A wireless ad hoc network is formed by a collection of mobile communication devices such as Personal Digital Assistants (PDAs), laptops, and/or Wireless Fidelity (Wi-Fi) routers without the aid of an existing network infrastructure. Ad hoc networks are used to aid, for example, military operations and emergency rescue efforts of large disaster areas. The communicating nodes in an ad hoc network typically use common wireless technologies such as Wi-Fi and peer-to-peer communication techniques. Therefore, each node in an ad hoc network may act as an end host as well as a router handling communication for nodes that are too far away from each other to communicate directly. In contrast, the current Internet is designed using hierarchical communication techniques with most computers functioning as end hosts and with communication among these facilitated by network routers, which are often under the control of trained network administrators.
An ad hoc network may consist of several hundred mobile nodes, some of which may become compromised by an enemy. A capable enemy can corrupt the network software of one or more nodes by using hacker attacks, even without capturing the nodes physically. These nodes then become malicious insiders, since they were normal nodes before being compromised, and thus have all the cryptographic keys required to behave as normal nodes. Traditional cryptographic techniques are insufficient to prevent such malicious insider nodes from launching coordinated attacks either to disrupt the network completely, or at least significantly degrade the network's ability to deliver packets among uncompromised nodes.
Owing to node mobility and unpredictable nature of wireless links, the network topology and, hence, the routes in an ad hoc network change frequently. Wireless transmissions make passive eavesdropping easy to achieve. Since each node participates in the network's management and operation by cooperating in the identification of routes and disseminating notification of broken routes, it is easier for malicious nodes to launch various types of attacks and thereby to render the network unusable. Be they moles or normal nodes compromised by hacker attacks during live operation, malicious insider nodes can launch attacks that are particularly difficult to contain. This is because such nodes typically have access to all the cryptographic keys required for them to participate undetected in normal communications, which enables them to launch Byzantine attacks that adaptively target the most critical points (in time or in space) of network operation. Simulation studies have shown that even a single malicious node attacking existing ad hoc routing protocols can reduce the network performance by a third or more.
Several well-known attacks on wired networks, the Internet and Local Area Networks (LANs), exploit vulnerabilities in transport layer protocols, such as Transport Control Protocol (TCP), and computer operating systems (OSs). In the context of ad hoc networks, both the attacks and the solutions developed to mitigate them for wired networks are applicable. Therefore, the present invention considers attacks specific to wireless networks, targeting network, routing and link layer protocols. Attacks on link layer protocols often involve modification of the Medium Access Control (MAC) protocol and using disproportionately more channel bandwidth.
Security attacks on ad hoc networks may be launched by “outsider” nodes that do not have necessary cryptographic keys to decipher the contents of transmission, or by “insider” nodes, nodes assumed to be normal nodes, that have been compromised. Outsider attackers can jam radio signals, eavesdrop and learn traffic patterns, or replay transmissions originating in one region of the network in another region, which can lead to false routes containing “wormholes.” These can be countered using anti jamming radio transmission techniques, multiple node-disjoint paths to deliver data packets, and bounding packet hop times and distances. However, the attacks launched by malicious insider nodes exploiting vulnerabilities in Route Discovery (RD), Route Maintenance (RM), and Data Forwarding (DF) in the network layer are insidious and hard to mitigate.