Mobile ad-hoc network is a self-governing network,
consists of group of nodes that communicates with each other through wireless links. As it is a wireless network, so it is subjected to various attacks. There is one attack which is very dangerous called Sybil attack. In Sybil attack, attackers or malicious nodes uses multiple identities to disrupt the communication between the nodes by capturing necessary and important information and creating misunderstandings between the nodes. In this paper some measures are described to prevent Sybil attack.
CHAPTER 1 INTRODUCTION 1.1. INTRODUCTION ABOUT THE DOMAIN 1.1.1. Wireless Networks In wireless network computers are connected and communicate with each other computer by emissions of electromagnetic energy in the air. The most widely used transmission support is radio waves. Wireless transmissions utilize the microwave specter, the available frequencies are situated around the 2.4 GHz ISM (Industrial, Scientific and Medical) band for a bandwidth of about 83 MHz, and around the 5 GHz U-NII (Unlicensed-National Information Infrastructure) band for a bandwidth of about 300 MHz divided into two parts. The exact frequency allocations are set by laws in the different countries; the same laws also regulate the maximum allotted transmission power and location (indoor, outdoor). Such a wireless radio network has a range of about 10100 meters to 10 Km per machine, depending on the emission power, the data rate, the frequency, and the type of antenna used. Many different models of antenna can be employed; Omnis (omnidirectional antennas), sector antennas (directional antennas), yagis, parabolic dishes, or waveguides (cantennas). The other type of transmission support is the infrared. Infrared red rays cannot penetrate opaque materials and have a smaller range of about 10 meters. For these reasons, infrared technology is mostly used for small devices in WPANs (Wireless Personal Area Networks), for instance to connect a PDA to a laptop inside a room. Wireless networking (i.e. the various types of unlicensed 2.4 GHz Wi-Fi devices) is used to meet many needs. Perhaps the most common use is to connect laptop users who travel from location to location. Another common use is for mobile networks that connect via satellite. A wireless transmission method is a logical choice to network a LAN segment that must frequently change locations. The following situations justify the use of wireless technology: To span a distance beyond the capabilities of typical cabling To provide a backup communications link in case of normal network failure To link portable or temporary workstations To overcome situations where normal cabling is difficult or financially impractical, or to remotely connect mobile users or networks. Fig. 1.1 Wireless Network Configurations
1.1.2. TYPES OF WIRELESS NETWORKS WLANs: Wireless Local Area Networks WLANs allow users in a local area, such as a university campus or library, to form a network or gain access to the internet. A temporary network can be formed by a small number of users without the need of an access point, given that they do not need access to network resources. WPANs: Wireless Personal Area Networks The two current technologies for wireless personal area networks are Infra Red (IR) and Bluetooth (IEEE 802.15). These will allow the connectivity of personal devices within an area of about 30 feet. However, IR requires a direct line of site and the range is less.
WMANs: Wireless Metropolitan Area Networks This technology allows the connection of multiple networks in a metropolitan area such as different buildings in a city, which can be an alternative or backup to laying copper or fiber cabling. WWANs: Wireless Wide Area Networks These types of networks can be maintained over large areas, such as cities or countries, via multiple satellite systems or antenna sites looked after by an ISP. These types of systems are referred to as 2G (2 nd
Generation) systems. 1.1.3. WIRELESS COMMUNICATION MODES Wireless communication modes are, Radio frequency communication. Microwave communication. Infrared (IR) short-range communication, for example from consumer IR devices such as remote controls or via Infrared Data Association (IrDA). Applications may involve point-to-point communication, point-to-multipoint communication, broadcasting, cellular networks and other wireless networks. 1.1.4. Applications of Wireless Technology Mobile telephones Wireless data communication Wi-Fi Cellular data service Mobile satellite communication 1.2. INTRODUCTION ABOUT THE PROJECT MANET is a self-governing network, consists of group of nodes that communicates with each other through wireless links. When node enters a network then it requires unique address to communicate with other nodes present in the network. As MANET is a decentralized network, so there is no authority in the network which verifies the identities of the nodes. Sometimes there are attackers who misuse this property of MANET. In this attacker uses identity of another node or some other identity to create misunderstandings between the communications of nodes present in the network or to collect some important information. This type of attacks is called Sybil attack. Sybil word itself explains the Sybil attack which means multiple identities and it is named after the famous multiple disorder patient whose name is Sybil(Shirley Ardell Mason). A Sybil attacker can create a lot of damage or destruction to the network in many ways like reduce the trust of the nodes by sending fake information about that node in the whole network and also create misunderstandings among the nodes by not forwarding the data which is requested by another node in the network or by changing the route of the packets. When the voting phenomenon occurs in the network then Sybil attacker can change the result by using its multiple identities behavior and make the result according to its requirement. So it is necessary to remove the Sybil attack from the network.
CHAPTER 2 LITERATURE REVIEW 2.1. MANET Intrusion Detection & Prevention Approaches for Network layer Attacks The A.Nadeem et.al. [1] Presented a survey of the main types of attack at the network layer, and we then review intrusion detection and protection mechanisms that have been proposed in the literature. They classify these mechanisms as either point detection algorithms that deal with a single type of attack, or as intrusion detection systems (IDSs) that can deal with a range of attacks. A comparison of the proposed protection mechanisms is also included in this paper. Finally, they identify areas where further research could focus. 2.2. Lightweight Sybil Attack Detection in MANETs The S.Abbas et.al. [2] Proposed a lightweight scheme to detect the new identities of Sybil attackers without using centralized trusted third party or any extra hardware, such as directional antennae or a geographical positioning system. Through the help of extensive simulations and real-world testbed experiments, they are able to demonstrate that their proposed scheme detects Sybil identities with good accuracy even in the presence of mobility. 2.3. Secure Prophet Address Allocation for Mobile Ad Hoc Networks The H.Zhou [3] Based on studies of insecure scenarios, attack schemes, and our previous work, a secure auto configuration algorithm, namely secure prophet address allocation, is proposed in the paper. The proposed approach is able to maintain uniqueness of address assignment in the presence of IP spoofing attacks, "state pollution" attacks, and Sybil attacks. The invulnerability of the scheme is supported by both theoretical analysis and simulation results. 2.4. Authentication Mechanisms for Mobile Ad-Hoc Networks and Resistance to Sybil Attack The Sarosh Hashmi et.al. [7] The purpose of this paper is to analyze the effectiveness of current authentication mechanism for MANETs in coping with the Sybil attack, the infrastructure requirement posed by these mechanisms and applicability of these mechanisms to different kinds of ad hoc networks. They identify open research issues that need to be addressed by the next generation of authentication mechanisms for MANETs. 2.5. Robust Sybil Detection for MANETs The Tangpong, A. et. Al. [8] had proposed a robust Sybil attack detection framework for MANETs based on cooperative monitoring of network activities. They do not require designated and honest monitors to perform the Sybil attack detection. Each mobile node in the network observes packets passing through it and periodically exchanges its observations in order to determine the presence of an attack. Malicious nodes fabricating false observations will be detected and rendered ineffective. Their framework requires no centralized authority and, thus, is scalable in expanding network size. Privacy of each mobile node is also a consideration of their framework. Their preliminary experimental results yield above 80% accuracy (true positives) and about 10% error rate (false positives).
CHAPTER 3 SYSTEM ANALYSIS 3.1. Existing System In Existing, They proposed a lightweight scheme to detect the new identities of Sybil attackers without using centralized trusted third party or any extra hardware, such as directional antennae or a geographical positioning system. Through the help of extensive simulations and real-world testbed experiments, they are able to demonstrate that their proposed scheme detects Sybil identities with good accuracy even in the presence of mobility. 3.1.1. Drawbacks Detects Sybil identities with good accuracy but its not 100% accuracy. Their scheme works better even in mobile environments and can detect both join-and-leave and simultaneous Sybil attackers with a Low degree of accuracy. Efficiency is low.
3.2. Proposed System Mobile ad-hoc network is a self-governing network, consists of group of nodes that communicates with each other through wireless links. As it is a wireless network, so it is subjected to various attacks. There is one attack which is very dangerous called Sybil attack. In Sybil attack, attackers or malicious nodes uses multiple identities to disrupt the communication between the nodes by capturing necessary and important information and creating misunderstandings between the nodes. In proposed scheme some measures are described to prevent Sybil attack. 3.2.1. Advantages Detects Sybil attack with good accuracy. The proposed scheme is better than existing scheme. The proposed scheme some measures are described to prevent Sybil attack.
CHAPTER 4 SYSTEM REQUIREMENTS AND SOFTWARE DESCRIPTION 4.1 SYSTEM REQUIREMENTS 4.1.1. Hardware Requirements PROCESSOR: Intel Pentium IV RAM: 512 MB HARD DISK: 80 GB HDD DISPLAY TYPE: SVGA KEYBOARD: 110 Keys/ (Logitech) MOUSE: HP Mouse/Optical MONITOR: HP 4.1.2. Software Requirements PLATFORM: UBUNTU APPLICATION DEVELOPMENT: NS2 4.2 SOFTWARE DESCRIPTION About NS2 NS (from network simulator) is a name for series of discrete event network simulators, specifically ns- 1, ns-2 and ns-3. All of them are discrete-event network simulator, primarily used in research and teaching. ns-3 is free software, publicly available under the GNU GPLv2 license for research, development, and use. The goal of the ns-3 project is to create an open simulation environment for networking research that will be preferred inside the research community: [citation needed]
It should be aligned with the simulation needs of modern networking research. It should encourage community contribution, peer review, and validation of the software. Since the process of creation of a network simulator that contains a sufficient number of high-quality validated, tested and actively maintained models requires a lot of work, ns-3 project spreads this workload over a large community of users and developers.
History Prior to ns, a simulator named REAL developed by Srinivasan Keshav existed dating back to 1989. ns-1 The first version of ns, known as ns-1, was developed at Lawrence Berkeley National Laboratory (LBNL) in the 1995-97 timeframe by Steve McCanne, Sally Floyd, Kevin Fall, and other contributors. This was known as the LBNL Network Simulator, and derived from an earlier simulator known as REAL by S. Keshav. The core of the simulator was written in C++, with Tcl-based scripting of simulation scenarios. [5] Long-running contributions have also come from Sun Microsystems, the UC Berkeley Daedelus, and Carnegie Mellon Monarch projects. ns-2 In 1996-97, ns version 2 (ns-2) was initiated based on a refactoring by Steve McCanne. Use of Tcl was replaced by MIT's Object Tcl (OTcl), an object- oriented dialect of Tcl. The core of ns-2 is also written in C++, but the C++ simulation objects are linked to shadow objects in OTcl and variables can be linked between both language realms. Simulation scripts are written in the OTcl language, an extension of the Tcl scripting language. Presently, ns-2 consists of over 300,000 lines of source code, and there is probably a comparable amount of contributed code that is not integrated directly into the main distribution (many forks of ns-2 exist, both maintained and unmaintained). It runs on GNU/Linux, FreeBSD, Solaris, Mac OS X and Windows versions that support Cygwin. It is licensed for use under version 2 of the GNU General Public License. ns-3 A team led by Tom Henderson (University of Washington), George Riley (Georgia Institute of Technology), Sally Floyd, and Sumit Roy (University of Washington), applied for and received funding from the U.S. National Science Foundation (NSF) to build a replacement for ns-2, called ns-3. This team collaborated with the Planete project of INRIA at Sophia Antipolis, with Mathieu Lacage as the software lead, and formed a new open source project joined by other developers worldwide. In the process of developing ns-3, it was decided to completely abandon backward-compatibility with ns-2. The new simulator would be written from scratch, using the C++ programming language. Development of ns-3 began in July 2006. A framework for generating Python bindings (pybindgen) and use of the Waf build system were contributed by Gustavo Carneiro. The first release, ns-3.1 was made in June 2008, and afterwards the project continued making quarterly software releases, and more recently has moved to three releases per year. ns-3 made its eighteenth release (ns- 3.18) in the third quarter of 2013. Current status of the three versions is: ns-1 is no longer developed nor maintained, ns-2 build of 2009 is not actively maintained (and is not being accepted for journal publications) ns-3 is actively developed (but not compatible for work done on ns-2)
Design ns-3 is built using C++ and Python with scripting capability. The ns-3 library is wrapped to python thanks to the pybindgen library which delegates the parsing of the ns-3 C++ headers to gccxml and pygccxml to generate automatically the corresponding C++ binding glue. These automatically-generated C++ files are finally compiled into the ns-3 python module to allow users to interact with the C++ ns-3 models and core through python scripts. The ns-3 simulator features an integrated attribute-based system to manage default and per- instance values for simulation parameters. All of the configurable default values for parameters are managed by this system, integrated with command-line argument processing, Doxygen documentation, and an XML-based and optional GTK-based configuration subsystem. The large majority of its users focuses on wireless simulations which involve models for Wi-Fi, WiMAX, or LTE for layers 1 and 2 and routing protocols such as OLSR and AOD.
Components ns-3 is split over couple dozen modules containing one or more models for real-world network devices and protocols. ns-3 has more recently integrated with related projects: the Direct Code Execution extensions allowing the use of C or C++-based applications and Linux kernel code in the simulations, and the NetAnim offline animator based on the Qt toolkit. Simulation Workflow The general process of creating a simulation can be divided into several steps: 1. Topology definition: to ease the creation of basic facilities and define their interrelationships, ns-3 has a system of containers and helpers that facilitates this process. 2. Model development: models are added to simulation (for example, UDP, IPv4, point-to- point devices and links, applications); most of the time this is done using helpers. 3. Node and link configuration: models set their default values (for example, the size of packets sent by an application or MTU of a point-to- point link); most of the time this is done using the attribute system. 4. Execution: simulation facilities generate events, data requested by the user is logged. 5. Performance analysis: after the simulation is finished and data is available as a time-stamped event trace. This data can then be statistically analysed with tools like R to draw conclusions. 6. Graphical Visualization: raw or processed data collected in a simulation can be graphed using tools like Gnuplot, matplotlib or XGRAPH. Criticism ns-2 is often criticized because modelling is a very complex and time-consuming task, since it has no GUI and one needs to learn scripting language, queuing theory and modelling techniques. Also, of late, there have been complaints that results are not consistent (probably because of continuous changes in the code base) and that certain protocols are replete with bugs. ns-3 is often criticized for its lack of support for protocols (like WSN, MANET etc.) which were supported in ns-2, as well as for the lack of backward compatibility with ns-2. As with ns-2, ns-3 is also time consuming to learn and use compared to GUI-based simulators.
CHAPTER 5 PROPOSED METHOD IMPLEMENTATION 5.1. SYBIL ATTACK TECHNOLOGY A. Lightweight Sybil Attack Detection[2] a. Behavior of Sybil nodes: Sybil nodes behave in two ways. In first type of behavior, it uses its one identity only at a time and eliminates all its earlier identities. It is called as join and leave and white washing attack. Its main motive Is to remove all previous bad actions performed by malicious nodes and it increases the irresponsibility in the network. In second type of behavior, attacker simultaneously uses all its identities called simultaneous Sybil attack and its main motive is to create interruption within the network and make efforts to get access of all information, data and resources in the network. In this step we make assumption that transmit power of nodes remain constant. b. I nvestigation based on Signal Strength: On the basis of joining behavior of neighboring nodes we can distinguish between legitimate and Sybil nodes. At joining time RSS value of legitimate nodes is low whereas RSS value of Sybil nodes is high. In this information about neighbor nodes are collected by all the nodes i.e. RSS value in the form of <Address, Rss-List <time, rss> > as presented in Table1 [2]. On the basis of RSS value we can distinguish between Sybil and legitimate nodes. c. Expose of Sybil nodes: Here threshold value of speed is taken, which is equal to 10m/s [2]. The speed of legitimate node is not greater than this threshold speed. If the speed of node is greater than threshold speed then it is detected as Sybil node. Sybil node is detected on the basis of RSS value and RSS value depends upon the speed of node. If the RSS value is greater than threshold value than it is considered as Sybil node otherwise as legitimate node. In this two algorithms [2] are used, complexity of Algorithm 1 [2] is O(1) and of Algorithm 2 [2] is equal to O(n).
B. Secure Prophet Address Allocation [3] Prophet address allocation [4]: To allocate unique IP address to the nodes, it uses a partition function f(n) which is used to generate sequence of integers. Here partition function is based on fundamental theory used in number theory. The partition function is also called the stateful function [3] which is associated with the beginning state or node called seed. These seeds are used to generate different sequence of integers. These sequences should consist of following characteristics: a) There should be a long gap between the numbers which is repeated again in the sequence. b) The likelihood occurrence of the same number again in a sequence should be very less. As number or integer calculation includes the allocated address or the addresses which has to be allocated, by following above two characteristics it escapes the battle among the occurrence of same IP address again. The disadvantage of prophet address allocation is that seed value remains same throughout the network, so it is possible for the malicious node to come to know about the seed value by acting as a new node and causes various attacks in the network like IP spoofing, State pollution and Sybil attack. Secure Prophet Address Allocation: It is an advanced version of prophet address allocation. a) Authentication of seed value: The value which is generated by the initial node in the network is called seed value. During the allocation of address to the nodes, the seed value remains same throughout the process. When a new node enters in the network, first of all it must be authenticate that it receives the seed value from the legitimate node but as the seed value remains same throughout the network so it is difficult to authenticate that seed value doesnt come from malicious node. So to get the unique address in the network, it depends upon the uniqueness of the exponential array which is explained in next step. b) Improvement: In the prophet address allocation updates are done within the states when the address is allocated, and in secure prophet address allocation when the address is allocated, updates are flooded in the entire network. In this, acknowledgement consists of four variables that are seed value, index of increasing exponential, exponential array, priority variable and the source address of the responder. Exponential array: In this new node inherits the parameter from its ancestors to calculate its own address. Exponential array variable tells the relationship between the new node and its ancestors. Priority Variable: The greater number represents the newness of the state and greater the number, the more priority state will have. The new node will choose the high state priority number variable and then add some arbitrary value to its priority to calculate its own address. When the address is calculated then it floods the acknowledgement about the priority variable in the entire network. All nodes in the network update their priority values. Relationship among the variables is following: X= f(a, i[1..n]) Where X= Source address of the responder a= seed value c= index of exponential p= priority i[1..n]= Initial exponential array r= arbitrary value select by the new node Address of new node (y) is calculated as follows: y= f(a, e[1..n]) where [] []
[] [] By using above formulas, distinct addresses are computed for all new nodes. In this each node has unique address and no node will use each others address for an attack, so like this it will prevent Sybil attack. C. MC-DCA [5] Distributed Certificate Authorities [6][7]: In this certificates are distributed to all nodes which are used as the proof for their identities and help to prevent the Sybil Attack.
TABLE I. Summary of Sybil Attack Mechanisms Mechanism Name
Cost
Architecture
Summary
Lightweight Sybil Attack Detection Cheap
Distributive
The nodes entering in the network with speed greater than the threshold speed are detected as Sybil nodes. Secure Prophet Address Allocation Cheap
Distributed
The Sybil attack is prevented as Unique addresses are allocated to each node in the network. MC-DCA Costly Centralized To prevent Sybil attack, the certificates containing identities are distributed to each node. Robust Sybil Attack Detection Cheap
Distributive
The nodes having the same path or pattern are detected as Sybil nodes.
Multiple Key Cryptography: In this public key cryptography concept is used. In this multiple keys are used to encrypt and decrypt the data. It is enforced on DCA. So combination of DCA and multiple key cryptography is called as MC-DCA. It increases the security of data and prevents Sybil attack. D. Robust Sybil Attack Detection [8] According to the algorithm used in this, there are various clusters and main focus is on the path of nodes. The nodes having the path almost similar to the existing cluster, those nodes are put into the corresponding cluster and the node whose path is totally different and does not match with any existing cluster, and then separate cluster is developed for that node. In this, two nodes does not have exactly the same path, if two nodes are having the same path then those nodes are detected as Sybil nodes. The similarity of the nodes path is checked by their overlapping components that how much they are overlapped. The similarity of the path is checked as follows: (
) (
) ) (
) [8] Here
are nodes
= It is a duration when each node is noticed.
= It is a duration when both nodes are observed in
the observation table.
= It is a duration when both nodes are observed at
the same time and they co-exist in same area. K= It is the number of times when both nodes are observed commonly. The first part of equation is used to calculate that till what time both nodes are observed commonly and second part of equation is used to determine the overlap region of the nodes. CHAPTER 6 CONCLUSION In this proposed scheme some prevention measures are discussed to prevent the Sybil attack from the network. Sybil attack causes so much destruction in the network by changing its identities, so it is very necessary to remove this attack from the network and have secure communication in the network.
REFERENCES [1] Adnan Nadeem and Michael P. Howarth,``A survey of MANET Intrusion Detection & Prevention Approaches for Network layer Attacks,'' IEEE Communication Surveys & Tutorials, pp.1-19, 2012. [2] Sohail Abbas, Madjid Merabti, David Llewellyn- Jones, and Kasif Khifayat,``Lightweight Sybil Attack in MANETs,'' IEEE System Journal , Vol.7, No.2, pp.236- 248, June 2013. [3]Hongbo Zhuo,``Secure Prophet Address Allocation for Mobile Ad-hoc Networks'' IFIP International Conference on Network and Parallel Computing, pp.60- 67, 2008. [4]H.Zhuo,L.M.Ni,and M.W.Mutka``Prophet Address Allocation for large Scale MANETs'' In Proceedings of The 22nd Annual Joint Conference of IEEE Computer and Communication Societies(INFOCOM 2003),San Francisco,CA,April 2003. [5]Hongbo Zhou,Matt W.Mutka,and Lionel M.Ni``Multiple-Key Cryptography-based Distributive Certificate Authority in Mobile Ad-hoc Networks IEEE Globecom, pp.1681-1685, 2005 . [6] Sarosh Hashmi, John Brooke,``Towards Sybil Resistant Authentication in Mobile Ad-hoc Networks Fourth International Conference on Emerging Security Information,System and Technologies, pp.17-24, 2010. [7] Sarosh Hashmi, John Brooke,``Authentication Mechanisms for Mobile Ad-hoc Networks and Resistance to Sybil Attack '' The Second International Conference on Emerging Security Information,System and Technologies, pp.120-126, 2008. [8] Athichart Tangpong, George Kesidis, Hung-yuan Hsu,Ali Hurson,``Robust Sybil Detection for MANETs '' IEEE, 2009. [9]IETF Mobile Ad-hoc Networks Group (MANET), IETF website www.ietf.org/dyn/wg/charter/manet- charter.html. [10] Jin-Hee Cho,Ananthram Swami,and Ing-Ray Chen,``A Survey on Trust Management for Mobile Ad Hoc Networks for Mobile Ad-Hoc Networks,'' IEEE Communication Surveys & Tutorials, Vol.13, No.4, pp.562-583, . 2011.