Secure position-based routing protocol for mobile ... - Semantic Scholar

8 downloads 24959 Views 297KB Size Report
Jun 27, 2006 - Victor C.M. Leung b a 4G System Laboratory, Samsung Electronics, Republic of Korea ... uted location service which calls for nodes to main-.
Ad Hoc Networks 5 (2007) 76–86 www.elsevier.com/locate/adhoc

Secure position-based routing protocol for mobile ad hoc networks Joo-Han Song a, Vincent W.S. Wong

b,* ,

Victor C.M. Leung

b

a

b

4G System Laboratory, Samsung Electronics, Republic of Korea Department of Electrical and Computer Engineering, The University of British Columbia, Vancouver, BC, Canada Available online 27 June 2006

Abstract In large and dense mobile ad hoc networks, position-based routing protocols can offer significant performance improvement over topology-based routing protocols by using location information to make forwarding decisions. However, there are several potential security issues for the development of position-based routing protocols. In this paper, we propose a secure geographic forwarding (SGF) mechanism, which provides source authentication, neighbor authentication, and message integrity by using both the shared key and the TIK protocol. By combining SGF with the Grid Location Service (GLS), we propose a Secure Grid Location Service (SGLS) where any receiver can verify the correctness of location messages. We also propose a Local Reputation System (LRS) aiming at detecting and isolating both compromised and selfish users. We present the performance analysis of both SGLS and LRS, and compare them with the original GLS. Simulation results show that SGLS can operate efficiently by using effective cryptographic mechanisms. Results also show that LRS effectively detects and isolates message dropping attackers from the network.  2006 Elsevier B.V. All rights reserved. Keywords: Ad hoc wireless networks; Location service; Geographic forwarding; Position-based routing protocol; Security

1. Introduction Current research on Mobile Ad hoc NETwork (MANET) mainly focuses on topology-based routing protocols, including both proactive and reactive (on-demand) approaches [1]. When network topology changes frequently or the network size increases, some of these protocols may incur a sig* Corresponding author. Tel.: +1 604 827 5135; fax: +1 604 822 5949. E-mail addresses: [email protected] (J.-H. Song), [email protected] (V.W.S. Wong), [email protected] (V.C.M. Leung).

nificant amount of routing control overhead. Recent research has shown that position-based routing protocols can be good alternatives to topology-based routing protocols in large and dense MANETs [2]. By using Location Information (LI), position-based routing protocols avoid the flooding of control traffic. An intermediate node only needs to know its own position and the positions of its neighboring nodes to make a message forwarding decision. The message is forwarded to a neighbor that is geographically closest to the destination [3–5]. To implement a position-based routing protocol, information about the geographical location of each destination must be available. Each node can

1570-8705/$ - see front matter  2006 Elsevier B.V. All rights reserved. doi:10.1016/j.adhoc.2006.05.010

J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86

determine its own position by using the Global Positioning System (GPS), or its relative position by using GPS free positioning methods [6]. In addition, a location service [7–9] is used by the sender to determine the location of the destination. Each node may have a location table to store the position information of other nodes. In position-based routing, the forwarding decision is based on LI contained in messages. Attackers can alter the LI in messages to disrupt the operation of a unicast forwarding scheme (i.e., message tampering attack). As shown in Fig. 1(a), assume two paths exist between B and A via C (i.e., path BCEA and path BCFDEA). When a node C receives a message m from B, it can modify the LI of A and forward modified message m 0 to other colluding node D via node F. When node D receives m 0 , it will return re-modified message m00 to C again, and so on. This makes a routing loop where messages traverse nodes in a cycle without being relayed to the real destination A. The Grid Location Service (GLS) [7] is a distributed location service which calls for nodes to maintain location of specific subsets of the nodes based

(a)

B

m

C

m’’

E

m’

A

m’’ F

m’

D

(b)

D

LU’’

LS

LU’

C

LU

A

(c)

LQ B

LR’

LS

LU

C

LU

A

LQ’ D Fig. 1. (a) Loop generation by changing location information; (b) message tampering against location update process; and (c) message tampering against location query process.

77 location query path location update path location table content

D

order-3

LS2

11 9 2

order-2

9 11 23 6

LS1

order-1

16 2

6 S

2

23

2

global origin

Fig. 2. Location update and query in GLS.

on the node’s identifier (ID) as shown in Fig. 2. GLS divides the area that contains a MANET into a hierarchy of squares. Each node periodically broadcasts a list of neighbors using a HELLO message. Therefore, each node can maintain a table of immediate neighbors as well as each neighbor’s neighbors. Each entry in the table includes the node’s unique ID, location, speed, and a timestamp. Each node recruits nodes with IDs ‘‘close’’ to its own ID to serve as its Location Servers (LSs) (i.e., least ID greater than A) by sending Location Update (LU) messages as shown in Fig. 2. When an attacker C receives the LU message of node A (see Fig. 1(b)), it can modify the LI of A and forward this modified message LU 0 to its neighbors (i.e., message tampering attack). Moreover, an attacker D can impersonate A, and generate a falsified message LU00 with the latest timestamp (i.e., falsified message injection attack). As a result, even a single attacker D can cause other nodes to fail to find a route to A if they are more than one hop away from A. To perform a location discovery, node B sends a Location Query (LQ) message using a geographic forwarding [4] mechanism to the node with least ID greater than A, for which B has the LI. Eventually, the LQ message may reach an LS of A, which will forward the LQ message to A. Since the LQ message contains A’s LI, B can respond directly to A by sending a Location Reply (LR) message. As shown in Fig. 1(c), if LS is compromised, it can disrupt the location discovery process. By attaching the fake LI of A (i.e., falsified message injection attack), a modified LQ 0 message may be forwarded to node

78

J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86

D. As far as other nodes are concerned, the location service is functioning normally. Therefore, this attack cannot be detected by providing either sender authentication or message integrity. This attack is only feasible by compromised users. The objective of this paper is to provide security mechanisms for both data and control messages in position-based routing protocols. The main contributions of this paper are as follows [10]: 1. We propose a secure geographic forwarding (SGF) mechanism that incorporates both the Hashed Message Authentication Code (MAC1) [11] and the Timed Efficient Stream Loss-tolerant Authentication (TESLA) [12] with Instant Key disclosure (TIK) [13] protocol. In combination with SGF, we propose a Secure Grid Location Service (SGLS) where any receiver can verify the correctness of location messages. To detect and isolate both compromised and selfish users, the Local Reputation System (LRS) is integrated with the Grid Location Service (GLS) [7]. 2. We present simulation results to show that in the presence of message dropping attackers, GLS with LRS continues to maintain a high message delivery ratio at the expense of a slightly higher average end-to-end delay and routing overhead when compared to the GLS without LRS. In addition, results show that SGLS can operate efficiently by using effective cryptographic mechanisms. This paper is organized as follows. Section 2 describes our proposed SGF mechanism. The proposed SGLS is presented in Section 3. The integration of LRS into GLS is explained in Section 4. The performance comparisons are presented in Section 5. Conclusions are given in Section 6. 2. Secure geographic forwarding (SGF) 2.1. Network environments and assumptions Our proposed secure protocols aim to protect the network layer from attackers. Our proposed schemes work under several assumptions as follows:

1 The acronym ‘‘MAC’’ refers to the Message Authentication Code. To avoid confusion, the term ‘‘Medium Access Control’’ is written out in full.

1. The network links are bi-directional. That is, if node A is able to transmit to node B, then B is also able to transmit to A. 2. The wireless interface supports promiscuous mode operations. That is, each node can receive a copy of the messages being transmitted by other nodes within its receiving range. 3. All nodes have tightly synchronized clocks with the maximum synchronization error of D. 4. A public key infrastructure exists in the MANET under consideration. Each mobile node stores the trusted Certification Authority (CA)’s public key. We distinguish two main forwarding strategies: greedy forwarding (i.e., unicast) [4] and directional flooding (i.e., broadcast) [5]. In this section, we assume that the source node has already obtained the position information of the destination. The following notations are used in this paper: TE 1. K TI A ðjÞ [or K A ðjÞ] denotes the TIK (or TESLA) key of node A at the jth time interval; KAB denotes the shared secret key between nodes A and B; and KA denotes the private key of node A. 2. MACK(M) denotes the MAC of message M with a symmetric key K using the Hashed MAC algorithm [11]. 3. SignK(M) denotes the digital signature of a message M with the private key K using the public key cryptography [14].

2.2. Secure geographic forwarding for unicast messages We propose the use of MAC computed over the non-mutable part (e.g., LI of a destination) of unicast messages with the pair-wise shared secret key between the source and destination. Since intermediate nodes do not have the shared secret key with the source node, they cannot verify the non-mutable part of messages. This allows a compromised user to be able to modify the non-mutable part of messages to disrupt the operation of position-based routing protocol. To prevent this attack, source node can use the digital signature over the non-mutable part with its own private key instead of MAC. However, implementing a mechanism to sign the non-mutable parts of all data and control messages may introduce too much overhead. In our scheme, we propose the use of a reputation system (see Section 4) to detect and isolate message tampering and drop-

J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86

ping attackers instead of using expensive digital signatures. We propose to use the TIK protocol [13] with tight time synchronization to authenticate a previous forwarding node to prevent malicious users from joining a path and to avoid a message replay attack. Based on the third assumption stated in Section 2.1, each node can estimate the TIK key expiration interval t_{disclosure}. In addition, every node has its own one-way key hash chain. Our proposed SGF mechanism works as follows. When a source node S sends a message via its neighbor to a destination D, each intermediate node i (i.e., sender) forwards the following message:

ifies correctly once the receiver later receives the authentic key K TI i ðjÞ, the message must have originated from the claimed sender. Since only the sender knew the key K TI i ðjÞ, at the time when the receiver received the message, other nodes cannot forge a new message with the correct MAC. Finally, when destination D receives this message, it can verify the authenticity of the message by comparing the received MACK SD ðN S Þ to the MAC value that is computed over the received message NS with the secret key KSD it shares with the source node S. Each node re-establishes its authentic TIK key every th-second with its neighbors by piggybacking on a HELLO message of SGLS. Note that although there are several forwarding strategies, they all forward a given message to only one optimal neighboring node based on its optimization criterion. Therefore, our proposed SGF can be applied to any of these forwarding schemes without any modification.

hMACK TI ½M i kN S kMACK SD ðN S Þ;MACK SD ðN S Þ;M i ;N S ;K TI i ðjÞi i ðjÞ

where Mi represents the mutable part of message from sender i, and NS represents the non-mutable part of message from source S. The notation i is equal to S when the sender is a source node itself. The sender i discloses the key K TI i ðjÞ at the end of the same message. Fig. 3 shows the timelines of sending and receiving a SGF message between two neighbors. Time ti indicates the time when sender i starts transmitting the message, and time ti + t_{disclosure} is the disclosure time for key K TI i ðjÞ. Because of the time synchronization, when the neighbor receives the message portion MACK TI i ðjÞ ½M i kN S kMACK SD ðN S Þ, it can verify that the sender i has not started sending the corresponding key K TI i ðjÞ if the following condition is satisfied: t fdisclosureg 6 s  D þ Q=r

79

3. Secure grid location service In this section, we describe our proposed SGLS protocol based on SGF. SGLS provides several security mechanisms to the original GLS. Fig. 4 summarizes the operation of SGLS in combination with SGF. The general concept of our proposed SGF presented in Section 2.2 can generally be applied to any unicast message such as LQ, LR, and LE messages of GLS.

ð1Þ

3.1. Secure location update and query between destination and location server

where s is the propagation delay, Q is the size of the message excluding K TI i ðjÞ, and r is the transmission rate. As the receiver knows the expiration time for each key and the sender i only discloses the key after it expires, the attackers cannot guess the value of K TI i ðjÞ. Therefore, if the message authentication ver-

Unlike other messages, the LU message has no assigned destination address field in it. Thus, it is impossible to provide a source authentication with a symmetric secret key. When a source node sends

Sender

MACK TI ( j ) i

MACK SD

K iTI(j)

message (M) Receiver

MACK TI ( j ) i

ti

Time at sender

≤ (ti + Δ)

MACK SD

KiTI(j)

message (M)

ti + t_{disclosure }

≤ (ti + τ + Δ)

≤ (ti + τ + Δ + Q / r )

Time at receiver

Fig. 3. Secure geographic forwarding of a unicast message.

80

J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86

M3 (query) D

M1 (update)

M2 (query) LS

S

M4 (reply)

M 1 =< h1 , UPDATE, Sign K D ( NUPDATE ), K DT >

where h1 = MAC T [ UPDATE, SignK ( NUPDATE )] K D

M 2 =< h2 , QUERY, MAC K SD ( N QUERY ), K >

where h2 = MAC T [QUERY, MACK ( N QUERY )] K SD

TI M 3 =< h3 , QUERY, MAC K SD ( N QUERY ), Sign K D ( N UPDATE ), K LS >

where h3 = MAC TI [QUERY, MAC K ( N QUERY )] K SD

M 4 =< h4 , REPLY, MAC K SD ( N REPLY ), K DT >

where h4 = MAC T [REPLY, MACK ( N REPLY )] K SD

D

T S

S

LS

D

Fig. 4. Location update and query in SGLS where UPDATE, QUERY, and REPLY denote the original GLS’s location update, location query, and location reply message, respectively; NX represents the non-mutable fields of message X.

an LQ message to one of node D’s LSs, LS can disrupt the location discovery process by attaching the fake LI of D to the LQ message. To protect the LU message, a destination node D attaches the digital signature computed over the non-mutable part (e.g., LI of a destination) of an LU message. At the same time, the TIK protocol is used for neighbor authentication as described in Section 2.2. After receiving a valid LU message from D, LS stores the digital signature of D in its location table. When the LQ message generated by S toward D arrives at this LS, the LS can prove that it has the valid LI of D by attaching D’s digital signature from its location table to the LQ message. Thus, LS can provide an LI authentication to all intermediate nodes along the path to D (see Fig. 4). In our proposed scheme, the lifetime value is also digitally signed together with the LI of D to avoid unexpected changes. 3.2. Secure location query from source to location server A location query can fail when an intermediate node is either compromised or selfish. To solve this problem, we propose to include the LI of the broken link in an LE message. Note that if a compromised node modifies its own LI, it will be detected by its neighbor’s local reputation system (see Section 4). When S receives this message, it can avoid the suspicious node by indicating the level of hierarchy and the location of the square to forward the next LQ message. For example, when S receives the LE message from LS2 located in the order-2 square on the left bottom in Fig. 2, S will search the order-2 square on the right bottom first in its next location discovery process.

3.3. Secure exchange of HELLO messages In GLS, each node maintains a table of its immediate neighbors as well as each neighbor’s neighbors. The one-hop neighbor’s LI can be verified by using a location verification technique [6], and the TIK protocol can be used for neighbor authentication. However, the LI about a neighbor’s neighbors cannot be verified by using these techniques since they are out of the transmission range of the verifier. We propose to use the TESLA [12] broadcast authentication method to verify the LI of two-hop neighboring nodes. For example, a node A includes two additional fields in a HELLO message: TE hMACK TE ðjÞ ðLIA Þ; K A ðj  1Þi where LIA is the locaA tion information of node A; and K TE A ðj  1Þ is the TESLA key of A at the (j  1)th time interval. Since a HELLO message is broadcast periodically with interval th, the TESLA key disclosure interval can be set to the value of th. When a two-hop neighbor node C receives a HELLO message, it checks the validity of the LI of A by determining that K TE A ðjÞ has not yet been disclosed. Node A waits until it is able to disclose K TE A ðjÞ from the time interval schedule; it then appends K TE A ðjÞ to the next HELLO message. When node C receives a new HELLO message, it can verify the previous LI from A. If this verification process fails, the LRS is called upon to report the fact that neighbor B intentionally changes LI of its neighbor A. 4. Local reputation system Compromised users can disrupt the operation of location services by dropping some control

J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86

messages, each transmitted in the form of a single unicast message. Moreover, if there is no punishment for misbehaviors, attackers may be rewarded and encouraged to attack again later. In this section, we propose a reputation system with an aim to detect and isolate attackers. We extend the reputation system (i.e., CONFIDENT) originally proposed in [15] and modify it to work specifically for position-based routing protocols. We call our extended version as the Local Reputation System (LRS). Both CONFIDENT and our proposed LRS use the same set of mathematical equations for reputation report update. However, CONFIDENT assumed the use of the source routing protocol. Various ALARM messages are sent to the source node when anomaly is detected. On the other hand, in our proposed LRS, we assume the use of position-based routing protocols. Each node periodically sends the reputation information report to its neighbors by using the HELLO message. In LRS, each node only needs to manage the reputation information of its local neighbors. LRS consists of the following three components: the monitor, the reputation manager, and the trust manager. All these components are present in each node. The modules in each component are shown in Fig. 5. 4.1. First-hand reputation rating Node i maintains a record of the first-hand observation about node j in the form of F lij ¼ ða; bÞ ¼ ð# of good behaviors; # of bad behaviorsÞ for the lth reputation interval, and is initially set to (1, 1). For example, if the observation is classified as misbe-

havior, the value of b is increased by one. The firsthand reputation rating is represented in the form of FRlij ¼ a=ða þ bÞ [15]. When the reporting timer expires, the first-hand reputation information FRlij about node j from node i is updated as follows: l FRlij ¼ t  FRl1 ij þ ð1  tÞ  FRij where t is a weight value. During inactivity periods, the value is updated periodically as follows: FRlij ¼ t  FRl1 ij þ ð1  tÞ  FR initial where FR_initial is 0.5. 4.2. Reputation reporting and second-hand reputation rating A node’s reputation information is sent periodically to its neighbors by piggybacking on a HELLO message when the lth reporting timer expires. Assume node i receives the reported second-hand reputation information FRlkj about node j from node k, node i updates the reputation rating Rlij as follows: Rlij ¼ ð1  xÞ  FRlij þ x  FRlkj where x is a small positive real number. This process is performed for all j being reported. Based on this reputation rating, node i classified node j as a good node if Rlij P c; or as a bad node if Rlij < c where c is a predefined threshold value. To avoid blackmail attack, our reputation system can also take into account the trust rating of each node [14]. Table 1 describes the pseudo-code for the monitoring system of LRS. 5. Performance evaluation We consider a network topology with 100 nodes randomly placed over a 1000 · 1000 (m2) flat-grid.

Reputation Manager

Trust Manager updating trust table

trusted

evaluating trust

not trusted REPUTATION received detected

updating reputation value

reporting timer is not expired

81

monitoring

sending REPUTATION to neighbors

initial state

Monitor reporting timer is expired

Fig. 5. Structure of local reputation system.

82

J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86

Table 1 Pseudo-code for monitoring module

Table 2 Simulation parameters

A node has sent or overheard a message: Case I: Unicast Message 1. if (dst addr == my addr) return; 2. if (src addr == my addr) buffer a message; return; 3. if (next hop addr == one of my neighbors’ addrs && next hop addr != dst addr) if (overheard the message with the same ID before) if (contents are correct) call reputation manager with positive feedback; remove this entity; return; else call reputation manager with negative feedback; remove this entity; return; else buffer a message and return; 4. if (timer expires for any message in buffer) call reputation manager with negative feedback; remove this entity; return;

SGLS and LRS parameters HELLO message interval th TIK key re-establishment interval TESLA key disclosure interval Reputation reporting interval First-hand reputation weight value t Second-hand reputation weight value x Threshold c

2s 2s 2s 10 s 0.9 0 or 0.1 0.5

propagation model combines both a free space and a two-ray ground reflection models. Table 2 provides other simulation parameters. A random waypoint model is used for the mobility model. Each node moves in a straight line towards the destination at a speed that is uniformly distributed from 0 to 10 m/s. For fair comparisons, identical mobility and traffic scenarios are applied to all protocols. Results are averaged over 11 simulation runs; the error bars represent the 95% confidence intervals about the means in Figs. 7 and 8. To evaluate our proposed LRS as presented in Section 4, we modify the ns-2 grid package [16] by implementing both LRS and blackhole attackers. In the following results, LRS-S refers to LRS using both first and second-hand reputation information (i.e., x = 0.1), and LRS-F refers to LRS using only first-hand reputation information (i.e., x = 0). We compare both LRS-S and LRS-F with the original GLS. The performance metrics are message delivery fraction, average end-to-end delay of transferred data messages, and routing overhead (i.e., the number of hop-by-hop transmissions of control messages in units of byte or message).

Case II: HELLO Message 1. if (src addr == my addr) buffer a LI of mine; return; 2. if (LI of mine is correct) call reputation manager with positive feedback; return; else call reputation manager with negative feedback; return;

The size of an order-1 grid is 250 · 250 (m2). We assume that 50 of these nodes are constant bit-rate data sources, each sending fixed size 128-byte messages at 4 messages/s for 200 s. Each simulation run takes 600 simulated seconds. The characteristics of each mobile node’s radio interface approximate the Lucent WaveLAN, operating as a shared-medium radio with a nominal bit rate of 2 Mb/s and a nominal radio range of 250 m. For the medium access control layer, the IEEE 802.11 Distributed Coordination Function is used (see Fig. 6). The

5.1. LRS with message dropping attackers Fig. 7(a)–(c) shows the simulation results with varying number of blackhole attackers who drop

182 bytes Preamble

MACK iTI

PLCP Header

Medium access control data

Header

SGLS message 138 bytes

CRC

KiTI 16 bytes

Fig. 6. Minimum size of IEEE 802.11b frame format in SGLS where PLCP stands for physical layer convergence protocol.

J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86 1

1 LRS-S LRS-F GLS

(a)

(d) 0.9

0.8

0.8

Packet delivery ratio

Packet delivery ratio

0.9

0.7

0.6

0.7

0.6

0.5

0.4

0.5

0

5

10

15

20

25

0.4

30

LRS-S LRS-F GLS 0

100

Number of blackhole attackers 69

(e) Packet overhead (X1000)

Packet overhead (X1000)

400

66

65

LRS-S LRS-F GLS 0

500

600

LRS-S LRS-F GLS

65

64

5

60 55 50 45 40 35

10

15

20

25

30

30

0

100

200

300

400

500

600

Pause time (sec)

Number of blackhole attackers 3

4

(c)

2.8

(f) 3.5

End-to-end delay (s)

2.6

End-to-end delay (s)

300

70

(b)

67

2.4 2.2 2 1.8 1.6 1.4

0

5

3

2.5

2

1.5

LRS-S LRS-F GLS

1.2 1

200

Pause time (sec)

68

63

83

10

15

20

25

30

Number of blackhole attackers

1

LRS-S LRS-F GLS 0

100

200

300

400

500

600

Pause time (sec)

Fig. 7. Performance comparisons between LRSs and GLS with data blackhole attackers.

data messages in the network. The pause time is equal to zero in this scenario. Fig. 7(a) shows the message delivery ratio as a function of the number of blackhole attackers. Both LRS-S and LRS-F yield a higher message delivery ratio than GLS as the number of blackhole attackers increases. This

shows that our proposed LRS can effectively detect and isolate blackhole attackers. As it uses also the second-hand reputation information, LRS-S works slightly better than LRS-F with faster detection. Fig. 7(b) shows that GLS incurs a lower routing control overhead than LRS. SGLS can detect the

84

J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86 1

(a)

0.95

Packet delivery ratio

0.9 0.85 0.8 0.75 0.7 0.65

GLS SGLS

0.6 0

100

200

300

400

500

600

Pause time (sec) 40

(b)

SGLS GLS

Byte overhead (X1000000)

35 30 25 20 15 10 5 0 0

100

200

300

400

500

600

Pause time (sec) 4

(c)

End-to-end delay (sec)

3.5

3

2.5

2 SGLS GLS 1.5 0

100

200

300

400

500

600

Pause time (sec)

Fig. 8. Performance comparisons between SGLS and GLS without attackers.

blackholes and re-initiate the location query (or detour) to avoid these nodes. These additional route discoveries increase the routing control overhead. Fig. 7(c) indicates that GLS has a lower average end-to-end delay when compared with LRS. Since

LRS incurs more routing control messages, the average end-to-end delay for data messages increases. Note that the average end-to-end delay of GLS decreases as the number of blackhole attackers increases. Since blackhole attackers drop data messages at the intermediate nodes and the dropped messages are not counted in the end-toend delay calculation, the average end-to-end delay is decreased. Fig. 7(d)–(f) shows the performance comparison with varying pause time (i.e., mobility), while keeping the number of blackhole attackers at 15 out of 100. Fig. 7(d) shows that the delivery ratio does not change remarkably in all protocols. Since the network is not congested, the increase of control overhead due to mobility does not affect the delivery fraction. Fig. 7(e) shows that the routing overhead of all protocols decreases as pause time increases (i.e., mobility decreases). Each node updates its closest location servers every time it moves a particular threshold distance d (100 m in this paper) since sending the last update. This indicates that a node sends out updates at a rate proportional to its mobility. Fig. 7(f) shows the average end-to-end delay for all three protocols increases as mobility decreases. 5.2. SGLS without attackers We implement SGLS, which includes the TIK, TESLA, digital signature and MAC without LRS. By comparing SGLS with the original GLS, we can examine the performance impact of adding security overhead, independent of the effect of attackers. Fig. 8 shows the simulation results without attackers. The TIK overhead (32 bytes; one MAC and one key) is introduced in each IEEE 802.11 data frame. The additional overheads of MAC (16 bytes), TESLA key (16 bytes), and two authentic keys for TIK (32 bytes; one for current key chain and the other for next key chain) are incurred by HELLO messages. The end-toend MAC (16 bytes) is added to all unicast messages except the LU message (digital signature of 40 bytes using the Elliptic Curve Cryptography [14]). Fig. 8(a) shows that the message delivery ratio between SGLS and GLS. Adding security overhead in SGLS reduces the message delivery ratio by just 1% on average. SGLS is still effective (over 90%) in discovering and maintaining routes for delivery of data messages even in relatively high mobility

J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86

scenarios. Fig. 8(b) shows that SGLS’s routing overhead is much higher than that of GLS in terms of bytes. That is due to the increase in size of routing control messages with digital signatures and MACs in SGLS. As mobility increases, the amount of control overhead of SGLS increases slightly. Fig. 8(c) shows that the average end-to-end delay for SGLS is slightly higher than that of GLS. Intuitively, SGLS may have a higher average delay for the location discovery than GLS. However, the number of location discoveries performed is a small fraction when compared with the number of data messages delivered. Therefore, the effect of the location acquisition latency on the average end-to-end delay of data messages is not significant. 6. Conclusions In this paper, we have proposed SGLS, which is a security enhancement to the original GLS protocol. The security mechanisms added to GLS include TIK, TESLA, MAC, digital signature, and a reputation system. SGLS has the capability of preventing message tampering, dropping, falsified injection, and replay attacks. Simulation results showed that in the presence of message dropping attacks, the proposed LRS mechanism maintains a high message delivery ratio at the expense of a higher average end-to-end delay and routing overhead in general. For future work, we are planning to implement our algorithm on mobile devices, and study it in real world environments by taking into account the energy issues. Moreover, countermeasures against blackmail attacks will be investigated. Acknowledgements This work was supported by a University of British Columbia Graduate Fellowship, and by the Canadian Natural Sciences and Engineering Research Council under grants RGPIN 261604-03 and 44286-00. References [1] X. Hong, K. Xu, M. Gerla, Scalable routing protocols for mobile ad hoc networks, IEEE Network 16 (4) (2002) 28–39. [2] M. Mauve, J. Widmer, H. Hartenstein, A survey on positionbased routing in mobile ad hoc networks, IEEE Network 15 (6) (2001) 30–39.

85

[3] E. Kranakis, H. Singh, J. Urrutia, Compass routing on geometric networks, in: Proc. Canadian Conference on Computational Geometry, Vancouver, BC, August 1999. [4] G.G. Finn, Routing and addressing problems in large metropolitan-scale internetworks, Technical Report ISI/ RR-87-180, Inst. for Scientific Information, March 1987. [5] S. Basagni, I. Chlamtac, V.R. Syrotiuk, B.A. Woodward, A distance routing effect algorithm for mobility (DREAM), in: Proc. ACM MobiCom, Dallas, TX, October 1998. [6] S. Capkun, J.-P. Hubaux, Secure positioning of wireless devices with application to sensor networks, in: IEEE Proc. IEEE Infocom, Miami, Florida, March 2005. [7] J. Li, J. Jannotti, D.S.J. De Couto, D.R. Karger, R. Morris, A scalable location service for geographic ad hoc routing, in: Proc. ACM MobiCom, Boston, MA, August 2000. [8] Z.J. Haas, B. Liang, Ad hoc mobility management with uniform quorum systems, IEEE/ACM Transactions on Networking 7 (2) (1999). [9] L. Blazevic, L. Buttyan, S. Capkun, S. Giordaro, J.-P. Hubaux, J.-Y. Le Boudec, Self-organization in mobile ad hoc networks: the approach of terminodes, IEEE Communications Magazine (June) (2001). [10] J.H. Song, Load-balancing and secure routing for wireless mobile ad hoc networks, Ph.D.’s thesis, Department of Electrical and Computer Engineering, The University of British Columbia, April 2005. [11] H. Krawczyk, M. Bellare, R. Canetti, HMAC: keyedhashing for message authentication, IETF RFC 2104 (February) (1997). [12] A. Perrig, R. Canetti, D. Song, D. Tygar, B. Briscoe, TESLA: multicast source authentication transform introduction, IETF Internet Draft of Multicast Security Working Group (work in progress), August 2004. [13] Y.-C. Hu, A. Perrig, D.B. Johnson, Packet leashes: a defense against wormhole attacks in wireless network, in: Proc. IEEE Infocom, San Francisco, CA, March/April 2003. [14] D.B. Johnson, ECC, future resiliency and high security systems, Certicom White Paper, March 1999. [15] S. Buchegger, J.-Y. Le Boudec, Performance analysis of the CONFIDANT protocol, in: Proc. ACM MobiHoc, Lausanne, Switzerland, June 2002. [16] NS-2 for grid. Available from: .

Joo-Han Song received the M.S. degree in electrical engineering from the Hongik University, Seoul, Korea, in 2001, and the Ph.D. degree from the University of British Columbia (UBC), Vancouver, BC, Canada, in 2005. He is currently a senior engineer in the 4G System Laboratory at Samsung Electronics, Korea. His research interests include routing and security for mobile ad hoc networks, the design of MAC algorithms for 4G system, and the performance evaluation and modeling of wireless networks.

86

J.-H. Song et al. / Ad Hoc Networks 5 (2007) 76–86

Vincent W.S. Wong received the B.Sc. degree from the University of Manitoba in 1994, the M.A.Sc. degree from the University of Waterloo in 1996, and the Ph.D. degree from the University of British Columbia (UBC) in 2000. He worked as a systems engineer at PMCSierra Inc from 2000 to 2001. He is currently an assistant professor in the Department of Electrical and Computer Engineering at UBC. His current research interests are in resource and mobility management for wireless mesh networks, wireless sensor networks, and heterogeneous wireless networks. He received the Natural Sciences and Engineering Research Council postgraduate scholarship and the Fessenden Post-graduate Scholarship from Communications Research Centre, Industry Canada, during his graduate studies. He serves as TPC member in various conferences, including the IEEE ICC and Globecom.

Victor C.M. Leung received the B.A.Sc. (Hons.) degree in electrical engineering from the University of British Columbia (UBC) in 1977, and was awarded the APEBC Gold Medal as the head of the graduating class in the Faculty of Applied Science. He attended graduate school at UBC on a Natural Sciences and Engineering Research Council Postgraduate Scholarship and obtained the Ph.D. degree in electrical engineering in 1981.

From 1981 to 1987, he was a Senior Member of Technical Staff at Microtel Pacific Research Ltd. (later renamed MPR Teltech Ltd.), specializing in the planning, design and analysis of satellite communication systems. In 1988, he was a Lecturer in the Department of Electronics at the Chinese University of Hong Kong. He returned to UBC as a faculty member in 1989, where he is a Professor and holder of the TELUS Mobility Research Chair in Advanced Telecommunications Engineering in the Department of Electrical and Computer Engineering. His research interests are in the areas of architectural and protocol design and performance analysis for computer and telecommunication networks, with applications in satellite, mobile, personal communications and high speed networks. He is a Fellow of IEEE and a voting member of ACM. He is an editor of the IEEE Transactions on Wireless Communications, and an associate editor of the IEEE Transactions on Vehicular Technology.