Authenticated Routing for Ad hoc Networks
Initial work in ad hoc routing has considered only the problem of providing efﬁcient mechanisms for ﬁnding paths in very dynamic networks, without considering security. Because of this, there are a number of attacks that can be used to manipulate the routing in an ad hoc network. In this paper, we describe these threats, speciﬁcally showing their effects on AODV and DSR. Our protocol, named Authenticated Routing for Ad hoc Networks (ARAN), uses public-key cryptographic mechanisms to defeat all identiﬁed attacks. We detail how ARAN can secure routing in environments where nodes are authorized to participate but untrusted to cooperate, as well as environments where participants do not need to be authorized to participate. Through both simulation and experimentation with our publicly-available implementation, we characterize and evaluate ARAN and show that it is able to effectively and efﬁciently discover secure routes within an ad hoc network.
Securing protocols for mobile ad hoc networks presents unique challenges due to characteristics such as lack of predeployed infrastructure, centralized policy and control. In this paper, we make a number of contributions to the design of secure ad hoc routing protocols . First, we describe exploits that are possible against ad hoc routing protocols. We show speciﬁcally that two protocols that are under consideration by the IETF for standardization, AODV  and DSR , although efﬁcient in terms of network performance, are replete with security ﬂaws. Second, we deﬁne and distinguish the heterogeneous environments that make use of ad hoc routing and differ in their assumed pre-deployment and security requirements. This approach is important because satisfying a tighter set of security requirements than an application requires is unwarranted and wasteful of resources.
Third, we propose a secure routing protocol, Authenticated
Routing for Ad hoc Networks (ARAN), that detects and
protects against malicious actions by third parties and peers.
ARAN introduces authentication, message integrity, and nonrepudiation to routing in an ad hoc environment as a part of
a minimal security policy.
This paper represents many reﬁnements and extensions to our original work from research ICNP 2002 . on a campus) though remain untrusted; and where they are unknown to each other and cannot be pre-certiﬁed (e.g., a “rooftop” access point). To our knowledge, ARAN is the ﬁrst proposal for securing ad hoc routing for rooftop networks. We analyze the security of ARAN and evaluate its network performance through measurement of both our publiclyavailable implementation and extensive simulations. We ﬁnd that although there is a greater performance cost to ARAN as compared to DSR or AODV, the increase in cost is minimal and outweighed by the increased security. This paper is organized as follows. Section II presents an overview of recent work on ad hoc network security. Section III describes the security exploits possible in ad hoc routing protocols. Three ad hoc environments and the security requirements of any ad hoc network are deﬁned in Section IV. Section V presents our secure ad hoc routing protocol, ARAN. A security analysis of ARAN is provided in Section VI, while section VII evaluates ARAN through implementation and simulations. Finally, section VIII offers concluding remarks.