Security of Ad Hoc Network

Zhou Yajian Yang Yixian

（Beijing University of Posts and

Telecommunications, Beijing 100876, China）

Abstrac t:An Ad hoc network is composed of wireless mobile nodes.Because there is no other wired infrastructure such as base stations,the ad hoc network,unlike other wireless networks such as Wireless Local Area Network（WLAN）,has to face attacks from both the control plane and the data plane.Ad hoc should ensure the routing security on the control plane,and the secure forwarding of packets on the data plane.The distributed network protocol should operate safely,and peer-to-peer nodes should have trusting relations for each other.For this purpose,a complete security solution should include three parts:security on the control plane,security on the data plane,and security of key management.

1 Introduction to Ad Hoc Network

T he Ad hoc network is a network where mobile nodes are all wirelessly connected.It is characterized by dynamics and limited bandwidth.The elements in an ad hoc network may be of a single type,or a mixture of severaltypes,like notebook Personal Computers（PC）,Personal Digital Assistants（PDA）and mobile phones,for examples.Figure 1 illustrates a hybrid Ad hoc network.

In an ad hoc network,multihops may be required for routing from one node to another.Because there are no fixed routers in the network,each node,in addition to its basic function,has to act as a router to forward the packets of other nodes.With a completely distributed architecture,the network assigns all of its network management and organization-related tasks to each node.These characteristics give ad hoc networks unique advantages and a promising application prospect.On the other hand,they pose difficulties and challenges in the research and application of ad hoc networks,one of which is information security.

2 Security Threats in Ad Hoc Network

Due to the openness of their radio channels,wireless networks face some common security threats.The Ad hoc network,one type of wireless network,is challenged with these threats,too.All these threats can be classified into three main categories.The first category targets the network itself,with the purpose of disrupting the normal functions of the network.The attacks in this category include channel jamming,unauthorized access and traffic analysis.The second category attacks communication links aimed to damage confidentiality and integrity of end-to-end communication.These attacks include eavesdropping,message forgery,message replay,man-in-the-middle attack and session hijacking.The third category of attacks,such as power and timing attacks,aims at the mobile terminals to damage or illegally use them.For more information on these attacks,please consult the first listed reference at the end of this article.

Currently,the main techniques used to defend the network from the above threats include mutual authentication,access control,data confidentiality,data integrity,freshness check and non-repudiation［2］.These security strategies work in different layers of the TCP/IPprotocol stack.

▲Figure 1. An Ad hoc network.

Unlike other wireless networks（e.g.,Wireless Local Area Network or WLAN）,ad hoc networks face a new set of security threats due to their infrastructure-less nature,especially at the network layer.Since there is no guarantee that a path between two nodes would be free of malicious nodes attempting to harm the network operation by attacking the control or data plane,the security vulnerabilities of ad hoc networks are present not only in each single-hop wireless link,but also in each multi-hop forwarding path.

The network layer security threats against ad hoc networks falls into two categories［3］:control plane attacks and data plane attacks.To ensure that a packet is securely transmitted from one node to another,an ad hoc network needs to secure both the routing in the control plane and the forwarding operations in the data plane from any attacks.Accordingly,a complete solution to achieve this goal should cover three aspects:control-plane security,data-plane security,and key management.

3 Control Plane Security

The main approach used by the attacker to attack the control plane of an ad hoc network is to advertise false routing information,which damages the routing between nodes.It aims at the routing protocols being used by the network.Consequently,in the control plane security design,the critical fields（e.g.,hop count,source route）in the routing message are required to be authenticated in order to secure the routing of an ad hoc network.Currently,there are three popular message authentication primitives:keyed-Hash Message Authentication Code（HMAC）,one-way key chain and digital signature.

3.1 Authentication, Authorization and Accounting （AAA）

Besides authentication,authorization is also needed to avoid allowing a malicious host to wreak havoc inside the network.This can be prevented by keeping controlof what hosts are allowed to do inside the ad hoc network.In ad hoc networks,individual mobile hosts are providing service to each other,which gives rise to accounting.

However,ad hoc networks and general AAA systems do not fit well together［4］.The basic problem here is that the general AAA model is a centralized trust model,whereas the ad hoc network structure is decentralized.There is a need for some other kinds of methods to achieve the AAA functionality.One approach to provide authentication and authorization functionality in ad hoc networks is to use trust management-based approaches such as PolicyMaker or Keynote,which are decentralized by nature and can provide the requested functionality in ad hoc networks quite easily.Also,other protocols such as Simple Authentication and Security Layer（SASL）or Internet Security Association and Key Management Protocol/Internet Key Exchange（ISAKMP/IKE）can be used to provide the authentication functionality.Ad hoc networks probably need decentralized models or some other approaches to provide the AAA functionality.

3.2 Distance Vector Routing

This type of routing protocol performs route computation on a per-destination network basis,and it maintains information about the second-to-the-last network with distance information from each neighbor to every destination in the network.To ensure the authenticity and integrity of the information,the routing message digital signature and sequence numbers are employed.Countermeasures work in these ways［4］:

（1）Routing Message Sequence Number A sequence number is included in each routing message,which is set to zero at the initialization of a newly booted router,and is increased after each message.On detection of a skipped or repeated sequence number,a reset of the session is forced by the reinitialization of the routing process.The size of this sequence number is made large enough to minimize the chance of cycling back to zero.

（2）Routing Message Digital Signature

Each routing message is digitally signed by the sender.This provides authenticity and some degree of integrity（protection from message modification but not from replay）of the routing dialog.Upon detection of corruption,the message is dropped.

3.3 Link State Routing

To secure the link state routing protocols such as Open Shortest Path First（OSPF）,the main challenge is to prevent the forgery of non-existent links by the attacker.

3)執行情況檢查(C)：在成本控制執行過程中，實時收集和掌握成本控制數據和信息，對成本控制執行情況進行動態分析和前景預測，對執行情況進行績效考核和激勵，動態和前瞻性地監控成本管理的進展，確保項目投資在成本控制總目標內進行。

Murphy and Badger［5］have proposed a digital signature scheme to protect the OSPFrouting protocol.The basic idea of this scheme is to add a digital signature to each OSPFLink State Advertisements（LSA）packet and use message digest（such as keyed MD5）to protect all exchanged messages.The originator of the LSA will sign the message,and the signature willstay with the data during the OSPFflooding process,thus protecting the message integrity and providing authentication for LSA data.

The key management and distribution also make use of a type of signed LSA.

4 Data Plane Security

The data plane security should ensure each node forwards packets in accordance with its routing table.Unlike the controlplane,the data plane cannot be protected simply by way of encryption because many attacks targeting the forwarding process cannot be prevented.For example,an attacker may drop any packets passing through the data plane,no matter how well the packets are protected;and the attacker can also replay previous packets or forward forged packets.Therefore,the security solution for the data plane takes a reactive approach.The core of the approach are a detection technique and a reaction scheme.

Assuming a shared medium,bidirectional links,the use of source routing（i.e.,packets carry the entire route that becomes known to all intermediate nodes）,and no colluding malicious nodes exist,each node may choose the＂best＂route,which is comprised of well-behaved nodes（i.e.,nodes that do not have a history of avoiding forwarding packets along established routes）.Nodes operating in the promiscuous mode overhear the transmissions of their successors and may verify whether or not the packet was forwarded to the downstream node,and check the integrity of the forwarded packet.Upon detection of a misbehaving node,a report is generated,and nodes update the rating of the reported misbehaving node.The rating of a node in a well-behaved route periodically rises while receiving a misbehavior alert dramatically decreases the node rating.When a new route is required,the source node calculates a path metric equal to the average rating of the nodes in each route response,and selects the route with the highest metric.

5 Security of Key Management

Like in other distributed systems,the security in Ad hoc networks largely depends on a proper key management system.The key management system often involves the following aspects［6］:

·Trust Model:The trust model is used to determine the types of trusted elements in the network.It varies with network environment and application.Besides,the trust relationship between different types of elements has direct impacts on the network's key management system.

·Key Creation and Distribution:The elements allowed to generate keys and the owners of the keys must be determined.At the same time,the key management service must ensure the generated keys are securely distributed to their owners,ensuring confidentiality,integrity and availability,through the key distribution process.Because the topology of an Ad hoc network frequently changes,adopting either a single Certificate Authority（CA）or hierarchy CAs has hidden security problems.In recent years,the threshold cryptography-based key management service has become an effective method for achieving distributed trust due to its efficient security performance.However,the service delay problem is stillnot solved in this service.

·Key Storage:The key storage involves the methods used in key management services to store the secret keys.

6 Conclusions

Unlike other wireless networks like WLAN,the Ad hoc network dose not have any reliable infrastructure;so,its security issues focus on how to ensure the distributed network protocols to be securely operated,and how to establish trust relationships between peer nodes.Addressing these issues largely depends on a secure route and a robust key management mechanism.The routing security problem is often solved with message authentication technologies in the control plane.However,the key management mechanism is relatively complicated because it has to manage the required key information in a self-organizing way.

Therefore,the threshold cryptography-based key management service is probably a good solution for this problem.