Professional Documents
Culture Documents
INTRODUCTION
1.1 Network
In information technology, a network is a series of points or nodes interconnected by communication paths. Networks can interconnect with other networks and contain sub networks. The most common topology or general configurations of networks include the bus, star, Token Ring, and mesh topologies. Networks can also be characterized in terms of spatial distance as local area networks (LANs), metropolitan area networks (MANs), and wide area networks (WANs). A given network can also be characterized by the type of data transmission technology in use on it (for example, a TCP/IP or Systems Network Architecture network); by whether it carries voice, data, or both kinds of signals; by who can use the network (public or private); by the usual nature of its connections (dial-up or switched, dedicated or no switched, or virtual connections); and by the types of physical links (for example, optical fibres, coaxial cable, and Unshielded Twisted Pair). Large telephone networks and networks using their infrastructure (such as the Internet) have sharing and exchange arrangements with other companies so that larger networks are created. There are many types of computer networks, including: 1.1.1 Local-area network (LAN): A local area network (LAN) is a computer network covering a small physical area, like a home, office, or small group of buildings, such as a school, or an airport. Current wired LANs are most likely to be based on Ethernet technology, although new standards like ITU-T G also provide a way to create a wired LAN using existing home wires (coaxial cables, phone lines and power lines). 1.1.2 Wide-area network (WAN): A wide area network (WAN) is a computer network that covers a broad area (i.e. any network whose communications links cross metropolitan, regional, or national boundaries). Less formally, a WAN is a network that uses routers and public communications links. Contrast with personal area networks (PANs), local area networks (LANs), campus area networks (CANs), or metropolitan area networks (MANs), which are usually limited to a room, building, campus or specific metropolitan area (e.g., a city) respectively. The largest and most well-known example of a WAN is the Internet. A WAN is a data communications network that covers a relatively broad geographic area (i.e. one city to another and one country to another country) and that often uses transmission facilities provided by common
Secure AODV VS Trusted AODV Protocols for MANET routing security
carriers, such as telephone companies. WAN technologies generally function at the lower three layers of the OSI reference model: the physical layer, the data link layer, and the network layer. 1.1.3 Campus-area network (CAN): A campus area network (CAN) is a computer network made up of an interconnection of local area networks (LANs) within a limited geographical area. It can be considered one form of a metropolitan area network, specific to an academic setting. In the case of a university campus-based campus area network, the network is likely to link a variety of campus buildings including; academic departments, the university library and student residence halls. A campus area network is larger than a local area network but smaller than a wide area network (WAN) (in some cases). 1.1.4 Metropolitan-area network (MAN): A metropolitan area network (MAN) is a network that connects two or more local area networks or campus area networks together but does not extend beyond the boundaries of the immediate town/city. Routers, switches and hubs are connected to create a metropolitan area network. 1.1.5 Personal area network (PAN): A personal area network (PAN) is a computer network used for communication among computer devices close to one person. Some examples of devices that are used in a PAN are printers, fax machines, telephones, PDAs and scanners. The reach of a PAN is typically about 20-30 feet (approximately 6-9 meters), but this is expected to increase with technology improvements. 1.1.6 Global area network (GAN): A global area networks (GAN) specification is in development by several groups, and there is no common definition. In general, however, a GAN is a model for supporting mobile communications across an arbitrary number of wireless LANs, satellite coverage areas, etc. The key challenge in mobile communications is "handing off" the user communications from one local coverage area to the next. In IEEE Project 802, this involves a succession of terrestrial WIRELESS local area networks (WLAN).
electrical, and timing interfaces, and the physical transmission medium, which lies below the physical layer. 1.2.1.2 Data link layer: The main task of the data link layer is to transform a raw transmission facility into a line that appears free of undetected transmission errors to the network layer. It accomplishes this task by having the sender break up the input data into data frames (typically a few hundred or a few thousand bytes) and transmits the frames sequentially. If the service is reliable, the receiver confirms correct receipt of each frame by sending back an acknowledgement frame. Another issue that arises in the data link layer (and most of the higher layers as well) is how to keep a fast transmitter from drowning a slow receiver in data. Some traffic regulation mechanism is often needed to let the transmitter know how much buffer space the receiver has at the moment. Frequently, this flow regulation and the error handling are integrated. Broadcast networks have an additional issue in the data link layer: how to control access to the shared channel. A special sub layer of the data link layer, the medium access control sub layer, deals with this problem. 1.2.1.3 Network layer: The network layer controls the operation of the subnet. A key design issue is determining how packets are routed from source to destination. Routes can be based on static tables that are ''wired into'' the network and rarely changed. They can also be determined at the start of each conversation, for example, a terminal session (e.g., a login to a remote machine). Finally, they can be highly dynamic, being determined anew for each packet, to reflect the current network load. If too many packets are present in the subnet at the same time, they will get in one another's way, forming bottlenecks. The control of such congestion also belongs to the network layer. More generally, the quality of service provided (delay, transit time, jitter, etc.) is also a network layer issue. When a packet has to travel from one network to another to get to its destination, many problems can arise. The addressing used by the second network may be different from the first one. The second one may not accept the packet at all because it is too large. The protocols may differ, and so on. It is up to the network layer to overcome all these problems to allow heterogeneous networks to be interconnected. In broadcast networks, the routing problem is simple, so the network layer is often thin or even nonexistent.
Secure AODV VS Trusted AODV Protocols for MANET routing security
1.2.1.4 Transport layer: The basic function of the transport layer is to accept data from above, split it up into smaller units if need be, pass these to the network layer, and ensure that the pieces all arrive correctly at the other end. Furthermore, all this must be done efficiently and in a way that isolates the upper layers from the inevitable changes in the hardware technology. The transport layer also determines what type of service to provide to the session layer, and, ultimately, to the users of the network. The most popular type of transport connection is an error-free point-to-point channel that delivers messages or bytes in the order in which they were sent. However, other possible kinds of transport service are the transporting of isolated messages, with no guarantee about the order of delivery, and the broadcasting of messages to multiple destinations. The type of service is determined when the connection is established. (As an aside, an error-free channel is impossible to achieve; what people really mean by this term is that the error rate is low enough to ignore in practice.) The transport layer is a true end-to-end layer, all the way from the source to the destination. In other words, a program on the source machine carries on a conversation with a similar program on the destination machine, using the message headers and control messages. In the lower layers, the protocols are between each machine and its immediate neighbors, and not between the ultimate source and destination machines, which may be separated by many routers. 1.2.1.5 Session layer: The session layer refers to the connectivity and management of network applications. TCP/IP does not directly map this OSI layer. The session layer allows users on different machines to establish sessions between them. Sessions offer various services, including dialog control (keeping track of whose turn it is to transmit), token management (preventing two parties from attempting the same critical operation at the same time), and synchronization (check pointing long transmissions to allow them to continue from where they were after a crash). 1.2.1.6 Presentation layer: The presentation layer establishes the data format prior to passing it along to the network application's interface. TCP/IP networks perform this task at the application layer. Unlike lower layers, which are mostly concerned with moving bits around, the presentation layer is concerned with the syntax and semantics of the information
Secure AODV VS Trusted AODV Protocols for MANET routing security
transmitted. In order to make it possible for computers with different data representations to communicate, the data structures to be exchanged can be defined in an abstract way, along with a standard encoding to be used ''on the wire.'' The presentation layer manages these abstract data structures and allows higher-level data structures (e.g., banking records), to be defined and exchanged. 1.2.1.7 Application layer: The application layer processes data received or sent through the network. The application layer contains a variety of protocols that are commonly needed by users. One widely-used application protocol is HTTP (HyperText Transfer Protocol), which is the basis for the World Wide Web. When a browser wants a Web page, it sends the name of the page it wants to the server using HTTP. The server then sends the page back. Other application protocols are used for file transfer, electronic mail, and network news.
The term congestion control is a bit of a misnomer. Congestion avoidance would be a better term since TCP cannot control congestion per sec. ultimately intermediate devices, such as IP routers would only be able to control congestion. Congestion control is currently a large area of research and concern in the network community. A companion study on congestion control examines the current state of activity in that area. Timeouts and retransmissions handle error control in TCP. Although delay could be substantial, particularly if you were to implement real-time applications, the uses of both techniques offer error detection and error correction thereby guarantee-ing that data will eventually be sent successfully. The nature of TCP and the underlying packet switched network provide formidable challenges for managers, designers and researchers of networks. Once regulated to low speed data communication applications, the Internet and in part TCP are being used to support very high speed communications of voice, video and data. It is unlikely that the Internet protocols will remain static as the applications change and expand. Understanding the current state of affairs will assist us in understanding protocol changes made to support future applications. TCP is often described as a byte stream, connection-oriented, reliable delivery transport layer protocol. In turn, we will discuss the meaning for each of these descriptive terms. 1.2.2.1 Byte Stream Delivery: TCP interfaces between the application layer above and the network layer below. When an application sends data to TCP, it does so in 8-bit byte streams. It is then up to the sending TCP to segment or delineate the byte stream in order to transmit data in manageable pieces to the receiver1. It is this lack of 'record boundaries" which give it the name "byte stream delivery service".
1.2.2.2 Connection-Oriented: Before two communicating TCPs can exchange data, they must first agree upon the willingness to communicate. Analogous to a telephone call, a connection must first be made before two parties exchange information. 1.2.2.3 Reliability: A number of mechanisms help provide the reliability TCP guarantees. Each of these is described briefly below. 1.2.2.4 Checksums: All TCP segments carry a checksum, which is used by the receiver to detect errors with either the TCP header or data. 1.2.2.5 Duplicate data detection: It is possible for packets to be duplicated in packet switched network; therefore TCP keeps track of bytes received in order to discard duplicate copies of data that has already been received. 1.2.2.6 Retransmissions: In order to guarantee delivery of data, TCP must implement retransmission schemes for data that may be lost or damaged. The use of positive acknowledgements by the receiver to the sender confirms successful reception of data. The lack of positive acknowledgements, coupled with a timeout period (see timers below) calls for a retransmission. 1.2.2.7 Sequencing: In packet switched networks, it is possible for packets to be delivered out of order. It is TCP's job to properly sequence segments it receives so it can deliver the byte stream data to an application in order. 1.2.2.8 Timers: TCP maintains various static and dynamic timers on data sent. The sending TCP waits for the receiver to reply with an acknowledgement within a bounded length of time. If the timer expires before receiving an acknowledgement, the sender can retransmit the segment.
Secure AODV VS Trusted AODV Protocols for MANET routing security
1.2.3.6 Reserved: A 6-bit field currently unused and reserved for future use. 1.2.3.7 Control Bits: Urgent Pointer (URG): If this bit field is set, the receiving TCP should interpret the urgent pointer field (see below). Acknowledgement (ACK): If this bit field is set, the acknowledgement field described earlier is valid. Push Function (PSH): If this bit field is set, the receiver should deliver this segment to the receiving application as soon as possible. Reset the Connection (RST): If this bit is present, it signals the receiver that the sender is aborting the connection and all queued data and allocated buffers for the connection can be freely relinquished. Synchronize (SYN): When present, this bit field signifies that sender is attempting to "synchronize" sequence numbers. This bit is used during the initial stages of connection establishment between a sender and receiver. No More Data from Sender (FIN): If set, this bit field tells the receiver that the sender has reached the end of its byte stream for the current TCP connection. 1.2.3.8 Window: A 16-bit integer used by TCP for flow control in the form of a data transmission window size. This number tells the sender how much data the receiver is willing to accept. The maximum value for this field would limit the window size to 65,535 bytes; however a "window scale" option can be used to make use of even larger windows. 1.2.3.9 Checksum: A TCP sender computes a value based on the contents of the TCP header and data fields. This 16-bit value will be compared with the value the receiver generates using
Secure AODV VS Trusted AODV Protocols for MANET routing security
10
the same computation. If the values match, the receiver can be very confident that the segment arrived intact. 1.2.3.10 Urgent Pointer: In certain circumstances, it may be necessary for a TCP sender to notify the receiver of urgent data that should be processed by the receiving application as soon as possible. This 16-bit field tells the receiver when the last byte of urgent data in the segment ends. 1.2.3.11 Options: In order to provide additional functionality, several optional parameters may be used between a TCP sender and receiver. Depending on the option(s) used, the length of this field will vary in size, but it cannot be larger than 40 bytes due to the size of the header length field (4 bits). The most common option is the maximum segment size (MSS) option. A TCP receiver tells the TCP sender the maximum segment size it is willing to accept through the use of this option. Other options are often used for various flow control and congestion control techniques. 1.2.3.12 Padding: Because options may vary in size, it may be necessary to "pad" the TCP header with zeroes so that the segment ends on a 32-bit word boundary as defined by the standard. 1.2.3.13 Data: Although not used in some circumstances (e.g. acknowledgement segments with no data in the reverse direction), this variable length field carries the application data from TCP sender to receiver. This field coupled with the TCP header fields constitutes a TCP segment.
11
In order for two hosts to communicate using TCP they must first establish a connection by exchanging messages in what is known as the three-way handshake. The diagram below depicts the process of the three-way handshake.
Host B
Receive SYN Send SYN seq=y, ACK x+1 Receive SYN+ACK Send ACK y+1 Receive ACK
Figure 1.2.4.1 TCP Connection Establishment To start, Host A initiates the connection by sending a TCP segment with the SYN control bit set and an initial sequence number (ISN) we represent as the variable x in the sequence number field. At some moment later in time, Host B receives this SYN segment, processes it and responds with a TCP segment of its own. The response from Host B contains the SYN control bit set and its own ISN represented as variable y. Host B also sets the ACK control bit to indicate the next expected byte from Host A should contain data starting with sequence number x+1. When Host A receives Host B's ISN and ACK, it finishes the connection establishment phase by sending a final acknowledgement segment to Host B. In this case, Host A sets the ACK control bit and indicates the next expected byte from Host B by placing acknowledgement number y+1 in the acknowledgement field. In addition to the information shown in the diagram above, an exchange of source and destination ports to use for this connection are also included in each senders' segments.
12
Once ISNs have been exchanged, communicating applications can transmit data between each other. Most of the discussion surrounding data transfer requires us to look at flow control and congestion control techniques which we discuss later in this document and refer to other texts. A few key ideas will be briefly made here, while leaving the technical details aside.
A simple TCP implementation will place segments into the network for a receiver as long as there is data to send and as long as the sender does not exceed the window advertised by the receiver. As the receiver accepts and processes TCP segments, it sends back positive acknowledgements, indicating where in the byte stream it is. These acknowledgements also contain the "window" which determines how many bytes the receiver is currently willing to accept. If data is duplicated or lost, a "hole" may exist in the byte stream. A receiver will continue to acknowledge the most current contiguous place in the byte stream it has accepted.
If there is no data to send, the sending TCP will simply sit idly by waiting for the application to put data into the byte stream or to receive data from the other end of the connection. If data queued by the sender reaches a point where data sent will exceed the receiver's advertised window size, the sender must halt transmission and wait for further acknowledgements and an advertised window size that is greater than zero before resuming.
Timers are used to avoid deadlock and unresponsive connections. Delayed transmissions are used to make more efficient use of network bandwidth by sending larger "chunks" of data at once rather than in smaller individual pieces.
In order for a connection to be released, four segments are required to completely close a connection. Four segments are necessary due to the fact that TCP is a fullduplex protocol, meaning that each end must shut down independently.
Notice that instead of SYN control bit fields, the connection termination phase uses the FIN control bit fields to signal the close of a connection.
13
Host B
Receive FIN Send ACK x+1 Receive ACK Receive FIN+ACK Send ACK y+1 Receive ACK Figure 1.2.4.2 TCP Connection Termination To terminate the connection in our example, the application running on Host A signals TCP to close the connection. This generates the first FIN segment from Host A to Host B. When Host B receives the initial FIN segment, it immediately acknowledges the segment and notifies its destination application of the termination request. Once the application on Host B also decides to shut down the connection, it then sends its own FIN segment, which Host A will process and respond with an acknowledgement. Send FIN seq=y, ACK x+1
14
TCP uses the window field, briefly described previously, as the primary means for flow control. During the data transfer phase, the window field is used to adjust the rate of flow of the byte stream between communicating TCPs. In simple example, there is a 4-byte sliding window. Moving from left to right, the window "slides" as bytes in the stream are sent and acknowledged. The size of the window and how fast to increase or decrease the window size is an area of great research.
15
16
segments to be properly re-ordered by the fact that the receiver had enough time to send three duplicate ACKs. When three or more duplicate ACKs are received, the sender does not even wait for a retransmission timer to expire before retransmitting the segment (as indicated by the position of the duplicate ACK in the byte stream). This process is called the Fast Retransmit algorithm and was first defined in it. Immediately following Fast Retransmit is the Fast Recovery algorithm.
17
1.2.11.1 Fields: Source Port is an optional field, when meaningful, it indicates the port of the sending process, and may be assumed to be the port to which a reply should be addressed in the absence of any other information. If not used, a value of zero inserted. Destination Port has a meaning within the context of a particular Internet destination address. Length is the length in octets of this user datagram including this header and the data. (This means the minimum value of the length is eight.)
Checksum is the 16-bit one's complement of the one's complement sum of a pseudo header of information from the IP header, the UDP header, and the data, padded with zero octets at the end (if necessary) to make a multiple of two octets. The pseudo header conceptually prefixed to the UDP header contains the source address, the destination address, the protocol, and the UDP length. This information gives protection against misrouted datagrams. 1.2.11.2 User Interface: A user interface should allow the creation of new receive ports, receive operations on the receive ports that return the data octets and an indication of source port and source address, and an operation that allows a datagram to be sent, specifying the data, source and destination ports and addresses to be sent. 1.2.11.3 IP Interface: The UDP module must be able to determine the source and destination internet addresses and the protocol field from the internet header. One possible UDP/IP interface would return the whole internet datagram including the entire internet header in response to a receive operation. Such an interface would also allow the UDP to pass a full internet datagram complete with header to the IP to send. The IP would verify certain fields for consistency and compute the internet header checksum. 1.2.11.4 Protocol Application: The major use of this protocol is the Internet Name Server, and the Trivial File Transfer.
18
This project report is divided into 7 chapters. Chapter 1 presented an overview of Computer Networks which consists of the OSI layers, Transmission Control Protocol, TCP header format, connection establishment and termination, sliding window and flow control, congestion control, slow start, congestion avoidance, fast retransmit, fast recovery, user datagram protocol. Chapter 2 presents an overview of ad hoc network in simplest form; wireless ad hoc network, mobile ad hoc network and several different protocols have been proposed for adhoc routing, the communication environment and the MANET model. Chapter 3 discusses about the Secure ad hoc on-demand distance vector (SAODV) and Trusted ad hoc on-demand distance vector (TAODV) protocols for MANET routing security, and briefly about the ad hoc on-demand distance vector (AODV) routing protocol. Chapter 4 covers the design and implementation part which include use case diagram, class diagram, sequence diagram, collaboration diagram, state chart diagram and data flow diagrams, where the UML diagrams gives the static and the dynamic views of the system and the data flow diagrams gives the conceptual flow of the system. Chapter 5 presents the test cases, which consists of the execution results of the system developed. These results will guide the user how the system works throughout the execution process. Chapter 6 presents the conclusion of the project developed and future work discusses the future protocols that can be developed with more advanced features based on these protocols. Chapter 7 consists of the books, magazines, journals and conference papers etc, that are referred during the project work.
19
2. AD HOC NETWORK
An ad hoc is considered a collection of wireless mobile nodes that are capable of communicating with each other without the use of a network infrastructure or any centralized administration. The mobile hosts are not bound to any centralized control like base stations or mobile switching centers. Although this offers unrestricted mobility and connectivity to the users, the onus of network management is now entirely on the nodes that forms the network. Due to the limited transmission range of wireless network interfaces, multiple hops may be needed for one node to exchange data with another across the network. In such a network, each mobile node operates not only as a host but also as a router, forwarding packets for other mobile nodes in the network that may not be within direct wireless transmission range of each other. Each node participates in an ad hoc routing protocol that allows it to discover multihop paths through the network to any other node. The idea of ad hoc is also called infrastructure less networking, since the mobile nodes in the network dynamically establish routing among themselves to form their own network on the fly. It is formed instantaneously, and uses multihop routing to transmit information. MANET technology can provide an extremely flexible method of establishing communications in situations where geographical or terrestrial constraints demand a totally distributed network system without any fixed base station, such as battlefields, military applications, and other emergency and disaster situations. Ad-Hoc Network is the simplest form of Wireless LAN is a network composed of a few nodes without any bridging or forwarding capability. All nodes are equal and may join or leave at any time, and have equal right to the medium. In fact, it's very much like an Ethernet, where you may add or remove node at discretion. This is the kind of radio networks deployed in homes of small offices. Ad hoc Network is an Isolated Network. Ad hoc networks are a new paradigm of wireless communication for mobile hosts (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centres. Mobile nodes that are within each others radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology Military tactical operations are still the main application of ad hoc networks today. Ad hoc networks can also be used for emergency, law enforcement, and
20
rescue missions. Since an ad hoc network can be deployed rapidly with relatively low cost, it becomes an attractive option for commercial uses such as sensor networks or virtual classrooms.
21
unstable and attemptable. Consequently, the security issues of MANETs are becoming an urgent requirement. Finally, the nodes in the network can be highly mobile, thus rapidly changing the node constellation and the presence or absence of links. Examples of the use of the MANETs are: Tactical operation for fast establishment for military communication during the deployment of forces in unknown and hostile terrain; Rescue missions for communication in times of national crisis, where the existing communication infrastructure is non operational due to natural disaster or a global war; Law enforcement for the establishment of communication infrastructure during law enforcement operations; Commercial use for setting up communication in exhibitions, conference, or sales presentations. Educations for operations of wall free (virtual) classrooms; and Sensor networks for communication between intelligent sensors (e.g. MEMS2) mounted on mobile platforms. Nodes in the MANET exhibit nomadic behaviour by freely migrating within some area, dynamically creating and tearing down associations with other nodes. Groups of nodes that have a common goal can create formations (clusters) and migrate together, similarly to military units on missions or to guided tours on excursions. Nodes can communicate with each other at any time and without restrictions, except for connectivity limitations and subject to security provisions. MANETs are intended to provide a data network that is immediately deployable in arbitrary communication environments and is responsive to changes in network topology. Because adhoc networks are intended to be deployable anywhere, existing infrastructure may not be present. The mobile nodes are thus likely to be the sole elements of the network. Differing mobility patterns and radio propagation conditions that vary with time
Secure AODV VS Trusted AODV Protocols for MANET routing security
22
and position can result in intermittent and sporadic connectivity between adjacent nodes. The result is a time-varying network topology. MANETs are distinguished from other ad-hoc networks by rapidly changing network topologies, influenced by the network size and node mobility. Such networks typically have a large span and contain hundreds to thousands of nodes. The MANET nodes exist on top of diverse platforms that exhibit quite different mobility patterns. Within a MANET, there can be significant variations in nodal speed (from stationary nodes to high-speed aircraft), direction of movement, acceleration/deceleration or restrictions on paths (e.g., a car must drive on a road, but a tank does not). A pedestrian is restricted by built objects while airborne platforms can exist anywhere in some range of altitudes. In spite of such volatility, the MANET is expected to deliver diverse traffic types, ranging from pure voice to integrated voice and image, and even possibly some limited video. In traditional wireless networks, a base station or access point facilitates all communications between nodes on the network and communications with destinations outside the network, In contrast, MANETs allow for the formation of a network without requiring a fixed infrastructure. These networks only require that nodes have interoperable radio hardware and are using the same routing protocol to route traffic over the network. The lessened requirements for such networks, along with the ability to implement them using small, resource-limited devices has made them increasingly popular in all types of application areas. Since there is no fixed infrastructure, the nodes in the network forward traffic for one another in order to allow communication between nodes that are not within physical radio range. Nodes must also be able to change how they forward data over the network as individual nodes move around and acquire and lose neighbors, i.e., nodes within radio range. Such an approach does indeed prevent tampering with the routing information; it also makes for a very simple denial of service (DoS) attack. This attack is very effective in MANETs as the devices often have limited battery power in addition to the limited computational power. Consequently, this type of DoS attack allows for an attacker to effectively shutdown nodes or otherwise disrupts the network. The trade-off between strong cryptographic security and DoS has become
increasingly important as MANET applications are developed which require a protocol with
Secure AODV VS Trusted AODV Protocols for MANET routing security
23
reasonable security and reasonable resistance to DoS, a kind of middle-ground. It has been suggested that various trust mechanisms could be used to develop new protocols with unique security assurances at different levels in this trade-off. Since there is no fixed infrastructure, the nodes in the network forward traffic for one another in order to allow communication between nodes that are not within physical radio range. Several different protocols have been proposed for ad-hoc routing. The earliest protocols such as DSDV DSR AODV
Focused on problems that mobility presented to the accurate determination of routing information; DSDV is a proactive protocol requiring periodic updates of all the routing information. DSR and AODV are reactive protocols, only used when new destinations are sought, a route breaks, or a route is no longer in use.
24
All the network nodes have equal capabilities. This means that all nodes are equipped with identical communication devices and are capable of performing functions from a common set of network services. However, all nodes do not necessarily perform the same functions at the same time. In particular, node may be assigned specific functions in the network, and those roles may change over time.
Although the network should allow communication between any two nodes, it is envisioned that a large portion of the traffic will be between geographically close nodes. This assumption is clearly justified in a hierarchical organization. For example, it is much more likely that communication will take place between two soldiers in the same unit, rather than between two soldiers in two different brigades. A MANET is a peer-to-peer network that allows direct communication between any
two nodes, when adequate radio propagation conditions exist between these two nodes and subject to transmission power limitations of the nodes. If there is no direct link between the source and the destination nodes, multi-hop routing is used. In multi-hop routing, a packet is forwarded from one node to another, until it reaches the destination. Of course, appropriate routing protocols are necessary to discover routes between the source and the destination, or even to determine the presence or absence of a path to the destination node. Because of the lack of central elements, distributed protocols have to be used. All communications between all network entities in ad-hoc networks are carried over the wireless medium. Due to the radio communications being vulnerable to propagation impairments, connectivity between network nodes is not guaranteed. In fact, intermittent and sporadic connectivity may be quite common. Additionally, as the wireless bandwidth is limited, its use should be minimized. Finally, as some of the mobile devices are expected to be handheld with limited power sources, the required transmission power should be minimized as well. Therefore, the transmission radius of each mobile is limited, and channels assigned to mobiles are typically spatially reused. Consequently, since the transmission radius is much smaller than the network span, communication between two nodes often needs to be relayed through intermediate nodes; i.e., multi-hop routing is used. In MANETs, because of the possibly rapid movement of the nodes and variable propagation conditions, network information, such as a route table, becomes obsolete quickly. Frequent network reconfiguration may trigger frequent exchanges of control
Secure AODV VS Trusted AODV Protocols for MANET routing security
25
information to reflect the current state of the network. However, the short lifetime of this information means that a large portion of this information may never be used. Thus, the bandwidth used for distribution of the routing update information is wasted. In spite of these attributes, the design of the MANETs still needs to allow for a high degree of reliability, survivability, availability, and manageability of the network. On the basis of the above discussion the following features are required: Robust routing and mobility management algorithms to increase the network reliability and availability. Adaptive algorithms and protocols to adjust the frequency changing radio propagation, network and traffic conditions. Low overhead algorithms ad protocols to preserve radio communication resource. Multiple (distinct) routes between the source and a destination to reduce congestion in the vicinity of certain nodes, and to increase the reliability and survivability. Robust network architecture to avoid susceptibility to network failures, congestion around high-level nodes, and the penalty due to inefficient routing. In the absence of fixed infrastructure, MANET node cooperate to provide routing services, relying on each other to forward packets to their destination. Routing protocols designed for fixed networks are not effective in the dynamic and resource constrained MANET environment. Due to the radio communications being vulnerable to propagation impairments, connectivity between network nodes is not guaranteed. In fact, intermittent and sporadic connectivity may be quite common. Additionally, as the wireless bandwidth is limited, its use should be minimized. Finally, as some of the mobile devices are expected to be handheld with limited power sources, the required transmission power should be minimized as well. Therefore, the transmission radius of each mobile is limited, and channels assigned to mobiles are typically spatially reused.
26
27
the destination along that path. Once the source stops sending data packets, the links will time out and eventually be deleted from the intermediate node routing tables. If a link break occurs while the route is active, the node upstream of the break propagates a route error (RERR) message to the source node to inform it of the now unreachable destination(s). After receiving the RERR, if the source node still desires the route, it can reinitiate route discovery. Multicast routes are set up in a similar manner. A node wishing to join a multicast group broadcasts a RREQ with the destination IP address set to that of the multicast group and with the 'J'(join) flag set to indicate that it would like to join the group. Any node receiving this RREQ that is a member of the multicast tree that has a fresh enough sequence number for the multicast group may send a RREP. As the RREPs propagate back to the source, the nodes forwarding the message set up pointers in their multicast route tables. As the source node receives the RREPs, it keeps track of the route with the freshest sequence number, and beyond that the smallest hop count to the next multicast group member. After the specified discovery period, the source node wills unicast a Multicast Activation (MACT) message to its selected next hop. This message serves the purpose of activating the route. A node that does not receive this message that had set up a multicast route pointer will timeout and delete the pointer. If the node receiving the MACT was not already a part of the multicast tree, it will also have been keeping track of the best route from the RREPs it received. Hence it must also unicast a MACT to its next hop, and so on until a node that was previously a member of the multicast tree is reached. AODV maintains routes for as long as the route is active. This includes maintaining a multicast tree for the life of the multicast group. Because the network nodes are mobile, it is likely that many link breakages along a route will occur during the lifetime of that route. The main advantage of this protocol is that routes are established on demand and destination sequence numbers are used to find the latest route to the destination. The connection setup delay is lower. One of the disadvantages of this protocol is that intermediate nodes can lead to inconsistent routes if the source sequence number is very old and the intermediate nodes have a higher but not the latest destination sequence number, thereby having stale entries. Also multiple Route Reply packets in response to a single Route Request packet can lead to heavy control overhead. Another disadvantage of AODV is that the periodic beaconing leads to unnecessary bandwidth consumption.
28
29
In addition, every time a node receives a RREQ or a RREP message, it performs the following operations in order to verify the hop count: Applies the hash function h Maximum Hop Count minus Hop Count times to the value in the Hash field, and verifies that the resultant value is equal to the value contained in the Top Hash field. Top Hash == hMax Hop CountHop Count(Hash) Where: a == b reads: to verify that a and b are equal. Before rebroadcasting a RREQ or forwarding a RREP, a node applies the hash function to the Hash value in the Signature Extension to account for the new hop. Hash = h (Hash) The Hash Function field indicates which hash function has to be used to compute the hash. Trying to use a different hash function will just create a wrong hash without giving any advantage to a malicious node. Hash Function, Max Hop Count, Top Hash, and Hash fields are transmitted with the AODV message, in the Signature Extension. And, as it will be explained later, all of them but the Hash fields are signed to protect its integrity. Digital signatures are used to protect the integrity of the non-mutable data in RREQ and RREP messages. That means that they sign everything but the Hop Count of the AODV message and the Hash from the SAODV extension. The main problem in applying digital signatures is that AODV allows intermediate nodes to reply RREQ messages if they have a fresh enough route to the destination. While this makes the protocol more efficient it also makes it more complicated to secure. The problem is that a RREP message generated by an intermediate node should be able to sign it on behalf of the final destination. And, in addition, it is possible that the route stored in the intermediate node would be created as a reverse route after receiving a RREQ message. To solve this problem, SAODV offers two alternatives. The first one (and also the obvious one) is that, if an intermediate node cannot reply to a RREQ message because it cannot properly sign its RREP message, it just behaves as if it didnt have the route and forwards the RREQ message. The second is that, every time a node generates a RREQ
Secure AODV VS Trusted AODV Protocols for MANET routing security
30
message, it also includes the RREP flags, the prefix size and the signature that can be used (by any intermediate node that creates a reverse route to the originator of the RREQ) to reply a RREQ that asks for the node that originated the first RREQ. Moreover, when an intermediate node generates a RREP message, the lifetime of the route has changed from the original one. Therefore, the intermediate node should include both lifetimes (the old one is needed to verify the signature of the route destination) and sign the new lifetime. When a node receives a RREQ, it first verifies the signature before creating or updating a reverse route to that host. Only if the signature is verified, will it store the route. If the RREQ was received with a Double Signature Extension, then the node will also store the signature for the RREP and the lifetime (which is the reverse route lifetime value) in the route entry. An intermediate node will reply to a RREQ with a RREP only if it fulfills the AODVs requirements to do so and the node has the corresponding signature and old lifetime to put into the Signature and Old Lifetime fields of the RREP Double Signature Extension. Otherwise, it will rebroadcast the RREQ. When a RREQ is received by the destination itself, it will reply with a RREP only if it fulfills the AODVs requirements to do so. This RREP will be sent with a RREP Single Signature Extension. When a node receives a RREP, it first verifies the signature before creating or updating a route to that host. Only if the signature is verified, will it store the route with the signature of the RREP and the lifetime.
31
32
can analyze the communication between them. A variant of this is to increment the destination sequence number to make the other nodes believe that this is a fresher route. Impersonate a node D by forging a RREP with its address as a destination address. Impersonate a node by forging a RREP that claims that the node is the destination and, to increase the impact of the attack, claims to be a network leader of the subnet SN with a big sequence number and send it to its neighbors. In this way it will became (at least locally) a black hole for the whole subnet SN. Selectively, not forward certain RREQs and RREPs not reply to certain RREPs and not forward certain data messages. This kind of attack is especially hard to even detect because transmission errors have the same effect. Forge a RERR message pretending it is the node S and send it to its neighbor D. The RERR message has a very high destination sequence number DSN for one of the unreachable destinations (U). This might cause D to update the destination sequence number corresponding to U with the value DSN and, therefore, future route discoveries performed by D to obtain a route to U will fail. According to the current AODV draft, the originator of a RREQ can put a much bigger destination sequence number than the real one. In addition, sequence numbers wraparound when they reach the maximum value allowed by the field size. This allows a very easy attack in where an attacker is able to set the sequence number of a node to any desired value by just sending two RREQ messages to the node.
33
this makes the protocol more efficient it also makes it more complicated to secure. The problem is that a RREP message generated by an intermediate node should be able to sign it on behalf of the final destination. And, in addition, it is possible that the route stored in the intermediate node would be created as a reverse route after receiving a RREQ message (which means that it does not have the signature for the RREP). To solve this problem, SAODV offers two alternatives. The first one (and also the obvious one) is that, if an intermediate node cannot reply to a RREQ message because it cannot properly sign its RREP message, it just behaves as if it didnt have the route and forwards the RREQ message. The second is that, every time a node generates a RREQ message, it also includes the RREP flags, the prefix size and the signature that can be used (by any intermediate node that creates a reverse route to the originator of the RREQ) to reply a RREQ that asks for the node that originated the first RREQ. Moreover, when an intermediate node generates a RREP message, the lifetime of the route has changed from the original one. Therefore, the intermediate node should include both lifetimes (the old one is needed to verify the signature of the route destination) and sign the new lifetime. In this way, the original information of the route is signed by the final destination and the lifetime is signed by the intermediate node. To distinguish the different SAODV extension messages, the ones that have two signatures are called RREQ and RREP Double Signature Extension. When a node receives a RREQ, it first verifies the signature before creating or updating a reverse route to that host. Only if the signature is verified, will it store the route. If the RREQ was received with a Double Signature Extension, then the node will also store the signature for the RREP and the lifetime (which is the reverse route lifetime value) in the route entry. An intermediate node will reply to a RREQ with a RREP only if it fulfils the AODVs requirements to do so and the node has the corresponding signature and old lifetime to put into the Signature and Old Lifetime fields of the RREP Double Signature Extension. Otherwise, it will rebroadcast the RREQ. When a RREQ is received by the destination itself, it will reply with a RREP only if it fulfils the AODVs requirements to do so. This RREP will be sent with a RREP Single Signature Extension. When a node receives a RREP, it first verifies the signature before creating or updating a route to that host. Only if the signature is verified, will it store the route with the signature of the RREP and the lifetime.
34
35
algorithm requires factoring two very large numbers. The RSA site has more information in this regard. The following are the steps involved in determining the public and private keys using the RSA algorithm:
Pick p & q
n One of the public keys. It is used as the modulus. phi - Or (n) is used to find e. phi is an Euler Totient. e Is the other public key. It
Pick e
should be relatively prime to phi. i.e. gcd(e, phi) = 1. d Is the private key. It is relatively prime to phi and a multiplicative inverse of e. It is calculated using Extended Euclids Algorithm.
Figure 3.2.6 RSA Algorithm Implementation At this stage we should discard p, q, and m values. Now we have the private key d, and the public keys e and n. If we want to encrypt text, we will need to first represent it in some numeric form (say P). Then we simply apply the formula: C = Pe mod n. If we want to decrypt the cipher text C to P`, we apply the formula: P` = Cd mod n.
36
37
combination,
trust
judging.
The
Cryptographic
routing
behaviours
trusted
routing
behaviours, and trust updating. The general procedure for establishing trusts relationships among nodes and for performing routing discovery is described as follows. Imagine the beginning of an ad hoc network which contains a few nodes. Which means that the node does not trust or distrust another node but it is only uncertain about another nodes trustworthiness? Suppose node A wants to discover a route path to fl. Because the uncertainty element in As opinion towards others is larger than or equal to 0.5, which means that A is not sure whether it should believe or disbelieve any other nodes, A will use the cryptographic schemes as proposed in SAODV or some other schemes to perform routing discovery operations. After some successful or failed communications, A will change its opinions about other nodes gradually using the trust updating algorithm. The uncertainty elements in its opinions about other nodes will be mostly less than 0.5 after a period of time. By means of this procedure, each node in this MANET will form more certain opinions towards other nodes eventually after this period of initial time. Once the trust relationship is established among most of the nodes in this ad hoc network, these nodes can use our trusted routing protocol which is based our trust model to perform routing operations. Note that the trust relationships among nodes are not symmetric. That is, if node A totally trust B, B may not have the same opinion about As trustworthiness. Node A now will use the trust recommendation protocol to exchange trust information about a node, B, from its neighbours, then use the trust combination algorithm to combine all the recommendation opinions together and calculate a new option towards B. The sequent routing discovery and maintenance operations will follow the specifications of our trusted routing protocol. Note that the situation that one node first joins a MANET can be handled in the same way as at the beginning of this whole network. In this framework, the establishment of trust relationships among nodes and the discovery of route paths are all performed in a self-organized way, which is achieved by the cooperation of different nodes to exchange information and to obtain agreements without any third-partys interventions.
38
Trust Recommendation
Trust combination
Trust Judging
Trust Updating
Let U= (b g, d, i, U) denote any node A s opinion about any node fls trustworthiness in a MANET: where repress, second and third component correspond to belief- disbelief and uncertainty, respectively. These three elements sates: In this definition, belief means the probability of a node B can be trusted by a node A, and disbelief means the probability of B cannot be trusted by A. Then uncertainty U$ fills the void in the absence of both belief and disbelief, and sum of these three elements is Mapping between the Evidence and Opinion Spaces A node in MANET will collect and record all the positive and negative evidences about other nodes trustworthiness.
39
Discounting Combination-Lets consider such a situation: Node A wants to how Cs trustworthiness, then node B gives its opinion about C. Assuming A already has an opinion about B. Then A will combine the two opinions: A to B, B to C to obtain a recommendation opinion A to C. Discounting combination is for this purpose. Use Opinion to represent trust: 3-Dimensional metric
A A A A B (bB , d B , u B )
A A A We define that bB d B u B 1
40
A B
is larger than 0.5, A will trust B and continue to perform routing related
performing muting related to B. Accordingly the route entry for B in As routing table will be disabled and deleted after an expire time. In node As opinion towards node Es trustworthiness, if the third component uncertainty of opinion
A B
whenever A has interaction (or relationship) with E. In node As opinion towards node Bs trustworthiness, if the three components of opinion
A B
are all smaller than or equal to 0.5, A will request Es digital signature
whenever A bas interaction (or relationship) with B. If node B has no route entry in node As routing table, As opinion about B is initialized as (0,0,1).
41
route replies normally, etc., Bs successful events in As routing table will be increased by 1. Each time a node A has performed a failed communication with another node E, including forwarding route requests or replies abnormally, generating route requests or route replies abnormally, authenticating itself incorrectly, and so on, Es failed events in As routing table will be increased by 1. Each time when the field of the successful or failed events changes, the corresponding value of opinion will be recalculated using Equation 2 from the evidence space to the opinion space. If node Es route entry has been deleted from node As route table because of expiry, or there is no Bs route entry from the beginning, the opinion (0,0,1).
A B
will be set to
42
during this activity .As analysis produces large amount of information and knowledge with possible redundancies properly organizing and describing requirements in an important goal of this activity. 3.4.1 Problem Statement: Initial MANET routing protocols were not designed to withstand malicious nodes within the network or outside attackers nearby with malicious intent. Subsequent protocols and protocol extensions have been proposed to address the issue of security. Many of these protocols seek to apply cryptographic methods to the existing protocols in order to secure the information in the routing packets. It was quickly discovered, however, that while such an approach does indeed prevent tampering with the routing information, it also makes for a very simple denial of service (DoS) attack. 3.4.2 Existing System: The protocols such as DSDV, DSR, and AODV focused on problems that mobility presented to the accurate determination of routing information. DSDV is a proactive protocol requiring periodic updates of all the routing information. In contrast, DSR and AODV are reactive protocols, only used when new destinations are sought, a route breaks, or a route is no longer in use. As more applications were developed to take advantage of the unique properties of ad-hoc networks, it soon became obvious that security of routing information was an issue not addressed in the existing protocols. 3.4.3 Proposed System: In this project, we provide the first performance evaluations for two proposed protocol extensions to secure MANET routing. The first, SAODV, uses cryptographic methods to secure the routing information in the AODV protocol. The second, TAODV, uses trust metrics to allow for better routing decisions and penalize uncooperative nodes. . It was quickly discovered, however, that while such an approach does indeed prevent tampering with the routing information, it also makes for a very simple denial of service (DoS) attack. The system works on the java jdk1.3 or more versions, which should have knowledge in swings packages, Networking packages and works on windows 98 or more versions with 20GB Hard disk space, 128MB RAM and Pentium processor respectively.
43
The UML is appropriate for modelling systems ranging from enterprise information systems to distributed web-based applications and even to hard real time embedded systems. It is very expressive language, addressing all the views needed to develop and then deploy such systems. Learning to apply the UML effectively starts with forming a conceptual model of the language, which requires three major elements. The UML basic building blocks The rules that dictate how these building blocks may be put together Some common mechanisms that apply throughout the language.
A language provides a vocabulary and the rules for combining words in that vocabulary for the purpose of communication. A modelling language is a language whose vocabulary and rules focus on the conceptual and physical representation of a system. A modelling language such as the UML is thus a language for software blueprints.
44
4.1.1 UML is a language for visualizing: The UML is more than just a bunch of graphical symbols. Behind each symbol in the UML notation is a well defined semantics. 4.1.2 UML is a language for specifying: Specifying means building models that precise, unambiguous and complete. In particular the UML addresses the specification of all the important analysis, design, and implementation decisions that must be made in developing and deploying a software intensive system. 4.1.3 UML is a language for constructing: UML is not a visual programming language, but its models can be directly connected to a variety of programming languages. It is possible to map from a model in the UML to a programming language such as Java or C++ or visual basic or even to tables in a relational database. This mapping provides forward engineering. The generation of code from UML model into a programming language. The reverse is also possible called reverse engineering. You can reconstruct a model from an implementation back into the UML. Combining these two paths or forward code generation and reverse engineering yield round trip engineering. 4.1.4 UML is language for documenting: A health software organization produces all sorts of artifacts in addition to raw executable code. These artifacts include Requirements Architecture Design Source code Project plans Tests Prototypes Releases
45
The UML addresses the documentation of a systems architecture and all of its details. The UML also provides a language for expressing requirements and for tests. Finally, the UML provides a language for modelling the activities of project planning and release management. Where can the UML are used Enterprise information systems Banking and financial services Telecommunications Transportation Defence/air force Distributed web based services
4.2.1 Building blocks of the UML: The vocabulary of the UML encompasses three kinds of building blocks: Things Relationships Diagrams
4.2.2 Things in the UML: There are four kinds of things in the UML Structural things Behavioural things Grouping things Annotational things
46
4.2.3 Relationships in the UML: There are four kinds of relationships in the UML Dependency Association Generalization Realization
4.2.4 Diagrams in the UML: A diagram is the graphical presentation of a set of elements, most often rendered as a connected graph of vertices (things) and ares (relationships). We draw diagrams to visualize a system from different perspectives so a diagram is a projection into a system. For all but the most trivial systems, a diagram represents an elided view of the elements that make up a system. The same element may appear in all diagrams, only a few diagrams (the most common case) or in no diagrams at all (a very rare case). In theory, a diagram may contain any combination of things and relationships. In practice, however, a small number of common combinations arise, which are consistent with the five most useful views that comprise the architecture of a software-intensive system. For this reason, the UML include nine such diagrams. Diagrams in the UML are of two types Static Diagrams Dynamic Diagrams
Static diagrams consists of Class diagram Object diagram Component diagram Deployment diagram
Dynamic diagrams consists of Use case diagram Sequence diagram Collaboration diagram State chart diagram Activity diagram
47
4.3.1.2 Interface: An interface is a collection of operations that specify a service of class or component. An interface defines a set of operation specifications (that is their signatures) but never a set of operation implementations. Graphically an interface is rendered as a circle together with its name. An interface defines a set of operation specifications (that is, their signatures) but never a set of operation implementations. The declaration of an interface looks like a class with the keyword interface above the name; attributes are not relevant, except sometimes to show constants.
Interface name
Figure 4.3.1.2 A UML Interface Example
48
4.3.1.3 Collaboration: It defines an interaction and is a society of roles and other elements that work together to provide some cooperative behaviour thats bigger than the sum of the elements. Therefore collaborations have structural as well as behavioural dimensions. A given class might participate in several collaborations. These collaborations therefore represent the implementation of patterns that make up a system. Graphically, collaboration is rendered as an ellipse with dashed lines including only its name.
Chain of responsibility
4.3.1.4 Dependency: It is a semantic relationship between two things in which a change to one thing (the independent thing) may affect the semantics of the other thing( the dependent thing) . Graphically, a dependency is rendered as a dashed line, possibly directed and occasionally including a label as shown in the fig.
Semantic relationship
Figure 4.3.1.4 A UML Dependency Example
4.3.1.5 Association: It is the structural relationship that describes a set of links, a link being a connection among objects. Aggregation is a special kind of association, representing a structural relationship between a whole and its parts. Graphically, an association is rendered as a solid line, possibly directed, occasionally including a label and often containing adornments, such as multiplicity and role names as shown in the fig. 0..1 employer * employee
49
4.3.1.6 Generalization: Is specialization/generalization relationship in which objects of the specialized element (the child) are substitutable for objects of the generalized element (the parent). In this way the child shares the structure and the behavior of the parent. Graphically a generalization is rendered as a solid line with a hollow arrowhead pointing to the parent as shown in the fig.
Specialization relationship
Figure 4.3.1.6 A UML Generalization Example
4.3.1.7 Realization: A realization is a semantic relationship between classifiers, wherein one classifier specifies a contract that another classifier guarantees to carry out. You'll encounter realization relationships in two places: between interfaces and the classes or components that realize them, and between use cases and the collaborations that realize them. Graphically, a realization relationship is rendered as a cross between a generalization and a dependency relationship
50
Figure 4.3.1 Class Diagram for communication between the source and destination
Description: As shown in the above figure the class diagram explains the static design view of the system. In this the password class consists of user id and password fields to be provided by the user. The sender class i.e. the source end consists of the upload content where the user uses it to upload the data and the destination address fields where the destination end user address is entered. The RSA key class consists of the public key attributes to be entered by the source end user for encryption of the data. The Req class acts as the destination end, where it sends acknowledgement to the source end, thus the communication between the source and the destination. The RSAdecry class consists of the decrypt value and the N value attributes, which are provided by the destination user to decrypt the data.
51
4.3.2 Use case Diagram: 4.3.2.1 Use case: A use case is a description of set of sequences that a system performs that yields an observable result of value to a particular actor. A use case is used to structure the behavioural things in a model. A use case is realized by collaboration. Graphically a use case is rendered as an ellipse with solid lines, including only its name.
Place order
4.3.2.2 Actor: Actor is the user of the system, who performs action on the system and to whom the system yields an observable result of a value.
register
login
access permissions
personalize
updates
logout
52
Route mainatanence
Node j
Figure 4.3.2 Use Case Diagram for communication between the source and destination nodes
Description: The above use case diagram consists of two nodes i.e. node i and node j, where node i is the source and node j is the destination. Source node sends the route request to the destination; if the destination node accepts the route request then it sends the acknowledgement to the source, So that the nodes can send and receive the data.
53
4.3.3 Sequence diagram: Both sequence diagrams land collaboration diagrams are kinds of interaction diagrams. An interaction diagram shows an interaction, consisting of a set of objects and A sequence diagram is an their relationships, including the messages that may be dispatched among them. Interaction diagrams address the dynamic view of a system. interaction diagram that emphasizes the time-ordering diagram is an interaction diagram that emphasizes of messages, a collaboration
objects that send and receive messages. Much like the class diagram, developers typically think sequence diagrams were meant exclusively for them. However, an organization's business staff can find sequence diagrams useful to communicate how the business currently works by showing how various business objects interact. 4.3.3.1 Object: Objects are typically named or anonymous instances of class but may also represent instances of other things such as components, collaboration and nodes. 4.3.3.2 Link: A link is a semantic connection among objects i.e.; an object of an association is called as link. 4.3.3.3 Lifeline: A life line is vertical dashed line that represents the lifetime of an object. When drawing a sequence diagram, lifeline notation elements are placed across the top of the diagram. Lifelines represent either roles or object instances that participate in the sequence being modelled. 4.3.3.4 Focus of Control: A Focus of control is tall, thin rectangle that shows the period of time during which an object is performing an action. 4.3.3.5 Messages: A message is a specification of a communication between objects that conveys the information with the expectation that the activity will ensue. To show an object (i.e., lifeline) sending a message to another object, you draw a line to the receiving object with a solid arrowhead (if a synchronous call operation) or with a stick arrowhead (if an asynchronous signal). The message/method name is placed above the arrowed line. The message that is being sent to the receiving object represents an operation/method that the receiving object's class implements.
54
Node i
Network configuration
Buffer managers
Node j
RREP messege
Generate packets
Process packets
Figure 4.3.3 Sequence Diagram for communication between the source and destination nodes
Description: The above sequence diagram illustrates the dynamic behaviour of the system. As shown in the above figure the nodes i and j communicate through the network configuration. The buffer managers are used for the temporary storage of data.
Secure AODV VS Trusted AODV Protocols for MANET routing security
55
4.3.4 State chart Diagram: A state chart diagram shows a state machine, consisting of states, transitions,
events, and activities. State chart diagrams address the dynamic view of a system. They are especially important in modelling the behaviour of an interface class, or collaboration and emphasize the event ordered behaviour of an object, which is especially useful in modelling reactive systems. State diagrams depict the dynamic behaviour of the entire system. 4.3.4.1 Initial State: This shows the starting point or first activity of the flow denoted by a solid circle. This is also called as a "pseudo state," where the state has no variables describing it further and no activities.
4.3.4.2 State: A state is a condition or situation in the life of an object during which it satisfies some condition, performs some activity, or waits for some event represents the state of object at an instant of time. In a state diagram, there will be multiple of such symbols, one for each state of the Object we are discussing denoted by a rectangle with rounded corners and compartments.
4.3.4.3 Transition: A transition is a relationship between two states indicating that an object in the first state will perform certain actions and enter the second state when specified event occurs and specified conditions are satisfied.
56
4.3.4.4 Event and Action: An event is the specification of a significant occurrence that has a location in time and space. A trigger that causes a transition to occur is called as an event or action. As described above, an event/action is written above a transition that it causes.
4.3.4.5 Final State: The end of the state diagram is shown by a bull's eye symbol, also called a final state. A final state is another example of a pseudo state because it does not have any variable or action described.
data1
data2
57
Route maintanence
Figure 4.3.4 State Chart Diagram for communication between the source and destination nodes
Description: The above state chart diagram illustrates the step by step process of the system. The source end user of the system sends the route request to the destination user, if the acknowledgement is received from the destination the nodes can send and receive data. The encryption and decryption process is performed while sending the message from source to destination.
58
4.4.2 Data Flow Diagram shows: The process within the system. The data stores supporting the systems operation. The information flows within the system. The system boundary. Interactions with external entities.
4.4.3 Data Flow Diagram Symbols: Data flow diagram symbols are follows. 4.4.3.1 External Entity: An external entity is a source or destination of a data flow which is outside the area of study. Only those entities which originate or receive data are represented on a business process diagram. The symbol used is an oval containing a meaningful and unique identifier. 4.4.3.2 Process: A process shows a transformation or manipulation of data flows within the system. The symbol used is a rectangular box which contains 3 descriptive elements:
59
Firstly an identification number appears in the upper left hand corner. This is allocated arbitrarily at the top level and serves as a unique reference. Secondly, a location appears to the right of the identifier and describes where in the system the process takes place. This may, for example, be a department or a piece of hardware. Finally, a descriptive title is placed in the centre of the box. This should be a simple imperative sentence with a specific verb, for example 'maintain customer records' or 'find driver'.
Figure 4.4.3.2 Process 4.4.3.3 Data Flow: A data flow shows the flow of information from its source to its destination. A data flow is represented by a line, with arrowheads showing the direction of flow. Information always flows to or from a process and may be written, verbal or electronic. Each data flow may be referenced by the processes or data stores at its head and tail, or by a description of its contents. Figure 4.4.3.3 Data flow 4.4.3.4 Data Store: A data store is a holding place for information within the system: It is represented by an open ended narrow rectangle. Data stores may be long-term files such as sales ledgers, or may be short-term accumulations: for example batches of documents that are waiting to be processed. Each data store should be given a reference followed by an arbitrary number.
Figure 4.4.3.4 Data store 4.4.3.5 External agent: An external agent is a source or destination of data. The external agent occurs outside of the system of processes. An external agent is depicted by an overlapping rectangle.
60
Source
Route Maintenance
Find request zone and send route request to all nodes in that zone
Send and Receive data using that path With Cryptographic Encryption.
Destination
Description: The above diagram illustrates the routing protocols, route maintenance and providing the security using these routing protocols between the source and the destination.
Secure AODV VS Trusted AODV Protocols for MANET routing security
61
INPUT FILE
Network Configuration
NETWORK i Packets
NETWORK j
BUFFERS OF NETWORKS
Description: The above diagram gives the description of how the data is transferred between the source and the destination with the help of the process manager, the buffer networks consists of the data to be transferred and the Network configuration consists of the information about the protocols and the different nodes in the network.
Secure AODV VS Trusted AODV Protocols for MANET routing security
62
NETWORK CONFIGURATION
NETWORK i
NETWORK j
Generate Packets
Process Packets
Packets
BUFFERS OF NETWORKS
Description: As shown in the above figure, it gives how the source and the destinations networks communicate between each other. The Buffer networks stores the data and sends it at the time of receipt. The Input manager consists of the network configuration of the nodes and the protocols.
Secure AODV VS Trusted AODV Protocols for MANET routing security
63
5. TEST CASES
In this project work we have tested the proposed system using the java swing packages and some networking packages. In order to get an understanding for the performance of SAODV and TAODV protocols, we have implemented each of them and measured their performance through threshold and static values. In order to implement SAODV, it was necessary to have cryptographic operations. We used RSA algorithm, in which the user has to provide two prime numbers. Based on the prime numbers the public and private keys are calculated. After selecting two prime numbers the exponent and n values are calculated, then a number e is picked which is the public key such that the greatest common divisor of e and exponent value should be 1. Then d which is private key is relatively prime to exponent and multiplicative inverse of e. The encryption and decryption are done using the e andd values which are used in the formulas to encrypt and decrypt. Implementing TAODV required similar to those involved in SAODV. In this project, we used three levels of trust i.e. low level of trust, medium level of trust and high level of trust. These trust levels are measured depending on the prime numbers supplied. We have specified ranges for the three trust levels, so that when the user provides prime numbers comparison is done in which trust level does it belong to and a dialog window show the trust level. Test case 1: During the test case 1, first the user specifies the user-id and password to enter into the source end of the system. From here the user can upload the data or may do changes if any provided in the text area and should also specify the destination address correctly for the communication. In meanwhile the public and private keys are generated and the public key is used to encrypt the message and the private key is sent to destination user after the source has received the acknowledgment from it, private key is sent at the backend. When the destination user receives the message, uses private key to decrypt the message. Then the performance result is shown in a result window, which has the network performance and security risk of both the protocols measured using threshold and static values.
64
This page is the login prompt at the source end in which user-id and password fields are to be provided. If the user doesnt give correct details then login fails and gives error messages i.e., which ever the field is wrongly entered. When the user provides correct details to login, then the user-id and password fields are compared with the one provided in the code file and if the comparison goes perfectly the user can enter into the source end to send the data to destination user. If the comparison fails, error messages are displayed according to the one which has gone wrong i.e., the user-id or the password field.
65
This is the source end window with uploaded content, destination address, upload button, send button. In the uploaded content, the user provides the data or information to be sent to destination address and in that text area he can type the message directly or can also upload text file using the upload button provided in the window. The user can browse the directory using the file chooser window appears when clicked on the upload button. At the destination address text box, the user has to specify the destination address i.e., the computer name. When the user chooses file through upload button the message is displayed in the uploaded content text area and the send button is used to send the message to the destination which is provided in the destination address.
66
This page appears when the login details are correctly specified and it contains the message to be sent (i.e., given by the user) and the destination address. The uploaded content has the message which is uploaded by the user using the upload button. The destination address has the computer name of the destination is specified by the user at the source end to send the message to the destination end. The send button is used to send the data to the destination user when clicked should follow the process to encrypt the data and to keep the data secure while not tracked by the third user.
67
The above window appears when the user clicks the send button which gives the RSA Key window. Then the user has to click on the RSAKeyGen button in the RSA KEY window. The user has to provide two prime numbers P, Q respectively. If the user fails to provide prime number and instead given a random number, then it gives error message stating that provide correct prime numbers in the fields provided. The error messages are displayed at the back end i.e., in the command prompt. After providing the correct details the user can click the ok button provided in that window to generate keys.
68
The level of trust appears with the values provided in the RSA Key Generation window. In that the user specifies the prime numbers, based on the prime numbers the trust level is measured. Here the user entered into high level trust as he has specified the prime values which are greater than 100. The user has to provide correct prime numbers otherwise the trust level is not measured and it also display error message stating the user that please provide correct prime numbers so that the trust level can be measured.
69
The public and private keys are generated based on the prime numbers provided by the user and the level of trust. The public key has the exponent value and the N value, which should be noted down by the user to encrypt the message. The private key has the decryption key and the N value. The private key is given to the destination user at the backend such that the destination can receive the message using the values provided in private key. The public key exponent value is different from the private key decryption value and the N value both in public key and private key is same.
70
The exponent value and N value should be provided by the user after he generates the public and private key values using the prime numbers and level of trust. The user has to provide the correct exponent value and N value which is generated previously and the send button is used to send the encrypted message. When the user clicks the send button in RSA KEY in the backend the system is going to create a socket with the destination address specified in the enter the destination address text box. If the correct destination is found then it sends a route request to destination address and waits for the acknowledgement from the destination for to transfer message between them.
71
The
above
window
is
the
Destination
end
window
which
has
the
request
and
acknowledgement columns. In which the request message from source address is shown and the source end user is waiting for the acknowledgement from the destination end. The destination end window acts as the server and the user has to note one point in mind that before starting the client i.e. source end login window he/she has to start the server i.e. the destination end window. The computer name which is displayed in the request column of destination end the same name has to be specified as the destination address in the source end window. If the destination sends the acknowledgement then the source sends the file i.e. communication between the nodes is opened now.
72
The acknowledgement window appears whenever the destination address is found i.e. the source is going to create a socket with the destination address if the address specified is correct and then the destination sends the acknowledgement. If the user click ok button, the sender can now send the data i.e. after receiving the acknowledgement from the destination. The path from source to destination is laid down to send the message from source to destination. The source address, destination address, local address are same, as we are executing in the same system itself.
73
The
file
received
window
appears
whenever
the
source
end
user
accepts
the
acknowledgement from the destination i.e. the source is going to create a socket with the system destination address, if the destination address is found then it creates a socket with the destination. Then the destination sends acknowledgement to the source, after receiving the acknowledgement the sender can send the data now, the path from source to destination is laid down and the file is received at the destination end. When the destination user accepts the file he/she directly cannot view the message as it is encrypted and the user has to provide decryption values to view the message.
74
As shown in the above figure the destination end user will be able to receive the message after entering the decryption values. At the destination end the message is received after the request from source to destination and if the destination sends acknowledgement to source. The source can send the data now and file is received at the destination end. The receive window has a text area in which the message is displayed after entering the decryption values, as the message is encrypted by the source end user. The destination user has to provide the decryption values by clicking the receive button on the window displayed. The decryption value and N value has to be specified correctly to get the message in text format, otherwise the text will not be in human readable form.
75
In the receive window the message is received after entering the decryption values. The destination user has to provide correct decryption values to get the original text message. After receiving the original text message, the result window appears and shows the performance result which has the comparison of both the secure AODV and trusted AODV. If the secure AODV is used to send the message the security risk is 0.4% and the network performance is 95%, whereas for the trusted AODV the security risk is 19% and network performance is 75%. From this we can say that risk is more in trusted AODV than the secure AODV.
76
Test case 2: In the test case 2, we consider different values for prime numbers. And the level of trust changes w.r.to the prime numbers. In the test case 1, the user entered into high level of trust, here in test case 2 user entered into low level of trust, depending on the prime numbers the trust level is measured.
The low level of trust appears with the values provided in the RSA Key Generation window. In that the user specifies the prime numbers, based on the prime numbers the trust level is measured. Here the user entered into low level trust as he has specified the prime values within the range from 1 to 25. The user has to provide correct prime numbers otherwise the trust level is not measured and it also display error message stating the user that please provide correct prime numbers, so that the trust level can be measured.
77
Figure 5.14 Original message with performance result for other trust level 1
In the receive window the message is received after entering the decryption values. The destination user has to provide correct decryption values to get the original text message. After receiving the original text message, the result window appears and shows the performance result which has the comparison of both the secure AODV and trusted AODV. If the secure AODV is used to send the message the security risk is 0.3% and the network performance is 93%, whereas for the trusted AODV the security risk is 17% and network performance is 69%. From this we can say that risk is more in trusted AODV than the secure AODV.
78
Test case 3: In this test case the user provides different prime numbers, which changes the trust level. In test case 2 the user entered into medium level of trust, by this the performance result may change according to the trust levels.
The medium level of trust appears with the values provided in the RSA Key Generation window. In that the user specifies the prime numbers, based on the prime numbers the trust level is measured. Here the user entered into medium level trust as he has specified the prime values within the range from 26 to 100. The user has to provide correct prime numbers otherwise the trust level is not measured and it also display error message stating the user that please provide correct prime numbers, so that the trust level can be measured.
Secure AODV VS Trusted AODV Protocols for MANET routing security
79
Figure 5.16 Original message with performance result for other trust level 2
In the receive window the original message is received after entering the decryption values. The destination user has to provide correct decryption values to get the original text message. After receiving the original text message, the result window appears and shows the performance result which has the comparison of both the secure AODV and trusted AODV. If the secure AODV is used to send the message the security risk is 0.2% and the network performance is 91%, whereas for the trusted AODV the security risk is 18% and network performance is 64%. From this we can say that risk is more in trusted AODV than the secure AODV.
80
6. CONCLUSION
In this project we have compared the Secure AODV and Trusted AODV protocols for securing ad hoc network routing and presented the results of security risk and network performance of both protocols. The expected difference between the two protocols was shown to be consistent. These experiments showed that there is significant room between the two protocols for a secure hybrid protocol to be developed which takes advantage of the strongest points of both.
81
7. FUTURE WORK
Future work needs to delve further into the extensive body of work on various trust metrics. This includes the testing of other trust metrics for use in ad-hoc routing as well as developing the fore mentioned hybrid protocols and testing their performance against the results presented in this project. Future protocol designs should seek to use various new combinations of smarter, trust-based metrics and lightweight security mechanisms in order to develop hybrid protocols.
82
8. BIBLIOGRAPHY
[1] Jared Cordasco, Susanne Wetzel. Cryptographic vs. Trust-based Methods for MANET Routing Security, IEEE Volume 197, Issue 2, 2007. [2] C. N.-R. Baruch Awerbuch, David Holmer and H. Rubens. An on-demand secure routing protocol resilient to byzantine failures. In ACM Workshop on Wireless Security (WiSe), September 2002. [3] S. Buchegger and J.-Y. L. Boudec. Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks. In Proceedings of the Tenth Euromicro Workshop on Parallel, Distributed and Network-based Processing. IEEE Computer Society, January 2002. [4] Andrew S. Tanenbaum. Computer Networks, Fourth Edition, Prentice Hall PTR, 2001. [5] P. Dewan and P. Dasgupta. Trusting routers and relays in ad hoc networks. In ICPPW 03: Proceedings of the 2007 International Conference on Parallel Processing Workshops, pages 351358, 2007. [6] L. Eschenauer, V. Gligor, and J. Baras. On trust establishment in mobile ad hoc networks. Technical Report MS 2002-10, Institute for Systems Research, University of Maryland, MD, USA, October 2008. [7] Yuh-Min Tseng, A heterogeneous-network aided public-key management scheme for mobile ad hoc networks, International Journal of Network Management, v.17 n.1, p.315, January 2007. [8] T. Ghosh, N. Pissinou, and K. Makki. Collaborative trust-based secure routing against colluding malicious nodes in multi-hop ad hoc networks. In LCN 04: Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks (LCN04). IEEE Computer Society, 2004. [9] Y. Hu, D. Johnson, and A. Perrig. SEAD: Secure efficient distance vector routing for mobile wireless ad hoc networks. Ad Hoc Networks, I:175192, 2003.
Secure AODV VS Trusted AODV Protocols for MANET routing security
83
[10] Y. Hu, A. Perrig, and D. Johnson. Packet leashes: A defense against wormhole attacks in wireless adhoc networks. Technical report, Department of Computer Science, Rice University, December 2001. [11] Jian Yin , Sanjay K. Madria, ESecRout: An Energy Efficient Secure Routing for Sensor Networks, International Journal of Distributed Sensor Networks, v.4 n.2, p.67-82, April 2008. [12] Lijun Qian , Ning Song , Xiangfang Li, Detection of wormhole attacks in multi-path routed wireless ad hoc networks: a statistical analysis approach, Journal of Network and Computer Applications, v.30 n.1, p.308-330, January 2007. [13] X. Li, M. Lyu, and J. Liu. A trust model based routing protocol for secure ad hoc networks. In Proceedings of the Aerospace Conference, 2004. [14] S. Marti, T. J. Giuli, K. Lai, and M. Baker. Mitigating routing misbehavior in mobile adhoc networks. In Mobile Computing and Networking, 2000. [15] K. Meka, M. Virendra, and S. Upadhyaya. Trust based routing decisions in mobile ad hoc networks.In Proceedings of the Workshop on Secure Knowledge Management (SKM 2006), 2006.
84