This document proposes an Authenticated IP Configuration Scheme (ADIP) for Mobile Ad Hoc Networks (MANETs). In MANETs, nodes communicate over wireless links in a decentralized, dynamic network topology. The ADIP scheme addresses the problem of assigning unique IP addresses without broadcasts by having each node obtain its IP address from a neighboring "proxy" node in an authenticated manner. The proxy node computes a unique IP address for the new node based on its own address to avoid duplicate address detection broadcasts. This localized approach authenticates nodes and assigns IP addresses with low latency in a secure manner without reliance on centralized services or network infrastructure.

1. AN AUTHENTICATED IP CONFIGURATION
SCHEME FOR MANETS
Presented by : Piyush P. Shekdar
Roll. No: 14EC65R06
1

2. WHAT IS A MANET?
 Mobile Ad Hoc network (MANET) is a collection
mobile nodes communicating over wireless links[6].
2
Figure1: Simplified MANET
Source: http://cwi.unik.no/images

3. Figure2: Cellular network and MANET
Source : http://cwi.unik.no/images[6]
3

4. CHARACTERISTICS[6]
 Autonomous and infrastructureless
 Multi-hop routing
 Dynamic network topology
 Device heterogeneity
 Energy constrained operation
 Bandwidth constrained links
 Limited physical security
 Network scalability
 Self-creation, self-organization and self
administration
Source : http://cwi.unik.no/images
4

5. APPLICATIONS[6]
 Optionally a MANET can be connected to the
internet.
 Military applications
 Disaster management
 Multi-player gaming
 Wireless sensor networks
And many more….
5

6. THE ADDRESS ALLOCATION PROBLEM[1]
 AODV (Ad Hoc on demand distance vector ) routing
protocol [2]
 Unique IP address for every node
 Traditional approaches(inapplicable):
Manual configuration
DHCP(Dynamic Host Configuration protocol)[3]
6

7. THE ADDRESS ALLOCATION PROBLEM
 Existing approaches:
 1. Best effort allocation + DAD[5] (duplicate address
detection)
 2. Leader based allocation scheme.
Requires broadcast or advertising implying high
latency.
3. Decentralized allocation.(DHCP or DAD)
it is desirable to avoid DAD.
7

8. SECURITY THREATS IN DYNAMIC ADDRESS
CONFIGURATION[1]
 Address spoofing (common, occurs during
allocation )
 Address exhaustion
 False address conflict
 False deny message
 Many others can be imagined(Eg.: black hole
attack, grey hole attack etc.) 8

9. PROTOCOL REQUIREMENTS
 Unique IP address for all nodes
 Denial only upon address exhaustion
 Handling partitions and mergers
 Authentication of nodes: using MAC(message
authentication code)
9

10. THE ADIP ALGORITHM[1]
 A new node Nn can obtain its IP address from its
neighbouring (single hop)node(proxy).
 Each proxy node computes a unique IP address
from its own IP address.
 No need for DAD.
 No broadcast storms.
10

11. FLOW CHART FOR THE NEW NODE
11

12. FLOW CHART FOR THE PROXY NODE
12

13. AUTHENTICATION[1]
 Keyed hashing for message authentication code
(HMAC)
 MD5 hash function
 MAC = HMAC(K,M)
= H(K ⊕ opad|H(K ⊕ ipad|M)),
K: secret key
M: message
Opad =0x5C
Ipad= 0x36
H(x) is the hash function of x.
The MAC tag is appended to all the messages.
[message|MAC]
13

14. IP ADDRESS GENERATION[1]
 Class B IP address 169.X.j.i
 Approximately 216 = 65536 possible addresses
inside one MANET.
 169.X.0.0/16 is the network address.
 IP address is generated as follows
 i’= ((i-1)xK +count)%254
 j’=j+ ((i-1)xK +count)/254
 K= number of address that a proxy can assign
 Count = number of addresses assigned by the
proxy
 Hence 1<= count<=K. 14

15. IP ADDRESS GENERATION[1]
15
Figure 3: An example of address allocation tree K=10
Source: [R.Datta,U.Ghosh.,”ADIP for MANETs”WOCN2009]
2

16. GRACEFUL DEPARTURE
16
If the root node wants to leave the MANET, then it informs the
lowest descendent to be the new root.

17. GRACELESS DEPARTURE
 It is important to detect the departure of a node if it
departs gracelessly.
 Graceless departure can be detected by the
periodic HELLO messages of the AODV protocol.
 Every node scans the IP address of its children.
 If a child node is missing, then the parent node
updates its recycle list.
17

18. NETWORK PARTITIONING AND MERGING
 A node detects network partition when it stops
receiving the periodic HELLO messages.
 The node then becomes the new root and creates a
new Network id and assumes the IP address
169.X.1.1 in the new MANTE.
 Merger:
 If a node from network Y joins a network X, then it
checks for IP address conflicts using the AODV
protocol RREQ and RREP messages.
 If there is an address conflict, then the node resets
its configuration and calls the ADIP algorithm.
18

19. DISADVANTAGES
 The proposed scheme does not address the
graceless departure of the root node.
 A new node requesting IP address may be denied
an address if the address pools of neighbours are
exhausted.
19

20. CONCLUSION
 Low latency protocol for address allocation
 Low complexity address generation algorithm
 Secured messaging i.e., protection against
attacks
 Unique IP addresses and no DAD
 No overheads for network partitions and mergers 20

21. REFERENCES
 [1] R. Datta and U. Ghosh, “An Authenticated Dynamic IP Configuration
Scheme for Mobile Ad Hoc Networks”, IFIP international conference on
Wireless and Optical Communications Networks,2009 pp. 1-6.
 [2] C. Perkins, E. Belding-Royer, and S. Das ,“Ad hoc On-Demand Distance
Vector (AODV) Routing,” RFC3561, July 2003.
 [3] R. Droms, “Dynamic host configuration protocol”, RFC 2131, Mar. 1997.
 [4] S. Nesargi and R. Prakash, in “MANETconf: Configuration of Hosts in a
Mobile Ad Hoc Network”, in Proc. INFOCOM, 2002, pp. 1059-1068.
 [5] K. Weniger., “Passive Duplicate Address Detection in Mobile Ad Hoc
Networks”, In WCNC, Florence, Italy, February 2003.
 [6] http://cwi.unik.no/images
 [7]Kurose J., Ross K.(2012), ”Computer networking a top down approach”.
Pearson education Inc.
21