31-03-2014, 03:11 PM
MULTI-HOP NETWORK LEVEL SECURITY PROTECTION IN WIRELESS COMMUNICATION.
MULTI-HOP NETWORK.docx (Size: 160.32 KB / Downloads: 12)
ABSTRACT :
We propose a fair and efficient incentive mechanism to stimulate the node cooperation. Our mechanism applies a fair charging policy by charging the source and destination nodes when both of them benefit from the communication. To implement this charging policy efficiently, hashing operations are used in the ACK packets to reduce the number of public-key-cryptography operations. Moreover, reducing the overhead of the payment checks is essential for the efficient implementation of the incentive mechanism due to the large number of payment transactions. Instead of generating a check per message, a small-size check can be generated per route, and a check submission scheme is proposed to reduce the number of submitted checks and protect against collusion attacks.
OBJECTIVES:
To enable a secure and efficient incentive mechanism to stimulate the node cooperation by reducing the number of public key cryptography operations.
Instead of generating a check per message, a small-size check can be generated per route, and a check submission scheme
EXISTING SYSTEM:
Existing incentive mechanisms is questionable because they impose significant overhead. First, the fair charging policy is to charge both the source and destination nodes when both of them benefit from the communication.
To securely implement this charging policy, two signatures are usually required per message (one from the source node and the other from the destination node).
Integrated cellular and ad hoc relaying systems is new wireless system architecture based on the integration of cellular and modern ad hoc relaying technologies.
PROPOSED SYSTEM:
We propose FESCIM, a Fair, Efficient, and Secure Cooperation Incentive Mechanism, to stimulate the node cooperation in MCN.
In order to efficiently and securely charge the source and destination nodes, the lightweight hashing operations are used in the ACK packets to reduce the number of public-key-cryptography operations.
The destination node generates a hash chain and signs its root, and acknowledges message reception by releasing a hash value from the hash chain.
In this way, the destination node generates a signature per group of messages instead of generating a signature per message
[b]FUNCTIONAL MODULES:
Attacker model:
[/b]
An adversary may compromise and fully control a subset of the sensor nodes, enabling him to mount various kinds of attacks. For instance, he can inject false data packets into the network and disrupt local control protocols such as localization, time synchronization, and route discovery process. Furthermore, he can launch denial-of-service attacks by jamming the signals from benign nodes. However, we place some limits on the ability of the adversary to compromise nodes. We note that if the adversary can compromise major fraction nodes of the network, he will not need nor benefit much from the deployment of replicas. To amplify his effectiveness, the adversary can also launch a replica node attack, which is the subject of our investigation. We assume that the adversary can produce Many replica nodes and that they will be accepted as a legitimate part of the network. We also assume that the attacker attempts to employ as many replicas of one or more compromised sensor nodes in the network as will be effective for his attacks. The attacker can allow his replica nodes to randomly move or he could move his replica nodes in different patterns in an attempt to frustrate our proposed scheme.
[b]Initialization and Key Predistribution:
[/b]
Our scheme employs multiple one-way hash chains to secure the Deluge protocol. Hash chains1 are based on a function H with the property that its computation is easy, whereas its inverse H_1 is extremely difficult to compute. A hash chain with length L is generated by applying H to an initial element repeatedly for L times .. The last value after H has been applied L times is called the committed value of the hash chain . Before the sensor nodes are deployed, the base station constructs S hash chains. It generates S distinct random seed numbers and computes a one-way hash chain with length of L þ 1 starting from each seed. predistribution will not incur the overhead of a Diffie-Hellman key exchange protocol , and .key agreement between the base station and all sensor nodes would require Diffie-Hellman exchanges for each node if the Diffie-Hellman approach is adopted.
Packet preprocessing
In this module we describe the packet preprocessing of the very first packet of program image. The omitted value of the first key chain is used to encrypt the next key element in the order of key dissemination (K1;1 in Fig. 1). The encrypted result is the key update segment for the first hop group. Then, K1 is concatenated with P0 and the result is hashed, yielding the packet authentication segment . The key update segments and packet authentication segments for the successive hop groups are generated in the same way using their corresponding key chains. Finally, all these segments are concatenated with P0 as shown in Fig. 3, giving the first packet to be transmitted. The way in which the key update and packet authentication segments are concatenated with the data packet is used in a countermeasure against tunnel attack. The above packet preprocessing procedure is repeated for successive packets in the image to be broadcast
Packet verification:
In this section, the packet verification for the first data packet destined to the first hop group will be described. The verification of subsequent packets in the other hop groups uses the same procedure with keys corresponding to those that were used in the packet preprocessing. After the preprocessing of a packet and the respective concatenation is transmitted to nodes in the first hop group. After retrieving the correct group information from P00 , the sensor nodes verify the key update segment and packet authentication segments