Secure Routing and Intrusion Detection in Ad Hoc Networks

Numerous schemes have been proposed for secure routing and intrusion detection for ad hoc networks. Yet, little work exists in actually implementing such schemes on small handheld devices. In this paper, we present a proof-of-concept implementation of a secure routing protocol based on AODV over IPv6, further reinforced by a routing protocol independent intrusion detection system (IDS) for ad hoc networks. Security features in the routing protocol include mechanisms for nonrepudiation and authentication, without relying on the availability of a certificate authority (CA) or a key distribution center (KDC). We present the design and implementation details of our system, the practical considerations involved, and how these mechanisms can be used to detect and thwart malicious attacks. We discuss several scenarios where the secure routing and intrusion detection mechanisms isolate and deny network resources to nodes deemed malicious. We also discuss shortcomings in our approach, and conclude with lessons learned and ideas for future work

[1]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[2]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[3]  Charles E. Perkins,et al.  Highly dynamic Destination-Sequenced Distance-Vector routing (DSDV) for mobile computers , 1994, SIGCOMM.

[4]  M. S. Corson,et al.  A highly adaptive distributed routing algorithm for mobile wireless networks , 1997, Proceedings of INFOCOM '97.

[5]  Stephen Deering,et al.  Internet Protocol Version 6(IPv6) , 1998 .

[6]  Wenke Lee,et al.  Intrusion detection in wireless ad-hoc networks , 2000, MobiCom '00.

[7]  Robin Kravets,et al.  Security-aware ad hoc routing for wireless networks , 2001, MobiHoc '01.

[8]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[9]  Gabriel Montenegro,et al.  Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses , 2002, NDSS.

[10]  Udo W. Pooch,et al.  Cooperative security-enforcement routing in mobile ad hoc networks , 2002, 4th International Workshop on Mobile and Wireless Communications Network.

[11]  Yih-Chun Hu,et al.  Rushing attacks and defense in wireless ad hoc network routing protocols , 2003, WiSe '03.

[12]  Yu-Chee Tseng,et al.  Secure bootstrapping and routing in an IPv6-based ad hoc network , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[13]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[14]  Karl N. Levitt,et al.  A specification-based intrusion detection system for AODV , 2003, SASN '03.

[15]  Udo W. Pooch,et al.  Alert aggregation in mobile ad hoc networks , 2003, WiSe '03.

[16]  Panagiotis Papadimitratos,et al.  Secure link state routing for mobile ad hoc networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[17]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2003, Ad Hoc Networks.

[18]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[19]  William A. Arbaugh,et al.  Bootstrapping security associations for routing in mobile ad-hoc networks , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[20]  Stephen E. Deering,et al.  Internet Protocol Version 6 (IPv6) Addressing Architecture , 2003, RFC.

[21]  Anupam Joshi,et al.  On intrusion detection and response for mobile ad hoc networks , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[22]  Anupam Joshi,et al.  On Intrusion Detection in Mobile Ad Hoc Networks , 2004 .

[23]  Qing Li,et al.  IPv6 Addressing Architecture , 2006 .

[24]  Manel Guerrero Zapata Secure Ad hoc On-Demand Distance Vector (SAODV) Routing , 2006 .

[25]  Victor C. M. Leung,et al.  Secure Routing for Mobile Ad Hoc Networks , 2006 .