Towards Sybil Resistant Authentication in Mobile Ad Hoc Networks

In Sybil attack, an attacker acquires multiple identities and uses them simultaneously or one by one to attack network operations. Such attacks pose a serious threat to the security of self-organized networks like Mobile Ad hoc Networks (MANETs) that require unique and unchangeable identity per node for detecting routing misbehavior and reliable computation of node´s reputation. Current authentication mechanisms for MANETs are vulnerable to Sybil attack unless they resort to some out of band method like physical contact between nodes for building trust or relying on a Trusted Third Party (TTP) for issuing a unique and unchangeable identity to each node. In this paper we present an authentication mechanism for MANETs that utilizes hardware id of the device of each node for authentication. An authentication agent is developed that verifies the hardware id of the authenticatee node. A comprehensive defense model is employed to protect the authentication agent from various static and dynamic attacks from a potentially malicious authenticatee node. Security of authenticatee node is assured by involving a TTP that signs the authentication agent, verifying that it will perform only intended function and is safe to execute. With this minimal involvement of the TTP, the proposed authentication scheme offers increased resistance to the Sybil attack. The attacker is now required to either thwart agent protection mechanisms or to acquire multiple devices with different hardware ids, in order to gain multiple identities.