04-08-2012, 10:36 AM
Distributed Security Scheme for Mobile Ad Hoc Networks
1Distributed Security.pdf (Size: 353.02 KB / Downloads: 26)
Abstract
Secured communication in mobile ad hoc network is
a crucial issue due to dynamic nature of the network topology.
Due to lack of centralized control, issuing certificates from a
centralized certification agent is not possible in ad hoc network.
The major problem in providing security services in such
infrastructure less networks is how to manage the cryptographic
keys that are needed. The unique characteristics of mobile ad
hoc networks causes a number of nontrivial challenges to
security design such as open network architecture, shared
wireless medium, stringent resource constraints and highly
dynamic topology. In MANET any node may compromise the
packet routing functionality by disrupting the route discovery
process. These challenges make a case for building multi-fence
security solution that achieves both extensive protection and
desirable network performance. We propose a novel cluster
based security scheme to protect mobile ad hoc network link
layer and network layer operations of delivering packet over the
multihop wireless channel. The dynamic network topology can
be managed efficiently by the proposed cluster based
architecture. A well-behaving node becomes a cluster member
after the initial trust verification process.
INTRODUCTION
In ad hoc network every node is self-organized and each
node can communicate directly with other nodes in the
network An ad hoc network is composed of mobile terminals
that communicate one to the other through broadcast radio
transmissions, i.e., transmissions that reach all the terminals
within the transmission power range. However, due to radio
range limitations, physical broadcasting does not cover all
terminals and a multi-hop scenario, where packets are relayed
by intermediate terminals to reach their destination.
Applications of mobile ad hoc networks can range from
military field communications, where networks must be
deployed immediately without the support of base stations
and fixed network infrastructures, to inter-vehicle
communications, designed for both traffic safety
enhancement and entertainment purposes. Because of the
highly variable environment; all protocols and coordinating
functions in mobile ad hoc networks must be completely
distributed.
RELATED WORK
The traditional key distribution protocols rely on
infrastructure with online trusted third parties. There is also
number of schemes extending this approach to ad hoc
network. [5] Present a hierarchical framework and key
distribution algorithms for dynamic environment, with a
focus on how keys and trust relationships are transferred
when users move between so-called "areas" in the hierarchy.
When distance vector routing protocols such as AODV [4]
are used, the attacker may advertise a route with smaller
distance metric than its actual distance to the destination or
advertise a routing update with a larger sequence number and
invalidate all the routing updates from other nodes. Ad Hoc
Routing Algorithms are a set of design techniques that
strengthen MANET against DoS attacks [14].
SECURITY IN MANET
In contrast to fixed networks a centralized certification
authority is not feasible in ad hoc networks. Distributing the
functionality of certification authority over number of nodes
is a possible solution. This can be achieved by creating n
shares for a secret key and distributing them to n different
node. Key can be generated by combining s shares using
threshold cryptography technique.
Mobile ad-hoc networks are highly dynamic; topology
changes and link breakage happen quite frequently.
Therefore, we need a security solution which is dynamic, too.
Any malicious or misbehaving nodes can generate hostile
attacks. These types of attacks can seriously damage basic
aspects of security, such as integrity, confidentiality and
privacy of the node. Current ad-hoc routing protocols are
completely insecure. Moreover, existing secure routing
mechanisms are either too expensive or have unrealistic
requirements. In ad hoc network, security solution should
isolate the attackers and compromised nodes in the network.
Proactively isolating the attackers ensures that they cannot
continue to attack and waste the network resources in future.
CLUSTER-BASED TOPOLOGY
Clustering is a method by which nodes are placed into
groups, called clusters. A cluster head is elected for each
cluster. A cluster head maintains a list of the nodes belonging
to the same cluster. It also maintains a path to each of these
nodes. The path is updated in a proactive manner. Similarly,
a cluster head maintains a list of the gateways to the
neighboring clusters. Using the information gathered from
the members of the cluster, each cluster head distribute the
shares to the cluster members. Each cluster head select a set
of gateway nodes. In order to have a secure communication
between inter cluster nodes, gateway nodes can act as the
trusted member of the corresponding cluster. Through the
trusted members secured communication link can be
established between two clusters. The cluster head can
operate as a trusted certificate authority and it can distribute
the certificate share to all cluster members. When a member
node fails, at least one of its neighbors reports this node
failure to the cluster head. If a cluster head fails, this cluster
has to be re-organized and it affects the normal functioning of
the network. We propose a novel fully distributed cluster
based security mechanism without cluster head.
IMPLEMENTATION
In order to provide scalability and to enhance the
availability (by providing the service locally), the network is
partitioned into a number of non-overlapping groups called
clusters. A fully distributed architecture is proposed. Clusters
are created using a cluster creation algorithm and each cluster
member maintains a QoS parameter table (about its cluster
members) and a gateway table. Gateway nodes manage the
communication with adjacent clusters. Routing is typically
divided into two types: routing within the cluster (intracluster
routing) and routing between different clusters (intercluster
routing).
CONCLUSION
Key establishment is the bottleneck to providing secure
infrastructure for ad hoc networks. Key pre-distribution
schemes are believed to be the best option for ad hoc
networks, but all of the existing schemes rely on trusted third
party, thus limiting its use in ad hoc networks. Most of the
proposed routing solutions are, as yet, incomplete when it
comes to security issues. We can trust a routing mechanism
only when it guarantees that all transmission will be
protected. Rather than treating the security problems on
individual basis, we'll need to work out routing along with
security in mobile ad-hoc network. In this paper we
proposed a novel security based routing protocol in which the
packets are routed only through the trusted members. The
trust factor of a mobile node is verified and monitored by
neighbor verification and neighbor monitoring modules.