Report on a Working Session on Security in WirelessAd Hoc NetworksLevente Butty´an Jean-Pierre [email protected] [email protected] for Computer Communications and ApplicationsSwiss Federal Institute of Technology – Lausanne (EPFL), SwitzerlandOn June 12, 2002, we organized a working session de-voted to the topic of security in wireless ad hoc networks.This event took place on our campus the day after MobiHoc2002 and attracted around twenty persons in an informalsetting.Securing wireless ad hoc networks is particularly diffi-cult for many reasons including the following:• Vulnerability of channels. As in any wireless network,messages can be eavesdropped and fake messages canbe injected into the network without the difficulty ofhaving physical access to network components.• Vulnerability of nodes. Since the network nodes usu-ally do not reside in physically protected places, suchas locked rooms, they can more easily be captured andfall under the control of an attacker.• Absence of infrastructure. Ad hoc networks are sup-posed to operate independently of any fixed infrastruc-ture. This makes the classical security solutions basedon certification authorities and on-line servers inappli-cable.• Dynamically changing topology. In mobile ad hocnetworks, the permanent changes of topology requiresophisticated routing protocols, the security of whichis an additional challenge. A particular difficulty isthat incorrect routing information can be generated bycompromised nodes or as a result of some topologychanges, and it is hard to distinguish between the twocases.Clearly the problem is so broad that there is no way todevise a general solution. It is also clear that different ap-plications will have different security requirements. Thecomplexity and diversity of the field has led to a multitudeof proposals, which focus on different parts of the problemdomain. The presentations of the working session reflectedthis complexity and diversity.The working session was started with a brief overviewgiven by J.-P. Hubaux on the different aspects of securityin wireless ad hoc networks. The remaining presentationswere organized into the following four sessions:• Trust and key management. Many security objectivescan be achieved by using cryptographic mechanisms.Cryptographic mechanisms, in turn, rely on the propermanagement of cryptographic keys. The presentationsby L. Zhou, S. Lu, and S.ˇCapkun were strongly re-lated to this problem, and in particular, to certificatebased public-key distribution in mobile ad hoc net-works. The talk given by G. Tsudik addressed thebroader issue of membership management in dynamicpeer groups, and went beyond the problems of groupkey management.• Secure routing and intrusion detection. Existing adhoc routing protocols, such as DSR and AODV, arevulnerable to many kinds of attacks. It is fairly easy toinject fake routing messages or modify legitimate onessuch that the operation of the network would be heav-ily disturbed (e.g., by creating loops or disconnectingthe network). The talks given by Z. Haas, A. Perrig,Y.-C. Hu, and E. Belding-Royer addressed this prob-lem by proposing secure ad hoc routing protocols thatare resistant to various kinds of attacks. In his pre-sentation, C. Castelluccia suggested the use of cryptobased identifiers for securing ad hoc routing protocols.Finally, the talk by Y. Zhang focused on the problemof intrusion detection in ad hoc networks.• Availability. This session was concerned with theproblem of service unavailability due to either inten-tional denial of service attacks or selfishness of thenodes. Selfishness is a new problem that arises specif-ically in the context of ad hoc networks where thenodes belong to multiple administrative domains. Inthese networks, nodes may tend to deny providing ser-vices for the benefit of other nodes in order to savetheir own resources (e.g., battery power). The presen-tation by N. Vaidya discussed the problem of greedi-ness (a form of selfishness) at the MAC layer, whileR. Molva, S. Buchegger, and L. Butty´an addressedselfishness in the context of packet forwarding.• Cryptographic protocols. Traditional solutions forkey management can be unsuitable for ad hoc net-works; likewise, existing solutions for other, higherlevel security services, may also have to be reconsid-ered. An example is fair exchange, which is knownto be impossible without a trusted third party, hence,its implementation can be problematic in an infras-tructureless ad hoc network. The presentations byS. Vaudenay and L. Butty´an addressed this problemby proposing concepts that provide weaker guaranteesthan true fairness but can be implemented in ad hocnetworks.What follows is a set of extended abstracts of the pre-sentations. The abstracts have been written by the par-ticipants themselves; we only collected them together anddid some editorial work. We would like to thank all ofthe participants for their contribution. We are also gratefulMobile Computing and Communications Review, Volume 6, Number 4 1to the Swiss National Competence Center in Research onMobile Information and Communication Systems (NCCR-MICS)1, also known as the Terminodes Project2, for spon-soring the working session. Finally, many thanks to ClaudeCastelluccia who suggested to publish this report in MC2R.Trust and key managementDistributed Trust in Ad Hoc Networks, Lidong Zhou(Microsoft Research, Mountain View CA)We propose a security paradigm centering around the no-tion of distributed trust for ad hoc networks. Distributedtrust enhances security by composing otherwise untrust-worthy individual entities into a trustworthy aggregation,one that remains available and correct even if some of itsentities fail or become compromised. The challenge ofconstructing such a trustworthy aggregation lies not onlyin how to create and configure the aggregation, but alsoin how the aggregation maintains its security by adaptingto changes in the network topology and the environment,as well as to compromises of the individual entities. Wedemonstrate how we apply distributed trust to building se-cure services and to secure routing.Distributed Secure Services: For a security-sensitive ser-vice, such as a certification authority, distributed trust ad-vocates providing the service through a set of nodes asservers, so that the service remains available and correcteven if a small number of servers become compromised.Fault tolerance mechanisms, such