Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
An Efficient Detection and Management of False Accusations in Ad Hoc Network

An Efficient Detection and Management of False Accusations in Ad Hoc Network

Ratings: (0)|Views: 29 |Likes:
Published by ijcsis
Since ad hoc networks rely on the cooperation of all the participating nodes for routing and forwarding, the fast detection of malicious nodes is a critical issue. Therefore, the dissemination of observed behavior information of neighboring nodes is efficiently used for detecting misbehaving nodes. However, this may make ad hoc networks vulnerable to false accusation. In this paper, to detect quickly and manage the false accusations of malicious nodes in the hierarchical ad hoc network such as military tactical ad hoc network, we propose a new efficient way using a Node Weight Management Server (NWMS). The NWMS which is the upper layer node maintains a weight value for every node in their area and detects and isolates malicious nodes using the weight value of nodes. In addition, our system provides a rescuing method for incorrectly imposed weight values. By means of simulation we have evaluated the efficiency of our approach for detecting and managing misbehaving nodes. The simulation results indicate that proposed mechanism is significantly efficient for handling misbehaving nodes.

Since ad hoc networks rely on the cooperation of all the participating nodes for routing and forwarding, the fast detection of malicious nodes is a critical issue. Therefore, the dissemination of observed behavior information of neighboring nodes is efficiently used for detecting misbehaving nodes. However, this may make ad hoc networks vulnerable to false accusation. In this paper, to detect quickly and manage the false accusations of malicious nodes in the hierarchical ad hoc network such as military tactical ad hoc network, we propose a new efficient way using a Node Weight Management Server (NWMS). The NWMS which is the upper layer node maintains a weight value for every node in their area and detects and isolates malicious nodes using the weight value of nodes. In addition, our system provides a rescuing method for incorrectly imposed weight values. By means of simulation we have evaluated the efficiency of our approach for detecting and managing misbehaving nodes. The simulation results indicate that proposed mechanism is significantly efficient for handling misbehaving nodes.

More info:

Published by: ijcsis on Sep 05, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

09/05/2010

pdf

text

original

 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 5, 2010
1 of 8
An Efficient Detection and Management of FalseAccusations in Ad Hoc Network
Yunho Lee , Soojin Lee
Department of Computer & Information Science,Korea National Defense University,Seoul, South Koreayunholee@gmail.com, cyberkma@gmail.com
 
Abstract
Since ad hoc networks rely on the cooperation of all theparticipating nodes for routing and forwarding, the fastdetection of malicious nodes is a critical issue. Therefore, thedissemination of observed behavior information of neighboring nodes is efficiently used for detecting misbehavingnodes. However, this may make ad hoc networks vulnerable tofalse accusation.In this paper, to detect quickly and manage the falseaccusations of malicious nodes in the hierarchical ad hocnetwork such as military tactical ad hoc network, we propose anew efficient way using a Node Weight Management Server(NWMS). The NWMS which is the upper layer node maintainsa weight value for every node in their area and detects andisolates malicious nodes using the weight value of nodes. Inaddition, our system provides a rescuing method forincorrectly imposed weight values. By means of simulation wehave evaluated the efficiency of our approach for detectingand managing misbehaving nodes. The simulation resultsindicate that proposed mechanism is significantly efficient forhandling misbehaving nodes.
 Keywords; Ad hoc, false accusation, NWMS
. Introduction
Since ad hoc networks have no fixed infrastructure andcan be deployed fast, they can be applied to various fieldssuch as military tactical operations, emergency situation,rescue mission and establishment of temporal conference.Many technical research related with this field have beenproposed. Early research effort assuming a friendlyrelationship and cooperation between nodes mainly focusedon developing more efficient routing protocol. In recentyears, security has become a primary concern to providesecurity services, such as confidentiality, integrity,authentication, and availability, to ad hoc nodes or users [1,2, 3, 4, 5].Although security has long been an active research issuein ad hoc network, many new challenges and opportunitieshave been posed by the unique characteristics of the ad hocnetwork such as open peer-to-peer network architecture,resource limitations, shared wireless medium, and highlydynamic network topology. Moreover, since the existing adhoc routing and MAC protocols assume a trust relationshipand cooperation between mobile nodes, misbehaving nodesmay cause the performance degradation of the network aswell as the energy consumption of normal nodes. In theworst case, the network can be partitioned. Therefore,enhancing the security is critical issue in ad hoc network. The two most commonly used approaches to enhance thesecurity in ad hoc networks are prevention, the detectionand reaction mechanisms. Prevention mechanisms [6, 7, 8,9, 10, 11] pursue the object that only friendly and mutuallytrusted nodes are included into the routing path by using thecryptography algorithm, key management mechanism, andone-way hashing chains. Although ad hoc networks areinitially constructed by trusted nodes using the preventionmechanisms, some node could be compromised byadversaries that may use counterfeit information tobreakdown the network and conserve their own resources.
 
Prevention mechanisms, by themselves cannot ensurecomplete cooperation among nodes in the network. Most of vulnerabilities and the attacks in the ad hoc have been theresult of bypassing prevention mechanisms.Therefore, detection and reaction mechanisms [12, 13]are essential in ad hoc networks.
 
Most existing studiesassociated with this research are based upon the detectiontechnique of particular selfish nodes which do not providepacket forwarding to conserve their resources. But there islittle or no research to resolve the problem of bogusinformation produced by malicious nodes whichintentionally identify a normal node as a malicious node.Therefore, we focus our intention on the false accusationproblem of malicious nodes in the detection and reactionmechanisms.In this paper, we consider tactical ad hoc networks [14,15] as a hierarchical architecture and then set the upperlayer node as a
 Node Weight Management Server (NWMS)
.Main tasks of the NWMS are the weight maintenance of suspected nodes which are detected and reported byneighboring nodes, and the decision to the isolation of suspected node or nodes.
12http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 5, 2010
2 of 8
The major contributions of our paper are summarized as follows:a) Our proposed mechanism first takes care of the problemconcerning the false accusation of malicious nodes in thetactical ad hoc network.b) Our proposed mechanism can keep track of misbehavingnodes by using Misbehaving Node List (MNL) maintained by the NWMS.c) Our proposed mechanism also has the function of relieving the misidentification of normal nodes that may becaused by a temporary network error. Although normalnodes were pointed out as misbehaving nodes, those nodescan be relieved as reducing the weight value in a Suspect  Node List (SNL) maintained by each node.
The rest of the paper is organized as follows. Relatedwork is discussed in Section
. We present assumptionsand some background knowledge in Section
. We presentour proposed mechanism which can handle the falseaccusation of malicious nodes efficiently by using theNWMS in Section
. Section
shows the performanceevaluation in simulation results. Finally, we conclude thepaper in Section
.
. Related Work
Ad hoc network works properly only if the participatingnodes cooperate in routing and forwarding. However, due tothe resource-limitation of each node, it may beadvantageous for individual node not to cooperate. Thiscauses a serious problem in the wireless network becauseeach node needs to cooperate between each other. Somenode takes selfish actions such as only receiving other
node‟s service but not
utilizing their resources to prolongtheir longevity or to achieve malicious aims, such asperformance degradation and network partition, maliciousnodes may make false accusations which intentionally pointout a normal node as a malicious node.In this section we give a brief introduction about twomechanisms to enhance the security proposed for the ad hocnetwork; prevention, detection and reaction mechanisms.And then, we discuss the limitations of these mechanisms.Prevention mechanisms; Stajano and Anderson [6]authenticate users by
imprinting
in analogy to ducklingsacknowledging the first moving subject they see as theirmother. Imprinting is realized by accepting a symmetricencrypting key from the first device that sends such a key.However, a drawback of this paper is that it does notaddress routing or forwarding problems that may occur. TheSecure Routing Protocol by Papadimitratos and Hass [7]guarantees correct route discovery, so that fabricated,compromised, or replayed route replies are rejected or neverreach the route requester. However, this protocol hasbasically a handicap that assumes a security associationbetween end-points of a path.
 Ariadne
, a secure on-demandrouting protocol by Hu, Perring, and Johnson [8], preventsattackers from tampering with uncompromised routesconsisting of friendly nodes. It is based on Dynamic SourceRouting [9] and relies on symmetric cryptography only. Ituses a key management protocol called TESLA that relieson synchronized clocks, which is, arguably, an unrealisticrequirement for ad hoc networks. Sanzgiri, Dahill, Levine,Belding-Royer proposed
 ARAN 
[10], a routing protocol forad hoc networks that uses authentication and requires theuse of a trusted certificate server. However, this mechanismis vulnerable to reply attacks using error messages unlessthe nodes have time synchronization.
Secure DSR
by Kargl,Geiss [11], is recently secure routing algorithms thatcounter various attacks such as forging, modifying, ordropping of routing message. However, this mechanismonly protects the control plane, but do not secure theforwarding of data messages.As aforementioned, these prevention mechanisms for adhoc networks have only focused on providing securerouting functionality. In addition, these mechanisms basedon correlation between participated nodes, somecompromised node may cause critical problems such asnetwork partition or breakdown. Therefore, detection andreaction mechanisms are essential in ad hoc networks.Detection and reaction mechanisms; Marti, Giuli, Lai andBaker [12] propose
watchdog
and
 pathrater 
mechanism tomitigate routing misbehavior. This mechanism is employedby each node individually to observe the message sent byneighboring nodes. Watchdog mechanism relies onoverhearing the communication of neighboring nodes. If 
watchdog
identifies misbehaving nodes,
 pathrater 
helpsrouting protocols avoid these nodes. However, thismechanism has limitations. First, the detected misbehavingnode is not punished. In other words, the nodes rely on theirown watchdog exclusively and do not exchange theobserved behavior information of neighboring nodes withothers. Second
 , pathrater’s
function, search the bypassroute avoid the misbehaving nodes, which allows theserogue nodes to conserve energy. Third, whenever themisbehaving nodes want to send their message, they can join the network thus making it attractive to denycooperation. Buchegger, Boudec [13] propose a protocol,called CONFIDANT, for making misbehavior unattractive.CONFIDANT consists of the several components;
 Neighborhood Watch
for observations
 , Trust Manager 
todeal with incoming and outgoing alarm messages
 , Reputation System
to record reputations about first-handand trusted second-hand information
and Path Manager 
forpath re-ranking and deletion of paths containing maliciousnodes. It aims at detecting and isolating misbehaving nodes,thus making it unattractive to deny cooperation. However,this mechanism also has limitations. First, although itenables the isolation of malicious nodes, it is vulnerable tofalse accusation, if trusted nodes lie. Second, in case thespecific node does not exceed the predefined threshold,
13http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 5, 2010
3 of 8
which are used to distinguish deliberate malicious behavior,and move out of the range, which are shared by nodes of friend list, it needs much time to detect the movingmalicious nodes. Third, alarm messages concerningdetected malicious nodes are only sent to a friend list,which are previously registered, thus other node on this listcannot be recognized.In summary, there are several security issues in detectionand reaction mechanisms; first, the problem of how toaccurately and quickly detect false accusations. Second, theproblem of how to keep track of moving malicious nodes,which their weight values is not exceed to the predefinedthreshold. Finally, normal nodes should not be isolated dueto the ambiguous collisions. So incorrectly imposed weightvalue for well-behaved nodes must be relieved. In this paperwe present a solution of above problem.
. Assumptions and Background
 A. Assumptions
Misbehaving nodes are a severe threat to the correctrouting functionality in the ad hoc network. Beforepresenting our proposed scheme, we discuss theassumptions we made while designing the solution. For ourscheme, we assume the following characteristics.1)
 
Selfish and malicious node: Misbehaving nodes arecategorized by two types of nodes. A selfish nodewants to preserve own resources while using theservices of others. Otherwise, a malicious node thatis not primarily concerned with power saving butthat is interested in attacking the network in order tobreakdown or partition into the network.2)
 
Promiscuous mode operation: We assume wirelessinterfaces that support promiscuous mode operation.This means that if node A is within range of node B,it can overhear communications to and from B evenif those communications do not directly involve A.3)
 
No colluding nodes: Since this mechanism aim at thespecial circumstance, we assume there is nocolluding between neighboring nodes in a path fromsource to destination.4)
 
As using region key sharing between upper layer andlower layer, it is protected overlay regions. And asusing pair-wise key between neighboring nodes, itcan authenticate each other.
 B. Background 
- Multipath establishment procedure(based on AODV)
To quickly send the information at the destination nodewithout delay time, we propose the establishment of multiple paths less than four while detecting the routingpath. If routing protocols can discover multiple paths, it caneasily switch to an alternative path when the primary pathappears to have failed.Proposed multipath establishment procedure basicallyfollows those of AODV[16]. However, to establishmultipath, the destination node not unicasts a route reply(RREP) packet but sends the RREP to each neighborforward a route request (RREQ) packet. Using themultipath is more useful than a single path because of notneeding to rebroadcast RREQs for another path discoverywhen the primary path appears to have failed. And alsotraffic overheads for multipath establishment are less thanthose of broadcasting RREQs for path discovery becausemultipath establishment only temporally requires thememory capacity of several nodes.Multiple path establishment procedure is done infollowing steps.1)
 
The source node initiates the path discovery bybroadcasting the RREQ to its neighbors when thesource node needs to communicate with another nodefor which it has no routing information in its table.The RREQ contains the following fields :
<source_addr, source_sequence_#, broadcast_id,dest_addr, dest_sequence_#, hop_count>
.2)
 
Each neighbor rebroadcasts the RREQ to its ownneighbors after increasing the hop_count until reachthe destination node. If an intermediate node hasalready established the path information for thedesired destination in a route table, it drops the RREQand unicasts the RREP back to its neighbor fromwhich it received the RREQ.3)
 
Eventually, the RREQs will arrive at the destinationnode through various paths. As the RREQs travelfrom the source to the destination, it automatically setsup
the reverse paths
from all nodes back to the source.The destination node unicasts the RREP back to eachneighbor which forwards the RREQs until the thirdarrival order. As the RREPs travel to the source, theprimary and alternate paths are constructed.
. Detection and Management of FalseAccusations
 
As aforementioned, there have been several mechanismsto detect misbehaving nodes. However, these studies showthat the network is still vulnerable if misbehaving nodesmake a maliciously false accusation about normal nodes.This is a serious problem owing to the possibility of isolating normal nodes from the network. To solve thisproblem, we propose a new efficient mechanism fordetecting and managing false accusations of maliciousnodes.
 A. Threat Model 
There has been no research on efficient mechanisms todetect false accusations. Let us consider the scenariopresented in Figure 1. Even though node C correctly
14http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->