The advent of ubiquitous computing and the creation of new, powerful, efficient, portable computing devices have focused the importance of mobile and wireless networking. Mobile wireless communications and networking is an emerging technology that allows users to access information and services electronically at any time, regardless of their geographic positions. There are two types of wireless networks: infrastructure based wireless networks and infrastructure-less wireless networks (ad hoc networks). The infrastructure based wireless networks have routers and gateways as stationary components to which mobile nodes within the network connect. Mobile nodes connect to the nearest base station whose communication radius covers the area that the nodes are in. When a mobile node moves out of the coverage area of a base station, it is handed off to a new base station that covers the area that the node is now in. Cellular phone technology is a typical example of an infrastructure network.
The second type of wireless network is the ad hoc network. The term ad hoc tends to “different forms” and can be “mobile, stand alone, or networked”. A Mobile Ad hoc NETwork (MANET) is a self-organized wireless communication short lived network that contains collection of mobile nodes. The mobile nodes communicate with one another by wireless radio links without the use of any pre-established fixed communication network infrastructure or centralized administration, such as base stations or access points, and with no human intervention [2, 3, 5, 6, 7].
Self-organizing means that MANETs have the ability to spontaneously form a network of mobile nodes or hosts, merged together or partitioned into separate networks on-the-fly depending on the networking needs and dynamically handle the joining or leaving of nodes in the network. The major objectives of self organized MANET are: scalability, reliability, and availability. Mobile nodes are low capacity autonomous computing devices that are capable of roaming independently. Because of the fact that nodes are mobile, the network topology changes rapidly and unpredictably over time. Each mobile node acts as both a host and a specialized router to relay information (forward packets) to other mobile nodes. The success of the communication highly depends on the other nodes’ cooperation. The nodes themselves are responsible for dynamically discovering other nodes to communicate in radio range.
Figure 1.1: Heterogeneous Mobile Ad hoc Network (MANET)
Typical MANET nodes are Laptops, PDAs, Pocket PCs, Cellular Phones, Internet Mobil Phones, Palmtops or any other mobile wireless devices. These devices are typically lightweight and battery operated. Figure 1.1 illustrates an example of a heterogeneous MANET and its communication technology which contains one PDA, one pocket PC, one laptop, one mobile phone and one mobile device. Since mobile phone is outside pocket PC’s transmission range, the data from pocket PC to mobile phone must be retransmitted by laptop.
1.1.1 Characteristics of MANETs
The main characteristics of MANETs are: the complete lack of centralized control, lack of association among nodes, rapid mobility of hosts, frequent dynamically varying network topology, shared broadcast radio channel, insecure operating environment, physical vulnerability and limited availability of resources, such as CPU processing capacity, memory power, battery power, and bandwidth [2, 6, 7, 8].
Dynamic Network Topologies: The nodes in MANETs are free to move independently in any direction. The network’s wireless topology may change frequently and randomly at unpredictable times and primarily consists of bidirectional links.
Low Bandwidth: These networks have lower capacity and shorter transmission range than fixed infrastructure networks. The throughput of wireless communication is lesser than wired communication because of the effect of the multiple access, fading, noise, and interference conditions.
Limited Battery Power: The nodes or hosts operate on small batteries and other exhaustible means of energy. So, energy conservation is the most important design optimization criteria.
Decentralized Control: Due to unreliable links, the working of MANET depends upon cooperation of participating nodes. Thus, implementation of any protocol that involves a centralized authority or administrator becomes difficult.
Unreliable Communications: The shared-medium nature and unstable channel quality of wireless links may result in high packet-loss rate and re-routing instability, which is a common phenomenon that leads to throughput drops in multi-hop networks. This implies that the security solution in wireless ad hoc networks cannot rely on reliable communication.
Weak Physical Protection: MANETs are more prone to physical security threats than fixed-cable nets. Mobile nodes are usually compact, soft and hand-held in nature. Today, portable devices are getting smaller and smaller. They could get damaged or lost or stolen easily and misused by an adversary. The increased possibility of different types of attacks should be carefully considered.
Scalability: Due to the limited memory and processing power on mobile devices, the scalability is a key problem when we consider a large network size. Networks of 10,000 or even 100,000 nodes are envisioned, and scalability is one of the major design concerns.
1.1.2 Applications of MANETs
There are many applications of MANETs. The domain of applications for MANETs is diverse, ranging from small, static networks that are constrained by power sources to large-scale, mobile, highly dynamic networks. Significant examples include establishing survivable, efficient, dynamic communication for: network-centric military/battlefield environments, emergency/rescue operations, disaster relief operations, intelligent transportation systems, conferences, fault-tolerant mobile sensor grids, smart homes, patient monitoring, environment control, and other security sensitive applications. Most of these applications demand a specific security guarantees and reliable communication [2, 5, 7, 9]. Some well known applications are:
Military Tactical Operations: For fast and possibly short term establishment of military communications and troop deployments in hostile and/or unknown environments.
Search and Rescue Operations: For communication in areas with little or no wireless infrastructure support.
Disaster Relief Operations: For communication in environments where the existing infrastructure is destroyed or left inoperable.
Law Enforcement: For secure and fast communication during law enforcement operations.
Commercial Use: For enabling communications in exhibitions, conferences and large gatherings. For some business scenarios, the need for collaborative computing might be more important outside office environments than inside a building. After all, it is often the case where people do need to have outside meetings to cooperate and exchange information on a given project.
1.1.3 Routing in MANETs
Node mobility has a large impact on the behavior of ad hoc networks. The nodes in the network are free to move independently in any direction to change the routes. Every node in MANET acts as a router that discovers and maintains routes in the network. The nodes themselves are responsible for dynamically discovering other nodes to communicate. When a node wants to communicate with a node outside its transmission range, a multi-hop routing strategy is used which involves some intermediate nodes. The network’s wireless topology changes frequently and randomly at unpredictable times.
In order to allow truly spontaneous, infrastructure-less networking and efficient end-to-end communication with the network of nodes, a routing protocol is used to discover the optimal routes between the nodes. Hence, the primary challenge is to establish a correct and efficient route between a pair of nodes and to ensure the correct and timely delivery of packets. The routing protocols meant for wired networks cannot be used for MANETs because routing in MANETs is nontrivial due to the highly dynamic nature of the mobile nodes. Route construction should be done with a minimum of overhead and bandwidth consumption.
An extensive number of research works on designing the various routing protocols – proactive, reactive, and hybrid – have been proposed in the literature and widely evaluated for efficient routing of packets . However, they do not address possible threats aiming at the disruption of the protocol itself and often are vulnerable to node misbehavior. A node dropping all the packets is considered as malicious node or selfish nodes. A malicious node misbehaves because it intends to damage network functioning. A selfish node does so because it wants to save battery life for its own communication by simply not participating in the routing protocol or by not executing the packet forwarding. A malicious node could falsely advertise very attractive routes and thereby convince other nodes to route their messages via that malicious node.
With the lack of a priori trust between nodes, current ad hoc routing protocols are completely insecure and optimized only to spread routing information quickly as the network changes .
1.1.4 Security in MANETs
Security is an essential service for MANET because all network services are configured on-the-fly. When the security of a given MANET architecture is not properly designed from the beginning, it is difficult to achieve the security goals in practical networks during the network deployment [12, 13].
To secure a MANET, one usually considers the objectives confidentiality (privacy), availability, integrity, authenticity and non-repudiation. Confidentiality ensures that secret information in the network is never revealed to unauthorized nodes. i.e. the assurance that data is not disclosed to unauthorized parties. Availability ensures that the requested network services, such as bandwidth and connectivity, are available in a timely manner and service is not denied to authorize users. i.e. the assurance that data is readily accessible. Integrity ensures that message or packet being transferred between nodes is not altered or corrupted. i.e. the assurance that data is genuine. Authentication ensures the correct identity of the peer node it is communicating with. Non-repudiation ensures that the originator of a message cannot falsely deny having sent the message. i.e. the assurance that a node cannot later deny the data was sent by it.
Node mobility in a MANET poses many security problems and vulnerable to different types of security attacks than conventional wired and wireless networks due to their open medium, dynamic network topology, absence of central administration, distributed cooperation, constrained capability, and lack of clear line of defense. The unconstrained nature of a wireless medium of MANETs allows the attackers for interception, injection, and interference of communication. Without proper security, mobile hosts are easily captured, compromised and hijacked by malicious nodes. Malicious nodes behavior may deliberately disrupt the network so that the whole network will be suffering from packet losses. Damages include leaking secret information, message contamination and node impersonation.
Before MANETs are successfully deployed, security issues must be addressed. Usually, cryptographic techniques are used for secure communications in wired and wireless networks. The method of using security solutions of traditional wired networks is not suitable for providing security in MANETs. The main problem of any public-key based security system is to make each user’s public key available to others in such a way that its authenticity is verifiable. Conventional security solutions to provide public key management is implemented with public key infrastructure (PKI), in which a trusted third party (TTP) holds the public key certificates of all participating entities and acts as an online certification authority (CA) to provide a public key verification service. MANETs do not provide on-line access to trusted authorities or to centralized servers. Implementing public key management and certificate distribution is more challenging due to the – problematic key exchange, session handling, absence of any infrastructure and centralized services, frequent node mobility, wireless link instability, possible network partitions, and configuration of all network services on-the-fly. For these reasons, traditional security solutions that require on-line trusted authorities or certificate repositories are not well suited for securing MANETs. Use of public key cryptography and certificates is one of the effective ways of securing a MANET.
The main security problems that need to be dealt with in MANETs are: the secure storage of key/data in the devices; the authentication of devices that wish to communicate to each other; the secure key establishment of a session key among authenticated devices; and the secure routing in multi-hop networks .
1.1.5 Security Attacks in MANETs
Security means protecting the privacy (confidentiality), availability, integrity and non-repudiation. Security implies the identification of potential attacks, threats and vulnerability of a certain system from unauthorized access, use, modification or destruction. A security attack is any action that compromises or bypasses the security of information illegally or in an unauthorized way. The attack may alter, release, or deny data [10, 11, 14].
The attacks on the MANETs can be broadly classified into two categories: passive attacks and active attacks as shown in Figure 1.2. Both passive and active attacks can be made on any layer of the network protocol stack .
Figure 1.2: Types of security attacks
Passive Attacks: A passive attack attempts to retrieve valuable information by listening to traffic channel without proper authorization, but does not affect system resources and the normal functioning of the network. Figure 1.3 shows a schematic description of a passive attacker C, eavesdropping on the communication channel between A and B.
Figure 1.3: A passive attack
The different types of passive attacks are eavesdropping (information leakage), traffic monitoring, and analysis. Passive attacks are very difficult to detect because they do not involve any alteration of the data. The emphasis in dealing with passive attacks is on prevention rather than detection. One of the solutions to the problem is to use powerful encryption mechanism to encrypt the data being transmitted, thereby making it impossible for the attacker to get useful information from the data overheard.
Eavesdropping (information leakage) is a very easy passive attack in the radio transmission environment, where malicious nodes capture all traffic, including routing traffic, and thus obtain routing information. When one sends a message over the wireless medium, an attacker equipped with a suitable transceiver in the radio range of the transmission can intercept and capture all traffic including the sensitive routing information. The sender or the intended receiver has no means of detecting if the transmission has been eavesdropping in the radio transmission by the adversary who do not physically connect to the medium.
Traffic monitoring collects information of network nodes such as the identities and locations of nodes and the amount of data transmitted among them. Traffic analysis means that a malicious node analyses all captured/received traffic in order to extract information about the characteristics of transmission, such as, which nodes are communicating frequently or exchange huge amounts of data. This information could be exploited to launch further attacks.
Active Attacks: An active attack attempts to alter or destroy system resources and the data being exchanged in the network by injecting or modifying arbitrary packets, thus gain authentication and tries to affect or disrupt the normal functioning of the network services. An active attack involves information interruption, modification, or fabrication.
Figure 1.4: An active attack
As shown in Figure 1.4, an active attacker C can listen, modify, and inject messages into the communication channel between A and B. Active attacks can be either internal or external . External attacks are carried out by nodes that do not belong to the network. These attacks are launched by adversaries who are not initially authorized to participate in the network operations and access the resources without authorization. External attacks usually aim to cause network congestion, denying access to specific network function or to disrupt the whole network operations. Bogus packets injection, denial of service, and impersonation are some of the attacks that are usually initiated by the external attackers. Internal attacks are from compromised nodes that are part of the network.
Compared with external attacks, internal attacks are more serious and hard to detect because the attackers know valuable and secret information from compromised or hijacked nodes and possess privileged access rights to the network resources. Active attacks, whether carried out by an external adversary or an internal compromised node, involves actions such as impersonation (masquerading or spoofing), modification, fabrication and replication.
The active attacks are classified into different types: MAC Layer attacks, Network Layer attacks, Transportation Layer attacks, Application Layer attacks and Multi Layer attacks as shown in Figure 1.5.
MAC Layer Attacks:
Jamming Attack – In this form of attack, the adversary initially keeps monitoring the wireless medium in order to determine the frequency at which the receiver node is receiving signals from the sender. It then transmits signals on that frequency so that error free reception at the receiver is hindered .
Figure 1.5: Classification of security attacks
Network Layer Attacks:
Wormhole Attack – In this attack, two compromised nodes can communicate with each other by a private network connection. A malicious node captures packets from one location in the network and “tunnels” these packets to the other malicious node at another location. The second malicious node is then expected to replay the “tunneled” packets locally. The tunnel between two colluding attackers is referred to as a wormhole. The wormhole can drop packets by short-circuiting the normal flow of routing packets or it can selectively forward packets to avoid detection [15, 16, 17].
Black Hole Attack – A black hole attack is a kind of denial of service where a malicious node attracts all packets by falsely claiming (advertising) a shortest path to the destination node whose packets it wants to intercept and then absorb them without forwarding to the destination . i.e. a malicious node falsely advertise itself as having the shortest path to the destination node whose packets it wants to intercept causing all nodes around it to route packets towards it.
Sinkhole Attack – In a sinkhole attack, the adversary’s goal is to attract nearly all the traffic from a particular area through a compromised node, creating a metaphorical sinkhole with the adversary at the center. Because nodes on or near the path that packets follow have many opportunities to tamper with application data [18, 19]. One motivation for mounting a sinkhole attack is that it makes selective forwarding trivial by ensuring that all traffic in the targeted area flows through a compromised node, an adversary can selectively suppress or modify packets originating from any node in the area.
Gray Hole Attack – A gray hole attack is a variation of the black hole attack, where the malicious node is not initially malicious, it turns malicious sometime later. In this attack, an attacker drops all data packets but it lets control messages to route through it [20, 21]. This selective dropping makes gray hole attacks much more difficult to detect than black hole attack.
Byzantine Attack – In this attack, a compromised intermediate node or a set of compromised intermediate nodes works in collusion and collectively carries out attacks such as creating routing loops, routing packets on non-optimal paths, and selectively dropping packets. Byzantine failures are hard to detect because throughput of attacker nodes as same as other nodes .
Information Disclosure Attack – In this, a compromised node attempts to reveal confidential or important information regarding the network topology (the structure of the network), geographic locations of nodes, or optimal routes to unauthorized nodes in the network .
Resource Consumption Attack – In this attack, a malicious node deliberately tries to consume/waste away the resources of other nodes present in the network by requesting excessive route discovery (unnecessary route request control messages), very frequent generation of beacon packets, or by forwarding unnecessary packets (stale information) to that node. The resources that are targeted are battery power, bandwidth, and computational power, which are only limitedly available in MANETs [24, 25].
Man-In-The-Middle Attack – In this, the attacker exists as a neighbor to any one node in the routing path and alters data that is being transmitted and injects modified packet into network. i.e. a malicious node impersonates the receiver with respect to the sender, and the sender with respect to the receiver, without having either of them realize that they have been attacked with an intension to read or modify the messages between two parties .
Neighbor Attack – In this attack, upon receiving a packet, an intermediate node records its ID in the packet before forwarding the packet to the next node. An attacker, however, simply forwards the packet without recording its ID in the packet to make two nodes that are not within the communication range of each other believe that they are neighbors (i.e., one-hop away from each other), resulting in a disrupted route. The goal of neighbor attackers is to disrupt multicast routes by making two nodes that are in fact out of each others communication range believe that they can communicate directly with each other .
Routing Attacks – In this attack, attackers try to alter the routing information and data in the routing control packet. There are several types of routing attacks, such as routing table overflow attack, routing table poisoning attack, packet replication attack, route cache poisoning attack, and rushing attack, mounted on the routing protocol which are aimed at disrupting the operation of the network .
a-?Routing Table Overflow Attack – In this attack, an adversary node advertises routes to non-existing authorized nodes present in the network. The main objective of such an attack is to cause an overflow of the routing tables, which would, in turn, prevent the creation of entries corresponding to new routes to authorized nodes. Proactive routing protocols are more vulnerable to this attack compared to reactive routing protocols.
a-?Routing Table Poisoning Attack – In this attack, a malicious node sends false routing updates to other uncompromised nodes. Such an attack may result in suboptimal routing, network congestion or even make some part of the network inaccessible.
a-?Packet Replication Attack – In this attack, an adversary node replicates stale packets. This consumes additional bandwidth and battery power resources available to the nodes and also causes unnecessary confusion in the routing process.
a-?Route Cache Poisoning Attack – This attack occurs when nodes are in the updating mode of their table’s route. Information stored in the routing tables deleted, changed, and injected with false information.
a-?Rushing Attack – In this case, an adversary can rush some routing packets towards the destination, leading to problems with routing. i.e. an adversary node which receives a route request packet from the source node floods the packet quickly throughout the network before other nodes which also receive the same route request packet can react. On demand routing protocols that use route discovery process are vulnerable to this type of attack .
Stealth Attacks – Stealth attacks are classified into two classes. The first class of attacks attempts to “hi-jack” or perform traffic analysis on filtered traffic to and from victim nodes. These attacks are mounted, for example, by the modification of routing information. An attacker can divert traffic by using authentic routing messages to fool honest nodes into disrupting their routing tables. The second class partitions the network and reduces good put by disconnecting victim nodes in several ways. For example, the attacker can route a large amount of data through the victim node. This may totally consume the node’s energy resources or create a perception of unavailability due the large quantities of messages being dropped by the victim. Consequently the node under attack will not be used by neighboring routers and becomes isolated. The methods are referred to as stealth attacks since they minimize the cost of launching the attacks and reduce the visibility of the attacker .
Transportation Layer Attacks:
Session Hijacking Attack – Session hijacking is the major transport layer attack. Here, an adversary takes control over a session between two nodes. Since most authentication processes are carried out only at the start of a session, once the session between two nodes gets established, the adversary node masquerades as one of the end nodes of the session and hijacks the session. Session hijacking occurs on two levels: the network level and application level.
Application Layer Attacks:
Repudiation Attack – Repudiation attack is the main application layer level attack. Repudiation refers to the denial or attempted denial by a node involved in a communication of having participated in all or part of the communication . Non-repudiation is one of the important requirements for a security protocol in any communication network and assures that a node cannot later deny the data was sent by it.
Multi Layer Attacks:
Multi-layer attacks are those that could occur in any layer of the network protocol stack. Denial of service, impersonation or sybil attack, manipulation of network traffic, device tampering, jellifish attack and eclipse attack are some of the common multi-layer attacks.
Denial of Service Attack – In this attack, an adversary always attempts to prevent legitimate and authorized users of network services from accessing those services, where legitimate traffic cannot reach the target nodes. Denial of Service (DoS) attacks are against CPU power, battery power and transmission bandwidth. A malicious node may launch a DoS attack against another node by requesting routes from that node, or by forwarding unnecessary packets to that node in an attempt to wear down (draining) the other node’s batteries. A DoS attack can be carried out in many ways and against any layer in the network protocol stack, namely, physical layer, link layer, and network layer [4, 12, 31].
Sybil Attack – This attack is also known as masquerade or impersonation or spoofing attack. In this attack, a single malicious node attempts to take out the identity of other nodes’ in the network by advertising false/fake routes. i.e. an attacker pretends to have multiple identities obtained either by impersonating (forges) other nodes or by making use of false identities. It then attempts to send packets over network with identity of other nodes making the destination believe that the packet is from original source .
Sybil attacks are classified into three categories: direct/indirect communication, fabricated/stolen identity, and simultaneity. In the direct communication, Sybil nodes communicate directly with legitimate nodes, whereas in the indirect communication, messages sent to Sybil nodes are routed through malicious nodes. An attacker can fabricate a new identity or it can simply steal it after destroying or temporarily disabling the impersonated node. All Sybil identities can participate simultaneously in the network or they may be cycled through .
Misrouting Attack – This attack is also known as manipulation of network traffic attack. This is a very simple way for a node to disturb the protocol operation by announcing that it has better route than the existing one. In the misrouting attack, a non-legitimate node redirects the routing message and sends data packet to the wrong destination. This type of attack is carried out by modifying metric value of a route or by altering control message fields of a route or modifying the final destination address of the data packet or by forwarding a data packet to the wrong next hop in the route to the destination .
Device Tampering Attack (Weak Physical Protection) – Unlike nodes in a wired network, nodes in MANETs are usually compact, soft, and hand-held in nature. They could get damaged or lost or stolen easily and misused by an adversary. In military applications, mobile nodes are subject to capturing, compromising and hijacking. In such hostile environments, it is almost impossible to provide perfect physical protection .
Jellyfish Attack – A jellyfish attacker first needs to intrude into the multicast forwarding group. It then delays data packets unnecessarily for some amount of time before forwarding them. This result in significantly high end-to-end delays and, thus, degrades the performance of real-time applications .
Eclipse Attack – A pattern of misbehavior called an eclipse attack, which consists of the gradual poisoning of good (uncompromised) nodes’ routing tables with links to a conspiracy of adversarial nodes (compromised nodes) [12, 15, 18].
1.1.6 Security Solutions in MANET
Various kinds of security attacks are possible on ad hoc routing. Due to inherent characteristics, MANETs are highly susceptible to malicious attacks. To overcome these attacks, available security solutions are used. Attack prevention measures can be used as the first line of defense to reduce the possibilities of attacks.
There are two types of security solutions: preventive and detective to overcome these attacks. Preventive solutions are typically based on message encryption techniques, while detective solutions include the application of digital signature and cryptographic hash functions. The prevention schemes proposed for external attacks are key and trust management, whereas the countermeasures for internal attacks are secure routing protocols [5, 7].
1.2 Motivation of the Work
Providing security for MANETs is a difficult problem. The method of using security solutions of a traditional wired network is not suitable. All those methods require online trusted authority. In contrast with conventional networks, MANETs do not provide on-line access to trusted authorities or to centralized servers. For this reason, key management is particularly difficult to implement in such networks. However, key management is deemed as the fundamental essential part of any secure communication.
There are two ways to introduce security in MANETs: 1. through a single authority domain, where certification and keys are issued by a single authority, and 2. through full self-organization, where security does not rely on any trusted authority or fixed server. Conventional public key management is implemented with public key infrastructure, in which a trusted third party (TTP) holds the public key certificates of all participating entities and acts as an online certification authority (CA) to provide a public key verification service. Implementation of public key management in MANETs is more challenging due to certain characteristics such as, the problematic key exchange, session handling, the absence of any infrastructure (central authority), frequent node mobility, frequent network’s wireless topology changes, shared radio channel, limited availability of resources (CPU processing capacity, memory, battery power), and possible network partitions wherein the nodes may join or leave the network any time at their will and the impact of security attacks.
The existing routing protocols do not address possible threats aiming at the disruption of the protocol itself and often are vulnerable to node misbehavior. With the lack of a priori trust between nodes, current ad hoc routing protocols are completely insecure and optimized only to spread routing information quickly as the network changes.
The existing secure routing mechanisms, such as SAR, ARAN, SAODV, SRP, ARIADNE, SEAD, SMT, SLSP, CONFIDANT, Watchdog and Pathrater, are either too expensive or have unrealistic requirements. They consume a lot of resources and delay or even prevent successful exchanges of routing information. Although, researchers have designed security extensions for several existing protocols, many of these extensions do not contain important performance optimizations. Inclusion of optimistic approaches provides a better trade-off between security and performance. Resource constraints of mobile devices, such as memory, computation, communication and energy, need to be carefully considered in the solution.
This has motivated the present research work to use public key cryptography and digital certificates for securing a MANET and efforts are made to develop the new security protocol, called the cryptographic hybrid (symmetric/ asymmetric) key management solution for secure routing in self organized MANETs.
1.3 Objectives of the Thesis
The major objectives of this research work are:
1. To investigate the deficiencies of the existing secure routing protocols and propose a new security protocol called – cryptographic hybrid (symmetric/ asymmetric) key management solution for secure routing in MANETs for handling a large number of mobile nodes.
2. To design a MANET such that the nodes in the networks are responsible for creating their public-private key pairs and certificates, distributing public keys and self signed public key certificates to neighboring nodes, storing public key certificates in their certificate repositories, revoking the public keys and public key certificates, performing public key authentication services regardless of the network partitions and fully controlling the security settings of the system without the help of any centralized authority to resists against malicious nodes.
3. To transfer the encrypted messages successfully from source to destination through intermediate nodes (routers) without any authority even if there is any topology changes due to device mobility. Routers and intruders should not be allowed to decrypt the sent message by source except at the destination.
4. To study and intensively analyze the communications cost of the key distribution process and the network costs.
5. To investigate, in detail, the performance of the proposed security protocol against various known and unknown malicious node attacks.
1.4 Summary and Contributions
The important contribution of this thesis is to provide a secure public key management protocol for secure routing in MANETs. We studied the self organized public key management and investigated the deficiencies with the existing key management solutions [P2]. We proposed a new security protocol called – cryptographic hybrid (symmetric/ asymmetric) key management solution for secure routing in self organized heterogeneous and pure MANETs for handling a large number of nodes [P5]. In the proposed scheme, the nodes need not be responsible for issuing other nodes’ certificates. Every intermediate node checks the neighbors’ digital signatures, which guarantee that no single node can modify the public key certificate information during the distribution process. The reason is that the certificates are distributed securely to the neighboring nodes with the symmetric key (secret key) encryption.
We designed a MANET that allows the transmission of encrypted messages successfully from source to destination through intermediate nodes (routers) without any authority even in case of topology change due to device mobility. Routers and intruders cannot decrypt the sent message by source except at the destination. We studied and intensively analyzed the communication costs of the key distribution process and the network costs.
We investigated the various known and unknown malicious node attacks on the MANET [P1]. The proposed scheme resists against malicious nodes, which sign and issue false public key certificates for other nodes in the network, with low implementation complexity. The performance of the proposed security protocol against various malicious node attacks was studied experimentally in detail.
We evaluated the proposed scheme via a security analysis, communication complexity analysis and simulation assessments.
1.5 Organization of the Thesis
The thesis is divided into eight chapters:
Chapter 1: Gives introduction. In this chapter, a brief overview of MANETs including the characteristics, applications, routing, security attacks and security solutions were introduced. We examined and identified the different kinds of security threats a MANET faces. This chapter also addresses motivation, objectives, and summary of contributions of the thesis.
Chapter 2: Gives the literature survey. In this chapter, a literature survey on fundamentals of cryptography, existing routing protocols, secure routing protocols, and peer-to-peer key management solutions for MANETs which includes – authority based Protocols and fully self organized Protocols, were presented.
Chapter 3: Presents a proposed security protocol solution, called – cryptographic hybrid key management solution for secure routing in self organized MANETs. In this chapter, we provide a thorough discussion of the major protocol.
Chapter 4: Presents the design of proposed security protocol. In this chapter, the system model, algorithm and UML diagrams of a new security protocol were explained.
Chapter 5: Gives the simulation study of proposed security protocol. This chapter describes the possible implementation and performance evaluation of the proposed protocol through simulation work.
Chapter 6: Gives the experimental results and analysis. In this chapter, analysis of a new security protocol, comparison with previous schemes, performance analysis, and security analysis were described.
Chapter 7: Presents the conclusions and recommendations. This chapter summarizes the main contributions of our work and suggests possible directions for future research.
Chapter 8: Appendix A – Lists a source code in Java.