Ad hoc network security

Security is a basic requirement for mobile ad hoc networks (MANETs) in order for users to perform protected peer-to-peer communication over multi-hop wireless channel. Depending on the application context, a user may desire various security services such as confidentiality, authentication, integrity, nonrepudiation, and access control. As a basis to support these services, the functionality of a MANET to deliver data bits from one node to another must be protected at the first place. Unlike wired networks that have dedicated routers, MANET has no infrastructure support; each mobile node may function as a router and forward packets for other nodes. The wireless medium is open and incurs far more dynamics than in wired networks. These characteristics present a set of unique challenges to secure a MANET: • No clear line of defense - MANET does not offer a clear line of defense. There is no well-defined place/infrastructure where we may deploy a single security solution. Moreover, the wireless channel is accessible to both legitimate users and malicious attackers. The boundary that separates the inside network from the outside world becomes blurred. • Resource constraints - the wireless channel is bandwidth constrained and shared among multiple networking entities. The computation and energy resources of a mobile node are also constrained. For example, although some devices, such as notebook computers, may be capable of performing computation-intensive tasks, other low-end devices, such as personal digital assistants (PDAs), may have limited computation capability and energy supply. Network dynamics - the topology of MANETs is highly dynamic as nodes freely roam in the network, join or leave the network on their own will, and fail occasionally. The wireless channel is also subject to interferences and errors, exhibiting volatile characteristics in terms of bandwidth and delay. Despite such dynamics, mobile users roaming in the network may request for anytime, anywhere security services. • Device compromise or theft - portable devices, as well as the system security information they store, are vulnerable to compromises, especially for those low-end devices with weak protection. These subverted nodes may further pose as the weakest link in the system and incur the domino effect for security breaches. Security solutions for MANET have to meet the following design goals while addressing the above mentioned challenges: • Comprehensive protection - the solution should thwart threats from both outsiders, which launch attacks on the wireless channel and network topology, and insiders, which sneak into the system through compromised or stolen devices and gain access to certain system knowledge. • Efficiency - the solution should be efficient in terms of communication overhead and energy consumption and computationally affordable by a portable networking device. • Scalability - the design should scale well to a large number of nodes in terms of state maintenance complexity, packet exchange amount, etc. • Robustness - the design should adapt well to channel errors and network dynamics due to node mobility, arrival, departure, failure, etc. • Availability - the security service should be highly available to network nodes at any time and at any place. In this chapter, we survey the state-the-art solutions for securing a MANET. We describe the main designs of these solutions, critique their strength and limitations, and identify a few new directions for future research. The rest of the chapter is organized as follows: • Section 22.1 provides an overview. • Section 22.2 discusses the link-layer security solutions that ensure one-hop connectivity. • Section 22.3 describes the proactive and reactive approaches to securing routing protocols and packet forwarding operations. • Section 22.4 further describes solutions for key management, a critical supporting subsystem. • Section 22.5 identifies possible future directions.