340
IETE TECHNICAL REVIEW, Vol 23, No 6, 2006
  

 

A node always rates itself with a 1.0. Also when a node in the network becomes known to the pathrater, the pathrater assigns it the neutral rating. Only active nodes are assigned the rates. The pathrater increments the ratings of nodes on all active paths periodically and does not modify the ratings of nodes that are not currently active. These ratings are used as metrics while selecting paths for data transmission. The rating of a path is calculated as average of ratings of nodes in
the path. A path with the highest rating is always selected.

4.5. Secure Message Transmission Protocol (SMT)

Secure Message Transmission Protocol (SMT) [17] safeguards pair-wise communication across the dynamic network, possibly in the presence of adversaries. For a given a topology view of the network, the source node determines a set of diverse paths connecting the source and the destination nodes. This set is called Active Path Set (APS). The protocol introduces limited transmission redundancy across the paths, by breaking a message (called dispersion) into N fragments, so that successful reception of any M-out-of-N fragments allows reconstruction of the original message at the destination. Each fragment (called piece) is transmitted across a different path. Each fragment header carries a MAC, which helps the destination to verify its integrity and validate its authentication. The source also receives authentic (i.e. cryptographically protected) acknowledgements that explicitly specify the fragments that were received by the destination.

The SMT protocol combines four elements: end-to-end secure and robust feedback mechanism, dispersion of transmitted data, simultaneous usage of multiple paths and adaptation to the network changing conditions. This protocol requires security association only between the two end nodes eliminating the presence of cryptographic operations at intermediate nodes.

5. APPROACHES TO SECURE MANET

There are basically two approaches for securing MANET: proactive and reactive [10]. The proactive approach attempts to prevent the security threats through various cryptographic techniques. The reactive approach on the other hand, seeks to detect the attack or intrusion and react accordingly. In this section some of such approaches are described.

 

5.1. Cryptographic Primitives for Message Authentication [12,18]

HMAC (Hashed Message Authentication Codes): It says that two nodes sharing a same key KS can efficiently generate and verify message authenticator HK(.) using a cryptographic one-way hash function H.

One-way hash functions are the hash functions that are generally impractical to invert. Here, if pairwise keys are used, n(n–1)/2 keys will be required to be maintained for n inputs.

Digital Signatures: These require mathematically more complex signing and verification as these are based on asymmetric cryptography. Any node can verify a digital signature given that it knows the public key of signing node.

One-Way HMAC chain: Each sender chooses a random initial key KN and generates a one-way key chain by repeated computation of one-way hash function H, KN being the starting value of the function
such that

KN-1 = H[KN], KN-2 = H[KN-1].........

To compute the previous key from key Ki Where, j < i, a node uses the equation, Kj = Hi-J [Ki].

5.2. Establishing Trust in MANET

Ad hoc networks are essentially based on “trust your neighbour” relationships. Overall nature of such a network is co-operative by default requiring the establishment of trust among nodes. However, various basic characteristics of MANETs make trust establishment difficult including increased need of battery power and processing power and extra communication overhead. Several trust models have been proposed in the literature some of which are described next [12,19-21].

Distributed Trust Model makes use of protocol exchange, revoke and refresh recommendations about other entities. Using decentralized approach trust levels are varied from –1 to 4, which are computed using a recommended trust value of the target and its recommenders.

Distributed Public-key models using cryptography distribute the private key of the Certification Authority (CA) over a number of servers that allows selecting any (t + l) servers out of n in nCt+1 ways to combine their keys to create a complete secret key.