I assume that the length of [Listinvalid] in the factaccept([Listinvalid]) isk. I define the complexity of the proposed algorithm by the number of resolution steps that needed to be performed. The following cases are distinguished and examined:
• The complexity of the request phase without stepping into the attacker phase: InPhH(Fwm),
checking the type of Fwm takes two resolution steps in the worst case (point 1). One
resolution is for checking ifFwmis a request, and an another if it is a reply. Then, in point
2 Fwmis extended with one of the rulesR req
2.3,R
req
2.1 andR
req
1 , which takes three resolutions. This requires at most three resolution steps. Moreover, in points 7-8,nbr-facts are resulted after each resolution step. Eliminating onenbr-fact takes one resolution stepnbr(lip,lpj)◦nbr nbr(ypi,yjp). Let the number of nbr-facts in rulesRreq2.1 andRreq2.3 benbrreq2.1 andnbrreq2.3, which yieldmax(nbrreq2.1,nbrreq2.3) resolution steps.
In the request phase, we can get back from the destination to the source node by continually performing the resolution steps with the ruleRreq2.3, until we reach the source node, where the two rules Rreq2.1 andR1req are applied, in this order (shown in Figure 24). In the worst case, the number of resolutions is equal to the number of ID list in the request messagetbroader
att in
the fact att(lpatt,tbroader
att ). Let the number of IDs in this ID list ber. Hence, in the request
phase, (2 + 3×max(nbrreq2.1,nbrreq2.3))×max(r,k) resolution steps are required.
Figure 24: The backward reasoning is based on consecutive resolution steps. After performing each resolution step with a given rule, we step back from one node to its neighbor node. On the left side, we consider the case when there is more than one intermediate node, while on the right side, the case of one honest intermediate node is illustrated.
• The complexity of the reply phase without stepping into the attacker phase: Based on the similar reasoning, in the reply phase we have to search in the setShonrep,Shonrep ={Rrep1.1,Rrep2.1, Rrep2.4,Rrep2.8,Rrep2.12,Rreq3.1 }, which costs 6 resolution steps. In the reply phase, we can get back from the source to the destination by applying Rrep1.1 first, followed by using the ruleRrep2.4. Then, the resolution steps between the resulted fact from the previous resolutions andRrep2.12, are constantly performed. Finally, the rules Rrep2.8 andRreq3.1 are used to get into the request phase. In case of one intermediate node, rule Rrep2.1 is applied after using Rrep1.1 and before Rreq3.1. Therefore, in the reply phase, at most (2 + 6 ×max(nbrrep1.1,nbrrep2.1,nbrrep2.4, nbrrep2.8,
• The complexity of the attacker phase, PhA(Froot
att ): The resolution steps required in one
attacker phase depends on the number of message elements in the requests and replies supposed to be sent by the attacker (i.e., the size of set W). For each att-fact fatt in W,
we search for the rule in the set of the attacker’s computation ability, Catt, which can be
resolvable with fatt. This takes |Catt| number of resolution steps, where |Catt| denotes the
size of Catt.
In function FNotKeyedFunc(Fatt), the case (#childs(Fatt) > 1) yields #childs(Fatt) + 1
resolution steps. In case (#childs(Fatt) = 1) or Fatt has no child, we need to examine
whetherFattor its child is in the attacker’s knowledge set,Katt, which takes|Katt|resolution
steps. Hence, the worst case complexity of FNotKeyedFunc is: Complex(FNotKeyedFunc) =max(#childs(Fatt) + 1,|Katt|).
In pointa7 ofPhA(Fattroot), we have to examine if the key is in the union setIattsKey ∪I pKey att ,
which requires|IattsKey| +|IattpKey|resolution steps.
In FAttKeyedFunc(Fatt), the attacker rule Acomp is used to extend att(l p
att, Data), which
takes one resolution step. DeletingFattin pointa8.3 also takes one resolution step.
Point a9 of PhA(Froot
att ) costs one resolution step. Let the set that stores the already ex-
amined att-facts for tmsgatt , tbroaderatt and t replace
att messages be Wmsg, Wbroader, and Wreplace,
respectively. In point a10, we have to examine if Fattmsg has been examined before, which
requires |Wmsg|resolutions.
In REQREPcorrectplace, points a11.1 and a11.5 take |SRecv
att | and one resolution steps,
respectively. In the while cycle, pointsa11.7 anda11.8 require two resolution steps, points
a11.10 and a11.11 take |Wbroader| and |W00| resolution steps, respectively. Finally, point a11.12 costs|SRecv
att |steps. In total, the complexity of the function is: Complex(REQREPcorrectplace) =|CONTAIN| ×(|SRecv
att |+|Wbroader|+|W00|) +|SattRecv|
+ 1.
Within the while construct ofREQREPincorrectplace, pointsa12.2,a12.3 anda12.4 require one,|Wreplace|and|SattRecv|resolution steps, respectively. Hence,
Complex(REQREPincorrectplace) =|REPLACE| ×(|Wreplace|+|SattRecv|+ 1).
To summarize, the worst-case complexity of phase PhA(Fattroot) is:
Complex(PhA) =
1 +|W| ×(|WFatt|+|Catt|+MAX(Complex(FNotKeyedFunc),Complex(FAttKeyedFunc),
|IattsKey|+|IattpKey|+MAX(Complex(REQREPcorrectplace),Complex(REQREPincorrectplace)) ).
The worst-case complexity of the backward deduction algorithm, for a given [Listinvalid], can be upper bounded by
const ×q×Complex(PhA)2×max(k,r),
for someconst which specifies the resolution steps required in the honest phases before and after each attacker phase (which is a linear function ofmax(k,r)), and qrepresents the number of the attacker nodes.
The complexity of the proposed algorithm in practise: Although in the worst case, the com- plexity ofsr-verif is the exponential function of the length of the ID listListinvalid, in practise, it
is very effective in case of well-known on-demand source routing protocols. In case of well-known routing protocols, an attack scenario can be found with [Listinvalid] containing not more than
three node IDs. An attack scenario against the DSR protocol is found when [Listinvalid] = [l p
1] is examined; an attack scenario against the SRP protocol is found at the point when the verifi- cation tool is examining the case in which [Listinvalid] = [lp1, lp2], and an attack scenario against the Ariadne protocol is detected in case [Listinvalid] = [lp1, l2p, lpatt1]. Finally, the analyzed covert
channel attack against the endairA protocol (discussed in Section 8.4) can be detected based on the invalid list [lattp 1, lpatt2], wherelpatt1 andlpatt2 are the IDs of two different attacker nodes.
In practice, the complexity of the attacker phases is not large because the message elements in theatt-factFattrootcorresponding to a latterPhA(Fattroot) phase is the subset of the message elements
in the upper level attacker phases and the firstPhA(Fattroot) phase. More specifically, theatt-facts
in the setW will not increase exponentially, because the duplicated facts are eliminated.
Finally, despite considering an arbitrary topology and a strong attacker node, my proposed approach is more effective than the approach in [5], which handles specific topology. The main advantage of my approach is that to verify a routing protocol it does not have to examine exhaus- tively all the topologies, which is required in [5]. In [5] the authors exhaustively check 2n(n2−1) or
2n(n−1)topologies fornnodes. This is a bad approach because they also check a large number of equivalent topologies. The SPIN model checker is applied for each topology to detect attacks.