A MECHANISM FOR PROVIDING SECURITY OF ROUTE

DISCOVERY IN MANETs

S. Nithya Sri1, N. Shanthi2

1- PG student, Dept of ECE, National Engineering College, Kovilpatti.
2- Assistant Professor, Dept of ECE, National Engineering College, Kovilpatti.

ABSTRACT — MANETs are the collections of wireless mobile devices. In general, MANETs use dynamic routing for data
transfer between source and destination; they need reliable, efficient and highly secure route between the two ends. The discovery of
secure route is a major task and also it has gained more importance. A security model named ABV model uses two routing algorithms
SRP and Ariadne. Both the methods are found to be insecure because of hidden channel attacks. A novel route discovery algorithm
called endairA was developed within this same model as a solution. The security proof for the route discovery algorithm in endairA is
also flawed and also subjected to a hidden channel attack. For ubiquitous applications, secure route is necessary for data transmission
from source to destination. The main objective of this paper is to analyze the security challenges in the route discovery of MANETs
and to provide the appropriate solutions.

INDEX TERMS — Proactive Routing, Mobile Node, Message Authentication Code, Hidden Channel Attack, Dynamic Source
Routing Protocol, Mobile Ad-hoc Networks.

1 INTRODUCTION

A mobile Ad-hoc network (MANET) is a self-configuring network of E-mail: nithyarvasan@gmail.com1

mobile devices connected by wireless links. Each device in a
MANET is free to move independently in any direction, and will
therefore change its links to other devices frequently. All nodes in
ad-hoc networks are decentralized with no fixed infrastructure. Each
node in the ad-hoc network acts as a router besides transmitting the
packets.
Routing is one of the most basic networking functions in
mobile ad-hoc networks. Hence an adversary can easily paralyze the
operation of the network by attacking the routing protocol. This has
been realized by many researchers and several “secure” route
discovery algorithms have been proposed in the literature for ad-hoc
networks. However, the security of those protocols has mainly been
analyzed by informal means only. Also, the existing route discovery
algorithms focus mainly on efficiency and scalability with respect to
network size, traffic load and mobility. They do not give much
importance for security during transmission. There are several
reasons for this, the most important one being that it is hard to model
a formal security framework that captures all the basic security
aspects of a MANET.
Several attempts have been made to address the security of
MANET route discovery more robustly, the most recent one being
introduced in a series of papers by Buttyan and Vajda and Acs. One
of the advantages of the new approach—which we will refer as the
ABV model—is that it highlights security issues related to concurrent
protocol executions.
Indeed, the authors of the ABV model prove that, within their
model, the routing algorithms SRP and Ariadne are insecure and
subject to a hidden channel attack. A solution is then proposed in the
form of a novel route discovery algorithm, named endairA—the
name reflects the fact that it applies security primitives in the reverse
order of the Ariadne protocol —and a proof is also supplied for the
claim that endairA is secure in the ABV model.
Our main contribution in this paper is to show that the
security proof for endairA is flawed and that this algorithm is subject
to a hidden channel attack. In this work, an enhanced algorithm E-
endairA is proposed which overcomes the problems in the existing
endairA algorithm. The proposed algorithm gives a better routing
solution in terms of efficiency and security when compared to the
existing algorithm.
The organization of this paper is as follows: In Section 2, we
overview route discovery and the routing security. In section 3, we
explained about the SRP protocol. In Section 4, we briefly describe
the Ariadne protocol as well as the attack on Ariadne. In Section 5,
we show the security proof for endairA is flawed and that this
algorithm is subject to a hidden channel attack. This is followed in
Section 6 by a general discussion on the hidden channel attacks in
MANETs. In Section 7, we discussed about our proposed model
named E-endairA. In section 8, we show some related work. In
section 9, we discussed the conclusion and future work of our paper.

1

2 PHASES OF ROUTING
Routing is a basic network functionality that supports
communication. In MANETs, each node acts as a router forwarding
data to other nodes. We distinguish three basic phases in routing:
1) Route discovery in which one or more routes that link a source S
to a target T are sought.
2) Route maintenance in which broken links of established routes are
fixed.
3) Packet forwarding in which communication is achieved via
established routes.
Route discovery can be proactive (table driven) or reactive
(on-demand). In proactive routing, usually nodes maintain routing
tables with routing information to potential target nodes. The tables
are updated at regular intervals and used by intermediate nodes for
route discovery. With reactive algorithms, routes are discovered only
when needed.
2.1 Routing Security in Manets
The nodes in an ad-hoc network also function as routers that discover
and maintain routes to other nodes in the network. The primary goal
of a MANET routing protocol is to establish a correct and efficient
route between a pair of nodes so that messages may be delivered in a
timely manner. If routing can be misdirected, the entire network can
be paralyzed. Thus, routing security plays an important role in the
security of the whole network.
Attacks can be classified into passive and active attacks. A
passive attack does not disrupt the operation of a routing protocol,
but only attempts to discover valuable information by listening to
routing traffic, which makes it very difficult to detect. An active
attack is an attempt to improperly modify data, gain authentication,
or procure authorization by inserting false packets into the data
stream or modifying packets transition through the network. Active
attack can be further divided into external attacks and internal
attacks. An external attack is one caused by nodes that do not belong
to the network. An internal attack is one from compromised or
hijacked nodes that belong to the network.
3 THE SOURCE ROUTING PROTOCOL
SRP is an on-demand source routing protocol that captures the basic
features of reactive routing. In SRP, route requests generated by a
source S are protected by Message Authentication Codes (MACs)
computed using a key shared with the target T. Requests are
broadcast to all the neighbors of S. Each neighbor that receives a
request for the first time appends its identifier to the request and
rebroadcasts it. Intermediate nodes do the same. The MAC in the
request is not checked because only S and T know the key used to
compute it. When this request reaches the target T, its MAC is
checked by T. If it is valid, then it is assumed by the target that all
adjacent pairs of nodes on the path of the route request are neighbors.
Such paths are called valid or plausible routes. Here the upstream
route from T to S is authenticated by the target, the downstream route
is not and it may divert the routes.
4 ARIADNE
2
Ariadne is an on-demand routing aprotocol based on Dynamic
Source Routing (DSR) protocol. Unlike SRP, the Ariadne shares the
Key to all the intermediate nodes for authentication. Ariadne protocol
assumes that the source and the destination share a secret key KST that
allows them to authenticate each other. To establish a secure route to
the destination, the source node floods a RREQ packet that has eight
fields <ROUTE REQUEST, intitator, target, id, time interval, hash
chain, node list, and MAC list>. The ‘id’ is an identifier that has not
been recently used in route discovery. The hash chain field is
initialized by the initiator to the MAC calculated over the initiator,
target, id, time interval, using the key KST (MACKST (initiator, target,
id, time interval)). The node list and MAC list are empty initially and
will be filled by the intermediate and target nodes.
The RREP packet consists of target, initiator, time interval,
node list, MAC list (which correspond to fields from the
corresponding RREQ), target MAC and key list. Target MAC is a
MAC calculated by the destination over first five fields with the key
KST. Key list is left empty to be initialized by the intermediate nodes,
along the reverse route in the RREQ. The destination sends the
RREP to the initiator along the source route which is the reverse of
the sequence of hops in the node list in the RREQ. The node
forwarding the route RREP waits until it is able to disclose the key
for the specified time interval. The node then appends the key to the
key list field in the RREP and forwards the RREP to the next hop
towards the source. The waiting delays do not add significant
computation overhead but adds to storage overheads. When the
initiator receives the RREP, it checks if the keys in the key list are
valid, target MAC is valid and each MAC in the MAC list is valid. If
all these are valid only then will it accept the RREP.
4.1 The Attack on Ariadne
The attack against Ariadne is briefly described in [16]. Consider an
instance with source node S and let,
(S, A, X, B, Y, D, T) (1)
be a sequence of identifiers of neighbor nodes in which only X; Y are
faulty. Let C ≠ B be another neighbor of both X and Y. In the attack,
when the first adversarial node X receives the route request,
msgS,T,rreq = (rreq, S, T, id, A, macSA), (2)
it broadcasts
msgS,T,rreq = (rreq, S, T, id, A, X, macSAX), (3)
This is received by both B and C, which broadcast the corresponding
route request. The second adversarial node Y does not respond to
either request, while a little later, the first adversarial node X creates
a fake route reply in the name of Y:
msgS,T,rrep = (rrep, S, T, id, A, X, B, Y, macSAX) (4)
(with the wrong MAC) and unicasts it to B, which only checks the id
and that X; Y are its neighbors. Since B has processed an earlier
request with identifier id, it will retransmit this, intending it for X.
Node Y intercepts it and generates the route request:
msgS,T,rreq = (rreq, S, T, id, A, X, Y , macSAXY ) (5)
This is accepted by D and continued along to T. Since the iterated
MAC is correctly constructed, it will be accepted by the target T,
which creates and sends back the route reply:
msgS,T,rrep = (rrep, S, T, id, A, X, Y , D, macT ) (6)
When this reaches Y, the label for node C is added to the listing so successfully returned to the initiator with the correct appended
that C will rebroadcast it. When X gets it, this label is discarded and signatures.
the message is sent back to the source S, where it will get validated. We validate the EndairA model to ensure that the paths are
In this attack, the adversarial node X has succeeded in correctly constructed, the target signature protects the reverse rrep,
shortening an existing route by using a hidden channel—namely the and the intermediate node signatures are appended in the proper
one provided by the lack of directionality in wireless broadcast— order during the rrep and compared against the signed accumulated
linking it to the second faulty node Y and sending via this channel path.
the message to Y . This message contains macSAX, an MAC that Y
needs in order to compute macSAXY. There are several other hidden
channels that X and Y could use, as we shall see later.
5.1 Hidden Channel Attack in EndairA
Consider a sequence of nodes,
5 ENDAIRA (S, A, X, B, Y, D, T) (13)

The protocol endairA is designed to address the Hidden channel where, X, Y are faulty nodes.
attack described above. In endairA, the route replies of intermediate
nodes are protected. When the node A receives,
The EndairA message formats follow as: msgS,T,rreq = (rreq, S, T, id) (14)
1) <rreq, initiator, target, id, accum path>
2) <rrep, initiator, target, accum path, sig list> When the first faulty node X receives,
msgS,T,rreq = (rreq, S, T, id, A) (15)
We illustrate the EndairA protocol using the network topology and
message sequence shown in figure 1 and 2. When the node B receives,
msgS,T,rreq = (rreq, S, T, id, A, X) (16)

When the second faulty node Y receives,

msgS,T,rreq = (rreq, S, T, id, A, X, B) (17)

it drops node B from the listing and transmits,

Figure 1. EndairA network topology msgS,T,rreq = (rreq, S, T, id, A, X, Y). (18)

endairA
msg1 = (rreq, 0 3, id, () ) (7)
60
msg2 = (rreq, 0 ,3, id, (1) ) (8)
50

msg3 = (rreq, 0, 3, id, (1, 2) ) (9)

No of Nodes

40
Possible Paths
30
msg4 = (rrep, 0, 3, (1, 2), (sig3) ) Secured Paths
20
sig3 = SK3 {rrep, 0, 3, id, (1, 2), ()} (10)
10

msg5 = (rrep, 0, 3, (1, 2), (sig3, sig2) ) 0

0 10 20 30

sig2 = SK2 {rrep, 0, 3, (1, 2), (sig3)} (11) No of Paths

Figure 3. Possible and Secured paths in endiarA

msg6 = (rrep, 0, 3, (1, 2), (sig3, sig2, sig1) )
sig1 = SK1{rrep, 0, 3, (1, 2), (sig3, sig2)} (12)
Figure 2. EndairA message sequence
Node 0 is the initiator, node 3 is the target, and SKi is node i's signing
key. Instead of protecting the forward rreq process, the target
computes a signature over the accumulated path received in the rreq
and adds the signature to the rrep. During the rrep, the intermediate
nodes sign the message and forward to the next hop. Once the rrep
reaches the initiator, the initiator checks the target signature and
verifies that each node in the return path has signed the message in
reverse order. While the target may sign corrupted paths received by
the rreq, the protocol authors contend that false paths should not be
Algorithm
6 HIDDEN CHANNEL ATTACK
In the hidden channel attack described above, adversarial nodes
succeed in shortening plausible routes by removing intermediate
nodes. The adversarial nodes use hidden channels to communicate
and transfer the necessary data (signatures, etc.). The hidden
channels that we considered above do not use out-of-band resources,
although this is an obvious alternative.
The main objective of a route discovery algorithm is to find
a route that is a suitable communication channel. Route discovery per
se makes little sense. It would, therefore, be natural for nodes to use
for their communication a route that was discovered earlier, whatever
their intention. Therefore, it is unreasonable to restrict nodes from
using hidden channels. Note that privacy is a legitimate goal for

3
secure communication, so intermediate nodes should expect to
retransmit the encrypted data.
7 THE PROTOCOL E-ENDAIRA
To mitigate the effects of the hidden channel attack in the networking
environment, we proposed a new protocol named Enhanced EndairA
(E-EndairA). This represents a first effort toward a formal security
model that can deal with concurrent attacks and is successful in
mitigating a class of hidden channel attacks—the attacks that are
intrinsic to the wireless broadcast medium in a neighborhood. As like
the endairA protocol, the E-endairA also address the Hidden channel
attack as well as here the route replies of intermediate nodes are
protected. In E-endairA,
There are several proposals for secure ad-hoc routing protocols (see
[12] for a recent overview). However, most of these proposals come
with an informal security analysis with all the pitfalls of informal
security arguments. In this section, we report on a few exceptions,
where some attempts are made to use formal methods for the
verification of ad-hoc routing protocols.
In [23], the authors try to reach a goal similar to ours but
with a different approach. They propose a formal model for ad-hoc
routing protocols with the aim of representing insider attacks.
Routing security is defined in terms of a safety and liveness property.
The liveness property requires that it is possible to discover routes,
while the safety property requires that discovered routes do not
contain adversarial nodes.

The route request from S to T is of the form, E-endairA

msgS,T,rreq = (rreq, S, T, id, X1 …Xj) (19) 60

50
The route reply from S to T is of the form,

No of Nodes
40
msg S,T,rrep = (rrep, S, T, id, X1…….Xp, sigT.......sigXj) Possible Paths
30
(20) Secured Paths
20
Here the target should verify that there’s no repeating ID in the node
10
list and the last node in the node list is a neighbour. Each
intermediate node should check, whether its own ID is in the node 0
list; there’s no repeating ID in the node list; next and previous nodes 0 5 10 15
in the node list are neighbours and all the signatures are valid. No of Paths
Similarly the source must verify that there’s no repeating ID in the Figure 4.Possible and Secured paths in the proposed E-
node list. first node in the node list is a neighbour and all the
signatures are valid. endiarA algorithm

In [4] and [20], the definition of security

Paths Identified by Paths Identified by
corresponds to the informal definitions are given. Security allows the
Number of endairA E-endairA
protocol to return routes that pass through adversarial nodes because
Nodes Possible Secured Possible Secured
it seems to be impossible to guarantee that discovered routes do not
paths paths paths paths
contain any adversarial nodes can behave correctly and follow the
10 routing protocol faithfully. In addition, we must also mention in [4]
3 1 2 2
(7+3) that the attack discovered on SRP is not a real attack, because it
15 essentially consists of setting up a wormhole between two non
6 4 4 4
(11+4) adversarial nodes, and SRP is not supposed to defend against this.
20 According to ABV model, wormhole attacks are attacks against the
8 5 6 6
(15+5) neighbour discovery mechanism and not against routing (although
25 they affect routing).
14 9 10 10
(18+7)
30
(20+10)
16 10 10 10 9 CONCLUSION AND FUTURE WORK
35
16 10 11 11 The main message of this paper is that attacks against ad-hoc routing
(24+11)
protocols can be subtle and difficuilt to discover by informal
40
19 12 13 13 reasoning about the properties of the protocol. We demonstrated a
(26+14)
new security framework tailored for on-demand route discovery
45
23 13 13 13 protocols in MANETs named E-endairA. This represents a first effort
(28+17) toward a formal security model that can deal with concurrent attacks
50 and in successful in mitigating a class of hidden channel attacks – the
26 14 14 14
(31+19) attacks that are intrinsic to the wireless broadcast medium in a
neighbourhood. Originally, we developed E-endairA for purely
Table 1. Number of Possible and Secured Paths using illustrative purposes: however, it has some noteworthy features that
endiarA and E-endiarA Algorithms may inspire designers of future protocols. In this paper, we focused
on on-demand source routing protocols, but similar principles can be
applied to other types of protocols too.
8 RELATED WORK

4

REFERENCES
[1] Mike Burmester, “On the Security of Route Discovery in
MANETs”, IEEE Transactions on mobile computing,vol.8,no. 9,sep
2009.
[2] C.E. Perkins and P. Bhagwat, “Highly Dynamic Destination-
Sequenced Distance-Vector Routing (DSDV) for Mobile
Computers,” Proc. ACM SIGCOMM, pp. 234-244, 1994.
[3] D. Johnson and D. Maltz, “Dynamic Source Routing in Ad-Hoc
Wireless Networks,” Mobile Computing, T. Imielinski and H. Korth,
eds., Kluwer Academic Publishers, 1996.
[4] P. Papadimitratos and Z. Haas, “Secure Routing for Mobile Ad-
Hoc Networks,” Proc. SCS Comm. Networks and Distributed
Systems Modeling and Simulation Conf. (CNDS ’02), 2002.
[5] C. Perkins, “Ad-Hoc On-Demand Distance Vector Routing,”
Proc. Military Comm. Conf. (MILCOM ’97), panel on ad-hoc
networks, 1997.
[6] C.E. Perkins and E.M. Belding-Royer, “Ad-Hoc On-Demand
Distance Vector Routing,” Proc. Second Workshop Mobile
Computing Systems and Applications (WMCSA ’99), pp. 90-100,
1999.
Proc. European Workshop Security and Privacy in Ad Hoc and
Sensor Networks (ESAS ’05), pp. 113-127, 2005.
[16] G. _ Acs, L. Buttya´n, and I. Vajda, “Provably Secure On-
Demand Source Routing in Mobile Ad Hoc Networks,” IEEE Trans.
Mobile Computing, vol. 5, no. 11, pp. 1533-1546, Nov. 2006.
[17] G. _ Acs, L. Buttya´n, and I. Vajda, “Modelling Adversaries and
Security Objectives for Routing Protocols in Wireless Sensor
Networks,” Proc. Workshop Security in Ad Hoc and Sensor
Networks (SASN ’06), pp. 49-58, 2006.
[18] B. Pfitzmann and M. Waidner, “Composition and Integrity
Preservation of Secure Reactive Systems,” Proc. ACM Conf.
Computer and Comm. Security, pp. 245-254, 2000.
[19] R. Canetti, “Universally Composable Security: A New Paradigm
for Cryptographic Protocols,” Proc. IEEE Ann. Symp. Foundations
of Computer Science (FOCS ’01), pp. 136-145, 2001.
[19] Y.-C. Hu, A. Perrig, and D. Johnson, “Ariadne: A Secure On-
Demand Routing Protocol for Ad Hoc Networks,” Proc. ACM
MobiCom, 2002.
[20] J.T.A. Perrig, R. Canetti, and D. Song, “Efficient Authentication
and Signing of Multicast Streams over Lossy Channels,” Proc. IEEE
Symp. Security and Privacy, pp. 56-73, 2000.

[7] M.G. Zapata, “Secure Ad-Hoc On-Demand Distance Vector [21] D. Beaver, “Foundations of Secure Interactive Computing,”
Routing,” Mobile Computing and Comm. Rev., vol. 6, no. 3, pp. Proc. Conf. Advances in Cryptology (CRYPTO ’91), pp. 377-391,
106-107, 2002. 1992.

[8] P. Papadimitratos and Z. Haas, “Securing Mobile Ad-Hoc [22] D. Beaver and S. Haber, “Cryptographic Protocols Provably
Networks,” Handbook of Ad Hoc Wireless Networks, M. Ilyas, ed., Secure against Dynamic Adversaries,” Proc. Conf. Advances in
CRC Press, 2002. Cryptology (EUROCRYPT ’92), pp. 307-323, 1992.

[9] K. Sanzgiri, B. Dahill, B.N. Levine, C. Shields, and E.M. [23] S. Yang and J. Baras, “Modeling Vulnerabilities of Ad-Hoc
Belding-Royer, “A Secure Routing Protocol for Ad Hoc Networks,” Routing Protocols,” Proc. ACM Workshop Security of Ad-Hoc and
Proc. IEEE Int’l Conf. Network Protocols (ICNP ’02), pp. 78-89, Sensor Networks, Oct. 2003.
2002.

[10] Y.-C. Hu, D.B. Johnson, and A. Perrig, “SEAD: Secure

Efficient Distance Vector Routing for Mobile Wireless Ad Hoc
Networks,” Ad-Hoc
Networks, vol. 1, no. 1, pp. 175-192, 2003.

[11] Y.-C. Hu, A. Perrig, and D.B. Johnson, “Packet Leashes: A

Defense against Wormhole Attacks in Wireless Networks,” Proc.
IEEE INFOCOM, 2003.

[12] Y.-C. Hu and A. Perrig, “A Survey of Secure Wireless Ad-Hoc

Routing,” IEEE Security and Privacy, vol. 2, no. 3, pp. 28-39, Mar.
2004.

[13] L. Buttya´n and I. Vajda, “Towards Provable Security for Ad-

Hoc Routing Protocols,” Proc. ACM Workshop Ad Hoc and Sensor
Networks (SASN ’04), 2004.

[14] G. Acs, L. Buttyan, and I. Vajda, “Provably Secure On-Demand

Source Routing in Mobile Ad-Hoc Networks,” Technical Report 159,
Int’l Assoc. for Cryptologic Research, 2004.

[15] G. Acs, L. Buttyan, and I. Vajda, “Provable Security of On-

Demand Distance Vector Routing in Wireless Ad Hoc Networks,”