SECURING AD HOC NETWORK ROUTINGHarry Sunarsa

INTRO

DU

CTION

OverviewNodes within ad hoc network are mobile, also known as MANET, they communicate with each other within radio range through direct wireless links or multi-hop routing. The nodes can continuously move into and out of the radio range of the other nodes in the ad hoc network, and the routing information will be changing all the time because of the movement of the nodes

Characteristics- No fixed infrastructure-Dynamic topology- Energy constrained- Node acts both as a host and router

SECURITY ISSU

ESSecurity Goal [4]

• Availability: ensures the survivability of network services despite denial of service attacks.• Confidentiality : Ensures that secret information or data is never disclosed to unauthorized devices.• Integrity : Ensures that a message received is not corrupted.• Authentication: enables a node to ensure the identity of the peer node it is communicating with.• Non-repudiation: ensures that the origin of a message cannot deny having sent the message.

Challenge [2]:• the vulnerability of the link• limited physical protection of each of the nodes• dynamically changing of topology• the absence of a certification authority• the lack of the centralized monitoring or management point

SECURITY ISSU

ESThreat

•External attacks come from outside intruders, i.e. non participants in the protocol, whose objective is the disruption of normal routing operation• To defend against the external attacks, nodes can protect routing information in the same way they protect data traffic.• A compromised node is categorized as internal attack. • the most severe threat for MANETs, it may broadcast wrong routing information to other nodes• Detection of compromised nodes through routing information is also difficult due to dynamic topology of Adhoc networks. •Routing protocols for Adhoc networks must handle outdated routing information to accommodate dynamic changing topology.

ROU

TING

PROTO

COL ISSU

ES Attacks using modification of protocol fields of messages

• The level of trust in a traditional Ad-hoc network cannot be measured or enforced, enemy nodes or compromised nodes may participate directly in the route discovery and may intercept and filter routing protocol packets to disrupt communication.

• Malicious nodes can easily cause redirection of network traffic and DOS attacks by simply altering these fields

• in Figure 5, a malicious node M could keep traffic from reaching X by consistently advertising to B a shorter route to X than the route to X, which C is advertising.

ROU

TING

PROTO

COL ISSU

ES Attacks using modification of protocol fields of messages

• The attacks can be classified as remote redirection attacks and denial of service attacks

Remote redirection with modified route sequence number (AODV) • Remote redirection attacks are also called black-hole attacks[7].• a malicious node uses routing protocol to advertise itself as the

shortest path to nodes whose packets it wants to intercept• Protocols such as AODV instantiate and maintain routes by

assigning monotonically increasing sequence numbers to routes towards a specific destination

• any node may divert traffic through itself by advertising a route to a node with a destination sequence number greater than the authentic value.

• Figure 5 illustrates an example ad hoc network. Suppose a malicious node, M, receives the RREQ that originated from S for destination X after it is re-broadcast by B during route discovery.

• M redirects traffic towards itself by unicasting to B a RREP containing a significantly higher destination sequence num for X than the authentic value last advertised by X.

ROU

TING

PROTO

COL ISSU

ES Attacks using modification of protocol fields of messages

Redirection with modified hop count (AODV) • by modifying the hop count field in route discovery messages.• When routing decisions cannot be made by other metrics, AODV

uses the hop count field to determine a shortest path.• The malicious nodes can attract route towards themselves by

resetting the hop count field of the RREP to zero.• Once the malicious node has been able to insert itself between

two communicating nodes it is able to do anything with the packets passing between them.

• It can choose to drop packets to perform a denial of service attack, or alternatively use its place on the route as a first step in man-in-the-middle attack.

ROU

TING

PROTO

COL ISSU

ES Attacks using modification of protocol fields of messages

Denial of service with modified source routes • DSR is a routing protocol, which explicitly states routes in data

packets. • These routes lack any integrity checks and a simple denial-of-

service attack can be launched in DSR by altering the source routes in packet headers.

• Modification to source routes in DSR may also include the introduction of loops in the specified path.

• Although DSR prevents looping during the route discovery process, there are insufficient safeguards to prevent the insertion of loops into a source route after a route has been salvaged.

ROU

TING

PROTO

COL ISSU

ES Attacks using impersonation

• Current Ad-hoc routing protocols do not authenticate source IP address. A malicious node can launch many attacks by altering its MAC or IP address.

• Both AODV and DSR are susceptible to this attack.• In this type of attack, nodes may be able to join the network undetectably,

or send false routing information, masquerading as some other trusted node

ROU

TING

PROTO

COL ISSU

ES Attacks using fabrication

• Generation of false routing messages is termed as fabrication messages. Such attacks are difficult to detect.

Falsifying route error messages in AODV or DSR • AODV and DSR implement path maintenance measures to recover

broken paths when nodes move. • The vulnerability is that routing attacks can be launched by sending

false route error messages.• Suppose node S has a route to node X via nodes A, B, and C, as in

Figure 5. A malicious node M can launch a denial of service attack against X by continually sending route error messages to B spoofing node C, indicating a broken link between nodes C and X.

• B receives the spoofed route error message thinking that it came from C.

• B deletes its routing table entry for X and forwards the route error message on to A, who then also deletes its routing table entry. If M listens and broadcasts spoofed route error messages whenever a route is established from S to X, M can successfully prevent communications between S and X.

ROU

TING

PROTO

COL ISSU

ES Attacks using fabrication

Route cache poisoning in DSR • This is a passive attack that can occur in DSR due to promiscuous

mode of updating routing table which is employed by DSR. • Occurs when information stored in routing table at routers is

deleted, altered or injected with false information.• DSR Nodes learn the routes from packet’s headers, which a node is

processing along a path, routes in DSR may also be learned from promiscuously received packets.

• A node overhearing any packet may add the routing information contained in that packet's header to its own route cache.

• The vulnerability is that an attacker could easily exploit this method of learning routes and poison route caches.

• Suppose a malicious node M wanted to poison routes to node X. If M were to broadcast spoofed packets with source routes to X via itself, neighboring nodes that overhear the packet transmission may add the route to their route cache.

ROU

TING

PROTO

COL ISSU

ES Attacks using fabrication

Routing table overflow attack • In routing table overflow attack, the attacker attempts to create

route to non-existent nodes.• The goal of the attacker is to create enough routers to prevent new

routes from being created or overwhelm the protocol.• Implementation and flush out legitimate routes from routing

tables. • Proactive routing algorithms attempt to discover routing

information even before they are needed, while reactive algorithms create only when they are needed. This makes proactive algorithms more vulnerable to table overflow attacks.

SOLU

TION

TO AD

HO

C ROU

TING

Installing extra facilities in the network to mitigate routing misbehavior

• Misbehaving nodes can reduce network throughput and result in poor robustness.

• A technique to identify and isolate such nodes is proposed in [10] by installing a watchdog and a pathrater in the Ad-hoc network on each node.

• The watchdog identifies misbehaving nodes, while the pathrater avoids routing packets through these nodes.

• When a node forwards a packet, the node’s watchdog verifies that the next node in the path also forwards the packet.

• The watchdog does this by listening promiscuously to the next node’s transmissions. If the next node does not forward the packet, then it is misbehaving.

• The pathrater uses this knowledge of misbehaving nodes to choose the network path that is most likely to deliver packets.

SOLU

TION

TO AD

HO

C ROU

TING

Watchdog

• when A transmits a packet for B to forward to C, A can often tell if B transmits the packet.

• If encryption is not performed separately for each link, which can be expensive, then A can also tell if B has tampered with the payload or the header.

Advantages The watchdog mechanism can detect misbehaving nodes at forwarding level and not just the link level.

S CBA

Figure 6: Watchdog’s operation.

D

SOLU

TION

TO AD

HO

C ROU

TING

Watchdog

• The watchdog is implemented by maintaining a buffer of recently sent packets and comparing each overheard packet with the packet in the buffer to see if there is a match.

• If so, the packet in the buffer is removed and forgotten by the watchdog, since it has been forwarded on.

• If the packet has remained in the buffer for longer than a certain timeout, the watchdog increments a failure tally for the node responsible for forwarding on the packet.

• If the tally exceeds a certain threshold bandwidth, it determines that the node is misbehaving and sends a message to the source notifying it of the misbehaving node.

SOLU

TION

TO AD

HO

C ROU

TING

Watchdog - Weakness

Ambiguous collision• It prevents A from overhearing transmissions from B• A packet collision occur at A while it is listening for B to forward on a

packet.• A does not know if the collision was caused by forwarding on a packet as

it should or if B never forwarded the packet and the collision was caused by other nodes in A’s neighborhood.

• Because of this uncertainty, A should instead continue to watch B over a period of time.

S CBA

Figure 7: Ambiguous Collision.

D

2 1 1

SOLU

TION

TO AD

HO

C ROU

TING

Watchdog - Weakness

Receiver collision• node A can only tell whether B sends the packet to C, but it cannot tell if C

receives it. • If a collision occurs at C when B first forwards the packet, A only sees B

forwarding the packet and assumes that C successfully receives it.• Thus, B could skip retransmitting the packet and evade detection.

S CBA

Figure 8: Receiver Collision

D

SOLU

TION

TO AD

HO

C ROU

TING

Watchdog - Weakness

False misbehavior• It can occur when nodes falsely report other nodes as misbehaving. • A malicious node could attempt to partition the network by claiming that

some nodes following it in the path are misbehaving. • For instance, node A could report that node B is not forwarding packets

when in fact it is. This will cause S to mark B as misbehaving when A is the culprit.

• This behavior, however, will be detected. Since A is passing messages onto B (as verified by S), then any acknowledgements from D to S will go through A to S, and S will wonder why it receives replies from D when supposedly B dropped packets in the forward direction.

• In addition, if A drops acknowledgements to hide them from S, the node B will detect this misbehavior and will report it to D.

SOLU

TION

TO AD

HO

C ROU

TING

Watchdog - Weakness

Limited transmission power• Another problem is that a misbehaving node that can control its

transmission power can circumvent the watchdog. • A node could limit its transmission power such that the signal is strong

enough to be overheard by the previous node but too weak to be received by the true recipient.

Multiple colluding nodes• Multiple nodes in collusion can mount a more sophisticated attack. For

example, B and C could collude to cause mischief. In this case, B forwards a packet to C but does not report to A when C drops the packet. Because of its limitation, it may be necessary to disallow two consecutive un-trusted nodes in a routing path.

SOLU

TION

TO AD

HO

C ROU

TING

Watchdog - Weakness

Partial dropping• A node can circumvent the watchdog by dropping packets at a lower rate

than the watchdog’s configured minimum misbehavior threshold.• Although the watchdog will not detect this node as misbehaving, this node

is forced to forward at the threshold bandwidth. • In this way the watchdog serves to enforce this minimum bandwidth. For

the watchdog to work properly it must know where a packet should be in two hops.

SOLU

TION

TO AD

HO

C ROU

TING

Pathrater

• The pathrater is run by each node. • It combines the knowledge of misbehaving nodes with link reliability data

to pick. The most reliable route.• Each node maintains a rating for every other node it knows about in the

network. It calculates a path metric by averaging the node ratings in the path.

• This metric gives a comparison of the overall reliability of different paths and allows pathrater to emulate the shortest length path algorithm when no reliability information has been collected.

• If there are multiple paths to the same destination, the path with the highest metric is selected. Since the pathrater depends on knowing the exact path a packet has traversed, it must be implemented on top of a source routing protocol.

SOLU

TION

TO AD

HO

C ROU

TING

Pathrater

• When anode in the network becomes known to the pathrater (through route discovery), the pathrater assigns it a “neutral” rating of “0.5”. A node always rates itself with a “1.0”.

• This ensures that when calculating path rates, if all other nodes are neutral nodes (rather than suspected misbehaving nodes); the pathrater picks the shortest length path.

• The pathrater increments the ratings of nodes on all actively used paths by 0.01 at periodic intervals of 200 ms.

• An actively used path is one on which the node has sent a packet within the previous rate increment interval. The maximum value a neutral node can attain is 0.8. The node’s rating is decreased by 0.05 when a link break during packet forwarding and the node becomes unreachable.

• The lower bound rating of a “neutral” node is 0.0. The pathrater does not modify the ratings of nodes that are not currently in active use.

SOLU

TION

TO AD

HO

C ROU

TING

Pathrater

• When the pathrater calculates the path metric, negative path values indicate the existence of one or more suspected misbehaving nodes in the path (special highly negative value is assigned by watchdog, -100 in the simulations,).

• If a node is marked as misbehaving due to a temporary malfunction or incorrect accusation it would be preferable if it were not permanently excluded from routing.

• Therefore nodes that have negative ratings should have their ratings slowly increased or set back to a non-negative value after a long timeout.

SOLU

TION

TO AD

HO

C ROU

TING

Security Aware Routing - SAR

SOLU

TION

TO AD

HO

C ROU

TING

Security Aware Routing - SAR

• makes use the trust levels (security attributes assigned to nodes) to make informed and secure routing decision.

• Current routing protocols discover the shortest path between two nodes. But SAR can discover a path with desired security attributes (E.g. a path through nodes with a particular shared key).

• A node initiating route discovery sets the sought security level for the route i.e. the required minimal trust level for nodes participating in the query/reply propagation.

• Nodes at each trust level share symmetric encryption keys. Intermediate nodes of different levels cannot decrypt in-transit routing packets or determine whether the required security attributes can be satisfied and drop them.

• Only the nodes with the correct key can read the header and forward the packet. So if a packet has reached the destination, it must have been propagated by nodes at the same level, since only they can decrypt the packet, see its header and forward it.

DrawbacksA lot of encryption overhead, since each intermediate node has to performs it.

SOLU

TION

TO AD

HO

C ROU

TING

SAODV - Implementation SAR extends AODV

• Most of AODV’s original behavior such as on-demand discovery using flooding, reverse path maintenance and forward path setup via Route Request and Reply (RREP) messages is retained.

• The RREQ packet has an additional field called RQ_SEC_REQUIREMENT that indicates the required security level for the route the sender wishes to discover.

• An intermediate node at the required trust level, updates the RREQ packet by updating another new field, RQ_SEC_GUARANTEE field. The RQ_SEC_GUARANTEE field contains the minimum security offered in the route.

• This can be achieved if each intermediate node at the required trust level performs an ‘AND’ operation with RQ_SEC_GUARANTEE field it receives and puts the updated value back into the RQ_SEC_GUARANTEE field before forwarding the packet.

• When an RREQ successfully traverses the network, the RQ_SEC_GUARANTEE represents the minimum security level in the entire path from source to destination.

• the destination copies this from the RREQ to the RREP, into a new field called RP_SEC_GUARANTEE field. The sender can use this value to determine the security level on the whole path, since the sender can find routes which offer more security than asked for, with which he can make informed decisions.

SOLU

TION

TO AD

HO

C ROU

TING

Authenticated Routing for Ad-hoc Networks - ARAN

• ARAN is presented in [14], introduces authentication, message integrity and non-repudiation to an Ad-hoc environment.

• ARAN is composed of two distinct stages. The first stage is simple and requires little extra work from peers beyond traditional ad hoc protocols. Nodes that perform the optional second stage increase the security of their route, but acquire additional cost for their ad hoc peers who may not comply (e.g., if they are low on battery resources).

• ARAN makes use of cryptographic certificates for the purposes of authentication and non-repudiation.

SOLU

TION

TO AD

HO

C ROU

TING

ARAN, Stage 1

Preliminary Certification • Before entering the Ad-hoc network, each node requests a certificate from T. For a

node A, T -> A: CertA = [IPA, KA+, t, e]KT-

• All nodes must maintain fresh certificates with the trusted server and must know T’s public key.

End-to-End authentication • The goal of stage 1 is for the source to verify that the intended destination was

reached. • Source node , A, begins route instantiation to a destination X by broadcasting to its

neighbors a route discovery packet (RDP): A -> broadcast: [RDP, IPX, CertA, NA, t]KA-

• all signed with A's private key. Each time A performs route discovery, it monotonically increases the nonce. Nodes then store the nonce they have last seen with its timestamp.

SOLU

TION

TO AD

HO

C ROU

TING

ARAN, Stage 1

• Intermediate node for RDP , Each node records the neighbor from which it received the message. Let A's neighbor be B.

B -> broadcast: [[RDP, IPX, CertA, NA, t]KA-]KB-, CertB • Upon receiving the broadcast, B's neighbor C validates the signature with the given

certificate. • C then rebroadcasts the RDP to its neighbors, first removing B's signature.

C -> broadcast: [[RDP, IPX, CertA, NA, t]KA-]KC-, CertC• Destination node, unicasts a Reply (REP) packet back along the reverse path to the

source.X -> D: [REP, IPA, CertX, NA, t]KX-

• Intermediate node for REP, All REPs are signed by the sender.D -> C: [[REP, IPA, CertX, NA, t]KX-]KD-, CertD

• C validates D's signature, removes the signature, and then signs the contents of the message before unicasting the RDP to B

• C -> B: [[REP, IPA, CertX, NA, t]KX-]KC-, CertC• Source node, verifies that the correct nonce was returned by the destination as well

as the destination's signature. Only the destination can answer an RDP packet.

SOLU

TION

TO AD

HO

C ROU

TING

ARAN, Stage 2

• The disadvantage of ARAN is that it requires that nodes keep one routing table entry per source-destination pair that is currently active. This is certainly more costly than per-destination entries in non-secure ad hoc routing protocols.

• Stage 2 is done only after Stage 1 is over. This is because the destination certificate is required in this stage.

• This stage is primarily used for discovery of shortest path in a secure fashion. Since a path is already discovered , data transfer can be pipelined with Stage 2's shortest path discovery operation.

• Source, by broadcasting a Shortest Path Confirmation (SPC) message to its neighborsA -> broadcast: SPC, IPX, CertX, [[IPX, CertA, NA, t]KA- ]KX+

• This signed message is encrypted with X's public key so that other nodes cannot modify the contents

SOLU

TION

TO AD

HO

C ROU

TING

ARAN, Stage 2

• Intermediate Node , a neighbor B that receives the message rebroadcasts the message after including its own cryptographic credentials.

B ->broadcast: SPC, IPX, CertX, [[[IPX, CertA, NA, t]KA-]KX+]KB-, CertB]KX+• Nodes that receive the SPC packet create entries in their routing table so as not to

forward duplicate packets. The entry also serves to route the reply packet from the destination along the reverse path.

• Destination Node, it checks that all the signatures are valid. X replies to the first SPC it receives and also any SPC with a shorter recorded path by sending Recorded Shortest Path (RSP) message .

X -> D: [RSP, IPA, certX, NA, route]KX-• The source eventually receives the packet and verifies that the nonce corresponds to

the SPC is originally generated.

AdvantagesThe onion-like signing of messages prevents nodes in the middle from changing the path in several ways. First, to increase the path length of the SPC, malicious nodes require an additional valid certificate. Second, malicious nodes cannot decrease the recorded path length or alter it because doing so would break the integrity of the encrypted data.

SOLU

TION

TO AD

HO

C ROU

TING

ARAN, Route Maintenance

• Nodes keep track of whether routes are active. When no traffic has occurred on an existing route for that route's lifetime, the route is simply de-activated in the route table.

• Data received on an inactive route causes nodes to generate an Error (ERR) message that travels the reverse path towards the source.

• Nodes also use ERR messages to report links in active routes that are broken due to node movement. All ERR message must be signed.

• For a route between source A and destination X, a node B generates the ERR message for its neighbor C as follows:

B -> C: [ERR, IPA, IPX, CertC, NB, t]KB-• This message is forwarded along the path towards the source without

modification. • Because messages are signed, malicious nodes cannot generate ERR

messages for other nodes

SOLU

TION

TO AD

HO

C ROU

TING

ARAN, Key Revocation

• ARAN attempts a best effort key revocation that is backed up with limited time certificates.

• Calling the revoked certificate cert r, the transmission appears as • T -> broadcast: [revoke, Cert R]KT-• Any node receiving this message re-broadcasts it to its neighbors.• Any neighbor of the node with the revoked certificate needs to reform

routing as necessary to avoid transmission through the now-untrusted node.

SOLU

TION

TO AD

HO

C ROU

TING

Secure Routing Protocol – SRP [11]

• SRP is applied as an extension of a multitude of existing routing protocols such as DSR [12] and ZRP [13].

• counters the malicious behavior that guarantees the acquisition of correct topological information in a timely manner.

• . i.e., the route replies that are validated and accepted by the querying node provide accurate connectivity information, despite the presence of strong adversaries [13].

• Achieved with the existence o a security association between the pair of end nodes only, without the need for intermediate node to cryptographically validate control traffic.

SOLU

TION

TO AD

HO

C ROU

TING

Secure Routing Protocol – SRP [11]

• Here is assumed that a security association (a shared key KST) is established between source (S) and destination (T).

• The route request packet is identified by a random query identifier (rnd#) and a sequence number (sq#).

• S constructs a Message Authentication Code (MAC) which is a hash of source, destination, random query identifier, sequence number and KST

• MAC = h(S, T, rnd#, sq#, KST)• In addition the identifiers (IP addresses) of the traversed intermediate

nodes are accumulated in the route request packet.• The intermediate nodes maintain a limited amount of state information

regarding relayed queries (by storing their random sequence number), so that previously seen route requests are discarded.

SOLU

TION

TO AD

HO

C ROU

TING

Secure Routing Protocol – SRP [11]

• More than one route request packet reaches the destination through different routes.

• The destination T calculates a MAC covering the route reply contents and then returns the packet to S over the reverse route accumulated in the respective request packet.

• The destination responds to one or more route request packets to provide the source with an as diverse topology picture as possible.

Advantages:• Computing the MAC is not computationally expensive.• Message integrity is preserved.• If confidentiality of data is required, the pay load could be encrypted with

the shared key KST

SOLU

TION

TO AD

HO

C ROU

TING

Secure Routing Protocol – SRP [11]

• the query request is denoted as a list { QST; n1, n2, …. nk}

• QST denotes the SRP header for a query searching for T and initiated by S.

• ni , i not = {1,k} are the IP addresses of the intermediate nodes and n1= S, nk= T.

• Similarly, a route reply is denoted as { RST; n1, n2, …. nk}

SOLU

TION

TO AD

HO

C ROU

TING

Secure Routing Protocol – SRP [11]

Case 1• When M receives { QST; S} it tries to mislead S by generating{ RST; S, M1, T}

i.e. it fakes that destination T is its neighbor.• This is possible in a regular routing protocol, but not here, since only T can

generate the MAC which is verified by S.

Case 2• If M1 discards request packets that it receives, it narrows the topology

view of S.• But at the same time it practically removes itself from S’s view. • Thus it cannot inflict harm to data flows originating from S, and route

chosen by S would not include M1.

SOLU

TION

TO AD

HO

C ROU

TING

Secure Routing Protocol – SRP [11]

Case 3• When M1 receives { RST; S,1, M1, S, 4, T} it tampers with its contents and

relays{ RST; S, 1, M, Y, T}.• Y being any sequence of nodes. S readily discards the reply due to the

integrity protection provided by MAC.

Case 4• When M2 receives { QST; S, 2, 3 } it corrupts the accumulated route and

relays { QST; S, X, 3, M2} to its neighbors, where X is a false IP address.• This request arrives at T, which constructs the reply and routes it over {T,

M2, 3, X, S} towards S.• but when node 3 receives the reply it cannot forward it any further since X

is not its neighbor and the reply is dropped.

SOLU

TION

TO AD

HO

C ROU

TING

Secure Routing Protocol – SRP [11]

Case 5• If M1 replays route requests to consume network resources, they will be

discarded by intermediate nodes, since they maintain a list of query identifiers seen in the past.

• The query identifier is a random number, so that it is not guessable by the malicious node.

Case 6• If M1 attempts to forward { QST; S, M*} i.e. it spoofs its IP address.

• Consequently S would accept { RST; S, M*, 1, 4, T} as a route• But the connectivity information conveyed by such a reply is correct.

SOLU

TION

TO AD

HO

C ROU

TING

Attack on SRP

Tunneling• If 2 nodes collude during the 2 phases (request and reply) of a single route

discovery, then the protocol could be attacked. e.g.: if M1 received a route request, it can tunnel it to M2

• i.e. discover a route to M2 and send the request encapsulated in a data packet. Then M2 broadcasts a request with the route segment between M1 and M2 falsified {QST; S, M1, Z, M2}.

• T receives the request and constructs a reply which is routed one {T, M2, Z, M1, S}. M2 receives the reply and tunnels it back to M1, which then returns it to S. As a result the connectivity information is only partially correct.

Replay• If M1 rewrites the RND# with some other random number, its neighbors

think that it is a genuine packet and keep forwarding it, thus wasting their resources.

• Only when the packet reaches the destination this misuse can be detected using the MAC.

Conclusion

• Routing protocol threats are usually specific to particular security weakness (not necessary design weakness) of the protocol, which can be categorized using different criteria.• However, proposed routing solutions are capable to operate with dynamic topology but in terms of security measure they provide partial or no solution [4].• Thus implementation of secure routing protocol is still one of the challenges within ad hoc network.

References1. Wenjia Li and Anupam Joshi, “Security Issues in Mobile Ad Hoc Networks A Survey”.2. Jean-Pierre Hubaux, Levente Buttyan and Srdan Capkun, “The Quest for Security in Mobile Ad hoc Networks”, Proceedings of the ACM Symposium on Mobile Ad hoc Networking and Computing, MobiHOC 2001.3. Hao Yang, Haiyun Luo, Fan Ye, Songwu Lu, and Lixia Zhang, “Security in Mobile Ad Hoc Network Challenge and Solutions”, IEEE Wireless Communications, February 20044. L. Zhou, Z. J. Haas. Securing Ad Hoc Networks. IEEE Network, 13(6): 24-30, Nov/Dec 1999.5. Preetida Vinayakray-Jani, “Security within Ad hoc”, Position Paper, PAMPAS Workshop, Sept. 16/17 2002, London.6. Dr. Harsh Sadawarti and Anuj K. Gupta, “Secure Routing Techniques for MANETs”, International Journal of Computer Theory and Engineering, Vol. 1, No. 4, October2009, 1793-8201.7. F.Wang, B. Vetter, and S.Wu, “Secure Routing Protocols: Theory and Practice,” Technical Report, North Carolina State University, May 19978. [http://citeseer.nj.nec.com/400961.html.2000.H. Dang,W. Li, and D. P. Agrawal, “Routing security in wireless ad hoc networks”, IEEE Communications Magazine, 0163-6804, pp. 70-75, October 2002.]9. A. K. Bayya, S. Gupte, Y. K. Shukla, A. Garikapati, “Security in Ad-hoc Networks”. 10. S. Marti, T.J. Giuli, Kevin Lai and Mary Baker, Mitigating Routing Misbehavior in Mobile Ad Hoc Networks. Proceedings of MOBICOM 2000, August 2000. 11. P. Papadimitratos and Z.J. Haas. “Secure routing for mobile ad hoc networks,” SCS Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002), Jan 2002. 12. D.B. Johnson, D.A Maltz, and J. Broch, “DSR: The Dynamic Source Routing Protocol for Multi-Hop Wireless Ad hoc Networks,” Ad Hoc Networking, C.E. Perkins, Ed., Addison-Wesley, 2001, 139-172.13. Z. J. Haas, M. Perlman, “The Performance of Query Control Schemes of the Zone Routing Protocol” IEEE/ACM Transactions on Networking, vol. 9, no. 4, pp. 427-438, Aug 2001.14. B. Dahill, B. N. Levine, E. Royer, and C. Shields, “A secure routing protocol for ad hoc networks,” in Proceedings of the International Conference on Network Protocols (ICNP), pp. 78-87, 2002.15. F. Stajano and R. Anderson, “The Resurrecting Duckling: Security Issues for Ad Hoc Wireless Networks,” Security Protocols, 7th International Workshop, LNCS, Springer-Verlag, 1999.16. Seung Yi, P. Naldurg and R. Kravets, “Security-Aware Ad-Hoc Routing for Wireless Networks”.