Sie sind auf Seite 1von 35

ABSTRACT

Mobile ad-hoc network is a self-governing network,


consists of group of nodes that communicates with each
other through wireless links. As it is a wireless network,
so it is subjected to various attacks. There is one attack
which is very dangerous called Sybil attack. In Sybil
attack, attackers or malicious nodes uses multiple
identities to disrupt the communication between the
nodes by capturing necessary and important information
and creating misunderstandings between the nodes. In
this paper some measures are described to prevent Sybil
attack.







CHAPTER 1
INTRODUCTION
1.1. INTRODUCTION ABOUT THE DOMAIN
1.1.1. Wireless Networks
In wireless network computers are connected and
communicate with each other computer by emissions of
electromagnetic energy in the air. The most widely used
transmission support is radio waves. Wireless
transmissions utilize the microwave specter, the available
frequencies are situated around the 2.4 GHz ISM
(Industrial, Scientific and Medical) band for a bandwidth
of about 83 MHz, and around the 5 GHz U-NII
(Unlicensed-National Information Infrastructure) band
for a bandwidth of about 300 MHz divided into two
parts. The exact frequency allocations are set by laws in
the different countries; the same laws also regulate the
maximum allotted transmission power and location
(indoor, outdoor). Such a wireless radio network has a
range of about 10100 meters to 10 Km per machine,
depending on the emission power, the data rate, the
frequency, and the type of antenna used. Many different
models of antenna can be employed; Omnis
(omnidirectional antennas), sector antennas (directional
antennas), yagis, parabolic dishes, or waveguides
(cantennas). The other type of transmission support is the
infrared. Infrared red rays cannot penetrate opaque
materials and have a smaller range of about 10 meters.
For these reasons, infrared technology is mostly used for
small devices in WPANs (Wireless Personal Area
Networks), for instance to connect a PDA to a laptop
inside a room.
Wireless networking (i.e. the various types of
unlicensed 2.4 GHz Wi-Fi devices) is used to meet many
needs. Perhaps the most common use is to connect laptop
users who travel from location to location. Another
common use is for mobile networks that connect via
satellite. A wireless transmission method is a logical
choice to network a LAN segment that must frequently
change locations. The following situations justify the use
of wireless technology:
To span a distance beyond the capabilities of
typical cabling
To provide a backup communications link in case
of normal network failure
To link portable or temporary workstations
To overcome situations where normal cabling is
difficult or financially impractical, or to remotely
connect mobile users or networks.
Fig. 1.1 Wireless Network Configurations



1.1.2. TYPES OF WIRELESS NETWORKS
WLANs: Wireless Local Area Networks
WLANs allow users in a local area, such as a
university campus or library, to form a network or gain
access to the internet. A temporary network can be
formed by a small number of users without the need of
an access point, given that they do not need access to
network resources.
WPANs: Wireless Personal Area Networks
The two current technologies for wireless
personal area networks are Infra Red (IR) and Bluetooth
(IEEE 802.15). These will allow the connectivity of
personal devices within an area of about 30 feet.
However, IR requires a direct line of site and the range is
less.





WMANs: Wireless Metropolitan Area
Networks
This technology allows the connection of
multiple networks in a metropolitan area such as
different buildings in a city, which can be an alternative
or backup to laying copper or fiber cabling.
WWANs: Wireless Wide Area Networks
These types of networks can be maintained over
large areas, such as cities or countries, via multiple
satellite systems or antenna sites looked after by an ISP.
These types of systems are referred to as 2G (2
nd

Generation) systems.
1.1.3. WIRELESS COMMUNICATION MODES
Wireless communication modes are,
Radio frequency communication.
Microwave communication.
Infrared (IR) short-range communication, for
example from consumer IR devices such as
remote controls or via Infrared Data Association
(IrDA).
Applications may involve point-to-point
communication, point-to-multipoint communication,
broadcasting, cellular networks and other wireless
networks.
1.1.4. Applications of Wireless Technology
Mobile telephones
Wireless data communication
Wi-Fi
Cellular data service
Mobile satellite communication
1.2. INTRODUCTION ABOUT THE PROJECT
MANET is a self-governing network, consists of
group of nodes that communicates with each other
through wireless links. When node enters a network then
it requires unique address to communicate with other
nodes present in the network. As MANET is a
decentralized network, so there is no authority in the
network which verifies the identities of the nodes.
Sometimes there are attackers who misuse this property
of MANET. In this attacker uses identity of another node
or some other identity to create misunderstandings
between the communications of nodes present in the
network or to collect some important information. This
type of attacks is called Sybil attack. Sybil word itself
explains the Sybil attack which means multiple identities
and it is named after the famous multiple disorder patient
whose name is Sybil(Shirley Ardell Mason). A Sybil
attacker can create a lot of damage or destruction to the
network in many ways like reduce the trust of the nodes
by sending fake information about that node in the whole
network and also create misunderstandings among the
nodes by not forwarding the data which is requested by
another node in the network or by changing the route of
the packets. When the voting phenomenon occurs in the
network then Sybil attacker can change the result by
using its multiple identities behavior and make the result
according to its requirement. So it is necessary to remove
the Sybil attack from the network.


CHAPTER 2
LITERATURE REVIEW
2.1. MANET Intrusion Detection & Prevention
Approaches for Network layer Attacks
The A.Nadeem et.al. [1] Presented a survey of the
main types of attack at the network layer, and we then
review intrusion detection and protection mechanisms
that have been proposed in the literature. They classify
these mechanisms as either point detection algorithms
that deal with a single type of attack, or as intrusion
detection systems (IDSs) that can deal with a range of
attacks. A comparison of the proposed protection
mechanisms is also included in this paper. Finally, they
identify areas where further research could focus.
2.2. Lightweight Sybil Attack Detection in MANETs
The S.Abbas et.al. [2] Proposed a lightweight scheme
to detect the new identities of Sybil attackers without
using centralized trusted third party or any extra
hardware, such as directional antennae or a geographical
positioning system. Through the help of extensive
simulations and real-world testbed experiments, they are
able to demonstrate that their proposed scheme
detects Sybil identities with good accuracy even in the
presence of mobility.
2.3. Secure Prophet Address Allocation for Mobile Ad
Hoc Networks
The H.Zhou [3] Based on studies of insecure scenarios,
attack schemes, and our previous work, a secure auto
configuration algorithm, namely secure prophet address
allocation, is proposed in the paper. The proposed
approach is able to maintain uniqueness of address
assignment in the presence of IP spoofing attacks, "state
pollution" attacks, and Sybil attacks. The invulnerability
of the scheme is supported by both theoretical analysis
and simulation results.
2.4. Authentication Mechanisms for Mobile Ad-Hoc
Networks and Resistance to Sybil Attack
The Sarosh Hashmi et.al. [7] The purpose of this paper
is to analyze the effectiveness of
current authentication mechanism for MANETs in
coping with the Sybil attack, the infrastructure
requirement posed by these mechanisms and
applicability of these mechanisms to different kinds
of ad hoc networks. They identify open research issues
that need to be addressed by the next generation
of authentication mechanisms for MANETs.
2.5. Robust Sybil Detection for MANETs
The Tangpong, A. et. Al. [8] had proposed
a robust Sybil attack detection framework for MANETs
based on cooperative monitoring of network activities.
They do not require designated and honest monitors to
perform the Sybil attack detection. Each mobile node in
the network observes packets passing through it and
periodically exchanges its observations in order to
determine the presence of an attack. Malicious nodes
fabricating false observations will be detected and
rendered ineffective. Their framework requires no
centralized authority and, thus, is scalable in expanding
network size. Privacy of each mobile node is also a
consideration of their framework. Their preliminary
experimental results yield above 80% accuracy (true
positives) and about 10% error rate (false positives).


CHAPTER 3
SYSTEM ANALYSIS
3.1. Existing System
In Existing, They proposed a lightweight scheme to
detect the new identities of Sybil attackers without using
centralized trusted third party or any extra hardware,
such as directional antennae or a geographical
positioning system. Through the help of extensive
simulations and real-world testbed experiments, they are
able to demonstrate that their proposed scheme detects
Sybil identities with good accuracy even in the presence
of mobility.
3.1.1. Drawbacks
Detects Sybil identities with good accuracy but
its not 100% accuracy.
Their scheme works better even in mobile
environments and can detect both join-and-leave
and simultaneous Sybil attackers with a Low
degree of accuracy.
Efficiency is low.

3.2. Proposed System
Mobile ad-hoc network is a self-governing network,
consists of group of nodes that communicates with each
other through wireless links. As it is a wireless network,
so it is subjected to various attacks. There is one attack
which is very dangerous called Sybil attack. In Sybil
attack, attackers or malicious nodes uses multiple
identities to disrupt the communication between the
nodes by capturing necessary and important information
and creating misunderstandings between the nodes. In
proposed scheme some measures are described to prevent
Sybil attack.
3.2.1. Advantages
Detects Sybil attack with good accuracy.
The proposed scheme is better than existing
scheme.
The proposed scheme some measures are
described to prevent Sybil attack.

CHAPTER 4
SYSTEM REQUIREMENTS AND
SOFTWARE DESCRIPTION
4.1 SYSTEM REQUIREMENTS
4.1.1. Hardware Requirements
PROCESSOR: Intel Pentium IV
RAM: 512 MB
HARD DISK: 80 GB HDD
DISPLAY TYPE: SVGA
KEYBOARD: 110 Keys/ (Logitech)
MOUSE: HP Mouse/Optical
MONITOR: HP
4.1.2. Software Requirements
PLATFORM: UBUNTU
APPLICATION DEVELOPMENT: NS2
4.2 SOFTWARE DESCRIPTION
About NS2
NS (from network simulator) is a name for series
of discrete event network simulators, specifically ns-
1, ns-2 and ns-3. All of them are discrete-event network
simulator, primarily used in research and teaching. ns-3
is free software, publicly available under the GNU
GPLv2 license for research, development, and use.
The goal of the ns-3 project is to create an open
simulation environment for networking research that will
be preferred inside the research community:
[citation needed]

It should be aligned with the simulation needs of
modern networking research.
It should encourage community contribution, peer
review, and validation of the software.
Since the process of creation of a network simulator that
contains a sufficient number of high-quality validated,
tested and actively maintained models requires a lot of
work, ns-3 project spreads this workload over a large
community of users and developers.

History
Prior to ns, a simulator named REAL developed by
Srinivasan Keshav existed dating back to 1989.
ns-1
The first version of ns, known as ns-1, was developed
at Lawrence Berkeley National Laboratory (LBNL) in
the 1995-97 timeframe by Steve McCanne, Sally Floyd,
Kevin Fall, and other contributors. This was known as
the LBNL Network Simulator, and derived from an
earlier simulator known as REAL by S. Keshav. The core
of the simulator was written in C++, with Tcl-based
scripting of simulation scenarios.
[5]
Long-running
contributions have also come from Sun Microsystems,
the UC Berkeley Daedelus, and Carnegie
Mellon Monarch projects.
ns-2
In 1996-97, ns version 2 (ns-2) was initiated based on
a refactoring by Steve McCanne. Use of Tcl was
replaced by MIT's Object Tcl (OTcl), an object-
oriented dialect of Tcl. The core of ns-2 is also written in
C++, but the C++ simulation objects are linked to
shadow objects in OTcl and variables can be linked
between both language realms. Simulation scripts are
written in the OTcl language, an extension of the Tcl
scripting language.
Presently, ns-2 consists of over 300,000 lines of source
code, and there is probably a comparable amount of
contributed code that is not integrated directly into the
main distribution (many forks of ns-2 exist, both
maintained and unmaintained). It runs
on GNU/Linux, FreeBSD, Solaris, Mac OS X and
Windows versions that support Cygwin. It is licensed for
use under version 2 of the GNU General Public License.
ns-3
A team led by Tom Henderson (University of
Washington), George Riley (Georgia Institute of
Technology), Sally Floyd, and Sumit Roy (University of
Washington), applied for and received funding from the
U.S. National Science Foundation (NSF) to build a
replacement for ns-2, called ns-3. This team collaborated
with the Planete project of INRIA at Sophia Antipolis,
with Mathieu Lacage as the software lead, and formed a
new open source project joined by other developers
worldwide.
In the process of developing ns-3, it was decided to
completely abandon backward-compatibility with ns-2.
The new simulator would be written from scratch, using
the C++ programming language. Development of ns-3
began in July 2006. A framework for generating Python
bindings (pybindgen) and use of the Waf build system
were contributed by Gustavo Carneiro.
The first release, ns-3.1 was made in June 2008, and
afterwards the project continued making quarterly
software releases, and more recently has moved to three
releases per year. ns-3 made its eighteenth release (ns-
3.18) in the third quarter of 2013.
Current status of the three versions is:
ns-1 is no longer developed nor maintained,
ns-2 build of 2009 is not actively maintained (and is
not being accepted for journal publications)
ns-3 is actively developed (but not compatible for
work done on ns-2)

Design
ns-3 is built using C++ and Python with scripting
capability. The ns-3 library is wrapped to python thanks
to the pybindgen library which delegates the parsing of
the ns-3 C++ headers to gccxml and pygccxml to
generate automatically the corresponding C++ binding
glue. These automatically-generated C++ files are finally
compiled into the ns-3 python module to allow users to
interact with the C++ ns-3 models and core through
python scripts. The ns-3 simulator features an integrated
attribute-based system to manage default and per-
instance values for simulation parameters. All of the
configurable default values for parameters are managed
by this system, integrated with command-line argument
processing, Doxygen documentation, and an XML-based
and optional GTK-based configuration subsystem.
The large majority of its users focuses on wireless
simulations which involve models for Wi-Fi, WiMAX,
or LTE for layers 1 and 2 and routing protocols such as
OLSR and AOD.


Components
ns-3 is split over couple dozen modules containing one
or more models for real-world network devices and
protocols.
ns-3 has more recently integrated with related projects:
the Direct Code Execution extensions allowing the use of
C or C++-based applications and Linux kernel code in
the simulations, and the NetAnim offline animator based
on the Qt toolkit.
Simulation Workflow
The general process of creating a simulation can be
divided into several steps:
1. Topology definition: to ease the creation of basic
facilities and define their interrelationships, ns-3
has a system of containers and helpers that
facilitates this process.
2. Model development: models are added to
simulation (for example, UDP, IPv4, point-to-
point devices and links, applications); most of
the time this is done using helpers.
3. Node and link configuration: models set their
default values (for example, the size of packets
sent by an application or MTU of a point-to-
point link); most of the time this is done using
the attribute system.
4. Execution: simulation facilities generate events,
data requested by the user is logged.
5. Performance analysis: after the simulation is
finished and data is available as a time-stamped
event trace. This data can then be statistically
analysed with tools like R to draw conclusions.
6. Graphical Visualization: raw or processed data
collected in a simulation can be graphed using
tools like Gnuplot, matplotlib or XGRAPH.
Criticism
ns-2 is often criticized because modelling is a very
complex and time-consuming task, since it has no GUI
and one needs to learn scripting language, queuing theory
and modelling techniques. Also, of late, there have been
complaints that results are not consistent (probably
because of continuous changes in the code base) and that
certain protocols are replete with bugs.
ns-3 is often criticized for its lack of support for
protocols (like WSN, MANET etc.) which were
supported in ns-2, as well as for the lack of backward
compatibility with ns-2. As with ns-2, ns-3 is also time
consuming to learn and use compared to GUI-based
simulators.


















CHAPTER 5
PROPOSED METHOD
IMPLEMENTATION
5.1. SYBIL ATTACK TECHNOLOGY
A. Lightweight Sybil Attack Detection[2]
a. Behavior of Sybil nodes: Sybil nodes behave in two
ways. In first type of behavior, it uses its one identity
only at a time and eliminates all its earlier identities. It is
called as join and leave and white washing attack. Its
main motive Is to remove all previous bad actions
performed by malicious nodes and it increases the
irresponsibility in the network. In second type of
behavior, attacker simultaneously uses all its identities
called simultaneous Sybil attack and its main motive is to
create interruption within the network and make efforts
to get access of all information, data and resources in the
network. In this step we make assumption that transmit
power of nodes remain constant.
b. I nvestigation based on Signal Strength: On the
basis of joining behavior of neighboring nodes we can
distinguish between legitimate and Sybil nodes. At
joining time RSS value of legitimate nodes is low
whereas RSS value of Sybil nodes is high. In this
information about neighbor nodes are collected by all the
nodes i.e. RSS value in the form of <Address, Rss-List
<time, rss> > as presented in Table1 [2]. On the basis of
RSS value we can distinguish between Sybil and
legitimate nodes.
c. Expose of Sybil nodes: Here threshold value of
speed is taken, which is equal to 10m/s [2]. The speed of
legitimate node is not greater than this threshold speed. If
the speed of node is greater than threshold speed then it
is detected as Sybil node. Sybil node is detected on the
basis of RSS value and RSS value depends upon the
speed of node. If the RSS value is greater than threshold
value than it is considered as Sybil node otherwise as
legitimate node. In this two algorithms [2] are used,
complexity of Algorithm 1 [2] is O(1) and of Algorithm
2 [2] is equal to O(n).




B. Secure Prophet Address Allocation [3]
Prophet address allocation [4]: To allocate unique IP
address to the nodes, it uses a partition function f(n)
which is used to generate sequence of integers. Here
partition function is based on fundamental theory used in
number theory. The partition function is also called the
stateful function [3] which is associated with the
beginning state or node called seed. These seeds are used
to generate different sequence of integers. These
sequences should consist of following characteristics:
a) There should be a long gap between the numbers
which is repeated again in the sequence.
b) The likelihood occurrence of the same number again
in a sequence should be very less.
As number or integer calculation includes the allocated
address or the addresses which has to be allocated, by
following above two characteristics it escapes the battle
among the occurrence of same IP address again. The
disadvantage of prophet address allocation is that seed
value remains same throughout the network, so it is
possible for the malicious node to come to know about
the seed value by acting as a new node and causes
various attacks in the network like IP spoofing, State
pollution and Sybil attack.
Secure Prophet Address Allocation: It is an advanced
version of prophet address allocation.
a) Authentication of seed value: The value which is
generated by the initial node in the network is called seed
value. During the allocation of address to the nodes, the
seed value remains same throughout the process. When a
new node enters in the network, first of all it must be
authenticate that it receives the seed value from the
legitimate node but as the seed value remains same
throughout the network so it is difficult to authenticate
that seed value doesnt come from malicious node. So to
get the unique address in the network, it depends upon
the uniqueness of the exponential array which is
explained in next step.
b) Improvement: In the prophet address allocation
updates are done within the states when the address is
allocated, and in secure prophet address allocation when
the address is allocated, updates are flooded in the entire
network.
In this, acknowledgement consists of four variables
that are seed value, index of increasing exponential,
exponential array, priority variable and the source
address of the responder. Exponential array: In this new
node inherits the parameter from its ancestors to
calculate its own address. Exponential array variable tells
the relationship between the new node and its ancestors.
Priority Variable: The greater number represents the
newness of the state and greater the number, the more
priority state will have. The new node will choose the
high state priority number variable and then add some
arbitrary value to its priority to calculate its own address.
When the address is calculated then it floods the
acknowledgement about the priority variable in the entire
network. All nodes in the network update their priority
values. Relationship among the variables is following:
X= f(a, i[1..n])
Where X= Source address of the responder
a= seed value
c= index of exponential
p= priority
i[1..n]= Initial exponential array
r= arbitrary value select by the new node
Address of new node (y) is calculated as follows:
y= f(a, e[1..n])
where
[]
[]

[]
[]
By using above formulas, distinct addresses are
computed for all new nodes. In this each node has unique
address and no node will use each others address for an
attack, so like this it will prevent Sybil attack.
C. MC-DCA [5]
Distributed Certificate Authorities [6][7]: In this
certificates are distributed to all nodes which are used as
the proof for their identities and help to prevent the Sybil
Attack.













TABLE I. Summary of Sybil Attack Mechanisms
Mechanism
Name

Cost

Architecture

Summary

Lightweight
Sybil Attack
Detection
Cheap

Distributive

The nodes
entering in
the network
with speed
greater than
the
threshold
speed are
detected as
Sybil nodes.
Secure Prophet
Address
Allocation
Cheap

Distributed

The Sybil
attack is
prevented
as Unique
addresses
are
allocated to
each node
in the
network.
MC-DCA Costly Centralized To prevent
Sybil attack,
the
certificates
containing
identities
are
distributed
to each
node.
Robust Sybil
Attack
Detection
Cheap

Distributive

The nodes
having the
same path
or pattern
are detected
as Sybil
nodes.

Multiple Key Cryptography: In this public key
cryptography concept is used. In this multiple keys are
used to encrypt and decrypt the data. It is enforced on
DCA. So combination of DCA and multiple key
cryptography is called as MC-DCA. It increases the
security of data and prevents Sybil attack.
D. Robust Sybil Attack Detection [8]
According to the algorithm used in this, there are
various clusters and main focus is on the path of nodes.
The nodes having the path almost similar to the existing
cluster, those nodes are put into the corresponding cluster
and the node whose path is totally different and does not
match with any existing cluster, and then separate cluster
is developed for that node. In this, two nodes does not
have exactly the same path, if two nodes are having the
same path then those nodes are detected as Sybil nodes.
The similarity of the nodes path is checked by their
overlapping components that how much they are
overlapped. The similarity of the path is checked as
follows:
(

) (

)
) (

) [8]
Here

are nodes

= It is a duration when each node is noticed.

= It is a duration when both nodes are observed in


the observation table.

= It is a duration when both nodes are observed at


the same time and they co-exist in same area.
K= It is the number of times when both nodes are
observed commonly.
The first part of equation is used to calculate that till
what time both nodes are observed commonly and
second part of equation is used to determine the overlap
region of the nodes.
CHAPTER 6
CONCLUSION
In this proposed scheme some prevention measures are
discussed to prevent the Sybil attack from the network.
Sybil attack causes so much destruction in the network
by changing its identities, so it is very necessary to
remove this attack from the network and have secure
communication in the network.













REFERENCES
[1] Adnan Nadeem and Michael P. Howarth,``A survey
of MANET Intrusion Detection & Prevention
Approaches for Network layer Attacks,'' IEEE
Communication Surveys & Tutorials, pp.1-19, 2012.
[2] Sohail Abbas, Madjid Merabti, David Llewellyn-
Jones, and Kasif Khifayat,``Lightweight Sybil Attack in
MANETs,'' IEEE System Journal , Vol.7, No.2, pp.236-
248, June 2013.
[3]Hongbo Zhuo,``Secure Prophet Address Allocation
for Mobile Ad-hoc Networks'' IFIP International
Conference on Network and Parallel Computing, pp.60-
67, 2008.
[4]H.Zhuo,L.M.Ni,and M.W.Mutka``Prophet Address
Allocation for large Scale MANETs'' In Proceedings of
The 22nd Annual Joint Conference of IEEE Computer
and Communication Societies(INFOCOM 2003),San
Francisco,CA,April 2003.
[5]Hongbo Zhou,Matt W.Mutka,and Lionel
M.Ni``Multiple-Key Cryptography-based Distributive
Certificate Authority in Mobile Ad-hoc Networks IEEE
Globecom, pp.1681-1685, 2005 .
[6] Sarosh Hashmi, John Brooke,``Towards Sybil
Resistant Authentication in Mobile Ad-hoc Networks
Fourth International Conference on Emerging Security
Information,System and Technologies, pp.17-24, 2010.
[7] Sarosh Hashmi, John Brooke,``Authentication
Mechanisms for Mobile Ad-hoc Networks and
Resistance to Sybil Attack '' The Second International
Conference on Emerging Security Information,System
and Technologies, pp.120-126, 2008.
[8] Athichart Tangpong, George Kesidis, Hung-yuan
Hsu,Ali Hurson,``Robust Sybil Detection for MANETs ''
IEEE, 2009.
[9]IETF Mobile Ad-hoc Networks Group (MANET),
IETF website www.ietf.org/dyn/wg/charter/manet-
charter.html.
[10] Jin-Hee Cho,Ananthram Swami,and Ing-Ray
Chen,``A Survey on Trust Management for Mobile Ad
Hoc Networks for Mobile Ad-Hoc Networks,'' IEEE
Communication Surveys & Tutorials, Vol.13, No.4,
pp.562-583, . 2011.

Das könnte Ihnen auch gefallen