RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-Chun - PDF document

RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypes ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19- initiatortargetFigure1:Examplenetworkillustratingtherushingattack.nismagainsttherushingattack.InSection2ofthispaper,weintroducetherushingattack.Sec-tion3detailsourassumptions.Section4describesourSecureNeighborDetectionandSecureRouteDiscoveryprocedures,andSection5presentstwoevaluationsofourRouteDiscoverycompo-nent:asimulationstudyoftheperformanceofourmechanisms,andananalyticalevaluationthatgivesaconservativelowerboundontheprobabilitythatourprotocolsdiscoveraworkingroutewhensubjecttothisattack.InSection6,wediscussrelatedwork,andinSection7,wepresentconclusions.2.TUSHINGTTACKAGAINSTETWORKOUTINGROTOCOLSWeintroducehereanewattack,whichwecalltherushingattackthatactsasaneffectivedenial-of-serviceattackagainstallcurrentlyproposedon-demandadhocnetworkroutingprotocols,includingprotocolsthatweredesignedtobesecure.Inanon-demandpro-tocol,anodeneedingaroutetoadestinationßoodsthenetworkwithROUTEEQUESTpacketsinanattempttoÞndaroutetothedestination.Tolimittheoverheadofthisßood,eachnodetyp-icallyforwardsonlyoneROUTEEQUESToriginatingfromanyRouteDiscovery.Inparticular,existingon-demandroutingpro-tocols,suchasAODV[32],DSR[20],LAR[23],Ariadne[16],SAODV[45],ARAN[39],AODVsecuredwithSUCV[6],andSRP[31],onlyforwardtheREQUESTthatarrivesÞrstfromeachRouteDiscovery.Intherushingattack,theattackerexploitsthispropertyoftheoperationofRouteDiscovery.WenowdescribetherushingattackintermsofitseffectontheoperationofDSRRouteDiscovery[18,19,20];otherprotocolssuchasAODV[33],Ariadne[16],SAODV[45],andARAN[39]arevulnerableinthesameway.InthenetworkshowninFigure1,theinitiatornodeinitiatesaRouteDiscoveryforthetargetnode.IftheROUTEEQUESTsforthisDiscoveryforwardedbytheattackeraretheÞrsttoreacheachneighborofthetarget(showningrayintheÞgure),thenanyroutediscoveredbythisRouteDiscoverywillincludeahopthroughtheattacker.Thatis,whenaneighborofthetargetreceivestherushedREQUESTfromtheattacker,itforwardsthatREQUEST,andwillnotforwardanyfurtherREQUESTsfromthisRouteDiscovery.Whennon-attackingREQUESTsarrivelateratthesenodes,theywilldiscardthoselegitimateREQUESTs.Asaresult,theinitiatorwillbeunabletodiscoveranyusableroutes(i.e.,routesthatdonotincludetheattacker)containingatleasttwohops(threenodes).Ingeneralterms,anattackerthatcanforwardROUTEEQUESTmorequicklythanlegitimatenodescandoso,canincreasetheprobabilitythatroutesthatincludetheattackerwillbediscoveredratherthanothervalidroutes.WhereasthediscussionabovehasusedthecaseofnodesthatforwardonlytheÞrstOUTEEQUESTfromanyRouteDiscovery,therushingattackcanalsobeusedagainstanyprotocolthatpredictablyforwardsparticularRQUESTforeachRouteDiscovery.Arushingattackerneednothaveaccesstovastresources.On-demandroutingprotocolsdelayROUTEEQUESTforwardingintwoways.First,MediumAccessControl(MAC)protocolsgen-erallyimposedelaysbetweenwhenthepacketishandedtothenetworkinterfacefortransmissionandwhenthepacketisactuallytransmitted.InaMACusingtimedivision,forexample,anodemustwaituntilitstimeslottotransmit,whereasinaMACusingcarrier-sensemultipleaccess,anodegenerallyperformssometypeofbackofftoavoidcollisions;protocolslikeIEEE802.11alsoim-poseaninterframespacingtimebeforetransmissionactuallybe-gins.Second,eveniftheMAClayerdoesnotspecifyadelay,on-demandprotocolsgenerallyspecifyadelaybetweenreceivingEQUESTandforwardingit,inordertoavoidcollisionsoftheEQUESTpackets.Inparticular,becauseREQUESTpacketsarebroadcast,andcollisiondetectionforbroadcastpacketsisdifÞ-cult,routingprotocolsoftenimposearandomizeddelayinRQUESTforwarding.AnattackerignoringdelaysateithertheMACorroutinglayerswillgenerallybepreferredtosimilarlysituatednon-attackingnodes.OnewaytothwartanattackerthatrushesinthiswayistoremovethesedelaysatboththeMACandroutinglayers,butthisapproachdoesnotworkagainstalltypesofrushingattackersandisnotgeneral.Forexample,inadensenetworkusingaCSMAMAClayer,ifanodeinitiatesaRouteDiscovery,andistwohopsawayfrom,andareneighborsofboth,thenthenwilllikelynotreceivetheROUTEEQUESTduetoacollisionbetweenREQUESTsforwardedby.Inadensenetwork,suchcollisionsmayoftenpreventthediscoveryofanynontrivialroutes(routeslongerthanadirectlink),whichisevenmoreseverethantherushingattack,whichpreventsthediscoveryofrouteslongerthantwohops.Anotherwaythatarelativelyweakattackercanobtainanad-vantageinforwardingspeedistokeepthenetworkinterfacetrans-missionqueuesofnearbynodesfull.Forexample,ifeachnodeprocessesthepacketsitreceivesinorder,andaninefÞcientRQUESTauthenticationmechanismisused,theattackercankeepothernodesbusyauthenticatingREQUESTscontainingbogusau-thentication,thusslowingtheirabilitytoforwardlegitimateRQUESTs.Protocolsemployingpublickeytechniquesarepartic-ularlysusceptibletotheseattacks,sincetheyrequiresubstantialcomputationtovalidateeachreceivedREQUESTArelativelyweakattackercanalsoachievefastertransitofitsEQUESTpacketsbytransmittingthematahigherwirelesstrans-missionpowerlevel,thusreducingthenumberofnodesthatmustforwardthatREQUESTtoarriveatthetarget.Sincepackettransittimeateachhopisdominatedbytheprocessingtimeatthefor-wardingnode,reducingthepathtothetargetbyjustonehopislikelytoprovideasigniÞcantlatencyadvantage,thusstrengthen-ingtheattackersposition.Amorepowerfulrushingattackermayemployawormhole[14]torushpackets.Inthiscase,theattackersimplyforwardsallcon-trolpackets(butnotdatapackets)receivedatonenode(theattacker)toanothernodeinthenetwork(e.g.,asecondattacker).Thisformsatunnelinthenetwork,wherepacketsreachingoneendofthetun-nelarebroadcastouttheotherend.IfthetunnelprovidessigniÞ-cantlyfastertransitthanlegitimateforwarders,nodesnearoneendofthetunnelgenerallywillbeunabletodiscoverworkingroutestotheotherendofthetunnel,sinceitwillgenerallydiscoverroutesthroughthetunnel.Ingeneral,awiredtunnel(inwhichthetwoattackershaveawiredconnectionbetweenthemselves)willpro-videfastertransitthannativewireless(multihop)forwarding,since nodeprocessingdelayinforwardingismuchlongerthantheprop-agationtime.Therushingattackappliestoallproposedon-demandprotocolsbecausesuchprotocolsmustlimitthenumberofpacketsthatanynodewilltransmitinresponsetoasingleRouteDiscovery.Cur-rentlyproposedprotocolschoosetoforwardatmostoneREQUESTforeachDiscovery;anyprotocolthatallowsanattackertopredictwhichROUTEEQUEST(s)willbechosenforforwardingateachhopwillbevulnerabletosomevariantoftherushingattack.3.ASSUMPTIONS3.1.NetworkAssumptionsWemakethecommonassumptionthatmostnetworklinksarebidi-rectional.MorespeciÞcally,werequirethatthenetworkremainconnectedwhenunidirectionallinksareignored.OurSecureNeigh-borDetectionprotocolrejectsunidirectionallinks,sounderlyingroutingprotocolscanassumethatthenetworkisfreeofunidi-rectionallinks.IfanotherSecureNeighborDetectiontechniqueisused,andthattechniquesupportsunidirectionallinks,thentheabilityofourSecureRouteDiscoverymechanismtodiscoveranduseunidirectionallinksislimitedonlybytheunderlyingroutingprotocol.Wirelessphysicallayersforsendingdatafromonenodetoan-otherareoftenvulnerabletojamming.Mechanismssuchasspreadspectrummodulation[37],ordirectionalantennashavebeenexten-sivelystudiedasmeansofimprovingresistancetophysicaljam-ming.Inaddition,aneffectivejammingattackusuallyrequiresadditionalhardware;incontrast,arushingattackismuchsimplertodobecausetheattackercanusethesamehardwareaslegitimatenodes.Anattackercanevenremotelybreakintoalegitimatenodeandperformtheseattacks.Moreover,therushingattackallowsforfarmoreselectivedenial-of-service,andisthushardertodetect.Jammingattacksarerelativelybroad(theydenyservicetoalargenumberofparticipants)andarethusalsoeasiertodetect.Thoughajammingattackisalsoanimportantdenial-of-serviceattack,wepresentmechanismstodefendagainsttherushingattackbecausewebelievethattherushingattackismoreeasilyperformed.MediumAccessControlprotocolsarealsooftenvulnerabletoattack.Forexample,inIEEE802.11,anattackercanparalyzenodesinitsneighborhoodbysendingClear-To-Send(CTS)framesperiodically,settingtheÒDurationÓÞeldofeachframeequaltotheintervalbetweensuchframes[16].LesssophisticatedMediumAc-cessControlprotocols,suchasALOHAandSlottedALOHA[1],arenotvulnerabletosuchattacksbuthavelowerefÞciency.Inthispaper,wedisregardattacksonMediumAccessControlprotocols.Priorworkhasshownthatadhocnetworkroutingingeneraldoesnotscalewell[10].Mostexistingsimulationofadhocnetworkroutingprotocolsconsiderscenariosof50to500nodes.Inthiswork,wefocusonsuchmedium-sizednetworks,andwillnotcon-siderscalabilityissues;however,webelievethatmechanismssuchasclustering,whichimprovethescalabilityofotheron-demandadhocnetworkroutingprotocols,canalsoimprovethescalabilityofourapproach.3.2.SecurityAssumptionsandKeySetupTheprotocolsdiscussedinthispaperrequireaninstantly-veriÞablebroadcastauthenticationprotocol,forwhichweuseadigitalsig-nature.However,anysignatureusedshouldbeabletokeepupwithveriÞcationatlinespeed,toavoidadenial-of-serviceattackwhereanattackeroverwhelmsthevictimbyßoodingitwithbogusmessages.OneexampleofaprotocolwhichshouldbefastenoughonmanynodesisthetheHORSone-timesignaturebyReyzinandReyzin[38].WeusetheconstructionsoftheBiBa[35]one-timesignatureinconjunctionwiththeHORSone-timesignaturetode-signanefÞcientinstantly-veriÞablebroadcastauthenticationproto-col.WealsouseaMerklehashtree[28]togenerateonesignatureovermultiplemessages,suchthateachmessageisindependentlyveriÞable.Asusedinoursimulationevaluation,HORSrequiresanaverageof156760hashespersecondtosignandverifyallmes-sagesina100nodenetwork,arateeasilyachievableevenbyPDAs.Weassumethatthekeysnecessaryforbroadcastauthenticationaredistributedinadvance;anumberoftechniquesfordistributingsuchinformationhavebeenproposed[2,16,17,24,42,46].Toescapethecirculardependencyofsecureroutingandkeydistribution,Huetalproposeasimpleroutingprotocolthatdiscoversaroutetoatrustedthirdparty,whichcaninturnbootstraptheinitialkeys[16].Ifawormholeattack,inwhichanattackerselectivelytunnelspacketsfromoneplaceinthenetworktoanother,isconsideredapossiblethreat,ourSecureNeighborDetectionrequiresamecha-nismtodetectsuchatunnelbetweenanytwolegitimatenodes.Anumberofmechanismsforpreventingthewormholeattack,suchasTIK,geographicalleashesandRFwatermarking,havebeenpro-posed.Dependingonthemechanismusedtoimplementpacketleashes,thisrequirementbeneÞtotherpartsoftheprotocol:TIK[14],forexample,authenticateseachpacketinalightweightmanner,thusprotectingthemoreexpensivesignatureveriÞcationfromadenial-of-serviceattack.Inparticular,ifanodereceivesanau-thenticatedpacketcontainingabogussignaturefromnode,thencanlowertheprioritywithwhichitcheckssignaturessentby.Asaresult,anattackercanonlycauseeachnodetoverifyonebogussignatureforeachnodecompromisedbythatattacker.Wedonotassumetamper-proofhardware;theattackercanthuscompromisenodesandstealtheircryptographickeys.Weassumeapowerfulattacker,whichwecallcoordinatedattacker.Thisisanattackerthatcompromisedmultiplenodes(andthusknowsalltheircryptographickeys),withafastchanneltoroutepacketsamongstthemselves.4.SECUREOUTINGEQUIREMENTSANDROTOCOLInthissection,wedescribeasetofgenericmechanismsthattogetherdefendagainsttherushingattack:secureNeighborDetectioncureroutedelegation,andrandomizedOUTEEQUESTforward-ing.Wealsodescribeatechniquetosecureanyprotocolusinganon-demandRouteDiscoveryprotocol.Inpreviouson-demandprotocols,nodeconsidersnodetobeaneighborwhenreceivesabroadcastmessagefrom.SecureNeighborDetection,whichreplacesstandardNeighborDetection,allowseachneighbortoverifythattheotheriswithinagivenmax-imumtransmissionrange.OnceanodeforwardingaROUTEEQUESTdeterminesthatnodeisaneighbor(thatis,iswithintheallowablerange),itsignsaRouteDelegationmessage,allowingtoforwardtheROUTEEQUEST.Whennodedeterminesthatnodeiswithintheallowablerange,itsignsanAcceptDele-gationRandomizedselectionoftheROUTEEQUESTmessagetofor-ward,whichreplacestraditionalduplicatesuppressioninon-demandroutediscovery,ensuresthatpathsthatforwardREQUESTswithlowlatencyareonlyslightlymorelikelytobeselectedthanotherpaths.Figure2showsthebasicdesignofourcompleterushingattackpreventionmechanism. Single-Hop? EQUESTrandomly Original Routing No YesFigure2:Ourcombinedmechanismstosecureanon-demandroutediscoveryprotocolagainsttherushingattack.4.1.NotationWeusethefollowingnotation:denotecommunicatingnodes.denotesthatnoderandomlyselectsan-bitlongnoncemeansthatnodethemes-andthehashofÕsidentiÞerconcatenatedwiththemeansthatnodebroadcastsmessagewithitssignature4.2.SecureNeighborDetectionOnesimpleinstanceoftherushingattackiswhenanattackerfor-wardsaROUTEEQUESTbeyondthenormalradiotransmissionrange(forexamplebyusingahighergainantennaorahigherpowerlevel),thussuppressingsubsequentREQUESTsfromthisRouteDiscovery.Inthissection,wepresentasecureNeighborDetectionprotocolthatallowsboththesenderandthereceiverofaOUTEEQUESTtoverifythattheotherpartyiswithinthenormaldirectwirelesscommunicationrange.ThefunctionalityofNeighborDetection,inwhichtwonodesdetectabidirectionallinkbetweenthemselves,ispresentinsomeforminalmosteveryroutingprotocol.Forexample,anodepartic-ipatinginaperiodicprotocolgenerallybroadcastsadvertisements,allowingitsneighborstodetectit.Moston-demandroutingpro-tocols,ontheotherhand,performNeighborDetectionimplicitly.Inthoseprotocols,anodereceivingaROUTEEQUESTconsidersitselftobeaneighboroftheprevious-hopnodethattransmittedtheEQUEST.WhenthatnodepropagatestheREQUEST,itclaimsalinkbetweenthetransmitterandtherecipient.Unfortunately,thisimplicitNeighborDetectiondoesnotpreventanattackernodere-ceivingaREQUESTfromsimplyreplayingit.Inaddition,iftheaddressoftheprevious-hopnodeisunauthenticated,anattackercanclaimtobeanynodepropagatingaREQUEST,andthenexthopwilltrustthatinformation(wecallthistherepeaterattack).Thisrepeaterattackisserious,becausetwonodesthatarenotwithincommunicationrangebelievethattheotherisisitsneighbor,giv-ingtheattackertheabilitytoselectivelyforwardpacketsbetweenthetwonodes.Therepeaterattackisaninstanceofawormholeattack[15].RequirementsforSecureNeighborDetection.Twonodesde-tecteachotherasneighborsonlyiftheycancommunicateandtheyarewithinsomemaximumtransmissionrange.ThesecureNeigh-borDetectionprotocolthuspreventsanattackerfrom:(1)intro-ducingtwonodesthatarenotwithinthemaximumtransmissionrangeasneighbors;and(2)claimingthatitisaneighborofan-othernodewithoutbeingabletohearpacketsdirectlyfromthatnode.FromtheÞrstrequirement,itfollowsthatanattackershouldnotbeabletotunnelaneighborsolicitationfromonecompromisednodetoanotheruncompromisednode.Thesecondrequirementde-mandsthatanode(oranaccompliceofthatnode)needstoheartheneighborsolicitation,sinceotherwiseitcannotclaimtobeaneigh-bor.Finally,theprotocolshouldnotintroduceadenial-of-serviceopportunity;forexample,ßoodinganodewithneighborrequestsshouldnotconsumeallCPUresourcesofthatnode.OurSecureNeighborDetectionProtocol.WepresentasecureNeighborDetectionprotocolthatallowsboththeinitiatorandtherespondertocheckthattheotheriswithinamaximumcommuni-cationrange.AssumingnegligibleMACprotocoldelays,wede-signasimplethree-roundmutualauthenticationprotocolthatusestightdelaytimingtoensurethattheotherpartyiswithincom-municationrange.IntheÞrstround,theinitiatingnodesendsaNeighborSolicitationpacket,eitherbyunicastingthatpackettoaspeciÞcneighbor,orbybroadcastingthepacket.Next,anodere-ceivingtheNeighborSolicitationpacketsendsaNeighborReplypacket.Finally,theinitiatorsendsaNeighborVeriÞcation,whichincludesbroadcastauthenticationofatimestampandthelinkfromthesourcetothedestination.Figure3showsanexampleofthepro-tocol.Ifanodewishestodetectmultipleneighbors,itmustrequestaresponsefromeachneighbor,andmustinitiateNeighborDetec-tionwitheachneighborseparately,inordertoavoidanimplosionofNeighborReplypackets.Toensurefreshnessofthereplymessages,weusenonces.Theinitiatorpicksatrandom(ofsufÞcientlengththatanattackerhasanegligibleprobabilityofguessingit)andisthuscer-tainthatthereplymessageisfreshifthereceivednoncematches.ThemeasureddelaybetweensendingtheÞrstmessageandreceivingthesecondmessageprovidesanupperboundonthedis-tanceoftheneighbor:givendelay,theneighbornodeisnofartherawaythan,whereisthespeedoflight.ThisisaccurateifanodecanquicklyprocesstheÞrstmessageandreturnanauthen-ticatedsecondmessage;forexample,ifHORSisusedforauthenti-cation,anodeneedonlyperformonehashfunctiontoauthenticatethereply.Theauthenticationonmessageensurestotheinitiatorthattheresponseindeedcomesfromthecorrectresponder.Inthegeneralcase,weusethesamedigitalsignatureforauthentication,butifthetwonodesshareasecretkey,wecanalsouseamessageauthenticationcodeforthispurpose,forexampleHMAC[4].Sim-ilarly,thenonceandthesignatureonmessageensuretotheresponderthattheinitiatoriswithintransmissionrangeifmessagearrivesafterasufÞcientlyshortdelay.Finally,werate-limitNewNeighborSolicitationstopreventanattackerfromßoodingitsneighbors.Figure3showsthefullproto-col.IntegrationwithanOn-DemandProtocol.Inanon-demandprotocol,neighborveriÞcationisperformedduringeachRouteDis-covery.Asaresult,wecandefendagainstNewNeighborSolicita-tionßoods,byrelyingontheunderlyingprotocoltodefendagainstOUTEEQUESTßoods;anoderespondstoanyNewNeighborSolicitationpresentedwithavalidREQUEST.Ifdesired,REQUESTßoodpreventioncanbeachievedthroughtheuseofahashchain, EIGHBOROLICITATIONSignEIGHBOREPLYSignEIGHBORERIFICATIONSignFigure3:NeighborDetectionbetweeninitiatorandrespon-derasinAriadne[16].Inparticular,inAriadne,eachnodemaintainsahashchain,anduseselementsofthehashchaintoauthenticatetheßoodedREQUEST.Thesehashchainvaluesprovidecheapau-thentication,andavictimreceivingtoomanyRouteDiscoveriesfromanattackercanrate-limitforwardingofthatattackerÕsRQUESTs.InRAP,wecaninsteaduseHORSoranyotherefÞcientauthenticationmechanismwiththisratelimiting,topreventexces-siveßooding.WhenanodeforwardsaREQUEST,itincludesinthatRQUESTabroadcastNeighborSolicitation.EachnodeforwardingthatREQUESTreturnsaNeighborReply,andpiggybacksontheNeighborReplyaunicastNeighborSolicitationfor.IfdecidesthatisaneighborbasedonthewormholepreventionmechanismreturnsasignedNeighborVeriÞcationthatveriÞesthelinkfromalsoincludesinpacketaNeighborReplytotheunicastNeighborSolicitationsentby.Ifdecidesthatisaneighborbasedonthewormholepreventionmechanismused,forwardstheREQUEST,includingtheNeighborVeriÞcationforthelinksignedby,andalsoincludingaNeighborVeriÞcationforthelinksignedbyitself.neednotreturnaNeigh-borVeriÞcation,sinceislikelytoheartheforwardedREQUESTwhichincludestheNeighborVeriÞcation.Figure4showshowforwardsaREQUESTfrom4.3.SecureRouteDelegationInourROUTEEQUESTpropagation,wewanttoenableeachnodetoverifythatallthesecureNeighborDetectionstepswereper-formedbetweenanyadjacentpairofnodesintheREQUEST,i.e.,verifythatbothnodesofeachadjacentnodepairindeedbelievestobeaneighbor.WeachievethispropertythroughaSecureRouteDelegationmechanism,whichisinspiredbytheworkofKentetal.inS-BGP[21,22].S-BGPusesRouteAttestationstoensurethateachAutonomousSystem(AS)listedintheBGPASpathisindeedavalidAS.InS-BGP,beforesendingarouteupdatetoitsneighbor,theASsignsarouteattestationdelegatingittherighttofurtherpropagatetheupdate.Weusethismechanismtoenablethenodestoverifythatallthesecureneighbordetectionprotocolswereexecutedandthatbothneighborsbelievethattheyarewithintransmissionrange.Wede-scribetheprotocolbasedonanexample.Considertwoneighbor-ingnodesAandB,whereAreceivedthecurrentROUTEQUESToriginatingfromnodeSdestinedfornodeRwiththese-quencenumber.NodeAengagesinthesecureneighboringde-tectionprotocolandÞndsafterthesecondmessagethatBisindeedwithinrange,soitdelegatestheROUTEEQUESTtoBasfollows:OUTEELEGATIONSignNodeAdoesnotneedtosendthemessagetoB,asBcanre-constructalltheÞeldsofthemessageandverifythesignature.TheROUTEELEGATIONmessagecanbebundledtogetherwiththelastmessageofthesecureNeighborDetectionprotocol.IfBbelievesthatAisindeedaneighborwithinrange,BwillaccepttheROUTEELEGATION,continuetheprotocol,andsignanotherOUTEELEGATIONwiththenextneighbor.4.4.RandomizedMessageForwardingThesecureNeighborDetectionandsecureRouteDelegationtech-niquesarenotsufÞcienttothwarttherushingattack,sinceanad-versarycanstillgetanadvantagebyforwardingROUTEEQUESTveryrapidly.Weusearandomselectiontechniquetominimizethechancethatarushingadversarycandominateallreturnedroutes.IntraditionalROUTEEQUESTforwarding,thereceivingnodeimmediatelyforwardstheREQUESTandsuppressesallsubsequentEQUESTs.InourmodiÞedßooding,anodeÞrstcollectsanumberofREQUESTs,andselectsaREQUESTatrandomtoforward.Therearethustwoparameterstoourrandomizedforwardingtechnique:Þrst,thenumberofREQUESTpacketstobecollected,andsecond,thealgorithmbywhichtimeoutsarechosen.Givenperfectinformation,eachforwardingnodewouldcollectthemaximumpossiblenumberofREQUESTsbeforeforwardingone,sincethisapproachprovidesthemosteffectivedefenseagainstarushingattack.However,whenthenumberofREQUESTsischo-sentobetoolarge,randomizedforwardingwillheavilyrelyonthetimeouttotriggerREQUESTforwarding,increasinglatencyandpossiblyreducingsecurity.Inarealnetwork,perfectinformationisgenerallynotavailable;asaresult,initiatorscanincludeineachRouteDiscoverythenumberofREQUESTstobufferbeforefor-wardingone,andcanadjustthisparameteradaptively,basedontheREPLYlatencyandontheparameterschosenbyothernodes.Alternatively,thisnumbercanbechosenasaglobalparameter,orlocallyusinganadaptivealgorithm,thoughanadaptivealgorithmmayallowcertainnewattacks.Whenperfecttopologyinformationisavailable,thechoiceoftimeoutshouldbebasedonthenumberoflegitimatehopsbetweentheinitiatorandthenodeforwardingtheREQUEST;closernodesshouldchooseshortertimeoutsthanfar-awaynodes.Thistopo-logicalinformationcanbeapproximatedbylocationinformation;thatis,nodesthataregeographicallyclosershouldchoosesmallertimeoutsthannodesthataregeographicallyfartheraway.Whenge-ographicinformationisnotavailable,nodescanrandomlychoosetimeouts;ÁÁÁÁÁÁÁsrouting.texhowever,thisapproachreducessecu-ritybyfavoringnodeschoosingshortertimeouts.=======however,thisapproachreducessecuritybyfavoringnodeschoosingshortertimeouts.ÀÀÀÀÀÀÀ1.124.5.SecureRouteDiscoveryInthissection,wedescribeoursecureroutediscoveryprotocol.Weusethreetechniquesinconcerttopreventtherushingattack:oursecureNeighborDiscoveryprotocol,oursecureRouteDelegationanddelegationacceptanceprotocol,andrandomizedselectionofwhichROUTEEQUESTwillbeforwarded.TheintuitionbehindSecureRouteDiscoveryistomakethefor-wardingofREQUESTpacketslesspredictablebybufferingtheÞrstEQUESTsreceived,thenrandomlychoosingoneofthoseRQUESTs.However,weneedtopreventanattackerfromÞllingtoomanyoftheseEQUESTs,sinceotherwisetheattackercouldsim-plyrushcopiesofaREQUEST,ratherthanasingleREQUEST,and OUTEEQUESTEIGHBOROLICITATIONSignEIGHBOREPLYSignEIGHBORERIFICATIONSignOUTEELEGATIONSignOUTEEQUESTEIGHBOROLICITATIONSignFigure4:forwardingtheEQUESTfromcanbegen-eratedusingasharedkey,ifavailable.TheOUTEEQUESTincludesthebidirectionalNeighborVeriÞcationmes-and,togetherwiththenecessaryauthenticatorsand).TheuseofallowstheveriÞca-tionofwithoutneeding,whichdecreasestheoverheadcausedbytheEQUESTpacket.Thesametechniqueisusedincreatingourschemewouldonceagainbevulnerabletotherushingattack.TolimitthenumberofREQUESTsthattraverseanattacker,weexploitthefactthatlegitimatenodesforwardonlyoneREQUESTinanyDiscovery.First,werequirethateachREQUESTcarryalistofnodestraversedbythisREQUEST.Second,werequireabidirectionalNeighborVeriÞcationforeachlinkrepresentedbythislistofnodes,foratotaloftwosignedNeighborVeriÞcationsperhop.Third,toauthenticatethenodelist,werequireeachnodetoauthenticatetheREQUESTitforwards,thoughitcanpiggybackthisauthenticationtogetherwiththeNeighborVeriÞcationthatitsigns.Finally,werequirebufferedREQUESTsbeduplicate-suppression-unique:thatis,iftherouterecordofanytwoREQUESTscontainanynode,theroutepreÞxleadingupto(andincluding)bethesame.ThesethreerequirementsconstrainanattackertotheextentthatanattackerthathascompromisednodescanrushatEQUESTTopreventreplayofoldNeighborVeriÞcationmessages,eachmessageistiedtoaspeciÞcRouteDiscovery.SpeciÞcally,whenanodesendsaNeighborVeriÞcationforthelinkfromsignsnotjust(asinFigure3),butalsotiesauniqueRouteDiscoveryidentiÞertotheNeighborVeriÞcation.Forexample,inAODV,theRREQIDandOriginatorIPAddressinanRREQformauniqueidentiÞer;inDSR,theTargetAddressandIdentiÞerÞeldsfromaROUTEEQUEST,togetherwiththeIPSourceAddress,formauniqueidentiÞer.ToaddresswraparoundintheseIdentiÞerÞelds,ifthenodesinthenetworkhaveverylooselysynchronizedclocks(withinafewdays),thenodecanincludeatimeoutinad-ditiontothisuniqueidentiÞer.Ifnetworknodeshavemoretightlysynchronizedclocks(withinafewseconds),thenodecanincludeatimeoutinplaceofanyuniqueidentiÞer.Insomeareasofsomenetworks,anodewillnothavedis-tinctpathstothesourceoftheREQUEST.ToenabletheDiscov-eryofroutestoorthroughsuchnodes,weallowanodetofor-wardaREQUESTaftersometime,evenifithasnotyetreceivedEQUESTs.Incertaincases,however,aÞxedtimeoutallowsanattackertopreventthediscoveryofacorrectroute.Onewaytoavoidsuchanattackistochoosearandomtimeoutbetweenmax.Alternatively,wecanpreferearlyreleasewhenanodehasbufferedmoreREQUESTs,forexamplebychoosingarandomtimeoutbetweenmaxwhereisthenumberofREQUESTsbufferedsofar.Choosingatimeoutwhenlocationinformationisavailablecanprovidebet-terproperties.IftheinitiatorofeachREQUESTincludesatimes-tampanditslocation,intermediatenodescanchooseatimeoutÞxedtimeoutpropagationspeeddistancetoinitiator.Af-teranodechoosesatimeout,eitherrandomlyorbasedonoptionallocationinformation,thenoderandomlychoosesonereceivedRQUESTforforwarding.Weimplementtwoadditionalsecurityoptimizationstothisba-sicscheme.Ingeneral,theseoptimizationsarebasedonusingthepropertyofnonrepudiationtospreadinformationaboutmaliciousnodes.First,werequirethateachREQUESTbesignedbythefor-wardingnode.AnodedetectinganattackerforwardingmorethanoneREQUESTcanexposetheattackerbyßoodingthetwoRQUESTs.Second,iflocationinformationisavailable,andusedforexampletoimplementgeographicpacketleashes,anattackerclaimingtobeintwoplacesatthesametimecanbeblacklistedinthesameway.Forexample,ifeachREQUESTincludesinthenodelistlocationinformationandtimeinformationforeachforwardingnode,anodecankeepadatabaseofpreviouslocationinformation,andÞndtwolocationclaimsthatsigniÞcantlyexceedthemaximumspeedachievablebylegitimatenodes.Inparticular,iflocationin-formationisaccurateto,andtimeinformationisconsistenttoandmaximumspeedis,thentwolocationsclaimedtimeapartismaliciouslyclaimedifthedistancebetweenthetwolocationsisgreaterthan2.Ourblacklistmechanismsdonotneedauthentication,sincethenonrepudiationofcontradictinginforma-tioncanbecanbeveriÞedbyanynodes.Werouteblacklistin-formationbyßooding:contradictoryinformationisrebroadcastbyanynodethatveriÞesthenonrepudiationanddidnothavethismali-ciousnodeonitsblacklist.ThisapproachissimilartotheblacklistmechanismusedbyAriadne[16].4.6.IntegratingSecureRouteDiscoverywithDSRTointegraterushingpreventionwithDSR[18]orothersecurepro-tocolsbasedonDSR,welimitRouteDiscoveryfrequencyasinAriadne[16].EachtimeanodeforwardsaROUTEEQUEST,itÞrstperformsaSecureNeighborDetectionexchangewiththepre-vioushop.WhenitforwardstheREQUEST,itincludesintheRQUESTabidirectionalNeighborVeriÞcationfortheprevioushop.AsinDSR,thetargetofaRouteDiscoveryreturnsaROUTEEPLYforeachdistinctROUTEEQUESTitreceives.EachsuchOUTEEPLYissentwithasourcerouteselectedbyreversingtherouteintheROUTEEQUEST.Thisrouteislikelytoworkiftherearenoattackersontheroute,sinceNeighborDetectiononlyÞndsbidirectionalneighbors.4.7.IntegratingSecureRouteDiscoverywithAODVInAODV[33],aswellasothersecureprotocolsbasedonAODV[6,39,45],RouteRequest(RREQ)packetsdonotcarryanodelist.However,inordertoÞlterexcessivemaliciousRREQs,werequireeachRREQtocarryanodelist.InsteadofforwardingtheÞrstRREQreceived,nodesusingourSecureRouteDiscoveryrandomlyselectoneoftheÞrstRREQsitreceivesandtreatsitastheRREQ toforward.MorespeciÞcally,itplacestheinitiatoroftheRouteDiscoveryinitsroutingtableusingtheprevioushopoftheRREQselectedasthenext-hopdestination.Itthenappendsitsaddressandauthenticationinformationtothenodelist,andforwardsitasinDSR.SinceAODVisadistance-vectorprotocol,itcannotmakeuseofmultipleroutes.Asaresult,thetargetofaRouteDiscoveryalsowaitsforRREQpacketsbeforereturningasingleRREP.ThetargetsignstheRREP,andincludesintheRREPneighborauthen-ticationforeachhopinthechosenpath.ThisauthenticationallowsnodesforwardingtheRREPtoauthenticatetheentirepathbacktothesourceoftheRREP.EachnodeauthenticatingthisinformationestablishesaroutebacktothesourceoftheRREP(thetargetoftheRREQ).WhenthisRREPreachesthedestination,itwillhaveestablishedabidirectionalroutebetweentheinitiatorandtargetoftheRouteDiscovery.BecauseAODVdoesnotsupportmultipleroutes,thesecuritypropertiesofAODVusingSecureNeighborDiscoverywillbesome-whatworsethanthepropertiesofDSRusingSecureNeighborDis-covery.4.8.IntegratingSecureRouteDiscoverywithSecureAdHocNetworkRoutingProtocolsWhenusingourrushingattackpreventiontogetherwithasecureon-demandroutingprotocol,anodecanÞrstattemptRouteDis-coveryusingthatsecureprotocol.Ifarushingattackerpreventsthediscoveryofanyworkingroutes,thenodecanthensetaßagindi-catingthatitwantstouserushingattackprevention,thoughitmustalsoauthenticatethatßagtopreventmodiÞcation.Thisapproachissimilartotheprincipleofexpandingringsearch:Þrst,anodeusesacheaper,butsometimesunsuccessful,search.ThenodeonlyusesamoreexpensivesearchwhenthecheapersearchdoesnotÞndaroute.ThisoptimizationprovidesbeneÞtsintwocases:Þrst,whentherearenorushingattackers,existingsecureroutingproto-colsshouldbeabletoÞndaroute.Secondly,arushingattackerdoesnothaveanyadvantageinone-andtwo-hoproutes.5.EVALUATIONToevaluateourtechniques,weanalyzedthecostandeffectivenessthroughsimulationandanalysis.Oursimulationwasdesignedtoshowthecostofourtechniquesinanon-adversarialenvironment,whereasouranalyticalevaluationshowsprovableboundsontheextenttowhichanattackercandisruptaprotocolusingourtech-niques.5.1.SimulationEvaluationToevaluatetheoverheadofusingoursecureneighbordiscoverymechanisminanon-adversarialenvironment,wesimulatedourschemeusingthens-2simulator,usingAriadne[16]asourunderly-ingroutingprotocol.WecallthismodiÞedprotocolRAP(RushingAttackPrevention).Wedidnotimplementtheoptimizationsde-scribedinSection4.8,becauseoursimulationsdidnotincludeanattacker,soourresultswouldbeequivalenttojustusingAriadne.WeusedtheoriginalAriadnesourcecode[29],andmodiÞedittousedigitalsignaturesbasedonHORSandgeographicalleashesforwormholeprotection[14].WecomparedourresultswithAriadneandDSRinordertodeterminetheaddedcostsofRAPwhentherearenoattackers.However,whenarushingattackerispresent,ex-istingon-demandadhocnetworkroutingprotocolwouldingeneralbeunabletodeliverpacketsoverpathslongerthantwohops(Sec-tion2).RAP,ontheotherhand,wouldbeabletodiscoverworkingpathsmuchofthetime,andasaresult,wouldgenerallyoutperformexistingon-demandroutingprotocols.WechoseHORSasourbroadcastsignature,usingatimeintervalof5secondsandallowingeachnodetoauthenticateupto20mes-sagespertimeinterval.Weassumedatimesynchronizationerrorof1second,andused180bytesignatures.Asaresult,eachpub-lickeyis78380bytes,andeachnodehasanamortizedworkloadof156760hashoperationspersecondateachnodeforgeneratingsignatures,aswellasverifyingallsignaturesfromallnodes.(ThisleveliswellwithinthecapabilityofmodernPDAs,andrepresentsaround10%CPUutilizationonmodernworkstations).Ourparam-eterswerechosentoprovidean80bitsecuritylevel;thatis,anattackermustguess2signaturestoforgeonesignatureinexpec-tation.WhensignatureswereneededatafasterratethanpermittedbyHORS,weusedamulti-signatureschemebasedonMerklehashtrees[28].Wesimulatedpacketleashesbasedonoptionallocationinformation,andwaitedfor2REQUESTpackets,ora0.2secondsÞxedtimeoutplusthedistancetotheinitiatortimesapropagationspeedof1500meterspersecond.Becauseasquareareaismorelikelytosupportmultipleroutesbetweenasourceanadestination,oursimulationsused100nodesina1000m1000mspacemovingaccordingtotherandomway-pointmodel[19].Inthismodel,eachnodeisrandomlyplaced;atthebeginningofthesimulation,itwaitsforapausetime,thenchoosesavelocityuniformlybetween0and20meterspersecond.Itthenproceedstoarandomlocationatthatvelocity,anduponar-riving,waitsforthepausetimeandrepeats.Wesimulatedpausetimesof0,30,60,120,300,600,and900seconds.Wechoseaworkloadof5ßows,eachproducing4packetspersecond,using64-bytepackets.ThisworkloadwassufÞcienttocausesigniÞcantcongestionwithourscheme,eventhoughnormaladhocnetworkroutingprotocolscandeliverfourormoretimestheloadatlowerlossrate;however,secureneighbordiscoveryincurssigniÞcantlyhigheroverheadduetothefour-wayhandshakeandspeed-of-lightdelaysassociatedwithit.Wesimulatedalink-layerdatarateof2Mbps.RAPhassigniÞcantlyworseperformancethanbothAriadneandDSRbecauseoftheaddedloadoftheSecureNeighborDiscovery.Figure5(a)showsthePacketDeliveryRatioofthethreeprotocols.DSRdeliversbetween998%and100%ofofferedtrafÞc.Ariadnedeliversbetween950%and100%ofofferedtrafÞc;asigniÞcantimprovementoverprevioussimulationresults[16].ThissuggeststhatprevioussimulationsusedtoohighatrafÞcloadtofairlyeval-uateAriadneintheabsenceofcongestion.EvenwiththislighttrafÞcload,RAPwasabletodeliverjust76%to477%ofofferedload.Thisperformanceisprimarilyduetocongestion.Athighermovementspeeds(lowerpausetime),thelowerpacketdeliveryra-tioiscausedbyanevenhigherpacketoverhead,whichresultsfromtheon-demandnatureoftheprotocol.WealsosimulatedRAPcar-ryingalowerloadofjustoneßow.Athigherpausetimes,AriadnewithRAPhassufÞcientlylowoverheadtodeliverbetween73and745%oftrafÞc.Evenwiththesepausetimes,921%ofdropswereduetoMAC-layercongestion,comparedtojust415%duetothenodeÕsinabilitytoÞndaroute.ThisMAC-layercongestionseverelyhampersourprotocolÕsabilitytodeliverapplication-layerpackets.Figure5(b)showsthemedianlatencyofdeliveredpackets.DSRandAriadneappeartohavezeromeanlatency,sincetheirmedianlatenciesof43msand38msrespectivelyaresigniÞcantlylowerthanthe1050msmedianlatencyofRAP.TwofactorscontributetothehigherlatencyofRAP:Þrst,congestionincreasesthetimeeachnodemustwaittoacquirethemedium,andsecond,ifanodere-ceivesjustoneROUTEEQUESTpacketfromaRouteDiscovery, 0 200 300 400 500 600 700 800 900 0.4 0.6 0.8 Pause Time DSRRAP 1 Flow PacketDeliveryRatio(a)PacketDeliveryRatio 100 200 300 400 500 600 700 800 900 0 0.5 1 1.5 2 2.5 3 3.5 Pause Time MedianLatency(seconds)(b)MedianLatency 100 200 300 400 500 600 700 800 900 0 10 20 30 40 50 60 70 80 Pause Time PacketOverhead(Packets(c)PacketOverhead 100 200 300 400 500 600 700 800 900 0 20 40 60 80 100 120 140 160 180 200 Pause Time Ariadne ByteOverhead(Bytes(d)ByteOverheadFigure5:UnoptimizedRAPperformanceevaluationresultsinnon-adversarialenvironment.OptimizedRAPwouldhavesameresultsasAriadne,exceptthatitwouldperformbetterwhenunderattack.Underattack,optimizedRAPandAriadnewouldperformidenticallyforone-andtwo-hoproutes,butinÞndinglongerroutes,RAPshouldsigniÞcantlyoutperformAriadne,sinceRAPÞndsworkingrouteswithmoderateprobability,butAriadneandDSRcanneverÞndroutes.ÒRAP1FlowÓreferstoRAPwiththelightercommunicationspatternofoneCBRsource.Resultsbasedonaveragesover50simulationruns;theerrorbarsrepresentthe95%conÞdenceintervalofthemean.itwaitsasigniÞcantamountoftimebeforeforwardingthatRQUESTinanattempttocollectenoughREQUESTsandchooseoneatrandom.Figures5(c)and5(d)showthePacketOverheadandByteOver-headofthethreeprotocols.Athigherpausetimes,RAPhasmorethanÞvetimesasmuchoverheadwhenitusesÞveßows.ThisindicatesthatthecongestioncausedbytheprotocolsigniÞcantlyreducestheusefulnessoftheroutingprotocolpackets.Whencon-gestionisnotanissue,weactuallyexpectthatoverheadshouldbelessthanafactorofÞve,becausenodescancacheinformationtheyoverhear,thusimprovingefÞciency.Ourperformanceevaluationshowsthatinnon-adversarialenvi-ronments,RAPaddssigniÞcantcostsrelativetoothersecurerout-ingprotocols.Manyofthesecostsareduetothecongestioncreatedatlowerbitrates.However,RAPisdesignedtobeusedonlywhennecessary(Section4.8),sothesehighercostsareonlyincurredwhentheunderlyingprotocolisotherwiseunabletodiscoveraworkingroute.SpeciÞcally,RAPincursnocostuntiltheunderly-ingprotocoliscompletelypreventedfromÞndingaworkingroute.Itthenallowsthatprotocoltouseahighercostapproachtosuc-cessfullydeliverpacketsevenagainstarushingattacker.Inthenextsection,weshowhowRAPperformsunderarushingattack,inwhichDSRandAriadnewouldbeunabletoÞndroutescontain-ingmorethanthreenodes(twohops).5.2.SecurityAnalysisThissectiondiscussesthesecuritypropertiesachievedwithRAPwhendistinctroutes(bothlegitimateandattacking)existbe-tweentheoriginatorandeachothernodeinthenetwork.(AsinSection4.5,tworoutesareconsidereddistinctiftheyendindiffer-entnodes.)Sinceroutesarerequiredtoendindifferentnodes,anattackerwithaccesstothekeysofcompromisednodescangen-erateatmostdistinct,maliciouslyinjectedROUTEEQUESTforthepurposeofdenial-of-service.ToanalyzetheprobabilityofanodesubvertingaRouteDiscov-ery,weassumethattheattackerrushesdistinctREQUESTsto initiatortargetFigure6:ExamplenetworktopologyusedinRAPsecurityanalysis. initiatortargetFigure7:AnexampleofasuccessfulRouteDiscovery.EachgraynodechoseavalidEQUESTandbelongedtoarouteforwhichaEPLYwassent.EachlinerepresentsahopinapathchosenbyalegitimateEQUEST;thenetworktopologyisshowninFigure6.eachnodeinthenetwork.Asaresult,eachnodeneedsonlyadditionaldistinctREQUESTs.WealsosupposethatthenetworktopologyoftheselegitimaterequestsisrepresentedbyFigure6,suchthatthehopsfromthesourcetothetargetformasequenceoftiers,suchthattheneighborsofthesourceformtheÞrsttier,theneighborsofthetargetformthelasttier,andanytwoadjacenttiersformacomplete,bipartitegraph.WedenotetheprobabilityofsuccessfullyÞndingarouteattiergivennodesatthattiertobe.Inparticular,weseektheproba-bility.Sinceone-hopneighborscannotbesubverted,1forall0.Atanyotherlevel(thatis,when1),theprobabil-itythatoftheneighborswillchooseoneofthebogusROUTEEQUESTsisgivenbythebinomialPDF nyŠi
nŠm .Forexample,inFigure7,at3nodesreceivedavalidROUTEEPLY,butonly2ofthemforwardedavalidREQUESTEachofthenodesthatdonotchoosebogusREQUESTschoosesoneoftheREQUESTsitreceived.SomeoftheseREQUESTsmayoverlap;theprofchoosingexactlydistinctprevioushopsisgivenby,whereistheprobabilitythatwhenballsarethrownintoboxes,exactlyboxesareempty(thatis,exactlyboxesarefull).Thesolutiontotheclassicaloccu-pancyproblem[43]gives Forexample,inFigure7,at2nodeschose2dis-tinctprevioushops,andat2nodeschose1distinctprevioushops.When,atalevelnodesdonotchoosebogusREQUESTbutinsteadchooseatotalofdistinct,legitimateREQUESTs,theprobabilitythattheRouteDiscoverywillbesuccessfulisbydeÞnition.ThenisgivenbytheequationinFigure5.2.Forexample,when2and5,theprobabilityofasuccessfulRouteDiscoveryis46%.Wenowarguethatthecaseabovereßectsaworstcaseanaly-sisbyanalyzingsomepotentialvariations.First,theditionalincomingnodescouldcomefromearliertiers(e.g.,tierswithlower).However,sinceismonotonedecreasingwithincreasingandÞxed,theopportunitytochoosenodesfromear-liertiersonlyprovidesabeneÞt.Second,theremaynotbeasmuchoverlapbetweenthepredecessorsofthenodesinasingletier;how-ever,thisonlyreducesthenumberofcollisionsattheprevioustier.Fewercollisionsattheprevioustierimprovesperformance,sinceismonotoneincreasingwithÞxedandincreasing.Third,anattackercanchoosetoreducethenumberofbogusREQUESTsitsendstoeachnode;thishastheeffectofreducing,whichagainincreasestheprobabilityofsuccess.AÞnalattackallowsapow-erfulattackertomonitortheREQUESTsforwardedbyeachnodelegitimatenode.Someoftheselegitimatenodeswillhaveran-domlychosenREQUESTsthatrepresentcompromisedroutes.TheattackercanthenattempttoforwardsuchREQUESTstonodesthatdidnothearthatREQUESTdirectlyfromthatnode.Thisattackwillbepreventedbywormholedetection.AsmentionedinSection4.7,ifonlyoneROUTEEPLYisre-turnedwithanydiscovery,securityissomewhatlower.Inpartic-ular,onlyonerouteisreturned,andeachhopaftertheÞrsthasa ofchoosinganonattackingnodeundertheattackermodelusedinthissection.Inaworkingroute,allnodesmustforwardanonattackingREQUEST.Asaresult,theprobabilityofchoosingaworkingrouteis ,whereisthenumberofin-termediatenodes(excludingtheinitatorandtarget).Thissectionpresentedanextremelyconservativesecurityanaly-sis.Inparticular,anattackerasaggressiveastheonedescribedherewouldneedtopropagatetheROUTEEQUESTfromeachRouteDiscoveryfrommanydifferentlocations,possiblysubjectingittoanintrusiondetectionmechanism.Arealattackerconsideringthetradeoffbetweenanimprovedprobabilityofsubversionandanin-creasedprobabilityofbeingcaughtisunlikelytousesuchapow-erfulattack.6.RELATEDORKWehavealreadydiscussedthevulnerabilityofcurrentsecureon-demandadhocnetworkroutingprotocols[6,39,16,31,45]totherushingattackinSection2.PerlmanÕsFloodingNPBR[34]routingprotocolforwirednetworksdoesnotsufferfromthisattack,sincetheprotocoldoesnotdependontheactualpathoftheßoodforrouting;rather,itrequiresthateachpacketbeßoodedthroughthethenetwork.Othersecureroutingprotocolshavebeenproposedbasedonpe-riodic(proactive)mechanisms,forwirednetworks[7,11,12,21,25,40,41]aswellasforwirelessadhocnetworks[13,36].Al-thoughtheseprotocolstypicallyarenotvulnerabletorushingattacks,suchperiodicprotocolsareoftenlessdesirableforadhocnetworkroutingduetotheirhigheroverheadandsloweradaptivity.Otherareasinsecureadhocnetworkroutinghavebeenexplored,suchastrustestablishment[2,16,17,42],keygeneration[3],nodesthatmaliciouslydonotforwardpackets[27],andsecurityrequire-mentsforforwardingnodes[44].Theseareasarebeyondthescopeofthispaper.Routingprotocolintrusiondetectionhasbeenstudiedinwirednetworksasamechanismfordetectingmisbehavingrouters.Che-ungandLevitt[8]andBradleyetal[5]proposeintrusiondetectiontechniquesfordetectingandidentifyingroutersthatsendbogusroutingupdatemessages.Inthispaper,wedescribeoneinvariantoflegitimatenodebehavior,andintroduceadistributedmechanismtoexcludenodesthathavebeencaughtviolatingthatinvariant.7.CONCLUSIONInthispaper,wehavedescribedtherushingattack,anovelandpowerfulattackagainston-demandadhocnetworkroutingproto- Sx,y=yi=1yim nyŠinŠm nii,nŠm)j=1SxŠ1,jpnŠmŠj(nŠm,i)=yi=1yim nyŠinŠm nii,nŠm)j=1 SxŠ1,jnŠmnŠmŠjjk=0(Š1)kjkŠk Figure8:TheprobabilityofasuccessfulRouteDiscoveryinanetworkusingRAPcols.Thisattackallowsanattackertomountadenial-of-serviceattackagainstallpreviouslyproposedsecureon-demandadhocnetworkroutingprotocols.WehavealsopresentedRAP(RushingAttackPrevention),anewprotocolthatthwartstherushingattack.Wefoundthatthewidelyusedduplicatesuppressiontechniquemakestherushingattackpossible,andwedesignedanewRouteDiscoveryprotocolcalledRAPthatreplacesthestandardmecha-nismandthwartstherushingattack.Ourapproachisgeneric,soanyprotocolthatreliesonduplicatesuppressioninRouteDiscov-erycanuseourresultstofendoffrushingattacks.Moreimpor-tantly,wedemonstratedthattherearemechanismsthatcandefendagainsttherushingattack,eventhoughallpreviousattemptsatse-cureon-demandadhocnetworkroutingprotocolshavebeenvul-nerable.Whenintegratedwithasecureroutingprotocol,RAPincursunlesstheunderlyingsecureprotocolcannotÞndvalidroutes.WhenRAPisenabled,itincurshigheroverheadthandostandardRouteDiscoverytechniques,butitcanÞndusablerouteswhenotherprotocolscannot,thusallowingsuccessfulroutingandpacketdeliverywhenotherprotocolsmayfailentirely.Wehavealsoshownthatexistingon-demandroutingprotocolscanberetroÞttedusingourtechniquetoresisttherushingattack.EFERENCES[1]NormanAbramson.TheALOHASystemÑAnotherAlternativeforComputerCommunications.InProceedingsoftheFall1970AFIPSComputerConferencepages281Ð285,November1970.[2]DirkBalfanz,D.K.Smetters,PaulStewart,andH.ChiWong.TalkingToStrangers:AuthenticationinAd-HocWirelessNetworks.InSymposiumonNetworkandDistributedSystemsSecurity(NDSS2002),February2002.[3]StefanoBasagni,KrisHerrin,EmiliaRosti,andDaniloBruschi.SecurePeb-blenets.InACMInternationalSymposiumonMobileAdHocNetworkingandComputing(MobiHoc2001),pages156Ð163,LongBeach,California,USA,Oc-tober2001.[4]MihirBellare,RanCanetti,andHugoKrawczyk.HMAC:Keyed-HashingforMessageAuthentication.InternetRequestforCommentRFC2104,InternetEn-gineeringTaskForce,February1997.[5]KirkA.Bradley,StevenCheung,NickPuketza,BiswanathMukherjee,andRonaldA.Olsson.DetectingDisruptiveRouters:ADistributedNetworkMoni-toringApproach.InProceedingsoftheIEEESymposiumonResearchinSecurityandPrivacy,pages115Ð124,May1998.[6]ClaudeCastellucciaandGabrielMontenegro.ProtectingAODVagainstImpersonationattacks.IETFMANETMailingList,Message-ID006601c1eb8c$f279c560$1d1fc7c2@charmette.inrialpes.fr,ietf.org/mail-archive/working-groups/manet/current/msg00186.htmlApril2002.[7]StevenCheung.AnEfÞcientMessageAuthenticationSchemeforLinkStateRouting.In13thAnnualComputerSecurityApplicationsConference,1997.[8]StevenCheungandKarlLevitt.ProtectingRoutingInfrastructuresfromDenialofServiceUsingCooperativeIntrusionDetection.InThe1997NewSecurityParadigmsWorkshop,September1998.[9]ThomasClausen,PhilippeJacquet,AnisLaouiti,PascaleMinet,PaulMuh-lethaler,AmirQayyum,andLaurentViennot.OptimizedLinkStateRoutingProtocol.Internet-Draft,draft-ietf-manet-olsr-06.txt,September2001.Workinprogress.[10]PiyushGuptaandP.R.Kumar.Thecapacityofwirelessnetworks.IEEETrans-actionsonInformationTheory,46(2):388Ð404,March2000.[11]RalfHauser,AntoniPrzygienda,andGeneTsudik.ReducingtheCostofSecu-rityinLinkStateRouting.InSymposiumonNetworkandDistributedSystemsSecurity(NDSSÕ97),pages93Ð99,February1997.[12]AndyHeffernan.ProtectionofBGPSessionsviatheTCPMD5SignatureOp-tion.RFC2385,August1998.[13]Yih-ChunHu,DavidB.Johnson,andAdrianPerrig.SecureEfÞcientDistanceVectorRoutinginMobileWirelessAdHocNetworks.InFourthIEEEWorkshoponMobileComputingSystemsandApplications(WMCSAÕ02),June2002.[14]Yih-ChunHu,AdrianPerrig,andDavidB.Johnson.PacketLeashes:ADefenseagainstWormholeAttacksinWirelessAdHocNetworks.InProceedingsoftheTwenty-SecondAnnualJointConferenceoftheIEEEComputerandCommuni-cationsSocieties(INFOCOM2003),April2003.Toappear.[15]Yih-ChunHu,AdrianPerrig,andDavidB.Johnson.PacketLeashes:ADe-fenseagainstWormholeAttacksinWirelessAdHocNetworks.InProceedingsofIEEEINFOCOM2003,April2003.[16]Yih-ChunHu,AdrianPerrig,andDavidB.Johnson.Ariadne:ASecureOn-DemandRoutingProtocolforAdHocNetworks.InProceedingsoftheEighthAnnualInternationalConferenceonMobileComputingandNetworking(MobiCom2002),pages12Ð23,September2002.[17]Jean-PierreHubaux,LeventeButty«an,andSrdjanCapkun.TheQuestforSecu-rityinMobileAdHocNetworks.InProceedingsoftheThirdACMSymposiumonMobileAdHocNetworkingandComputing(MobiHoc2001),LongBeach,CA,USA,October2001.[18]DavidB.Johnson.RoutinginAdHocNetworksofMobileHosts.InProceed-ingsoftheIEEEWorkshoponMobileComputingSystemsandApplications(WMCSAÕ94),pages158Ð163,December1994.[19]DavidB.JohnsonandDavidA.Maltz.DynamicSourceRoutinginAdHocWirelessNetworks.InMobileComputing,editedbyTomaszImielinskiandHankKorth,chapter5,pages153Ð181.KluwerAcademicPublishers,1996.[20]DavidB.Johnson,DavidA.Maltz,Yih-ChunHu,andJorjetaG.Jetcheva.TheDynamicSourceRoutingProtocolforMobileAdHocNetworks(DSR).Internet-Draft,draft-ietf-manet-dsr-07.txt,February2002.Workinprogress.[21]StephenKent,CharlesLynn,JoanneMikkelson,andKarenSeo.SecureBorderGatewayProtocol(S-BGP)ÑRealWorldPerformanceandDeploymentIssues.SymposiumonNetworkandDistributedSystemsSecurity(NDSSÕ00),pages103Ð116,February2000.[22]StephenKent,CharlesLynn,andKarenSeo.SecureBorderGatewayProtocol(S-BGP).IEEEJournalonSelectedAreasinCommunications,18(4):582Ð592,April2000.[23]Young-BaeKoandNitinVaidya.Location-AidedRouting(LAR)inMobileAdHocNetworks.InProceedingsoftheFourthInternationalConferenceonMobileComputingandNetworking(MobiComÕ98),pages66Ð75,October1998.[24]JiejunKong,PetrosZerfos,HaiyunLuo,SongwuLu,andLixiaZhang.Provid-ingRobustandUbiquitousSecuritySupportforMobileAd-HocNetworks.In9thInternationalConferenceonNetworkProtocols(ICNPÕ01),2001.[25]BrijeshKumar.IntegrationofSecurityinNetworkRoutingProtocols.SIGSACReview,11(2):18Ð25,1993.[26]RatulMahajan,DavidWetherall,andTomAnderson.UnderstandingBGPMis-conÞguration.InACMSIGCOMM2000,August2002.[27]SergioMarti,T.J.Giuli,KevinLai,andMaryBaker.MitigatingRoutingMisbe-haviourinMobileAdHocNetworks.InProceedingsoftheSixthAnnualInter-nationalConferenceonMobileComputingandNetworking(MobiCom2000)pages255Ð265,BostonMA,USA,August2000.[28]RalphMerkle.ProtocolsforPublicKeyCryptosystems.In1980IEEESympo-siumonSecurityandPrivacy,1980.[29]TheMonarchProject.RiceMonarchProject:MobileNetworkingArchitectures,projecthomepage.Availableathttp://www.monarch.cs.rice.edu/.[30]RichardG.Ogier,FredL.Templin,BhargavBellur,andMarkG.Lewis.Topol-ogyBroadcastBasedonReverse-PathForwarding(TBRPF).Internet-Draft,draft-ietf-manet-tbrpf-05.txt,March2002.Workinprogress.[31]PanagiotisPapadimitratosandZygmuntJ.Haas.SecureRoutingforMobileAdHocNetworks.InSCSCommunicationNetworksandDistributedSystemsMod-elingandSimulationConference(CNDS2002),January2002.[32]CharlesE.Perkins,ElizabethM.Belding-Royer,andSamirR.Das.AdHocOnDemandDistanceVector(AODV)Routing.Internet-Draft,draft-ietf-manet-aodv-10.txt,January2002.Workinprogress. [33]CharlesE.PerkinsandElizabethM.Royer.Ad-HocOn-DemandDistanceVec-torRouting.InProceedingsoftheSecondIEEEWorkshoponMobileComputingSystemsandApplications(WMCSAÕ99),pages90Ð100,February1999.[34]RadiaPerlman.Interconnections:BridgesandRouters.Addison-Wesley,1992.[35]AdrianPerrig.TheBiBaOne-TimeSignatureandBroadcastAuthenticationPro-tocol.InProceedingsoftheEighthACMConferenceonComputerandCom-municationsSecurity(CCS-8),pages28Ð37,PhiladelphiaPA,USA,November[36]AdrianPerrig,RobertSzewczyk,VictorWen,DavidCuller,andJ.D.Tygar.SPINS:SecurityProtocolsforSensorNetworks.InSeventhAnnualACMIn-ternationalConferenceonMobileComputingandNetworks(MobiCom2001)Rome,Italy,July2001.[37]RaymondL.Pickholtz,DonaldL.Schilling,andLaurenceB.Milstein.TheoryofSpreadSpectrumCommunicationsÑATutorial.IEEETransactionsonCom-,30(5):855Ð884,May1982.[38]LeonidReyzinandNatanReyzin.BetterthanBiba:ShortOne-TimeSignatureswithFastSigningandVerifying.InSeventhAustralasianConferenceonInfor-mationSecurityandPrivacy(ACISP2002),July2002.[39]KimayaSanzgiri,BridgetDahill,BrianNeilLevine,ClayShields,andElizabethBelding-Royer.ASecureRoutingProtocolforAdhocNetworks.InProceedingsofthe10thIEEEInternationalConferenceonNetworkProtocols(ICNPÕ02)November2002.[40]BradleyR.SmithandJ.J.Garcia-Luna-Aceves.SecuringtheBorderGatewayRoutingProtocol.InGlobalInternetÕ96,London,UK,November1996.[41]BradleyR.Smith,ShreeMurthy,andJ.J.Garcia-Luna-Aceves.SecuringDis-tanceVectorRoutingProtocols.InSymposiumonNetworkandDistributedSys-temsSecurity(NDSSÕ97),February1997.[42]FrankStajanoandRossAnderson.TheResurrectingDuckling:SecurityIssuesforAd-hocWirelessNetworks.InSecurityProtocols,7thInternationalWork-shop,editedbyB.Christianson,B.Crispo,andM.Roe.SpringerVerlagBerlinHeidelberg,1999.[43]RichardvonMises.UberAufteilungs-undBesetzungswahrscheinlichkeiten.Re-vuedelaFacult«edesSciencesdelÕUniversit«edÕIstanbul,4:145Ñ163,1939.[44]SeungYi,PrasadNaldurg,andRobinKravets.Security-AwareAd-HocRoutingforWirelessNetworks.TechnicalReportUIUCDCS-R-2001-2241,DepartmentofComputerScience,UniversityofIllinoisatUrbana-Champaign,August2001.[45]ManelGuerreroZapataandN.Asokan.SecuringAdHocRoutingProtocols.InProceedingsoftheACMWorkshoponWirelessSecurity(WiSe2002),September[46]LidongZhouandZygmuntJ.Haas.SecuringAdHocNetworks.IEEENetworkMagazine,13(6),November/December1999. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocolsYih-ChunHuCarnegieMellonUniversityyihchun@cs.cmu.eduAdrianPerrigCarnegieMellonUniversityperrig@cmu.eduDavidB.JohnsonRiceUniversitydbj@cs.rice.eduBSTRACTInanadhocnetwork,mobilecomputers(ornodes)cooperatetoforwardpacketsforeachother,allowingnodestocommunicatebeyondtheirdirectwirelesstransmissionrange.Manyproposedroutingprotocolsforadhocnetworksoperateinanon-demandfashion,ason-demandroutingprotocolshavebeenshowntoof-tenhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms.SigniÞcantattentionrecentlyhasbeendevotedtodevelopingsecureroutingprotocolsforadhocnetworks,includinganumberofsecureon-demandroutingprotocols,thatdefendagainstavarietyofpossibleattacksonnetworkrouting.Inthispaper,wepresenttheingattack,anewattackthatresultsindenial-of-servicewhenusedagainstallpreviouson-demandadhocnetworkroutingprotocols.Forexample,DSR,AODV,andsecureprotocolsbasedonthem,suchasAriadne,ARAN,andSAODV,areunabletodiscoverrouteslongerthantwohopswhensubjecttothisattack.Thisattackisalsoparticularlydamagingbecauseitcanbeperformedbyarela-tivelyweakattacker.Weanalyzewhypreviousprotocolsfailunderthisattack.WethendevelopRushingAttackPrevention(RAP)genericdefenseagainsttherushingattackforon-demandproto-cols.RAPincursnocostunlesstheunderlyingprotocolfailstoÞndaworkingroute,anditprovidesprovablesecuritypropertiesevenagainstthestrongestrushingattackers.CategoriesandSubjectDescriptors:C.0[Computer-Commu-nicationsNetworks]:Securityandprotection;C.2.2[NetworkProtocols]:RoutingProtocolsGeneralTerms:Security,PerformanceKeywords:Adhocnetworkrouting,security,routing,rushing ThisworkwassupportedinpartbyNASAundergrantNAG3-2534,byNSFundergrantFD99-79852,byDARPAundercontractN66001-99-2-8913,bytheCenterforComputerandCommunicationsSecurityatCarnegieMellonundergrantDAAD19-02-1-0389fromtheArmyResearchOfÞce,andbyagiftfromBoschandSchlum-berger.TheviewsandconclusionscontainedherearethoseoftheauthorsandshouldnotbeinterpretedasnecessarilyrepresentingtheofÞcialpoliciesorendorsements,ei-therexpressorimplied,ofNASA,USPS,NSF,DARPA,ARO,Bosch,Schlumberger,CarnegieMellonUniversity,RiceUniversity,ortheU.S.Governmentoranyofitsagencies.PermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforproÞtorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationontheÞrstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspeciÞcpermissionand/orafee.WiSe2003,September19,2003,SanDiego,California,USA.Copyright2003ACM1-58113-769-9/03/0009...5.00.1.INTRODUCTIONadhocnetworkisacollectionofmobilecomputers(ornodes)thatcooperatetoforwardpacketsforeachothertoextendthelim-itedtransmissionrangeofeachnodeÕswirelessnetworkinterface.AroutingprotocolinsuchanetworkÞndsroutesbetweennodes,allowingapackettobeforwardedthroughothernetworknodestowardsitsdestination.Incontrasttotraditionalnetworkroutingprotocols,forexampleforwirednetworks,adhocnetworkroutingprotocolsmustadaptmorequickly,sincefactorssuchassigniÞ-cantnodemovementandchangingwirelessconditionsmayresultinrapidtopologychange.Thisproblemofroutinginadhocnetworksisanimportantone,andhasbeenextensivelystudied.Thisstudyhasresultedinsev-eralmatureprotocols[9,20,30,32].Adhocnetworksaretar-getedatenvironmentswherecommunicatingnodesaremobile,orwherewirednetworkdeploymentisnotpresentornoteconomical.Manyoftheseapplicationsmayruninuntrustedenvironmentsandmaythereforerequiretheuseofasecureroutingprotocol.Fur-thermore,evenwhenthepresenceofanattackerisnotforseen,asecureadhocnetworkroutingprotocolcanalsoprovideresilienceagainstmisconÞgurednodes.InthecurrentInternet,forexample,misconÞguredroutingtablescontributetothemajorityofroutinginstabilities[26].Similarly,asoftwareorhardwarefailureshouldcauseonlytheaffectednodetofail,andnotperturbthestabilityofroutingintheremainderofthenetwork.Missionorsafety-criticalnetworkscanusesecureadhocroutingprotocolssothatconÞg-urationerrors,softwarebugs,orhardwarefailuresdonotdisturbroutingatothernodes.Asaresult,severalsecureadhocnetworkroutingprotocolshavebeenproposed[6,13,16,31,36,39,45].Inthispaper,wepresentanewattack,therushingattack,whichresultsindenial-of-servicewhenusedagainstallpreviouslypub-lishedon-demandadhocnetworkroutingprotocols.SpeciÞcally,therushingattackpreventspreviouslypublishedsecureon-demandroutingprotocolstoÞndrouteslongerthantwo-hops(oneinterme-diatenodebetweentheinitiatorandtarget).Becauseon-demandprotocolsgenerallyhaveloweroverheadandfasterreactiontimethanothertypesofroutingbasedonperiodic(proactive)mechanisms,on-demandprotocolsarebettersuitedformostapplications.Todefendthisimportantclassofprotocolsagainsttherushingattack,wedevelopagenericsecureRouteDiscoverycomponent,calledRushingAttackPrevention(RAP),thatcanbeappliedtoanyexistingon-demandroutingprotocoltoallowthatprotocoltoresisttherushingattack.Ourmaincontributionsinthispaperarethepresentationoftherushingattack,thedevelopmentandanalysisofournewsecureRouteDiscoverycomponentthatdemonstratesthatitispossibletosecureagainsttherushingattack,andageneraldesignthatusesthiscomponenttosecureanyon-demandRouteDiscoverymecha-nismagainsttherushingattack. initiatortargetFigure1:Examplenetworkillustratingtherushingattack.InSection2ofthispaper,weintroducetherushingattack.Sec-tion3detailsourassumptions.Section4describesourSecureNeighborDetectionandSecureRouteDiscoveryprocedures,andSection5presentstwoevaluationsofourRouteDiscoverycompo-nent:asimulationstudyoftheperformanceofourmechanisms,andananalyticalevaluationthatgivesaconservativelowerboundontheprobabilitythatourprotocolsdiscoveraworkingroutewhensubjecttothisattack.InSection6,wediscussrelatedwork,andinSection7,wepresentconclusions.2.TUSHINGTTACKAGAINSTETWORKOUTINGROTOCOLSWeintroducehereanewattack,whichwecalltherushingattackthatactsasaneffectivedenial-of-serviceattackagainstallcurrentlyproposedon-demandadhocnetworkroutingprotocols,includingprotocolsthatweredesignedtobesecure.Inanon-demandpro-tocol,anodeneedingaroutetoadestinationßoodsthenetworkwithROUTEEQUESTpacketsinanattempttoÞndaroutetothedestination.Tolimittheoverheadofthisßood,eachnodetyp-icallyforwardsonlyoneROUTEEQUESToriginatingfromanyRouteDiscovery.Inparticular,existingon-demandroutingpro-tocols,suchasAODV[32],DSR[20],LAR[23],Ariadne[16],SAODV[45],ARAN[39],AODVsecuredwithSUCV[6],andSRP[31],onlyforwardtheREQUESTthatarrivesÞrstfromeachRouteDiscovery.Intherushingattack,theattackerexploitsthispropertyoftheoperationofRouteDiscovery.WenowdescribetherushingattackintermsofitseffectontheoperationofDSRRouteDiscovery[18,19,20];otherprotocolssuchasAODV[33],Ariadne[16],SAODV[45],andARAN[39]arevulnerableinthesameway.InthenetworkshowninFigure1,theinitiatornodeinitiatesaRouteDiscoveryforthetargetnode.IftheROUTEEQUESTsforthisDiscoveryforwardedbytheattackeraretheÞrsttoreacheachneighborofthetarget(showningrayintheÞgure),thenanyroutediscoveredbythisRouteDiscoverywillincludeahopthroughtheattacker.Thatis,whenaneighborofthetargetreceivestherushedREQUESTfromtheattacker,itforwardsthatREQUEST,andwillnotforwardanyfurtherREQUESTsfromthisRouteDiscovery.Whennon-attackingREQUESTsarrivelateratthesenodes,theywilldiscardthoselegitimateREQUESTs.Asaresult,theinitiatorwillbeunabletodiscoveranyusableroutes(i.e.,routesthatdonotincludetheattacker)containingatleasttwohops(threenodes).Ingeneralterms,anattackerthatcanforwardROUTEEQUESTmorequicklythanlegitimatenodescandoso,canincreasetheprobabilitythatroutesthatincludetheattackerwillbediscoveredratherthanothervalidroutes.WhereasthediscussionabovehasusedthecaseofnodesthatforwardonlytheÞrstOUTEEQUESTfromanyRouteDiscovery,therushingattackcanalsobeusedagainstanyprotocolthatpredictablyforwardsparticularRQUESTforeachRouteDiscovery.Arushingattackerneednothaveaccesstovastresources.On-demandroutingprotocolsdelayROUTEEQUESTforwardingintwoways.First,MediumAccessControl(MAC)protocolsgen-erallyimposedelaysbetweenwhenthepacketishandedtothenetworkinterfacefortransmissionandwhenthepacketisactuallytransmitted.InaMACusingtimedivision,forexample,anodemustwaituntilitstimeslottotransmit,whereasinaMACusingcarrier-sensemultipleaccess,anodegenerallyperformssometypeofbackofftoavoidcollisions;protocolslikeIEEE802.11alsoim-poseaninterframespacingtimebeforetransmissionactuallybe-gins.Second,eveniftheMAClayerdoesnotspecifyadelay,on-demandprotocolsgenerallyspecifyadelaybetweenreceivingEQUESTandforwardingit,inordertoavoidcollisionsoftheEQUESTpackets.Inparticular,becauseREQUESTpacketsarebroadcast,andcollisiondetectionforbroadcastpacketsisdifÞ-cult,routingprotocolsoftenimposearandomizeddelayinRQUESTforwarding.AnattackerignoringdelaysateithertheMACorroutinglayerswillgenerallybepreferredtosimilarlysituatednon-attackingnodes.OnewaytothwartanattackerthatrushesinthiswayistoremovethesedelaysatboththeMACandroutinglayers,butthisapproachdoesnotworkagainstalltypesofrushingattackersandisnotgeneral.Forexample,inadensenetworkusingaCSMAMAClayer,ifanodeinitiatesaRouteDiscovery,andistwohopsawayfrom,andareneighborsofboth,thenthenwilllikelynotreceivetheROUTEEQUESTduetoacollisionbetweenREQUESTsforwardedby.Inadensenetwork,suchcollisionsmayoftenpreventthediscoveryofanynontrivialroutes(routeslongerthanadirectlink),whichisevenmoreseverethantherushingattack,whichpreventsthediscoveryofrouteslongerthantwohops.Anotherwaythatarelativelyweakattackercanobtainanad-vantageinforwardingspeedistokeepthenetworkinterfacetrans-missionqueuesofnearbynodesfull.Forexample,ifeachnodeprocessesthepacketsitreceivesinorder,andaninefÞcientRQUESTauthenticationmechanismisused,theattackercankeepothernodesbusyauthenticatingREQUESTscontainingbogusau-thentication,thusslowingtheirabilitytoforwardlegitimateRQUESTs.Protocolsemployingpublickeytechniquesarepartic-ularlysusceptibletotheseattacks,sincetheyrequiresubstantialcomputationtovalidateeachreceivedREQUESTArelativelyweakattackercanalsoachievefastertransitofitsEQUESTpacketsbytransmittingthematahigherwirelesstrans-missionpowerlevel,thusreducingthenumberofnodesthatmustforwardthatREQUESTtoarriveatthetarget.Sincepackettransittimeateachhopisdominatedbytheprocessingtimeatthefor-wardingnode,reducingthepathtothetargetbyjustonehopislikelytoprovideasigniÞcantlatencyadvantage,thusstrengthen-ingtheattackersposition.Amorepowerfulrushingattackermayemployawormhole[14]torushpackets.Inthiscase,theattackersimplyforwardsallcon-trolpackets(butnotdatapackets)receivedatonenode(theattacker)toanothernodeinthenetwork(e.g.,asecondattacker).Thisformsatunnelinthenetwork,wherepacketsreachingoneendofthetun-nelarebroadcastouttheotherend.IfthetunnelprovidessigniÞ-cantlyfastertransitthanlegitimateforwarders,nodesnearoneendofthetunnelgenerallywillbeunabletodiscoverworkingroutestotheotherendofthetunnel,sinceitwillgenerallydiscoverroutesthroughthetunnel.Ingeneral,awiredtunnel(inwhichthetwoattackershaveawiredconnectionbetweenthemselves)willpro-videfastertransitthannativewireless(multihop)forwarding,since [33]CharlesE.PerkinsandElizabethM.Royer.Ad-HocOn-DemandDistanceVec-torRouting.InProceedingsoftheSecondIEEEWorkshoponMobileComputingSystemsandApplications(WMCSAÕ99),pages90Ð100,February1999.[34]RadiaPerlman.Interconnections:BridgesandRouters.Addison-Wesley,1992.[35]AdrianPerrig.TheBiBaOne-TimeSignatureandBroadcastAuthenticationPro-tocol.InProceedingsoftheEighthACMConferenceonComputerandCom-municationsSecurity(CCS-8),pages28Ð37,PhiladelphiaPA,USA,November[36]AdrianPerrig,RobertSzewczyk,VictorWen,DavidCuller,andJ.D.Tygar.SPINS:SecurityProtocolsforSensorNetworks.InSeventhAnnualACMIn-ternationalConferenceonMobileComputingandNetworks(MobiCom2001)Rome,Italy,July2001.[37]RaymondL.Pickholtz,DonaldL.Schilling,andLaurenceB.Milstein.TheoryofSpreadSpectrumCommunicationsÑATutorial.IEEETransactionsonCom-,30(5):855Ð884,May1982.[38]LeonidReyzinandNatanReyzin.BetterthanBiba:ShortOne-TimeSignatureswithFastSigningandVerifying.InSeventhAustralasianConferenceonInfor-mationSecurityandPrivacy(ACISP2002),July2002.[39]KimayaSanzgiri,BridgetDahill,BrianNeilLevine,ClayShields,andElizabethBelding-Royer.ASecureRoutingProtocolforAdhocNetworks.InProceedingsofthe10thIEEEInternationalConferenceonNetworkProtocols(ICNPÕ02)November2002.[40]BradleyR.SmithandJ.J.Garcia-Luna-Aceves.SecuringtheBorderGatewayRoutingProtocol.InGlobalInternetÕ96,London,UK,November1996.[41]BradleyR.Smith,ShreeMurthy,andJ.J.Garcia-Luna-Aceves.SecuringDis-tanceVectorRoutingProtocols.InSymposiumonNetworkandDistributedSys-temsSecurity(NDSSÕ97),February1997.[42]FrankStajanoandRossAnderson.TheResurrectingDuckling:SecurityIssuesforAd-hocWirelessNetworks.InSecurityProtocols,7thInternationalWork-shop,editedbyB.Christianson,B.Crispo,andM.Roe.SpringerVerlagBerlinHeidelberg,1999.[43]RichardvonMises.UberAufteilungs-undBesetzungswahrscheinlichkeiten.Re-vuedelaFacult«edesSciencesdelÕUniversit«edÕIstanbul,4:145Ñ163,1939.[44]SeungYi,PrasadNaldurg,andRobinKravets.Security-AwareAd-HocRoutingforWirelessNetworks.TechnicalReportUIUCDCS-R-2001-2241,DepartmentofComputerScience,UniversityofIllinoisatUrbana-Champaign,August2001.[45]ManelGuerreroZapataandN.Asokan.SecuringAdHocRoutingProtocols.InProceedingsoftheACMWorkshoponWirelessSecurity(WiSe2002),September[46]LidongZhouandZygmuntJ.Haas.SecuringAdHocNetworks.IEEENetworkMagazine,13(6),November/December1999. [33]CharlesE.PerkinsandElizabethM.Royer.Ad-HocOn-DemandDistanceVec-torRouting.InProceedingsoftheSecondIEEEWorkshoponMobileComputingSystemsandApplications(WMCSAÕ99),pages90Ð100,February1999.[34]RadiaPerlman.Interconnections:BridgesandRouters.Addison-Wesley,1992.[35]AdrianPerrig.TheBiBaOne-TimeSignatureandBroadcastAuthenticationPro-tocol.InProceedingsoftheEighthACMConferenceonComputerandCom-municationsSecurity(CCS-8),pages28Ð37,PhiladelphiaPA,USA,November[36]AdrianPerrig,RobertSzewczyk,VictorWen,DavidCuller,andJ.D.Tygar.SPINS:SecurityProtocolsforSensorNetworks.InSeventhAnnualACMIn-ternationalConferenceonMobileComputingandNetworks(MobiCom2001)Rome,Italy,July2001.[37]RaymondL.Pickholtz,DonaldL.Schilling,andLaurenceB.Milstein.TheoryofSpreadSpectrumCommunicationsÑATutorial.IEEETransactionsonCom-,30(5):855Ð884,May1982.[38]LeonidReyzinandNatanReyzin.BetterthanBiba:ShortOne-TimeSignatureswithFastSigningandVerifying.InSeventhAustralasianConferenceonInfor-mationSecurityandPrivacy(ACISP2002),July2002.[39]KimayaSanzgiri,BridgetDahill,BrianNeilLevine,ClayShields,andElizabethBelding-Royer.ASecureRoutingProtocolforAdhocNetworks.InProceedingsofthe10thIEEEInternationalConferenceonNetworkProtocols(ICNPÕ02)November2002.[40]BradleyR.SmithandJ.J.Garcia-Luna-Aceves.SecuringtheBorderGatewayRoutingProtocol.InGlobalInternetÕ96,London,UK,November1996.[41]BradleyR.Smith,ShreeMurthy,andJ.J.Garcia-Luna-Aceves.SecuringDis-tanceVectorRoutingProtocols.InSymposiumonNetworkandDistributedSys-temsSecurity(NDSSÕ97),February1997.[42]FrankStajanoandRossAnderson.TheResurrectingDuckling:SecurityIssuesforAd-hocWirelessNetworks.InSecurityProtocols,7thInternationalWork-shop,editedbyB.Christianson,B.Crispo,andM.Roe.SpringerVerlagBerlinHeidelberg,1999.[43]RichardvonMises.UberAufteilungs-undBesetzungswahrscheinlichkeiten.Re-vuedelaFacult«edesSciencesdelÕUniversit«edÕIstanbul,4:145Ñ163,1939.[44]SeungYi,PrasadNaldurg,andRobinKravets.Security-AwareAd-HocRoutingforWirelessNetworks.TechnicalReportUIUCDCS-R-2001-2241,DepartmentofComputerScience,UniversityofIllinoisatUrbana-Champaign,August2001.[45]ManelGuerreroZapataandN.Asokan.SecuringAdHocRoutingProtocols.InProceedingsoftheACMWorkshoponWirelessSecurity(WiSe2002),September[46]LidongZhouandZygmuntJ.Haas.SecuringAdHocNetworks.IEEENetworkMagazine,13(6),November/December1999. [33]CharlesE.PerkinsandElizabethM.Royer.Ad-HocOn-DemandDistanceVec-torRouting.InProceedingsoftheSecondIEEEWorkshoponMobileComputingSystemsandApplications(WMCSAÕ99),pages90Ð100,February1999.[34]RadiaPerlman.Interconnections:BridgesandRouters.Addison-Wesley,1992.[35]AdrianPerrig.TheBiBaOne-TimeSignatureandBroadcastAuthenticationPro-tocol.InProceedingsoftheEighthACMConferenceonComputerandCom-municationsSecurity(CCS-8),pages28Ð37,PhiladelphiaPA,USA,November[36]AdrianPerrig,RobertSzewczyk,VictorWen,DavidCuller,andJ.D.Tygar.SPINS:SecurityProtocolsforSensorNetworks.InSeventhAnnualACMIn-ternationalConferenceonMobileComputingandNetworks(MobiCom2001)Rome,Italy,July2001.[37]RaymondL.Pickholtz,DonaldL.Schilling,andLaurenceB.Milstein.TheoryofSpreadSpectrumCommunicationsÑATutorial.IEEETransactionsonCom-,30(5):855Ð884,May1982.[38]LeonidReyzinandNatanReyzin.BetterthanBiba:ShortOne-TimeSignatureswithFastSigningandVerifying.InSeventhAustralasianConferenceonInfor-mationSecurityandPrivacy(ACISP2002),July2002.[39]KimayaSanzgiri,BridgetDahill,BrianNeilLevine,ClayShields,andElizabethBelding-Royer.ASecureRoutingProtocolforAdhocNetworks.InProceedingsofthe10thIEEEInternationalConferenceonNetworkProtocols(ICNPÕ02)November2002.[40]BradleyR.SmithandJ.J.Garcia-Luna-Aceves.SecuringtheBorderGatewayRoutingProtocol.InGlobalInternetÕ96,London,UK,November1996.[41]BradleyR.Smith,ShreeMurthy,andJ.J.Garcia-Luna-Aceves.SecuringDis-tanceVectorRoutingProtocols.InSymposiumonNetworkandDistributedSys-temsSecurity(NDSSÕ97),February1997.[42]FrankStajanoandRossAnderson.TheResurrectingDuckling:SecurityIssuesforAd-hocWirelessNetworks.InSecurityProtocols,7thInternationalWork-shop,editedbyB.Christianson,B.Crispo,andM.Roe.SpringerVerlagBerlinHeidelberg,1999.[43]RichardvonMises.UberAufteilungs-undBesetzungswahrscheinlichkeiten.Re-vuedelaFacult«edesSciencesdelÕUniversit«edÕIstanbul,4:145Ñ163,1939.[44]SeungYi,PrasadNaldurg,andRobinKravets.Security-AwareAd-HocRoutingforWirelessNetworks.TechnicalReportUIUCDCS-R-2001-2241,DepartmentofComputerScience,UniversityofIllinoisatUrbana-Champaign,August2001.[45]ManelGuerreroZapataandN.Asokan.SecuringAdHocRoutingProtocols.InProceedingsoftheACMWorkshoponWirelessSecurity(WiSe2002),September[46]LidongZhouandZygmuntJ.Haas.SecuringAdHocNetworks.IEEENetworkMagazine,13(6),November/December1999. [33]CharlesE.PerkinsandElizabethM.Royer.Ad-HocOn-DemandDistanceVec-torRouting.InProceedingsoftheSecondIEEEWorkshoponMobileComputingSystemsandApplications(WMCSAÕ99),pages90Ð100,February1999.[34]RadiaPerlman.Interconnections:BridgesandRouters.Addison-Wesley,1992.[35]AdrianPerrig.TheBiBaOne-TimeSignatureandBroadcastAuthenticationPro-tocol.InProceedingsoftheEighthACMConferenceonComputerandCom-municationsSecurity(CCS-8),pages28Ð37,PhiladelphiaPA,USA,November[36]AdrianPerrig,RobertSzewczyk,VictorWen,DavidCuller,andJ.D.Tygar.SPINS:SecurityProtocolsforSensorNetworks.InSeventhAnnualACMIn-ternationalConferenceonMobileComputingandNetworks(MobiCom2001)Rome,Italy,July2001.[37]RaymondL.Pickholtz,DonaldL.Schilling,andLaurenceB.Milstein.TheoryofSpreadSpectrumCommunicationsÑATutorial.IEEETransactionsonCom-,30(5):855Ð884,May1982.[38]LeonidReyzinandNatanReyzin.BetterthanBiba:ShortOne-TimeSignatureswithFastSigningandVerifying.InSeventhAustralasianConferenceonInfor-mationSecurityandPrivacy(ACISP2002),July2002.[39]KimayaSanzgiri,BridgetDahill,BrianNeilLevine,ClayShields,andElizabethBelding-Royer.ASecureRoutingProtocolforAdhocNetworks.InProceedingsofthe10thIEEEInternationalConferenceonNetworkProtocols(ICNPÕ02)November2002.[40]BradleyR.SmithandJ.J.Garcia-Luna-Aceves.SecuringtheBorderGatewayRoutingProtocol.InGlobalInternetÕ96,London,UK,November1996.[41]BradleyR.Smith,ShreeMurthy,andJ.J.Garcia-Luna-Aceves.SecuringDis-tanceVectorRoutingProtocols.InSymposiumonNetworkandDistributedSys-temsSecurity(NDSSÕ97),February1997.[42]FrankStajanoandRossAnderson.TheResurrectingDuckling:SecurityIssuesforAd-hocWirelessNetworks.InSecurityProtocols,7thInternationalWork-shop,editedbyB.Christianson,B.Crispo,andM.Roe.SpringerVerlagBerlinHeidelberg,1999.[43]RichardvonMises.UberAufteilungs-undBesetzungswahrscheinlichkeiten.Re-vuedelaFacult«edesSciencesdelÕUniversit«edÕIstanbul,4:145Ñ163,1939.[44]SeungYi,PrasadNaldurg,andRobinKravets.Security-AwareAd-HocRoutingforWirelessNetworks.TechnicalReportUIUCDCS-R-2001-2241,DepartmentofComputerScience,UniversityofIllinoisatUrbana-Champaign,August2001.[45]ManelGuerreroZapataandN.Asokan.SecuringAdHocRoutingProtocols.InProceedingsoftheACMWorkshoponWirelessSecurity(WiSe2002),September[46]LidongZhouandZygmuntJ.Haas.SecuringAdHocNetworks.IEEENetworkMagazine,13(6),November/December1999.