5.2.1 The Original DSR
Dynamic Source Routing (DSR) [56] is a well-known routing protocol in wireless ad hoc networks. The original DSR consists of Route Discovery and Route Maintenance mechanisms. In this study we only consider the Route Discovery process, which is shown in Figure 5.1. Whenever a source node S wants to communicate with a target node T , S will initialize a Route Discovery by sending out a Route Request (RREQ) packet. The RREQ packet contains a tuple of hSID,TID,REQ-IDi as a unique indicator, representing the source and target addresses, and a request id, respectively. The intermediate node receiving this request will check whether it has received the same request before; if it has, the request is dropped silently, otherwise the node will add itself to the route list and re-broadcast the request to its neighbors.
Upon receiving the request, the target node sends out a Route Reply (RREP), which contains the complete routing information, to the source along the reversed path.
Note that this is only the basic operation in DSR; there are many existing variants for optimizing performance and handling general scenarios. For example, there might exist uni-directional links in the system, therefore, the target will send out the reply along the path it already knows or initialize a Route Request to find a path to the source; an intermediate node could send out a reply to the source directly if it knows a route to the target in its cache; any node hearing a route could cache this overheard routing information for performance improvements; furthermore, when one link fails, a Route Error message is generated and propagated in the network to update the routing information, which might be frequent and necessary in a highly mobile environment.
In the following sections, we restricted our attention to fixed wireless ad hoc net-works with the simplified DSR protocol. We assume that all links are bi-directional, only the target will send out the reply to the source, the Route Reply is traveling along the reversed route, and there is no link failures. As shown in Figure 5.1, node S initializes a Route Discovery by sending out a Route Request message. Then, the request floods the whole network and two possible routes arrive at the target. Finally, the target will send the routes back to the source along the reversed paths.
5.2.2 The Improved DSR
Obviously the original DSR protocol is vulnerable since there are no security mech-anisms implemented; previous studies [49, 80, 43, 45, 48, 47] have disclosed many attacks, like rushing, wormhole, flooding, and so on. In this section we improve the protocol to eliminate these attacks, under the assumption of a key management scheme as follows. Each node who wants to join the network must share a secure as-sociation with each neighbor. Here a secure asas-sociation means that the nodes either share a symmetric key or are able to verify each other’s public key, in order to build a confidential channel between them. Furthermore, the source and target nodes of any transmission must also share a secure association; otherwise there is no way to
S
A
E
T
D
B
F C
RREQ
RREQ
<S,A,B,C,T>
<S,D,E,F,T>
(a) DSR Route Discovery: Route Request Flooding
S
A
E
T
D
B
F C
RREP RREP
<S,A,B,C,T>
<S,D,E,F,T>
(b) DSR Route Discovery: Route Reply
Figure 5.1: DSR route discovery
provide end-to-end security for them. Based on this key management assumption, we decompose the secure routing problem into two components: a hop-by-hop link security protocol and a routing protocol on top of the secure links. The hop-by-hop link security protocol is not our focus here, since there are already proposals to build a secure channel between nodes given a secure association (i.e., 802.11i). Instead, we focus on building a secure routing protocol on top of the network with confidential links. Note that in a routing protocol, every node (re)broadcasts a message to all its neighbors simultaneously. For simplicity we assume that we are able to distinguish the sender and recipients during broadcasting; for example, the broadcast messages can be sent through multiple point-to-point links, or there are some cryptographic mechanisms implemented. Based on these assumptions, we show that we can achieve secure routing by simply improving DSR in several aspects, which are summarized as follows.
(i) When composing the Route Reply message, the target attaches a Message In-tegrity Check (MIC) to the Route Reply, which is computed from the shared secure association and the message content; when the source gets the reply, it checks the authenticity of the message before accepting it.
(ii) When rebroadcasting the Route Request message, every intermediate node checks that the last hop in the route list matches the identity of its neighbor, from which the request is transmitted.
(iii) The intermediate nodes remember the route associated with the first Route Request received from the source; when forwarding the Route Reply back to the source, it checks that the route list between the source and itself matches the saved entry.
(iv) The source uses a cryptographical random number generator, instead of a monotonically increasing sequence counter, to generate the Route Request ID.
(v) The target sends back Route Reply messages, resulting in multiple routes, for all the Route Request messages received; the source chooses one from these multiple routes for subsequent data communications.
Note that the last improvement has been explored in [17, 60] for performance considerations. Here we introduce it to mitigate the possible Denial of Service (DoS) vulnerabilities. In the following sections, we will verify that the improved DSR pro-tocol is secure on top of the confidential links.