SPAWN: a secure privacy-preserving architecture in wireless mobile ad hoc networks
© Gunasekaran and Premalatha; licensee Springer. 2013
Received: 1 March 2013
Accepted: 14 August 2013
Published: 4 September 2013
Fourth-generation wireless networks may require an integration of mobile ad hoc networks (MANET) into external network to enhance the flexibility of the communication and roaming. This phenomenon is well-suited for commercial and military applications which yield additional benefit of roaming. However, integration of MANET with external network poses a serious security challenge for communication because of open and distributed nature of the ad hoc network. In this paper, a secure privacy preserving architecture has been proposed to provide privacy and security for data communication in wireless mobile ad hoc networks. This architecture includes the concept of observer obscurity to provide privacy and security for the genuine nodes and to exclude misbehaving nodes in the network. The proposed architecture is designed based on the k-times anonymous authentication and onion routing - a cryptography concept which supports for anonymous communication. The simulation results prove the necessity and effectiveness of the proposed architecture in achieving such privacy and security in the integrated environment.
KeywordsTrust Security Privacy Obscurity and routing
The evolution of fourth-generation (4G) wireless networks integrates mobile ad hoc networks (MANET) with other networks such as cellular networks, wireless local area networks (LANs) and third-generation (3G) systems to enhance the flexibility in communication. The major goal of 4G network is to allow mobile nodes to roam globally without any limit to underlying technologies [1–3]. One of the emerging categories of wireless network called MANET is included in the 4G systems.
MANET is a collection of mobile hosts which utilize multi-hop radio relaying and are capable of operating without any fixed infrastructure. The lack of fixed infrastructure in ad hoc networks causes nodes to rely more heavily on peer nodes for communication . The nodes have the ability to configure themselves and form a temporary ad hoc topology. MANETs were initially used to operate as stand-alone networks for ad hoc communications, such as conferences, emergency rescue or military missions, restricting its traffic within its  limitation. Unlike traditional fixed Internet Protocol (IP) networks, all users in a MANET communicate over multi-hop relays by equally distributing and maintaining the routing information by running the same ad hoc routing protocols . This behavior differentiates the MANET nodes with the nodes in other networks.
So far, most of the research work is done on protocols for autonomous mobile ad hoc networks. During the last few years, some work has been done concerning with the integration of mobile ad hoc networks with other networks for the purpose of internet access [7, 8]. The purpose of this integration with other networks, like the internet, is to allow the ad hoc nodes to communicate with any part of the world. The 4G networks provide such an opportunity for mobile ad hoc networks  to maintain global connectivity without any interruption for ongoing connection paths and also the MANET may help to extend the coverage of existing infrastructure networks, like wireless LANs and 3G networks.
However, connecting MANETs to the external network for internet access pose serious threats and challenges [10, 11]. Normally, the interoperability is different for ad hoc routing protocols than the regular routing protocols used in the internet. The ad hoc routing protocols participate on the route learning and maintenance in ad hoc networks whereas in the internet, these tasks are left to specialized routers running routing protocols. Communication between nodes on the internet and mobile ad hoc nodes is done throughout specialized mobile gateways (MG) that are located at the edge of a MANET and provide connections to both, the infrastructure network and the MANET. So, the MG must run the routing protocol used in the infrastructure network and the ad hoc routing protocol used in the MANET to provide an interface between both the networks. The MG takes the responsibility in integrating MANET with internet through Mobile IP which enables flexibility in communication across the network. Mobile IP defines the functional entities such as Home Network, Home Agent, Foreign Network, Foreign Agent and Care of Address and the functionalities of these entities are discussed in  and the discussion of this part is beyond the scope of this work.
Security plays a major role in integrating MANET and fixed networks for the purpose of accessing the internet in an adverse environment. Integration of Mobile IP and ad hoc networks enables mobile nodes, as well as MG to move between networks while retaining the connectivity to the external network. In these circumstances, consider a battle field environment; the presence of malicious nodes may pose a serious threat to the success of the covert missions because the communication may require two ways: firstly, a node from ad hoc network may want to convey secret information to the other nodes in the same network then the usual ad hoc routing protocols can be used for communication. Secondly, a node may want to surf some important information from the external network; this can be achieved through Mobile IP and MG. This environment creates a provision for misbehaving nodes to induce active or passive attacks in the network in order to exploit the covert missions. There are a number of mechanisms that have been proposed in the past but those protocols are compromised in many ways. So, there is a need of a technique to provide privacy and security for the mobile nodes while communicating between ad hoc networks to fixed network and vice versa.
In this paper, a secure privacy preserving architecture has been proposed to provide privacy and security for data communication in wireless mobile ad hoc networks. This architecture includes the concept of observer obscurity to provide privacy and security for the genuine nodes and to exclude misbehaving nodes in the network. A misbehaving node is categorized as outlier (who drops the data packets instead of forwarding) or malicious (who does not send cooperation message, upon receiving a caution). These nodes are excluded in two ways: firstly, a user is declared as outlier if the overall trust is less than the threshold. Secondly, a user is revealed as malicious if it does not send a cooperation message upon receiving a caution. The proposed architecture is designed based on the k-times anonymous authentication and onion routing - a cryptography concept that supports for anonymous communication. The k-times anonymous authentication scheme  supports the distributed and decentralized nature of wireless ad hoc networks. The cryptographic Trapdoor Boomerang Onion  is used to create untraceable paths or packet flows in an on-demand environment with route pseudonymity approach. The design of route pseudonymity is based on “broadcast with trapdoor information” - a cryptography concept. Trapdoor information is used in this paper mainly for encryption and authentication.
The rest of the paper is organized as follows: the related works are discussed in section 2; section 3 discusses the threat model and design goals; preliminaries and communication scenarios are discussed in section 4; the propose architecture is discussed in section 5; section 6 provides the security analyses; section 7 describes simulation environments and presents the simulation results; and section 8 discusses the conclusion.
2. Related works
The ad hoc routing protocols and techniques have been studied extensively for the integration of MANET with fixed network for internet access.
2.1 MANET with fixed network
Daemon is one of the earliest techniques proposed by Sun et al.  to integrate the ad hoc routing protocol and Mobile IP routing. But this technique does not discuss about the privacy and security features. Wakikawa et al.  investigated the use of ad hoc routing protocols for route-optimized communication between mobile networks. The route has been provided by the ad-hoc routing protocol or by the basic NEMO routing approach itself whenever it is desirable. Jonsson et al.  designed a Mobile IP for MANET (MIPMANET) scheme that provides Ad Hoc On-Demand Distance Vector (AODV)-based MANET with access to the internet using Mobile IP. A MIPMANET interworking unit is inserted between a gateway and the MANET.
Broch et al.  propose a principle that allows a DSR-based MANET with single gateway to span across heterogeneous link layers. This architecture supports only a single gateway in a MANET IP subnet. Kock and Schmidt  proposed dynamic mobile IP routers in ad hoc networks to act as gateways to the rest of the network. Tseng et al.  proposed an idea for extending traditional IEEE 802.11-based access points to incorporate the flexibility of mobile ad hoc networks which would help to make the dream of ubiquitous broadband wireless access a reality. Perkins et al.  used Mobile IP as the basis for providing mobility for nomadic users, and extend it to facilitate additional services for nomadic users both at the network layer and above.
2.2 Anonymous communication techniques
Anonymous communication protocols are studied extensively in ad hoc networks and most of the works are based on onion routing protocol  proposed by Reed et al. in which data is wrapped in a series of encrypted layers to form an onion by a series of proxies communicating over encrypted channels.
There are protocols in MANET which addresses the anonymity-related issues proposed by Kong et al. . An Anonymous On-Demand Routing Protocol (ANODR) is the first one to provide anonymity during route discovery and data forwarding in ad hoc networks. Following the work of ANODR, Seys and Preneel  proposed Anonymous Routing Protocol (ARM) which uses one-time public/private key pairs and discusses about only anonymity in route discovery and data forwarding. Sy et al.  proposed the On-Demand Anonymous Routing (ODAR) using public key cryptosystems for secure anonymous routing, but they assume that long-term public/private key pairs have been set up on each node for anonymous communication. Zhang et al.  proposed the Anonymous On-Demand Routing (MASK) which enables an AODV-like anonymous on-demand routing protocol with high routing efficiency by comparing with ANODR (which is very sensitive to node mobility) and which may lower routing efficiency.
Choi et al.  proposed an Anonymous and Secure Random Reporting Protocol for a civilian ad hoc network, in which the source and destination collect reports from intermediate nodes on the routing path. Zhu et al.  proposed an Anonymous Malicious Detection Mechanism which provides anonymity for the witness who reports observed malicious to the network anonymously and ignores malicious and selfish users from the group. Pan and Li  proposed an Efficient Strong Anonymous Routing Protocol (MASR) which overcomes the problems of ANODR and MASK and provides efficiency, security, strong anonymity, and adaptability for route discovery and data forwarding.
3. Threat model and design goals
This section describes the threat model and the design goals in order to manage the threat posed by misbehaving nodes.
3.1 Threat model
The integration of MANET with fixed network pose a terrible challenge because the functionality of ad hoc routing protocols are quite different from the routing protocols of fixed network. In the fixed network, the nodes do not participate on the route learning and maintenance whereas in mobile ad hoc network, every node must exchange routing information with other nodes within its proximity which makes every node act as an end node or as a router. Communication between nodes in MANET and nodes in the fixed network is achieved through the routers located at the edge of a MANET called gateways.
This environment poses a serious security threat on MANET than the fixed network.
Being an active part of the network, it is easy for the attackers to exploit any individual or the entire network itself. Passive eavesdroppers do not disrupt the normal operation of the network; instead, they listen to the network in order to extract the cryptographic information. In addition, an attacker may want to gain access to the network or impersonate as a valid entity which gives more challenge for secure communication in the integrated environment.
3.2 Design goals
The design goal of the proposed architecture is to provide the following requirements to identify misbehaving nodes using the trust and reputation metrics and to exclude them from the network:
Obscurity: It should not be possible for misbehaving users to identify the identity of the observer (who identifies and discloses the outliers/malicious users in the network anonymously).
Accountability: An observer is liable to identify and reveal the identity of misbehaving users in the network anonymously.
4. Network architecture
Has an initial IP address (home address) which is routable in the ad hoc network;
Discovers reachable gateways in its surrounding;
Selects one gateway out of the set of reachable gateways; and
Forms a globally routable IP address with the prefix of the selected gateway.
The gateway discovery is a key component for the MANET nodes in order to communicate with internet hosts. The gateway discovery can be made either by proactive or reactive approach. In proactive approach, periodical gateway advertisements are sent to all nodes in the ad hoc network from the gateways. In the reactive approach, solicitation and advertisement messaging takes place between a mobile node and the gateway. Once a mobile node discovers a gateway, it can connect to the internet through the gateway.
4.2 Communication scenarios
The proposed network architecture can accommodate two different communication scenarios such as Intra-MANET communication and Inter-MANET communication. This model implements the base specification of the AODV  protocol for all corresponding MANET routings.
4.2.1 Intra-MANET communication
4.2.2 Inter-MANET Communication
5. The SPAWN
The components and the functionalities of the SPAWN are described in the following subsections:
5.1 Configuration module
The configuration module has two faces such as the initial setup and the user registration (discussed in ).
During the initial setup phase, the MG generates a group key (public/secret key pair) and sends announcement with group public key during gateway advertisement. In addition, MG also publishes the method of generating the tag bases that will be used to send caution, cooperation and event reporting.
where Wmsg denotes the caution message that has been sent to the malicious user, IDmalicious denotes the identity of a malicious user and MAXcaution denotes the maximum number of caution that can be sent malicious user. In this paper, MAXcaution = 1.
where Cmsg denotes the cooperation message that the user has to send to the initiator of the cooperation message, IDsource denotes the identity of the user who sends the caution message and MAXcooperation denotes the maximum number of cooperation message that the user can send. In this paper, MAXcooperation = 1.
5.2 Watchdog module
5.3 Decision making module
This section describes the process of estimating the trust, judging the reputation and how the mobile nodes are categorized as trusted/outlier and genuine/malicious.
5.3.1 Trust estimation module
This module compares the collected data with the predefined threshold value and finds the deviation. Based on the information collected and compared by the user, it calculates the direct trust value and stores it into the local database DBLOC. The direct trust value is calculated mainly based on the behavior of packet forwarding, dropping and tampering. The indirect trust value is determined based on the information collected from other users in the network and maintained by the common database DBCOM.
5.3.2 Reputation module
Any user suspects the malicious activity such as holding the packets for a long time or giving false report in the network is performed by any user, it can send a caution at once to that user. Upon receiving a caution, the genuine user has to send a maximum of one cooperation message using the tag base published in the setup procedure. If the user does not send cooperation (one time) or sends multiple cautions is marked as a malicious user.
5.3.3 Identification module
5.4 Report module
6. Security analysis
ECDSA signature generation
ECDSA signature verification
Key pair generation time
Key agreement time
In SPAWN, to prevent traffic analysis, an observer sends the caution and report through an anonymous communication system so that misbehaving user could not discover the identity of the sender. There is no public key or identity-related information in a report, and the verification process is based on the zero knowledge proof as discussed in .
If a user does not send a cooperation message upon receiving a caution, then he/she is marked as malicious. To ensure a malicious user misusing an obscurity feature, genuine users need to find a valid record of the distinguished user, i.e. in each item in i LIST has copies distributed in all the nodes in the network. If a user does not send a cooperation message after receiving caution, then the identity of the user will be revealed to the other users in the networks.
This section also discusses the considerable attacks and present possible countermeasures.
6.2.1 Impersonation attacks
Impersonation attacks are only possible for inside attackers. Even if malicious users compromise multiple users in the network and collect additional report, they cannot differentiate the reports sent by a user from those sent by others. Thus, compromising more users does not increase the probability of deducing the identity of the sender, i.e. the observer obscurity.
6.2.2 DoS attacks
DoS attacks aim to deplete resources, including computation capability, bandwidth, memory, energy, etc. DoS attacks can be initiated from outside attackers as eavesdroppers or inside attackers. In the proposed architecture, DoS attacks can be launched against the event reporting procedure and is restrained by the accountability property.
7. Performance analysis
This section evaluates the performance and effectiveness of the proposed architecture.
7.1 Simulation setup
700 m × 700 m
Wireless radio range
0 to 10 m/s
CBR 512-byte packet
Random Way Point model
7.2 Simulation results
This section demonstrates the results and observations of the proposed SPAWN. The proposed SPAWN is compared with MIPMANET and AODV under the same network settings with respect to the metrics of packet delivery ratio, end-to-end delay, routing packet overhead and throughput.
The SPAWN addresses the privacy and security issues in mobile ad hoc networks when it is integrated with the fixed network to access the internet. The architecture adapts the modules such as watchdog, trust estimation and reputation in order to monitor and determine the mobile nodes trust and reputation. Based on these factors, an observer decides the node state and reports to the other users in the network if it is a misbehaving node (outlier or malicious). The SPAWN adapts the k-times anonymous authentication scheme and onion routing to achieve privacy- and security-related goals. So, the proposed architecture has its own importance in mobile ad hoc networks in the integrated environment. The simulation results prove the performance of SPAWN.
The proposed architecture is suitable for a constrained number of mobile nodes. If the number of mobile nodes exceeds the threshold in a network, then the mobile node energy consumption is comparatively high. So, the scalability factor needs to be considered in addition with existing concepts in the future.
- Qaddour J, Barbour R: Evolution to 4G wireless: problems, solutions, and challenges. Cairo, Egypt: Paper presented in the 3rd ACS/IEEE international conference on computer systems and applications; 2005:78-I.Google Scholar
- Axiotis D, Al-Gizawi T, Peppas K, Protonotarios E, Lazarakis F, Papadias C, Philippopoulos P: Services in interworking 3G and WLAN environments. IEEE Wirel Commun 2004, 11(5):14-20. 10.1109/MWC.2004.1351677View ArticleGoogle Scholar
- Lott M, Siebert M, Bonjour S, von Hugo D, Weckerle M: Interworking of WLAN and 3G systems. IEE Proc Comm 2004, 151(5):507-513. 10.1049/ip-com:20040600View ArticleGoogle Scholar
- Komninos N, Vergados DD, Douligeris C: A two‒step authentication framework for mobile ad hoc networks. China Commun J 2007, 4(1):28-39.Google Scholar
- El Defrawy K, Tsudik G: Privacy-preserving location-based on-demand routing in MANETs. IEEE J Sel Area Comm 2011, 29(10):1926-1934.View ArticleGoogle Scholar
- Loay A, Ashfaq K, Mohsen G: A survey of secure mobile ad hoc routing protocols. IEEE Commun Surv Tutorials 2008, 10(4):78-93.View ArticleGoogle Scholar
- Jianli P, Subharthi P, Raj J: A survey of the research on future internet architectures. IEEE Commun Mag 2011, 49(7):26-36.View ArticleGoogle Scholar
- Abduljalil FM, Bodhe SK: A survey of integrating IP mobility protocols and mobile ad hoc networks. IEEE Commun Surv Tutorials 2007, 9(1):14-30.View ArticleGoogle Scholar
- Irshad A, Shafiq M, Rahman A, Khurram S, Usman M, Irshad E: A secure interaction among nodes from different MANET groups using 4G technologies. In International Conference on Emerging Technologies. Islamabad; 2009:476-481.Google Scholar
- Shuo D: A Survey on Integrating MANETs with the Internet: Challenges and Designs. Comput Comm 2008, 31(14):3537-3551. 10.1016/j.comcom.2008.04.014View ArticleGoogle Scholar
- Imrich C, Marco C, Jennifer L: Mobile ad hoc networking: imperatives and challenges. Ad Hoc Netw 2003, 1(1):13-64. 10.1016/S1570-8705(03)00013-1View ArticleGoogle Scholar
- Sun Y, Royer E, Perkins CE: Internet connectivity for ad hoc mobile networks. Int J Wireless Inform Network 2002, 9(2):75-78. 10.1023/A:1015399632291View ArticleGoogle Scholar
- Teranishi I, Furukawa J, Sako K: K-times anonymous authentication. In Proceedings of ASIACRYPT. Jeju Island; 2004:308-322.Google Scholar
- Kong J, Hong X: ANODR: Anonymous On-Demand Routing with Untraceable Routes for Mobile Ad-hoc Networks. In Proceedings of 4th ACM International Symposium on Mobile Ad Hoc Networking and Computing. Annapolis; 2003:291-302.Google Scholar
- Wakikawa R, Matsutani H, Koodli R, Nilsson A, Murai J: Mobile Gateways for Mobile Ad-Hoc Networks with Network Mobility Support. In Proceedings of 4th International Conference on Networking. Reunion Island, France; 2005:17-21.Google Scholar
- Jonsson U, Alriksson F, Larsson T, Johansson P, Maguire J: MIPMANET Mobile IP for Mobile Ad Hoc Networks. Boston, MA: Paper presented in the 1st annual workshop on mobile and ad hoc networking and computing; 2000:75-85.Google Scholar
- Broch J, Maltz DA, Johnson DB: Supporting Hierarchy and Heterogeneous Interfaces in Multi-hop Wireless Ad Hoc Networks. In Proceedings of the International Symposium on Parallel Architectures, Algorithms and Networks. Perth; 1999:370-375.View ArticleGoogle Scholar
- Kock BA, Schmidt JR: Dynamic Mobile IP Routers in Ad Hoc Networks. Netherlands: Paper presented in the international workshop on wireless ad-hoc networks; 2004:130-134.Google Scholar
- Tseng Y, Shen C, Chen W: Integrating mobile IP with ad hoc networks. IEEE Comput Soc 2003, 36(5):48-55.View ArticleGoogle Scholar
- CE Perkins J, Thomas NY: Yorktown Heights, Mobile-IP, Ad-hoc Networking, and Nomadicity. In Proceedings of 20th International Conference on Computer Software and Applications Conference. Seoul; 1996:472-476.View ArticleGoogle Scholar
- Reed MG, Syverson PF, Goldschlag DM: Anonymous connections and onion routing. IEEE J Sel Area Comm 1998, 16(4):482-494. 10.1109/49.668972View ArticleGoogle Scholar
- Seys S, Preneel B: ARM: Anonymous Routing Protocol for Mobile Ad hoc Networks. In Proceedings of the International Conference on Advanced Information Networking and Applications. Switzerland: IEEE Computer Society, Washington, DC; 2009:145-155.Google Scholar
- Sy D, Chen R, Bao L: ODAR: On-Demand Anonymous Routing in Ad Hoc Networks. In Proceedings of the 3rd IEEE International Conference on Mobile Ad-hoc and Sensor Systems. Vancouver, BC; 2006:267-275.Google Scholar
- Zhang Y, Liu W, Lou W, Fang Y: MASK: anonymous on-demand routing in mobile ad hoc networks. IEEE Trans Wireless Comm 2006, 5(9):2376-2385.View ArticleGoogle Scholar
- Choi H, Enck W, Shin J, McDaniel P, La Porta T: ASR: anonymous and secure reporting of traffic forwarding activity in mobile ad hoc networks, Springer Link. Wireless Netw 2009, 15(4):525-539. 10.1007/s11276-007-0067-0View ArticleGoogle Scholar
- Zhu B, Ren K, Wang L: Anonymous Misbehavior Detection in Mobile Ad Hoc Networks. In Proceedings of 28th International Conference on Distributed Computing Systems Workshops. Beijing: IEEE Computer Society; 2008:358-363.Google Scholar
- Pan J, Li J: MASR: An Efficient Strong Anonymous Routing Protocol for Mobile Ad Hoc Networks. In Proceedings of the International Conference on Management and Service Science. Wuhan; 2009:1-6.Google Scholar
- Cha H, Park J, Kim H: Extended Support for Global Connectivity for IPv6 Mobile Ad Hoc Networks, Internet-Draft draft-cha-manet-extended-support-globalv6-00.txt. South Korea: Mobile Ad Hoc Networking Group; 2003.Google Scholar
- Xi J, Bettstetter C: Wireless Multi-Hop Internet Access: Gateway Discovery, Routing, and Addressing. In Proceedings of International Conference on Third Generation Wireless and Beyond (3Gwireless). San Francisco; 2002.Google Scholar
- Perkins C, Belding-Royer E, Das S: Ad Hoc On-Demand Distance Vector (AODV) routing, RFC 3561. 2003.Google Scholar
- Gunasekaran M, Premalatha K: TEAP: trusted-enhanced anonymous on demand routing protocol for mobile ad hoc networks. IET Inf Secur 2012, 7(3):203-211.View ArticleGoogle Scholar
- Johnson D, Menezes A, Vanstone S: The elliptic curve digital signature algorithm (ECDSA). Int J Inform Secur 2001, 1(1):36-63.View ArticleGoogle Scholar
- Huang Q, Jao D, Wang HJ: Applications of Secure Electronic Voting to Automated privacy Preserving Troubleshooting. New York: ACM; 2005:68-80.Google Scholar
This article is published under license to BioMed Central Ltd. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.