Implementation of Secure AODV in MANET

See discussions, stats, and author profiles for this publication at: http://www.researchgate.net/publication/258814714 Implementation of secure AODV in MANET ARTICLE in PROCEEDINGS OF SPIE - THE INTERNATIONAL SOCIETY FOR OPTICAL ENGINEERING · MARCH 2013 Impact Factor: 0.2 · DOI: 10.1117/12.2010536 DOWNLOADS VIEWS 5 58 4 AUTHORS, INCLUDING: Noor Ul Amin Imran Memon 14 PUBLICATIONS 18 CITATIONS 36 PUBLICATIONS 13 CITATIONS Hazara University SEE PROFILE Zhejiang University SEE PROFILE Mohsin Shah Hazara University 5 PUBLICATIONS 0 CITATIONS SEE PROFILE Available from: Imran Memon Retrieved on: 14 September 2015 Implementation of Secure AODV in MANET Rizwan Akhtar, Noor Ul Amin, Imran Memon, Mohsin Shah University of Electronic Science and Technology of CHINA, SCIE, Chengdu, Sihuan 610054 CHINA ICT PTCL Acadmy. NWFP University of Engineering and Technology, Peshawar 25000 Pakistan rizwanakhtarpk@gmail.com ABSTRACT Mobile Ad hoc Networks (MANETs) comprised of autonomous and self-organizing mobile computing devices which do not have a fixed infrastructure but rather they use ad-hoc routing protocols for data transmission and reception. Ad hoc on demand distance vector (AODV) is an IP reactive routing protocol which is optimized for MANETs and it can also be used for other wireless ad-hoc networks. Nodes in network cannot perform route discovery or maintenance functions itself. This problem is resolved by using AODV as it computes the routing distance from sending node to receiving node at preset intervals. This research paper proposed Secure Routing Protocol (SRP) AODV for MANETs and its implementation. Performance of proposed SRP is compared to ordinary AODV. The simulation results reveal that proposed SRP is more efficient and secure than ordinary AODV. SRP AODV can be used for further research towards development of a commercial demand for the MANET routing protocol using Blowfish cryptosystem for encryption and decryption for secure routing in a given mobile ad hoc network. Keywords: SRP AODV, MANETS, Reactive routing, Network Simulator 1. INTRODUCTION Without any ambiguity, in the running era, MANETs are of big importance because of the fact that they don't have any fixed infrastructure for support. MANETs can easily be used to set up collaborative computing and communications wireless network in smaller areas (buildings, organizations, etc.). Direct Rad o Comm Acero Pomi o Routing in Mobile Ad hoc Network Routing in Traditional network Figure 1: Routing in Mobile Adhoc and Traditional Network Figure 1 shows routing in ad hoc networks. There is no access point in ad hoc mode so nodes are connected directly with each other and each node act as a router which then itself receives information and transfers it to other node like a router in infrastructure mode [6]. As node in Ad hoc network is free to move and can send information through direct radio communication. Therefore it is essential to provide better security in ad hoc networks. Researchers around the world have explored a variety of mechanisms to attain security of data while considering the whole network at the same time. Moreover, due to increasingly security threats to the wired networks and growing demand of mobile networks, ad-hoc network security is now becoming a hot area of research. The most common concept used in a mobile ad hoc network andother type of International Conference on Graphic and Image Processing (ICGIP 2012), edited by Zeng Zhu, Proc. of SPIE Vol. 8768, 876803 · © 2013 SPIE CCC code: 0277-786X/13/$18 · doi: 10.1117/12.2010536 Proc. of SPIE Vol. 8768 876803-1 Downloaded From: http://proceedings.spiedigitallibrary.org/ on 11/22/2013 Terms of Use: http://spiedl.org/terms network is Packet forwarding, which contains block of logically addressed packets propagating from a source to the destination through nodes [5]. The proposed work aims to provide security using Ad-Hoc on Demand distance vector Routing Protocol. In this work routing Protocol is made secure for transmission in MANETs. Routing protocols determine the path on which the routers communicate with each other using different routing algorithms. This information is instantly shared with the immediate neighbours, and then throughout the network. The behaviour and characteristics of the routing protocols and their selection depend on the type of topology being used in the network. For Mobile Ad hoc networks, which do not have fixed dedicated infrastructure, any type of routing protocols may be used. The basic idea is that a new node may announce its presence and may listen for announcements broadcast by its neighbours. Each node has information about nodes nearby and also how to reach them. The mechanism of routing protocol is based on the procedure through which the nodes select preferred routes using information about the hop count (also known as hop cost) and the amount of the time required for communication between the source and destination. Some common examples of the routing protocols are OLSR, AODV, DSR, IS-IS, RIP. Regardless of what type of routing algorithm is used, data security is another ever growing demand especially within Mobile Ad hoc networks. Data security is the only means of ensuring that data is safely transferred between the communicating devices and is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to maintain privacy, no doubt, which is an ocean of hackers and attackers. Some of the security mechanisms deployed today mainly captures hardware based security while others may deal with more software based approaches. Data Masking, Data Erasure and backups help to provide data security to some extent; Data Encryption has been identified as the best of all options for the security. The work presented in this paper mainly deals with the encryption of all sent messages and decryption of all received messages while communicating within a mobile ad hoc network using Ad hoc on Demand Distance Vector routing protocol. The remainder of this paper is organized as follows: The proposed model for secure routing protocol is introduced in Section 2. In Section 3, simulation results are illustrated and performance analysis is made in comparison with other models. Conclusion is made in Section IV. 2. PROPOSED MODEL Mobile Ad hoc networks do not provide security for a dedicated infrastructure. The issue of secure routing is very critical in ad hoc networks and some basic protocols (AODV, OLSR etc) need to offer more reliable security features. The proposed research work deals with a very basic implementation of Secure AODV for MANETs using Blowfish cryptosystem for encryption and decryption for secure routing in a given mobile ad hoc network. Encryption at Source node and decryption at the destination node is performed using the following block diagrams: (a) (b) Figure 2: (a) For encryption (b) For decryption The nodes that act routers can free to move randomly as a part of network and organize nodes themselves arbitrarily; thus, the network’s topology of wireless network may change quickly and unpredictably [3]. The behavior and characteristics of the routing protocols and their selection depends upon the type of topology being used in the network. For Mobile Ad hoc networks, which do not have fixed dedicated infrastructure [4], Ad hoc routing protocols of any type are used work mainly deals with the encryption of all messages sent and decryption of all messages received while communicating in a mobile ad hoc network using Ad hoc On-demand Distance Vector Protocol. As mentioned earlier, Blowfish encryption and decryption algorithm is kind of a tool used to make sure that all the messages Proc. of SPIE Vol. 8768 876803-2 Downloaded From: http://proceedings.spiedigitallibrary.org/ on 11/22/2013 Terms of Use: http://spiedl.org/terms transmitted on the network remain unreadable to any type of interfering entity providing fool proof security over the network. Furthermore, any sent message can only be read at a node if the destination node is also using the same protocol, so this is a part of the given network. Additionally if a node has been identified as a malicious node, newly developed protocol is capable of blacklisting it and thus informing the whole network about the node which has just been blocked so that the whole network is protected against any threat from the malfunctioning node. Usually there are other security schemes proposed to defense against more sophisticated attacks such as black hole, wormhole, rushing and similarly replay attacks in ad hoc networks [1]. The proposed research work deals with a very basic implementation and testing of Secure AODV for MANETs using Blowfish cryptosystem for encryption and decryption for secure routing In Detail mechanism of Blowfish Algorithm and AODV is explained below. 2.1. Encryption Technique Blowfish is known as a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and today it is included in a large number of cipher suites and encryption products. Blowfish provides a better encryption rate in software and no effective cryptanalysis of it has been found till date. However, the Advanced Encryption Standard now required more attention. Schneier designed Blowfish to be a general-purpose algorithm, intended as a replacement for the aging DES (data Encryption standard) and free of the problems and constraints associated with other algorithms. At that time Blowfish was released, many other designs were proprietary, encumbered by patents or were commercial or government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in open to the public domain, and can be freely used by anyone who required." Notable features of algorithm design include key-dependent S-boxes and a highly complex key schedule. 2.2. The Algorithm Blowfish consist of a 64-bit block size and having a variable key length from 32 up to 448 bits. It is composed of 16round Feistel cipher and thus uses large key-dependent S-boxes. It is similar of the structure to CAST-128, which utilizes fixed S-boxes. Figure 3 shows the working of Blowfish. Each line is representing 32 bits. The algorithm contains two sub key arrays one is 18-entry P-array and other is four 256-entry S-boxes. The S-boxes accept 8-bit input and generate 32-bit output. One entry of the P-array is utilize for every round, and after the final round, each half of the data block performed XORed with one of the two remain in unused P-entries. Figure 4.1 presents Blowfish's F-function. The work of function is to splits the 32-bit input into four eight-bit quarters, and then uses the quarters as input to the S-boxes. The outputs are added modulo 232 and then XORed to generate the Final 32-bit output. Decryption is performed exactly the same as encryption, except that of P1, P2--- P18 are used the reverse order. This is not so obvious because XOR function is commutative and associative. A common mistake that occur is to use inverse order of encryption as decryption algorithm (i.e. first XORing P17 and P18 to the cipher text block, then using the P-entries in reverse order). Blowfish's key schedule starts by Algorithm initiate the P-array and S-boxes with values that derived from the hexadecimal digits of pi, which contain no obvious pattern. The secret key is then XORed with the P-entries in required order (cycling the key if necessary). A 64-bit all-zero blocks is then ready to be encrypted with the algorithm as it stands. The resultant cipher text replaces P1 and P2. The cipher text is then encrypted again with the newly sub keys, P3 and P4 are replaced by the new cipher text. This will continue, till replacing the entire P-array and all the S-box entries. In all, the Blowfish encryption algorithm will run 521 times to produce all the sub keys about 4KB of data it is processed. Y4 SIMSe POI -1-73.43-M Figure 3: Working procedure of Blowfish Proc. of SPIE Vol. 8768 876803-3 Downloaded From: http://proceedings.spiedigitallibrary.org/ on 11/22/2013 Terms of Use: http://spiedl.org/terms In this work the blowfish algorithm has been embedded in message of AODV and the resulting new protocol has been tested using network simulator 2. In order to achieve secure routing, some functions have been added in the AODV which is explained in detail below 2.3. AODV Pure on-demand routing protocol of MANETs. A node itself does not perform route discovery or maintenance until it needs a route to another node or it offers its services. While an intermediate node using this protocol nodes that are not on active paths in a communication do not maintain routing information and thus do not participate in routing table exchanges. AODV uses a broadcast route discovery mechanism, It use hop-by-hop routing Routes that are based on dynamic table entries maintained at intermediate nodes[2] Similar to Dynamic Source Routing (DSR), but DSR uses almost source routing Local HELLO messages are used to determine local connectivity which can reduce response time to routing requests. AODV can trigger updates when necessary Sequence numbers are mostly assigned to routes and routing table entries by using supersede stale cached routing entries Every node maintains two counters Node sequence number and Broadcast ID Let us consider an example of seven nodes Node 1 want to sent information to Node 7. but does not have a route to that node hence source node broadcasts a route request (RREQ) packet to its neighbours [7] here we can see that node 1 generate a route request RREQ packet and propagate it in whole network through Node 2,3,4,5,6 and finally RREQ packet reaches node 7 by maintaining the shortest distance to destination Node by counting the number of hops Upon receiving the RREQ packet by destination Node 7 it generate route reply RREP Packet and send it to transmitting Node 1 in reverse order. Figure 4: Complete routing path for AODV Proposed work focus on that once a route is built and it is available for sending information across the communicating Node. Another worked was also done in Secure Ad hoc On-demand Distance Vector (SAODV) is a proposal for security extensions to the AODV protocol [8] against the attacks. worked presented shows that before sending any information on that available route TX Node must encrypt the information to produce cipher text by using Symmetric Blowfish Algorithm and similarly RX Node must be decrypted by using similar Algorithm to produce the original text in order to ensure the data security. 3. SIMULATION RESULTS AND COMPARISON Work mainly deals with the encryption of all sent messages and decryption of all received messages while communicating in a mobile ad hoc network using Ad hoc on demand Distance Vector. In order to achieve our target variables, structures and functions have been added to the original AODV. A blowfish Algorithm is used for cryptosystem using AODV deals with the simulation scenario that is implemented in Network Simulator. NS-2 (Network Simulator – 2) is known to be a discrete event that is a simulator targeted at networking research. NS-2 can provides substantial support for simulation of TCP, routing, and multicast protocols over both wired and wireless The results shown are the successful implementation of secure routing protocol for MANETs. The simulation results of implemented newly secure AODV also show that Blowfish algorithm does not add unbearable overhead to the network traffic and hence the delay and drop rate both for packets is not affected, when compared to original AODV. Above graphs shows the total throughput for the secure AODV after the 20 seconds time mark, the time when actual data starts transferring. An increase in the throughput is evident when it is compared to the original AODV due to the fact that an extra encryption and decryption is utilizing place for all the messages sent or received. The resulting AODV protocol has successfully been tested and is shown to be efficient and more secure when it is compared to ordinary AODV. These results obtained by the simulation in NS-2 shows that it can be used for further research towards development of a commercial demand for the MANET routing protocol. An example of such a progress is development Proc. of SPIE Vol. 8768 876803-4 Downloaded From: http://proceedings.spiedigitallibrary.org/ on 11/22/2013 Terms of Use: http://spiedl.org/terms of an intrusion detection module and its integration with the existing system in order to provide fool proof security to the MANETs when it is depending on reactive protocols. 30.Ok i 20.Ok 10.0k 80.0 100.0 Figure 5: Throughput using original AODV 45.0k O:O -> 3:0 3:0 -> O:O 40.Ok 35.Ok 30.0k 25.Ok 20.06 15.Ok 10.0k 5.0k 0.0 A 0.0 20.0 40.0 60.0 Tima 80.0 100.0 120.0 Figure 6: Throughput using proposed AODV 4. CONCLUSION The results generated from the simulation based on the scenario discussed above show that the newly developed protocol is well efficient and no continuous network disconnection is experienced with longer delays which has mostly caused due to route non-availability. SRP AODV can be used for further research towards development of a commercial demand for the MANET routing protocol using Blowfish cryptosystem for encryption and decryption for secure routing in a given mobile ad hoc network. REFERENCES [1] R. Ramanathan and J. Redi. A brief overview of ad hoc networks: challenges and directions. IEEE Communications, 40(5):20–22, 2002. [2] C. E. Perkins, E. M. Belding-Royer, and S. R. Das, “Ad hoc On-Demand Distance Vector (AODV) Routing,” IETF Internet Draft, draft-ietf-manet-aodv-13.txt, Feb. 17, 2003 (work in Progress). [3] Brooke Shrader. A proposed definition of ’ad hoc network’, 2002 [4] C. Perkins (ed). Ad hoc networking. Addison-Wesley, 2001 [5] H. Deng,W. Li, and D. Agrawal. Routing security in wireless ad hoc networks. IEEE Communications, 40(10):70– 75, 2002. [6] Karp, B., and Kung. H. T. GPSR: Greedy Perimeter Stateless Routing for Wireless Networks. Proc. 6th Annual International Conference on Mobile Computing and Networking (MOBICOM 2000), 243-254. [7] C. E. Perkins and E. M. Royer, “Ad hoc On-Demand Distance Vector Routing,” Proceedings 2nd IEEE Workshop on Mobile Computing Systems and Applications, February 1999, pp. 90-100. [8] M.G. Zapata, and N. Asokan, “Secure Ad hoc On-Demand Distance Vector Routing,” ACM Mobile Computing and Communications Review, vol. 3, no. 6, July 2002, pp. 106-107 Proc. of SPIE Vol. 8768 876803-5 Downloaded From: http://proceedings.spiedigitallibrary.org/ on 11/22/2013 Terms of Use: http://spiedl.org/terms