Security upgrade against RREQ flooding attack by using balance index on vehicular ad hoc network

VANET is an ad hoc network that formed between vehicles. Security in VANET plays vital role. AODV routing protocol is a reactive or on-demand routing protocol which means if there is data to be send then the path will create. AODV is the most commonly used topology based routing protocol for VANET. Using of broadcast packets in the AODV route discovery phase caused it is extremely vulnerable against DOS and DDOS flooding attacks. Flooding attack is type of a denial of service attack that causes loss of network bandwidth and imposes high overhead to the network. The method proposed in this paper called Balanced AODV (B-AODV) because it expects all network node behave normally. If network nodes are out of the normal behavior (too much route request) then they identified as malicious node. B-AODV is designed with following feature: (1) The use of adaptive threshold according to network conditions and nodes behavior (balance index) (2) Not using additional routing packets to detect malicious nodes (3) Perform detection and prevention operations independently on each node (4) Perform detection and prevention operations in real time (5) No need for promiscuous mode. This method for detection and prevention flooding attack uses average and standard deviation. In this method each node is employing balance index for acceptation or rejection RREQ packets. The results of the simulation in NS2 indicates B-AODV is resilience against flooding attack and prevent loss of network bandwidth. Comparing between AODV with B-AODV in normal state (non-attacker) shows B-AODV is exactly match with AODV in network performance, this means that the B-AODV algorithm does not impose any overhead and false positive to AODV.     

Energy Efficiency Routing with Node Compromised Resistance in Wireless Sensor Networks

For the energy limited wireless sensor networks, the critical problem is how to achieve the energy efficiency. Many attackers can consume the limited network energy, by the method of capturing some legal nodes then control them to start DoS and flooding attack, which is difficult to be detected by only the classic cryptography based techniques with common routing protocols in wireless sensor networks (WSNs). We argue that under the condition of attacking, existing routing schemes are low energy-efficient and vulnerable to inside attack due to their deterministic nature. To avoid the energy consumption caused by the inside attack initiated by the malicious nodes, this paper proposes a novel energy efficiency routing with node compromised resistance (EENC) based on Ant Colony Optimization. Under our design, each node computes the trust value of its 1-hop neighbors based on their multiple behavior attributes evaluation and builds a trust management by the trust value. By this way, sensor nodes act as router to achieve dynamic and adaptive routing, where the node can select much energy efficiency and faithful forwarding node from its neighbors according to their remaining energy and trust values in the next process of data collection. Simulation results indicate that the established routing can bypass most compromised nodes in the transmission path and EENC has high performance in energy efficiency, which can prolong the network lifetime.     

Stability-Based RREQ Forwarding Game for Stability-Oriented Route Discovery in MANETs

In traditional stability-oriented route discovery of mobile ad hoc networks, in-between nodes need to rebroadcast identical route request (RREQ) packets, which contain same source node ID and broadcast sequence number, to discover more stable route, yet it increases routing overhead and data transmission delay obviously. Therefore, a stability-oriented route discovery algorithm is proposed to limit routing overhead and decrease transmission delay. In this algorithm, all neighbor nodes of some node will play a mix strategy game named stability-based RREQ forwarding game after receiving an identical RREQ, and independently determine the RREQ forwarding probability based on Nash equilibrium, respectively. The simulation results show that the proposed stability-oriented route discovery algorithm not only reduces routing overhead and transmission delay effectively, but also improve other routing performance.     

A Novel Robust Routing Scheme Against Rushing Attacks in Wireless Ad Hoc Networks

Standard on-demand routing protocols in wireless ad hoc networks were not originally designed to deal with security threats. Because of that, malicious users have been finding ways to attack networks. Rushing attacks represent one of such possibilities. In these attacks, malicious nodes forward the Route Request (RREQ) packets, asking for a route, to the destination node quicker than the legitimate nodes do. This is possible because the legitimate nodes only forward the first received RREQ packet for a given route discovery. Besides, the attackers can tamper with either the Medium Access Control or routing protocols to get faster processing. As a result, the path through the malicious nodes is chosen, which renders throughput degradation. We propose here a novel, robust routing scheme to defend ad hoc networks against rushing attacks. Our scheme utilizes the “neighbor map mechanism” to establish robust paths as far as rushing attacks are concerned. The proposed scheme also improves path recovery delay by using, whenever it is possible, route maintenance rather than route discovery. Yet, it is energy efficient. The simulation results show that our proposal is indeed viable.     

智能家居ZigBee网络的构建与路由优化

ZigBee网络技术是一项新兴的低成本、低功耗的短距离无线通信技术,在智能家居中有广阔的应用前景。介绍了智能家居中ZigBee的通讯协议和网络地址分配方法,并针对传统的AODVjr路由算法在路由过程中RREQ分组过量洪泛问题和Cluster-Tree算法只按父子关系选择路由问题,提出了一种改进路由算法。改进算法将AODVjr和Cluster-Tree算法相结合,引入邻居表,适当控制RREQ转发方向,并考虑节点最小剩余能量。仿真结果表明,改进算法可以减少路由开销,延长节点的生存时间,均衡网络负荷。     

基于Gnutella协议的P2P网络中DoS攻击防御机制研究

对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析，通过设置攻击容忍度和防御起点，提出了一种简单的基于特征的DoS攻击防御策略，运用基于贝叶斯推理的异常检测方法发现攻击．使系统能根据DoS攻击的强弱，自适应调整防御机制，维持网络的服务性能。仿真结果表明，本文提出的防御策略能有效防御恶意节点对网络发动的DoS攻击，使网络服务的有效性达到98％，正常请求包被丢弃的平均概率为1．83％，预防机制平均时间开销仅占网络总开销的6．5％。     

基于Gnutella协议的P2P网络中DoS攻击防御机制

对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析,通过设置攻击容忍度和防御起点,提出了一种简单的基于特征的DoS攻击防御策略,运用基于贝叶斯推理的异常检测方法发现攻击,使系统能根据DoS攻击的强弱,自适应调整防御机制,维持网络的服务性能.仿真结果表明,本文提出的防御策略能有效的防御恶意节点对网络发动的DoS攻击,使网络服务的有效性达到98%,正常请求包被丢弃的平均概率为1.83%,预防机制平均时间开销仅占网络总开销的6.5%.     

一种能量平衡的无线体域网络AODV多播路由发现协议

在动态网络拓扑中,AODV协议通过数据源节点S泛洪广播RREQ消息请求到任意目标节点D的路由,而在无线体域网络中,只有一个sink目标节点,除最短跳数路由上的节点外,其他参与RREQ接收和转发的节点浪费了能量。提出了一种能量平衡的无线体域网络AODV多播路由发现协议,通过在节点广播的hello消息中增加到sink的最小跳数hops、到sink的下一跳节点next和节点本身是否具备转发能力isforward 3 个参数,只选择能到达sink节点的邻居节点参与转发RREQ消息,变广播为多播,有效地降低了路由发现的能量开销,并通过能量平衡延长了WBAN的使用寿命。性能分析与模拟实验表明,该协议在RREQ数量、数据传输率和能量消耗等方面优于相似协议EAAODV。     

抗DoS攻击的多用户传感器网络广播认证方案

在vBNN-IBS签名基础上提出了一种抗DoS攻击的多用户传感器网络广播认证方案DDA-MBAS,利用散列运算及用户信息进行虚假数据过滤。与现有的多用户传感器网络广播认证方案相比,DDA-MBAS在抵抗节点妥协攻击、主动攻击的基础上,以较低的能耗过滤虚假消息并有效地限制了妥协用户发起的DoS攻击及共谋攻击的安全威胁。     

一种面向移动Ad Hoc网络DSR协议的改进泛洪算法

在移动自组织网络中,基于移动节点地理位置辅助信息,提出了一种新的泛洪算法——位置辅助泛洪改进算法（ILFA）,ILFA通过节点位置信息重传广播分组并有效控制网络流量。此外,将ILFA应用于经典MANET源路由（dynamic source routing,DSR）协议中,通过限定请求区域和期望区域等限制路由发现的有效范围,进而通过设置提名广播重传邻居列表限定路由请求分组重传范围,有效减小DSR路由寻路分组的传播次数。仿真结果证明,和传统泛洪方案相比,ILFA能够有效减小DSR路由协议的路由开销并提升MANET吞吐量。     

基于缓存旁路和本地修复的多跳网络路由重建机制

该文针对多跳网络中现有AODV和AODV-BR按需路由算法的弊端,提出了基于缓存旁路和本地修复的AODV-CL路由重建机制。该机制利用空闲时间监听无线信道中传输的所有数据包和路由控制信令,用于维护有效的邻居节点列表及本地路由缓存,有效降低了周期性HELLO消息带来的信令负担,并增加了可用路由信息。中间节点在发现断链时,尝试采用局部修复,尽量避免由源节点广播RREQ消息发现路由。根据本地路由缓存及邻居节点的路由信息,实现了快速的路由发现及修复,能有效降低路由控制信令开销及丢包率。     

Achieving robust message authentication in sensor networks: a public-key based approach

Given the extremely limited hardware resources on sensor nodes and the inclement deploying environment, the adversary Denial-of-Service (DoS) attack becomes a serious security threat toward wireless sensor networks. Without adequate defense mechanism, the adversary can simply inundate the network by flooding the bogus data packets, and paralyze the partial or whole sensor network by depleting node battery power. Prior work on false packet filtering in sensor networks are mostly based on symmetric key schemes, with the concern that the public key operations are too expensive for the resource constrained sensors. Recent progress in public key implementations on sensors, however, has shown that public key is already feasible for sensors. In this paper, we present PDF, a Public-key based false Data Filtering scheme that leverages Shamir’s threshold cryptography and Elliptic Curve Cryptography (ECC), and effectively rejects 100% of false data packets. We evaluate PDF by real world implementation on MICAz motes. Our experiment results support the conclusion that PDF is practical for real world sensor deployment.     

A secure broadcasting scheme to provide availability,reliability and authentication for wireless sensor networks

Reliability and security of broadcasting is critical in Wireless Sensor Networks (WSNs). Since reliability and security compete for the same resources, we are interested in jointly solving for error control coding (to achieve reliability) and integrity for a broadcast scenario. We assume Byzantine attacks in which the adversary can compromise nodes and then drop (or modify) the legitimate packets or inject its own packets. For reliable and efficient multihop broadcasting, it is critical to reduce the energy consumption and latency. To prevent the adversary from consuming the scarce network resources by injecting bogus packets, each receiver node should make sure that packets it receives are authentic and it filters out malicious packets immediately. We build our authentication scheme, on top of a reliable and energy efficient broadcasting protocol called Collaborative Rateless Broadcast (CRBcast) to improve efficiency and reliability. On contrary to the previous schemes, our scheme is resilient with respect to Byzantine adversary as well as routing and flooding attacks and protocol exploits. Moreover, we compared our scheme with the previously proposed broadcast authentication schemes and showed that our scheme outperforms them in terms of efficiency and data availability. This is a crucial improvement over the previous schemes that ensure availability by flooding, introducing very large communication overhead and latency.     

Trust Based Detection and Elimination of Packet Drop Attack in the Mobile Ad-Hoc Networks

The mobile ad hoc network (MANET) is communication network of a mobile node without any prior infrastructure of communication. The network does not have any static support; it dynamically creates the network as per requirement by using available mobile nodes. This network has a challenging security problem. The security issue mainly contains a denial of service attacks like packet drop attack, black-hole attack, gray-hole attack, etc. The mobile ad-hoc network is an open environment so the working is based on mutual trust between mobile nodes. The MANETs are vulnerable to packet drop attack in which packets travel through the different node. The network while communicating, the node drops the packet, but it is not attracting the neighboring nodes to drop the packets. This proposed algorithm works with existing routing protocol. The concept of trusted list is used for secure communication path. The trusted list along with trust values show how many times node was participated in the communication. It differentiates between altruism and selfishness in MANET with the help of energy level of mobile components. The trust and energy models are used for security and for the differentiation between altruism and selfishness respectively.     

Security and performance enhancement of AODV routing protocol

A mobile ad hoc networks (MANET) is a decentralized, self‐organizing, infrastructure‐less network and adaptive gathering of independent mobile nodes. Because of the unique characteristics of MANET, the major issues to develop a routing protocol in MANET are the security aspect and the network performance. In this paper, we propose a new secure protocol called Trust Ad Hoc On‐demand Distance Vector (AODV) using trust mechanism. Communication packets are only sent to the trusted neighbor nodes. Trust calculation is based on the behaviors and activities information of each node. It is divided in to trust global (TG) and trust local (TL). TG is a trust calculation based on the total of received routing packets and the total of sending routing packets. TL is a comparison between total received packets and total forwarded packets by neighbor node from specific nodes. Nodes conclude the total trust level of its neighbors by accumulating the TL and TG values. The performance of Trust AODV is evaluated under denial of service/distributed denial of service (DOS/DDOS) attack using network simulator NS‐2. It is compared with the Trust Cross Layer Secure (TCLS) protocol. Simulation results show that the Trust AODV has a better performance than TCLS protocol in terms of end‐to‐end delay, packet delivery ratio, and overhead. Next, we improve the performance of Trust AODV using ant algorithm. The proposed protocol is called Trust AODV + Ant. The implementation of ant algorithm in the proposed secure protocol is by adding an ant agent to put the positive pheromone in the node if the node is trusted. Ant agent is represented as a routing packet. The pheromone value is saved in the routing table of the node. We modified the original routing table by adding the pheromone value field. The path communication is selected based on the pheromone concentration and the shortest path. Trust AODV + Ant is compared with simple ant routing algorithm (SARA), AODV, and Trust AODV under DOS/DDOS attacks in terms of performance. Simulation results show that the packet delivery ratio and throughput of the Trust AODV increase after using ant algorithm. However, in terms of end‐to‐end delay, there is no significant improvement. Copyright © 2014 John Wiley & Sons, Ltd.     

Using Network Processor to Establish Trustworthy Agent Scheme for AODV Routing Protocol

Network Processor (NP) is optimized to perform network tasks. It uses massive parallel processing architecture to achieve high performance. Ad hoc network is an exciting research aspect due to the characters of self-organization, dynamically topology and temporary network life. However, all the characters make the security problem more serious. Denial-of-Service (DoS) attack is the main puzzle in the security of Ad hoc network. A novel NP-based trustworthy agent scheme is proposed to combat the attack. Trustworthy agent is established by a hardware thread in NP. Agent can update itself at some interval by the trustworthiness of the neighbor nodes. Agent can trace the RREQ and RREP messages stream to aggregate the key information and analyze them by intrusion detection algorithm. NS2 simulator is expanded to validate the security and trustworthy scheme. Simulation results show that NP-based trustworthy agent scheme is effective to detect DoS attacks.     

FJADA: Friendship Based JellyFish Attack Detection Algorithm for Mobile Ad Hoc Networks

TCP and UDP are considered the most popular and well known transport layer protocols to facilitate the end to end communication between two nodes in the network. TCP is used as the transport layer protocol in packet delivery and error sensitive applications, where packet loss cannot be compromised. However, low-rate TCP targeted Denial of Service (DoS) attacks exploit the retransmission timeout and congestion control features of TCP protocol. These low-rate TCP targeted Denial of Service (DoS) attacks are also called JellyFish (JF) attacks. These attacks perform the malicious activities either by delaying, or periodically dropping or mis-ordering the data packets on the route from source to destination node in the network, and cause severe degradation in end-to-end throughput in the network. JellyFish attack is further classified as JF-Delay Variance Attack, JF-Periodic Drop Attack and JF-Reorder Attack based on the type of the malicious activities being performed. JellyFish attack conforms to all existing routing and packet forwarding protocol specifications, and therefore it becomes very difficult to detect its presence in the network. In this paper, a Friendship Based JellyFish Attack Detection Algorithm (FJADA) is presented for Mobile Ad Hoc Networks, where the basic concept of friendship mechanism is added to the existing Direct Trust-based Detection (DTD) algorithm to save the valuable resources of a node in monitoring the activities of its one hop neighbours, through promiscuous mode. FJADA also minimizes the possibility of overestimating the malicious behaviour of innocent nodes due to radio transmission errors, network congestion or packet collisions. The results obtained throughout the simulation experiments clearly show the feasibility and effectiveness of the proposed detection algorithm.     

Ad hoc网络中的RREQ洪泛攻击及其防御

RREQ洪泛攻击会大量消耗Ad hoc网络的带宽、能量等资源,影响网络的连通性,致使控制报文和数据报文无法正常传输,已经成为Ad hoc网络的主要威胁之一.文章在介绍RREQ洪泛攻击的基本概念基础上,分析了该攻击行为对Ad hoc网络的影响,研究了一种将邻节点监听和节点信誉评价相结合的机制,模拟结果表明该机制能够较好的防御Ad hoc网络中的RREQ洪泛攻击.     

无线传感器网络中的安全GEAR路由协议

GEAR路由是无线传感器网络中一种高效的位置和能量感知的地理路由协议，在抵御路由攻击方面有较好的特性，但是GEAR路由不能抵御虚假路由、女巫、选择性转发等攻击。针对该问题，提出了一种适合无线传感器网络特征的、基于位置密钥对引导模型的安全GEAR路由协议SGEAR，并对该协议进行了性能分析，分析显示在较小的系统开销下，SGEAR能有效抑制上述攻击及DoS攻击。     

基于组合指标的无线传感器网络安全路由算法

针对无线传感器网络路由安全与可靠性的问题,提出了一种基于组合指标的安全路由算法.评估节点通过观测被评估节点的数据包转发行为,计算直接信任值,然后与第三节点推荐的信任值进行加权求和,得到一个综合信任值.为了提高信任的准确性,避免出现合谋攻击,对第三方推荐的信任值进行了信任相似度检测.通过对期望传输次数和信任值进行加权组合,形成一个用于选择下一跳节点的组合路由指标.最后,对所提出的算法进行了仿真验证.结果表明,所提出的算法能够有效地避免恶意节点的攻击,在传递率和总的传输次数方面明显优于其他算法.