LHAP: A lightweight network access control protocol for ad hoc networks

Abstract Most ad hoc networks do not implement any network access control, leaving these networks vulnerable to resource consumption attacks where a malicious node injects packets into the network with the goal of depleting the resources of the nodes relaying the packets. To thwart or prevent such attacks, it is necessary to employ authentication mechanisms to ensure that only authorized nodes can inject traffic into the network. We propose LHAP, a hop-by-hop authentication protocol for ad hoc networks. LHAP resides in between the network layer and the data link layer, thus providing a layer of protection that can prevent or thwart many attacks from happening, including outsider attacks and insider impersonation attacks. Our detailed performance evaluation shows that LHAP incurs small performance overhead and it also allows a tradeoff between security and performance.

[1]  L. B. Milstein,et al.  Theory of Spread-Spectrum Communications - A Tutorial , 1982, IEEE Transactions on Communications.

[2]  L. Kleinrock,et al.  Packet Switching in Radio Channels: Part II - The Hidden Terminal Problem in Carrier Sense Multiple-Access and the Busy-Tone Solution , 1975, IEEE Transactions on Communications.

[3]  Donal O'Mahony,et al.  Secure routing for mobile ad hoc networks , 2005, IEEE Communications Surveys & Tutorials.

[4]  Yih-Chun Hu,et al.  Rushing attacks and defense in wireless ad hoc network routing protocols , 2003, WiSe '03.

[5]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[6]  Alfred Menezes,et al.  PGP in Constrained Wireless Devices , 2000, USENIX Security Symposium.

[7]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[8]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.

[9]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[10]  John S. Baras,et al.  Detection and prevention of MAC layer misbehavior in ad hoc networks , 2004, SASN '04.

[11]  Yunghsiang Sam Han,et al.  A pairwise key pre-distribution scheme for wireless sensor networks , 2003, CCS '03.

[12]  Markus Jakobsson,et al.  Almost Optimal Hash Sequence Traversal , 2002, Financial Cryptography.

[13]  Charles E. Perkins,et al.  Highly dynamic Destination-Sequenced Distance-Vector routing (DSDV) for mobile computers , 1994, SIGCOMM.

[14]  S. Zhu,et al.  GKMPAN: an efficient group rekeying scheme for secure multicast in ad-hoc networks , 2004, The First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004..

[15]  Yih-Chun Hu Packet Leashes : A Defense against Wormhole Attacks in Wireless Ad Hoc Networks , 2001 .

[16]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[17]  Shouhuai Xu,et al.  Establishing pairwise keys for secure communication in ad hoc networks: a probabilistic approach , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[18]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[19]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2002, Proceedings Fourth IEEE Workshop on Mobile Computing Systems and Applications.

[20]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[21]  Wenyuan Xu,et al.  Channel surfing and spatial retreats: defenses against wireless denial of service , 2004, WiSe '04.

[22]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, ACM Trans. Inf. Syst. Secur..

[23]  M. Scott Corson,et al.  A highly adaptive distributed routing algorithm for mobile wireless networks , 1997, Proceedings of INFOCOM '97.

[24]  Voon Chin Phua,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1999 .

[25]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[26]  Claude Crépeau,et al.  A certificate revocation scheme for wireless ad hoc networks , 2003, SASN '03.

[27]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[28]  He Huang,et al.  An approach to certificate path discovery in mobile Ad Hoc networks , 2003, SASN '03.

[29]  Theodore S. Rappaport,et al.  Wireless communications - principles and practice , 1996 .

[30]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[31]  Y. C. Tay,et al.  Ad hoc Multicast Routing protocol utilizing Increasing id-numberS (AMRIS) Functional Specification , 1999 .

[32]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[33]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[34]  Robin Kravets,et al.  Security-aware ad hoc routing for wireless networks , 2001, MobiHoc '01.

[35]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[36]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[37]  Michalis Faloutsos,et al.  Denial of service attacks at the MAC layer in wireless ad hoc networks , 2002, MILCOM 2002. Proceedings.

[38]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[39]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[40]  Donggang Liu,et al.  Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks , 2002, NDSS.

[41]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[42]  Tomasz Imielinski,et al.  Mobile Computing , 1996 .

[43]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[44]  Yunghsiang Sam Han,et al.  A pairwise key predistribution scheme for wireless sensor networks , 2005, TSEC.