RIPsec – Using Reputation-Based Multilayer Security to Protect MANETs
T.H. Lacey, R.F. Mills, B.E. Mullins, R.A. Raines, M.E. Oxley, S.K. Rogers
ABSTRACT
This paper examines the theory, application, and results for a Reputation-Based Internet Protocol
Security (RIPsec) framework that provides security for a Mobile Ad-hoc Network (MANET) operating in a
hostile environment. While there has been significant research in MANET security, the research has
tended to address subsets of the overall security challenge. RIPsec leverages existing technologies to
provide an overarching layered security framework that provides a more comprehensive security
solution than existing approaches. Protection from external threats is provided in the form of encrypted
links and encryption-wrapped nodes while internal threats are mitigated by behavior grading that
assigns reputations to nodes based on their demonstrated participation in the routing process. End-to-
end message security using public and private certificates protects against both internal and external
threats. Network availability is improved by behavior grading and round-robin multipath routing.
Simulation results showed that the number of routing errors sent in a MANET was reduced by an
average of 52% when using RIPsec. The cost in network performance for the security provided by RIPsec
was a reduction in throughput. However, the reduction was acceptable given the increase in security.
The network load was also reduced, decreasing the overall traffic introduced into the MANET and
permitting individual nodes to perform more work without overtaxing their limited resources.
The RIPsec framework was analyzed to demonstrate its robustness against a number of well-known
attacks against ad-hoc networks. Of the four features incorporated into RIPsec (encryption, IPsec
transport mode, behavior grading, and multipath routing), three other frameworks incorporated two of
the features (encryption and behavior grading), and the remaining eight frameworks only incorporated
one of the four security features. The incorporation of all four security features at multiple levels makes
RIPsec very robust against attacks.
KEYWORDS
MANET, Ad-hoc, IPsec, DSR, Multipath, Behavior Grading, Reputation, Trust, PKI
1. Introduction
Mobile Ad-hoc Networks (MANETs) are self-configuring networks of mobile routers connected by
wireless links. When one node desires to communicate with another that is out of transmission range,
intermediate nodes are used to relay messages (Carruthers & Nikolaidis, 2005). MANETs have received
the attention of numerous agencies due to their self-configuration and self-maintenance capabilities.
Their many applications include military battlefields, disaster relief efforts, conferences, classrooms,
taxicabs, sports stadiums, boats, and small aircraft (Sun, 2001).
In (Bellur, Lewis, & Templin, 2002), Unmanned Aerial Vehicles (UAVs) are organized into
MANETs to facilitate intra-team communications. Additionally, Fig. 1 shows how teams of MANETs
