Secured Right Angled or Ant Search Protocol for Reducing Congestion Effects and Detecting Malicious Node in Mobile Ad hoc Networks by Multipath Routing

Document Sample
Secured Right Angled or Ant Search Protocol for Reducing Congestion Effects and Detecting Malicious Node in Mobile Ad hoc Networks by Multipath Routing Powered By Docstoc
					                                        (IJCSIS) International Journal of Computer Science and Information Security,
                                        Vol. 9, No. 6, June 2011

Secured Right Angled or Ant Search Protocol for Reducing Congestion
  Effects and Detecting Malicious Node in Mobile Ad hoc Networks
                        by Multipath Routing
Lt. Dr. S Santhosh Baboo, Reader                                                  V J Chakravarthy
P.G. Research Dept of Com. Science                                                Research Scholar
Arumbakkam, Chennai – 106.                                                        Dravidian University
D G Vaishnav College,
Arumbakkam, Chennai – 106.

Abstract – In this paper, we develop a                 simulation for the protocol scheme in NS-2.
security based protocol using Biased                   Simulation results show that RAOA
Geographical – Ant Search multipath                    achieves the fairness throughput, high
routing      approach      which      attains          packet delivery attaining low delay and
confidentiality and authentication of                  overhead in the presence of malicious
packets in both routing and link layers of             nodes.
MANETs. In first phase we developed a
new method for routing the packets from                                I. INTRODUCTION
source to destination using right angled
geographical routing techniques and                    A. Mobile Ad-hoc Networks
shortest path by ant search method to                  A mobile ad hoc network (MANET) is a
reduce congestion effects. Secondly we                 temporary infrastructure less multi-hop
proposed a protocol called SRAOA                       wireless network in which the nodes can move
(Secured Right Angled or Ant Search) an                arbitrarily. Such networks extends the limited
on-demand routing protocol. Thirdly, we                wireless transmission range of each node by
added security to our proposed protocol                multi-hop packet forwarding, thus well suited
using MD 5 (digest algorithm) which                    for the scenarios in which pre-deployed
provides link level security for the packets           infrastructure support is not available. In ad
transmission     between      source     and           hoc network, there is no fixed infrastructure
destination and for detecting and isolating            such as base stations or mobile switching
malicious nodes using certificate generation           centers. Mobile nodes that are within each
for the nodes which are in the parent                  other’s radio range communicate directly via
network. In the next phase of the protocol,            wireless links, while those that are far apart
we did encryption and decryption for                   rely on other nodes to relay messages frequent
authentication, we used RSA algorithm.                 changes of the network topology. Mobile ad
The performance of our SRAOA protocol is               hoc networks are finding ever increasing
compared / validated with some prominent               applications in both military and civilian
routing protocols for mobile ad hoc                    scenarios due to their self-organizing, self-
networks, in the presence of malicious node            configuring capabilities.
in the simulation environment, namely Ad
hoc On Demand Distance vector (AODV)                   The following figure 1 shows mobile ad hoc
and      Ad hoc On-demand Multipath                    network which consists of five mobile nodes.
Distance Vector (AOMDV), DSR (Dynamic                  Let us consider the mobile node 5 out of
Source Routing), DSDV (Destination                     transmission range from the mobile node 2. If
Sequenced Distance Vector. We have                     mobile node 2 wants to send packets to node 5
chosen four performance metrics, such as               (i.e., wants of establish communication with
Average Delay, Packet Delivery Ratio,                  node 5). Now the node 2 sends the packets to
Routing Load, and Throughput. We did                   node 3 and node 3 transmits to node 4, since

                                                                                   ISSN 1947-5500
                                           (IJCSIS) International Journal of Computer Science and Information Security,
                                           Vol. 9, No. 6, June 2011

the node 3 and node 4 are in transmission                 eavesdroppers to obtain any                           useful
range with both node 2 and node 5 or the node             information from the data overhead.
directly sends the packets to node 5 if the node
4 is busy. Thus the node 2 is able to
communicate node 5 successfully.                          Active Attacks

                                      4                   An Active attack, is one where the attacker
                                                          actively seeks to modify, abstract, alter or
   1                 3                                    destroy the data being exchanged, thus
                                                          disrupting the normal functioning of the
                                                          network. Active attacks can be classified
            2                              5              further into two types: external and internal.
                                                          External attacks come from nodes that do not
                                                          belong to the network; they can be prevented
                                                          by using standard security mechanism such as
                    Figure 1                              encryption techniques and firewalls. Internal
                                                          attacks, however, are from compromised
The major difference between fixed networks
                                                          nodes that belong to the network. Since the
and MANET is that the computers in a
                                                          adversaries are already part of of the network
MANET are mobile (which are motion).
                                                          as authorized nodes, such attacks are more
                                                          severe and difficult to detect than external
B. Vulnerability of Existing Protocols
                                                          Within these categories, there are many
The security of communication in ad hoc
                                                          different types of attack that mobile ad hoc
wireless networks is important especially in
                                                          networks may face, some of which are
military applications. The absence of any
                                                          described here.
central coordination mechanism and shared
wireless medium makes MANETs more
                                                          Wormhole attack
vulnerable to digital/cyber attacks than wire
                                                          All packets are dropped by sending forged
networks. Malicious and selfish nodes are the
                                                          routing packets, the attacker could route all
ones that fabricate attack against physical,
                                                          packets, the attacker could route all packets
link,    network,     and    application-layer
                                                          for some destination to itself and then discard
functionality. Current routing protocols are
                                                          them, or the attacker could cause the route at
exposed of two types of attacks: Passive and
                                                          all nodes in an area of the network to point
Active attacks.
                                                          “into” that area when infact the destination is
                                                          outside the area.
Passive Attacks
                                                          Black hole attack
A passive attack does not disrupt the operation
                                                          Using a pair of attacker nodes A and B linked
of the network; it occurs when an attacker tries
                                                          via a private network connection. Every
to eavesdrop on the data or the network traffic
                                                          packet that           A receives from ad hoc
without altering it. This can violate the
                                                          network, A forwards through the wormhole to
requirements of confidentiality if an adversary
                                                          B, to then be rebroadcast by B, similarly, B
is also able to interpret that data gathered
                                                          may send all ad hoc network packets to A.
through snooping. This type of attack is less
harmful than an active one, but is much harder
to detect, because the attacker does not
                                                          Byzantine attack
interfere with the operation. One way of
                                                          A compromised intermediate node works by
overcoming such problems is to use powerful
                                                          itself, or a set of compromised intermediate
encryption mechanism to encrypt data being
                                                          nodes works in collusion and carries out
transmitted, thus making it impossible for
                                                          attacks at the creation of routing loops,

                                                                                      ISSN 1947-5500
                                           (IJCSIS) International Journal of Computer Science and Information Security,
                                           Vol. 9, No. 6, June 2011

forwarding packets on non-optimal paths and                                        Table 1
selectively dropping packets.
                                                                   Security Solution for MANETs

Information disclosure                                    Layer                                 Security Issues
An attacker may disclose private or important
information to unauthorized nodes in the                  Application Layer           Detecting and preventing
network. Such information may include                                                 Viruses, Worms, Malicious
                                                                                      codes, and applications
information regarding the location of nodes or
the structure of the network. It gathers the              Transport Layer             Authentication and Securing
node location information, such as a route                                            end-to-end communication
table, then plans to attack in further scenarios.                                     through date encryption
                                                          Network Layer               Protecting the ad hoc routing
Resource consumption attack                                                           and forwarding protocols
A malicious node can attempt to consume or                Link Layer                  Protecting the wireless MAC
                                                                                      protocol and providing link
waste resources of other nodes in the network.
                                                                                      layer security support
The resources targeted are bandwidth,                     Physical Layer              Preventing Signal jamming,
computational power and battery life, which                                           denial-of-service attacks
are limited in ad hoc wireless networks. Such
attacks may be in the form of requesting
excessive route discovery, very frequent                  II. OBJECTIVE & OVERVIEW OF THE
generation of beacon packets, or forwarding               PROPOSED PROTOCOL
unnecessary packets to an unsuspecting node.
                                                          A. Objectives
Partition                                                 In this paper, we propose to design a
An attacker may try to partition the network              congestion reduced and security based
by injecting forged routing packets to prevent            protocol – Right angled or Ant Search
one set of nodes from reaching another.                   (RAOA) which is the enhancement over
                                                          AOMDV protocol, which works on energy
Detour                                                    based     approach     which      attain   high
An attacker may attempt to cause a node to                confidentiality and authentication of packets in
detours through suboptimal routes. Also                   routing layer and layer of MANETs, having
compromised nodes may try to work together                the following objectives:
to create a routing loop.
                                                          light weight in order to increase the network
Session Hijacking                                         lifetime to provide, the application of ciphers
One weak point is that most authentications               that are computationally efficient like the
processes are only carried out once when a                symmetric-key algorithms and cryptographic
session starts. An adversary could try to                 hash functions
appear as an authentic node and hijack the                cooperative to establish high-level security
session.                                                  with        the       aid      of       mutual
                                                          collaboration/cooperation amidst nodes along
Dos                                                       with other protocols
An adversary tries to disturb the                         attack-tolerant to facilitate the network to
communication in a network, for example by                resist attacks to heal itself by detecting,
flooding the network with a huge amount of                recognizing, and eliminating the sources and
packages. Service offered by the network are              types of attacks
not working as usual, slow down or even stop.             flexible & energy enough to trade security for
Ad hoc wireless networks are more affected                energy consumption
than wired networks, because there are more               Compatible with the security methodologies
possibilities to perform such an attack.                  and services in existence
                                                          scalable to the rapidly growing network side

                                                                                      ISSN 1947-5500
                                            (IJCSIS) International Journal of Computer Science and Information Security,
                                            Vol. 9, No. 6, June 2011

B. Overview of the protocol                                Minimising       Congestion     in    Wireless
We propose to design a Multi-Path Routing                  Networks
Protocol, which sends the packets in                       In wireless networks, Congestion occurs when
alternative path in MANETs without any                     the wireless area around them is busy. With
centralized infrastructure.                                networks congestion is mostly situated at the
                                                           border of the network, with point to point
Explanation of the Right Angled Biased                     communication congestion usually builds in
Geographical Routing and ANT Search                        the center. So avoid the congestion in the
protocol (RAOA)                                            wireless networks, the way should be
                                                           followed, i.e., we allow packets to route on
The main idea in our solution is to reduce the             alternate paths. This type of routing avoid the
congestion during the transmission of packets              congestion is busy area in the wireless
form source to destination, for that we inserted           networks.
a “BIAS” i.e. the angle in each packet, which
determines the straight line path from the                 To reduce the congestion during transmission
source so that the packets move towards the                of packets; we propose two more congestion
destination. Here the term bias is a measure               control mechanisms that highly enhance
angle of which the packets take from the                   RAOA protocol.
source from greedy route and also indicates
the side of deviation. In our discussion, the              Biased Node Packet Scatter (BNPS) is a
term bias is treated at each hop as an angle i.e.,         very light weight method mechanism that
90. Our proposed protocol “RAOA” routes                    partially aims to transient congestion by
greedily towards the point P2 (target point)               locally splitting the traffic along multiple
situated at a predefined distance from the                 paths to avoid congested hotspots.
current node point P1 such that the angle
between the lines P1and P2 is equal to the bias            Node-to-Node Packet Scatter (NNPS) is also
i.e angle 90° and finally the P3 node receives             a mechanism but aim to transmit packets to
the packets. If the sending node doesn’t find              longer term congestion, when BPNS fails.
any node at 90º, instantly it will search (Ant
Search) for the node which is very near to that            We have evaluated the performance of RAOA
node. Once it finds the very nearest node, it              protocol by using a high-level, a packet-level
will send the packets continuously. Then that              simulator (ns2). The results show that RAOA
node finds the other node at 90° and sends the             is a practical and efficient multipath routing
packets.                                                   algorithm. We have evaluated BPNS and
                                                           NNPS using ns2.

                                                           III. EFFICIENT   MAC                              LAYER
                                                           SECURITY PROTOCOL

                                                           A. Forwarding Scheme
              P2                       P3
                                                           In our proposed protocol, Let us consider two
                                                           nodes one is sending node (source) and
                                  P6                       another is the receiving node (destination) in
                        P4                                 the transmission range. We did this
                                                           experiment with 50 nodes named from N1 to

                                                           In the scenario, when running our RAOA
                                                           protocol, first the RSA algorithm will run
                                                           creates the encrypted message with private
        Figure 2: RAOA Forwarding                          key in the source node and the RAOA

                                                                                       ISSN 1947-5500
                                            (IJCSIS) International Journal of Computer Science and Information Security,
                                            Vol. 9, No. 6, June 2011

protocol starts finding the path, i.e., sending            summarized in table 2.
the nodes through 90° angle and then MD5
algorithm starts running creates the link level                No of Nodes              50
security i.e., creates the certificates for the
                                                               Area Size                1000 x 1000
nodes which are the parent network.
                                                               Mac                      802.11
B. Working of MD5 message – digest                             Radio Range              250m
algorithm and RSA algorithm.
                                                               Simulation time          10 sec
The MD-5 message-digest algorithm is a                         Traffic Source           CBR
simple to implement and provides a
                                                               Packet Size              512
“fingerpoint” or message digest of a message
of arbitrary length. It is conjectured that the                Mobility                 Random Way Point
difficulty of coming up with two message                       Speed                    5 m/s
having the same message digest is on the order
of 2^64 operations, and that the difficulty of                 Pause time               0, 1, 2, 3, 4, 5
coming up with any message having a given
message digest is on the order of 2^128
operations. When routing of packets takes                  C. Performance Metrics
place from source to destination through                   We evaluated mainly the performance of the
different nodes in the network. Encryption and             RAOA protocol according to the following
Decryption process will done using RSA                     metrics.
algorithm. After the process takes place the
MD5 will generate certificate for the nodes,               Control overhead: The control overhead is
suppose the node is in network, but certificate            defined as the total number of routing control
is not generated the MD5 doesn’t consider that             packets normalized by the total number of
node as malicious node instead it will generate            received data packets.
certificate for that node also. The above
consideration will be done by setting flag                 Average end-to-end delay: The end-to-end
value. If the flag value = 0 for a node means, it          delay is averaged over all surviving data
is not a malicious node, if flag value = 1 for a           packets from the sources to the destinations.
node then, that node is considered as a
malicious node and no certificate will be                  Average Packet Delivery Ratio: It is the ratio
generated for that node and no transmission or             of the number of packets received successfully
receiving of packets will take place.                      and the total number of packets sent.

Each certificate contains the following items;             Through put: It is the number of packets
1. IP address                                              received successfully.
2. Encrypted Message
3. MAC Address
4. Private Key                                             Simulation Results
5. Public Key.

Example of certificate generated through MD5
algorithm to provide secured routing:
 Node (13)
Our simulation setting and parameters are

                                                                                       ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 6, June 2011

                                           ISSN 1947-5500
                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                          Vol. 9, No. 6, June 2011

                                                         for the nodes which are in the home network.
                                                         The malicious node punished and rewarded by
                                                         not generating certificate by setting the flag
                                                         value. By simulation results, we have shown
                                                         that the RAOA security protocol achieves high
                                                         packet delivery ratio while attaining low
                                                         delay, packet loss, high packet delivery ratio
                                                         and throughput. Above all, our RAOA
                                                         protocol provides high security challenges
                                                         with any types of attacks (both active and
                                                         passive attacks). In future, we will propose
                                                         send video packets using the RAOA protocol
                                                         in presence of malicious node.
                                                         1. Lt. Dr. S. Santhosh Baboo, V J
                                                            Chakravarthy “Performance Analysis of
                                                            the RAOA Protocol with Three Routing
                                                            Protocols for Various Routing Metrics"
                                                            IJCSIS May 2011, Vol. 9 No. 5
                                                         2. Liu, Kejun Deng, Jing Varshney, Pramod
                                                            K,                    Balakrishnan   and
                                                            Approach for the detection of Routing
                                                            Misbehavior     in    MANETs”,     IEEE
                                                            Transactions on Mobile Computing, May
                                                         3. Based Approach for the Detection of
                                                            Routing Misbehavior in MANETs”, IEEE
                                                            Transactions on mobile Computing, May
                                                         4. Anand Patwardhan, Jim Parker, Anupam
                                                            Joshi, Michaela Lorga and Tom
                                                            Karygiannis     “Secure    Routing   and
                                                            Intrusion Detection in Ad Hoc Networks”,
                                                            Third IEEE International Conference on
                                                            Pervasive          Computing         and
                                                            Communications, March 2005.
Conclusion                                               5. A. Patwardhan, J. Parker, M. Lorga, A.
In this paper, we have developed an                         Joshi, T. Karygiannis and Y. Yesha
authenticated routing protocol with the                     “Threshold-based Intrusion Detection in
security    issues,    which     attains   high             Ad hoc Networks and Secure AODV”
confidentiality and authentication of packets in            Elsevier Science PublishersB.V, Ad Hoc
both routing and link layers of MANETs. In                  Networks Journal (ADHOCNET), June
the first phase of the protocol, we have                    2008.
designed with RSA algorithm for encryption               6. Muhammad Mahmudul Islam, Ronald
and decryption and added security for the                   Pose and Carlo Kopp, “ A Link Layer
protocol using MD5 (digest-algorithm)                       Security Protocol for Suburban Ad-Hoc
scheme for detecting and isolating the                      Networks”, in proceedings of Australian
malicious nodes using routing layer                         Telecommunication        Networks    and
information and also by generating certificates             Applications Conference, December 2004.

                                                                                     ISSN 1947-5500
                                           (IJCSIS) International Journal of Computer Science and Information Security,
                                           Vol. 9, No. 6, June 2011

7. Shiqun Li, Tieyan Li, Xinkai Wang,                     16. Eric Setton, Xiaoqing Zhu and Bernd
    Jianying Zhou and Kefei Chen, “Efficient                  Girod “Congestion-Optimized Multipath
    Link Security Scheme for Wireless Sensor                  Streaming of Video over Ad Hoc Wireless
    Networks”, Journal of Information And                     Networks”.
    Computational         Science,         Vol.4,         17. S R Biradar, Subir Kumar Sarkar, Rajanna
    No.2.pp.553-567, June 2007.                               K M, Puttamadappa C “Analysis QOS
8. S. Schmidt, H. Krahn, S. Fischer, and D.                   Parameters      for   MANETs     Routing
    Watjen, "A Security Arichitecture for                     Protocols”, International Journal on
    Mobile Wireless Sensor Networks“, In                      Computer Science and Engineering, Vol.
    proceedings of First European Workshop                    02, No. 03, 2010, 593-599.
    on security in Ad-Hoc and Sensor                      18. P Chenna Reddy, Dr. P. Chandrasekhar
    Networks (ESAS 2004), August 2004.                        Reddy, “Performance Analysis of Ad Hoc
9. A. Rajaram and Dr. Palaniswami                             Network Routing Protocols”, Academic
    “Detecting Malicious Node in MANET                        Open Internet Journal, ISSN 1311-4360,
    Using Trust Based-Layer Security                          Vol-17, 2006.
    Protocol”, International Journal of                   19. Lucian Popa, Costin Raiciu, Ion Stoica,
    Computer Science and Information                          David      s.    Rosenblum,    “Reducing
    Technologies, Vol. 1 (2), 2010, 130-137.                  Congestion Effects in Wireless Networks
10. Ajay Jangra, Nitin Goel, Priyanka &                       by Multipath Routing”.
    Komal Bhatia “Security Aspects in Mobile              20. Josh Broch, David A. Maltz, David B.
    Ad Hoc Networks (MANETs): A Big                           Johnson Yih-Chun Hu, Jorjeta Jetcheva,
    Picture”,   International      Journal     of             “A Performance Comparision of Multi-
    Electronics Engineering, 2(1), 2010, pp.                  Hop Wireless Ad Hoc Network Routing
    189-196.                                                  Protocols.
11. Abhay Kumar Rai, Rajiv Ranjan Tewari,                 21. Rahul C. Shan, Adam Wolisz, Jan M.
    Saurabh Kant Upadhyay “Different Types                    Rabacy, “On the performance of
    of Attack on Integrated MANET – Internet                  geographical routing in the presence of
    Communication”.                                           localization errors”.
12. Dr. S. Santhosh Baboo, B. Narasimhan “A               22. A. Rajaram, Dr. S. Palaniswami,
    Hop-by-Hop Congestion – Aware Routing                     “Detecting Malicious Node in MANET
    Protocol                                                  Using Trust Based Cross-Layer Security
    for Heterogeneous Mobile Ad-hoc                           Protocol, IJCSIT, vol. 1 (2), 2010, 130-
    Network”, International Journal of                        137.
    Computer Science and Information
    Security, Vol. 3, No. 1, 2009.                                         AUTHORS PROFILE
13. Marina and Das, “On-demand multipath
    distance vector routing in ad hoc                                   Lt. Dr. S .Santhosh Baboo,
    networks”, Ninth International Conference                           aged forty, has around Twenty
    on Network protocols, pp.14-23, 2001.                               years of postgraduate teaching
14. Xiaoqin Chen, Haley M. Jones and                                    experience in Computer Science,
    Jayalath, “Congestion-Aware Routing                                 which includes Six years of
    protocol for Mobile Ad Hoc Networks”,                 administrative experience. He is a member,
    IEEE 66th conference on Vehicle                       board of studies, in several autonomous
    Technology, pp.21-25, October 2005.                   colleges, and designs the curriculum of
15. N. Vetrivelan, Dr. A V Reddy,                         undergraduate and postgraduate programmes.
    “Performance Analysis of Three Routing                He is a consultant for starting new courses,
    Protocols for Varying MANET Size”,                    setting up computer labs, and recruiting
    Proceedings      of     the     International         lecturers for many colleges. Equipped with a
    MultiConference of Engineers and                      Masters degree in Computer Science and a
    Computer Scientists 2008 Vol II, IMECS                Doctorate in Computer Science he is a visiting
    2008 19-21, March 2008, Hong Kong.                    faculty to IT companies. It is customary to

                                                                                      ISSN 1947-5500
                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                          Vol. 9, No. 6, June 2011

see him at several National/international
conferences and training programmes, both as                           V J Chakravarthy, done his
a participant and as a resource person. He has                         Under-Graduation in Madras
been keenly involved in organizing training                            University and Post-Graduation
programmes for students and faculty                                    in Bharathidasan University and
members. His good rapport with the IT                                  Master of Philosophy Degree in
companies has been instrumental in on /off               Periyar University. He is currently pursuing
campus interviews, and has helped the post               his Ph.D in Computer Science in Dravidian
graduate students to get real time projects. He          University, Kuppam, Andhra Pradesh. Also,
has also guided many such live projects. Lt.             he is working as a Assistant Professor in P G
Dr. Santhosh Baboo has authored a                        Department of Computer Science, in the New
commendable number of research papers in                 College, (accredited at ‘A’ grade by NAAC),
international/national Conference/journals and           one of the premier institutions in Chennai.. He
also guides research scholars in Computer                is having more than two years of research
Science. Currently he is Reader in the                   experience and seven years of teaching
Postgraduate and Research department of                  experience. His research interest includes
Computer Science at Dwaraka Doss                         Wireless - Ad-HocNetworks - Congestion
Goverdhan Doss Vaishnav College (accredited              reduction – Shortest Path detection, new
at ‘A’ grade by NAAC), one of the premier                protocols findings and security challenges in
institutions in Chennai.                                 routing techniques.

                                                                                     ISSN 1947-5500