Identity Based Secure Routing For Wireless Ad-Hoc Networks


Published on

In this paper, we propose an Identity (ID)-
based Secure Routing Scheme for secure routing in
wireless ad-hoc networks. It make use of Identity based
Signature scheme and hash chains to secure the AODV
(Ad-hoc on demand distance vector routing) messages.
We have used ID based Signature scheme for the
immutable fields, that is the fields that remain same
throughout the journey of the routing packet and Hash
Chains for the mutable fields (fields which changes from
node to node) e.g. Hop Count. This system has the
following advantages as compared to the previous
solutions, most of which uses RSA based Public Key
Cryptographic solutions. Firstly, it makes use of Identity
based signature scheme which is certificateless thus saving
overhead costs of communication and storage. Secondly,
in ID based schemes we can use our identity, like our IP
address or email ID as our public key, which leads to
smaller key size as compared to other cryptographic
techniques. Also this system does not require
establishment of any third party like PKI (Public-key
Infrastructure) at the initial stages of network

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Identity Based Secure Routing For Wireless Ad-Hoc Networks

  1. 1. ACEEE International Journal on Network Security, Vol 1, No. 2, July 2010 Identity Based Secure Routing For Wireless Ad-Hoc Networks Deepak Kumar Sharma1, Dr. S. K. Saxena2, Yogesh Sharma3, Ajay Tiwari4 1 Maharaja Agrasen Institute of Technology, Computer Science Department, Delhi, India, 2 Delhi College of Engineering, Department of Computer Engineering, Delhi, India, saxena_58@yahoo.com3Maharaja Agrasen Institute of Technology, Computer Science Department, Delhi, India, Maharaja Agrasen Institute of Technology, Computer Science Department, Delhi, India, ajaytiwari04@gmail.comAbstract— In this paper, we propose an Identity (ID)- wired networks typically have high bandwidths.based Secure Routing Scheme for secure routing in Very importantly, the routing protocols in wire linewireless ad-hoc networks. It make use of Identity based networks can be assumed to execute on trusted entities,Signature scheme and hash chains to secure the AODV namely the routers.(Ad-hoc on demand distance vector routing) messages. These characteristics change completely whenWe have used ID based Signature scheme for the considering ad hoc wireless networks. Mobility isimmutable fields, that is the fields that remain same a basic feature in such networks. Resourcethroughout the journey of the routing packet and HashChains for the mutable fields (fields which changes from constraints like limited bandwidth and computingnode to node) e.g. Hop Count. This system has the power of the devices also aggravates the problemfollowing advantages as compared to the previous of designing routing protocols for such networkssolutions, most of which uses RSA based Public Key which do not require high bandwidths. Ad hocCryptographic solutions. Firstly, it makes use of Identity networks also do not have trusted entities such asbased signature scheme which is certificateless thus saving routers, since every node in the network isoverhead costs of communication and storage. Secondly, expected to participate in the routing ID based schemes we can use our identity, like our IP Therefore, routing protocols need to be specificallyaddress or email ID as our public key, which leads to designed for wireless ad hoc networks.smaller key size as compared to other cryptographictechniques. Also this system does not require Ad-hoc routing protocols, including AODV (Ad-establishment of any third party like PKI (Public-key Hoc Distance Vector Routing) [1], DSR (DynamicInfrastructure) at the initial stages of network Source Routing)[15], OLSR (Optimized Link Stateestablishment Routing), etc are designed for performance, not security, and thus all of them are subjected to someIndex Terms— Security, Wireless Ad-hoc Networks, kind of attacks. These attacks include, packetRouting Protocols, ID-based Cryptography, Secure dropping, modification of packets (modifyingAODV. sequence numbers, hop count, etc), impersonation, replaying of old routing information etc. These attacks I. INTRODUCTION can partition a network or may introduce excessive load into the network by causing retransmission and A Mobile Ad hoc Network, or MANET, consists of inefficient routing.a group of cooperating wireless mobile hosts (nodes) The Ad hoc On Demand Distance Vector (AODV)that dynamically constructs a short lived and self- [1] [7] routing algorithm is a reactive routing protocolconfiguring network without the support of a designed for ad hoc mobile networks. To transmitcentralized network infrastructure. The mobile nodes data over an ad-hoc network, the AODV protocolcan be cell-phones, PDAs and laptops and typically enables dynamic, self-starting, multi-hop routingsupport wireless connectivity like 802.11, Bluetooth, between mobile devices. It allows these mobileetc. MANETs are fundamentally different from their computers, or nodes, to pass messages through theirwired-side counterparts. They provide no fixed neighbors to nodes with which they cannot directlyinfrastructure, base stations or switching centers. communicate.Moreover, the nodes of a MANET are computationally In this paper we have tried to integrate the concept ofconstrained and have limited power. Identity Based Signature Generation Schemes instead Routing is an important function in any network, of traditional signature schemes to AODV so as tobe it wired or wireless. The protocols designed for secure the routing process without incurring muchrouting in these two types of networks, however, overhead on the system. This signature scheme willhave completely different characteristics. Routing allow us to use Email-ID and IP address as our publicprotocols for wired networks typically do not need to key, thus eliminating the need of any certificates whichhandle mobility of nodes within the system. These will save the network bandwidth. Also ID basedprotocols also do not have to be designed so as to signature schemes are based on Pairing basedminimize the communication overhead, since 23© 2010 ACEEEDOI: 01.ijns.01.02.05
  2. 2. ACEEE International Journal on Network Security, Vol 1, No. 2, July 2010cryptography which allows us to use smaller key certificates have to be revoked and the network has tosize maintaining a similar of security as provided by be alerted of it.other schemes. This problem was solved by the Identity based Signature Scheme, which is a public key encryption II. BACKGROUND AND RELATED WORK scheme, in which any string with which users can be commonly identified is used as their public key for Currently, some solutions propose to use instance their ID or Email Id. The correspondingcryptographic methods to secure the ad-hoc routing private key is generated by a trusted 3rd party, calledprotocols. Those methods include, HMAC (Hashed PKG and kept secret by the owner of the ID. TheMessage Authentication Code)-based schemes, such as authentication of public key is not required becauseSRP [5], digital-signature-based scheme, such as nobody else than the owner of the ID can have theSAODV [7] (for AODV) and ARAN [4] (for DSR), private key. This eliminates to transmit or store digitaland hash-chain-based or TESLA-based [4] scheme, certificates and also lowers the key size.such as SEAD [4] (for DSDV) and Ariadne [16] (for So we propose that the Identity based SignatureDSR) and identity based secure routing. However, scheme be applied to the message at the source node onHMAC-based schemes provide only peer-to-peer the authentication of immutable fields in the packetmessage authentication, not broadcast message header, while the mutable fields should be protected byauthentication, so they are not suitable for the hash chain. Thus this scheme can efficiently protectbroadcasting-based routing messages. Digital- both types of fields in the packets. As of now many IDsignature-based schemes (like SAODV) can achieve based encryption scheme have been proposed, but inbroadcast message authentication, but all these schemes this paper we propose to use the BLMQ [11] signatureneed the certificate, which incurs a large amount scheme as it reduces the number of pairing operationsoverhead in communication, computation and storage. required in the verification and signature process. TheTESLA based schemes use the time synchronization to signature generation and verification process usingavoid such a problem, but it may not be practicable for BLMQ has been explained below.general applications. The Identity based routingframework [8], [14] solves most of these problems and B. BLMQ – ID-Based Signature Schemeeven reduces the key size drastically. Also the problem The rationale behind ID based signature scheme isof key distribution is minimized as the Identity of the the bilinear pairing which has some wonderfuluser serves as its public key. But it requires signing and properties as the building block for public keyverifying the message at each node, which requires cryptosystem. Let G1 be an additive group of primehigh computation, and devices that take part in the ad- order q and G2 be a multiplicative group of the samehoc network are battery operated on which this order. Let P denote a generator of G1. The Discretecomputation of signature generation and verifying can Logarithm Problem (DLP) in these groups in believedbe battery consuming and thus can degrade the network to be hard. A bilinear pairing is a map e: G1 × G1 →performance. G2 with the following properties: The rest of the paper is organized as follows. Section 1. Bilinear: e (aQ1, bQ2) = e (bQ1, aQ2) = eIII presents our proposed scheme, and Section IV (P,Q)ab where Q1, Q2 ∈ G1 and a, b ∈describes the integration of Signature scheme in Zq*.AODV, Section V presents an analysis on security and 2. Non-degenerate: e (P, P) ≠ 1and therefore itperformance, Section VI presents Results And is a generator of G2.Evaluation and Section VII concludes the paper. 3. Computable: There is an efficient algorithm to compute e (Q1, Q2) for all Q1 Q2 ∈ G1. III. PROPOSED SCHEME G1 will be the group of points on an elliptic curve and G2 will be a multiplicative extension ofA. Design Rationale a finite field. The map e will be derived from either the Until now signature based authentication scheme Weil pairing or Tate pairing on an elliptic curve of amade use of certificates and CRL (Certificate finite field. However the Tate pairing is consideredRevocation List) both requiring high storage and twice as fast as Weil pairing [5]. An ID Basedcommunication costs. Traditional certificate-based Signature generation scheme consist of four main steps.public key algorithms require digital certificates to With respect to these steps, the BLMQ Scheme can beauthenticate the public key. A digital certificate is a explained as:-data structure that contains the public key itself and the B1. Setupsignature of the public key signed by a trusted 3rdParty. The management of certificates is nontrivial in 1. Select a security parameter k. For thead-hoc networks. The storage of the certificates in not implementation k ≈ m, the field length.negligible and their transportation increases the load of 2. Select a k bit prime number , and bilinearthe network. Further if the private key is stolen the map groups (G1,G2,GT ) of order supporting 24© 2010 ACEEEDOI: 01.ijns.01.02.05
  3. 3. ACEEE International Journal on Network Security, Vol 1, No. 2, July 2010 an efficiently computable, non-degenerate one already exist in the network. pairing e : G1× G2 → GT. In this case G1 = 2. A node can verify the consistency of his key G2 = E(F2m), that is the Elliptical Curve Group by checking e(h1(IDA)P + Ppub QA) = g. defined over binary field, and GT = F*q k , that The above method of key establishment is is the multiplicative group of the extension field. called Sakai Kasahara key style [Sakaiand is the order of the groups G1 , G2. Kasahara 2003]. 3. Select Generators ( torsion points )P ∈ G1, Q B3. Signature Generation ∈ G2, P and Q here are any points on the elliptic The process of signing a message m ∈ {0, 1}* curve, since the order of the curve has under the private key QA, consist of the following been chosen and it is known that there are , steps: torsion points on a curve therefore in our case any point selected on the curve will be its 1. The signer picks u ← , that is it selects a generator. random number from the multiplicative group 4. Hash functions h0 : GT × {0 1}*→ , h1 : {0 of . 1}*→ . denotes the multiplicative groups of 2. It computes r ← . This step requires us to the prime number . The Hash functions H0 and perform exponentiation in the extension field GT. H1 can be implemented using the normal 3. h ← h0(r, m). cryptographic Hash functions like SHA, thus 4. S ← (u − h)QA. It involves Elliptic curve avoiding any use of point to map Hash arithmetic as QA is a point on the curve. Functions. The signed message is the triple 5. A master key s→ is chosen, with which the (m, h, S) ∈ {0, 1}* × public key Ppub = sP ∈ G1 is associated. Therefore it can be seen that signature is a This part of the algorithm make use of composition of two main things besides the Elliptic Curve Arithmetic for calculating the message. First ‘h’, which is a number that belongs system public key Ppub. to , and thus it is approximately a k bit number, 6. The generator g = e(P, Q) ∈ GT , g ∈ GT (element of extension field) is the result of since k is large ( >= 160 for good security).Second S, it applying the pairing algorithm on the selected is a point on the elliptic curve and hence requires points P and Q. support for curve arithmetic. Thus it can also be seen 7. Thus the public Parameters are : that no pairing is involved in the signing process, which k, l , G1,G2,GT , P, Q, g, Ppub, e, h0, h1 makes the signature generation an efficient process. But since the Elliptical Groups and the Hash B4. Signature VerificationFunctions are already there with each of the This part of the algorithm deals with theparticipating nodes, the parameters that actually need to verification of the signature (m, h, S), given thebe transmitted are:- public key of the signer IDA. The algorithm performs k, P, Q, g, Ppub , the following steps.B2. Private-Key Extraction 1. r ← e(h1(IDA)P + Ppub, S) gh This part of algorithm deals with the allocation 2. v ← h0(r, m)of Private key to a node, once the node submits its The verifier accepts the signed message iff v = h.identity. Following steps are taken: 1. The Private Key Generator, PKG takes as input IV. INTEGRATING THE SIGNATURE SCHEME IN AODV entity A’s identifier IDA ∈ {0, 1}* and The above described signature generation scheme extracts A’s identity-based private key QA ← was integrated into the existing AODV code in the (h1 (IDA) + s) −1 Q ∈ G2. This process NS2 (Network Simulator –2) with the purpose of requires the support for BigIntegers, a class securing the routing messages, this needs some that can deal with numbers of arbitrary large changes to be made to the existing NS2 AODV size and Elliptic Curve Arithmetic for implementation. The basic aim is that each node should calculating the Private Key QA, which is sign the routing packet it generates using Signature actually a point on the Curve. This scheme implemented. The IP address of the node has communication takes place using a secure been chosen as its Public Key and the message to be channel and with the help of secure key signed here is the Routing Packet. Each intermediate distribution system, so that only the correct node then first verifies the packet it receives and only node gets the private key and no node can then any further processing takes place. The Routing impersonate some other node. No secure packets mainly consist of two kinds of field: channel has been established it is assumed that 1. Non-Mutable : Which remains same throughout 25© 2010 ACEEEDOI: 01.ijns.01.02.05
  4. 4. ACEEE International Journal on Network Security, Vol 1, No. 2, July 2010 the journey of the packet. contains all the required public parameters. The Node 2. Mutable: Fields whose value can be altered by then submits their Identity (Public Key) to the PKG to the intermediate nodes, like Hop Count. obtain the Private Key. This process should be made Each node signs only the Non-Mutable fields with via a secure channel so that the key is delivered to theits private key, and then forwards the packet after correct owner. The establishment of the secure channelintegrating the signature and its public key in it. In this has not been considered in this paper.paper only Non-Mutable fields have been dealt with.Existing solutions like Hash Chains can be used fordealing with Mutable fields.A. Changes made to AODV The embedding of the signature required thefollowing changes in the existing NS2implementation of AODV. 1. In the existing implementation of the AODV, the RREP message was modified while forwarding the reply, which prohibited the signing of the message. Some changes were Fig.1 Key Distribution made to the routing process so that there was no need to modify the RREP while forwarding C. Securing the Routing Process the reply. In this paper emphasis has been made on securing 2. Route Reply by an intermediate node on behalf the RREP and RREQ messages. Other routing of the destination node has been disabled, messages like RRER and HELLO messages can be since the intermediate nodes cannot sign on secured in a similar way. behalf of the destination node. C1. Sending RREQ/RREP 3. Packet format was extended to include two more fields, (i) Before sending the RREQ/RREP packet (which is i. ID: Public key of the node, who signed the filled with the required info), the sender signs the message. packet with its private key. Hop count field ii. Signature: It is obtained by applying the (which is a mutable field) is set to zero before Signature Scheme on the Routing Packet signing and then restored again. (not including the Hop count field). (ii) The signing node then inserts its Public Key (ID) and As the signature is a combination of a (h, S). Thus the Signature generated into the the packet also the Signature is represented as a (iii) Finally the packet is transmitted.combination of 2 fields. C2. Receiving RREQ/RREP i. BigInt number , h. (i) Any intermediate node receiving the RREQ first ii. A Point on the Elliptic Curve, S. verifies the signature of the sending node in the Both of these fields were converted into a character packet.array format for embedding them into a packet. Table1 below shows the extended packet format of AODV. (ii) If the signature is verified only then any further processing takes place on the packet (like TABLE 1 setting up reverse path or sending RREP), else the EXTENDED PACKET FORMAT OF AODV packet is dropped. RREQ / RREP V. SECURITY AND EFFICIENCY ANALYSIS ID (Public key of node) A. Security Analysis Only authorized node with the right private key Signature = {RREQ/RREP - HopCount}K-1a issued by PKG can generate qualified routing packets. Without the signature that is generated using privateB .Initializing the routing Process key, the packet will be looked as garbage and dropped by the receiver. The nodes will be re- authenticated All the nodes first obtain their copy of Public when they request the private key. The PKG will be theParameters, from the PKG (Private Key Generator). single failure point and vulnerable to the attacks,No special key distribution scheme have been used, however, the distributed PKG and thresholdthe PKG is represented in the library as PKG.{h, cc}. It cryptography can be utilized to deal with it. Becausereturns a structure named Public Parameter to the the fixed fields in the message are signed by thenode that requested the parameters; this structure initiator, any other nodes can not modify it without 26© 2010 ACEEEDOI: 01.ijns.01.02.05
  5. 5. ACEEE International Journal on Network Security, Vol 1, No. 2, July 2010being detected. Since the mutable field of hop count isbeing hashed at every step. The non-repudiation ofchangeable fields can detect the misbehaviors of formernodes and drop the malicious packets intermediately.B. Efficiency Analysis At the initiator the major operation is signing and ateach intermediate node the major operation is Fig 3. AODVverification. And the pairing is computationally mostexpensive task involved in this process. Howeverchoosing the right parameters for the pairing, like right B. Throughput of Receiving packetselliptical curve, field selection, field arithmetic andpairing algorithm used can highly increase theefficiency of the pairing. The best result of pairingreported by [12],[13] is 8.7 ms, with the help ofdedicated hardware this can further be improved. Also the public key size is also very small, 160 bitkey provides a security equivalent to that provided by1024 bits in RSA, and there is no need to include anycertificates in the packet which leads to a huge savingin the bandwidth. Fig 4. AODV + ID Based Signature VI. RESULTS AND EVALUATION For the finite field F2m with m = 163 the followingresults were obtained by using the clock () function ofC++ time.h header file to execute the code for thefollowing operations: TABLE 2 TIMING RESULTS Fig 5. AODV Operation Time (ms) C. Sum of number of all Packets Dropped Pairing 25 Signature 7 Generation Signature 30 Verification Following graphical results were obtained byperforming the simulation of AODV integrated withID-Based Signature Scheme using NS2. The simulation Fig 6. AODV + ID Based Signatureenvironment consisted of 20 nodes moving over an areaof 670 X 670. Three parameters Throughput of sendingand receiving packets, sum of number of all packetsdropped by using the original AODV and using AODV+ ID Based Signature.A. Throughput of Sending packets Fig 7. AODV VII. CONCLUSIONS AND FUTURE WORK The ID based Signature scheme has been successfully implemented and the same is integrated Fig 2. AODV + ID Based Signature into the AODV. The timing results for the pairing algorithms and the key generations and verification 27© 2010 ACEEEDOI: 01.ijns.01.02.05
  6. 6. ACEEE International Journal on Network Security, Vol 1, No. 2, July 2010has been shown. The graphical results for the [5] G. Berton, L. Breveglieri, P. Fragneto1, G. Pelosi andthroughput of the system with signature scheme L. Sportiello ST Microelectronics1, Politecnico diintegrated in AODV have also been shown. Milano “Software Implementation of Tate Pairing over GF(2m)”. Although the throughput of the system has decreased [6] Yih-Chun Hu University of California, Berkeley;for normal circumstance but the system has gained the Adrian Perrig Carnegie Mellon University “A Surveycapability to defend itself in the event of any node of Secure Wireless Ad- hoc Routing”.being malicious. The most important algorithm [7] C. Perkins, E. B. Royer and S. Das, “Ad-hoc On-involved in the signature scheme is the pairing; the Demand Distance Vector (AODV) Routing,” RFCefficiency of the pairing algorithm should further be 3561, Jul. 2003.improved to reduce the time required in signature [8] Liqun Chen Hewlett-Packard Laboratories , “Identity-generation and verification. based Cryptography “, ’06. [9] Mike Scott Dublin City University , “Efficient Implementation of Cryptographic pairings”. • Use of dedicated hardware for performing the arithmetic can improve the overall [10] Soonhak Kwon Department of Mathematics, throughput of the system. Sungkyunkwan University, Korea,” Efficient Tate • Use of Threshold Cryptography can avoid the Pairing Computation for Supersingular Elliptic Curves key escrow problem associated with ID based over Binary Fields “. system. [11] P. S. L. M. Barreto, H. Y. Kim, B. Lynn and M. Scott, “Efficient Algorithms forPairing-Based Cryptosystems,” • Mixed coordinate system can improve the Proc. Advances in Cryptology -- Crypto02, pp.354-368, elliptical curve arithmetic. 2002. • Presently we have secured only the Non- [12] Wenbo Mao, Principal Engineer HP Labs., Bristol mutable fields, and for complete security and “Divisors, Bilinear Pairings and Pairing Enabled efficient method for securing mutable Cryptographic Applications”. field in the routing packets should also [13] Paulo S. L. M. Barreto1 , Alexandre Machado be employed. Deusajute “Toward Effcient Certificateless Signcryption from (and without) Bilinear Pairings”. [14] Wei Ren, Yoohwan Kim1, Ju-Yeon Jo2, Mei Yang3 and REFERENCES Yingtao Jiang.” IdSRF: ID- based Secure Routing[1] Luke Klein-Berndt Wireless Communications Framework for Wireless Ad-Hoc Networks”. Technologies Group National Institute of Standards and [15] D. B. Johnson and D. A. Maltz: Dynamic Source Technology, “A Quick Guide to AODV Routing”. Routing in Ad Hoc Wireless Networks, In Mobile[2] A. Shamir, “Identity-Based Cryptosystems and Computing, Chapter 5, P153-181, Kluwer Academic Signature Schemes,” CRYPTO’ 84, LNCS, 1985, pp. Publishers, 1996. 53–57. [16] Y. Hu, A. Perrig, D.B. Johnson, Ariadne: A secure On-[3] Joonsang Baek, Jan Newmarch, Reihaneh Safavi- Demand Routing Protocol for Ad-hoc Networks, Naini, and Willy Susilo, School of Information Mobicom2002, September 23–26, 2002, Atlanta, Technology and Computer Science, University of Georgia, USA. Wollongong, “A Survey of Identity-Based Cryptography”.[4] Darrel Hankerson , Alfred Menezes, Scott Vanstone , “Guide to Elliptic Curve Cryptography”. 28© 2010 ACEEEDOI: 01.ijns.01.02.05