Trust-Aware Anonymous and Efficient Routing for

Mobile Ad-Hoc Networks

Min-Hua Shao and Shin-Jia Huang

Department of Management Information Systems, National Pingtung University of Science &

Technology, 1 Hseuh Fu Road, Nei Pu, Pingtung, Taiwan 91201

Abstract. Anonymous routing is a value-added technique used in mobile ad

hoc networks for the purposes of security and privacy concerns. It has inspired

lot of research interest, but very few measures exist to trust-integrated coopera-

tion for reliable routing. This paper proposes an optimistic routing protocol for

the betterment of collaborative trust-based anonymous routing in MANET. The

key features of our scheme are including of accomplishment of anonymity-

related goals, trust-aware anonymous routing, effective pseudonym manage-

ment and lightweight overhead in computation, communication and storage.

1 Introduction

Routing security is a paramount concern in MANET and solutions to the routing

security have been addressed. In which, anonymous routing is used for the purpose of

security and privacy concerns. Anonymity protection in MANET is one of the coun-

termeasures against the mounting intrusions and attacks, such as traffic analysis,

spoofing, and denial of service attacks. As discussed in [5,6,7], the following set of

anonymity properties investigated into the requirements for MANET are incorporated

and extended: (1) Identity privacy: No one but the communicating parties can know

themselves (the identities of the source and the destination); and further, a node for-

warding packets cannot be identified by its neighbors. The former is also named as

source anonymity and the latter is called as sender and recipient anonymity. (2)

Route/path anonymity: Anyone, either en route or out of the route, cannot infer the

identities of intermediaries on a path. (3) Topology/location privacy: No one can

deduce the arrangement or mapping of the elements (links, nodes, distance, etc.) of a

network, from routing information in the packets.

In academic literature, there is often the use of onion routing approach to achieve

anonymity goals. ANODR proposed by Kong and Hong [2] is one of the leading

proposals to tackle route anonymity and location privacy. The design of ANODR is

based on broadcast with trapdoor information. Zhu et al. [7] indicated that their work

has more or less weakness and/or security flaws with result that they cannot provide

the features and security as claimed. Due to the betterment of privacy and anonymity

protection, a solution on anonymity, especially identity anonymity and strong location

privacy, is given in Zhu et al.’s work. More recent studies have focus on efficient

anonymous routing schemes in MANET. AnonDSR [4], ARM [3] and Discount-

Shao M. and Huang S. (2008).

Trust-Aware Anonymous and Efﬁcient Routing for Mobile Ad-Hoc Networks.

In Proceedings of the 6th International Workshop on Security in Information Systems, pages 132-137

DOI: 10.5220/0001731201320137

 SciTePress

ANODR [6] are examples. Previous research efforts yielded elegant but typically

inefficient solutions to the purpose of trust-aware anonymity. Each mobile node can

conduct an anonymous communication with each other in concert with trustworthy

intermediaries. In this paper, we propose a trust-based anonymous routing scheme for

MANET. In which, the communicating parties can select the most reliable route

based on trust management system and feedback the connection experience to the

system. The security works about these are essentially different approaches to achieve

the same purpose. Besides, an efficient routing protocol that has both strong security

and high network performance is considered.

2 Notation

The model and all cryptographic symbols for operations are summarized below. (1) S,

D, N

: S is the source node, D is the destination node, and N

is the intermediate nodes.

(2) ID

: The real identity of node x. (3) F

: The flag is used to indicate the type of a

packet, including of F

RREQ

, F

RREP

, and F

DATA

. (4) Seq: In addition to replay attacks, it

can uniquely identify the particular message when taken in conjunction with the pre-

ceding node’s one-time pseudonym. (5)

qr , : Random numbers generated by node i

are used for the generation of one-time pseudonym. (6)

)(

⋅

K : A symmetric encryp-

tion function with the shared secret key K

between S and D. (7) ),( skpk : A one-

time public-private key pair is used for the purpose of anonymity. (8)

}{⋅pk : An

asymmetric encryption function using the public key

pk . (9) )(

⋅

: A collision

resistant one-way hash function

)(

⋅

H and its result h

is computed by node x.

(10)

)(⋅=

: Keyed hash function using the secret key K

3 The Proposed Scheme

We assume that a shared secret key K

existed in between S and D. Node S needs to

maintain a list of pairs

),(

sii

KID for correspondent nodes. The permanent identity of

every node in the network is known by communicating nodes. The proposed protocol

consists of the anonymous route discovery and the data transmission.

3.1 Trust-aware Anonymous Route Discovery Protocol

The anonymous route discovery process is initiated whenever source node S needs to

communicate with destination node D in secret. In which, the reverse path formation

is along with broadcasting a route request (RREQ) packet from S to neighbors, as

well as the forward path setup will accompany the transmission of the eventual route

reply (RREP) packet from D to neighbors. Specifically, every node is in possession of

three identities for one link, including the real identity and two pseudonyms used in

the reverse path and in the forward path respectively.

133

A. RREQ Phase

Step 1.

〉〈→

sssSDKRREQ

hIDpkskseqrKpkhSeqFS

},{),,,(,,,,:*

S generates the masked identity of D by computing

)(

DKK

IDHh

SDSD

of D’s real

identity with K

. Then, S randomly selects one-time key pair ),( skpk for the estab-

lishment of a protected path onion

}{

IDpk . Random number

r is created for the

purpose of pseudonym and also works as a message ID for the validation of the reply

RREP later. Accordingly,

r must be unique until the termination of its corresponding

RREQ. Due to anonymity, S produces its pseudonym

),(

sss

rIDHh

and then S com-

putes

),,( skseqrK

sSD

that is intended for D, maintains the associated data in the route

table, and broadcasts the RREQ packet to its own neighbors.

Step 2.

〉〈→

xxxssSDKRREQx

hrIDIDpkpkskseqrKpkhSeqFN

},,}{{),,,(,,,,:*

〉〈→

++++++

++++

nxnxnxxxxxssSDKRREQnx

xxxxxssSDKRREQx

hrIDrIDrIDIDpkpkpkpkskseqrKpkhSeqFN

hrIDrIDIDpkpkpkskseqrKpkhSeqFN

},,}...},},}{{{{...{),,,(,,,,:*

},,},}({{),,,(,,,,:*

1111

Upon receiving the packet, node

N firstly checks whether it is the concerned node.

It calculates )(

xKK

IDHh

ixix

= for each correspondent node i in the list of

pairs

),(

ixi

KID . Here, we assume that

N is one of intermediate nodes. When the

verification doesn’t hold, it uses the pair

),(

1−+nx

hseq as a key to search its route table.

If a match is found,

N drops the redundant RREQ and does not rebroadcast it. Other-

wise,

ID and

r randomly generated are appended to the cryptographic on-

ion

},}{{

xxs

rIDIDpkpk

by using

N computes its pseudonym

),,(

xxsx

rIDhHh = and replaces

h with

h as a forwarder. Lastly,

N keeps the rout-

ing information in the table and rebroadcasts the RREQ. The variation of the RREQ

packet among intermediate nodes is depicted in the step 2.

Step 3. D receives the RREQ packet.

The check of the destination is similar to the beginning of step 2. Suppose that D

can find

SDiDiD

KDKK

hIDHh =

)( from the list of pairs ),(

iDi

KID and use the key

K to

decrypt the ciphertext

),,( skseqrK

sSD

. A protected path },...,,,{

1 nxxxs

IDIDIDID

restored by peeling the onion off gradually with

sk . D uses the chain of (

ID ,

r ) for

all nodes en route to verify the authenticity of the pseudonym

by computing

),)...),,),,),,((((...(

11 nxnxxxxxss

rIDrIDrIDrIDHHHH

++++

, and rejects the packet if the

verification is failed. This is used to ensure that the anonymous link on the reverse

path corresponds to the real link received. D maintains the route table. It is clear that

there may be more than one path received, if D has already received a RREQ with the

same pair

),(

hseq

. After the reasonable waiting time is ended, D may select the

most trustable path or the shortest path from the table and make ready for the RREP.

134

B. RREP Phase

Step 1.

(

)

><→

+ DiiDSDnxRREP

hSeqIDchainrchainqKhSeqFD ,),(),(,,,,:*

Due to privacy concerns, the destination node D randomly generates a number q

and produces its pseudonym

),(

DDD

qIDHh

used in the forward path for the RREP.

The path information and other items

),,( seqqr

are encrypted by the shared

key

K . The value },..,,,{)(

1 nxxxsi

rrrrrchain

= is the set of random number

r gener-

ated by all involved nodes, that is,

},,..,,,{)(

1 Dnxxxsi

IDIDIDIDIDIDchain

. D,

then, unicasts the RREP to its specific neighbor

, that is, the next node of D in the

reverse path.

Step 2.

(

)

〉〈→

+−++ nxiiDSDnxRREPnx

hSeqIDchainrchainqKhSeqFN ,),(),(,,,,:*

(

)

()

〉〈→

xiiDSDsRREPx

xiiDSDxRREPx

hSeqIDchainrchainqKhSeqFN

,),(),(,,,,:*

The receiving node

firstly compares

with its identity for each pseudonym

in the route table and discards the packet if no match is found. Otherwise, if the pseu-

donym of next node in the reverse path is not filled with “null” in the matched entry,

node

retrieves

used in the RREQ from the route table and generates a new

pseudonym

by computing ),,(

nxnxDnx

rIDhHh

+++

= in order to keep anonymity on

the forward path. The next node of

in the forward path is

h . Afterwards, node

replaces

h with

and unicasts the RREP back to

1−+nx

h . The treatment of the

RREP among intermediate nodes is listed above.

Step 3. S receives the packet.

Assume that node S has the same pseudonym

h appeared in the route table and the

pseudonym of next node in the reverse path is filled with “null” in the matched entry.

The RREP travels back to the source. S retrieves the shared secret key

K to obtain

the list of real identities on the path. In order to assure the validity of the forward path,

S compares the received item

h with the new one from the computation

),),,),...),,),,(((...((

11 xxxxnxnxDD

rIDrIDrIDqIDHHHH

++++

, and aborts if the verifica-

tion doesn’t hold. Otherwise,

is assigned to the pseudonym of next node in forward

path for the relevant entry of route table. Because of the end of the forward path, the

value of its pseudonym used in forward path is assigned with “null”. To this end, an

anonymous bi-direction link is built and trusted by the communicating parties.

3.2 Trust-aware Anonymous Data Transmission Protocol

After an anonymous route is establishment, the DATA transmission protocol will be

launched. Its format is as follows,

(

)

〉

〈

NextHopSDDATA

IDAnonSeqDATAKSeqF .,,,, . The

purpose and process of most fields in the DATA are similar to the RREQ and the

RREP. Specifically, the treatment of

NextHop

IDAnon.

is the key to fulfill data forward-

135

ing. Note that the distinction of data forwarding in the bi-direction link is marked “a”

for the forward path and “b” for the reverse path.

Step 1a.

()

〉〈→

xSDDATA

hSeqDATAKSeqFS ,,,,*

Step 1b.

(

)

〉

〈

→

+nxSDDATA

hSeqDATAKSeqFD ,,,,*

Step 2a.

(

)

〉〈→

,,,,:*

xSDDATAx

hSeqDATAKSeqFN

()

〉〈→

−++

DSDDATAnx

nxSDDATAx

hSeqDATAKSeqFN

,,,,:*

Step 2b.

(

)

〉

〈

→

−++ 1

,,,,:*

nxSDDATAnx

hSeqDATAKSeqFN

(

)

()

〉〈→

sSDDATAnx

xSDDATAx

hSeqDATAKSeqFN

,,,,:*

Step 3a. D receives the packet. Step 3b. S receives the packet.

4 Discussions

We firstly show how realization of privacy concerns is achieved in the proposed

scheme. Then, some features related to practicability and effectiveness are discussed.

Anonymous Analysis. The real identities of S and D are kept secret by the hash

operation

),(

sss

rIDHh

and ),(

DDD

qIDHh

. Similarly, the intermediaries en route

generate the one-time pseudonyms by using the same way to conceal their identities

from all nodes, except the communicating parties. This is for the purpose of trust-

aware routing. Every intermediary is in possession of two pseudonyms

h and

h on

the bi-direction link. A node receiving, sending, or forwarding packets cannot be

identified by its neighbors or inferred the identities of other nodes, either en route or

out of the route. No routing information about the exact location, the distance and the

true routing path of S and D is appeared in or deduced from the packets.

Trust-aware Anonymous Routing. An anonymous routing based on collabora-

tive effort of trust management systems is considered. In our scheme, D can know the

identities

},,..,,,{)(

1 Dnxxxsi

IDIDIDIDIDIDchain

= of the intermediaries en route

for all RREQ packets received. D can select the most reliable route from them ac-

cording to trust value and S may also abort the route if any untrusted node is involved.

S and D can feedback the communicating experience to trust systems.

Pseudonym Management. Our method of lowering the computational overhead

and identifier management is one-time identifier that mades up from

),)..),,((..(

iissi

rIDrIDHHh = and ),)..),,((..(

iiDDi

rIDqIDHHh = . They are generated as

receiving the RREQ and the RREP, rather than pre-establishment. It is effective to

achieve unlinkability and practicable to work in MANET with constrained capability.

Lightweight Overhead. The detection of the final destination is the key effect on

performance. In our scheme, a keyed-Hash Message Authentication Code

)(

DKK

IDHh

SDSD

is used in the RREQ in order to check whether D is reached. HAMC

should execute in approximately the same time as the embedded hash function. It’s

time complexity of matching computations is acceptable in MANET. The burden of

decryption operations has been only put on the communicating parties rather than on

nodes en route. The treatment is reasonable because they are willing to take on heavy

loading. In addition, terminating condition is required for reducing communication

136

overhead. The pair ),(

1−+nx

hseq uniquely identifies a RREQ, and the combinations of

related pseudonyms can determine the end of the RREP and the DATA.

5 Conclusions

Within the wireless networks an anonymous routing protocol toward security and

privacy concerns is very promising. This is a supplement to current MANET systems

and applications, which are much more vulnerable to malicious exploits than conven-

tional wired and the fixed backbone wireless networks. In this paper, we have shown

efficient solutions to trust-aware anonymity for the route discovery and hence for

subsequent data forwarding using the route. Considering many of early studies re-

move important performance optimizations, the proposed scheme can provide a better

tradeoff between security and performance.

Acknowledgements

This research was funded by the National Science Council of Taiwan under the con-

tract of NSC 96-2416-H-020-002-MY2.

References

1. Hegland, A.M., Winjum, E., Mjolsnes, S.F., Rong, C., Kure, O., Spilling, P.: A survey of

key management in ad hoc networks. IEEE Communications Surveys & Tutorials, Vol. 8,

No. 3. (3rd Quarter 2006) 48 - 66

Kong, J., Hong, X.: ANODR: anonymous on demand routing with untraceable routes for

mobile ad-hoc networks. Proceedings of the 4th ACM international symposium on Mobile

ad hoc networking & computing. (June 2003) 291 - 302

Seys, S., Preneel, B.: ARM: Anonymous Routing Protocol for Mobile Ad hoc Networks.

20th International Conference on Advanced Information Networking and Applications, Vol.

2. (18-20 Apr. 2006) 133 - 137

Song, R., Korba, L., Yee, G.: AnonDSR: efficient anonymous dynamic source routing for

mobile ad-hoc networks. SASN '05: Proceedings of the 3rd ACM workshop on Security of

ad hoc and sensor networks. (Nov. 2005) 33 – 42.

Sy, D., Chen, R., Bao, L.: ODAR: On-demand anonymous routing in ad hoc networks.

IEEE International Conference on Mobile Adhoc and Sensor Systems (MASS). (Oct. 2006)

267 - 276

Yang, L., Jakobsson, M., Wetzel, S.: Discount anonymous on demand routing for mobile

ad hoc networks. Securecomm and Workshops. (2006) 1 – 10

Zhu, B., Wan, Z., Kankanhalli, M.S., Bao, F., Deng, R.H.: Anonymous secure routing in

mobile ad-hoc networks. 29th Annual IEEE International Conference on Local Computer

Networks. (16-18 Nov. 2004) 102 - 108

137