Secure, Disjoint, Multipath Source Routing Protocol(SDMSR) for Mobile Ad-Hoc Networks

Sebastien Berton, Hao Yin and Chuang Lin Department of Computer Science Tsinghua University, Beijing, China sebastien.berton@free.fr, {h-yin,chlin}@tsinghua.edu.cn Geyong Min Department of Computing, University of Bradford, Bradford, United Kingdom G.Min@Bradford.ac.uk

Abstract
Mobile Ad-hoc Network (MANET) is an appealing technology that has attracted lots of research efforts over past years. Although the principle of wireless, structure-less, dynamic networks is attractive, there are still some major aws that prevent commercial expansion. Security is one of these main barriers; MANETs are known to be particularly vulnerable to security attack. One solution proposed to increase security resilience is to use multipath routing algorithms [1]. However multipath routing also introduces new challenges in terms of security and security overhead. In this paper we consider the problem of secure routing in fully distributed MANETs using multipath routing. After studying the effect of multipath in terms of security, we propose an efcient multipath heuristic and a new approach to protect the route discovery called SDMSR to secure the routing protocol while mitigating security overhead. Index Terms MANET, multipath, security, routing.

1. Introduction
Dynamic topology, limited throughput and limited transmission range make packet routing in MANETs a challenging task. The rst generation of ad-hoc routing protocols [2][3] achieved the establishment of a single path between two distant end-hosts in a fully cooperative environment. Experience proved that the assumption of a cooperative network is unrealistic. Thus many efforts have been spent to secure these protocols, to provide trust establishment[4], key agreement[5], routing message integrity[6][1][7] and node misbehavior detection[8][9]. However the repudiation attacks problem have not

been solved for single path algorithm. Repudiation attacks form a generic class of attacks with the goal to cut or corrupt the transmission between two nodes [10][11]. In a single path routing environment, even if repudiation attack can be detected using misbehavior detection, the source node will have to start over again the route discovery which increases latency and consumes network resources. Multipath routing algorithms have been developed independently of security concerns to increase network aggregated throughput [12] or create soft QoS framework [13]. Multipath routing applied to security can have a signicant impact on the network robustness to repudiation attacks. As more than one path is maintained between end hosts, if a path is victim of a repudiation attack; the protocol can effortlessly drop the path without having to start over an expensive route discovery. Also as path discovery involved in multipath routing is more thorough, the network is also less inuenced by rushing attacks [11]. Nevertheless this robustness comes with one constraint. The paths between the end-hosts must be disjoint, i.e., the different paths do not have nodes in common. One can clearly see in the example depicted Figures 1 and 2 that joint nodes in a multipath are creating bottlenecks which have impact on the overall performance and can be exploited by malicious users. The paths between nodes are decided at the route discovery process in the routing protocol. The route discovery mechanisms in ad-hoc routing protocols all involve network-wide broadcasting. This is a particularly dangerous tool in the hand of a malicious user who can easily create network-wide Denial-of-Service (DoS) attacks. Either the attacker can make the other nodes repeatedly perform route discovery using the techniques presented previously or they can directly ood the network with bogus requests.

Proceedings of the Fifth International Conference on Grid and Cooperative Computing (GCC'06) 0-7695-2694-2/06 $20.00 2006
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR. Downloaded on July 13,2010 at 06:31:28 UTC from IEEE Xplore. Restrictions apply.

Fig. 1.

Two disjoint paths between S and D.

Fig. 2.

Two joint paths between S and D.

Single route secure protocols only provide end-toend authentication and integrity so the route requests are actually veried when they reach the destination. Whereas this prevents the selection of a bad route, it does not protect again request ooding. The cost of discovering multiple disjoint paths is higher than the cost to discover one path. So multipath routing is even more sensitive to network ooding DoS attacks. Multipath routing is hence a double edge weapon which on one side can increase the robustness to repudiation attacks and the other side decrease the resistance to network-wide DoS attacks. The achievements of our work are 1) a new multipath protocol, which increases the probability of nding disjoint paths while preserving a low control message number overhead, and 2) a new approach to efciently protect the routing discovery in a fully distributed environment and to lower the overhead of security on the network when there is no attack. This paper is organized as follow, the previous work is presented Section 2. Then an overview of our approach is given Section 3. In Section 4, the key features of SDMSR are described. In section 5 the security of the protocol is analyzed and in Section 6 a few early experiments are presented to evaluate our scheme.

are done on these routes and as demonstrated in Section 3 the probability of joint paths is high. In [12], a few modications were done to improve this basic behavior. The protocol, called MDSR, improves the probability of obtaining disjoint paths using a greedy algorithm at the source nodes. The algorithm dynamically chooses 2 disjoints paths as the route replies are coming back to the source. The number of routes maintained at each node is limited to 2 in order to prevent route reply storm [3] and uncontrolled bytes overhead. However, This scheme is still limited by the DSR route request propagation paradigm, i.e., MDSR cannot nd more routes than the ones discovered by the route requests. The authors of the Split Multipath Routing(SMR) protocol [14] propose a route discovery algorithm that ensure to nd the maximally disjoint paths between two end-hosts. During one route discovery, the nodes are allowed to forward every route requests that are arriving from different link. This algorithm has the advantage of nding a large panel of disjoint path between two points. However, in the worst case, i.e., in a high density network where N nodes can listen one to each other, the number of route requests propagated is N (N 1) which is unacceptable. The algorithm presented [15], has a maximal disjoint path discovery rate. However as shown in [16], the packet overhead is even higher than SMR.

2.2. Secure multipath protocols

SRP[1] is an overlay security layer for already existing routing protocol such as DSR. The protocol bases its security on the assumption that the source and the destination share an authentication primitive. The routing messages are protected by nodes endto-end authentication. SRP uses the route redundancy between the two end-hosts to increase the robustness against malicious nodes. The network is protected against ooding of route requests by limiting the rate of route request processed at each node. The problem is that the neighbors are not authenticated so a malicious node can blackmail other nodes by sending forged route requests. Besides, SRP does not make any assumption on the route request propagation algorithm as it is using the underlying protocols one which is not optimized to nd disjoint paths. The protocol presented in [17] introduced a security framework for multipath routing in ad-hoc network. Their main contribution concerns neighbors authentication. Every node in the network periodically authenticates its neighbors using elliptic curve digital signatures. Each node that passes the authentication test is stored in a neighbors table. Then the nodes

2. Related Works
In this Section we rst consider the previous work concerning multipath route discovery algorithm and then we study the work accomplished to protect multipath routing protocol.

2.1. Multipath routing algorithm

The routing protocol DSR[3] has an option to store multiple paths in each node so they can switch route without doing an expensive discovery route process when a route fails. However, no particular assumptions

Proceedings of the Fifth International Conference on Grid and Cooperative Computing (GCC'06) 0-7695-2694-2/06 $20.00 2006
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR. Downloaded on July 13,2010 at 06:31:28 UTC from IEEE Xplore. Restrictions apply.

trust without any cryptographic test every packet from nodes that are in their neighbors table. Even if this neighbors authentication method protects against long term impersonation, a malicious node can uses the identity of any neighbors to propagate bogus route request and ood the network.

3. Overview
The rst objective is to build an effective multipath algorithm, which has a good trade-off between detecting a high rate of disjoint paths and packet overhead. Our algorithm is based on DSR [3] since source routing protocol is easy to be adapted into multipath protocol. As the path is included in each packet, it is easy to build loop free route even in a multipath algorithm. Vector-based protocols as AODV[2] involve more complex algorithms and have difculty to keep the loop-free property [18]. The study on request propagation in the network during a DSR route discovery revealed some characteristics which prevent the basic route discovery to nd disjoint multipath. Figure 3 represents a common situation encountered during our test. The source node S rst broadcasts a route request, node 1 rebroadcasts the request but for some reasons (possibly contention due to the propagation of the request in the rest of the network) node 2 has to back-off its route request broadcast. Following the algorithm, node 3 also propagates the request and node 4 receives it. The node 4 thus ignores the request from node 2 when it arrives. As a result only two strongly joint paths are discovered by the algorithm.

A slightly similar problem is that, depending on the contention and the current topology of the network, a request on a path can arrive in advance by comparison with the requests propagated in the rest of the network. This request will be propagated in the destination neighborhood as described Figure 4. The consequence is that request from over nodes will be discarded by the neighbors of the destination point, hence decreasing the probability of disjoint paths in the network.

Fig. 4. Last-hop DSR request propagation pattern. This behavior can be optimized very simply by using the MAC sub-layer neighbors acknowledgement. When receiving a request, a node rst probes its MAC layer to see if the destination is in its neighborhood. If this is the case, the nodes unicasts the request to the destination. The combination of these two simple heuristics leads two a very good trade-off between disjoint route discovery and routing message overhead. The second step is to prevent a malicious node to use the route discovery mechanism to perform networkwide DoS attack. The scheme proposed here, while providing strong security, decrease the burden of the security on the nodes when there is no attack on the network. This feature is obtained by combining a high-cost but secure threshold encryption scheme (n,2) and a low-cost one-way hash chain function[19]. The threshold signature scheme is used to do pairwise authentication between nodes during their rst communication. During this exchange sender S gives a one-way hash key to the receiver R. In later exchanges between S and R, S authenticates each packet with a new hash key so the receiver can use it to authenticate the message. If the receiver misses a message from the source, it can use the threshold signature to actualize its hash key. This scheme works very well with the route discovery process as each request is supposed to be received by every node in the network. If a hash key chain is reserved to only secure the route request, in theory the threshold signature would be used only for the rst route request discovery. The efciency of

Fig. 3.

Example of DSR route discovery.

In this example we can see that nodes that rebroadcasts quickly a request can shadow other shorter paths. To mitigate this phenomenon we alter the route discovery algorithm so that each node forwards a request if it is the rst one or if the path of the incoming request is shorter than the precedent one. Using this simple heuristic we only increase a little the message overhead, but the extra messages are crucial for a uniform propagation of the route request in the network.

Proceedings of the Fifth International Conference on Grid and Cooperative Computing (GCC'06) 0-7695-2694-2/06 $20.00 2006
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR. Downloaded on July 13,2010 at 06:31:28 UTC from IEEE Xplore. Restrictions apply.

this technique applied to route reply and route error protection is more mitigated. Indeed, route replies and errors are unicasted rather than broadcasted so even if promiscuous overhearing is used, the nodes outside the radio range of the route reply sender loose synchronization.

4. Protocol details
4.1. Assumptions
This security framework is built on a few assumptions about the nodes in the MANET. First, the link between the nodes are considered bidirectional. Even if in theory DSR can work on unidirectional [3] links, the practical implementation of this protocol uses bidirectional links. Then, every node possesses a share of a global private key Sk that has been shared using a RSA-TC(l,2) scheme[20]. We also assume that all the participating nodes have access to the global public key. And at last, our scheme bases its performance on the assumption that the network is globally collaborative and that it is attacked only a negligible part of the time.

introduced by Lamport [19] to build a basic but secure authentication scheme. The goal here is to provide strong initial security and then to have an inexpensive way to authenticate already known nodes. Under the assumption that the network is under attack only a negligible part of the time we obtain a secure and low overhead scheme. For the sake of simplicity, we call the signatures obtained by the RSA-TC(n,2) Threshold signatures and the signatures obtained with Hash chain symmetric encryption are called Hash signatures. 4.3.1. RSA-threshold scheme (n,2) A private key SK is split and shared by all the nodes in the network. Using the property of the threshold schemes, two nodes can rebuild the signature and check it with a public key. When a node wants to communicate with another one, it signs the message with the partial signature corresponding to its key. When the message arrives at the receiver, the node also signs the message with its own key and then checks with the public key the authenticity of the message. So every node which has a share of the secret key can identify the sender. 4.3.2. One-way hashing chain Each node i keeps two one-way hashing chains i RQi and RPk . These chains are used to provide a k low overhead authentication for the nodes which are synchronized. Each time a control message is sent, it is also signed with RXk (RQk for the route request and RPk for the route reply.) using symmetric encryption. So when a node j receives a control message from i, if i it does not have a previous key RXk1 , it veries the i threshold signature, and stores RXk . if the node has i a key RXk1 from a previous exchange it uses it to authenticate the message and such avoids an expensive digital signature verication. We separate the key for the route request and the route replies because the route request are received by all the nodes in the network and thus synchronization is more stable than for route replies which are only local and thus that need to be updated more often. We now describe more in details how these two schemes are used in a route discovery.

4.2. Multipath Algorithm

In our algorithm, we aim to nd a trade-off between the number of route request and the number of disjoint paths discovered. To achieve this, the following modication are done to DSR. Each node forwards not only the rst RREQ (Route Request) they receive, but also any RREQ with a smaller path than the precedent one. The second modication is that before sending the RREQ, the nodes use MAC layer detection to see if the destination node is in their neighborhood. In this case, the nodes unicast the RREQ to the destination. The destination node answers all the requests by a route reply. Then the path are selected the source using an extension to the algorithm presented in [12]. The number of routes cached in each node can be limited to reduce the route discovery overhead.

4.3. Keys management 4.4. Route Discovery Process

In [6], the authors rely on a trusted third party (TTP) to distribute the keys. As MANETs are usually totally distributed, the assumption of a TTP is not realistic, so in this paper we want to nd alternative ways to establish the trust between the nodes in the network. We investigate the combination of a threshold cryptography scheme (n,2) as described in [20] and one-way hash chain that has rst been Each RREQ is uniquely identied by the originator IP address and a broadcast id as specify in [3]. The route path discovery start with a route request (RREQ) propagation in the network. the request is signed twice. Once with the partial threshold key sks and once with the current hash chain key RQSource . i Upon receiving such a route request, a node rst

Proceedings of the Fifth International Conference on Grid and Cooperative Computing (GCC'06) 0-7695-2694-2/06 $20.00 2006
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR. Downloaded on July 13,2010 at 06:31:28 UTC from IEEE Xplore. Restrictions apply.

checks if it knows the previous hash key(RQSource ) i1 from a previous route request. If the hash key is known, the node only checks the MAC of the message otherwise the node veries the digital signature. In any case the node stores the RQs . The node adds its route i address to the path in the message and rebroadcasts it again. When the destination receives the RREQ it also checks for source identity and then reverses the route inside the route request and unicasts a reply with its own signatures. Each intermediary node on the reply path adds its own signature to the packet so that every nodes in the neighborhood which overhears the packet can update its hash key. Note that at each intermediary node after the rst one, the node replaces the signature of the previous node so at a intermediary node I.

4.5. Route Maintenance

The route maintenance work is almost the same as described in the DSR protocol [3]. The only change is that those route error requests are identied using threshold cryptography. Note that it is unsecured to use hash signature with route error due to a synchronization problem (see Section 5).

4.6. Mutable Fields protection

In DSR, only a few elds are mutable; the main one is the DSR route request nodes list and in every packet the IP Time-To-Live eld. Attempt to meddle with the path nodes list can be successfully prevented by the watchdog, but the TTL eld must have better protection to avoid Repeat Attack (see Section 5 for more details). A malicious node should not be able to simulate a shorter path than the actual one. We use the scheme developed in [21] to secure the minimum length of the path. The algorithm is also based on oneway hash chain keys and prevent any node to shorten the TTL of a packet.

4.7. Key distribution

At the network bootstrapping, every nodes need a shared key ski to be able to start to communicate. Then shared keys can be updated collaboratively using the key update protocol proposed in [22].

5. Security Analysis
In [23] a comprehensive description of security attacks against ad hoc networks is presented, we are using the same classication to check the security of

our mechanisms: Threats using modication. Theses threats relate to the modication of the routing message elds in order to drop, redirect routing packet or create routing loop. The non-mutable elds in our packet are protected by the authentication schemes. The mutable elds are however vulnerable, especially the path eld in the route request can be altered. However, the mechanism presented in 4-6 prevent an attacker from shortening the route request. An attacker can insert virtual nodes or external nodes to the path. As theses nodes are not authenticated they will be discarded during the route reply. The attacker can also perform a rushing attack by propagate quickly a request with a bad path so most of the nodes in the network will broadcast this route request instead of legitimate on. In our route request algorithm the nodes also propagate any request with a shorter path; as attacker cannot shorten the path of the requests it receives, there is a high probability that a legitimate RREQ reaches the destination in spite of the attack. The attacker can also make the path longer to avoid being chosen on the path. Selsh behavior necessitate complex misbehavior detection system, also they are not harmful for the network as long as only a few nodes adopt this behavior. We do not consider selshness in this paper. A node on the path can dropped packets or corrupted them on purpose so they are dropped later. No specic scheme is used to prevent such a behavior, resilience to such misbehaviors is ensured by the multipath algorithm. As the path discovery algorithm attempts to maximize the number of path between the source and the destination, the impact of misbehaving individual nodes is lessen. Threats using fabrication. An attacker can ood the network with many route requests. As the requests are systematically veried, the attacker cannot achieve network wide attack. However this technique can be used to force a node to perform lots of expensive authentications operations and brings it to exhaustion. The efciency of this attack can be lessening by bounding the sending rate of route requests. As the route discovery algorithm permits a node to send several times the same route request (with the same hash key), an attacker node can repeat a request forge with the hash key to the node. But as each route request forwarded must have a shorter route than the preceding, the effect of this attack is very limited. A node can try to use old hash key to forge and send packet toward partitioned nodes that have lost synchronization. This attack can be limited by using short hash chain so all the nodes are regularly reauthorized and resynchronized. Threats using impersonation. The use of thresh-

Proceedings of the Fifth International Conference on Grid and Cooperative Computing (GCC'06) 0-7695-2694-2/06 $20.00 2006
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR. Downloaded on July 13,2010 at 06:31:28 UTC from IEEE Xplore. Restrictions apply.

old cryptography makes the impersonation attacks as difcult as the underlying RSA problem. Lack of cooperation. A node can choice to simply not participate in the routing path discovery to save the computation power and energy. Selsh behaviors necessitate misbehavior detection system and are considered outside the scope of this paper. Wormhole attack. Wormhole attacks are particularly powerful and difcult to prevent attacks. More information about wormholes and how to protect the network against them can be found in [24]

simple communication between two nodes over 15 min. We tried different congurations, two of them are depicted Figure 5. On these plots an arrow coming from a node A and pointing a node B means that the node B have received a route request from A and did not discard it.

6. Experiments
6.1. Multipath algorithm
We focus here on the number of RREQs sent and the pattern of RREQ propagation in the network during a simple communication. As MDSR (Section 2) doesnt change the DSR RREQ propagation model, it is assumed as the DSR protocol here. Table 1. Number of route request sent in one route discovery.
l DSR MSR SDMSR 20 2 286 2 30 2 143 2 50 51 1307 49 80 51 146 54 100 51 150 52 110 79 39377 56

Fig. 5. RREQ propagation pattern of DMDSR(1, 1bis) and DSR(2, 2bis). The rst strangeness we found is that in the DSR plots several arrows were pointing to the same nodes which means that a node was forwarding more than one RREQ. The inspection of the traces revealed that even in this simple communication paradigm, DSR needs to restart 4 or 5 times the route discoveries to reach the destination nodes. In comparison DMDSR only use 1 or 2 route discovery. Our analysis of such a phenomenon is that in DSR, when a node which is not on the direct trajectory to the destination is the rst to rebroadcast the route request; the whole neighborhood is biased to a wrong direction and then the route request just reaches is max hop numbers and fails. By also forwarding shortest path request we avoid such a behavior. The last-hop unicast is useful to avoid too many trash routes due to the route request broadcast around the destination. We can see on Figure 5 that the DMDSR lead to a more uniform request propagation patterns than DSR so the probability of nding disjoint path is increased. Not uniform distribution means that the propagation is biased in some particular directions and so that the number of disjoint path is not optimal.

Table 1 shows the number of requests sent in a simple route discovery between two points inside a square network topology containing 49 nodes. The results have been computed by simulation using ns2, the radio radius has been kept xed at 250 meters and we measured the number of request relatively to the inter-nodes distance. The original DSR implementation reacts has expected. Only at the limit of the transmission range the number of request increases due to route failures. We then modied DSR to follow the MSR route discovery algorithm, as the number of route request is signicantly superior to DSR but more importantly, we can see that in certain case the number of request explodes and follows the worst case scenario. SDMSR sends globally the same number of RREQ as DSR during the communication, even if the RREQ forwarding policy increases the number of request, the last-hop unicast lessens the overall number of broadcast so globally our mechanism has a equivalent overhead to the original protocol. We now want to study the propagation pattern of the RREQs in the network. The same square topology is used. The inter-node distance is xed to 110 meters and the radio radius is still 250 meters. We make a

6.2. Threshold signature vs. Hash Chain signature

In this part we study the proportion of packets signed with threshold signature in comparison with

Proceedings of the Fifth International Conference on Grid and Cooperative Computing (GCC'06) 0-7695-2694-2/06 $20.00 2006
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR. Downloaded on July 13,2010 at 06:31:28 UTC from IEEE Xplore. Restrictions apply.

hash chain signature. This rate is important because it is justifying our double encryptions mechanism. We measured this rate in an ns-2 simulation. 50 nodes are moving randomly on a 1500x300 at topography during 15 minutes, and 20 communications are initiated during this period. We measure the rreq rate against the pause time indicator.The pause time is dened by the period the nodes stop between two movements. This is a broadly used indicator to evaluate the performance of a protocol in respect to the dynamical characteristic of the network.

As expected the result of our mechanism is more mitigated with the route replies. Figure 7 shows that only half of the route replies can be veried using the hash key.

7. Performance analysis
In this section, we try to estimate the performance of secure DMDSR. Table 2 shows the gain of using a combined cryptosystem over a system based on a pure RSA-TS. As symmetric encryption has several magnitudes less overhead than asymmetric encryption[25][26]. The gain in performance is signicant. Besides the symmetric keys dont need long keys has the keys are always updated; well-known encryption techniques as SHA-1 (128 bits) can be used without lowering the systems security. Table 2. Gain estimation on P3-997MHz in msecs(key length:512bits).
Pure RSA-TS(2,k) 14 Secure DMDSR 6.33

Fig. 6. Number of RREQ signed with hash signature and with threshold signature.

Table 3 represents an estimation of the delay overhead introduced by the Secure DMDSR security scheme on the route propagation. The delays are computed for a scenario containing 50 nodes, 30 sources which send packets at a rate of 4 pkt/sec and with a pause time of 300s; we assume a average number of hop of 4. The practical values come from a previous DSR performance evaluation[27]. Table 3.
DSR 500 ms

Delay overhead estimation.

Secure DMDSR 525ms +5%

DSR + threshold cryptography 560ms +12%

From this estimation we can see that the use of a combine authentication scheme can have a signicant impact on the delay overhead. Fig. 7. Number of RREP signed with hash signature and with threshold signature. Figure 6 shows the number of RREQ signed with hash signatures compared to the number of RREQ signed with threshold signature. We can clearly see that a signicant proportion (approximately 5 out of 8) of RREQ can be veried with a hash signature which validates our preliminary analysis. We can remark that even if the global number of request increase, the proportion of verication is constant as the network becomes more dynamic.

8. Conclusion
In this article, the benet of multipath routing in MANETs is analyzed. Multipath routing can increase the routing protocol robustness against repudiation attacks however the route discovery is still vulnerable to be attacked. This study leads to the design of a new routing algorithm, which provides a good trade-off between maximally disjoint paths and message overhead. A new security framework is also presented to protect this routing algorithm. The main objective is

Proceedings of the Fifth International Conference on Grid and Cooperative Computing (GCC'06) 0-7695-2694-2/06 $20.00 2006
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR. Downloaded on July 13,2010 at 06:31:28 UTC from IEEE Xplore. Restrictions apply.

to provide high security while lowering the overhead when the network is not attacked. Early experiments showed that while the overhead on route replies and error protection is not optimal, our double encryptions scheme is efcient to lower the security overhead on the route requests propagation. The RSA-TS crytosystem have a high overhead and is not the most adapted for MANETs. As pointed in [28], the solution might be to use Threshold Elliptic Curves Encryption.

TR01384, Department of Computer Scince, Rice University, June 2002. [12] S. Lin, Y. Wang, S. Mao, and S. Panwar. Video transport over ad-hoc networks using multiple paths. In IEEE International Symposium on Circuits and Systems, volume 1, pages 5760, 2002. [13] R. Leung, J. Liu, E. Poon, A. Chan, and B. Li. Mp-dsr: A qos-aware multi-path dynamic source routing protocol for wireless ad-hoc networks. In Proceedings of 26th Annual IEEE Conference on Local Computer Networks (LCN01), 2001. [14] S. Lee and M. Gerla. Split multipath routing with maximally disjoint paths in ad hoc networks. In Proceedings of the IEEE ICC, pages 32013205, 2001. [15] Mike Burmester and Tri Van Le. Secure multipath communication in mobile ad hoc networks. itcc, 02:405, 2004. [16] Douligeris C. Mavropodi R., Kotzanikolaou P. Performance analysis of secure multipath routing protocols for mobile ad hoc networks. WICC, 3510:269278, 2005. [17] Panayiotis Kotzanikolaou, Rosa Mavropodi, and Christos Douligeris. Secure multipath routing for mobile ad hoc networks. wons, 00:8996, 2005. [18] Stephen Mueller, Rose P. Tsang, and Dipak Ghosal. Multipath routing in mobile ad hoc networks: Issues and challenges. Lecture Notes in Computer Science, 2965:209234, 1 2004. [19] Leslie Lamport. Password authentication with insecure communication. Commun. ACM, 24(11):770772, 1981. [20] Victor Shoup. Practical threshold signatures. Lecture Notes in Computer Science, 1807:207??, 2000. [21] Manel Guerrero Zapata. Secure ad hoc on-demand distance vector routing. SIGMOBILE Mob. Comput. Commun. Rev., 6(3):106107, 2002. [22] Amir Herzberg, Stanislaw Jarecki, Hugo Krawczyk, and Moti Yung. Proactive secret sharing or: How to cope with perpetual leakage. Lecture Notes in Computer Science, 963:339352, 1995. [23] P. Michiardi and R. Molva. Ad hoc network security, 2003. [24] Adrian Perrig, Yih-Chun Hu, and David B. Johnson. Wormhole protection in wireless ad hoc networks. Technical Report TR01-384, Department of Computer Science,Rice University, 2001. [25] Nitesh Saxena, Gene Tsudik, and Jeong Hyun Yi. Admission control in peer-to-peer: design and performance evaluation. In SASN 03, pages 104113, New York, NY, USA, 2003. ACM Press. [26] Michael Roe. Performance of symmetric ciphers and oneway hash functions. In Fast Software Encryption, Cambridge Security Workshop, pages 8389, London, UK, 1994. SpringerVerlag. [27] Samir Ranjan Das, Charles E. Perkins, and Elizabeth E. Royer. Performance comparison of two on-demand routing protocols for ad hoc networks. In INFOCOM (1), pages 312, 2000. [28] L. Ertaul and N. Chavan. Security of ad hoc networks and threshold cryptography. In Wireless Networks, Communications and Mobile Computing, volume 1, pages 6974, 2005.

9. Aknowledgment
The research was supported in part by grants from NSF China under contracts 60429202, 60372019, 60473086 and 60432030.

10. References
[1] P. Papadimitratos and Z. Haas. Secure routing for mobile ad hoc networks. In Proceedings of SCS Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002)., 2002. [2] C. Perkins. Ad-hoc on-demand distance vector routing. In MILCOM 97, panel on Ad Hoc Networks, 1997. [3] D. Johnson, D. Maltz, and J. Broch. DSR The Dynamic Source Routing Protocol for Multihop Wireless Ad Hoc Networks, chapter 5, pages 139172. Addison-Wesley, 2001. [4] Rekesh Babu Bobba, Laurent Eschenauer, Virgil Gligor, and William Arbaugh. Bootstrapping security associations for routing in mobile ad-hoc networks, May 2002. [5] Jiejun Kong, Petros Zerfos, Haiyun Luo, Songwu Lu, and Lixia Zhang. Providing Robust and Ubiquitous Security Support for Wireless Mobile Networks. In Ninth Internation Conference on Network Protocols (ICNP01), pages 251260, 2001. [6] Yih-Chun Hu, Adrian Perrig, and David B. Johnson. Ariadne: A secure on-demand routing protocol for ad hoc networks. In Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (MobiCom02), pages 1223, 2002. [7] Y. Hu, D. Johnson, and A. Perrig. SEAD: Secure efcient distance vector routing for mobile wireless ad hoc networks. Ad Hoc Networks, I:175192, 2003. [8] Sergio Marti, T. J. Giuli, Kevin Lai, and Mary Baker. Mitigating routing misbehavior in mobile ad hoc networks. In Mobile Computing and Networking, pages 255265, 2000. [9] Michiardi, Pietro, Molva, and Rek. CORE: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks. In CMS2002, Communication and Multimedia Security 2002 Conference, Portoroz, Slovenia, 22 September 2002. [10] William Stallings. Network Security Essentials: Applications and Standards. Prentice Hall, 2000. [11] Y. Hu, A. Perrig, and D. Johnson. Rushing attacks and defense in wireless ad hoc network routing protocols. Technical Report

Proceedings of the Fifth International Conference on Grid and Cooperative Computing (GCC'06) 0-7695-2694-2/06 $20.00 2006
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR. Downloaded on July 13,2010 at 06:31:28 UTC from IEEE Xplore. Restrictions apply.