23-06-2012, 04:46 PM
ALARM: Anonymous Location-Aided Routing in Suspicious MANETs
Anonymous Location-Aided Routing.pdf (Size: 975.71 KB / Downloads: 94)
Abstract
In most common mobile ad hoc networking (MANET) scenarios, nodes establish communication based on long-lasting
public identities. However, in some hostile and suspicious settings, node identities must not be exposed and node movements should
be untraceable. Instead, nodes need to communicate on the basis of their current locations. While such MANET settings are not very
common, they do occur in military and law enforcement domains and require high security and privacy guarantees. In this paper, we
address a number of issues arising in suspicious location-based MANET settings by designing and analyzing a privacy-preserving and
secure link-state based routing protocol (ALARM).
INTRODUCTION
DURING the last two decades, research in various aspects
of mobile ad hoc networks (MANETs) has been very
active, motivated mainly by military, disaster relief, and
law enforcement scenarios. More recently, location information
has become increasingly available through small
and inexpensive GPS receivers, partially prompted by the
trend of introducing location-sensing capabilities into
personal handheld devices [38]. A natural evolutionary
step is to adopt such location-based operation to MANETS.
This results in what we term location-based MANETS. In
such a MANET, devices rely on location information in
their operation. The main distinguishing feature of the
envisaged location-based MANET environment is the
communication paradigm, based not on permanent or
semi-permanent identities, addresses or pseudonyms, but
on instantaneous node location.
DESIGN CHOICES
We begin by justifying our design choices, in particular the
use of link-state routing. We then overview the cryptographic
construct of group signatures—one of the principal
building blocks in our protocol.
Routing Protocol Choices
MANET routing protocols can be roughly partitioned into
two groups: reactive (or on-demand) and proactive. The latter
can be further broken down into link-state and distance-vector
(including path-vector) protocols. Reactive protocols typically
use route discovery to identify a route to a given
destination. The notion of discovering the destination is
premised upon the source knowing the persistent identity or
address of the destination. This assumption is invalid in our
MANET scenario, since the destination is selected based on
its current location, which is not known to the source a
priori. Consequently, we claim that reactive routing protocols
are unsuitable for the problem at hand.
ALARM PROTOCOL
This section describes basic operation of ALARM and its
limitations. It then outlines several extensions that mitigate
such limitations. Table 2 contains the notation used to
describe the ALARM protocol.
SECURITY ANALYSIS
Recall that our adversary model of Section 4 does not
consider physical-layer jamming and denial-of-service
(DoS) attacks on message transmission.
Outsider Attacks
A passive outsider eavesdropping on all LAMs can, at most,
obtain exactly the same information available to any
legitimate MANET node (i.e., the current topology snapshot).
This would only happen if keys used to encrypt all
communication in the MANET are leaked. Thus, a passive
outsider is at most as powerful as a passive insider and,
thus, protection against it is guaranteed as a side effect of
thwarting passive insider attacks.
RELATED WORK
Secure MANET routing has been extensively studied in
both security and networking research communities. A
comprehensive survey of this work can be found in [24].
Prominent secure on-demand MANET routing protocols
include SRDP [30], Ariadne [25], and SEAD [23]. All of them
focus on securing route discovery, route maintenance and
defending against modification and fabrication of routing
information. Privacy, especially, tracking-resistance, is not
one of the goals of these protocols.
CONCLUSIONS
This paper presented the ALARM protocol, which supports
anonymous location-based routing in suspicious MANETS.
ALARM relies on group signatures to construct one-time
pseudonyms used to identify nodes at their present
locations. The protocol works with any group signature
scheme and any location-based forwarding mechanism. We
evaluated the overhead and scalability of ALARM and
showed that it performs close to other protocols (e.g., OLSR)
optimized to reduce control traffic.