An active attacker can attempt to degrade the performance of DSR or other on-demand routing protocols by repeatedly initiating Route Discovery. In this attack, an attacker sends ROUTE REQUEST packets, which the routing protocol floods throughout the network. In basic Ariadne (Sections 6.3 and 6.4), a ROUTE REQUEST is not authenticated until it reaches its target, thus allowing an Active-1-1attacker to cause such network-wide floods. (An Active-0-1can be thwarted by using a network-wide authentication key, as described in Section 7.2.) To protect Ariadne from a flood of ROUTE REQUEST packets, we need a mechanism that enables nodes to instantly authenticate ROUTE REQUESTs, so nodes can filter out forged or excessive REQUEST packets. We introduce Route Discovery chains, a mechanism for authenticating Route Discoveries, allowing each node to rate-limit Discoveries initiated by any node. Route Discovery chains are one-way chains generated, as in TESLA (Section 3), by choosing a random KN, and repeatedly computing a one-way hash function H to give Ki = HN-i[KN]. These chains can be used in one of two ways. One approach is to release one key for each Route Discovery. Each ROUTE REQUEST from that Discovery would carry a key from this Route Discovery chain, and duplicates could be suppressed using this value. Because of the flooding nature of Route Discovery, a node that is not partitioned from the network will generally hear each chain element that is used, preventing an attacker from reusing that value in the future. An alternative approach, similar to TESLA, is to dictate a schedule at which Route Discovery chain elements can be used, and to use loosely synchronized clocks to prevent even partitioned nodes from propagating an old ROUTE REQUEST. The latter approach is computationally slightly more expensive, but it is secure against an attacker replaying an old chain element to a formerly partitioned node, causing that node to ignore REQUESTs from the spoofed source for some period of time.
To protect Ariadne from a flood of ROUTE REQUEST packets, we need a mechanism that enables nodes to instantly authenticate ROUTE REQUESTs, so nodes can filter out forged or excessive REQUEST packets. We introduce Route Discovery chains, a mechanism for authenticating Route Discoveries, allowing each node to rate-limit Discoveries initiated by any node.
Route Discovery chains are one-way chains generated, as in TESLA (Section 3), by choosing a random KN, and repeatedly computing a one-way hash function H to give Ki = HN-i[KN]. These chains can be used in one of two ways. One approach is to release one key for each Route Discovery. Each ROUTE REQUEST from that Discovery would carry a key from this Route Discovery chain, and duplicates could be suppressed using this value. Because of the flooding nature of Route Discovery, a node that is not partitioned from the network will generally hear each chain element that is used, preventing an attacker from reusing that value in the future. An alternative approach, similar to TESLA, is to dictate a schedule at which Route Discovery chain elements can be used, and to use loosely synchronized clocks to prevent even partitioned nodes from propagating an old ROUTE REQUEST. The latter approach is computationally slightly more expensive, but it is secure against an attacker replaying an old chain element to a formerly partitioned node, causing that node to ignore REQUESTs from the spoofed source for some period of time.
