Trust-aware secure routing protocol for wireless sensor networks

A trust-aware secure routing protocol (TSRP) for wireless sensor networks is proposed in this paper to defend against varieties of attacks. First, each node calculates the comprehensive trust values of its neighbors based on direct trust value, indirect trust value, volatilization factor, and residual energy to defend against black hole, selective forwarding, wormhole, hello flood, and sinkhole attacks. Second, any source node that needs to send data forwards a routing request packet to its neighbors in multi-path mode, and this continues until the sink at the end is reached. Finally, the sink finds the optimal path based on the path's comprehensive trust values, transmission distance, and hop count by analyzing the received packets. Simulation results show that TSRP has lower network latency, smaller packet loss rate, and lower average network energy consumption than ad hoc on-demand distance vector routing and trust based secure routing protocol.     

Trust Based Detection and Elimination of Packet Drop Attack in the Mobile Ad-Hoc Networks

The mobile ad hoc network (MANET) is communication network of a mobile node without any prior infrastructure of communication. The network does not have any static support; it dynamically creates the network as per requirement by using available mobile nodes. This network has a challenging security problem. The security issue mainly contains a denial of service attacks like packet drop attack, black-hole attack, gray-hole attack, etc. The mobile ad-hoc network is an open environment so the working is based on mutual trust between mobile nodes. The MANETs are vulnerable to packet drop attack in which packets travel through the different node. The network while communicating, the node drops the packet, but it is not attracting the neighboring nodes to drop the packets. This proposed algorithm works with existing routing protocol. The concept of trusted list is used for secure communication path. The trusted list along with trust values show how many times node was participated in the communication. It differentiates between altruism and selfishness in MANET with the help of energy level of mobile components. The trust and energy models are used for security and for the differentiation between altruism and selfishness respectively.     

OMH—Suppressing Selfish Behavior in Ad hoc Networks with One More Hop

In ad hoc networks, wireless nodes rely on each other to transmit data over multi-hops by forwarding packets. A selfish node may decide not to forward packets for other nodes to save its own resource but still use the network to send and receive data. Such a selfish behavior can degrade network performance significantly. Most existing work took observation, reputation and token based mechanisms. However observation based mechanism suffers from mobility and collusion; reputation and token based mechanisms suffer from system complexity and efficiency. In this paper, we propose One More Hop (OMH) protocol which suppresses selfish behavior from a totally new angle. Basing on the fact that the selfish but rational nodes still want to receive and send packets, if a node can not determine whether a packet is destined for it or not, it can not drop the packet. With modified routing protocol and cryptographic techniques, OMH achieves this design target. It is robust and efficient. The simulation shows that OMH works well under different network situations.     

DECADE: Distributed Emergent Cooperation through ADaptive Evolution in mobile ad hoc networks

The scarce resources of a mobile ad hoc network (MANET) should not be wasted attending selfish nodes (those nodes that use resources from other nodes to send their own packets, without offering their own resources to forward other nodes’ packets). Thus, rational nodes (those nodes willing to cooperate if deemed worthy) must detect and isolate selfish nodes in order to cooperate only among themselves. To achieve this purpose, in this paper we present a new game theoretic trust model called DECADE (Distributed Emergent Cooperation through ADaptive Evolution). The design of DECADE is shown by first, analyzing a simple case of packet forwarding between two nodes, and then the results are extended to bigger networks. In DECADE, each node seeks individually to maximize its chance to deliver successfully their own packets, so that the cooperation among rational nodes and the isolation of selfish nodes appear as an emergent collective behavior. This behavior emerges as long as there is a highly dynamic interaction among nodes. So, for those cases where the mobility alone does not suffice to provide this interaction, DECADE includes a sociability parameter that encourages nodes to interact among them for faster learning and adaptability. Additionally, DECADE introduces very low overhead on computational and communication resources, achieving close to optimal cooperation levels among rational nodes and almost complete isolation of selfish nodes.     

Security and performance enhancement of AODV routing protocol

A mobile ad hoc networks (MANET) is a decentralized, self‐organizing, infrastructure‐less network and adaptive gathering of independent mobile nodes. Because of the unique characteristics of MANET, the major issues to develop a routing protocol in MANET are the security aspect and the network performance. In this paper, we propose a new secure protocol called Trust Ad Hoc On‐demand Distance Vector (AODV) using trust mechanism. Communication packets are only sent to the trusted neighbor nodes. Trust calculation is based on the behaviors and activities information of each node. It is divided in to trust global (TG) and trust local (TL). TG is a trust calculation based on the total of received routing packets and the total of sending routing packets. TL is a comparison between total received packets and total forwarded packets by neighbor node from specific nodes. Nodes conclude the total trust level of its neighbors by accumulating the TL and TG values. The performance of Trust AODV is evaluated under denial of service/distributed denial of service (DOS/DDOS) attack using network simulator NS‐2. It is compared with the Trust Cross Layer Secure (TCLS) protocol. Simulation results show that the Trust AODV has a better performance than TCLS protocol in terms of end‐to‐end delay, packet delivery ratio, and overhead. Next, we improve the performance of Trust AODV using ant algorithm. The proposed protocol is called Trust AODV + Ant. The implementation of ant algorithm in the proposed secure protocol is by adding an ant agent to put the positive pheromone in the node if the node is trusted. Ant agent is represented as a routing packet. The pheromone value is saved in the routing table of the node. We modified the original routing table by adding the pheromone value field. The path communication is selected based on the pheromone concentration and the shortest path. Trust AODV + Ant is compared with simple ant routing algorithm (SARA), AODV, and Trust AODV under DOS/DDOS attacks in terms of performance. Simulation results show that the packet delivery ratio and throughput of the Trust AODV increase after using ant algorithm. However, in terms of end‐to‐end delay, there is no significant improvement. Copyright © 2014 John Wiley & Sons, Ltd.     

Information theoretic framework of trust modeling and evaluation for ad hoc networks

The performance of ad hoc networks depends on cooperation and trust among distributed nodes. To enhance security in ad hoc networks, it is important to evaluate trustworthiness of other nodes without centralized authorities. In this paper, we present an information theoretic framework to quantitatively measure trust and model trust propagation in ad hoc networks. In the proposed framework, trust is a measure of uncertainty with its value represented by entropy. We develop four Axioms that address the basic understanding of trust and the rules for trust propagation. Based on these axioms, we present two trust models: entropy-based model and probability-based model, which satisfy all the axioms. Techniques of trust establishment and trust update are presented to obtain trust values from observation. The proposed trust evaluation method and trust models are employed in ad hoc networks for secure ad hoc routing and malicious node detection. A distributed scheme is designed to acquire, maintain, and update trust records associated with the behaviors of nodes' forwarding packets and the behaviors of making recommendations about other nodes. Simulations show that the proposed trust evaluation system can significantly improve the network throughput as well as effectively detect malicious behaviors in ad hoc networks.     

A dynamic threshold based approach for mitigating black-hole attack in MANET

Mobile ad-hoc network is an infrastructure less type of network which does not require any kind of fixed infrastructure. It provides multi-hop communication between the source and destination nodes which are not within the direct range of each other through the intermediate nodes. These intermediate nodes cooperate with other nodes in finding an optimum and shortest route toward the destination. However, in holistic environments, some nodes do not cooperate with other nodes in finding the optimal route towards the destination and intentionally give the false route information of having the shortest path toward the destination with a high destination sequence number in order to attract the traffic toward itself and start dropping of the data packets instead of forwarding it. This type of routing misbehaviour is generally called as black hole attack or full packet dropping attack which is one of the most severe destructive attacks that lead to the network degradation. In this paper, we have proposed a protocol called as Mitigating Black Hole effects through Detection and Prevention (MBDP-AODV) based on a dynamic threshold value of the destination sequence number. In order to validate the efficiency of proposed protocol, the NS-2.35 simulator is used. The simulation results show that proposed protocol performs better as compared with existing one under black hole attack.     

High-performance architectures for IP-based multihop 802.11 networks

The concept of a forwarding node, which receives packets from upstream nodes and then transmits these packets to downstream nodes, is a key element of any multihop network, wired or wireless. While high-speed IP router architectures have been extensively studied for wired networks, the concept of a "wireless IP router" has not been addressed so far. We examine the limitations of the IEEE 802.11 MAC protocol in supporting a low-latency and high-throughput IP datapath comprising multiple wireless LAN hops. We first propose a wireless IP forwarding architecture that uses MPLS with modifications to 802.11 MAC to significantly improve packet forwarding efficiency. We then study further enhancements to 802.11 MAC that improve system throughput by allowing a larger number of concurrent packet transmissions in multihop 802.11-based IP networks. With 802.11 poised to be the dominant technology for wireless LANs, we believe a combined approach to MAC, packet forwarding, and transport layer protocols is needed to make high-performance multihop 802.11 networks practically viable.     

A secure wireless mission critical networking system for unmanned aerial vehicle communications

A privacy-preserving secure communication in ad hoc (without infrastructure) mission critical wireless networking system suitable for unmanned aerial vehicle communication systems is introduced and analyzed. It is expected that in a critical condition, few ad hoc (without infrastructure) mission critical wireless networking systems will work together. To make the simple and low cost privacy-preserving secure communication among the same network, each transmitting mobile node generates packets in such a way that its wanted receiving mobile nodes can read the message packets easily. On the other hand, the unwanted receiving mobile nodes from other networks cannot read those message packets. In addition, the unwanted receiving mobile nodes receive ‘jamming packets’ if they try to read them. This mechanism prevents the malicious receivers (readers from other networks) from reading the packets and obtaining information from this network. Results show that the throughput is very high and does not detect any jamming packets, if the receiving nodes of a network try to read packets transmitted by the nodes from the same networks.     

Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks

In military and rescue applications of mobile ad hoc networks, all the nodes belong to the same authority; therefore, they are motivated to cooperate in order to support the basic functions of the network. In this paper, we consider the case when each node is its own authority and tries to maximize the benefits it gets from the network. More precisely, we assume that the nodes are not willing to forward packets for the benefit of other nodes. This problem may arise in civilian applications of mobile ad hoc networks. In order to stimulate the nodes for packet forwarding, we propose a simple mechanism based on a counter in each node. We study the behavior of the proposed mechanism analytically and by means of simulations, and detail the way in which it could be protected against misuse.     

E2EACK: an end-to-end acknowledgment-based scheme against collusion black hole and slander attacks in MANETs

Mobile ad hoc networks (MANETs) rely on the benevolence of nodes within the network to forward packets from a source node to a destination node. This network construction allows for the forwarding nodes, whether they are selfish or malicious, to drop packets hindering end-to-end communication. In this paper, a new scheme is proposed against collusion black hole and slander attacks in MANETs, named E2EACK. A novel method is used to detect collusion attacks due to collusive malicious nodes which cooperate in the route discovery, but refuse to forward data packets and do not disclose the misbehavior of each other. Contrary to existing methods that detect only collusion black hole attacks, the E2EACK also detects slander attacks and framing attacks. Moreover, the E2EACK uses ACKnowledgment packet to detect malicious nodes on the path and Message Authentication Code (MAC) to authenticate the sender of each data packet. Analytical and simulation results show that the proposed scheme considerably decreases the routing overhead and increases the packet delivery ratio compared to the existing methods.     

Energy conserving security mechanisms for wireless sensor networks

Since wireless sensor networks are emerging as innovative technologies for realizing a variety of functions through a number of compact sensor nodes, security must be justified and ensured prior to their deployment. An adversary may compromise sensor nodes, forcing them to generate undesired data, and propagation of these data packets through the network results in wasteful energy consumption. We develop a security mechanism to detect energy-consuming useless packets, assuming that a sensor node is able to generate multiple message authentication codes (MAC) using preshared secrets. The forwarding nodes along the path verify the validity of the packet by checking the authenticity of the attached MACs. This mechanism performs well when a malicious node does not have all the cryptographic keys. However, packets, generated by the malicious node having all the keys, would be considered as legitimate, and thus, the forwarding nodes become unable to detect and discard them. To deal with this problem, we devise another mechanism in which each forwarding node is capable of checking such suspicious nodes. We have quantified the security strength through analysis and simulations to show that the proposed mechanisms make the entire network energy conserving.     

A novel approach for mitigating gray hole attack in MANET

Mobile ad hoc network (MANET) is defined as the category of wireless network that is capable of operating without any fixed infrastructure. The main assumption considered in this network is that all nodes are trusted nodes but in real scenario, some nodes can be malicious node and therefore can perform selective dropping of data packets instead of forwarding the data packets to the destination node. These malicious nodes behave normally during route discovery phase and afterwards drop fractions of the data packets routed through them. Such type of attack is known as smart gray hole attack which is variation of sequence number based gray hole attack. In this paper, we have launched smart gray hole attack and proposed a new mechanism for mitigating the impact of smart gray hole attack. Mitigating Gray hole Attack Mechanism (MGAM) uses several special nodes called as G-IDS (gray hole-intrusion detection system) nodes which are deployed in MANETs for detecting and preventing smart gray hole attack. G-IDS nodes overhear the transmission of its neighbouring nodes and when it detects that the node is dropping the data packets which are greater than threshold value then it broadcast the ALERT message in the network notifying about the identity of malicious node. The identified malicious is then blocked from further its participation by dropping the request and reply packet. In order to validate the effectiveness of our proposed mechanism, NS-2.35 simulator is used. The simulation results show that the proposed mechanism performs slightly well as compared with the existing scheme under smart gray hole attack.     

Stochastic game theoretical model for packet forwarding in relay networks

In this article, a new game theoretical method is proposed to model packet forwarding in relay networks. A simple case of relay network that consists of a source, a relay and a destination node communicating on a common channel is considered. A stationary Markovian game model is utilized to optimize the system performance in terms of throughput, delay and power consumption cost. Both cooperative and non-cooperative solutions are provided for this model. Best strategy set taken by players as well as system performance is studied for different system parameters. Also, the proposed method is extended to model a more general case of Ad-hoc networks considering different packet error rates in case of collision occurrence that improves the system performance further. Simulation results show that performance of the non-cooperative solution, in which players do not require to know each other’s selected strategy, asymptotically approaches the cooperative system performance. Hence, the proposed model with non-cooperative solution is an appropriate method to apply in practical Ad-hoc networks.     

基于简化云与K/N投票的选择性转发攻击检测方法

针对无线传感器网络中恶意节点产生的选择性转发攻击行为,该文提出一种有效的攻击检测方法。该方法将简化云模型引入信任评估中,结合改进的K/N投票算法确定目标节点的信任值,将目标节点信任值与信任阈值比较,进行选择性转发攻击节点的判定。仿真结果表明,当信任阈值为0.8时,经过5个时间段后,该方法能够有效地检测出网络中的选择性转发攻击节点,具有较高的检测率和较低的误检率。     

On the tradeoff between altruism and selfishness in MANET trust management

Mobile ad hoc and sensor networks may consist of a mixture of nodes, some of which may be considered selfish due to a lack of cooperativeness in providing network services such as forwarding packets. In the literature, existing trust management protocols for mobile ad hoc networks advocate isolating selfish nodes as soon as they are detected. Further, altruistic behaviors are encouraged with incentive mechanisms. In this paper, we propose and analyze a trust management protocol for group communication systems where selfish nodes exist and system survivability is highly critical to mission execution. Rather than always encouraging altruistic behaviors, we consider the tradeoff between a node’s individual welfare (e.g., saving energy to prolong the node lifetime) vs. global welfare (e.g., achieving a given mission with sufficient service availability) and identify the best design condition of this behavior model to balance selfish vs. altruistic behaviors. With the system lifetime and the mission success probability as our trust-based reliability metric, we show that our behavior model that exploits the tradeoff between selfishness vs. altruism outperforms one that only encourages altruistic behaviors.     

An implementation framework for trajectory-based routing in ad hoc networks

Routing in ad hoc networks is a complicated task because of many reasons. The nodes are low-memory, low-powered, and they cannot maintain routing tables large enough for well-known routing protocols. Because of that, greedy forwarding at intermediate nodes is desirable in ad hoc networks. Also, for traffic engineering, multi-path capabilities are important. So, it is desirable to define routes at the source like in source based routing (SBR) while performing greedy forwarding at intermediate nodes.We investigate trajectory-based routing (TBR) which was proposed as a middle-ground between SBR and greedy forwarding techniques. In TBR, source encodes trajectory to be traversed and embeds it into each packet. Upon the arrival of each packet, intermediate nodes decode the trajectory and employ greedy forwarding techniques such that the packet follows its trajectory as much as possible.In this paper, we address various issues regarding implementation of TBR. We also provide techniques to efficiently forward packets along a trajectory defined as a parametric curve. We use the well-known Bezier parametric curve for encoding trajectories into packets at source. Based on this trajectory encoding, we develop and evaluate various greedy forwarding algorithms     

A statistical trust system in wireless mesh networks

Most trust and reputation solutions in wireless mesh networks (WMNs) rely on the intrusion detection system (IDS) Watchdog. Nevertheless, Watchdog does not consider packet loss on wireless links and may generate false positives. Consequently, a node that suffers from packet loss on one of its links may be accused wrongly, by Watchdog, of misbehaving. To deal with this issue, we propose in this paper a novel trust system which considers packet loss of links. Our trust system is based on a statistical detection method (SDM) implemented on each node of the network. Firstly, the SDM, via CUSUM test, analyzes the behavior of the packets loss in order to detect a dropping attack. Secondly, the SDM, through the Kolmogorov-Smirnov test, compares the behavior of the total packets loss with that of the control packets in order to identify the attack type. Our system allows every WMN’s node to assign to each of its neighbors, a trust value which reflects its real behavior. We have validated the proposed SDM method via extensive simulations on ns2 and have compared our trust system with an existing solution. The results display that our SDM solution offers better performance.     

Prevention of deadlocks and livelocks in lossless backpressured packet networks

No packets will be dropped inside a packet network, even when congestion builds up, if congested nodes send backpressure feedback to neighboring nodes, informing them of unavailability of buffering capacity-stopping them from forwarding more packets until enough buffer becomes available. While there are potential advantages in backpressured networks that do not allow packet dropping, such networks are susceptible to a condition known as deadlock in which throughput of the network or part of the network goes to zero (i.e., no packets are transmitted). In this paper, we describe a simple, lossless method of preventing deadlocks and livelocks in backpressured packet networks. In contrast with prior approaches, our proposed technique does not introduce any packet losses, does not corrupt packet sequence, and does not require any changes to packet headers. It represents a new networking paradigm in which internal network losses are avoided (thereby simplifying the design of other network protocols) and internal network delays are bounded.     

Probabilistic Forwarding Decision Scheme for Reliable Geocasting in Wireless Sensor Networks

Geocasting is an important communication service in wireless sensor networks. Most of the existing geocasting protocols assume that sensor nodes and the area of interest have accurate location information. However, this assumption is unreasonable if localization systems or schemes cannot work well. This study proposes an efficient probabilistic forwarding decision scheme for reliable geocasting in virtual coordinate-based wireless sensor networks. The proposed scheme uses directional code and hop distance to identify sensor node’s location. The sensor node determines a direction-based probability and a distance-based probability derived from its directional code and hop distance, respectively. The sensor node depends on the two probabilities to determine its ultimate forwarding probability. Simulation results confirm that the proposed scheme outperforms the pure direction-based forwarding scheme in packet delivery ratio though it occurs more packets. Results also show that the direction-based probability significantly dominates the geocasting performance.