Elsevier

Ad Hoc Networks

Volume 5, Issue 7, September 2007, Pages 1055-1072
Ad Hoc Networks

An overlay approach to data security in ad-hoc networks

https://doi.org/10.1016/j.adhoc.2006.05.017Get rights and content

Abstract

While it has been argued that application-layer overlay protocols can enhance services in mobile ad-hoc networks, hardly any empirical data is available on the throughput and delay performance achievable in this fashion. This paper presents performance measurements of an application-layer overlay approach that ensures integrity and confidentiality of application data in an ad-hoc environment. A key management and encryption scheme, called neighborhood key method, is presented where each node shares secrets only with authenticated neighbors in the ad-hoc network, thus avoiding global re-keying operations. All proposed solutions have been implemented and empirically evaluated in an existing software system for application-layer overlay networking. Results from indoor and outdoor measurement experiments with mobile handheld devices provide insight into the performance and overhead of overlay networking and application-layer security services in ad-hoc networks.

Introduction

A common characteristic of mobile ad-hoc networks and application-layer overlay networks is that they do not make a distinction between endsystems and relay systems (routers), that is, endsystems relay traffic for which they are neither the sender nor the receiver. In addition, both types of networks must be able to cope with frequent changes of the network topology and the set of nodes attached to the network. These similarities have stimulated interest in leveraging solutions gained in one type of network to the other. Notably, several studies recently applied application-layer overlay protocol solutions in a mobile ad-hoc context to run ad-hoc routing protocols at the application layer [10], [19] or to realize a multicast service in an ad-hoc network [4], [8], [9], [22].

An advantage of building ad-hoc networks at the application layer is that they are easy to deploy, since there is no need for protocol compatibility at the OS or hardware level. Further, application-layer solutions make it easy to add or customize network services, such as multicast, streaming, or security. The main drawbacks of ad-hoc routing at the application layer is additional overhead for communication and computing and a reduced ability to interact with lower layers of the protocol stack.

This paper presents and evaluates an application-layer overlay solution that addresses data security requirements of applications on backward secrecy (a newly joined member cannot access data transmitted before the member joined) and forward secrecy (a departing member cannot access data that is transmitted after the member left). We present a key management and encryption method, called neighborhood key method, where each node shares a secret key only with its neighbors in the overlay network. The neighborhood key method avoids network wide re-keying operations, without requiring that payload data be re-encrypted at each hop.

The paper presents an overlay routing protocol for ad-hoc networks that organizes nodes in a spanning tree topology and evaluates its performance with the proposed security scheme. Since mobile nodes exchange data only with neighbors in the spanning tree and since the neighborhood key method only requires security associations between neighbors in overlay topology (here: the spanning tree), a node can securely exchange data with all other nodes, while only maintaining security associations with its upstream and downstream neighbors in the spanning tree.

This paper is the first study that presents systematic empirical measurement data showing the performance of application-layer ad-hoc networking, with and without security, on commercially available portable wireless devices (PDAs). The remainder of the paper is structured as follows: In Section 2 we discuss an overlay software system that is the basis for the protocol implementation presented in this paper. In Section 3 we present the neighborhood key method. In Section 4 we present a tree-based ad-hoc routing protocol. In Section 5 we present experiments with mobile nodes that measure the performance of the routing protocol from Section 4 combined with the security mechanisms of Section 3. We provide brief conclusions in Section 6.

Section snippets

Overlay performance in ad-hoc networks

In this section we present an empirical evaluation of the delay and throughput performance of overlay networks in a static-ad network of handheld wireless devices without security mechanisms. All routing and security protocols presented in this paper are realized in an open source software system for application-layer overlay networks called HyperCast [1]. We provide a brief description of the HyperCast software architecture. Then we present the results of measurement experiments that give

Neighborhood key method

This section presents a key management and encryption scheme, called the neighborhood key method, that ensures integrity and confidentiality of application data in overlay networks. Even though our evaluation will focus on ad-hoc networks, the method can be applied to overlays connected to a network infrastructure. We note that the solutions presented in this section are orthogonal to the problem of secure routing, which seeks protection against attacks to the routing protocol [11], [13]. The

A spanning tree protocol for ad-hoc networks

So far we have considered a static ad-hoc network environment. In this section, we describe a protocol that can establish and maintain an overlay network in an environment with mobile nodes. We consider a protocol that maintains a spanning tree topology, and refer to the protocol as Spanning Tree Protocol or SPT protocol. The protocol assumes that the substrate network supports a broadcast operation for sending protocol messages. The target environment for the SPT protocol is a mobile ad-hoc

SPT protocol with data security

In this section we put together all protocols presented in this paper to evaluate how the neighborhood key method performs in an ad-hoc network with mobile nodes that self-organize using the SPT protocol. The experiments are outdoor measurements with PDAs as shown in Fig. 5. The setup of the PDAs is shown in Fig. 16. Six PDAs (A, B, C, D, E, F) are placed in a line with a distance of approximately 90 ft between them. In addition, a person holding a PDA (labeled as M) walks parallel to the fixed

Conclusions

We presented overlay network protocols for ad-hoc networks that ensure forward and backward secrecy for application data. All routing and security functions were realized and evaluated in an operational application-layer overlay network system. Measurement experiments with PDAs shed light on the throughput and delay performance achievable with state-of-the-art handheld wireless devices. While throughput and delay performance of currently available PDAs limit their applicability to low-bandwidth

Acknowledgement

The authors acknowledge the contributions of Josh Zaritsky to an initial version of the neighborhood key method.

Jörg Liebeherr received the Ph.D. degree in Computer Science from the Georgia Institute of Technology in 1991. After a Postdoc at the University of California, Berkeley, he joined the Department of Computer Science at the University of Virginia in 1992. From 1997 to 1998 he was an Associate Professor in the Department of Electrical Engineering at Polytechnic University. Since Fall 2005, he is with the Department of Electrical and Computer Engineering of the University of Toronto as the Nortel

References (27)

  • C. Karlof et al.

    Secure routing in wireless sensor networks: attacks and countermeasures

    Ad Hoc Networks (Elsevier)

    (2003)
  • HyperCast website, 2005....
  • The spanning tree protocol, Design Documents, 2005. Available from:...
  • D. Aguayo, J. Bicket, S. Biswas, G. Judd, R. Morris, Link-level measurements from an 802.11b mesh network, in:...
  • K. Chen et al.

    Effective location-guided overlay multicast in mobile ad hoc networks, Group communications in ad hoc networks

    International Journal of Wireless and Mobile Computing

    (2005)
  • K.W. Chin et al.

    Implementation experience with manet routing protocols

    ACM Sigcomm Computer Communications Review

    (2002)
  • D.S.J. De Couto, D. Aguayo, J. Bicket, R. Morris, A high-throughput path metric for multi-hop wireless routing, in:...
  • R. Draves, J. Padhye, B. Zill, Comparison of routing metrics for static multi-hop wireless networks, in: Proceedings of...
  • M. Ge, S.V. Krishnamurthy, M. Faloutsos, Overlay multicasting for ad hoc networks, in: Proceedings of Third...
  • C. Gui, P. Mohapatra, Efficient overlay multicast for mobile ad hoc networks, in: Proceedings of IEEE Wireless...
  • Y.C. Hu, S.M. Das, H. Pucha, Exploiting the synergy between peer-to-peer and mobile ad hoc networks, in: Proceedings of...
  • Y.-C. Hu et al.

    A survey of secure wireless ad hoc routing

    IEEE Security and Privacy

    (2004)
  • Y.C. Hu, D.B. Johnson, Design and demonstration of live audio and video over multihop wireless ad hoc networks, in:...
  • Jörg Liebeherr received the Ph.D. degree in Computer Science from the Georgia Institute of Technology in 1991. After a Postdoc at the University of California, Berkeley, he joined the Department of Computer Science at the University of Virginia in 1992. From 1997 to 1998 he was an Associate Professor in the Department of Electrical Engineering at Polytechnic University. Since Fall 2005, he is with the Department of Electrical and Computer Engineering of the University of Toronto as the Nortel Chair of Network Architecture and Services. He has served on editorial boards and program committees of several journals and conferences in computer networking. He was elected Member-at-Large of the IEEE Communications Society Board of Governors from 2003 to 2005, and chair of the IEEE Communications Society Technical Committee on Computer Communications from 2004 to 2005.

    Guangyu Dong received the B.S. degree from University of Science and Technology, Hefei, China and the M.E. degree in computer science from the Chinese Academy of Sciences, Beijing. From 2003 to 2005, he was with the Department of Computer Science at the University of Virginia, and conducted research on peer-to-peer and overlay networks. He received an MCS degree from the University of Virginia in 2005. He is currently with Microsoft Corporation.

    The research in this report was done while the authors were with the University of Virginia. The research is supported in part by the National Science Foundation under grant ANI-0085955.

    View full text