This paper aims researched and developed a new credit based framework that detects multiple hole attacks on a ad hoc network. A few existing protocols detect ...
International Journal of Computer Trends and Technology (IJCTT) – volume 14 number 2 – Aug 2014
A Credit Based Framework to Mitigating Multiple Hole Attack in Reactive Routing Protocol Vrutik Shah#1Dr.Nilesh Modi*2 #1
Reseach Scholar,Department of Computer ScienceKarpagam University,Coimbatore, India. Senior Asst.Professor,Indus University,Ahmedabad #2 Professor and Head,S.V. Institute of Computer StudiesKadi, Gujarat, India
Abstract— The recent advancements in the wireless technology and their wide-spread deployment have made remarkable enhancements in efficiency in the corporate and industrial and Military sectors The increasing popularity and usage of wireless technology is creating a need for more secure wireless Adhoc networks. This paper aims researched and developed a new credit based framework that detects multiple hole attacks on a ad hoc network. A few existing protocols detect multihole attacks but they require highly specialized equipment not found on most wireless devices. This paper aims to develop a defense against such attacks keeping in view of energy constraint environment of an ad-hoc network an excellent framework should be obligatory which is theoretical and utter, understandable and explicit, summarized and logical, straightforward to sustain and cost efficient.
black hole attack, in which one node occasionally drops packets of a destination. This node sometimes acts like a normal node and sometimes as not normal. Distinguishing of this attack is really harder than black hole attack because of frequently acting normal and frequently malicious.
Index Terms—Security Atttacks, Blackhole Attack, GrayHole Attack, AODV
We assume a network of N nodes, indexed by the set V = {1,2,3, . . . , N}. The nodes are deployed over an area A ⊂ R2, with node i at position xi ∈ A. Two nodes are capable of communicating over a direct wireless channel if they are within each other’s radio range r. Based on this assumption; the network has a geometric graph structure. an ad hoc network is represented by a graph G(V, E) where V: vertices are network non- Malicious and honest nodes ,E: edges represent communication links via radio or wormhole tunnels. we assume V*⊂ V is a set of distinguished nodes and these nodes are under the adversary’s control i.e. Malicious nodes.we employed to labeling function L for assigns IDs to nodes with the following restrictions each honest node has a unique, uncompromised ID each adversarial node is labeled with all the compromised IDs we assume that ID’s are authenticated during RREQ neighbor discovery process of reactive routing protocol AODV.
I. INTRODUCTION This Wireless ad-hoc networks are composed of autonomous nodes that are self- managed without any infrastructure[1,.2]. In this way, ad-hoc networks have a dynamic topology such that nodes can easily join or leave the network at any time. They have many potential applications, especially, in military and rescue areas such as connecting soldiers on the battlefield or establishing a new network in place of a network which collapsed after a disaster like an earthquake. Ad-hoc networks are suitable for areas where it is not possible to set up a fixed infrastructure. Since the nodes communicate with each other without an infrastructure, they provide the connectivity by forwarding packets over themselves. To support this connectivity, nodes use some routing protocols such as AODV[1,2] (Ad-hoc On-Demand Distance Vector) in category of reactive protocol[1], DSR (Dynamic Source Routing) and DSDV (Destination-Sequenced DistanceVector). Multiple hole attack such as Gray hole[3,4] and black hole[3,4] attacks. Gray hole attack is special kinds of black hole attacks. In black hole attack, attacker replies to each RREQ packet of route discovery with the greatest sequence number that it can. Then source node selects the greatest RREP sequence number and also selects the route contained in that RREP packet. Attacker tries to spoof ID of destination node and by using a high sequence number in RREP, flows all data packets to itself. Gray hole attack is a kind of
ISSN: 2231-5381
II. PROBLEM STATEMENT In this section, we introduce our communication network model and adversary models and provide the definition of creidt –enhanced framework [7] for multiple hole attack in reactive routing protocol. A. Network Model
Fig. 1. Topology model
The figure 1 depicts a configuration is a triplet: (G, V*, L) where Gg = (V, Eg ), where for any i, j ∈ V , we have (i, j) ∈ Eg if and only if ||xi − xj||2 ≤ r notation are listed in Table 1.
http://www.ijcttjournal.org
Page 51
International Journal of Computer Trends and Technology (IJCTT) – volume 14 number 2 – Aug 2014 Notation V
Definition Set of network nodes
N
Number of nodes
A
Network deployment region
xi
Location of node with index i
r
Node radio range
Gg
Geometric network graph
τ
Vulnerability threshold
L
Labeling Function Table 1: notation of ad hoc network
B. Adversary Model We assume an adversary that is active, mobile, and resourceconstrained. By active, we mean that the adversary is capable of both passive eavesdropping and physically capturing nodes. Once a node is captured, the adversary gains access to its secret keys. Adversarial nodes can emulate the execution of the routing protocol (locally) using any subset of the compromised IDs in any order. They can also pass information to each other in a proprietary way these are tolerable imperfections, which are embedded in the notion of plausible routes. The reduced configuration is (G(V, E), V*, L) indicating neighboring adversarial nodes are joined. As depicted in figure 2 a route is plausible in a given configuration, if it doesn’t contain repeating IDs and it can be partitioned in a way that each partition P can be associated with a node v in G such that P ⊂ L(v), and neighboring partitions are associated with neighboring nodes in G.
Fig. 2. Plausible routes model
As depicted in figure 3 H, M1, …, Mn, A1, …, Am, C are interacting, probabilistic Turing machines – – –
M1, …, Mn represent non-malicious nodes in G A1, …, Am represent adversarial nodes in G C models the communication links (edges of G)
ISSN: 2231-5381
Fig. 3. Adversary model
each machine is initialized with some input data e.g. light weight cryptography keys[27] and random input. each activated machine operates in a reactive manner for reads input tape, performs state transition and writes output tape and goes back to sleep We assume machines are activated by a hypothetic scheduler in rounds in a fix order in each round: H, …, C.The computation ends when H reaches a final state. C models the communication links when activated, it moves the content of the output tape of each protocol machine (Mi and Aj) onto the input tape of all neighboring machines in a random order for the graph G.H models higher layer protocols (and ultimately the end-users) of non-corrupted nodes. – It can initiate a route discovery process at any machine Mi by placing a request on reqi – A response may be returned to the request via resi – The response contains a set of routes (maybe empty set) it can receive out-of-band requests from the adversarial machines via extj Mi models the operation of the routing algorithm in the i-th non-corrupted node – it receives requests from H via reqi and may return a response via resi – it sends and receives routing messages to and from its neighbors via outi and ini – initialized with its own ID and those of its neighbors, some cryptographic material, and random input – Aj models the j-th adversarial node
http://www.ijcttjournal.org
Page 52
International Journal of Computer Trends and Technology (IJCTT) – volume 14 number 2 – Aug 2014 –
it uses outAj and inAj to communicate with its neighbors – it can use extj to “force” H to start a route discovery between any two honest nodes – it is non-adaptive: it places its requests on extj at the beginning of the computation, and doesn’t use extj anymore – its behavior is not restricted apart from being polynomial-time in the security parameter sets of routes returned to H denoted by real_outconf,A(r), where r = (rI, rM, rA, rC) rI – random input of cryptographic initialization (key generation),rM – random input of M1,…, Mn ,rA – random input of A1,…, Am, rC – random input of C real_outconf, A denotes the random variable describing the output when r is chosen uniformly at random. III. FRAMEWORK DESIGN A framework is to skeleton of lines of activities or to portray a special approach to a proposal. For software development point of view, a framework, that is used by software developers to implement the standard and cultivated structure for an application. Keeping in view of energy constraint environment of an ad-hoc network an excellent framework should be obligatory which is theoretical and utter, understandable and explicit, summarized and logical, straightforward to sustain and cost efficient. Above all, it should be valuable. An conceptual depiction of the proposed framework is shown in Fig 1. An exhaustive study of the literature and simulation tools for ad hoc networks acknowledged the subsequent network parameters—Geographical Area, Number of Nodes, no of attackers, Placement of nodes, Mobility model, queuing, Terrain and some other optional parameters. The application class expresses the catalog of possible applications that can be accomplished e.g. Email, ftp, chatting, video conferencing and so on. The node parameters are used to depict the parameters of node in provisions of battery, memory, mobility speed, clock speed. The trusted protocol is an enhanced adaptation of an existing protocol. The protocol may be a routing protocol, Thus this flexibility in the proposed framework results it as a generalized framework. The protocol is adapted so that it should take credit value in concern while constructing conclusion. We have presented a relative study of performance of ad hoc reactive routing protocols in our prior work [26]. On the source of the results of that study we have selected the AODV reactive routing protocol for demonstrative purposes. Subsequent to the selection of protocol, the next step is to make it credit based protocol. The credit based protocol with the ad hoc network setup granted a trusted ad hoc network i.e. an ad hoc network that too considers credit value while making decisions. IV .PROPOSED FRAMEWORK No node should be detected falsely multiple hole attack as well as no node should be estimated as non-malicious node. Keeping these two extremes in mind the modules of framework has been designed as bellow.
ISSN: 2231-5381
A. Observation Module: As depicted in fig The observer module of each node monitors its neighbors by passively take note to their communication. For detecting packet drops and modifications by neighbors, with the help of observation table of AODV routing protocol deviation is to be measured. The deviation from normal behavior of a neighbor is used as an indicator for the unbiased degree of maliciousness because this is independent of the past behavior of the neighbor node. If this unbiased deviation exceeds a pre-set threshold value then the credit collection module is invoked as discussed below. B. Credit Collection module: This module invokes a majority consensus algorithm among the neighbors of a node that has-been suspected to be malicious. On being activated by its observation module, We have devised mechanism in which during route discovery phase from the routing table we will count the hopes for each node from the source and multiply that count by three times as initial credit in our Routing table Equation is Initial Credit =HopCount * 3. When a node in the path sends one packet, one credit is deducted from the next hop node. as Soon asa destination node receives data packets, it will send ACK back to a source node. A node within away back will increase credit of the next hop by two to indicate a higher trust level of the next hop. Although Credit Mac is defined MAX=5*Hop Count for the forbearance of operation. In the proposed scheme, the difference of absolute trust and average degree of maliciousness of the majority of the respondents is used for computing group trust. Majority is taken as the larger of the two groups by partitioning the respondents after comparing their observed degree of maliciousness with a preset threshold.
Fig 4: proposed Framework
C. Credit maintainer module The Credit information of suspected nodes is exchanged between the neighboring nodes in the network by a credit_messmessages. Acredit_messis an IP datagram with a credit header inserted between the IP header and the data payload. The credit header consists of three fields:credit_mess_type,node_id, andcredit_val. Acredit_mess_typemay beof three types: (i)credit_request, (ii)credit_response, and (iii)credit_broadcast.
http://www.ijcttjournal.org
Page 53
International Journal of Computer Trends and Technology (IJCTT) – volume 14 number 2 – Aug 2014 Acredir_requestmessage is sent by an accused node when it requests for its credit value to its neighbors. Acredit_responsemessage is used by respondent nodes when they send their observed credit value about a suspected node. Acredit_broadcastmessage is used when anode needs to broadcast the credit value of a malicious node to all its neighbors. D. Credit formatter module Every node maintains a credit state for all maliciously behaving nodes in the network using the list table{} of AODV protocol. The credit state is maintained in the form of afield in routing table. A observation table consists of three fields: (i)node_id and (ii)credit_val(iii) Timestamp. The trust state of a node is updated on when anode receives a new RREQ or RREP . The credit maintenance module is solely responsible for computing and verifying the correctness of the credit. Caching them, and updating the global credit state of the node for which it has received the form of certificate. A node checks the correctness of a certificate by verifying whether response from every neighbor has been correctly considered in computing the group credit and the messages have not been interfered with. This is to ensure by application of cryptographic techniques. The contribution of a trust certificate in the final trust value of a suspected node depends on the global trust state of the majority of the neighbors of that node. If the majority in the group observes that the node is acting maliciously, i.e. its trust value is low, the received certificate is propagated to all the neighbors of the accused node .If the calculated trust value for a node falls below the threshold trust level, a global alarm is raised and the malicious alert raise module is called on. E. Alert-raise module if an aberration is noticed than the node is check over and over before it emulates maximum chances. As a node is identified as malicious multiple hole, P Broadcaster broadcasts alert to neighboring nodes with the LIST node(malicious node/s) as parameter. Any router receiving the alert packet forwards the message to its neighboring nodes thereby discovering the malicious node LIST to the whole network and it can be discarded further from the communication in the network. V. SECURITY ANALYSIS & RESULT D ISCUSSION The redundancy of credit information and the cumulative credit computation function offer toughness in the proposed scheme against message tampering, packet dropping, and false accusation by nodes. Malicious behavior can be shown by the accused node, the critical and the respondent nodes, or other nodes that do not participate in a particular challenge-response scenario. Security analysis for each of these cases is discussed Accused node is indeed malicious: In this case the accused node may attempt to perform the following activities such as credit Feedback dropping by a malicious node, Selective
ISSN: 2231-5381
broadcast, Tampering of received credit feedbacks, False accusation of dropping feedbacks ie credit values. At the lower layer means physical and data link layer, we used the IEEE 802.11 with Two Ray Ground radio propagation model. Consideration of the traffic of Constant Bit Rate (CBR) data packets over UDP at the transport layer in a of 1000m x 1000m with the total number of nodes varies as per scenarios forming the ad hoc network.
Fig 5:Simulation Topology in NS 2.34 Table 2:Simulation Parameters.
Ns-2 creates agents for the various network objects, including the router, CBR source, physical interface and so forth. Each of these agents log data which contains at least the minimal information in trace file .(tr file). The metrics used for evaluation of performance are: (i) false positive rate, (ii) detection rate, (iii) convergence time, (iv) effective convergence time and (v)routing overhead. Total convergence time is the time required for a exchange of credit value to be propagated to all non-malicious nodes in the network. Simulation Parameter
Value
NS Version
2.34
AODV
NS2 default
grayholeAODV & BlackholeAODV No of Nodes
Customized variations in NS2 default AODV 50
Traffic Type
UDP
Data Type
CBR
Data Packet Size
512 Bytes
Scenario MAC Protocol
Random Motion models generated using "setdest” IEEE 802.11
Radio Propagation Model
Two Way Ground
Simulation Time
100
Node Speed
50 m/s
http://www.ijcttjournal.org
Page 54
International Journal of Computer Trends and Technology (IJCTT) – volume 14 number 2 – Aug 2014 Interface Queue
Queue/DropTail/PriQueue
Simulation Area
1000 x 1000 m
Animator
NAM
No of Attackers
10
reactive protocol in `Ad hoc network. As a future work one can develop the same credit based approach for hybrid and proactive protocol. Second direction, we did not consider secure routing protocol such as SAODV, SEAD,ARIADNE for such routing protocol f performance-vulnerability metrics may be measured which is other than the threshold, credit metric presented in this paper.
Performance Metric
REFERENCES Proposed Framework… [1]
AODVGAP & Black Hole… [2]
Normal AODV
[3]
0%
20%
40%
60%
80%
100% [4]
Normal AODV
AODVGAP & Black Hole Detection
Proposed Framework with AODVGAP
False positive rate
87
17
20
Successful Detection rate
0
100
85
Communication overhead
117
154
165
[5] [6] [7]
[8] Fig 6:performance metric
[9]
The performance of the proposed framework is compared with the mechanism presented in [22].The local detection algorithm AODV-GAP and inquisition based black hole and detection algorithm of [23] are denoted as AODVGAP & Black Hole Detection respectively in Table 1. It is observed that AODVGAP has a high false positive rate, as in case of congestion it raises a large number of false alarms. However, AODVGAP & Black hole detection gives the highest successful detection rate and is used as the baseline of computation on that metric. The drop in performance is observed that for routing overhead, the overhead of messages is high as it does not perform any filtering of local alarms before sending them in the network. IV .CONCLUSION & FUTURE WORK Having simulated[22,23] the black Hole Attack and selective packet attack we saw that the packet loss is increased in the ad-hoc network due to nature of attack. Its also affects the overall network connectivity and the data loss could show the existence of the multiple hole attack in the network. If the number of multiple Hole Nodes is increased then the data loss would also be expected to increase. These two results show that our proposed framework design to mitigating the multi Hole effects efficiently in stipulations of PDF, AED, Routing Discovery Time and Routing overhead. Two directions for future work are as follows. . F i r s t , In this paper our major focus was with AODV protocol which is
ISSN: 2231-5381
[10]
[11]
[12]
[13]
[14]
[15]
[16] [17] [18]
C. E. Perkins, E. M. B. Royer and S. R. Das, “ Ad-hoc On-Demand Distance Vector (AODV) Routing,” Mobile Ad-hoc Networking Working Group, Internet Draft, draft-ietf-manetaodv- 00.txt, Feb. 2003. C.Perkins, “(RFC) Request for Comments – 3561”, Category: Experimental, Network, Working Group S. Marti, T. J. Giuli, K. Lai and M. Baker, “Mitigating Routing Misbehavior in Ad Hoc Networks”, Proc. 6th Annual Int’l. Conf. Mobile Comp. and Net, Boston, MA. pp. 255-265. August 2000 L. Buttyan, and J. Hubaux, “Enforcing cooperation in self organizing mobile as hoc networks,” In Proceedings of IEEE/ACM Workshop on Mobile Ads Hoc Networks, Technical report DSC/2001/046, EPFLDIICA, August 2002. L. Eschenauer, V. Gligor, and J. Baras. On Trust Establishment in Mobile Ad-hoc Networks. Technical Report MS 2002-10, Institute for Systems Research, University of Maryland, 2002. X. Li, M. Lyu, and J. Liu. A Trust Model Based Routing Protocol for Secure Ad hoc Networks. In Proceedings of the Aerospace Conference, pages 1286–1295, March 2004. T. Ghosh, N. Pissinou, and K. Makki. Collaborative Trust-based Secure Routing Against Colluding Malicious Nodes in Multi-hop Ad hoc Networks. In Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks (LCN’04), pages 224–231, Washington, DC, USA, 2004. IEEE Computer Society. N. Pissinou, T. Ghosh, and K. Makki. Collaborative Trust-Based Secure Routing in Multihop Ad hoc Networks. In NETWORKING 2004, Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications, pages 1446–1451, 2004. C. Zouridaki, B. L. Mark, M. Hejmo, and R. K. Thomas. A Quantitative Trust Estab-lishment Framework for Reliable Data Packet Delivery in MANETs. In Proceedings of the 3rd ACM orkshop on Security of Ad hoc and Sensor Networks (SASN’05), pages 1–10, New York, NY, USA, 2005. K. Meka, M. Virendra, and S. Upadhyaya. Trust Based Routing Decisions in Mobile Ad-hoc Networks. In Proceedings of the Workshop on Secure Knowledge Management (SKM 2006), 2006. Y.-C. Hu, D. B. Johnson, A. Perrig, “SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad hoc Networks,” Proc. 4th IEEE Workshop on Mobile Computing Systems and Applications, Callicoon, NY, Jun. 2002, pp. 3-13. K. Sanzgiri, B. Dahill, B. Levine, C. Shields, and E. Belding-Royer, “A Secure Routing Protocol for Ad Hoc Networks,” Proc. of IEEE International Conference on Network Protocols (ICNP), pp. 78 -87, 2002. Y.-C. Hu, A. Perrig, D. B. Johnson, “Ariadne: A Secure On-Demand Routing Protocol for Ad hoc Networks,” Proc. 8th ACM Int’l. Conf. Mobile Computing and Networking (Mobicom’02), Atlanta, Georgia, Sep. 2002, pp. 12-23. M. Zapata, “Secure Ad Hoc On-Demand Distance Vector (SAODV),” Internet draft, draft-guerrero-manet-saodv-01.txt, 2002. D. Cerri, A. Ghioni, “SecuringAODV: The A-SAODV Secure Routing Prototype,” IEEE Communication Magazine, Feb. 2008, pp 120-125. K. Mishra, B. D. Sahoo, “A Modified Adaptive-Saodv Prototype For Performance Enhancement In Manet,” International Journal Of Computer Applications In Engineering, Technology And Sciences (Ij Ca-Ets), Apr. 2009 – Sep. 2009, pp 443-447.
http://www.ijcttjournal.org
Page 55
International Journal of Computer Trends and Technology (IJCTT) – volume 14 number 2 – Aug 2014 [19] P. Ning and K. Sun, “How to Misuse AODV: A Case Study of Insider Attacks Against Mobile Ad-Hoc Routing Protocols”, Proc.of the 2003 IEEE Workshop on Information Assurance United States Military Academy, West Point, NY., June 2003 [20] H. S. Chiu and K.-S. Lui, “Delphi: wormhole detection mechanism for ad hoc wireless networks,” in In Proc. of the First International Symposium on Wireless Pervasive Computing, 2006. [21] P. V. Tran, L. X. Hung, Y.-K. Lee, S. Lee, and H. Lee, “Ttm: An efficient mechanism to detect wormhole attacks in wireless ad-hoc networks,” in In Proc. of IEEE CCNC,2007 [22] Shah Vrutik,Modi N,Patani A. "aodvgap-an acknowledgment based approach to mitigate selective forwarding attacks in manet" in international journal of computer engineering & technology (IJCET) ISSN 0976 – 6367(P) ISSN 0976 – 6375(Online) Volume 3, Issue 2, July- September (2012), pp. 458-469 [23] Shah Vrutik,Modi N “An inquisition based Detection and Mitigating Techniques of AODV Protocol in Existence of Packet Drop Attacks” International Journal of Computer Applications(IJCA) Volume 69 Number 7 ,2013 Doi:10.5120/11851-7607 [24] Verma Amandeep and Gujral Manpreet Singh, “Performance Analysis of Routing Protocols for Ad hoc Networks,” International Journal of Computer Science and Emerging Technologies, Vol. 2, No. 4, pp. 484487, August 2011, Published by ExcelingTech Publisher, UK [25] L. Eschenauer and V. Gligor, “A key-management scheme for distributed sensor networks,” in Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM, 2002, pp. 41–47.
I. Author’s Profile
Vrutik Shah was born in India in 1980; He is a Ph.D scholar in Computer Science He received his MCA degree in Computer Science and Application. His research interest includes security in wireless networks, Ad- Hoc networks, and network protocols. He is working in Computer Science Department, Inuds University Ahmedabad.This work is a part of Ph.D Program from KARPAGAM University, Coimbatore, INDIA.
Dr. Nilesh K Modi received the MCA degree from A.M.P.Institute of Computer Studies, Kherva, Gujarat, India and PhD from Bhavnagar University in 2006. He is working as a professor & head of MCA department in Sarva Vidyalaya’s Institute of Computer Studied, S V Campus, Kadi, Gujarat,India. He is Associate Life Member in Computer Society of India (CSI) Mumbai, Senior Associate Member in International Association of Computer Science and Information Technology (IACSIT) Singapore, Senior Member in International Association of Engineers (IAEng) Hong Kong,Senior Member in Computer Security Institute NewYork, Member in Data Security Council of India (DSCI) NASSCOM initiative New Delhi. Author has published presented more than 18 in ternational papers and more than 25 national papers. His areas of research interest are Data mining, Computer network, information security
ISSN: 2231-5381
http://www.ijcttjournal.org
Page 56
