.FLYINGHEAD WIRELESS INFRASTRUCTURE
.TITLE Secure transmissions in the mobile ad-hoc network
.AUTHOR Humayun Bakht
.SUMMARY Computing and its advancement have brought dramatic changes in today’s world. Mobile ad-hoc, or instantaneous networks are one of the latest inventions in the family of wireless or cellular networks. In this article, Contributing Editor Humayun Bakht discusses various security-related requirements in the mobile ad-hoc network.
.DEPT
Computing and its advancement have brought dramatic changes in today’s world. We feel its presence in almost all aspects of our daily life. Mobile ad-hoc, or instantaneous networks are one of the latest inventions in the family of wireless or cellular networks. The network is a short-lived, temporary network established by two or more mobile devices in the absence of fixed infrastructure.
Here, fixed infrastructure refers to different network devices, such as routers and base stations used in fixed wireless networks. Mobile ad-hoc networking is an advantageous way of exchanging peer-to-peer information among different types of network devices. The uses of this type of network is increasing dramatically and include business, entertainment, and safety applications. In this article I’ll discuss various security-related requirements in a mobile ad-hoc network. I’ll also suggest a possible solution to secure data transmission in these types of networks.
It would be a good idea to have a quick look at routers and base-stations. A router is a device that determines the next network point to which a data packet should be forwarded or routed toward its destination. On the other hand, a base station is the central radio transmitter, or receiver, that maintains communications with mobile radio-telephone sets within a given transmission range.
In mobile ad-hoc networks, there are no routers or base stations. Each participating node functions as a router, offering packet-forwarding services to all other nodes in the network. The only problem in gaining a successful routing mechanism in these types of networks is the development of a routing protocol that can cope with the typical nature of mobile ad-hoc networks.
.BREAK_EMAIL To learn more about security issues in the mobile ad-hoc network, click here.
In mobile ad-hoc networks, a mobile node meets two types of security challenges: import and export authorization. Import authorization requires a node acting as a router to decide weather or not it should modify its routing information when it receives information from somewhere outside. Export authorization requires the router to make a decision whenever it receives a request for routing information. Overall, the fundamental security challenges of mobile ad-hoc networks can be categorized as follows.
.BEGIN_LIST
.BULLET Import authorization: refers to the authority of routing messages regarding a certain destination node.
.END_LIST
.BEGIN_LIST
.BULLET Source authentication: we need to be able to verify that the node is the one it claims to be.
.END_LIST
.BEGIN_KEEP
.BEGIN_LIST
.BULLET Integrity: we need to be able to verify that the routing information that it is being sent to us has arrived safely.
.END_LIST
.END_KEEP
From the security perspective, in mobile ad-hoc networks there are two kinds of messages–the routing, and the data message–with different natures and different security needs. Data messages are point-to-point and can therefore be saved by using an existing point-to-point security mechanism, such as IPSec (Secure Internet Protocol). However, for routing messages, there will always be some parts of those messages that will change during their propagation. This is perhaps the main challenge posed by routing messages to the ad-hoc environment.
Normally, routing messages carry two types of information, mutable and non-mutable. It’s desirable that the mutable information in a routing messages is secured in such a way that no trust in intermediate nodes is required. Otherwise, securing the mutable information will be much more computationally intensive. Plus, the overall security of the system will greatly decrease.
One possible solution is to use a trusted certificate server C, whose public key is known to all participating nodes. Keys are priority generated and are exchanged through a mutual relationship between C and each node. Each node obtains a certificate with exactly a single key from the trusted certificate server upon joining the network. The certificate details different aspects of the connecting node. These details include node addresses, a public key, and a time stamp t1 and t2, where t1 and t2 represent the certificate issue and certificate expiration time. These certificates are authenticated and signed by the server C.
The goal of communication between the source and the destination is to make sure that the data safely reaches the destination. Therefore, whenever a node wants to transmit data to a destination for which it does not have any routing entry in its routing tables, it can adopt one of several mechanisms, such as invoking a route discovery mechanism (on-demand protocols), or invoking route discovery and data delivery processes (mobile ad-hoc on-demand data delivery protocol). As for the security perspective, besides an IP address of the destination, a broadcast ID, and a source ID, the packet also contains a certificate A and the expiration time t2. All of these are assigned to the public key, which was allocated to the source node at the time it joined.
Each intermediate or receiving node of the package extracts the public key from the certificate C attached to the packet to validate the signature and make sure the certificate is still valid before forwarding it to other nodes. To explain further, consider a scenario in which node A wants to transmit data to node D.
Node B on the receiving route request verifies the public key and the certificate validation time by extracting this information from the certificate attached to the packet. Once this has been done, B then removes the A certificate signature, records B as predecessor, signs the contents of the message originally broadcast by A, appends its own certificate, and forwards the broadcast message to the neighboring node until it reaches D.
.BEGIN_KEEP
Security is one of the fundamental issues in mobile ad-hoc networks. I’ve highlighted different security requirements, along with a possible solution to secure transmission in these types of networks. The proposed security solution is one of several ways to protect data communication in mobile ad-hoc networks. However, there’s a solid need to deploy more efficient strategies to resolve various issues besides security in mobile ad-hoc networks.
.BIO
.END_KEEP
