Securing ad-hoc networks using IPSec

The use of IPSec for securing communication between nodes of wireless and mobile ad hoc networks has traditionally been considered difficult. We describe an IPSec-based architecture and implementation for ad hoc networks that can seamlessly handle node mobility and IP address change. The approach can be used for securing application traffic as well as configuration and mobility management protocol traffic. A certificate-based approach that aids dynamic key generation and distribution is used for creating security associations between nodes. Simple and backward compatible extensions to the IPSec and PKIX protocols that do not violate existing and proposed standards are described, and an existing implementation is discussed. Initial experimental evaluation reveals that the per-packet latency overhead at the end-host for using our proposed mechanisms is tolerable.