RIPsec - Using reputation-based multilayer security to protect MANETs

This paper examines the theory, application, and results for a Reputation-Based Internet Protocol Security (RIPsec) framework that provides security for a Mobile Ad-hoc Network (MANET) operating in a hostile environment. While there has been significant research in MANET security, the research has tended to address subsets of the overall security challenge. RIPsec leverages existing technologies to provide an overarching layered security framework that provides a more comprehensive security solution than existing approaches. Protection from external threats is provided in the form of encrypted links and encryption-wrapped nodes while internal threats are mitigated by behavior grading that assigns reputations to nodes based on their demonstrated participation in the routing process. End-to-end message security using public and private certificates protects against both internal and external threats. Network availability is improved by behavior grading and round-robin multipath routing. Simulation results showed that the number of routing errors sent in a MANET was reduced by an average of 52% when using RIPsec. The cost in network performance for the security provided by RIPsec was a reduction in throughput. However, the reduction was acceptable given the increase in security. The network load was also reduced, decreasing the overall traffic introduced into the MANET and permitting individual nodes to perform more work without overtaxing their limited resources. The RIPsec framework was analyzed to demonstrate its robustness against a number of well-known attacks against ad-hoc networks. Of the four features incorporated into RIPsec (encryption, IPsec transport mode, behavior grading, and multipath routing), three other frameworks incorporated two of the features (encryption and behavior grading), and the remaining eight frameworks only incorporated one of the four security features. The incorporation of all four security features at multiple levels makes RIPsec very robust against attacks. a 2011 Elsevier Ltd. All rights reserved.