Proceedings of 2007 International Symposium on Intelligent Signal Processing and Communication Systems Nov.28-Dec.1, 2007 Xiamen, China
A SECURE ROUTING MECHANISM IN AODV FOR AD HOC NETWORKS Liu Jinghua1, Geng Peng2,Qiu Yingqiang1,Feng Gui1 1
2
College of Information Science & Engineering , Huaqiao University, Quanzhou, China College of Communication Engineering, Nanjing Institute of Technology, Nanjing, China
ABSTRACT Ad Hoc network is particularly vulnerable due to the lack of any centralized infrastructure. However, the typical ondemand routing protocols for Ad Hoc networks such as AODV and DSR have no security considerations and trust all the participants to correctly forward routing and data traffic. In this paper, the foundational conception of Ad Hoc networks and the routing attacks in them are introduced. A secure routing solution based on watchdog mechanism and credence value mechanism is proposed over the AODV. The watchdog mechanism is defined to judge whether a node has abnormal behavior in process of forwarding information. The credence value mechanism is used to evaluate a node’s credit standing. The performance of average end-to-end delay, packet drop ratio, routing load and average throughput are proved well by computer simulation.
1. INTRODUCTION Ad Hoc network is a special peer-to-peer network which is self-creating, self-organizing, self-administrating and dynamically reconfiguration. A node can communicate with other nodes that are out of the direct range with the help of other nodes. So each node seeks the assistance of its neighbors in forwarding packets and there are always multi hops from source node to destination node. Comparing with other mobile communication networks, Ad Hoc networks don't need any fixed base station and their topology changes quickly. These lead to new vulnerabilities of attacks which are unknown in wired networks. Computer simulations have shown that if 10%40% of the nodes in an Ad Hoc network misbehave, then the average throughput degrades by 16%-32% [1]. So it is necessarily to research on routing security in Ad Hoc networks. Section 2 briefly introduces the possible routing attacks and the security routing protocols in Ad Hoc networks. Section 3 elaborates on the new approach to
1-4244-1447-4/07/$25.00 ©2007 IEEE
enhance the security of AODV [2] protocol which includes watchdog mechanism and credence value mechanism. The details of the computer simulation works and performance analysis are given in section 4. In section 5, brief conclusions are given. 2. ROUTING ATTACKS AND SECURITY PROTOCOLS IN AD HOC NETWORKS Routing attacks in Ad Hoc networks can be classified into two types, passive and active [3]. In a passive attack, the attacker does not disrupt the operation of a routing protocol but only eavesdrops on the network. Because the passive attack does not affect the performance of network, we do not discuss it in this paper. In an active attack, the attacker must be able to inject some packets into the network. The latter type of attack is particularly powerful and fatal. Some types of active attacks, including black hole, neighbor attack, wormhole, denial of service (DoS), information or location disclosure, rushing attack, jellyfish attack, Byzantine attack and blackmail attack have been addressed in literature [4]-[6]. Some secure routing protocols such as ARAN [7], Ariadne [8], SAODV [9], SRP [10] have been recently developed to protect an Ad Hoc network from attacks [11]. Table 1 is a comparison of the previously presented secure Ad Hoc routing protocols. 3. SECURITY ENHANCEMENT MECHANISM 3.1. THE WATCHDOG MECHANISIM We call a node is a mutual neighbor if it is the neighbor of two different nodes. Just as shown in Figure 1, node W1 is mutual neighbor it is the neighbor of both A and B. Node W2 and W3 are also mutual neighbors. W1
S
A
W2
B
W3
C
E
Figure 1 mutual neighbor listening mechanism
435
D
Proceedings of 2007 International Symposium on Intelligent Signal Processing and Communication Systems Nov.28-Dec.1, 2007 Xiamen, China
Suited protocol Requirements
Primary secure technology Secure route in request Secure route in reply Shortest path identification Assure route freshness Use of cached route
Table 1 comparison of some secure routing protocols ARAN Ariadne SAODV AODV, DSR DSR AODV Establishes trusted Using the TESLA system for Distributes certification authority. protecting broadcast messages, the signed public Distributes and existence of a shared secret keys to all maintains all nodes’ between source and destination nodes. public keys. node and clock synchronization. Digital Signature One-way Hash Chains, Message One-way Hash Authentication Code Chains, Digital Signature Yes Yes Yes
No
Yes
Yes
Yes
Optional
No
No
No
Yes
Yes
Yes
Yes
No
No
Yes
No
3.2.1. Credence value based on forwarding behavior Cr represents the credence value based on forwarding behavior, Crd is the direct value and Cri is the indirect value. Nrs and Nrf represent the cumulative sum of successful and failed events of forwarding information. Then the direct value of node A vs. B which based on forwarding behavior is equal to: C Ard→B =
A node’s behavior can be classified into forwarding behavior and attack behavior. Otherwise, we classify the credence value into direct value and indirect value. Just as shown in Figure 2, a node’s credence value can be classified into four kinds. direct value
{ {
credence valuebased on forwarding behavior credence valuebased on attack behavior
indirect value direct value indirect value
N rs N rs + N rf
(1)
If there have other nodes C1, C2 ... Ck also have evaluated the credence value of node B, so the indirect value of node A vs. B which based on forwarding behavior is equal to: C Ari →B = C Ard→B ×
3.2. THE CREDENCE VALUE MECHANISIM
{
Message Authentication Code
Yes
We assume node B is malicious node. S is the source node and D is the destination node. When A forwards RREQ or data packets or sends back RREP, W1 listens to A just like a watchdog [12], Including the information from S whether has been forwarded or not, which node receives the forwarding information, and whether the information has been tampered or not. Because W1 knows the next hop of A, black hole attack and wormhole attack will be detected. If just using S to listen to A, the malicious node cannot be detected when multiple nodes (node A and B for example) collude to bring the network down for S does not know the next hop of A. This is the reason the concept of mutual neighbor is introduced.
credence value
SRP DSR The existence of a shared secret between source and destination node.
1 k Cn → B ∑ Crd k n =1
(2)
According to (1) and (2), we can generalize the credence value based on forwarding behavior is equal to: C r = pCArd→B + qC Ari →B (3) where p≥0,q≥0 and p + q = 1. 3.2.2. Credence value based on attack behavior Cm represents the credence value based on attack behavior, C0 is the initialization, Cmd is the direct value, Cmi is the indirect value and m is the cumulative sum of attack. Then the direct value of node A vs. B which based on attack behavior is equal to: C Amd→B = 2− m × C0B − △C (4) B where C0 represents the initialization of node B. △C is a fixed value, and 0≤△C≤1.
Figure 2 structure of credence value
436
Proceedings of 2007 International Symposium on Intelligent Signal Processing and Communication Systems Nov.28-Dec.1, 2007 Xiamen, China
If there have other nodes C1, C2 ... Ck also have evaluated the credence value of node B, so the indirect value of node A vs. B which based on attack behavior is equal to: C
A →B mi
=C
A →B md
1 k × ∑ CCmdn →B k n =1
(5)
According to (4) and (5), we can generalize the credence value based on attack behavior is equal to: A →B C m = rCmd + sC Ami→B (6) where r≥0,s≥0 and r + s = 1. 3.2.3. Final credence value If C represents the final credence value, we can generalize the C according to (3) and (6): (7) C = Cr + Cm When the value of C is less than some gateway, we judge the node which holds C is malicious node. Some types of attacks can be detected by this secure mechanism as shown in table 2. Table 2 detect against attacks Attacks Whether can be detected Black hole Yes Neighbor Yes Wormhole Yes DoS Yes Information Disclosure No Rushing NA Jellyfish Yes Byzantine NA Blackmail No
•
Maximum speed: 20 m/s.
•
Simulation duration: 600 seconds.
•
Physical link bandwidth: 2 Mbps.
•
MAC layer: IEEE 802.11.
The computer simulation results are shown in the Figure 3~Figure 6. It can be seen that the end-to-end delay is increased about four times when the network is attacked. The common neighbor listening mechanism reduces delay about 50%. The maximum of delivery ratio is 64% increased when there have attack behaviors in the network. The delivery ratio of AODV with defense mechanism is almost the same as that of the AODV without attacks. Figure 5 shows that the routing load of the network is increased by the malicious nodes. After implementing the proposed secure mechanism, it considerably decreases the routing load by identifying the malicious node and isolating them from the network. The average throughput is twice reduced when the network is attacked. It is obviously increased by AODV with defense.
4. SIMULATION AND RESULTS ANALYSES We take the black hole attack for example. The performance of average end-to-end delay, packet drop ratio, routing load and average throughput are evaluated by computer simulation using ns-2 [13] by putting the watchdog mechanism and credence value mechanism into AODV. We also watch carefully the differences between the normal AODV and AODV under attacks, in which some nodes are made to play the role of attackers. The nodes in the computer simulation move according to the Random Waypoint Algorithm [14]. The scenario is defined with a set of parameters as follows: • Number of nodes: 50. •
Number of malicious nodes: 5.
•
Simulation area: 1000m×1000m.
•
Date rate: 1 packet / s.
•
Packet size: 512 byte.
•
Traffic type: CBR.
Figure 3 average end-to-end delay Vs pause time
Figure 4 packet drop ratio Vs pause time
437
Proceedings of 2007 International Symposium on Intelligent Signal Processing and Communication Systems Nov.28-Dec.1, 2007 Xiamen, China
REFERENCES [1] S. Marti, T.J. Giuli, K. Lai, M. Baker, “Mitigating routing misbehavior in mobile ad hoc networks,” 6th MobiCom, Boston, Massachusetts, August 2000. [2] C. E. Perkins, E. M. Royer, and S. Das, “Ad hoc On-demand Distance Vector (AODV),” RFC 3561, July 2003. [3] C.E. Perkins and E. M. Royer, “Ad-hoc On-Demand Distance Vector Routing,” Proc. 2nd IEEE Workshop, Mobile Comp. Sys. And Apps. Feb. 1999, pp. 90 – 100.
Figure 5 routing load Vs pause time
[4] N. Uushona and W T Penzhorn, “Towards the Security of Routing in Ad Hoc Networks,” IEEE ISIE 2005, June 20-23, 2005. [5] Yih-Chun Hu, Adrian Perring and David B. Johnson, “Wormhole Attacks in Wireless Networks,” IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 24, NO. 2, FEBRUARY 2006. [6] Hoang Lan Nguyen and Uyen Trang Nguyen, “Study of Different Types of Attacks on Multicast in Mobile Ad Hoc Networks,” IEEE ICNICONSMCL’06, 2006. [7] Kimaya Sanzgiri, Bridget Dahill, Brian Neil Levine, Clay Shields, Elizabeth M. Belding-Royer , “A Secure Routing Protocol for Ad Hoc Networks,” In Proceedings of 2002 IEEE International Conference on Network Protocols(ICNP), November 2002.
Figure 6 average throughput Vs pause time 5. CONCLUSIONS AND FUTURE WORK In this paper, a secure mechanism in AODV for Ad Hoc networks is proposed to detect attack behaviors. The computer simulations demonstrate that the method can efficiently detect black hole attack without introducing much routing control overhead to the network. In the future, we would like to further explore this mechanism in different circumstances and take it to other routing protocols such as DSR. We also would like to mend this mechanism to detect the attacks such as Information Disclosure attack and Blackmail attack. ACKNOWLEDGEMENTS This paper was jointly supported by the Natural Science Foundation of Fujian Province of China under Grant(NO. A0610022), the China Postdoctoral Science Foundation (NO. 20060390180), the Youth Technological Talent Innovative Project of Fujian Province of China (NO. 2006F3086) and the Scientific Research Foundation of Huaqiao University (NO. 06BS217, NO. 07HRZ28).
[8] Yih-Chun Hu, Adrian Perrig, David B. Johnson , “Ariadne: A secure On-Demand Routing Protocol for Ad Hoc Networks,” in Proceedings of the MobiCom 2002, September 23-28, 2002, Atlanta, Georgia, USA. [9] M. G. Zapata, “Secure ad hoc on-demand distance vector (AODV),” [S]. Routing. Mobile Ad Hoc Networking Group, INTERNET DRAFT, Aug, 2001. [10] P. Papadimitratos, Z. Haas, “Secure routing for mobile Ad Hoc networks,” in Proceedings of the SCS communication Networks and Distributed Systems Modeling and Simulation Conference, San Antonio, TX, January 27-31,2002. [11] PATROKLOS G. ARGYROUDIS AND DONAL O’MAHONY, “Secure routing for mobile ad hoc networks,” IEEE Communications Surveys & Tutorials, Third Quarter 2005. [12] S. Marti, T.J. Giuli, K. Lai, M. Baker, “Mitigating routing misbehavior in mobile ad hoc networks,” 6th MobiCom, Boston, Massachusetts, August 2000. [13] http://www.isi.edu/nsnam/ns/. [14] J. Broch, D.A. Maltz, D.B. Johnson, Y.C. Hu, J. Jetcheva, “A performance comparison of multi-hop wireless ad hoc network routing protocols,” In: Proceedings of MOBICOM’98, Dallas, TX, 1998 pp. 85-97.
438