A location routing protocol based on smart antennas for ad hoc networks
Secure position-based routing protocol for mobile ad hoc networks
-
Upload
independent -
Category
Documents
-
view
1 -
download
0
Transcript of Secure position-based routing protocol for mobile ad hoc networks
Ad Hoc Networks 5 (2007) 76–86
www.elsevier.com/locate/adhoc
Secure position-based routing protocol formobile ad hoc networks
Joo-Han Song a, Vincent W.S. Wong b,*, Victor C.M. Leung b
a 4G System Laboratory, Samsung Electronics, Republic of Koreab Department of Electrical and Computer Engineering, The University of British Columbia, Vancouver, BC, Canada
Available online 27 June 2006
Abstract
In large and dense mobile ad hoc networks, position-based routing protocols can offer significant performance improve-ment over topology-based routing protocols by using location information to make forwarding decisions. However, thereare several potential security issues for the development of position-based routing protocols. In this paper, we propose asecure geographic forwarding (SGF) mechanism, which provides source authentication, neighbor authentication, andmessage integrity by using both the shared key and the TIK protocol. By combining SGF with the Grid Location Service(GLS), we propose a Secure Grid Location Service (SGLS) where any receiver can verify the correctness of locationmessages. We also propose a Local Reputation System (LRS) aiming at detecting and isolating both compromised andselfish users. We present the performance analysis of both SGLS and LRS, and compare them with the original GLS.Simulation results show that SGLS can operate efficiently by using effective cryptographic mechanisms. Results also showthat LRS effectively detects and isolates message dropping attackers from the network.� 2006 Elsevier B.V. All rights reserved.
Keywords: Ad hoc wireless networks; Location service; Geographic forwarding; Position-based routing protocol; Security
1. Introduction
Current research on Mobile Ad hoc NETwork(MANET) mainly focuses on topology-based rout-ing protocols, including both proactive and reactive(on-demand) approaches [1]. When network topo-logy changes frequently or the network sizeincreases, some of these protocols may incur a sig-
1570-8705/$ - see front matter � 2006 Elsevier B.V. All rights reserved
doi:10.1016/j.adhoc.2006.05.010
* Corresponding author. Tel.: +1 604 827 5135; fax: +1 604 8225949.
E-mail addresses: [email protected] (J.-H. Song),[email protected] (V.W.S. Wong), [email protected](V.C.M. Leung).
nificant amount of routing control overhead.Recent research has shown that position-basedrouting protocols can be good alternatives to topol-ogy-based routing protocols in large and denseMANETs [2]. By using Location Information (LI),position-based routing protocols avoid the floodingof control traffic. An intermediate node only needsto know its own position and the positions of itsneighboring nodes to make a message forwardingdecision. The message is forwarded to a neighborthat is geographically closest to the destination[3–5]. To implement a position-based routing proto-col, information about the geographical location ofeach destination must be available. Each node can
.
global origin
order-1
order-3
order-2
D
S
LS1
LS22
9
11
16
23
6
9
2
6
location querypath
location updatepath
location tablecontent
11 2
23 2
Fig. 2. Location update and query in GLS.
J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86 77
determine its own position by using the Global Posi-tioning System (GPS), or its relative position byusing GPS free positioning methods [6]. In addition,a location service [7–9] is used by the sender to deter-mine the location of the destination. Each node mayhave a location table to store the position informa-tion of other nodes.
In position-based routing, the forwarding deci-sion is based on LI contained in messages. Attackerscan alter the LI in messages to disrupt the operationof a unicast forwarding scheme (i.e., message tam-
pering attack). As shown in Fig. 1(a), assume twopaths exist between B and A via C (i.e., path BCEAand path BCFDEA). When a node C receives amessage m from B, it can modify the LI of A andforward modified message m 0 to other colludingnode D via node F. When node D receives m 0, it willreturn re-modified message m00 to C again, and soon. This makes a routing loop where messages tra-verse nodes in a cycle without being relayed to thereal destination A.
The Grid Location Service (GLS) [7] is a distrib-uted location service which calls for nodes to main-tain location of specific subsets of the nodes based
(a)
m
m’
m’
m’’
m’’
B
DF
AEC
(b)
LULU’LU’D ACLS
(c)
LQ
LR’LULU
LQ’
D
ACLSB
’
Fig. 1. (a) Loop generation by changing location information(b) message tampering against location update process; and (c)message tampering against location query process.
;
on the node’s identifier (ID) as shown in Fig. 2.GLS divides the area that contains a MANET intoa hierarchy of squares. Each node periodicallybroadcasts a list of neighbors using a HELLO mes-sage. Therefore, each node can maintain a table ofimmediate neighbors as well as each neighbor’sneighbors. Each entry in the table includes thenode’s unique ID, location, speed, and a timestamp.Each node recruits nodes with IDs ‘‘close’’ to itsown ID to serve as its Location Servers (LSs) (i.e.,least ID greater than A) by sending LocationUpdate (LU) messages as shown in Fig. 2. Whenan attacker C receives the LU message of node A
(see Fig. 1(b)), it can modify the LI of A and for-ward this modified message LU 0 to its neighbors(i.e., message tampering attack). Moreover, anattacker D can impersonate A, and generate a falsi-fied message LU00 with the latest timestamp (i.e., fal-
sified message injection attack). As a result, even asingle attacker D can cause other nodes to fail tofind a route to A if they are more than one hop awayfrom A.
To perform a location discovery, node B sends aLocation Query (LQ) message using a geographicforwarding [4] mechanism to the node with leastID greater than A, for which B has the LI. Eventu-ally, the LQ message may reach an LS of A, whichwill forward the LQ message to A. Since the LQmessage contains A’s LI, B can respond directly toA by sending a Location Reply (LR) message. Asshown in Fig. 1(c), if LS is compromised, it can dis-rupt the location discovery process. By attaching thefake LI of A (i.e., falsified message injection attack),a modified LQ 0 message may be forwarded to node
78 J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86
D. As far as other nodes are concerned, the locationservice is functioning normally. Therefore, thisattack cannot be detected by providing either senderauthentication or message integrity. This attack isonly feasible by compromised users.
The objective of this paper is to provide securitymechanisms for both data and control messages inposition-based routing protocols. The main contri-butions of this paper are as follows [10]:
1. We propose a secure geographic forwarding(SGF) mechanism that incorporates both theHashed Message Authentication Code (MAC1)[11] and the Timed Efficient Stream Loss-tolerantAuthentication (TESLA) [12] with Instant Keydisclosure (TIK) [13] protocol. In combinationwith SGF, we propose a Secure Grid LocationService (SGLS) where any receiver can verifythe correctness of location messages. To detectand isolate both compromised and selfish users,the Local Reputation System (LRS) is integratedwith the Grid Location Service (GLS) [7].
2. We present simulation results to show that in thepresence of message dropping attackers, GLSwith LRS continues to maintain a high messagedelivery ratio at the expense of a slightly higheraverage end-to-end delay and routing overheadwhen compared to the GLS without LRS. Inaddition, results show that SGLS can operateefficiently by using effective cryptographicmechanisms.
This paper is organized as follows. Section 2describes our proposed SGF mechanism. The pro-posed SGLS is presented in Section 3. The integra-tion of LRS into GLS is explained in Section 4. Theperformance comparisons are presented in Section5. Conclusions are given in Section 6.
2. Secure geographic forwarding (SGF)
2.1. Network environments and assumptions
Our proposed secure protocols aim to protect thenetwork layer from attackers. Our proposedschemes work under several assumptions as follows:
1 The acronym ‘‘MAC’’ refers to the Message AuthenticationCode. To avoid confusion, the term ‘‘Medium Access Control’’ iswritten out in full.
1. The network links are bi-directional. That is, ifnode A is able to transmit to node B, then B isalso able to transmit to A.
2. The wireless interface supports promiscuousmode operations. That is, each node can receivea copy of the messages being transmitted byother nodes within its receiving range.
3. All nodes have tightly synchronized clocks withthe maximum synchronization error of D.
4. A public key infrastructure exists in the MANETunder consideration. Each mobile node stores thetrusted Certification Authority (CA)’s public key.
We distinguish two main forwarding strategies:greedy forwarding (i.e., unicast) [4] and directional
flooding (i.e., broadcast) [5]. In this section, weassume that the source node has already obtainedthe position information of the destination. Thefollowing notations are used in this paper:
1. KTIA ðjÞ [or KTE
A ðjÞ] denotes the TIK (or TESLA)key of node A at the jth time interval; KAB
denotes the shared secret key between nodes A
and B; and KA denotes the private key of node A.2. MACK(M) denotes the MAC of message M with
a symmetric key K using the Hashed MAC algo-rithm [11].
3. SignK(M) denotes the digital signature of a mes-sage M with the private key K using the publickey cryptography [14].
2.2. Secure geographic forwarding for unicast
messages
We propose the use of MAC computed over thenon-mutable part (e.g., LI of a destination) of uni-cast messages with the pair-wise shared secret keybetween the source and destination. Since interme-diate nodes do not have the shared secret key withthe source node, they cannot verify the non-mutablepart of messages. This allows a compromised user tobe able to modify the non-mutable part of messagesto disrupt the operation of position-based routingprotocol. To prevent this attack, source node canuse the digital signature over the non-mutable partwith its own private key instead of MAC. However,implementing a mechanism to sign the non-mutableparts of all data and control messages may intro-duce too much overhead. In our scheme, wepropose the use of a reputation system (see Section4) to detect and isolate message tampering and drop-
J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86 79
ping attackers instead of using expensive digitalsignatures.
We propose to use the TIK protocol [13] withtight time synchronization to authenticate a previ-ous forwarding node to prevent malicious usersfrom joining a path and to avoid a message replay
attack. Based on the third assumption stated in Sec-tion 2.1, each node can estimate the TIK key expira-tion interval t_{disclosure}. In addition, every nodehas its own one-way key hash chain.
Our proposed SGF mechanism works as follows.When a source node S sends a message via its neigh-bor to a destination D, each intermediate node i
(i.e., sender) forwards the following message:
hMACKTIi ðjÞ½MikN SkMACKSD ðN SÞ�;MACKSD ðN SÞ;Mi;N S ;KTI
i ðjÞi
where Mi represents the mutable part of messagefrom sender i, and NS represents the non-mutablepart of message from source S. The notation i isequal to S when the sender is a source node itself.The sender i discloses the key KTI
i ðjÞ at the end ofthe same message. Fig. 3 shows the timelines ofsending and receiving a SGF message between twoneighbors. Time ti indicates the time when sender istarts transmitting the message, and time ti +t_{disclosure} is the disclosure time for key KTI
i ðjÞ.Because of the time synchronization, when the
neighbor receives the message portion MACKTIi ðjÞ
½MikNSkMACKSDðNSÞ�, it can verify that the senderi has not started sending the corresponding keyKTI
i ðjÞ if the following condition is satisfied:
t fdisclosureg 6 s� Dþ Q=r ð1Þ
where s is the propagation delay, Q is the size of themessage excluding KTI
i ðjÞ, and r is the transmissionrate. As the receiver knows the expiration time foreach key and the sender i only discloses the key afterit expires, the attackers cannot guess the value ofKTI
i ðjÞ. Therefore, if the message authentication ver-
message (M)
Time at sender
Time at receiver
ti
)( Δ++≤ τit
Sender
Receiver
)( jK TIi
MAC
)( jK TIi
MACSDKMAC
)( Δ+≤ it
SDKMAC
Fig. 3. Secure geographic forwar
ifies correctly once the receiver later receives theauthentic key KTI
i ðjÞ, the message must have origi-nated from the claimed sender. Since only thesender knew the key KTI
i ðjÞ, at the time when thereceiver received the message, other nodes cannotforge a new message with the correct MAC. Finally,when destination D receives this message, it can ver-ify the authenticity of the message by comparing thereceived MACKSDðN SÞ to the MAC value that iscomputed over the received message NS with thesecret key KSD it shares with the source node S.Each node re-establishes its authentic TIK key everyth-second with its neighbors by piggybacking on aHELLO message of SGLS.
Note that although there are several forwardingstrategies, they all forward a given message to onlyone optimal neighboring node based on its optimi-zation criterion. Therefore, our proposed SGF canbe applied to any of these forwarding schemes with-out any modification.
3. Secure grid location service
In this section, we describe our proposed SGLSprotocol based on SGF. SGLS provides severalsecurity mechanisms to the original GLS. Fig. 4summarizes the operation of SGLS in combinationwith SGF. The general concept of our proposedSGF presented in Section 2.2 can generally beapplied to any unicast message such as LQ, LR,and LE messages of GLS.
3.1. Secure location update and query between
destination and location server
Unlike other messages, the LU message has noassigned destination address field in it. Thus, it isimpossible to provide a source authentication witha symmetric secret key. When a source node sends
KiTI(j)
message (M) KiTI(j)
ti + t_{disclosure }
)/( rQti +Δ++≤ τ
ding of a unicast message.
D LS S
M3 (query) M2 (query)
M1 (update)M4 (reply)
>=< TDUPDATEK KNSignhM
D),(,UPDATE,11
where )](,UPDATE[1 UPDATEKKNSignMACh
DTD
=
>=< TSQUERYK KNMAChM
SD),(,QUERY,22
where )](,QUERY[2 QUERYKKNMACMACh
SDTS
=
>=< TILSUPDATEKQUERYK KNSignNMAChM
DSD),(),(,QUERY,33
where )](,QUERY[3 QUERYKKNMACMACh
SDTILS
=
>=< TDREPLYK KNMAChM
SD),(,REPLY,44
where )](,REPLY[4 REPLYKKNMACMACh
SDTD
=
Fig. 4. Location update and query in SGLS where UPDATE, QUERY, and REPLY denote the original GLS’s location update, locationquery, and location reply message, respectively; NX represents the non-mutable fields of message X.
80 J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86
an LQ message to one of node D’s LSs, LS can dis-rupt the location discovery process by attaching thefake LI of D to the LQ message. To protect the LUmessage, a destination node D attaches the digitalsignature computed over the non-mutable part(e.g., LI of a destination) of an LU message. Atthe same time, the TIK protocol is used for neighbor
authentication as described in Section 2.2.After receiving a valid LU message from D, LS
stores the digital signature of D in its location table.When the LQ message generated by S toward D
arrives at this LS, the LS can prove that it has thevalid LI of D by attaching D’s digital signature fromits location table to the LQ message. Thus, LS canprovide an LI authentication to all intermediatenodes along the path to D (see Fig. 4). In ourproposed scheme, the lifetime value is also digitallysigned together with the LI of D to avoid unex-pected changes.
3.2. Secure location query from source to location
server
A location query can fail when an intermediatenode is either compromised or selfish. To solve thisproblem, we propose to include the LI of the brokenlink in an LE message. Note that if a compromisednode modifies its own LI, it will be detected by itsneighbor’s local reputation system (see Section 4).When S receives this message, it can avoid thesuspicious node by indicating the level of hierarchyand the location of the square to forward the nextLQ message. For example, when S receives the LEmessage from LS2 located in the order-2 squareon the left bottom in Fig. 2, S will search theorder-2 square on the right bottom first in its nextlocation discovery process.
3.3. Secure exchange of HELLO messages
In GLS, each node maintains a table of its imme-diate neighbors as well as each neighbor’s neigh-bors. The one-hop neighbor’s LI can be verifiedby using a location verification technique [6], andthe TIK protocol can be used for neighbor authenti-
cation. However, the LI about a neighbor’s neigh-bors cannot be verified by using these techniquessince they are out of the transmission range of theverifier.
We propose to use the TESLA [12] broadcastauthentication method to verify the LI of two-hopneighboring nodes. For example, a node A includestwo additional fields in a HELLO message:hMACKTE
A ðjÞðLIAÞ;KTE
A ðj� 1Þi where LIA is the loca-
tion information of node A; and KTEA ðj� 1Þ is the
TESLA key of A at the (j � 1)th time interval. Sincea HELLO message is broadcast periodically withinterval th, the TESLA key disclosure interval canbe set to the value of th.
When a two-hop neighbor node C receives aHELLO message, it checks the validity of the LIof A by determining that KTE
A ðjÞ has not yet beendisclosed. Node A waits until it is able to discloseKTE
A ðjÞ from the time interval schedule; it thenappends KTE
A ðjÞ to the next HELLO message. Whennode C receives a new HELLO message, it can ver-ify the previous LI from A. If this verification pro-cess fails, the LRS is called upon to report the factthat neighbor B intentionally changes LI of itsneighbor A.
4. Local reputation system
Compromised users can disrupt the operationof location services by dropping some control
J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86 81
messages, each transmitted in the form of a singleunicast message. Moreover, if there is no punish-ment for misbehaviors, attackers may be rewardedand encouraged to attack again later. In this section,we propose a reputation system with an aim todetect and isolate attackers. We extend the reputa-tion system (i.e., CONFIDENT) originally pro-posed in [15] and modify it to work specifically forposition-based routing protocols. We call ourextended version as the Local Reputation System(LRS).
Both CONFIDENT and our proposed LRS usethe same set of mathematical equations for repu-tation report update. However, CONFIDENTassumed the use of the source routing protocol. Var-ious ALARM messages are sent to the source nodewhen anomaly is detected. On the other hand, in ourproposed LRS, we assume the use of position-basedrouting protocols. Each node periodically sends thereputation information report to its neighbors byusing the HELLO message. In LRS, each node onlyneeds to manage the reputation information of itslocal neighbors. LRS consists of the following threecomponents: the monitor, the reputation manager,and the trust manager. All these components arepresent in each node. The modules in each compo-nent are shown in Fig. 5.
4.1. First-hand reputation rating
Node i maintains a record of the first-hand obser-
vation about node j in the form of F lij ¼ ða; bÞ ¼
ð# of good behaviors; # of bad behaviorsÞ for thelth reputation interval, and is initially set to (1, 1).For example, if the observation is classified as misbe-
monitorin
initial sta
updating trtable
updating reputation value
Reputation Manager
Monitoreporting timer is
reporting timer is not
expired
detected
Fig. 5. Structure of local
havior, the value of b is increased by one. The first-hand reputation rating is represented in the form ofFRl
ij ¼ a=ðaþ bÞ [15]. When the reporting timerexpires, the first-hand reputation information FRl
ij
about node j from node i is updated as follows:FRl
ij ¼ t � FRl�1ij þ ð1� tÞ � FRl
ij where t is a weightvalue. During inactivity periods, the value isupdated periodically as follows: FRl
ij ¼ t � FRl�1ij þ
ð1� tÞ � FR initial where FR_initial is 0.5.
4.2. Reputation reporting and second-hand
reputation rating
A node’s reputation information is sent periodi-cally to its neighbors by piggybacking on a HELLOmessage when the lth reporting timer expires.Assume node i receives the reported second-hand
reputation information FRlkj about node j from node
k, node i updates the reputation rating Rlij as
follows: Rlij ¼ ð1� xÞ � FRl
ij þ x � FRlkj where x is
a small positive real number. This process is per-formed for all j being reported. Based on this repu-tation rating, node i classified node j as a good nodeif Rl
ij P c; or as a bad node if Rlij < c where c is a
predefined threshold value. To avoid blackmailattack, our reputation system can also take intoaccount the trust rating of each node [14]. Table 1describes the pseudo-code for the monitoringsystem of LRS.
5. Performance evaluation
We consider a network topology with 100 nodesrandomly placed over a 1000 · 1000 (m2) flat-grid.
g
te
ust evaluating trust
sending REPUTATION to
neighbors
r
Trust Manager
REPUTATION received
trusted
not trusted
expired
reputation system.
Table 1Pseudo-code for monitoring module
A node has sent or overheard a message:
Case I: Unicast Message
1. if (dst addr == my addr)return;
2. if (src addr == my addr)buffer a message; return;
3. if (next hop addr == one of my neighbors’ addrs && nexthop addr != dst addr)
if (overheard the message with the same ID before)if (contents are correct)
call reputation manager with positivefeedback; remove this entity; return;
elsecall reputation manager with negativefeedback; remove this entity; return;
elsebuffer a message and return;
4. if (timer expires for any message in buffer)call reputation manager with negative feedback;remove this entity; return;
Case II: HELLO Message
1. if (src addr == my addr)buffer a LI of mine; return;
2. if (LI of mine is correct)call reputation manager with positive feedback;return;
elsecall reputation manager with negative feedback;return;
Table 2Simulation parameters
SGLS and LRS parameters
HELLO message interval th 2 sTIK key re-establishment interval 2 sTESLA key disclosure interval 2 sReputation reporting interval 10 sFirst-hand reputation weight value t 0.9Second-hand reputation weight value x 0 or 0.1Threshold c 0.5
82 J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86
The size of an order-1 grid is 250 · 250 (m2). Weassume that 50 of these nodes are constant bit-ratedata sources, each sending fixed size 128-byte mes-sages at 4 messages/s for 200 s. Each simulationrun takes 600 simulated seconds. The characteristicsof each mobile node’s radio interface approximatethe Lucent WaveLAN, operating as a shared-med-ium radio with a nominal bit rate of 2 Mb/s and anominal radio range of 250 m. For the mediumaccess control layer, the IEEE 802.11 DistributedCoordination Function is used (see Fig. 6). The
Preamble PLCP Header Mediu
182 byt
SHeader
138 bytes
TIiKMAC
Fig. 6. Minimum size of IEEE 802.11b frame format in SGLS w
propagation model combines both a free spaceand a two-ray ground reflection models. Table 2provides other simulation parameters. A randomwaypoint model is used for the mobility model.Each node moves in a straight line towards the des-tination at a speed that is uniformly distributedfrom 0 to 10 m/s. For fair comparisons, identicalmobility and traffic scenarios are applied to allprotocols. Results are averaged over 11 simulationruns; the error bars represent the 95% confidenceintervals about the means in Figs. 7 and 8. To eval-uate our proposed LRS as presented in Section 4,we modify the ns-2 grid package [16] by implement-ing both LRS and blackhole attackers. In thefollowing results, LRS-S refers to LRS using bothfirst and second-hand reputation information (i.e.,x = 0.1), and LRS-F refers to LRS using onlyfirst-hand reputation information (i.e., x = 0). Wecompare both LRS-S and LRS-F with the originalGLS. The performance metrics are message delivery
fraction, average end-to-end delay of transferred data
messages, and routing overhead (i.e., the number ofhop-by-hop transmissions of control messages inunits of byte or message).
5.1. LRS with message dropping attackers
Fig. 7(a)–(c) shows the simulation results withvarying number of blackhole attackers who drop
CRCm access control data
es
KiTIGLS message
16 bytes
here PLCP stands for physical layer convergence protocol.
0 5 10 15 20 25 300.4
0.5
0.6
0.7
0.8
0.9
1
Number of blackhole attackers
Pac
ket d
eliv
ery
ratio
(a) LRS-SLRS-FGLS
0 100 200 300 400 500 6000.4
0.5
0.6
0.7
0.8
0.9
1
Pause time (sec)
(d)
LRS-SLRS-FGLS
0 5 10 15 20 25 3063
64
65
66
67
68
69
Number of blackhole attackers
Pac
ket o
verh
ead
(X10
00)
(b)
LRS-SLRS-FGLS
0 100 200 300 400 500 60030
35
40
45
50
55
60
65
70
Pause time (sec)
(e) LRS-SLRS-FGLS
0 5 10 15 20 25 301
1.2
1.4
1.6
1.8
2
2.2
2.4
2.6
2.8
3
Number of blackhole attackers
End
-to-
end
dela
y (s
)
Pac
ket d
eliv
ery
ratio
Pac
ket o
verh
ead
(X10
00)
End
-to-
end
dela
y (s
)
(c)
LRS-SLRS-FGLS
0 100 200 300 400 500 6001
1.5
2
2.5
3
3.5
4
Pause time (sec)
(f)
LRS-SLRS-FGLS
Fig. 7. Performance comparisons between LRSs and GLS with data blackhole attackers.
J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86 83
data messages in the network. The pause time isequal to zero in this scenario. Fig. 7(a) shows themessage delivery ratio as a function of the numberof blackhole attackers. Both LRS-S and LRS-Fyield a higher message delivery ratio than GLS asthe number of blackhole attackers increases. This
shows that our proposed LRS can effectively detectand isolate blackhole attackers. As it uses also thesecond-hand reputation information, LRS-S worksslightly better than LRS-F with faster detection.Fig. 7(b) shows that GLS incurs a lower routingcontrol overhead than LRS. SGLS can detect the
0 100 200 300 400 500 6000.6
0.65
0.7
0.75
0.8
0.85
0.9
0.95
1
Pause time (sec)
Pac
ket d
eliv
ery
ratio
(a)
GLSSGLS
0 100 200 300 400 500 6000
5
10
15
20
25
30
35
40
Pause time (sec)
Byt
e ov
erhe
ad (
X10
0000
0)
(b) SGLSGLS
0 100 200 300 400 500 6001.5
2
2.5
3
3.5
4
Pause time (sec)
End
-to-
end
dela
y (s
ec)
(c)
SGLSGLS
Fig. 8. Performance comparisons between SGLS and GLSwithout attackers.
84 J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86
blackholes and re-initiate the location query (ordetour) to avoid these nodes. These additional routediscoveries increase the routing control overhead.Fig. 7(c) indicates that GLS has a lower averageend-to-end delay when compared with LRS. Since
LRS incurs more routing control messages, theaverage end-to-end delay for data messagesincreases. Note that the average end-to-end delayof GLS decreases as the number of blackholeattackers increases. Since blackhole attackers dropdata messages at the intermediate nodes and thedropped messages are not counted in the end-to-end delay calculation, the average end-to-end delayis decreased.
Fig. 7(d)–(f) shows the performance comparisonwith varying pause time (i.e., mobility), while keep-ing the number of blackhole attackers at 15 out of100. Fig. 7(d) shows that the delivery ratio doesnot change remarkably in all protocols. Since thenetwork is not congested, the increase of controloverhead due to mobility does not affect the deliveryfraction. Fig. 7(e) shows that the routing overheadof all protocols decreases as pause time increases(i.e., mobility decreases). Each node updates its clos-est location servers every time it moves a particularthreshold distance d (100 m in this paper) sincesending the last update. This indicates that a nodesends out updates at a rate proportional to itsmobility. Fig. 7(f) shows the average end-to-enddelay for all three protocols increases as mobilitydecreases.
5.2. SGLS without attackers
We implement SGLS, which includes the TIK,TESLA, digital signature and MAC without LRS.By comparing SGLS with the original GLS, wecan examine the performance impact of addingsecurity overhead, independent of the effect ofattackers. Fig. 8 shows the simulation resultswithout attackers. The TIK overhead (32 bytes;one MAC and one key) is introduced in eachIEEE 802.11 data frame. The additional overheadsof MAC (16 bytes), TESLA key (16 bytes), andtwo authentic keys for TIK (32 bytes; one for cur-rent key chain and the other for next key chain)are incurred by HELLO messages. The end-to-end MAC (16 bytes) is added to all unicast mes-sages except the LU message (digital signature of40 bytes using the Elliptic Curve Cryptography[14]).
Fig. 8(a) shows that the message delivery ratiobetween SGLS and GLS. Adding security overheadin SGLS reduces the message delivery ratio by just1% on average. SGLS is still effective (over 90%) indiscovering and maintaining routes for delivery ofdata messages even in relatively high mobility
J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86 85
scenarios. Fig. 8(b) shows that SGLS’s routingoverhead is much higher than that of GLS in termsof bytes. That is due to the increase in size of rout-ing control messages with digital signatures andMACs in SGLS. As mobility increases, the amountof control overhead of SGLS increases slightly.Fig. 8(c) shows that the average end-to-end delayfor SGLS is slightly higher than that of GLS. Intu-itively, SGLS may have a higher average delay forthe location discovery than GLS. However, thenumber of location discoveries performed is a smallfraction when compared with the number of datamessages delivered. Therefore, the effect of the loca-tion acquisition latency on the average end-to-enddelay of data messages is not significant.
6. Conclusions
In this paper, we have proposed SGLS, which isa security enhancement to the original GLS proto-col. The security mechanisms added to GLS includeTIK, TESLA, MAC, digital signature, and a repu-tation system. SGLS has the capability of prevent-ing message tampering, dropping, falsified injection,and replay attacks. Simulation results showed thatin the presence of message dropping attacks, theproposed LRS mechanism maintains a high mes-sage delivery ratio at the expense of a higheraverage end-to-end delay and routing overheadin general. For future work, we are planning toimplement our algorithm on mobile devices, andstudy it in real world environments by takinginto account the energy issues. Moreover, counter-measures against blackmail attacks will beinvestigated.
Acknowledgements
This work was supported by a University ofBritish Columbia Graduate Fellowship, and by theCanadian Natural Sciences and EngineeringResearch Council under grants RGPIN 261604-03and 44286-00.
References
[1] X. Hong, K. Xu, M. Gerla, Scalable routing protocols formobile ad hoc networks, IEEE Network 16 (4) (2002) 28–39.
[2] M. Mauve, J. Widmer, H. Hartenstein, A survey on position-based routing in mobile ad hoc networks, IEEE Network 15(6) (2001) 30–39.
[3] E. Kranakis, H. Singh, J. Urrutia, Compass routingon geometric networks, in: Proc. Canadian Conferenceon Computational Geometry, Vancouver, BC, August1999.
[4] G.G. Finn, Routing and addressing problems in largemetropolitan-scale internetworks, Technical Report ISI/RR-87-180, Inst. for Scientific Information, March 1987.
[5] S. Basagni, I. Chlamtac, V.R. Syrotiuk, B.A. Woodward, Adistance routing effect algorithm for mobility (DREAM), in:Proc. ACM MobiCom, Dallas, TX, October 1998.
[6] S. Capkun, J.-P. Hubaux, Secure positioning of wirelessdevices with application to sensor networks, in: IEEE Proc.IEEE Infocom, Miami, Florida, March 2005.
[7] J. Li, J. Jannotti, D.S.J. De Couto, D.R. Karger, R. Morris,A scalable location service for geographic ad hoc routing, in:Proc. ACM MobiCom, Boston, MA, August 2000.
[8] Z.J. Haas, B. Liang, Ad hoc mobility management withuniform quorum systems, IEEE/ACM Transactions onNetworking 7 (2) (1999).
[9] L. Blazevic, L. Buttyan, S. Capkun, S. Giordaro, J.-P.Hubaux, J.-Y. Le Boudec, Self-organization in mobile adhoc networks: the approach of terminodes, IEEE Commu-nications Magazine (June) (2001).
[10] J.H. Song, Load-balancing and secure routing for wirelessmobile ad hoc networks, Ph.D.’s thesis, Department ofElectrical and Computer Engineering, The University ofBritish Columbia, April 2005.
[11] H. Krawczyk, M. Bellare, R. Canetti, HMAC: keyed-hashing for message authentication, IETF RFC 2104(February) (1997).
[12] A. Perrig, R. Canetti, D. Song, D. Tygar, B. Briscoe,TESLA: multicast source authentication transform intro-duction, IETF Internet Draft of Multicast Security WorkingGroup (work in progress), August 2004.
[13] Y.-C. Hu, A. Perrig, D.B. Johnson, Packet leashes: adefense against wormhole attacks in wireless network,in: Proc. IEEE Infocom, San Francisco, CA, March/April2003.
[14] D.B. Johnson, ECC, future resiliency and high securitysystems, Certicom White Paper, March 1999.
[15] S. Buchegger, J.-Y. Le Boudec, Performance analysis of theCONFIDANT protocol, in: Proc. ACM MobiHoc, Lau-sanne, Switzerland, June 2002.
[16] NS-2 for grid. Available from: <www.pdos.lcs.mit.edu/grid/sim/index.html>.
Joo-Han Song received the M.S. degreein electrical engineering from the HongikUniversity, Seoul, Korea, in 2001, andthe Ph.D. degree from the University ofBritish Columbia (UBC), Vancouver,BC, Canada, in 2005. He is currently asenior engineer in the 4G System Labo-ratory at Samsung Electronics, Korea.His research interests include routingand security for mobile ad hoc networks,the design of MAC algorithms for 4G
system, and the performance evaluation and modeling of wirelessnetworks.
86 J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86
Vincent W.S. Wong received the B.Sc.degree from the University of Manitobain 1994, the M.A.Sc. degree from theUniversity of Waterloo in 1996, and thePh.D. degree from the University ofBritish Columbia (UBC) in 2000. Heworked as a systems engineer at PMC-Sierra Inc from 2000 to 2001. He iscurrently an assistant professor in theDepartment of Electrical and ComputerEngineering at UBC. His current
research interests are in resource and mobility management forwireless mesh networks, wireless sensor networks, and heteroge-
neous wireless networks. He received the Natural Sciences andEngineering Research Council postgraduate scholarship and theFessenden Post-graduate Scholarship from CommunicationsResearch Centre, Industry Canada, during his graduate studies.He serves as TPC member in various conferences, including theIEEE ICC and Globecom.Victor C.M. Leung received the B.A.Sc.(Hons.) degree in electrical engineeringfrom the University of British Columbia(UBC) in 1977, and was awarded theAPEBC Gold Medal as the head of thegraduating class in the Faculty of AppliedScience. He attended graduate school atUBC on a Natural Sciences and Engi-neering Research Council PostgraduateScholarship and obtained the Ph.D.degree in electrical engineering in 1981.
From 1981 to 1987, he was a Senior Member of Technical Staffat Microtel Pacific Research Ltd. (later renamed MPR TeltechLtd.), specializing in the planning, design and analysis of satellitecommunication systems. In 1988, he was a Lecturer in theDepartment of Electronics at the Chinese University of HongKong. He returned to UBC as a faculty member in 1989, where heis a Professor and holder of the TELUS Mobility Research Chairin Advanced Telecommunications Engineering in the Departmentof Electrical and Computer Engineering. His research interests arein the areas of architectural and protocol design and performanceanalysis for computer and telecommunication networks, withapplications in satellite, mobile, personal communications andhigh speed networks.
He is a Fellow of IEEE and a voting member of ACM. He is aneditor of the IEEE Transactions on Wireless Communications,and an associate editor of the IEEE Transactions on VehicularTechnology.