AN ENHANCED LID ROUTING SECURITY SCHEME FOR MOBILE AD-HOC NETWORKS

In this work we present novel security architecture for MANETs that merges the clustering and the threshold key management techniques. The proposed distributed authentication architecture reacts with the frequently changing topology of the network and enhances the process of assigning the node's public key. In the proposed architecture, the overall network is divided into clusters where the cluster heads (CH) are connected by virtual networks and share the private key of the Central Authority (CA) using Lagrange interpolation. Experimental results show that the proposed architecture reaches to almost 95.5% of all nodes within an ad-hoc network that are able to communicate securely, 9 times faster than other architectures, to attain the same results. Moreover, the solution is fully decentralized to operate in a large-scale mobile network. We also proposing a special security routing architecture called Local Intrusion Detection (LID) to detect Black Hole Attack (BHA) over Ad hoc On Demand Distance Vector (AODV) MANET routing protocol. In LID security routing mechanism, the intrusion detection is performed locally using the previous node of the attacker node instead of performing the intrusion detection via the source node as in Source Intrusion Detection (SID) security routing mechanism. By performing LID security routing mechanism, the security mechanism overhead would be decreased

Securing and enhancing routing protocols for mobile ad hoc networks

1. CONTEXTO1.1. MANETMANET (Mobile and Ad hoc NETworks) (Redes móviles sin cables) son redes formadas por nodos móviles. Se comunican sin cables i lo hacen de manera 'ad hoc'. En este tipo de redes, los protocolos de enrutamiento tienen que ser diferentes de los utilizados en redes fijas.Hoy en día, existen protocolos de enrutamiento capaces de operar en este tipo de redes. No obstante, son completamente inseguras y confían en que los nodos no actuarán de manera malintencionada. En una red donde no se puede contar con la presencia de servidores centrales, se necesita que los nodos puedan comunicarse sin el riesgo de que otros nodos se hagan pasar por aquellos con quien quieren comunicarse. En una red donde todo el mundo es anónimo conceptos como identidad y confianza deben ser redefinidos.1.2. AODVAd Hoc On-Demand Vector Routing (AODV) es un protocolo de enrutamiento reactivo para redes MANET. Esto significa que AODV no hace nada hasta que un nodo necesita transmitir un paquete a otro nodo para el cual no tiene ruta. AODV sólo mantiene rutas entre nodos que necesitan comunicarse. Sus mensajes no contienen información de toda la ruta, solo contienen información sobre el origen i el destino. Por lo tanto los mensajes de AODV tienen tamaño constante independientemente del numero de nodos de la ruta. Utiliza números de secuencia para especificar lo reciente que es una ruta (en relación con otra), lo cual garantiza ausencia de 'loops' (bucles).En AODV, un nodo realiza un descubrimiento de ruta haciendo un 'flooding' de la red con un mensaje llamado 'Route Request' (RREQ). Una vez llega a un nodo que conoce la ruta pedida responde con un 'Route Reply' (RREP) que viaja de vuelta al originador del RREQ. Después de esto, todos los nodos de la ruta descubierta conocen las rutas hacia los dos extremos de la ruta.2. CONTRIBUTIONS2.1. SAODVSAODV (Secure Ad hoc On-Demand Distance Vector) es una extensión de AODV que protege el mecanismo de descubrimiento de ruta. Proporciona funcionalidades de seguridad como ahora integridad i autenticación.Se utilizan firmas digitales para autenticar los campos de los mensajes que no son modificados en ruta y cadenas de hash para proteger el 'hop count' (que es el único campo que se modifica en ruta).2.2. SAKMSAKM (Simple Ad hoc Key Management) proporciona un sistema de gestión de llaves que hace posible para cada nodo obtener las llaves públicas de los otros nodos de la red. Además, permite que cada nodo pueda verificar la relación entre la identidad de un nodo y la llave pública de otro.Esto se consigue a través del uso de direcciones estadísticamente únicas y criptográficamente verificables.2.2.1. Verificación pospuestaEl método 'verificación pospuesta' permite tener rutas pendientes de verificación. Estas serán verificadas cuando el procesador disponga de tiempo para ello y (en cualquier caso) antes de que esas rutas deban ser utilizadas para transmitir paquetes.2.3. Detección de atajosCuando un protocolo de enrutamiento para redes MANET realiza un descubrimiento de ruta, no descubre la ruta más corta sino la ruta a través de la cual el mensaje de petición de ruta viajó más rápidamente. Además, debido a que los nodos son móviles, la ruta que era la más corta en el momento del descubrimiento puede dejar de ser-lo en breve. Esto causa un retraso de transmisión mucho mayor de lo necesario y provoca muchas más colisiones de paquetes.Para evitar esto, los nodos podrían realizar descubrimientos de atajos periódicos para las rutas que están siendo utilizadas. Este mismo mecanismo puede ser utilizado para 'recuperar' rutas que se han roto.1. BACKGROUND1.1. MANETMANET (Mobile and Ad hoc NETworks) are networks formed by nodes that are mobile. They use wireless communication to speak among them and they do it in an ad hoc manner. In this kind of networks, routing protocols have to be different than from the ones used for fixed networks. In addition, nodes use the air to communicate, so a lot of nodes might hear what a node transmits and there are messages that are lost due to collisions.Nowadays, routing in such scenario has been achieved. Nevertheless, if it has to be broadly used, it is necessary to be able to do it in a secure way. In a network where the existance of central servers cannot be expected, it is needed that nodes will be able to communicate without the risk of malicious nodes impersonating the entities they want to communicate with. In a network where everybody is anonymous, identity and trust need to be redefined.1.2. AODVAd Hoc On-Demand Vector Routing (AODV) protocol is a reactive routing protocol for ad hoc and mobile networks. That means that AODV does nothing until a node needs to transmit a packet to a node for which it does not know a route. In addition, it only maintains routes between nodes which need to communicate. Its routing messages do not contain information about the whole route path, but only about the source and the destination. Therefore, routing messages have a constant size, independently of the number of hops of the route. It uses destination sequence numbers to specify how fresh a route is (in relation to another), which is used to grant loop freedom.In AODV, a node does route discovery by flooding the network with a 'Route Request' message (RREQ). Once it reaches a node that knows the requested route, it replies with a 'Route Reply' message (RREP) that travels back to the originator of the RREQ. After this, all the nodes of the discovered path have routes to both ends of the path. 2. CONTRIBUTIONS2.1. SAODVThe Secure Ad hoc On-Demand Distance Vector (SAODV) is an extension of the AODV routing protocol that can be used to protect the route discovery mechanism providing security features like integrity and authentication.Two mechanisms are used to secure the AODV messages: digital signatures to authenticate the non-mutable fields of the messages, and hash chains to secure the hop count information (the only mutable information in the messages).The information relative to the hash chains and the signatures is transmitted with the AODV message as an extension message.2.2. SAKMSimple Ad hoc Key Management (SAKM) provides a key management system that makes it possible for each ad hoc node to obtain public keys from the other nodes of the network. Further, each ad hoc node is capable of securely verifying the association between the identity of a given ad hoc node and the public key of that node.This is achieved by using statistically unique and cryptographically verifiable address.2.2.1. Delayed VerificationDelayed verification allows to have route entries and route entry deletions in the routing table that are pending of verification. They will be verified whenever the node has spared processor time or before these entries should be used to forward data packages.2.3. Short Cut DetectionWhen a routing protocol for MANET networks does a route discovery, it does not discover the shortest route but the route through which the route request flood traveled faster. In addition, since nodes are moving, a route that was the shortest one at discovery time might stop being so in quite a short period of time. This causes, not only a much bigger end-to-end delay, but also more collisions and a faster power consumption.In order to avoid all the performance loss due to these problems, nodes could periodically discover shortcuts to the active routes that can be used with any destination vector routing protocol. The same mechanism can be used also as a bidirectional route recovery mechanism.Postprint (published version

Securing and enhancing routing protocols for mobile ad hoc networks

1. CONTEXTO1.1. MANETMANET (Mobile and Ad hoc NETworks) (Redes móviles sin cables) son redes formadas por nodos móviles. Se comunican sin cables i lo hacen de manera 'ad hoc'. En este tipo de redes, los protocolos de enrutamiento tienen que ser diferentes de los utilizados en redes fijas.Hoy en día, existen protocolos de enrutamiento capaces de operar en este tipo de redes. No obstante, son completamente inseguras y confían en que los nodos no actuarán de manera malintencionada. En una red donde no se puede contar con la presencia de servidores centrales, se necesita que los nodos puedan comunicarse sin el riesgo de que otros nodos se hagan pasar por aquellos con quien quieren comunicarse. En una red donde todo el mundo es anónimo conceptos como identidad y confianza deben ser redefinidos.1.2. AODVAd Hoc On-Demand Vector Routing (AODV) es un protocolo de enrutamiento reactivo para redes MANET. Esto significa que AODV no hace nada hasta que un nodo necesita transmitir un paquete a otro nodo para el cual no tiene ruta. AODV sólo mantiene rutas entre nodos que necesitan comunicarse. Sus mensajes no contienen información de toda la ruta, solo contienen información sobre el origen i el destino. Por lo tanto los mensajes de AODV tienen tamaño constante independientemente del numero de nodos de la ruta. Utiliza números de secuencia para especificar lo reciente que es una ruta (en relación con otra), lo cual garantiza ausencia de 'loops' (bucles).En AODV, un nodo realiza un descubrimiento de ruta haciendo un 'flooding' de la red con un mensaje llamado 'Route Request' (RREQ). Una vez llega a un nodo que conoce la ruta pedida responde con un 'Route Reply' (RREP) que viaja de vuelta al originador del RREQ. Después de esto, todos los nodos de la ruta descubierta conocen las rutas hacia los dos extremos de la ruta.2. CONTRIBUTIONS2.1. SAODVSAODV (Secure Ad hoc On-Demand Distance Vector) es una extensión de AODV que protege el mecanismo de descubrimiento de ruta. Proporciona funcionalidades de seguridad como ahora integridad i autenticación.Se utilizan firmas digitales para autenticar los campos de los mensajes que no son modificados en ruta y cadenas de hash para proteger el 'hop count' (que es el único campo que se modifica en ruta).2.2. SAKMSAKM (Simple Ad hoc Key Management) proporciona un sistema de gestión de llaves que hace posible para cada nodo obtener las llaves públicas de los otros nodos de la red. Además, permite que cada nodo pueda verificar la relación entre la identidad de un nodo y la llave pública de otro.Esto se consigue a través del uso de direcciones estadísticamente únicas y criptográficamente verificables.2.2.1. Verificación pospuestaEl método 'verificación pospuesta' permite tener rutas pendientes de verificación. Estas serán verificadas cuando el procesador disponga de tiempo para ello y (en cualquier caso) antes de que esas rutas deban ser utilizadas para transmitir paquetes.2.3. Detección de atajosCuando un protocolo de enrutamiento para redes MANET realiza un descubrimiento de ruta, no descubre la ruta más corta sino la ruta a través de la cual el mensaje de petición de ruta viajó más rápidamente. Además, debido a que los nodos son móviles, la ruta que era la más corta en el momento del descubrimiento puede dejar de ser-lo en breve. Esto causa un retraso de transmisión mucho mayor de lo necesario y provoca muchas más colisiones de paquetes.Para evitar esto, los nodos podrían realizar descubrimientos de atajos periódicos para las rutas que están siendo utilizadas. Este mismo mecanismo puede ser utilizado para 'recuperar' rutas que se han roto.1. BACKGROUND1.1. MANETMANET (Mobile and Ad hoc NETworks) are networks formed by nodes that are mobile. They use wireless communication to speak among them and they do it in an ad hoc manner. In this kind of networks, routing protocols have to be different than from the ones used for fixed networks. In addition, nodes use the air to communicate, so a lot of nodes might hear what a node transmits and there are messages that are lost due to collisions.Nowadays, routing in such scenario has been achieved. Nevertheless, if it has to be broadly used, it is necessary to be able to do it in a secure way. In a network where the existance of central servers cannot be expected, it is needed that nodes will be able to communicate without the risk of malicious nodes impersonating the entities they want to communicate with. In a network where everybody is anonymous, identity and trust need to be redefined.1.2. AODVAd Hoc On-Demand Vector Routing (AODV) protocol is a reactive routing protocol for ad hoc and mobile networks. That means that AODV does nothing until a node needs to transmit a packet to a node for which it does not know a route. In addition, it only maintains routes between nodes which need to communicate. Its routing messages do not contain information about the whole route path, but only about the source and the destination. Therefore, routing messages have a constant size, independently of the number of hops of the route. It uses destination sequence numbers to specify how fresh a route is (in relation to another), which is used to grant loop freedom.In AODV, a node does route discovery by flooding the network with a 'Route Request' message (RREQ). Once it reaches a node that knows the requested route, it replies with a 'Route Reply' message (RREP) that travels back to the originator of the RREQ. After this, all the nodes of the discovered path have routes to both ends of the path. 2. CONTRIBUTIONS2.1. SAODVThe Secure Ad hoc On-Demand Distance Vector (SAODV) is an extension of the AODV routing protocol that can be used to protect the route discovery mechanism providing security features like integrity and authentication.Two mechanisms are used to secure the AODV messages: digital signatures to authenticate the non-mutable fields of the messages, and hash chains to secure the hop count information (the only mutable information in the messages).The information relative to the hash chains and the signatures is transmitted with the AODV message as an extension message.2.2. SAKMSimple Ad hoc Key Management (SAKM) provides a key management system that makes it possible for each ad hoc node to obtain public keys from the other nodes of the network. Further, each ad hoc node is capable of securely verifying the association between the identity of a given ad hoc node and the public key of that node.This is achieved by using statistically unique and cryptographically verifiable address.2.2.1. Delayed VerificationDelayed verification allows to have route entries and route entry deletions in the routing table that are pending of verification. They will be verified whenever the node has spared processor time or before these entries should be used to forward data packages.2.3. Short Cut DetectionWhen a routing protocol for MANET networks does a route discovery, it does not discover the shortest route but the route through which the route request flood traveled faster. In addition, since nodes are moving, a route that was the shortest one at discovery time might stop being so in quite a short period of time. This causes, not only a much bigger end-to-end delay, but also more collisions and a faster power consumption.In order to avoid all the performance loss due to these problems, nodes could periodically discover shortcuts to the active routes that can be used with any destination vector routing protocol. The same mechanism can be used also as a bidirectional route recovery mechanism

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

A two‐step authentication framework for Mobile ad hoc networks

The lack of fixed infrastructure in ad hoc networks causes nodes to rely more heavily on peer nodes for communication. Nevertheless, establishing trust in such a distributed environment is very difficult, since it is not straightforward for a node to determine if its peer nodes can be trusted. An additional concern in such an environment is with whether a peer node is merely relaying a message or if it is the originator of the message. In this paper, we propose an authentication approach for protecting nodes in mobile ad hoc networks. The security requirements for protecting data link and network layers are identified and the design criteria for creating secure ad hoc networks using several authentication protocols are analyzed. Protocols based on zero knowledge and challenge response techniques are presented and their performance is evaluated through analysis and simulation

A spontaneous ad hoc network to share www access

In this paper, we propose a secure spontaneous ad-hoc network, based on direct peer-to-peer interaction, to grant a quick, easy, and secure access to the users to surf the Web. The paper shows the description of our proposal, the procedure of the nodes involved in the system, the security algorithms implemented, and the designed messages. We have taken into account the security and its performance. Although some people have defined and described the main features of spontaneous ad-hoc networks, nobody has published any design and simulation until today. Spontaneous networking will enable a more natural form of wireless computing when people physically meet in the real world. We also validate the success of our proposal through several simulations and comparisons with a regular architecture, taking into account the optimization of the resources of the devices. Finally, we compare our proposal with other caching techniques published in the related literature. The proposal has been developed with the main objective of improving the communication and integration between different study centers of low-resource communities. That is, it lets communicate spontaneous networks, which are working collaboratively and which have been created on different physical places.Authors want to give thanks to the anonymous reviewers for their valuable suggestions, useful comments, and proofreading of this paper. This work was partially supported by the Ministerio de Educacion y Ciencia, Spain, under Grant no. TIN2008-06441-C02-01, and by the "Ayudas complementarias para proyectos de I+D para grupos de calidad de la Generalitat Valenciana" (ACOMP/2010/005).Lacuesta Gilaberte, R.; Lloret, J.; García Pineda, M.; Peñalver Herrero, ML. (2010). A spontaneous ad hoc network to share www access. EURASIP Journal on Wireless Communications and Networking. 2010:1-16. https://doi.org/10.1155/2010/232083S1162010Preuß S, Cap CH: Overview of spontaneous networking-evolving concepts and technologies. In Rostocker Informatik-Berichte. Volume 24. Fachbereich Informatik der Universit at Rostock; 2000:113-123.Gallo S, Galluccio L, Morabito G, Palazzo S: Rapid and energy efficient neighbor discovery for spontaneous networks. Proceedings of the 7th ACM International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems, October 2004, Venice, ItalyLatvakoski J, Pakkala D, Pääkkönen P: A communication architecture for spontaneous systems. IEEE Wireless Communications 2004, 11(3):36-42. 10.1109/MWC.2004.1308947Zarate Silva VH, De Cruz Salgado EI, Quintana FR: AWISPA: an awareness framework for collaborative spontaneous networks. Proceedings of the 36th ASEE/IEEE Frontiers in Education Conference (FIE '06), October 2006 1-6.Feeney LM, Ahlgren B, Westerlund A: Spontaneous networking: an application-oriented approach to ad hoc networking. IEEE Communications Magazine 2001, 39(6):176-181. 10.1109/35.925687Perkins CE, Bhagwat P: Highly dynamic destination-sequenced distance-vector routing (DSDV) for mobile computers. Proceedings of the Conference on Communications Architectures, Protocols and Applications (SIGCOMM '94), August 1994 234-244.Johnson DB, Maltz DA, Broch J: DSR: The Dynamic Source Routing Protocol for Multihop Wireless Ad Hoc Networks, Ad Hoc Networking. Addison-Wesley Longman Publishing, Boston, Mass, USA; 2001.Perkins C, Belding-Royer E, Das S: Ad hoc on-demand distance vector (AODV) routing. RFC 3561, July 2003Park V, Corson MS: IETF MANET Internet Draft "draft-ietf-MANET-tora-spe03.txt". Novemmer 2000.Viana AC, De Amorim MD, Fdida S, de Rezende JF: Self-organization in spontaneous networks: the approach of DHT-based routing protocols. Ad Hoc Networks 2005, 3(5):589-606.Gilaberte RL, Herrero LP: IP addresses configuration in spontaneous networks. Proceedings of the 9th WSEAS International Conference on Computers, July 2005, Athens, GreeceViana AC, Dias de Amorim M, Fdida S, de Rezende JF: Self-organization in spontaneous networks: the approach of DHT-based routing protocols. Ad Hoc Networks 2005, 3(5):589-606.Alvarez-Hamelin JI, Carneiro Viana A, Dias De Amorim M: Architectural considerations for a self-configuring routing scheme for spontaneous networks.,Tech. Rep. 1 October 2005.Lacuesta R, Peñalver L: Automatic configuration of ad-hoc networks: establishing unique IP link-local addresses. Proceedings of the International Conference on Emerging Security Information, Systems and Technologies (SECURWARE '07), October 2007, Valencia, SpainFoulks EF: Social network therapies and society: an overview. Contemporary Family Therapy 1985, 3(4):316-320.Wang Y, Wu H: DFT-MSN: the delay/fault-tolerant mobile sensor network for pervasive information gathering. Proceedings of the 25th IEEE International Conference on Computer Communications (INFOCOM '06), April 2006Kindberg T, Zhang K: Validating and securing spontaneous associations between wireless devices. In Proceedings of the 6th Information Security Conference (ISC '03), 2003. Springer; 44-53.Al-Jaroodi J: Routing security in open/dynamic mobile ad hoc networks. The International Arab Journal of Information Technology 2007, 4(1):17-25.Stajano F, Anderson RJ: The resurrecting duckling: security issues for ad-hoc wireless networks. Proceedings of the 7th International Workshop on Security Protocols, April 1999 172-194.Zhou L, Haas ZJ: Securing ad hoc networks. IEEE Network 1999, 13(6):24-30. 10.1109/65.806983Hauspie M, Simplot-Ryl I: Cooperation in ad hoc networks: enhancing the virtual currency based models. Proceedings of the 1st International Conference on Integrated Internet Ad Hoc and Sensor Networks (InterSense '06), May 2006, Nice, FranceWang X, Dai F, Qian L, Dong H: A way to solve the threat of selfish and malicious nodes for ad hoc networks. Proceedings of the International Symposium on Information Science and Engieering (ISISE '08), December 2008, Shanghai, China 1: 368-370.Kargl F, Klenk A, Weber M, Schlott S: Sensors for detection of misbehaving nodes in MANETs. Detection of Intrusion and Malware and Vulnerability Assessment (DIMVA '04), July 2004, Dortmund, Germany 83-97.Kargl F, Geiss A, Scholott S, Weber M: Secure dynamic source routing. Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS '05), January 2005, Big Island, Hawaii, USAGokhale S, Dasgupta P: Distributed authentication for peer-to-peer networks. Proceedings of the Symposium on Applications and the Internet Workshops, January 2003 347-353.Capkun S, Buttyán L, Hubaux J-P: Self-organized public-key management for mobile ad hoc networks. IEEE Transactions on Mobile Computing 2003, 2(1):52-64. 10.1109/TMC.2003.1195151Stajano F, Anderson R: The resurrecting duckling security issues for ad-hoc wireless networks. In Proceedings of the 7th International Workshop on Security Protocols, 1999, Berlin, Germany, Lecture Notes in Computer Science. Volume 1796. Springer; 172-194.Balfanz D, Smetters DK, Stewart P, Wong HC: Talking to strangers: authentication in ad-hoc wireless networks. Proceedings of the International Symposium on Network and Distributed Systems Security (NDSS '02), February 2002, San Diego, Calif, USABarbara D, Imielinski T: Sleepers and workaholics: caching strategies in mobile environments. Proceedings of the ACM SIGMOD International Conference on Management of Data, May 1994 1-12.Cao G: A scalable low-latency cache invalidation strategy for mobile environments. IEEE Transactions on Knowledge and Data Engineering 2003, 15(5):1251-1265. 10.1109/TKDE.2003.1232276Hu Q, Lee D: Cache algorithms based on adaptive invalidation reports for mobile environments. Cluster Computing 1998, 1(1):39-50. 10.1023/A:1019012927328Jing J, Elmagarmid A, Helal A, Alonso R: Bit-sequences: an adaptive cache invalidation method in mobile client/server environments. Mobile Networks and Applications 1997, 2(2):115-127. 10.1023/A:1013616213333Kahol A, Khurana S, Gupta S, Srimani P: An efficient cache management scheme for mobile environment. Proceedings of the 20th International Conference on Distributied Computing System (ICDCS '00), April 2000, Taipei, Taiwan 530-537.Kazar M: Synchronization and caching issues in the Andrew file system. Proceedings of USENIX Conference, February 1988, Dallas, Tex, USA 27-36.Roussopoulos M, Baker M: CUP: controlled update propagation in peer-to-peer networks. Proceedings of USENIX Annual Technical Conference, June 2003, San Antonio, Tex, USASandberg S, Kleiman S, Goldberg D, Walsh D, Lyon B: Design and implementation of the sun network file system. Proceedings of USENIX Summer Conference, June 1985, Portland, Ore, USA 119-130.Wu K, Yu PS, Chen M: Energy-efficient caching for wireless mobile computing. Proceedings of the 12th IEEE International Conference on Data Engineering, February-March 1996, New Orleans, La, USA 336-343.Yeung MKH, Kwok Y-K: Wireless cache invalidation schemes with link adaptation and downlink traffic. IEEE Transactions on Mobile Computing 2005, 4(1):68-83.Wessels D, Claffy K: Internet cache protocol (IC) v.2. http://www.ietf.org/rfc/rfc2186.txtFan L, Cao P, Almeida J, Broder AZ: Summary cache: a scalable wide-area web cache sharing protocol. IEEE/ACM Transactions on Networking 2000, 8(3):281-293. 10.1109/90.851975Dykes SG, Robbins KA: A viability analysis of cooperative proxy caching. Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM '01), April 2001, Anchorage, Alaska, USA 3: 1205-1214.Wessels D, Claffy K: RFC 2186: Internet cache protocol (ICP), version 2. The Internet Engineering Taskforce, September 1997Wessels D, Claffy K: RFC 2187: application of internet cache protocol (ICP), version 2. The Internet Engineering Taskforce, September 1997Ren Q, Dunhan MH: Using semantic caching to manage location dependent data in mobile computing. Proceedings of the 6th Annual International Conference on Mobile Computing and Networking, August 2000, Boston, Mass, USA 210-221.Lim S, Lee W-C, Cao G, Das CR: Cache invalidation strategies for internet-based mobile ad hoc networks. Computer Communications 2007, 30(8):1854-1869. 10.1016/j.comcom.2007.02.020Park B-N, Lee W, Lee C: QoS-aware internet access schemes for wireless mobile ad hoc networks. Computer Communications 2007, 30(2):369-384. 10.1016/j.comcom.2006.09.004Hara T: Effective replica allocation in ad hoc networks for improving data accessibility. Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM '01), April 2001, Anchorage, Alaska, USA 1568-1576.Papadopouli M, Schulzrinne H: Effects of power conservation, wireless converage and cooperation on data dissemination among mobile devices. Proceedings of the ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc '01), October 2001, Long Beach, Calif, USA 117-127.Can P, Irani S: Cost-aware WWW proxy caching algorithms. Proceedings of the USENIX Symposium on lnternet Technology and Systems, December 1997Rizzo L, Vicisano L: Replacement policies for a proxy cache. IEEE/ACM Transactions on Networking 2000, 8(2):158-170. 10.1109/90.842139Williams S, Abrams M, Strandridge CR, Abdulla G, Fox EA: Removal policies in network caches for world-wide web documents. Proceedings of the ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, August 1996, Palo Alto, Calif, USA 293-305.Hara T: Replica allocation in ad hoc networks with period data update. Proceedings of the 3rd International Conference on Mobile Data Management (MDM '02), July 2002, Edmonton, Canada 79-86.Papadopouli M, Schulzrinne H: Effects of power conservation, wireless coverage and cooperation on data dissemination among mobile devices. Proceedings of the ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc '01), October 2001, Long Beach, Calif, USA 117-127.Sailhan F, Issarny V: Cooperative caching in ad hoc networks. Proceedings of the 4th International Conference on Mobile Data Management (MDM '03), January 2003, Melbourne, Australia, Lecture Notes in Computer Science 2574: 13-28.Yin L, Cao G: Supporting cooperative caching in ad hoc networks. IEEE Transactions on Mobile Computing 2006, 5(1):77-89.Karumanchi G, Muralidharan S, Prakash R: Information dissemination in partitionable mobile ad hoc networks. Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems (SRDS '99), October 1999, Lausanne, Switzerland 4-13.Corson MS, Macker JP, Cirincione GH: Internet-based mobile ad hoc networking. IEEE Internet Computing 1999, 3(4):63-70. 10.1109/4236.780962Lim S, Lee W-C, Cao G, Das CR: A novel caching scheme for improving internet-based mobile ad hoc networks performance. Ad Hoc Networks 2006, 4(2):225-239. 10.1016/j.adhoc.2004.04.013Opnet Modeler http://www.opnet.com/solutions/network_rd/modeler_wireless.htmlLacuesta R, Lloret J, Garcia M, Peñalver L: Two secure and energy-saving spontaneous ad-hoc protocol for wireless mesh client networks. Journal of Network and Computer Applications. In pres

A robust self-organized public key management for mobile ad hoc networks

A mobile ad hoc network (MANET) is a self-organized wireless network where mobile nodes can communicate with each other without the use of any existing network infrastructure or centralized administration. Trust establishment and management are essential for any security framework of MANETs. However, traditional solutions to key management through accessing trusted authorities or centralized servers are infeasible for MANETs due to the absence of infrastructure, frequent mobility, and wireless link instability. In this paper, we propose a robust self-organized, public key management for MANETs. The proposed scheme relies on establishing a small number of trust relations between neighboring nodes during the network initialization phase. Experiences gained as a result of successful communications and node mobility through the network enhance the formation of a web of trust between mobile nodes. The proposed scheme allows each user to create its public key and the corresponding private key, to issue certificates to neighboring nodes, and to perform public key authentication through at least two independent certificate chains without relying on any centralized authority. A measure of the communications cost of the key distribution process has been proposed. Simulation results show that the proposed scheme is robust and efficient in the mobility environment of MANET and against malicious node attacks