Secured Authentication and Signature Routing ... - Springer Link

Secured Authentication and Signature Routing Protocol for WMN (SASR) Geetanjali Rathee, Hemraj Saini and Satya Prakash Ghrera

Abstract Security provisions are a significant influence in the conception of security system for wireless mesh networks (WMNs). It is therefore necessary to guard the identities of individual clients to avoid personal privacy concerns. Numerous susceptibilities exist in different protocols for WMNs (i.e. Overhead, storage, availability of resources). These ambiguities can be discussed by probable attackers to bring down the network performance. In this manuscript, we offer a secure authentication and signature routing protocol (SASR) based on diffie-helman model and threshold signature for reducing response time and improve the security at mesh node. The proposed approach validates the certification of the mesh nodes effectively and paves the path for secure communication. Since the protocol uses Diffie-Helman key mode and threshold signature, very little key is enough for obtaining the needed protection. This thins out the bandwidth allocation for key, so the security constraints will not move the bandwidth by any means, which is an additional advantage over other systems. Keywords Wireless mesh network Threshold Security





Diffie-Helman
SASR
Authentication


G. Rathee (&)
H. Saini
S.P. Ghrera Computer Science Department, Jaypee University of Information Technology, Waknaghat, Solan, Himachal Pradesh, India e-mail: [email protected] H. Saini e-mail: [email protected] S.P. Ghrera e-mail: [email protected] © Springer India 2016 S.C. Satapathy et al. (eds.), Proceedings of the Second International Conference on Computer and Communication Technologies, Advances in Intelligent Systems and Computing 380, DOI 10.1007/978-81-322-2523-2_31

327

328

G. Rathee et al.

1 Introduction Due to the reason that wireless mesh networks (WMNs) are becoming a progressively prevalent replacement skills for last-mile associativity to the home and public networking, it creates a necessity to design proficient and secure communication protocols for such network setups. Currently, implemented security and confidentiality protocols are dependent on confidence and the repulsion network entity (Sen 2010a, b). Most of them are architects for secreting mobile ad hoc networks (MANETs)[1] which prevents unauthorized access, thus strong authentication is required. Authentication is controlled in any two transmitting arrangements (either a set of MCs or MR) to know the legality. They get the shared common keys which are applied in cryptographic algorithms extracting data unification. The study has already been borne out on public key crypto systems to manage secure communication, but it passes to the performance issues such as cluster heads availability, response time, and overhead of traffic. We have offered a secured authentication and signature routing protocol (SASR) for reducing traffic overhead inside the web and improve the security at mesh client side. The proposed Authentication protocol verifies the certification of the mesh nodes effectively and paves the path for secure communication. Since our protocol uses Elliptic curve cryptography (ECC), even a small sized key is enough for obtaining the needed protection.

2 Related Work Mishra and Arbaugh [2, 3] proposed a standard technique for customer confirmation and access control to ensure an abnormal state of adaptability and straightforwardness to all clients in a remote system. In order to adapt to the security issue, a key (Proactive) circulation has been proposed by (Prasad and Wang 2005) [4–7]. Prasad et al. [8] proposed a technique in which, a lightweight validation and (AAA) bookkeeping base is utilized for giving constant, on-interest, endways security in heterogeneous systems together with WMNs. The issue of client security in WMNs has additionally pulled in the consideration for examination group. In Wu et al. (2006) [9–11], a lightweight protection, protecting arrangement has been introduced to accomplish decently kept up harmony between system execution and activity protection conservation. In [12, 13], a limited validation plan has been proposed, in that verification is accomplished generally between the MRs and the MCs in a mixture expansive scale WMN worked with various administrators. Every administrator keeps up its own CA. Every CA is in charge of issuing authentications to its clients. Remote double validation convention (WDAP) (Zheng et al. 2005) [14] has suggested 802.11 WLAN and can be reached out to WMNs.

Secured Authentication and Signature Routing Protocol …

329

Table 1 Comparative analysis of previously proposed approaches Protocol AISA [2, 3]

AIM Provide client authentication

FPBPKD [4] LHAP [7]

Proactive key distribution Authenticate mobile clients in dynamic environment Provide continuous end to end security in a heterogeneous network

LAAA [8]

Cons Security problem with real time traffic Traffic overhead problem Increases computational overhead User privacy concerns

In the initial strategic initiative, we have studied the previous proposed approach, the analysis of which is shown in Table 1, showing their drawbacks and objectives. In the third section, we have proposed a solution which reduces the above cons.

3 Proposed System A strong base for secure communication in WMNs is the aim of this paper with good access control. In our model we consider the hierarchical WMNs architecture which consists of three layers. For our framed model, the topmost layer is the backbone Internet gateway (IGWs) which supplies the Internet connectivity to a second stratum. The second layer is Wireless mesh routers (MRs) which forwards the traffic to IGWs through multi-hop mode. The third layer comprises of mesh clients (MCs) which are wireless user devices. In our case single MR and its corresponding mesh clients form a Zone. In this network providing security and confidentiality to the user is a major constraint and challenging as well.

3.1

Key Distribution

Each mesh client in MRs agrees on a shared key ‘ks’ with zone MR using group Diffei-Helman key algorithm. Every zone maintains a shared key with its MR. Whenever a new mesh client enters into a zone it needs to agree upon a shared key ‘Ks’ with MR. Each zone MR of any zone needs to harmonize with adjacent zone MR with a cluster shared key (KC1, 2, KC1, 3, KC2, 3… KCm, n) with group Diffie-Helman key algorithm. Zone shared key value changes depending on the number of neighboring zones. The adjacent zone shared key for every zone MR is shared with its neighbor MR where the shared key (KS) ensures the intra zone authentication and shared cluster key (Ksh) provides inter cluster authentication.

330

G. Rathee et al.

As a cluster head selection is based on metric ‘AK’, it can contain more keys and compute the cryptographic operations.

3.2

Inter Zone Communication

If we consider a situation in which a mesh client source ‘Sr’ in a zone wants to communicate with destination mesh client ‘Dn’ in an adjacent zone. Besides, a source mesh client and destination mesh client contains a shared key of respected zones and their zone MR contains shared keys of the zone as well as all the zone shared keys. The following steps are followed during communication: 1. Mesh client Source ‘S’ encrypts the message with shared key ‘Kns’ and transmits it to zone MR where ‘n’ is cluster number. 2. Zone MR decrypts the message and confirms the authentication of mesh client Source, as it contains shared key of the respective zone. 3. The message is coded with the shared key ‘KCm, n’ destination Zone MR which forwards it to neighboring zones. 4. Next, the message is decrypted for authentication purpose after reaching the destination mesh client zone MR. 5. Later, encrypt the message with shared key of respective zone and forward to the destination client. Finally, the destination mesh client decrypts the message with a shared key. Figure 1 shows the diagrammatic representation of key distribution and inter zone communication.

3.3

Authentication Protocol Procedure

In order to access the receiving node, sender ‘sr’ will generate a random number r1 to calculate the requesting code Rc. The ‘sr’ will pass Rc as a request to the receiver as an authentication verification initiation. While at the receiver side, the receiver will send another generated random number r2 to the sender. The authentication verification AV will be generated by sender in response. To complete the verification process, AV will be sent at the receiver side. If AV of the sender and receiver are the same, then authentication process will be finished.

3.4

Cluster Formation and Cluster Head Selection

In cluster formation, a fixed radius circle is formed by a node as the midpoint and choosing randomly trivial distance as radius ‘r’. The middle node is selected

Secured Authentication and Signature Routing Protocol …

331

Fig. 1 Key distribution and intercluster communication

randomly within the range of 1 hop distance. The midpoint of the original circle is designed by calculating the mean of all points and radius r is augmented by the distance two of the successive nodes. The nodes then respond back and in this manner the clusters are formed which is depicted in Fig. 2. The cluster head selection of cluster head (CH) in a WMN based on the Trust-value and within hop distance. For this purpose, consider that there are n which are within distance d of a CH for given Trust-Value. Also, the lifetime of cluster starts from the time a node is selected as CH until it changes its status to normal node. The cluster lifetime mainly depends on mobility issues and on link stability. It is assumed that the neighboring node is maintained in the table for 3 * counter seconds and is rejected in case there is no more grouping message received. First, Message History (MH) for all nodes is taken as null 0 or >= 1. The TRUST-VALUE (TV) can be further calculated as indicated in Eq. (1):
TVi;j ¼ TVi;j þ TVi1;j þ TVi2;j . . .. . .. . .. . .::TV0;j =MH

ð1Þ

where i,j є node, TVi,j represents TRUST_VALUE of node i on node j. When a node onwards a packet, it beads some extent of energy, which depends on packet size and its behavior. Hence the only individual energy power is taken while constructing the path. The CH selection technique can be explained as below: Step 1: First, initialize the parameters CHcurr, CHprev, TIMEprev, Curr () to 0 or null.

332

G. Rathee et al.

Fig. 2 Cluster formation

Step 2: Then, the clustering message sending time will be set as time_out which is calculated as thrice of the return. Step 3: After that, calculate the TV of each node from the Eq. (1). Step 4: Initialize the MH as 0 or null. Step 5: The given condition will be checked by using while (Time prev _Curr () or TRUST_VALUE (CH prev ) ≤ 1 =0) Do CHprev remains as CH End while

Step 6: Compare TV of previous and current Cluster Head using If (TV (CHprev ) =TV (CHcur ) and MH (CHprev) =MH (CHcur)) Then both CH prev and CH cur remains as CH; else Select new CH End if

4 Authentication Technique Using Threshold Signature 4.1

Generation of Pseudonyms

The generation of pseudonym required for privacy of each node starts with nodes having the desired trust value (TV). The CH generates pseudonyms for the entire node inside the cluster by using corresponding polynomial. Also, each CH calculates CH CH idR = H0(IDR) and secret sharing fm j ðxÞ : PKR ¼ fm j ðxÞðidA Þ where ð1  R  n1 Þ:

Secured Authentication and Signature Routing Protocol …

4.2

333

Authentication Techniques

The authentication process starts with the generation of threshold signature. The network consists of the following parameters: (a) cluster head; (b) a set of Member Node X = {N1………NS2) where NS2 represents identity of the ith (1