Ad-hoc networks are groups of interconnected devices, such as computers or transceivers, in which the topology and/or connectivity of the network may change at any time. Ad-hoc networks are advantageously used in circumstances where a plurality of devices desire or are required to communicate with each other.
In ad-hoc Networks there is a constant and continuous risk of intruders compromising the integrity of the network. For example, one type of known vulnerability to computers and networks is internet protocol (IP) spoofing. This is a technique used to gain unauthorized access to network nodes such as mobile computers or network devices such as routers. An example of IP spoofing is illustrated in FIG. 9, which depicts part of an ad-hoc network including node A and node B. A data packet or message 4 sent from node B to node A includes a header portion 6 and a data portion 8. Message 4 is shown as being sent directly from node B to node A, although the message may be sent through multiple nodes in the network prior to reaching node A. Header portion 6 typically includes the IP address of the message source as well as the IP address of the intended message recipient. Nodes between node B and node A in the network read the IP addresses and forward the message toward node A using various routing schemes. An intruder, shown in FIG. 1 as node X, obtains the IP address of node B using any of a variety of techniques. Node X incorporates the IP address of node B into a header portion 6X of a message 4X. When node A receives message 4X, node A reads header portion 6X and determines that message 4X has actually been sent by node B. Node A is thereby fooled, or spoofed, into believing a message from an intruder is from a trusted node. Such IP spoofing may analogously be applied to any non-internet ad-hoc network where a data packet header or a message detailing network topology or connectivity contains an identifier for one or more receiving nodes in the network.
Some networks do not use communications protocols that utilize source or destination information contained within transmitted messages; however, such networks may still be subject to spoofing attacks by intruders. For example, FIG. 10 depicts nodes N1, N2 and N3 of a wireless network in which messages broadcast by nodes in the network may not be intended for every node that can receive the messages. Each message, such as message M being broadcast from node N1, therefore includes a connection identifier C in a header of the message. Nodes N2 and N3 receive the message and read the connection identifier to see if the nodes are intended to process the message. In FIG. 10 node N2 recognizes the connection identifier in message M and processes the message, while node N3 does not recognize the connection identifier and does not process the message. If an intruder is able to obtain a connection identifier recognized by nodes in the network, the intruder may fool or spoof the nodes into believing the intruder is indeed part of the network.
To address and overcome problem of spoofing, nodes in the network must be able to detect and respond to intruders attempting to compromise the network. The challenge of spoofing, however, may be especially difficult to address in an ad-hoc network, where nodes are continuously entering and exiting the network. An intruder such as node X in FIG. 9 may easily obtain IP address or connection identifier information and fool any of the nodes in the network into accepting spurious and potentially harmful messages. What is needed is a method of detecting spurious messages in an ad-hoc network.
It is therefore an object of the invention to provide such a method of detecting spurious messages in an ad-hoc network.
Another object of the invention is to prevent unauthorized devices from successfully communicating on an ad-hoc network.
A feature of the invention is adding location information into messages sent through an ad-hoc network.
An advantage of the invention is added security in an ad-hoc network.