Successfully reported this slideshow.

433 438

515 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

433 438

  1. 1. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 Proposing Trust Count Based Validation Method to Lessen Internal Attacks in Mobile Adhoc Networks D.SRINIVASA RAO MOHD. SHAJID ANSARIDepartment of Computer Science and Engineering Department of Computer Science and EngineeringRSR Rungta College of Engineering & Technology GD Rungta College of Engineering & Technology Bhilai, Chattisgarh, India Bhilai, Chattisgarh, India sridas712@gmail.com shajid_avis@yahoo.co.inAbstract— Security is an essential service for wired and transmissions and security issues etc.. The eventualwireless network communications. The success of goal of designing a MANET network is to makemobile ad hoc networks (MANET) strongly depends on available a self-protecting, ―dynamic, self-forming,people’s confidence in its security. However, the and self-healing network‖ for the dynamic and non-characteristics of MANET pose both challenges andopportunities in achieving security goals, such as predictive topological network [1]. According to theconfidentiality, authentication, integrity, availability, positions and transmission range, every node inaccess control, and non-repudiation. The wireless MANET acts as a router and tends to move arbitrarynature and inherent features of mobile ad hoc networks and dynamically connected to form network. Themake them exposed to a wide variety of attacks. In an topology of the ad hoc network is mainlyinternal attack, the attacker gains the normal access to interdependent on two factors; the transmissionthe network and takes part in the network activities, power of the nodes and the Mobile Node location,either by some malicious imitation to get the access to which are never fixed along the time period. [2] Adthe network as a new node, or by directly compromising hoc networks excel from the traditional networks ina current node and using it as a basis to conduct itsmalicious behaviors. In this paper, we develop a cluster many factors like; easy and swift installation andbased validation methods to lessen internal attacks. The trouble free reconfiguration, which transform thementire network is divided into hierarchical group of into circumstances, where deployment of a networkclusters, each cluster having a fully trusted cluster head. infrastructure is too expensive or too susceptible [5].Each node holds a certificate issued by an offlinecertificate authority (CA). The Trust Count (TC) for MANETs have applicability in several areas like ineach of the nodes can be estimated periodically for military applications where cadets relaying importantevery trust evaluation interval (TEI), based on their data of situational awareness on the battleground, inaccess policy (AP). The certificate of a node is renewed corporate houses where employees or associatesor rejected by the cluster head, based on its trustcounter value. By simulation results, we show that our sharing information inside the company premises orproposed technique provides better packet delivery in a meeting hall; attendees using wireless gadgetsratio and resilience against node capture. participating in an interactive conference, critical mission programmer for relief matters in any disasterKeywords- Node Capture Attacks, Clustering, Trust events like large scale mishaps like war or terroristCount, Access Policy attacks, natural disasters and all. They are also been used up in private area and home networking, I. INTRODUCTION ―location based‖ services, sensor networks and many more adds up as services based on MANET [4]. The An autonomous system of mobile hosts connected by three major drawback related to the quality of servicewireless links, often called Mobile Ad hoc NETworks in MANET are bandwidth limitations, vibrant and(MANETs) . Mobile ad hoc network has been a non-predictive topology and the limited processingchallenging research area for the last few years and minimum storage of mobile nodes [3] Thebecause of its dynamic topology, power constraints, wireless nature and inherent features of mobile adlimited range of each mobile host’s wireless hoc networks make them vulnerable to a wide variety 433 All Rights Reserved © 2012 IJARCET
  2. 2. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012of attacks. The attacks on MANETs can be classified and redeployed in the network in order to carry outinto various criteria as shown below [6, 7, and 8]; malicious activities. Solution to node capture attacks has to meet the following requirements:A. External Vs. Internal Attacks  To detect the node capture as early as possible.External attacks are attacks launched by adversaries  To have a low rate of false positives—nodeswho are not initially authorized to participate in the which are believed to be captured and thusnetwork operations. These attacks usually aim to subject to a revocation process, but whichcause network congestion, denying access to specific were not actually taken by the adversary.network function or to disrupt the whole network  To introduce a small overhead.[10]operations. Bogus packets injection, denial of service,and impersonation are some of the attacks that are In our previous work [9], we have developed ausually initiated by the external attackers. More combined solution for routing and MAC layersevere attacks in the ad hoc networks might come attacks. Our approach, make use of three techniquesfrom the second source of attacks, which is the simultaneously which consists of a cumulativeinternal attack. Internal attacks are initiated by the frequency based detection technique for detectingauthorized nodes in the networks, and might come MAC layers attacks, data forwarding behavior basedfrom both compromised and misbehaving nodes. detection technique for detecting packet drops andInternal nodes are identified as compromised nodes if MAC based authentication technique for packetthe external attackers hijacked the authorized internal modification.nodes and are then using them to launch attacks Our combined solution presents a reputation valueagainst the ad hoc networks. Security requirements for detecting the malicious nodes and isolates themsuch as authentication, confidentiality and integrity from further network participation till its revocation.are severely vulnerable in the ad hoc networks with In this approach, the technique to mitigate nodethe compromised internal nodes because capture attack is not taken into account. As ancommunication keys used by these nodes might be extension to the previous work, we develop a clusterstolen and passed to the other colluding attackers. On based authentication technique to mitigate thethe other hand, nodes will be classified as internal attacks or node capture attacks. Themisbehaving if they are authorized to access the authentication is performed by the cluster head bysystem resources, but fail to use these resources in a checking the trust count value of its members.way they should be. Internal nodes might misbehaveto save their limited resources, such as the battery II. RELATED WORKSpowers, the processing capabilities, and thecommunication bandwidth. Attacks that are caused Pushpita Chatterjee [10] proposed a new approachby the misbehaving internal nodes are difficult to based on trust based self-organizing clusteringdetect because to distinguish between normal algorithm. They have used the trust evaluationnetwork failures and misbehavior activities in the ad mechanism depending on the behavior of a nodehoc networks is not an easy task. towards proper functionality of the network. The trust evaluation model gives a secure solution as well asB. Node Capture Attacks stimulates the cooperation between the nodes of the network. The originality of their work consists ofPassive, active, and physical attacks combined combining different metrics for quantifying trust andtogether results in node capture attacks. The attacker the use of DS theory in order to predict the trust ofwill collect data mobile node more accurately.about the network by eavesdropping on messageexchanges ,either restricted to individual attacker Wenbo He et al [11] proposed a SMOCK scheme,device or during the network with the aid of number which adopts the combinatorial design ofof attacker devices deployed throughout the network cryptographic keys to achieve lightweight key,in order to initialize or set up an attack. management. They further extend the idea ofThe attacker can extract data about the network SMOCK to other applications, such as broadcastoperation and state, along with successfully learning authentication. Based on the SMOCK idea, theyabout the network structure and function, although design a combinatorial hash-chain sharing scheme: Athe message payloads are encrypted. The attacker can hash chain pool HC is constructed for the wholecapture a node from the network ultimately acquiring network and nodes store the commitment informationall the cryptographic material stored in it .Also the for all of the hash chains in HC. All of the hashcaptured nodes can be reprogrammed by the Attacker chains have the same releasing schedule, which is 434 All Rights Reserved © 2012 IJARCET
  3. 3. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012guaranteed by loosely time synchronization. Message • Load-balancing clusteringsigning and verification use all the hash chains – Limit the number of nodes in a cluster in order toassociated with the senders’ identity. distribute the workload • Combined-metrics clusteringSaju P John et al [12] proposed enhanced scalable – Considers multiple metricsmethod of cryptographic key management • Low-maintenance clustering(SMOCK). They present a clustering based technique – Perform clustering for upper-layers and reduce theto reduce the two drawbacks; to over dependent on maintenance costcentralized server and increase in key-pair when nodeincreases (proportionally less compared to traditional B. Cluster Formationapproach) which SMOCK posses. The clusteringtechnique used select a CH, is an adaptive weight Nodes periodically exchange HELLO packets tocluste  maintain a neighbor tablering Node ID Node Status neighbor status (C_HEAD,metho Neighbor ID Neighbor Link Status C_MEMBER, C_UNDECIDED) Statusd. The link status (uni-directional link, bi- … … …CH is directional link) Adjacentstored Cluster ID  maintain a 2-hop-topology link state tablewithpublickeys of all its member nodes. The communication ofnodes between two different clusters happens throughtheir CH. Their method also discusses about theeffects of node mobility between clusters. III. CLUSTERING Figure 1: Cluster StructureDivision of the network into different virtual groups,based on rules in order to discriminate the nodes In figure 1 node 1 is cluster head for the clusterallocated to different sub-networks is called containing nodes 2, 3, 4 and 5, node 6 and 8 areclustering. Each group has a group leader and cluster cluster- heads for two other heads for two otheris headed by the cluster head. Specifically, one of the clusters.nodes in the clusters is head .A set of clusters form agroup and each group is headed by a group leader. C. Algorithms for Node RegistrationThe nodes contained in a cluster are physicalneighbors, and they use contributory key agreement, while(!myself_clustered){and they further contribute their shares in arriving at transmit(clus_find);the group key. When there is change in membership, waitforresponses();the neighbor node initiates the rekeying operation, parse_responses();thus reducing the burden on the cluster head .The choose_suitable_cluster();group leader selects a random key to be utilized for if(suitable_cluster_exists) {encrypting messages exchanged connecting the send(clus_join_request);cluster heads and the network head. It forwards the waitfor(clus_join_reply);key to the group leader that is used for if(clus_join_accept)communication among the group leaders. updatemyclus(); else formownclus();A. Classification } else formownclus();• DS-based clustering }– Route maintenance actions to the nodes from thedominating set• Mobility-aware clustering IV. SYSTEM DESIGN– Cluster based on the mobility behavior of themobile nodes Every node within a cluster has an access policy (AP)• Energy-efficient clustering which consists of the following access permission.– Consider the energy available at the nodes 435 All Rights Reserved © 2012 IJARCET
  4. 4. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012Read (R) ; Modify (M); Forward (F); Process (P) policy(AP), all signed with A’s private key. To allowDepending on access policy nodes can be in three for simplicity of nonce recycling, the nonce andlevels .It can be lower level (LL), Middle level (ML), timestamp are used in concurrence with each other.and Higher level (HL). The LL node posses only F For the purpose of avoiding recycling withinpermission .The ML node posses both F and R probable clock skew between receivers, it is madepermissions. The HL node posses all the permissions sufficiently large. Other nodes stores the nonceR, M, F and P. The existence of an offline certificate viewed by them lastly for a particular node alongauthority (CA) is assumed. Initially it issues a with its timestamp.certificate signed by its public key to all the nodeswhich consists of the access policy AP for each node If nonce which has a later timestamp re-appears inalong with a certificate expiration time (CET). Each valid packet, nonce is assumed to be wrapped around,node involves in exchanging its AP with other nodes. and hence accepted. When a node receives DP message, its uses A’s public key extracted from A’sBefore expiration, the certificate of a node must be certificate, to authenticate the signature and torenewed. After the cluster heads are selected, they validate that A’s certificate has not expired. Thebroadcast a CH_CERT_REQ message to CA for a receiving node checks (N A , IP A ), tuple to verifycluster head certificate request. On receiving the that processing of DP is not done previously. NodesCH_CERT_REQ message from each cluster, the CA which have seen their tuple already don’t forwardsends issues a cluster head certificate CH_CERT messages. Else, the node proceeds by signing thesigned by its public key to all the cluster heads which contents of the messages, appends its own certificate,consists of the cluster id and cluster head certificate and sends the message to its next hop. Alterations ofexpiration time (CHCET) such that CHCET > CET data or integrity attacks are prevented by signature..We assume initial trust counter (TC) for all the Let B be a neighbor that has received the DP from A,nodes with a minimum threshold value (TCth). The which it subsequently forward.TC for all the nodes can be estimated periodically BTransmit:[[DP, IP x ,cert A , N A ,t, AP] K Pr ] Kfor every trust evaluation interval (TEI). Pr B , Cert B Upon receiving the DP, B’s neighbor C validates the signature with the given certificate C,A. Certification and then removes B’s certificate & signature, records B as its predecessor, signs the content of the messageKeys are generated and exchanged through an originally sent by A, appends its own certificate andexisting relation between CA and each node. Each forward the message. C then retransmits the DP.node must request a certificate from CA, before CTransmit:[[DP,IP x ,cert A ,N A ,t,AP]K Pr ]Kentering the ad hoc networks. Each node receives PrC ,CertC. Each node along the path repeats theseexactly one certificate, after securely authenticating steps of validating the previous node’s signature,their identity to CA. The node A receives certificate removing the previous node’s certificate andfrom C>A as follows, CA A: cert A = [IP A , K Pu , signature, recording the previous node’s IP address,t, e, AP] K Pr The certificate authority contains the IP signing the original contents of the message,address of A the public key of A, a timestamp t of appending its own certificate and forwards thewhen the certificate was created, expiration time e message. [K Pr - Private Key of node A ; K Pu -and access policy AP. These variables are Public key of node A t - Time stamp ; e – Expirationconcatenated and signed by CA. All nodes must time ; IP x -IP address of the node ; Cert A -maintain fresh certificates, with CA. During the Certificate belonging to node A]exchange of routing messages, nodes use thesecertificates to authenticate themselves to other nodes. C. Hop-By-Hop Authentication: Consider two nodes A and B. Each node will have time stamps TS s ,B. Hop-By-Hop Authentication (packet sending time), TS r (packet receiving time).The method by which source verifies that intendeddestination was reached is by end to end Case 1:authentication. Source node, A send data to particular If A is in LL, the following two tests are conducteddestination that will be received by intermediate Test 1: (For violation of confidentiality)node. If (TSr - TSs)> TS th (where TS th is a thresholdATransmit: [DP, IP x , cert A , N A , t, AP] K Pr value)The DP includes a packet identifier (―DP‖), the IP Then TC = TC -1address of the destination (IP x ), A’s certificate (certA ), an once N A , the current time t and access Test 2: (For violation of integrity) 436 All Rights Reserved © 2012 IJARCET
  5. 5. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012If (sign is not matching) Resilience against Node Capture: It is calculated byThen TC = TC – 1 estimating the fraction of communications compromised between non compromised nodes by aCase 2: capture of x-nodes.If A is in ML, then the confidentiality test (Test-1) isconducted. The TCi be the trust counter of node ni Average End-to-End Delay: The end-to-end-delay isestimated by all the nodes in TEIk. All the member averaged over all surviving data packets from thenodes send TCi to its cluster head CH. sources to the destinations.If the CH detects that TCi is less than TCth, it puts theni in his local CRL (Certificate Revocation List). The Average Packet Delivery Ratio: It is the ratio of thenode ni sends its renewal request to its cluster head number .of packets received successfully and theCH. total number of packets transmitted.CH checks whether ni is in the CRL. If it is found, itsrequest is rejected. Otherwise, it sends a certificate Average Packet Drop: It is the average number ofrenewal reply to ni with its signature. packets dropped by the misbehaving nodes.The simulation results are presented in the next section. V. SIMULATION RESULTS We compare our CBAT scheme with the trust basedA. Simulation Model and Parameters clustering and secure routing (TBCSR) scheme [13] in presence of malicious node environment.We use Network Simulator (NS2) to simulate ourproposed algorithm. In our simulation, the channel C. Resultscapacity of mobile hosts is set to the same value: 2Mbps. We use the distributed coordination function(DCF) of IEEE 802.11 for wireless LANs as theMAC layer protocol. It has the functionality to notifythe network layer about link breakage. In oursimulation, mobile nodes move in a 1000 meter x1000 meter region for 50 seconds simulation time.We have kept the number of nodes as 100. Thenumber of attackers is varied from 5 to 25. Weassume each node moves independently with the Figure 1: Attackers Vs Delaysame average speed. All nodes have the sametransmission range of 250 meters. In our simulation,the node speed is 10 m/s. The simulated traffic isConstant Bit Rate (CBR). Our simulation settings andparameters are summarized in table 1. No. of Nodes 100 Area Size 1000 X 1000 Mac 802.11 Radio Range 250mSimulation Time 50 sec Figure 2: Attackers Vs Delivery Ratio Traffic Source CBR Packet size 512 Speed 10m/s Misbehaving 5,10,15,20,25 Nodes Table 1: Simulation SettingsB. Performance MetricsWe evaluate mainly the performance according to the Figure 3: Attackers Vs Dropfollowing metrics. 437 All Rights Reserved © 2012 IJARCET
  6. 6. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 REFERENCES [1] Mark E. Orwat, Timothy E. Levin, and Cynthia E. Irvine, ―An Ontological Approach to Secure MANET Management‖, In Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, pp. 787-794 , 2008. [2] Mohd Izuan Mohd Saad and Zuriati Ahmad Zukarnain, ―Performance Analysis of Random-Based Mobility Models in MANET Routing Protocol‖, European Journal of Scientific Research, .32(4), pp. 444-454, 2009. Figure 4: Attackers Vs Resilence [3] M.Uma and Dr.G.Padmavathi, ―A Comparative Study AndFigure 1 shows the results of average end-to-end Performance Evaluation Of Reactive Quality Of Service Routingdelay for the misbehaving nodes for both the Protocols In Mobile Adhoc Networks‖, Journal of Theoretical and Applied Information Technology, 6(2), pp. 223-239, 2009.schemes. From the results, we can see that CBATscheme has significantly lower delay than the [4] Bing Wu, Jianmin Chen, Jie Wu and Mihaela Cardei, ―ATBCSR scheme, because of its hierarchical structure Survey on Attacks and Countermeasures in Mobile Ad Hocof authentication. Networks‖, Wireless/Mobile Network Security, Y. Xiao, X. Shen, and D.-Z. Du (Eds.), Springer, 2006.Figures 2 and 4 show the results of average packetdelivery ratio and resilience against node capture, [5] Yu Huang, Beihong Jin, Jiannong Cao, Guangzhong Sun andrespectively, for the increasing misbehaving nodes. Yulin Feng, ―A Selective Push Algorithm for Cooperative CacheClearly the CBAT scheme outperforms the TBCSR Consistency Maintenance over MANETs‖, EUC, pp. 650-660, 2007.scheme by achieving more delivery ratio andresilience, since it has more security features for node [6] N.Shanthi, L.Ganeshen and K.Ramar,‖ Study Of Differentcompromise attacks. Attacks On Multicast Mobile Adhoc Network‖, Journal ofFigure 3 shows the results of packets drop for the Theoretical and Applied Information Technology, 9(2), pp. 45-51, 2009.schemes when the number of attackers is increased.From the results, we can see that CBAT scheme has [7] Yang Xiao, Xuemin Shen and Dingzhu Du, ―Wireless Network Security‖, Springer, ISBN-10 0- 387-28040-5, 2007.significantly less packet drops than the TBCSR [8] S. A. Razak, S. M. Furnell and P. J. Brooke, ―Attacks Againstscheme, since the attackers are immediately isolated. Mobile Ad Hoc Networks Routing Protocols.‖, In Proceedings of 5th Annual Postgraduate Symposium on the Convergence of VI. CONCLUSION Telecommunications, Networking & Broadcasting (PGNET ’04)In this paper, we have developed a cluster based June 28-29, World Scientific and Engineering Academy andvalidation methods to lessen internal attacks in Society (WSEAS), USA., pp. 147-152, 2004.MANET. In this technique, the entire network isdivided into hierarchical group of clusters, each [9] R. Murugan and A. Shanmugam, ―A Combined solution for Routing and Medium Access Control Layer Attacks in Mobile Adcluster having a fully trusted cluster head. Each node Hoc Networks‖, Journal of Computer Science, 6(12), pp.1416-holds a certificate issued by an offline certificate 1423, 2010.authority (CA). Initially CA issues a certificatesigned by its public key to all the nodes which [10] Pushpita Chatterjee, ―Trust Based Clustering And Secure Routing Scheme For Mobile Ad Hoc Networks‖, Internationalconsists of the access policy (AP) for each node Journal of Computer Networks and Communication, 1(2), pp. 84-along with a certificate expiration time (CET). Before 97, 2009.expiration, the certificate of a node must be renewed.The Trust Count (TC) for each of the nodes can be [11] Wenbo He, Ying Huang, Ravishankar Sathyam, Klara Nahrstedt, and Whay C. Lee, ―SMOCK: A Scalable Method ofestimated periodically for every trust evaluation Cryptographic Key Management for Mission-Critical Wireless Ad-interval (TEI), based on their access policy (AP). Hoc Networks‖, IEEE Transactions on Information Forensics andWhen a node send renewal request to its cluster head Security, 4(1), pp. 140- 150, March 2009.(CH), CH verifies whether the node is in its CRL, if [12] Saju P John and Philip Samuel, ―A Distributed Hierarchicalso, the request is rejected. Otherwise it sends a Key Management Scheme for Mobile Ad hoc Networks‖,certificate renewal reply to nodes with its signature. International Conference on Information, Networking andBy simulation results, we have shown that our Automation, Oct. 2010proposed technique provides better packet deliveryratio and resilience against node capture. 438 All Rights Reserved © 2012 IJARCET

×