23-01-2013, 10:53 AM
Secured Routing Scheme for Adhoc Networks
1Secured Routing Scheme.pdf (Size: 160.58 KB / Downloads: 35)
Abstract
A recent trend in Ad Hoc network routing is the
reactive on-demand philosophy where routes are established
only when required. Most of the protocols in this category are
not incorporating proper security features. The ad hoc
environment is accessible to both legitimate network users and
malicious attackers. It has been observed that different
protocols need different strategies for security. The proposed
scheme is intended to be incorporated on the Power Aware
Virtual Node Routing Protocol to protect its routing strategy.
The study will help in making protocol more robust against
attacks and standardizing parameters for security in routing
protocols.
INTRODUCTION
An Ad hoc wireless network is a collection of mobile
devices equipped with interfaces and networking capability.
It is adaptive in nature and is self organizing. A formed
network can be de-formed and again formed on the fly and
this can be done without the help of system administration.
Each node may be capable of acting as a router. Applications
include but are not limited to virtual classrooms, military
communications, emergency search and rescue operations,
data acquisition in hostile environments, communications set
up in exhibitions, conferences and meetings, in battle field
among soldiers to coordinate defence or attack, at airport
terminals for workers to share files etc. Although security has
long been an active research topic in wired networks, the
unique characteristics of Ad Hoc networks present a new set
of nontrivial challenges to security design. These challenges
include open network architecture, shared wireless medium,
stringent resource constraints, and highly dynamic topology.
Consequently, the existing security solutions for wired
networks do not directly apply to the Ad Hoc environment.
The main goal of the security solutions for an Ad Hoc
network is to provide security services, such as
authentication, confidentiality, integrity, anonymity and
availability to mobile users [12].
SECURITY ATTACKS
In this paper, the prime concern is with the attacks targeting
the routing protocols for Ad hoc Networks. These attacks can
be broadly classified into two main categories as: Passive
attacks, Active attacks.
Passive attacks
Passive attacks are the attacks in which an attacker does not
actively participate in bringing the network down. An
attacker just eavesdrops on the network traffic as to
determine which nodes are trying to establish routes, or
which nodes are pivotal to proper operation of the network
and hence can be potential candidates for subversion and
launching denial of service attacks. The attacker can then
forward this information to an accomplice who in turn can
use it to launch attacks to bring down the network. The nature
of attacks varies greatly from one set of circumstances to
another. Some of the generic types of attack [16, 19] that
might be encountered in passive attacks are:
1. Interruption: An asset of the system is destroyed, becomes
unavailable or unusable. This is an attack on availability.
Examples include destruction of a piece of hardware, or
cutting of a communication line.
2. Interception: An unauthorized party gains access to an
asset. This is an attack on confidentiality. The unauthorized
party could be a person, a program or a computer. Examples
include wiretapping to capture data in a network or the illicit
copying of files.
RELATED WORK
Despite the fact that security of Ad Hoc routing protocols is
causing a major roadblock in commercial application of this
technology, only a limited work has been done in this area.
Such efforts have mostly concentrated on the aspect of data
forwarding, disregarding the aspect of topology discovery.
On the other hand, solutions that target route discovery have
been based on approaches for fixed-infrastructure networks,
defying the particular ad hoc network challenges. Dahill et al.
proposed ARAN[ 3], It assumes managed-open environment,
where there is a possibility for pre-deployment of
infrastructure. It consists of two distinct stages. The first
stage is the certification and end-to-end authentication stage.
Here the source gets a certificate from the trusted
certification server, and then using this certificate, signs the
request packet. Each intermediate node in turn signs the
request with its certificate. The destination then verifies each
of the certificates, thus the source gets authenticated and so
do the intermediate nodes. The destination node then sends
the reply along the route reverse to the one in the request,
reply signed using the certificate of the destination. The
second stage is a non-mandatory stage used to discover the
shortest path to the destination, but this stage is
computationally expensive. It is prone to reply attacks using
error messages unless the nodes have time synchronization.
Papadimitratos and Haas [11] proposed a protocol (SRP) that
can be applied to several existing routing protocols. This
protocol assumes a security association between source and
destination nodes.
SECURITY MODEL
Most previous work on secure ad hoc network routing relies
on asymmetric cryptography such as digital signatures [7, 17].
However, computing such signatures on
resource-constrained nodes is expensive, and it is assumed
that nodes in the ad hoc network may be so constrained. As a
general design principle, a node trusts only itself for
acquiring information about which nodes in the network are
malicious. In general, ad hoc network routing protocols do
not need secrecy or confidentiality. These properties are
required to achieve privacy or anonymity for the sender of
messages. The proposed scheme has taken into account the
following design criteria as to achieve complete security in
terms of availability, integrity and authentication, minimal
overhead, network performance in terms of throughput and
node mobility.
PROPOSED SCHEME
The proposed scheme takes care of on demand routing and
also power features along with the concept of virtual nodes
and security parameter. Virtual nodes (VN) are nodes at the
one hop distance from its neighbor. These virtual nodes help
in reconstruction phase in fast selection of new routes.
Selection of virtual nodes is made upon availability of nodes
with their power status and security parameter. Each route
table has an entry for its power status (which is measured in
terms of Critical, Danger and Active state) and number of
virtual nodes attached to it with its security parameter.
Whenever need for a new route arises, check for virtual nodes
are made, their power status is checked and a route is
established. Same process is repeated in route repair phase.
Route tables are updated at each Hello interval as in AODV
with added entries for power status, security and virtual
nodes.
CONCLUSION
An analytical study has been done for contemporary secured
routing protocols for Ad Hoc networks. Areas have been
identified where further work can be done. A new solution
has been proposed as hash key generation. It is clear that
different protocols will have different solutions, and it is
further suggested that the approach can be utilized in DSR
also. The idea has been conceptualized in [18] for DSR.
Hash Key management is one of the best options, though
other options can also be considered depending upon need of
security. As hash key chain is configured as a recursive
chain so these keys are noted in route table. This increases
memory requirements but hash key management is efficient
as it does not involve any additional packet overhead.
Important function is that the routing protocol functions very
similar to the existing one when there are no external attacks.
Whenever an attack occurs additional packets need to be
sent to change the routes established by the malicious
control packets. This increased traffic size will have its
impact on overhead.