Secure routing in multi-hop wireless networks

Abstract

Secure routing protocols play an essential role for ensuring security in multi-hop wireless networks. Specifically speaking, the entire network could be paralyzed by misdirecting routing control messages, which could lead to lower network throughput, frequent packet loss and eavesdropping. Thus routing protocols should be secure enough to defend from attack, yet optimal enough to ensure routing performance. Most existing work on secure routing does not consider routing performance, nor does it adequately address the issues of providing users with information integrity and confidentiality. Moreover, current attack detection approaches make strong assumptions and require extra hardware support. In this research work, we study and propose solutions to address these challenging issues. We make the following original and significant contributions. Firstly, we propose a Security Extended Optimised Link State Routing protocol (SE-OLSR) to guarantee the integrity, confidentiality and freshness of current OLSR. Previous routing protocols focus on improving performance with the assumption the wireless environment is friendly and trustworthy. However, the multi-hop wireless network is vulnerable to numerous attackers. Thus, we adopt basic security techniques to encrypt the routing packets, in order to ensure the packets received by the destination node are the original ones sent by the source node. At the same time, a digital signature and hash values are used to guarantee the packets are the latest ones to prevent replay attacks. We implement the SE-OLSR on the Linux platform to identify its accuracy, and then transplant this secure routing protocol to mesh routers T902 and laptops to establish a Wireless Mesh Network (WMN) testbed. Secondly, we analyse the impact of wormhole attacks and develop a countermeasure for attack detection based on a real testbed. Although many works have been done on detecting wormhole attacks, few of them actually evaluated their solutions on a testbed to consider real network conditions. In order to fill this gap, we set up a WMN testbed for studying wormhole attacks through comprehensive experiments. Some existing approaches used RTT to detect wormhole attacks. However, from both theoretical analysis and experimental results, we observed that the standard deviation of round trip time (stdev(RTT)) is a more efficient metric than RTT to identify wormhole attacks. Accordingly, we propose a new algorithm called Neighbour-Probe-Acknowledge (NPA) to detect wormhole attacks. Compared with existing works, NPA does not need time synchronisation or extra hardware support. Moreover, it achieves a higher detection rate and a lower false alarm rate than the methods using RTT under different background traffic load conditions. Finally, we propose an Optimal Secure Routing (OSR) protocol to find a secure path resilient to active attack with the best routing performance. Traditional routing protocols are designed to efficiently find paths containing high quality links in assumed trust environments. Although several routing schemes have recently been proposed as defence from attack, with increasing attention on security issues in the application of multi-hop wireless networks, only a few of these have considered routing performance. To fill this gap, we have designed a new secure routing protocol OSR taking into consideration routing performance optimisation. OSR relies on a trusted third party, Trust Clearance Center (TCC), which utilises game theory to calculate and assign a trust value for each node according to its utility report behaviour. We prove that this TCC is able to detect malicious nodes and segregate them from the network when they try to launch attacks. Therefore, optimal paths can be discovered by OSR without any utility cheating. Through extensive simulations, we demonstrate that OSR can effectively discover optimal paths with a high detection rate and a low false alarm rate. Furthermore, we observe that the behaviour of active attacks can be comprehensively formulated by using game theory. To the best of our knowledge, this is the first piece of work that adopts game theory to deal with problems that jointly consider security and routing performance.