A Security Enhanced AODV Routing Protocol Based On ... - Google Sites

1 downloads 213 Views 237KB Size Report
Abstract—Ad Hoc networks are characterized by open medium, dynamic topology ... provide secure and reliable data forwa
A Security Enhanced AODV Routing Protocol Based On the Credence Mechanism Liu Jun, Li Zhe, Lin Dan and Liu Ye Institute of Telecommunications and Information Systems, Faculty of Information Science & Engineering, Northeastern University Shenyang 110004, China [email protected] Abstract—Ad Hoc networks are characterized by open medium, dynamic topology, distributed cooperation and constrained capability. These characteristics set more challenges for security. Routing security is the most important factor in the security of the entire network. However, few of current routing protocols have the consideration about the security problems. This paper analyzes the potential insecurity factors in the AODV protocol. A security routing protocol based on the credence model is proposed, which can react quickly when some malicious behaviors in the network are detected and effectively protects the network from kinds of attacks and guarantees the security of Ad Hoc networks. Keywords: Mobile Ad Hoc network; routing security; credence; AODV routing protocol

I. INTRODUCTION MANET (Mobile Ad Hoc Networks) [1] comprised of a collection of mobile nodes connected with wireless link is a multi-hop and self-organized system. The features of Ad Hoc networks are autonomy, provisionality, infrastructureless and easily–constructed. It is primarily used in military information system of battle field, civil emergency search-and-rescue operations and other occasion. According to durative and random motion of the nodes in Ad Hoc network, the topology of the network keeps changing and unstable, additionally the features of Ad Hoc network are the same as that of normal wireless system, all of which make security problems of Ad Hoc network more complex than the traditional wired network, especially the security of routing protocols [2]. II. SECURITY PROBLEMS IN AODV PROTOCOL AODV (Ad Hoc On-Demand Distance Vector Routing) [3] has been one of the most popular on-demand (only when one node need to communicate with someone, the route to the destination will be built) routing protocols, which has been standardized by IETF. However, the security of AODV isn’t concerned. Several main attacks have been listed as follows: A. Black Hole Attack The attacker broadcasts some fraudulent messages to make others believe that data can be transmitted through itself with the shortest path or least cost, while this trickster never

0-7803-9335-X/05/$20.00 ©2005 IEEE

forwards these data packets, which forms a “black hole”, that is, absorbing in everything but never giving out. B.

Routing Table Overflow Attack A malicious node keeps sending a large number of Route Request (RREQ) message for some node that don’t exist, which consumes lots of computation and network bandwidth and causes failure to build normal route, even the paralysis of entire network. C. Network Segmentation Attack • Fabricating RERR Packet Attack: Malicious nodes broadcast fabricated Route Errors (RERR) packets to destroy the route table of its neighbors, which causes network segmentation and lower performance. •

Interrupt Routing Attack: The selfish node drops the received routing messages from its neighbors for limited power and computation ability, which also causes network segmentation.

Currently, a feasible method to guarantee the protocol safety is encryption and certification [4, 5]. But the topology changes much frequently in Ad Hoc networks, and the implementation of messages encryption and decryption is complicated, so this may consumes great computing resources of the node systems, which is a big challenge to the Ad Hoc nodes’ limited battery energy. III.

A SECURITY MECHANISM BASED ON AODV PROTOCOL

A security mechanism based on AODV protocol is proposed in this paper. It reinforces the protocol function, proposing AODV-AD (AODV with Attack Detection). On the other hand, it builds a credence mechanism for the network: when a malicious node is judged as an attacker by the credence mechanism, the protocol implements routing reconstruct to isolate the attacker from the network. Meanwhile, in order to provide secure and reliable data forwarding services, nodes should priorly use the route with high credence value when routing packets. Both of them collaboratively implement the evaluation of the credence value, and complete the network security defense.

719

A.

AODV-AD protocol Some modifications are made on AODV protocol to be able to detect the attacks. •

Black Hole Attack Detection. Using further request mechanism (FRQ): adds the next hop in the Route Reply (RREP) of the intermediate node. When the source S receives RREP sent by B and knows that B has a fresh route to destination D and next-hop is N, S would send a FRQ to N along another route without B and inquire that whether N is the neighbor of B and whether N has a fresh route to D. If both of the answers are yes, B is not malicious.



Routing Table Overflow Attack (DDOS) Detection. If there is massive RREQ in the network, it can be found that the table overflow attack is happening. The detecting solution is creating a table recorded the number of RREQ from other nodes and a timer. If during a period of time, the number of RREQ is bigger than the threshold, the sender would be suspicious.



Fabricating RERR Packet Attack Detection. The detecting method of RERR fabrication is sending test packets. When a node with lower credence value sends a RERR packet, to prevent partitioning attack, the receiver would send a test packet to make out whether the nodes marked in RERR are really unreachable. If the RERR receiver receives reply of the test packet, the RERR sender may be malicious.



Interrupt Routing Attack (Selfish Node) Detection. The credence mechanism can detect this selfish behavior through neighbor monitoring.

B. Credence mechanism built on AODV protocol Definition 1: A belief that the entity (human) will behave without malicious intent and a belief that the rational entity (system) will resist malicious manipulation.

Credence is just the trust degree between network entities. Thus, the establishment of credence is much close to monitoring behavior of the entities. According to the network hierarchy, the nodes' behavior can be classified into three kinds:



Providing reliable information to decide whether a node is trustful.



Encouraging cooperation among nodes.



Preventing the cooperation service protected by the mechanism from being accessed by malicious nodes.

The credence value is obtained from monitoring neighbors' behavior and exchanging information with other nodes. The value is recorded in credence table, and each node has an entry. 1) Credence Establishment

0-7803-9335-X/05/$20.00 ©2005 IEEE

Behavior 1: Route packet processing;



Behavior 2: Data packet forwarding;



Behavior 3: Four kinds of attacks on AODV protocol concluded in part II.

Correspondingly, credence is also sorted into three categories, which represent different aspects of a node's credit. For example, a node can provide reliable forwarding data packet service, but it can not forward routing information. The credence categories can make more accurate evaluation on nodes' behavior, which will benefits making better use of network resources and finding malicious nodes more quickly. The credence categories are: •

Routing information credence category: evaluating behavior 1.



Forwarding data information credence category: evaluating behavior 2.



Malicious behavior credence category: evaluating behavior 3.

2) Credence Quantization Credence quantization means manner of representing credit. There are usually two ways: discrete and continuous. Discrete manner doesn't fit for Ad Hoc networks, because its dynamic topology makes credence value changing all the time. Further, the credence model in this paper also demands continuous representation. The reasons are:

Definition 2: Credence is just a credit measurement of entities in the network. The credence mechanism is mainly used to prevent the security threat brought by malicious nodes, especially selfish nodes. All nodes evaluate their neighbors' credence dynamically. When finding suspect nodes, they will not communicate with these nodes at all. The main goals are as follows:





Credence evaluation needs plenty of entities' behaviors information. With discrete form, it's hard to decide the number of correct behaviors and the mapping relation with the degree of discrete credence.



When two or several of credence categories are not in the same degree, it's hard to evaluate the whole credence of the entity.

Thus, continuous representation is adopted, and the credence value changes from -1 to 1. "-1" means untrusty at all; smaller than 0 means untrusty; bigger than 0 means trusty; "+1" means completely trusty. 3) Credence Computation a) Computation of Routing Credence Category Routing Credence Computation Rr denotes the value of routing credence category, depending on two parameters: Rrs – the number of forwarding routing packet successfully, Rrf – the number of failing to forward routing packet. When forwarding routing packet successfully, the credence value is increased and the node is considered credible, then the Rr value changing range should be [0, +1]. Moreover, as Rrs increases Rr becomes closer to 1. Hence, it can be prompt for 720

the new nodes to join in the network when they forward routing packet successfully. The formula used is (1). Rr = 1−

2 * Rrf Rrs + Rrf

in which Rrs + Rrf ≠ 0 ; otherwise Rr = 0

(1)

When failing to forward routing packet, the credence value is decreased and the node is considered incredible, then the Rr value changing range should be [-1, 0]. And as Rrf increases Rr becomes closer to -1. The formula used is (2). 2 * R rs Rr = − 1 in which R rs + R rf ≠ 0 ; otherwise R r = 0 R rs + R rf

(2)

According to (1) (2), we can generalize the formula of routing credence category, as (3). Rr =

R rs − R rf R rs + R rf

in which R rs + R rf ≠ 0 ; otherwise R r = 0

(3)

b) Forwarding Credence Computation In a similar way, the formula of forwarding credence category is as follows: Rf =

R fs − R ff R fs + R ff

in which R fs + R ff ≠ 0 ; otherwise R f = 0

(4)

Rf denotes the value of forwarding credence category, Rfs denotes the number of forwarding data packet successfully, Rff denotes the number of failing to forward data packet. c) Malicious Behavior Credence Computation Rm denotes the value of malicious behavior credence, in which m means the number of node’s behaviors. •

Increasing credence value for legitimate behavior.



When illegitimate behavior happens:

This credence category evaluates whether an entity has attack behavior. The credence value should be decreased largely when attack happens. If this entity’s previous works are normal (Rm >0), its credence will be cut into a half. when entity has   Rm + ∆R legitimate behavior  (5) when entity has  Rm +1 =  Rm / 2 − ∆R Rm > 0 illegitimate behavior  when entity has  Rm − 2 * ∆R Rm < 0 illegitimate behavior  Meanwhile, if Rm is close to zero, the value will be further decreased by ∆R besides halving; if the entity has had abnormal performance before (Rm