1.2 Problems and secured solution at the routing layer

As for any network, the security and safety are really important issues in ad hoc network. Thus, in this section, we first introduce the main requirements, then we present classical and generic attacks. Though these attacks are not specific to the ad hoc networks, the lack of infrastructure and the wireless communications in such networks increase the impacts of the attacks. In the last section, we present several existing solutions designed to secure the routing protocols.

1.2.1 The requirements

For security issues, ad hoc networks security requirements can be formalized by the five following properties:

• Confidentiality is required due to network characteristics such as wireless links and lack of infrastructure. The routing management is also not as trustworthy as in wired networks. Thus, confidentiality property have to be enforced, as intermediate nodes may not be reliable.
• Data integrity has to be assured, due to message alteration attacks or messages modifications because of the unreliable nature of wireless links.
• Authentication is required, as for instance IP addresses can be forged and thus network information (IP and MAC addresses) are not reliable to provide authentication
• Reliability in such self-organized networks is important to assure resilient networks, able to manage networks congestions. For instance, backup path procedure can be used.
• Availability is important for services persistence, as in conventional networks many attacks invalidate this property.

1.2.2 Existing attacks

Wormhole:

This attack can be performed when several nodes are compromised. The goal is then to generate false routing information, such as nonexistent neighbours. In order to prevent simple detection techniques, the compromised nodes may use a private channel (like tunnels) to communicate false proofs.

Blackhole / Grayhole:

the blackhole and grayhole techniques consist in the forwarding of part or none of the incoming packets In the case of the grayholes, the forwarding of only a part of the incoming packets is for example done to favour specific communications. However, these attacks can also be confused with the fact that a node is either unable to act as a router or that it is temporary overloaded, which complicates detection mechanisms.

Routing message alteration:

similarly to the K-hole attacks, the routing message alteration attacks goal is to disturb the routing operations and the bandwidth speed. A lot of these attacks aim to alter the routing messages in order to provide false information about the topology of the network. Thus, the routing algorithm are deceived and choose routes that do not meet the algorithm requirements such as the shortest path.

Eavesdropping:

the eavesdropping consists in collecting all the incoming messages (promiscuous mode). The main goal is to recover unencrypted sensitive information (in the case of unsecured protocols) or to obtain enough data to perform statistical analyses on ciphered data and then to recover the encryption keys. It is e.g. used to break down the WEP protocol [SIR04], designed to secure WiFi connexions.

Masquerade attack:

the masquerade attack consist in taking another entity identity. It is efficient if the attacker is able to obtain an identity who has privileges. In the networks, the techniques are MAC or IP addresses spoofing alternatives.

Denial Of Service - DoS:

the DoS goal is to make a service unavailable by attacking the infrastructures providing the service (server crash, for instance). On ad hoc networks, the lack of infrastructure engenders a dispersion of the service (for instance routing management) between nodes. DoS attacks can thus be applied on the weakest nodes providing a part of the service.

However, these attacks are often taken in consideration in the protocols and can be countered by having a large amount of nodes (with reluctance algorithms) or self-reorganizing algorithms. In most of the securing solutions, this attacks is also taken into account (see e.g. Threshold Cryptography, section 1.2.3).

Traffic jamming:

the goal of this attack is to paralyze the network by generating continuous signal at same frequencies of the network ones. However, only a physical solution can prevent this attack form occurring and thus it is not treated in any securing solution.

1.2.3 Existing generic solutions

1.2.3.1 Reputation based methods

In order to detect malicious nodes inside a network, several methods based on the notion of reputation have been proposed such as Confidant [BB02] or the mathematical study proposed by Jinshan Liu and Valérie Issarny [LI04]. Starting from this reputation, the goal is to detect low reputation nodes to prevent them from either participating in the routing process or even using the ad hoc networks.

Jinshan Liu and Valérie Issarny study^1.4 [LI04]:

the main goal is to provide several parameters to each node in order to evaluate other nodes' quality. Another interesting aspect is that other nodes recommendation information (ie third party information) are taken into account, to improve the reputation system. In this study, the main parameters are the reputation SRep mathend000# of the other nodes and their recommendation Rec mathend000# (ie. how we trust their RRep mathend000# reputation messages). The reputation process also highlight the fact the reputation may be context-dependent and thus present several key points on this subject.

Confidant [BB02]:

Confidant, Cooperation of Nodes, Fairness in Dynamic Ad-Hoc NeTworks, provides a global mechanism to detect malicious nodes starting from direct observations and third-nodes reports. The mechanism is composed of several elements such as the trust manager, the monitor and the reputation system. The figure describes the different components of the Confidant system. The path manager in Confidant is bound to the routing protocol, DSR for the confidant specification. However, this reputation model can also be used with other routing protocol.

Figure: Confidant mechanism

DSR specifications verifications, such as the packet forwarding, are managed by the monitor component: in the case of incorrect behaviours (which means that the verifications do not match the specifications), the trust manager and the reputation system are called by the monitor component, which finally may update two information: the routing paths and the nodes reputations.

As for the previous study, each node monitors the action of all the other nodes beyond the networks. Thus, scalability and overhead problems become more important as the network size increases.

1.2.3.2 Authentication based methods

Threshold cryptography:

in a N mathend000# nodes network, the authentication method relies on the three following elements:

• n mathend000# nodes, n $\leq$ N mathend000#, the partial certification authorities (CAs), are in charge of the certification service. Partial certification means that a single partial certificate is not sufficient to get a valid certificate: k mathend000# or more (k $\leq$ n mathend000#) certificates are required
• the authentication is based on partial certificates
• t + 1 mathend000# certificates are needed, t mathend000# being the stability threshold

The goal is then to assure that no more than t mathend000# nodes beyond the n mathend000# will be compromised.
Several algorithms have been proposed, such as the one of S. Jarecki and A. Lysyanskayad [aJL00].

Cryptography-based address:

this method relies on a generation of IP (v6) addresses based on cryptographic keys: starting from private and public asymmetric keys, different methods can produce verifiable IP addresses. For instance, the SUCV (Statistically Unique Cryptographically Verifiable) addresses, used in the MATA [CL06] protocol, relies on this cryptography-based address principle.

Other techniques such as the ID-based cryptography and the Self-organized PKI [HBC] also exist.

1.2.4 Specific extension of standard ad hoc routing protocol [EF06]

1.2.4.1 SAODV

The two main goals of SAODV [GZ06] are authentication and integrity of signaling packets. To implement these security properties, differences are made about mutable information in a routing message (such as the hop count) and non-mutable information (such as IP addresses). For the mutable information, hash chains are used while for the for the non-mutable information, authentication is perform in an end-to-end manner.

The table 1.1 describes the two main operations in SADOV: message creation and message forwarding, with integrity checks. The signature message of SAODV is composed of Max$\_Hop$$\_Count$ mathend000#, Hash mathend000# (mutable) to perform integrity checks with TopHash mathend000# and hash$\_function$ mathend000# to determine which hash function to use. All the non-mutable information of the signature message are signed with the public key of the sender ( sign = cypher(hash(information), public$\_key$) mathend000#) to prevent the alteration of security information such as TopHash mathend000#.

Table 1.1: SAODV main operations

Upon generating a AODV message: Generates a random number (seed). Max$\_Hop$$\_Count$ = TimeToLive mathend000# Hash = seed mathend000# TopHash = hMax$\_Hop$$\_Count$(seed ) mathend000#

Receiving a AODV message: compare TopHash mathend000# with hMax$\_Hop$$\_Count$-Hop$\_Count$(Hash) mathend000# Hash = h(Hash) mathend000#

1.2.4.2 SOLSR

SOLSR [ACJ⁺03] is an extension of OLSR [CJ03]. Its goals is to add two main security properties: message authentication and message freshness. A new packet type is thus defined: the signature message. Based on the two parameters that identify each packet, Originator Address and Message Sequence Number (MSN), the signature packet provides authentication using the signature mechanism and message freshness using timestamps.

The SOLSR protocol consists in two steps:

• Upon receiving a HELLO or TC message, the node holds the message waiting for corresponding signature message.
• Upon receiving a signature message, every message held with the same MSN and originator address as the MSN Referrer and originator address in the signature message, is checked.

Advanced timestamps method are also suggested, in order to prevent from having strong synchronisation requirements, which is generally associated to a high overhead.

1.2.4.3 SEAD

SEAD [HJP02] has been designed as an extension of DSDV but can also be applied to other distant vector protocols, such as AODV. The main idea is that upon receiving a signaling packet, the node uses a one-way hash function to increment the distance counter. The hash function used in the following one: for a metric j mathend000# of the considered node, the metric counter is h_{n-i ^. m+j} mathend000# where i mathend000# is the sequence number, m mathend000# the network diameter and n mathend000# such that n $\geq$ i_max ^. (m + 1) mathend000#.

Though this technique does not prevent a node from not using the hash function, and thus not incrementing the metric counter, we are assured that the metric counter can not decrease (one-way function). In order to prevent the same metric attacks, hash tree chains combined with leashes are suggested by the authors.