An Anonymous Routing Protocol with Authenticated Key Establishment in Wireless Ad Hoc Networks

Anonymity is an important concern in wireless communications. Most anonymous routing protocols in ad hoc networks usually assume that a shared secret exists between the sender and the receiver. These protocols hide either the sender and the receiver or the intermediate nodes from the ad hoc network. Different from previous anonymous secure routing protocols, this paper proposes an anonymous routing protocol, ARAKE, which not only makes the sender and the receiver anonymous but also hides the intermediate nodes from the network simultaneously. To make the protocol more practical in dynamic network, ARAKE uses the public key to substitute the shared secret. In ARAKE, the receiver can authenticate the sender and gets a shared secret without extra key establishment processes. ARAKE can prevent packet analysis attack as well as most active attacks that are based on route information. The denial-of-service attack to specific session also can be restrained. The simulative results have shown that ARAKE outperforms a representative protocol ARAN in terms of both communication and energy overheads. 1. Introduction Ad hoc networks play an important role in urgent communications. In this environment, when an intermediate node receives a communication packet, it may modify, fabricate, or drop it. Based on the information of the received packet, the malicious node may impersonate the original sender as well. In addition, an adverse node also may capture a node physically, gets the secrets from that node, and continues to attack others using its secrets. For example, in Figure 1, is the sender, is the receiver, and are adverse nodes, and the other nodes are normal intermediate nodes. could initiate both passive and active attacks once it receives a packet. Figure 1: Example topology. The early routing protocols, such as AODV [1] and DSR [2], mainly focus on how to route the packets in ad hoc networks efficiently, but the potential adversaries that may sneak into normal nodes are usually not taken into account. As a result, some malicious nodes may affect the whole network seriously by creating wrong packets or collecting the traffic information [3]. Thus, the issue of secure and anonymous routing [4–7] has received significant attention in recent years. Zapata proposes a secure version of AODV, called SAODV [8], to prevent the black hole attack on AODV. In this attack, a malicious node acts as an intermediate node and advertises itself on the shortest path to the destination by sending a route reply message. In SAODV, when the intermediate node sends a route reply