American Journal of Scientific Research ISSN 1450-223X Issue 9(2010), pp.12-22 EuroJournals Publishing, Inc. 2010 http://www.eurojournals.com/ajsr.

htm

An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks
M. Rajesh Babu Senior Lecturer, Department of Computer Science and Engineering, PSG College of Technology Coimbatore 641004, TamilNadu, India E-mail: rajeshbabuphd@gmail.com Tel: +91 9843128310 S. Selvan Principal, Francis Xavier Engineering College Tirunelveli 627003, TamilNadu, India Abstract Limited resource availability such as battery power and security are the major issues to be handled with mobile adhoc networks. In mobile adhoc networks, an attacker can easily disrupt the functioning of the network by attacking the underlying routing protocol. Hence, security in ad hoc networks is still a debatable area. In this paper, we propose to develop an Energy Efficient Secure Authenticated Routing Protocol (EESARP) for mobile adhoc networks, that uses a lightweight, attack resistant authentication mechanism. Our protocol provides efficient security against route discovery attacks using hop-by-hop signatures. It quickly detects the malicious nodes, thus assisting the nodes to drop the invalid packets, earlier. It also uses an efficient node selection mechanism which maximizes network life time and minimizes delay. By detailed simulation studies, we show that EESARP provides better packet delivery ratio with minimized energy.

Keywords: Congestion Control, Mobile Adhoc Networks, Multicasting, admission control, multicast tree.

1. Introduction
A mobile ad-hoc network (MANET) is a multi-hop wireless network is a temporary and without infrastructure in which the nodes can move randomly. These MANETS are able to extend their wireless transmission range of each node by multi-hop packet forwarding. So these MANETS are suited for the situations in which pre deployed infrastructure support is not available. An ad hoc network doesnt have any fixed infrastructure like base stations or mobile switching centers. Mobile nodes which are within the radio range to each other can communicate directly through wireless links whereas the nodes which are far away depend on other nodes to communicate messages as routers. In an ad hoc network the node mobility causes frequent changes of the network topology. Mobile ad hoc networks have their applications in both military and civilian circumstances due to their self-organizing and self-configuring potentials. The routing aspects of MANETs are discussed earlier, while the research activities about security in MANETs are in their beginning stage. Apart from the regular network problems MANETs

13

M. Rajesh Babu and S. Selvan

creates new security problems. Ad hoc networks use all the available nodes for routing and forwarding to increase the throughput of the total network. Therefore when more nodes participate in packet routing it increases the total bandwidth and decreases the possible routing paths and also the possibility of network partition. When a node is overloaded, selfish, malicious or broken it may misbehave by not approving to forward packets. An overload node does not have the CPU cycles, buffer space or available network bandwidth to forward packets. A selfish node expects other nodes to forward packets because it is not willing. A malicious node introduces a denial of service attack by dropping packets. The traditional routing algorithms lack power-aware routing. The security algorithms which have been proposed for MANETs mostly employ lot of authentication techniques and they are not concerned with the exhausting battery power which is a very major issue involved in MANET routing. The mobile ad hoc network needs more security mechanisms than in fixed networks. Through the compromised nodes attackers can interrupt into the network. When the nodes join or leave the network, and roam in the network often, then the network topology becomes highly dynamic. Mobile users request security services when they move from one place to another due to its dynamic nature. To achieve protection and high network performance, a powerful security solution is needed so that The security solution provides protection to each node in the network and the security of the entire network depends on the cumulative protection of all the nodes. The security solution should protect the network from the intruders in both inside and outside the system. The security scheme has to work in its own resource limits like energy supply, communication capacity, and memory and computation capability where these schemes have been adopted by each device. There are three components included in each security solutions they are prevention, detection and reaction. The security system may misbehave when an attacker infiltrates the security system. The network performance may be degraded by the misbehavior of the nodes. In this paper, we propose to develop an Energy Efficient Secure Authenticated Routing Protocol (EESARP) for mobile adhoc networks, which will mitigate the routing misbehavior of nodes in mobile ad-hoc networks. The protocol involves: (i) An efficient node selection mechanism for minimizing network lifetime and delay. (ii) Authentication of source node by the destination node. (iii) Authentication of every intermediate node listed in the packet header, by the destination node (iv) Confirmation of the correctness of nodes sequence in the node list by the source and destination nodes

2. Related Work
An initial approach to detect intrusions in ad hoc networks has been proposed in [1]. In this work, a signature-based IDS monitors activities on the networks and compares them with known attacks. However, a shortcoming of this approach is that new unknown threats cannot be detected [2] proposed a secure routing protocol based on AODV over IPv6, further reinforced by a routing protocolindependent Intrusion Detection and Response system for ad-hoc networks. Yih-Chun Hu et al. [3] have designed and evaluated the Secure Efficient Ad hoc Distance vector routing protocol (SEAD), a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol (DSDV). In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service (DoS) attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, they have used the efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. SEAD has performed well over the range of scenarios they have tested, and

An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks

14

it was robust against multiple uncoordinated attackers creating incorrect routing state in any other node, even in spite of any active attackers or compromised nodes in the network. In [4] they have concentrate on the detection phase and proposed a new mechanism Packet conservation Monitoring Algorithm (PCMA) can be used to detect selfish nodes in MANETs. Though the protocol addresses the issue of packet forwarding attacks, it does not address other threats. YihChun Hu et al. [5] have presented attacks against routing in ad hoc networks, and they have presented the design and performance evaluation of a secure on-demand ad hoc network routing protocol, called Ariadne. Ariadne has prevented the attackers or compromised nodes from tampering with uncompromised routes consisting of uncompromised nodes, and also it has prevented a large number of types of Denial-of-Service attacks. In addition, Ariadne is efficient, using only highly efficient symmetric cryptographic primitives. Panagiotis Papadimitratos and Zygmunt J. Haas [6] have discussed that the Secure Routing Protocol (SRP) counters malicious behavior that has targeted the discovery of topological information. The protection of the data transmission is a separate problem: an intermittently misbehaving attacker is first complying with the route discovery to make itself part of a route, and then corrupt the in-transit data. Protection of data transmission has addressed through their related Secure Message Transmission Protocol (SMT), which has provided a flexible, end-to-end secure data forwarding scheme that naturally complement SRP. They have observed that the processing overhead due to cryptographic operations remains low, allowing the protocol to remain competitive to reactive protocols, which do not incorporate security features at all. In [7] they have proposed a credit-based Secure Incentive Protocol (SIP) to stimulate cooperation in packet forwarding for infrastructureless MANETs. Though the protocol addresses the issue of packet forwarding attacks, it does not address other threats. The 2ACK scheme that serves as an add-on technique for routing schemes to detect routing misbehavior and to mitigate the adverse effect are proposed in [8]. But, the acknowledgement packets are sent even though there is no misbehavior, which results in unnecessary overhead. In [9] they have proposed a novel scheme MARS and its enhancement E-MARS to detect misbehavior and mitigate adverse effects in ad hoc networks. In this scheme, a route failure or link failure prevents the information packets from reaching the destination. Moreover, if a selfish node does not forward the information packet or modifies the contents of the information packet, the destination may not be able to detect the misbehavior. Patwardhan et al. [10] have presented their approach of securing a MANET using a thresholdbased intrusion detection system and a secure routing protocol. They have presented a proof-of-concept implementation of their IDS deployed on handheld devices and in a MANET testbed connected by a secure version of AODV over IPv6-SecAODV. While the IDS have helped detect attacks on data traffic, SecAODV incorporates security features of non-repudiation and authentication, without relying on the availability of a Certificate Authority (CA) or a Key Distribution Center (KDC). They have presented the design and implementation details of their system, the practical considerations involved, and how these mechanisms are used to detect and thwart malicious attacks. Huaizhi Li and Mukesh Singhal [11] have presented an on-demand secure routing protocol for ad hoc networks based on a distributed authentication mechanism. The protocol has made use of recommendation and trust evaluation to establish a trust relationship between network entities and it uses feedback to adjust it. The protocol does not need the support of a trusted third party and it discovers multiple routes between two nodes. Sergio Marti, et al., described two techniques which in turn improves the throughput in an adhoc network. They analyzed two possible extensions to DSR to mitigate the effects of routing misbehavior in adhoc networks namely watchdog and the pathrater. Among the two, watchdog was used to identify the misbehaving nodes and pathrater helps the routing protocol to avoid the misbehaving nodes [12]. Katrin Hoeper and Guang Gong, introduced two full functional identity-based authentication and key exchange schemes for mobile adhoc networks. They presented the first key revocation and key

15

M. Rajesh Babu and S. Selvan

renewing algorithms for IBC (Identity- based cryptographic) schemes. They utilized certain features of IBC schemes such as pre-shared secret keys from pairings and efficient key management to design MANET-IDAKE schemes which met certain special constraints and requirements of MANET's [13]. Gergely Acs et al. [14] have proposed a mathematical framework in which security is precisely defined and routing protocols for mobile ad hoc networks has proved to be secure in a rigorous manner. Their framework was tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Their approach was based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but, to the best of their knowledge, it has not been applied in the context of ad hoc routing so far. They have also proposed an on-demand source routing protocol, called endairA, and they have demonstrated the use of their framework by proving that it is secure in their model. Syed Rehan Afzal et al. [15] have explore the security problems and attacks in existing routing protocols and then they have presented the design and analysis of a secure on-demand routing protocol, called RSRP which has confiscated the problems mentioned in the existing protocols. Moreover, unlike Ariadne, RSRP has used a very efficient broadcast authentication mechanism which does not require any clock synchronization and facilitates instant authentication.

3. Energy Efficient Secure Authenticated Routing Protocol

3.1. System Design and Algorithm Overview The Energy Efficient Secure Authenticated Routing Protocol (EESARP) is the most proficient protocol that has been proposed in this is paper. It makes use of the trivial and attack resistant authentication protocol. The proposed protocol is very effective as it detects the malicious node quickly and it provides security against the route discovery attacks. In this proposed protocol, before the transmission of the data to target, the sender should generate a temporary key pair. The secret key list SS that has been generated using the concept of one way hash function and public key by hashing the element of SS are the contents of temporary key pair. After key generation, the sender sends the public key to the appropriate destinations. The source builds the verification information using SS list and it is included along with the route request packet. When an intermediate node receives the request, it will check for the verification information of the source using its PS. If the information is correct the packet will be forwarded else discarded. When the route request reaches the target, the validity of the verification of source is checked by the destination also. It will discard the packet if the information is found to be wrong. In order to improve the reliability of the route request packet, a MAC based authentication code is used. If in case any changes made to route request packet including the verification Information by the intermediate node, it can be easily identified by the destination node with the help of MAC code. The packet will be discarded if it is found to be changed. In turn the destination node sends back the reply packet in the same way. In communication-related tasks, energy consumption depends on the communication mode of a node. A node may either in a mode of transmit, receive or idle. Transmission consumes more energy than the other two modes. So as to maximize the overall average battery lifetime of the nodes, the selection of the routes are made out in such a way that the transmission and reception of packets are intelligently distributed on the network. In addition to the security features of our proposed protocol, a power aware routing algorithm is used, which enhances the routing problem and manages the network resources of achieving fair resources usage across the network node. We have taken the AODV routing protocol as the base and modify according to the proposed protocol.

An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks 3.2. Efficient Node Selection

16

In order to achieve a power-aware routing algorithm, a new metric ENodeProb (Efficient node selection probability), is proposed which maximizes path availability and minimizes travel time of packets, and therefore it provides a good balance between selection of fast paths and a better use of network resources. ENodeProb is defined as the probability to find best nodes, in terms of the residual energy and end-to-end delay. Assume that node N i is available for routing with a probability P( N i ) . ENodeProb for the node N i is expressed as ProbN i = P( N i ).P( Li ) (1) Where ProbN i is ENodeProb and P( Li ) is the probability of link availability P( N i ) is expressed in terms of the residual energy and P( Li ) with respect to end-to-end delay. If R E represents the residual energy of node N i , P( N i ) can be expressed as P( N i ) = R E / R I (2) Where R I is the initial energy of the node N i . Therefore, from (1) and (2) ENodeProb is, ProbN i = ( R E / R I ) P( Li ) (3) In the optimization, if the residual energy of the nodes is not considered, then the energy in the best paths node will be used more unfairly than the other nodes in the network. Because of their battery depletion, these nodes may fail after a short time, whereas other nodes in the network may still have high energy in their batteries. Each node N i estimates its ProbN i value and exchanges this information along with the HELLO packets. 3.3. Route Discovery Process In the proposed protocol, once a node S want to send a packet to a destination node D, it initiates the route discovery process by constructing a route request RREQ packet. It contains the source and destination ids and a request id, which is generated randomly and a MAC computed over the request id with a key shared by the sender and the destination. If sends the RREQ packets to those nodes whose ENodeProb values is high. When an intermediate node receives the RREQ packet, it calculates the When an intermediate node receives the RREQ packet for the first time, it appends its id to the list of node ids and signs it with a key which is shared with the destination. It then forwards the RREQ to its neighbors. Let N1, N 2 ,L, N m 1 nodes are there, between the source S and the destination D. Then the route request process is illustrated as below:

When the destination receives the accumulated RREQ message, it first verifies the senders request id by recomputing the senders MAC value, with its shared key. It then verifies the digital signature of each intermediate node. If all these verifications are successful, then the destination

17

M. Rajesh Babu and S. Selvan

generates a route reply message RREP. If the verifications fail, then the RREQ is discarded by the destination. It again constructs a MAC on the request id with the key shared by the sender and the destination. The RREP contains the source and destination ids, The MAC of the request id, the accumulated route from the RREQ, which are digitally signed by the destination. The RREP is sent towards the source on the reverse route. When the intermediate node receives the RREP packet, it checks whether its id is in the list of ids stored by the RREP. It also checks for the ids of its neighbors, in the list. The intermediate node then verifies the digital signature of the destination node stored in the RREP packet, is valid. If the verification fails, then the RREP packet is dropped. Otherwise, it is signed by the intermediate node and forwarded to the next node in the reverse route. When the source receives the RREP packet, it first verifies that the first id of the route stored by the RREP is its neighbor. If it is true, then it verifies all the digital signatures of the intermediate nodes, in the RREP packet. If all these verifications are successful, then the source accepts the route. The source also verifies the request id that it sent along with RREQ packet. If it received back the same request id from the destination, it means that there is no replay attack. If the source does not get the RREP packet for a time period of t seconds, it will be considered as a route breakage or failure. Then the route discovery process is initiated by the source again. The route reply process is illustrated as below:

In this protocol, authentication is performed for both route request and route reply operations. Also, only nodes which are stored in the current route need to perform these cryptographic computations. So the proposed protocol is efficient and more secure.

4. Performance Evaluation
4.1. Simulation Model and Parameters We use NS2 to simulate our proposed algorithm. In our simulation, the channel capacity of mobile hosts is set to the same value: 2 Mbps. We use the distributed coordination function (DCF) of IEEE 802.11 for wireless LANs as the MAC layer protocol. It has the functionality to notify the network layer about link breakage. In our simulation, 100 mobile nodes move in a 1000 meter x 1000 meter square region for 50 seconds simulation time. We assume each node moves independently with the same average speed. All nodes have the same transmission range of 250 meters. In our simulation, the minimal speed is 5 m/s and maximal speed is 10 m/s. The simulated traffic is Constant Bit Rate (CBR). Our simulation settings and parameters are summarized in table 1

An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks
Table 1: Simulation Settings
1000 X 1000 100 802.11 250m 50 sec CBR 512 5m/s t 10m/s 5,10,15,20, 25 10,20,30,40, 50

18

Area Size No. of Nodes Mac Radio Range Simulation Time Traffic Source Packet Size Speed Misbehaving Nodes Pause time

4.2. Performance Metrics We evaluate mainly the performance according to the following metrics. Control overhead: The control overhead is defined as the total number of routing control packets normalized by the total number of received data packets. Average end-to-end delay: The end-to-end-delay is averaged over all surviving data packets from the sources to the destinations. Average Packet Delivery Ratio: It is the ratio of the number .of packets received successfully and the total number of packets transmitted. Average Energy Consumption: The energy consumption is averaged over all nodes. The simulation results are presented in the next section. We compare our EESARP with the SAODV [14] and RSRP [15] protocols in presence of malicious node environment. 4.3. Results A. Based On Malicious Nodes In our First experiment, we vary the no. of misbehaving nodes as 5,10,15,20 and 25.
Figure 1: Attackers Vs Delivery Ratio

Attackers Vs DelRatio 0.8 DelRatio 0.6 0.4 0.2 0 5 10 15 20 25 Attackers SAODV EESARP RSRP

19
Figure 2: Attackers Vs Delay
Atackers Vs Delay 8 Delay 6 4 2 0 5 10 15 20 25 Attackers

M. Rajesh Babu and S. Selvan

SAODV EESARP RSRP

Figure 3: Attackers Vs Overhead

Attackers Vs Overhead 5000 4000 3000 2000 1000 0 5 10 15 20 25 Attackers

Overhead

SAODV EESARP RSRP

Figure 4: Attackers Vs Energy

Attackers vs Energy 0.4 Energy (J) 0.3 0.2 0.1 0 5 10 15 20 25 Attackers SAODV EESARP RSRP

Figures 1 show the results of average packet delivery ratio for the misbehaving nodes 5,10,.25 for the 100 nodes scenario. Clearly our EESARP scheme achieves more delivery ratio than the SAODV and RSRP scheme since it has both reliability and security features. Figure 2 shows the results of average end-to-end delay for the misbehaving nodes 5,10,.25. From the results, we can see that EESARP scheme has slightly lower delay than the SAODV and RSRP scheme because of authentication routines

An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks

20

Figure 3 shows the results of routing overhead for the misbehaving nodes 5,10,.25. From the results, we can see that EESARP scheme has less routing overhead than the SAODV and RSRP scheme since involves route re-discovery routines. Figure 4 shows the results of energy consumption for the misbehaving nodes 5, 10,.25. From the results, we can see that EESARP scheme has less energy than the SAODV and RSRP scheme since it has the energy efficient routing. B. Based On Pausetime In our Second experiment, we vary the pausetime as 10,20,30,40 and 50, with 5 attackers.
Figure 5: Pause time Vs Delivery Ratio
Pausetim e Vs DelRatio 1.5 DelRatio 1 0.5 0 10 20 30 40 50 Pausetim e SAODV EESARP RSRP

Figure 6: Pause time Vs Delay

Pausetim e Vs Delay 6 Delay 4 2 0 10 20 30 40 50 Pausetim e SAODV EESARP RSRP

21
Figure 7: Pause time Vs Overhead
Pausetim e Vs Ovehead 2500 2000 1500 1000 500 0 10 20 30 40 50 Pausetim e

M. Rajesh Babu and S. Selvan

Overhead

SAODV EESARP RSRP

Figures 5 show the results of average packet delivery ratio for the pausetimes 10,2050 for the 100 nodes scenario. Clearly our EESARP scheme achieves more delivery ratio than the SAODV and RSRP scheme since it has both reliability and security features. Figure 6 shows the results of average end-to-end delay for the pausetimes 10,20.50. From the results, we can see that EESARP scheme has slightly lower delay than the SAODV and RSRP scheme because of authentication routines Figure 7 shows the results of routing overhead for the pausetimes 10,20.50. From the results, we can see that EESARP scheme has less routing overhead than the SAODV and RSRP scheme since involves route re-discovery routines.

5. Conclusion
In mobile adhoc networks, an attacker can easily disrupt the functioning of the network by attacking the underlying routing protocol. Hence, security in ad hoc networks is still a debatable area. In this paper, we have developed an Energy Efficient Secure Authenticated Routing Protocol (EESARP) for mobile adhoc networks which uses a lightweight, attack resistant authentication mechanism. Our protocol provides efficient security against route discovery attacks using hop-by-hop signatures. It quickly detects the malicious nodes, thus assisting the nodes to drop the invalid packets, earlier. It also uses an efficient node selection mechanism which maximizes network life time and minimizes delay. By detailed simulation studies, we have shown that EESARP provides better packet delivery ratio with minimized energy.

An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks

22

References
[1] Farooq Anjum and Dhanant Subhadrabandhu and Saswati Sarkar, 2003. Signature based Intrusion Detection for Wireless Ad-Hoc Networks: A Comparative study of various routing protocols Vehicular Technology Conference. VTC 2003-Fall. 2003 IEEE 58th, Oct. 2003. Anand Patwardhan, Jim Parker, Anupam Joshi, Michaela Iorga and Tom Karygiannis, 2005. Secure Routing and Intrusion Detection in Ad Hoc Networks Third IEEE International Conference on Pervasive Computing and Communications. PerCom 2005. Yih-Chun Hu, David B. Johnson and Adrian Perrig, 2002."SEAD: Secure Efficient Distance Vector Routing for MobileWireless Ad Hoc Networks", in proceedings of IEEE Workshop on Mobile Computing Systems and Applications, pp.3-13. Tarag Fahad & Robert Askwith, 2006. A Node Misbehaviour Detection Mechanism for Mobile Ad-hoc Networks The 7th Annual PostGraduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting. YihChun Hu, Adrian Perrig and David B. Johnson," Ariadne: A Secure on Demand Routing Protocol for Ad Hoc Networks", Technical Report, Rice university 2001. Panagiotis Papadimitratos and Zygmunt Haas, 2002."Secure Routing for Mobile Ad Hoc Networks", in proceedings of conference on SCS Communication Networks and Distributed Systems Modeling and Simulation, pp.27-31. Yanchao Zhang, Wenjing Lou, Wei Liu, and Yuguang Fang, 2007. A secure incentive protocol for mobile ad hoc networks, Wireless Networks (WINET), vol 13, issue 5. Liu, Kejun Deng, Jing Varshney, Pramod K. Balakrishnan, Kashyap, 2007. An Acknowledgment-based Approach for the Detection of Routing Misbehavior in MANETs IEEE Transactions on Mobile Computing. Li Zhao and Jos G. Delgado-Frias, 2007. MARS: Misbehavior Detection in Ad Hoc Networks Global Telecommunications Conference. GLOBECOM '07. IEEE Publication Date: 26-30 Nov. 2007. A. Patwardhan, J. Parker, M. Iorga, A. Joshi, T. Karygiannis and Y. Yesha, 2008. "Thresholdbased intrusion detection in ad hoc networks and secure AODV", Vol.6, No.4, pp.578-599. Huaizhi Li and Mukesh Singhal, 2006."A Secure Routing Protocol for Wireless Ad Hoc Networks", in proceedings of 39th Annual Hawaii International Conference on System Sciences, Vol.9. Sergio Marti, T.J. Giuli, Kevin Lai, and Mary Baker, 2000. Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, in proc. of 6th International Conference on Mobile computing and networking, pp: 255-265. Katrin Hoeper and Guang Gong, 2006."Bootstrapping Security in Mobile Ad Hoc Networks Using Identity-Based Schemes with Key Revocation", Technical Report CACR 2006-04, Centre for Applied Cryptographic Research. Gergely Acs, Levente Buttya, and Istvan Vajda, 2006."Provably Secure On-Demand Source Routing in Mobile Ad Hoc Networks", IEEE Transactions on Mobile Computing, Vol. 5, No. 11, pp.1533-1546. Syed Rehan Afzal, Subir Biswas, Jong-bin Koh, Taqi Raza, Gunhee Lee, and Dong-kyoo Kim, 2008. "RSRP: A Robust Secure Routing Protocol for Mobile Ad hoc Networks", IEEE Conference on Wireless Communications and Networking, pp.2313-2318.

[2]

[3]

[4]

[5] [6]

[7] [8]

[9]

[10] [11]

[12]

[13]

[14]

[15]