Chapter 1

Introduction
A wireless ad hoc network is a collection of autonomous nodes or terminals which communicate with each other by forming a multi-hop radio network and maintaining connectivity in a decentralized manner. The principle behind ad hoc networking is multihop relaying, which means that the messages are transmitted by the other nodes if the target node is not directly reachable. The absence of any central coordinator and base station makes it difficult to manage the network. The various properties of Ad-Hoc Network are given below:

No fixed topology: The network topology in an ad-hoc wireless network is highly dynamic due to the mobility of nodes. They may move in and out of the range of each other. The topology changes if one of those events happens, e.g. the route table and the multicast table must be changed accordingly. This increases the difficulty to management the network.

Limited energy: Mobile devices use generally battery power, which is exhaustible. In order to save the energy, some devices may be in sleepy mode. During this period they are possibly not reachable, or do not process traffic, or change to normal mode with latency. On one hand most wireless devices use spread spectrum communications, which need the receiving and decoding of the signal. These are expensive operations that consume much power. On the other hand some complex computations are also very expensive, for example modular exponentiation, which makes it difficult to implement the public key systems for ad hoc networks.

Limited processor: Most mobile devices have cheap and slow processors, because fast processors cost much more and the size should be as smart as possible to make it easy to take. Hence it takes much time to operate some complex computations. 1

Limited storage capability and other resources: Because of the size and cost restrictions, the most mobile devices are equipped with limited storage capability. Due to the wireless technologies the network bandwidth is also limited.

Transient connectivity and availability: Many nodes may not be reachable at some time so that they can save power. Each node is a router: The nodes out of the range of a fixed node can not be directly reached by this node. They can only be reached by packet forwarding of other nodes.

Shared physical medium: Unlike wired networks, every device within the range can access the transmission medium. Lack of central management: Ad hoc networks can be established everywhere and every time. Generally there is no central management available, and we can also not assume that any information is shared.

Due to these issues such as shared physical medium, lack of central management, limited resources, no fixed and highly dynamic topology, ad hoc networks are much more vulnerable to security attacks. Hence it is very necessary to find security solutions, which are much more difficult to develop than in wired networks. The following security goals must be satisfied for the Ad Hoc networks. They are confidentiality, integrity, availability, authentication, non-repudiation.

In an Ad Hoc network each mobile node discovers the neighbor nodes which are within communication range and establishes direct communications paths with the nodes in the range. For communications with the nodes which are not within the radio range of nodes to the route must be taken from the intermediate nodes to reach the destination. These intermediate nodes acts as router which receives the data coming from the source and forwards the data to destination This situation is of potential security concern as their can be attack possible by the intermediate node. The first is that the intermediate node can drop the packets to disrupt the ongoing communication process causing denial of service. Secondly any intermediate node can impersonate to be other node and the whole communication is disrupted. Thirdly the intermediate node can send back the incoming

traffic back to the path from where it came creating loop backs. Fourth it may generate it own packet and forward it towards the destination. These all attacks must be taken care of for the proper working of the Ad Hoc networks. Here is where an authentication procedure must be used for authenticating the mobile nodes to each other. Also the secure routing procedures must be used and proper encryption decryption mechanisms must be employed.

Authentication is a process carried out by two parties in order to identify each other. Without authentication an unauthorized malicious node can join the network and can use the network resources and can also disrupt the functioning of the network. So it is very important to protect a malicious node to be a part of the network. So the authentication mechanism must be such that it must start from the initialization of the network and proper authentication must be employed at every point when a new node joins the network because even encryption decryption is worthless if the communicating nodes had not authenticated their identities.

After the initialization of the network it is bound to grow, meaning that more nodes will be joining the network and also some of the node will leave the network. Proper management of the whole network is thus also important. For the management of the whole network the clustering method is used. As the network grows the nodes are divided into different clusters. Each cluster has a cluster head which has the various functionalities to perform.

Now after the management of the nodes using the clustering, communication part must be addressed. The communication between the nodes must be secure i.e it must use some encryption decryption methods to sent data from one node to another and also the method must be such that it must not be possible for intermediate nodes to have a look at the contents of the communication data. For this we uses public key encryption technique accompanied with the secure key chain encryption method to make the communication more secure. The method for encryption decryption can only be by using public key encryption or the variant of usage of key chain and public key encryption together.

Next after the whole mechanism is being defined the mechanism must be analyzed for the security breaches and any security breach must be removed from it. The mechanism has the possibility of an attack i.e man in middle attack. The attack can be performed by the intermediate node that is malicious node and have the unwilling effects on the ongoing process. The solution to the attack is given by finding an alternative route to the destination node and by getting the proper acknowledgement from the destination node.

There had been a lot of work on the area of the authentication and particularly on the area of the cluster based security architectures. Keun-Ho Lee and Sang-BumHan describes a secure cluster-routing protocol based on a multilayer scheme in ad hoc networks. The work provides scalable, threshold authentication scheme in ad hoc networks. The proposed protocol designs an end-to-end authentication protocol that relies on mutual trust between nodes in other clusters. The strategy takes advantage of a multilayer architecture that is designed for an authentication protocol in a cluster head (CH) using a new concept of control cluster head (CCH) scheme. It proposes an authentication protocol that uses certificates containing an asymmetric key and a multilayer architecture so that the CCH is achieved using the threshold scheme, thereby reducing the computational overhead. It also uses a more extensive area, such as a CCH, using an identification protocol to build a highly secure, highly available authentication service, which forms the core of our security framework. Jason H. Li, Renato Levy, Miao Yu and Bobby Bhattacharjee describe a scalable key management and clustering scheme for secure group communications in MANETs. The cluster approach used is Distributed and Efficient Clustering Approach (DECA).DECA is energy efficient and resilient against node mobility. The scalability problem is solved by partitioning the communicating devices into subgroups, with a leader in each subgroup, and further organizing the subgroups into hierarchies. Each level of the hierarchy is called a tier or layer. Key generation, distribution, and actual data transmissions follow the hierarchy. Communications are generally restricted within a subgroup at a tier. M.Bechler provides other security architecture based upon clustering. A network wide distributed certification infrastructure forms a basis for securing end-to-end communication by public key cryptography. Every node participating in the network holds a self-generated key pair.

Public keys are distributed in the ad hoc network using certificates issued by a trustworthy CA.the role of the distributed CA is assigned to the cluster heads of the network. Intra cluster communication is based upon symmetric key that is known to cluster nodes. A new node joining in the network can only have access rights when its public key is being signed by the cluster head.

The research has been extensive but none of the schemes addresses that how the network has been initialized. All the work that has been done so far starts from some starting point that means that the network is already in place and there are authenticated nodes and authenticated cluster present in it. The main emphasis is being given on authenticated on the new node joining in. Also the mechanism also uses the symmetric key encryption for the intra cluster communication which is security breach as every node present in a cluster can listen to the ongoing communication. The method uses a single method of encryption i.e is public key encryption. Public keys of a node can be impersonated by some intermediate node and also there will be no information to source and destination about it.

So to cover up all the security breaches that are present in the relevant work, we had developed a cluster based security architecture that will provide the mechanism that will give technique to start the network from the scratch. The architecture will provide secure routing mechanism which will use two kinds of encryption techniques. Then the possible attacks are being analyzed and removed from the architecture.

Contributions of the thesis:

The contributions of the thesis are as following:

1. A network establishment scheme which establishes the network for the start as follows: The network has no node in the start and the network establishment phase will start from the scratch. This will prevent the malicious nodes from being the part of the network.

As soon as nodes join the authentication process takes place to authenticate the nodes to each other. The authentication mechanism involves the use of hash functions, and the nodes authenticate to each other.

After the initial phase of authentication and as more nodes join the network there must be some mechanism to manage the network. The mechanism followed in this scheme is cluster based. The clustering takes place with the predefined clustering algorithm which is associatively based clustering scheme.

2. The security architecture: The authentication of the any two nodes is based upon the hash function which is supposed to be present only with the authorized nodes. The hash function is such that it is possible to calculate in the forward direction but not possible to calculate in backward direction. The management of a cluster is given to the cluster head which is being chosen by the clustering scheme. The CH announces its public key to all the nodes and get the public keys of all the nodes encrypted by its public key. The nodes uses the public keys to just initialize the communication after that they uses the hash functions to generate the key chain and encrypt and decrypt the data with the key of key chain. The intra cluster routing is done by the gateways which are full members of one cluster. The gateway has to authenticate to the external cluster and the cluster has to authenticate to the gateway node to which it gets in the contact. The scheme uses the hash functions for authentication. For a new node to join the network it must first be a part of some existing cluster and then authenticate itself to the cluster nodes and get the certificates from the existing full members. After getting certain number of certificates the node becomes a full member.

3. Routing mechanism: In routing the levels of authentication is being maintained for intra cluster and inter cluster routing.

Intra cluster routing takes place through only full members. The source node gets the public key of destination node encrypted by its own node and sends its own public key to destination node encrypted by that node.

Inter cluster routing also uses the full members for routing. Gateways are used which are full members. Gateways authenticate to external cluster and checks for the authenticity of the external cluster. After authentication phase public keys are exchanged between the source and destination and communication takes place.

4. Attack possibility: There is proper authentication mechanism being employed but still there is possibility of a malicious node that may be present on the shortest path from source to destination which can impersonate the node or drop the ongoing packets to the destination. The attack has been eliminated by using cooperative alternative route finding mechanism. In the alternative route finding technique an alternative route which is not the shortest from source to destination is being found. This route is used to get the acknowledgement from the destination about the ongoing communication from the shortest path. If communication is not fine than the malicious node can be detected and can be excluded from the network.

Figure 1.1 shows the various phases of the thesis

The simulation for finding of the alternative path and to get the acknowledgement from the destination node for the detection of the malicious node is done in C++. The simulation shows the results for the three parameters. The first parameter is the distance that is being traversed for finding the alternative path. The second parameter is time taken to get acknowledgement from the destination node. The third parameter is number of nodes that are being traversed in finding the total alternative path to destination.

Organization of the thesis

This thesis has eight chapters.

Chapter 1 gives the outline of the thesis. It gives introduction and various properties of Ad Hoc networks. Then it provides the background work which is being analyzed. Then

it provides the importance of work and orientation of the thesis. Then it provides the results parameters.

Chapter 2 gives the review of security for Ad Hoc networks. It gives the various security requirements for the Ad Hoc network and also provides the attack categories and describes the different attack possibilities in brief.

Chapter 3 provides with the literature survey about the various techniques that are used for security purposes which includes: symmetric-key cryptography, digital certificates, and threshold public-key cryptography, trust negotiation system, various authentication protocols and finally the cluster based security architectures.

Chapter 4 provides with the proposed cluster based security architecture giving routing mechanisms for intra and inter cluster routing, gateways selection technique, and log on procedure for new nodes.

Chapter 5 provides the man in the middle attack and alternative route finding algorithm to detect the attack and eliminate the malicious nodes. . Chapter 6 provides with the simulation strategy that is being implemented to show the results. Also analysis of the algorithm is also done provide time complexity, advantage and utilities of it.

Chapter 7 gives the various simulation results and discusses the outcomes from it.

Chapter 8 provides with the conclusion and future work.

CHAPTER 2

Review of the state of the art of MANET security

2.1 Security Requirements: The security requirements of MANETs are similar to that of other networks. They can be briefly summarized as follows: Access control: The need to restrict access of network resources to the authorized entities and the unauthorized entities must be restricted from the use of the network resources. Authentication: The authentication scheme must be such that it properly identifies the node and checks for the authenticity of the node and also checks that the node is actually the same to which it claims to be. The mechanism must also check that the data packets that are coming are from the source from which it are supposed to come from. Integrity: Integrity ensures the data to be in its original form as it starts from the source. It ensures that data is not being tampered on the way from source to destination. Confidentiality: It ensures that data from source to destination goes in such a way that no other node on the way can have access to the data and only the authorized entity for which the data has been intended to reach can have the access to the data. To ensure confidentiality proper encryption decryption mechanism must be employed. Availability: Network resource must be available to only the authorized entities without much delay.

2.2 Attack Categories on Ad Hoc Networks

The nodes in the Ad Hoc network are connected through the wireless range that every mobile nodes and due to this they form a topology. Also in Ad Hoc network nodes can

10

move at any time resulting in the change of the neighbor and so because of this mobility the network topology changes.

Figure 2.1 shows the topology change by the movement of the nodes

Due to this continue mobility and change in the network topology there are various attack possible on the networks. These attacks are divided in two categories: 1. ACTIVE 2. PASSIVE

2.2.1 Active Attacks

Active attacks are those in which the attacker actually disrupts the traffic or send bogus packets to the destination node. Some of active attacks are explained below:

1. Modification Attacks: Attacks using modification are generally targeted against the wholeness of routing calculations and so by modifying routing information an attacker can cause network traffic to be dropped, redirected to a different destination, redirected to take a longer route to the destination increasing communication time and send back to such a node creating loopback in the communication . The black and grey hole attacks are launched by modifying the routing packets to point to a particular node, which in turn drops or forwards packets at its own judgment.

11

Routing loop attacks takes place in by modify routing information in such a way that routing packets take such a path that the packets traverse a cycle, so the packets will keep on traversing in a circle and dont reach their intended destination.

In increase in route length attack routing information is modified in such a way that routing packets take a longer path to the destination. This attacker in such cases are the compromised nodes that lies in the path from source to destination and compromised nodes send packets to a route longer that the shortest path possible.

In Battery Exhaustion Attack routing packets are modified in such manner that the network traffic is concentrated towards a single target node. This nodes battery will be consumed in receiving excess packets.

2. Fabrication Attack: Fabrication attacks are performed by generating false routing messages. These attacks are difficult to recognize as they are received as genuine routing packets. The rushing attack is a typical instance of malicious attacks using fabrication. This attack is targeted against on demand routing protocols that use duplicate containment at each node. An attacker quickly disseminates routing messages throughout the network, suppressing any later genuine routing messages when nodes drop them due to the duplicate suppression. Similarly an attacker can nullify a working route to a destination by fabricating routing error messages claiming that a neighbor can no longer be contacted.

3. Impersonation Attack: A malicious node can launch many attacks in a network by masquerading as another node (spoofing). Spoofing occurs when a malicious node misrepresents its identity by altering its MAC or IP address or ID in order to alter the change the look of the network topology to the other nodes. As an example, a spoofing attack allows the creation of loops in routing information collected by a node with the result of partitioning the network.

12

2.2.2 Passive Attacks: In passive attacks the attacker does not perturb the routing
protocol. Instead, it only eavesdrops on the routing traffic and tries to extract valuable information like node hierarchy and network topology from it. For example, if a route to a particular node is requested more frequently than to other nodes, the attacker might expect that the node is significant for the operation of the network, and disabling it could bring down the entire network. Likewise, even when it might not be possible to isolate the exact position of a node, one may be able to find out information about the network topology by analyzing the contents of routing packets. This attack is virtually impossible to detect in the wireless environment and hence also extremely difficult to prevent.

13

Chapter 3

Related Work
Security solutions proposed for addressing access control, authentication, and integrity and confidentiality services for Ad Hoc networks utilize the following techniques: symmetric-key cryptography, digital certificates, and threshold public-key cryptography, trust negotiation system, various authentication protocols and finally the cluster based security architectures. In this chapter, we present a survey of proposed security solutions which employ these technologies.

3.1 Symmetric-key based solutions

We categorized the existing symmetric-key based security schemes for Wireless LAN (local area networks) into two categories: (1) IEEE 802.11 related standards (2) Other symmetric-key based proposals.

3.1.1 IEEE 802.11 related standards

Wired Equivalent Privacy (WEP) protocol is perhaps the most widely known symmetric-key based wireless network security scheme. WEP is the security mechanism incorporated in IEEE 802.11 WLAN [1]. WEP utilizes a secret key k, shared by all the communicating peers to secure data traffic. When a node needs to send a message M to a network peer ni, it first compute a CRC-32 checksum on M, denoted as c (M). c (M) is then concatenated with M to give the plaintext P = hM; c(M)i. Next, a 24-bit initialization vector (IV) v is selected, and the RC4 stream cipher along with the secret key k and v are used to generate a key stream, denoted as RC4(v; k). Finally, the plaintext P is exclusiveor with RC4 (v; k) to produce the cipher text C = P RC4(v; k), which is transmitted along with v, to ni. To decrypt the cipher text C, the reverse operation is performed; that

14

is, the key stream RC4(v, k) is generated and the decrypted plaintext P ' is obtained by the following operation: P0 = (C RC4(v; k)). P ' is equal to P, since
P ' = C RC4(v; k) = (P RC4(v; k)) RC4(v; k) = P. The recipient can then verify the

checksum by splitting in P ' the form ( M ' , c' ) and check whether c( M ' ) matches the
received checksum c' .

Key Integrity Protocol (TKIP) and Counter Mode CBC-MAC Protocol (CCMP). A brief description of each is outlined below.

TKIP: was designed as a short term replacement for WEP. The overall encryption
process for TKIP is similar to that of WEP, but TKIP has the following enhancements. Employs a Message Integrity Code (MIC): Instead of utilizing a CRC checksum (which offers very little protection against adversarial modification) for integrity checks, TKIP employs a light weight MIC1 called Michael [2].Michael is a key hashing function which employs a 64-bit key to produce a 64-bit message digest for input data of any given length. Longer encryption key: TKIP, like WEP, uses the RC4 encryption algorithm. However, as opposed to WEP which accepts encryption keys of length as short as 40 bits, TKIP requires a 128-bit key. Frequent key change: TKIP stipulates that every packet must be encrypted with a new encryption key which has not been used previously. The per packet encryption keys are generated by a key mixing function which takes as input a base key, the node's MAC address and the packet sequence number, and outputs a 128-bit packet encryption key. The base key can be a pre-shared secret or an authentication key. Longer IV: TKIP requires a 48-bit IV: twice the length of that of a WEP IV. Optional key management provision: TKIP has two modes of authentication: preshared secrets or IEEE 802.1X [55] based authentication. 802.1X is an IEEE standard for port-based authentication, access control and key management. TKIP as the framework for utilizing 802.1X for authentication and key management.

15

CCMP: is IEEE long term security solution for wireless LAN. CCMP provides stronger
security than TKIP. It has the following features: Entails a strong cryptographic algorithm: CCMP utilizes AES [3] in Counter mode with CBC-MAC (CCM) mode. CCM mode involves two techniques: Counter mode (CTR mode) for confidentiality protection and Cipher Block Chaining Message Authentication Code for integrity protection. Consequently, the same 128-bit cryptographic key is used for confidentiality and integrity protection. No need for per-packet keys: The use of AES eliminated the need for frequent key changes. 48-bit IV: Like TKIP, CCMP employs a 48-bit IV to provide protection against replay. Optional key management provision: As is the case with TKIP, CCMP also has the framework to use 802.1X for key management.

3.1.2 Symmetric-key based proposals for Ad Hoc Networks

Stajano and Anderson [4] proposed the idea of using imprinting to set up secure association between the nodes in an ad hoc network. Imprinting is a biological phenomenon; the example used in [4] is a new-born , for example a duckling emerging from it's egg, recognizes as its mother the first moving object it sees that makes a sound, irrespective of what it looks like. The comparison is made with a device who will recognize as its owner the first entity that sends it a secret key. The authors further recommended that the medium of transfer of the secret keys between the two nodes will be the electrical contact during the imprinting phase.

Balfanz et al [5] proposed an extension of Stajano and Anderson "Duckling" model [4] that allows the exchange of secret cryptographic information via special location-limited side channels. The secret information can then be used to authenticate key exchange protocols utilize to set up session keys or other keying material for the wireless nodes.

16

The authors assert that the information transfer over the location-limited channel can be used instead of digital certificates for authentication.

3.2 Digital certificate based proposals

Symmetric-key cryptography has much lower computational overhead compared to other cryptographic technologies. The big drawback of symmetric-key cryptography is that key management can be quite tedious since the secret keys need to be exchanged over secure channels. Diffie and Hellman in their seminal [6] presented the concept of public-key cryptography which offers an effective solution to the key exchange problem associated with symmetric-key cryptography. Public-key cryptography, also commonly referred to as asymmetric-key cryptography, involves key pairs where the private key is kept secret and the associated public key is made public. The private keys are used for decrypting or signing data whereas the public keys are utilized for encrypting or verifying signatures. For example suppose that a sender wishes to send message to the receiver and also wants to know that whether that message has been modified or not then the sender send the message encrypted with the private key and attaches the public key with it. When the receiver receives the message it can verify the message by the decrypting it with the attached public key. If the verification fails then it is the evidence that message has been modified. Also there is possibility that the even the verification is a success, the receiver has no way to know that the message came from the sender which it claims to be because it is susceptible to impersonation attack since a malicious node can intercept the message changes it encrypt it with its own key and attaches its public key and sends it to receiver. When the receiver will receive the message it will verify the message which will succeed and it will believe that the message came from the right receiver.

As a solution to the possibility of impersonation attacks when public keys are exchanged, Diffie and Hellman introduced the idea of utilizing a central authority for storing public keys. If this concept in used for message sending between the sender and the receiver, when sender generates its key pair, it sends the public key to a Public File; when the receiver needs to verify the signature from sender or encrypt a message to send back to

17

the sender, the receiver can query the Public File to ascertain senders public key. The Public File Diffie and Hellman proposed needs to be universally available and is likely to be plagued with performance issue. In an effort to prevent the performance problem associated with the Public File, Loren Kohnfelder invented a construct he called certificate [7]. Kohnfelder defined a certificate as a digitally signed data record containing a name and a public key. Certificates by virtue of the fact that they are digitally signed, they can be held by non-trusted parties and pass around from person to person. This resolved the performance issue associated with the Public File, since this construct negates the need for all certificates to be stored in a central directory.

3.2.1 Certificate Types

There are four main types of digital certificates in use today: X.509, PGP, and SPKI/SDSI and Keynote certificates. We give a brief description of each type below.

X.509 Certificates

The X.509 standard [8] was developed by the International Telecommunication Union Telecommunication Standardization Sector (ITU-T). X.509 was originally designed to support X.500 directory which include the specification for Distinguish Name (DN). A DN is a hierarchical name which can be assigned by some central global naming authority; it was intended as a means for specifying a person or thing uniquely. The X.509 standard delineated digital certificates to bind DN of a person or a device to its public key. X.509 certificates utilize a hierarchical trust model. In this model, there is a root Certificate Authority (CA) which issues certificates to delegated CAs and the CAs in turn issue certificates to end users or other CAs. A certificate is verified if it has not expired or revoked and there is a valid certificate chain traceable back to the root CA. For example, if a CA CAi, delegated by a root CA CAR, issued a certificate to Bob, to verify Bob's certificate, one need to first ascertain that CAi's certificate is valid, and then verify that Bob's certificate has not expired or revoked and it was indeed issued by CAi. This

18

requires access to the public keys of CAi and CAR, and up-to-date certificate revocation information issued by CAi and CAR.

PGP Certificates

Pretty Good Privacy is an email and file encryption application created by Phil Zimmermann [9]. A PGP certificate differs from an X.509 certificate in two ways: A PGP certificate binds a keyholder common name and email address to a public key; whereas an X.509 certificate binds a DN (distinguish name) to a public key. A PGP certificate uses the web-of-trust model. In this trust model, there is no hierarchical structure. Certificates are issued and managed by end users; each end user is a CA in her own right. End users can also vouch for other users. For example, if Alice trusts Bob and Bob trusts Eve and issued a certificate to her, Bob can vouch for Eve and get Alice to sign Eve's certificate. Hence a certificate can have one or several signatures.

To verify a certificate, one need to ascertain that the certificate has not been revoked and send a certificate chain (associated with the given certificate) traceable to a user that she trusts. So for example, if Alice wishes to verify John's certificate, if Alice does not directly trust any of the signatories of John's certificate, his certificate nonetheless will be accepted if it has not been revoked and any of the signatories of John's certificate issued certificate to a user that Alice trusts, or the user issued certificate to another user who Alice trusts, and so on. In other words, John's certificate will be verified if it has not expired or revoked and there is a traceable certificate chain from his certificate to the certificate of a user who Alice trusts.

SPKI/SDSI Certificates

SPKI/SDSI is a trust management scheme comprising of two frameworks: Simple Public Key Infrastructure (SPKI) [10] andA Simple Distributed Security Infrastructure"

19

(SDSI) [11]. The SPKI/SDSI standard was developed by a IETF (Internet Engineering Task Force) work group as an alternative to X.509 and PGP certificates. The primary purpose of SPKI/SDSI certificates is authorization rather than authentication. SPKI/SDSI certificates bind either names or explicit authorizations to keys or other objects. As is the case for PGP certificates, SPKI/SDSI certificates can be issued by anyone; but unlike PGP certificates, deterministic certificate chains are used to verify the validity of SPKI/unencrypted SDSI certificates.

KeyNote Certificates

KeyNote [12] a trust management system which evolved from a framework called PolicyMaker [13]. KeyNote and SPKI/SDSI certificates are similar in that they bind authorization or names to keys, their emphasis is on authorization rather than authentication, and issuing of certificates is not restricted to hierarchical CAs. They differ in their mode of operation mainly in the fact that KeyNote certificates contain decision code that gives explicit yes or no answer regarding the validity of the certificates; whereas the validation mechanism for SPKI/SDSI certificates requires certificate chains as input.

3.2.2 Schemes with no preference for certificate type

The majority of the proposed MANET security schemes involving digital certificates work with any of the above certificates types. These proposals can be grouped in the following categories: 1. Certificate revocation is not addressed 2. Certificate revocation mechanism require access to on-line certificate authorities (CAs) 3. Certificate revocation mechanisms do no require access to on-line CAs.

We present a brief overview of a selection of these schemes below.

20

Proposals which do not address certificate revocation

Venkatraman and Agrawal [14] proposed an authentication scheme for ad hoc networks. This scheme relies on a cluster based architecture, where the network is partitioned into clusters: each cluster has an elected cluster head which maintains cluster membership information and acts as the certificate authority (CA) for its cluster. With regard to key distribution, the scheme stipulates that when a node joins a network, it is given a public and private system key pair. All the nodes in the network share this key pair. In Addition to the system key pair, each node gets a cluster key, generated by the cluster head and shared by all the nodes within a cluster. Cluster heads have all the above mentioned keys plus a unique public/private key pair which is used for exchanging session keys for communicating peers. The scheme relies on the assumption that all the nodes of a network mutually trust each other. This scheme does not address the issue of key revocation.

Eronen et al [15] proposed a trust model for ad hoc Jini services. Jini is a device which seeks to simplify the connection and sharing of network devices and services. When Jini is installed on a network device, it announces itself, provides information about the capabilities of the device and makes itself available for connections from other Jini enabled devices. The trust model Eronen et al proposed for securing Jini services uses digital certificates for authenticating Jini enabled devices and for authorizing access to Jini services. This scheme does not address certificate revocation.

Messerges et al [16] presented a security design for general multihop ad hoc Networks. The design employs both symmetric and asymmetric-key cryptography. Elliptic curve asymmetric-key cryptography is utilized to establish symmetric keys on communicating peers. The symmetric keys are in turn used with AES encryption algorithm for providing confidentiality and integrity services. This security design proposal does not address the issue of certificate revocation.

21

Keoh et al [17] proposed a policy-based security framework to facilitate the establishment, evolution and management of MANETs. In this framework, a MANET is considered as a community, where the community doctrine is a specification which clearly defines the role of the participants in the community and the rules or policy governing their behavior. The authors defined a set of principles as an information model comprising the tuples (R, P, S, TK), where R denotes the role type of the participating user in the community; P defines a set of policies regulating the behavior of the participants assigned to the roles; S defines the constraint of the community; TK denotes the public-keys of the credential issuer; and Sig is the signature of the credential issuer. The security framework uses certificates as the basis of a participant gaining access to a community. This framework does not address certificate revocation.

Proposals which require access to trusted third party

Morogan and Muftic [18] proposed a certificate management scheme for ad hoc networks. The scheme assumes that periodic access to on-line CAs is available such that information about revoked certificates can be ascertained from CAs. When on-line access to CAs is not available, the scheme stipulates that a node security policy determines whether certificates can be accepted.

Verma et al [19] presented a progressive authentication scheme. This scheme utilizes digital certificates as the basis for establishing partial trust, which can be elevated or decremented based on the behavior profile of the nodes involved. The scheme requires periodic access to on-line certificate authorities (CAs) to obtain certificate revocation information. The authors proposed two models to address certificate revocation for intervals when access to on-line CAs is not available. The trust model is the Probabilistic Model. In this model, a newly issued certificate has a trust value of 1 associated with it. A distrust value p (0 < p < 1) is subtracted from the trust value each time that revocation information needs to be ascertained and on-line access to CAs is unavailable. If the trust value of the certificate falls below a certain threshold, a node can refuse to accept the

22

certificate. When access to the CAs resumes, the trust value of certificates that have not been revoked will return to 1.

Proposal which does not require access to trusted third party

Candolin and Kari [20] presented a model for security architecture for ad hoc networks operating in hostile environments. The security architecture consists of a trust management framework which utilizes digital certificates as the basis of trust. The scheme allows the certificate of a node to be revoked if a single node declares that the node in question is compromised.

3.3 Threshold cryptography based solutions

The idea of (k; n) threshold scheme was introduced by Shamir in [21]. A (k; n) threshold scheme allows a secret, for example a certificate authority (CA) signing key Y , to be split into n shares such that for a certain threshold k < n, any k components can combine and generate a valid signature; whereas k-1 or fewer shares is unable to do so. Shamir threshold scheme is based on polynomial interpolation

Verifiable secret sharing

In Shamir's scheme, a misbehaving dealer can deal inconsistent shares. This concern can be addressed by veri_able secret sharing (VSS), introduced by Chor, Goldwasser, Micali and Awerbuch. VSS allows the recipients of shares to verify whether or not the shares are consistent. Feldman presented a practical verifiable secret sharing scheme [22]. Feldman (k,n) threshold VSS scheme.

Proactive secret sharing

Security of (k; n) threshold secret sharing scheme is based on the assumption that throughout the entire life of the secret, an adversary will be restricted to compromising less that k shares. This assumption may not be realistic for active, persistent, mobile

23

adversaries. Herzberg et al [23] proposed a proactive secret sharing scheme allowing shares to be renewed, such that knowledge of the old shares is useless for attacking the secret after the shares are renewed. With this scheme, in order to discover a secret, an attacker needs to compromise at least k out of n shares, within a configurable time period t , rather than having the entire life of the secret to carry out the exploit. The basic form of Herzberg et al scheme uses Shamir secret threshold sharing primitive. This provides protection against passive adversaries which are unable to disrupt the predetermined protocol.

Identity-based cryptography

Shamir [21] introduced the idea of identity-based cryptosystem. In this cryptographic scheme, there is no need to generate a public/private key pair and publish the public key; instead, a public key can be an arbitrary identity string such as an email address, IP address or any other identity info. For example suppose sender wishes to send receiver an encrypted message, the sender does not need the receivers public key certificate but the sender can encrypt the message with the receivers identity. When the receiver receives the senders message it contacts a trusted third party known as a Private Key Generator (PKG), provides proof of his identity and receives a private key which allows receiver to decrypt messages encrypted using its identity as the encryption key. An identity-based encryption scheme consists of four randomized algorithm:

Setup: generates system parameters and a master-key. The system parameters include a
description of the finite message space M and the ciphertext space C. These parameters can be publicly known but it is necessary that only the private key generator (PKG) knows the master-key.

Extract: uses the master-key to generate the private key corresponding to a public key
identity string.

Encrypt: encrypts messages using the public key identity string. Decrypt: decrypts messages using the corresponding private key.

24

3.3.1 Proposed security schemes involving threshold cryptography

A notable application of threshold secret sharing is threshold digital signatures. In a threshold digital signature scheme, a signing key is divided into n shares. Any k share holders can collaborate to compute a valid signature by combining the partial signatures each of the k participants generated. The partial signatures computed by applying the shares si to a message M are public values; and therefore they can be transmitted over insecure channels. Robust threshold digital signature schemes have been proposed for both RSA and discrete log based digital signature algorithms. The idea of utilizing threshold cryptography to distribute trust in ad hoc networks was proposed by Zhou and Haas in [24]. They had proposed a key management scheme for ad hoc networks using threshold cryptography and the public key paradigm. The scheme provides for distribution of parts of the secret key among some special ad hoc nodes designated as servers. An attacker has to break into a threshold number of servers in order to get access to the secret key of the service. To prevent progressive compromise of servers share refreshing is done periodically. The scheme requires prior communications and coordination between the nodes for setting up the service.

Kong et al [25] presented a self-initialization protocol for handling dynamic node membership, such that new nodes can be initialized by k neighbors, and in so doing, the new nodes are given shares of the CA signing key, so that they can participate in the process of issuing certificates. The protocol stipulates that in the bootstrapping phase of the network, each node ni is given valid certificate and the associated private key, along with a secret share Si of the CA signing key. Any given Si can be used in collaborate with k-11 other Si values to generate valid certificates. The protocol self-initialization scheme allows a node to compute a partial secret share of its Si value and transmit it to an uninitialized node, such that the uninitialized node j can compute its secret share Sj, provided it obtained k partial secret shares.

Luo et al [26] presented an extension of Kong et al work [25]. The proposal involves a framework for parallel share updates, and an improved certificate revocation mechanism.

25

The parallel share updates builds on Herzberg et al scheme [23]. However, unlike the latter, which requires each node to collect inputs from all the other nodes before its new share can be computed, the authors stipulated that firstly a coalition of k nodes update their shares using Herzberg et al methodology; and then the coalition of k nodes can update the shares of the remaining nodes utilizing the self-initialization scheme. This therefore allows parallelization, and consequently a more efficient share update process. The certificate revocation mechanism can be briefly described as follows: Each node ni maintains a certificate revocation list (CRL). An entry in the CRL consists of an accused node's ID and a list of the node's accusers. If a node's accuser list contains less than k legitimate accusers, the node is marked as "suspect". Otherwise, the node in question is considered by node ni to be misbehaving or compromised, and is marked as "convicted". A node can also designate a neighboring node nj as been "convicted" if by its observation ni deems nj to be misbehaving or compromised. In such case, ni broadcasts an accusation against nj. When a node ni receives an accusation against any given node, ni first checks if the accuser is a convicted node in its CRL; if it is, the accusation is discarded; otherwise, it updates its CRL with the relevant information. When a node is delineated as being convicted, it is removed from all accuser list. A convicted node is re-classified as being suspected if its number of accusers falls below k.

3.4 Trust Negotiation System

Asad Amir Pirzada and Chris Mcdonald[27] proposed a trust establishing mechanism in pure MANET's. The trust model is an adaptation of the trust model by Marsh (1994) configured for use in pure ad-hoc networks. Trust is basically the trust that one entity assigns another entity based upon all previous transactions in all situations. Utility is considered similar to knowledge so that an agent can weigh up the costs and benefits that a particular situation holds. Importance caters for the significance of a particular situation to the trust or based upon time. The utility and importance of a situation is merged into a single variable called weight, which in turn increases or decreases with time. The model uses the trust agents that reside on network nodes. Each agent operates independently and maintains its individual perspective of the trust hierarchy. An agent gathers data from

26

events in all states, filters it, assigns weights to each event and computes different trust levels based upon them. Each trust agent basically performs the following three functions: Trust Derivation, Quantification, and Computation.

3.5 Authentication Protocols

TESLA [28] is a broadcast authentication scheme that uses one way key chain and message authentication code (MAC). In TESLA a sender uses a key K from its key chain to compute MAC over a packet say P(i). A receiver cannot verify the packet immediately as the key is disclosed in the next packet P(i+1).

For example say the MAC of packet P(i) is computed with the key K from the chain. The receiver has the packet and MAC but the packet is not authenticated yet. Now when the next packet P(i+1) is sent with the key K+1 then the key K and MAC can be computed to be correct, and if the packet P(i) is guaranteed to be received first then the packet P(i+1), then packet P(i) is authenticated and is accepted.

LHAP [28] is based on two techniques: (i) lightweight packet authentication and (ii) lightweight trust management. LHAP employs a packet authentication technique based on the use of one-way hash chains. Secondly, LHAP uses TESLA to reduce the number of public key operations for bootstrapping trust between nodes, and also use TESLA for maintaining the trust between nodes. In LHAP every node generates a one way key chain used to authenticate traffic to the neighbor. This key chain is referred as TRAFFIC key. Every neighbor of a node gets a TRAFFIC key when it first establishes trust relationship with the node. The authenticity of the packet by neighboring nodes is done by verifying TRAFFIC key. HAP uses TESLA for trust bootstrapping. In LHAP every node uses digital signature to bootstrap a TESLA key chain and then TESLA keys are used to provide authenticated TRAFFIC keys

27

3.6 Cluster Based Security Architectures

Keun-Ho Lee and Sang-BumHan[29] describes a secure cluster-routing protocol based on a multilayer scheme in ad hoc networks. The work provides scalable, threshold authentication scheme in ad hoc networks. The proposed protocol designs an end-to-end authentication protocol that relies on mutual trust between nodes in other clusters. The strategy takes advantage of a multilayer architecture that is designed for an authentication protocol in a cluster head (CH) using a new concept of control cluster head (CCH) scheme. We propose an authentication protocol that uses certificates containing an asymmetric key and a multilayer architecture so that the CCH is achieved using the threshold scheme, thereby reducing the computational overhead. It also uses a more extensive area, such as a CCH, using an identification protocol to build a highly secure, highly available authentication service, which forms the core of our security framework.

Jason H. Li, Renato Levy, Miao Yu and Bobby Bhattacharjee[30]describes a scalable key management and clustering scheme for secure group communications in MANETs. The cluster approach used is Distributed and Efficient Clustering Approach (DECA).DECA is energy efficient and resilient against node mobility. The scalability problem is solved by partitioning the communicating devices into subgroups, with a leader in each subgroup, and further organizing the subgroups into hierarchies. Each level of the hierarchy is called a tier or layer. Key generation, distribution, and actual data transmissions follow the hierarchy. Communications are generally restricted within a subgroup at a tier.

M.Bechler[31] provides other security architecture based upon clustering. A network wide distributed certification infrastructure forms a basis for securing end-to-end communication by public key cryptography. Every node participating in the network holds a self-generated key pair. Public keys are distributed in the ad hoc network using certificates issued by a trustworthy CA.the role of the distributed CA is assigned to the cluster heads of the network. Intra cluster communication is based upon symmetric key that is known to cluster nodes. A new node joining in the network can only have access rights when its public key is being signed by the cluster head.

28

Chapter 4

Proposed Cluster Based Security Concept for Mobile Ad Hoc Network

The security concept described in this section is designed to provide the building platform for the Ad Hoc network from scratch i.e at the time when there are no nodes in the network. After the initialization of the network the MANET is partitioned in clusters based upon clustering approach providing intra cluster and inter cluster security. Then the node authorization, key exchange in the cluster, log on procedure for the new node. Then finally the scheme addresses the gateway selection and access control to the various services.

The design is scalable to any number of nodes. The design also support open networks, allowing new nodes to join without a-priori knowledge and it reacts quickly to dynamic changes. The design provides level of security to the network either while the communication takes place or even at the time when to authenticate a new node.

4.1 Initialization of the Network

The establishment of the network starts from the scratch i.e at the time when there are no nodes in the network. Suppose that a node joins in the network and tries to establish a network. Now the other node joins in which is in the radio range of the existing node. At this time there are two nodes in the network but both of them are not authentic and they have to authenticate each other for the further operations.

In order to make the concept we have assumed that a authorized node has a cryptographically secure hash function H(). The function is like [TESLA] which is being used to generate keys chains for communication between the two nodes. The basis for the hash function is that it is possible to calculate in forward direction but impossible to calculate in backward direction.

29

Both the nodes (say N1 and N2) compute the public-private key pair and transfer their public keys to the each other. Now one of the nodes N1 generates a key say K(n) on which the nodes have to compute hash. N1 sends the K(n) encrypted with public key of N2 to N2. N2 decrypts the K(n) computes hash H(K(n))=K(n-1) encrypts it public key of N1 and send back to N1.N1 itself computes H(K(n))=K(n-1) decrypts the message from N2 and checks whether K(n-1) computed by N2 matches the K(n-1) computed by itself. If it matches the N2 is authenticated. Now N1 computes the hash H(K(n-1)=K(n-2) sends the K(n-2) encrypted with public key of N2 to N2. N2 decrypts the K(n-2) .N2 itself computes H(K(n-1))=K(n-2) and checks whether K(n-2) computed by N1 matches the K(n-2) computed by itself. If it matches the N1 is also authenticated. This way the network is being initialized by the authenticated nodes.

Figure 4.1 showing the various phases of the node authentication to each other at the
initialization of the network.

4.2 Clustering
After the network initialization the cluster formation takes place. Clustering approach is used because clustered architectures can encounter more nodes, are easily manageable and are considered to be more secure than other architectures.

30

The clustering approach used is variant of Associativity Based Clustering[32]. Cluster formation takes place using the spatial temporal stability and main goal is that cluster is stable for a long time. CH is selected on the basis that of maximum associativity and satisfies minimum connectivity. Associativity is defined as the property of the node as from how many number of nodes it can hear from. The cluster formation has three phases neighbor acquisition, cluster control claim and cluster head assertion.

Neighbor acquisition phase is that in which a node determines the total number of immediate neighbors from it can hear. For a node to determine the number of neighbors, it has to initiate a neighbor acquisition packet and transmits. The node which can hear the packet replies back with the neighbor acknowledge packet.

Cluster control claim packet is being used by the nodes for the election of the CH. It is being initiated by a node which has lowest waiting time. This packet contains route, initiator id and hop count. Every time this packet is forwarded to any node it appends its own id, number of neighbors and total sum of nodes at that point and replies back to the initiator. This packet is being forwarded to other neighbor nodes if hop count is greater than zero. The CH is chosen whose sum of neighbors for its maximum hop count is greater than any other node.

Once the cluster head is chosen it has to inform all the nodes that lies in the cluster. The CH sends the cluster head beacon containing its id, maximum possible hop count, the cluster head public key and the other relevant information.

31

Figure 4.2 showing the clustering method, neighbor acquisition and the gateways to the
other cluster.

If a node hears the CHB of its cluster and also of some other cluster than it becomes gateway between these clusters and if it hears the CHB of both again before some specified time then it becomes the gateway b/w two CH's . If there is no other gateway than node becomes the gateway and if some gateway exists than it checks the table with hop count and selects with the low hop count as the gateway.

4.3 Intra Cluster Security

Traditional symmetric key mechanism is not used as it is a security breach as it is easy for every node to decrypt the ongoing messages which are not intended to it. Intra cluster security measures are built upon the asymmetric key of every node. Every node generates a public-private key pair. The public key of each node within the cluster resides with CH. Any node which wants to communicate with some other node has to first get the public key of that node encrypted by the public key of the node which wants to communicate.

4.4 Node Status and Authorization

The scheme restricts new node joining to start its own cluster. It has to first join some existing cluster and prove its authenticity in the cluster and also checks that existing cluster is authentic.

32

Any node that joins an initial cluster has the initial status of the guest with practically no access rights. The node has to develop the trust relationship with the nodes of the cluster which will give the warranty certificates to the new node. After getting certain number of warranty certificates node collects the node becomes authentic and can have access rights to the network resources.

4.5 Key Distribution and Key Refreshment

The public key of the CH network is known to all the cluster nodes. It is being propagated to all the cluster nodes by the cluster head beacon which is broadcasted periodically in every cluster. The CH beacon contains CH's public key, list of nodes present in the cluster with their status and a list of gateways connecting to the adjacent clusters.

Figure 4.3 shows the mechanism through which the cluster head sends the information to
the cluster nodes and also the transfer of the cluster head key

33

4.6 Log on Procedure

Any new node joining in the network has to first join a cluster as a guest. For this new node looks for CHB which is being transmitted by the CH periodically. After finding a suitable cluster it sends the log on request to the CH. The CH updates the CHB with the parameters like status, number of warranty certificates of the new node and broadcasts the CHB. The new node needs warranty certificates to authenticate itself to the network. Such certificates are issued by the full members of the cluster because the are considered being authentic and are granted the privilege of granting the privilege of giving warranty certificates.

Figure 4.4 shows the procedure of a new node to become a full member in a cluster

4.7 Routing Mechanism 4.7.1 Intra Cluster Routing

There are two types of nodes which can exist in the cluster 1. Full Members 2. Guest Nodes

In intra cluster routing only full members can participate in the process for communication between two nodes. The CH maintains the routing table information and continuously checks for the status of the cluster nodes and updates the routing tables. For 34

communicating nodes they have to get the public keys of each other and the shortest route to the node. The CH encrypts the public key of one by public key of other and vice versa with route length and route to the nodes. In this way the communication becomes secure and even intermediate nodes cannot know the communication contents.

4.7.2 Inter Cluster Routing

Inter cluster routing must be reactive. Only the full members in the clusters can be used for inter cluster routing. The gateways are used to authenticate the adjacent cluster and check the status of adjacent nodes. The gateways gets the public keys of communicating nodes and then transfer the keys to one another by encrypting one's key with other and vice versa.

4.8 Gateways
Gateways selection can be either reactive or proactive given on the conditions. But again priority to act as a gateway again goes to that node that is a full member of a cluster. Any node N that gets into the contact with the other node can act as a gateway. This means that either it hears CHB of both the clusters while being a full member of one cluster. If a gateway is full member in one cluster than it authenticate itself to the foreign cluster and also the authenticity of foreign cluster. A gateway notifies both its CH and the CH in the discovered cluster about the contact. The address of the new CH can be requested from the foreign node the gateway first got in contact to. In turn, both CHs send the information about the new gateway in their CH beacons, and the new gateway itself starts to transmit GW beacons containing its public key and its status in the corresponding clusters (guest node or full member, possession of a GwAutCert). If the discovered cluster was not associated with the network previously, the gateway will initially be a guest node there although it is a full member in its original network.

35

Figure 4.5 shows the mechanism how the gateways selection takes place

4.9 Delegation of Cluster Heads

If a node is no longer able to act as a CH, it delegates this role to another trusted node within the cluster. This avoids an expensive re-configuration of the cluster and possibly of the whole network. If a CH is looking for a successor, it queries for a node that will continue the CH functionality further on. Once a trustworthy successor is determined, the old CH securely migrates its state to the successor and sends a signed broadcast message containing the new CHs identity, so all nodes in the cluster are able to adapt themselves to the new CH and to its CH beacons they will receive. Nodes that do not receive this broadcast message will consider the CH beacons they receive after the change as foreign. However, they are still full members as their network certificates are still valid.

4.10 Access Control

Access to services and resources can be controlled using authorization certificates. Entities that are responsible for controlling access to a particular service or resource, or the service provider or owner of the resource itself, can give authorization certificates to

36

the users they wish to admit. These certificates include the public key of the subject and some authorization information. Nodes may pass those rights transitively to other nodes if they also hold a permission for doing so.

4.11 Adaptable Communication Complexity

Different types of communication techniques can be used for intra and inter cluster communication. The nodes can directly use the public key of the other node to encrypt the data and the other node can decrypt using its own private key. The other method in which a key K(n) is transferred to other node encrypted by the public key of the other node. Now both the nodes can calculate K(n-1),K(n-2)..........K(1). Now the sending node can continuously encrypt data with K(n-1),K(n-2)..........K(1) and on the receiving side it is simultaneously decrypted by K(n-1),K(n-2)..........K(1). This is more secure as it is more difficult for a malicious node to drop some packets because the continuity of the decryption at receiver side will be broken and the presence of some ongoing attack is detected.

37

Chapter 5

Man in Middle Attack and Solution 5.1 Man in Middle Attack

The major attack on the mechanism is the main in the middle attack. The attack could be on the routing mechanism that is being followed for communication between the two nodes. A node can be compromised at any time in the network which can also be full member in the network. Suppose that when the two nodes are communicating to each other they had to follow the route which is of shortest length to the destination and in the route lies the malicious node. The attack by a malicious node is possible in two ways: 1. The transfer of keys take place when the communication is needed b/w two nodes. So while transferring of public keys to each other. The middle node can impersonate the nodes by transferring its own public key to the nodes and can disclose the contents of communication which are not meant for it.

2. Second possibility is that the malicious nodes in the middle can disrupts the whole communication either in the start of the communication or in the middle of communication. Firstly node has to initialize the communication by sending the initialization request to the receiver which can be interrupted by the malicious node. Secondly while the communication starts then the malicious node can drop the packets and sender has no way to know that whether the packets are received or not.

38

Figure 5.1 shows the shortest path by dark lines from source to destination

5.2 Solution
In the routing mechanism used the route taken to receiving node is shortest path and malicious node resides in the route. The scheme is as that each node must find alternate path to the destination node which is not the shortest path. The solution to the problem works in two phases: 1. Finding the shortest route to the destination 2. Finding the alternative path that does not involve any of the nodes that lies on the way to shortest path. After that getting the acknowledgement from that path about the ongoing communication.

Algorithm to Find Alternate Path

1. Establish a network for any number of nodes.

39

2. Generate an NN matrix and initialize all the elements of matrix with 0. 3. Calculate the distance from one node to all other nodes and store in an NN matrix. 4. Give the range of the network node and set all other elements that are outside the range to 0. 5. for (i=0;i<n;i++) { for (j=0;j<n;j++) { If j is neighbor of i Neighborarray[i][j]=1; } } 6. Find the shortest path from source to destination. 7. Initialize the source node and put it in another array. Name the array as array[]. 8. Search the neighbor list and pick a random node from the list and put that node in the array. 9. Compare the random node with all the elements of the shortest path array. If the array[top] element matches with any of the elements in the list then Array[top]=0 Top=top-1 Make the entry corresponding to that node in neighbor array as 0 Goto step 5

10. Compare the neighbor list of the generated node with all the element of array. If all the neighbor matches { Array[top]=0 Top=top-1 Make the entry corresponding to that node in neighbor array as 0

40

Goto step 5 } Else Pick a random node from the list and put it in the array 11. if array[top]=destination then return route and exit else Goto step 5

Figure 5.2 shows the possible alternative paths that can be traversed to reach the
destination.

Shortest Path Algorithm

1. Input to the algorithm is the NN matrix that is the distance matrix generated at the start of the algorithm.

41

2. Define an array that will store the distance and a matrix that will store the whole route. 3. Generate the neighbor list for the source node and put in the matrix 4. Starting from the first neighbor generate the next neighbor. 5. Check if that neighbor already exist in the list if yes than it is a loopback and goto step5 6. Generate the route from all the neighbors for the destination and continue on that path. 7. Generate the route to destination from all neighbors where ever possible. 8. Compare the route length generated by all the possible routes. Compare all the routes in the distance matrix and choose the path to destination which has the lowest path length. 9. If there is no route possible to destination then print not found and exit else print the path which has lowest path length.

The shortest path algorithm is the basis for finding out the alternative path. The output path that is being generated after running the shortest path algorithm is being passed to the alternate path algorithm that generates the alternative path.

42

Chapter 6

Simulation Strategy and Analysis 6.1 Simulation Strategy: The simulation of finding the alternative path algorithm is
being done C++. The simulation area for this is125m90m. The range which must be entered for x and y coordinates are 125 and 90 because it is being multiplied by 5 to cover the whole simulation area. The simulation strategy is: The simulation is being done for the maximum of 50 nodes. The simulation is being done in C++. A class node is being defined which has the private parameters x and y. These parameters x and y will be used to define the position of the node in the simulation area. There is another parameter id which will be used as the identity for a particular node and the id will be unique for every node. The class functions are defined in the public domain used to access the private members. The first function getdata is used to get the position of each node in the simulation area (total number of nodes is being defined in the main and the function getdata will run for the number of nodes. The other function cal_distance is used to get the distance from all nodes to all other nodes in the network and stores the results in the matrix.

The distance matrix that is being updated to generate the distance matrix only for
the neighbors according to the range of the nodes in the network.

Draw function is being used draw the circles at the coordinates and the connect
function is being used to draw the lines to establish the network according to the neighbor table that also stores the distance to the neighbors.

The requirement of algorithm to find the alternative path is to find first the
shortest path from source to destination. For this a structure is being defined to store the shortest distance and an array to store the shortest route.

43

 The shortest path function is being used to find the shortest path based on the
algorithm that traverses all paths from source to destination and then chooses that route that is the shortest.

The route generated by the shortest path is being passed to the alternative path
algorithm to find the alternative path.

Check functions is being used to check if their exist neighbor to a particular node. Compare function is used to check the random node that is being selected to exist
in the shortest path.

Compare_n function is used to check the neighbor list with the existing route to
check for the loopback.

Isexist is the function used to check the random node that is being selected to
check with the existing path for the loopback condition.

Finally the alternate path with the total distance is being returned if it exists. 6.2 Analysis:
Time complexity: There are two algorithms used in the procedure. The first algorithm is
to find the shortest path from source to destination. For n number of nodes in the network the running time for the algorithm O(n). For the second algorithm which is to find the alternate path algorithm the running time is also O(n)

Properties: The two properties which are very important are:

The alternative path algorithm gives a total alternative path i.e there is no node in the alternative path that lies in the shortest path. The algorithm that is developed gives an alternative that does not have any loopbacks.

Utilities: The two algorithms are used to secure the network from the man in middle
attack. The shortest path algorithm is first used for the input to the alternate path algorithm. The same algorithm can be used to find the shortest path in the general case 44

for any network. Secondly the algorithm is scalable to any number of nodes and any network topology providing a wider usefulness to it. The algorithm used traverses all nodes to find the destination from the single source traversing all possible paths. This could be extended to find shortest path from each node to the destination. The second algorithm which is alternative path algorithm is used to find an alternative path to a given shortest path. Firstly the algorithm can be effectively used to get the acknowledgement of the ongoing communication from the destination through that alternative path. Secondly in case of Ad Hoc networks there is continuous mobility of node and there is possibility that the node laying in the shortest path can move and then that route is no longer valid. So there is need to find the alternative path immediately to continue the ongoing process. Thirdly in case of the more congestion being found on the shortest route the algorithm can be used to find alternative route through which the packets can be routed to control the congestion.

45

Chapter 7

Results and Discussion

The algorithm that is used gives the output for every case. The various cases which are possible and their outputs are being shown.

7.1 An example where shortest path exist showing the shortest path and its distance, alternate path its distance and time to find the source and destination for shortest and alternate paths

Enter number of nodes<MAX 50>:5 Enter x-cordinate for ID 1:35 Enter y-cordinate for ID 1:34 Enter x-cordinate for ID 2:45 Enter y-cordinate for ID 2:23 Enter x-cordinate for ID 3:34 Enter y-cordinate for ID 3:44 Enter x-cordinate for ID 4:45 Enter y-cordinate for ID 4:23 Enter x-cordinate for ID 5:12 Enter y-cordinate for ID 5:45

Distance Matrix 0 14.87 10.05 14.87 14.87 0 23.71 25.5

0 39.66

10.05 23.71 14.87

0 23.71 22.02 0 39.66 0

0 23.71

25.5 39.66 22.02 39.66 Enter range: 24

46

Neighbour Matrix 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 1 0

Fig 7.1 shows the topology that is being generated

Source: 2 destination: 1 Shortest path: 2 1

Path length: 14.87 m Time delay for shortest path: 3.49 sec

Distance Matrix 0.00 14.87 10.05 14.87 25.50 14.87 0.00 23.71 0.00 39.66

10.05 23.71 14.87

0.00 23.71 22.02 0.00 39.66 0.00

0.00 23.71

25.50 39.66 22.02 39.66

Alternate path: 2

Alternate path length: 33.76 m Time delay for alternate path: 7.38 sec

47

7.2 An example where shortest path exist but alternative path does not exist Enter number of nodes<MAX 50>:5 Enter x-cordinate for ID 1:12 Enter y-cordinate for ID 1:23 Enter x-cordinate for ID 2:34 Enter y-cordinate for ID 2:45 Enter x-cordinate for ID 3:56 Enter y-cordinate for ID 3:65 Enter x-cordinate for ID 4:45 Enter y-cordinate for ID 4:56 Enter x-cordinate for ID 5:4 Enter y-cordinate for ID 5:67 Distance Matrix 0 31.11 60.83 46.67 44.72 31.11 0 29.73 15.56 37.2

60.83 29.73

0 14.21 52.04 0 42.45 0

46.67 15.56 14.21 44.72

37.2 52.04 42.45

Enter range: 32 Neighbour Matrix 1 1 0 0 1 1 1 1 0 1 1 1 0 1 1 1 0 0 0 0

48

Figure 7.2 shows the topology formed

Source: 2 destination: 1 Shortest path: 2 1

Path length: 31.11 m Time delay for shortest path: 5.11 sec Distance Matrix 0.00 31.11 60.83 46.67 44.72 31.11 0.00 29.73 15.56 37.20 0.00 14.21 52.04 0.00 42.45 0.00

60.83 29.73

46.67 15.56 14.21

44.72 37.20 52.04 42.45 Alternative path does not exist

7.3 An example where shortest path does not exist i.e there is no existing path from source to destination Enter number of nodes<MAX 50>:7 Enter x-cordinate for ID 1:2 Enter y-cordinate for ID 1:2 Enter x-cordinate for ID 2:34 Enter y-cordinate for ID 2:35 Enter x-cordinate for ID 3:23

49

Enter y-cordinate for ID 3:34 Enter x-cordinate for ID 4:72 Enter y-cordinate for ID 4:25 Enter x-cordinate for ID 5:76 Enter y-cordinate for ID 5:76 Enter x-cordinate for ID 6:1 Enter y-cordinate for ID 6:23 Enter x-cordinate for ID 7:2 Enter y-cordinate for ID 7:24

Distance Matrix 0 45.97 38.28 73.68 104.65 21.02 45.97 22

0 11.05 39.29 58.69 35.11 33.84 0 49.82 67.62 24.6 23.26

38.28 11.05

73.68 39.29 49.82

0 51.16 71.03 70.01 0 91.84 90.44 0 1.41 1.41 0

104.65 58.69 67.62 51.16 21.02 35.11

24.6 71.03 91.84

22 33.84 23.26 70.01 90.44 Enter range: 40 Neighbour Matrix 1 0 1 0 0 1 1 0 1 1 1 0 1 1 1 1 1 0 0 1 1 0 1 0 1 0 0 0 0 0 0 0 1 0 0 1 1 1 0 0 1 1 1 1 1 0 0 1 1

50

Fig 7.3 shows the topology being generated

Source 4 Destination 5 Shortest Route Not Found

Simulation results for 6 nodes

Number of nodes: 6 X-cordinate for ID 1:4 Y-cordinate for ID 1:2 X-cordinate for ID 2:45 Y-cordinate for ID 2:34 X-cordinate for ID 3:14 Y-cordinate for ID 3:34 X-cordinate for ID 4:12 Y-cordinate for ID 4:3 X-cordinate for ID 5:36 Y-cordinate for ID 5:56 X-cordinate for ID 6:22 X-cordinate for ID 6:34

51

Range: 45 Source: 5 destination: 3 Shortest path: 5 3

Path length: 31.11 m Time delay for shortest path: 5.11 sec

Alternate path: 5

Alternate path length: 54.77 m Time delay for alternate path: 9.48 sec

Simulation results for 10 nodes

Source: 6 destination: 5 Shortest path: 6 5

Path length: 44.05 m Time delay for shortest path: 6.40 sec Range: 50 Distance Matrix 0.00 47.41 7.62 50.00 10.82 53.60 58.31 67.05 80.53 53.94

47.41

0.00 48.60

8.25 43.28 31.95 12.00 47.41 33.24 33.84

7.62 48.60

0.00 52.33

6.08 50.01 58.67 73.01 81.12 50.09

50.00

8.25 52.33

0.00 47.51 40.16 16.12 39.45 33.24 42.06

10.82 43.28

6.08 47.51

0.00 44.05 53.00 70.86 75.47 44.18

53.60 31.95 50.01 40.16 44.05

0.00 30.02 79.20 46.52

2.00

58.31 12.00 58.67 16.12 53.00 30.02

0.00 54.04 22.47 32.02

52

67.05 47.41 73.01 39.45 70.86 79.20 54.04

0.00 60.90 81.02

80.53 33.24 81.12 33.24 75.47 46.52 22.47 60.90

0.00 48.33

53.94 33.84 50.09 42.06 44.18

2.00 32.02 81.02 48.33

0.00

Alternate path: 6

Alternate path length: 109.84 m Time delay for alternate path: 20.98 sec

Simulation results for 15 nodes

Source: 9 destination: 11 Shortest path: 9 Path length: 43.1 m Time delay for shortest path: 6.31 sec Alternate path: 9 5 1 2 11 11

Alternate path length: 151.25 m Time delay for alternate path: 23.12 sec

Simulation for 20 nodes

Shortest path: 13 Path length: 54.49 m Time delay for shortest path: 7.45 sec Alternate path: 13 19 14 10 7 4 9 2 18 8 1 3 3

Alternate path length: 392.83 m Time delay for alternate path: 61.28 sec

53

No. of Nodes 5 6 10 15 20

Shortest Distance 14.87m 31.11m 44.05m 43.1m 54.49m

Time Delay 3.49sec 5.11sec 6.40sec 6.31sec 7.45sec

Alt. Distance 33.76m 54.77m 109.84m 151.25m 392.13m

Alt. Time Delay 7.38sec 9.48sec 20.98sec 23.12sec 61.28sec

Table7.1 shows the various simulation results

The results for the various topologies are being summarized in the table. The results are being shown upto 20 nodes with each result having the different topology and different source and destination. The time delay at each node is same i.e 2 seconds. The results shown that there is no pattern followed between any of the parameters. That proves that while finding the alternative path to the destination the algorithm will find an alternative of any length. The length varies from the second shortest to the longest length without any loopbacks in it. This is very good security feature of the algorithm. Consider a case when there is malicious node on the path to destination and also the malicious node knows that there is alternative path algo running as a security feature. If the malicious tries to find the alternate route, it would be almost impossible to find that which alternate path will be chosen. So malicious node will be detected as soon as possible depending upon the path length and time delay.

54

Chapter 8 Conclusion and Future Work

In the thesis we have considered several security requirements for an Ad Hoc networks. We have developed a security architecture that will provide the node authentication at every level where there could be a possibility for a malicious node to be a part of the network. The scheme is based on the clustered architecture which provides these node authentication strategies in the network. Also the thesis covers the aspect of the initialization of the network from the scratch providing a very secure mechanism only for the authorized nodes to be the part of the network. The thesis provides a combination of two encrypting methods for communication, making it more secure from the malicious nodes to decrypt the messages.

In chapter 5 we have given the attack possibility in the network, which is man in middle attack. This attack covers the aspect of an authorized node to become a malicious node and disrupts the ongoing process. So an alternative path algorithm is given to detect this type of attack and the simulation of the algorithm is done. The results of the algorithm shows that the alternative path does not shows any pattern in finding the alternative path providing no way for the malicious node to find the alternative route. This way the malicious node is detected and is excluded from the network.

As the method proposes a mechanism to deal with the initialization of the network from the scratch but still this is a field in which not much work has been done till now. Also this scheme defends man in middle attack which is possible in the network. So the future work can also be done to lessen the possibility of attack. The mechanism works on the basis that public keys are being transferred to the nodes at the initialization of the network and also to the cluster head at the formation of the cluster. So a scheme must be developed to transfer the public keys from one node to other and to the cluster head when the clusters are formed.

55

References
[1] IEEE-SA Standards Board. IEEE Std 802.11b, 1999. [2]N. Ferguson. Michael: An improved MIC for 802.11 WEP. [3] National Institute of Standards and Technology.: Advanced Encryption Standard (AES), November 2001. [4]F. Stajano and R. J. Anderson. The resurrecting duckling: Security issues for Ad Hoc wireless networks, April 2000 [5]D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong. Talking to strangers: Authentication in ad-hoc wireless networks, February 2002. [6]W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory. [7] L. Kohnfelder. Towards a practical public-key cryptosystem. MIT Bachelor of Engineering Thesis in Electrical Engineering May 1978. [8]International Telecommunication Union (ITU). Information technology open systems interconnection the directory: authentication framework, August 1997 [9]P. Zimmermann. The Official PGP User's Guide. MIT Press, 1995. [10] C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen.SPKI certificate theory, September 1999. [11]R. L. Rivest. SDSI A simple distributed security infrastructure. October 1996 [12]M. Blaze, J. Feigenbaum, J.Ioannidis, and A. Keromytis. The keynote trust management system September 1999. [13]M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management May 1996. [14] L. Venkatraman and D. P. Agrawal. A novel authentication scheme for ad hoc networks, 2000. [15]P. Eronen, C. Gehrmann, and P. Nikander. Securing ad hoc jini services, October 2000. [16] T. S. Messerges, J. Cukier, T. A. M. Kevenaar, L. Puhl, R. Struik, and E. Callaway. A security design for a general purpose, self-organizing, multihop ad hoc wireless network October 2003.

56

[17]S. L. Keoh and E. Lupu. Peer trust in mobile ad-hoc communities, June 2004. [18] M. C. Morogan and S. Muftic. Certificate management in ad hoc networks, 2003. [19] R. R. S. Verma, D. O'Mahony, and H. Tewari. Progressive authentication in ad hoc networks February 2004. [20] C. Candolin and H. Kari.Security architecture for wireless ad hoc networks, October 2002. [21] A. Shamir. How to share a secret. Communications November 1979. [22] P. Feldman.A practical scheme for non-interactive verifiable secret sharing. October 1987. [23] A. Herzberg, S. Jarecki, H. Krawczyk, and M. Yung. Proactive secret sharing: How to cope with perpetual leakage. August 1995. [24] L. Zhou and Z. J. Haas. Securing ad hoc networks. IEEE Network Magazine, November/December 1999. [25] J. Kong, P. Zerfos, H. Luo, S. Lu, and L. Zhang. Providing robust and ubiquitous security support for mobile ad hoc networks, November 2001. [26] H. Luo, P. Zerfos, J. Kong, S. Lu, and L. Zhang. Self-securing ad hoc wireless networks, 2002. [27] Asad Amir Pirzada and Chris McDonald "Establishing Trust In Pure Ad-hoc Networks" School of Computer Science and Software Engineering, The University of Western Australia. [28] Sencun Zhu, Shouhuai Xu, Sanjeev Setia, Sushil Jajodia."LHAP: A Lightweight Network Access Control Protocol for Ad-Hoc Networks"Department of Computer Science and Engineering,The Pennsylvania State University, University Park, PA 16802 [29] Keun-Ho Lee and Sang-BumHan"Authentication Based on Multilayer Clustering in Ad Hoc Networks".Department of Computer Science and Engineering, Korea University. [30] Jason H. Li and Renato Levy, Miao Yu and Bobby Bhattacharjee"A Scalable Key Management and Clustering Scheme for Ad Hoc Networks" [31] M.Bechler,L. Wolf "A Cluster-Based Security Architecture for Ad Hoc Networks"Institut fr Betriebssysteme und Rechnerverbund, TU Traunschweig,Germany

57

[32]. Arvind Ramalingam, Sundarpremkumar Subramani, and Karthik Perumalsamy "Associativity based cluster formation and cluster management in ad hoc networks" School of Computer science and Engineering,Anna University,Chennai, India.

58