Abstract
There are three keys to achieve security of ad-hoc network. (1) Secure routing: even through the current routing protocols behave very well with the dynamic topology, very few of them offer enough security measures. (2) Key management: digital signatures and public key encryptions are two important cryptographic schemes to protect data and routing information. The challenge lies on the developers to create the trusted certificate authority. (3) Intrusion detection: due to dynamic changing topology, lack of centralized monitor, management, and security, ad-hoc networks are very vulnerable to intrusion. Ad-hoc networks can not differentiate the malicious node. Thus it is a challenge for the ad-hoc networks to detect intrusion. There are two approaches. The first is secured AODV (SAODV), which uses digital signature to authenticate the non-mutable fields of the messages and uses hash chains to secure the only mutable information, the hop count. The security information related to the digital signatures and the hash chains are transmitted with the AODV message as an extension message. SAODV uses hash chain mechanism to authenticate the hop count which allows every intermediate and destination node to verify the number of hops so that they know that the hop count has not been decremented by any attacking node. To protect the integrity of the non-mutable data, digital signatures are used. In the case of changing/refreshing routes, SAODV signature extension, and SAODV double signature are used. In the secured AODV routing protocol, it is assumed that each node has certified public key for all network nodes which imposes a high processing overhead especially for large networks. It is also possible that an hacked intermediate node advertises high sequence number to pretend that the destination node is its neighbor. Also there is a chance that IP portion of the SAODV traffic can be trivially compromised since it is not protected. The second approach is security aware ad-hoc routing in which it does not discover the shortest path between two nodes, instead it discovers a path with desired security attributes with a shared key for every nodes in a particular path. For this reason, the routing message has to be protected against any kind of alteration. This scheme provides protection of the routing protocol traffic, but it does not eliminate the chance of false routing information provided by malicious nodes. It also adds a lot of encryption overhead, since each intermediate node has to perform it
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call