Security and performance enhancement of AODV routing protocol

A mobile ad hoc networks (MANET) is a decentralized, self‐organizing, infrastructure‐less network and adaptive gathering of independent mobile nodes. Because of the unique characteristics of MANET, the major issues to develop a routing protocol in MANET are the security aspect and the network performance. In this paper, we propose a new secure protocol called Trust Ad Hoc On‐demand Distance Vector (AODV) using trust mechanism. Communication packets are only sent to the trusted neighbor nodes. Trust calculation is based on the behaviors and activities information of each node. It is divided in to trust global (TG) and trust local (TL). TG is a trust calculation based on the total of received routing packets and the total of sending routing packets. TL is a comparison between total received packets and total forwarded packets by neighbor node from specific nodes. Nodes conclude the total trust level of its neighbors by accumulating the TL and TG values. The performance of Trust AODV is evaluated under denial of service/distributed denial of service (DOS/DDOS) attack using network simulator NS‐2. It is compared with the Trust Cross Layer Secure (TCLS) protocol. Simulation results show that the Trust AODV has a better performance than TCLS protocol in terms of end‐to‐end delay, packet delivery ratio, and overhead. Next, we improve the performance of Trust AODV using ant algorithm. The proposed protocol is called Trust AODV + Ant. The implementation of ant algorithm in the proposed secure protocol is by adding an ant agent to put the positive pheromone in the node if the node is trusted. Ant agent is represented as a routing packet. The pheromone value is saved in the routing table of the node. We modified the original routing table by adding the pheromone value field. The path communication is selected based on the pheromone concentration and the shortest path. Trust AODV + Ant is compared with simple ant routing algorithm (SARA), AODV, and Trust AODV under DOS/DDOS attacks in terms of performance. Simulation results show that the packet delivery ratio and throughput of the Trust AODV increase after using ant algorithm. However, in terms of end‐to‐end delay, there is no significant improvement. Copyright © 2014 John Wiley & Sons, Ltd.     

Byzantine robust trust establishment for mobile ad hoc networks

In a mobile ad hoc network (MANET), the nodes act both as traffic sources and as relays that forward packets from other nodes along multi-hop routes to the destination. Such networks are suited to situations in which a wireless infrastructure is unavailable, infeasible, or prohibitively expensive. However, the lack of a secure, trusted infrastructure in such networks make secure and reliable packet delivery very challenging. A given node acting as a relay may exhibit Byzantine behavior with respect to packet forwarding, i.e., arbitrary, deviant behavior, which disrupts packet transmission in the network. For example, a Byzantine node may arbitrarily choose to drop or misroute a certain percentage of the packets that are passed to it for forwarding to the next hop. In earlier work, we proposed a trust establishment framework, called Hermes, which enables a given node to determine the “trustworthiness” of other nodes with respect to reliable packet delivery by combining first-hand trust information obtained independently of other nodes and second-hand trust information obtained via recommendations from other nodes. A deficiency of the Hermes scheme is that a node can fail to detect certain types of Byzantine behavior, such as packet misforwarding directed at a particular source node. In this paper, we propose new mechanisms to make Hermes robust to Byzantine behavior and introduce a punishment policy that discourages selfish node behavior. We present simulation results that demonstrate the effectiveness of the proposed scheme in a variety of scenarios involving Byzantine nodes that are malicious both with respect to packet forwarding and trust propagation.     

A novel approach for mitigating gray hole attack in MANET

Mobile ad hoc network (MANET) is defined as the category of wireless network that is capable of operating without any fixed infrastructure. The main assumption considered in this network is that all nodes are trusted nodes but in real scenario, some nodes can be malicious node and therefore can perform selective dropping of data packets instead of forwarding the data packets to the destination node. These malicious nodes behave normally during route discovery phase and afterwards drop fractions of the data packets routed through them. Such type of attack is known as smart gray hole attack which is variation of sequence number based gray hole attack. In this paper, we have launched smart gray hole attack and proposed a new mechanism for mitigating the impact of smart gray hole attack. Mitigating Gray hole Attack Mechanism (MGAM) uses several special nodes called as G-IDS (gray hole-intrusion detection system) nodes which are deployed in MANETs for detecting and preventing smart gray hole attack. G-IDS nodes overhear the transmission of its neighbouring nodes and when it detects that the node is dropping the data packets which are greater than threshold value then it broadcast the ALERT message in the network notifying about the identity of malicious node. The identified malicious is then blocked from further its participation by dropping the request and reply packet. In order to validate the effectiveness of our proposed mechanism, NS-2.35 simulator is used. The simulation results show that the proposed mechanism performs slightly well as compared with the existing scheme under smart gray hole attack.     

Design and Analysis of Low Noise Optimization Amplifier Using Reconfigurable Slotted Patch Antenna

Now a days, the communication between different nodes in a Mobile Ad hoc Network (MANET) is not guarded. Various encryption mechanisms are used to protect the communication between nodes. Link failures and packet dropping due to unfaithful nodes are becoming one of the main opposition for the trusted detection of malicious nodes. A failure can occur either due to channel errors or harmful nodes in network. These attacks may have the intention of modifying the routing protocol so that the data transmission through a specific node controlled by the attacker disturbs the network topology. Thus it deteriorates the performance of network. Mutual association of dropped packets is capitalized for synthesizing the suspicious nodes in MANET. The algorithm proposed is using an efficient cryptosystem with cipher text list validator scheme and a communal auditing scheme for the validation of certificate received from individual nodes. For constructing the framework, the proposed algorithm with five phases has a network setup phase, data routing phase, communal auditing phase, error node detection phase and a data receiver phase. This framework makes the MANET node build a safe routing topology by effectively judging the harmful nodes as well as the unfaithful information accepted from supplementary nodes.     

An EDRI-based approach for detecting and eliminating cooperative black hole nodes in MANET

Mobile Ad hoc Network (MANET) is a self-configurable, self-maintenance network with wireless, mobile nodes. Special features of MANET like dynamic topology, hop-by-hop communications and open network boundary, made security highly challengeable in this network. From security aspect, routing protocols are highly vulnerable against a wide range of attacks like black hole. In black hole attack malicious node injects fault routing information to the network and leads all data packets toward it-self. In this paper, we proposed an approach to detect and eliminate cooperative malicious nodes in MANET with AODV routing protocol. A data control packet is used in order to check the nodes in selected path; also, by using an Extended Data Routing Information table, all malicious nodes in selected path are detected, then, eliminated from network. For evaluation, our approach and a previous work have been implemented using Opnet 14 in different scenarios. Referring to simulation results, the proposed approach decreases packet overhead and delay of security mechanism with no false positive detection. In addition, network throughput is improved by using the proposed approach.     

Energy and delay efficient dynamic cluster formation using hybrid AGA with FACO in EAACK MANETs

MANET is a set of mobile nodes which works in a dynamic changing network and it is capable of communicating with each other efficiently where all the nodes perform a dual role as that of a transmitter and a receiver. MANETs do not use any centralized administration for communication. The performance of a MANET can be further enhanced by adapting a cluster mechanism with the help of CEAACK to provide security from penetrators. In this paper we propose a new improved ant colony optimization algorithm with two strategies to reduce the overhead in communication by predicting mobility of node and cluster formation. Firstly, a dynamic mechanism is designed for determining one or more heuristic parameters for improving the performance of the MANET. Secondly a dynamic list of nodes are maintained which helps in forming clusters and electing the cluster head faster. In addition a dynamic broadcast approach algorithm is incorporated to provide the information about the status of the nodes to the hybrid fuzzy-ant colony algorithm. This approach ensures low maintenance cost and is expected to be robust against node failures and network topology changes. The positive outcome of these two techniques consumes low energy and in the process provides better efficiency in data transmission in MANETs. It also achieves correct delivery of packets without unnecessary delay.     

On the tradeoff between altruism and selfishness in MANET trust management

Mobile ad hoc and sensor networks may consist of a mixture of nodes, some of which may be considered selfish due to a lack of cooperativeness in providing network services such as forwarding packets. In the literature, existing trust management protocols for mobile ad hoc networks advocate isolating selfish nodes as soon as they are detected. Further, altruistic behaviors are encouraged with incentive mechanisms. In this paper, we propose and analyze a trust management protocol for group communication systems where selfish nodes exist and system survivability is highly critical to mission execution. Rather than always encouraging altruistic behaviors, we consider the tradeoff between a node’s individual welfare (e.g., saving energy to prolong the node lifetime) vs. global welfare (e.g., achieving a given mission with sufficient service availability) and identify the best design condition of this behavior model to balance selfish vs. altruistic behaviors. With the system lifetime and the mission success probability as our trust-based reliability metric, we show that our behavior model that exploits the tradeoff between selfishness vs. altruism outperforms one that only encourages altruistic behaviors.     

Hybrid MANET–DTN and a New Algorithm for Relay Nodes Selection

In this paper, a new way to a selection of the secure relay nodes in hybrid MANET–DTN networks based on the cooperation between routing, trust and game theory mechanisms is introduced. The hybrid MANET–DTN enables delivering the data or messages in the situation when communication paths are disconnected or broken and also in the emergency situations. We focus on the situations when MANET routing protocol cannot establish the end-to-end connection between source and destination nodes. In this situation, it is necessary to select relay nodes, that will be able to transport data or messages between isolated islands of mobile terminals with limited connectivity to other terminals. The proposed algorithm enables to select the relay nodes, that will come into contact with other mobile nodes located in different network areas with regards to trust and game theory. The parameter trust is computed for all mobile nodes and relies on a parameter obtained during routing and data transport processes. The game theory provides a powerful tool to select one candidate from a number of possible nodes with respect to confidence and security. Moreover, we propose a new mechanism to compute and select the trusted node, that can be used for transportation of the secure data in this hostile and disconnected environment. In order to verify the functionalities of this mechanism, we implement this mechanism into the OPNET modeler simulation environment and introduce performance analysis.     

Novel approach of distributed & adaptive trust metrics for MANET

It is known to all that mobile ad hoc network (MANET) is more vulnerable to all sorts of malicious attacks which affects the reliability of data transmission because the network has the characteristics of wireless, multi-hop, etc. We put forward novel approach of distributed & adaptive trust metrics for MANET in this paper. Firstly, the method calculates the communication trust by using the number of data packets between nodes, and predicts the trust based on the trend of this value, and calculates the comprehensive trust by considering the history trust with the predict value; then calculates the energy trust based on the residual energy of nodes and the direct trust based on the communication trust and energy trust. Secondly, the method calculates the recommendation trust based on the recommendation reliability and the recommendation familiarity; adopts the adaptive weighting, and calculates the integrate direct trust by considering the direct trust with recommendation trust. Thirdly, according to the integrate direct trust, considering the factor of trust propagation distance, the indirect trust between nodes is calculated. The feature of the proposed method is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network. Simulation experiments and tests of the practical applications of MANET show that the proposed approach can effectively avoid the attacks of malicious nodes, besides, the calculated direct trust and indirect trust about normal nodes are more conformable to the actual situation.

     

E‐TDGO: An encrypted trust‐based dolphin glowworm optimization for secure routing in mobile ad hoc network

Mobile ad hoc networks (MANETs) are independent networks, where mobile nodes communicate with other nodes through wireless links by multihop transmission. Security is still an issue to be fixed in MANETs. Hence, a routing protocol named encrypted trust‐based dolphin glowworm optimization (DGO) (E‐TDGO) is designed using Advanced Encryption Standard‐128 (AES‐128) and trust‐based optimization model for secure routing in MANET. The proposed E‐TDGO protocol includes three phases, namely, k‐path discovery, optimal path selection, and communication. At first, k paths are discovered based on the distance and the trust level of the nodes. From the k paths discovered, the optimal path is selected using a novel algorithm, DGO, which is developed by combining glowworm swarm optimization (GSO) algorithm and dolphin echolocation algorithm (DEA). Once the optimal path is selected, communication begins in the network such that E‐TDGO protocol ensures security. The routing messages are encrypted using AES‐128 with shared code and key to offer security. The experimental results show that the proposed E‐TDGO could attain throughput of 0.11, delay of 0.01 second, packet drop of 0.44, and detection rate of 0.99, at the maximum number of rounds considered in the network of 75 nodes with attack consideration.     

基于信任管理系统的可信路由器的设计与实现(英文)

This paper presents a scheme to perform QoS management and assure network security by using the trusted-router based on the Trust Management System.In this trusted-router,every IP packet is forwarded and queued by its trust value,which is the quantification of the network's expectation for this packet's and its owner's behavior in the network.We outline the algorithms to calculate the trust value of the trusted-router and the IP packet.We also introduce the trust-based QoS management algorithm and the deplo...     

A study of a routing attack in OLSR‐based mobile ad hoc networks

A mobile ad hoc network (MANET) is a collection of mobile nodes which are able to communicate with each other without relying on predefined infrastructures or central administration. Due to their flexibilities and easy deployment, MANET can be applied in situation where network infrastructures are not available. However, due to their unique characteristics such as open medium and the lack of central administration, they are much more vulnerable to malicious attacks than a conventional infrastructured wireless network. MANET employs routing to provide connectivity for mobile nodes that are not within direct wireless transmission range. Existing routing protocols in MANET assume a trusted and cooperative environment. However, in hostile environment, mobile nodes are susceptible to various kinds of routing attacks. In this paper, we show that an OLSR MANET node is prone to be isolated by malicious attack called Node Isolation attack. After analysing the attack in detail, we present a technique to mitigate the impact of the attack and improve the performance of the network when the attack is launched. The results of our implementations illustrate that the proposed solution can mitigate the attack efficiently. Copyright © 2007 John Wiley & Sons, Ltd.     

Defense against Sybil attacks and authentication for anonymous location-based routing in MANET

In MANET, providing authentication and security to location-based routing is a big task. To overcome this problem, in this paper, we proposed a defense against Sybil attacks and authentication for anonymous location-based routing in MANET. Each random forwarder has a table of RSS values estimated from the previous message exchanges across a zone to detect the Sybil attack. The difference in RSS values of two neighboring nodes is estimated based on which the node’s arrival angle into the zone is detected. Depending on the arrival angle, the nodes can be categorized as safety zone and caution zone. The messages exchanged between the RFs and senders can be protected by means of group signature. Finally, misrouting packet drop attack is detected and eliminated by using ant colony optimization technique. By simulation results, we show the proposed technique reduces the packet drop due to attacks, thereby increasing the delivery ratio.     

DECADE: Distributed Emergent Cooperation through ADaptive Evolution in mobile ad hoc networks

The scarce resources of a mobile ad hoc network (MANET) should not be wasted attending selfish nodes (those nodes that use resources from other nodes to send their own packets, without offering their own resources to forward other nodes’ packets). Thus, rational nodes (those nodes willing to cooperate if deemed worthy) must detect and isolate selfish nodes in order to cooperate only among themselves. To achieve this purpose, in this paper we present a new game theoretic trust model called DECADE (Distributed Emergent Cooperation through ADaptive Evolution). The design of DECADE is shown by first, analyzing a simple case of packet forwarding between two nodes, and then the results are extended to bigger networks. In DECADE, each node seeks individually to maximize its chance to deliver successfully their own packets, so that the cooperation among rational nodes and the isolation of selfish nodes appear as an emergent collective behavior. This behavior emerges as long as there is a highly dynamic interaction among nodes. So, for those cases where the mobility alone does not suffice to provide this interaction, DECADE includes a sociability parameter that encourages nodes to interact among them for faster learning and adaptability. Additionally, DECADE introduces very low overhead on computational and communication resources, achieving close to optimal cooperation levels among rational nodes and almost complete isolation of selfish nodes.     

Performance evaluation of mobile ad hoc networks under flooding‐based attacks

A mobile ad hoc network (MANET) is an open wireless network that comprises a set of mobile, decentralized, and self‐organized nodes. Its properties render its environment susceptible to different types of attacks, which can paralyze the mobile nodes in MANET. A particularly dangerous type of attack is run primarily under flooding bogus packet mechanisms, such as hello floods, routing table overflows, exploitation of node penalizing schemes, and resource consumption attack (RCA). Flooding‐based attacks impose severe effects because they are intended to consume MANET resources, such as bandwidth, node memory, and battery power. Therefore, identifying such effects facilitates the development of countermeasures against the intrusions. In this paper, we introduce a simulation‐based study on the effects of RCA on MANET. Qual Net v5.0.2 is used to examine the severity of the effects on MANET performance metrics in terms of throughput, end‐to‐end delay, energy consumption, and routing overhead. The effects of RCA are also monitored under two combinations of four factors: we first vary the number of attackers and attackers' positions, and then modify the attackers' radio range and flooding rate. We also examine the effect of flooding mechanism on the energy consumed by resource consumption attackers. Copyright © 2013 John Wiley & Sons, Ltd.     

Security in mobile ad hoc networks: challenges and solutions

Security has become a primary concern in order to provide protected communication between mobile nodes in a hostile environment. Unlike the wireline networks, the unique characteristics of mobile ad hoc networks pose a number of nontrivial challenges to security design, such as open peer-to-peer network architecture, shared wireless medium, stringent resource constraints, and highly dynamic network topology. These challenges clearly make a case for building multifence security solutions that achieve both broad protection and desirable network performance. In this article we focus on the fundamental security problem of protecting the multihop network connectivity between mobile nodes in a MANET. We identify the security issues related to this problem, discuss the challenges to security design, and review the state-of-the-art security proposals that protect the MANET link- and network-layer operations of delivering packets over the multihop wireless channel. The complete security solution should span both layers, and encompass all three security components of prevention, detection, and reaction.     

Trust prediction and trust-based source routing in mobile ad hoc networks

Mobile ad hoc networks (MANETs) are spontaneously deployed over a geographically limited area without well-established infrastructure. The networks work well only if the mobile nodes are trusty and behave cooperatively. Due to the openness in network topology and absence of a centralized administration in management, MANETs are very vulnerable to various attacks from malicious nodes. In order to reduce the hazards from such nodes and enhance the security of network, this paper presents a dynamic trust prediction model to evaluate the trustworthiness of nodes, which is based on the nodes’ historical behaviors, as well as the future behaviors via extended fuzzy logic rules prediction. We have also integrated the proposed trust predication model into the Source Routing Mechanism. Our novel on-demand trust-based unicast routing protocol for MANETs, termed as Trust-based Source Routing protocol (TSR), provides a flexible and feasible approach to choose the shortest route that meets the security requirement of data packets transmission. Extensive experiments have been conducted to evaluate the efficiency and effectiveness of the proposed mechanism in malicious node identification and attack resistance. The results show that TSR improves packet delivery ratio and reduces average end-to-end latency.     

Ring Mesh Based Multicast Routing Scheme in MANET Using Bandwidth Delay Product

Quality of Service (QoS) support in Mobile Ad Hoc Networks (MANETs) for group communication necessitates design of reliable networks with multicast support mechanisms. Reliable network connectivity among MANET nodes require high quality links that have much less packet drops and reliable nodes considering node mobility and failures. Reliability of a network can be enhanced by designing an end-to-end network pipe that satisfies the required QoS in terms of in-flight packets from source to a destination as well as by using a path comprising of reliable nodes. In-flight packets may be computed by using bandwidth delay product (BDP) of a network pipe. To meet the QoS requirements of an application, BDP should be maintained stable irrespective of vibrant network conditions. In this paper, we propose a BDP based multicast routing scheme in MANET using reliable ring mesh backbone. The scheme operates in the following sequence. (1) Reliable node pairs are computed based on mobility, remaining battery power and differential signal strength. The node pairs also compute BDP between them. BDP of a reliability pair is assessed using available bandwidth and delay experienced by a packet between them. (2) Backbone ring mesh is constructed using reliable pair nodes and convex hull algorithm. Reliable ring mesh is constructed at an arbitrary distance from the centroid of the MANET area. (3) Multicast paths are found by discovering a path from source to each destination of the group with concatenated set of reliability pairs that satisfy the BDP requirement. (4) The ring mesh maintains high BDP on ring links and can recover in case of node mobility and failures. Results show that there is an improvement in terms of end-to-end delay, packet delivery ratio, control overhead, memory overhead and application rejection ratio as compared to the Enhanced On Demand Multicast Routing Protocol.     

基于频率域多目标MANETs可信路由决策研究

移动Ad-hoc网络(MANETs)具有开放的媒质,动态的拓扑结构,分布式的合作和受限的网络能力等基本特点。网络中移动节点具有匿名性和高度自治的特点,网络通讯依靠在通信路径上的中间节点转发数据包,实现无线传输范围外节点间的正常通信。该文提出了一种独特的MANETs中基于频率下多目标可信路由决策算法,它和现在大多数路由算法都是在时间域下使用单一约束参数选择路由的方式截然不同。利用概率理论分析安全和可信路由,基于概率密度函数的时频相互转化,减小计算复杂度,解决MEANTs中节点间缺乏物理安全以及在低信任水平和节点相互勾结扰乱网络操作情况下,发现可信安全路由难的问题。实例分析证明了此算法的可行性。     

Performance evaluation of packet aggregation scheme for VoIP service in wireless multi-hop network

In a wireless multi-hop network environment, energy consumption of mobile nodes is an important factor for the performance evaluation of network life-time. In Voice over IP (VoIP) service, the redundant data size of a VoIP packet such as TCP/IP headers is much larger than the voice data size of a VoIP packet. Such an inefficient structure of VoIP packet causes heavy energy waste in mobile nodes. In order to alleviate the effect of VoIP packet transmission on energy consumption, a packet aggregation algorithm that transmits one large VoIP packet by combining multiple small VoIP packets has been studied. However, when excessively many VoIP packets are combined, it may cause deterioration of the QoS of VoIP service, especially for end-to-end delay. In this paper, we analyze the effect of the packet aggregation algorithm on both VoIP service quality and the energy consumption of mobile nodes in a wireless multi-hop environment. We build the cost function that describes the degree of trade-off between the QoS of VoIP services and the energy consumption of a mobile node. By using this cost function, we get the optimum number of VoIP packets to be combined in the packet aggregation scheme under various wireless channel conditions. We expect this study to contribute to providing guidance on balancing the QoS of VoIP service and energy consumption of a mobile node when the packet aggregation algorithm is applied to VoIP service in a wireless multi-hop networks.