A Secure Zone-Based Routing Protocol for Mobile Ad Hoc Networks

In this thesis, we proposed a secure hybrid ad hoc routing protocol, called Secure Zone Routing Protocol (SZRP), which aims at addressing the above limitations by combining the best properties of both proactive and reactive approaches. The proposed protocol is based on the concept zone routing protocol (ZRP). It employs an integrated approach of digital signature and both the symmetric and asymmetric key encryption techniques to achieve the security goals like message integrity, data confidentiality and end to end authentication at IP layer. The thesis details the design of the proposed protocol and analyses its robustness in the presence of multiple possible security attacks that involves impersonation, modification, fabrication and replay of packets caused either by an external advisory or an internal compromised node within the network. The security and performance evaluation of SZRP through simulation indicates that the proposed scheme successfully defeats all the identified threats and achieves a good security at the cost of acceptable overhead. Together with existing approaches for securing the physical and MAC layer within the network protocol stack, the Secure Zone Routing Protocol (SZRP) can provide a foundation for the secure operation of an ad hoc network

Performance Evaluation of Distributed Security Protocols Using Discrete Event Simulation

The Border Gateway Protocol (BGP) that manages inter-domain routing on the Internet lacks security. Protective measures using public key cryptography introduce complexities and costs. To support authentication and other security functionality in large networks, we need public key infrastructures (PKIs). Protocols that distribute and validate certificates introduce additional complexities and costs. The certification path building algorithm that helps users establish trust on certificates in the distributed network environment is particularly complicated. Neither routing security nor PKI come for free. Prior to this work, the research study on performance issues of these large-scale distributed security systems was minimal. In this thesis, we evaluate the performance of BGP security protocols and PKI systems. We answer the questions about how the performance affects protocol behaviors and how we can improve the efficiency of these distributed protocols to bring them one step closer to reality. The complexity of the Internet makes an analytical approach difficult; and the scale of Internet makes empirical approaches also unworkable. Consequently, we take the approach of simulation. We have built the simulation frameworks to model a number of BGP security protocols and the PKI system. We have identified performance problems of Secure BGP (S-BGP), a primary BGP security protocol, and proposed and evaluated Signature Amortization (S-A) and Aggregated Path Authentication (APA) schemes that significantly improve efficiency of S-BGP without compromising security. We have also built a simulation framework for general PKI systems and evaluated certification path building algorithms, a critical part of establishing trust in Internet-scale PKI, and used this framework to improve algorithm performance

Lowering Security Overhead in Link State Routing

Security services in routing protocols are at the same time very important and very costly. This paper examines the cost of security in link state routing and develops techniques for efficient and secure processing of link state updates. Different approaches are recommended for stable and volatile network environments. Applications to mobile ad hoc networks are also considered. Keywords: link state routing, security, hash chains, ad hoc networks. 1 Introduction: Security of Routing Protocols As both the complexity and diversity of today's networks and internetworks grow, so does the need for new, more versatile and more efficient routing protocols. Since routing is a critical network function, security of routing protocols is naturally very important. This has been widely recognized by the designers of many routing protocols both past and present. Sound security, however, comes at a high price which translates into processing, bandwidth and storage overhead. Consequently, it is desir..