Key establishment in sensor networks is a challenging problem because asymmetric key cryptosystems are unsuitable for use in resource constrained sensor nodes, and also because the nodes could be physically compromised by an adversary. We present three new mechanisms for key establishment using the framework of pre-distributing a random set of keys to each node. First, in the q-composite keys scheme, we trade off the unlikeliness of a large-scale network attack in order to significantly strengthen random key predistribution’s strength against smaller-scale attacks. Second, in the multipath-reinforcement scheme, we show how to strengthen the security between any two nodes by leveraging the security of other links. Finally, we present the random-pairwise keys scheme, which perfectly preserves the secrecy of the rest of the network when any node is captured, and also enables node-to-node authentication and quorum-based revocation. 1 We gratefully acknowledge funding support for this research. This work was made possible in part by a gift from Bosch Research. This paper represents the opinions of the authors and does not necessarily represent the opinions or policies, either expressed or implied, of Bosch Research. Keywords: Sensor network, key distribution, random key predistribution, key establishment, node

Contrary to the common belief that mobility makes security more difficult to achieve, we show that node mobility can, in fact, be useful to provide security in ad hoc networks. We propose a technique in which security associations between nodes are established, when they are in the vicinity of each other, by exchanging appropriate cryptographic material. We show that this technique is generic, by explaining its application to fully self-organized ad hoc networks and to ad hoc networks placed under an (off-line) authority. We also propose an extension of this basic mechanism, in which a security association can be established with the help of a "friend". We show that our mechanism can work in any network configuration and that the time necessary to set up the security associations is strongly influenced by several factors, including the size of the deployment area, the mobility patterns, and the number of friends; we provide a detailed investigation of this influence.

Protecting the network layer from malicious attacks is an important yet challenging security issue in mobile ad hoc networks. In this paper we describe SCAN, a unified networklayer security solution for such networks that protects both routing and data forwarding operations through the same reactive approach. SCAN does not apply any cryptographic primitives on the routing messages. Instead, it protects the network by detecting and reacting to the malicious nodes. In SCAN, local neighboring nodes collaboratively monitor each other and sustain each other, while no single node is superior to the others. SCAN also adopts a novel credit strategy to decrease its overhead as time evolves. In essence, SCAN exploits localized collaboration and information cross-validation to protect the network in a self-organized manner. Through both analysis and simulation results we demonstrate the effectiveness of SCAN even in a highly mobile and hostile environment.

User mobility in wireless data networks is increasing because of technological advances, and the desire for voice and multimedia applications. These applications, however, require handoffs between base stations to be fast to maintain the quality of the connections. Previous work on context transfer for fast handoffs has focused on reactive, i.e. the context transfer occurs after the mobile station has associated with the next base station or access router, methods. In this paper, we describe the use of a novel and efficient data structure, neighbor graphs, which captures dynamically the mobility topology of a wireless network as a means for pre-positioning the station's context at the potential next base stations-- ensuring that the station's context remains one hop ahead. From experimental and simulation results, we find that the use of neighbor graphs reduces the layer 2 handoff latency due to reassociation by an order of magnitude from 15.37ms to 1.69ms, and that the effectiveness of the approach improves dramatically as user mobility increases.

Providing reliable group communication is an ever recurring topic in distributed settings. In mobile ad hoc networks, this problem is even more significant since all nodes act as peers, while it becomes more challenging due to highly dynamic and unpredictable topology changes. In order to overcome these difficulties, we deviate from the conventional point of view, i.e., we "fight fire with fire," by exploiting the nondeterministic nature of ad hoc networks. Inspired by the principles of gossip mechanisms and probabilistic quorum systems, we present in this paper PILOT (ProbabilistIc Lightweight grOup communication sysTem) for ad hoc networks, a two-layer system consisting of a set of protocols for reliable multicasting and data sharing in mobile ad hoc networks. The performance of PILOT is predictable and controllable in terms of both reliability (fault tolerance) and efficiency (overhead). We present an analysis of PILOT's performance, which is used to fine-tune protocol parameters to obtain the desired trade off between reliability and efficiency. We confirm the predictability and tunability of PILOT through simulations with ns-2.

We investigate secure routing in ad hoc networks in which security associations exist only between a subset of all pairs of nodes. We focus on source routing protocols. We show that to establish secure routes, it is in general not necessary that security associations exist between all pairs of nodes; a fraction of security associations is su#cient. We analyze the performance of existing proposals for secure routing in such conditions. We also propose a new protocol, designed specifically for ad hoc networks with an incomplete set of security associations between the nodes. We call this protocol BISS: a protocol for Building Secure Routing out of an Incomplete Set of Security Associations. We present a detailed analysis of this protocol, based on simulations, and show that it can be as secure as the existing proposals that rely on a complete set of security associations.

Abstract — Initial work in ad hoc routing has considered only the problem of providing efficient mechanisms for finding paths in very dynamic networks, without considering security. Because of this, there are a number of attacks that can be used to manipulate the routing in an ad hoc network. In this paper, we describe these threats, specifically showing their effects on AODV and DSR. Our protocol, named Authenticated Routing for Ad hoc Networks (ARAN), uses public-key cryptographic mechanisms to defeat all identified attacks. We detail how ARAN can secure routing in environments where nodes are authorized to participate but untrusted to cooperate, as well as environments where participants do not need to be authorized to participate. Through both simulation and experimentation with our publicly-available implementation, we characterize and evaluate ARAN and show that it is able to effectively and efficiently discover secure routes within an ad hoc network. I.

Abstract—Wireless Community Networks (WCNs) are wide-area wireless networks whose nodes are owned and managed by volunteers. We focus on the provision of free Internet access to mobile users through WCN-controlled wireless LAN access points (APs). We rely on reciprocity: a person participates in the WCN and provides free Internet access to mobile users in order to enjoy the same benefit when mobile. Our reciprocity scheme is compatible with the distinctive structure of WCNs: it does not require registration with authorities, relying only on uncertified free identities (public-private key pairs). Users sign digital receipts when they consume service. The receipts form a receipt graph, which is used as input to a reciprocity algorithm that identifies contributing users using network flow techniques. Simulations show that this algorithm can sustain reciprocal cooperation. We have implemented our algorithm to run on common WCN equipment, namely the Linksys WRT54GS AP. I.

Reputation systems in mobile ad-hoc networks can be tricked by the spreading of false reputation ratings, be it false accusations or false praise. Simple solutions such as exclusively relying on one's own direct observations have drawbacks, as they do not make use of all the information available. We propose a fully distributed reputation system that can cope with false disseminated information. In our approach, everyone maintains a reputation rating and a trust rating about everyone else that they care about. From time to time first-hand reputation information is exchanged with others; using a modified Bayesian approach we designed and present in this paper, only second-hand reputation information that is not incompatible with the current reputation rating is accepted. Thus, reputation ratings are slightly modified by accepted information. Trust ratings are updated based on the compatibility of second-hand reputation information with prior reputation ratings. Data is entirely distributed: someone's reputation and trust is the collection of ratings maintained by others. We enable node redemption and prevent the sudden exploitation of good reputation built over time by introducing re-evaluation and reputation fading. We present the application of our generic reputation system to the context of neighborhood watch in mobile ad-hoc networks, specifically to the CONFIDANT [3] protocol for the detection and isolation of nodes exhibiting routing or forwarding misbehavior. We evaluate the performance by simulation.

We propose a straightforward technique to provide peer-to-peer security in mobile networks. We show that far from being a hurdle, mobility can be exploited to set up security associations among users. We leverage on the temporary vicinity of users, during which appropriate cryptographic protocols are run. We illustrate the operation of the solution in two scenarios, both in the framework of mobile ad hoc networks. In the first scenario, we consider fully self-organized security: users authenticate each other by visual contact and by the activation of an appropriate secure side channel of their personal device; we show that the process can be fuelled by taking advantage of trusted acquaintances In the second scenario, we assume the presence of an off-line certification authority and we show how mobility helps to solve the security-routing interdependency cycle; in this case, the security protocol runs over one-hop radio links. We then show that the proposed solution is generic: it can be deployed on any mobile network and it can be implemented either with symmetric or with asymmetric cryptography. We provide a detailed performance analysis by studying the behavior of the solution on various mobility models.