5
Double Split based Secure Multipath Routing in Ad hoc Networks Ajay Koul School of Computer Science, SMVD University Katra, India [email protected] R.B.Patel Department of Computer Science & Engineering MM University Mullana, India [email protected] V.K.Bhat School of Mathematics SMVD University Katra, india [email protected] AbstractThe Security in Mobile Ad hoc Networks (MANETs) is a serious concern. This article presents a new approach namely the double split (DSPLIT) for enhancing the security features in MANET. The basic idea is to transform a secret message into categories of information and dictionary symbols. The information symbols are further splitted and delivered via multiple paths to the destination while as a position table is generated based on the dictionary symbols and the same is sent through a single path. The purpose of doing so is to provide an additional security against the adversaries that collect many shares, which leads to message reconstruction. We present the overall system architecture and discuss the model for the generation of information and dictionary symbols, position table formation and finally further dividing information symbols and allocating them to their corresponding multipaths. Our simulation study shows that this approach is useful as it enhances the security and consumes less bandwidth. Keywords- Multipath Routing, Network Security,Dictionary Symbols, Information Symbols. I. INTRODUCTION Security in Mobile Ad hoc Networks (MANETs) is a major issue. One would like that data is delivered from source to the destination in a proper way without putting additional burden on the network. Sensitive information, such as related to defense, intelligence, transmitted across a hostile MANET needs to be protected from both active and passive attacks. Many algorithmic approaches have been used in past to provide guard against the above mentioned attacks as mentioned in [1-3]. Data confidentiality is achieved by cryptography. However, it involves transformation of the original data into cipher with the application of keys. This process leads to more complexity as transfer of the key from source to destination is also a great challenge. Many efforts have been made in developing more secure and reliable key management systems [4-6], however, in a highly dynamic MANET environment; end-to-end encryption becomes usually impractical particularly when the number of nodes is large. In MANET environment the nodes may also be selfish and malicious. The selfish behaviour may drop the packets while the malicious behaviour may launch the passive or active attacks and decrease the reliability of the data transfer. The above mentioned algorithms provide security to some extent; however, they do not completely remove the possibility of malicious or compromised node participation on a crucial communication path. They do not also prevent a compromised node from collecting information from forwarded messages or maliciously dropping important packets completely. Towards the furtherance of the above, we propose a new approach called Double Split (DSPLIT). This approach is based on three important techniques. 1. The transformation of message into information and dictionary symbols. The purpose of doing so is to pass maximum information from source to destination with minimum bandwidth and to achieve first level of data encryption as well. 2. To generate the position table based on the dictionary symbols in order to keep the alignment of the whole message intact. 3. The information symbols are fragmented into many parts and sent along the multiple paths and choosing a separate path for the position table. The adversary present in the network either should be multiple on multiple paths or must intercept multiple pieces from multiple paths in order to capture the whole message. This way the data consumes less bandwidth and also the reconstruction of the original data at the destination becomes possible. II. RELATED WORKS Security has gained a lot of attention recently and many attempts in proposing end-to-end security schemes have been carried out. One of these is the use of multipath routing. The concept of secure multipath routing was first proposed by Zhou et al in [7] wherein multiple routes between nodes were established and new cryptographic schemes are adopted. In this approach a trust created and shared among a set of servers using threshold cryptography and key management services were adopted to achieve proactive security and scalability. This was further developed by Kong et al. [8] where security was provided to the distributed network. In this method a solution is 2009 International Conference on Advances in Recent Technologies in Communication and Computing 978-0-7695-3845-7/09 $25.00 © 2009 IEEE DOI 10.1109/ARTCom.2009.77 835 2009 International Conference on Advances in Recent Technologies in Communication and Computing 978-0-7695-3845-7/09 $26.00 © 2009 IEEE DOI 10.1109/ARTCom.2009.77 835 2009 International Conference on Advances in Recent Technologies in Communication and Computing 978-0-7695-3845-7/09 $26.00 © 2009 IEEE DOI 10.1109/ARTCom.2009.77 835

[IEEE 2009 International Conference on Advances in Recent Technologies in Communication and Computing - Kottayam, Kerala, India (2009.10.27-2009.10.28)] 2009 International Conference

  • Upload
    vk

  • View
    218

  • Download
    4

Embed Size (px)

Citation preview

Page 1: [IEEE 2009 International Conference on Advances in Recent Technologies in Communication and Computing - Kottayam, Kerala, India (2009.10.27-2009.10.28)] 2009 International Conference

Double Split based Secure Multipath Routing in Ad hoc Networks

Ajay Koul School of Computer Science,

SMVD University Katra, India

[email protected]

R.B.Patel Department of Computer

Science & Engineering MM University Mullana, India

[email protected]

V.K.Bhat

School of Mathematics SMVD University

Katra, india [email protected]

Abstract— The Security in Mobile Ad hoc Networks (MANETs) is a serious concern. This article presents a new approach namely the double split (DSPLIT) for enhancing the security features in MANET. The basic idea is to transform a secret message into categories of information and dictionary symbols. The information symbols are further splitted and delivered via multiple paths to the destination while as a position table is generated based on the dictionary symbols and the same is sent through a single path. The purpose of doing so is to provide an additional security against the adversaries that collect many shares, which leads to message reconstruction. We present the overall system architecture and discuss the model for the generation of information and dictionary symbols, position table formation and finally further dividing information symbols and allocating them to their corresponding multipaths. Our simulation study shows that this approach is useful as it enhances the security and consumes less bandwidth.

Keywords- Multipath Routing, Network Security,Dictionary Symbols, Information Symbols.

I. INTRODUCTION Security in Mobile Ad hoc Networks (MANETs) is a major issue. One would like that data is delivered from source to the destination in a proper way without putting additional burden on the network. Sensitive information, such as related to defense, intelligence, transmitted across a hostile MANET needs to be protected from both active and passive attacks. Many algorithmic approaches have been used in past to provide guard against the above mentioned attacks as mentioned in [1-3]. Data confidentiality is achieved by cryptography. However, it involves transformation of the original data into cipher with the application of keys. This process leads to more complexity as transfer of the key from source to destination is also a great challenge. Many efforts have been made in developing more secure and reliable key management systems [4-6], however, in a highly dynamic MANET environment; end-to-end encryption becomes usually impractical particularly when the number of nodes is large. In MANET environment the nodes may also be selfish and malicious. The selfish behaviour may drop the packets while the malicious behaviour may launch the passive or active attacks and decrease the reliability of the data transfer. The above mentioned algorithms provide

security to some extent; however, they do not completely remove the possibility of malicious or compromised node participation on a crucial communication path. They do not also prevent a compromised node from collecting information from forwarded messages or maliciously dropping important packets completely.

Towards the furtherance of the above, we propose a new approach called Double Split (DSPLIT). This approach is based on three important techniques. 1. The transformation of message into information and

dictionary symbols. The purpose of doing so is to pass maximum information from source to destination with minimum bandwidth and to achieve first level of data encryption as well.

2. To generate the position table based on the dictionary symbols in order to keep the alignment of the whole message intact.

3. The information symbols are fragmented into many parts and sent along the multiple paths and choosing a separate path for the position table.

The adversary present in the network either should be

multiple on multiple paths or must intercept multiple pieces from multiple paths in order to capture the whole message. This way the data consumes less bandwidth and also the reconstruction of the original data at the destination becomes possible.

II. RELATED WORKS Security has gained a lot of attention recently and many attempts in proposing end-to-end security schemes have been carried out. One of these is the use of multipath routing. The concept of secure multipath routing was first proposed by Zhou et al in [7] wherein multiple routes between nodes were established and new cryptographic schemes are adopted. In this approach a trust created and shared among a set of servers using threshold cryptography and key management services were adopted to achieve proactive security and scalability. This was further developed by Kong et al. [8] where security was provided to the distributed network. In this method a solution is

2009 International Conference on Advances in Recent Technologies in Communication and Computing

978-0-7695-3845-7/09 $25.00 © 2009 IEEE

DOI 10.1109/ARTCom.2009.77

835

2009 International Conference on Advances in Recent Technologies in Communication and Computing

978-0-7695-3845-7/09 $26.00 © 2009 IEEE

DOI 10.1109/ARTCom.2009.77

835

2009 International Conference on Advances in Recent Technologies in Communication and Computing

978-0-7695-3845-7/09 $26.00 © 2009 IEEE

DOI 10.1109/ARTCom.2009.77

835

Page 2: [IEEE 2009 International Conference on Advances in Recent Technologies in Communication and Computing - Kottayam, Kerala, India (2009.10.27-2009.10.28)] 2009 International Conference

provided to support the ubiquitous security services for mobile hosts. This solution was further made secure by decentralizing the operations for security to adopt network scalability easily and to provide guard against any break ins. A novel approach proposed in [9] was suggested by Gorlatova et al. In this method, the security to ad hoc networks is provided by manipulating the HELLO message by maintaining the time series to perform the Fourier analysis on these series to obtain the power spectral density. This power spectral density is used further to detect and to provide security against wormhole attacks. The method works in such a way that it performs the detection of wormhole attacks to MANETs without affecting the bandwidth or interoperability. A secure routing strategy through multipath Adhoc networks has been proposed recently by Herve et al in [10]. In this method security and privacy of the network is maintained without sacrificing the Quality of Service parameters through asymmetric cryptography and multipath strategy. The asymmetric cryptography is used to protect the information while as multiple paths are used between source and destination to ensure packet diversity to resist against passive attacks especially in the malicious environment. A different methodology of providing security through multipaths has been proposed by Vaidya et al in [11]. In this method the network is made secure by adopting the digital signature scheme by the intermediates nodes and public and session keys by the source nodes to prevent active and passive attacks. This is further strengthened by making use of information dispersal technique which makes it difficult for the attackers to get the information.

The above mentioned techniques even though provide security to MANETs, however have the certain drawbacks like key generation using complex polynomial functions, communication overhead, performance degradation, relying on the node-disjoint paths which at times become difficult to create because of mobility of the node. Our approach does not generate complex key pairs. It also can be used with any multipath route to solve the problem of finding node disjoint routes by providing the additional security of splitting the data further.

The rest of the paper is organized as follows. In Section 3, the overall security model and the algorithm is presented. Section 4 gives the simulation results. Finally article is concluded in sections 5.

III. DOUBLE SPLIT(DSPLIT) MODEL F The fundamental idea of our approach has generated from LZW algorithm [12] which is mainly used for text compression. Here we use this algorithm not only to compress the data but also to split the data into two categories of information symbols and the dictionary symbols. This way half of the data gets secured because without information symbols it is almost impossible to get the actual data retrieved in case an intruder intercepts the dictionary symbols. So the idea is to transport information

symbols only through multipaths to the destination. Furthermore on the receipt of categories of symbols, the destination (node) may not assemble the data in proper order. Therefore the position information needs to be preserved and also sent to the destination. The same in our approach is transported to the destination via a selected path.

The security is also enhanced by further splitting the information and dictionary symbols. This splitting is achieved with (K, N) secret sharing algorithm [13] wherein message can be divided into N pieces called shares such that in order to compromise the message, the adversary must compromise at least shares which is the minimum threshold number of shares required to reconstruct the message. With fewer than shares, the attacker cannot learn anything about the message and has no better chance to recover the secret. Further the shares generated by (K, N) are allotted to the Multipaths. This can be achieved by adoption of any multipathing algorithm. So overall our model comprises of four important components. 1. Splitting 2. Position table creation. 3. Further splitting of information symbols by

Threshold Secret Sharing algorithm 4. Multipathing.

The next following sections describe the above mentioned algorithms.

A. Splittting Data compression is the process of encoding data so that it takes less storage space or less transmission time than it would if not compressed. Compression is possible because most real-world data is very redundant and this phenomenon is suitable in Ad hoc network as the bandwidth is limited. The LZW is stated below.

A dictionary that is indexed by codes is used. The dictionary is assumed to be initialized with 256 entries (indexed with ASCII codes 0 through 255) representing the ASCII table. The compression algorithm assumes that the output is either a file or a communication channel. The input is being a file or buffer. Conversely, the decompression algorithm assumes that the input is a file or a communication channel and the output is a file or a buffer. The program reads one character at a time. If the code is in the dictionary, then it adds the character to the current work string, and waits for the next one. This occurs on the first character as well. If the work string is not in the dictionary, (such as when the second character comes across), it adds the work string to the dictionary and sends over the wire (or writes to a file) the code assigned to the work string without the new character. It then sets the work string to the new character. Input String: ^WED^WE^WEE^WEB^WET Output String: ^ WED256 E260261257 B260 T.

836836836

Page 3: [IEEE 2009 International Conference on Advances in Recent Technologies in Communication and Computing - Kottayam, Kerala, India (2009.10.27-2009.10.28)] 2009 International Conference

B. Position Table Creation In position tracking the information symbols and the dictionary symbols are laid first in the form of a complete message and then separated. Table 1 show the message and dictionary positions.

Message: ^ WED256 E260261257 B260 T Separated Message ^ WEDEBT

Table 1. The Message and Dictionary Positions

Message Position 5 7 8 9 11 Dictionary position 1 5 6 2 5

The purpose of doing this so is to have the first round of splitting by separating dictionary and the information symbols. This is also done to keep the positions of the symbols intact to recover the data in proper format at the destination. A proper hash value is calculated and appended with this table using Secured hash algorithm (SHA) in order to prevent malicious users to modify the table information.

C. Threshold Secret Sharing This stage is very important as simply splitting the data into

shares involves security problems. The splitting is achieved with (K, N) [13]. The data is divided into N shares and even one or two shares get compromised there is no way to retrieve the complete share or the whole data. The data D is divided into n pieces D1,…,Dn in such a way that: 1. Knowledge of any K or more Di pieces makes D easily

computable. 2. Knowledge of any K – 1 or fewer Di pieces leaves D

completely undetermined (in the sense that all its possible values are equally likely).

This scheme is called (K, N) threshold scheme. If K = N, then all the active participants present in the network are required together to reconstruct the secret. Suppose we want to use (K, N) threshold scheme to share our secret S. Choose at random (K – 1) coefficients a1, …, ak-1, and let a0 = S. Then the following polynomial is generated. f(x) = a0 + a1x + a2x2 + a3x3 + ….ak-1xk-1 (1) Let us construct any n points out of (1) mentioned above, for instance set i = 1, n to retrieve (i, ƒ(i)). Every participant is given a point (a pair of input to the polynomial and output) . given any subset of k of these pairs, we find the coefficients of the polynomial by polynomial curve fitting, and then evaluate a0, which is the secret. The original polynomial ƒ(x) can be recovered by Lagrange’s interpolation shown below in (2) and (3)

f(x) = ∑kj=0 yi (l j(x)) (2)

Where

l j(x) = ∏ −≠= −

k

jii ij

i

xxxx

0

Where yj and lj(x) have been used in the equations to substitute the share values and to construct the polynomial so that the original share is retrieved.

D. Multipathing The primary goal of our path finding algorithm is to find as many paths as possible while at the same time as complete and reliable as possible. So the routing algorithm selected is based on [14] which is commonly known as The Temporally Ordered Routing Algorithm TORA. TORA is a highly adaptive, efficient and scalable routing algorithm. The main feature of this algorithm is that when the path between the node gets detached or the link fails, the control system of the algorithm tries to reestablish the path instead of re-initiating the complete route discovery when the link fails.

E. Algorithm When the route is established using the above Routing procedure, before the data is sent to the destination the algorithms needs to be applied both at the source for transforming and securing the data and destination to retrieve the original data. Below mentioned are the algorithms to be executed at the source and the destination side

Algorithm at the source side: Steps: 1. set x = NIL 2. while(J!=Null) where J is total number of characters 3. read a character y 4. if xy exists in the dictionary 5. x = xy; else ; output the code for x 6. add xy to the dictionary 7. x = y; end loop 8. Repeat step 3 to 9till condition 2 fails. 9. While(P!=0) 10. Initialize k=1 for positions 11. if input in > 255 assign k and remove in 12. else S=in 13. Increment in 14. Calculate np 15. Select p = np (the no of paths) 16. Select x1, x2 the random numbers 17. F(x) = S + x1*x + x2 * x2 18. Assign F(x) shares to np. 19. Continue till all data fragmentation is over 20. Stop

837837837

Page 4: [IEEE 2009 International Conference on Advances in Recent Technologies in Communication and Computing - Kottayam, Kerala, India (2009.10.27-2009.10.28)] 2009 International Conference

Algorithm at the Destination side Steps:

1. Assemble F(x) shares 2. Get the position table information, extract k 3. If F(x) > th the minimum threshold number

required to reconstruct the message 4. write the message, position table 5. read a character x 6. output x; y = x; loop 7. read a character x 8. entry = dictionary entry for x 9. output entry 10. add y + first char of entry to the dictionary 11. y = entry; end loop 12. Reconstruct message from dictionary, position

table

IV. SIMULATION AND RESULTS The results were found by checking the superiority of

the above model over others. The performance was compared with simple multipath routing protocol like TORA and the Spread protocol. The coding was done first for LZW algorithm to fragment the data and separate it into information and dictionary symbols and to generate the proper position Table. It was further splitted by (K, N) algorithm by using C language only. Further the results were found using the Ns2 simulators without considering the factor of mobility, i.e., the nodes were all static. It was found that even if increasing the number of malicious nodes in each path, the retrieval of the whole message is almost impossible for the attackers. In Fig. 1 the graph is plotted between the percentage levels of insecurity vs. number of paths.

Figure 1. Percentage insecurity vs. No of Paths

The graph in Fig. 1 depicts that the level of insecurity increases with the decrease in number of paths. From the graph the DSPLIT showed better performance in terms of increase in security. Further when the performance of the routing algorithms were compared in terms of bandwidth utilization, the DSPLIT algorithm required less bandwidth overall to transfer complete data as compared to TORA and SPREAD. The Graph in Fig. 2 which is plotted between Percentage of Bandwidth consumed vs. number of paths established shows that.The performance of the algorithms

were also compared in terms of node disjoint and no-node disjoint paths by creating different network scenario’s, as mentioned in scenario1 and scenario 2.

Figure 2. Bandwidth % age vs. No. of Paths

In these scenarios one path was made insecure by making one node malicious (Node7 in case of scenario-1 and node 2 in case of scenario-2). It was found that SPREAD relies on node disjoint paths and hence showed better performance in terms of data received by destination node which is shown in Fig. 3. However, as soon as the paths were made no node disjoint paths the performance drastically decreased shown in Fig. 4. For Fig. 3 and Fig. 4 the threshold i.e. no of packets required through multipath to reveal the original data were kept at 3 for both the scenarios.

Figure 3. Based on Scenario-1

Scenario-1. Node disjoint Paths Node 9 source- Node 6 Destination

Scenario-2. No- Node disjoint Paths Node 14 Source – Node 7 Destination

838838838

Page 5: [IEEE 2009 International Conference on Advances in Recent Technologies in Communication and Computing - Kottayam, Kerala, India (2009.10.27-2009.10.28)] 2009 International Conference

Figure 4. Based on Scenario -2 Percentage of Data received vs No Node disjoint Paths

V. CONCLUSIONS The above mentioned approach was used to provide data security in malicious Mobile Ad hoc network environment. The approach discussed provides three levels of security. The first level is achieved when the data is splitted in two categories of information symbol and the dictionary symbol thereby providing security to data as intercepting position table information will reveal garbage only. Further security is achieved by splitting the information symbols. There is no need to split the position table but depending upon the security of the route the decision is taken whether to split it or not as modification of those symbols may result in the loss of actual data. Further level of security is achieved by secret sharing algorithm. This algorithm takes the security level further up by splitting the information symbols and in specialized cases to data symbols. The purpose was that even if one share gets compromised or learnt by the intruder or the compromised node it is almost impossible to learn about other shares and the whole data.

REFERENCES [1] Y.-C. Hu, D.B. Johnson and A. Perrig, “SEAD:

Secure efficient distance vector routing for Mobile wireless Adhoc networks”, in Proceedings of 4th IEEE workshop on Mobile Computing systems and applications, Callicoon, NY, 2002, pp. 3-13.

[2] Y.-C. Hu, A. Perrig and D. B. Johnson, “Ariadne: A secure on-demand routing protocol for ad hoc networks,” in Proceedings of 8th ACM International Conference on Mobile Computing and Networks (Mobicom’ 02), Atlanta, Georgia, 2002, pp. 12–23.

[3] Y.-C. Hu, A. Perrig, and D. B. Johnson, “Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad hoc Networks,” in Proceedings of 22nd Annual Joint Conference IEEE Computer and Communication Societies (Infocom’03), San Francisco, CA, 2003, pp. 1976-1986.

[4] Ruidong Li, Jie Li, Kameda H, Peng Liu, “Localized public key management for Mobile Ad hoc Networks” in proceedings of IEEE Global Telecommunication Conference (GLOBECOM’04), Dallas, Nov 29-Dec 3, 2004, Vol 2, pp. 1284-1289.

[5] David Sanchez, Heribert Baldus, “Hybrid key management for Mobile Ad hoc Networks”, IFIP International Federation for Information Processing, Vol 197, pp. 337-346, 2006.

[6] Wuxu Peng, Yalin Wang, E.K. Park, Kia Makki, “Dynamic key management for secure routing in MANET”, Journal of Wireless Communications and Mobile Computing, 7(10):pp. 1233-1241, Nov. 2007.

[7] L. Zhou, Z. Haas, “Securing ad hoc networks,” IEEE Network Magazine, Vol 6, pp. 24–30, 1999.

[8] J. Kong, P. Zerfos, H. Luo, S. Lu and L. Zhang, “Providing robust and ubiquitous security support for MANETs”, in Proceedings of IEEE 9th international Conference on Network Protocols (ICNP), Riverside, 11-14 Nov. , 2001, pp. 251-260.

[9] Gorlatova, M.A., Kelly, M., Liscano, R, and Mason, P. C, “ Enhancing Frequency-based Wormhole Attack Detection with Novel Jitter Waveforms”,Proceedings of IEEE Secure Comunications, Nice, France, Sept 2007 pp. 304-309.

[10] Hervé Aiache, François Haettel, Laure Lebrun Cédric Tavernier, “ Improving security and performance of an Ad Hoc network through a multipath routing strategy”, in Journal of Computer Virology, 4(4): pp. 267-278, 2008.

[11] Binod vaidya, dong-You Choi, JongAn park, SeungJo Han, “Investigations of Secure Framework for Multipath MANET”, in proceedings of international Conference on Multimedia and Ubiquitous Engineering, Busan, Korea, 24-26 Apr. , 2008, pp. 182-185.

[12] Nan Zhang, Tao Tao, Ravi Vijaya Satya, Amar Mukherjee, "Modified LZW Algorithm for Efficient Compressed Text Retrieval", in Proceedings of international Conference on IT: Coding and Computing (ITCC'04) , Las Vegas, April 5-7, 2004, Vol. 2, pp. 224-228.

[13] S.-J. Lee and M. Gerla, “Split Multipath Routing with Maximally disjoint paths in Ad -hoc networks”, ICC’01, Finland, 11-14 Jun., 2001, vol. 10, pp. 3201–3205.

[14] V.D. Park and M.S. Corson, “Temporally- Ordered Routing Algorithm (TORA) version 1”, IETS Internet draft (draft-ietfmanet-tora- spec-04.txt), 2001.

839839839