the_handbook_of_ad_hoc_wireless_networks_12

Chia sẻ: Kata_8 Kata_8 | Ngày: | Loại File: PDF | Số trang:10

Thêm vào BST

Báo xấu

87
lượt xem 27
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'the_handbook_of_ad_hoc_wireless_networks_12', công nghệ thông tin, quản trị mạng phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: the_handbook_of_ad_hoc_wireless_networks_12

Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com entities and grant access to guarded information to those who exhibit their knowledge of the keys [12]. Therefore, it is imperative that keys be securely generated and distributed to appropriate entities. Secret keys are shared between communicating entities. A secret key can be generated by one party and distributed to another entity, either through direct physical contact or a secure channel. The key can also be negotiated among entities, in which case key generation and distribution are accomplished simultaneously. In public-key cryptography, a public key is made public, while the corresponding private key is kept secret. A public-key certiﬁcate certiﬁes the binding between a public key and an entity. Certiﬁcates are signed bindings by a trusted party whose public key is known beforehand. Public-key certiﬁcates can be generated and distributed through a central server (similar to publishing phone numbers in a phone book) or a network of nodes that provides such services (similar to distributing cell phone numbers by the word of mouth), or a combination of the two. Public-key cryptography is often used to distribute secret keys. 32.3 Security Issues in Ad Hoc Networks Security requirements in AHNs do not differ dramatically from their wired network counterparts [24]. Traditional security mechanisms still play a role in achieving AHN security. However, the context to achieve security goals is different. Changes in network topology and membership occur rapidly in this new context [15]. Consequently, some issues that are only of concern to high-assurance applications in wired networks are now essential to general AHN applications. In wired networks we assume the following are in place: 1. Availability of routing service, which implies knowledge of network topology and membership 2. Availability of supporting services, such as naming and key distribution, through central, static system control 3. Security policy for networks and systems Security policies (i.e., access control policies) are embedded in the networked nodes and protocols as prevention and detection mechanisms. Prevention mechanisms include identiﬁcation, authentication, authorization, and ﬁrewall. 32.3.1 Access Control Policy The underlying characteristic of the key issues in AHN security is the ad hoc, mobile, and wireless nature of the network. In AHNs, the physical boundary between internal and external networks disappears. Collaborations of nodes can no longer be taken for granted. Each node makes decisions regarding access to the network in addition to controlling access to itself. The roles each node takes on are more critical in AHNs. Hence it is critical that security policies be clearly deﬁned before they are embedded in the network protocols and applications [20]. A good policy should encompass access rules to the network and individual nodes. Policy decisions are based on a trust relationship [5]. The ad hoc nature of trust in a dynamic network raises some issues to the forefront: How do individual nodes establish trust among themselves? How does a network (a collection of nodes) establish trust with individual nodes? How do trust relationships evolve over time? How much risk is there in trusting a node or a network? In Section 32.4 Recurrent Duckling Transient Association, we will examine one access control model that provides a framework to address some of these concerns. © 2003 by CRC Press LLC
Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com 32.3.2 Routing Security Routing in AHNs is a collective work of nodes in the network [15,16]. Accordingly, the availability of routing service depends on the good behavior of nodes within transmission range of one another. Nodes in AHNs have less physical security than in wired networks because they are not within a physical protection boundary. They are more easily compromised as a result. Malicious nodes can fabricate routing information and modify routing packets that pass through them. Subsequently, networks can be fragmented by the wrong routing information advertised by these nodes. Cryptography is a commonly used preventive measure to counter fabrication and modiﬁcation attacks [21]. Nodes could behave more subtly to affect the effectiveness of AHNs. A chatty node could occupy valuable bandwidth. A passive–aggressive node could either drop packets that pass through or not respond to routing requests. Detective mechanisms help to curb those behaviors. Tactics such as auditing, quota- and-reward, and trading induce collaboration from these nodes [4,11]. An ideal secure routing algorithm for AHNs withstands the behavior of both malicious and selﬁsh nodes. In Section 32.5 Routing Security, we relate several routing algorithms that provide some level of security. 32.3.3 Service Survivability Mobility and the increased vulnerability of nodes in AHNs necessitate decentralization for a viable security solution [24]. Networks are partitioned and combined as nodes move around. A centralized service provider is a single point of failure and attack: services would be rendered unavailable if the server is partitioned into a different network and when it fails. A decentralized service would lessen the severity of these problems and increase the survivability of the service. In Section 32.6 Key Distribution, we investigate one attempt to adapt security mechanisms from wired networks to AHNs. 32.4 Recurrent Duckling Transient Association Home appliances form an AHN in which there are clearly deﬁned roles for each node: controllers (e.g., remote control) and controlled devices (e.g., TV and oven). However, the association between a controller and the controlled is not permanent. Stajano and Anderson developed an access control model, resur- recting duckling transition association, to describe this transient master-slave relationship among appli- ances [18]. In this model, a device is initially in a prebirth stage where it is free but latent. It is born when a controller comes into contact with it. The controller becomes its master, and it becomes a slave. This process is called imprint. The master controls the fate of the slave, from when it should die (i.e., be deactivated) to what services it can provide to other appliances. When a device is deactivated, it goes back to the prebirth stage. It can be reborn through another imprint (resurrection). Take as an example the appliances at the home of Alice and Bob (see Fig. 32.5). Alice purchases TV- small and VCR-cool that are in prebirth stage and imprints them with her remote control RT-Alice, which gives her full control of both devices. She also instructs TV-small to receive control signals from the VCR for tape recording. When Bob adds TV-large later, Alice deactivates TV-small and imprints TV-large with RT-Alice. Now RT-Alice controls both TV-large and VCR-cool. She then imprints TV-small with Bob’s remote control RT-Bob. Through RT-Alice, she also instructs VCR-cool to accept control signals from RT-Bob. In the end Alice has TV-large all to herself; Bob has full control of TV-small; Alice controls the fate of VCR-cool and shares with Bob general access rights to it. 32.5 Routing Security Every node is a router in an AHN. In a wired network, routers are a part of the network infrastructure that is oblivious from regular nodes. In an AHN, routing is a shared responsibility among all the nodes © 2003 by CRC Press LLC
Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com controls TV-large RT-Alice controls Alice’s Remote Control VCR-cool shares RT-Bob Bob’s TV-small controls Remote Control FIGURE 32.5 Security association among home appliances. that are a part of the network [15,16]. Routers play two roles: that of a relay, which forwards packets, and that of a pathﬁnder, which discovers routes in collaboration with other nodes. In its capacity as a pathﬁnder, a router shares its knowledge of network topology, seeks information from other nodes, and calculates routes between end nodes in the network. 32.5.1 Threats to Routing Security In a friendly environment, we expect a node to relay packets passing through it, share information truthfully, and generate packets only when needed. However, not every node is cooperative in a network [3,11]. Nodes could be noncooperative or even malicious. A noncooperative node could simply and quietly drop packets that pass through it and might not respond to solicitation from other nodes. A malicious node might be chatty to take up limited bandwidth. Or it might spread rumors about the network topology, that is, it could either fabricate routing information or distort routing information that passes through it. As a concrete example of attacks, consider the topology shown in Fig. 32.6, where there is a route S- A-B-C-D [7]. As an example of passive-aggressive behavior, node B, when compromised, could silently drop routing requests from S, thereby rendering the route unavailable. As an example of malicious node behavior, node E as an adversary broadcasts a distorted message stating that it has a shorter route to D. A routing protocol that selects paths based on distance would select S-A-E-D instead. By doing so, E successfully directs communication from S to D to itself, and it can drop packets silently. Cryptography is a powerful defense against many types of attacks. Message authentication codes (MACs) based on cryptography could identify and authenticate nodes that participate in the routing, thereby detecting the fabricated and distorted information and preventing nodes from impersonation [7,14,22]. Encryption could protect routing messages from disclosure. Auditing combined with authen- tication could detect noncooperative behaviors from nodes, such as dropping packets [3,11]. Table 32.1 lists threats against routing and security controls to counter these attacks. Attacks to routing of an AHN could come from inside or outside, if we have a notion of a network boundary. To defend against outsiders, we could use distributed ﬁrewall and intrusion detection tools. Every node that comes into the transmission range of an AHN physically becomes a part of the AHN. Logically, however, the AHN may be only partially open or even closed to visitors. Furthermore, nodes that are a part of a network can have different classiﬁcation levels; accordingly, an AHN could have routes with different levels of sensitivity and security. A multilevel communication model could address this issue [22]. 32.5.2 End-to-End Routing Authentication Papadimitratos and Haas developed a routing protocol that provides end-to-end authentication based on shared secrets [14]. It assumes a security association (SA) between a source S and a destination D. An SA between two nodes establishes security parameters that they could use to achieve end-to-end © 2003 by CRC Press LLC
Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com TABLE 32.1 Threats, Attacks, Defense and Reaction in AHN Routing Threats Attacks Prevention Detection/Reaction Interception Sniff trafﬁc Use cryptography for Sniff trafﬁc pattern trafﬁc conﬁdentiality Probe network topology Interruption Jam communication channel Spread spectrum and Do not respond to routing frequency hopping Audit nodes and revoke requests membership of offending Drop packets nodes Overﬂow trafﬁc Modiﬁcation Change routing data Use MAC Fabrication Send wrong routing data as Use MAC another node Timestamp Use MAC for nonrepudiation Send wrong routing data as itself Replay old routing data from the network S F A B C D a shorter path to D E FIGURE 32.6 Fabrication results in denial-of-service attack. security [13]. In this protocol, routing reply (RREP) packets are MAC protected. Only those RREP packets from trusted nodes are accepted by source S. Message origin authentication of RREP is achieved through a shared secret between S and D, which is a part of their SA. Alternatively, if a node T, which S trusts, has a valid path to D, it can generate an RREP with a MAC using a shared secret between S and T (see Fig.32.7). All nodes in the network participate in the route discovery and can be a part of the ﬁnal route. However, there is no accountability of intermediate nodes. The next protocol addresses this issue. 32.5.3 Link-Based End-to-End Route Authentication Dahill and associates proposed a routing protocol that provides both end-to-end and link-by-link authen- tication [7]. A routing request (RREQ) packet is a message signed by the source S. Each intermediate node veriﬁes the integrity of the received RREQ, signs it, and passes it along. Routing reply (RREP) is a message signed by D. Each intermediate node processes RREP the same way it processes RREQ (see Fig. 32.8). Only RREP originated from D is accepted. Every node in the network contributes to routing security, as in neighborhood watch. Public-key infrastructure is needed for the deployment of this protocol. 32.5.4 Security Metrics for Routing Path Existing routing protocols use distance [15,16] as a metric in selecting optimal routing. Sueng proposed using a security metric that is based on the classiﬁcation level of nodes on the path from a source to a destination. Routing discovery packets are encrypted using a key of desired sensitivity level [22]. Only © 2003 by CRC Press LLC
Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com T S [RREP]MAC(SA2) A B C D [RREP]MAC(SA1) FIGURE 32.7 End-to-end security. SA1 is a security association between S and D. SA2 is a security association between S and T. S RREQ [RREP] A [RREQ] A [RREQ] B [RREQ] C A B C D [RREP] B [RREP] C RREP FIGURE 32.8 Link-based end-to-end authentication. RREQ and RREP are messages signed by their originators. those nodes that have access to classiﬁed routing information participate in the route discovery. Alter- natively, all the nodes on a path could attach their highest clearance level to RREP. The source can then select a path with a clearance level acceptable for the data to be transmitted. 32.5.5 Abnormal Flow Detection There have been several attempts to curb passive-aggressive behavior of nodes [3,11]. One approach models socialism, while another models capitalism. The main idea behind the socialist approach is to have every node be vigilant. Nodes watch their neighbors’ behavior. The group has an accepted norm. Any deviation from norm would trigger an alarm. When the warning signals exceed a predeﬁned capacity, the ill-behaved nodes are marked by their neighbors as outlaws to be avoided. The sentence could be decided by a single judge or a jury, depending on the severity of the suspect’s vicious behavior [23]. A capitalist approach uses a quota-reward system to induce good behavior of citizens [6]. Every node is initially assigned a certain amount of tokens. Tokens are currency. Routing is a commodity to be traded. Nodes provide services to other nodes to accumulate wealth. They can buy routing services later. Chatty nodes deplete their currency and slip into poverty. Cooperative nodes sleep with money under their pillows. 32.6 Key Distribution Distribution of keys is at the center of protocols that employ cryptography. Secret keys are shared by multiple entities. Public keys are a public knowledge. There are two ways to distribute secret keys: through a preestablished secure channel or an open channel [12]. Public keys are distributed through certiﬁcates. A certiﬁcate binds a public key with an entity. Certif- icates are certiﬁed, stored, and distributed by one or more trusted parties. In a centralized approach there is only one trusted third party, which is called Certiﬁcate Authority (CA). There are two approaches to decentralized public-key distribution [10]: 1. Through a decentralized key distribution center 2. Through individual nodes that comprise the network In this section, we describe two examples of decentralized public-key distribution and one example of a secret-key establishment. © 2003 by CRC Press LLC
Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com 32.6.1 Decentralized Key-Distribution Center Zhou and Haas proposed a decentralized Key Distribution Center (KDC) that splits responsibilities of key certiﬁcation and distribution among a group of servers [24]. Any subset of the group with a size greater than a threshold can issue a certiﬁcate. No other subset can issue certiﬁcates. The decentralized KDC is based on homomorphic secret-sharing schemes, which can be achieved through proactive thresh- old cryptography [12]. This scheme provides survivability to the service. The service tolerates failure and compromise of some servers as long as there are still no less than t nodes functioning. The scheme allows for changes in conﬁguration. Consequently, we can add nodes and remove failed or compromised nodes without interrupting the service. The scheme also allows for refreshing of pieces of the secret for each node; this increases the difﬁculty of compromising the service. A (n, t) threshold scheme shares a secret s among n entities by dividing it into n shares, with each entity holding one share. Any t (< n) entities can pool their shares to reproduce s. Any set of fewer entities cannot. We can refresh shares of each member and add or delete members if we use a special kind of threshold scheme [12,24]. Let us illustrate a (4, 3) secret-sharing scheme using a plane in three-dimensional space [12]. We use to represent a plane, where ax + by + cz = 1 The secret is the plane . For four nodes sharing , we select any four points p1, p2, p3, and p4 on the plane and securely distribute a different point to each different node. Any three of the group can poll their shares (points) together to ﬁnd the value of , as three points uniquely deﬁne a plane. Two members polling their shares together will not reveal the secret because a plane is undeﬁned with only two points [12]. In Zhou and Haas’s scheme for public key distribution, a KDC has a public key, KCA, and a private key, KCA–1. Each service provider (or server) has a share of KCA–1. Let us assume a threshold scheme (Fig. 32.9). Four nodes collectively act as certiﬁcate authority to certify and distribute public keys. Every server knows the public keys of all the servers and the service. Each server maintains a repository of public keys of all the nodes in the network. Alice retrieves Bob’s public key by contacting all servers (see Fig. 32.10). With its share of KCA–1, a server CAi generates a partial signature si to bind Bob’s name, his public key, and its validity period, BBob = . A combiner receives partial signatures from servers and generates Bob’s certiﬁcate, the binding BBob signed with CA’s private key KCA–1. The combiner is a trusted entity that stores neither keys nor certiﬁcates. Collectively, servers can refresh the shares of KCA–1 and change conﬁguration through secure channels among them (e.g., using public key cryptography). 32.6.2 Democratic Key Distribution In a democratic society, every citizen participates in the political process. Hubaux, Buttyan, and Capkun proposed a self-organized public-key infrastructure for AHN, in which every node participate in the key p1 p2 p4 p3 FIGURE 32.9 A threshold scheme: any three points deﬁne a plane. © 2003 by CRC Press LLC
Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com CA1 CA2 CA3 CA4 CA1 CA4 trusted combiner request for Bob’s certificate CA Alice FIGURE 32.10 Alice retrieves Bob’s certiﬁcate. distribution process [8]. Certiﬁcates are issued by individual nodes in the network. Nodes are assumed to be honest, that is, they do not issue fake certiﬁcates. Each node maintains its own repository of certiﬁcates, which are issued by itself and other nodes, hence avoiding a single points of failure. For Alice to have a secure communication with Bob, she determines Bob’s public key through a certiﬁcate chain that runs from her to Bob by combining their private repositories. Let us use Bob to represent a certiﬁcate for David issued by Bob. Assume in Alice’s repository there are three certiﬁcates: Alice, G, F In Bob’s repository there are three certiﬁcates: E, D , C There is a certiﬁcate chain from Alice to Bob as follows: Alice → G → F → E → D → C → B ob where Alice issued a certiﬁcate for G, G issued a certiﬁcate for F, … …, and C issued a certiﬁcate for Bob (see Fig. 32.11). With Alice, a certiﬁcate issued by her, Alice veriﬁes the certiﬁcate and learns KG, G’s public key. With KG, she veriﬁes G and learns KF , F’s public key. Eventually she learns KB, Bob’s public key, through C and KC, C’s public key. One difﬁculty in democratic key distribution is the complexity of trust. In centralized key distribution, we have a certain level of trust on certiﬁcates as we place our trust in the KDC. In a DKD, the trust we place on a certiﬁcate is a function of the trusts we place in each individual nodes along the chain that we use. Alice E F Bob G> E> Alice > F> D> D G E Alice’s Repository Bob’s Repository FIGURE 32.11 Finding a certiﬁcate chain from Alice to Bob by combing their repositories. © 2003 by CRC Press LLC
Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com 32.6.3 Conference Key Establishment In some situations, there is neither a central certiﬁcate authority that everyone trusts, nor is there a certiﬁcate chain running from one node to another. A group of conference participants gathering in a meeting room is one such example [1,15]. A shared secret key among them is needed to protect their wireless communication. Asokan and Ginzboorg proposed a password-based authenticated-key exchange protocol that establishes a strong shared secret for conference participants, hence achieving strong secrecy for their communication for that particular session [1]. We now illustrate the protocol for four partici- pants: Alice, Bob, Catherine, and David. They ﬁrst agree on three values: a password P, a prime q, and a number g (which is a generator of the multiplicative group Zq*), and a public function H. Password P is their shared secret, while q and g can be public information. Each of them then selects two random secrets: Sa and Ra for Alice, Sb and Rb for Bob, Sc and Rc for Catherine, and Sd and Rd for David. They then communicate over a public channel as follows (see Fig. 32.12). Let GABC denote Alice, Bob, and Catherine. 1. (1.1): Alice → Bob: gSa (1.2): Bob → Catherine: gSaSb 2. Catherine → {Alice, Bob, David}: π = gSaSbSc 3. Each member of the group GABC carries out this step: calculates ci and then sends it securely to David. For instance, Alice calculates cA and sends it to David. (3.A): Alice → David: EP[cA = π(Ra/Sa)] 4. David sends a different message to each member of GABC. Again, we use Alice as an example. (4.A): David → Alice: cASd Everyone then calculates K = gSaSbScSd, which is their shared secret. 5. One of GABC, say, Bob, carries out the last step. Bob → {Alice, Catherine, David}: Bob, EK[Bob, H(Alice, Bob, Catherine, David)] This way they can verify that they arrived at the same secret. 32.7 Future Directions Though ad hoc mobile network security only recently started to gain attention, experiences from securing other types of systems shed light on the issues presented here. Notably among them are network security and secure group communication in mobile computation. FIGURE 32.12 Conference key establishment with four participants. © 2003 by CRC Press LLC
Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com In network security, cryptographic protocols protect private communication over a public network [10]. Standard cryptographic techniques are encryption, digital signature, message authentication code, and distribution of secret keys and public-key certiﬁcates [12]. Firewalls set up boundaries between external and internal networks. Intrusion detection techniques monitor internal networks for suspicious activities. Distributed ﬁrewalls maintain the increasingly blurred network boundaries as employees take work home and corporate visitors carry their laptops with them [2,9]. In an ad hoc mobile network, the physical boundary between internal and external network is non- existent. This feature is desirable for some applications; for other applications, a strict logical boundary is required and should not be crossed. Still other applications prefer to have some control over their boundaries while still permitting visitors from outside and travelers aboard [7]. The major concern in open networks is the availability of network services where nodes move around. Traditionally centralized services such as naming and key distribution are adapted to mobile networks through decentralization, such as the emulated KDC proposed by Zhou and Haas [24] and the distributed service proposed by Hubaux, Buttyan, and Capkun [8]. Traditionally distributed services such as routing and packet forwarding are now a collective effort of the whole community [16]. Nodes that need reliable services act with extra vigilance to monitor their fellow citizens. These nodes either avoid needing their troublesome neighbors or stop trading with them [11,23]. Current work in securing routing is in its infancy. Solutions addressing subsets of threats are emerging. More elaborated solutions that address speciﬁc applications will surge as the needs of applications become known. In the real world, we have public groups formed by concerned citizens acting as watchdogs to monitor some well-known service providers (such as government agencies). We have neighborhood watch groups to monitor suspicious activities in a neighborhood. We also have groups who monitor their own behavior. Group-speciﬁc characteristics are critical in deciding the level of vigilance needed and the actions per- formed, as well as what is considered abnormal behavior. For applications with a strict logical boundary requirement, key management is a major concern. Key management issues in AHN security are similar to those in secure group communication. Solutions in secure-group key management and secure multicast can be borrowed and adapted to AHNs. One major research area is the interaction of mobility and secure multicasting. Open network communication concerns itself with a physical group while a logic group layer is added for closed and managed networks. A managed network is then a multilevel group in which trust building plays an eminent role. Clearly speciﬁed security policies are essential for both managed and closed networks. In AHNs, policies are embedded in and enforced by individual nodes. They are much more dynamic than in wired networks, and trust is much more ﬂuid. When we move beyond applications born out of a research lab to real world, a user-friendly, precise, and concise language is a major challenge to describing trust and policies and a management framework for their evolution. References [1] N. Asokan and P. Ginzboorg, Key-Agreement in Ad-hoc Networks, Proceedings of the Fourth Nordic Workshop on Secure IT Systems (Nordsec ’99), 1999. [2] S.M. Bellovin, Distributed Firewalls, ;login:, Nov. 1999, pp. 39–47. [3] S. Bhargava and D.P. Agrawal, Security Enhancements in AODV Protocol for Wireless Ad Hoc Networks, Vehicular Technology Conference, 2001, 2001, vol. 4, pp. 2143–2147. [4] L. Blazevic, L. Buttyan, S. Capkun, S. Giordano, J.-P. Hubaux, and J.-Y. Le Boudec, Self-Organi- zation in Mobile Ad-Hoc Networks: the Approach of Terminodes, IEEE Communications Magazine, June 2001. [5] E. Brickell, J. Feigenbaum, and D. Maher, DIMACS Workshop on Trust Management in Networks, South Plainﬁeld, NJ, Sep. 1996. [6] L. Buttyan and J.-P. Hubaux, Enforcing Service Availability in Mobile Ad-Hoc WANs, Proceedings of the First IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHoc), Boston, MA, Aug. 2000. © 2003 by CRC Press LLC
Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com [7] B. Dahill, B.N. Levine, E. Royer, and C. Shields, A Secure Routing Protocol for Ad Hoc Networks, Technical Report UM-CS-2001–037, University of Massachusetts, Amherst, Aug. 2001. [8] J.-P. Hubaux, L. Buttyan, and S. Capkun, The Quest for Security in Mobile Ad Hoc Networks, Proceedings of the ACM Symposium on Mobile Ad Hoc Networking & Computing (MobiHoc 2001), Long Beach, CA, Oct. 2001. [9] S. Ioannidis, A.D. Keromytis, S.M. Bellovin, and J.M. Smith, Implementing a Distributed Firewall, Proceedings of Computer and Communications Security (CCS) 2000, Nov. 2000. [10] C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in a Public World, Prentice Hall, Englewood Cliffs, NJ, 1995. [11] S. Marti, T.J. Giuli, K. Lai, and M. Baker, Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Proceedings of the Sixth Annual ACM/IEEE International Conference on Mobile Computing and Networking, Boston, MA, 2000, pp. 255–265. [12] A.J. Menzes, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, 1997. [13] R. Oppliger, Internet and Intranet Security, Artech House Publishers, Norwood, MA, 1998. [14] P. Papadimitratos and Z.J. Haas, Secure Routing for Mobile Ad Hoc Networks, SCS Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002), San Antonio, TX, Jan. 27–31, 2002. [15] C. Perkins, Ed., Ad Hoc Networking, Addison-Wesley Publishers, Reading, MA, 2000. [16] E.M. Royer and C.-K. Toh, A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks, IEEE Personal Communications Magazine, Apr. 1999, pp. 46–55. [17] B. Schnerer, Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, Inc, New York, 2000. [18] F. Stajano and R. Anderson, The Resurrecting Duckling: Security Issues for Ad-Hoc Wireless Networks, Seventh International Workshop on Security Protocols, 1999. [19] W. Stallings, Cryptography and Network Security, 2nd Ed., Prentice Hall, Englewood Cliffs, NJ, 1999. [20] R.C. Summers, Secure Computing: Threats and Safeguards, McGraw-Hill, New York, 1996. [21] F. Wang, B. Vetter, and S. Wu, Secure Routing Protocols: Theory and Practice, North Carolina State University, Raleigh, May 1997. [22] S. Yi, P. Naldurg, and R. Kravets, Security-Aware Ad Hoc Routing for Wireless Networks, Technical Report UIUCDCS-R-2001–2241, Aug. 2001. [23] Y. Zhang and W. Lee, Intrusion Detection in Wireless Ad-Hoc Networks, Proceedings of the Sixth Annual International Conference on Mobile Computing and Networking (MobiCom ’2000), Boston, MA, Aug. 6–11, 2000. [24] L. Zhou and Z.J. Haas, Securing Ad Hoc Networks, IEEE Network Magazine, Nov./Dec. 1999. © 2003 by CRC Press LLC