Secure Routing Protoccol network security.pptx

Upon reception of a RREQ, the destination node verifies the integrity and authenticity of the RREQ by calculating the keyed hash of the request fields and comparing them with the MAC contained in the SRP header. If the RREQ is valid, the destination initiates a route replay (RREP) using the SRP header the same way the source did when initiating the request. The source node discards replays that do not match with pending query identifiers and checks the integrity using the MAC generated by the destination. The basic version of SRP is subject to route cache poisoning attacks: routing information gathered by nodes that operate in promiscuous mode in order to improve the efficiency of the DSR protocol could be invalid because they were fabricated by malicious nodes The authors propose two alternative designs of SRP that uses an Intermediate Node Reply Token (INRT). INRT allows intermediate nodes that belong to the same group that share a common key (KG) to validate RREQ and provide valid RREP messages. SRP suffers also from the lack of a validation of route maintenance messages: route errors packets are not verified. However, in order to minimize the effects of fabricated error messages, SRP source-routes error packets along the prefix of the route reported as broken; as a consequence, the source node can verify that the provided route error feedback refers to the actual route and is not generated by a node that is not even part of the route. A malicious node can harm only the route it belongs to. Assuming that the neighbor discovery mechanism maintains information on the binding of the medium-access control and the IP addresses of nodes, SRP has proven to be essentially immune to IP spoofing [1]. SRP is, however, not immune to the wormhole attack: two colluding malicious nodes can misroute the routing packets on a private network connection and alter the network topology that a benign node can collect.

S ingle most important feature that differentiates MANET is the absence of a fixed infrastructure. T here is no guarantee that a path between two nodes would be free of malicious nodes. Secure Routing Protocol (SRP) to be applied as an extension of a multitude of existing routing protocols In particular, the Dynamic Source Routing (DSR)and the IERP of the Zone Routing Protocol (ZRP) framework are two protocols that can be extended in a natural way to incorporate SRP. Other protocols such as ABR for example, could be combined with SRP with minimal modifications to achieve the security goals of the SRP protocol.

SRP guarantees the acquisition of correct topological information in a timely manner, i.e., the route replies that are validated and accepted by the querying node provide accurate connectivity information, despite the presence of strong adversaries. The protocol is proven robust against a set of attacks that attempt to compromise the route discovery, under the assumption of non-colluding adversarial nodes.

The Secure Routing Protocol (SRP) is a set of security extensions that can be applied to any ad hoc routing protocol that utilizes broadcasting as its route querying method. DSR as a particularly appropriate protocol for incorporating their proposed security extensions. The operation of SRP requires the existence of a security association (SA) between the source node initiating a route query and the destination node. This security association can be utilized in order to establish a shared secret key between the two, which is used by SRP. The SRP protocol appends a header (SRP header) to the packet of the basis routing protocol. Secure Routing Protocol (SRP)

The source node sends a route request with a query sequence (Q SEQ ) number that is used by the destination in order to identify outdated requests, a random query identifier (Q ID ) that is used to identify the specific request, and the output of a keyed hash function. SRP consists of several security extensions that can be applied to existing ad hoc routing protocols providing end-to end authentication. The operational requirement of SRP is the existence of a security association between every source and destination node. The security association is used to establish a shared secret between the two nodes, and the non mutable fields of the exchanged routing messages are protected by this shared secret. Secure Routing Protocol (SRP)