Biomedical Engineering Reference
In-Depth Information
outdated routing information to accommodate the dynamically changing topology.
False routing information generated by compromised nodes could, to some extent, be
considered outdated information. As long as there are sufficiently many correct
nodes, the routing protocol should be able to find routes that go around these com-
promised nodes. Such capability of the routing protocols usually relies on the
inherent redundancies—multiple, possibly disjoint, routes between nodes—in ad
hoc networks. If routing protocols can discover multiple routes (e.g., protocols in
ZRP, DSR, TORA, and AODV all can achieve this), nodes can switch to an alter-
native route when the primary route appears to have failed. Diversity coding takes
advantage of multiple paths in an efficient way without message retransmission. The
basic idea is to transmit redundant information through additional routes for error
detection and correction. For example, if there are n disjoint routes between two
nodes, then we can use n-r channels to transmit data and use the other r channels to
transmit redundant information. Even if certain routes are compromised, the receiver
may still be able to validate messages and to recover messages from errors using the
redundant information from the additional r channels. Secure routing in networks
such as the Internet has been extensively studied. Many proposed approaches are also
applicable to secure routing in ad hoc networks. To deal with external attacks,
standard schemes such as digital signatures to protect information authenticity and
integrity have been considered. For example, Sirios and Kent propose the use of a
keyed one-way hash function with windowed sequence number for data integrity in
point-to-point communication and the use of digital signatures to protect messages
sent to multiple destinations. Kumar recognizes the problem of compromised routers
as a hard problem, but provides no solution. Other works give only partial solutions.
The basic idea underlying these solutions is to detect inconsistency using redundant
information and to isolate compromised routers. For example, in where methods to
secure distance-vector routing protocols are proposed, extra information of a pre-
decessor in a path to a destination is added into each entry in the routing table. Using
this piece of information, a path traversal technique (by following the predecessor
link) can be used to verify the correctness of a path. Such mechanisms usually come
with a high cost and are avoided because routers on networks such as the Internet are
usually well protected and rarely compromised.
Conclusion
In this chapter, we have analyzed the security threats an ad hoc network faces and
presented the security objectives that need to be achieved. On one hand, the
security-sensitive applications of ad hoc networks require high degree of security;
on the other hand, ad hoc networks are inherently vulnerable to security attacks.
Therefore, security mechanisms are indispensable for ad hoc networks. The
idiosyncrasy of ad hoc networks poses both challenges and opportunities for these
mechanisms.
Search WWH ::
Custom Search