Yih-Chun Hu

A performance comparison of multi-hop wireless ad hoc network routing protocols

An ad hoc networkis a collwtion of wirelessmobilenodes dynamically forminga temporarynetworkwithouttheuseof anyexistingnetworkirrfrastructureor centralizedadministration.Dueto the limitedtransmissionrange of ~vlrelessnenvorkinterfaces,multiplenetwork“hops”maybe neededfor onenodeto exchangedata ivithanotheracrox thenetwork.Inrecentyears, a ttiery of nelvroutingprotocols~geted specificallyat this environment havebeen developed.but little pcrfomrartwinformationon mch protocol and no ralistic performancecomparisonbehvwrrthem ISavailable. ~Is paper presentsthe results of a derailedpacket-levelsimulationcomparing fourmulti-hopwirelessad hoc networkroutingprotocolsthatcovera range of designchoices: DSDV,TORA, DSR and AODV. Vehave extended the /~r-2networksimulatorto accuratelymodelthe MACandphysical-layer behaviorof the IEEE 802.1I wirelessLANstandard,includinga realistic wtrelesstransmissionchannelmodel, and present the resultsof simulations of net(vorksof 50 mobilenodes.

Ariadne: a secure on-demand routing protocol for ad hoc networks

a secure on-demand routing protocol for ad hoc networks.

Packet leashes: a defense against wormhole attacks in wireless networks

As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a new, general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes.

SEAD: Secure efficient distance vector routing for mobile wireless ad hoc networks

Abstract An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vector approaches, they have generally assumed a trusted environment. In this paper, we design and evaluate the Secure Efficient Ad hoc Distance vector routing protocol (SEAD), a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol. In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. SEAD performs well over the range of scenarios we tested, and is robust against multiple uncoordinated attackers creating incorrect routing state in any other node, even in spite of any active attackers or compromised nodes in the network.

Rushing attacks and defense in wireless ad hoc network routing protocols

In an ad hoc network, mobile computers (or nodes) cooperate to forward packets for each other, allowing nodes to communicate beyond their direct wireless transmission range. Many of the proposed routing protocols for ad hoc networks operate in an on-demand fashion, as on-demand routing protocols have been shown to often have lower overhead and faster reaction time than other types of routing based on periodic (proactive) mechanisms. Significant attention recently has been devoted to developing secure routing protocols for ad~hoc networks, including a number of secure on-demand routing protocols, that defend against a variety of possible attacks on network routing. In this paper, we present the rushing attack, a new attack that results in denial-of-service when used against all previous on-demand ad~hoc network routing protocols. For example, DSR, AODV, and secure protocols based on them, such as Ariadne, ARAN, and SAODV, are unable to discover routes longer than two hops when subject to this attack. This attack is also particularly damaging because it can be performed by a relatively weak attacker. We analyze why previous protocols fail under this attack. We then develop Rushing Attack Prevention (RAP), a generic defense against the rushing attack for on-demand protocols. RAP incurs no cost unless the underlying protocol fails to find a working route, and it provides provable security properties even against the strongest rushing attackers.

SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks

An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vector approaches, they have generally assumed a trusted environment. We design and evaluate the Secure Efficient Ad hoc Distance vector routing protocol (SEAD), a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol (DSDV). In order to support use with nodes of limited CPU processing capability, and to guard against denial-of-service (DoS) attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. SEAD performs well over the range of scenarios we tested, and is robust against multiple uncoordinated attackers creating incorrect routing state in any other node, even in spite of any active attackers or compromised nodes in the network.

Caching strategies in on-demand routing protocols for wireless ad hoc networks

An on-demand routing protocol for wireless and hoc networks is one that searches for and attempts to discover a route to some destination node only when a sending node originates a data packet addressed to that node. In order to avoid the need for such a route discovery to be performed before each data packet is sent, such routing protocols must cache routes previously discovered. This paper presents an analysis of the effects of different design choices for this caching in on-demand routing protocols in wireless ad hoc networks, dividing the problem into choices of cache structure, cache capacity, and cache timeout. Our analysis is based on the Dynamic Source Routing protocol (DSR), which operates entirely on-demand. Using detailed simulations of wireless ad hoc networks of 50 mobile nodes, we studied a large number of different caching algorithms that utilize a range of design choices, and simulated each cache primarily over a set of 50 different movement scenarios drawn from 5 different types of mobility models. We also define a set of new mobility metrics that allow accurate characterization of the relative difficulty that a given movement scenario presents to an ad hoc network routing protocol, and we analyze each mobility metrics ability to predict the actual difficulty in terms of routing overhead experienced by the routing protocol across the scenarios in our study.

SPV: secure path vector routing for securing BGP

As our economy and critical infrastructure increasingly relies on the Internet, the insecurity of the underlying border gateway routing protocol (BGP) stands out as the Achilles heel. Recent misconfigurations and attacks have demonstrated the brittleness of BGP. Securing BGP has become a priority.In this paper, we focus on a viable deployment path to secure BGP. We analyze security requirements, and consider tradeoffs of mechanisms that achieve the requirements. In particular, we study how to secure BGP update messages against attacks. We design an efficient cryptographic mechanism that relies only on symmetric cryptographic primitives to guard an ASPATH from alteration, and propose the Secure Path Vector (SPV) protocol. In contrast to the previously proposed S-BGP protocol, SPV is around 22 times faster. With the current effort to secure BGP, we anticipate that SPV will contribute several alternative mechanisms to secure BGP, especially for the case of incremental deployments.

Efficient constructions for one-way hash chains

One-way chains are an important cryptographic primitive in many security applications. As one-way chains are very efficient to verify, they recently became increasingly popular for designing security protocols for resource-constrained mobile devices and sensor networks, as their low-powered processors can compute a one-way function within milliseconds, but would require tens of seconds or up to minutes to generate or verify a traditional digital signature [6]. Recent sensor network security protocols thus extensively use one-way chains to design protocols that scale down to resource-constrained sensors [21,29]. Recently, researchers also proposed a variety of improvements to one-way hash chains to make storage and access more efficient [9,18,33], or to make setup and verification more efficient [17,21]. n nIn this paper we present two new constructions for one-way hash chains, which significantly improve the efficiency of one-way chains. Our first construction, the Sandwich-chain, provides a smaller bandwidth overhead for one-way chain values, and enables efficient verification of one-way chain values if the trusted one-way chain value is far away. Our second construction, Comb Skipchain, features a new lower bound for one-way chains in terms of storage and traversal overhead. In fact previously, researchers [9] cite a lower bound of log2(n) for the product of per-value traversal overhead and memory requirements for one-dimensional chains. We show that one can achieve a lower bound by considering multi-dimensional chains. In particular, our two-dimensional construction requires O(log(n)) memory and O(1) traversal overhead, thereby improving on the one-dimensional bound. In addition, the setup cost for the one-way chain is in contrast only O(n/log(n)). Other benefits for both constructions include a faster verification step than the traditional hash chains provide; a verifier can “catch up” efficiently, after having missed some number of previously released hash values (for the Sandwich-chain); and resistance against DoS attacks on authentication values. Moreover, we describe fractal traversal schemes for our proposed structures, bringing down the traversal costs for our structure to the same as those of the simpler “traditional” hash chain. n nOur new construction is orthogonal to most previously proposed techniques, and can be used in conjunction with techniques for efficient setup or verification of one-way chains.

Implicit source routes for on-demand ad hoc network routing

In an ad hoc network, the use of source routing has many advanctages, including simplicity, correctness, and flexibility. For example, all routing decisions for a packet are made by the sender of the packet, avoiding the need for up-to-date routing information at intermediate nodes and allowing the routes used to be trivially guaranteed loop-free. It is also possible for the sender to use different routes for different packets, without requiring coordination or explicit support by the imtermediate nodes. In addition, on-demand source routing has performed very strongly when compared against other proposed protocol designs. However, source routing has the disadvantage of increased per-packet overhead due to the source route header that must be present in every packet orginated or forwarded. In this paper, we propose and analyze the use in ad hoc networks of implicit source routing while avoiding the associated per-packet overhead in most cases. We evaluated this technique through detailed simulations of ad hoc networks based on the Dynamic Source Routing protocol (DSR), an on-demand ad hoc network routing protocol based on source routing. Although routing packet overhead increased slightly with implicit source routing, by about 12.3%, the total number of bytes of overhead decreased substantially, by between 44 and 86%. On all other metrics evaluated, the performance or DSR either did not change significantly or actually improved somewhat, due to indirect effects of of the reduced routing overhead