An end-to-end approach to secure routing in MANETs

SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks. 2010; 3:130–149 Published online 23 June 2009 in Wiley InterScience (www.interscience.wiley.com) DOI: 10.1002/sec.121 An end-to-end approach to secure routing in MANETs Stephen Dabideen 1∗,† , Bradley R. Smith 1 and J. J. Garcia-Luna-Aceves 1,2 Department of Computer Engineering University of California, 1156 High Street, Santa Cruz, CA 95064, U.S.A. Palo Alto Research Center (PARC), 3333 Coyote Hill Road, Palo Alto, CA 94304, U.S.A. Summary Providing secure routing in mobile ad hoc networks (MANETs) is far more difficult than establishing secure routing in wired networks or static wireless networks. Node mobility and the relative scarcity of bandwidth render prior solutions ineffective. Solutions based on securing link or path information do not work well in MANETs because the dynamic nature of links requires extensive use of flooding to establish effective countermeasures. On the other hand, solutions based on hop-by-hop exchanges of distance information are easily compromised. Instead of trying to secure the ordering of nodes, we argue that secure routing in MANETs must be based on the end-to-end verification of physical-path characteristics aided by the exploitation of path diversity to increase the probability of finding secure paths. We apply this approach to the design of the Secure Routing through Diversity and Verification (SRDV) protocol, a secure routing protocol that we show to be as efficient as unsecured on-demand or proactive routing approaches in the absence of attacks. We prove that the countermeasures used in SRDV can defend against a variety of known attacks to routing protocols, including attacks involving collusion, and the fabrication and modification of routing packets. We also show the effectiveness of the end-to-end mechanisms via simulations. Copyright © 2009 John Wiley & Sons, Ltd. KEY WORDS: security; ad-hoc networks; end-to-end Introduction Many security solutions have been proposed for rout- ing protocols in mobile ad hoc networks (MANETs); however, to the best of our knowledge, a complete and efficient solution to secure routing in MANETs has not yet been attained. We argue that this is due to the inter- play between signaling packets and data packets, as well as the dynamic nature of MANETs. On-demand or proactive routing protocols based on the distributed computation of distances to destinations must disseminate signaling packets in which the rout- ing metric to destinations is modified on a hop-by-hop Correspondence to: Stephen Dabideen, SOEGRAD 1156 High Street, Santa Cruz, CA 95064, U.S.A. E-mail: dabideen@soe.ucsc.edu basis, so that nodes order themselves with respect to destinations according to the routing metric (e.g., hop count). This empowers adversaries in a MANET to perform attacks by using false distance information to disrupt the ordering nodes try to establish for different destinations. This is especially problematic when nodes act in collusion with other nodes [1]. Because of the problems in securing distance-based routing protocols, most previous approaches to secure routing in MANETs have focused on securing entire paths from source to destination or have each node along the path secure the link it intends to use (e.g., References [2,3]). However this is not a viable approach for large Copyright © 2009 John Wiley & Sons, Ltd.