Author_Institution :
Dept. of Comput. Sci., California Univ., Irvine, CA, USA
Abstract :
We present two new approaches to improving the integrity of network broadcasts and multicasts with low storage and computation overhead. The first approach is a leapfrog linking protocol for securing the integrity of packets as they traverse a network during a broadcast, such as in the setup phase for link-state routing. This technique allows each router to gain confidence about the integrity of a packet before passing it on to the next router; hence, allows many integrity violations to be stopped immediately in their tracks. The second approach is a novel key predistribution scheme that we use in conjunction with a small number of hashed message authentication codes (HMAC), which allows end-to-end integrity checking as well as improved hop-by-hop integrity checking. Our schemes are suited to environments, such as in ad hoc and overlay networks, where routers can share only a small number of symmetric keys. Moreover, our protocols do not use encryption (which, of course, can be added as an optional security enhancement). Instead, security is based strictly on the use of one-way hash functions; hence, our algorithms are considerably faster than those based on traditional public-key signature schemes. This improvement in speed comes with only modest reductions in the security for broadcasting, as our schemes can tolerate small numbers of malicious routers, provided they do not form significant cooperating coalitions.
Keywords :
ad hoc networks; data integrity; file organisation; message authentication; routing protocols; HMAC; ad hoc networks; cooperating coalitions; diverse key distributions; end-to-end integrity checking; hashed message authentication codes; hop-by-hop integrity checking; integrity violations; key predistribution scheme; leap-frog packet linking; leapfrog linking protocol; link-state routing setup; malicious routers; multicasts; network broadcasts; one-way hash functions; overlay networks; packet integrity; symmetric keys; Ad hoc networks; Broadcasting; Computer networks; Computer science; Cryptography; Intelligent networks; Joining processes; Message authentication; Public key; Routing protocols;