Hash chains at the basis of a secure reactive routing protocol
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
| Hi-index | 0.00 |
A mobile ad hoc Network (MANET) is a mesh network in which mobile wireless nodes are both hosts and routers, permitting them to communicate without base stations. Because of this cooperative routing capability, MANETs have been envisioned for military and emergency communication, but become more vulnerable to routing attacks than wired networks. If a malicious node in a MANET propagates forged routing information, such a node can easily disrupt the network to cause denial of service, or can hijack critical routes. Due to the MANET's unique routing characteristics, defending routing attacks is challenging but crucial. Traditional cryptographic authentication schemes are not sufficient because nodes are subject to insider attacks. Intrusion detection systems are ideal to detect insider attacks, but intrusion detection has been mainly applied to wired networks and is not obviously applicable to MANETs. In this dissertation, we demonstrate the specification-based intrusion detection approach to define normal routing behavior specifications such that activities that violate the specifications signify routing attacks. We proposed a distributed intrusion detection system capable of detecting unknown attacks, consisting of four models together with formal reasoning and simulation experiments to evaluate the effectiveness of this intrusion detection technique. We developed two specification based intrusion detection models for AODV (Ad hoc On-demand Distance Vector) and OLSR (Optimized Link State Routing), which are the two most widely used routing protocols in MANET. We developed a Distributed Evidence-driven Message Exchanging intrusion detection Model (DEMEM), which is the basis for a practical distributed intrusion detection and message exchange framework. We implemented DEMEM with only three ID messages to provide a reliable and efficient message exchange platform for intrusion detection in OLSR. We also proposed a Distributed Routing Evidence Tracing and Authentication intrusion prevention model (DRETA), which provides authentication with low computation overhead and scalable integrity protection for forwarded routing messages. DRETA integrates our three models into one complete intrusion detection system. To enhance this system, we are proposing a cooperative intrusion response model that correlates local alarms to generate global alerts. In addition, we suggest a detection model for tunneling attacks, which are currently not detectable in most systems, and extensions of this system to support other routing protocols in MANETs.