Authentication Protocols for Ad Hoc Networks: Taxonomy and Research Issues Nidal Aboudagga 1 , Mohamed Tamer Refaei 2 , Mohamed Eltoweissy 2 , Luiz A. DaSilva 2 , and Jean-Jacques Quisquater 1 1 UCL Crypto Group, Université Catholique de Louvain, Belgium, {aboudagg, quisquater}@dice.ucl.ac.be 2 Bradley Department of Electrical and Computer Engineering, Virginia Tech, USA, {mtamer, toweissy, ldasilva}@vt.edu ABSTACT Ad hoc networks, such as sensor and mobile ad hoc networks, must overcome a myriad of security challenges to realize their potential in both civil and military applications. Typically, ad hoc networks are deployed in un-trusted environments. Consequently, authentication is a precursor to any secure interactions in these networks. Recently, numerous authentication protocols have been proposed for ad hoc networks. To date, there is no common framework to evaluate these protocols. Towards developing such a framework, this paper proposes a generic authentication process and a new taxonomy that clarifies similarities and differences among authentication protocols reported in the literature. The taxonomy is based upon the role of nodes in the authentication function, establishment of credentials, and type of credentials. We also motivate the need for an authentication management architecture and discuss some open research issues. Categories and Subject Descriptors A.1 [General Literature]: Introductory And Survey General Terms Security, Management, Performance Keywords Authentication, Network Security, Protocol Taxonomy, Ad Hoc Networks, Credentials, Identity Verification. 1. INTRODUCTION Interest in ad hoc networks largely stems from the ability to rapidly deploy them under both normal and harsh conditions. These networks can be quickly deployed in situations where no infrastructure exists and it would be impractical or infeasible to deploy infrastructure. In such an infrastructure-less network, nodes are expected to cooperate to perform essential networking tasks such as routing. In order to provide network-wide connectivity, nodes in an ad hoc network are expected to route data packets on behalf of other nodes in the network that want to reach nodes out of their transmission range. Ad hoc networks can be classified into static and mobile networks. Sensor networks (SensNets) typically are static ad hoc networks. On the other hand, mobile ad hoc networks (MANETs) are autonomous systems of mobile nodes that are free to move at will. A hybrid network may also exist. For example sensor nodes can form a tier in a network that is managed by a higher tier of mobile gateway nodes. From a security standpoint, ad hoc networks face a number of challenges. The wireless medium has no observable boundaries and is significantly less reliable than wired media. Unlike wire-line networking, where an attacker must physically break into the network infrastructure, tap into network cables, or logically break through several lines of defenses (such as firewalls) before he can take control or tamper with any network component, wireless attacks may come from anywhere and from all directions [18]. Additionally, the lack of a clear line of defense and traffic concentration points poses a challenge to deploying security solutions in ad hoc networks. The broadcast nature of the transmission medium and the dynamically changing topology add even more complications. Furthermore, the reliance on node collaboration as a key factor of network connectivity presents another obstacle. In order to provide network security, support for authentication, confidentiality, integrity, non-repudiation, and access control should be provided. We believe that authentication is the cornerstone service, since other services depend on the authentication of communication entities [19] [7]. Authentication supports privacy protection by ensuring that entities verify and validate one another before disclosing any secret information. In addition, it supports confidentiality and access control, by allowing access to services and infrastructure to authorized entities only, while denying unauthorized entities access to sensitive data. A significant number of authentication protocols have recently been proposed for ad hoc networks; examples include [1] [2] [3] [4] [5] [6] [8] [9] [10] [11] [12] [13] [17] [18] [19] [24]. A classification is needed to interpret the similarities between sets of related protocols and to understand the motivation behind each. A classification also enables us to better analyze and compare protocols with respect to their encapsulating class rather than comparing individual protocols; to identify common vulnerabilities and attacks against each class of Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. MSWiM’05, October 10–13, 2005, Montreal, Quebec, Canada. Copyright 2005 ACM 1-59593-188-0/05/0010...$5.00.