Secure end-to-end communication in mobile ad hoc networks
First Claim
1. A method for secure discovery of a communication transmission route between nodes in a multiple node ad hoc network, said network including a source node, a destination node and one or more intermediate nodes, said method comprising the steps of:
- providing a secret encryption key only to said source and said destination nodes in said network;
generating a route discovery request at said source node, said request including a source node identifier, a destination node identifier, a sequence number identifier for said request and a first message authentication code that is generated by applying a predetermined mathematical formula using said source node identifier, destination node identifier, sequence number identifier and said secret key as arguments;
broadcasting said route discovery request from said source node to any of said intermediate nodes in said ad hoc network that are in range to receive said broadcast;
for each of said intermediate nodes that receives said request, relaying said request to additional ones of said nodes in said network;
upon said request being received by said destination node, verifying the authenticity of said route request using said secret key and said message authentication code;
if the authenticity of said route request is verified by said destination node, generating a reply to said route discovery request, said reply including a source node identifier, a destination node identifier, a sequence number identifier for said reply and a second message authentication code that is generated by said destination node by applying said predetermined mathematical formula using said source node identifier, destination node identifier, sequence number identifier and said secret key as arguments;
transmitting said reply from said destination node to said source node using the same route used for transmitting said route discovery request from said source node to said destination node; and
upon receipt of said reply by said source node, verifying the authenticity of said reply using said secret key and said second message authentication code, said authenticity also inherently verifying both that the reply was generated by said destination node and was transmitted over a discovered route from said source node to said destination node, whereby, said source node can use said reply information to send messages to said destination node over said discovered route.
3 Assignments
0 Petitions
Accused Products
Abstract
A secure routing protocol for an ad hoc network requires only that the communicating end nodes have a security association. The protocol combines a secure route discovery protocol and a secure message transmission (SMT) protocol to provide comprehensive security. The secure routing protocol provides connectivity information through the discovery of one or more routes in the presence of adversaries that actively disrupt the routing operation. A route discovery request is sent from a source node to a destination node, which responds by sending a reply over the same route taken by the request. The source and destination nodes use a shared secret key to verify the authenticity of the request, reply and determined route. Using a discovered plurality of routes, The SMT protocol separates messages to be transmitted into multiple segments and routes the segments across the set of routes simultaneously. The destination node sends feedback to the source which identities which segments were received. The source uses this information to resend segments that were not received and identify failed routes. If not sufficiently many or no routes at all are available, a new route discovery is initiated.
321 Citations
1 Claim
-
1. A method for secure discovery of a communication transmission route between nodes in a multiple node ad hoc network, said network including a source node, a destination node and one or more intermediate nodes, said method comprising the steps of:
-
providing a secret encryption key only to said source and said destination nodes in said network;
generating a route discovery request at said source node, said request including a source node identifier, a destination node identifier, a sequence number identifier for said request and a first message authentication code that is generated by applying a predetermined mathematical formula using said source node identifier, destination node identifier, sequence number identifier and said secret key as arguments;
broadcasting said route discovery request from said source node to any of said intermediate nodes in said ad hoc network that are in range to receive said broadcast;
for each of said intermediate nodes that receives said request, relaying said request to additional ones of said nodes in said network;
upon said request being received by said destination node, verifying the authenticity of said route request using said secret key and said message authentication code;
if the authenticity of said route request is verified by said destination node, generating a reply to said route discovery request, said reply including a source node identifier, a destination node identifier, a sequence number identifier for said reply and a second message authentication code that is generated by said destination node by applying said predetermined mathematical formula using said source node identifier, destination node identifier, sequence number identifier and said secret key as arguments;
transmitting said reply from said destination node to said source node using the same route used for transmitting said route discovery request from said source node to said destination node; and
upon receipt of said reply by said source node, verifying the authenticity of said reply using said secret key and said second message authentication code, said authenticity also inherently verifying both that the reply was generated by said destination node and was transmitted over a discovered route from said source node to said destination node, whereby, said source node can use said reply information to send messages to said destination node over said discovered route.
-
Specification
-
- Resources
-
Current AssigneeCornell Research Foundation Incorporated (Cornell University)
-
Original AssigneeCornell Research Foundation Incorporated (Cornell University)
-
InventorsPapadimitratos, Panagiotis, Haas, Zygmunt J.
-
Application NumberUS10/349,181Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/168CPC Class CodesH04L 45/26 Route discovery packetH04L 63/12 Applying verification of th...H04W 12/102 Route integrity, e.g. using...H04W 12/106 Packet or message integrityH04W 40/02 Communication route or path...H04W 40/246 Connectivity information di...H04W 84/18 Self-organising networks, e...
