Identity Based Schemes for Securing Mobile AdHoc Networks

Uttam Ghosh*

Department of Electronics and Electrical Communication Engineering

Indian Institute of Technology, Kharagpur, India, Kharagpur-721 302

Email: uttamg@iitkgp.ac.in

Abstract— Attacks can be launched at any layer of theprotocol stack in mobile ad hoc network. In my PhD research,only attacks on Network and Transport layers have beenstudied and some secure mechanisms for preventing thoseattacks are formalized. The overall work can be viewed asa combination of four problems and our goal is to solvethese problems: (a) Secure distribution of IP addresses in adistributed and dynamic way; (b) Providing security in AODV;(c) Providing security in TCP; and (d) Providing QoS andsecure TCP for mobile ad networks.

I. INTRODUCTION

Mobile Ad hoc Network (MANET) is a collection of two

or more devices equipped with wireless communications and

networking capability. The devices within the radio range

can immediately communicate with each other. The nodes

that are not within each other‘s radio range can communicate

with the help of intermediate nodes where the packets are

relayed from source to destination. Each node should be

configured with a unique identity to ensure the packets cor-

rectly routed with the help of routing protocol (e.g., AODV,

DSDV, DSR) in the MANET. Therefore, a node requires

authentication at the time of bootstrap to avoid security

threats that can be seen in each layer of the protocol stack.

However, establishing secure communication in a MANET

is particularly challenging task because: (a) shared wireless

medium; (b) no clear line of defense; (c) self-organizing and

dynamic network; (d) most of the messages are broadcasted;

(e) messages travel in a hop-by-hop manner; (f) nodes are

constrained in terms of computation and battery power.

In IP based networks, IP address uniqueness is one of

the most important requirements, since the node cannot

participate in unicast communications or routing. Often

nodes are assumed to have unique IP addresses configured

a prior, however this is not the case and cannot be achieved

easily in MANETs. Manual or static address configuration

in most cases is inapplicable to MANETs. Centralized

Dynamic Host Configuration Protocol (DHCP) is also not

a suitable solution in MANET, because it has to maintain

the configuration information of all hosts in the network.

Recently, a number of dynamic address configuration pro-

tocols have been proposed for MANET as discussed in the

literature [1]–[8]. However, most of the protocols (a) rely

*My dissertation work undertaken at IIT Kharagpur under the guidanceof Prof. Raja Datta since December 29, 2009

on passive duplicate address detection (DAD) mechanism

[9] to resolve the address conflicts (b) lack a mechanism

for authentication and (c) can not efficiently handle the

network partitions and mergers. In passive DAD, nodes use

periodic link state routing information to notify other nodes

about their neighbors, which in turn causes broadcast storm

problem [10]. The major security threats [5] associated with

dynamic IP address configuration in MANET are AddressSpoofing, Address Exhaustion, False Address Conflict and

False Deny Message attacks.

Hence, for assigning an IP address in MANET, a standard

IP addressing protocol should have the following objectives:

• Distributed Dynamic IP Address Configuration: As

MANET is infrastructureless and dynamic in nature, the

addressing protocol should be distributed among network

nodes to provide IP addresses to the new nodes dynamically.

• Uniqueness: The protocol should assign unique IP ad-

dresses in the MANET for correct routing and unicast

communication.

• Robustness: The chance of address conflicts of the nodes

due to network partitions and mergers should be as low as

possible.

• Scalability: As number of nodes increased in the network,

the time taken to obtain an IP address (i.e., addressinglatency) or number of packet exchanges (i.e., communicationoverhead) during address allocation should not be high.

• Security: A prime concern is to avoid security threats

associated with the address allocation protocol of a MANET.

Therefore, our first objective is to investigate and propose

secure dynamic host configuration protocols that can handle

network events efficiently with low communication overhead

and addressing latency. In this regard, we propose three

dynamic IP configuration schemes [7], [8], [11] that can

securely allocate IP addresses to the individual nodes of a

MANET.

In routing protocols like AODV, malicious node may

advertise a route with a smaller distance than the actual

distance, or advertise a routing update with a large sequence

number and invalidate all routing updates from other nodes.

Therefore, our second objective is to investigate and pro-

pose secure routing protocols so that the above mentioned

activities of malicious nodes can be nullified. In this regard,

an ID based secure AODV protocol is proposed in [12].

2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops

978-0-7695-4676-6/12 $26.00 © 2012 IEEE

DOI 10.1109/IPDPSW.2012.315

2508

2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum

978-0-7695-4676-6/12 $26.00 © 2012 IEEE

DOI 10.1109/IPDPSW.2012.315

2508

2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum

978-0-7695-4676-6/12 $26.00 © 2012 IEEE

DOI 10.1109/IPDPSW.2012.315

2514

The main functions of TCP-like Transport layer protocols

are (a) setting up of end-to-end connection, (b) end-to-

end reliable delivery of packets, (c) flow control, (d) con-

gestion control and (c) clearing of end-to-end connection.

However, TCP is vulnerable to SYN flooding attack or

session hijacking attacks which affects the above functions.

Thus, we intend to propose techniques to include security

mechanisms in transport layer protocol for MANET. To

fulfill this objective, an ID based secure TCP protocol is

proposed in [12].

TCP performs well in wired environment where packet

may loss mainly due to congestion in the network. However,

TCP performs badly and adversely affect the Quality of

Services (QoS) of the MANET where packet losses are

largely due to errors or link failure between the nodes.

TCP also assumes that the established path remains until the

session is over. This assumption may not be true in mobile

ad hoc scenario due to mobility of nodes and therefore QoS

is degraded. In addition, QoS become poor due to malicious

packet drops by the misbehaved nodes. Hence, our final ob-

jective is to propose secure TCP that dynamically adjust its

parameters according to network environment of MANET.

In this ongoing work, we are trying to develop bilinear

pairing based secure TCP that predicts its parameters (e.g.,

congestion window, round trip timeout) from their previous

state values.

II. MOTIVATION

Security is one of the important aspects of any network.

Providing security to MANET is a difficult task due to lack

of pre-existing infrastructure. Protocols are being developed

to secure various aspects of MANET. However, in most

of the existing works complex cryptographic techniques

are used to prevent attacks. Generally, mobile nodes have

limited computational resources, thus these works are not

suitable. Further, most of the existing Intrusion Detection

Systems (IDS) proposed in the literature are in Applicationor in Network layer of the protocol stack. There is a brilliant

scope of research in the field of secure addressing, routing

and data transmission in MANET. This has motivated us

to investigate further the security issues in these layers of

mobile ad hoc networks and to try and develop algorithms

for a secure MANET.

A. IDDIP: An ID based Secure Dynamic IP ConfigurationScheme

In this work, we propose an ID based secure distributed

dynamic IP (IPv4) configuration scheme, namely IDDIP, for

address allocation which eliminates the need for broadcast-

ing messages over the entire MANET during the address

allocation process. Following the proposed scheme, each

host in a MANET can generate K number of new unique

IP addresses for the new authorized hosts. The proposed

scheme provides authentication for address configuration

without the help of a trusted third party while taking care of

the security threats associated with dynamic IP configura-

tion. It also generates node ID (node id) as a node identifier,

which is derived from its IP address and a public key for au-

thentication purpose. Moreover, for message authentication

we have used public key digital signature. Thus, a node can

be identified by the unique tuple 〈node id, IPaddress〉.After the network partition occurs, the split networks can

grow independently. Now if the partitions are merged at any

later stage, even if there is a chance of IP address conflicts,

the chances of tuple conflicts are very less. This shows that

the robustness of IDDIP scheme is medium. However, the

scheme is inefficient to handle the address leak problem

and also false reply attack. The details of the scheme can

be found in [7].

B. IDSDDIP: An ID based Secure Distributed Dynamic IPConfiguration Scheme

In this work, we present an ID based distributed dy-

namic IP (IPv6) configuration scheme, namely IDSDDIP,

that securely allocates IP addresses to the authorized nodes

for a MANET. The scheme is distributed among MANET

nodes. Therefore, each node has capability of generating

unique IP addresses from its own IP address and can assign

those addresses to the new nodes. The proposed scheme

eliminates the need of duplicate address detection procedure,

thus saves the considerable network bandwidth. The scheme

also eliminates the help of a trusted third party for providing

authentication. It also solves the problem (such as address

leak, false reply attack) of IDDIP scheme. Performance

analysis shows that the proposed addressing scheme has low

communication overhead and fairly low addressing latency

with added security mechanisms compared to the similar

existing dynamic address allocation schemes. However, ro-

bustness of the IDSDDIP scheme is low as the chances of

address conflictions due to network partitions and mergers

are high. More detailed of this work can be found in [8].

C. A Novel Signature Scheme to Secure Distributed Dy-namic IP Configuration Scheme

In this work, we propose an ID based distributed dynamic

IP (IPv6) configuration scheme to securely allocate IP

addresses to the authorized hosts for a MANET without

broadcasting over the entire network. The scheme is per-

fectly robust with low overhead and fairly low addressing

latency, and capable of handling the problems that may

arise due to host failures, message losses, mobility of the

hosts and network partitioning or merging. In addition, we

propose a novel bilinear pairing based signature scheme

that authenticates and lessens the security threats associated

with dynamic IP configuration. Proof of correctness of the

proposed signature scheme verifies that the scheme is secure

against any forgery attack. Also, it does not allow keyescrow, as the key generation and distribution is based on

threshold instead of one public key generator. The proposed

scheme is identity based, therefore it does not require any

250925092515

TABLE ICOMPARISON OF DYNAMIC ADDRESSING APPROACHES

Metrics MANETconf [13] Prophet [2] Prime DHCP [14] Wang [5] ADIP [6] IDDIP IDSDDIP WCNC [11]Uniqueness Yes No Yes No Yes Yes Yes Yes

Latency O(2td) O(2t) O(2t) O(2td) O(2t+m) O(2t+ s) O(2t+ s+ c) O(2t+ s+ c)Overhead O(n2) O(n/2) O(n/2) O(n2) O(n/2) O(n/2) O(n/2) O(n/2)

Complexity High High Low Medium Low Low Low LowRobustness Low Low Medium Low Medium High Medium HighestScalability Low High Medium Low Medium Medium Highest Highest

P.Msg Yes No Yes No No Yes Yes NoSecurity No No No Yes Yes Yes Yes Yes

(a) Communication Overhead (b) Addressing Latency

Fig. 1. Communication Overhead and Addressing Latency [11]

certificate. This work has been accepted in IEEE WCNC

[11].

D. Performance Analysis

Table I presents the comparison of our proposed schemes

with the existing dynamic addressing approaches. Here, n is

the number of mobile hosts in the network and the number

of link is l, the network diameter is d and the average 1-hop

latency is t. Detail description of the table can be found in

[7], [8].

E. Simulation

a) Communication Overhead: Figure 1(a) shows the effect

of mobility on the average communication overhead per

node for ADIP [6], Wang et al. scheme [5] and propose

IDDIP [7] and [11] schemes in a network of 50 mobile

nodes. As the mobility increases the average communica-

tion overhead per node increases in IDDIP, ADIP and our

proposed scheme. It can be seen that the IDDIP, ADIP and

our proposed scheme have lower communication overhead

per node because each node sends only one-hop broadcast

messages. Whereas, the Wang et al. scheme has higher

communication overhead due to duplicate address detection

process that floods messages throughout the network.

b) Addressing Latency: Effect of mobility on the av-

erage addressing latency per node for all the approaches

under consideration is shown in Figure 1(b). ADIP and

our proposed schemes IDDIP and [11] have lower average

addressing latency per node because a node can acquire an

address from its neighbors. Therefore, the addressing latency

is only the round trip delay for ADIP and our proposed

schemes. It can be seen that the scheme proposed by Wang

et al. has a higher average addressing latency than ADIP

and our proposed schemes. This is because it uses duplicate

address detection mechanism where message is flooded in

the entire network. Depending on the network diameter a

timer is set by the scheme and only after timeout a new

node is able to configure itself. From the figure, we can

see that the addressing latency increases as the mobility of

the nodes increase. Details of simulation results in different

network environments can be seen in [7], [11].

III. IDENTITY BASED SECURE AODV AND TCPIn this work, we propose an ID based secure AODV protocol

that takes care of the security issues in route discovery and

maintenance phases. In our work we have assumed two

levels of security: high and low. By high level of security

we mean that, when a path is set up, both the source and

the destination node verifies the authenticity of all the other

nodes in the route. In addition to this, the authenticity of a

node is also verified by its immediate downstream node.

In case of low level of security, when a path is set up

the source and destination node verifies the authenticity of

each other (end-to-end) and each intermediate node on the

route verifies the authenticity of the downstream node. The

scheme uses sequential aggregate signatures (SAS) based on

RSA [15]. In addition, we propose an ID based secure TCP

that securely transmits data using the Diffie-Hellman [16]

session key for the MANET nodes. In the proposed scheme,

each node have an ID which is evaluated from its public key

for authentication purpose. Following the proposed scheme

a node cannot change its ID throughout the lifetime of the

MANET. Therefore, the scheme is secure against the above

attacks that are associated with AODV and TCP in MANET.

More details of this work can be found in [12].

A. Security and Performance Analysis

In the proposed scheme, IDI of a node I is generated

from its public key ((NI , eI)) using a secure one way hash

function (H). In addition, public keys ((Ni, ei) and PKi)

along with node IDs are distributed before the deployment

of the MANET. As a result, a node cannot change its ID

within the lifetime of the MANET. Therefore, impersonation

attacks or unauthorized participation is not possible.

As the source/ destination node signs the RREQ/ RREPpacket using their private key, a malicious node cannot be

251025102516

able to modify the route sequence number. Also, RREQ/RREP packets are signed by the each intermediate node.

Therefore, a malicious node cannot change the value of the

hop count field. Due to similar reason, a malicious node

cannot change the source/ destination address of a packet.

In the first scenario, node IDs are cached and the routing

messages are signed by them. The source/ destination node

verifies the authenticity of each node on the route. In the

second scenario, authentication is done in hop-by-hop and

end-to-end manner. Therefore, two or more malicious nodes

cannot collaborate to make the tunnel. In the proposed

scheme, messages are signed by the nodes on the route at

the time of route maintenance. Therefore, a malicious node

cannot falsely inject route error message to the source.

For providing security at transport layer or TCP, the

proposed scheme uses message authentication code (MAC).

A node cannot hide and change its ID or cannot spoofed IDof another nodes. In addition, the segments are sent along

the authentication tag. Therefore, the SYN flooding attack

is difficult for an attacker. Initial sequence number (ISN )

is generated by the source and destination nodes from a

monotonically increasing random number (R) and a hash

function of source port, destination port, IDS , IDD and

session secret key K. Therefore, a malicious node may not

be able to guess the ISN and cannot hijack the session or

launch ACK storm in the MANET.

The scheme does not need certificate for authentication

because it uses identity-based cryptography. Also, public

keys along with IDs of the nodes are distributed before

the deployment of the MANET. Therefore, it eliminates the

need of sending the public key with the packet. Since the

SAS-based scheme is based on plain RSA, its per-signer

signature generation cost is equivalent to that of a plain

RSA signature. However, following are the overheads of the

proposed protocol:

• Each node has to maintain the list of public keys along

with IDs of other nodes in the network.

• In the first scenario, it has to cache IDs and signatures

of all the nodes on the route. However, the signature

expands by one bit per signers that is if the number of

signers are t, then the signature expands by t-bits.

• Each node has to verify its predecessor and sign the

messages. Source/ destination node has to verify all

the nodes on the route in case of the first scenario.

• To generate the session key for a session, each time

encryption and decryption has to be done by the source

and destination node respectively.

IV. SIGNIFICANCE OF THE RESEARCH

The proposed schemes mainly focus on the attacks of

Network and Transport layers and provides security at

bootstrap, network formation, route discovery and mainte-

nance, and end-to-end data transmission with good QoS of

MANET.

V. CONCLUSION AND FUTURE RESEARCH

In our work to date, we have proposed three ID based

secure distributed dynamic IP address allocation schemes

for mobile ad hoc networks. The IDDIP scheme [7] has

been accepted in Elsevier Ad Hoc Networks journal. We

have designed a testbed namely MANTest at our lab in

IIT Kharagpur and implemented the IDDIP scheme. The

IDSDDIP scheme [8] has been accepted in ICDCN, 2012

and the third scheme [11] for secure address allocation is

accepted in IEEE WCNC, 2012. These schemes for secure

address allocation will also be implemented in MANTest.The extended version of IDSDDIP scheme is under review

in Elsevier Ad Hoc Networks journal. Now, we are ex-

tending the [11] scheme to provide secure routing and data

transmission. The IDSAODV for securing AODV and the

IDSTCP for securing TCP have been accepted in ACWR,

2011. The remaining work for the dissertation is to propose

and develop bilinear pairing based secure routing protocols.

We also plan to propose and develop bilinear pairing based

secure transmission control protocol which will be predic-

tion based and provides good QoS to the MANET.

REFERENCES

[1] M. Fazio, M. Villari, and A. Puliafito, “Aipac: Automatic ip addressconfiguration in mobile ad hoc networks,” Performance Evaluationof Wireless Networks and Communications, vol. Computer Commu-nications 29, Issue 8, pp. 1189–1200, 15 May 2006.

[2] H. Zhou, L. M. Ni, and M. W. Mutka, “Prophet address allocationfor large scale manets,” INFOCOM, pp. 1304–1311, 2003.

[3] M. Tajamolian, M. Taghiloo, and M. Tajamolian, “Lightweight secureip address auto-configuration based on vasm,” 2009 InternationalConference on Advanced Information Networking and ApplicationsWorkshops, pp. 176–180, Waina 2009.

[4] A. Cavalli and J. Orset, “Secure hosts auto-configuration in mobilead hoc networks,” Data Communication and Topology Control in AdHoc Networks, vol. Ad Hoc Networks 3, Issue 5, pp. 656–667, 2005.

[5] P. Wang, D. S. Reeves, and P. Ning, “Secure address auto-configuration for mobile ad hoc networks,” in Proceedings of 2ndAnnual International Conference MobiQuitous, pp. 519–522, 2005.

[6] U. Ghosh and R. Datta, “Adip: an improved authenticated dynamicip configuration scheme for mobile ad hoc networks,” Int. J. UltraWideband Communications and Systems, vol. 1, pp. 102–117, 2009.

[7] U. Ghosh and R. Datta, “A secure dynamic ip configuration schemefor mobile ad hoc networks,” Ad Hoc Networks, vol. 9, no. 7, pp. 1327– 1342, 2011.

[8] U. Ghosh and R. Datta, “An id based secure distributed dynamic ipconfiguration scheme for mobile ad hoc networks,” in DistributedComputing and Networking, vol. 7129 of LNCS, pp. 295–308, 2012.

[9] K. Weniger, “Passive duplicate address detection in mobile ad hocnetworks,” in IEEE WCNC, (Florence, Italy), February 2003.

[10] S. Ni, Y. Tseng, Y. Chen, and J. Sheu, “The broadcast storm problemin a mobile ad hoc network,” in Proceedings of the ACM/IEEEMOBICOM, pp. 151–162, 1999.

[11] U. Ghosh and R. Datta, “A novel signature scheme to secure dis-tributed dynamic address configuration protocol in mobile ad hocnetworks,” in IEEE WCNC, (Paris, France), 2012 (Accepted).

[12] U. Ghosh and R. Datta, “Identity based secure aodv and tcp for mobilead hoc networks,” in ACWR2011, (India), December 18-21, 2011.

[13] S. Nesargi and R. Prakash, “Manetconf: Configuration of hosts in amobile ad hoc network,” INFOCOM, pp. 1059–1068, 2002.

[14] Y. Hsu and C. Tseng, “Prime dhcp: A prime numbering addressallocation mechanism for manets,” in IEEE Communicatons, 2005.

[15] H. Shacham, “Sequential aggregate signatures from trapdoor homo-morphic permutations,” 2003.

[16] W. Diffie and M. E. Hellman, “New directions in cryptography,” inIEEE Trans. Inf. Theory, vol. IT-22, pp. 644–654, November 2006.

251125112517