Directional Flooding With Asymmetric Cryptography For Securing Manet

Prof. Milon Kumar Dholey Dept: M. Tech. (Computer System Technology) (Dr. B. C. Roy Engineering College, Durgapur) Durgapur (West Bengal), India E:Mail: rad.mymail@gmail.com

Rajesh Ranjan Das (Student) Dept: M. Tech. (Computer System Technology) (Dr. B. C. Roy Engineering College, Durgapur) Durgapur (West Bengal), India E:Mail: rad.mymail@gmail.com

Abstract: Major Security Goals in MANET has been addressed with use of Location Aided Routing and Asymmetric Cryptography. It evaluates use of GPS based Location Aided Routing and asymmetric cryptography to propose a Routing Protocol which address security issues. The proposed method surveys and uses the existing works on related fields to propose a Routing method which does not uses Routing Tables, but uses cryptography and GPS to find the desired node. Keywords: Security in MANET, GPS, Location Aided Routing

Section 2-. Security issues in MANET Section 3- Security Goals of MANET Section 4-. Layers in MANET Section 5- Routing Protocols used in MANET Section 6. Public key cryptography in MANET 2. SECURITY ISSUES IN MANET [2] As already mentioned the mobile ad hoc networks are vulnerable to security problems than the wired networks, in this section various vulnerabilities are explored.

1.

INTRODUCTION

Mobile Ad hoc Networks (MANET) are the wireless networks of mobile computing devices without any support of a fixed infrastructure. The mobile nodes in a MANET self organize together in some arbitrary fashion. These networks can be applied between persons or between vehicles in areas which are depleted of fixed infrastructure. These areas could be military battlefield or some flood or earthquake affected areas. Two nodes can directly communicate with each other if they are within the radio range. If the nodes are not within the radio range they can communicate with each other using multichip routing.

2.1 No pre defined Boundary

In mobile ad hoc networks we cannot precisely define a physical boundary of the network. The nodes work in a nomadic environment where they are allowed to join and leave the wireless network. As soon as an adversary comes in the radio range of a node it will be able to communicate with that node. The attacks include eavesdropping impersonation; tampering, replay and Denial of Service (DoS) attack .

2.2 Adversary inside the Network

1.1 Mobile Adhoc Networks features:

1. The wireless link between the nodes is highly vulnerable. This is because nodes can continuously move causing the frequent breakage of the link. The power available for transmission is also strictly limited. 2. The topology of the network is highly dynamic due to the continuous breakage and establishment of wireless link. Nodes continuously move into and out of the radio range. This gives rise to the change in routing information. 3. These is a bandwidth constraint in this wireless networks. 4. MANETS need energy - efficient operation because all the nodes depend on battery power which is highly limited. These features indicate need of a more secure operation in the MANET. Current routing protocols do not focus much on the security aspects. Mobile ad hoc networks are more vulnerable to security threats as compared to traditional wired network. In this paper security issues are explored. A proposal to address security issue is presented which not only covers security concerns but also other limitations of MANET. To present this paper some study on other related areas which this paper uses is presented. So a discussion on all such issues is presented before coming to this proposal. 1.2 Discussion topics include

The mobile nodes within the MANET can freely join and leave the network. The nodes within network may also behave maliciously. This is hard to detect that the behavior of the node is malicious. Thus this attack is more dangerous than the external attack. These nodes are called compromised nodes.

2.3 No centralized control facility

MANETS do not have any centralized control facility which may lead to many security problems. It becomes very difficult to detect any attack. Traffic cannot be monitored from a centralized point instead the control is distributed at each node. The detection becomes more difficult when the advisory changes the attack pattern and the target of the attack. To the node a failure may be caused by an adversary or due to some network problem. Due to the lack of security association we cannot classify the nodes as trusted node or untreated node.

2.4 Limited Energy Resource

All the nodes in a mobile Ad hoc network depend on battery power for their operation. The alternate power sources are assumed to be absent. The adversary can sent huge traffic to the

target node. The target node may be continuously busy in handling these packets; this will cause the battery power to be exhausted. This will cause a denial of service (dos) attack because now the node will not be able to provide services within the network. Sometimes the attackers ask the nodes to perform some meaningless time consuming computation causing its battery power to be lost. Some nodes may behave as selfish nodes. A selfish node does not cooperate when running some common algorithm. For example consider a cluster based intrusion detection technique where a cluster of nodes cooperatively detect the intrusion. A node is selected as a monitor when it wishes to do this. A malicious behavior simply avoids being the monitor. When majority of nodes behaves selfishly the whole system will collapse.

3.7 Anonymity

All the information about the identity of a node should be kept private for privacy-preservation. The protocol proposes to meet all these security goals. 4. THE PROTOCOL STACK [4] The protocol stack for MANET consists of five layers: physical layer, data link layer, network layer, transport layer and application layer. The MANET protocol stack is somewhat similar to the TCP/IP model. The main difference between these two protocols stacks lies in the network layer. Mobile nodes, which can be host or router in MANET, use an ad hoc routing protocol to route packets. The network layer in MANET is divided into two parts: Network and Adhoc Routing. The protocol used in the network part is Internet Protocol (IP) and the protocols which can be used in the adhoc routing includes DSDV , DSR , AODV or LAR. 5. ROUTING PROTOCOLS In ad hoc networks, the routing protocols are divided into three categories: Proactive, Reactive and Hybrid. In Proactive routing protocols, each MN maintains a routing table where control packets are broadcasted periodically within the whole network. This means that the routes to destination MNs are computed at a regular time before establishing the connection from source to destination. When a source MN wants to send data to a destination MN, it searches the routing table to find a destination MN match. The advantage of such a method is that the route is already known. But the disadvantage is that the control packets overhead are large since they are sent periodically to maintain all routes although not all routes will be necessarily used. Thus, the limited network bandwidth is consumed by control overhead. An example of proactive routing protocol is DSDV. In Reactive routing protocols, the routes are discovered only when the source MN needs to transmit data packets. Thus, the control packets are broadcasted just when there are data to be transmitted. So, the broadcast overhead is reduced. In these protocols, there are two phases to establish routes to destination. These two phases are route discovery and route maintenance. Since the nature of the ad hoc network is highly mobile, the topology of the network is changed often. When the route to destination is broken, the route maintenance phase is started to keep route available. This method suffers from large end to end delay to have route available before sending data packets in large networks. An example of reactive routing protocol is DSR. Hybrid routing protocols include the advantages of both proactive and reactive protocols. Each MN defines two zones: the inside zone and the outside zone. Each node maintains a neighbor table with n MN hops. These MNs are considered to be in the inside zone of the node. Thus, the hybrid protocols act as proactive protocols in the inside zone and reactive protocols in the outside zone. Each node periodically broadcasts control packets in the inside zone to build a routing table for all MNs in the inside zone. When anode wishes to send data to a destination node that resides in the outside zone, it uses a reactive protocol. Thus, a route discovery phase is invoked to establish the route to the destination MN. An example of Hybrid routing protocols is

2.5 Changing scale

The scalablity of the mobile ad hoc network keeps changing all the time. It is very difficult to predict the number of nodes in a mobile ad hoc network at some future time. The protocols and services designed for MANETs must be made compatible to this changing scalability. 3. SECURITY GOALS IN MANET [2] In this section different security criteria are explored with reference to mobile ad hoc networks.

3.1 Availability

It refers to the property of the network to continue provide services regardless of the state of the network. A denial of service attacks is based to attack this property. 3.2 Integrity

Integrity guarantees that no modification, addition, deletion is done to the message, the altering of message can be malicious or accidental. 3.3 Confidentiality

It guarantees that the message cannot be even viewed in its original form by any unauthorized person. 3.4 Authenticity

With the help of this property the parties prove their identities. This property ensures that the parties are genuine not impersonators. 3.5 Non repudiation

With this property the sender and receiver cannot disavow about sending and receiving the message. 3.6 Authorization

This property assigns different access rights to different types of users. For example a network management can be performed by network administrator only.

ZRP. The disadvantage associated with Reactive protocol, when destination node is in outside zone, persists in this protocol also. When the routing protocol does not use the location information of the mobile node, then the routing is topology based routing protocol. If the position information is used in the routing protocol, then the routing is position-based routing protocol, . There are two methods of forwarding data packets in positionbased routing: greedy forwarding and directional flooding. In greedy forwarding, the next hop node is the closest in distance to destination. Greedy Perimeter Stateless Routing Protocol (GPSR) uses the greedy forwarding. In the directional flooding, the source node floods data packets in a geographical area towards the direction of the destination ode. Location Aided Routing (LAR) uses directional forwarding flooding. In the position-based routing protocols, an MN uses a directional antenna or GPS system to estimate its (x, y) position. If GPS is used, every node knows it's (x, y) position assuming z = 0. The positions of the two mobile nodes in say A and B are (x1, y1) and (x2, y2) respectively. The distance d between the two MNs is calculated and angle a is defined. When directional antennas are used, the distance between two MNs and Angle of Arrival (AoA) are estimated according to the directional arrival. The strength of the signal is used to estimate the distance between two nodes and the estimate of angle obtained from the Angle of Arrival (AoA). Location-Aided Routing (LAR) protocol is an approach that decreases overhead of route discovery by utilizing location information of mobile hosts. Such location information may be obtained using the global positioning system (GPS). LAR protocol uses location information to reduce the search space for a desired route. Limiting the search space results in fewer route discovery messages. 6. PUBLIC KEY CRYPTOGRAPHY Public key infrastructure in MANETs is a very popular choice when it comes to securing the network. Schemes (Luo & Lu, 2004; Yi, Naldurg, & Kravets, 2002) use a public-key infrastructure to associate public keys with the node's identity. One of PKI's approaches is to pre-load each node with all other nodes's public key certificates prior to network deployment. Secure routing protocols, such as ARAN, ARIADNE, SEAD, and SPINS (Perrig, Szewczyk, Wen, Culler, & Tygar, 2001), all are based on the assumption that there is pre-existence and presharing of secret and/or public keys for all the nodes in the network. 7. PROPOSED PROTOCOL All the topics discussed above will form the basis of this proposed protocol. It operates both in Network Layer and Application Layer. It uses directional antenna and Angle of Arrival. This paper uses asymmetric cryptography for security. It starts with the assumption that every node maintains a table which is preloaded with public key of other nodes in network. It also chooses few reliable nodes which will be used as distribution nodes in case new nodes enter the MANET. At least one of reliable Nodes should be present in the network. Another assumption is that every node as in LAR is GPS enabled. It uses position information of destination node to flood data in a particular direction. Every node knows it's (x, y) position assuming z = 0. The positions of the two mobile nodes

in say A and B are (x1, y1) and (x2, y2) respectively. The distance d between the two MNs is calculated and angle a is defined. It uses as in LAR, directional antennas. When directional antennas are used, the distance between two MNs and Angle of Arrival (AoA) are estimated according to the directional arrival. The estimate of angle is obtained from the Angle of Arrival (AoA). But there are some differences with LAR. STEP - 1

Every node which is part of MANET should be GPS enabled and can get its GPS info as and when required. Every node should have theirown public and private key and a table that is preloaded with public key of other nodes. Few reliable nodes are assigned the responsibility of maintaining the public key of other nodes in MANET They are also preloaded with public key of other nodes. Every node maintain a cache of time_to_travel to node with which it will communicate.

STEP - 2 The Source Node say S wants to communicate with Destination Node say D Source node goes for Destination Node Discovery Process

STEP - 3 First it Create A Message The Message Structure follows Open Part-

that takingInfo (Aat40Bit Info for Thezones): Thisplane is Direction 15 implies west degrees. whole 2D
divided into 15 zones with each zone covering 24 degrees and bit value 2 representing 24 degrees to 48 degree zone.

S Figure 1: Division of the Transmission Area into 15 zones Assuming a probable zone (GPS) of D node, the direction bit is set. The directional antenna will use this bit to flood data with its centre in centre of selected zone and an coverage of 45 degrees.

As it uses a GPS system to estimate its (x, y) position. If GPS is used, every node knows it's (x, y) position assuming z = 0. The positions of the two mobile nodes in are (x1, y1) and (x2, y2) respectively. The distance d between the two MNs is calculated using (1). The angle is defined and is calculated using (2).[5]

the data down to network layer with a NO message. This enables the Network layer to understand that this message is to be relayed forward according to computed direction bit. The directional antenna covers a angle of 45 degrees to flood the data packets. D

Present time Max_time_to_travel

Data Part-

Geo Position Information of sender Public key of sender node Present time Information for destination Encrypted information using private key of source The Data Part is encrypted using the public key of D Node.

Figure 2: Directional Flooding of Data using Direction Bit STEP - 5

Process continues till message reaches to the Destination node. Now If node is destination it succeeds to decrypt the message It extracts the parts of message It replies to the message after going through certain process

STEP - 6 The max_time_to_travel in open part of message is set according to the calculation of present time in data part and receiving time of message After decrypting the message part using its private key, it is able to extract the GPS location of source, the time at which packets was sent, the information sent by the Source node and public key of Source. Public key of node is matched with the table of public key to verify the sender.

STEP 3 CONTD.

With direction bit set value the data part of message encrypted using public key of destination node. The message is now delivered over the network for discovering the exact GPS location of destination. If the destination is not in the expected zone, the destination discovery after the specified max time is repeated in another zone covering 45 degrees. STEP - 4

Message is received by nodes within the transmission range of source node. The angle of arrival is computed. The Angle of Arrival (AoA) [6][7] are estimated according to the directional arrival. The estimate of next is obtained from the Angle of Arrival (AoA) The recipient node passes on the data to Application Layer. Application Layer tries to decrypt the message with its private key. Now: If node is not destination it fails to decrypt the message. It modifies the direction bit according to angle of arrival The present time in open part and time data was received is used to get the time difference. If time difference is more than max_time_to_travel then the message is dropped, otherwise next action is performed It understands the message is to be relayed forward. It send

The encrypted information part is decrypted with public key of S and matched with the information. If there is an exact match, it ensures that the private key of sender is secure and message is authenticate. Now after collecting the GPS location of S and GPS location of source, i.e. taking GPS info of D as x1,y1 and of S as x2,y2 again the angle is computed and direction bit is set. This direction bit will enable the node to flood data in constrained angle of 45 degrees. The time info sent by S and time of getting the message from S, is used to compute an approximate max_time_to_travel. Then reply message is constructed like the sender with an open and encrypted part. This whole message is sent back to S STEP - 7

According to direction bit the data is forwarded to source

using the earlier procedure.

Authentication Asymmetric Cryptography ensures authentication. The prior information of public key, and public key sent by sender enables to authenticate the sender. Integrity Message altering makes it corruptible for destination. Apart from open part, the message cannot be altered. If open part is altered, it only means that message does not reaches the node concerned. In that case after not getting reply from other end in expected time. The message can be sent from other route and by suitably setting the direction bits. Non-repudiation Encryption by private key of sender of the info part and adding it to data part resolves this. Availibility Lower Processing Requirement at relay nodes makes the nodes more available to the network. Moreover there is no need to naintain routes.

Figure 3:Return path from Destination, mid nodes have changed From now on the Source and Destination has got the exact GPS location of each other. It means a better use of directional flooding. But as we know the nodes in MANET are mobile, the GPS location of nodes will change. This protocol has to account for the change. The procedure is as follows: The communicating nodes will maintain the GPS info and time when it last sent the message in a table. It means that the nodes only have to get the GPS info when they receive or send data, which means saving the battery power of Nodes. Secondly when they resend the message, they get the GPS info of last send and compare it with present GPS info. Using the time of last sent and present time, they will compute the approximate time for next receive of data and calculate the probable GPS location at that time. This GPS location will be added to the encrypted part of message in place of present GPS info, at time of resending. Though with advancement in Inertial positioning system, it is expected that in future, this computation can be used to calculate self position and future position of mobile nodes. Public key information of new node When a new node enters the system, the new node is assumed to be aware of public key of those reliable nodes. On entering the MANET, this node tries to communicate with reliable node using the same procedure, to

Other Advantages This protocol does not need maintaining Routes, which is one of the main concern in MANET and causes a lot of overhead. Secondly with advancement in GPS, Inertial Positioning System, Directional Antenna and Infrastructure less Public Key Cryptography this protocol has got all the scope of further refinements. We can also do way with assumption that the nodes are preloaded with all other nodes public key. In that case nodes can be preloaded with key generating algorithms, and Key tables of communicating nodes can be updated dynamically. 9. CONCLUSION The mechanism to do with route maintenance system along with a security system that takes care of all the security goals that concerns Application Layer and Network Layer is well addressed. Moreover directional flooding also improves the performance of MANET and QOS parameters. REFERENCES
[1] An Efficient Anonymous Routing Protocol for Mobile Ad Hoc Networks(Xiaoqing Li, Hui Li, Jianfeng Ma, Weidong Zhang), 2009 IEEE [2] Rashid Sheikhl Mahakal Singh Chandee, Durgesh Kumar Mishra3 Security Issues in MANET: A Review, 2010 IEEE [3] A Controllable Privacy Protection Framework in Position-based Routing for Suspicious MANETs Jianguo Hao, Weidong Liu, Yiqi Dai [4] Amandeep Makkar, Bharat Bhushan, Shelja, and Sunil Taneja Behavioral Study of MANET Routing Protocols, International Journal of Innovation, Management and Technology, Vol. 2, No. 3, June 2011 [5] Mohammad A. Mikki Energy Efficient Location Aided Routing Protocol for Wireless MANETs (IJCSIS) International Journal of Computer Science and Information Security Vol. 4, No. 1 & 2, 2009 [6] A. Quintero, D. Li, and H. Castro, A location routing protocol based on smart antennas for ad hoc networks, Journal of Network and Computer Applications, Elsevier, vol. 30, pp. 614636, 2007. [7] Dragos Niculescu, and B. Nath, Ad hoc Positioning System (APS) using AOA, in Proc. IEEE INFOCOM, 2003.

Add themselves in Reliable nodes table To get the public key ofof destination, this node follows the intended destination After getting the public key

same protocol. On getting the public key of new node, the destination verifies it with any of reliable node, and then updates its table with new nodes public key and starts communication with new node. 8. SECURITY GOALS COVERAGE

Confidentiality- Since the message can be decrypted only by the original recipient the confidentiality of message is maintained