American Journal of Scientific Research ISSN 1450-223X Issue 9(2010), pp.12-22 © EuroJournals Publishing, Inc.

2010 http://www.eurojournals.com/ajsr.htm

An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks
M. Rajesh Babu Senior Lecturer, Department of Computer Science and Engineering, PSG College of Technology Coimbatore 641004, TamilNadu, India E-mail: rajeshbabuphd@gmail.com Tel: +91 9843128310 S. Selvan Principal, Francis Xavier Engineering College Tirunelveli 627003, TamilNadu, India Abstract Limited resource availability such as battery power and security are the major issues to be handled with mobile adhoc networks. In mobile adhoc networks, an attacker can easily disrupt the functioning of the network by attacking the underlying routing protocol. Hence, security in ad hoc networks is still a debatable area. In this paper, we propose to develop an Energy Efficient Secure Authenticated Routing Protocol (EESARP) for mobile adhoc networks, that uses a lightweight, attack resistant authentication mechanism. Our protocol provides efficient security against route discovery attacks using hop-by-hop signatures. It quickly detects the malicious nodes, thus assisting the nodes to drop the invalid packets, earlier. It also uses an efficient node selection mechanism which maximizes network life time and minimizes delay. By detailed simulation studies, we show that EESARP provides better packet delivery ratio with minimized energy.

Keywords: Congestion Control, Mobile Adhoc Networks, Multicasting, admission control, multicast tree.

1. Introduction
A mobile ad-hoc network (MANET) is a multi-hop wireless network is a temporary and without infrastructure in which the nodes can move randomly. These MANETS are able to extend their wireless transmission range of each node by multi-hop packet forwarding. So these MANETS are suited for the situations in which pre deployed infrastructure support is not available. An ad hoc network doesn’t have any fixed infrastructure like base stations or mobile switching centers. Mobile nodes which are within the radio range to each other can communicate directly through wireless links whereas the nodes which are far away depend on other nodes to communicate messages as routers. In an ad hoc network the node mobility causes frequent changes of the network topology. Mobile ad hoc networks have their applications in both military and civilian circumstances due to their self-organizing and self-configuring potentials. The routing aspects of MANETs are discussed earlier, while the research activities about security in MANETs are in their beginning stage. Apart from the regular network problems MANETs

Yih-Chun Hu et al. The network performance may be degraded by the misbehavior of the nodes. and roam in the network often. selfish. a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol (DSDV). • The security scheme has to work in its own resource limits like energy supply. further reinforced by a routing protocolindependent Intrusion Detection and Response system for ad-hoc networks. (iii) Authentication of every intermediate node listed in the packet header. malicious or broken it may misbehave by not approving to forward packets. A malicious node introduces a denial of service attack by dropping packets. [3] have designed and evaluated the Secure Efficient Ad hoc Distance vector routing protocol (SEAD). An overload node does not have the CPU cycles. The protocol involves: (i) An efficient node selection mechanism for minimizing network lifetime and delay. Through the compromised nodes attackers can interrupt into the network. a signature-based IDS monitors activities on the networks and compares them with known attacks. The security algorithms which have been proposed for MANETs mostly employ lot of authentication techniques and they are not concerned with the exhausting battery power which is a very major issue involved in MANET routing. then the network topology becomes highly dynamic. and . they have used the efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. (ii) Authentication of source node by the destination node. Related Work An initial approach to detect intrusions in ad hoc networks has been proposed in [1]. To achieve protection and high network performance. and to guard against Denial-of-Service (DoS) attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time. The security system may misbehave when an attacker infiltrates the security system. • The security solution should protect the network from the intruders in both inside and outside the system. Therefore when more nodes participate in packet routing it increases the total bandwidth and decreases the possible routing paths and also the possibility of network partition. a shortcoming of this approach is that new unknown threats cannot be detected [2] proposed a secure routing protocol based on AODV over IPv6. we propose to develop an Energy Efficient Secure Authenticated Routing Protocol (EESARP) for mobile adhoc networks. a powerful security solution is needed so that • The security solution provides protection to each node in the network and the security of the entire network depends on the cumulative protection of all the nodes. However. In this work. When a node is overloaded. Ad hoc networks use all the available nodes for routing and forwarding to increase the throughput of the total network. Selvan creates new security problems.13 M. Rajesh Babu and S. The mobile ad hoc network needs more security mechanisms than in fixed networks. detection and reaction. When the nodes join or leave the network. • There are three components included in each security solutions they are prevention. buffer space or available network bandwidth to forward packets. by the destination node (iv) Confirmation of the correctness of node’s sequence in the node list by the source and destination nodes 2. which will mitigate the routing misbehavior of nodes in mobile ad-hoc networks. The traditional routing algorithms lack power-aware routing. communication capacity. In order to support use with nodes of limited CPU processing capability. Mobile users request security services when they move from one place to another due to its dynamic nature. and memory and computation capability where these schemes have been adopted by each device. In this paper. A selfish node expects other nodes to forward packets because it is not willing. SEAD has performed well over the range of scenarios they have tested.

and then corrupt the in-transit data. In [7] they have proposed a credit-based Secure Incentive Protocol (SIP) to stimulate cooperation in packet forwarding for infrastructureless MANETs. which do not incorporate security features at all. YihChun Hu et al.. and how these mechanisms are used to detect and thwart malicious attacks. While the IDS have helped detect attacks on data traffic. Moreover. They presented the first key revocation and key . In addition. The protection of the data transmission is a separate problem: an intermittently misbehaving attacker is first complying with the route discovery to make itself part of a route. which has provided a flexible. They analyzed two possible extensions to DSR to mitigate the effects of routing misbehavior in adhoc networks namely watchdog and the pathrater. if a selfish node does not forward the information packet or modifies the contents of the information packet. Ariadne has prevented the attackers or compromised nodes from tampering with uncompromised routes consisting of uncompromised nodes. They have presented the design and implementation details of their system. [5] have presented attacks against routing in ad hoc networks. Panagiotis Papadimitratos and Zygmunt J. They have observed that the processing overhead due to cryptographic operations remains low. end-to-end secure data forwarding scheme that naturally complement SRP. SecAODV incorporates security features of non-repudiation and authentication. even in spite of any active attackers or compromised nodes in the network. and they have presented the design and performance evaluation of a secure on-demand ad hoc network routing protocol. Sergio Marti. But. it does not address other threats. watchdog was used to identify the misbehaving nodes and pathrater helps the routing protocol to avoid the misbehaving nodes [12]. without relying on the availability of a Certificate Authority (CA) or a Key Distribution Center (KDC). They have presented a proof-of-concept implementation of their IDS deployed on handheld devices and in a MANET testbed connected by a secure version of AODV over IPv6-SecAODV. using only highly efficient symmetric cryptographic primitives. Though the protocol addresses the issue of packet forwarding attacks. In this scheme. In [4] they have concentrate on the detection phase and proposed a new mechanism Packet conservation Monitoring Algorithm (PCMA) can be used to detect selfish nodes in MANETs. the practical considerations involved. et al. The protocol has made use of recommendation and trust evaluation to establish a trust relationship between network entities and it uses feedback to adjust it. the destination may not be able to detect the misbehavior. The protocol does not need the support of a trusted third party and it discovers multiple routes between two nodes. Among the two. Haas [6] have discussed that the Secure Routing Protocol (SRP) counters malicious behavior that has targeted the discovery of topological information. In [9] they have proposed a novel scheme MARS and its enhancement E-MARS to detect misbehavior and mitigate adverse effects in ad hoc networks.An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks 14 it was robust against multiple uncoordinated attackers creating incorrect routing state in any other node. The 2ACK scheme that serves as an add-on technique for routing schemes to detect routing misbehavior and to mitigate the adverse effect are proposed in [8]. the acknowledgement packets are sent even though there is no misbehavior. Ariadne is efficient. described two techniques which in turn improves the throughput in an adhoc network. which results in unnecessary overhead. called Ariadne. Though the protocol addresses the issue of packet forwarding attacks. and also it has prevented a large number of types of Denial-of-Service attacks. [10] have presented their approach of securing a MANET using a thresholdbased intrusion detection system and a secure routing protocol. introduced two full functional identity-based authentication and key exchange schemes for mobile adhoc networks. Katrin Hoeper and Guang Gong. allowing the protocol to remain competitive to reactive protocols. it does not address other threats. Protection of data transmission has addressed through their related Secure Message Transmission Protocol (SMT). Patwardhan et al. Huaizhi Li and Mukesh Singhal [11] have presented an on-demand secure routing protocol for ad hoc networks based on a distributed authentication mechanism. a route failure or link failure prevents the information packets from reaching the destination.

It will discard the packet if the information is found to be wrong. It makes use of the trivial and attack resistant authentication protocol. which has already been used extensively for the analysis of key establishment protocols. called RSRP which has confiscated the problems mentioned in the existing protocols. In communication-related tasks. In order to improve the reliability of the route request packet. System Design and Algorithm Overview The Energy Efficient Secure Authenticated Routing Protocol (EESARP) is the most proficient protocol that has been proposed in this is paper. the selection of the routes are made out in such a way that the transmission and reception of packets are intelligently distributed on the network. Their framework was tailored for on-demand source routing protocols. The packet will be discarded if it is found to be changed. After key generation. but. So as to maximize the overall average battery lifetime of the nodes.based cryptographic) schemes. They utilized certain features of IBC schemes such as pre-shared secret keys from pairings and efficient key management to design MANET-IDAKE schemes which met certain special constraints and requirements of MANET's [13]. The source builds the verification information using SS list and it is included along with the route request packet. The secret key list SS that has been generated using the concept of one way hash function and public key by hashing the element of SS are the contents of temporary key pair. before the transmission of the data to target. to the best of their knowledge. receive or idle. Transmission consumes more energy than the other two modes. 3. A node may either in a mode of transmit. Moreover. In turn the destination node sends back the reply packet in the same way. which enhances the routing problem and manages the network resources of achieving fair resources usage across the network node.15 M. Syed Rehan Afzal et al. [15] have explore the security problems and attacks in existing routing protocols and then they have presented the design and analysis of a secure on-demand routing protocol. the validity of the verification of source is checked by the destination also. it has not been applied in the context of ad hoc routing so far. called endairA. it can be easily identified by the destination node with the help of MAC code. it will check for the verification information of the source using its PS. a power aware routing algorithm is used. The proposed protocol is very effective as it detects the malicious node quickly and it provides security against the route discovery attacks. When the route request reaches the target. Energy Efficient Secure Authenticated Routing Protocol 3. We have taken the AODV routing protocol as the base and modify according to the proposed protocol. the sender sends the public key to the appropriate destinations. In addition to the security features of our proposed protocol. energy consumption depends on the communication mode of a node. a MAC based authentication code is used. In this proposed protocol. . Selvan renewing algorithms for IBC (Identity. [14] have proposed a mathematical framework in which security is precisely defined and routing protocols for mobile ad hoc networks has proved to be secure in a rigorous manner. Gergely Acs et al. If in case any changes made to route request packet including the verification Information by the intermediate node.1. Rajesh Babu and S. Their approach was based on the simulation paradigm. but the general principles are applicable to other types of protocols too. unlike Ariadne. They have also proposed an on-demand source routing protocol. If the information is correct the packet will be forwarded else discarded. and they have demonstrated the use of their framework by proving that it is secure in their model. When an intermediate node receives the request. RSRP has used a very efficient broadcast authentication mechanism which does not require any clock synchronization and facilitates instant authentication. the sender should generate a temporary key pair.

3.P( Li ) (1) Where ProbN i is ENodeProb and P( Li ) is the probability of link availability P( N i ) is expressed in terms of the residual energy and P( Li ) with respect to end-to-end delay. with its shared key. it initiates the route discovery process by constructing a route request RREQ packet. between the source S and the destination D. Route Discovery Process In the proposed protocol. then the energy in the best path’s node will be used more unfairly than the other nodes in the network. It contains the source and destination ids and a request id. Assume that node N i is available for routing with a probability P( N i ) .L. 3. Efficient Node Selection 16 In order to achieve a power-aware routing algorithm. is proposed which maximizes path availability and minimizes travel time of packets. If sends the RREQ packets to those nodes whose ENodeProb values is high. which is generated randomly and a MAC computed over the request id with a key shared by the sender and the destination. N m −1 nodes are there. these nodes may fail after a short time.2. P( N i ) can be expressed as P( N i ) = R E / R I (2) Where R I is the initial energy of the node N i . ENodeProb is defined as the probability to find best nodes. Then the route request process is illustrated as below: When the destination receives the accumulated RREQ message. Therefore. ProbN i = ( R E / R I ) × P( Li ) (3) In the optimization. then the destination . it calculates the When an intermediate node receives the RREQ packet for the first time. in terms of the residual energy and end-to-end delay. once a node S want to send a packet to a destination node D. it appends its id to the list of node ids and signs it with a key which is shared with the destination. it first verifies the sender’s request id by recomputing the sender’s MAC value. It then forwards the RREQ to its neighbors. from (1) and (2) ENodeProb is. Because of their battery depletion. N 2 . and therefore it provides a good balance between selection of fast paths and a better use of network resources. If R E represents the residual energy of node N i . Each node N i estimates its ProbN i value and exchanges this information along with the HELLO packets. It then verifies the digital signature of each intermediate node. if the residual energy of the nodes is not considered. a new metric ENodeProb (Efficient node selection probability). ENodeProb for the node N i is expressed as ProbN i = P( N i ). If all these verifications are successful. Let N1. whereas other nodes in the network may still have high energy in their batteries.An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks 3. When an intermediate node receives the RREQ packet.

it is signed by the intermediate node and forwarded to the next node in the reverse route. Otherwise. It also checks for the ids of its neighbors. The route reply process is illustrated as below: In this protocol. Simulation Model and Parameters We use NS2 to simulate our proposed algorithm. If it received back the same request id from the destination. in the RREP packet. When the source receives the RREP packet.1. Rajesh Babu and S. Performance Evaluation 4. which are digitally signed by the destination. in the list. The intermediate node then verifies the digital signature of the destination node stored in the RREP packet. is valid. it means that there is no replay attack. If it is true. the channel capacity of mobile hosts is set to the same value: 2 Mbps. it first verifies that the first id of the route stored by the RREP is its neighbor. We assume each node moves independently with the same average speed. The RREP is sent towards the source on the reverse route. Our simulation settings and parameters are summarized in table 1 .17 M. The MAC of the request id. the minimal speed is 5 m/s and maximal speed is 10 m/s. The source also verifies the request id that it sent along with RREQ packet. Also. then the RREP packet is dropped. Selvan generates a route reply message RREP. then it verifies all the digital signatures of the intermediate nodes. the accumulated route from the RREQ. If all these verifications are successful. If the source does not get the RREP packet for a time period of t seconds.11 for wireless LANs as the MAC layer protocol. It has the functionality to notify the network layer about link breakage. 4. In our simulation. then the RREQ is discarded by the destination. Then the route discovery process is initiated by the source again. We use the distributed coordination function (DCF) of IEEE 802. it will be considered as a route breakage or failure. If the verification fails. It again constructs a MAC on the request id with the key shared by the sender and the destination. authentication is performed for both route request and route reply operations. If the verifications fail. When the intermediate node receives the RREP packet. The simulated traffic is Constant Bit Rate (CBR). In our simulation. it checks whether its id is in the list of ids stored by the RREP. The RREP contains the source and destination ids. 100 mobile nodes move in a 1000 meter x 1000 meter square region for 50 seconds simulation time. So the proposed protocol is efficient and more secure. In our simulation. then the source accepts the route. All nodes have the same transmission range of 250 meters. only nodes which are stored in the current route need to perform these cryptographic computations.

An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks Table 1: Simulation Settings 1000 X 1000 100 802.15. 4. of Nodes Mac Radio Range Simulation Time Traffic Source Packet Size Speed Misbehaving Nodes Pause time 4.10.8 DelRatio 0. Based On Malicious Nodes In our First experiment. Performance Metrics We evaluate mainly the performance according to the following metrics. of misbehaving nodes as 5. We compare our EESARP with the SAODV [14] and RSRP [15] protocols in presence of malicious node environment.20 and 25.3.15.2. we vary the no. Control overhead: The control overhead is defined as the total number of routing control packets normalized by the total number of received data packets. Figure 1: Attackers Vs Delivery Ratio Attackers Vs DelRatio 0. The simulation results are presented in the next section.of packets received successfully and the total number of packets transmitted.20.2 0 5 10 15 20 25 Attackers SAODV EESARP RSRP . Average Packet Delivery Ratio: It is the ratio of the number . Average end-to-end delay: The end-to-end-delay is averaged over all surviving data packets from the sources to the destinations. Results A.30.4 0.20. 25 10.11 250m 50 sec CBR 512 5m/s t 10m/s 5. 50 18 Area Size No.10.40. Average Energy Consumption: The energy consumption is averaged over all nodes.6 0.

10. Rajesh Babu and S. Figure 2 shows the results of average end-to-end delay for the misbehaving nodes 5.2 0.10. Clearly our EESARP scheme achieves more delivery ratio than the SAODV and RSRP scheme since it has both reliability and security features. Selvan SAODV EESARP RSRP Figure 3: Attackers Vs Overhead Attackers Vs Overhead 5000 4000 3000 2000 1000 0 5 10 15 20 25 Attackers Overhead SAODV EESARP RSRP Figure 4: Attackers Vs Energy Attackers vs Energy 0.3 0. we can see that EESARP scheme has slightly lower delay than the SAODV and RSRP scheme because of authentication routines .….1 0 5 10 15 20 25 Attackers SAODV EESARP RSRP Figures 1 show the results of average packet delivery ratio for the misbehaving nodes 5.25 for the 100 nodes scenario.25.19 Figure 2: Attackers Vs Delay Atackers Vs Delay 8 Delay 6 4 2 0 5 10 15 20 25 Attackers M.4 Energy (J) 0. From the results.….

25. Based On Pausetime In our Second experiment. B. we can see that EESARP scheme has less routing overhead than the SAODV and RSRP scheme since involves route re-discovery routines. we vary the pausetime as 10.….5 0 10 20 30 40 50 Pausetim e SAODV EESARP RSRP Figure 6: Pause time Vs Delay Pausetim e Vs Delay 6 Delay 4 2 0 10 20 30 40 50 Pausetim e SAODV EESARP RSRP . with 5 attackers.40 and 50. we can see that EESARP scheme has less energy than the SAODV and RSRP scheme since it has the energy efficient routing.30.20. From the results.…. 10.An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks 20 Figure 3 shows the results of routing overhead for the misbehaving nodes 5.5 DelRatio 1 0. Figure 5: Pause time Vs Delivery Ratio Pausetim e Vs DelRatio 1. From the results.10. Figure 4 shows the results of energy consumption for the misbehaving nodes 5.25.

an attacker can easily disrupt the functioning of the network by attacking the underlying routing protocol. 5. Conclusion In mobile adhoc networks. Selvan Overhead SAODV EESARP RSRP Figures 5 show the results of average packet delivery ratio for the pausetimes 10. It quickly detects the malicious nodes.50. thus assisting the nodes to drop the invalid packets.50. security in ad hoc networks is still a debatable area. we can see that EESARP scheme has slightly lower delay than the SAODV and RSRP scheme because of authentication routines Figure 7 shows the results of routing overhead for the pausetimes 10.20…. Hence. Our protocol provides efficient security against route discovery attacks using hop-by-hop signatures. we have shown that EESARP provides better packet delivery ratio with minimized energy.20…50 for the 100 nodes scenario. In this paper. we have developed an Energy Efficient Secure Authenticated Routing Protocol (EESARP) for mobile adhoc networks which uses a lightweight.20…. Rajesh Babu and S. It also uses an efficient node selection mechanism which maximizes network life time and minimizes delay.21 Figure 7: Pause time Vs Overhead Pausetim e Vs Ovehead 2500 2000 1500 1000 500 0 10 20 30 40 50 Pausetim e M. . Figure 6 shows the results of average end-to-end delay for the pausetimes 10. earlier. By detailed simulation studies. we can see that EESARP scheme has less routing overhead than the SAODV and RSRP scheme since involves route re-discovery routines. From the results. Clearly our EESARP scheme achieves more delivery ratio than the SAODV and RSRP scheme since it has both reliability and security features. From the results. attack resistant authentication mechanism.

IEEE Transactions on Mobile Computing. issue 5."Provably Secure On-Demand Source Routing in Mobile Ad Hoc Networks". in proceedings of IEEE Workshop on Mobile Computing Systems and Applications. in proceedings of conference on SCS Communication Networks and Distributed Systems Modeling and Simulation. Wei Liu. IEEE Publication Date: 26-30 Nov. Technical Report. Huaizhi Li and Mukesh Singhal. Kejun Deng. Parker. 5. 2006. Patwardhan.578-599. Kevin Lai. 2007. Jong-bin Koh. T.J. PerCom 2005. in proc. Kashyap." Ariadne: A Secure on Demand Routing Protocol for Ad Hoc Networks". “A secure incentive protocol for mobile ad hoc networks”. pp. pp. Panagiotis Papadimitratos and Zygmunt Haas. A."SEAD: Secure Efficient Distance Vector Routing for MobileWireless Ad Hoc Networks". pp: 255-265. vol 13. [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] . pp. VTC 2003-Fall.1533-1546. “A Node Misbehaviour Detection Mechanism for Mobile Ad-hoc Networks” The 7th Annual PostGraduate Symposium on the Convergence of Telecommunications. Giuli. Pramod K. Michaela Iorga and Tom Karygiannis. M. 2008. Li Zhao and José G. J."Secure Routing for Mobile Ad Hoc Networks". “Signature based Intrusion Detection for Wireless Ad-Hoc Networks: A Comparative study of various routing protocols” Vehicular Technology Conference. and Dong-kyoo Kim. Gunhee Lee. “MARS: Misbehavior Detection in Ad Hoc Networks” Global Telecommunications Conference. Yih-Chun Hu. 2005. of 6th International Conference on Mobile computing and networking. Sergio Marti.An Energy Efficient Secure Authenticated Routing Protocol for Mobile Adhoc Networks 22 References [1] Farooq Anjum and Dhanant Subhadrabandhu and Saswati Sarkar.27-31. 2006. Technical Report CACR 2006-04.6. Levente Buttya. Katrin Hoeper and Guang Gong. Balakrishnan.2313-2318. Tarag Fahad & Robert Askwith. Johnson. IEEE Conference on Wireless Communications and Networking. “An Acknowledgment-based Approach for the Detection of Routing Misbehavior in MANETs” IEEE Transactions on Mobile Computing. Liu. "Thresholdbased intrusion detection in ad hoc networks and secure AODV". Anand Patwardhan.3-13. Vol. 2003. and Istvan Vajda. "RSRP: A Robust Secure Routing Protocol for Mobile Ad hoc Networks". A. 2006. Networking and Broadcasting. 2000. YihChun Hu. Anupam Joshi. 2008. Oct."A Secure Routing Protocol for Wireless Ad Hoc Networks". pp. 2002. pp. Yanchao Zhang. Wenjing Lou. Johnson and Adrian Perrig. 11. Taqi Raza. Delgado-Frias. Adrian Perrig and David B. Centre for Applied Cryptographic Research.4. Yesha. Wireless Networks (WINET). and Mary Baker. 2006. 2007. “Secure Routing and Intrusion Detection in Ad Hoc Networks” Third IEEE International Conference on Pervasive Computing and Communications. Karygiannis and Y. Vol. T. Iorga. No."Bootstrapping Security in Mobile Ad Hoc Networks Using Identity-Based Schemes with Key Revocation". Joshi. Jing Varshney. GLOBECOM '07. Syed Rehan Afzal. Subir Biswas. 2003 IEEE 58th. 2003. 2002. Jim Parker. Rice university 2001.” Mitigating Routing Misbehavior in Mobile Ad Hoc Networks”. in proceedings of 39th Annual Hawaii International Conference on System Sciences. Gergely Acs. No. Vol.9. David B. 2007. 2007. and Yuguang Fang.

Sign up to vote on this title
UsefulNot useful