[IEEE 2010 IEEE Youth Conference on Information, Computing and Telecommunications (YC-ICT) -...
-
Upload
abdur-rashid -
Category
Documents
-
view
213 -
download
1
Transcript of [IEEE 2010 IEEE Youth Conference on Information, Computing and Telecommunications (YC-ICT) -...
MTSR: Wormhole Attack Resistant Secure Routing for Ad Hoc Network*
���������������������������������������������������������������*This work is supported by the national high technology research and development program(“863” program) of China(NO.2009AA01Z418), the Fundamental
Research Funds for Central Universities(NO.YWF1002009) and China Postdoctoral Science Foundation Funded Project(NO.20090460192)
� �
QIU Xiu-feng1,2 LIU Jian-wei1, Abdur Rashid Sangi1
(1.School of Electronics and Information Engineering, Beihang University, Beijing 100191, China)
(2.Department of Mathematics and Computer, Gannan Normal College, Ganzhou 341000, China)
Abstract
Routing security is an important and well known issue in Ad hoc
network applications and development. Various kinds of solutions
have been proposed but they are impractical to be fully applied. In
this paper, firstly the wormhole attack topology is analyzed, then
cryptography and trust mechanism are combined to design a new
multipath trust-based secure routing protocol(MTSR). MTSR
based on AODV and SAODV, is distributed and can resist almost all
available routing attacks such as discarding, Sybil, spoofing,
jamming, flooding, rushing, and especially wormhole attack. Its trust
value computation follows the principle of slowly increasing but
sharply decreasing, and it does not require any additional equipment,
strict assumptions, node location and precise time information.
Index terms—wormhole attack , trust , multipath, secure routing
1. Introduction
Routing security is a key point affecting the Ad hoc network
application and popularization. Because the inherently vulnerability
of Ad hoc network, various of attacks i.e. discarding, Sybil, spoofing,
jamming, flooding, rushing, and wormhole attack can be launched[1].
The wormhole attack is considered more devastating to overall
network performance which is difficultly detected but quite easy to
initiate [2]. The attacker may establish a tunnel or more between two
or more nodes not neighboring in network, so the routing protocol
related to hop count or delay could be destroyed, and then the
routing is hijacked to the attacking nodes. Most of packets would be
absorbed to the tunnel, and the next step attack would happen at will.
We believe a secure routing protocol is significant in practice
only if it can resist almost all available attacks. Though a substantial
number of solutions have been proposed but these efforts are far
beyond the practical application in some context, especially lack of
resisting all attacks. A single technique could not mitigate all attacks,
so it is necessary to combine different techniques to design a security
aware routing protocol. We first discuss and analyze the wormhole
attack network topology, and then propose MTSR (multipath
trust-based secure routing protocol), which is based on AODV [3],
SAODV [4] and use a combination of cryptography and trust
mechanism. Unlike other secure routing protocols, it is distributed
and does not require any additional equipment, strict assumptions,
node location or precise time information. It can resist almost all
available routing attacks especially wormhole attack. Its trust value
computation follows the rule of slowly increasing but quickly
decreasing. Analysis and simulation show that MTSR outperforms
existing secure routing protocols and quite practical to implement.
2. Related work
Some attacks such as the wormhole attack cannot be resisted by
traditional cryptography[2]. A variety of solutions to detect and resist
the wormhole attack have been proposed[2][5-13]. Many of them
have their own advantages such as distribution[2] [6-9] [11-13],
multipath [9] and trust-based mechanism [9], etc. and can detect and
resist the wormhole attack somewhat. However, there are many
shortcomings or limitations: (1) requiring additional equipments i.e.
directional antennas [11], GPS [2], special RF devices [20] and
special ultrasonic devices [21] etc., precise time information [2]
[12-13] or node location information [2] [7]; (2) a high false alarm
rate[8]; (3) strict assumptions i.e. the Unit Disk Graph (UDG) model
[6], special guard nodes [7] and packets discarding of attack nodes
[9] etc.; (4) lack of resistance to other attacks[6] [8].
Wormhole attack disrupts normal network topology. So many
researchers focus on this point, [5] [7] and [10] analyze the topology
of wormhole attack from different perspectives.
AODV is a widely used Ad hoc routing protocol but unsecure.
SAODV [4]which is based on traditional cryptography, extends
AODV and proposes single or double signature mechanism
___________________________________ 978-1-4244-8886-5/10/$26.00 ©2010 IEEE
according to whether intermediate nodes generate RREP message or
not. It digitally signs the non-mutable part of routing messages,
and protects the mutable part with one-way hash chain. It can resist
attacks such as identity fraud, modification of hop number but
cannot prevent many other attacks such as discarding, wormhole
attack and keeping hop count unvaried while missing hash operation.
The protocol in [9] can resist various attacks. However, while
detecting wormhole attack, it assumes that attack nodes must discard
packets. In addition it is not compatible with the existing ones.
3. Resistance and topology analysis of wormhole attack
We only analyses the case of two attack nodes (More nodes have the
similar nature). Suppose w1 and w2 are possible wormhole nodes
whose topology are shown in figure 1. We believe that generally the
most likely scenario of wormhole attack is building a tunnel between
two distant nodes. If only one of routes in one node (N1) reaching its
2 or 3 hop neighbor node (W2 or N2) has 2 or 3 hop length, but the
lengths of other routes are much greater than 2 or 3, we will
determine the corresponding one-hop neighbor node(W1) and two
hop neighbor node(W2) are wormhole nodes with great probability.
A further conclusion is: if there are multiple paths between two
nodes, and the gap between minimal route length and second
minimal route length is too large, then the route owning minimal
length is likely to contain some wormhole nodes.
�Fig. 1. Topology of wormhole attack
We use multipath trust mechanism to resist the wormhole attack.
For a node N, multipath refers to a different route going through a
different next hop neighbor node. If a neighbor node reaches the
destination node through multipath, node N still takes these routes
as one route. Node N maintains a trust value for each neighbor. We
specially process wormhole nodes or neighbor nodes probably
belonging to a wormhole attack path to reduce their trust value. As
node N sends or forwards packets, it chooses a route according to
the trust values of neighbor nodes in multipath. The higher trust
value a node has, the greater probability it will be chosen.
If the length gap between multipath (the minimal path length and
the second minimal one) is not very large, while a wormhole attack
were launched, it can’t achieve the purpose because the traffic is
divided into different paths.
4. MTSR: multipath trust-based secure routing
4.1 Assumptions and symbol description
The protocol only assumes the link is dual. Description of main
symbols in the protocol is shown in table 1:
Table 1 Description of main symbols
��� Trust value of node �� to neighbor node ��
��� Number of the successful forwarding packets
��� Number of the failing forwarding packets
�� Probability that Node �� forwards packets along
routing j
� � Adjustment factor used in calculation of the trust value
�� � Adjustment factor used in the calculation of the trust
value of wormhole node
�� Anomaly threshold of the route length difference
�� Anomaly threshold of the trust value
4.2 Signature of routing message and hash chain
Signature of routing message and generation or verification of hash
chain are similar to [4].But [4] cannot detect the attack of keeping
hop count unvaried and missing hash operation while forwarding
RREQ or RREP. While calculating trust value, our protocol traces
the neighbor node which forwards packets and detects whether the
neighbor node makes a hash operation to the hash chain of the
RREQ or RREP and increment the hop count or not.
4.3 Establishment of next-hop-different k-path routing table
At any give node when its route number to a destination is less than
k, it sends a RREQ ; after one node receiving a RREQ , it establishes
k next-hop-different routes to the source node, and if the node is the
destination or it have routes to the destination, it would send a RREP
to each reverse route; if one node receives a RREP, it will establishes
or updates the k next-hop-different routes to the destination.
4.4 Computation of the trust value
4.4.1 Computing principle
Similar to human psychology towards each other, we compute the
trust value according to the principle of increasing slowly but
decreasing rapidly; to the nodes suspected as wormhole node, we
accelerate the decline of its trust value; our algorithm do not use the
indirectly recommended values of other nodes to prevent lies; the
computing algorithm should be only related with local neighbors and
distributed; any additional equipment, location information, accurate
time information or strict assumptions is not required.
4.4.2 Computing method
The computational formula of ��� is ��� � ����������
(referring to [9]),
while the computing methods of ��� initiated value: 1 and ���initiated value: 1 are as following
(1) To a broadcast message, if �� is forwarded successfully then
��� � ����� � � ���� � ���� otherwise, ����� � �����
��� � ���� � �.
(2) To a unicast message, assuming there are � ( � � � )
next-hop-different routes to the destination, �� represent the length
of the route whose next hop is ��, d present the difference between
the minimal route length value and the second minimal one in all of
� . While ! " ��, the trust value is higher as the length is shorter.
if �� is forwarded successfully then ��� � # $%&%'()$�
����� � � , ���� �
# $%&*'(+$�
����� ,otherwise, ���� � # $%&%'(+$�
����� , ���� � # $%&*'(+$�
����� � � .
while ! , �� , the trust value is lower as the length is shorter.
if ����is forwarded successfully then ��� � -�+$�
# $%&*'(����� � �,
���� � -�+$�
# $%&*'(��������, otherwise, ����� � -�
+$�# $%&*'(
�����,
���� � -�+$�
# $%&*'(����� � �. . " � � " � � " ��that controls
the trust value increasing slowly but decreasing rapidly ��� �� are
adjustment factor used in calculation of trust value.� � � ���,
�-� � /01� 23�456�71899674�:89;6�2<�899�=3�� 27�6>;89�4=�0=?�@1����������������������������������������������������������������������=456?A276 , if the
minimal value in all of �� is equal to 2 or 3 and ! , ��, then the
probability of existing wormhole node in its neighbors is high, so the
decreasing rate of trust value should be accelerated.
4.5 Routing selection according to probability
If �� receives a unicast message, assuming there are m(� � �)
next-hop-different routes to the destination, and the trust value of
every route is ���, then the probability that node �� forwards the
packets along routing j is �� � B��# B��&�'(
. If ��� " �� then the
message do not be forwarded along routing j but randomly select a
route (��� , �� ) to forward.
4.6 Preventing attacks of jamming, flooding and rushing
If the trust value of node �� to neighbor node �� ��� " ��, then
�� discards packets from ��. If a node launches jamming, flooding
or rushing attacks, then the neighbor area whose center is the node
will congest. The congestion arises discarding and the trust values
that other nodes to nodes in the neighbor area will decrease rapidly
and drop the packets from attacking nodes, so the attacking nodes
will be isolated.
5. Security Analysis
Discarding: If an intermediate node drops all the packets passing
through it (black hole),or selectively discard some packets (gray
hole), the node’s neighbors will reduce the trust value associated
with it. As a result the node will be isolated.
Sybil: Sybil attack means that a malicious node would
impersonate some legitimate nodes and transmit information. In
MTSR, all nodes need to be verified by the digital signature and thus
unable to impersonate any other node.
Wormhole attack: MTSR will give suspected wormhole node
lower trust value than the other nodes, so comparatively fewer
packets will pass through the suspected wormhole node. If in worst
case, the wormhole node also drops the packet, its trust value will be
quickly reduced, then it will be isolated once and for all.
Routing spoofing: In our protocol, each node would digitally sign
the routing information to avoid forged routing attack. In this way, a
source node can track, detect the routing information and thus
prevent routing spoofing attack i.e. unauthorized/illogical
modification of hop count, or keeping hop count unvaried and
skipping hash operation while forwarding RREQ or RREP.
Jamming, flooding and the rushing: When a malicious node
launches a jamming, flooding or rushing attack; other nodes would
reduce the trust value associated to it. In such a way, malicious node
would be bypassed.
6. Simulation Analysis
We evaluate MTSR by simulation and compare it with AODV,
single signature SAODV (SS-SADOV)[4] and double signature
SAODV (DS-SADOV)[4]. All simulations were performed in NS-2,
and the main parameters and their values used in simulation are
shown in Table 2. Simulation on each protocol is repeated 50 times
with the same parameters, and the results are averaged for analysis.
Malicious nodes launched wormhole attacks (and dropped packet)
between 100s and 500s. As shown in Figure 2, unlike AODV,
SS-SAODV or DS-SAODV, only the MTSR maintained a higher
packet delivery rate (PDR) even when the colluding pairs of
malicious node were 5. Figure 3 shows the average change in trust
value of malicious nodes that initiate wormhole attack (during
0s-10s and 99s-109s). It relatively is increasing slowly in the
beginning, then stay maintained and rapidly decline after the
malicious nodes initiate the wormhole attack.
Table 2 Main parameters in simulation
scenario size: 3km*3km Simulating time: 600S
MAC type: 802.11 Node number: 100
Link number:4 Traffic type: CBR
Packet size: 256 bytes
Packet sending rate: 4 packets/s
Random waypoint mobility
Max. speed:20M/s
Min. speed:1M/s
pause time: 0s
�� � .CD �� � .CE� FG � H,�FI � .C.J
Digital signature algorithm: ECC Hash function: md5
Fig. 2. PDR in case of wormhole attack
Fig. 3. Trust value of neighbor nodes to wormhole node
The results also indicates that AODV protocol cannot resist any
attack, while MTSR, SS-SADOV and DS-SADOV protocol can
resist Sybil and routing spoofing attack. Whereas unlike MTSR,
the SS-SADOV and DS-SADOV cannot resist discarding, jamming,
flooding, rushing and the attack of keeping hop count unvaried and
skipping hash operation while forwarding RREQ or RREP.
7. Conclusion
We develop a new secure routing protocol MTSR. Compared to
other available routing protocol, MTSR can resist numerous attacks
especially wormhole attack. It integrates a combination of
cryptography and trust mechanism and is excel for its distribution
and characteristics that does not require any additional equipment,
strict assumptions, node location and precise time information.
References
[1] Abusalah L., Khokhar A. and Guizani M., “A Survey of Secure Mobile
Ad Hoc Routing Protocols” ,IEEE COMMUNICATIONS SURVEYS &
TUTORIALS, VOL. 10, NO. 4, pp.78-93, 2008.
[2] Y. C. Hu, A. Perrig, and D. B. Johnson, “Packet leashes: a defense against
wormhole attacks in wireless ad hoc networks,” in INFOCOM 2003,
[3] C. E. Perkins, E. M. Royer, and S. R. Das., ”Ad hoc on-demand distance
vector (AODV) routing”, IETF, INTERNET DRAFT, MANET working
group, draft-ietf-manet-aodv-10.txt, Jan.2002.
[4] Manel Guerrero Zapata, “Secure Ad hoc On-Demand Distance Vector
(SAODV) Routing draft-guerrero-manet-saodv-06.txt”, Mobile Ad Hoc
Networking Working Group, 5 September 2006
[5] Viren Mahajan, Maitreya Natu, and Adarshpal Sethi, ” Analysis of
Wormhole Intrusion Attacks in MANETS”, in MILCOM 2008
[6] Maheshwari R., Jie Gao, Das S.R., “Detecting Wormhole Attacks in
Wireless Networks Using Connectivity Information”, in INFOCOM 2007
[7] Radha Poovendran and Loukas Lazos, “A graph theoretic framework for
preventing the wormhole attack in wireless ad hoc networks”, Wireless
Networks, VOL. 13, NO. 1, pp. 27-59 , 2007.
[8] Marianne A. Azer, Sherif M. El-Kassas and Magdy S. El-Soudani, “ An
Innovative Approach for the Wormhole Attack Detection and Prevention In
Wireless Ad Hoc Networks”, in ICNSC 2010.
[9] Wojciech Galuba, Panos Papadimitratos, Marcin Poturalski, Karl
Aberer,Zoran Despotovic and Wolfgang Kellerer, “Castor: Scalable Secure
Routing for Ad Hoc Networks”, in INFOCOM 2010
[10] D.Z. Dong, M. Li, Y. H. Liu, et al., “ Topological Detection on
Wormholes in Wireless Ad Hoc and Sensor Networks”, in ICNP 2009.
[11] L. Hu and D. Evans, “Using directional antennas to prevent wormhole
attacks,” in NDSS 2004.
[12] S. Capkun, L. Buttya’n, and J.-P. Hubaux, “Sector: secure tracking of
node encounters in multi-hop wireless networks,” in Proc. of the 1st ACM
workshop on Security of ad hoc and sensor networks, 2003.
[13] N. Sastry, U. Shankar, and D. Wagner, “Secure veri�cation of location
claims,” in Proc. of the 2nd ACM workshop on Wireless security, 2003.
1*2=2 3*2=6 5*2=100
0.2
0.4
0.6
0.8
1
wormhole attack node number
pack
et d
eliv
ery
rate
AODVSS-SAODVDS-SAODVMTSR
0 5 100
0.5
1
time(s)
Tval
ue
99 104 1090
0.5
1
time(s)
Tval
ue