Towards provable security for ad hoc routing protocols

We propose a formal framework for the security analysis of on-demand source routing protocols for wireless ad hoc networks. Our approach is based on the well-known simulation paradigm that has been proposed to prove the security of cryptographic protocols. Our main contribution is the application of the simulation-based approach in the context of ad hoc routing. This involves a precise definition of a real-world model, which describes the real operation of the protocol, and an ideal-world model, which captures what the protocol wants to achieve in terms of security. Both models take into account the peculiarities of wireless communications and ad hoc routing. Then, we give a formal definition of routing security in terms of indistinguishability of the two models from the point of view of honest parties. We demonstrate the usefulness of our approach by analyzing two "secure" ad hoc routing protocols, SRP and Ariadne. This analysis leads to the discovery of as yet unknown attacks against both protocols. Finally, we propose a new ad hoc routing protocol and prove it to be secure in our model.

[1]  John C. Mitchell,et al.  Probabilistic Polynomial-Time Equivalence and Security Analysis , 1999, World Congress on Formal Methods.

[2]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[3]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2003, Ad Hoc Networks.

[4]  Birgit Pfitzmann,et al.  A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol , 2003, IEEE Journal on Selected Areas in Communications.

[5]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[6]  John Marshall,et al.  An Analysis Of The Secure Routing Protocol For Mobile Ad Hoc Network Route Discovery: Using Intuitiv , 2003 .

[7]  Victor C. M. Leung,et al.  Secure Routing for Mobile Ad Hoc Networks , 2006 .

[8]  Yih-Chun Hu,et al.  A survey of secure wireless ad hoc routing , 2004, IEEE Security & Privacy Magazine.

[9]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[10]  N. Asokan,et al.  Securing ad hoc routing protocols , 2002, WiSE '02.

[11]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[12]  Silvio Micali,et al.  Secure Computation (Abstract) , 1991, CRYPTO.

[13]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[14]  Ran Canetti,et al.  Studies in secure multiparty computation and applications , 1995 .

[15]  Joshua D. Guttman,et al.  Security Goals: Packet Trajectories and Strand Spaces , 2000, FOSAD.

[16]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[17]  John S. Baras,et al.  Modeling vulnerabilities of ad hoc routing protocols , 2003, SASN '03.

[18]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[19]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[20]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[21]  Wenbo Mao,et al.  Modern Cryptography: Theory and Practice , 2003 .

[22]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[23]  Zygmunt J. Haas,et al.  The Interzone Routing Protocol (IERP) for Ad Hoc Networks , 2002 .

[24]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[25]  Joshua D. Guttman,et al.  The faithfulness of abstract protocol analysis: message authentication , 2001, CCS '01.

[26]  Martín Abadi,et al.  Rejoinder to Nessett , 1990, OPSR.