Data Security in Mobile AdHoc Networks

sciencediscussionΤεχνίτη Νοημοσύνη και Ρομποτική

20 Οκτ 2013 (πριν από 4 χρόνια και 20 μέρες)

100 εμφανίσεις


Proceedings of the National Conference ,

Computational Systems and Information Security


Jan.,4,2008
-


by CSE

Department
-

P.B.

College of
Engineering, Chennai
-
602105



Copy Right @CSE
-
PBCE
-
2008


1

Data Security in Mobile AdHoc Networks


K.Selvarangam
1
,
P.KarunaKaran
2
.

1. Depar
t
ment of
Computer Science and

Engineering, Sakthi

M
ariamman Engineering
College, Chennai 602105. India.
Email:
kselvaviji@gmail.com
,

2. Department
of
Computer Science

and Engineering,

Sakthi Mariamman Engineering College, Chennai
602105. India. Email:
kanaugal@gmail.com

Abstract



Securi
ty

of a

network is
arguably the most

important issu
e in th
e
world.

MobileAdHocNetworks
(MANET’s)

are
particularly prone to security attacks owing to
their inherent nature of node mobility and the
lack of a central governing infrastructure. In
this paper, we introduce a method to enhance
data security across

MANETs. This paper
proposes a multipath approach to security in
MANETs. We start by dividing the initial
message and transmit over multiple paths
between sender and the receiver in an Ad Hoc
Network to provide confidentiality. Multipath
routing involves t
he transmission of data
using more than one path from sender to the
receiver. This reduces the risk of an adversary
monitoring all the traffic in all the paths
originating from the sender. Even if an
attacker succeeds to have one or lots of
transmitted par
ts, the probability of original
message reconstruction is low. The attacker
must have all the parts and be able to decrypt
the encrypted message parts, which are hard
tasks, almost impossible to do at the same
time.Prior to the transmission, the divided
m
essage are encrypted by MD5 and DSA
algorithm used to reinforce more
confidentiality. This gives a double shielding
to the message to transmit securely. Using
HMAC
-
SHA1 algorithm is used to generate
key to authenticate the message packets to
ensure more se
curity.


Keywords:

AdHoc Network
,
Multipath
,

Message Digest, Digital Signature,
Authentication.


1
. INTRODUCTION

An ad hoc network is a collection of wireless
mobile hosts forming a temporary network
without the aid of any established
infrastructure or

centralized administration.
Ad hoc networks have several
characteristics
[
3]


There is no fixed topology:

Wireless nodes
are often small, personal devices, like cell
phones, PDAs or even wrist watches. These
are very mobile and may move around freely,
mov
ing in an out of range of each other.

Each
node is a router:


Each node has a limited
communication range. All nodes outside of
this range can only be reached by packet
forwarding (assuming packet switched
networks).

Lack of central administration:


The de
vices that make up an ad hoc network
can come from anywhere. No assumption of
central administration or control or prior
contact should be made.

Limited energy:


Mobile devices generally operate on battery
power, which is exhaustible, although the
amount o
f available energy may vary with
devices.

Physical vulnerability:

The mobile
wireless devices are often small, hand
-
held
devices that can easily be stolen and possibly
modified.


Because of their specific characteristics, ad
hoc networks present a lot of
issues for which
solutions must be found and a lot of research
works are going on. Limited bandwidth,
energy constraints, high cost security of
encountered problems in this type of

Proceedings of the National Conference ,

Computational Systems and Information Security


Jan.,4,2008
-


by CSE

Department
-

P.B.

College of
Engineering, Chennai
-
602105



Copy Right @CSE
-
PBCE
-
2008


2

infrastructure


network

AP

AP

AP

wired network

AP: Access Point

ad
-
hoc network

networks. One of the important
issues

that
attract
researcher’s

attention i
s security.

SECURITY CHALLENGES

The wireless ad hoc security challenges derive
from the characteristics mentioned above.
Mobile ad hoc networks (MANETs) protocols
are being designed without security in mind.
In most of their specifications it is assumed
th
at all the nodes in the network are friendly.
Therefore in MANET it may be desirable to
have two aspects of security: one to protect
the data transmission (
data security
) and other
to make the routing information a secured one
(
routing security
).In this pa
per, we
concentrate on
d
ata

s
ecurity.


Routing security and data security are exposed
to many attacks. We can classify these attacks
into two kinds: passive attacks and active
attacks[i].
Passive attack
: Passive attacks are
in the nature of eavesdropping o
n, or
monitoring of, transmissions.
Active attack
:
Active attacks involve some modification of
the data stream or the creation of a false
stream.



In passive attacks, attackers don’t disrupt the
operation of routing protocol but only attempt
to discover v
aluable information by listening
to the routing traffic. Defending against such
attacks is difficult because it is usually
impossible to detect eavesdropping in a
wireless environment. While passive attacks
are rarely detectable, active ones can often be
d
etected.



Security is an important issue for ad
hoc networks, especially for those security
-
sensitive applications. To secure an ad hoc
network, we consider the following attributes:
confidentiality, encryption, integrity, access
control, availability, a
uthe
ntication, and non
-
repudiation.
Confidentiality
:
Ensures that the
information in a computer system and
transmitted information are accessible for
read
ing only by authorized parties
.
Integrity
:

Ensures that only authorized parties are able to
modify tra
nsmitted information. Modification
includes writing, changing status, deleting,
creating or replaying of transmitted messages.

Access Control
:

Requires that access to
information resources may be controlled by or
for the target system.

Availability
:

Requir
es
that computer system assets be available to
authorized parties when needed.

Authentication
:
Assurance that each entity is
the entity it claims to be.

Non
-
repudiation
:

Ensures that the origin of a message cannot
deny having sent the message.
Impersonatio
n
:

If authentication is not supported,
compromised nodes may by able to send false
routing information, masqueraded as some
others, etc.


2
.

SYSTEM DEFINITION

2.1

Existi
ng

System

Routing security and data security are exposed
to many attacks. We can classi
fy these attacks
into two kinds: passive attacks and active
attacks[i].
Passive attack
: Passive attacks are
in the nature of eavesdropping on, or
monitoring of, transmissions.
Active attack
:
Active attacks involve some modification of
the data stream or th
e creation of a false
stream.

Comparison: infrastructure vs. ad
-
hoc networks











Proceedings of the National Conference ,

Computational Systems and Information Security


Jan.,4,2008
-


by CSE

Department
-

P.B.

College of
Engineering, Chennai
-
602105



Copy Right @CSE
-
PBCE
-
2008


3

In passive attacks, attackers don’t disrupt the
operation of routing protocol but only attempt
to discover valuable information by listening
to the routing traffic. Defe
nding against such
attacks is difficult because it is usually
impossible to detect eavesdropping in a
wireless environment. While passive attacks
are rarely detectable, active ones can often be
detected.


2.2 Proposed System

Security Goal


Security is an i
mportant issue for ad hoc
networks, especially for those security
-
sensitive applications. To secure an ad hoc
network, we consider the following attributes:
confidentiality, encryption, integrity, access
control, availability, authentication, and non
-
repu
diation.



Ensures that the information in a computer
system and transmitted information are
accessible for reading only by authorized
parties.



Ensures that only authorized parties are
able to modify transmitted information.
Modification includes writing,
changing
status, deleting, creating or replaying of
transmitted messages.



Requires that access to information
resources may be controlled by or for the
target system.



Requires that computer system assets be
available to authorized parties when
needed.



A
ssurance that each entity is the entity it
claims to be.



Ensures that the origin of a message
cannot deny having sent the message.
Impersonation
:

If authentication is not
supported, compromised nodes may by
able to send false routing information,
masquera
ded as some others, etc.


Secured Data Transmission Using Multipath
Routing In Ad
-
Hoc Networks


We propose a scheme to secure transmitted
data in ad hoc networks. First, it divides the
initial message and exploiting the
characteristic of existence of multi
ple paths
between nodes in ad
-
hoc networks to increase
the robustness of confidentiality. In our
solution, even if an attacker succeeds to have
one or lots of transmitted parts, the probability
of message reconstruction is low.


Proposed Approach


At firs
t, we present the principle of “Enhanced
data security using multipath routing in ad hoc
networks” in a simplified scheme and then we
expose with details how it works. We have the
following
assumptions
: The sender and
receiver are authenticated using HMAC
-
SHA1 algorithm, MD5 algorithm is used for
encryption/decryption, a mechanism of
discovering the topology of the network is
available, and the routing protocol supports
multi
-
routes.


Simplified Scheme

The proposed algorithm starts by taking into
considerat
ion the network topology. Multipath
routing protocol is being found the multiple
node
-
disjoint or edge
-
disjoint paths [5]
between sender and the receiver. Then, it
divides the initial message and transmits over
multiple paths, where ‘n
-
1’ paths used for
tr
ansmission of data (data channel) and ‘1’
path for transmission of control signal

(Signaling channel) is shown in
figure
1




P2


E[P2]

P3

Pn
-
1

E[P3]

E[Pn
-
1
]


Source

Destination

Signalling Channel


Proceedings of the National Conference ,

Computational Systems and Information Security


Jan.,4,2008
-


by CSE

Department
-

P.B.

College of
Engineering, Chennai
-
602105



Copy Right @CSE
-
PBCE
-
2008


4

figure1

Architectural Diagram

-
The
figure
2

shows
the overview of the enhanced data security
using mul
tipath routing in ad hoc networks.

Multipath routing
-
Multipath routing involves
the transmission of data using more than one
path from the sender to the receiver. This
reduces the risk of an adversary monitoring all
the traffic in all the paths originatin
g from the
sender. This is of course based on the
assumption that an adversary cannot monitor
all paths at the same time owing to the
practical infeasibility.

















Figure2


3. REQUIREMENT ANALYSIS AND
SPECIFICATIONS


3.1
Software Requirements

T
his paper

supports the following OS’es

Windows 98 SE
,

Windows ME

Windows
2000

Windows XP

and

JAVA

as a
programming lauanguage
.


3.1.
1

Features


Platform Independent
-
Java is said as Platform
Independent because it supports code running
on and

type
of operat
ing

system

Robust
-
Robust in java feature represents checking of
code both at the compile time and run time.

Secure
-
Java achieves security by confining a
java program to the java execution
environment and making inaccessible to the
other part of the compute
r. We can download
applet with confidence that no harm will be
done.

Multithreaded
-
Java was designed to meet the
real world requirement of networked
programs. To achieve this, java supports
multithreaded programming, which allows the
user to write programs

that performs many
functions simultaneously.

Distributed
-
Java is designed for the distributed
environment of the internet, because it handles
TCP/IP protocol.

Dynamic
-
Java program carry with them
extensive amounts of run time information
that is used to v
erify and resolve accesses to
objects at run time. Using this memory
management is done in great deal.


4. SYSTEM DESIGN


Process Design


Conventions and Standards followed











The following steps are followed for Design



Proceedings of the National Conference ,

Computational Systems and Information Security


Jan.,4,2008
-


by CSE

Department
-

P.B.

College of
Engineering, Chennai
-
602105



Copy Right @CSE
-
PBCE
-
2008


5

1.

Encryption

using Mess
age Digest
Algorithm (
MD5).

2.

Key

generation for Authentication and
generating signature using HMAC
-
SHA1
algorithm(CPRNG).

3.

Generating

signature with the help of
generated keys in step 2 using the Digital
Signature algorithm. This is for the purpose of
Message integrity.

4
Receiver side the first authentication will
take place then, signature will be verified at
last signature will be verified, after all these
process we get the plain text back that is
original message will be brought back

Above steps ar
e working on Multipath routing
technique.

Step1: Working of MD5













This is the way of creating cipher text from
the plain text using the message digest
algorithm. Cipher text is called as encrypted
message and message is called as plain text.

Ste
p2:

Key Generation









This shows that by using the CPRNG that is it
is a key generator, which produces two keys.
These two keys are used for authentication
and as well as for generating signature.


Step3:

Generation of DSA









This is the way fo
r creating the
signature by using the DSA with the help of
Keys. Another use is, it is safe and better to
send all the data, keys in one envelope like
signature this gives confidentiality and
provided message integrity will be there.


Working of DSA









Step4: Combination Algorithm Process











Proceedings of the National Conference ,

Computational Systems and Information Security


Jan.,4,2008
-


by CSE

Department
-

P.B.

College of
Engineering, Chennai
-
602105



Copy Right @CSE
-
PBCE
-
2008


6

This is combination algorithm working. It will
divide the message into n
-
1 nodes, since one
node is for reliability. Then the
spitted

message will be send to each and every part
after some computations like

X
-
OR operation.
Reliability node is for fault
-
tolerance.















Receiver Side Process
-
As first step user will
be authenticated using his public key. Then
signature will be verified then decrypted then
assembling of message will took place, at last

we will get the original message.


5. I
MPLEMENTATION

5.1 Level 1 Encryption

Message Digest Algorithm is used for
encryption. This Message Digest provides the
functionality of encryption, compression by
using MD5or SHA. Message digests are
secure one
-
way h
ash functions that take
arbitrary
-
sized data and output a fixed
-
length
hash value. MD5 is 128 bit compression
whereas SHA is 160 bit compression.
Message Digest will do some computation
over the message such as Padding, Appending
length, Using Chain variab
les, etc
.




In the conceptual process of digital signatures,
we will realize that it does not deal with the
problems associated with asymmetric key
encryption, namely slow operation and large
cipher text size. This is because we are
encrypting the whole o
f the original plain text
message with the sender’s private key. As the
size of the original plain text can be quite
large, this encryption process can be really
very slow.


W
e

can tackle this problem using the digital
envelope approach, as before. That is
, A
encrypts the original plain text message with
one time symmetric key to form the cipher
text. It then encrypts the one time symmetric
key with her private key. She creates a digital
envelope and sends it to the digital envelope
B.B opens the digital en
velope, uses A’s
public key to decrypt the encrypted one time
symmetric key, and obtains the original plain
text. Since B can be assured that only A’s
private key could have been encrypted and so
that the digital envelope came only from A..


Such a scheme
could work perfectly. However
in real practice, a more efficient scheme is
used. It involves the usage of a message digest
(also called as hash).a message digest is a
finger print or the summary of a message.


5.1.1 Idea of a message digests

The concept of

message digests is based on
similar principles. However; it is slightly
wider in scope. For instance, suppose that we
have a number 4000 and we divide it by 4 to
get 1000. Thus, 4 can become a fingerprint of
the number 4000. Dividing 4000 by 4 will
always

yield 1000. If we change either 4000
or 4, the results will not be 1000. Another
important point is, if we are simply given the
number 4, but are not given any further
information; we would not be able to trace
back the equation 4*1000=4000. Thus we
have
one more important concept here. The
finger print of a message does not tell
anything about the original message. This is
because there are infinite other possible
equations, which can produce the result


Proceedings of the National Conference ,

Computational Systems and Information Security


Jan.,4,2008
-


by CSE

Department
-

P.B.

College of
Engineering, Chennai
-
602105



Copy Right @CSE
-
PBCE
-
2008


7

Thus, we perform a hashing operation over a
block o
f data to produce its hash or message
digest, which is smaller in size than the
original message. The message digest are not
so small and straight forward to compute.
Message digest usually consists of 128 bits or
more bits. This means that the chance of a
ny
two message digest being the same is anything
between 0 and at least 2 power 128. The
message digest length is chosen to be so long
with a purpose. This minimizes the scope of
two message digest being the same.


5.1.2 Requirements of a message digest

Th
e requirements of the
message digest concept

1.
Given a message, it should be very easy to
find its corresponding message digest. The
message digest must always be the same.

2.
Given a message digest, it should be very
difficult to find the original messag
e for which
the digest was created.

3.
Given any two message, if we calculate
their message digest, the two message digests
must be different.


If any two messages produce the same
message digest, thus violating our principle, it
is called as collision. Th
at is if two message
digests collide, they meet at the digest. The
message digest algorithms usually produce a
message digest of length 128 bits or 160 bits.
This means that the chances of any two
message digest being the same are one in 2
power 120 or 2 p
ower 160. Even a small
difference between the two original messages
can cause the message digest to differ vastly.


The message digests of two extremely similar
messages are so different that they provide no
clue at all that the original messages were ver
y
similar to each other.




5.2 Level 2 Key Generation

Key generation is mainly used for the purpose
of authentication. The main working of key
generation is to create two keys namely
Private and Public key.

Private key
-
Private
key is the one which is for
users own sake,
that is they will decrypt all the messages by
using this, it will not be given to all the user.
Public key
-
Public key is the one which known
to all of the user, they encrypt by using this
key.
Based on the keys there are two types of
coding

technique. They are Symmetric and
Asymmetric.


Symmetric
-
Symmetric technique, where both
sender and receiver will use same key to
encrypt and decrypt.


Asymmetric
-
Asymmetric technique where at
sender side public key will be used to encrypt
and at the re
ceiver side private key will be
used to decrypt
it. Here

we are using SHA1
-
HMAC to generate keys they are known as
Cryptographically Pseudo Random Number
Generator (CPRNG).


5.3

Level 3 Message Integrity using DSA
algorithm

Results of the pair of keys generate
d are used
for producing signature in addition to
authentication. By Digital Signature
Algorithm (DSA), we can reinforce
confidentiality. This gives a double shielding
to the message to transmit securely. Message
integrity means if any intrusion is done in

the
message or if any false value added means we
can find it out easily. So if any intrusion
happen means it will be found out in the
receiver side then we can ask for
retransmission of the message






Proceedings of the National Conference ,

Computational Systems and Information Security


Jan.,4,2008
-


by CSE

Department
-

P.B.

College of
Engineering, Chennai
-
602105



Copy Right @CSE
-
PBCE
-
2008


8

5.3.1 Working of DSA

For the message that is for th
e plain text hash
computation will be performed then it will be
integrated with the original message and it
will be send it over the network. At the
receiver side the integrated message and hash
value will be separated then for the original
message came ac
ross the network hash value
will be found out and that will be compared
with the already available hash value. If both
are vary then we can found out that there is
some intrusion. This provides Message
Integrity.


5.4 Level 4 Combination Algorithms


Combin
ation algorithm is added security to
the messages. The original message M is
divided into “n
-
1” parts, each of them has a
unique identifier, where n is the number of
nodes present in the network. We are using
one node in the network as Reliability node
th
at’s why we are subtracting one node. This
reliability is used in case of any node failure,
which is if any node fails means this reliability
node will send those node messages. Then it
generates a random number r(1<r<(n
-
1),
where r is an integer) to be se
nt on one of the
‘n’ paths(what we called signaling channel),
then codes parts in pairs using an XOR
operation related to r using combination
algorithm[1]. Every combination is sent over
one of the (n
-
1) channels. The x
th

part is sent
in plain text. It wil
l be the start point for
receiver to find other parts. Even if an attacker
succeeds to have one or lots of transmitted
parts, the probability of message
reconstruction is low. The attacker must have
all the parts.


5.5 Receiver Side Working

At the receiv
er side the following steps will
took place


1. User will authenticate using his public key.

2. Then the verification of signature will takes
place .

3. If signature verified, the encrypted message
will decrypted.

4.
Reassembling

of message will take place
.

At last we will get the original message.


6. TESTING

6.1 Unit Testing
-

The term
unit testing
refers
to the individual testing of separate units of a
software system. Unit tests help you verify a
small chunk of code (typically a particular
path through a

method or function). Unit tests
typically do not test application level
functionality

we leave that to integration,
acceptance, functional, performance, and other
two
-
dollar
-
word tests.


6.2 Integration Testing
-

A type of testing in
which software and/or

hardware components
are combined and tested to confirm that they
interact according to their requirements.
Integration testing can continue progressively
until the entire system has been integrated.
Integration testing is the phase of software
testing in
which individual software modules
are combined and tested as a group. It follows
unit testing and precedes system testing.
Better Definition: Integration Testing

-

two or
more dependent software modules as a group.


Obtained test results ( Multi Path Vs S
ingle
Path)














Proceedings of the National Conference ,

Computational Systems and Information Security


Jan.,4,2008
-


by CSE

Department
-

P.B.

College of
Engineering, Chennai
-
602105



Copy Right @CSE
-
PBCE
-
2008


9



M
u
l
tipath with RSA algorithm



Multipath

with combination
algorithm


Single path without combination

To test our algorithm, we developed a
client/server model using java

socket
programming. The results are quite
encouraging. At first, we evaluate the data
reception time. To do that, we compare the
case of sending data using our algorithm
(number of paths (n) =8 with RSA algorithm)
and S. Bouam and J. Ben
-
Othman solution
[1]

with combination algorithm and. classical
method using single path Obtained results are
represented in Graph.


We note that the execution time of client and
server modules using 8 paths is, in the above
graph, more important, but stays acceptable.
Lik
e in all security solutions, time is a critical
parameter impacted by evolution to a secured
system, In our solution, the more n is
important, the more the confidentiality is
reinforced. Thus, we can say that time is cost
to pay for more security.


Refere
nces



[1] Souheila. Bouam, Jalel. Ben Othman,
“Securing data protocol using multipath
routing in ad hoc networks”.

[2] L. Zhou and Z. J. Haas, “Securing Ad hoc
Networks”,
IEEE Networ
k, vol.13(6), pp. 24
-
30, 1999.

[3]

Aram Khalili and William A. Arbaugh,”

Security of Wireless Ad hoc Networks”.

[4] Rangarajan 1A. Vasudevan, “ A novel
multipath approach to security in mobile ad
hoc networks(MANETs).

[5] Zhenqiang Ye, Srikanth V.
Krishnamuruthy, Satish K. Tripathi, “A
routing framework for providing robustnes
s to
node failures in mobile ad hoc networks”,
Department of electrical engineering,
University of California, riverside, CA 92521,
USA.

[6] E. Ayanoglu, C. L. I, R. D. Gitlin, and J. E.
Mazo, “Diversity coding for transparent self
-
healing and fault
-
tolera
nt communication
networks. IEEE Transactions on
Communications, 41(11):1677 1686,
November 1993.

[7].“Cryptography and Network Security” By
William Stallings. Third Edition, Pearson
Education.


[8] http://www.wireless
-
fr.org/b002_norme80211b.html

[9] http:
//www.cmpe.boun.edu.tr/
emre/research/mst

[10 ] http://pcl.cs.ucla.edu/projects/glomosim