secure routing for mobile ad hoc networks
DESCRIPTION
Secure Routing for Mobile Ad Hoc Networks. First Part Originally by Ravindranath Gummadidala Palaniappan Sathappa Suny Baffalo. Overview. Introduction MANETs Routing Protocols for MANETs DSR AODV DSDV Exploits allowed by existing protocols. Overview (contd.). Secure Routing Protocols - PowerPoint PPT PresentationTRANSCRIPT
Secure Routing for Mobile Ad Hoc Networks
First Part Originally by Ravindranath Gummadidala
Palaniappan SathappaSuny Baffalo
04/19/23 Csci 388 2
Overview
Introduction MANETs Routing Protocols for MANETs
DSR AODV DSDV
Exploits allowed by existing protocols
04/19/23 Csci 388 3
Overview (contd.)
Secure Routing Protocols ARAN SRP TESLA ARIADNE TIK SAR
04/19/23 Csci 388 4
Overview (contd.) Watchdog and Pathrater Byzantine Resistant CONFIDANT SEAD
Conclusions References
04/19/23 Csci 388 5
MANETs A group of wireless mobile computers
(nodes) Nodes cooperate by forwarding packets
for each other Need no fixed network infrastructure Can be quickly and inexpensively setup Applications: military exercises,
disaster relief, mine site operations, etc
04/19/23 Csci 388 6
Routing Protocols for MANETs
Table based (proactive) DSDV
On-demand (reactive) DSR AODV
Hybrid
04/19/23 Csci 388 7
DSR
Dynamic Source Routing An on-demand ad hoc network
routing protocol composed of two parts: Route discovery Route maintenance
04/19/23 Csci 388 8
DSR Route Discovery
Initiator transmits ROUTE REQUEST (RREQ) packet as local broadcast specifying target and a unique identifier from the initiator
Each node receiving the RREQ discards the request if it has seen the request identifier from the originator
04/19/23 Csci 388 9
DSR Route Discovery (contd.)
Otherwise it appends its node address to a list in RREQ and rebroadcasts the RREQ
When RREQ reaches target, target sends ROUTE REPLY (RREP) back to initiator of RREQ with a copy of the accumulated address list from RREQ
04/19/23 Csci 388 10
DSR Route Maintenance DSR is a source routing protocol Path to be followed included in the
packet header If a node on path does not get an
ack after a limited number of local retransmissions it returns ROUTE ERROR (RERR) back to originator identifying the broken link
04/19/23 Csci 388 11
DSR Route Maintenance (contd.)
Originator then removes path containing broken link from cache
May use an alternate route to destination if one exists in cache
Else it initiates a new route discovery
04/19/23 Csci 388 12
Example of DSR
04/19/23 Csci 388 13
Example of DSR
04/19/23 Csci 388 14
Example of DSR
04/19/23 Csci 388 15
AODV Ad Hoc On Demand Distance Vector
Routing AODV builds routes using a route request /
route reply query cycle In addition to the source node's IP address,
current sequence number, and broadcast ID, the RREQ also contains the most recent sequence number for the destination of which the source node is aware.
04/19/23 Csci 388 16
AODV (contd.) A node receiving the RREQ may send a route
reply (RREP) if it is either the destination or if it has a route to the destination with corresponding sequence number greater than or equal to that contained in the RREQ
if yes it unicasts RREP back to source else it rebroadcasts RREQ If the source later receives a RREP containing
a greater sequence number or contains the same sequence number with a smaller hop count, it updates its routing information for that destination.
04/19/23 Csci 388 17
AODV (contd.) Once the source stops sending data
packets, the links will time out and eventually be deleted from the intermediate node routing tables
If a link break occurs while the route is active, the node upstream of the break propagates a route error (RERR) message to the source node to inform it of the now unreachable destination(s). After receiving the RERR, if the source node still desires the route, it can reinitiate route discovery.
04/19/23 Csci 388 18
SRP
A Secure Routing Protocol for Ad Hoc Networks
K. Sanzgiri and B. Dahill
04/19/23 Csci 388 19
Exploits allowed by existing protocols
Attacks using modification Redirection by
modified route sequence numbers
Redirection with modified hop counts
DoS with modified source routes
Tunneling
Eg: A malicious node M could keep traffic from reaching X by consistently advertising to B a shorter route to X than the route to X that C advertises
Altering control message fields Forwarding routing messages
with falsified values
04/19/23 Csci 388 20
Exploits allowed by existing protocols (contd.)
Attacks using impersonation Forming loops by spoofing
Attacks using fabrication Falsifying route errors in AODV and
DSR Route cache poisoning in DSR
04/19/23 Csci 388 21
Redirection by modified route sequence numbers
Protocols such as AODV and DSR instantiate and maintain routes by assigning monotonically increasing sequence numbers In AODV, a higher destination sequence number
greater than the authentic value can divert the traffic through M
M replies a false RREP with a larger destination seq number when receiving a RREQ
B drops the correct RREP When this can be corrected?
04/19/23 Csci 388 22
Redirection with Modified Hop Counts
When routing metric is the shortest path Hop-count can be modified by M in
AODV
04/19/23 Csci 388 23
DoS with modified source routes Altering the source routes in packet
headers in DSR A shortest path route in DSR is S-A-B-M-C-
D-X M deletes D from the source route when
receiving the packet The packet can’t reach X from C
accordingly. Does the Link Layer ACK help?
04/19/23 Csci 388 24
Tunneling
True path: S-A-B-C-DFalse path: S-M1-(A-B-C)-M2-DFalse path: S-M1-M2-D through a private network
04/19/23 Csci 388 25
Forming loops by spoofing
M can reach A, B, C, D
04/19/23 Csci 388 26
Forming loops by spoofing in AODV
M spoofs A’s MAC address, moves to B such that it can’t be heard by A, send a RREP to B with a shorthop count (eg. 0); Then B chooses A to be the next hop
04/19/23 Csci 388 27
Forming loops by spoofing in AODV
M spoofs B’s MAC address and does the same thingA loop is formed and none of the four nodes can reach X
04/19/23 Csci 388 28
Falsifying Route Errors in AODV and DSR
M spoofs C and sends RERROR message to B to launch DoS
04/19/23 Csci 388 29
Route Cache Poisoning in DSR
Information stored in routing tables can be deleted, altered, or injected with false information In addition to learning routes from headers of
packets that a node processes along a path routes may be learned from promiscuously received packets
A node overhearing any packet may add routing information contained in that packets header to its own route cache even if it is not on the path from source to destination
A malicious node can broadcast a false RERR, a spoofed packet, etc to poison other’s route cache
04/19/23 Csci 388 30
Secure Routing Protocol Requirements Route signaling cannot be spoofed Fabricated routing messages cannot
be injected into the network Routing messages cannot be altered
in transit except according to the normal functionality of the routing protocol
Routing loops cannot be formed through malicious actions
04/19/23 Csci 388 31
Secure Routing Protocol Requirements (contd.)
Routes cannot be redirected from shortest path through malicious actions
Unauthorized nodes should be excluded from route computation and discovery
04/19/23 Csci 388 32
ARAN Authenticated Routing for Ad hoc
Networks Components
Certification Authenticated route discovery Authenticated route setup Route maintenance Key revocation
04/19/23 Csci 388 33
Certification
Requires use of a trusted certificate server T
Before entering network each node needs to request a certificate from T
Node A receives certificate as: T->A :certA=[IPA ,KA+ ,t ,e] KT-
04/19/23 Csci 388 34
Authenticated route discovery
Source A begins route instantiation to destination X by broadcasting a route discovery packet (RDP):
A->brdcst:[RDP, IPX, certA, NA, t] KA-
Let B be the neighbor that receives the RDP which it subsequently rebroadcasts
B->brdcst:[[RDP, IPX, certA, NA, t] KA-] KB-, certB
04/19/23 Csci 388 35
Authenticated route discovery Let C be the neighbor that receives Bs
broadcast. C subsequently broadcasts
C->brdcst:[[RDP, IPX, certA, NA, t] KA-] KC-, certC
Each node along the path repeats these steps of validating previous node’s signature, removing the previous node’s certificate and signature, recording the previous node’s IP address, signing the original contents of the message, appending its own certificate and forward broadcasting the message
04/19/23 Csci 388 36
Authenticated Route Setup After receiving RDP destination unicasts a reply
REP packet back along reverse path to source. Let D be the first node that receives the REP sent by X
X->D:[REP,IPa,certX,Na,t] Kx-
Let D’s next hop to source be C D->C:[[REP,IPa,certX,Na,t]Kx-]Kd-, certD C->B:[[REP,Ipa,certX,Na,t]Kx-]Kc-, certC When source receives REP it verifies
destination’s signature and nonce returned by the destination.
04/19/23 Csci 388 37
Route Maintenance When no traffic occurs on an existing route for
sometime that route is deactivated in routing table Data received on an inactive route causes nodes to
generate Error (ERR) messages that travel the reverse path towards the source
Nodes also use ERR to report links in active routes that break due to node movement.
All ERR messages must be signed B->C:[ERR,IPa,IPx,certB,Nb,t]Kb- Nonce and timestamp ensure ERR message is fresh.
04/19/23 Csci 388 38
Key revocation In the event that a certificate needs to be revoked the
trusted certificate server T sends a broadcast message to the ad hoc group announcing the revocation
T-> brdcst : [revoke,certR] Kt-
Nodes receiving this message re-broadcasts it to its neighbors
Neighbors of nodes with revoked certificates need to reform routing as necessary to avoid transmission through the now untrusted node.
04/19/23 Csci 388 39
Simulation Results (average packet delivery fraction)
04/19/23 Csci 388 40
Simulation Results (average routing load bytes)
Overhead bytes/data bytes
04/19/23 Csci 388 41
Simulation Results (average data packet latency)
04/19/23 Csci 388 42
Simulation Results (average path length)
04/19/23 Csci 388 43
Simulation Results (average routing load packets)
The ratio of control packet and the data packet
04/19/23 Csci 388 44
Simulation Results (average route acquisition latency)
04/19/23 Csci 388 45
Simulation Results (average path length with malicious node)
Malicious nodes reset hop count to 0 when receiving a RREQ and RREP
04/19/23 Csci 388 46
Simulation Results (fraction of data packets passing malicious nodes)
04/19/23 Csci 388 47
Summary of ARAN
04/19/23 Csci 388 48
SRP
Secure Routing Protocol Assumptions
Security association between S and T assumed KS,T (bidirectional)
Adversarial nodes exhibit Byzantine behavior
Bidirectional links Promiscuous mode operation
04/19/23 Csci 388 49
Overview of SRP S initiates route discovery by
constructing route request packet identified by a query sequence number and a random query identifier
Source, destination and query IDs used as input for MAC calculation with KS,T
Identities of traversed nodes accumulated in route request packet.
04/19/23 Csci 388 50
Overview of SRP (contd.) Intermediate nodes discard
previously seen route requests Destination T constructs route reply;
calculates MAC covering route reply contents and returns packet to S
Multiple replies may reach S S validates replies and updates its
topology view
04/19/23 Csci 388 51
Scenario 1 When M1 receives {Qs,t:S} it generates
{Rs,t:S,M1,T} RREQ should reach T
04/19/23 Csci 388 52
Scenario 2 M1 discards route request packets arriving from its
neighbors The S-T route will not include M1
04/19/23 Csci 388 53
Scenario 3 M1 sees and relays {Qs,t:S,1,M1}; upon arrival of
{Qs,t:S,1,M1,5,4} at T reply is generated and sent on reverse path. when M1 receives {Rs,t:S,1,M1,5,4,T} it tampers and relays {Rs,t:S,1,M1,Y,T}, Y being any invented sequence of nodes
Avoid by integrity protection
04/19/23 Csci 388 54
Scenario 4 M2 receives {Qs,t:S,2,3}, it relays {Qs,t:S,X,3,M2},
where X is a false IP address. T sends the reply {Rs,t:S,X,3,M2,T}. when 3 receives the reply, the reply will be dropped since X is not its neighbor
04/19/23 Csci 388 55
Scenario 5 M1 replays route requests to consume network
resources. discarded by intermediate nodes due to query identifiers.
Query sequence number takes care of cases when replay occurs after a significant period of time
04/19/23 Csci 388 56
Scenario 6 M1 after seeing several RREQ from S fabricates queries
with subsequent query identifiers to result in intermediate nodes discarding legitimate future route requests.
Not possible due to the random query id
04/19/23 Csci 388 57
Possible attack against SRP Nodes collude during the two phases of single route
discovery E.g. M1 receives request tunnels it to M2, M2 broadcasts
request with path between M1 and M2 falsified e.g. {Qs,t:S,M1,Z,M2}. T constructs reply and routes over {T,M2,Z,M1,S}. M2 tunnels reply to M1 thus completing attack
04/19/23 Csci 388 58
Detailed protocol description
SRP extension of a reactive routing protocol
04/19/23 Csci 388 59
Route Request Query sequence number allows destination
to detect outdated route requests Randomly computed Query identifier used
to combat attack where malicious nodes broadcast fabricated requests to cause subsequent legitimate queries to be discarded
RREQ fields that get updated as packet propagates to destination IP header mutable fields excluded from MAC
computation.
04/19/23 Csci 388 60
SRP Header
04/19/23 Csci 388 61
Query Handling/Propagation Intermediate nodes parse requests to
determine if SRP header present If not, process the packet as described by
basis protocol specification Else, extract the Qid, source and destination
address, and determine if the query previously has been seen or not
if yes discard query; else rebroadcast Also measure frequencies of queries received
from neighbors to regulate query propagation process.
04/19/23 Csci 388 62
Query Handling/Propagation (contd.)
Give highest priority to nodes generating requests at the lowest rates and lowest priority to nodes generating queries at higher rates
Quanta allocated proportionally to priority and within each class round-robin servicing.
04/19/23 Csci 388 63
Route Reply T validates the received route request packet by
first verifying that it is originated from a node with which it has a security binding
Qseq is compared to Smax, the maximum sequence number received from S within the lifetime of the SA
Seq is maintained for each destination, and is increased monotonically
If Qseq <= Smax request discarded Else T calculates keyed hash of the request fields If output matches SRP header MAC integrity and
authenticity verified
04/19/23 Csci 388 64
Route Reply (contd.)
For every valid request T places accumulated route in route reply packet and the Qid and Qsec of the route request in the corresponding SRP header fields.
MAC covers basis protocol route reply and rest of SRP header to provide message integrity and authentication
04/19/23 Csci 388 65
Route Reply Validation On reception of Route Reply, S checks the
source and destination addresses, Qid and Qsec and discards the route reply if it does not correspond to the currently pending query.
Otherwise it compares reply IP source-route with the reverse of the route carried in reply payload
If the two match, S calculates MAC using replied route, SRP header fields and Ks,t.
If MACs match validation complete.
04/19/23 Csci 388 66
Intermediate Node Replies Route caching not encouraged and in
general intermediate nodes not required to provide route replies.
Route caching can improve effectiveness of route discovery process
Hence if an intermediate node V has an active route to T and a SA exists between S and V then a reply can be provided to S
This extension enabled by Intermediate Node Reply Token (INRT)
04/19/23 Csci 388 67
Extended SRP Header
04/19/23 Csci 388 68
Route Maintenance Route error messages are source routed
along the prefix of the route reported as broken and S compares route traversed by error messages to the prefix of the corresponding route.
Thus it can verify that route error feedback provided refers to actual route and is not generated by a node that is not part of the route
04/19/23 Csci 388 69
Break
04/19/23 Csci 388 70
Ariadne
Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Netowrks
Y. – C. Hu, A. Perrig, and D. B. JohnsonACM MOBICOM 2002
04/19/23 Csci 388 71
TESLA Broadcast authentication protocol Timed Efficient Stream Loss-tolerant
Authentication sender chooses a random initial key Kn and
generates a one-way hash chain on this value: K n-1=H(Kn); Kn-2=H(Kn-1)... sender predetermines a schedule at which it
discloses each key of its one-way key chain in the reverse order from generation i.e. K0,K1,K2,...
04/19/23 Csci 388 72
TESLA Loose time synchronization between
sender and receiver when receiver receives a packet it verifies
security condition i.e key Ki used to authenticate packet cannot yet have been disclosed
if yes receiver buffers packet and waits for sender to disclose Ki while using disclosed key to authenticate buffered packets
if no it drops packet
04/19/23 Csci 388 73
ARIADNE
An on demand secure routing protocol based on TESLA broadcast authentication protocol
Further based on DSR
04/19/23 Csci 388 74
Network Assumptions
Network links are bi-directional Network may drop, corrupt,
reorder or duplicate packets in transmission
Each node must be able to estimate end-to-end transmission time to any other node in the network
04/19/23 Csci 388 75
Node Assumptions
Nodes may vary greatly in terms of resources hence it is assumed that nodes have few resources and hence asymmetric cryptography may be unsuitable for such resource constrained nodes
04/19/23 Csci 388 76
Key Setup Assumptions
A mechanism to setup shared secret keys between communicating nodes
A mechanism to distribute one authentic public TESLA key for each node
04/19/23 Csci 388 77
Notation
A, B are principals such as communicating nodes
KAB and KBA denote secret MAC keys shared between A and B
MAC KAB(M) denotes computation of message authentication code of M with MAC key KAB
04/19/23 Csci 388 78
Ariadne Route Discovery Route discovery has two stages: initiator
floods the network with ROUTE REQUEST and the target returns a ROUTE REPLY.
To secure the Route Request packet Ariadne provides the following properties: Target node can authenticate initiator Initiator can authenticate each entry of the
path in ROUTE REPLY No intermediate node can remove a previous
node in the node list in Requestor REPLY
04/19/23 Csci 388 79
Ariadne Route Discovery ROUTE REQUEST packet contains eight
fields: <RREQ, initiator, target, id, time interval, hash chain, node
list, MAC list>
When a node A receives RREQ for which it is not target it checks its table for <initiator,id> values and discards packet if match found
It then checks whether time interval is valid If not discards packet
04/19/23 Csci 388 80
Ariadne Route Discovery Else it modifies RREQ by appending its own
address to node list, replacing the hash chain with H[A,hash chain] and appending a MAC of the entire request to the MAC list using key Kati
When target receives RREQ it checks validity by determining all the keys from the specified time interval have not yet been disclosed and that hash chain filed is equal to
H[Nn, H[Nn-1, H[…,H[N1, MACKSD(initiator,target,id,time interval)]…]]]
04/19/23 Csci 388 81
Ariadne Route Discovery If RREQ valid RREP returned as<RREP,target,initiator,time interval,node list,MAC
list,target MAC,key list> RREP returned to initiator of RREQ along source
route obtained by reversing node list of the RREQ Node forwarding RREP waits till it can disclose its
key from specified time interval; it then appends that key to key list and forwards packet
Initiator verifies each key in key list is valid and target MAC is valid and that each MAC in MAC list is valid
04/19/23 Csci 388 82
An example
04/19/23 Csci 388 83
Ariadne Route Maintenance Node forwarding packet to next hop
along source route returns Route ERROR to original sender of packet if it is unable to deliver packet after a limited number of retransmissions
ERROR needs to be authenticated by sender
Each node on return path to source forwards the ERROR
04/19/23 Csci 388 84
Ariadne optimization Route caching possible In basic Ariadne only initiator of
discovery can use route since target MAC can only be verified by the initiator.
If however appropriate data is broadcast authenticated any node along return path can use that route to reach target
04/19/23 Csci 388 85
Simulation Parameters
04/19/23 Csci 388 86
Simulation Results
04/19/23 Csci 388 87
Simulation Results
04/19/23 Csci 388 88
Simulation Results
04/19/23 Csci 388 89
Simulation Results
04/19/23 Csci 388 90
Simulation Results
04/19/23 Csci 388 91
Wormhole Attack
Packet Leashes: A Defense Against Wormhole Attacks in Wireless Networks
Y.-C. Hu, A. Perrig, and D. B. JohnsonIEEE INFOCOM 2003
04/19/23 Csci 388 92
Introduction Problem: Wormhole Attack
An attacker records packets at one location of the network, tunnel them to another location, and retransmits them there into the network
Wormhole attack allows attackers to: Gain unauthorized access Disrupt routing Perform DOS attacks
Solution: Packet Leash Add information into the packet to restrict its
maximum allowed transmission distance
04/19/23 Csci 388 93
Temporal Leashes
Definition: a temporal leash establishes an upper bound on a packet’s lifetime, which restricts the maximum travel distance
Key Requirement: all nodes must have tightly synchronized clocks Maximum clock difference (Δ) between any
two nodes must be within a few microseconds
04/19/23 Csci 388 94
Temporal Leashes Implementation with a packet expiration time Sender calculates a packet expiration time to
be sent with each packet:te = ts + L/c – Δ
te: packet expiration time ts: packet sent time c: propagation speed of wireless signal L: maximum allowed travel distance; L > Lmin = Δ*c Δ: maximum clock difference between 2 nodes
04/19/23 Csci 388 95
Temporal Leashes
Receiver will accept and process a received packet if and only if the time when the packet is received (tr) is less than the packet expiration time (te)
What’s missing? Need an efficient way for the receiver to
authenticate te
04/19/23 Csci 388 96
TIK Protocol - Overview TIK – TELSA with Instant Key disclosure
TIK implements a temporal leash and provides efficient instant authentication for broadcast communication in wireless networks
Based on the observation that a receiver can verify the TESLA security condition, that the corresponding key hasn’t been disclosed as it receives the packet => allow sender to disclose the key in the same packet
Assume sender can precisely predict ts and receiver can record tr as soon as the packet arrives
Requires accurate time synchronization between all the nodes
04/19/23 Csci 388 97
TIK Protocol – Sender Setup
Sender generates a series of keys, K0, K1,…, Kw-1, using a PRF F and a secret master key X:
Ki = Fx(i)
Sender selects a key expiration interval I and determines the expiration time (Ti) for its keys:
Ti = T0 + i*I, where T0 is the expiration time for K0
04/19/23 Csci 388 98
TIK Protocol – Sender Setup
Sender constructs a Merkle hash tree to commit to keys: K0, K1,…, Kw-1
04/19/23 Csci 388 99
TIK Protocol – Merkle Hash Tree
m03
m01
K0’
K0
K1’
K1
m23
K2’
K2 K3
K3’
m47
m45
K4’
K4
K5’
K5
m67
K6’
K6 K7
K7’
m07
04/19/23 Csci 388 100
TIK Protocol – Merkle Hash Tree
How is it constructed? For every leaf node, Ki’ = H(Ki); i.e. K0’ = H(K0) For every parent node, mp = H(ml || mr); i.e. m01 =
H(K0’ || K1’), m03 = H(m01 || m23); The root value (m07) is signed by the sender
and sent to the receivers, where it can be authenticated with sender’s public key
To authenticate K2, for example: Sender must include K3’, m01, m47 in the packet Receiver computes m07’ and compare to the pre-
distributed m07
m07’ = H[ H[ m01 || H[ H[K2] || K3’]] || m47 ]
04/19/23 Csci 388 101
TIK Protocol – Receiver Bootstrapping
Assume all nodes are synchronized with a maximum clock difference of Δ
Assume each receiver knows every sender’s hash tree root value and the associated parameter T0 and I
04/19/23 Csci 388 102
TIK Protocol – Sending and Verifying Packets
HMAC M T Ki
HMAC M T Ki
Sender
Receiver
Time at Sender
•Time at Receiver
ts Ti
•tr ≤ (ts + т - Δ) •≤ (Ti - Δ)
04/19/23 Csci 388 103
TIK Protocol – Sending and Verifying Packets
S -> R: (HMACKi(M), M, T, Ki) M: message payload HMACKi(M): message authentication code for M Ki: key used to generate the HMAC for M T: tree authentication values used to
authenticate Ki
04/19/23 Csci 388 104
TIK Protocol – Sending and Verifying Packets
Receiver: Verifies if the sender has started sending Ki after
receiving HMAC, based on Ti Receiver knows the expiration time of Ki since T0 and I
are known. A key is released only after it expires
Verifies if Ki is authentic based on the hash root value and T
Verifies the HMAC, using authenticated Ki
Accept the packet as authentic only if all those verifications are successful
04/19/23 Csci 388 105
Security & Performance Analysis
Security Analysis Temporal leash with TIK protocol can detect and prevent
wormhole attacks if all nodes are good nodes Can’t deal with a malicious sender that claims a false timestamp Can’t deal with a malicious receiver that refuses to check the
leash What if the two colluding adversaries have strong power, e.g.
directional antenna? Performance Analysis
Efficient hash tree authentication of keys Efficient instant authentication of packet because the key is
disclosed in the same packet Modest storage requirement for the Merkle hash tree
04/19/23 Csci 388 106
Conclusion More Work
More research on how the sender/receiver can accurately determine ts/tr
Design and deploy accurate time synchronization device among the nodes
Conclusion Wormhole attack is a powerful and disruptive
attack against wireless networks With precise timestamps and tight clock
synchronization, TIK can prevent wormhole attacks
04/19/23 Csci 388 107
References Bridget Dahill, Brian Neil Levine, Elizabeth
Royer, Clay Shields. A Secure Routing Protocol for Ad Hoc Networks
Yih-Chun Hu, Adrian Perrig, David B Johnson. Ariadne: A secure on demand routing protocol for Ad hoc networks
Segio Marti, T J Giuli, Kevin Lai, Mary Baker. Mitigating routing misbehavior in mobile ad hoc networks
Panagitiotis Papadimitrois, Zygmunt Haas. Secure routing for mobile ad hoc networks
04/19/23 Csci 388 108
References (contd.) Seung Yi, Prasad Naldurg, Robin Kravetas. A
security aware ad hoc routing protocol for wireless networks
Yin-Chun Hu, David Johnson , Adrian Perrig. SEAD:secure efficient distance vector routing fore mobile wireless ad hoc networks
Sonja Buchegger, Jean Yves Le Boudec. Nodes bearing grudges: towards routing security, fairness and robustness in mobile ad hoc networks
04/19/23 Csci 388 109
References (contd.) Baruch Awerbuch, David Holmer, Crisitina
Nita-Rotaru, Herbert Rubens. An on demand routing protocol resilient to Byzantine failures
Yih-Chun Hu, Adrian Perrig, David Johnson. Wormhole detection in wireless ad hoc networks