0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
249 Ansichten6 Seiten
A mobile Ad-hoc network (MANET) is a network of mobile devices connected by wireless links. Communication is achieved by relaying data along appropriate routes that are dynamically discovered. A novel route discovery algorithm called endairA was also proposed.
Originalbeschreibung:
Originaltitel
An Efficient Secure Route for Mobile AdHoc Networks Ict1
A mobile Ad-hoc network (MANET) is a network of mobile devices connected by wireless links. Communication is achieved by relaying data along appropriate routes that are dynamically discovered. A novel route discovery algorithm called endairA was also proposed.
Copyright:
Attribution Non-Commercial (BY-NC)
Verfügbare Formate
Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
A mobile Ad-hoc network (MANET) is a network of mobile devices connected by wireless links. Communication is achieved by relaying data along appropriate routes that are dynamically discovered. A novel route discovery algorithm called endairA was also proposed.
Copyright:
Attribution Non-Commercial (BY-NC)
Verfügbare Formate
Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
S.Gowsiga, II M.E (CSE) V.K.Manavalasundaram, Lect. /CSE gowsigaa@gmail.com manosundar @gmail.com Mobile: 9944164835 Mobile: 9994556999 VELALAR COLLEGE OF ENGINEERING AND TECHNOLOGY, THINDAL.
Abstract infrastructure such as this is available, either
A Mobile Ad-hoc Network (MANET), because it may not be economically practical or sometimes called a mobile mesh network, is a physically possible to provide the necessary self-configuring network of mobile devices infrastructure or because the expediency of the connected by wireless links. Each device in a situation does not permit its installation. MANET is free to move independently in any For example, a class of students may need direction, and will therefore change its links to to interact during a lecture, friends or business other devices frequently. Mobile ad hoc networks associates may run into each other in an airport (MANETs) are collections of wireless mobile terminal and wish to share files, or a group of devices with restricted broadcast range and emergency rescue workers may need to be resources, and no fixed infrastructure. quickly deployed after an earthquake or flood. In Communication is achieved by relaying data such situations, a collection of mobile hosts with along appropriate routes that are dynamically wireless network interfaces may form a discovered and maintained through collaboration temporary network without the aid of any between the nodes. Discovery of such routes is a established infrastructure or centralized major task, both from efficiency and security administration. This type of wireless network is points of view. Among the novel characteristics known as an ad hoc network. of this security model is that it promises security Efficient communication through guarantee under concurrent executions, a feature networking has become the order of the day. of crucial practical implication for this type of Networking, till a few decades back was confined distributed computation. A novel route discovery to the wires that imposed a limitation on the algorithm called endairA was also proposed, positioning of users. With the advancement of together with a claimed security proof within the technology in strides, networking has evolved same model. In this paper, we show that the into the wireless mode, wherein it is not required security proof for the route discovery algorithm for the users to be stationary. An ad hoc network endairA is flawed, and moreover, this algorithm is a group of wireless mobile computers (or is vulnerable to a hidden channel attack. We also nodes); in which nodes cooperate by forwarding analyze the security framework that was used for packets for each other to allow them to route discovery and argue that composability is communicate beyond direct wireless transmission an essential feature for ubiquitous applications. range. The main aim of the project is to design a Key words: MANET, Hidden Channel Attacks, more secure routing protocol for ad hoc Ariadne, endairA. networks. The design of routing protocol based on On-demand source routing. The function of 1. Introduction: the routing protocol in ad hoc network is to Mobile hosts and wireless networking establish route between nodes. Several ‘secure’ hardware are becoming widely available, and routing protocols have been proposed for ad hoc extensive work has been done recently in networks such as AODV, DSR, ZRP, TORA, integrating these elements into traditional DSDV, TBRPF, Ariadne and others. These networks such as the Internet. Oftentimes, secure routing protocols still have security however, mobile users will want to communicate vulnerabilities, and can be attacked. In this in situations in which no fixed wired project it implements a more secure routing protocol for ad hoc networks. The protocol is is especially important at the source initiated implemented using GloMoSim network request flooding. The SRP algorithm simulator. have three phrases: Route Setup, Route Maintenance and Route Re-establishment. 2. Routing Algorithm In SRP, route requests generated by a Route discovery can be proactive or reactive (on- source S are protected by Message demand). Proactive routing is usually table driven Authentication Codes (MACs) computed using a with reactive algorithms; routes are discovered key shared with the target T. Requests are only when needed. Proactive routing protocols broadcast to all the neighbors of S. Each neighbor maintain routes to all destinations, regardless of that receives a request for the first time appends whether or not these routes are needed. In order its identifier to the request and rebroadcasts it. to maintain correct route information, a node Intermediate nodes do the same. The MAC in the must periodically send control messages. request is not checked because only S and T Therefore, proactive routing protocols may waste know the key used to compute it. When this bandwidth since control messages are sent out request reaches the target T, its MAC is checked unnecessarily when there is no data traffic. The by T. If it is valid, then it is assumed by the target main advantage of this category of protocols is that all adjacent pairs of nodes on the path of the that hosts can quickly obtain route information route request are neighbors. Such paths are called and quickly establish a session. Reactive routing valid or plausible routes. The target T replaces protocols can dramatically reduce routing the MAC of a valid route request with an MAC overhead because they do not need to search for computed with the same key that authenticates and maintain the routes on which there is no data the route. This is then sent back (upstream) to S traffic. This property is very appealing in the using the reverse route. For example, a route resource-limited environment. request that reaches an intermediate node Xj is of Routing is a basic network functionality the form that supports communication. In MANETs, each msgS,T,rreq=(rreq,S,T,id,sn,X1,....Xj,macS) node acts as a router forwarding data to other with id a randomly generated route identifier, sn nodes. a session number, and macS an MAC on (rreq, It distinguishes three basic phases in S,T, id, sn) computed by S using a key shared routing: with T. If S,X1, . . .,Xp; T is a discovered route, 1) Route discovery in which one or more routes then the route reply of the target T has the (of adjacent nodes) that link a source S to a target following fixed form for all intermediate nodes T are sought, Xj, 1 ≤ j ≤ p: 2) Route maintenance in which broken links of msgS,T,rrep=(rrep,S,T,id,sn,X1,...Xp,macT) established routes are fixed, and where macT is an MAC computed by T with the 3) Packet forwarding in which communication is key shared with S on the message fields achieved via established routes. preceding it. Route discovery can be proactive or 2.2. Ariadne reactive (on-demand). Proactive routing is Ariadne is an on-demand routing usually table driven with reactive algorithms; algorithm based on the Dynamic Source Routing routes are discovered only when needed. (DSR) protocol. There are several variants of 2.1. The Source Routing Protocol (SRP) Ariadne, depending on which mode of The Source Routing Protocol algorithm is an on- authentication is used to protect route requests: demand algorithm, which enables dynamic, self- one uses digital signatures, one TESLA, and one starting, multihop routing to be established when uses MACs. The MAC version has an optimized a source sensor node wishes to send a data variant that uses iterated MAC computations packet. All the routing messages in SRP are small instead of several independent MACs. In addition and have fixed length. This way less transmission to being more efficient, the iterated MAC version energy is needed for the routing overhead, which has superior security characteristics when compared to the no optimized version. A typical route request that reaches an intermediate node secure even in the (somewhat restricted) ABV Xj, 1 ≤ j ≤ p, on the route S =X0,X1, . . .,Xp, Xp+1 security model. = T is of the form The real-world and ideal-world models msgS, T,rreq=(rreq,S,T,id,X1,..Xj, macsxi...Xj) described in [15] are similar to those used in the where macSX1…Xj is the MAC computed by Xj generic secure reactive system approach [17], with a key it shares with T on the route request [21], but there are some crucial differences. In the received from Xj-1.The route reply of T is ABV framework: msgS, T,rrep=(rrep,S,T,id,X1,..Xp,macT) 1. the adversary does not have full control of where macT is an MAC computed by T with a message delivery schedule, in the sense that the key shared with S on the message field that broadcast channel enforces the concept of precedes it (rrep, S, T, id,X1, . . .,Xp). communication rounds—in particular, the ABV 2.3. EndairA framework does not capture rushing attacks EndairA is one of the most secure on-demand ad (synchrony); hoc network source routing protocols which 2. The adversary may prompt honest parties to provides several defense mechanisms against so initiate new route discoveries but not dishonest many types of attacks. In this paper, we prove the ones, in other words, the ABV security vulnerability of endairA to the tunneling attack framework does not capture concurrent security by presenting an attack scenario against it. We in the presence of route discovery sessions that is also propose a new security mechanism to defend initiated by adversarial nodes; it against the tunneling attack by the utilization of 3. The adversary is no adaptive, i.e., cannot the delay between receiving and sending its initiate new route discoveries as a function of control packets computed locally by all previously observed messages intermediate nodes. Our proposed security 4. The link configuration of an MANET is mechanism can detect probable tunnels in the enforced in the security framework by the route as well as approximate locations of the communication medium functionality (Machine adversarial nodes. It needs no time C in the real-world model of ABV [15]). synchronization between mobile nodes of the 4. ANALYSIS OF ENDAIRA network. It also does not change the number of This implies that the route can be uniquely control packets involved in endairA and only partitioned as follows: each partition consists of a modifies the RREP messages slightly. single on compromised identifier (label) or a Fundamentally, endairA (and the ABV model) sequence of consecutive compromised identifiers. was developed to deal with a class of hidden A plausible route is one whose partitions channels, the intrinsic hidden channels of a correspond to that of a real route that physically wireless broadcast medium in a neighborhood. exists in the network. The security statement of However, security is not achieved because other endairA is that it only accepts plausible routes. hidden channels remain present. Note that this statement also does not consider an 3. ANALYSIS OF ARIADNE adversarial lengthening of a route by assignment This framework was used to analyze SRP of multiple labels to a single compromised and Ariadne, finding them insecure against network node as an attack. Again, this is a strong hidden-channel attacks, and led to the design of restriction on the security guarantees that the endairA, an on-demand route discovery protocol ABV model can provide, but we also follow this that the authors claim to be provably secure. paradigm because we wish to show that endairA Later, the ABV model. In this section, It first fails in the exact model in [15]. outline the ABV framework and the attending 4.1 An Attack on endairA attack on Ariadne. It then describes endairA. This This is a hidden channel attack that does discussion is not original and closely parallels not require out-of-band resources. Consider an arguments. However, it is directly cogent to the instance of endairA with source node S and let novel arguments which show that the security (S; A; X; B; Y; D; T) proof for endairA provided is flawed, and moreover, this route discovery protocol is not be a sequence of identifiers of pair wise neighbor tunneling routing requests. Therefore, it does not nodes in which only X; Y are faulty. In the seem possible to capture or “model out” Sybil attack, when the second faulty node Y receives and wormhole attacks from pure-protocol-based msgS,T,rreq=(rreq,S,T,id,A,X,B) security models. The purpose of routing being to it drops node B from the listing and transmits establish a communication infrastructure, it is msgS,T,rrep=(rrep,S,T,id,A,X,Y,D,sigT, sigD ) always reasonable to assume the existence of Eventually, the route request will reach the target alternative communication channels, namely T, which will compute and send back a route those that route discovery will establish. Even reply. Node Y will then though it is not possible to discover secure routes receive from D in general MANETs, there are several other msg D,A,,rreq=(rreq,D,A,id) approaches that could be used to establish secure Now, Y can obviously attach its label and communication channels. In the following, we signature to this reply and transmit to B the consider two such approaches: multipath routes extended reply, but B will not retransmit it and route discovery with traceability. because B is not included in the listing. 6. PROPOSED RESULT AND Eventually, X will be able to reconstruct these COMPARATIVE STUDY signatures and can then generate the route reply At the end of the project, we expect to msgS,T,rrep=(rrep,S,T,id,A,X,Y,D,sigT, sigD, sigY, have a network which provides more security for sigX) route discovery in Mobile Adhoc network. this is sent back to the source S and validated. Different types of protocols and algorithms are 4.2. Hidden Channel and Concurrency analyzed. Also some papers are surveyed .we are Attacks going to implement a secure system for Ad-Hoc In all the attacks described above, networks using endairA protocol. The protocol including the attacks adversarial nodes succeed in uses blowfish algorithm. shortening plausible routes by removing 6.1. PROPOSED RESULT intermediate nodes. The adversarial nodes use A new security framework tailored for hidden channels to communicate and transfer the on-demand route discovery protocols in necessary data (signatures, etc.). The hidden MANETs. This represents a first effort toward a channels that we considered above do not use formal security model that can deal with out-of-band resources; although this is an obvious concurrent attacks and is successful in mitigating alternative. Let us now pursue our earlier a class of hidden channel attacks—the attacks discussion on interleaving protocol instances. In a that are intrinsic to the wireless broadcast networking environment, one should expect that medium in a neighborhood. several instantiations of a routing protocol are SRP is a secure variant of DSR. Route executed. Some may involve route discovery, discovery is used to discover a route from a given while others route maintenance, data source to a given destination. The neighbor communication, or general network applications. discovery process is performed after the route It makes no sense to require that route request from source node. SRP is simple but it communication can only start when all the other does not prevent the manipulation of mutable route discovery instantiations (and network information added by intermediate nodes. The applications) have been completed. message authentication code is used for the 5. SECURE ROUTE DISCOVERY authentication. The system uses authenticate the CHALLENGES route by Message authentication codes (MACs) Our argument about the impossibility of secure and Digital Signatures. discovery of routes is simple and has been The Blowfish algorithm is used to provide articulated throughout the paper. We base it on confidentiality for the routing packets. the fact that every route discovery algorithm is, in Authentication and confidentiality operations are practice, vulnerable to attacks that exploit used to protect active attacks on route discovery. alternative communication channels to articulate The passive attacks are handled by the neighbor distributed attacks by “encapsulating” and verification method. flexible definitions of routes must be employed or it becomes necessary to address global threats directly, such as those posed by Sybil, wormhole, S. and more generally, man-in-the-middle ALGORITHM/ Accu Spe N Cost attacks. PROTOCOL racy ed o. Medi Hig 1. Secure Routing Protocol High REFERENCES um h Symmetric-key Med [1] Acs, G., Buttya´n.L. and Vajda, I. (2004) 2. Low Low ‘Provably Secure On-Demand Source authentication (MACs) ium Routing disruption Hig Routing in Mobile Ad Hoc Networks’, 3. High High Technical Report 159, Int’l Assoc. for attacks h Crypto logic Research. Ariadne Routing Medi 4. Low High [2] Acs, G., Buttya´n.L. and Vajda, I. (2005) Protocol um ‘Provable Security of On- Demand Medi Med 5. Per-hop hash mechanism Low Distance Vector Routing in Wireless um ium Ad Hoc Networks’,Proc. European Medi Med 6. Digital signatures High Workshop Security and Privacy in Ad um ium Hoc and Sensor Networks (ESAS ’05), Symmetric-key Med pp. 113-127. 7. broadcast authentication High Low ium [3] Acs, G., Buttya´n.L. and Vajda, I. (2006) with TESLA ‘Modeling Adversaries and Security endairA Routing Hig Med Objectives for Routing Protocols in 8. High Protocol h ium Wireless Sensor Networks’, Proc. Med Med Workshop Security in Ad Hoc and 9. Route Discovery High ium ium Sensor Networks (SASN ’06). 10 Medi Hig [4] Beaver, D. and Haber, S. (1992) Route Maintenance Low . um h ‘Cryptographic Protocols Provably 11 Hig Med Secure against Dynamic Adversaries’, Symmetric Block Cipher High . h ium Proc. Conf. Advances in Cryptology 12 Cryptographic hash Med (EUROCRYPT ’92), pp. 307-323. Low Low . function ium [5] Burmester, M., van Le, T., and Weir, M. (2003). ‘Tracing Byzantine Faults in Ad Hoc Networks’, Proc. Conf. Computer, Network and Information Security 2003, 6.2. COMPARATIVE STUDY pp. 43-46, [6] Burmester, M., van Le, T., and Yasinsac, A. (2007) ‘Adaptive Gossip Protocols: Managing Security and Redundancy in Dense Ad Hoc Networks’, J. Ad Hoc 7. FUTURE WORKS AND CONCLUSION Networks, vol. 5, no. 3, pp. 286-297. A new security framework tailored for on- in [7] Buttya´n.L. and Vajda, I. (2004) demand route discovery protocols ‘Towards Provable Security for Ad Hoc MANETs.This is successful in mitigating a class Routing Protocols’, Proc. ACM of hidden channel attacks—the attacks that are Workshop Ad Hoc and Sensor Networks intrinsic to the wireless broadcast medium in a (SASN ’04). neighborhood. [8] Douceur.J.R. (2002) ‘The Sybil Attack’, As future work, in the proposed formal Proc. First Int’l Workshop Peer-to- Peer model, it is impossible to prevent that adversarial Systems (IPTPS ’02), pp. 252-260. nodes break up routes by inserting non existing links. To address this shortcoming, either more [9] Hall,J., Barbeau,M., and Kranakis,E. [16] Papadimitratos, P. and Haas, Z. (2002) (2004) ‘Enhancing Intrusion Detection in ‘Secure Routing for Mobile Ad Hoc Wireless Networks Using Radio Networks’, Proc. SCS Comm. Networks Frequency Fingerprinting’, Proc. IASTED and Distributed Systems Modeling and Int’l Conf. Comm., Internet, and Simulation Conf. (CNDS ’02). Information Technology. [17] Perkins C.E. and Bhagwat, P. (1994), [10] Hu.Y.C., Johnson, D.B., and Perrig, A. ‘Highly Dynamic Destination-Sequenced (2003) ‘SEAD: Secure Efficient Distance Distance-Vector Routing (DSDV) for Vector Routing for Mobile Wireless Ad Mobile Computers’, Proc. ACM Hoc Networks’, Ad Hoc Networks, vol. 1, SIGCOMM, no. 1, pp. 175-192. [18] Perkins, C. (1997) ‘Ad-Hoc On-Demand [11] Hu.Y.C., Perrig, A., and Johnson, D. Distance Vector Routing’, Proc. Military (2002) ‘Ariadne: A Secure on- Demand Comm. Conf. (MILCOM ’97), panel on Routing Protocol for Ad Hoc Networks’, ad hoc networks. Proc. ACM MobiCom. [19] Perrig, J.T.A., Canetti, R., and Song, D. [12] Hu.Y.C., Perrig, A., and Johnson, D. (2000) ‘Efficient Authentication and (2003) ‘Packet Leashes: A Defense Signing of Multicast Streams over Lossy against Wormhole Attacks in Wireless Ad Channels’, Proc. IEEE Symp. Security Hoc Networks’, Proc. IEEE INFOCOM, and Privacy, pp. 56-73. pp. 1976-1986. [20] Pfitzmann, B. and Waidner, M. (2000) [13] Johnson, D. and Maltz D. (1996) ‘Composition and Integrity Preservation ‘Dynamic Source Routing in Ad Hoc of Secure Reactive Systems’, Proc. ACM Wireless Networks’, Mobile Computing, Conf. Computer and Comm. Security, pp. Kluwer Academic Publishers. 245-254. [14] Mike Burmester, Breno de Medeiros [21] Sanzgiri, K., Dahill, B., Levine, B.N., (2009) ‘On the Security of Route Shields, C., and Belding-Royer.E.M. Discovery in MANETs’, IEEE (2002) ‘A Secure Routing Protocol for Ad Transactions on Mobile Computing, vol. Hoc Networks’, Proc. IEEE Int’l Conf. 8, no. 9, pp. 1180-1188. Network Protocols (ICNP ’02). [15] Papadimitratos, P. and Haas, Z. (2002) ‘Securing Mobile Ad Hoc Networks’, Handbook of Adhoc Wireless Networks.