Professional Documents
Culture Documents
There are various kinds of malicious activities affect the WSN in terms of un-authorized
node, route and data. The data gets affected by sinkhole, Sybil, selective forward and other
malicious activities where those activities drop the data packet, modify the data content or send
the data to other malicious nodes in the network. All the activities mentioned above are try to
destroy the data packets to be transmitted. In order to avoid malicious activities occur in the
network, there are various approaches were proposed in the earlier research works. But the
detection and prevention accuracy is not fulfilled up to the market. To do provide a best solution
in terms of detection and prevention a NOVEL LIGHT WEIGHT SECURE SCHEME (NLWSS)
is proposed. This NLWSS helps to transmit the provenance data safely.
Large-scale sensor networks are deployed in numerous application domains, and the data
they collect are used in decision making for critical infrastructures. Data are streamed from
multiple sources through intermediate processing nodes that aggregate information. A malicious
adversary may introduce additional nodes in the network or compromise existing ones.
Therefore, assuring high data trustworthiness is crucial for correct decision-making. Data
provenance represents a key factor in evaluating the trustworthiness of sensor data. Provenance
management for sensor networks introduces several challenging requirements, such as low
energy and bandwidth consumption, efficient storage and secure transmission. In this paper, we
propose a novel lightweight scheme to securely transmit provenance for sensor data. The
proposed technique relies on in-packet Bloom filters to encode provenance. We introduce
efficient mechanisms for provenance verification and reconstruction at the base station. In
addition, we extend the secure provenance scheme with functionality to detect packet drop
attacks staged by malicious data forwarding nodes. We evaluate the proposed technique both
analytically and empirically, and the results prove the effectiveness and efficiency of the
lightweight secure provenance scheme in detecting packet forgery and loss attacks.
Nodes in the network can be communicated with one another under various scenarios
such as: one-to-one, one-to-many, many-to-many and many-to-one.
During the communication congestion can be created under certain conditions, they are:
When a load exceeds the nodes capacity
Problem Statement
One of the challenging problems is to design an intrusion detection system for wireless
sensor networks. The natural behavior of WSN, devices used in WSN and the sensor nodes are
highly dynamic and movable. Creating and accomplishing a fixed/changeable infrastructure and
monitoring points is very difficult to collect and investigate the entire network data, to justify
about a normal or abnormal activity. Due to the limited resources and constraint based resources
it is essential to consider about the resources during IDS designing. Due to the above reasons,
designing an efficient framework for intrusion detection system in WSN is the important
objective of this research. The decision making about normal or abnormal activity only by
analyzing the parameter is not right always, it may be wrong.
In this research this problem is taken to be tackled, by analyzing the parameters of the
network, network devices and the other elements used in the network. To analyze the parameter,
the Generic Algorithm is integrated with the intrusion detection system where GA will fetch,
investigate and evaluate the various parameters obtained from the network before, during and
after data transmission in the network. Since this research approach behaves as effective IDS for
WSN can detect any kind of malicious activities in the network.
Wireless sensor network is a network where a huge number of hosts/communication
devices are connected using a wireless medium. The size of the network is large, deployment of
the network is dynamic, random, and mobility in nature, limited battery size and capacity and
communication among any two devices is happen through other intermediate devices called as
hops. Due to the above characteristics there are lot of possibilities make an attacker
(intruder/malicious) to enter into the network to spoil the behavior of the devices, reduces the
performance and destroy the data during communication. Various kinds of attacks may occur in
the network such as internal and external. Internal attack is a node in the network is
compromised by itself and converts as an attacker. External attack is a node in the network is
compromised by other intruder nodes come from outside of the network. Whichever the
possibility criteria creates an attacker in the network the entire network performance is
minimized in terms of nodes misbehavior, intruder and data loss.
To improve the performance of wireless sensor network it is essential to eliminate the
malicious behavior of the nodes, intruders activity and other abnormal activities against the
network. Nowadays various kinds of intrusion detection and prevention system approaches were
proposed and discussed in the earlier research works. The available mechanisms can do
performance improvement in any of the aspects like detection, prevention or reducing the packet
loss and etc. Certain methods are comprised into routing protocols. Most of the approaches
outperform only for certain kind of attacks like sinkhole, Sybil attack. The application deployed
under wireless sensor networks is rapidly growing and need more secured communications.
Applications like medical records, government, financial information and insurance records are
such kind of applications need high security. According to these it is essential to design and
develop an automatic methodology for transmitting data over wireless medium in high secured
manner. To do this, it is motivated to provide a better solution can fulfill the intrusion detection
function for most kinds of attacks. The main objective is to investigate the entire functionality of
the network, network devices, parameters and routing protocols automatically to detect and
prevent the malicious activities in the network dynamically. Also, this research tried to improve
the quality of service in terms of throughput, packet delivery ratio and energy consumption.
The entire research work is divided into stages to fulfill the objectives. By verifying the
node behavior, state of the node, data, data format, data size and meta-information and route in
which data will passed can provide security level by level. On the whole this research work
provides heavy security in terms of authentication, authorization, data-cryptography, choosing
best path investigating the parameters during communication.
Introduction
Information processing system network is a system in which manifold computers are
joined to each other to share message and resources. A network comprises of two or more
computers that are associated in order to share resources, interchange files, or permit electronic
communications. The computers on a network may be associated through wire rope, phone lines,
radio waves, satellites, or infrared light ray. This section helps newbies to get all information
about networking on individual location without laboring to find it. Topics covered in this
category will make a strong basis to learn the difficult process of networking. Each topics covers
the fundamental of one key element of networking such as what is networking, introductions to
interworking, description of networking, type of networking, beneficial of networking,
networking procedure, how computer networks work, it networking, core networking,
networking courses and fundamental networking concepts.
Also, it can be divided into a Metropolitan Area Networks (MAN), a Wireless LAN (WLAN), or
a Wireless WAN (WWAN).
LAN
A Local Area Network (LAN) is a network that is imprisoned to a relatively trivial area.
It is commonly restricted to a geographic region such as a writing lab, school, or building.
Computers joined to a network are broadly categorized as servers or workstations. Servers are
commonly not utility by humans immediately, but rather run continuously to afford "services" to
the other computers (and their human users) on the network. Services provided that can contain
printing and faxing, software hosting, file storing and sharing, messaging, data storing and
recovery, entire accessibility control (security) for the network's resources, and many others.
Workstations are invoking such since they typically do have a human user which
reciprocates with the network through them. Workstations were traditionally considered a
desktop, comprise of a computer, keyboard, display, and mouse, or a notebook computer, with
incorporated keyboard, display, and touchpad. With the arrival of the tablet computer, and the
touch screen devices such as iPad and iPhone, our explanation of workstation is speedily develop
to contain those devices, because of their ability to interact with the network and utilize network
services. Servers tend to be more efficacious than workstations, although configurations are
direct by necessarily. For example, a group of servers might be placed in a safe region, away
from humans, and only accessed through the network. In such circumstances, it would be
frequent for the servers to manage without a dedicated display or keyboard. However, the size
and speed of the server's processor(s), hard drive, and main memory might add dramatically to
the cost of the system.
On the other side, a workstation might not necessity as much storing or practical memory,
but might need a costly display to compose the needs of its user. Every information processing
system
on
network
should
be
properly
configured
for
its
application.
On an individual LAN, computers and servers may be joined by cables or wirelessly. Wireless
access to a wired network is made possible by wireless access points (WAPs). These WAP
devices afford a bridge between computers and networks. A common WAP might have the
theoretic capability to concatenate hundreds or even thousands of wireless users to a network,
although practical efficiency might be remote less. Nearly always servers will be joined by
cables to the network, since the cable connections remain the fastest. Workstations which are
stationary (desktops) are also commonly joined by a cable to the network, although the price of
wireless adapters has dropped to the point that, when setting up workstations in an existent
expertness with insufficient wiring, it can be easier and less costly to use wireless for a desktop.
WAN
Wide Area Networks (WANs) associate networks in larger geographic areas, such as
Florida, the United States, or the world. Dedicated transoceanic cabling or satellite uplinks may
be used to combine this type of broad network. Using a WAN, schools in Florida can confer with
location like Tokyo in a matter of seconds, without paying abnormal phone bills. Two users a
half-world separately with workstations accommodate with microphones and a webcams might
teleconference in real time. A WAN is complex. It uses multiplexers, bridges, and routers to
interlink local and metropolitan networks to world-wide communications networks resembling
the Internet. To users, however, a WAN will not look to be much dissimilar than a LAN.
Protocol
A protocol is a set of behavior that influences the communications between computers on
a network. In order for two computers to communication to each other, they must be oratory the
same language. Many dissimilar types of network procedure and standards are prescribe to insure
that your information processing system (no matter which operating system, network card, or
application you are using) can convey with another computer situated on the next table or halfway around the world. The OSI (Open Systems Interconnection) Reference Model determines
seven layers of networking protocols. The complication of these layers is beyond the object of
this tutorial; however, they can be disintricate into four layers to help recognize some of the
protocols with which you should be domestic. Also the principal types of network are
categorized into wired and wireless networks.
Wireless Networks
A wireless network empowers people to convey and accessibility applications and
information without wires. This contributes privileges of motion and the capacity to extend
applications to distinct parts of a building, city, or nearly anywhere in the world. Wireless
networks allow people to reciprocate with e-mail or browse the Internet from a locality that they
choose. Many types of wireless intercommunication systems exist, but a distinctive characteristic
of a wireless network is that intercommunication takes place between information processing
system devices. These devices contain personal digital assistants (PDAs), laptops, personal
computers (PCs), servers, and printers. Computer devices have processors, memory, and a means
of interfacing with an appropriate type of network. Traditional cell phones don't fall within the
description of a computer device; however, newer phones and even audio headsets are beginning
to incorporeal computing power and network adapters. Eventually, most electronics will propose
wireless network connections.
As with networks supported on wire, or optical vulcanized fiber, wireless networks
transfer information between computer devices. The information can take the form of e-mail
messages, web record, and databank records, streaming video or voice. In most cases, wireless
networks carry over data, such as e-mail messages and files, but advancements in the
achievement of wireless networks is empower support for video and voice communications as
well.
WLANS: Wireless Local Area Networks
WLANS permit users in a local area, such as an institute campus or library, to elegance a
network or gain access to the internet. A temporal network can be formed by a small number of
users without the necessity of an accessibility point; given that they do not need access to
network resources.
WPANS: Wireless Personal Area Networks
The two common technologies for wireless personal area networks are Infra-Red (IR) and
Bluetooth (IEEE 802.15). These will permit the connectivity of movable devices within a region
of around 30 feet. However, IR need a straight line of site and the range is less.
WMANS: Wireless Metropolitan Area Networks
This technology permit the communication of multiple networks in a metropolitan area
such as distinct buildings in a city, which can be an reciprocal or backup to laying copper or fiber
cabling.
WWANS: Wireless Wide Area Networks
These kinds of networks can be preserved over huge areas, such as cities or countries, via
numerous satellite schemes or antenna sites looked after by an ISP. These kinds of systems are
referred to as 2G systems.
Wireless Sensor Networks
Wireless networks are categorized into: cellular, ad-hoc and mixture networks. A cellular
network is infrastructure-supported, and comprises only single-hop wireless links. On the
contradictory, an ad-hoc network does not trust on any established infrastructure, and often uses
multi-hop wireless intercommunication to communicate data from one node to another. Other
dissimilarity between the networks is summarized in [40]. A wireless sensor network (WSN) is
an ad-hoc network of low-power devices-sensor nodes. Each sensor node is accommodating with
a microcontroller, radio transceiver, battery, and sensors. Also, the nodes may contain an external
memory. Each sensor node supervises some physical phenomenon (e.g., humidity, temperature)
inside its area of deployment. The composed measurements are then sent to a base station - a
gateway between a WSN and other networks (e.g., Internet).
WSNs start being applied in military, ecology, building and industrial automation, energy
management, agriculture and even wildlife monitoring. Before WSNs are massively deployed,
their security aspects should be considered. Due to the WSN unique characteristics mentioned
above, existing defensive techniques used in conventional networks cannot be directly applied to
WSNs. This resulted into the research that aimed to propose new lightweight and secure
solutions. Typically, wireless networks are based on infrastructure, such as GSM, UMTS, etc.
But, what if no infrastructure is available or if it is too expensive to set up?.
In these cases, the solution is to use wireless ad hoc networks. They establish a network
without any infrastructure, solely using networking abilities of the devices. The challenges
associated with ad hoc networks are, among others, the lack of central organization, the limited
range of wireless communication, and the device mobility. In particular, the access to the
medium must be decided in a distributed fashion, and routes need to be established. For many
scenarios, the communication is multi-hop, because a sender cannot communicate directly with
an intended receiver. Sometimes, mobility is a requirement which leads to a constantly changing
topology. Wireless sensor networks can be considered a subtype of wireless ad hoc networks that
focus on interacting with the environment.
Basics of Wireless Sensor Networks
About a decade ago, the era of small sensor nodes which are low-cost, low-power, and
multifunctional has begun. The tiny nodes, also called motes, are deployed for monitoring realworld phenomena. As shown in Figure 2.1, they typically consist of a microcontroller, memory,
radio chip, power unit, and one or more sensors for measuring the environment. It is either
possible to directly deploy them to specific positions, e.g., inside the phenomenon, or to
randomly distribute them in inaccessible terrain, e.g., via aerial scattering. As a consequence, the
position of a node may not be known in advance. After deployment, the nodes form a selforganized network and identify neighboring nodes. Usually, all data is flowing towards a central
node, called the sink or base station. In order to reach this sink, the messages likely have to be
forwarded via multi-hop routing, since the radio chip is not powerful enough to communicate
directly with the sink when the node is too distant.
The protocol stack used by the WSN is similar to the seven layers specified in the OSI
model, but does not adhere strictly to it. It consists of the application layer, transport layer,
network layer, data link layer, and the physical layer. Because of the resource-constraints, the
main design goal of the protocols developed for sensor networks is energy-efficiency. We briefly
describe the purpose of each layer [ASSC02]:
The above mentioned characteristics of sensor nodes allow their use in a plethora of
application scenarios. For example, Mao et al. [MMH+12] deploy a sensor network for
monitoring the CO2 emission in an urban area covering around 100 square kilometers. In order
to establish connectivity among this wide area, relay nodes are necessary. The collection tree
protocol (CTP) [GFJ+09] is used as routing protocol. Together with GreenOrbs [LHL+11] (also
using CTP) it is an example of a large-scale WSN consisting of thousands of nodes. GreenOrbs
is deployed in a chinese forest for evaluating the carbon sequestration ability, which is an
opposite of carbon emissions.
In the logistics domain, Bijwaard et al. [BvKH+11] apply sensor networks in order to
monitor the cold chain of perishable goods such as fruits and pharmaceuticals. Sen et al.
[SMR+12] present a system to monitor road traffic queues in real-time. It is able to classify the
traffic states by measuring metrics such as signal strength and packet reception rate in the
communication between a transmitter-receiver pair. Lu et al. [LSS+10] use sensors to determine
the occupancy and sleep patterns in a home with the intention to reduce the energy consumption
needed for heating, ventilation and cooling.
Ceriotti et al. [CCD+11] describe a WSN which is a part of a closed-loop control system.
The WSN monitors the light conditions in a tunnel and sends the readings to a control station
dynamically adjusting the lamps intensity for improving tunnel safety and reducing power
consumption. Recently, Wang et al. [WAL+14] take a new perspective on WSNs by modeling
social networks, such as twitter, as sensor networks where a human can be considered a sensor
node.
Intrusion Detection System
An Intrusion Detection System is utilized to discover all kinds of malevolent network
transportation and usage of computer devices which can't be identified by a conservative
firewall. The various kinds of network attacks opposite to vulnerable functions, misusing data
attacks on different network applications, attacks happen on hosts like privilege escalation,
denial of service based attacks, denial of service based file accessing and viruses, worms and
Trojan horses. Intrusion detection system is comprised with the following components such as
sensors, console and detection engine. Several ways to categorize the intrusion detection system
depends on the location and the type of the sensors with the methodology utilized by the engine
to generate alarms. In many simple intrusion detection system implementations all the integrated
components are comprised into a single device.
Network Intrusion Detection System
NIDS identifies intrusions by examining network traffic and monitors multiple hosts.
Network Intrusion Detection Systems gain access to network traffic by connecting to a hub,
network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.
Host-based Intrusion Detection System
HIDS consists of an agent on a host which identifies intrusions by analyzing system
calls, application logs, file-system modifications (binaries, password files, capability/acl
databases) and other host activities and state.
Hybrid Intrusion Detection System
HIDS combines one or more approaches. Host agent data is combined with network
information to form a comprehensive view of the network. An example of a Hybrid IDS is
Prelude.
Passive System versus Reactive System
In an inactive system, the IDS sensor discovers a efficacious protection breach, logs the
information and signals an alert on the console. In a reactive system, which is known as an
Intrusion Prevention System (IPS) the IDS answer to the questionable activity by resetting the
communication it believes to be distrustful or by reprogramming the firewall to block network
traffic from the distrusted malevolent origin, either independently or at the command of an
operator. Though they both relate to network protection, an IDS differs from a firewall in that a
firewall looks outwardly for intrusions in order to stop them from occurrence. The firewall
restriction the admission between networks in orders to anticipate intrusion and does not signal
an attack from inside the network. An IDS appraise a distrusted intrusion once it has taken place
and signals an alarm. An IDS also watches for attacks that originate from within a system.
System Study
Existing System
Recent research highlighted the key contribution of provenance in systems where the use
of untrustworthy data may lead to catastrophic failures (e. g., SCADA systems). Although
provenance modeling, collection, and querying have been studied extensively for workflows and
curated databases [2], [3], provenance in sensor networks has not been properly addressed. In the
existing approach the data packets are extracted, filtered and analyzed using Bloom Filter. If it
finds any difference in the data packet then it will go for encoding the data. Analyzing, detecting
and encoding the data packet has more computational complexity.
Most of the earlier research works are concentrating on correcting only certain
parameters associated with the traffic data.
Proposed System
In this project Light Weight security scheme is proposed to provide preventing the data
packet transmission safely. This project against existing approach, it investigate the nodes, nodes
functionality, route discovered and routing with the packets. Node-ID, Node location, IP address,
MAC address and location of the nodes are monitored and stored in a routing table in order to
verify it while data transmission. Also the time, and the packet size is verified to identify the
changes occur in the data packet. The entire proposed approach does:
Data transmission in the route by verifying the discovered route using routing table.
Then it do route-discovery, maintain a routing-table then finally transmit the data packets
by verifying and confirming the route in order to send the data in the secured path
discovered.
The reason behind of detecting and preventing any kind of malicious attacks is to
transmit the provenance data safely.
FEASIBILITY STUDY
The feasibility of the project is analyzed in this phase and business
proposal is put forth with a very general plan for the project and some cost
estimates. During system analysis the feasibility study of the proposed system is to
be carried out. This is to ensure that the proposed system is not a burden to the
company. For feasibility analysis, some understanding of the major requirements
for the system is essential.
Three key considerations involved in the feasibility analysis are,
ECONOMICAL FEASIBILITY
TECHNICAL FEASIBILITY
SOCIAL FEASIBILITY
ECONOMICAL FEASIBILITY
This study is carried out to check the economic impact that the system will
have on the organization. The amount of fund that the company can pour into the
research and development of the system is limited. The expenditures must be
justified. Thus the developed system as well within the budget and this was
achieved because most of the technologies used are freely available. Only the
customized products had to be purchased.
TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the
technical requirements of the system. Any system developed must not have a high
demand on the available technical resources. This will lead to high demands on the
available technical resources. This will lead to high demands being placed on the
client. The developed system must have a modest requirement, as only minimal or
null changes are required for implementing this system.
SOCIAL FEASIBILITY
The aspect of study is to check the level of acceptance of the system by the
user. This includes the process of training the user to use the system efficiently.
The user must not feel threatened by the system, instead must accept it as a
necessity. The level of acceptance by the users solely depends on the methods that
are employed to educate the user about the system and to make him familiar with
it. His level of confidence must be raised so that he is also able to make some
constructive criticism, which is welcomed, as he is the final user of the system.
Literature Review
Hoc NETworks (MANETs) are an emerging class of network architectures [4] that are
characterized by their highly dynamic topology, limited resources bandwidth, power, and lack of
fixed infrastructure. The motivation for such networks is increased mobility with the flexibility.
In [6] it is proposed a solution afford a secure way which is necessary to narrow
cryptography keys for MANET. The system afford secret by concealment the public keys and
making them noticeable only to the belief nodes. In [7] the author designed and discussed a
numerical analysis based traffic pattern discovery system (STPD). This approach examine the
point-to-point traffic, verifies the packets, compute the time delay from source to destination in
pair wise nodes and checks the incoming data with the outgoing data to identify the end to end
communication association. The author in [5] provides a milestone scheme which can eliminates
much of these overheads. To do this the author used a trust model computed using the various
parameters of the network. The milestone checks the key, and plain text then it encrypts the plain
text using the key and forward. Since the energy wastage is reduced in terms of encryption and
decryption. In [7] the authors presented a novel graded clustering algorithm which eradicates
some of these drawbacks.
In terms of cover channel attacks, according to a US Department of Defense publication
[8] a covert channel is defined as any communication channel that can be exploited by a process
to transfer information in a manner that violates the systems security policy. The word covert
literally means that it is hidden [9]. This implies that the system administrator is not aware the
channel even exists. The best example of this is the famous prisoners problem [10]. Alice
and Bob were prisoners who needed to communicate with each other. However, the warden
reads all messages. Covert channels are used because they are not easily detected [9]. Any
system can be attacked and have data stolen. This brute force method leaves evidence that an
attack occurred [11].
The best example is the Trojan which alters the entire system of oil bound industries, an
advanced terminator STUXNET [29] which was reported as the worst ever seen Trojan by the
SYMANTEC Research and development team. A detailed report was available online and has
been referenced in the context [30]. Hence according to the context the covert communication in
terms of data exfiltration through the compromised host was possible within the premises and
possible compromised host can be an insider attack and possible to exfiltrate the small scalable
data from the host to the corresponding server. The most common stats was denoted as these
possible attacks are always an insider attack and happens within the premises of an
organization[31]. The attacks happening inside the organization networks are more hazardous
than the attacks happening outside the organization [32]. Several taxonomies that were
developed later mainly focused on two issues: (i) categorization of computer misuse (i.e. attacks)
and (ii) categorization of the people trying to get unauthorized access to computers
(perpetrators), and the objectives and results of these attempts[33-36]. Some of the security
solutions like FIREWALL, IDS & IPS, Anti Hack wall, Watch dog etc. are some the active
security parameter of an organization which monitors the data in the average analysis of
24/7/365. Each and every host i.e., every PCs are protected with the high end Anti-virus tool to
protect the host against the malware [37]. Since these protections are capable to detect the
external behaviour of the network or to analyse the external attacks which are happening outside
the organization. Most of the security softwares analyse the signature of the current behaviour of
each host in the network [38-39].
In certain kind of applications like medical and military, security is the most important in
WSN. In, one of the papers the author proposed the instrument for securing the QoS course and
to expand the likelihood of achievement in discovering QoS in both possible ways. Giving both
security and QoS as directed in MANET is a significant test for this innovation [12]. Yih-Chun
Hu et al. talked about and created SQoS, a protected type of QoS-Guided Route Discovery for
on-interest specially appointed system directing. SQoS depends completely on symmetric
cryptography [13]. CRESQ is also one of the routing protocols introduced for improving the QoS
in terms of security and energy efficiency [14]. In [15], the behavior and the necessity of the QoS
factors are discussed. In [16], the importance, related issues and significant point of MANET are
discussed briefly. Security, multicasting with QoS factors are examined and reported in [17].
Location based power aware routing protocol is described in [18]. By configuring MAC and
adjusting bandwidth information [19] the energy is saved and is given in [20]. IEEE
802.11standards can function with any one of the two modes as (a) continuous active mode and
(b) power saving mode [21, 22]. By the use of sleep state, the nodes power can be saved [23].
The idle state of a node can also help to save the node energy [24] like sleep state. In [25], node
wakes-up-scheduling method is used for reducing the power consumption. Cell2Notify
mechanism was the energy management architecture in [26] to improve the power consumption
effectively in IEEE-802.11 standard networks. Presently, WSN needs a best solution for secured
communication [27, 28]. Proposed work in this paper is trying to find a single solution for both
issues as security and energy consumption.
There are various techniques are proposed and still in research for designing a routing
protocol for wireless sensor networks. In the beginning of 21 st century, wireless sensor networks
are moving forward to finding practical abilities and finding new innovative applications [40].
Wireless sensor networks are widely deployed, used and provide several wireless sensor
networks such as WSS, WSAN, WISAN, WUSN, UWSN, WSIS, WDSS, WBSMN, SSN,
UAVSN and IWSN [41]. There are many issues and problems arise when the WSN application
moves forward to large-scale common problems. Innovative solutions for recent and modern
applications using WSN can be provided only in small-scale WSN applications. One-solutionmany-problems for our most needed SEE applications are somewhat restricted [42]. Also, the
traditional large homogeneous WSN answers cannot help to explore most scientific and
industrial opportunities [43, 44].
In terms of energy, batteries are considered as the most important factor to be
limited in WSS for SEE. The battery power can be saved using multi-state operations such as off,
sleep, standby and use the power efficiency of the wireless spectrum [45]. Also, scaling-down
the modulation [46], packet transmission by considering the properties of the sensor [47] are
helping to save the energy. In WSN, most of the communication links are bidirectional. Due to
the behavior and characteristics of the WSN applications, the communication may be in
unidirectional [48, 49]. In heterogeneous networks, communication in the opposite [reverse]
direction is not possible [50]. But, due to the ambient factors such as noise and interference [48]
it is necessary to lead the link as unidirectional. In recent applications, most of the MAC layer
protocols are also using the bidirectional links. Routing protocols using MAC can utilize only
bidirectional links for routing [51]. Counting the hop length, a novel handshaking mechanism
and ACK based unidirectional packet transmission are the key design parameters of a routing
protocol to increase the lifetime of the network [52]. Regular expressions (RegExes) are used to
flexibly represent complex string patterns in many applications ranging from network intrusion
detection and prevention systems(NIDPSs) [53], [54] to compilers [55] and DNA multiple
sequence alignment [56], [57]. In particular, NIDPSs Bro [58] and Snort and Linux Application
Level Packet Classifier (L7filter) use RegExes to represent attack signatures or packet classifiers.
System Design
Network Construction
Data Transmission
Node Deployment
if matches
?
New Node
Class Diagram
Node Service
Node Creation
Node Verification
Node Permitted
Node Communicates
Route Discovered
Maintaining Routing Table
Verifying Routing Table
Data Transmission
Sequence Diagram
Database
Routing Table
User
Route Discover
Stored in Routing table
System Implementation
N numbers of nodes are deployed randomly in a 1500 x 1500 sized network. distance
among the nodes are dynamic.
It is verified that all the nodes are having sensing capability in order transmit the
data.
From the source to destination verify all the intermediate nodes in the route.
Node-ID, location, ACK-time, REQ-time are verified and the submitted key is also
verified. If all the information about a node is right, then the node is added into the
routing table.
The above steps are repeated until reach the destination node
All the nodes in the route are validated and verified as a trusted node or not.
Node-ID, REQ, RES and ACK Time and the location of the node are verified in order to
compute the trust value.
Once the node is a trusted node, it is added into route. Else looking into the other nearest
node
After selecting the trusted nodes and route discovery all the node information and the
route information is stored in a routing table.
Packet Encoding
All the packets are encoded using RSA encoding method. RSA algorithm uses a key for
encryption and decryption. The example of RSA is given below.
Numerical Example
Choose p = 3 and q = 11
Compute n = p * q = 3 * 11 = 33
Compute (n) = (p - 1) * (q - 1) = 2 * 10 = 20
Choose e such that 1 < e < (n) and e and n are coprime. Let e = 7
The encryption of m = 2 is c = 27 % 33 = 29
Route Discovery
From n1 to nn, all the node-ID, and Ki are verified in order to create a route.
System Requirements
Hardware
HDD
500 GB
RAM
4 GB
I/O Devices
Software
Operating System : RedHat Linux
Platform
NS2
Language
TCL
SOFTWARE DESCRIPTION
THE NETWORK SIMULATOR 2.33 (NS2)
Network Simulator (NS2) is a discrete event driven simulator developed at UC Berkeley.
It is part of the VINT project. The goal of NS2 is to support networking research and education.
It is suitable for designing new protocols, comparing different protocols and traffic evaluations.
NS2 is developed as a collaborative environment. It is distributed freely and open source. A large
amount of institutes and people in development and research use, maintain and develop NS2.
This increases the confidence in it. Versions are available for FreeBSD, Linux, Solaris, Windows
and Mac OS X.
STRUCTURE OF NS2
NS2 is built using object oriented methods in C++ and OTcl (object oriented variant of
Tcl.
developed. Even though there is a considerable confidence in NS, it is not a polished product yet
and bugs are being discovered and corrected continuously.
NS is written in C++, with an OTcl1 interpreter as a command and configuration
interface. The C++ part, which is fast to run but slower to change, is used for detailed protocol
implementation. The OTcl part, on the other hand, which runs much slower but can be changed
very fast quickly, is used for simulation configuration. One of the advantages of this splitlanguage program approach is that it allows for fast generation of large scenarios. To simply use
the simulator, it is sufficient to know OTcl. On the other hand, one disadvantage is that
modifying and extending the simulator requires programming and debugging in both languages.
NS can simulate the following:
1. Topology: Wired, wireless
2. Sheduling Algorithms: RED, Drop Tail,
3. Transport Protocols: TCP, UDP
4. Routing: Static and dynamic routing
5. Application: FTP, HTTP, Telnet, Traffic generators
OTcl Interpreter
Simulation
C++ Libraries
Results
This section talks about the NS components, mostly compound network components.
Figure 1.1 shows a partial OTcl class hierarchy of NS, which will help understanding the basic
network components.
The root of the hierarchy is the TclObject class that is the super class of
all OTcl library objects (scheduler, network components, timers and the other objects including
NAM related ones). As an ancestor class of TclObject, NsObject class is the super class of all
basic network component objects that handle packets, which may compose compound network
objects such as nodes and links. The basic network components are further divided into two
subclasses, Connector and Classifier, based on the number of the possible output DATA paths.
The basic network and
objects that have only one output DATA path are under the Connector class, and switching
objects that have possible multiple output DATA paths are under the Classifier class.
CLASS TCL
The class Tcl encapsulates the actual instance of the OTcl interpreter and provides the methods to
access and communicate with that interpreter, code. The class provides methods for the
following operations:
1.obtain a reference to the Tel instance
2.invoke OTcl procedures through the interpreter
3.retrieve, or pass back results to the interpreter
4.report error situations and exit in an uniform manner
5.store and lookup "TclObjects"
6.acquire direct access to the interpreter.
argument, or implicitly, as if there were an instance procedure of the same name as the desired
operation. Most simulation scripts will use the latter form.
Consider the distance computation in SRM is done by the compiled object. It is often
used by the interpreted object. It is usually invoked as $srmObject distance? (agentAddress)If
there is no instance procedure called distance? the interpreter will invoke the instance procedure
unknown{}, defined in the base class TclObject. The unknown procedure then invokes
$srmObject cmd distance? (agentAddress)
to execute the operation through the compiled object's command() procedure. The user could
explicitly invoke the operation directly. One reason for this might be to overload the operation by
using an instance procedure of the same name.
System Testing
System testing is the stage of implementation, which aimed at ensuring that the system works
accurately and efficiently before the live operation commences. Testing is the process of
executing a program with the intent of finding an error. A good test case is one that has a high
probability of finding a yet undiscovered error. A successful test is one that answers a yet
undiscovered error.
Testing is vital to the success of the system. System testing makes a logical assumption that if all
parts of the system are correct, the goal will be successfully achieved. The candidate system is
subject to variety of test-on-line response, security and usability test. A series of tests are
performed before the system is ready for the user acceptance testing. Any engineered product can
be tested in one of the following ways. Knowing the specified function that a product has been
designed to form, test can be conducted to demonstrate each function is fully operational.
Knowing the internal working of product, test can be conducted to ensure that al gears mesh,
that is the internal operation of the product performs according to the specification and all
internal components have been adequately exercised.
Unit Testing
Unit testing is the testing of each module and the integration of the overall system is done. Unit
testing becomes verification efforts on the smallest unit of software design in the module. This is
also known as module testing. The modules of the system are tested separately. This testing is
carried out during the programming itself. In this testing step, each model is found to be working
satisfactorily as regard to the expected output from the module. There are some validation checks
for the fields. For example, the validation check is done for verifying the data given by the user
where both format and validity of the data entered is included. It is very easy to find error and
debug the system.
Integration Testing
Data can be lost across an interface, one module can have an adverse effect on the other sub
function, when combined, may not produce the desired major function. Integrated testing is
systematic testing that can be done with sample data. The need for the integrated test is to find
the overall system performance. There are two types of integration testing. They are,
i)
ii)
the required output in the specific format. The output displayed or generated he output format on
the screen is found to be correct as the format was designed in the system phase according to the
user needs. For the hard copy also output comes out as the specified requirements by the user.
Hence the output testing does not result in any connection in the system
Sample Screen shots
Sample coding
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
val(chan)
val(prop)
val(netif)
val(mac)
val(ifq)
val(ll)
val(ant)
val(x)
val(y)
val(ifqlen)
val(seed)
val(adhocRouting)
val(brp)
val(TRUST)
val(nn)
Channel/WirelessChannel
Propagation/TwoRayGround
Phy/WirelessPhy
Mac/SMAC
Queue/DropTail/PriQueue
LL
Antenna/OmniAntenna
1500
1500
1500
1.0
DSR
blackholeDSR
TRUST
20
set
set
set
set
val(stop)
val(energymodel)
val(radiomodel)
val(initialenergy)
15.0
EnergyModel
RadioModel
1000
set ns_
set topo
[new Simulator]
[new Topography]
set tracefd
set namtrace
[open out.tr w]
[open out.nam w]
-antType $val(ant) \
-propType $val(prop) \
-phyType $val(netif) \
-channelType $val(chan) \
-energyModel EnergyModel \
-initialEnergy 100 \
-rxPower 0.3 \
-txPower 0.6 \
-topoInstance $topo \
-agentTrace ON \
-routerTrace ON \
-macTrace ON \
proc finish {} {
global ns f f0 f1 namtrace
$ns flush-trace
close $namtrace
close $f0
close $f1
exit 0
}
proc record {} {
global sink0 sink1 sink2 sink3 sink4 sink5 f0 f1
set ns [Simulator instance]
set time 0.05
set bw0 [$sink5 set npkts_]
set bw1 [$sink5 set nlost_]
set now [$ns now]
puts $f0 "$now [expr $bw0]"
puts $f1 "$now [expr $bw1]"
$ns at [expr $now+$time] "record"
}
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
X1(0) 331.036
Y1(0) 828.908
X1(1) 700.752
Y1(1) 536.941
X1(2) 496.574
Y1(2) 751.933
X1(3) 161.916
Y1(3) 696.525
X1(4) -55.5615
Y1(4) 477.237
X1(5) 76.4916
Y1(5) 578.174
X1(6) 406.732
Y1(6) 603.302
X1(7) -47.0804
Y1(7) 702.074
X1(8) 55.6143
Y1(8) 1031.6
X1(9) 467.522
Y1(9) 1198.534
X1(10) 622.691
Y1(10) 860.2
X1(11) 451.199
Y1(11) 1006.16
X1(12) 550.852
Y1(12) 1000.878
X1(13) 592.525
Y1(13) 1153.26
X1(14) 195.676
Y1(14) 854.927
X1(15) 35.183
Y1(15) 898.967
X1(16) 236.728
Y1(16) 557.225
X1(17) 206.668
Y1(17) 1032.88
X1(18) 598.547
Y1(18) 605.636
X1(19) -92.1751
Y1(19) 1012.91
}
set m 0
for {set i 0} {$i < 20 } {incr i} {
set k 0
for {set j 0} {$j < 20 } {incr j} {
set a [ expr $X1($j)-$X1($i)]
set b [ expr $a*$a]
set c [ expr $Y1($j)-$Y1($i)]
set d [ expr $c*$c]
set e [ expr $b+$d]
set f 0.5
set g [expr pow($e,$f)]
set distance($i,$j) $g
#puts "----------------------------------------------------------->$g"
if {$g <= 250 && $i != $j} {
#puts "|
node($i)
|
node($j)
|"
set nei($m) $j
#puts "Distance from node($i) --to--node($j)----------->$g"
set k [expr $k+1]
set m [ expr $m+1]
}
}
#puts "k value is ----------$i-------->$k"
#puts "-------------------------------------------------"
set count($i) $k
#puts "count is $count($i)"
}
puts "Loading connection pattern..."
#source $val(cp)
puts "Loading scenario file..."
for {set i 0} {$i < 20 } {incr i} {
}
b2 0
a2 [ expr $a1+$count(2)]
{set i $a1} {$i < $a2 } {incr i} {
neighbour3($b2) $nei($i)
b3 [ expr $b3+1]
b4 0
a4 [ expr $a3+$count(4)]
{set i $a3} {$i < $a4 } {incr i} {
neighbour5($b4) $nei($i)
b6 [ expr $b6+1]
set
}
set
set
for
set
b7 [ expr $b7+1]
set
}
set
set
for
set
b8 [ expr $b8+1]
set
}
set
set
for
set
b9 [ expr $b9+1]
b7 0
a7 [ expr $a6+$count(7)]
{set i $a6} {$i < $a7 } {incr i} {
neighbour8($b7) $nei($i)
b8 0
a8 [ expr $a7+$count(8)]
{set i $a7} {$i < $a8 } {incr i} {
neighbour9($b8) $nei($i)
b9 0
a9 [ expr $a8+$count(9)]
{set i $a8} {$i < $a9 } {incr i} {
neighbour10($b9) $nei($i)
b10 0
a10 [ expr $a9+$count(10)]
{set i $a9} {$i < $a10 } {incr i} {
neighbour11($b10) $nei($i)
b11 0
a11 [ expr $a10+$count(11)]
{set i $a10} {$i < $a11 } {incr i} {
neighbour12($b11) $nei($i)
set
}
set
set
for
set
b14 0
a14 [ expr $a13+$count(14)]
{set i $a13} {$i < $a14 } {incr i} {
neighbour15($b14) $nei($i)
b15 0
a15 [ expr $a14+$count(15)]
{set i $a14} {$i < $a15 } {incr i} {
neighbour16($b15) $nei($i)
b16 0
a16 [ expr $a15+$count(16)]
{set i $a15} {$i < $a16 } {incr i} {
neighbour17($b16) $nei($i)
b17 0
a17 [ expr $a16+$count(17)]
{set i $a16} {$i < $a17 } {incr i} {
neighbour18($b17) $nei($i)
b18 0
a18 [ expr $a17+$count(18)]
{set i $a17} {$i < $a18 } {incr i} {
neighbour19($b18) $nei($i)
b19 0
a19 [ expr $a18+$count(19)]
{set i $a18} {$i < $a19 } {incr i} {
neighbour29($b19) $nei($i)
#puts "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++"
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
sleeptrust 0.21;
idealtrust 0.55;
transmittrust 0.2;
receivetrust 0.5;
trust(0) 10
trust(1) 10
trust(2) 10
trust(3) 10
trust(4) 10
trust(5) 10
trust(6) 10
trust(7) 10
trust(8) 10
trust(9) 10
trust(10) 10
trust(11) 10
trust(12) 10
trust(13) 10
trust(14) 10
trust(15) 10
trust(16) 10
trust(17) 10
trust(18) 10
trust(19) 10
} else {
}
set trust(8) [expr $trust(8)-$sleeptrust]
}
}
for {set i 0} {$i < [expr $count(9)-1] } {incr i} {
for {set m 0} {$m < [expr $count(9)-1]} {incr m} {
if { $trust($neighbour10($m)) < $trust($neighbour10([expr $m+1]))} {
set temp $neighbour10([expr $i+1])
set neighbour10([expr $i+1]) $neighbour10($i)
set neighbour10($i) $temp
} else {
}
set trust(9) [expr $trust(9)-$receivetrust]
}
}
for {set i 0} {$i < [expr $count(10)-1] } {incr i} {
for {set m 0} {$m < [expr $count(10)-1]} {incr m} {
if { $trust($neighbour11($m)) < $trust($neighbour11([expr $m+1]))} {
set temp $neighbour11([expr $i+1])
set neighbour11([expr $i+1]) $neighbour11($i)
set neighbour11($i) $temp
} else {
}
set trust(10) [expr $trust(10)-$receivetrust]
}
}
for {set i 0} {$i < [expr $count(11)-1] } {incr i} {
for {set m 0} {$m < [expr $count(11)-1]} {incr m} {
if { $trust($neighbour12($m)) < $trust($neighbour12([expr $m+1]))} {
set temp $neighbour12([expr $i+1])
set neighbour12([expr $i+1]) $neighbour12($i)
set neighbour12($i) $temp
} else {
}
set trust(11) [expr $trust(11)-$receivetrust]
}
}
}
}
puts
puts
puts
puts
puts
puts
puts
puts
puts
puts
puts
puts
puts
puts
puts
puts
puts
puts
puts
puts
source link.tcl
set udp_(0) [new Agent/UDP]
$ns_ attach-agent $node_(4) $udp_(0)
set null1_(0) [new Agent/Null]
$ns_ attach-agent $node_(13) $null1_(0)
set cbr1_(0) [new Application/Traffic/CBR]
$cbr1_(0) set packetSize_ 1000
$cbr1_(0) set interval_ 0.1
$cbr1_(0) set random_ 1
$cbr1_(0) set maxpkts_ 1000
$cbr1_(0) attach-agent $udp_(0)
$ns_ connect $udp_(0) $null1_(0)
$ns_ at 1.0 "$cbr1_(0) start"
$ns_ at 5.3 "$cbr1_(0) stop"
set udp_(1) [new Agent/UDP]
$ns_ attach-agent $node_(4) $udp_(1)
set null1_(1) [new Agent/Null]
$ns_ attach-agent $node_(6) $null1_(1)
set cbr1_(1) [new Application/Traffic/CBR]
$cbr1_(1) set packetSize_ 1000
$cbr1_(1) set interval_ 0.1
Conclusion
References
[1]. Jin-Hee Cho Ing-Ray Chen, 2010. Modelling And Analysis Of Intrusion Detection
Integrated With Batch Rekeying For Dynamic Group Communication Systems In Mobile Ad
Hoc Networks in Wireless Netw, 16: 11571173.
[2]. Jonathan Thostle, 2008. Applying Network Address Encryption to Anonymity And
Preventing Data Exfiltration.. Military Communications Conference. MILCOM 2008. IEEE, pp:
1-7.
[3]. Pengrui Xia, Meng Wu, Kun Wang, Xi Chen, 2008. Identity-based Fully Distributed
Certificate Authority in an OLSR MANET. Wireless Communications, Networking and Mobile
Computing, 2008. WiCOM '08. 4th International Conference on 12-14 Oct., pp: 1-4.
[4]. Perkins, D.D., 2002. Factors Affecting the Performance of Ad Hoc Networks. IEEE
International conference on communications, 4: 2048-2052.
[5]. Suparna Biswas, Priyanka Dey, 2013. Secure Check pointing-Recovery using Trusted Nodes
in MANET, 4th International Conference on Computer and Communication Technology, pp:
175-180.
[6]. Tameem Eissa, Shukor Abd Razak, Md Asri Ngadi, 2009. Enhancing MANET Security
using Secret Public Keys. International Conference on Future Networks, pp: 130-134.
[7]. Yang Qin and Dijiang Huang, 2014. A Statistical Traffic Pattern Discovery System for
MANETs. Dependable and Secure Computing, IEEE Transactions, 11(2): 181-192.
[8]. U.S. Department of Defense. Trusted Computer System Evaluation The Orange Book.
Publication DoD 5200.28-STD. Washington: GPO 1985
[9]. C. J. Smith. Covert shells, 2000.
[10]. Simmons, Gustavus J. Prisoners Problem and the Subliminal Channel, CRYPTO83 Advances in Cryptology, August 22-24. 1984. pp. 51-67.
[11]. N. Proctor & P. Neumann, Architectural implementations of covert channels. Proceedings
of the Fifteenth National Computer Security Conference Baltimore, Maryland, 1998, 29
[12]. Ananda Krishna B, R.Ramesh, Improving Quality of Service Through Secured Routing In
Mobile Ad Hoc Networks, Int. J. Advanced Networking and Applications Volume: 03, Issue:
04, Pages:1253-1260 (2012).
[13]. Yih-Chun Hu, David B. Johnson, Securing Quality-of-Service Route Discovery in OnDemand Routing for Ad Hoc Networks, ACM, SASN04, October 25, 2004.
[14]. PuneetSethi, GautamBarua, CRESQ: Providing QoS and Security in Ad hoc
Networks,2014.
[15]. S. Chen, Routing Support for Providing Guaranteed End-to-End Quality-of-Service, PhD
Thesis, University of IL at Urbana-Champaign, 1999.
[16]. S. Chakrabarti and A. Mishra, QoS issues in ad-hoc wireless networks, IEEE
Communication. Mag., vol.39,pp. 142-148, Feb. 2001.
[17]. J.N. Al-Karaki and A.E.Kamal, Quality of Service routing in mobile ad hoc networks:
Current and future trends in Mobile Computing, Handbook, CRC Publishers, 2004.
[18]. T.B.Reddy I.Karthigeyan, B.Manoj and C.S.R.Murthy, Quality of service provisioning in
ad hoc wireless networks: a survey of issues and solutions, Ad Hoc Networks Vol.4, pp.83-124,
2006
Network,
[44]. L. Marques and A. Casimiro, Fighting uncertainty in highly dynamic wireless sensor
networks with probabilistic models, Proceeding of 32nd International Symposium Reliable
Distributed System, Sep./Oct. 2013, pp. 3140.
[45]. S. Rhee, D. Seetharam, and S. Liu, Techniques for minimizing power consumption in low
data-rate wireless sensor networks, Proceeding of IEEE Wireless Communications and
Networking Conference (WCNC), Atlanta, GA, USA, Mar. 2004, pp. 17271731.
[46]. C. Schurgers, O. Aberthorne, and M. B. Srivastava, Modulation scaling for energy aware
communication systems, Proceeding of ACM International Symposium Low Power Electronics
and Design, Huntington Beach, CA, USA, 2001, pp. 9699.
[47]. S. Mukhopadhyay, D. Panigrahi, and S. Dey, Data aware, low cost error correction for
wireless sensor networks, Proceeding of IEEE Wireless Communications and Networking
Conference (WCNC), Atlanta, GA, USA, Mar. 2004, pp. 24922497.
[48]. V. Ramasubramanian and D. Mosse, BRA: A bidirectional routing abstraction for
asymmetric mobile ad hoc networks, IEEE/ACM Transaction on Networking., vol. 16, no. 1,
pp. 116129, Feb. 2008.
[49]. L. Sang, A. Arora, and H. Zhang, On link asymmetry and one-way estimation in wireless
sensor networks, ACM Transaction on Sensor Networks, vol. 6, no. 2, pp. 12:112:25, 2010,
Art. ID 12.
[50]. G. Wang, D. Turgut, L. Blni, Y. Ji, and D. C. Marinescu, A MAC layer protocol for
wireless networks with asymmetric links, Ad Hoc Networks Journal, vol. 6, no. 3, pp. 424440,
2008.
[51]. B. B. Chen, S. Hao, M. Zhang, M. C. Chan, and A. L. Ananda, DEAL: Discover and
exploit asymmetric links in dense wireless sensor networks, Proceeding of 6th Annual IEEE
Communication Society Conference on Sensor, Mesh, Ad Hoc Communication and Networking
(SECON), Jun. 2009, pp. 19.
[52]. Anil UfukBatmaz, HuseyinUgurYildiz, and BulentTavli, Role of Unidirectionality and
Reverse Path Length on Wireless Sensor Network Lifetime, IEEE Sensors Journal, Vol. 14, No.
11, November 2014.
[53]. Bro intrusion detection system, 2011 [Online]. Available: http://www.bro-ids.org
[54]. Snort network intrusion detection system, Source fire, Columbia, MD, 2010 [Online].
Available: http://www.snort.org.
[55]. A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman, Compilers: Principles, Techniques, and
Tools, 2nd ed. Reading, MA: Addison-Wesley, 2007.