From the security perspective, in mobile ad-hoc networks there are two kinds of messages--the routing, and the data message--with different natures and different security needs. Data messages are point-to-point and can therefore be saved by using an existing point-to-point security mechanism, such as IPSec (Secure Internet Protocol). However, for routing messages, there will always be some parts of those messages that will change during their propagation. This is perhaps the main challenge posed by routing messages to the ad-hoc environment.

Normally, routing messages carry two types of information, mutable and non-mutable. It's desirable that the mutable information in a routing messages is secured in such a way that no trust in intermediate nodes is required. Otherwise, securing the mutable information will be much more computationally intensive. Plus, the overall security of the system will greatly decrease.

One possible solution is to use a trusted certificate server C, whose public key is known to all participating nodes. Keys are priority generated and are exchanged through a mutual relationship between C and each node. Each node obtains a certificate with exactly a single key from the trusted certificate server upon joining the network. The certificate details different aspects of the connecting node. These details include node addresses, a public key, and a time stamp t1 and t2, where t1 and t2 represent the certificate issue and certificate expiration time. These certificates are authenticated and signed by the server C.

The goal of communication between the source and the destination is to make sure that the data safely reaches the destination. Therefore, whenever a node wants to transmit data to a destination for which it does not have any routing entry in its routing tables, it can adopt one of several mechanisms, such as invoking a route discovery mechanism (on-demand protocols), or invoking route discovery and data delivery processes (mobile ad-hoc on-demand data delivery protocol). As for the security perspective, besides an IP address of the destination, a broadcast ID, and a source ID, the packet also contains a certificate A and the expiration time t2. All of these are assigned to the public key, which was allocated to the source node at the time it joined.

Each intermediate or receiving node of the package extracts the public key from the certificate C attached to the packet to validate the signature and make sure the certificate is still valid before forwarding it to other nodes. To explain further, consider a scenario in which node A wants to transmit data to node D.

Node B on the receiving route request verifies the public key and the certificate validation time by extracting this information from the certificate attached to the packet. Once this has been done, B then removes the A certificate signature, records B as predecessor, signs the contents of the message originally broadcast by A, appends its own certificate, and forwards the broadcast message to the neighboring node until it reaches D.

Security is one of the fundamental issues in mobile ad-hoc networks. I've highlighted different security requirements, along with a possible solution to secure transmission in these types of networks. The proposed security solution is one of several ways to protect data communication in mobile ad-hoc networks. However, there's a solid need to deploy more efficient strategies to resolve various issues besides security in mobile ad-hoc networks.

Bill Beaulieu is a Senior Partner at The Selmont Group (at http://www.selmont.com), a Technology Marketing Management firm based in Londonderry, NH.