SEAD: Secure Efficient Distance Vector Routing
For Mobile Wireless Ad Hoc Networks
Abstract
An ad hoc network is a
collection of wireless computers (nodes),
communicating among themselves over
possibly multihop paths, without the
help of any infrastructure such as base
stations or access points. Although many
previous ad hoc network routing
protocols have been based in part on
distance vector approaches, they have
generally assumed a trusted
environment. The Secure Efficient Ad
hoc Distance vector routing protocol
(SEAD), a secure ad hoc network
routing protocol based on the design of
the Destination-Sequenced Distance-
Vector routing protocol (DSDV). In
order to support use with nodes of
limited CPU processing capability,and
to guard against Denial-of-Service
(DoS) attacks in which an attacker
attempts to cause other nodes to
consume excess network bandwidth or
processing time, we use efficient one-
way hash functions and do not use
asymmetric cryptographic operations in
the protocol. It is robust against
multiple uncoordinated attackers
creating incorrect routing state in any
other node, even in spite of any active
attackers or compromised nodes in the
network.
Introduction
Ad hoc networks are a new
paradigm of wireless communication for
mobile hosts (which we call nodes). In
an ad hoc network, there is no fixed
infrastructure such as base stations or
mobile switching centers. Mobile nodes
that are within each other’s radio range
communicate directly via wireless links,
while those that are far apart rely on
other nodes to relay messages as routers.
Node mobility in an ad hoc network
causes frequent changes of the network
topology. Figure 1 shows such an
example: initially, nodes A and D have a
direct link between them. When D
moves out of A’s radio range, the link is
broken. However, the network is still
connected, because A can reach D
through C, E, and F.Military tactical
operations are still the main application
of ad hoc networks today. For example,
military units (e.g., soldiers, tanks, or
planes), equipped with wireless
communication devices, could form an
ad hoc network when they roam in a
battlefield. Ad hoc networks can also be
used for emergency, law enforcement,
and rescue missions. Since an ad hoc
network can be deployed rapidly with
relatively low cost, it becomes an
attractive option for commercial uses
such as sensor networks or virtual
classrooms. Secure ad hoc network
routing protocols are difficult to design,
due to the generally highly dynamic
nature of an ad hoc network and due to
the need to operate efficiently with
limited resources, including network
bandwidth and the CPU processing
capacity, memory, and battery
power(energy) of each individual node
in the network. Existing insecure ad hoc
network routing protocols are often
highly optimized to spread new routing
information quickly as conditions
change, requiring more rapid and often
more frequent routing protocol
interaction between nodes than is typical
in a traditional (e.g., wired and
stationary) network. Expensive and
cumbersome security mechanisms can
delay or prevent such exchanges of
routing information, leading to reduced
routing effectiveness, and may consume
excessive network or node resources,
leading to many new opportunities for
possible Denial-of-Service (DoS) attacks
through the routing protocol.
Security Goals
Security is an important issue for
ad hoc networks, especially for those
security-sensitive applications. To secure
an ad hoc network, we consider the
following attributes: availability,
confidentiality, integrity, authentication,
and non-repudiation.
Figure 1: Topology change in ad hoc
networks: nodes A, B, C, D, E, and F
constitute an ad hoc network.The circle
represent the radio range of node A. The
network initially has the topology in (a).
When node D moves out of the radio
range of A, the network topology
changes to the one in (b). Availability
ensures the survivability of network
services despite denial of service attacks.
A denial of service attack could be
launched at any layer of an ad hoc
network. On the physical and media
access control layers, an adversary could
employ jamming to interfere with
communication on physical channels.
On the network layer, an adversary could
disrupt the routing protocol and
disconnect the network. On the higher
layers, an adversary could bring down
high-level services. One such target is
the key management service, an essential
service for any security framework.
Confidentiality ensures that certain
information is never disclosed to
unauthorized entities. Network
transmission of sensitive information,
such as strategic or tactical military
information, requires confidentiality.
Leakage of such information to enemies
could have devastating consequences.
Routing information must also remain
confidential in certain cases, because the
information might be valuable for
enemies to identify and to locate their
targets in a battlefield.Integrity
guarantees that a message being
transferred is never corrupted. A
message could be corrupted because of
benign failures, such as radio
propagation impairment, or because of
malicious attacks on the network.
Authentication enables a node to ensure
the identity of the peer node it is
communicating with. Without
authentication, an adversary could
masquerade a node, thus gaining
unauthorized access to resource and
sensitive information and interfering
with the operation of other nodes.
Finally, non-repudiation ensures that the
origin of a message cannot deny having
sent the message. Non repudiation is
useful for detection and isolation of
compromised nodes. When a node A
receives an erroneous message from a
node B, non-repudiation allows A to
accuse B using this message and to
convince other nodes that B is
compromised. There are other security
goals (e.g., authorization) that are of
concern to certain applications, but we
will not pursue these issues in this paper.
Routing In Mobile Ad Hoc Networks
Routing in mobile ad hoc
networks faces additional problems and
challenges when compared to routing in
traditional wired networks with fixed
infrastructure. There are several well-
known protocols in the literature that
have been specifically developed to cope
with the limitations imposed by ad hoc
networking environments. The problem
of routing in such environments is
aggravated by limiting factors such as
rapidly changing topologies, high power
consumption, low bandwidth and high
error rates [2]. Most of the existing
routing protocols follow two different
design approaches to confront the
inherent characteristics of ad hoc
networks, namely the table-driven and
the source-initiated on-demand
approaches.
Distance Vector Routing
A distance vector routing
protocol finds shortest paths between
nodes in the network through a
distributed implementation of the
classical Bellman-Ford algorithm. As
noted in Section 1, distance vector
protocols are easy to implement and are
efficient in terms of memory and CPU
processing capacity required at each
node. A popular example of a distance
vector routing protocol is RIP [14, 26],
which is widely used in IP networks of
moderate size. Distance vector routing
can be used for routing within an ad hoc
network by having each node in the
network act as a router and participate in
the routing protocol. In distance vector
routing, each router maintains a routing
table listing all possible destinations
within the network. Each entry in a
node’s routing table contains the address
(identity) of some destination, this
node’s shortest known distance (usually
in number of hops) to that destination,
and the address of this node’s neighbor
router that is the first hop on this shortest
route to that destination; the distance to
the destination is known as the metric in
that table entry. When routing a packet
to some destination, the node transmits
the packet to the indicated neighbor
router, and each router in turn uses its
own routing table to forward the packet
along its next hop toward the
destination.
To maintain the routing tables,
each node periodically transmits a
routing update to to each of its neighbor
routers, containing the information from
its own routing table. Each node uses
this information advertised by its
neighbors to update its own table, so that
its route for each destination uses as a
next hop the neighbor that advertised the
smallest metric in its update for that
destination; the node sets the metric in
its table entry for that destination to 1
(hop) more than the metric in that
neighbor’s update. A common
optimization to this basic procedure to
spread changed routing information
through the network more quickly is the
use of triggered updates, in which a
node transmits a new update about some
destination as soon as the metric in its
table entry for that destination changes,
rather than waiting for its next scheduled
periodic update to be sent. Distance
vector routing protocols are simple, but
they cannot guarantee not to produce
routing loops between different nodes
for some destination. Such loops are
eventually resolved by the protocol
through many rounds of routing table
updates in what is known as “counting to
infinity” in the metric for this
destination; to reduce time needed for
this resolution, the maximum metric
value allowed by the protocol is
typically defined to be relatively small,
such as 15 as is used in RIP [14, 26]. To
further reduce these problems, a number
of extensions, such as split horizon and
split horizon with poisoned reverse [14,
26], are widely used. These extensions,
however, can still allow some loops, and
the possible problems that can create
routing loops are more common in
wireless and mobile networks such as ad
hoc networks, due to the motion of the
nodes and the possible changes in
wireless propagation conditions.
Security Problems with Existing Ad
Hoc Routing Protocols
The main assumption of the
previously presented ad hoc routing
protocols is that all participating nodes
do so in good faith and without
maliciously disrupting the operation of
the protocol [11, 12]. However, the
existence of malicious entities cannot be
disregarded in any system, especially in
open ones like ad hoc networks. The
RPSEC IETF working group has
performed a threat analysis that is
applicable to routing protocols employed
in a wide range of application scenarios
[13]. According to this work, the routing
function can be disrupted by internal or
external attackers. An internal attacker
can be any legitimate participant of the
routing protocol. An external attacker is
defined as any other entity. As we have
previously noted, we consider denial-of-
service attacks that target the utilized
wireless medium, such as frequency
jamming, outside the scope of our threat
model. Two commonly used
countermeasures against jamming are
frequency hopping spread spectrum
(FHSS) and direct sequence spread
spectrum (DSSS) [45]. Furthermore,
outside the scope of our threat model are
transport layer attacks, such as session
hijacking, and application layer attacks,
such as repudiation-based attacks and
user information disclosure. The
strongest assumption for an external
attacker is that it is able to eavesdrop the
communication between two legitimate
network participants, inject fabricated
messages and delete, alter or replay
captured packets.
Weaker assumptions of external
attackers include the ability to inject
messages but not read them, or read and
replay messages but not inject new ones,
or just the ability to read messages.
Cryptographic solutions can be
employed to prevent the impact of
external attackers by mutual
authentication of the participating nodes
through digital signature schemes [14].
However, the underlying protocols
should also be considered since an
attacker could manipulate a lower level
protocol to interrupt a security
mechanism in a higher level. Although
these attacks are a significant part of a
complete threat assessment, our analysis
focuses only on network-layer threats
and countermeasures. Internal attackers
have the capabilities of the strongest
outside attacker, as they are legitimate
participants of the routing process.
Having complete access to the
communication link they are able to
advertise false routing information at
will and force arbitrary routing decisions
on their peers [15]. One of the most
difficult to detect problems in routing is
that of Byzantine failures. These failures
are the result of nodes that behave in a
way that does not comply with the
protocol. The reasons for the erroneous
behavior could be software or hardware
faults, mistakes in the configuration, or
malicious compromises. Attempts to
solve the problem of Byzantine failures
have been proposed for both
infrastructures [16] and infrastructure
less networks [17]. Based on this threat
analysis and the identified capabilities of
the potential attackers, we will now
 discuss several specific attacks that can
target the operation of a routing protocol
in an ad hoc network.
1• Location disclosure [18]: Location
disclosure is an attack that targets the
privacy requirements of an ad hoc network.
Through the use of traffic analysis
techniques [19], or with simpler probing and
monitoring approaches an attacker is able to A wormhole attack performed by
discover the location of a node, or even the colluding malicious nodes A and B.
structure of the entire network. 1• Blackmail [21]: This attack is
2• Black hole [15]: In a black hole attack a relevant against routing protocols
malicious node injects false route replies to that use mechanisms for the
the route requests it receives advertising identification of malicious nodes and
itself as having the shortest path to a propagate messages that try to
destination. These fake replies can be blacklist the offender. An attacker
fabricated to divert network traffic through may fabricate such reporting
the malicious node for eavesdropping, or messages and try to isolate legitimate
simply to attract all traffic to it in order to nodes from the network. The security
perform a denial of service attack by property of non-repudiation can
dropping the received packets. prove to be useful in such cases since
3• Replay [13]: An attacker that performs a it binds a node to the messages it
replay attack injects into the network routing generated [22].
traffic that has been captured previously. • Denial of service: Denial of service
This attack usually targets the freshness of attacks aim at the complete disruption of
routes, but can also be used to undermine the routing function and therefore the
poorly designed security solutions. whole operation of the ad hoc network.
4• Wormhole [20]: The wormhole attack is Specific instances of denial of service
one of the most powerful presented here attacks include the routing table
since it involves the cooperation between overflow [18] and the sleep deprivation
two malicious nodes that participate in the torture [23]. In a routing table overflow
network. One attacker, say node A, captures attack the malicious node floods the
routing traffic at one point of the network network with bogus route creation
and tunnels them to another point in the packets in order to consume the
network, say to node B, that shares a private resources of the participating nodes and
communication link with A. Node B then disrupt the establishment of legitimate
selectively injects tunneled traffic back into routes. The sleep deprivation torture
the network (see Figure 1). The connectivity aims at the consumption of batteries of a
of the nodes that have established routes specific node by constantly keeping it
over the wormhole link is completely under engaged in routing decisions.
the control of the two colluding attackers. 2
3• Routing table poisoning: Routing
protocols maintain tables which hold
information regarding routes of the network.
In poisoning attacks the malicious nodes
generate and send fabricated signaling
traffic, or modify legitimate messages from
other nodes, in order to create false entries
in the tables of the participating nodes. For
example, an attacker can send routing
updates that do not correspond to actual
changes in the topology of the ad hoc
network. Routing table poisoning attacks
can result in selection of non-optimal routes,
creation of routing loops, bottlenecks and
even partitioning certain parts of the
network.
4
Secure Ad hoc Routing
There exist several proposals that
attempt to architect a secure routing
protocol for ad hoc networks, in order to
offer protection against the attacks
mentioned in the previous section. These
proposed solutions are either completely
new stand-alone protocols, or in some
cases incorporations of security
mechanisms into existing ones (like
DSR and AODV). As we will see, the
design of these solutions focuses on
providing countermeasures against
specific attacks, or sets of attacks.
Furthermore, a common design principle
in all the examined proposals is the
performance-security trade-off balance.
Since routing is an essential function of
ad hoc networks, the integrated security
procedures should not hinder its
operation. Another important part of the
analysis is the examination of the
assumptions and the requirements that
each solution depends on. Although a
protocol might be able to satisfy certain
security constraints, its operational
requirements might thwart its successful
employment.In order to analyze the
proposed solutions in a structured way
we have classified them into five
categories; solutions based on
asymmetric cryptography, solutions
based on symmetric cryptography,
hybrid solutions, reputation-based
solutions and a category of mechanisms
that provide security for ad hoc routing.
However, this classification is only
indicative since a lot of solutions can be
classified into more than one category.
As we will see in the rest of this paper,
most proposals follow similar
approaches to solve the problems of
insecure ad hoc routing protocols
hindering extensive classification
attempts.
Secure Routing Protocol (SRP)
The Secure Routing Protocol
(SRP) is a set of security extensions that
can be applied to any ad hoc routing
protocol that utilizes broadcasting as its
route querying method [26]. The authors
mention specifically DSR as a
particularly appropriate protocol for
incorporating their proposed security
extensions. The operation of SRP
requires the existence of a security
association (SA) between the source
node initiating a route query and the
destination node. This security
association can be utilized in order to
establish a shared secret key between the
two, which is used by SRP.The SRP
protocol, appends a header (SRP header)
to the packet of the basis routing
protocol. The source node sends a route
request with a query sequence (QSEQ)
number that is used by the destination in
order to identify outdated requests, a
random query identifier (QID) that is
used to identify the specific request, and
the output of a keyed hash function, as
shown in Figure 4. The input to the
function is the IP header, the header of
the basis protocol, and the shared secret
between the two nodes.

SRP Packet Header: the input to the
keyed hash function is the IP header, the
header of the basis protocol, and the
shared secret.
The mutable fields of the request,
like the accumulated addresses of the
intermediate nodes, are transmitted in
the clear. The intermediate nodes
broadcast the query to their neighbors,
after updating their routing tables. The
query is dropped in case it has the same
QID with an entry in an intermediate
node’s routing table. Furthermore, all
nodes maintain a priority ranking of their
neighbors according to the rate of the
generated route queries. Nodes that
generate a low rate of queries have a
higher priority. This guarantees that the
routing protocol is responsive [26]. The
destination confirms that the query is not
outdated or replayed through the QSEQ,
and verifies its integrity and authenticity
through the calculation of the keyed
hash. In response to a valid route query
the destination node generates a number
of replies with different routes, at most
as many as its number of neighbors.
This mechanism is an additional
protection against malicious nodes that
attempt to modify route replies. A route
reply consists of the path from the
source to the destination, the QSEQ and
QID numbers. The integrity and
authenticity of the reply is ensured
through the same method as the route
request, namely with a message
authentication code (MAC). The source
node checks the QSEQ and QID
numbers of the reply in order to verify
that they correspond to the active query,
compares the IP source route with the
reverse of the route in the payload of the
reply, and if they match it calculates the
MAC. Although the authors do not
encourage the optimization of
intermediate node replies to a route
query as a severe vulnerability, they
propose an extension to SRP that
implements this functionality. They
accomplish this by defining groups of
nodes with shared secrets. Route
maintenance is realized in SRP by route
error messages that are source-routed
along the prefix of the path that they
report as broken. When the notified node
receives a route error packet it compares
the route taken by the packet with the
prefix of the corresponding route.
However this approach cannot guarantee
that a malicious node did not fabricate
the route error packets. SRP consists of
several security extensions that can be
applied to existing ad hoc routing
protocols providing end-to-end
authentication. The operational
requirement of SRP is the existence of a
security association between every
source and destination node. The
security association is used to establish a
shared secret between the two nodes,
and the non-mutable fields of the
exchanged routing messages are
protected by this shared secret.
Secure Efficient Ad hoc Distance
Vector Routing (SEAD)
The Secure Efficient Ad hoc
Distance vector (SEAD) is a secure ad
hoc network routing protocol based on
the design of the Destination-Sequenced
Distance-Vector (DSDV) algorithm [21].
In order to find the shortest path between
two nodes, the distance vector routing
protocols utilize a distributed version of
the Bellman-Ford algorithm [5]. The
SEAD routing protocol employs the use
of hash chains to authenticate hop counts
and sequence numbers. Applying
repeatedly a one-way hash function to a
random value creates a hash chain. The
elements of such a chain are used to
secure the updates of the routing
protocol. SEAD requires the existence of
an authentication and key distribution
scheme in order to authenticate one
element of a hash chain between two
nodes. Given this authenticated element,
a node is able to verify later elements in
the chain [21].
When a node transmits a routing
update it includes one value from the
hash chain for each entry in the update
message. Moreover, it includes the
address of the destination node (or its
own address if the update concerns
itself), the metric and the sequence
number of the destination (from its
routing table), and a hash value equal to
the hash of the hash value received when
it learned the route to the destination.
This hash value can be authenticated by
the nodes that receive this routing update
since they have an already authenticated
element of the same hash chain. As
noted by the authors of the protocol, this
mechanism allows other nodes to only
increase the metric in a routing update,
but not to decrease it. In order to avoid
denial of service attacks, a receiving
node can specify the exact number of
hashes it is willing to perform for each
authentication. A node that receives a
routing update, verifies the
authentication of each entry of the
message. The hash value of each entry is
hashed the correct number of times and
it is compared to the previously
authenticated value. Depending on this
comparison the routing update is either
accepted as authenticated, or discarded.
The SEAD routing protocol proposes
two different methods in order to
authenticate the source of each routing
update.
The first method requires clock
synchronization between the nodes that
participate in the ad hoc network, and
employs broadcast authentication
mechanisms such as TESLA [27]. The
second method requires the existence of
a shared secret between each pair of
nodes. This secret can be utilized in
order to use a message authentication
code (MAC) between the nodes that
must authenticate a routing update
message. In SEAD every node that
participates in the ad hoc network has a
hash chain. The elements of the hash
chain are used in succession to
authenticate the entries in the transmitted
routing messages, given that an initial
authenticated element exists. The hash
chains have a finite size and must be
generated again when all their elements
have been used.
Conclusion
This survey has presented the
most well known protocols for securing
the routing function in mobile ad hoc
networks. The analysis of the different
proposals has demonstrated that the
inherent characteristics of ad hoc
networks, such as lack of infrastructure
and rapidly changing topologies,
introduce additional difficulties to the
already complicated problem of secure
routing.
 The comparison we have volume 353. Kluwer Academic
completed between the surveyed Publishers, 1996.
protocols indicates that the design of a [8] M. G. Zapata. Internet Draft: Secure
secure ad hoc routing protocol Ad hoc On-Demand Distance Vector
constitutes a challenging research (SAODV)Routing.
problem since already existing generic [9]S. Buchegger, and J.-Y. Le Boudec,
solutions, like IPSec, cannot be “Performance Analysis of the
successfully applied. Additionally, the CONFIDANT Protocol (Cooperation Of
flexibility of ad hoc networks enables Nodes: Fairness In Dynamic Ad hoc
them to be deployed in diverse NeTworks),” Proc. 3rd Symp. Mobile Ad
application scenarios. hoc Networking and Computing
(MobiHoc 2002), ACM Press, 2002, pp.
References 226-236.
[1] J. Lundberg, “Routing Security in Ad [10] J. Kong, P. Zerfos, H. Luo, S. Lu,
hocNetworks,”http://citeseer.nj.nec.com/ and L. Zhang, “Providing Robust and
400961.html. Ubiquitous Security Support for Mobile
[2] B. R. Smith, S. Murphy, and J. J. Ad hoc Networks”, Proc. 9th Int’l. Conf.
Garcia-Luna-aceves. Securing distance- on Network Protocols (ICNP), 2001.
vector routing protocols. In
Proceedings of Symposium on Network
and Distributed System Security, pages
85–92, Los Alamitos,
CA, February 1997. The Internet
Society, IEEE Computer Society Press.
[3] T. Aura. Internet Draft:
Cryptographically Generated Addresses
(CGA).http://www.ietf.org/proceedings/
04mar/I-D/draftietf-send-cga-05.txt,
February 2004.
[4] E. M. Belding-Royer. Report on the
AODV interop.http://www.cs.ucsb.edu/~
ebelding/txt/interop.ps, June 2002.
[5] Y.-C. Hu, A. Perrig, and D. B.
Johnson. Rushing attacks and defense in
wireless ad hoc network routing
protocols. In Proceedings of the 2003
ACM workshop on Wireless security,
pages 30–40. ACM Press, 2003.
[6] V. Jacobson, C. Leres, and S.
McCanne. TCPDUMP group’srelease
3.8.3. http://www.tcpdump.org/.
[7] D. B. Johnson and D. A. Maltz.
Dynamic Source Routing in Ad Hoc
Wireless Networks. In Imielinski and
Korth, editors, Mobile Computing,