Improvement in Routing Mechanism for Mobile Ad Hoc Networks

7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks

1/12

Improvement in Routing Mechanism for Mobile

Ad hoc Networks

Guided By: Submitted By:

Prof. Your Guide Name Bhaumik Patel

Designation 3rd

Sem, M. E. (CE)

MODASA


2/12

ACKNOWLEDGEMENT

I am thoroughly thankful to Your Guide Name for providing me the opportunity and right

direction to study and present something new and interesting about MANETs security,

specifically said about AODV routing protocol.

Bhaumik Patel


3/12

Page 1

1. Abstract

Today new applications of mobile ad hoc networks including wireless sensor networks,

ubiquitous computing and peer-to-peer applications, introduce a need for strong privacy

protection and security mechanisms.

To provide protection in wireless communication between mobile nodes in a hostile

environment, security is primary and fundamental issue. Compared to wired network MANETs

having couple of problems in security design due to lack of the infrastructure, open peer-to-peer

network architecture, shared wireless medium, limited resource constraints and highly dynamic

network topology. With these challenges security must provide protection in MANETs with

desirable network performance.

Here I would like to focus on fundamental security problems and possible solutions in MANETs

with review of state-of-the-art security proposals suggested in this area.

MANETs routing protocols are being developed without having security in mind. In most of

them it is assumed that all the nodes in the network are friendly and trusted. I consider the

problem of incorporating security mechanism into routing protocols for ad hoc networks. I look

at AODV (Ah-hoc On-demand Distance Vector) in detail and try to check possibility to develop

a security mechanism to protect its routing information.

AODV is one of the widely used routing protocols that is currently undergoing extensive

research and development. AODV is reactive which means that it builds routes only when they

are first needed. AODV is based on distance vector routing, but the updates are shared not on a

periodic basis but on an as per requirement basis. The control packet contains a hop count and

sequence number field that identifies the freshness of routing updates. As these fields are

mutable, it creates a potential vulnerability that is frequently exploited by malicious nodes to

advertise better routes. Similarly, transmission of routing updates also discloses vital information

about network topology, which is again a potential security hazard. So here I will try to focus

first on various possible security flaws and then on possible security solutions of AODV.

The Secure AODV is an extension of the AODV routing protocol that can be used to protect the

route discovery mechanism providing security features like integrity and authentication. Two

mechanisms are used to secure the AODV messages: digital signatures to authenticate the non-

mutable fields of the messages, and hash chains to secure the hop count information (the only

mutable information in the messages). For the non-mutable information, authentication is

perform in an end-to-end manner, but the same kind of techniques cannot be applied to the

mutable information. The information relative to the hash chains and the signatures is transmitted

with the AODV message as an extension message


4/12

Page 2

2. Introduction

MANETs has two unique characteristics: self-configuration and self-maintenance capabilities.

The existing security solutions for wired networks cannot be directly applicable to the MANETs.

In addition, self organization property is assumed in MANETs which is the ability of a mobile ad

hoc network to work without any external management or configuration.

Security in MANETs is very difficult to achieve due to links vulnerabilities, the limited physical

protection of each of the nodes, the sporadic nature of connectivity, the dynamic changing

topology, the absence of a certification authorities and lack of centralized monitoring or

management point.

In MANETs, there is nothing like a clear line of defense or boundary which separates inside

network from outside world. On the other side, the existing ah hoc routing protocols, such as

AODV(Ad hoc On-demand Distance Vector) and DSR(Dynamic Source Routing) assumes

trusted and cooperative environment which makes very easy to attack on MANETs.

Security never comes for free. Adding more security features into the mobile wireless networks,

increases computation, communication and management overhead. In addition, network

performance in terms of scalability, service availability, robustness and so on, becomes key

factor in resource-constrained ad hoc networks. In fact, both dimensions, security strength and

network performance are equally important and achieving a good trade-off between these two is

itself one fundamental challenge in security design for MANETs.

3. Attacks

Attacks on the basic mechanisms, such as routing.Attacks on the security mechanisms, such as key management.

Main vulnerabilities of the basic mechanisms are nodes can be easily captured and compromised,

communication performed over the air, algorithms are assumed to be cooperative and routing

mechanisms are more vulnerable in ad hoc networks.

While main vulnerabilities of the security mechanisms are public key can be maliciously

replaced, some keys can be compromised, trusted server can be controlled etc.

3.1 Attacks on network-layer operations

The major two network-layer operations in MANETs are ad hoc routing and data packets

forwarding. Both operations are vulnerable to malicious attacks. Based on that we are having two

categories of attacks: routing attacks and packet forwarding attacks.

Routing attacks in AODV are, attacker may advertise a route with a small distance than its actual

distance to the destination, or advertise routing updates with a large sequence number and invalid

all the routing updates from other nodes. So there is a need to identify and defeat more subtle and

sophisticated routing attacks.


5/12

Page 3

Packets forwarding attacks do not disrupt the routing protocol. Instead they cause data packets to

be delivered in a way that intentionally inconsistence with the routing states. For example, the

attacker along an established route may drop the packets, modify the contents of the packets or

duplicate the packets it has already forwarded.

4. Review of state-of-the-art security proposals for MANETs

There are two approaches of security in MANETs: Proactive and Reactive. Both the approaches

have their own advantages and are suitable for addressing different issues of MANETs security.

For example, most secure routing protocols have proactive approach, while reactive approach is

widely used to protect packet forwarding operations.

In addition to these, security encompasses three main components: prevention, detection and

reaction. In the MANETs, the prevention component is mainly achieved by secure ad hoc routing

protocols that prevent the attacker from installing incorrect routing states at other nodes. These

protocols are based on earlier ad hoc routing protocols like DSR, AODV, DSDV(Destination-Sequenced Distance Vector) and employ different cryptographic primitives (e.g. HMAC, digital

signature, hash chains) to authenticate the routing messages.

Detection observes abnormal behavior of malicious node if any. Once an attacker node is

detected, the reaction component makes adjustment in routing and forwarding operations.

4.1 Network Layer Security

According to earlier proposals, network layer security has two categories: secure ad hoc routing

protocols and secure packet forwarding protocols. Here I would like to discuss only secure ad

hoc routing protocols with its possible solutions because there is no much work done in this area.There are several cryptographic primitives for message authentication, the essential component

in any security design like HMAC (Message Authentication Codes), Digital Signature, Hash

Chains etc.

4.1.1 Secure Ad hoc Routing

This takes the proactive approach and enhances the existing ad hoc routing protocols, such as

DSR and AODV, with security extensions. In these protocols, each mobile node proactively

signs its routing messages using the cryptographic authentication primitives described above.

This way, collaborative nodes can efficiently authenticate the legitimate traffic and differentiate

the unauthorized packets from outsider attackers.

Following are the major two types of routing protocols.

Source Routing

The main challenge is to ensure that each intermediate node cannot remove existing nodes from

the route or add extra nodes to the route. The basic technique is to attach a per-hop authenticator


6/12

Page 4

for the source routing forwarder list so that any altering of the list can be immediately detected.

A secure extension of DSR is Ariadne that uses a one-way HMAC key chain for the purpose of

message authentication.

Distance Vector Routing

For the DVR protocols such as AODV and DSDV, the main challenge is that each intermediate

node has to advertise the routing metric correctly. For example, when hop count is used as the

routing metric, each node has to increase the hop count by one exactly. A hop count hash chain is

devised so that an intermediate node cannot decrease the hop count in a routing update. Note that

a hash chain for this purpose does not need time synchronization, which is different from one-

way HMAC key chain for authentication.

In general most of the attacks on a routing protocol can be classified as:

Non-forwarding

Traffic deviations

Lack of error messages

Frequent route updates

Route modification

Finding an efficient solution to these problems in an open ad hoc environment is still an open

issue.

5. AODV Protocol

Ad-hoc On-Demand Distance Vector (AODV) is inherently a distance vector routing protocol

that has been optimized for ad-hoc wireless networks. It is an on demand protocol as it finds the

routes only when required and is hence also reactive in nature. AODV borrows basic route

establishment and maintenance mechanisms from the DSR protocol and hop-to-hop routing

vectors from the DSDV protocol. To avoid the problem of routing loops, AODV makes

extensive use of sequence numbers in control packets. When a source node intends

communicating with a destination node whose route is not known, it broadcasts a RREQ (Route

Request) packet. Each RREQ packet contains an ID, source and the destination node IP

addresses and sequence numbers together with a hop count and control flags. The ID field

uniquely identifies the RREQ packet; the sequence numbers inform regarding the freshness of

control packets and the hop-count maintains the number of nodes between the source and the

destination. Each recipient of the RREQ packet that has not seen the Source IP and ID pair or

doesnt maintain a fresher (larger sequence number) route to the destination rebroadcasts the

same packet after incrementing the hop-count. Such intermediate nodes also create and preserve

a REVERSE ROUTE to the source node for a certain interval of time. When the RREQ packet


7/12

Page 5

reaches the destination node or any node that has a fresher route to the destination a RREP

(Route Reply) packet is generated and unicasted back to the source of the RREQ packet. Each

RREP packet contains the destination sequence number, the source and the destination IP

addresses, route lifetime together with a hop count and control flags. Each intermediate node that

receives the RREP packet, increments the hop count, establishes a FORWARD ROUTE to the

source of the packet and transmits the packet on the REVERSE ROUTE. For preserving

connectivity information, AODV makes use of periodic HELLO messages to detect link

breakages to nodes that it considers as its immediate neighbors. In case a link break is detected

for a next hop of an active route a RERR (Route Error) message is sent to its active neighbors

that were using that particular route. Optionally, a Route Reply Acknowledgement (RREP-ACK)

message may be sent by the originator of the RREQ to acknowledge the receipt of the RREP.

RREP-ACK message has no mutable information.

6. AODV Message Formats

Figure 1: Route Request (RREQ) Message Format

Mutable fields: Hop Count

Figure 2: Route Reply (RREP) Message Format

Mutable fields: Hop Count


8/12

Page 6

Figure 3: Route Error (RERR) Message Format

Mutable fields: None

Figure 4: Route Reply Acknowledgment (RREP-ACK) Message Format

Mutable fields: None

7. Security flaws of AODV

The major vulnerabilities present in the AODV are: (i) Deceptive incrementing of sequence

numbers and (ii) Deceptive decrementing of hop-count.

Actually there are seven main requirements to secure AODV protocol properly.

A. Authorized nodes to perform route computation and discovery

B. Minimal exposure of network topology

C. Detection of spoofed routing messages

D. Detection of fabricated routing messages

E. Detection of altered routing messages

F. Avoiding formation of routing loops

G. Prevent redirection of routes from shortest paths


9/12

Page 7

Moreover since AODV has no security mechanisms, malicious nodes can perform many attacks

just by not behaving according to the AODV rules. A malicious node M can carry out the

following attacks (among many others) against AODV:

1. Impersonate a node S by forging a RREQ with its address as the originator address.

2. When forwarding a RREQ enervated by S to discover a route to D, reduce the hop count field

to increase the chances of being in the route path between S and D so it can analyze the

communication between them.

3. Impersonate a node D by forging a RREP with its address as a destination address.

4. Impersonate a node by forging a RREP that claims that the node is the destination and, to

increase the impact of the attack, claims to be a network leader of the subnet SN with a big

sequence number and send it to its neighbors.

5. Electively, not forward certain RREQs and RREPs, not reply to certain RREPs and notforward certain data messages.

8. Securing AODV

We assume that there is a key management sub-system that makes it possible for each ad hoc

node to obtain public keys from the other nodes of the network. Further, each ad hoc node is

capable of securely verifying the association between the identity of a given ad hoc node and the

public key of that node. How this is achieved depends on the key management scheme.

Two mechanisms are used to secure the AODV messages: digital signatures to authenticate the

non-mutable fields of the messages, and hash chains to secure the hop count information (the

only mutable information in the messages). For the non-mutable information, authentication is

performing in an end-to-end manner, but the same kind of techniques cannot be applied to the

mutable information. The figures given above show the structure of the AODV messages and

indicate what the mutable fields of the messages are.

In short, securing the AODV protocol can be divided into the following three broad categories:

1) Key Exchange, 2) Secure Routing and 3) Data Protection

9. SAODV Introduction

9.1 Secure AODV hash chains


10/12

Page 8

Secure AODV uses hash chains to authenticate the hop count of RREQ and RREP messages in

such a way that allows every node that receives the message (either an intermediate node or the

final destination) to verify that the hop count has not been decremented by an attacker.

9.2 Secure AODV digital signatures

Digital signatures are used to protect the integrity of the non-mutable data in RREQ and RREP

messages. That means that they sign everything but the Hop Count of the AODV message and

the Hash from the Secure AODV extension. When a RREQ is received by the destination itself,

it will reply with a RREP only if it fulfills the AODVs requirements to do so. This RREP will be

sent with a RREP Signature Extension. When a node receives a RREP, it first verifies the

signature before creating or updating a route to that host. Only if the signature is verified, will it

store the route with the signature of the RREP and the lifetime.

9.3 SAKM

Simple Ad hoc Key Management (SAKM) provides a key management system that makes it

possible for each ad hoc node to obtain public keys from the other nodes of the network. Further,

each ad hoc node is capable of securely verifying the association between the identity of a given

ad hoc node and the public key of that node. This is achieved by using statistically unique and

cryptographically verifiable address.

10. Security Requirements

In most domains, the primary security service is authorization. Routing is no exception.

Typically, a router needs to make two types of authorization decisions. First, when a routing

update is received from the outside, the router needs to decide whether to modify its local routing

information base accordingly. This is import authorization. Second, a router may carry out

export authorization whenever it receives a request for routing information. Import authorization

is the critical service.

In traditional routing systems, authorization is a matter of policy. For example, gated, a

commonly used routing program1, allows the administrator of a router to set policies about

whether and how much to trust routing updates from other routers: e.g., statements like trust

router X about routes to networks A and B. In mobile ad hoc networks, such static policies are

not sufficient (and unlikely to be relevant anyway).

Authorization may require other security services such as authentication and integrity.

Techniques like digital signatures and message authentication codes are used to provide these

services.


11/12

Page 9

In the context of routing, confidentiality and non-repudiation are not necessarily critical services.

The problem of compromised nodes is not addressed here since it is, arguably, not critical in non

military scenarios. Availability is considered to be outside of scope. Although of course it would

be desirable, it does not seem to be feasible to prevent denial-of-service attacks in a network that

uses wireless technology (where an attacker can focus on the physical layer without bothering to

study the routing protocol).

Therefore, in this research work the following requirements were considered:

Import authorization: It is important to note that in here it is not referring to the traditional

meaning of authorization. What means is that the ultimate authority on routing messages

regarding a certain destination node is that node itself. Therefore, route information will only be

authorized in a routing table if that route information concerns the node that is sending the

information. In this way, if a malicious node lies about it, the only thing it will cause is that

others will not be able to route packets to the malicious node.

Source authentication: Nodes need to be able to verify that the node is the one it claims to be.

Integrity: In addition, nodes need to be able to verify that the routing information that it is

being sent to us has arrived unaltered.

The two last security services combined build data authentication, and they are requirements

derived from our import authorization requirement.

11. Conclusion

The multidimensional trade-offs among security strength, communication overhead,

computational complexity, power consumption and scalability still remain largely unexplored.

So collective efforts from researchers working in different areas such as wireless networking,

mobile systems and cryptography are required to provide best security in the entire manner for

MANETs. Moreover, Finding an efficient solutions to attacks on a routing protocols in MANETs

is still very crucial and not much explored open issue.

AODV is being developed without having security in mind. Because of that there are many

security flaws inside AODV have been observed. So there is a solid need to improve AODV by

adding security extensions using key management, digital signature, hash chains etc.


12/12

Page 10

12. Future Work

I will try to

Compare different routing protocols for MANETs (e.g. AODV, DSR, DSDV, TORA) Check possibilities to add security extensions in that selected routing protocol (making

new secure version of earlier protocol)

Measure overall performance, communication overhead, computation complexity,scalability of new secure routing protocol with earlier ordinary (insecure) version of

protocol.

Study of available secure versions of AODV. Try to find major problems in existing secure versions of AODV.

\

References

[1] H Yang, H.Y. Lue, F Ye, S.W. Lu and L Zhang, Securing in mobile as hoc networks:

challenges and solutions (2004) IEEE wireless communications 11(1), pp. 38-47.

[2] Jean-Pierre, Levente Buttyan, Srdan Capkun, The Quest for security in mobile ad hoc

networks. (2001) by ACM.

[3] Maxim Raya Jean-Pierre, The Security of Vehicular ad hoc networks (2005) by ACM.

[4] Konrad Wrona, Distributed Security: Ad hoc Networks & Beyond, Pamps Workshop,RHUL, 2002.

[5] Pirzada, McDonald, Security Routing with the AODV Protocol (2005) IEEE pp.57-61

[6] Kullberg Performance of the Ad hoc On demand Distance Vector RoutingProtocol

[7] Manel Zapata, Secure Ad hoc On-Demand Distance Vector (SAODV) Routing, INTERNET

DRAFT (September 2006) draft-guerrero-manet-saodv-06.txt

[8] Arshad, Azad Performance Evaluation of Secure On-Demand Routing Protocols for Mobile

Ad-hoc Networks, 2006 IEEE

[9] http://www.crhc.uiuc.edu/wireless/assignments/simulation

Improvement in Routing Mechanism for Mobile Ad Hoc Networks

Documents

Transcript of Improvement in Routing Mechanism for Mobile Ad Hoc Networks