Biomedical Engineering Reference
In-Depth Information
Fig. 2 Topology change in ad hoc networks: nodes 1, 2, 3, 4, 5, and 6 constitute an ad hoc
network. The circle represents the radio range of node 1. The network initially has the topology in
(a). When node 4 moves out of the radio range of 1, the network topology changes to the one in (b)
Routing
To achieve availability, routing protocols [
4
,
5
] should be robust against both
dynamically changing topology and malicious attacks. Routing protocols proposed
for ad hoc networks cope well with the dynamically changing topology [
6
]. However,
none of them, to our knowledge, have accommodated mechanisms to defend against
malicious attacks. Routing protocols for ad hoc networks are still under active
research. There is no single standard routing protocol. Therefore, we aim to capture
the common security threats [
7
] and to provide guidelines to secure routing proto-
cols. In most routing protocols, routers exchange information on the topology of the
network in order to establish routes between nodes. Such information could become a
target for malicious adversaries who intend to bring the network down. There are two
sources of threats to routing protocols. The first comes from external attackers. By
injecting erroneous routing information, replaying old routing information, or dis-
torting routing information, an attacker could successfully partition a network or
introduce excessive traffic load into the network by causing retransmission and
inefficient routing. The second and also the more severe kind of threats come from
compromised nodes, which might advertise incorrect routing information to other
nodes. Detection of such incorrect information is difficult: merely requiring routing
information to be signed by each node would not work, because compromised nodes
are able to generate valid signatures using their private keys. To defend against the
first kind of threats, nodes can protect routing information in the same way they
protect data traffic, i.e., through the use of cryptographic schemes such as digital
signature. However, this defense is ineffective against attacks from compromised
servers. Worse yet, as we have argued, we cannot neglect the possibility of nodes
being compromised in an ad hoc network. Detection of compromised nodes through
routing information is also difficult in an ad hoc network because of its dynamically
changing topology: when a piece of routing information is found invalid, the
information could be generated by a compromised node, or it could have become
invalid as a result of topology changes. It is difficult to distinguish between the two
cases. On the other hand, we can exploit certain properties of ad hoc networks to
achieve secure routing. Note that routing protocols for ad hoc networks must handle
Search WWH ::
Custom Search