1 Introduction
Ad hoc networks are a new paradigm of wireless communication for mobile hosts (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology. Military tactical operations are still the main
Application of ad hoc networks today. For example, military units (e.g., soldiers, tanks, or planes), equipped with wireless communication devices, could form an ad hoc network when they roam in a battlefield. Ad hoc networks can also be used for emergency, law enforcement, and rescue missions. Since an ad hoc network can be deployed rapidly with relatively low cost, it becomes an attractive option for commercial uses such as sensor networks or virtual classrooms.
1.1 Security goals
Security is an important issue for ad hoc networks, especially for those security-sensitive applications. To secure an ad hoc network, we consider the following attributes: availability, confidentiality, integrity, authentication, and non-repudiation.
Availability ensures the survivability of network services despite denial of service attacks. A denial of service attack could be launched at any layer of an ad hoc network. On the physical and media access control layers, an adversary could employ jamming to interfere with communication on physical channels. On the network layer, an adversary could disrupt the routing protocol and disconnect the network. On the higher layers, an adversary could bring down high-level services. One such target is the key management service, an essential service for any security framework.
Confidentiality ensures that certain information is never disclosed to unauthorized entities. Network transmission of sensitive information, such as strategic or tactical military information, requires confidentiality. Leakage of such information to enemies could have devastating consequences. Routing information must also remain confidential in certain cases, because the information might be valuable for enemies to identify and to locate their targets in a battlefield.
Integrity guarantees that a message being transferred is never corrupted. A message could be corrupted because of benign failures, such as radio propagation impairment, or because of malicious attacks on the network.
Authentication enables a node to ensure the identity of the peer node it is communicating with. Without authentication, an adversary could masquerade a node, thus gaining unauthorized access to resource and sensitive information and interfering with the operation of other nodes.
Finally, non-repudiation ensures that the origin of a message cannot deny having sent the message. No repudiation is useful for detection and isolation of compromised nodes. When a node A receives an erroneous message from a node B, non-repudiation allows A to accuse B using this message and to convince other nodes that B is compromised.
There are other security goals (e.g., authorization) that are of concern to certain applications, but we will not pursue these issues in this paper.
1.2 Challenges
The salient features of ad hoc networks posses both challenges and opportunities in achieving these security goals.
First, use of wireless links renders an ad hoc network susceptible to link attacks ranging from passive eavesdropping to active impersonation, message replay, and message distortion. Eavesdropping might give an adversary access to secret information, violating confidentiality. Active attacks might allow the adversary to delete messages, to inject erroneous messages, to modify messages, and to impersonate a node, thus violating availability, integrity, authentication, and non-repudiation.
Secondly, nodes, roaming in a hostile environment (e.g., a battlefield) with relatively poor physical protection, have non-negligible probability of being compromised. Therefore, we should not only consider malicious attacks from outside a network, but also take into account the attacks launched from within the network by compromised nodes. Therefore, to achieve high survivability, ad hoc networks should have a 2 distributed architecture with no central entities. Introducing any central entity into our security solution could lead to significant vulnerability; that is, if this centralized entity is compromised, then the entire network is subverted.
Thirdly, an ad hoc network is dynamic because of frequent changes in both its topology and its membership (i.e., nodes frequently join and leave the network). Trust relationship among nodes also changes, for example, when certain nodes are detected as being compromised. Unlike other wireless mobile networks, such as mobile IP [21, 48, 34], nodes in an ad hoc network may dynamically become affiliated with administrative domains. Any security solution with a static configuration would not suffice. It is desirable for our security mechanisms to adapt on-the-fly to these changes.
Finally, an ad hoc network may consist of hundreds or even thousands of nodes. Security mechanisms should be scalable to handle such a large network.
1.3 Routing Protocol and Threats
Routing protocols for ad hoc networks are still under active research. There is no single standard routing protocol. Therefore, we aim to capture the common security threats and to provide guidelines to secure routing protocols. In most routing protocols, routers exchange information on the topology of the network in order to establish routes between nodes. Such information could become a target for malicious adversaries who intend to bring the network down. There are two sources of threats to routing protocols. The first comes from external attackers. By injecting erroneous routing information, replaying old routing information, or distorting routing information, an attacker could successfully partition a network or introduce excessive traffic load into the network by causing retransmission and inefficient routing.
The second and also the more severe kind of threats come from compromised nodes, which might advertise incorrect routing information to other nodes. Detection of such incorrect information is difficult: merely requiring routing information to be signed by each node would not work, because compromised nodes are able to generate valid signatures using their private keys.
To defend against the first kind of threats, nodes can protect routing information in the same way they protect data traffic, i.e., through the use of cryptographic schemes such as digital signature. However, this defense is ineffective against attacks from compromised servers. Worse yet, as we have argued, we cannot neglect the possibility of nodes being compromised in an ad hoc network. Detection of compromised nodes through routing information is also difficult in an ad hoc network because of its dynamically changing topology: when a piece of routing information is found invalid, the information could be generated by a compromised node, or, it could have become invalid as a result of topology changes. It is difficult to distinguish between the two cases.
On the other hand, we can exploit certain properties of ad hoc networks to achieve secure routing. Note that routing protocols for ad hoc networks must handle outdated routing information to accommodate the dynamically changing topology. False routing information generated by compromised nodes could, to some extent, be considered outdated information. As long as there are sufficiently many correct nodes, the routing protocol should be able to find routes that go around these compromised nodes. Such capability of the routing protocols usually relies on the inherent redundancies — multiple, possibly disjoint, routes between nodes — in ad ho
c networks.
2. Key Management Service
We employ cryptographic schemes, such as digital signatures, to protect both routing information and data traffic. Use of such schemes usually requires a key management service. We adopt a public key infrastructure because of its superiority in distributing keys and in achieving integrity and non-repudiation. Efficient secret key schemes are used to secure further communication after nodes authenticate each other and establish a shared secret session key. In a public key infrastructure, each node has a public/private key pair. Public keys can be distributed to other nodes, while private keys should be kept confidential to individual nodes. There is a trusted entity called Certification Authority (CA) [11, 47, and 26] for key management. The CA has a public/private key pair, with its public key known to every node, and signs certificates binding public keys to nodes. The trusted CA has to stay on-line to reflect the current bindings, because the bindings could change over time: a public key should be revoked if the owner node is no longer trusted or is out of the network; a node may refresh its key pair periodically to reduce the chance of a successful brute-force attack on its private key. It is problematic to establish a key management service using a single CA in ad hoc networks. The CA, responsible for the security of the entire network, is a vulnerable point of the network: if the CA is unavailable, nodes cannot get the current public keys of other nodes or to establish secure communication with others. If the CA is compromised and leaks its private key to an adversary, the adversary can then sign any erroneous certificate using this private key to impersonate any node or to revoke any certificate.
A standard approach to improve availability of a service is replication. But a naive replication of the CA makes the service more vulnerable: compromise of any single replica, which possesses the service private key, could lead to collapse of the entire system. To solve this problem, we distribute the trust to a set of nodes by letting these nodes share the key management responsibility.
3. Push! Photo: Informal Photo Sharing in Ad-Hoc Networks
As mobile camera phones become ubiquitous the practice of photography changes. Camera phone pictures are usually taken with sharing in mind. Meanwhile, publicly sharing photographs online has become increasingly popular with websites such as Flickr. Push! Photo is a mobile photo sharing application where photos can be made public and immediately accessed by anyone nearby. The application also automatically searches for photos on nearby devices to find interesting and relevant photos. Push! Photo shows how it is possible to share digital photos just as easy as paper photos.
Shoot!
Publicize!
Discover!
Enjoy!
3.1 THE PUSH! PHOTO PROTOTYPE
The current prototype of Push! Photo allows photos to be made public, and users can browse their own photo collection as well as those of others nearby. When devices are in proximity of one another, they will automatically start to search each other’s public photo collections for
Photographs relevant to one self. These photos are shown as a multi-picture slideshow, which is extended as new photos are found. To browse photos from an event shown in a particular photo the user can click on that picture in the slideshow. The application will then download all photos from nearby devices taken at that event. In this way, if a user spots an interesting picture in the slideshow, she can easily find more photos from the same occasion. To decide
Whether two photos are from the same event, information about whom else was around and the time of shooting is used. The application implements a discovery service to find other devices when they are within Wi Fi-range. Thus the application is always aware of who else (using Push!Photo) is around at a particular time. As a photograph is taken, the resulting picture is tagged with this information together with the time and the identity of the photographer. The current prototype is an application running on
Pocket PCs with WiFi-cards and external SD-cameras
3.2 RELATED WORK
In previous work with Push! Music [2] music files were replaced with so called media agents which were enabled to autonomously copy themselves between devices over a wireless ad hoc network. The media agents try to find their
way to potential listeners as users meet, and as a song is copied it automatically enters the play list. In this way the users discover new music while passively listening. Other projects have looked at mobile photo sharing. Davis et al. in MM2 uses the notion of co-presence to simplify the decision of with whom to share [1]. Photos are then uploaded automatically to a central web server where the sharing recipients can access the photos. Kohno and Rekimoto instead use GPS information and time stamps to decide if pictures are from the same event or not [4]. This is used to let users easily browse each others photos when standing in a group to serve as a topic of discussion. The system also let users drag and drop pictures between your own and other’s devices. As a contrast, Push! Photo aims to look into how mobile sharing can be simplified by allowing seamless sharing, and using context and tagging to automatically find interesting and relevant photographs
4 Conclusions
In this paper, we have analyzed the security threats an ad hoc network faces and presented the security objectives that need to be achieved. On one hand, the security-sensitive applications of ad hoc networks require high degree of security; on the other hand, ad hoc networks are inherently vulnerable to security attacks. Therefore, security mechanisms are indispensable for ad hoc networks. The idiosyncrasy of ad hoc networks poses both challenges and opportunities for these mechanisms. This paper focuses on how to secure routing and how to establish a secure key management service in an ad hoc networking environment. These two issues are essential to achieving our security goals. Besides the standard security mechanisms, we take advantage of the redundancies in ad hoc network topology and use diversity coding on multiple routes to tolerate both benign and Byzantine failures. To build a highly available and highly secure key management service, we propose to use threshold cryptography to distribute trust among a set of servers. Furthermore, our key management service employs share refreshing to achieve proactive security and to adapt to changes in the network in a scalable way. Finally, by relaxing the consistency requirement on the servers, our service does not rely on synchrony assumptions. Such assumptions could lead to vulnerability. A prototype of the key management service has been implemented, which shows its feasibility. The paper represents the first step of our research to analyze the security threats, to understand the security requirements for ad hoc networks, and to identify existing techniques, as well as to propose new mechanisms to secure ad hoc networks. More work needs to be done to deploy these security mechanisms in
an ad hoc network and to investigate the impact of these security mechanisms on the network performance.
5 Acknowledgments
I would like to thank my friends for their invaluable contributions to this work. I am also grateful to my family and the anonymous reviewers for their comments and suggestions that helped to improve the quality of the paper.
I am grateful to Almighty for His blessings upon me.
6 References
[1] E. Ayanoglu, C.-L. I, R. D. Gitlin, and J. E. Mazo. Diversity coding for transparent self-healing and
fault-tolerant communication networks. IEEE Transactions on Communications, 41(11):1677–1686,
November 1993.
[2] M. Castro and B. Liskov. Practical Byzantine fault tolerance. In Proceedings of the 3rd USENIX
Symposium on Operating S
ystem Design and Implementation (OSDI’99), pages 173–186, New Orleans,
LA USA, February 22–25, 1999. USENIX Association, IEEE TCOS, and ACM SIGOPS.
[3] Y. Desmedt. Threshold cryptography. European Transactions on Telecommunications, 5(4):449–457,
July–August 1994.
[4] Y. Desmedt and Y. Frankel. Threshold cryptosystems. In G. Brassard, editor, Advances in Cryptology—
Crypto’89, the 9th Annual International Cryptology Conference, Santa Barbara, CA USA, August 20–24,
1989, Proceedings, volume 435 of Lecture Notes in Computer Science, pages 307–315. Springer, 1990.
[5] Y. Desmedt and S. Jajodia. Redistributing secret shares to new access structures and its applications.
Technical Report ISSE TR-97-01, George Mason University, July 1997.
[6] A. Ephremides, J. E. Wieselthier, and D. J. Baker. A design concept for reliable mobile radio networks
with frequency hopping signaling. Proceedings of the IEEE, 75(1):56–73, January 1987.
[7] P. Feldman. A practical scheme for non-interactive verifiable secret sharing. In Proceedings of the 28th
Annual Symposium on the Foundations of Computer Science, pages 427–437. IEEE, October 12–14,
1987.
[8] M. J. Fischer, N. A. Lynch, and M. S. Peterson. Impossibility of distributed consensus with one faulty
processor. Journal of the ACM, 32(2):374–382, April 1985.
[9] Y. Frankel, P. Gemmel, P. MacKenzie, and M. Yung. Optimal resilience proactive public-key cryptosystems.
In Proceedings of the 38th Symposium on Foundations of Computer Science, pages 384–393,
Miami Beach, FL USA, October 20–22, 1997. IEEE.
[10] Y. Frankel, P. Gemmell, P. MacKenzie, and M. Yung. Proactive RSA. In B. S. Kaliski Jr., editor,
Advances in Cryptology—Crypto’97, the 17th Annual International Cryptology Conference, Santa Barbara,
CA USA, August 17–21, 1997, Proceedings, volume 1294 of Lecture Notes in Computer Science,
pages 440–454. Springer, 1997.
[11] M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson. The digital distributed systems security architecture.
In Proceedings of the 12th National Computer Security Conference, pages 305–319, Baltimore,