A Mobile Ad Hoc Network (MANET) due to its
properties like nodes communicate in shared wireless medium
without any centralized control suffers from major
vulnerabilities. There are many threats in MANET due to
maliciousness that using attacks disrupts the network because of
insecure routing protocols like AODV, DSR which are created
without considering security in mind. MANET due to its
establishment in insecure environment makes it more vulnerable
to attacks when a malicious node is further shared to provide
different services. One example of such protocol is AODV which
is used extensively and lot of research and development is in
process. This paper deals with problems of AODV ( a reactive
protocol) firstly, hop count and sequence no fields of its control
packet which are is easily edited so it creates the possibility of
abuse by malicious nodes. Secondly, routing updates are given in
clear text form is also a security danger which reveals important
information about the network topology This paper will propose
a new approach to AODV to secure the routing. This paper uses
pseudorandom cryptographic hash function MD6 in composition
with Message Authentication Code (MAC) to secure AODV
control packets like RREQ, RREP, RERR etc. which is a very
less power consuming and effective solution for MANET. In this
paper, we have also given the detail of Modified HMAC_MD6
for providing security in route discovery.
Original Title
Securing AODV Using HMAC of Cryptography
for MANETs
A Mobile Ad Hoc Network (MANET) due to its
properties like nodes communicate in shared wireless medium
without any centralized control suffers from major
vulnerabilities. There are many threats in MANET due to
maliciousness that using attacks disrupts the network because of
insecure routing protocols like AODV, DSR which are created
without considering security in mind. MANET due to its
establishment in insecure environment makes it more vulnerable
to attacks when a malicious node is further shared to provide
different services. One example of such protocol is AODV which
is used extensively and lot of research and development is in
process. This paper deals with problems of AODV ( a reactive
protocol) firstly, hop count and sequence no fields of its control
packet which are is easily edited so it creates the possibility of
abuse by malicious nodes. Secondly, routing updates are given in
clear text form is also a security danger which reveals important
information about the network topology This paper will propose
a new approach to AODV to secure the routing. This paper uses
pseudorandom cryptographic hash function MD6 in composition
with Message Authentication Code (MAC) to secure AODV
control packets like RREQ, RREP, RERR etc. which is a very
less power consuming and effective solution for MANET. In this
paper, we have also given the detail of Modified HMAC_MD6
for providing security in route discovery.
A Mobile Ad Hoc Network (MANET) due to its
properties like nodes communicate in shared wireless medium
without any centralized control suffers from major
vulnerabilities. There are many threats in MANET due to
maliciousness that using attacks disrupts the network because of
insecure routing protocols like AODV, DSR which are created
without considering security in mind. MANET due to its
establishment in insecure environment makes it more vulnerable
to attacks when a malicious node is further shared to provide
different services. One example of such protocol is AODV which
is used extensively and lot of research and development is in
process. This paper deals with problems of AODV ( a reactive
protocol) firstly, hop count and sequence no fields of its control
packet which are is easily edited so it creates the possibility of
abuse by malicious nodes. Secondly, routing updates are given in
clear text form is also a security danger which reveals important
information about the network topology This paper will propose
a new approach to AODV to secure the routing. This paper uses
pseudorandom cryptographic hash function MD6 in composition
with Message Authentication Code (MAC) to secure AODV
control packets like RREQ, RREP, RERR etc. which is a very
less power consuming and effective solution for MANET. In this
paper, we have also given the detail of Modified HMAC_MD6
for providing security in route discovery.
Securing AODV Using HMAC of Cryptography for MANETs Rooz Munjal #1 , Pinki Tanwar *2 , Nitin Goel #3
1# Department Of Computer Science &Engineering, JMIT, Radaur, Yamunanagar, India
2# Department Of Computer Science &Engineering, JMIT, Radaur, Yamunanagar, India 3# IP Researcher Microsoft Patent Research Engineer CPA Global, Noida , Delhi, India
Abstract A Mobile Ad Hoc Network (MANET) due to its properties like nodes communicate in shared wireless medium without any centralized control suffers from major vulnerabilities. There are many threats in MANET due to maliciousness that using attacks disrupts the network because of insecure routing protocols like AODV, DSR which are created without considering security in mind. MANET due to its establishment in insecure environment makes it more vulnerable to attacks when a malicious node is further shared to provide different services. One example of such protocol is AODV which is used extensively and lot of research and development is in process. This paper deals with problems of AODV ( a reactive protocol) firstly, hop count and sequence no fields of its control packet which are is easily edited so it creates the possibility of abuse by malicious nodes. Secondly, routing updates are given in clear text form is also a security danger which reveals important information about the network topology This paper will propose a new approach to AODV to secure the routing. This paper uses pseudorandom cryptographic hash function MD6 in composition with Message Authentication Code (MAC) to secure AODV control packets like RREQ, RREP, RERR etc. which is a very less power consuming and effective solution for MANET. In this paper, we have also given the detail of Modified HMAC_MD6 for providing security in route discovery.
Keywords MANETs, MD6, HMAC, AODV, Secure Routing. I. INTRODUCTION MANET is an autonomous system consist of group of mobile nodes communicating with each other via radio transceivers and organising themselves randomly; Thus, the wireless networks topology may change rapidly and unpredictably. Due to infrastructure-l ess property i t i s di ffi cul t to use exi sting routing protocol s l ike TCP/I P for network servi ces. Nodes of Ad-Hoc network nodes perform dual role of routers as well as end users. Due to unique feature of Ad-Hoc networks that these nodes itself have limited transmission range and but they uses their neighbouring nodes for forwarding packets and make routes between far away nodes and this type of routing protocols are already designed. This makes Ad-Hoc networks suitable for military operations. But for this we need to be more strongly concerned with privacy and secrecy also.These are the scenarios which motivate us to use hashed message authentication (HMAC) which is using MD6 hash mechanism. The objective to use HMAC in composition with MD6 is that existing hash functions can be used without any need of optimization Outline: Paper is structured as follows: Section 2 briefly describes the previous Work related to AODV security. Section 3 introduces the mechanism Modified HMAC_MD6 mechanism used to provide security. Section 4 provides flowchart of proposed algorithm to provide Secure Routing in AODV. Further, Section 5 provides the simulation results Finally, Section 6 Concludes the paper. Section 7 presents the Future Perspective of this work. II. PREVIOUS WORK
There are three discrete ad hoc wireless environments: Open , managed-open and managed-hostile which not only differ in the level of security needed, but also in that some have opportunity for exchange of security parameters before the nodes are deployed. There are some requirements [4] that must be satisfied to ensure secure path discovery in presence of malicious adversaries and must be kept in mind when designing a secure protocol. 1) Route signalling cannot be spoofed. 2) Fabricated routing messages should be detected. 3) Routing messages cannot be spoofed, except according to the normal functionality of the routing protocol. 4) Routing loops should be avoided through malicious action. 5) Redirection of route from the shortest path by malicious action should be avoided. 6) Only authorised nodes can participate in route computation and discovery. This requirement does not change the fact that authenticated peers may act maliciously as well
Many secure routing protocols already exist that conform to almost all the requirements. Three of them are: 1. SAODV (Secure Ad-hoc On-Demand Distance Vector) SAODV [4] is an extension of AODV and provides end-to- end authentication and node-to-node verification. It provides authentication, integrity to ad-hoc networks by using one-way International Journal of Computer Trends and Technology (IJCTT) Volume 4 Issue 6June 2013
hash chain and digital signature. It needs the use of Key Management Scheme. The main problem with this is that it uses Public Key Cryptography that requires considerable amount of processing power and slows down the process to some extent. 2. ARAN (Authenticated Routing for Ad-hoc Networks):
ARAN [5] provides security features like authentication, message integrity to ad-hoc networks by using a preliminary certification process by a universally trusted third party which is followed by a route instantiation process that ensures end- to-end security services. The main problem with the protocol is every node that forwards a route discovery message or a route reply message must also sign it, which is very power consuming and this further makes the size of the routing messages to increase at each hop. 3. ARIADNE: It is reactive protocol based on DSR routing protocol It is entirely on demand In addition, Ariadne [7] is efficient, as it uses only highly efficient symmetric cryptographic primitives. III. AODV ROUTING PROTOCOL
AODV [2] is an on demand distance vector routing protocol that has been build for MANETs. It is reactive in nature as it searches for the routes only when required. It makes use of basic route establishment and maintenance procedures from the DSR protocol and hop-to-hop route vectors from the DSDV protocol. AODV makes use of sequence numbers in control packets to track accuracy and avoiding the problem of generation of routing loops. When a source node is wants to communicate with a destination node who is not a direct neighbour and whose route is unknown, it broadcasts a RREQ (Route Request) packet. Each RREQ packet consists of a Request ID, source and the destination node IP addresses and sequence numbers along with a hop count and flags. The Request ID field is used to identify the RREQ packet uniquely; the sequence number gives information regarding the freshness and accuracy and the hop- count maintains the number of nodes between the source and the destination. If any intermediate node which receives RREQ packet has not found the Source IP and ID pair or doesnt maintain a fresher (larger sequence number) route to the destination then, it rebroadcasts the same packet with increase in the hop-count. Such intermediate node also creates a REVERSE ROUTE to the source node for a certain time. When the RREQ packet arrived at the destination node or any intermediate node if it has a fresher route to the destination a RREP (Route Reply) packet is generated and sent back to the source. RREP packet contains destination node IP address, sequence number, the source IP address, lifespan along with a hop count and flags. Intermediate node, increments the hop count, after receiving RREP packet establishes a Forward Route to the source of the packet and transmits the packet on the Reverse Route. AODV uses HELLO messages periodically to track neighbours and find link failures to nodes that it considers as its immediate neighbours. After detection of a link failure for a next hop of an active route a RERR (Route Error) message is sent to its neighbours that were using that particular route. The problems present in the basic AODV routing protocol are:1) Deceptive increment in Sequence Numbers 2) Deceptive decrement in Hop Count
IV. SECURING AODV WITH MODIFIED HMAC_MD6
There is a Modified HMAC_MD6 mechanism used to secure AODV message. This approach calculates message digest using appropriate hash function MD6 for all the fields ( editable as well as not editable ) of an AODV message .After this message digest and hash function value for MD6 will be transmitted along with the AODV message. The destination intermediate node verifies the RREQ authenticity and integrity by applying Modified HMAC_MD6 hash Function on the received message. Digest generated is matched with received digest in RREQ. If these digests matches then message is authenticated and integrity is maintained. The working of this mechanism is as follows:
Whenever a, mobile node originates a RREQ, RREP or RERR message, it does the following operations: All mobile nodes selects suitable value of hash function h for MD6 that is to be used to make message digest, it is assumed to be one. Sets Hash_Function field by value of h =1. Hash_Function =h Where, h is the value of hash function. It calculates Message_Digest by passing the values of all the fields to Modified HMAC_MD6. HMAC computed works as Message_Digest for providing authentication with integrity. ) _ _ _ || ) (( || ) ( ) ( fields all of values ipad K h opad K h m HMAC k
Where, h is a MD6 hash function. HMAC k (m) is the result of applying the function h to m. In addition, on receiver side, whenever a RREQ, a RREP or a RERR message, it will do the following operations in order to verify the valid and authenticated message: On values of all the fields of received message except Hash_Function and message digest fields same process of Modified HMAC_MD6 is applied and digest is generated After this receiver verifies that the calculated message digest is equal to the value contained in the Message_Digest field of received an AODV message.
International Journal of Computer Trends and Technology (IJCTT) Volume 4 Issue 6June 2013
) _ _ _ || ) (( || ) ( _ ) ( fields all of value ipad K h opad K h Digest Message m HMAC k
Where, a ==b means: to verify that a and b are equal.
Where, a b: this will not accept the message and simply drops it. When an intermediate node do not have route to destination node must rebroadcast RREQ and before forwarding a RREP or a RERR, node will perform the following: It once again chooses suitable value of hash function h (may be different of earlier value of h) that is to be used to make message digest. Sets Hash_Function field by value of h=1. Hash_Function =h Applies the Modified HMAC_MD6 on values of all the fields of message. It calculates Message_Digest by passing the values of all the fields to Modified HMAC_MD6 shown in Equation Fig shows the flow chart of proposed mechanism.
Fig 1 Flow Chart of Proposed Scheme V. MODIFIED HMAC_MD6 ALGORITHM
In the proposed secure mechanism, Modified HMAC_MD6 modification is provided to HMAC_MD6 to make this algorithm more secure from the attacks that other hash functions like MD5 suffer from like Birthday attack, Exhaustive Key Search attack [9]. This paper provides HMAC [11] a mechanism for message authentication using iterative cryptographic hash function MD6 which provides integrity to message in combination with modification that key used in MAC is also generated using MD6 algorithm to provide secure routing in MANETs. The basic HMAC_MD6 algorithm requires a key k to hash the message m and generates the message digest. This modification causes the key used for generating message authentication code (MAC) is generated through MD6 compression function [9],[10] shown in Fig 2.
Fig 2 Modified HMAC_MD6 Algorithm 1. Compute the secret key K used for generation of MAC by using MD6 function. 2. If the keys length is longer than b i.e. 512 bytes we will use hash function (MD6) to hash the key K to a b bit long string K+or will pad zeros if the key is shorter than 512 bytes. 3. XOR (bitwise exclusive-OR) K+with ipad value which is constant 0X36 repeated b/8 times to generate the block S; of b-bit length. 4. Append m with S. 5. Operate MD6 hash function on stream produced in step 3. 6. XOR K + with opad which is constant value 0X5C to produce the block S 0 of length b bit. International Journal of Computer Trends and Technology (IJCTT) Volume 4 Issue 6June 2013
7. Attach the MD6 hash output computed in Step 4 with S 0 . The objective of this modification in HMAC_MD6 is that secret key utilized for the calculation of MAC with the help of pseudorandom MD6 hashing function so that it provided more security and become hard to consider by forgery. VI. SIMULATION
This section will present the simulation environment, metrics and the results of the proposed AODV routing protocol.
6.1 Simulation Environment
We have successfully implemented Modified HMAC_MD6 mechanism to secure AODV routing protocol using NS-2.35 on UBuntu Linux version 12.04 with 4GB RAM . The below table summarize the different configuration values that were used in all performed simulations of general MANET with random clustering.
Table 1. General Simulation Parameters
The simulation environment is shown below by the NAM window showing unauthenticated Packet Drop by unauthenticated node.
Fig 3 Shows Dropped Invalid Packets
6.2 Simulation Metrics
6.2.1 Throughput
This value represents the ratio of total number of packets that reach their destination to the total number of packets sent by source. It is calculated as: Throughput= Packets Received / Packets Sent. Throughput is directly affected by packet loss which may be caused by general network faults, malicious nodes ,uncooperative behavior. It is calculated based on two graphs 4.1, 4.2
Fig 4 Simulation time vs. Throughput
Parameter
Value
Simulation Time
10 Sec No. of Nodes 25 Movement Pattern Random Traffic Type/Application Constant Bit Rate (CBR) Maximum X-coordinate value 1800 Maximum Y- coordinate value 1800 Size of Packet 512 byte MAC Protocol 802.11 Mobility Model Random Walk Routing Protocol AODV Observation Parameters Packets Lost, Packet Sent, Throughput, Jitter International Journal of Computer Trends and Technology (IJCTT) Volume 4 Issue 6June 2013
Packet Delivery Fraction is calculated for proposed AODV routing protocol. It is the percentage of number of packets received by the destination which are originated by source. Fig 5: Packet Delivery Fraction vs. Simulation Time
6.2.3 Jitter
Jitter is the fluctuation of end-to-end delay from one packet to the next packet of connection flow. Jitter, J=|D i+1 - D i | where D i+1 is delay of i th +1 packet and D i is the delay of i th packet. Jitter of forwarded packets at node 0 is shown in Fig 7.
Fig 7: Jitter vs. Sequence number
6.2.4 Packet Loss Packet loss is where network traffic fails to reach its destination in a timely manner. Mostly packets get dropped before the destination can be reached. Packet dropped / lost, P d = P s -P a where P s is the amount of packet sent and P a
amount of packet received.
Fig 8: Number of Dropped Invalid Packets International Journal of Computer Trends and Technology (IJCTT) Volume 4 Issue 6June 2013
In this Paper, we have presented a Modified HMAC-MD6 algorithm for securing the AODV routing protocol and increasing resistance to key search attacks and providing authentication as well as integrity. Much of research in the area of Public Key Cryptography is done and it shows that it is very slow and more power consuming than Symmetric cryptography. This paper uses the power of HMAC by making this non vulnerable which is a symmetric approach and generates less calculation overhead and saves power consumption of nodes. This paper analyses the performance metrics like packets delivered successfully, packets lost, unauthenticated packets dropped, network throughput, jitter We have successfully implemented HMAC composition with MD6 to secure AODV protocol. Lastly, according to the many simulations that were performed, the newly proposed Modified HMAC_MD6 scheme, built for normal AODV routing protocol, gets a higher packet delivery fraction with security than AODV. Thus, the proposed design, HMAC based AODV, proves to be more efficient and less power consuming than AODV routing protocol in defending against both malicious and unauthenticated nodes.
VIII. FUTURE WORK
MANET is prone to various collaborative attacks because of no centralized authority which are categorized as 1) Passive attacks 2) Active attacks.Many of these attacks are due to selfish and malicious nodes. In future perspective of this dissertation, we can take into consideration the authenticated selfish nodes in network and try to analyse the results of it on ARAN performance. There are many techniques to increase the strength of HMAC this dissertation uses strength of MD6 to generate the pseudorandom key while there are many other techniques to increase the power of HMAC that can be used. In future, HMAC_MD6 composition can be replaced with other more secure hash functions better than MD6 found in future. Same kind of HMAC composition with message digest based mechanism can be designed to secure other routing protocols like DSR,DSDV,TORA etc.
REFERENCES
[1] Ajay J angra, Nitin Goel, Priyanka, Komal, Security Aspects in Mobile Ad Hoc Network (MANETs): A Big Picture, International J ournal of Electronics Engineering, 2 (1),2010, pp. 189-196 C.E.Perkins and E.M.Royer, Ad-Hoc on Demand Distance Vector Routing, Proceedings of the 2nd IEEE Workshop on Mobile Computing Systems and Applications, pp.90-100, Feb, 1999. [2] Asad Amir Pirzada, Chris McDonald, Secure Routing with the AODV Protocol, (2005) Asia Pacific Conference on Communication, Perth, IEEE, p.p. 57-61. [3] Kimaya Sanzgiri, Daniel LaFlamme, Bridget Dahill, Brian Neil Levine, Member, IEEE, Clay Shields, Member, IEEE, and Elizabeth M. Belding-Royer, Member, IEEE Authenticated Routing for Ad Hoc Networks, IEEE journal on selected areas in communications, vol. 23, NO. 3, MARCH 2005 [4] Manel Zapata, Secure Ad hoc On-Demand Distance Vector (SAODV) Routing, INTERNET DRAFT (September 2006) draft-guerrero- manetsaodv-06.txt [5] Abdalla Mahmoud Ahmed Sameh Sherif El-Kassas,Reputed Authenticated Routing for Ad Hoc Networks Protocol (Reputed- ARAN) ,Department of Computer Science The American University in Cairo, Egypt [6] Yih-chun hu and Adrian perrig and david b. Johnson, Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks 2005 Springer Science + Business Media, Inc. Manufactured in The Netherlands. [7] Mr. Ravindra K. Gupta, Suketu D nayakSec.AODV for MANETs using MD5 with Cryptography , Int. J . Comp. Tech. Appl., Vol 2 (4), 873-878 [8] Syeda Iffat Naqvi, Adeel Akram, Faculty of Telecom & Information Engineering Pseudo-random Key Generation for Secure HMAC- MD5 , 2011 IEEE [9] Ronald L. Rivest, The MD6 hash function -A proposal to N1ST for SHA-3.Submission to NIST, 2008 [10] NIST FIPS PUB 198, The Keyed-Hash MessageAuthentication Code (HMAC), Federal Information Processing Standards PublicationIssued March 6, 2002. [11] Ns homepage - http://www.isi.edu/nsnam/ns/ [12] Ns manual - http://www.isi.edu/nsnam/ns/