Improvement in Routing Mechanism for Mobile Ad hoc Networks

Guided By: Prof. Your Guide Name Designation

Submitted By: Bhaumik Patel 3rd Sem, M. E. (CE) MODASA

ACKNOWLEDGEMENT
I am thoroughly thankful to Your Guide Name for providing me the opportunity and right direction to study and present something new and interesting about MANETs security, specifically said about AODV routing protocol.

Bhaumik Patel

1. Abstract Today new applications of mobile ad hoc networks including wireless sensor networks, ubiquitous computing and peer-to-peer applications, introduce a need for strong privacy protection and security mechanisms. To provide protection in wireless communication between mobile nodes in a hostile environment, security is primary and fundamental issue. Compared to wired network MANETs having couple of problems in security design due to lack of the infrastructure, open peer-to-peer network architecture, shared wireless medium, limited resource constraints and highly dynamic network topology. With these challenges security must provide protection in MANETs with desirable network performance. Here I would like to focus on fundamental security problems and possible solutions in MANETs with review of state-of-the-art security proposals suggested in this area. MANETs routing protocols are being developed without having security in mind. In most of them it is assumed that all the nodes in the network are friendly and trusted. I consider the problem of incorporating security mechanism into routing protocols for ad hoc networks. I look at AODV (Ah-hoc On-demand Distance Vector) in detail and try to check possibility to develop a security mechanism to protect its routing information. AODV is one of the widely used routing protocols that is currently undergoing extensive research and development. AODV is reactive which means that it builds routes only when they are first needed. AODV is based on distance vector routing, but the updates are shared not on a periodic basis but on an as per requirement basis. The control packet contains a hop count and sequence number field that identifies the freshness of routing updates. As these fields are mutable, it creates a potential vulnerability that is frequently exploited by malicious nodes to advertise better routes. Similarly, transmission of routing updates also discloses vital information about network topology, which is again a potential security hazard. So here I will try to focus first on various possible security flaws and then on possible security solutions of AODV. The Secure AODV is an extension of the AODV routing protocol that can be used to protect the route discovery mechanism providing security features like integrity and authentication. Two mechanisms are used to secure the AODV messages: digital signatures to authenticate the nonmutable fields of the messages, and hash chains to secure the hop count information (the only mutable information in the messages). For the non-mutable information, authentication is perform in an end-to-end manner, but the same kind of techniques cannot be applied to the mutable information. The information relative to the hash chains and the signatures is transmitted with the AODV message as an extension message

Page 1

2. Introduction MANETs has two unique characteristics: self-configuration and self-maintenance capabilities. The existing security solutions for wired networks cannot be directly applicable to the MANETs. In addition, self organization property is assumed in MANETs which is the ability of a mobile ad hoc network to work without any external management or configuration. Security in MANETs is very difficult to achieve due to links vulnerabilities, the limited physical protection of each of the nodes, the sporadic nature of connectivity, the dynamic changing topology, the absence of a certification authorities and lack of centralized monitoring or management point. In MANETs, there is nothing like a clear line of defense or boundary which separates inside network from outside world. On the other side, the existing ah hoc routing protocols, such as AODV(Ad hoc On-demand Distance Vector) and DSR(Dynamic Source Routing) assumes trusted and cooperative environment which makes very easy to attack on MANETs. Security never comes for free. Adding more security features into the mobile wireless networks, increases computation, communication and management overhead. In addition, network performance in terms of scalability, service availability, robustness and so on, becomes key factor in resource-constrained ad hoc networks. In fact, both dimensions, security strength and network performance are equally important and achieving a good trade-off between these two is itself one fundamental challenge in security design for MANETs. 3. Attacks Attacks on the basic mechanisms, such as routing. Attacks on the security mechanisms, such as key management. Main vulnerabilities of the basic mechanisms are nodes can be easily captured and compromised, communication performed over the air, algorithms are assumed to be cooperative and routing mechanisms are more vulnerable in ad hoc networks. While main vulnerabilities of the security mechanisms are public key can be maliciously replaced, some keys can be compromised, trusted server can be controlled etc. 3.1 Attacks on network-layer operations The major two network-layer operations in MANETs are ad hoc routing and data packets forwarding. Both operations are vulnerable to malicious attacks. Based on that we are having two categories of attacks: routing attacks and packet forwarding attacks. Routing attacks in AODV are, attacker may advertise a route with a small distance than its actual distance to the destination, or advertise routing updates with a large sequence number and invalid all the routing updates from other nodes. So there is a need to identify and defeat more subtle and sophisticated routing attacks.
Page 2

Packets forwarding attacks do not disrupt the routing protocol. Instead they cause data packets to be delivered in a way that intentionally inconsistence with the routing states. For example, the attacker along an established route may drop the packets, modify the contents of the packets or duplicate the packets it has already forwarded. 4. Review of state-of-the-art security proposals for MANETs There are two approaches of security in MANETs: Proactive and Reactive. Both the approaches have their own advantages and are suitable for addressing different issues of MANETs security. For example, most secure routing protocols have proactive approach, while reactive approach is widely used to protect packet forwarding operations. In addition to these, security encompasses three main components: prevention, detection and reaction. In the MANETs, the prevention component is mainly achieved by secure ad hoc routing protocols that prevent the attacker from installing incorrect routing states at other nodes. These protocols are based on earlier ad hoc routing protocols like DSR, AODV, DSDV(DestinationSequenced Distance Vector) and employ different cryptographic primitives (e.g. HMAC, digital signature, hash chains) to authenticate the routing messages. Detection observes abnormal behavior of malicious node if any. Once an attacker node is detected, the reaction component makes adjustment in routing and forwarding operations. 4.1 Network Layer Security According to earlier proposals, network layer security has two categories: secure ad hoc routing protocols and secure packet forwarding protocols. Here I would like to discuss only secure ad hoc routing protocols with its possible solutions because there is no much work done in this area. There are several cryptographic primitives for message authentication, the essential component in any security design like HMAC (Message Authentication Codes), Digital Signature, Hash Chains etc. 4.1.1 Secure Ad hoc Routing This takes the proactive approach and enhances the existing ad hoc routing protocols, such as DSR and AODV, with security extensions. In these protocols, each mobile node proactively signs its routing messages using the cryptographic authentication primitives described above. This way, collaborative nodes can efficiently authenticate the legitimate traffic and differentiate the unauthorized packets from outsider attackers. Following are the major two types of routing protocols. Source Routing The main challenge is to ensure that each intermediate node cannot remove existing nodes from the route or add extra nodes to the route. The basic technique is to attach a per-hop authenticator
Page 3

for the source routing forwarder list so that any altering of the list can be immediately detected. A secure extension of DSR is Ariadne that uses a one-way HMAC key chain for the purpose of message authentication. Distance Vector Routing For the DVR protocols such as AODV and DSDV, the main challenge is that each intermediate node has to advertise the routing metric correctly. For example, when hop count is used as the routing metric, each node has to increase the hop count by one exactly. A hop count hash chain is devised so that an intermediate node cannot decrease the hop count in a routing update. Note that a hash chain for this purpose does not need time synchronization, which is different from oneway HMAC key chain for authentication. In general most of the attacks on a routing protocol can be classified as: Non-forwarding Traffic deviations Lack of error messages Frequent route updates Route modification Finding an efficient solution to these problems in an open ad hoc environment is still an open issue. 5. AODV Protocol Ad-hoc On-Demand Distance Vector (AODV) is inherently a distance vector routing protocol that has been optimized for ad-hoc wireless networks. It is an on demand protocol as it finds the routes only when required and is hence also reactive in nature. AODV borrows basic route establishment and maintenance mechanisms from the DSR protocol and hop-to-hop routing vectors from the DSDV protocol. To avoid the problem of routing loops, AODV makes extensive use of sequence numbers in control packets. When a source node intends communicating with a destination node whose route is not known, it broadcasts a RREQ (Route Request) packet. Each RREQ packet contains an ID, source and the destination node IP addresses and sequence numbers together with a hop count and control flags. The ID field uniquely identifies the RREQ packet; the sequence numbers inform regarding the freshness of control packets and the hop-count maintains the number of nodes between the source and the destination. Each recipient of the RREQ packet that has not seen the Source IP and ID pair or doesnt maintain a fresher (larger sequence number) route to the destination rebroadcasts the same packet after incrementing the hop-count. Such intermediate nodes also create and preserve a REVERSE ROUTE to the source node for a certain interval of time. When the RREQ packet
Page 4

reaches the destination node or any node that has a fresher route to the destination a RREP (Route Reply) packet is generated and unicasted back to the source of the RREQ packet. Each RREP packet contains the destination sequence number, the source and the destination IP addresses, route lifetime together with a hop count and control flags. Each intermediate node that receives the RREP packet, increments the hop count, establishes a FORWARD ROUTE to the source of the packet and transmits the packet on the REVERSE ROUTE. For preserving connectivity information, AODV makes use of periodic HELLO messages to detect link breakages to nodes that it considers as its immediate neighbors. In case a link break is detected for a next hop of an active route a RERR (Route Error) message is sent to its active neighbors that were using that particular route. Optionally, a Route Reply Acknowledgement (RREP-ACK) message may be sent by the originator of the RREQ to acknowledge the receipt of the RREP. RREP-ACK message has no mutable information. 6. AODV Message Formats

Figure 1: Route Request (RREQ) Message Format Mutable fields: Hop Count

Figure 2: Route Reply (RREP) Message Format Mutable fields: Hop Count
Page 5

Figure 3: Route Error (RERR) Message Format Mutable fields: None

Figure 4: Route Reply Acknowledgment (RREP-ACK) Message Format Mutable fields: None

7. Security flaws of AODV The major vulnerabilities present in the AODV are: (i) Deceptive incrementing of sequence numbers and (ii) Deceptive decrementing of hop-count. Actually there are seven main requirements to secure AODV protocol properly. A. Authorized nodes to perform route computation and discovery B. Minimal exposure of network topology C. Detection of spoofed routing messages D. Detection of fabricated routing messages E. Detection of altered routing messages F. Avoiding formation of routing loops G. Prevent redirection of routes from shortest paths

Page 6

Moreover since AODV has no security mechanisms, malicious nodes can perform many attacks just by not behaving according to the AODV rules. A malicious node M can carry out the following attacks (among many others) against AODV: 1. Impersonate a node S by forging a RREQ with its address as the originator address. 2. When forwarding a RREQ enervated by S to discover a route to D, reduce the hop count field to increase the chances of being in the route path between S and D so it can analyze the communication between them. 3. Impersonate a node D by forging a RREP with its address as a destination address. 4. Impersonate a node by forging a RREP that claims that the node is the destination and, to increase the impact of the attack, claims to be a network leader of the subnet SN with a big sequence number and send it to its neighbors. 5. Electively, not forward certain RREQs and RREPs, not reply to certain RREPs and not forward certain data messages.

8. Securing AODV We assume that there is a key management sub-system that makes it possible for each ad hoc node to obtain public keys from the other nodes of the network. Further, each ad hoc node is capable of securely verifying the association between the identity of a given ad hoc node and the public key of that node. How this is achieved depends on the key management scheme. Two mechanisms are used to secure the AODV messages: digital signatures to authenticate the non-mutable fields of the messages, and hash chains to secure the hop count information (the only mutable information in the messages). For the non-mutable information, authentication is performing in an end-to-end manner, but the same kind of techniques cannot be applied to the mutable information. The figures given above show the structure of the AODV messages and indicate what the mutable fields of the messages are. In short, securing the AODV protocol can be divided into the following three broad categories: 1) Key Exchange, 2) Secure Routing and 3) Data Protection

9. SAODV Introduction 9.1 Secure AODV hash chains

Page 7

Secure AODV uses hash chains to authenticate the hop count of RREQ and RREP messages in such a way that allows every node that receives the message (either an intermediate node or the final destination) to verify that the hop count has not been decremented by an attacker. 9.2 Secure AODV digital signatures Digital signatures are used to protect the integrity of the non-mutable data in RREQ and RREP messages. That means that they sign everything but the Hop Count of the AODV message and the Hash from the Secure AODV extension. When a RREQ is received by the destination itself, it will reply with a RREP only if it fulfills the AODVs requirements to do so. This RREP will be sent with a RREP Signature Extension. When a node receives a RREP, it first verifies the signature before creating or updating a route to that host. Only if the signature is verified, will it store the route with the signature of the RREP and the lifetime. 9.3 SAKM Simple Ad hoc Key Management (SAKM) provides a key management system that makes it possible for each ad hoc node to obtain public keys from the other nodes of the network. Further, each ad hoc node is capable of securely verifying the association between the identity of a given ad hoc node and the public key of that node. This is achieved by using statistically unique and cryptographically verifiable address.

10. Security Requirements In most domains, the primary security service is authorization. Routing is no exception. Typically, a router needs to make two types of authorization decisions. First, when a routing update is received from the outside, the router needs to decide whether to modify its local routing information base accordingly. This is import authorization. Second, a router may carry out export authorization whenever it receives a request for routing information. Import authorization is the critical service. In traditional routing systems, authorization is a matter of policy. For example, gated, a commonly used routing program1, allows the administrator of a router to set policies about whether and how much to trust routing updates from other routers: e.g., statements like trust router X about routes to networks A and B. In mobile ad hoc networks, such static policies are not sufficient (and unlikely to be relevant anyway). Authorization may require other security services such as authentication and integrity. Techniques like digital signatures and message authentication codes are used to provide these services.

Page 8

In the context of routing, confidentiality and non-repudiation are not necessarily critical services. The problem of compromised nodes is not addressed here since it is, arguably, not critical in non military scenarios. Availability is considered to be outside of scope. Although of course it would be desirable, it does not seem to be feasible to prevent denial-of-service attacks in a network that uses wireless technology (where an attacker can focus on the physical layer without bothering to study the routing protocol). Therefore, in this research work the following requirements were considered: Import authorization: It is important to note that in here it is not referring to the traditional meaning of authorization. What means is that the ultimate authority on routing messages regarding a certain destination node is that node itself. Therefore, route information will only be authorized in a routing table if that route information concerns the node that is sending the information. In this way, if a malicious node lies about it, the only thing it will cause is that others will not be able to route packets to the malicious node. Source authentication: Nodes need to be able to verify that the node is the one it claims to be. Integrity: In addition, nodes need to be able to verify that the routing information that it is being sent to us has arrived unaltered. The two last security services combined build data authentication, and they are requirements derived from our import authorization requirement.

11. Conclusion The multidimensional trade-offs among security strength, communication overhead, computational complexity, power consumption and scalability still remain largely unexplored. So collective efforts from researchers working in different areas such as wireless networking, mobile systems and cryptography are required to provide best security in the entire manner for MANETs. Moreover, Finding an efficient solutions to attacks on a routing protocols in MANETs is still very crucial and not much explored open issue. AODV is being developed without having security in mind. Because of that there are many security flaws inside AODV have been observed. So there is a solid need to improve AODV by adding security extensions using key management, digital signature, hash chains etc.

Page 9

12. Future Work I will try to Compare different routing protocols for MANETs (e.g. AODV, DSR, DSDV, TORA) Check possibilities to add security extensions in that selected routing protocol (making new secure version of earlier protocol) Measure overall performance, communication overhead, computation complexity, scalability of new secure routing protocol with earlier ordinary (insecure) version of protocol. Study of available secure versions of AODV. Try to find major problems in existing secure versions of AODV. \ References [1] H Yang, H.Y. Lue, F Ye, S.W. Lu and L Zhang, Securing in mobile as hoc networks: challenges and solutions (2004) IEEE wireless communications 11(1), pp. 38-47. [2] Jean-Pierre, Levente Buttyan, Srdan Capkun, The Quest for security in mobile ad hoc networks. (2001) by ACM. [3] Maxim Raya Jean-Pierre, The Security of Vehicular ad hoc networks (2005) by ACM. [4] Konrad Wrona, Distributed Security: Ad hoc Networks & Beyond, Pamps Workshop, RHUL, 2002. [5] Pirzada, McDonald, Security Routing with the AODV Protocol (2005) IEEE pp.57-61 [6] Kullberg Performance of the Ad hoc On demand Distance Vector Routing Protocol [7] Manel Zapata, Secure Ad hoc On-Demand Distance Vector (SAODV) Routing, INTERNET DRAFT (September 2006) draft-guerrero-manet-saodv-06.txt [8] Arshad, Azad Performance Evaluation of Secure On-Demand Routing Protocols for Mobile Ad-hoc Networks, 2006 IEEE [9] http://www.crhc.uiuc.edu/wireless/assignments/simulation

Page 10