Professional Documents
Culture Documents
Assistant Professor ,Department of Computer Science ,PSGR Krishnammal College for Women Coimbatore, INDIA.
Research Scholar , Department of Computer Science, PSGR Krishnammal College for Women ,Coimbatore, INDIA.
Email : vijigripsy@gmail.com, kanchumsc@gmail.com
ABSTRACT: In the recent trends, wireless networks and Mobile Ad-hoc Network (MANET) have yielded tremendous opportunity and
popularity. This opportunity and popularity insisted on many kinds of research to focus on it. This highly flexible nature of the MANET also
creates many network performance-related and security related issues. Various security vulnerabilities threaten the process in MANET in
various ways. Sequence number attacks such as grey hole and black hole attacks are such dangerous attacks that significantly weaken the
functioning and performance of the network in different situations. The proposed approach generates a fusion outline and that organizes with the
Ad hoc on-demand distance vector (AODV) routing protocol to moderate these attacks. The new and modified protocol is named as SRD-
AODV (Secure Route Discovery-Adhoc On-Demand Distance Vector) protocol. This protocol contains different components and methods to
provide both proactive and reactive solutions by deploying effective authentication using the Elliptic Curve Diffie-Hellman algorithm (ECDHA)
methods. This also aims to secure the data packets and routing table information and finally the incursion detection and prevention from
sequential attacks in MANET. The performance of this protocol is measured with the help of performance parameters such as packet delivery
ratio, and delay. The SRD-AODV protocol also compares with attacked AODV and other existing protocols.
KEYWORDS—MANET, Sequential Routing Attacks, AODV, Cryptography, Black hole attack, Grey hole attack, Denial of Service
I. INTRODUCTION
The wireless network is widely used in a variety of applications. This marvelous growth is achieved because of the MANET
nature such as dynamic infrastructure, instant topology [1]. The network generation can be dynamic and can set up anytime and
anywhere. This highly flexible nature also creates many networks performance-related and security related issues. Various security
vulnerabilities threaten the process in MANET in various ways. Sequence number attacks such as grey hole and black hole attacks
[2] are such hazardous attacks that greatly weaken the functioning and performance of the network in different situations. Sequence
number attacks and black hole attacks destroy certain count of data packets and discard them by deploying false routes and
modifying the routing information. In the past, many researchers offered different solutions for detecting the sequence number
attacks. In this research, a new technique and routing protocol are developed to proactively identify those attacks in MANET. This
also helps to eliminate the false nodes in the network who are frequently misbehaving. The proposed SRD-AODV (Secure Route
Discovery-Adhoc On-Demand Distance Vector) protocol contains secure neighbor node discovery for secure route discovery by
selecting trusted node detection, hybrid cryptographic methods to secure the data packets and routing table information’s and
finally the incursion detection and prevention from sequential attacks in MANET. The proposed secure routing protocol finds
legitimate nodes, provides a cryptographic shield to data packets using hybrid cryptography. This protocol also detects attacks that
are implemented by malicious nodes and prevents these malicious nodes from routing by isolating them from the network with
many restrictions. The popular open-source Network Simulator is used in simulations. The SRD-AODV protocol also compares
with attacked AODV and other existing MANET protocols [3]. The proposed SRD-AODV routing protocol can guarantee that data
packets travel through the network with maximum security. It achieves all security primitives such as authentication, non-
repudiation, confidentiality, and integrity in a malicious environment. This SRD- AODV protocol guarantees that only legitimate
nodes can participate and also achieves access control over the participants by distributing authentication keys before the routing
process begins.
The remaining part of the paper is ordered as follows: Section 2 signifies the existing methodology addressing routing security
of ad-hoc networks with a predictive methodology. Section 3 emphasis the working procedure of the suggested work. Section 4
discusses the implementation and results of our proposed methodology and finally, Sect. 5 concludes the paper.
II. LITERATURE REVIEW
In MANET, the Sequence number attacks like a black hole, wormhole, and DOS attacks can degrade the network performance.
This is because of inconsistent security mechanisms in existing routing protocols. From this motivation, many researchers
developed and analyzed different security solutions to detect malicious sequential attackers in the network. In this part, we discuss
several security methods proposed in the literature against sequential attacks.
1|Page
In [5] the author checked the performance of AODV under the influence of the black-hole attack. In sequential attacks, black hole
attack is also a primary type, so authors concentrated on the black-hole attack detection and removal. This has been done using
cryptography technique RC6 to secure the network. Authors also used QOS parameters like PDR, throughput, energy, and delay
and compared the results. The results show an increased packet delivery ratio.
In [6] authors developed a new approach named Extended Data Routing Information (EDRI), which can perceive the adversaries
in the network. This EDRI tracks all the data packets in the network and discards the packets which are not within the predefined
threshold limit. So, it especially maintains the EDRI table and from that table, the data packets sent and received are gathered. In
this approach, the neighboring nodes are frequently tracked with the help of promiscuous mode. The neighbor node is considered
as an adversary if it drops data packets more than the threshold limit.
In [7] authors detected the sequential attack by checking its sequence no at the period of route discovery. Like EDRI, this paper
also detects with a threshold value using DPRAODV (A Dynamic Learning System against Black-hole attack in AODV). In this
approach, the threshold value is keep informed dynamically within the time gap. The attack can be detected if the sequence no is
higher than the threshold value. After successful detection, the node announced as a malicious node that performed the sequential
attack. This creates an alarm packet to inform about the attacker node to all the nodes in the network. This alarm packet will
protect nodes by ignoring the attacker in the routing process.
Later in [8], an enhancement to the EDRI approach is presented. This technique comprises a preventive method along with the
detection mechanism. To accomplish this, the methodology employing an alarm packet similar in [7] to observant all the nodes in
the system concerning the identified malicious nodes with the aid of data routing tables. In [9], the author noticed a black hole
attack by counting the RREP packet, if a node sends one RREP then that node is considered as a valid destination. If it receives
more than one RREP then one of them the message is from the appropriate destination and other messages are created by the
malicious node. The author also upholds Route Reply Table (RRT) which records sequence no. and arrival time of the RRRP
message. A modified AODV is used to achieve the black hole detection in MANET.
In [10], a trust-based approach is developed. In this approach, the past data communication is analyzed and trust values are
calculated. This is based on the total successful packets transmitted by the node in the network. These trust values are frequently
updated in the network and verified before accepting the RREP. If the forwarding node is reliable and falls on the routing table
with trust value, then the RREP is accepted otherwise it will be rejected.
In [11], the author projected nested message authentication (NMAC) for hop-by-hop authentication. It provides security to the
routing packets in AODV and it also prevents most often occurred attacks such as black hole attacks, modifying routing
information and impersonation attacks. Here author used to summit authentication where nodes by validating all types of routing
control packets. The constant verification cannot be used for substantiating the packet like RERR messages where the intention is
not précised. This system has extremely compact overhead.
In [12], the authors offered cooperation based defense mechanism (CBDM) scheme, which determines the cooperation value for
every node. The cooperation value is formulated using the prospect model. Based on the value, the node is recognized as a normal
node or suspicious node. In this case, the node will be considered as malicious if the cooperation value of a node exceeded the
threshold value. Besides, for accurate verification, a bait request is sent to the mistrustful node. From the process, the mistrustful
node can be detected. This can be done by analyzing the reply from the node for the bait request. In [13], the authors enhanced the
earlier works and developed a cooperative bait detection scheme, where the source node chooses the cooperating neighbor as the
bait destination address. This changes randomly every time. The source node then breeds a bribe appeal by picking the nearby as
the destination and then transmits the bait request for a route to that destination to direct the malicious node. The malicious node
recognition is the same as in CBDM. In [14], authors detected a black hole attack by allocating two IP addresses to the node such
as the valid IP address and invalid IP address. Without the attacker's background, all nodes forward packets normally which are
received from nodes but a reply to invalid address send by the attacker node
In [15], another trust-based approach is suggested to make the use of altered mechanism where the data broadcast is supported via
the nodes involving privileged trust value. The trust value is formulated depending on the packets replaced connecting the nodes
at the period of the transaction.
In [16], the max out value estimation approach is obtainable. In this advance, the node receiving the RREP packet computes a
threshold value of the destination sequence number in each transaction. This threshold value is considered with the assist of the
three constraints, specifically, the sum of RREQs received and the sum of RREPs received and the routing table sequence
number. If the RREP established by the node posses a elevated sequence quantity than the calculated threshold value, that RREP
packet is redundant and the sender of that RREP packet is measured as a malicious node and that malicious node is disqualified
from the route.
In [17], a graph-based approach is offered. In this approach the nodes with adjoin for a graph-like structure where each node
scrutinizes the control packets delivery of the nearby nodes. Based upon the frequency of the communication, the nodes are
allocating a fielder value which facilitates in choosing the succeeding hop for determining the route. Finally, in [9], [18] and [19]
a black hole attack scenario in AODV protocol by the author has simulated. The author defines a black hole when the attacker
impersonates by sending fake RRE to the source node from the destination node that initiates route discovery and attracts traffic
from the source node. The results show a significant worsening the network performance in Ad-hoc On-Demand Vector protocol.
2|Page
From the above literature, we analyzed many approaches that are based on trust-based and incorporated into the existing AODV
protocol. Based on these analyses, the proposed work developed a new cost-effective protocol.
Node
Node
Authentication
Secure
Neighbor Node Isolation
discovery
discovery
Secure
Secure Route
Route Detection of
Detection of
Establishment
Establishment Malicious
Malicious nodes
nodes
1) Node Authentication:
It is the process of authenticating mobile nodes and later every node will be verified for secure transmission. This validates the
nodes by their identity. Due to limited network resources in MANET, it is important to design an effective method for node
3|Page
authentication. The proposed SRD-AODV performs node authentication in a demand scenario. For secure key generation and
sharing “Elliptic-curve Diffie–Hellman (ECDH) algorithm” is used. The ECDHA algorithm provides a better key generation and
secure key exchange over MANET. ECDHA is suitable for high dynamic mobile applications due to its less computing power
compared with RSA. ECDHA is based on private and public key pairs.
Secure Neighbor Discovery and route establishment: The secure node discovery process selects the best neighbor node, which
has the least chances to be a malicious node in the network. So, initially, five steps are performed to detect a secure neighbor.
1] Using Elliptic-curve Diffie–Hellman (ECDH), which is an unidentified key agreement protocol which permits two nodes,
each having an elliptic-curve public-private key pair. By means of this node is recognized and a mutual secret over an insecure
channel. Here for each node in the transaction region a pair of a public key and private key generated. The key generation process is
done with the following equation 1.
n
ki=∑ n Keygen( Pri ¿ ¿ k + Pubk ¿) ¿ ¿ (1)
i=0 k
()
Here, ki is a Key generation process of each node I, n is the total number of active nodes in the region, Pri K is the private key,
Pubk is the public key. From the private and public key pairs, the anonymous key is generated.
2] After generating an anonymous key pair for each node. Then a packet request broadcasts by the source node, which is called a
handshaking process. The initial HELLO packet is sent to its neighbor along with its public key. Here the ECDH provides an
anonymous key exchange in the handshaking process also.
n
S=∑ n Broadcast (¿❑ ki+ Pubk ¿ )¿ ¿
i=0 k
() (2)
Here, S is the source node, which broadcasts the request packet to all neighbors with the anonymous key ki and its public key
Pubk.
3] After receiving the request packet from S, it verifies the key and adds that node as a neighbor with its public key along with its
time value. Equation 3 shows the verification process done at receiver side R. Here T is the time value.
R=Verify (ki , Pubk , T ¿ (3)
4] In the selected region, every mobile node sends a reply to the handshaking message along with the ID. From this, a trust node
list is generated.
ReceiverReply (ki , Pubk , T ¿−→ S (4)
5] If the received packet contains timestamp value, then it will send RREQ to that. The responses are valid for a particular time
window. After that, the source node self-authenticates to each of its first-hop neighbors by fetching the reply that it received from
them and adds them into the expected trusted neighbor list.
ND=validate (Reply (ni)) add to (TNL) (5)
Here ND, is the neighbor node discovery process, which validates and adds from the reply received from every node. The secure
anonymous key is hidden in the reply packet. If the validation is successful, then the node with its anonymous
After completion of the secure neighbor discovery phase, the route is discovered by adding the link between nodes. For sample,
from the network, the path will be S1234….. D11. This process is a proactive manner, if the valid node acts as a
vulnerable part, then our reactive incursion detection system helps to find and eliminate the node in the network for a particular
period. Figure 2 indicates the overall flow of the proposed hybrid framework for secure neighbor and route discovery process
against sequential attacks.
Here the anonymous key is used to identify the frequent, infrequent and rare malicious behaving nodes. The remaining nodes can
quickly get information about their neighbors. After detecting malicious nodes and their activities the node can be classified into
malicious or legitimate. This outcome category will be added to the data packet at the time of RREP, so the protocol can select the
best route from the RREP and the value over on it. The secure routing mechanism should be proactive, but in MANET, the
proactive process is not always possible.
So the proposed system works in both a proactive and reactive manner. In this way, pre-path security is achieved in SRD-AODV
protocol. SRD- AODV routing protocol provides assurance that such malicious node should not able to join the network and
providing hazards to other nodes or routes.
4|Page
Start
Node Parameters
No
Initialization success
Yes
RREQ
Neighbor Discovery process (ND) Key broadcast with hello packet
If timely reply
Key and time verification
Yes
Verify neighbor, sequence and transmit data
5|Page
C. Simulation Results:
Delay:-Delay is calculated by taking the difference between the time when the first packet was transmitted by source and time
when the first packet successfully reached the destination.
Delay = Received Packet Time – Send Packet Time
We calculate end-to-end delay as we take the time of packet generation and time when a packet received at destination and then
we take the difference. Figure 3 shows the performance comparison of Existing AODV, EDRI-AODV and proposed SRD-AODV
protocols in terms of total end-to-end delay value. Here the delay value is calculated for each protocol and compared with the
proposed system.
Figure 3 shows the end-to-end delay for all the techniques and compared with the proposed system. It represents the total time
taken to transmit the data from source to the destination after successful attack verification using the modified protocol, When the
number of mobile nodes is above 100, overhead occurs, leading to the increase in delay. The use of ECDH and region-based
verification in AODV reduces the delay by 85% when compared to the AODV protocol.
End-to-End Delay(Nodes vs Delay)
18
16
14
12
Delay(sec)
10
8
6
4
2
0
10 30 50 80 100 120 150
No.of. Mobile users
AODV EDRI-AODV
SRD-AODV
105
100
95
90
85
80
75
70
10 30 50 80 100 120 150
No.of. Mobile users
AODV EDRI-AODV
SRD-AODV
6|Page
Fig 4. Packet Delivery Ratio
More mobile users will reduce the PDR because the source found more alternate routes and PDR gets increased in Figure 4.
But, SRD AODV has more PDR by 4.92% than EDRI-AODV and 12.23% than AODV because SRD-AODV avoids attacks in-
network and routes work perfectly and avoid packet drop and link failures.
IV. CONCLUSION
Due to easy deployment, high mobility, dynamic infrastructure wireless technologies attained more demand. In this
network, lots of security malfunctions happening differently by different scenarios. Due to this issue, security for routing of data
packets becomes a most confronting issue and needs to be solved with a variety of perceptions. To achieve high security over
MANET routing and security against sequential attacks, the proposed system developed a hybrid framework with secure neighbor
discovery, node authentication using ECDHA and incursion detection and isolation process. The hybrid framework is incorporated
with the AODV protocol and changed as SRD-AODV. In SRD- AODV routing protocol, security is provided in two stages such as
security to route and security to data. In the first stage, neighbor and route security are measured; this includes secure Neighbor
Discovery, which can detect legitimate nodes and non-legitimate nodes. Here, in the SRD-AODV protocol, non-legitimate nodes
are prevented before the routing process begins. By using the best authentication system and a secure neighbor discovery algorithm
in AODV can identify malicious nodes and avoid such a link for the routing process. The proposed work achieves good attack
detection rated and improves the packet delivery. The proposed work provided results with 150 mobile nodes, in future the
approaches can be expanded to more number of mobile nodes in different types of MANET protocols.
DATA AVAILABILITY
Data used to support the findings of this study are available upon request.
REFERENCES
[1] R. H. Jhaveri and N. M. Patel, “Mobile ad-hoc networking with AODV: A review,” Internation Journal of Next-Generation Computing, vol. 6, no. 3, pp.
165–191, 2015.
[2] D. Patel and K. Chawda, “Blackhole and gray hole attacks in MANET,” in Proceedings of the International Conference on Information Communication and
Embedded Systems (ICICES ’14), pp. 1–6, Chennai, India, February 2014.
[3] Nurcahyani, Ida, and Helmi Hartadi. "Performance Analysis of Ad-Hoc On-Demand Distance Vector (AODV) and Dynamic Source Routing (DSR) Under
Black Hole Attacks in Mobile Ad Hoc Network (MANET)." 2018 International Symposium on Electronics and Smart Devices (ISESD). IEEE, 2018.
[4] Yuan, YuHua, HuiMin Chen, and Min Jia. "An optimized ad-hoc on-demand multipath distance vector (AOMDV) routing protocol." 2005 Asia-Pacific
Conference on Communications. IEEE, 2005.
[5] Prachi D. Gawande, Yogesh Suryavanshi, member, IEEE, “Cryptography Based Secured Advanced on Demand Routing Protocol in MANET's. ”, 978-1-
4799-8081-9/15/$31. 00 © 2015 IEEE,pp-1478-1481.
[6] G. Singh Bindra, A.Kapoor, A.Narang, and A.Agrawal, “Detection and removal of co-operative blackhole and grayhole attacks in MANETs,” in
Proceedings of the International Conference on System Engineering and Technology (ICSET ’12), pp. 1–5, Bangdung, Indonesia, September 2012.
[7] Payal N. Raj and Prashant B. Swadesh (2009) “DPRAODV: A Dynamic Learning System against Blackhole attack in AODV based MANET”, International
Journal of Computer Science, Vol. 2.
[8] D. Patel, R. H. Jhaveri, and S. N. Shah, “I-EDRI Scheme to Mitigate Grayhole Attack in MANETs,” Advances in Intelligent Systems and Computing, vol.
309, no. 2, pp. 39–43, 2015.
[9] Tarek M. Mahmoud, Abdelmgeid A. Aly, Omar Makram M, “ A Modified AODV Routing Protocol to Avoid Black Hole Attack in MANETs", International
Journal of Computer Applications (0975 – 8887) Volume 109 – No. 6, January 2015,pp-27-33.
[10] R.H. Jhaveri,N. M. Patel, and D. C. Jinwala, “Acomposite trust model for secure routing in mobile ad-hoc networks,” in Adhoc Networks, J.H. Ortiz, Ed.,
chapter 2, pp. 19–45, Intech, 2017.
[11] K. V. Arya, Shyam Singh Rajput," Securing AODV Routing Protocol in MANET using NMAC with HBKS Technique", 2014 International Conference on
Signal Processing and Integrated Networks (SPIN), 2014 IEEE,pp-281-285.
[12] J. P. Bhoiwala and R. H. Jhaveri, “Cooperation based defense mechanism against selfish nodes in DTNs,” in Proceedings of the 10th International
Conference on Security of Information and Networks (SIN ’17), pp. 268–273, October 2017.
[13] J.-M. Chang, P.-C. Tsou, I. Woungang, H.-C. Chao, and C.- F. Lai, “Defending against collaborative attacks by malicious nodes in MANETs: A cooperative
bait detection approach,” IEEE Systems Journal, vol. 9, no. 1, pp. 65–75, 2015.
[14] Reza Amiri, Marjan Kuchaki Rafsanjani, and Ehsan Khosravi ,“Black Hole Attacks Detection by Invalid IP Addresses in Mobile Ad Hoc Networks”, Indian
Journal of Science and Technology, Vol 7(4), April 2014,pp.401–408.
[15] N. Schweitzer, A. Stulman, R. D. Margalit, and A. Shabtai, “Contradiction based gray-hole attack minimization for ad-hoc networks,” IEEE Transactions on
Mobile Computing, vol. 16, no. 8, pp. 2174–2183, 2017.
[16] H. Shen, C. Gao, D. He, and L. Wu, “New biometrics-based authentication scheme for multi-server environment in critical systems,” Journal of Ambient
Intelligence and Humanized Computing, vol. 6, no. 6, pp. 825–834, 2015.
[17] Y. Liu and W. Trappe, “Topology adaptation for robust ad hoc cyberphysical networks under puncture-style attacks,” Tsinghua Science and Technology,
vol. 20, no. 4, pp. 364–375, 2015.
[18] Ghonge Mangesh and S. U. Nimbhorkar, “ Simulation of AODV under Black hole Attack in MANET”, International Journal of Advanced Research in
Computer Science and Software Engineering", 2012.
[19] Nabarun Chatterjeea, Jyotsna Kumar Mandalb, “Detection of Blackhole Behaviour using Triangular Encryption in NS2”,Elsevier, Procedia Technology 10
( 2013 ), pp-524 – 529.
7|Page
8|Page