Secure position-based routing protocol for mobile ad hoc networks

Ad Hoc Networks 5 (2007) 76–86

www.elsevier.com/locate/adhoc

Secure position-based routing protocol formobile ad hoc networks

Joo-Han Song a, Vincent W.S. Wong b,*, Victor C.M. Leung b

a 4G System Laboratory, Samsung Electronics, Republic of Koreab Department of Electrical and Computer Engineering, The University of British Columbia, Vancouver, BC, Canada

Available online 27 June 2006

Abstract

In large and dense mobile ad hoc networks, position-based routing protocols can offer significant performance improve-ment over topology-based routing protocols by using location information to make forwarding decisions. However, thereare several potential security issues for the development of position-based routing protocols. In this paper, we propose asecure geographic forwarding (SGF) mechanism, which provides source authentication, neighbor authentication, andmessage integrity by using both the shared key and the TIK protocol. By combining SGF with the Grid Location Service(GLS), we propose a Secure Grid Location Service (SGLS) where any receiver can verify the correctness of locationmessages. We also propose a Local Reputation System (LRS) aiming at detecting and isolating both compromised andselfish users. We present the performance analysis of both SGLS and LRS, and compare them with the original GLS.Simulation results show that SGLS can operate efficiently by using effective cryptographic mechanisms. Results also showthat LRS effectively detects and isolates message dropping attackers from the network.� 2006 Elsevier B.V. All rights reserved.

Keywords: Ad hoc wireless networks; Location service; Geographic forwarding; Position-based routing protocol; Security

1. Introduction

Current research on Mobile Ad hoc NETwork(MANET) mainly focuses on topology-based rout-ing protocols, including both proactive and reactive(on-demand) approaches [1]. When network topo-logy changes frequently or the network sizeincreases, some of these protocols may incur a sig-

1570-8705/$ - see front matter � 2006 Elsevier B.V. All rights reserved

doi:10.1016/j.adhoc.2006.05.010

* Corresponding author. Tel.: +1 604 827 5135; fax: +1 604 8225949.

E-mail addresses: [email protected] (J.-H. Song),[email protected] (V.W.S. Wong), [email protected](V.C.M. Leung).

nificant amount of routing control overhead.Recent research has shown that position-basedrouting protocols can be good alternatives to topol-ogy-based routing protocols in large and denseMANETs [2]. By using Location Information (LI),position-based routing protocols avoid the floodingof control traffic. An intermediate node only needsto know its own position and the positions of itsneighboring nodes to make a message forwardingdecision. The message is forwarded to a neighborthat is geographically closest to the destination[3–5]. To implement a position-based routing proto-col, information about the geographical location ofeach destination must be available. Each node can

.

mailto:[email protected]



global origin

order-1

order-3

order-2

D

S

LS1

LS22

9

11

16

23

6

9

2

6

location querypath

location updatepath

location tablecontent

11 2

23 2

Fig. 2. Location update and query in GLS.

J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86 77

determine its own position by using the Global Posi-tioning System (GPS), or its relative position byusing GPS free positioning methods [6]. In addition,a location service [7–9] is used by the sender to deter-mine the location of the destination. Each node mayhave a location table to store the position informa-tion of other nodes.

In position-based routing, the forwarding deci-sion is based on LI contained in messages. Attackerscan alter the LI in messages to disrupt the operationof a unicast forwarding scheme (i.e., message tam-

pering attack). As shown in Fig. 1(a), assume twopaths exist between B and A via C (i.e., path BCEAand path BCFDEA). When a node C receives amessage m from B, it can modify the LI of A andforward modified message m 0 to other colludingnode D via node F. When node D receives m 0, it willreturn re-modified message m00 to C again, and soon. This makes a routing loop where messages tra-verse nodes in a cycle without being relayed to thereal destination A.

The Grid Location Service (GLS) [7] is a distrib-uted location service which calls for nodes to main-tain location of specific subsets of the nodes based

(a)

m

m’

m’

m’’

m’’

B

DF

AEC

(b)

LULU’LU’D ACLS

(c)

LQ

LR’LULU

LQ’

D

ACLSB

’

Fig. 1. (a) Loop generation by changing location information(b) message tampering against location update process; and (c)message tampering against location query process.

;

on the node’s identifier (ID) as shown in Fig. 2.GLS divides the area that contains a MANET intoa hierarchy of squares. Each node periodicallybroadcasts a list of neighbors using a HELLO mes-sage. Therefore, each node can maintain a table ofimmediate neighbors as well as each neighbor’sneighbors. Each entry in the table includes thenode’s unique ID, location, speed, and a timestamp.Each node recruits nodes with IDs ‘‘close’’ to itsown ID to serve as its Location Servers (LSs) (i.e.,least ID greater than A) by sending LocationUpdate (LU) messages as shown in Fig. 2. Whenan attacker C receives the LU message of node A

(see Fig. 1(b)), it can modify the LI of A and for-ward this modified message LU 0 to its neighbors(i.e., message tampering attack). Moreover, anattacker D can impersonate A, and generate a falsi-fied message LU00 with the latest timestamp (i.e., fal-

sified message injection attack). As a result, even asingle attacker D can cause other nodes to fail tofind a route to A if they are more than one hop awayfrom A.

To perform a location discovery, node B sends aLocation Query (LQ) message using a geographicforwarding [4] mechanism to the node with leastID greater than A, for which B has the LI. Eventu-ally, the LQ message may reach an LS of A, whichwill forward the LQ message to A. Since the LQmessage contains A’s LI, B can respond directly toA by sending a Location Reply (LR) message. Asshown in Fig. 1(c), if LS is compromised, it can dis-rupt the location discovery process. By attaching thefake LI of A (i.e., falsified message injection attack),a modified LQ 0 message may be forwarded to node

78 J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86

D. As far as other nodes are concerned, the locationservice is functioning normally. Therefore, thisattack cannot be detected by providing either senderauthentication or message integrity. This attack isonly feasible by compromised users.

The objective of this paper is to provide securitymechanisms for both data and control messages inposition-based routing protocols. The main contri-butions of this paper are as follows [10]:

1. We propose a secure geographic forwarding(SGF) mechanism that incorporates both theHashed Message Authentication Code (MAC1)[11] and the Timed Efficient Stream Loss-tolerantAuthentication (TESLA) [12] with Instant Keydisclosure (TIK) [13] protocol. In combinationwith SGF, we propose a Secure Grid LocationService (SGLS) where any receiver can verifythe correctness of location messages. To detectand isolate both compromised and selfish users,the Local Reputation System (LRS) is integratedwith the Grid Location Service (GLS) [7].

2. We present simulation results to show that in thepresence of message dropping attackers, GLSwith LRS continues to maintain a high messagedelivery ratio at the expense of a slightly higheraverage end-to-end delay and routing overheadwhen compared to the GLS without LRS. Inaddition, results show that SGLS can operateefficiently by using effective cryptographicmechanisms.

This paper is organized as follows. Section 2describes our proposed SGF mechanism. The pro-posed SGLS is presented in Section 3. The integra-tion of LRS into GLS is explained in Section 4. Theperformance comparisons are presented in Section5. Conclusions are given in Section 6.

2. Secure geographic forwarding (SGF)

2.1. Network environments and assumptions

Our proposed secure protocols aim to protect thenetwork layer from attackers. Our proposedschemes work under several assumptions as follows:

1 The acronym ‘‘MAC’’ refers to the Message AuthenticationCode. To avoid confusion, the term ‘‘Medium Access Control’’ iswritten out in full.

1. The network links are bi-directional. That is, ifnode A is able to transmit to node B, then B isalso able to transmit to A.

2. The wireless interface supports promiscuousmode operations. That is, each node can receivea copy of the messages being transmitted byother nodes within its receiving range.

3. All nodes have tightly synchronized clocks withthe maximum synchronization error of D.

4. A public key infrastructure exists in the MANETunder consideration. Each mobile node stores thetrusted Certification Authority (CA)’s public key.

We distinguish two main forwarding strategies:greedy forwarding (i.e., unicast) [4] and directional

flooding (i.e., broadcast) [5]. In this section, weassume that the source node has already obtainedthe position information of the destination. Thefollowing notations are used in this paper:

1. KTIA ðjÞ [or KTE

A ðjÞ] denotes the TIK (or TESLA)key of node A at the jth time interval; KAB

denotes the shared secret key between nodes A

and B; and KA denotes the private key of node A.2. MACK(M) denotes the MAC of message M with

a symmetric key K using the Hashed MAC algo-rithm [11].

3. SignK(M) denotes the digital signature of a mes-sage M with the private key K using the publickey cryptography [14].

2.2. Secure geographic forwarding for unicast

messages

We propose the use of MAC computed over thenon-mutable part (e.g., LI of a destination) of uni-cast messages with the pair-wise shared secret keybetween the source and destination. Since interme-diate nodes do not have the shared secret key withthe source node, they cannot verify the non-mutablepart of messages. This allows a compromised user tobe able to modify the non-mutable part of messagesto disrupt the operation of position-based routingprotocol. To prevent this attack, source node canuse the digital signature over the non-mutable partwith its own private key instead of MAC. However,implementing a mechanism to sign the non-mutableparts of all data and control messages may intro-duce too much overhead. In our scheme, wepropose the use of a reputation system (see Section4) to detect and isolate message tampering and drop-


ping attackers instead of using expensive digitalsignatures.

We propose to use the TIK protocol [13] withtight time synchronization to authenticate a previ-ous forwarding node to prevent malicious usersfrom joining a path and to avoid a message replay

attack. Based on the third assumption stated in Sec-tion 2.1, each node can estimate the TIK key expira-tion interval t_{disclosure}. In addition, every nodehas its own one-way key hash chain.

Our proposed SGF mechanism works as follows.When a source node S sends a message via its neigh-bor to a destination D, each intermediate node i

(i.e., sender) forwards the following message:

hMACKTIi ðjÞ½MikN SkMACKSD ðN SÞ�;MACKSD ðN SÞ;Mi;N S ;KTI

i ðjÞi

where Mi represents the mutable part of messagefrom sender i, and NS represents the non-mutablepart of message from source S. The notation i isequal to S when the sender is a source node itself.The sender i discloses the key KTI

i ðjÞ at the end ofthe same message. Fig. 3 shows the timelines ofsending and receiving a SGF message between twoneighbors. Time ti indicates the time when sender istarts transmitting the message, and time ti +t_{disclosure} is the disclosure time for key KTI

i ðjÞ.Because of the time synchronization, when the

neighbor receives the message portion MACKTIi ðjÞ

½MikNSkMACKSDðNSÞ�, it can verify that the senderi has not started sending the corresponding keyKTI

i ðjÞ if the following condition is satisfied:

t fdisclosureg 6 s� Dþ Q=r ð1Þ

where s is the propagation delay, Q is the size of themessage excluding KTI

i ðjÞ, and r is the transmissionrate. As the receiver knows the expiration time foreach key and the sender i only discloses the key afterit expires, the attackers cannot guess the value ofKTI

i ðjÞ. Therefore, if the message authentication ver-

message (M)

Time at sender

Time at receiver

ti

)( Δ++≤ τit

Sender

Receiver

)( jK TIi

MAC

)( jK TIi

MACSDKMAC

)( Δ+≤ it

SDKMAC

Fig. 3. Secure geographic forwar

ifies correctly once the receiver later receives theauthentic key KTI

i ðjÞ, the message must have origi-nated from the claimed sender. Since only thesender knew the key KTI

i ðjÞ, at the time when thereceiver received the message, other nodes cannotforge a new message with the correct MAC. Finally,when destination D receives this message, it can ver-ify the authenticity of the message by comparing thereceived MACKSDðN SÞ to the MAC value that iscomputed over the received message NS with thesecret key KSD it shares with the source node S.Each node re-establishes its authentic TIK key everyth-second with its neighbors by piggybacking on aHELLO message of SGLS.

Note that although there are several forwardingstrategies, they all forward a given message to onlyone optimal neighboring node based on its optimi-zation criterion. Therefore, our proposed SGF canbe applied to any of these forwarding schemes with-out any modification.

3. Secure grid location service

In this section, we describe our proposed SGLSprotocol based on SGF. SGLS provides severalsecurity mechanisms to the original GLS. Fig. 4summarizes the operation of SGLS in combinationwith SGF. The general concept of our proposedSGF presented in Section 2.2 can generally beapplied to any unicast message such as LQ, LR,and LE messages of GLS.

3.1. Secure location update and query between

destination and location server

Unlike other messages, the LU message has noassigned destination address field in it. Thus, it isimpossible to provide a source authentication witha symmetric secret key. When a source node sends

KiTI(j)

message (M) KiTI(j)

ti + t_{disclosure }

)/( rQti +Δ++≤ τ

ding of a unicast message.

D LS S

M3 (query) M2 (query)

M1 (update)M4 (reply)

>=< TDUPDATEK KNSignhM

D),(,UPDATE,11

where )](,UPDATE[1 UPDATEKKNSignMACh

DTD

=

>=< TSQUERYK KNMAChM

SD),(,QUERY,22

where )](,QUERY[2 QUERYKKNMACMACh

SDTS

=

>=< TILSUPDATEKQUERYK KNSignNMAChM

DSD),(),(,QUERY,33

where )](,QUERY[3 QUERYKKNMACMACh

SDTILS

=

>=< TDREPLYK KNMAChM

SD),(,REPLY,44

where )](,REPLY[4 REPLYKKNMACMACh

SDTD

=

Fig. 4. Location update and query in SGLS where UPDATE, QUERY, and REPLY denote the original GLS’s location update, locationquery, and location reply message, respectively; NX represents the non-mutable fields of message X.


an LQ message to one of node D’s LSs, LS can dis-rupt the location discovery process by attaching thefake LI of D to the LQ message. To protect the LUmessage, a destination node D attaches the digitalsignature computed over the non-mutable part(e.g., LI of a destination) of an LU message. Atthe same time, the TIK protocol is used for neighbor

authentication as described in Section 2.2.After receiving a valid LU message from D, LS

stores the digital signature of D in its location table.When the LQ message generated by S toward D

arrives at this LS, the LS can prove that it has thevalid LI of D by attaching D’s digital signature fromits location table to the LQ message. Thus, LS canprovide an LI authentication to all intermediatenodes along the path to D (see Fig. 4). In ourproposed scheme, the lifetime value is also digitallysigned together with the LI of D to avoid unex-pected changes.

3.2. Secure location query from source to location

server

A location query can fail when an intermediatenode is either compromised or selfish. To solve thisproblem, we propose to include the LI of the brokenlink in an LE message. Note that if a compromisednode modifies its own LI, it will be detected by itsneighbor’s local reputation system (see Section 4).When S receives this message, it can avoid thesuspicious node by indicating the level of hierarchyand the location of the square to forward the nextLQ message. For example, when S receives the LEmessage from LS2 located in the order-2 squareon the left bottom in Fig. 2, S will search theorder-2 square on the right bottom first in its nextlocation discovery process.

3.3. Secure exchange of HELLO messages

In GLS, each node maintains a table of its imme-diate neighbors as well as each neighbor’s neigh-bors. The one-hop neighbor’s LI can be verifiedby using a location verification technique [6], andthe TIK protocol can be used for neighbor authenti-

cation. However, the LI about a neighbor’s neigh-bors cannot be verified by using these techniquessince they are out of the transmission range of theverifier.

We propose to use the TESLA [12] broadcastauthentication method to verify the LI of two-hopneighboring nodes. For example, a node A includestwo additional fields in a HELLO message:hMACKTE

A ðjÞðLIAÞ;KTE

A ðj� 1Þi where LIA is the loca-

tion information of node A; and KTEA ðj� 1Þ is the

TESLA key of A at the (j � 1)th time interval. Sincea HELLO message is broadcast periodically withinterval th, the TESLA key disclosure interval canbe set to the value of th.

When a two-hop neighbor node C receives aHELLO message, it checks the validity of the LIof A by determining that KTE

A ðjÞ has not yet beendisclosed. Node A waits until it is able to discloseKTE

A ðjÞ from the time interval schedule; it thenappends KTE

A ðjÞ to the next HELLO message. Whennode C receives a new HELLO message, it can ver-ify the previous LI from A. If this verification pro-cess fails, the LRS is called upon to report the factthat neighbor B intentionally changes LI of itsneighbor A.

4. Local reputation system

Compromised users can disrupt the operationof location services by dropping some control


messages, each transmitted in the form of a singleunicast message. Moreover, if there is no punish-ment for misbehaviors, attackers may be rewardedand encouraged to attack again later. In this section,we propose a reputation system with an aim todetect and isolate attackers. We extend the reputa-tion system (i.e., CONFIDENT) originally pro-posed in [15] and modify it to work specifically forposition-based routing protocols. We call ourextended version as the Local Reputation System(LRS).

Both CONFIDENT and our proposed LRS usethe same set of mathematical equations for repu-tation report update. However, CONFIDENTassumed the use of the source routing protocol. Var-ious ALARM messages are sent to the source nodewhen anomaly is detected. On the other hand, in ourproposed LRS, we assume the use of position-basedrouting protocols. Each node periodically sends thereputation information report to its neighbors byusing the HELLO message. In LRS, each node onlyneeds to manage the reputation information of itslocal neighbors. LRS consists of the following threecomponents: the monitor, the reputation manager,and the trust manager. All these components arepresent in each node. The modules in each compo-nent are shown in Fig. 5.

4.1. First-hand reputation rating

Node i maintains a record of the first-hand obser-

vation about node j in the form of F lij ¼ ða; bÞ ¼

ð# of good behaviors; # of bad behaviorsÞ for thelth reputation interval, and is initially set to (1, 1).For example, if the observation is classified as misbe-

monitorin

initial sta

updating trtable

updating reputation value

Reputation Manager

Monitoreporting timer is

reporting timer is not

expired

detected

Fig. 5. Structure of local

havior, the value of b is increased by one. The first-hand reputation rating is represented in the form ofFRl

ij ¼ a=ðaþ bÞ [15]. When the reporting timerexpires, the first-hand reputation information FRl

ij

about node j from node i is updated as follows:FRl

ij ¼ t � FRl�1ij þ ð1� tÞ � FRl

ij where t is a weightvalue. During inactivity periods, the value isupdated periodically as follows: FRl

ij ¼ t � FRl�1ij þ

ð1� tÞ � FR initial where FR_initial is 0.5.

4.2. Reputation reporting and second-hand

reputation rating

A node’s reputation information is sent periodi-cally to its neighbors by piggybacking on a HELLOmessage when the lth reporting timer expires.Assume node i receives the reported second-hand

reputation information FRlkj about node j from node

k, node i updates the reputation rating Rlij as

follows: Rlij ¼ ð1� xÞ � FRl

ij þ x � FRlkj where x is

a small positive real number. This process is per-formed for all j being reported. Based on this repu-tation rating, node i classified node j as a good nodeif Rl

ij P c; or as a bad node if Rlij < c where c is a

predefined threshold value. To avoid blackmailattack, our reputation system can also take intoaccount the trust rating of each node [14]. Table 1describes the pseudo-code for the monitoringsystem of LRS.

5. Performance evaluation

We consider a network topology with 100 nodesrandomly placed over a 1000 · 1000 (m2) flat-grid.

g

te

ust evaluating trust

sending REPUTATION to

neighbors

r

Trust Manager

REPUTATION received

trusted

not trusted

expired

reputation system.

Table 1Pseudo-code for monitoring module

A node has sent or overheard a message:

Case I: Unicast Message

1. if (dst addr == my addr)return;

2. if (src addr == my addr)buffer a message; return;

3. if (next hop addr == one of my neighbors’ addrs && nexthop addr != dst addr)

if (overheard the message with the same ID before)if (contents are correct)

call reputation manager with positivefeedback; remove this entity; return;

elsecall reputation manager with negativefeedback; remove this entity; return;

elsebuffer a message and return;

4. if (timer expires for any message in buffer)call reputation manager with negative feedback;remove this entity; return;

Case II: HELLO Message

1. if (src addr == my addr)buffer a LI of mine; return;

2. if (LI of mine is correct)call reputation manager with positive feedback;return;

elsecall reputation manager with negative feedback;return;

Table 2Simulation parameters

SGLS and LRS parameters

HELLO message interval th 2 sTIK key re-establishment interval 2 sTESLA key disclosure interval 2 sReputation reporting interval 10 sFirst-hand reputation weight value t 0.9Second-hand reputation weight value x 0 or 0.1Threshold c 0.5


The size of an order-1 grid is 250 · 250 (m2). Weassume that 50 of these nodes are constant bit-ratedata sources, each sending fixed size 128-byte mes-sages at 4 messages/s for 200 s. Each simulationrun takes 600 simulated seconds. The characteristicsof each mobile node’s radio interface approximatethe Lucent WaveLAN, operating as a shared-med-ium radio with a nominal bit rate of 2 Mb/s and anominal radio range of 250 m. For the mediumaccess control layer, the IEEE 802.11 DistributedCoordination Function is used (see Fig. 6). The

Preamble PLCP Header Mediu

182 byt

SHeader

138 bytes

TIiKMAC

Fig. 6. Minimum size of IEEE 802.11b frame format in SGLS w

propagation model combines both a free spaceand a two-ray ground reflection models. Table 2provides other simulation parameters. A randomwaypoint model is used for the mobility model.Each node moves in a straight line towards the des-tination at a speed that is uniformly distributedfrom 0 to 10 m/s. For fair comparisons, identicalmobility and traffic scenarios are applied to allprotocols. Results are averaged over 11 simulationruns; the error bars represent the 95% confidenceintervals about the means in Figs. 7 and 8. To eval-uate our proposed LRS as presented in Section 4,we modify the ns-2 grid package [16] by implement-ing both LRS and blackhole attackers. In thefollowing results, LRS-S refers to LRS using bothfirst and second-hand reputation information (i.e.,x = 0.1), and LRS-F refers to LRS using onlyfirst-hand reputation information (i.e., x = 0). Wecompare both LRS-S and LRS-F with the originalGLS. The performance metrics are message delivery

fraction, average end-to-end delay of transferred data

messages, and routing overhead (i.e., the number ofhop-by-hop transmissions of control messages inunits of byte or message).

5.1. LRS with message dropping attackers

Fig. 7(a)–(c) shows the simulation results withvarying number of blackhole attackers who drop

CRCm access control data

es

KiTIGLS message

16 bytes

here PLCP stands for physical layer convergence protocol.

0 5 10 15 20 25 300.4

0.5

0.6

0.7

0.8

0.9

1

Number of blackhole attackers

Pac

ket d

eliv

ery

ratio

(a) LRS-SLRS-FGLS

0 100 200 300 400 500 6000.4

0.5

0.6

0.7

0.8

0.9

1

Pause time (sec)

(d)

LRS-SLRS-FGLS

0 5 10 15 20 25 3063

64

65

66

67

68

69


Pac

ket o

verh

ead

(X10

00)

(b)

LRS-SLRS-FGLS

0 100 200 300 400 500 60030

35

40

45

50

55

60

65

70

Pause time (sec)

(e) LRS-SLRS-FGLS

0 5 10 15 20 25 301

1.2

1.4

1.6

1.8

2

2.2

2.4

2.6

2.8

3


End

-to-

end

dela

y (s

)

Pac

ket d

eliv

ery

ratio

Pac

ket o

verh

ead

(X10

00)

End

-to-

end

dela

y (s

)

(c)

LRS-SLRS-FGLS

0 100 200 300 400 500 6001

1.5

2

2.5

3

3.5

4

Pause time (sec)

(f)

LRS-SLRS-FGLS

Fig. 7. Performance comparisons between LRSs and GLS with data blackhole attackers.


data messages in the network. The pause time isequal to zero in this scenario. Fig. 7(a) shows themessage delivery ratio as a function of the numberof blackhole attackers. Both LRS-S and LRS-Fyield a higher message delivery ratio than GLS asthe number of blackhole attackers increases. This

shows that our proposed LRS can effectively detectand isolate blackhole attackers. As it uses also thesecond-hand reputation information, LRS-S worksslightly better than LRS-F with faster detection.Fig. 7(b) shows that GLS incurs a lower routingcontrol overhead than LRS. SGLS can detect the

0 100 200 300 400 500 6000.6

0.65

0.7

0.75

0.8

0.85

0.9

0.95

1

Pause time (sec)

Pac

ket d

eliv

ery

ratio

(a)

GLSSGLS

0 100 200 300 400 500 6000

5

10

15

20

25

30

35

40

Pause time (sec)

Byt

e ov

erhe

ad (

X10

0000

0)

(b) SGLSGLS

0 100 200 300 400 500 6001.5

2

2.5

3

3.5

4

Pause time (sec)

End

-to-

end

dela

y (s

ec)

(c)

SGLSGLS

Fig. 8. Performance comparisons between SGLS and GLSwithout attackers.


blackholes and re-initiate the location query (ordetour) to avoid these nodes. These additional routediscoveries increase the routing control overhead.Fig. 7(c) indicates that GLS has a lower averageend-to-end delay when compared with LRS. Since

LRS incurs more routing control messages, theaverage end-to-end delay for data messagesincreases. Note that the average end-to-end delayof GLS decreases as the number of blackholeattackers increases. Since blackhole attackers dropdata messages at the intermediate nodes and thedropped messages are not counted in the end-to-end delay calculation, the average end-to-end delayis decreased.

Fig. 7(d)–(f) shows the performance comparisonwith varying pause time (i.e., mobility), while keep-ing the number of blackhole attackers at 15 out of100. Fig. 7(d) shows that the delivery ratio doesnot change remarkably in all protocols. Since thenetwork is not congested, the increase of controloverhead due to mobility does not affect the deliveryfraction. Fig. 7(e) shows that the routing overheadof all protocols decreases as pause time increases(i.e., mobility decreases). Each node updates its clos-est location servers every time it moves a particularthreshold distance d (100 m in this paper) sincesending the last update. This indicates that a nodesends out updates at a rate proportional to itsmobility. Fig. 7(f) shows the average end-to-enddelay for all three protocols increases as mobilitydecreases.

5.2. SGLS without attackers

We implement SGLS, which includes the TIK,TESLA, digital signature and MAC without LRS.By comparing SGLS with the original GLS, wecan examine the performance impact of addingsecurity overhead, independent of the effect ofattackers. Fig. 8 shows the simulation resultswithout attackers. The TIK overhead (32 bytes;one MAC and one key) is introduced in eachIEEE 802.11 data frame. The additional overheadsof MAC (16 bytes), TESLA key (16 bytes), andtwo authentic keys for TIK (32 bytes; one for cur-rent key chain and the other for next key chain)are incurred by HELLO messages. The end-to-end MAC (16 bytes) is added to all unicast mes-sages except the LU message (digital signature of40 bytes using the Elliptic Curve Cryptography[14]).

Fig. 8(a) shows that the message delivery ratiobetween SGLS and GLS. Adding security overheadin SGLS reduces the message delivery ratio by just1% on average. SGLS is still effective (over 90%) indiscovering and maintaining routes for delivery ofdata messages even in relatively high mobility


scenarios. Fig. 8(b) shows that SGLS’s routingoverhead is much higher than that of GLS in termsof bytes. That is due to the increase in size of rout-ing control messages with digital signatures andMACs in SGLS. As mobility increases, the amountof control overhead of SGLS increases slightly.Fig. 8(c) shows that the average end-to-end delayfor SGLS is slightly higher than that of GLS. Intu-itively, SGLS may have a higher average delay forthe location discovery than GLS. However, thenumber of location discoveries performed is a smallfraction when compared with the number of datamessages delivered. Therefore, the effect of the loca-tion acquisition latency on the average end-to-enddelay of data messages is not significant.

6. Conclusions

In this paper, we have proposed SGLS, which isa security enhancement to the original GLS proto-col. The security mechanisms added to GLS includeTIK, TESLA, MAC, digital signature, and a repu-tation system. SGLS has the capability of prevent-ing message tampering, dropping, falsified injection,and replay attacks. Simulation results showed thatin the presence of message dropping attacks, theproposed LRS mechanism maintains a high mes-sage delivery ratio at the expense of a higheraverage end-to-end delay and routing overheadin general. For future work, we are planning toimplement our algorithm on mobile devices, andstudy it in real world environments by takinginto account the energy issues. Moreover, counter-measures against blackmail attacks will beinvestigated.

Acknowledgements

This work was supported by a University ofBritish Columbia Graduate Fellowship, and by theCanadian Natural Sciences and EngineeringResearch Council under grants RGPIN 261604-03and 44286-00.

References

[1] X. Hong, K. Xu, M. Gerla, Scalable routing protocols formobile ad hoc networks, IEEE Network 16 (4) (2002) 28–39.

[2] M. Mauve, J. Widmer, H. Hartenstein, A survey on position-based routing in mobile ad hoc networks, IEEE Network 15(6) (2001) 30–39.

[3] E. Kranakis, H. Singh, J. Urrutia, Compass routingon geometric networks, in: Proc. Canadian Conferenceon Computational Geometry, Vancouver, BC, August1999.

[4] G.G. Finn, Routing and addressing problems in largemetropolitan-scale internetworks, Technical Report ISI/RR-87-180, Inst. for Scientific Information, March 1987.

[5] S. Basagni, I. Chlamtac, V.R. Syrotiuk, B.A. Woodward, Adistance routing effect algorithm for mobility (DREAM), in:Proc. ACM MobiCom, Dallas, TX, October 1998.

[6] S. Capkun, J.-P. Hubaux, Secure positioning of wirelessdevices with application to sensor networks, in: IEEE Proc.IEEE Infocom, Miami, Florida, March 2005.

[7] J. Li, J. Jannotti, D.S.J. De Couto, D.R. Karger, R. Morris,A scalable location service for geographic ad hoc routing, in:Proc. ACM MobiCom, Boston, MA, August 2000.

[8] Z.J. Haas, B. Liang, Ad hoc mobility management withuniform quorum systems, IEEE/ACM Transactions onNetworking 7 (2) (1999).

[9] L. Blazevic, L. Buttyan, S. Capkun, S. Giordaro, J.-P.Hubaux, J.-Y. Le Boudec, Self-organization in mobile adhoc networks: the approach of terminodes, IEEE Commu-nications Magazine (June) (2001).

[10] J.H. Song, Load-balancing and secure routing for wirelessmobile ad hoc networks, Ph.D.’s thesis, Department ofElectrical and Computer Engineering, The University ofBritish Columbia, April 2005.

[11] H. Krawczyk, M. Bellare, R. Canetti, HMAC: keyed-hashing for message authentication, IETF RFC 2104(February) (1997).

[12] A. Perrig, R. Canetti, D. Song, D. Tygar, B. Briscoe,TESLA: multicast source authentication transform intro-duction, IETF Internet Draft of Multicast Security WorkingGroup (work in progress), August 2004.

[13] Y.-C. Hu, A. Perrig, D.B. Johnson, Packet leashes: adefense against wormhole attacks in wireless network,in: Proc. IEEE Infocom, San Francisco, CA, March/April2003.

[14] D.B. Johnson, ECC, future resiliency and high securitysystems, Certicom White Paper, March 1999.

[15] S. Buchegger, J.-Y. Le Boudec, Performance analysis of theCONFIDANT protocol, in: Proc. ACM MobiHoc, Lau-sanne, Switzerland, June 2002.

[16] NS-2 for grid. Available from: <www.pdos.lcs.mit.edu/grid/sim/index.html>.

Joo-Han Song received the M.S. degreein electrical engineering from the HongikUniversity, Seoul, Korea, in 2001, andthe Ph.D. degree from the University ofBritish Columbia (UBC), Vancouver,BC, Canada, in 2005. He is currently asenior engineer in the 4G System Labo-ratory at Samsung Electronics, Korea.His research interests include routingand security for mobile ad hoc networks,the design of MAC algorithms for 4G

system, and the performance evaluation and modeling of wirelessnetworks.

http://www.pdos.lcs.mit.edu/grid/sim/index.html

http://www.pdos.lcs.mit.edu/grid/sim/index.html


Vincent W.S. Wong received the B.Sc.degree from the University of Manitobain 1994, the M.A.Sc. degree from theUniversity of Waterloo in 1996, and thePh.D. degree from the University ofBritish Columbia (UBC) in 2000. Heworked as a systems engineer at PMC-Sierra Inc from 2000 to 2001. He iscurrently an assistant professor in theDepartment of Electrical and ComputerEngineering at UBC. His current

research interests are in resource and mobility management forwireless mesh networks, wireless sensor networks, and heteroge-
neous wireless networks. He received the Natural Sciences andEngineering Research Council postgraduate scholarship and theFessenden Post-graduate Scholarship from CommunicationsResearch Centre, Industry Canada, during his graduate studies.He serves as TPC member in various conferences, including theIEEE ICC and Globecom.
Victor C.M. Leung received the B.A.Sc.(Hons.) degree in electrical engineeringfrom the University of British Columbia(UBC) in 1977, and was awarded theAPEBC Gold Medal as the head of thegraduating class in the Faculty of AppliedScience. He attended graduate school atUBC on a Natural Sciences and Engi-neering Research Council PostgraduateScholarship and obtained the Ph.D.degree in electrical engineering in 1981.

From 1981 to 1987, he was a Senior Member of Technical Staffat Microtel Pacific Research Ltd. (later renamed MPR TeltechLtd.), specializing in the planning, design and analysis of satellitecommunication systems. In 1988, he was a Lecturer in theDepartment of Electronics at the Chinese University of HongKong. He returned to UBC as a faculty member in 1989, where heis a Professor and holder of the TELUS Mobility Research Chairin Advanced Telecommunications Engineering in the Departmentof Electrical and Computer Engineering. His research interests arein the areas of architectural and protocol design and performanceanalysis for computer and telecommunication networks, withapplications in satellite, mobile, personal communications andhigh speed networks.

He is a Fellow of IEEE and a voting member of ACM. He is aneditor of the IEEE Transactions on Wireless Communications,and an associate editor of the IEEE Transactions on VehicularTechnology.

Secure position-based routing protocol for mobile ad hoc networks

Documents

Transcript of Secure position-based routing protocol for mobile ad hoc networks