AVOIDING EAVESDROPPING IN MANET THROUGH HYBRID CRYPTOGRAPHIC TECHNIQUE

N S VINDHYA 1, DR. B SIVAKUMAR2. M.E, P.G.D.B.A, PHD 1 M.Tech 4th sem [DCN],TCE Of Dept, Bangalore Vin h!ans.4"gmail.com # $rofessor % &OD, Dept of TCE, Dr.'(T, Bangalore
1. INTRODUCTION A mobile ad hoc network (MANET) is a self-configuring infrastructure less network of mobile devices connected by wireless link. Each device in a MANET is free to move inde endently in any direction! and will therefore change its links to other devices fre"uently. Each must forward traffic unrelated to its own use! and therefore be a router. The rimary challenge in building a MANET is e"ui ing each device to continuously maintain the information re"uired to ro erly route traffic. An intrusion detection system (#$%) is re"uired that monitors the network! detects misbehavior or anomalies and notifies other nodes in the network to avoid or unish the misbehaving nodes. Numerous schemes have been ro osed for #ntrusion for Ad hoc networks. The ultimate goal of the security solutions for Ad hoc networks is to rovide security services! such as authentication! confidentiality! integrity! anonymity! and availability! to mobile users. #n this a er! we ro ose and im lement a new intrusion-detection system called Enhanced Ada tive A&'nowledgment (EAA&') s ecially designed for Adhoc network. The ro osed #$% demonstrates higher maliciousbehavior-detection rates in certain circumstances while does not greatly affect the network erformances. (ybrid cry tic system increase higher level authentication and avoids false misbehavior.

*ireless cellular systems have been in use since +,-.s. *e have seen their evolutions to first! second and third generation/s wireless systems. *ireless systems o erate with the aid of a centrali0ed su orting structure such as an access oint. These access oints assist the wireless users to kee connected with the wireless system! when they roam from one lace to the other. An Ad-hoc network is a collection of wireless mobile nodes which dynamically forming a tem orary mobile nodes which dynamically forming a tem orary network without the aid of any established infrastructure or centrali0ed administration. The changes on the to ology are managed by s ecific rotocols such as A1$2! 13%4. MANET is ca able of creating a self-configuring and self-maintaining network without the hel of a centrali0ed infrastructure! which is often infeasible in critical mission a lications like military conflict or emergency recovery. Minimal configuration and "uick de loyment make MANET ready to be used in emergency circumstances where an infrastructure is unavailable or unfeasible to install in scenarios like natural or human-induced disasters! military conflicts! and medical emergency situations. The absence of infrastructure makes MANETs more vulnerable to attacks than other conventional networks. %ince the rotocols designed for MANETs are based on the coo eration among nodes (and! therefore! on the confidence on these nodes)! its s ecifications co e well with network to ology changes. (owever! it also makes them vulnerable against malicious attacks. There are several kind of attacks or vulnerabilities in MANET like wireless links renders a wireless ad-hoc network susce tible to attacks ranging from assive eavesdro ing to active interfering. 5nlike wired networks where an adversary must gain hysical access to the network wires or ass through several lines of defense at firewalls and gateways! attacks on a wireless ad-hoc network can come from all directions and target at any node. $amages can include leaking secret information! message contamination and node im ersonation. $ecision-

Index Terms)$igital signature! digital signature algorithm ($%A)! Enhanced Ada tive A&'nowledgment (AA&') (EAA&')! Mobile Ad hoc NETwork (MANET).

making in ad-hoc networks is usually decentrali0ed and many ad-hoc network algorithms rely on the coo erative artici ation of all nodes. The lack of centrali0ed authority means that the adversaries can e6 loit this vulnerability for new ty es of attacks designed to break the coo erative algorithm. Ad-hoc routing resents another vulnerability. Most ad-hoc routing rotocols are also coo erative in nature. An malicious node could araly0e the entire wireless network by disseminating false routing information. 7rom above security breach scenarios ! it is crucial to develo an intrusion-detection system (#$%). 2. EXISTING SYSTEM The limitations of most MANET routing rotocols! nodes in MANETs assume that other nodes always coo erate with each other to relay data. This assum tion leaves the attackers with the o ortunities to achieve significant im act on the network with 8ust one or two com romised nodes. To address this roblem! an #$% should be added to enhance the security level of MANETs. #f #$% can detect the attackers as soon as they enter the network! we will be able to com letely eliminate the otential damages caused by com romised nodes at the first time. There are several #$% systems ro osed for MANET and they are e6 lained further. WATCHDOG: *atchdog algorithm aims to im rove the through ut of network with the resence of malicious nodes. *atchdog serves as an #$% for MANETs. #t is res onsible for detecting malicious node misbehaviors in the network. *atchdog detects malicious misbehaviors by romiscuously listening to its ne6t ho 9s transmission. #f a *atchdog node overhears that its ne6t node fails to forward the acket within a certain eriod of time! it increases its failure counter. *henever a node9s failure counter e6ceeds a redefined threshold! the *atchdog node re orts it as misbehaving. the *atchdog scheme fails to detect malicious misbehaviors with the resence of the following: +)ambiguous collisions; <) receiver collisions; =) limited transmission ower; >) false misbehavior re ort; ?) collusion; and @) artial dro ing. TWOACK: *ith res ect to the si6 weaknesses of the *atchdog scheme! many researchers ro osed new a roaches To solve these issues. T*1A&' is neither an enhancement nor a *atchdog-based scheme. Aiming to resolve the receiver collision and limited transmission ower roblems of *atchdog! T*1A&' detects misbehaving links by acknowledging every data acket transmitted over

every three consecutive nodes along the ath from the source to the destination. 5 on retrieval of a acket! each node along the route is re"uired to send back an acknowledgment acket to the node that is two ho s away from it down the route. The T*1A&' scheme successfully solves the receiver collision and limited transmission ower roblems osed by *atchdog. (owever! the acknowledgment rocess re"uired in every acket transmission rocess added a significant amount of unwanted network overhead. $ue to the limited battery ower nature of MANETs! such redundant transmission rocess can easily degrade the life s an of the entire network. AACK AA&' is an acknowledgment-based network layer scheme which can be considered as a combination of a scheme called TA&' (identical to T*1A&') and an end-to-end acknowledgment scheme called A&'nowledge (A&'). &om ared to T*1A&'! AA&' significantly reduced network overhead while still ca able of maintaining or even sur assing the same network through ut.

7igure +: 7low chart for A&' scheme #n the A&' scheme shown in 7ig. +! the source node % sends out Aacket + without any overhead e6ce t < b of flag indicating the acket ty e. All the intermediate nodes sim ly forward this acket. *hen the destination node $ receives Aacket +! it is re"uired to send back an A&' acknowledgment acket to the source node % along the reverse order of the same route. *ithin a redefined time eriod! if the source node % receives this A&' acknowledgment acket! then the acket transmission from node % to node $ is successful. 1therwise! the source node % will switch to TA&' scheme by sending out a TA&' acket. The conce t of ado ting a hybrid scheme in AA&' greatly reduces the network overhead! but both T*1A&' and AA&' still suffer from the roblem that they fail to detect malicious nodes with the resence of false misbehavior re ort and forged acknowledgment ackets.

The security in MANETs is defined as a combination of rocesses! rocedures! and systems used to ensure confidentiality! authentication! integrity! availability! and nonre udiation. $igital signature is a widely ado ted a roach to ensure the authentication! integrity! and nonre udiation of MANETs. #t can be generali0ed as a data string! which associates a message (in digital form) with some originating entity! or an electronic analog of a written signature. Many researchers worked on the encry tion techni"ues and results shows $%A works better than 4%A with better through ut. 7ig. =: 3imited transmission ower: Node B limits its transmission ower so that the acket transmission can be overheard by node A but too weak to reach node &. #n the case of limited transmission ower! in order to reserve its own battery resources! node B intentionally limits its transmission ower so that it is strong enough to be overheard by node A but not strong enough to be received by node &! as shown in 7ig.= 7or false misbehavior re ort! although node A successfully overheard that node B forwarded Aacket + to node &! node A still re orted node B as misbehaving! as shown in 7ig. >. $ue to the o en medium and remote distribution of ty ical MANETs! attackers can easily ca ture and com romise one or two nodes to achieve this false misbehavior re ort attack

3.

DESIGNING OF EAACK TECHNIQUE:

The ro osed a roach EAA&' is designed to tackle three of the si6 weaknesses of *atchdog scheme! namely! false misbehavior! limited transmission ower! and receiver collision. Before detailing ro osed system the weakness are e6 lained for better understanding of ro osed system designing and im lementation.

7ig. <: 4eceiver collisions: Both nodes B and C are trying to send Aacket +and Aacket <! res ectively! to node & at the same time. #n a ty ical e6am le of receiver collisions! shown in 7ig. < after node A sends Aacket + to node B! it tries to overhear if node B forwarded this acket to node &; meanwhile! node C is forwarding Aacket < to node &. #n such case! node A overhears that node B has successfully forwarded Aacket + to node & but failed to detect that node & did not receive this acket due to a collision between Aacket + and Aacket < at node &.

7ig. >: 7alse misbehavior re ort: Node A sends back a misbehavior re ort even though node B forwarded the acket to node &. The a roach described in this a er is based on revious #$%! where the backbone of EAA&' was ro osed and evaluated through im lementation. #n this a er! we e6tend it with the introduction of digital signature to revent the attacker from forging acknowledgment ackets. The im lementation of the ro osed system is as shown in the flow chart given in fig ?.

eriod! if node % receives $a)+! then the acket transmission from node % to node $ is successful. 1therwise! node % will switch to %-A&' mode by sending out an %-A&' data acket to detect the misbehaving nodes in the route. B. S-ACK The %-A&' scheme is an im roved version of the T*1A&' .The rinci le is to let every three consecutive nodes work in a grou to detect misbehaving nodes. 7or every three consecutive nodes in the route! the third node is re"uired to send an %-A&' acknowledgment acket to the first node. The intention of introducing %-A&' mode is to detect misbehaving nodes in the resence of receiver collision or limited transmission ower. As shown in 7ig. D! in %-A&' mode! the three consecutive nodes (i.e.! 7+! 7<! and 7=) work in a grou to detect misbehaving nodes in the network. Node 7+ first sends out %-A&' data acket $sa + to node 7<. Then! node 7< forwards this acket to node 7=. *hen node 7= receives $sa +! as it is the third node in this three-node grou ! node 7= is re"uired to send back an %A&' acknowledgment acket $sa)+ to node 7<. Node 7< forwards $sa)+ back to node 7+. #f node 7+ does not receive this acknowledgment acket within a redefined time eriod! both nodes 7< and 7= are re orted as malicious. Moreover! a misbehavior re ort will be generated by node 7+ and sent to the source node %. Nevertheless! unlike the T*1A&' scheme! where the source node immediately trusts the misbehavior re ort! EAA&' re"uires the source node to switch to M4A mode and confirm this misbehavior re ort. This is a vital ste to detect false misbehavior re ort in our ro osed scheme.

7ig.?: %ystem control flow: This figure shows the system flow of how the EAA&' scheme works.

1therwise! if the attackers are smart enough to forge acknowledgment ackets! all of the three schemes will be vulnerable. #n order to ensure the integrity of the #$%! EAA&' re"uires all acknowledgment ackets to be digitally signed before they are sent out and verified until they are acce ted. (owever! we fully understand the e6tra resources that are re"uired with the introduction of digital signature in MANETs.

7igure @: 7low chart for EAA&' The 7igure @ resents a flowchart describing the EAA&' scheme. #t is assumed that the link between each node in the network is bidirectional. The destination node are not malicious. 5nless s ecified! all acknowledgment ackets described in this research are re"uired to be digitally signed by its sender and verified by its receiver. A. ACK A&' is basically an end-to-end acknowledgment scheme. #t acts as a art of the hybrid scheme in EAA&'! aiming to reduce network overhead when no network misbehavior is detected. #n 7ig. -! in A&' mode! node % first sends out an A&' data acket $a + to the destination node $. #f all the intermediate nodes along the route between nodes % and $ are coo erative and node $ successfully receives $a +! node $ is re"uired to send back an A&' acknowledgment acket $a)+ along the same route but in a reverse order. *ithin a redefined time

7ig. D: %-A&' scheme: Node & is re"uired to send back an acknowledgment acket to node A.

C. MRA The M4A scheme is designed to resolve the weakness of *atchdog when it fails to detect misbehaving nodes with the resence of false misbehavior re ort. The false misbehavior re ort can be generated by malicious attackers to falsely re ort innocent nodes as malicious. This attack can be lethal to the entire network when the attackers break down sufficient nodes and thus cause a network division. The core of M4A scheme is to authenticate whether the destination node has received the re orted missing acket through a different route. To initiate the M4A mode! the source node first searches its local knowledge base and seeks for an alternative route to the destination node. #f there is no other that e6ists! the source node starts a $%4 routing re"uest to find another route. $ue to the nature of MANETs! it is common to find out multi le routes between two nodes. By ado ting an alternative route to the destination node! we circumvent the misbehavior re orter node. *hen the destination node receives an M4A acket! it searches its local knowledge base and com ares if the re orted acket was received. #f it is already received! then it is safe to conclude that this is a false misbehavior re ort and whoever generated this re ort is marked as malicious. 1therwise! the misbehavior re ort is trusted and acce ted. By the ado tion of M4A scheme! EAA&' is ca able of detecting malicious nodes des ite the e6istence of false misbehavior re ort. D. DIGITA SIGNATURE EAA&' is an acknowledgment-based #$%. All three arts of EAA&'! namely! A&'! %-A&'! and M4A! are acknowledgment-based detection schemes. They all rely on acknowledgment ackets to detect misbehaviors in the network. Thus! it is e6tremely im ortant to ensure that all acknowledgment ackets in EAA&' are authentic and untainted. 1therwise! if the attackers are smart enough to forge acknowledgment ackets! all of the three schemes will be vulnerable. *ith regard to this urgent concern! we incor orated digital signature in our ro osed scheme. #n order to ensure the integrity of the #$%! EAA&' re"uires all acknowledgment ackets to be digitally signed before they are sent out and verified until they are acce ted. (owever! we fully understand the e6tra resources that are re"uired with the introduction of digital signature in MANETs. To address this concern! we im lemented both $%A and self healing digital signature schemes in our ro osed a roach. The goal is to find the

most o timal solution for using digital signature in MANETs. 3imitation of the $%A techni"ue in EAA&': The $%A works better than any other encry tion techni"ue. But the key used in the encry tion or message digest generation should be registered with the certificate authority. #f the new mobile nodes are entering the network they have to register with the &A to get certificate along with encry tion key for communication . before obtaining the key is it communicates with network then it is marked as malicious . as the number of new mobile nodes entering the network increase the com le6ity for key generation also increases. To avoid this kind of roblems we ro ose EAA&' techni"ue in which we use self healing certificateless hybrid encry tion techni"ue for encry tion.

!. S"#$ H"%#&'( C")*&$&+%*"#",, E'+)-.*&/' 0SHC E1 Analogous to the &ertificate Authority in ublic key systems! there is a 'ey Eeneration &entre ('E&) in %(&3E which hel s in the generation and distribution of keys to some of the trusted nodes and once that rocess is done! 'E& goes offline. $istribution of keys is done by a novel method i.e.! linear olynomial key sharing method. Thus the de endence of third arty system is absent once the network gets stabili0ed. By this way! the key escrow roblem because of a &A in Aublic 'ey systems is overcome. IMP EMENTATION OF THE SHC E 11 F/) SHC -HE 3et F be a third arty system analogous to a &ertificate Authority (&A) in a Aublic 'ey based system. As e6 lained above! F is used only to initiate the key management rocess and hence the de endence on a third arty is absent after the network gets stabili0ed. A! B! &! $ be any four e6isting trust worthy nodes. E is a new comer. *teps +.'E& node F generates the Network key with as in ut. The Network key obtained is divided into threshold number of shares using the 3inear Aolynomial 'ey %haring method. G <. The nodes A! B! and & send their #$ to F. F takes #$ asthe in ut and using the 3inear Aolynomial 'ey %haring method! it yields the res ective shares for the nodes A! B! and &. Now the trust worthy nodes A! B

and & becomes the A$'E& nodes. Node $ though is a trust worthy node! is treated as a new comer because the threshold number of A$'E& nodes is assumed to be < for this illustration. After this the 'E& node F goes offline. =. The other nodes that are yet to receive any of the shares! send their #$ to the A$'E& nodes and in turn the A$'E& nodes will send the corres onding shares. All the nodes within the network with the hel of their H#$ and the threshold number of sharesI generate the Network key. > *hen the minimum number of threshold shares is not resent! one of the A$'E& nodes initiates %elf (ealing mechanism. 7or e6am le! if B and & leaves the network! node A initiates self healing based on "uery from E that it does not have enough share! and as a result node $ is made as A$'E& node to maintain the threshold number as 21ENCRYPTION: +. The %(&3-(E ci her method is used to generate the asymmetric ci her with data and Network key as its in ut. <. The robustness of the asymmetric ci her is further im roved by encry ting it again using a symmetric key. This symmetric key is agreed u on by both the communicating arties. =. 7urther to revent any mani ulation of the ci her! message integrity measures are also inbuilt in the system! hashing function is used to get the message digest which is also transmitted along with the ci her. 31 DECRYPTION +. The agreed u on symmetric key and the ci her obtained are fed as in ut to the %(&3-(E deci her block which yields the asymmetric ci her. <. The asymmetric ci her obtained from the revious ste and the agreed u on network key is fed as in ut to %(&3-(E deci her block that yields the transmitted message. =. The message digest obtained along with the ci her is develo ed and com ared with the yielded transmitted message. #f they are the same! then the transfer of message is successful. FOR CIPHER AND DECIPHER OPERATIONS +. The in ut data is analy0ed as =< bit block message which is divided into two +@ bit messages (+@ bit M%B and +@ bit 3%B).

<. =. >. ?.

@.

The 3%B +@ bits is C14ed with Network key(+@ bits) to result in +@ bit intermediate ci her +(+@ bits). This intermediate ci her + is a ended with the M%B +@ bits of the message to give the intermediate ci her <(=< bits). The intermediate ci her < is rotated right Jn9 number of times to obtain the =< bits final ci her. #n the $eci her block! the ci her obtained in the above ste is rotated left the same Jn9 number of times to result in the intermediate ci her =(=< bits). This is divided into two +@ bits (M%B +@ bits an 3%B +@ bits). The 3%B +@ bits are C14ed with the same key to obtain the intermediate ci her >. This +@ bits intermediate ci her is concatenated with the M%B +@ bits of the intermediate ci her = to obtain the transmitted in ut data.

2. SIMU ATION PARAMETERS 1ur simulation is conducted within the Network %imulator (N%) <.=> environment on a latform with E&& >.= and 3inu6 4ed (at.. The system is running on a la to with &ore < $uo TD<?. &A5 and =-EB 4AM. #n order to better com are our simulation results with other research works! we ado ted the default scenario settings in N% <.=>. The intention is to rovide more general results and make it easier for us to com are the results. #n N% <.=>! the default configuration s ecifies ?. nodes in a flat s ace with a si0e of @D. + @D. m. The ma6imum ho s allowed in this configuration setting are four. Both the hysical layer and the -.<.++ MA& layer are included in the wireless e6tension of N%<. The moving s eed of mobile node is limited to <. mKs and a ause time of +... s. 5ser $atagram Arotocol traffic with constant bit rate is im lemented with a acket si0e of ?+< B. 7or each scheme! we ran every network scenario three times and calculated the average erformance. #n order to measure and com are the erformances of our ro osed scheme! we ado t the erformance metric ThroughAut! End to End delay and energy level. The results for the different #$% is as fallows. Aarameter Through Aut E<E $elay Energy 3evel T*1 Ack ..D@? ...DD ,>.@> $%A ..DD= ..D@? ,>.@> %(&3E ..-,, ..+D,>.@>

@. &1N&35%#1N AN$ 75T54E *14': Aacketdro ing attack has always been a ma8or threat to the security in MANETs. #n this research a er! we have ro osed a novel #$% named EAA&' rotocol s ecially designed for MANETs and com ared it against other o ular mechanisms in different scenarios through simulations. The results demonstrated ositive erformances against *atchdog! T*1A&'! and AA&' in the cases of receiver collision! limited transmission ower! and false misbehavior re ort. 7urthermore! in an effort to revent the attackers from initiating forged acknowledgment attacks! we e6tended our research to incor orate digital signature in our ro osed scheme. Although it generates more 41s in some cases! as demonstrated in our e6 eriment! it can vastly im rove the network9s A$4 when the attackers are smart enough to forge acknowledgment ackets. *e think that this tradeoff is worthwhile when network security is the to riority. %(&3E is not only a licable to large networks but the memory re"uirement is also less. Buffer si0e allocation is one of the very im ortant arameters in 'ey management involving Multi ho Ad (oc networks. The buffer si0e re"uired is as small as =< bits in %(&3E which is far lesser when com ared to any other cry togra hic schemes. The only delay in %(&3E is the routing delay and hence this is far lesser than the other schemes that include symmetric and asymmetric encry tion delays. 7rom this we infer that our ro osed model! %(&3E rovides secured eer to eer ad hoc communication with minimum resources. As an future work ! we would like to study the erformance characteristics of our ro osed model by simulating in an environment with malicious nodes individually configured for various symmetric and asymmetric attacks. REFERENCES L+M '. Al Agha! M.-(. Bertin! T. $ang! A. Euitton! A. Minet! T. 2al! and N.-B. 2iollet! O*hich wireless technology for industrial wireless sensor networksP The develo ment of 1&A4# technol!Q (EEE Trans. (n . Electron.! vol. ?@! no. +.. L<M T. Anantvalee and N. *u! OA %urvey on #ntrusion $etection in Mobile Ad (oc Networks!Q in ,ireless-Mo.ile *ec/rit!. New Fork: % ringer2erlag! <..-. L=M N. Nasser and F. &hen! OEnhanced intrusion detection systems for discovering malicious nodes in mobile ad hoc network!Q in $roc. (EEE (nt. Conf. Comm/n.! Elasgow! %cotland! Nun. <>R<-! <..D.

L>M Elhadi M. %hakshuki! Nan 'ang! And Tarek 4. %heltami!Q EAA&')A %ecure #ntrusion-$etection %ystem 7or MANET9sQ! in #EEE Transactions 1n #ndustrial Electronics! 2ol. @.! No. =! March <.+=. L?M Edna Eli0abeth N ! 2aidyanathan A !Q %elf (ealing &ertificate less (ybrid Encry tion (%(&3-(E)Q!in #nternational &onference on &ommunication %ystems and Network Technologies <.+<. L@M %.%.Al-4iyami!'.E.Aaterson Q&ertificatel-ess ublic key cry togra hyQ! age >?<&>D=. &.%. 3aih (ed.) Advances in &ry tology & Asiacry t <..=!3ecture Notes in &om uter %cience! <..=. LDM Ciaoyun Cue! Nean 3eneutre! 3in &hen! and Nalel Ben1thman. %wan: A secured watchdog for ad hoc networks. #N&%N% #nternational Nournal of &om uter %cience and Network %ecurity! Nune <..@ O. L-M '. Balakrishnan! OArevention of Node %elfishness in Mobile Ad (oc NetworksQ! M.*. Thesis! $e artment of EE&%! %yracuse 5niversity! %yracuse! NF! 5%A! August <..>. L,M $. Nohnson! $. Malt0! F-&. (u! N. Netcheva! OThe $ynamic %ource 4outing Arotocol for Mobile Ad (oc Networks ($%4)Q! #nternet-$raft! 7ebruary <..<. L+.M Ma"sood 4a0i and Nawaid Suamar ! O A (ybrid &ry togra hy Model for Managing %ecurity in $ynamic To ology of MANETQ! #n #EEE Transcation <..-. L++M *illiam %tallings! O&ry togra hy and Network %ecurityQ!L7ourth editionM.5%A: Arentice (all! <..@. L+<M Aravin Ehosekar! Eirish 'atkar! $r. Aradi Ehor ade !OMobile Ad (oc Networking: #m eratives and &hallengesQ ! (0C' *pecial (ss/e on 1Mo.ile ' 2hoc Net3or)s4 M'NETs, #515 L+=M *illiam M. $aley ! O$#E#TA3 %#ENAT54E %TAN$A4$ ($%%)Q! 6e eral (nformation $rocessing *tan ar s $/.lication 1778 Decem.er 19. L+>M :ar! ;oc)e,4 $#E#TA3 %#ENAT54E %TAN$A4$ ($%%)Q ! 6e eral (nformation $rocessing *tan ar s $/.lication, Nune! <..,.