; NA ; tKA KB ; CertB
for the purposes of authentication and non-repu-
If a node has already seen the (NA , IPA ) tuple, it
diation.
drops the RDP packet. Otherwise, it forwards the
packet to its neighbors. Upon receiving the
6.1.1. Stage 1 broadcast, BÕs neighbor C validates the signature
Stage 1 contains a preliminary certification with the given certificate. C then rebroadcasts the
stage and a mandatory end–end authentication RDP to its neighbors, first removing BÕs signature.
160 S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174
The watchdog attempts to detect misbehaving listening to B to forward a packet. A does not
nodes. Fig. 5 illustrates the operation of the know if the collision was caused by forwarding a
watchdog works. Node A cannot directly send packet as it should or if B never forwarded the
packets to node C, but it can send the packets to B packet and the collision was caused by other nodes
and then listen in on node BÕs traffic. Thus, when A in AÕs neighborhood. Because of this uncertainty, A
transmits a packet for B to be forwarded to C, A should instead continue to watch B over a period
can often tell if B really transmitted the packet to of time.
node C. If encryption is not performed separately
for each link, then A can also tell if B has tampered 7.3.2. Receiver collision
with the payload or the header. In the receiver collision problem, node A can
The watchdog maintains a buffer of recently only tell whether B sends the packet to C, but it
sent packets and comparing each overheard packet cannot tell if C receives it. If a collision occurs at C
with the packet in the buffer to see if there is a when B first forwards the packet, A only sees B
match. If so, the packet in the buffer is removed forwarding the packet and assumes that C suc-
and forgotten by the watchdog, since it has been cessfully receives it. Thus, B could skip retrans-
forwarded. If the packet has remained in the buffer mitting the packet and evade detection as shown in
for longer than a certain timeout, the watchdog Fig. 7.
increments a failure tally for the node responsible
for forwarding the packet. If the tally exceeds a 7.3.3. False misbehavior
certain threshold, it infers that the node is misbe- False misbehavior can occur when nodes falsely
having and sends a message to the source notifying report other nodes as misbehaving. A malicious
it of the misbehaving node. node could attempt to partition the network by
The watchdog might not detect misbehaving claiming that some nodes following it in the path
nodes in presence of (1) ambiguous collisions, (2) are misbehaving. For instance, node A could re-
receiver collisions, (3) limited transmission power, port that node B is not forwarding packets when in
(4) false misbehavior, (5) collusion between fact it is. This will cause S to mark B as misbe-
neighboring nodes and (6) partial dropping. having when A is the culprit. This behavior, how-
ever, will be detected eventually. Since A is passing
7.3. Analysis of watchdog’s weaknesses messages onto B (as verified by source S), then any
acknowledgements from D to S will go through A
7.3.1. Ambiguous collision to S, and S will wonder why it receives replies from
The ambiguous collision problem prevents A D when supposedly B dropped packets in the for-
from overhearing transmissions from B. As Fig. 6 ward direction. In addition, if A drops acknowl-
illustrates, a packet collision occurs at A while it is edgements to hide them from S, the node B will
S A B D
S A B C D
Promiscuous listening
any third party trusted certification authority in However, it is always possible that the node is new
place. However this problem is overcome by dis- and it does not have any record for a particular
tributing the onus of certification on individual node. For such a situation, it is suggested that the
member nodes [10]. node should not send its share of the certificate to
The protocol suggests a localized trust model to the requesting node since it does not have any re-
distribute the function of a trusted third party cord on the requesting node. If the requesting node
Certification Authority (CA) to individual member is not able to garner the certificate shares from the
nodes within the network. In the localized trust threshold number of other nodes in its one-hop vi-
model, a node is trusted if any k (threshold) trusted cinity, it should move to a new location where it is
entities claim so within a certain time period. likely to get the certificate shares. But mobility may
These certifying entities are generally the nodeÕs not always be possible given the nature of the
one-hop neighbors. Once a node is trusted by its wireless ad hoc networks, that the network might be
local community, it is globally accepted as a trus- deployed in a hostile environment.
ted node; otherwise it is considered untrustworthy The assumption ‘‘ It is not very difficult to detect
in the entire network. If a node could not find k misbehaving nodes within the radio range ’’, given
neighbors in certain location, it may roam to meet the nature of the technology available, viz.,
more nodes or wait for new nodes to move in. Watchdog and Global Intrusion detection, cannot
The certificate signing key SK is distributed to always be possible. It has been shown that the
each node of the network. Each node carries a watchdog solution of operating the node in pro-
partial certificate signed with its share of certificate miscuous mode falls apart when two or more mis-
signing key SK . A valid certificate signed by SK is behaving nodes are working in collusion. When a
obtained by combining together partial certificate node perceives that an intrusion is in progress on
shares from k (threshold) number of nodes. A itself, only then it will issue a request for other nodes
node trying to establish route with some other to detect if a similar nature of intrusion is taking
node should have a valid certificate. Nodes with- place on them as well. A misbehaving node could
out valid certificates are treated as adversaries and easily deny an intrusion in itself thereby thwarting
are precluded from using network resources. A any global intrusion mitigation procedure.
node Vi requests new certificate from any coalition
of k (threshold) nodes, typically among its one hop
neighbors. When any node receives this request, it 9. ARIADNE
checks its records on Vi . A record typically consists
of a distributed Certificate Revocation list (CRL) ARIADNE [1] prevents attackers/compromised
and/or direct monitoring data available on Vi . If nodes from disrupting uncompromised routes
the node is found to be legitimate, the neighboring comprising of benign nodes.
node responds with a partial certificate by apply- The motive behind this protocol is to thwart
ing its share of SK . Otherwise, the request for active attackers who inject packets into the network
certificate is dropped. The requesting node Vi then and who also eavesdrop. The active attackers are
combines the k partial certificates that it receives to classified as active-n-m, where n is the number of
generate a complete certificate. These certificates nodes it has compromised and m is the number of
carry expiration time, after which a node has to nodes it owns, e.g., active-0-1 (owns 1 node), active-
acquire a new certificate because the old one is not 0-x (owns x nodes), active-1-x (compromised 1 node
valid any more. A broken or a misbehaving node and distributes cryptographic information like se-
that is detected by its neighbor will not be able to cret key to x 1 other nodes). A node trusts only
get its certificate renewed, once it current certifi- itself for acquiring information as to which all
cate expires. nodes in the network are malicious, thus thwarting
If a particular node has no record (neither good any blackmail attacks where an attacker fabricates
nor bad) for node, according to this architecture, it information making a benign node appear mali-
should not respond with its share of the certificate. cious.
S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174 165
It is assumed that the sender trusts the desti- may have already disclosed, based on loose time
nation with which it communicates, with respon- synchronization between nodes. Let D be the
sibility of authenticating intermediate nodes. Thus maximum time synchronization error between any
enabling the destination to launch blackmail at- two nodes and this value must be known to all
tacks against intermediate nodes, so the sender nodes.
maintains a separate blacklist on all destinations it When a packet authenticated with TESLA is
is communicating with. received, the receiver first verifies the TESLA se-
The ARIADNE protocol makes use of TESLA curity condition that the key Ki used to authenti-
broadcast authentication protocol which is dis- cate this packet cannot yet have been disclosed. If
cussed next. the packet arrival time at the receiver is tr , and the
receiver knows that the earliest time the sender
9.1. TESLA discloses the key Ki is t0 þ i t where t0 is the time
when K0 is disclosed by the sender. The receiver
When TESLA [1] is used for authentication, needs to verify that for TESLA time interval t,
each sender chooses a random initial key KN and tr ( ðt0 þ i t DÞ, thus implying that Ki has not
generates a one-way key chain by repeated com- yet been published. Otherwise, sender may have
putation of a one-way hash function H , KN being already disclosed Ki and some attacker may have
the starting value of the function such that, forged the packet contents, and hence the packet is
discarded. If the check is successful the receiver
KN 1 ¼ H ½KN ; KN 2 ¼ H ½KN 1 ; . . . ;
buffers the packet and waits for the sender to
Ki ¼ H ½Kiþ1 ¼ HN i ½KN disclose Ki . When the receiver receives Ki , it first
To compute any previous key from key Ki where authenticates Ki and then authenticates the stored
j < i a node uses the equation packets.
This ARIADNE protocol makes an assumption
Kj ¼ Hij ½Ki
that the initiator S who performs a route discovery
The above mentioned equation is used by any to target D shares secret keys KSD and KDS re-
node to authenticate any received value on the spectively, for message authentication in each di-
hash chain. If the computed value matches previ- rection. The design of this ARIADNE protocol
ous known authentic key value then the received can be divided into three stages.
key is authentic.
Each node discloses each key of its one-way key 9.2. ARIADNE protocol
chain in a particular order, which is exactly reverse
of the order in which the keys were generated. For 9.2.1. Target authenticates ROUTE REQUESTS
example if the keys were generated by a node in the To communicate with some destination node D
order KN ; KN 1 ; . . . ; K1 ; K0 then the node discloses in the network, the initiator node S generates and
them in the order K0 ; K1 ; . . . ; KN . The rationale floods ROUTE REQUEST packets throughout
behind having the key disclosure schedule to be the network. In order to enable target D to au-
reverse of the key generation schedule is that KN of thenticate sender S, S includes a MAC computed
a node is known to all other nodes and in such a over a timestamp with KSD , into the route request
situation they should be able to authenticate any packet. The target can then verify authenticity and
subsequent keys that are disclosed. The use of one- freshness of the request.
way hash function allows K0 ; K1 ; . . . ; KN 1 to be
authenticated using KN but KN cannot be authen- 9.2.2. Authentication of data in ROUTE RE-
ticated using any other key value. Hence the key QUESTS and ROUTE REPLIES using TESLA
disclosure schedule and key generation schedule Every node has a TESLA one-way hash chain
should be reverse. and that all other nodes know an authentic key of
The TESLA to a fair extent relies on the re- the TESLA chain of every other node. The route
ceiverÕs ability to determine which keys a sender request packet consists of eight fields (ROUTE
166 S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174
REQUEST, initiator, target, id, time interval, hash Target MAC is a MAC calculated over above
chain, node list, MAC list). five fields with the key KDS . Key list is left empty to
Initiator and Target being set to addresses of be initialized by the intermediate nodes.
source and destination, respectively. ÔIdÕ is set to The REPLY is then returned to the initiator
an identifier that has not been recently used in along the source route which is the reverse of the
route discovery. The ÔTime IntervalÕ is set to TE- sequence of hops in the node list in the RE-
SLA time interval at the pessimistic arrival time of QUEST. The node forwarding the route REPLY
the request at the target, with maximum possi- waits until it is able to disclose the key for the
ble clock offset/skew and maximum transmission specified time interval. It has to store the REPLY
delay. in a buffer till then. The node then appends the key
The hash chain field is initialized by the initiator to the key list field in the REPLY and forwards the
to the MACKSD calculated over initiator, target, packet according to the source route in the packet.
id, time interval. Node list and MAC list are left The waiting delays do not add significant compu-
uninitialized, to be initialized later by the inter- tation overhead but adds storage overheads. Given
mediate and target nodes. the limited memory resources available on the ad
When an intermediate node A receives a hoc nodes such storage overhead is a cause of
ROUTE REQUEST, the node checks its local concern.
table (initiator, id). If it finds an entry for the When the initiator receives the REPLY, it
same route discovery, it discards the REQUEST, checks if the keys in the key list are valid, target
else the node A verifies the time interval of the MAC is valid and each MAC in the MAC list is
REQUEST. If the time interval is too much in valid. If all these are valid only then will it accept
the future or the key corresponding to it has the route REPLY.
been disclosed, the REQUEST is discarded. Else
the node appends its address A to the node list in 9.2.3. Per-hop hashing
the REQUEST, the hash chain field is replaced An attacker could attempt to remove a node
by H (A, old hash chain). The node then ap- from the node list in the REQUEST. One-way
pends a MAC of the entire request to the MAC hash functions ensure that no hop is omitted,
list. The MAC is calculated using key Ki where hence called per-hop hashing. To change or re-
ÔiÕ is the time interval mentioned in the RE- move a previous hop, the attacker must be able to
QUEST. The node then rebroadcasts the modi- invert the one-way hash function which is com-
fied REQUEST. putationally infeasible given the limited computa-
When the target node receives the REQUEST, tional capacity of nodes in mobile wireless ad hoc
it determines whether the keys corresponding to networks. We have seen in the previous section,
the time interval mentioned in the REQUEST when an intermediate node A receives a ROUTE
have not been disclosed yet, and the hash chain REQUEST, it appends its address A to the node
field is equal to list in the REQUEST, the hash chain field is re-
placed by H (A, old hash chain), where H is the
H ½gn ; H ½gn1 ; H ½. . . ; H ½g1 ; one-way hash function and A is the address of the
MACKsd ðinitiator target; id; time intervalÞ . . . node A. Since it is computationally almost im-
possible to invert this one-way hash function, a
gi : node address of node at position i and n: malicious node who might succeed in removing the
number of nodes in the node list address of any previous node from the node list, it
If above two conditions are satisfied, the RE- would not be able to remove that nodeÕs address
QUEST is deemed valid and the target constructs from the hash chain field. In this way the attacker
a REPLY to the initiator. The REPLY consists of would be thwarted as the computed hash chain
following fields: target, initiator, time interval, field would not be the same as the hash chain in
node list, MAC list fields are set to the corre- the field and hence the REQUEST would be dis-
sponding fields from the received REQUEST. carded.
S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174 167
9.3. Route maintenance in ARIADNE the least, thus, discovering the route which
has least likelihood of having a faulty link in
An intermediate node attempting to forward a it. The protocol consists of the following three
packet to the next hop along the source route will phases:
return a route ERROR to the original sender if
and only if it is unable to deliver the packet to the (i) Route discovery with fault avoidance,
next hop after a fixed finite number of retrans- (ii) Byzantine fault detection,
missions. (iii) Link weight management.
In order to prevent unauthorized nodes from
sending false ERROR messages, the protocol
requires the original sender to authenticate the 10.1. Route discovery with fault avoidance
ERROR messages using TESLA. The protocol
however does not guard against attackers not In the route discovery both the route RE-
sending ERRORs in case of a genuinely broken QUEST and RESPONSE are flooded. The RE-
route. SPONSE is flooded in order to prevent any
ARIADNE does not guard against passive at- single adversary from stopping route establish-
tackers eavesdropping on the network traffic. ment. Digital signatures are used to authenticate
ARIADNE does not prevent an attacker from the source so that malicious nodes do not initi-
inserting data packets. ARIADNE is vulnerable ate route discovery and consume valuable net-
to active-1-1 attacker that lies along the discovered work resources. The source creates the route
route, who does not forward packets and does REQUEST and signs it. The request consists of
not generate ERROR if it encounters a broken source, destination, a sequence number and link
link. weight list. There is no route caching. When an
intermediate node receives a route request, it
checks its valid request list to see if there is a
10. On demand secure routing protocol resilient to matching request in the list for the same source.
Byzantine failures If there is no matching request and the sourceÕs
signature is valid, it rebroadcasts the request,
In this protocol [6], the emphasis is on surviv- else the request is dropped. When the destination
ability of routes under situations where an inter- receives a request from the source for the first
mediate node or group of nodes are known to be time, it checks the source signature on the re-
malicious and may attempt ‘‘Byzantine’’ attacks quest. It then constructs and signs the response
such as creation of routing loops, misrouting of consisting of source, destination, a response se-
packets along non-optimal (unnecessarily long) quence number and the weight list from the re-
paths or selective dropping of packets (black or quest packet.
gray holes). When an intermediate node receives a response,
Instead of laying the blame of a route failure on it computes the total weight of the path by sum-
a single misbehaving node, the protocol [6] incul- ming weights of all the links that constitute the
pates a link and thus the two nodes forming the path. If the total weight is less than any of the
link. This can ameliorate routing misbehaviors previous responses for that particular request, it
wherein two adjacent nodes are colluding with checks the signature on the response header and
each other and dropping packets. Every link be- every hop listed on the packet. If the whole of the
tween two adjacent nodes has certain weight as- packet is verified, the node appends its identifier to
sociated with it. When a link is found to be faulty, the end of the packet signs the new packet and
the weight associated with that link is multiplica- broadcasts it.
tively increased. When multiple routes are dis- When the source receives the response, the
covered for a particular destination, the initiating verifications performed are the same as those at
node selects the route whose sum of link weights is intermediate nodes. If the path is better than the
168 S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174
best path received so far, the source updates the and does not disconnect nodes so the threat of
route used to send packets to the particular des- false positives is neutralized. When the losses
tination. exceed the threshold, the protocol attempts to
This type of route discovery attempts to find the locate the faulty link.
route having lowest sum of link weights, thereby Source specifies a dynamic list of intermediate
selecting a route which is least likely to have a nodes on the route, each of which must send an
faulty link on it. Faulty links have more link ack for the successfully received packet, in addi-
weight and get automatically precluded from route tion to the destination. These nodes are called
discovery. probes. The probes divide the route into non-
In spite of this fault avoiding route discovery, if overlapping continuous intervals. When a fault is
a faulty link happens to be a part of a route may detected on an interval, a new probe is inserted in
be because no alternate routes with lower link between that interval.
weights were discovered, a fault detection mecha- This probe insertion and interval subdivision
nism will be invoked after log n faults where n is continues till the faulty interval narrows down to a
the length of the route. single faulty link. Due to binary search, the faulty
link is detected after log n faults occur n being the
total number of nodes on the route.
10.2. Byzantine fault detection We illustrate the fault detection mechanism
with the help of Fig. 8a–c. As shown in Fig. 8a,
This Byzantine fault detection uses adaptive suppose a faulty link exists at ÔX Õ. When fault rate
probing technique which identifies a faulty link exceeds the threshold level, the source node S in-
after log n faults have occurred where n is the vokes the fault detection mechanism. S arbitrarily
length of the route. selects probes P 1 and P 2 along the route to desti-
The protocol requires the destination to re- nation D, thereby diving the route into intervals
turn an ack to the source for every successfully S–P 1, P 1–P 2, P 2–D. Both the probes P 1 and P 2
received data packet. If no valid acks received are supposed to send ÔacksÕ to the source. S re-
during the time out, it assumes that the packets ceives ack from P 1 but does not get the ack from
were lost in transit (malicious or non-malicious). P 2 as there is a broken link between P 1 and P 2.
Loss rate less than a fixed threshold is tolerable Since S does not receive ack from P 2, it assumes
and may vary with every route and is chosen by that the faulty link exists between the interval P 1–
the source. Source keeps track of number of P 2.
losses on the path. If this number exceeds the So S inserts new probe P 3 along the interval
threshold, a binary search on the path is ini- P 1–P 2 as shown in Fig. 8b. S now receives acks
tialized, assuming a faulty link exists on the from P 1 and P 3 but not from P 2 as the faulty link
source–destination route. Protocol avoids loss lies in the P 3–P 2 interval. So S assumes that a
S D
(a) P1 P2
S D
(b) P1 P3 P2
S D
(c) P1 P3 P4 P2
Fig. 8. (a) Step 1: Fault on P 1–P 2 interval. P 1 and P 2––probes; X ––faulty link. (b) Step 2: P 3––new inserted probe; P 3–P 2––faulty
interval. (c) Step 3: P 4––new inserted probe; P 3–P 4––faulty link.
S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174 169
faulty link exists on the interval P 3–P 2 and inserts data advertised by its neighbor router to update its
a new probe P 4 in the P 3–P 2 interval as shown in own table in such a way that its route for every
Fig. 8c. Now S receives acks from P 1 and P 3 but destination uses as the next hop the router which
not from P 4 and P 2, so S assumes that a broken advertises the smallest metric for that destination.
link exists along P 3–P 4. However P 3–P 4 is a sin- The router then sets the metric in its table entry for
gle link with P 3 and P 4 being adjacent nodes, that destination to one more than the metric from
P 3–P 4 link is faulty. This link is sent as input to that neighbor routerÕs update. In order to dispense
link weight management mechanism. fresh routing information through the network
without delay, a concept of ‘‘triggered’’ updates
was introduced. In a triggered update, a router
10.3. Link weight management transmits a new update as soon as the metric in its
table entry for a destination changes. It does not
When a faulty link is detected, a multiplicative wait for its next scheduled periodic update.
increase scheme is used to double its weight. More As an adaptation to the wireless ad hoc para-
is the weight, less is the probability of that link digm, DSDV [13] a sequence number is added to
being on any further routes. the table entry. The sequence number prevents the
So far we have looked at secured routing pro- formation of loops caused by out of order updates.
tocols for reactive or on-demand protocols. We Every node maintains an even sequence number in
now discuss a SRP for proactive protocols. its routing table entry and includes it in every
update it sends. This sequence number is the most
recent one the node knows for that destination.
11. Securing distance vector routing protocol using Whenever a routing update is received, the
SEAD newly advertised route for a destination is pre-
ferred if the sequence number for the destination
Distance vector routing protocol [14] finds in the update is more than the corresponding one
shortest route between nodes of a network using in the routing table entry for that destination. Else
distributed implementation of Bellman–Ford al- if the sequence numbers are equal and the new
gorithm. In this protocol, each router maintains a metric is lower than the corresponding metric in
routing table having an entry for every possible the routing table, the routing table entry corre-
destination within the network. Each entry in the sponding to that destination is updated to reflect
routing table holds a destination identifier, the the new route with lower metric else the update for
distance to the destination in terms of hop count, that destination is ignored. Whenever a broken
also referred to as metric and the identity of the link to a neighbor is encountered, the node sets the
next hop neighbor router on this shortest route to metric for that neighbor as a destination to infinity
the destination. in the corresponding entry and the sequence
When a packet needs to be routed to a desti- number is set to the next odd sequence number
nation node, the table entry for the corresponding and a new route update is created to advertise this
destination is looked up and the packet is routed information. DSDV sends updates both periodi-
to the first hop neighbor router on that route. The cally as well as triggered. These updates can be
neighbor router in turn looks up its entry for the either the whole routing table (full dump) or only
corresponding destination and routes the packet to those table entries which correspond to the desti-
its first hop neighbor on the route to that desti- nations for which route has changed since the last
nation and so on. full dump. A triggered update is sent when either
In order to maintain the consistency and the metric for a destination changes or when the
freshness of the routing tables on each individual sequence number changes. In the later case, it is
nodes, each node periodically transmits a routing called DSDV-SQ.
update to each of its neighbor routers, having data A malicious node may send updates advertising
from its routing table. Each router in turn uses this lower hop count for certain destinations to its
170 S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174
neighboring nodes. The neighbors would be fooled authenticate the entry with hash chain element
into believing that this malicious node has the hkmþj1 . However, this hash chain element is not
shortest path to those destinations, and so they known to the attacker as it is not released yet and
would make this malicious node as the first hop for it cannot be calculated from hkmþj as the hash
routes to those destinations. Thus this malicious function cannot be inverted. Hence any attempt to
node would be able to launch denial of service decrease the metric of a particular routing table
attacks against those destinations by having all entry would be thwarted as the attacker will not
routes to them through itself. It can then selec- have the necessary hash chain element to authen-
tively drop packets and wreak a havoc in the ticate the resulting metric.
network. This is prevented by SEAD which is When a node in SEAD sends a routing update,
discussed next. the node includes one hash value with every entry
in that update. In case of an entry for itself, the
node sets the address to its own node address,
11.1. SEAD metric to zero, the sequence number to its own
sequence number and the hash value to the first
In SEAD [4], the receiver of the routing update element in the group of its own hash chain ele-
authenticates the sender. One-way hash functions ments corresponding to that sequence number. If a
are used to secure routing in SEAD, since they are node lists an entry for some other destination in its
computationally efficient as compared to public update, it sets the destination address to that
key cryptography or secret key paradigms. When a nodeÕs address, the metric and the sequence num-
node sends a routing update about itself (metric 0), ber to the corresponding values in its routing
it uses a single next element from its hash chain. table for that destination node and the hash value
An attacker cannot generate any value in the hash is set to the hash of the hash value of the routing
chain of the node which the node is going to use in update entry from which it learned the route to
the future as it is impossible to invert a one-way that destination. The role played by sequence
hash function. Another node can only increase the number and metric in selecting the hash value
metric in the routing update but cannot decrease for routing update entry prevents any node from
it. For each entry in the routing update for a route advertising a route to a destination claiming a
to some other destination, the hash chain of that greater sequence number than that destinationÕs
destination allows the metric in that entry to be current sequence number due to one-way hash
authenticated by the receiving nodes. SEAD, functions.
through authentication secures the lower bound When a node receives a routing update, de-
on the metric in each update. pending upon the sequence number and metric in
It is assumed that an upper bound can be placed the received entry and the sequence number and
on the diameter of the ad hoc network, and let this metric of the prior authentic hash value for that
bound be denoted my m 1. Thus all metrics in destination, it decides how many times the hash
any routing update are less than m. If a nodeÕs value in the newly received update entry needs to
hash chain sequence is as follows h0 ; h1 ; be hashed so that it should be same as the prior
h2 ; h3 ; . . . ; hn , and n is divisible by m, then for a authentic hash value. If the two hash values are
sequence number i in routing update entry, let found to be equal, the entry is authentic and gets
k ¼ n=m i. If the metric of the route update entry processed else it is dropped.
is j, 0 6 j < m, then the element hkmþj from the SEAD, however, cannot prevent the same dis-
hash chain list is used to authenticate the routing tance attack where a node receives an advertise-
table entry for that sequence number and that ment for a particular sequence number and metric
metric. Suppose an attacker receives a routing and then it readvertises the same sequence number
update having metric j for a particular entry. The and metric. This is because SEAD only secures the
attacker decides to decrease the metric for that lower bound on the metric ensuring the node does
entry to say j 1 then the attacker will have to not reduce the metric.
S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174 171
12. An optimized inter-router authentication scheme neighbor on receiving this challenge, generates a
new challenge for the node which sent it the pre-
Lakshmi and Agrawal [18] present another reply. This new challenge along with the string
classification of attacks on routing protocols––in- obtained by encrypting the earlier challenge is sent
ternal and external attacks. External attacks are by the neighboring node to the node that sent the
launched by nodes which do not belong to the challenge. If the nodes are interacting for the first
network and the internal attacks are launched by time, then certified public keys are also exchanged.
the nodes belonging to the network which have The node then sends the reply and the encrypted
been compromised. new challenge. The authentication would fail if
Lakshmi and Agrawal [18] introduce a low any of the constituent nodes of the route fails to
overhead authentication scheme among ad hoc prove its network membership, i.e., prove the
network nodes, that are being part of an active knowledge of the private key whose counterpart
route. The scheme relies on public key cryptogra- public key is certified by the governing authority.
phy. The scheme assumes the existence of a cen- If the authentication fails, then the node which
tralized governing authority, which is responsible discovers an intruder sends a purgereplyroute
for creation of the ad hoc network and is the only message to all members of the route to erase all
entity that has the system private key. Each node entries for this particular route from their route
in the network is given a private/public key pair by table.
the governing authority along with the systemÕs
public key. The governing body stores the system
private key securely and uses it to sign the public 13. Conclusions
keys of member nodes. The governing authority is
not mobile and is considered to be more trust- We have analytically discussed contemporary
worthy by the member nodes. SRPs for wireless mobile ad hoc networks. A
The authentication scheme is discussed with summary of the key attributes of these protocols
respect to the ad hoc on demand routing proto- is presented in Table 2. We have identified areas
col, AODV. The authentication scheme is applied where some further work needs to be done. Es-
only to the response messages RREP. This effec- pecially the problem of tracking and eliminating
tively reduces the overhead as the response is not misbehaving nodes that are part of an already
flooded but follows only a particular path from existing route and the problem of preventing
the destination to the source. This path or route partitioning of the network. These problems as-
is called the authenticated route. This scheme is sume monumental proportions especially in the
a three-way communication between adjacent case of ad hoc networks as there is no central
nodes on the authenticated route as shown in governing authority. In ad hoc networks, indi-
Fig. 9. vidual nodes act as routers, forwarding packets to
A node sends a pre-reply to its neighbor indi- the nodes in their radio range. If a node is
cating that it wishes to send a reply to the neighbor compromised or fails, then the routes through
node. The pre-reply contains a challenge for the that node are in jeopardy. There is a need for a
neighbor. This challenge is a random string. The mechanism to salvage the routes in case of node
failure or node subversion. The nodes in an
ad hoc are moving and if a node which is con-
stituent of a number of routes moves from its
Pre-Reply + challenge 1 position rendering the routes broken, resulting in
S Encrypt(challenge 1) + D partitioning of the network where one part of the
challenge 2 network is not accessible from the other. The
future research in the field of secure routing
Reply + Encrypt(challenge 2)
should be directed towards ameliorating the
Fig. 9. Three-way communication during route reply. above two problems.
172 S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174
Table 2
A summary of secure routing protocols
Name of protocol Features
Security aware ad hoc routing (a) Classifies nodes into different immutable trust levels.
(b) Route Initiator specifies minimum trust level for a route and only the nodes with that trust
level or higher can participate in the route.
(c) Can be implemented by distributing keys for each trust level.
(d) Not very scalable but has the potential of, precluding malicious nodes from route discovery.
Secure routing protocol (a) This protocol assumes a security association between source and destination nodes.
(b) Intermediate nodes do not need to cryptographically validate the control traffic.
(c) Adds a SRP header to the base routing protocol (DSR or AODV) request packet. SRP header
has three important fields––QSEQ which helps prevent replay of old outdated requests, QID a
random number which helps prevent fabrication of requests, and a SRP MAC which ensures
integrity of the packets in transit.
ARAN (a) Assumes managed-open environment, where there is a possibility for pre-deployment of
infrastructure. Consists of two distinct stages.
(b) The first stage is the certification and end-to-end authentication stage. Here the source gets a
certificate from the trusted certification server, and then using this certificate, signs the request
packet. Each intermediate node in turn signs the request with its certificate. The destination
then verifies each of the certificates, thus the source gets authenticated and so do the inter-
mediate nodes. The destination node then sends the reply along the route reverse to the one in
the request, reply signed using the certificate of the destination.
(c) The second stage is a non-mandatory stage used to discover the shortest path to the desti-
nation, but this stage is computationally expensive.
Watchdog and pathrater (a) Watchdog is a component run on each node. It makes the nodes operate in promiscuous mode
which makes them listen to the transmissions of their one-hop neighbors. Thereby a node can
keep track of which packets were successfully transmitted by the subsequent node and which
were not. So that it can retransmit them. However if the node is dropping all the packets, then
it is considered malicious and its behavior is reported to the ÔpathraterÕ.
(b) Watchdog has some obvious disadvantages. Most obvious of them are––watchdog can be
deceived by two neighboring nodes colluding together and the other being the need of a buffer
to store the transmitted packets until they are transmitted by the subsequent node in the
route.
(c) Pathrater is a component running on each node, which maintains a rating for every other
node in the network. These ratings are used as metrics while selecting a path for data trans-
mission.
ARIADNE (a) ARIADNE prevents attackers/compromised nodes from disrupting uncompromised routes
comprising of benign nodes.
(b) Uses highly efficient symmetric key cryptography.
(c) ARIADNE does not guard against passive attackers eavesdropping on the network traffic.
(d) ARIADNE does not prevent an attacker from inserting data packets.
(e) ARIADNE is vulnerable to active-1-1 attacker that lies along the discovered route, who does
not forward packets and does not generate ERROR if it encounters a broken link.
Secure on-demand routing (a) This protocol attempts to ensure survivability of routes under situations where intermediate
protocol node or group of nodes are known to be malicious.
(b) Instead of laying the blame of a route failure on a single misbehaving node, the protocol
inculpates a link and thus the two nodes forming the link.
(c) Fault detection is carried out through insertion of probes. When a fault is encountered on a
route, the initiator arbitrarily chooses few nodes along the route to be probes. Now these
probes are sent a control message to which they need to send an ÔackÕ. The probe beyond
which the acks do not come through, the interval between this particular probe and the
subsequent probe on the route is considered to be faulty and one more probe is inserted
in between this interval. Again the control messages are sent and again the probes got to
send acks. This whole process repeats till the faulty interval is reduced to a link between two
nodes.
S. Gupte, M. Singhal / Ad Hoc Networks 1 (2003) 151–174 173
Table 2 (continued)
Name of protocol Features
Self securing ad hoc networks (a) The function of a trusted third party certification authority is distributed to individual.
(b) In the localized trust model, a node is trusted if any k (threshold) trusted entities claim so
within a certain time period. These certifying entities are generally the nodeÕs one-hop
neighbors. Once a node is trusted by its local community, it is globally accepted as a trusted
node, otherwise, considered untrustworthy in the entire network.
SEAD (a) One-way hash functions are used to secure routing in SEAD, since they are computationally
efficient as compared to public key cryptography or secret key paradigms.
(b) An attacker cannot generate any value in the hash chain of the node which the node is going
to use in the future as it is impossible to invert a one-way hash function.
(c) Another node can only increase the metric in the routing update but cannot decrease it.
(d) When a node in SEAD sends a routing update, the node includes one hash value with every
entry in that update.
Siddhartha Gupte is currently pursuing bile computing, computer networks, computer security, and
Ph.D. degree in Computer Science at performance evaluation. He has published over 160 refereed
University of Kentucky. His research articles in these areas. He has co-authored three books titled
interests include wireless networks se- ‘‘Data and Computer Communications: Networking and In-
curity, distributed computing and ternetworking’’, CRC Press, 2001, ‘‘Advanced Concepts in
computer security. He finished his Operating Systems’’, McGraw-Hill, New York, 1994 and
Bachelor of Engineering with high first ‘‘Readings in Distributed Computing Systems’’, IEEE Com-
class from University of Mumbai in puter Society Press, 1993. He is a Fellow of IEEE. He is cur-
June 1999. He finished his Master of rently serving in the editorial board of ‘‘IEEE Transactions on
Computer and Information Science Knowledge and Data Engineering’’ and ‘‘IEEE Transactions on
from Cleveland State University in Computers’’. From 1998 to 2001, he served as the Program
December 2000. Director of Operating Systems and Compilers Program at
National Science Foundation.