ZRP

1. SECURE ZONE ROUTING
PROTOCOL IN MANETS
Garvita Khajuria
M.Tech (ECE)
2011emc01

2. CONTENTS
 Mobile Ad Hoc Networks
 Routing In Mobile Ad Hoc Network
 Zone Routing Protocol (ZRP)
 Security Attacks On Ad Hoc Routing Protocols
 Authenticated Routing For Ad Hoc Networks (ARAN)
 Secure Zone RoutingProtocol (SZRP)
 Secure Intra-zone Routing
 Secure Inter-zone Routing
 Reference Simulation Results
 Conclusion
 Future work

3. MOBILE AD HOC NETWORKS
 Comprised of mobile computing devices (nodes)
 Use wireless transmission for communication
 No established infrastructure or centralized
administration
 Figure shows an example of mobile ad hoc network
and its communication technology.

4. CHARACTERISITICS & DESIGN
CONSTRAINTS
 Wireless medium: Wireless medium has neither
absolute, nor readily observable boundaries.
 Autonomous and infrastructureless: Each node
operates in distributed mode, as an independent
router and generates independent data
 Dynamic network topology: Nodes can move
arbitrarily, resulting in route changes and possibly
packet losses
 Limited availability of resources: Batteries have
limited power supply, processing power is limited,
which limits services.

5. MANET APPLICATIONS
 Military applications.
 Emergency systems
 Commercial uses
 Collaborative and distributed computing.
 Wireless sensor networks.

6. ROUTING IN MOBILE AD HOC NETWORK
 Proactive Protocols: maintain consistent, up-to-date
routing information between every pair of nodes in the
network by propagating, proactively, route updates at
fixed intervals
 Optimized Link State Routing (OLSR)Protocol:
 Each node computes its MPRs from its set of neighbours.
 When ever a node broadcasts a message, only those neighbours in
its MPR set rebroadcast the message.
 a node only lists its connections to those neighbours that have
selected it as an MPR.

7. OPTIMIZED LINK STATE ROUTING
(OLSR)PROTOCOL
 Each node starts with an empty MPR
set.
 The N is defined to be the set of one-
hop neighbours .
 N2 is the set of two-hop bidirectional
neighbours.
 First nodes that are selected for the
MPR set are those nodes in N that are
the only neighbours of some node in N2.
 The degree of each node n in N that is
not in the MPR set is calculated.
 Once all the nodes in N2 are covered,
the process terminates.
 Each node‟s MPR set is selected,
routing path within the network can be
determined.

8. ROUTING IN MOBILE AD HOC NETWORK
 On-demand or Reactive Protocols: Establish a
route to a destination when there is a demand for it.
Once a route has been established, it is maintained
by the node until destination becomes inaccessible
or the route is no longer used.
 Ad hoc On Demand Distance Vector (AODV) routing.
 Minimizes no of required broadcasts by creating routes on a
demand basis.
 Nodes that are not on a selected path do not maintain routing
information or participate in routing table exchanges.
 Source node desires to send a msg to destination ,it initiates a
path discovery process to locate the other node

9. AD HOC ON DEMAND DISTANCE VECTOR
(AODV) ROUTING.
 Each node maintains a broadcast ID. The broadcast ID is
incremented for every RREQ the node initiates (fig (a)).
 Nodes record in their route tables the address of the
neighbour from which the first copy of the broadcast packet is
received, thereby establishing a reverse path.
 Once the RREQ reaches ,destination responds by a route
reply (RREP) packet back to the neighbour from which it first
received the RREQ (Fig. b).
 As the RREP packet is routed back along the reverse path,
nodes along this path set up forward route entries it indicates
the active forward route.

10. ROUTING IN MOBILE AD HOC NETWORK
 Hybrid Routing Protocols: Mixture of proactive &
reactive protocols perform well in dynamic network
conditions.
 Zone Routing Protocol (ZRP):
 combining best properties of both proactive and reactive
 When a node has a data packet, it checks if destination is within
its zone or not.
 If within the zone, the packet is routed proactively.
 Reactive routing is used if the destination is outside the zone.

11. ZONE ROUTING PROTOCOL (ZRP)
 Routing zone of S includes the nodes A–I, but not
K.
 The nodes of a zone are divided into peripheral
nodes and interior nodes. (Figure)
 A–F are interior nodes, G–J are peripheral nodes
and node K is outside the routing zone.
 H can be reached by two paths, one with length 2
and one with length 3 hops.

12. ZRP ROUTING COMPONENT
 Node communicate with
interior nodes of it's zone
and is limited by the
zones radius.
 Pro-active, table-driven
protocol.
 Node continuously needs
to update routing
information
 Allows for local route
optimization through
removal of redundant
routes and the shortening
of routes
 Reactive approach enables
communication with nodes
in other zones.
 Node does not send a query
back to the nodes the
request came from, even if
they are peripheral nodes
 Take advantage of the local
routing information provided
by the IARP
 Delay caused by the route
discovery is minimized
through the use of
bordercasting.
Intra zone Routing Protocol
(IARP)
Inter zone Routing Protocol
(IERP)

13. SECURITY IN MOBILE AD HOC NETWORKS
 Confidentiality: Information in the network is
never disclosed to unauthorized entities.
 Integrity: message being transferred between
nodes is never altered or corrupted.
 Availability: The requested services (e.g.
bandwidth and connectivity) are available in a
timely manner.
 Authenticity: Network service to determine a
user‟s identity.

14. SECURITY ATTACKS ON AD HOC ROUTING
PROTOCOLS
 Information disclosure Attack
 Node leaks confidential information to unauthorized
nodes in the network.
 Attacks using Impersonation
 Attacker assumes the identity and privileges of an
authorized node to make use of network resources.
 Man-in-the-Middle Attack: malicious node impersonates the
receiver with respect to the sender & vice versa.
 Sybil Attack: attacker pretends to have multiple identities. A
malicious node can behaves as if it were a larger no of nodes
by impersonating other nodes or by claiming false identities.

15. SECURITY ATTACKS ON AD HOC ROUTING
PROTOCOLS
 Attacks using Modification
 Attack disrupts routing function by having attacker
illegally modifying content of the msg.
 Misrouting Attack: Non-legitimate node redirects routing
message and sends data packet to the wrong destination
 Byzantine attack: Intermediate node collectively carries out
attacks such as, routing packets on non-optimal paths and
selectively dropping packets.
 Denial of service (DoS) attack: Attacker attempts to prevent
legitimate and authorized users of services offered by the
network from accessing those services.

16. SECURITY ATTACKS ON AD HOC ROUTING
PROTOCOLS
 Attacks using Fabrication
 Intruder generates false routing messages in order to
disturb network operation .
 Resource Consumption Attack: malicious node deliberately
tries to consume the resources (e.g. battery power, bandwidth,
etc.) of other nodes.
 Black Hole Attack: malicious node falsely advertises good
path to the destination node during the path finding process

17. REQUIREMENTS FOR A SECURE ROUTING
PROTOCOL
 Routing messages cannot be altered in transit.
 Fabricated routing messages cannot be injected
into the network
 Routing loops cannot be formed through malicious
action
 Routes cannot be redirected from the shortest path
by malicious action
 Unauthorized nodes should be excluded from route
computation and discovery
 Network topology must not be exposed by the
routing messages to authorized nodes.

18. AUTHENTICATED ROUTING FOR AD HOC
NETWORKS (ARAN)
 On-demand protocol designed to provide secure
communications
 Each node in ARAN receives a certificate after
securely authenticating its identity to a trusted
certificate server
 Certificate contains the node‟s IP address, its public
key, as well as the time of issuing & expiration.
 Existence of a secure path to the destination.
Node A receives a certificate as
T → A: certA = [IPA, KA+, t, e] KT

19. AUTHENTICATED ROUTING FOR AD HOC
NETWORKS (ARAN)
 All the fields are concatenated and signed with source
node I’s private key
 I broadcasts a RDP for a destination D as:
I → brdcst: [RDP, IPD, certI, NI, t] KI
 After RDP, D sends REP packet back along the reverse
path to I. REP packet is sent as:
D → J: [REP, IPI, certD, NI, t] KD
 I on receiving the REP packet, verifies the destination‟s
signature KD.
 When no traffic on existing route,then that route is
deactivated.
 Nodes use ERR message to report links in active routes
broken due to node movement

20. SECURE ZONE ROUTING
PROTOCOL (SZRP)
 Combines best features of both proactive and
reactive approaches & adds its own security
mechanisms.
 Selecting ZRP as the basis for SZRP are
 Based on concept of routing zones, more feasible to
apply the security mechanisms within a restricted area.
 Separate nodes in terms of interior and exterior, certain
information etc. can be hidden to the exterior nodes
 Incase of a failure, it can be restricted to a zone.
 Address all security concerns like packet integrity &
data confidentiality

21. SECURE ZONE ROUTING
PROTOCOL (SZRP)
 Each node has two pairs of private/public keys, one pair for
signing and verifying and the other for encrypting and
decrypting.
 For Node X
 Signing keys are SKX
 Verifying VKX
 Encrypting Keys are EKX
 Decrypting keys DKX
 SKX and DKX are private keys whereas VKX and EKX are public
keys
 SZRP assumes the presence of trusted certification servers
called authorities (CAs)
 Communicating nodes which we call the common nodes
(CNs).
 Each CN before taking part in communication need to be
certified by some CA and are granted public keys.

22. CERTIFICATION PROCESS
•Each node requests a
certificate from it‟s nearest
CA..
•A common node X receives
a certificate from its nearest
CA as follows:
CA→ X: certX = [IPX, VKX,
EKX, t, e] | signCA
where, signCA = [IPX, VKX,
EKX, t, e] SKCA
•Contains the IP address of
X
• Two public keys VKX and
EKX of X, one for verifying
the signature signed by X
and other for encrypting a
packet to be send to X
• Timestamp „t‟ of when the
certificate was created
•T time „e‟ at which the
certificate expire

23. SZRP
 SIARP computes the route to all intrazone nodes in
SIARP routing table.
 Node A computes the route to B, T, E, F and Y and stores in its
SIARP routing table (proactive route computation)
 If node A has a packet destined for node Y, the packet is
forwarded to Y using SIARP.
 If node A wants to transmit a packet to Z, then interzone routing
is performed using SIERP

24. SECURE INTRA-ZONE ROUTING
Steps taken by SIARP (at node A) to route a data packet from A to Y.
 A looks for the route to Y in its SIARP routing table and finds it to be A-F-Y.
 A sends SKREQ packet to Y requesting KAY between A and Y.
A→ Y : [SKREQ, IPY, certA] | signA
where, signA = [SKREQ, IPY, certA] SKA
 SKREQ packet contains a packet type identifier “SKREQ”
 IP address of Y
 A’s certificate, all appended by the signature signA of A signed using
SKA.

25. SECURE INTRA-ZONE ROUTING
 Y on receiving this request, verifies using VKA
 creates the session key KAY, encrypts it using EKA and sends it to A
as SKREP packet along the reverse route Y-F-A.
Y→ A : [SKREP, IPA, certY, {KAY}EKA] | signY
where, signY = [SKREP, IPA, certY, {KAY}EKA] SKY
 packet type identifier “SKREP”
 IP address of A
 certificate of Y
 session key encrypted using EKA
 A on receiving the SKREP packet, verifies using VKY
 decrypts it using DKA
 extracts the session key KAY.
 Once A gets KAY, it can encrypt the data packet and send it to Y .
 Further communication between A and Y takes place similarly, using
this session key.

26. SECURE INTER-ZONE ROUTING
Steps are taken by SIERP to route the data packet
from A to Z
 SIERP at A begins the secure route discovery process
to Z by bordercasting a SRD packet with the help of
MBRP.
A→ bordercast : [SRD, IPZ, certA, β, NA, t] | signA
where, signA = [SRD, IPZ, certA, β, NA, t] SKA
 packet type identifier “SRD”
 IP address of Z
 A‟s certificate,
 the zone radius „β‟
 nonce NA created by A
 current time t.

27. SECURE INTER-ZONE ROUTING
 When T, E or Y receives the SRD, it checks the (IPA,
NA, t) to verify that it has not already processed this
SRD.
 Receiving node uses A‟s public key, to validate the
signature
 When T receives SRD it sets up a reverse path back to A
by recording the neighbour B ..
 Since none of the nodes T, E and Y has the route to Z , all
rebordercasts the SRD to their peripheral nodes like T
rebordercasts the SRD to K.
T→bordercast : [[SRD, IPZ, certA, β, NA, t] | signA ]
| signT, certT
where, signT =[[SRD, IPZ, certA, β, NA, t] signA]]SKT

28. SECURE INTER-ZONE ROUTING
 T’s peripheral node K checks the (IPA, NA, t) validates T’s
signature and sets up the reverse path to T .
 K removes T’s certificate and signature.
 It checks in its SIARP routing table whether it has a valid path to
Z
K→bordercast : [[SRD, IPZ, certA, β, NA, t] | signA ] | signK,
certK
where, signK =[[SRD, IPZ, certA, β, NA, t] | signA]]SKK
 When SDR reaches J, it validates the packet, sets up the reverse
path to D, removes D‟s certificate and signature, signs the
contents of the message originally bordercast by A, appends this
signature and its certificate and forwards the SRD to Z.
J→Z : [[SRD, IPZ, certA, β, NA, t] | signA ] | signJ, certJ
where, signH =[[SRD, IPZ, certA, β, NA, t] | signA]]SKJ

29. SECURE INTER-ZONE ROUTING
 SRD arrives at Z, Z on getting this SRD packet verifies it using both VKJ and
VKA, confirms its authenticity and extracts EKA.
 Z creates a secure route reply (SRR) packet ,The first node that receives the SRR
sent by Z is H.
Z→H : [SRR, IPA, certZ, NA, t, {KAZ}EKA] | signZ
where, signZ = [SRR, IPA, certZ, NA, t, {KAZ}EKA]SKZ
 Since, J is the next hop node to the source A after H:
H→J : [[SRR, IPA, certZ, NA, t, {KAZ}EKA] | signZ] | signH, certH
Where, signH = [[SRR, IPA, certZ, NA, t, {KAZ}EKA] | signZ] SKH
 J removes H‟s signature and certificate and unicast to L
.J→L : [[SRR, IPA, certZ, NA, t, {KAZ}EKA] | signZ] | signJ, certJ
Where, signJ = [[SRR, IPA, certZ, NA, t, {KAZ}EKA] | signZ] SKJ
 Each node checks the nonce and signature of the previous hop
 Eventually the source A receives the SRR.

30. SECURE INTER-ZONE ROUTING
 On getting the SRR
 A verifies Z‟s signature to conform its authenticity
 Extracts the session key KAZ
 A encrypt the data packet using KAZ and send it to Z
along the same route.

31. ROUTE MAINTENANCE
 Required in SIERP for inter zone routing.
 SIERP keeps track of routes whether they are active or
not. A node generates an ERR message in either of the
following cases:
 if data is received on an inactive route, or
 link of an active route is broken due to node mobility
 For a route between A and destination X, a node M
generates the ERR message for its neighbour N as
follows:
M→N : [ERR, IPA, IPX, certM, NM, t] | signM
Where, signM =[ERR, IPA, IPX, certM, NM, t] SKM
 ERR messages are signed so malicious nodes cannot
generate ERR messages for other nodes.

32. SECURITY ASPECTS
 No hop count information is
present in the SRD or SRR
packets.
 Accept those packets that
have been signed with a
certified key issued by a
CA. This prevents man-in
the-middle attack and sybil
attack.
 Does not prevent
fabrication of routing
messages, but it does offer
a deterrent by ensuring
non-repudiation
 Compromised node may
leak confidential
information to
unauthorized
 Attacker assumes the
identity and privileges of
an authorized node. Sybil
attack is common
 Intruder generates false
routing messages, such as
routing updates and route
error messages.
SZRP ZRP

33. REFERENCE SIMULATION
RESULTS

34. PACKET DELIVERY FRACTION
Packet delivery
fraction obtained
using SZRP is
above 96%
SZRP is highly
effective in
discovering and
maintaining
routes for
delivery of data
packets, even
with relatively
high node
mobility.

35. AVERAGE ROUTING LOAD IN BYTES
Byte routing
load of SZRP is
higher
compared to
that of ZRP.
Nearly 40% for
20 nodes as
compared to
22% for ZRP
with identical
topology

36. AVERAGE ROUTE ACQUISITION
LATENCY Average route
acquisition
latency for
SZRP is
approximately
1.7 times as
that of ZRP.

37. PERCENTAGE OF PACKETS DROPPED
THAT PASSED THROUGH MALICIOUS
NODES
SZRP, a much larger
fraction of packets
that passed through
malicious nodes
were dropped, as
compared to that of
ZRP.
In the presence of
30% malicious nodes
with no node mobility,
only 26% of packets
were dropped when
using ZRP, as
compared to almost
47% when using
SZRP.

38. CONCLUSION
SZRP is a simple protocol that supports nodes with
moderate resources and does not require significant
additional work from the nodes within the group. The
reference simulation results showed that SZRP is as
efficient as ZRP in discovering and maintaining routes. It
has a more robust security system and is resistance to
various security attacks.

39. FUTURE WORKS
The SZRP protocol considers that, the certification
authorities (CAs) are safe within the network and are
free from any kind of attacks caused either by external
advisory or internal compromised nodes. A possible
extension of the work may include employing
additional feature to SZRP so that it can handle a
scenario where the trusted certification authorities are
compromised or attacked.

40. REFERENCES
 C. Siva Ram Murthy and B. S Manoj, “Ad Hoc Wireless Networks, Architecture and Protocols”,
Prentice Hall PTR, 2004.
 Stefano Basagni, Macro Conti, Silvia Giordano and Ivan Stojmenovic, “Mobile Ad Hoc
Networks” , IEEE press, A john Wily & Sons, INC. publication, 2003
 George Aggelou, “Mobile Ad Hoc Networks”, 2nd edition, Mc GRAW Hill professional
engineering, 2004
 Imrich Chlamtac, Marco Conti, Jenifer J.-N. Liu, “Mobile Ad Hoc Networking: Imperatives and
Challanges”, Elsevier Network Magazine, vol. 13, pages 13-64, 2003
 E.M. Belding-Royer and C. K. Toh, “A review of current routing protocols for adhoc mobile
wireless networks”, IEEE Personal Communications Magazine, pages 46–55, April 1999.
 Behrouz A. Forouzan, “Data communication and Networking,” 2nd edition, Tata McHill
publication, 2001
 C. E. Perkins and P. Bhagwat, “Highly Dynamic Destination-Sequenced Distance-Vector
Routing (DSDV) for Mobile Computers,” Comp. Commun. Rev., Oct. 1994, pp. 234–44.
 C.-C. Chiang, “Routing in Clustered Multihop, Mobile Wireless Networks with Fading Channel,”
Proc. IEEE SICON ‟97, Apr. 1997, pp. 197–211.
 Haas Z. J., Pearlman M. R., and Samar P., “The Zone Routing Protocol (ZRP)”, IETF Internet
Draft, draft-ietf-manet-zone-zrp-04.txt, July 2002.
 Jan Schaumann, “Analysis of Zone Routing Protocol”, Course CS765, Stevens Institute of
Technology Hoboken, New Jersey, USA, 8th December 2002
 Haas, Zygmunt J., Pearlman, Marc R., Samar, P.: “Intrazone Routing Protocol (IARP)”, IETF
Internet Draft, draft-ietf-manet-iarp-01.txt, June 2001
 Haas, Zygmunt J., Pearlman, Marc R., Samar, P.: “Interzone Routing Protocol (IERP)”, IETF
Internet Draft, draft-ietf-manet-ierp-01.txt, June 2001

41. REFERENCES
 S. Murthy and J. J. Garcia-Luna-Aceves, “An Efficient Routing Protocol for Wireless
Networks,” ACM Mobile Networks and App. J., Special Issue on Routing in Mobile
Communication Networks, Oct. 1996, pp. 183–97.
 P. Jacquet, P. Muhlethaler, A. Qayyum, “Optimized Link State Routing Protocol”, Internet
Draft, draft-ietf-manetolsr- 00.txt, November 1998.
 A. Laouiti, A.Qayyum, and L.Viennot, “Multipoint Relaying; An Efficient Technique for
Flooding in Mobile Wireless Networks,” in Proceeedings of the 35th Annual Hawaii
International Conference on System Science (HICSS‟ 2002), Waikoloa, HI, January 2002
 D.B. Johnson, D.A. Maltz, “Dynamic source routing in adhoc wireless networks”, in: T.
Imielinski, H. Korth (Eds.), Mobile Computing, Kluwer Academic Publishers, Dordrecht,
1996, pp. 153–181.
 C. E. Perkins and E. M. Royer, “Ad hoc on-demand distance vector routing”, In IEEE
Workshop on Mobile Computing Systems and Applications, pages 90–100, Feb. 1999.
 V. D. Park and M. S. Corson, “A Highly Adaptive Distributed Routing Algorithm for Mobile
Wireless Networks,” Proc. INFOCOM ‟97, Apr. 1997
 C-K. Toh, “A Novel Distributed Routing Protocol to Support Ad-Hoc Mobile Computing”,
Proc. 1996 IEEE 15th Annual Int‟l. Phoenix Conf. Comp. And Commun., Mar. 1996, pp.
480–86.
 M.Joa-Ng and I. T. Lu, “A Peer-to-Peer Zone-Based Two-Level Link State Routing for
Mobile Ad Hoc Networks,” IEEE journal on Selected areas in Communications, vol. 17,
no. 8, pp. 1415- 1425, August 1999

42. REFERENCES
 M. O. Pervaiz, M. Cardei, and J. Wu, "Routing Security in Ad Hoc Wireless Networks,"
Network Security, S. Huang, D. MacCallum, and D. -Z. Du (eds.), Springer, 2008.
 Behrouz A. Forouzan, “Cryptography and Network Security”, Special Indian Edition, Tata
McHill publication, 2007
 J. Newsome, E. Shi, D. Song, and A. Perrig, The Sybil Attack in Sensor Networks: Analysis
& Defenses, Proc. of the 3rd Intl. Symp. on Information Processing in Sensor Networks,
2004
 B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens, “An On-Demand Secure routing
protocol Resilient to Byzantine failures”, Proceedings of ACM workshop on wireless
security 2003, September 2003
 Y. Hu, A. Perrig and D. B Johnson, “Rushing attacks and defense in Wireless Ad
HocNetwork Routing Protocol”, Proceedings of ACM workshop on wireless security 2003,
September 2003
 Jaydip Sen, M. Girish Chandra, Harihara S.G., Harish Reddy and P. Balamuralidhar, “A
Mechanism for Detection of Gray Hole Attack in Mobile Ad Hoc Networks”, Proceedings of
6th International Conference on Information, Communications and Signal Processing 2007,
December 2007
 Y. Hu, A. Perrig and D. B Johnson, “Packet Leashes: A defense against Wormhole attacks
in Wireless Ad Hoc networks”, Proceedings IEEE INFOCOM 2003, vol. 3, April 2003
 J. J. Tardo and K. Algappan, “SPX: Global authentication using public key certificates”, In
Proceedings of the 1991 IEEE Symposium on Security and Privacy, pages 232–244,
Oakland, CA USA, May 1991. IEEE Computer Society Press.
 R.K nami ,szrp efficient over zrp/july2010

43. REFERENCES
 Y. -C. Hu, D. B. Johnson, and A. Perrig, Ariadne: A Secure On-Demand Routing Protocol
for Ad Hoc Networks, Mobicom‟02, 2002.
 R. Kravets, S. Yi, and P. Naldurg, “A Security-Aware Routing Protocol for Wireless Ad
Hoc Networks”, In ACM Symp. on Mobile Ad Hoc Networking and Computing, 2001.
 P. Papadimitratos and Z. J. Haas, “Secure Routing for Mobile Ad hoc Networks”, In
Proc. of the SCS Communication Networks and Distributed Systems Modeling and
Simulation Conference (CNDS 2002), Jan. 2002.
 S. Buchegger and J. L. Boudec, “Performance Analysis of the CONFIDANT Protocol
Cooperation Of Nodes Fairness In Dynamic Ad-hoc NeTworks”, In Proc. of IEEE/ACM
Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC), Jun. 2002.
 J. Broch, D. A. Maltz, D. B. Johnson, Y-C. Hu and J. Jetcheva, “A performance
comparison of multi-hop wireless ad hoc network routing protocols”, In Proc. ACM
MOBICOM, pages 85–97, Oct. 1998.

44. THANK YOU