Published on

IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Santhoshkumar.H.P, Prof.Sameena Banu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.1839-1845 Similarities & Differences of Mobile Adhoc Network Routing Protocols *Santhoshkumar.H.P, Under the Guidance of Prof.Sameena Banu *M.Tech (CSE) K.B.N.C.E., Gulbarga, Affiliated to VTU, Belgaum, KarnatakaABSTRACT The advantage of Mobile Ad-hoc which require a protocol with reasonableNetworks (MANETs) is to form a wireless security and reasonable resistance to DOS, anetwork in the absence of fixed infrastructure. kind of middle-ground. It has been suggestedEarly stages of routing protocols of MANETs that various trust mechanisms could be used towere, incapable of handling security issues but develop new protocols with unique securityby the introduction of newer techniques like assurances at different levels in this trade- offcryptographic techniques enabled them to [5,27]. However, the arguments for this havehandle the routing information securely. The been purely theoretical or simulation-based.present paper details the newly proposed Determining the actual span of this trade-offSAODV and TAODV and further compares the inreal world implementations is of utmostsame with the existing MANET routing protocols importance in directing future research and protocol design.Keywords - Mobility, Ad-hoc, Security, Routing, In this paper considers two proposed protocolCryptography, TAODV, SAODV Performance. extensions to secure MANET routing. The first, SAODV [25], uses cryptographic methods toI. INTRODUCTION secure the routing information in the AODV In traditional wireless networks, a base protocol. The second, TAODV [15], uses truststation or access point facilitate communications metrics to allow for better routing decisions andbetween nodes with in the network and penalize uncooperative nodes. While somecommunications with destinations outside the applications may be able to accept SAODV’snetwork. In contrast, MANETs forms a vulnerability to DoS or TAODV’s preventativenetwork in the absence of fixed infrastructures. security, most will require an intermediateThe requirement of these networks is only nodes protocol tailored to the specific point on thethat can interact with radio hard wares so as to DoS/security trade-off that fits the application. Theroute the traffic using the routing protocol. Thus tailored protocols for these applications will alsothe reduced essential requirement s of such require performance that falls between that ofnetworks, along with their adoptability into tiny SAODV and TAODV. Understanding how theresource-limited devices made them more popular SAODV and TAODV protocols (which are onand is much preferred for several applications in the boundaries of the DoS/security trade-off)the area of communications. Routing protocols perform on real hardware, and to what extent theredetermines the nature of data forwardness as exists a performance gap is a prerequisite for beingwell as its adaptability to topology changes that able to develop the intermediate protocols. Suchresults by mobility. Initial MANET routing evaluation is not only required forprotocol like AODV [18], was not designed to developing intermediate protocols, but also forwithstand malicious nodes within the network or determining the direction for development of newoutside attackers near by with malicious intent. trust metrics for ad- hoc networks. In thisSubsequent protocols and protocol extensions paper we provide the first performancehave been proposed to address the issue of evaluations for these protocols on real worldsecurity [1,2,8,14,20,24,25,26]. Many of these hardwareprotocols seek to apply cryptographic methodsto the existing protocols in order to secure the II. RELATED WORKinformation in the routing packets. This attack is Several different protocols have beenvery effective in MANETs as the devices often proposed for ad-hoc routing. The earliest protocolshave limited battery power in addition to the such as DSDV [19], DSR [11], and AODV [18]limited computational power. The trade-off focused on problems that mobility presented tobetween strong cryptographic security and DOS the accurate determination of routing(Denial of service) has become increasingly information. DSDV is a proactive protocolimportant as MANET applications are developed requiring periodic updates of all the routing information. In contrast, DSR and AODV are 1839 | P a g e
  2. 2. Santhoshkumar.H.P, Prof.Sameena Banu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.1839-1845reactive protocols, only used when new implemented each of them on real hardwaredestinations are sought, a route breaks, or a route is and measured their performance. In this sectionno longer in use. As more applications were we detail the setup for the experiments used todeveloped to take advantage of the unique acquire these measurements. We first describe theproperties of ad-hoc networks, it soon became supporting hardware and software setup for ourobvious that security of routing information was implementations. We then present details on thean issue not addressed in the existing protocols. actual implementation for each of the threeIn [13], Lundberg presents several potential protocols. Finally we detail the design ofproblems including node compromise, the experiments used to evaluate the protocols andcomputational overload attacks, energy explain why these tests are more relevant thanconsumption attacks, and black hole attacks. Deng other more common al. further discuss energy consumption andblack hole attacks along with impersonation Our AODV implementation is the resultand routing information disclosure in [3]. of previous paper in this area. The implementationJakobsson et al. categorize attacks as is designed to run on the Linux/windows xmanipulation of routing information and operating system. As with many other AODVexhaustive power consumption, and provide implementations for Linux/winX, it separatesdetailed treatments of many characteristic attacks in functionality into a kernel module and a user space[10]. daemon. The kernel module uses hooks in the net filter interface to send packet headers from the While research has focused on wireless interface to the user space daemon. The“lightweight” security mechanisms, some daemon then determines how to handle the packet.proposed protocols use more expensive If the packet is a routing control packet, then theasymmetric cryptography. In [26], Zhou and Haas daemon processes the packet in accordance with thepresent a multi-path protocol extension that AODV specification. If instead the packet is auses threshold cryptography to implement the data packet, the daemon determines whether orkey management system. It requires some nodes not a route exists to the necessary destination. Ifto function as servers and an authority to initialize there is a suitable route, the packet is flagged andthese servers. Zapata and Asokan propose the kernel module queues it to be sent out. If noSAODV [25], a secure version of AODV, route exists, the daemon begins route discovery.which uses digital signatures and hash chains Once a route is found, the daemon enters the routeto secure the routing messages. into the kernels routing table. It then flags the packet (and any additional packets arriving In [22], Pissinou et al. propose a trust- during discovery) to be queued forbased version of AODV using static trust levels. transmission. The implementation is writtenThe same authors then extend this protocol in completely in Java.[7] to thwart multiple colluding nodes. Neitherof these adress securing the trust exchanges, or theoverhead involved. Li et al.introduce a trust-based variant of AODV in [12] that secures thetrust information. However, their protocolrequires an intrusion detection system in thenetwork. Finally, Meka et al. propose a thirdtrusted AODV with a simple method ofevaluating trust even without source routing [15]. Our work in this paper considers Figure-1 : Network setup for round tripthe asymmetric cryptography and trust-based timingsextensions to AODV presented in [25] and[15] respectively and shows a real world In order to implement SAODV, it wascomparison of the performance of the two necessary to have a library of cryptographicprotocols. Our results suggest that new protocols operations. We used Open SSL for this purpose,can be developed which take advantage of the and we developed a security library whichbest features of both types of protocols, and which wrapped much of Open SSL’sshare aspects of each security model. functionality into components appropriate for ad- hoc routing purposes. One particularly usefulIII. IMPLEMENTATION feature of the security library is that it allows In order to get an understanding for easy use of several different OpenSSL contextsthe real world performance of the AODV, at once. For SAODV, this was useful as nodesSAODV, and TAODV protocols, we have must switch between signing, verifying, and 1840 | P a g e
  3. 3. Santhoshkumar.H.P, Prof.Sameena Banu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.1839-1845hash chain operations rapidly to both send and Implementing TAODV required manyreceive routing messages. New data structures additions similar to those involved in SAODV.were added for SAODV’s single signature New data structures were used for the NTT asextension and the necessary code was added to the well as the extended messages and the new Rmessage processing functions for RREQ, ACK message. Similarly, message handlingRREP, HELLO, and RERR messages. The functions were updated to use the extensions anddesign of the AODV implementation allowed take the appropriate actions. One challenge inSAODV functionality to be implemented while implementing TAODV was counting packetsmaintaining one binary with the ability to sent, forwarded, or received for a particularrun both protocols. route. While it intuitively seems to be something that should be implemented in the kernel module that is already tied into the net filter framework, this would require extra data exchange between the kernel module and the daemon. Since our implementation already passes packet headers to the daemon for route discovery initiation and flagging, it was simply necessary to place the counting mechanism in the daemon. Keeping track of the additional routing information required significant extensionFig 2: Trusted center for Both the protocols of our AODV implementation. The original implementation does not support any multi- path entries in the routing table. Modifying it to support such a setup for TAODV would have required rewriting significant amounts of the base AODV code. Instead, we implemented a multi-path capable routing table for use exclusively by the TAODV protocol. When a node initially discovers a route, or changes the active route to a particular destination, it merely copies the necessary entry to the daemon’s local routing table and marks it as having beenFig 3: Using the TAODV send the message altered so that it is updated in the kernel’s routing table at the next sync. This simplified the implementation using only a negligible amount of extra memory. 3.1 Testing There were two performance factors we were interested in for the purposes of this comparison. The first is the per- packet processing overhead. It is important to note that only CPU timeFig 4: Using the TAODV receive the message was measured. Therefore this overhead reflects use of the processor by each protocol. In these tests we use AODV as a baseline. Thus, for SAODV we measure the time it takes to generate an SSE for RREQ, RREP, and HELLO messages. We also measure the time it takes for a node to verify an SSE for those same messages. For TAODV we measure how long it takes a node to generate or process and update RREP and R ACK messages. Due to the fact that some of the operations we measure have a runtime less than the resolution of our timer (5ms as per the Linux kernel), we perform a large number of operations back-to-back per measurement. We then makeFig 5: Using the SAODV send the message multiple measurements. 1841 | P a g e
  4. 4. Santhoshkumar.H.P, Prof.Sameena Banu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.1839-1845 Obviously, this can place a significant burden on Operation Processin Std.Devation each node. g SSE 25.8 Time(ms) 0.18 Operation Processin Std.Devati Generatio g Time on SSE n 2.6 0.06 RReq/Hello Send Validatio 0.354 0.019 n RReq/ Hello Our second performance metric is round Processing 0.3545 0.019trip time for route discovery. The justification for R Ack Send 0.193 0.003this metric lies in the fact that we are looking atsecuring the routing control packets. Once a routeis established, data is forwarded with the same RAck Procesefficiency regardless of the routing protocol. 0.210 0.004Therefore, it is important to see how the per- Since SAODV requires that each message withpacket overhead along with the increased packet a SSE is validated before any further processingsize affect the time for route discovery. For this takes place, each RREQ and RREP gets delayedtest, we measure the performance of AODV in 3.8 milliseconds at each hop which forwards it. Inaddition to that of SAODV and TAODV. This is addition, HELLO messages take the samenecessary because both AODV and TAODV will amount of time to be validated. While nodes aregenerate RREPs after fewer hops when the supposed to let ALLOWED HELLO LOSS *destination’s neighbor responds, while SAODV HELLO INTERVAL milliseconds pass beforerequires that the destination itself responds. For deciding a link is broken and a neighbor shouldour experiments, we used a five node be removed from its routing table, it isnetwork consisting of one laptop and four conceivable that on a node with severalZauruses as illustrated in Figure 1. We used the neighbors and a large amount of data tonetwork sniffer ethereal [6] running on the laptop forward, route status may ßuctuate for someto measure the time elapsed from the sending of neighbors whose HELLO packets get delayed inthe RREQ to the receipt of the RREP. validation.VI. RESULTS In TAODV, we measure the per-packet For the per-packet overhead tests, we overhead for RREP, HELLO, and R ACKmeasured the amount of processing time a node messages. The system-wide parameters discussedspends above and beyond that required for in [15] do not influence the overhead of TAODVconventional AODV. All tests were performed on for any of the tests we performed. However, it wasthe Zauruses with only the necessary software necessary to fix these values to allow forrunning (i.e., no graphical login manager, no X the calculation of RSV. For all TAODV testsserver, etc.). In the SAODV tests, we measure we used the following system-wide parametergeneration and validation of the SSE which values: i = 0.8, p= 0.6, ph = 0.4, pc = 0.2, α1= 0.4,requires hash computation and a digital α2= 0.4, and α3= 0.2. Due to the very smallsignature/verification. The hash function used for running time of the operations, one millionthese tests was MD5 and the digital operations were performed per measurement andsignature/verification was performed using a 5000 measurements were taken. Table 2 shows the256-bit RSA key pair. There were 1000 operations results for the TAODV per measurement and 1000 measurementsoverall. Table 1shows the results of our SAODV As the results show, there is much lesstests. per-packet overhead for TAODV when compared to SAODV. The main source of overhead involved Consequently, in order to send a RREQ, the R ACK packets. Since the R ACKRREP, or HELLO message, the node spends packets are new packets rather than packet30.8 milliseconds generating the SSE. The extensions, it was necessary to allocate a packetsignificant impact on performance occurs in buffer in the message sending system of ourgenerating the SSE for HELLO messages since implementation each time a R ACK packet was tothey are sent periodically. According the to be sent. With other messages that were extended,AODV specification, a node should send a HELLO the packet buffer was already allocated and themessage every HELLO INTERVAL milliseconds extension was simply written into free space atunless it has broadcast any messages during the the end. This difference contributedprevious interval. This means that only RREQ and significantly to the 0.193ms overhead for sendingRERR messages could prevent sending a HELLO the R ACK message.message, as all other messages are unicast. 1842 | P a g e
  5. 5. Santhoshkumar.H.P, Prof.Sameena Banu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.1839-1845 These results show that SAODV is indeed a significantly more expensive protocol.Table 4: Performance of SAODV Specifically, SAODV takes 2.35 times as long as conventional AODV to get a RREP back to a RREQ originator. This is due, in part, to the added cryptography and increased message size. This is also due to the inability of intermediate nodes to respond to RREQs. Traversing the additional hop in both directions adds to the latency. The results also show that the use of SAODV will require adjustments to the Table 5: Comparison of SAODV & TAODV recommendations for configurable parameters in AODV. This is missing from the current draft The overhead for processing the R ACK standard for SAODV. For example, the current message was almost completely due to the suggested NODE TRAVERSAL TIME is 40ms recalculation of the OTV and RSV values. The which results in NET TRAVERSAL TIME being TAODV implementation used double primitives set to 1400ms. The value of NET for all calculations in order to keep with the TRAVERSAL TIME serves as the timeout for protocol description in [15]. RREQ messages. Consequently, as per the results above, if these parameters were not4.1 Comparison results adjusted, nodes would have problems discovering The round trip tests for route discovery routes of length greater than ten hops.were performed for all three protocols. This wasparticularly important due to the differences in In some applications this may notwhich node sends the RREP as described in Section cause problems. However, in certain4.1. Due to the nature of the measurements, only applications such as large area sensor networks,one route discovery operation could be routes of this length or greater would not beexecuted per measurement. Overall 5000 unreasonable to expect. TAODV, on the otherof these individual measurements were hand, takes only 1.11 times as long as AODV.performed. Table 3 shows the results of the tests. This shows that the trust- based calculations and additional information exchange can be used without incurring the overhead of SAODV. Protocol Round Std.Deviation While there is some expense for the trust Trip time calculations, it is not nearly as expensive as AODV 138.772 0.765 the cryptographic operations. The results show SAODV 124.341 0.543 that TAODV is indeed at the opposite end of the TAODV 172.553 0.832 trade-off from SAODV. This is due to the fact that the TAODV information itself in each packetTable 3 Round Trip Time is not secured. Overall, the results show that there is indeed a wide spectrum in the tradeoff between cryptographic security and DoS. By adding an appropriate lightweight security mechanism to secure the trust information in the routing packets, a hybrid protocol can be created which is less expensive than SAODV and more 1843 | P a g e
  6. 6. Santhoshkumar.H.P, Prof.Sameena Banu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.1839-1845secure than TAODV. Future protocol designsshould seek to use various new combinations [7]. Y. Hu, D. Johnson, and A. Perrig.of smarter, trust-based metrics and SEAD: Secure efficient distance vectorlightweight security mechanisms in order to routing for mobile wireless ad hocdevelop hybrid protocols across this spectrum networks. Ad Hoc Networks, I:175–192, 2003.V. CONCLUSION In this paper, we have compared the [8]. M. Jakobsson, S. Wetzel, and B. Yener.SAODV and TAODV protocols for securing Stealth attacks on ad hoc wirelessad-hoc network routing. We presented the networks. In Proceedings of VTC,results of implementation and evaluation of both 2003, 2003.protocols. The expected difference between thetwo protocols was shown to be consistent with [9]. D. B. Johnson and D. A. Maltz.this real world scenario. These experiments Dynamic source routing in ad hocshowed that there is significant room between the wireless networks. In Imielinski andtwo protocols for a secure hybrid protocol to Korth, editors, Mobile Computing,be developed which takes advantage of the volume 353. Kluwer Academicstrongest points of both. Publishers, 1996.REFERENCES [10]. X. Li, M. Lyu, and J. Liu. A trust model based routing protocol for secure ad hoc [1]. C. N.-R. Baruch Awerbuch, David networks. In Proceedings of the Holmer and H. Rubens. An on-demand Aerospace Conference, 2004. secure routing protocol resilient to byzantine failures. In ACM Workshop [11]. J. Lundberg. Routing security in ad on Wireless Security (WiSe), September hoc networks, 2000. 2002. [12]. S. Marti, T. J. Giuli, K. Lai, and M. [2]. S. Buchegger and J.-Y. L. Boudec. Baker. Mitigating routing misbehavior in Nodes Bearing Grudges: Towards mobile ad hoc networks. In Mobile Routing Security, Fairness, and Computing and Networking, 2000. Robustness in Mobile Ad Hoc Networks. In Proceedings of the Tenth [13]. K. Meka, M. Virendra, and S. Upadhyaya. Euromicro Workshop on Parallel, Trust based routing decisions in mobile Distributed and Network-based ad-hoc networks. In Proceedings of the Processing. IEEE Computer Society, Workshop on Secure Knowledge January 2002. Management (SKM 2006), 2006. [3]. H. Deng. Routing security in wireless ad [14]. C. Perkins, E. Belding-Royer, and S. hoc networks, 2002. Das. Ad hoc on-demand distance vector (aodv) routing. July 2003. [4]. L. Eschenauer, V. Gligor, and J. Baras. On trust establishment in mobile ad-hoc networks.Technical Report MS [15]. C. Perkins and P. Bhagwat. 2002-10, Institute for Systems Research, Highly dynamic destination-sequenced University of Maryland, MD, USA, distance-vector routing (DSDV) for October 2002. mobile computers. In ACM SIGCOMM’94 Conference on [5]. Ethereal - A Network Communications Architectures, Protocol Analyzer. Protocols and Applications, pages 234– 244, 1994. [6]. T. Ghosh, N. Pissinou, and K. [16]. A. Perrig, R. Szewczyk, V. Wen, D. E. Makki.Collaborative trust-based secure Culler, and J. D. Tygar. SPINS: routing against colluding malicious nodes security protocols for sensor in multi-hop ad hoc networks. In LCN netowrks. In Mobile Computing and ’04: Proceedings of the 29th Annual Networking, 2001. IEEE International Conference on Local Computer Networks (LCN’04). IEEE [17]. N. Pissinou, T. Ghosh, and K. Makki. Computer Society, 2004. Collaborative trust-based secure routing 1844 | P a g e
  7. 7. Santhoshkumar.H.P, Prof.Sameena Banu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.1839-1845 in multihop ad hoc networks. In credential services”, in 3rd International NETWORKING 2004, Networking conference ICACCT- Technologies, Services, and Protocols; 2008, Performance of Computer and Communication Networks; Mobile and Wireless Communications, 2004. [26]. R.Balakrishna, M.V.Panduranga Rao, Dr.K.C.Shet,” Development of [18]. S. Yi, P. Naldurg, and R. Kravets. Scheduler for Real Time and Security-aware ad hoc routing for Embedded System Domain”, in digital wireless networks. In MobiHoc ’01: library at IEEE AINA-2008 International Proceedings of the 2nd ACM Conference, JAPAN,. The details international symposium on Mobile ad about the conference is available hoc networking & computing, pages at 299–302, New York, NY, USA, 2001. ACM Press. [27]. R.Balakrishna, Dr.U.Rajeswar Rao, Dr.G.A. Ramachandra “Reliability in [19]. M. G. Zapata and N. Asokan. Securing MANETS USING Enhanced double ad hoc routing protocols. In WiSE ’02: coverage broad casting algorithm”,In.J.of Proceedings of the ACM workshop on Advanced Network Applications, Vol.3 Wireless security. ACM Press, 2002. and Issue 3. Page No 147 to 154 [20]. L. Zhou and Z. J. Haas. Securing ad hoc networks. IEEE Network, 13(6):24– 30, 1999. [21]. C. Zouridaki, B. L. Mark, M. Hejmo, and R. K. Thomas. A quantitative trust establishment framework for reliable data packet delivery in manets. In SASN ’05: Proceedings of the 3rd ACM *Santhoshkumar.H.P, workshop on Security of ad hoc and sensor networks, pages 1–10, New York, *M.Tech(CSE) ,K.B.N.C.E.,Gulbarga, NY, USA, 2005. ACM Press. Affiliated to VTU, Belgaum, Karnataka [22]. R.Balakrishna,M.Murali Mohan Reddy Dr.U.RajeswarRao,Dr.G.A.Ramachandra , “Routing Misbehavior Detection in MANET Using 2ACK”, in IEEE Advanced Computing Conference, Thapur University, Patala,2008. [23]. R.Balakrishna, M.Murali Mohan Reddy, Dr.U.Rajeswar Rao, Dr.G.A.Ramachandra,” detection of routing misbehavior in mobile ad hoc networks using enhanced 2ack (e- 2ack)”,in IEEE Advanced Computing Conference in at , Thapur University, Patal,2008. [24]. R.Balakrishna, Dr.U.Rajeswara Rao, Dr.N.Geethanjali, “Secure Key Exchage protocol for Credential Services”, Published in Defence science Jounal in May 2009. [25]. R.Balakrishna, Dr.U.Rajeswara Rao, Dr.N.Geethanjali “A secured authenticated key exchange protocol for 1845 | P a g e