2011 International Conference on Advanced Information Networking and Applications

Detecting Forged Acknowledgements in MANETs

Nan Kang1, Elhadi M. Shakshuki1

Jodrey School of Computer Science Acadia University Nova Scotia, B4P 2R6, Canada {090331k, elhadi.shakshuki}@acadiau.ca

Tarek R. Sheltami2
Computer Engineering Department King Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia tarek@kfupm.edu.sa

Abstract Over the past few years, with the trend of mobile computing, Mobile Ad hoc NETwork (MANET) has become one of the most important wireless communication mechanisms among all. Unlike traditional network, MANET does not have a fixed infrastructure, every single node in the network works as both a receiver and a transmitter. Nodes directly communicate with each other when they are both within their communication ranges. Otherwise, they rely on their neighbors to store and forward packets. As MANET does not require any fixed infrastructure and it is capable of self configuring, these unique characteristics made MANET ideal to be deployed in a remote or mission critical area like military use or remote exploration. However, the open medium and wide distribution of nodes in MANET leave it vulnerable to various means of attacks. It is crucial to develop suitable intrusion detection scheme to protect MANET from malicious attackers. In our previous research, we have proposed a mechanism called Enhanced Adaptive ACKnowledgement (EAACK) scheme. Nevertheless, it suffers from the threat that it fails to detect misbehaving node when the attackers are smart enough to forge the acknowledgement packets. In this paper, we introduce Digital Signature Algorithm (DSA) into the EAACK scheme, and investigate the performance of DSA in MANET. The purpose of this paper is to present an improved version of EAACK called EAACK2 that performs better in the presence of false misbehavior and partial dropping. KeywordsMANET; Digital Signature; DSA; EAACK

I.

INTRODUCTION

The past decade has witnessed a rapid growth of wireless network in this world. With improved techniques and reduced cost, wireless network is now taking the place of wired network in a very steady pace. Among all the wireless networks, MANET is of its unique importance. MANET is a group of wireless mobile nodes which are each equipped with both a receiver and a transmitter. The individual nodes cooperate by forwarding packets for each other when the packets destination node is beyond the source nodes wireless transmission range. This communication scheme eliminates the need of a fixed infrastructure or a central station. There are mainly two types of MANETs. One is called single-hop network, where nodes are free to communicate with nodes in their own radio range. The other one is called multihop network, where nodes rely on others to communicate with nodes that are out of their radio range. The change of communication medium from physical cable to over the air has brought a lot of challenges to the computer
1550-445X/11 $26.00 2011 IEEE DOI 10.1109/AINA.2011.84 488

communication security research. Due to the unique characteristics like open medium, changing topology and lack of centralized monitoring, MANETs are especially vulnerable to malicious attackers. Most of the proposed routing protocols for MANETs assume that every node in the network behaves cooperatively with other nodes and presumably not malicious [3]. This assumption inevitably leaves malicious attackers with the opportunity to compromise the entire network by inserting malicious or non-cooperative nodes to MANETs. There are mainly two types of attack in MANETs, namely active attack and passive attack. For passive attacks, packets containing secret information might be eavesdropped, which violates confidentiality. Examples include eavesdropping, traffic analysis and monitoring. Active attack, including injecting packets to invalid destinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation [9]. Examples include jamming, spoofing, modification, replaying and Denial of Service (DoS). An individual mobile node may attempt to benefit from other nodes, but refuses to share its own resources. Such nodes are called selfish or misbehaving nodes, and their behavior is termed selfishness or misbehavior [3]. One of the major sources of energy consumption in mobile nodes of MANETs is wireless transmission [4]. A selfish or malicious node may agree on forwarding control packets while drop all or part of the data packets it received to conserve its energy. This type of attacks is termed as DoS or black hole attack. To alleviate the threats posted by such attacks, many researches have been conducted on this topic. Some concentrates on message authentication and cryptography, but these suffer from late detections of malicious behavior, leaving attackers with enough time to break down the network. Others focus on IDSs. Unfortunately, due to the unique characteristics of MANETs, IDSs designed for traditional networks are no longer suitable for MANETs. Because of the urgent need of IDSs in MANETs, researchers have devoted their time and effort to develop various intrusion detection schemes specifically designed for MANETs [1][2][5][6][8][10]. Most of the effective mechanisms are derived from Watchdog scheme [8]. The watchdog scheme, which identifies the misbehaving node by overhearing on the wireless medium, is based on passive overhearing. Unfortunately, it can only determine whether or not the next-hop node sends out the data packet. The reception status of the next-hop links receiver is usually unknown to the observer [7]. The advantage and

disadvantages of Watchdog were discussed in [8]. The major disadvantages of Watchdog schemes are that it fails to detect misbehaving nodes in the presence of 1) ambiguous collisions, 2) receiver collisions, 3) limited transmission power, 4) false misbehavior report, 5) collusion, and 6) partial dropping. We proposed a new IDS called Enhanced Adaptive ACKnowledgement (EAACK) system in [11]. Our research work mainly concentrated on solving four of the six limitations of Watchdog mechanism, namely: ambiguous collisions, receiver collisions, limited transmission power and false misbehavior report. At the end of our previous research, we found that our proposed schemes may be vulnerable to false misbehavior attack when the attackers are smart enough to forge acknowledgement packet. After that, we did an extensive investigation on how to solve this weakness. After taking all considerations into account, to assure the security level of our proposed scheme, we decided to further investigate on the possibility of introducing cryptography technique into our IDS. By signing acknowledgement packets through DSA, we took our proposed scheme to a next level by improving the IDSs performance in the presence of false misbehavior report and partial dropping. II. BACKGROUND

exchanged this key through a secure channel. The process is demonstrated in Figure 1.
Secure Channel k

Key Source k Encryption

Unsecure Channel c

Shared Key k Decryption

Ek ( m) = c
Plaintext Message

Dk (c) = m
Plaintext Message

Alice

Bob

Figure 1. Two parties communication using symmetric-key encryption.

A. Cryptography Cryptography technique has a long and fascinating history. Completed in 1963, the Kahn's book [13] covers the most important history of cryptography technique. From 4,000 years ago by the Egyptians, to the two world wars in the twentieth century, the cryptography technique has been widely served as a tool to protect secrets. With the development of Internet, the security of communication has become more important than ever. Many researchers and scientists have contributed their countless time and efforts in this area since then. Among all of them, it is believed the most significant development was in 1976 when Diffie and Hellman published the paper "New Directions in Cryptography" [15], in which they first introduced the concept of public-key cryptography. Although no practical implementation was provided along with the paper, the idea had since then attracted various attentions and interests. Two years later, in 1978, Rivest, Shamir and Adleman proposed the first practical public-key encryption and signature scheme, which we now referred to as RSA [14]. Later after that, the 1980s has witnessed much more advancement in this area but none of them rendered RSA as insecure. EIGamal in 1985, found another class of powerful and practical public-key schemes. These are also based on the discrete logarithm problem [13]. The Digital Signature Standard (DSA) scheme announced in 1994 was developed based on the EIGamal public key scheme. Cryptographic techniques are typically divided into two generic types: symmetric-key and public-key [13]. 1) Symmetric-key Encryption For symmetric-key, the encryption key and decryption key are usually identical. The keys are used as a shared secret between two or more parties. The network can only choose a shared key to encrypt or decrypt message when the participants

As shown in Figure 1, Alice is the sender party while Bob is the receiver party. In order to communicate over unsecure channel, both parties have to exchange the shared secret key k through a secure channel first. In MANET, due to its open medium, attackers can easily capture one node and duplicate multiple malicious nodes. In the case of symmetric-key encryption, all nodes shared the same secret key. Compromised one node could well lead to a collapse of the entire network. 2) Public-key Encryption For public-key encryption, the encryption key (public key) and decryption key (private key) are different. Receiver holds both the public key and private key. The public key can be revealed to sender via an unsecured channel, as the secret cannot be known without the according private key. This process is demonstrated in Figure 2.
Unsecure Channel

Pk Bob

Pk bob

EPk Bob (m) = c

Plaintext Message

Unsecure Channel

DPr Bob (c) = m

Plaintext Message

Alice

Bob

Figure 2. Two parties communication using public-key encryption.

As demonstrated in Figure 2, Alice is the sender party and Bob is the receiver party. In order to keep the message m secret, Bob first reveal its public key Pk Bob to Alice through an unsecure channel. Note that symmetric-key scheme requires key distributed via a secure channel. Upon receiving the public key Pk Bob from Bob, Alice uses this public key to encrypt the secret message m and get the cipher text c, which can be described as:

EPk Bob (m) = c .

(1)

Then, the cipher text can be safely transmitted via an unsecure channel to Bob without revealing the secret m. When receives

489

the cipher text c, Bob applies its private key Pr Bob to decipher c and get the plain text message m, which can be described as:

EPr Bob (c) = m .

(2)

Next, Alice sends the message m along with the signature Sig Alice to Bob via an unsecured channel. Bob first compute the received message m with hash function H and get the message digest d, which can be described in:

The advantages of public-key cryptography in MANETs are that 1) key distribution does not require secure channel, and 2) one compromised nodes wont take down the entire network as each node hold a different pair of keys. 3) Digital Signature A digital signature is an electronic analogue of a written signature; the digital signature can be used to provide assurance that claimed signatory signed the information. In addition, a digital signature may be used to detect whether or not the information was modified after it was signed (i.e., to detect the integrity of the signed data) [12]. The purpose of a digital signature is to provide a means for an entity to bind its identity to a piece of information held by the entity into a tag called a signature [13]. The general process of two parties communication with DSA is depicted in Figure 3.

H ( m' ) = d ' .

(5)

Bob can verify the signature by applying Alices public key Pk Alice on Sig Alice , as in:

S Pk Alice ( Sig Alice ) = d .

(6)

If d = d ' , then it is safe to claim that the message m transmitted through an unsecured channel is indeed sent from Alice and intact. B. Intrusion Detection Systems in MANETs A more thorough description to intrusion detection systems in MANETs can be found in our previous work [11]. In this section, we will only concentrate on describing Watchdog scheme, as our research mainly targeting on its disadvantages. Watchdog mechanism was proposed by Marti et al. [8] along with Pathrater mechanism. It concentrates on improving network throughput with the presence of selfish or malicious nodes. Watchdog serves as an intrusion detection system that detects the presence of malicious node in the network, while Pathrater is proposed to respond to these misbehaving nodes by helping the routing protocol to avoid these nodes [11]. The combination of Watchdog and Pathrater scheme in MANETs has been proven to be able to significantly increase the network throughput [8]. However, Watchdog mechanisms ability to detect malicious behavior is impaired when one of the six situations occurs: 1) ambiguous collisions, 2) receiver collisions, 3) limited transmission power, 4) false misbehavior report, 5) collusion and 6) partial dropping.[8]. To solve these issues, we proposed EAACK scheme in [11] to solve four of the six weaknesses of Watchdog mechanism, namely: ambiguous collisions, receiver collisions, limited transmission power and false misbehavior. For ambiguous collisions, Node A may fail to overhear the transmission of node B due to collisions from Packet 2, as demonstrated in Figure 4. Please note that for rest of this paper, all dotted arrow lines in the figure indicate the transmission that is actually involved in our discussion.
Overhearing Packet 2 Packet 1 Packet 1

Message m Hash Function H Message Digest d

Unsecure Channel

Message m Hash Function H Message Digest d

Sign Message

S Pr Alice (d ) = Sig Alice

Alice

Unsecure Channel

Verify Message

S Pk Alice ( Sig Alice ) = d

Bob

Figure 3. Two parties communication using DSA.

As demonstrated in Figure 3, every message m must be put through a pre-agreed hash function H to get a fixed-length message digest, which can be described as:

H ( m) = d .
The sender Alice then apply its private key

(3)

Pr Alice on the computed message digest d to get a signature Sig Alice bind to
message m and Alices private key:

S Pr Alice (d ) = Sig Alice .

Figure 4. Ambigous Collisions.

(4)

In order to assure the validity of digital signature, Alice must keep her private key Pr Alice without revealing to anyone else. Otherwise, the digital signature scheme can be penetrated when the attacker Eve intercepts the message and easily forged malicious messages with Alices signature and send them to Bob.

For receiver collisions, node A overhears that node B has successfully forwarded Packet 1 to node C, but failed to detect that node C did not receive Packet 1 due to a collision with Packet 2, as demonstrated in Figure 5.
Overhearing Packet 1 Packet 2

Figure 5. Receiver Collisions.

490

For limited transmission power, in order to preserve its own battery, node B limits its transmission power so that node A can overhear the transmission, but it is not strong enough for node C to receive Packet 1, as shown in Figure 6.

Overhearing

Packet 1

Figure 6. Limited Tranmission Power

In false misbehavior report, node B successfully forwarded Packet 1 to node C, and node A overhears that, but node A still reports node B as misbehaving. Due to the open medium of MANETs, attackers can easily capture one node and achieve this misbehaving report attack. Figure 7 described this process.
False Report Overhearing Packet 1 Packet 1

Asymmetric cryptography has been widely used in MANETs [19][20][21]. Most public key infrastructures are either based on RSA/DSA or identity-based cryptography [17]. Luo et al. adapted public-key infrastructure to associate public key with nodes identity [18]. There are usually two ways of distributing public keys in MANETs. One approach is to let each node preload with other nodes public key prior to deployment. The other approach is to do key exchange on demand. The later approach provides more scalability to the network as no prior key distribution is required, but it usually produces large overhead and network delay, which is lethal to wireless networks like MANETs. As a result, most security schemes for MANETs usually assume public key has been distributed beforehand. Our proposed scheme is also based on this assumption in order to provide best network performance. IV. SCHEME DESCRIPTION

Figure 7. False Misbehavior

In EAACK protocol, we focused on solving these four potential attacks to watchdog scheme. With the introduction of DSA to our scheme, we can further extend it to be able to detect contaminated messages as well. Due to the nature of wireless transmission, man-in-the-middle attack can be easily achieved as signals are being broadcast over the air. Attackers can easily capture one packet and modify it with malicious payload. Traditional IDSs in MANETs are vulnerable to such attack, as they do not check the integrity of received messages. In our proposed scheme, nodes are required to digitally sign important packets so that contaminated packets can be detected. III. RELATED WORK

There has been a lot of research work on building IDSs for MANETs. The most famous one is the Watchdog mechanism [8], as we discussed in Section 2. The misbehaving detection is based on overhearing the transmission of next nodes. However, Watchdog fails to detect misbehaving node in the presence of 1) ambiguous collisions, 2) receiver collisions, 3) limited transmission power, 4) false misbehavior report, 5) collusion, and 6) partial dropping [8]. To solve these issues, many researchers proposed improved IDSs, TWOACK [7] is one the most important contribution. The idea is to let each node verifies whether the sent packet has been received by the node that is two hops away from it. This is achieved by a acknowledgement packet called TWOACK. TWOACK scheme can be added into source routing protocols like DSR [16]. TWOACK solves the problem of detecting misbehaving nodes in the presence of collisions and limited transmission power, but it is still vulnerable to false misbehavior attack. AACK [24] is another very important IDS specially designed for MANETs. It is a network layer acknowledgement-based scheme that can be considered as a combination of TWOACK and end-to-end acknowledgement scheme. By the introduction of adaptive scheme, AACK greatly reduce the overhead compared to TWOACK.

In this section, we describe our proposed Enhanced Adaptive ACKnowledgement version 2 (EAACK2) scheme. This scheme is based on our previous research EAACK [11]. Compared to EAACK, EAACK2 advances in the following scenarios: Acknowledgement authentication: Prevents attackers from forging fake acknowledgement packet and thus conceive its malicious misbehavior. Packets integrity: Prevents attackers from contaminate packets in MANETs. Please note that in our proposed scheme, we assume that links between each node in the network is bi-directional. All malicious nodes are intermediate nodes; they are neither the destination node nor the source node in three-hop acknowledgement process. Misbehaving nodes cooperate in the routing stage while dropping all data packets. To conceive the source node and protect itself, after dropping data packets, malicious nodes always generate a forged acknowledgement packet and send it back to the source node. The purpose of such settings is to evaluate the performance of our proposed scheme in the worst scenario. EAACK2 can be mainly divided into three parts, namely ACK, S-ACK and MRA. EAACK2 starts with ACK mode. The source node first searches its local memory to see if there are any existing routes leading to the destination node. If yes, data packets are sent along one of these routes. If not, it uses DSR to find a new route. These data packets contain a two bit header that indicates the packet type. In our case, general data packet has a header of 00, ACK packet is 01, S-ACK as 10 and MRA packet as 11. This is listed in Table 1.
Table 1. Packet Type Flags Packet Type Packet Flag Data Packet 00 ACK 01 S-ACK 10 MRA 11

When the source node sent out the data packet, it also registers the packet ID and sent time. On the destination node, upon receiving a data packet, it is required to send back an acknowledgement packet ACK, which contains the packet ID. If the source node successfully received this ACK packet, the transmission is completed and confirmed. However, after a certain time out, if the source node does not receive the desired packet from the destination node, it switches to S-ACK mode

491

by sending out an S-ACK packet to the destination node through the same route. The S-ACK mode is based on the TWOACK [7] scheme. For every three consecutive nodes along the transmission route, the third node is required to send back an S-ACK packet back to the first node to confirm receiving the packet. Unlike what we did in EAACK, where all positive acknowledgements are accepted without doubt, in EAACK2, the third node is required to sign this S-ACK packet with its own digital signature. The intention of doing this is to prevent the second node from forging the S-ACK packet without forward the packet to the third node. This is really dangerous as the malicious node can create a black-hole in the network without being detected. When the first node receives this S-ACK packet, it verifies the third nodes signature with the pre-distributed public key. On the other hand, if no S-ACK packet is received within a predefined time period; the first node will report both second node and the third node as malicious. When the source node receives the malicious report, instead of trusting the report immediately and marks the nodes as malicious, EAACK2 requires the source node to switch to MRA mode to confirm. The source node switches to MRA mode by sending out an MRA packet to the destination node via a different route. If such route does not exist in the cache, the source node initiates a new DSR route request to find a new route. The MRA packet contains the data packet ID. When destination node receives the MRA packet, it searches through its local memory to find out whether the requested packet ID exists. If yes, then the data packet has been received and whoever sent the report is the real misbehaving node. Otherwise, the misbehavior report is confirmed. For extreme conditions when there are no alternative routes from source node to the destination node, EAACK2, by default, accepts the misbehaving report. V. PERFORMANCE EVALUATION

In order to measure and compare the performance of our proposed scheme, we continue to adopt the following two performance metrics: Packet Delivery Ratio (PDR): PDR defines the ratio of the number of packets received by the destination node and the number of packets sent by the source node. Routing Overhead (RO): RO defines the ratio of the amount of routing-related transmissions (RREQ, RREP, RERR, ACK, S-ACK and MRA) To simulate the malicious nodes, we modified the network simulator to let certain amount of nodes behaves like malicious nodes. The malicious nodes will cooperate in the routing process as the others. However, when being requested to forward a data packet, they will drop the data packet and send a forged acknowledgement packet whenever possible. By doing this, we simulate the smart attackers who try to drop the data packets without being detected. For digital signature settings, we adopted an open source library for DSA called Botan [22]. The library is locally compiled with GCC 4.3. Note that due to the limited computational power of mobile sensors, we limited the prime number settings to 512bit. We generated public/private key pairs for each node. A typical size for a public key file is 382 byes and 331 bytes for a private key file. The result signature file is 57 bytes. Although DSA suggested a minimum 1024 bit setting for prime number parameter, we believe 512 bit is strong enough for a mobile sensor to prevent exhaustive attacks. In terms of computational complexity and memory consumption, we did a research on popular mobile sensors. One of the most popular sensors on the market is Tmote Sky [23]. This sensor is equipped with a TI MSP430F1611 8MHZ CPU and overall 1070KB of memory space. We believe it shall be more than capable of handling 512bit DSA with respect to both memory space and computational power. Regarding memory space in our scheme, for each other node, the pair of public and private keys together consumes less than 700 bytes. This adds up to about 35KB in total for all 50 nodes in the simulation. Regarding the computational power, the capability of mobile sensors to handle asymmetric cryptography has been proven through various research works as we discussed in Section 2. B. Simulation Results and Discussions From Figure 8, we can easily discover that EAACK2 outperforms its competitors in general. The packet delivery ratio is almost 10 percent higher than the second best EAACK. This is easy to understand as no other scheme can detect the scenario when attackers are smart enough to forge acknowledgement packet. It is true that the simulation scenario is configured so that all the attackers forge acknowledgement packet, which is not generally the case. However, real network simulation is extremely complex. With limited resources, the best we can do is to analyze the performance based on a representative scenario.

In this section, we will describe our simulation environment and compare our simulation result with Watchdog, TWOACK and EAACK schemes. A. Simulation Methodology Our simulation is conducted with Network Simulator (NS) 2.34 compiled with GCC-4.3 on Ubuntu 9.10. The system is running on a laptop with Core 2 Duo T7250 CPU and 3GB RAM. The default scenario file in NS 2.34 was chosen as our simulation configuration file. The intention is to bring more typical results and make it easier for us to compare the result with other works. The default configuration specifies 50 nodes in a flat space with the size of 670x670m. The maximum hops allowed in this scenario are four and the physical layer and 802.11 MAC layer are included in the wireless extension of NS2. Similar to our previous research work, for each scheme we run three distinct network scenarios and calculate the average performance. The moving speed of mobile node is limited to be under 20m/s and a pause time of 1000s. The UDP traffic with Constant Bit Rate (CBR) is implemented through a packet size of 512 bytes.

492

VII. ACKNOWLEDGEMENT This project is supported in part by a grant from the Natural Sciences and Engineering Research Council of Canada (NSERC) and an internal grant from Acadia University. The authors would also like to thank King Fahd University of Petroleum & Minerals and King Abdulaziz City of Science and Technology via project number 71-29- for their support. REFERENCES
[1]

[2] Figure 8. Packet Delivery Ration Comparison

The routing overhead comparison is demonstrated in Figure 9. With the requirement of digital signature with each acknowledgement packet, it is understandable that our proposed scheme EAACK2 will have higher routing overhead than EAACK and others. Although we chose the simplest DSA signature allowed in FIPS 186 [12], the routing overhead when malicious nodes were 40% still approached around 0.6, which took more than half of the network throughput. However, we believe this performance tradeoff is worthwhile when network security is of highest concern.

[3] [4]

[5]

[6]

[7]

[8]

[9] Figure 9. Routing Overhead [10]

VI.

CONCLUSION AND FUTUREWORK

[11]

In this paper, we proposed an improved IDS scheme for MANETs. Compared to our previous work, despite a slight increase in network overhead, EAACK2 not only achieves a better performance in the presence of forged acknowledgement packets, but also assures the packets integrity when potential attack occurs. Considering the consequences of smart attackers breaking down the entire network and the fact that military task are one of the most popular implementation of MANETs, we believe this trade-off between security and performance is worthwhile. Due to the limited hardware in MANETs, mobile nodes are sensitive to computational intensive operation. In the future, we plan to investigate other authentication schemes and analyze the performance in an algorithm viewpoint. This way we can better preserve battery and memory space of mobile nodes.

[12]

[13] [14]

[15]

S. Buchegger and J.Y. Le Boudec. Performance analysis of the CONFIDANT protocol: Cooperation of nodes, fairness in dynamic ad-hoc networks. In Proceedings of MobiHoc02. L. Buttyan and J.P. Hubaux. Enforcing service availability in mobile ad-hoc WANs. In Proceedings of the 1st ACM international Symposium on Mobile Ad Hoc Networking & Computing (Boston, Massachusetts). International Symposium on Mobile Ad Hoc Networking & Computing. IEEE Press, Piscataway, NJ, 87-96. 2000. L. Buttyan and J.P. Hubaux. Security and cooperation in wireless networks. Cambridge University Press, August, 2007. L.M. Feeney and M. Nilsson 2001. Investigating the energy consumption of a wireless network interface in an ad hoc networking environment. In IEEE INFOCOM, 1548 1557, vol.3, 2001. J.P. Hubaux, T. Gross, L. Boudec and M. Vetterli. Toward selforganized mobile ad hoc networks: The terminodes project. In IEEE Communications Magazine. 2001. M. Jakobsson, J.P. Hubaux and L. Buttyan. A micropayment scheme encouraging collaboration in multi-hop cellular networks. In Proceedings of Financial Crypto, Jan 2003. K. Liu, J. Deng, P.K. Varshney and K. Balakrishnan. An Acknowledgment-Based Approach for the Detection of Routing Misbehavior in MANETs. IEEE Transactions on Mobile Computing, May, 2007, 536-550, DOI= http://dx.doi.org/10.1109/TMC.2007.1036 S. Marti, T.J. Giuli, K. Lai, and M. Baker. Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the 6th Annual international Conference on Mobile Computing and Networking, Boston, Massachusetts, United States, August 06 11, 2000, MobiCom '00. ACM, New York, NY, 255-265. DOI= http://doi.acm.org/10.1145/345910.345955 B. Wu, J. Chen, J. Wu and M. Cardei. A survey of attacks and countermeasures in mobile ad hoc networks. In Wireless Network Security, Xiao, Y., Shen, X. and Du, -Z, D. Net. 2006. S. Zhong, J. Chen and Y.R. Yang. Sprite: A simple, cheat-proof, credit-based system for mobile ad-hoc networks. In Proceedings of Infocom03, San Francisco, CA, USA, March 30- April 2003. N. Kang, E. M. Shakshuki and T. R. Sheltami. Detecting Misbehaving Nodes in MANETs, the 12th International Conference on Information Integration and Web-based Applications & Services (iiWAS2010), November, Paris, France. W. Mehuron. Digital Signature Standard (DSS). U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Information Technogoly Laboratory (ITL). FIPS PEB 186. A. Menezes, P. van Oorschot and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996. R. Rivest, A. Shamir and L. Adleman. A Method for Obtaining Digital Signatures and Public-key Cryptosystems. Communications of ACM 21 (2): 120-126, 1978. W. Diffie and M. E. Hellman. New Directions in Cryptography. In 1976 IEEE Transactions on Information Theory, IT-11: 644654, 1976.

493

[16] D. B. Johnson and D. A. Maltz. Dynamic Source Routing in

[20] M.O. Pervaiz, M. Cardei and J. Wu. Routing Security in Ad Hoc

Adhoc Wireless Networks. In 1996 Mobile Computing, Chapter 5, 153-181. Kluwer Acadmic Publishers, 1996. [17] J. Chen and J. Wu. A Survey on Cryptography Applied to Secure Mobile Ad Hoc Networks and Wireless Sensor Networks. In Wireless/Mobile Network Security. Springer, 2008. [18] H. Luo and S. Lu. URSA: Ubiquitous and Robus Access Control for Mobile Ad Hoc, 2004. [19] W. Lou and Y. Fang. A Survey of Wireless Security in Mobile Ad Hoc Networks: Challenges and Available Solutions. In Ad Hoc Wireless Networks, 319-364. Academic Publishers. 2003.

Wireless Networks. In Network Security, Springer. 2008.

[21] Y. Xiao and V. Ray. A Survey of Key Management Schemes in

Wireless Sensor Networks. Computer Communication. 2007. Lloyd. Botan, a Friendly C++ Crypto Library. http://botan.randombit.net [23] TIK WSN Research Group. The Sensor Network Museum Tmote Sky. http://www.snm.ethz.ch/Projects/TmoteSky [24] T. Sheltami, A. Al-Roubaiey, E. Shakshuki and A. Mohmoud. Video Transmission Enhancement in Presence of Misbehaving Nodes in MANETs. International Journal of Multimedia Systems, Springer, vol. 15, issue 5, 273-282. 2009.
[22] J.

494