Secure Protocol For File Transfer In Adhoc Networks

Ad hoc networks are new paradigm of networks offering unrestricted mobility without any underlying infrastructure. The adhoc networks have salient characteristics that are totally different from conventional networks. These cause extra challenges on security. However, traditional cryptographic solution is useless against threats from internal compromised nodes. Thus, new mechanisms are needed to provide effective security solution for the ad hoc networks. Particularly challenging problem is how to feasibly detect and defend possible attacks on routing protocols, especially the internal attacks, such as Byzantine attack. A trust evaluation based security solution is proposed to provide effective secure routing and malicious node detection that provides resilience against Byzantine attacks. In this paper, algorithms can be integrated into existing routing protocols for ad hoc networks.

1.    Introduction: Ad hoc networks are a new paradigm of wireless communication for mobile hosts (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology.
Salient features of Ad-hoc network viz. No inherent physical protection, Broadcast communications, Limited resources, dynamic topologies and dynamic membership, No trustworthy third party make it more susceptible to attacks. Ad hoc Networks as the name suggests are installed on ad hoc basis where no infrastructure already exists. For example: disaster management and conference events. As the nodes are of limited range, they rely on each other to route packets. This makes routing protocols vulnerable to threats. Protecting the routing protocols from malicious nodes is a major challenge. Attacks in ad-hoc network can be classified in a number of ways based on their characteristics. We have concentrated our study to detect and defend possible attacks on routing protocols, especially the internal attacks, such as Byzantine attack. Almost all the external attacks can be prevented by applying simple authentication schemes and cryptography methods whereas, internal attacks need complex mechanisms. Types of Attacks on Routing Protocols in Ad hoc networks Several types of attacks that influenced the efficient routing of adhoc networks are:

• Byzantine Attack
• Blackhole Attack
• Wormhole Attack
• Rushing Attack
• Stealth Attack

There is need to corporate security features in existing routing protocols so that they can defend the networks against Byzantine attack. Numerous solutions have been proposed to defend against these attacks individually but to the best of our knowledge there is no generalized algorithm to defend against Byzantine attack. We tried to develop the same. A device or a set of devices could be compromised and be under the control of an adversary or set of adversaries that can collude. Once an adversary has control of an authenticated device, protocols which rely on authentication to provide security services become of little use. Authentication and data integrity mechanisms, although needed in order to prevent injection, fabrication and impersonation attacks, do not provide protection against insider attacks since they cannot force a node to behave according to the protocol. We call such attacks, where the adversary has full control of an authenticated device and can perform arbitrary behavior to disrupt the system, Byzantine attacks. From a more general perspective, a Byzantine attack is any attack that involves the leaking of authentication secrets so that an adversarial device is indistinguishable from a legitimate one. This model requires the use of protocols that are designed to withstand disruptions caused by authenticated nodes in addition to the more traditional protection against external attacks. A trust evaluation based security solution is proposed to provide effective secure routing and malicious node detection that provides resilience against Byzantine attacks.

2.    Security Problems in Ad Hoc Networks: The salient characteristics of the ad hoc networks pose challenges to security. First of all, the use of wireless link renders an ad hoc network susceptible to link attacks ranging from passive eavesdropping to active interfering. Unlike fixed hardwired networks with physical defense at firewalls and gateways, attacks on an ad hoc network can come from all directions and target at any node. Damage includes leaking secret information, interfering message and impersonating nodes, thus violating the basic security requirements. All these mean that every node must be prepared for encounter with an adversary directly or indirectly.
Secondly, autonomous nodes in an ad hoc network have inadequate physical protection, and therefore more easily to be captured, compromised, and hijacked. Malicious attacks could be launched from both outside and inside the network. Because it is difficult to track down a particular mobile node in a large scale of ad hoc network, attacks from a compromised node are more dangerous and much harder to detect. All these indicate that any node must be prepared to operate in a mode that should not immediately trust on any peer.
Thirdly, any security solution with static configuration would not be sufficient because of the dynamic topology of the networks. In order to achieve high availability, distributed architecture without central entities should be applied. This is because introducing any central entity into security solution may cause fatal attack on the entire network once the centralized entity is compromised. Generally, decision making in the ad hoc networks is decentralized and many ad hoc network algorithms rely on the cooperation of all nodes or partial nodes. But new type of attacks can be designed to break the cooperative algorithm. Malicious nodes could simply block or modify the data traffic traversing them by refusing the cooperation or hacking the cooperation. As can be seen from the above, no matter what security measures are deployed, there is always some vulnerability that can be exploited to break in.
It seems difficult to provide a general security solution for the ad hoc networks. Traditional cryptographic solution is not adapted for the new paradigm of the networks. As can be seen from the above analysis, what is lacked in the ad hoc networks is trust since each node must not trust any other node immediately. If the trust relationship among the network nodes is available for every node, it will be much easier to select proper security measure to establish the required protection. It will be wiser to avoid the un-trusted nodes as routers. Moreover, it will be more sensible to reject or ignore hostile service requests. Therefore, the trust evaluation becomes a before-security issue in the ad hoc networks. The security solution should be dynamic based on the changed trust relationship.
3.    Attacks in Ad Hoc Network:
a) A Behaviour of Attack (Passive Vs. Active): Passive attacks are launched to steal valuable information in the targeted networks. Examples of passive attacks in ad hoc network are eavesdropping attacks and traffic analysis attacks. Detecting this kind of attack is difficult because neither the system resources nor the critical network functions are physically affected to prove the intrusions. While passive attacks do not intend to disrupt the network operations, active attacks on the other hand actively alter the data with the intention to obstruct the operation of the targeted networks. Examples of active attacks comprise actions such as message modifications, message replays, message fabrications and the denial of service attacks.
b) Source of Attack (External Vs. Internal): External attacks- These attacks are launched by adversaries who are not initially authorized to participate in the network operations. These attacks usually aim to cause network congestion, denying access to specific network function or to disrupt the whole network operations. Bogus packets injection, denial of service, and impersonation are some of the attacks that are usually initiated by the external attackers. Internal attacks- These attacks are launched by authorized nodes in the network. They are either compromised nodes or misbehaving nodes.
Compromised nodes- are the authorized nodes hijacked by external attackers to launch attacks in the network. In this case authentication, confidentiality and integrity are severely vulnerable as communication keys may be stolen and passed to colluding attackers. Misbehaving nodes- are authorized to use the system resources but do not do so to save their limited resources. These are difficult to detect because it is not easy to distinguish between normal network failures and misbehaviour activities. E.g. Blackhole, Wormhole, Byzantine, sleep deprivation, route salvaging, packet dropping, flooding, lack of cooperation, etc.attacks.


4.    Byzantine Attacks: Much vulnerability in network protocols (including ad hoc routing protocols) are caused by the lack of message integrity and authentication mechanisms, which allows an attacker to alter or fabricate packets. Significant research in securing ad hoc wireless routing protocols and wired routing protocols focused on this aspect. Authentication and integrity are required to protect a network protocol, since they ensure that a packet was generated by an authenticated node and has not been tampered with. However, they do not provide any guarantee about the legitimacy of actions taken by authenticated nodes. Attacks where the adversary has full control of an authenticated device and can perform arbitrary behavior to disrupt the system are referred to as Byzantine1 attacks. Research addressing this category of attacks is quite scarce. The term “Byzantine behaviour” denotes any arbitrary action by authenticated nodes resulting in disruption of the routing service and “Byzantine adversary” denotes such an adversary.
A compromised intermediate node works alone, or a set of compromised intermediate node in collusion and carry out attacks such as creating routing loops, forwarding packets through non-optimal paths, a selectively dropping packets, which results in disruption or degradation of the routing service. Either single nodes or joint nodes may exhibit Byzantine behaviour. Not forwarding packets, injecting, modifying or replaying packets, rushing packets or creating wormholes are some examples of such behaviour.
i) A Byzantine adversary can drop the request and/or response, or can influence the route selection by using wireless specific attacks such as wormhole and flood rushing to prevent a route from being established.
ii)  In addition, the packets carrying the route selection metric such as hop count or node identifiers can be modified by a Byzantine adversary.
iii)  An attacker can inject bogus route activation messages, or drop correct route activation messages to prevent a path from being activated.

Black Hole Attack A basic Byzantine attack is a black hole attack where the adversary stops forwarding data packets, but still participates in the routing protocol correctly. As a result, whenever the adversarial node is selected as part of a path by the routing protocol, it prevents communication on that path from taking place. Most existing secure and insecure routing protocols are disrupted by black hole attacks because they render the normal methods of route maintenance useless.

Byzantine Wormhole Attack If more than one node is compromised, it is reasonable to assume that these nodes may interact in order to gain an additional advantage. This allows the adversary to perform a more effective attack. Indeed, one such attack is a Byzantine wormhole, where two adversaries collude by tunnelling packets between each other in order to create a shortcut (or wormhole) in the network. This tunnel can be created either using a private communication channel, such as a pair of radios and directional antennas, or by using the existing ad hoc network infrastructure. The adversaries can send a route request and discover a route across the ad hoc network, then tunnel packets through the non-adversarial nodes to execute the attack. The adversaries can use the low cost appearance of the wormhole links in order to increase the probability of being selected as part of the route, and then attempt to disrupt the network by dropping all of the data packets. The Byzantine wormhole attack is an extremely strong attack that can be performed even if only two nodes have been compromised.

Byzantine Overlay Network Wormhole Attack A more general variant of the previous attack occurs when several nodes are compromised and form an overlay network. By tunnelling packets through the overlay network, the adversaries make it appear to the routing protocol that they are
all neighbours, which considerably increases their chances of being selected on routes.
We proposed the effective secure routing and malicious node detection that provides resilience against Byzantine attacks.

5.    Proposed Algorithm: A generalised algorithm that covers majority of internal attacks is proposed. We will incorporating our algorithm with on-demand SRP.
a)    Public Key Infrastructure: Basically there are two types of algorithm for authentication viz. Asymmetric and Symmetric algorithms. The asymmetric based algorithms use pairs of public and private keys. We propose to use that every node should have a unique id and a symmetric key with the source if it needs to transmit data. The unique identification code and the public and private keys should be embedded in the system at the time of development before initialization. Also, the node should generate a symmetric key for each communication randomly. The public keys are shared between the nodes at the time of bootstrap. Each node broadcasts its public key to its neighbour’s nodes. And then they broadcast it to their next neighbours. In a recursive manner all the node are able to exchange their public and private keys. The symmetric keys are exchanged only when there is a need to communicate between the sender and the receiver.
b)    Trust evaluation establishment: As an important concept in network security, trust is interpreted as a set of relations among agents participating in the network activities. Basically to detect the Byzantine behavior of any node we need to establish trust among the nodes.
i) Trust is a relationship established between two nodes for a specific action. In particular, one entity trusts the other entity to perform an action. In this work, the first entity is called the subject; the second entity is called the agent. We introduce the notation f subject: agent; action g to describe a trust relationship.
ii) Trust is a function of uncertainty. In particular, if the subject believes that the agent will perform the action for sure, the subject fully “trusts” the agent to perform the action and there is no uncertainty; if the subject believes that the agent will not perform the action for sure, the subject “trusts” the agent not to perform the action, and there is no uncertainty either; if the subject does not have any idea of whether the agent will perform the action or not, the subject does not have trust in the agent. In this case, the subject has the highest uncertainty.
iii) The level of trust can be measured by a continuous real number, referred to as the trust value. Trust value should represent uncertainty.
iv) The subjects may have different trust values with the same agent for the same action. Trust is not necessarily symmetric. The fact that A trusts B does not necessarily means that B also trusts A, where A, B are two entities.
During trust evaluation each node establishes trust relationship with other nodes by maintaining a table containing some information about other nodes. The table contains, the no. of packet dropped, no. of packet received, no. of packet forwarded successfully and congestion in the link. Based on this factor a trust value will be calculated and if it is crosses the threshold value then the node will be considered as malicious and a signal will be sent to all the nodes.

c.    Secure algorithm for detecting Byzantine attack: We propose an on-demand secure routing protocol that will prevent Byzantine failures in the process of routing. The approach is based on the detection of faulty links after sufficient amount of faults have occurred. A threshold value is defined on the number of fault, whenever this threshold value reached the node can be declared as malicious node. The protocol bases on-demand route discovery on weight values of paths, and the paths that are identified as malicious are assigned increased weights. We define the term Byzantine behavior as any action taken by an authenticated node that disrupts the routing process. The utilized detection method avoids the identification of nodes as malicious, but instead tries to attribute a flaw to a link between two nodes.
There are three different phases in which protocol is separated namely route discovery with fault avoidance, Byzantine fault detection and link weight management. These phases operate in sequence and each one receives the output of the previous as input.
 
Figure 1. The three phases of the protocol operate in sequence and each one receives the output of the previous as input.

 The metric upon which path selection is based consists of link weights, where high weights represent an unreliable path. Every node that participates in the network is required to maintain a weight list and update it according to the results of the fault detection phase.
Notations Used:

Ts – time at which sender sends RREQ
Tr – time at which sender sends RREP
Tmax – Maximum time for which it is waits for test packet
Tp – total delay for path p= Tr-Ts

Algorithm
Step 1: Every node has each other’s public key and while sending the message, sender signs with its private key.

Step 2: During Route Discovery a initiator broadcasts a route request message to all its neighboring node. The message includes the address of the initiator, the address of the destination, a sequence number and a weight list.

Step 3: The message is encrypted with the public key of the neighbouring node and its own private key.
Step 4: When an intermediate node receives a route request it checks if a request with the same identifiers has been seen before. If such a request does not exist in its list it verifies the signature of the initiator adds the request to its list and rebroadcasts it.

Step 5:  Upon receiving a request the destination node checks the validity of the signature and creates a signed route response message. The response contains the source and destination addresses, a sequence number and the weight list from the request message. The destination node broadcasts the response to its neighboring nodes.

Step 6: When the sender receives a route reply it first checks its list to find out whether there is any malicious node in the advertised path, then it sends a packet to the destination node containing time stamp for the route request (Ts), random symmetric key and some data that is not valuable. This packet is encrypted using public key of the receiver so that only destination can decrypt it.

Step 7: Now the sender waits for Tmax, expecting an acknowledgement from the receiver.

Step 8: If the sender doesn’t receive the message before Tmax then Byzantine black hole attack is detected. Sender sends a signal in the network so that they can update their list. Signal message is also encrypted with public key of the neighboring node so that a malicious node is not able to generate a false signal. 

Step 9: If  it receives it before  Tmax then it checks time stamp for route reply (Tr) and calculate the total delay for  path (Tp) =Tr-Ts. If Tp is greater than threshold delay for path then it is assumed that it is a Byzantine warm hole attack again the sender sends a signal in the network on detection of the attack.

Step 10: Message in packet can only be decrypted by the destination, so a malicious node cannot change its contents. It can try to drop or misroute the packets which can be detected by the unique id, trust table and comparing route replies. If ny such activity is found then it Byzantine attack is discovered and sender sends a signal in the network.

The main goal of the protocol is to provide a robust ad hoc secure protocol services for file transfer that is resilient to byzantine attack. The operation of the protocol requires the existence of public-key infrastructure in the ad hoc network to certify the authenticity of the participating nodes’ public-keys. Based on this assumption, the protocol manages to discover a fault-free path if one exists even in an environment with colluding malicious nodes.
6.    Conclusion: To secure an ad hoc network in adversarial environments, a particularly challenging problem is how to feasibly detect and defend possible attacks on routing protocols, especially the internal attacks, such as Byzantine attack. In this paper, we present an algorithm that detects Byzantine attacks by using route discovery. We also mentioned the various other types of attack that can influence proper working of Ad-hoc networks. The route discovery messages are protected by pair-wise private/public keys between a source and destination and some intermediate nodes along a route established by using public-key cryptographic mechanisms. We also propose an secure protocol algorithm based on a node's trust evaluation. The proposed algorithms can be integrated into existing routing protocols for Ad-hoc for efficient routing.

7.    References:
1.    H Yang, H Y. Luo, F Ye, S W. Lu, L Zhang,(2004) "Security in mobile ad hoc networks: Challenges and solutions", IEEE proceedings on wireless Communications, vol.11, no.1, pp: 38-47, Feb. 2004, Doi: 10.1109/MWC.2004.1269716.
2.    Baruch Awerbuch, David Holmer, Cristina NitaRotaru and Herbert Rubens,(2002)"An On Demand Secure Routing Protocol Resilient to Byzantine Failures", in proc. of 1st ACM workshop on wireless security, pp: 21- 30, 2002.
3.    A. Boukerche, K. El-Khatib, L. Xu, and L. Korba.(2005) An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks. Computer Communications, 28(10):1193–1203, 2005.
4.    Z. Yan, P. Zhang, and T. Virtanen. (2003) Trust evaluation based security solution in ad hoc networks. In Proceedings of the 7th Nordic Workshop on Secure IT Systems (NordSec 2003), October.
5.    M. Just, E. Kranakis, and T. Wan. (2003) Resisting malicious packet dropping in wireless ad hoc networks. In Proceeding of ADHOCNOW’03, pages 151– 163, October.
6.    R. Perlman, (1988) “Network Layer Protocols with Byzantine Robustness,” Ph.D. Dissertation, MIT/LCS/TR-429, MIT, October.
7.    “Secure routing protocols for mobile ad-hoc wireless networks,” (2004) in Advanced Wired and Wireless Networks, T.A.Wysocki, A.Dadej, and B. J. Wysocki, Eds. Springer.
8.    A Secure Routing Protocol against Byzantine Attacks for MANETs in Adversarial Environment, (2009) by Ming Yu, Florida State University, March 10.
9.    H. Li, Z. Chen, X. Qin, C. Li, H. Tan, (2002)“Secure Routing in Wired Networks and Wireless Ad Hoc Networks,” Technical Report, Department of Computer Science, University of Kentucky, April.
10.    M. Jakobsson, W. S, and Y. B, “Stealth Attacks on Ad-Hoc Wireless Networks,” (2003) in proc. Vehicular Technology Conf., October, 6-9.
11.    Yongguang Zhang, Wenke Lee. (2000) Intrusion Detection in Wireless Ad-Hoc Networks. Proceedings of MobiCom 2000, Sixth Annual International Conference on Mobile Computing and Networking, Boston, MA, USA, 6-11 Aug.
12.    S. Marti, T. J. Giuli, K. Lai, and M. Baker. (2000).Mitigating routing misbehavior in mobile ad hoc networks. In Mobile Computing and Networking, pages 255–265, August
13.    Y. C. Hu, A. Perrig, and D. B. Johnson. Ariadne (2002) A secure on-demand routing protocol for ad hoc networks.
14.     S. Marti, T.J. Giuli, K. Lai, and M. Baker, “Mitigating Routing Misbehavior in Mobile Ad hoc Networks,” Proc. 6th Annual ACM/IEEE Int’l. Conf. Mobile Computing and Networking (Mobicom’00), Boston, Massachusetts, August 2000, pp. 255-265.
15.    B. Dahill, B.N. Levine, E. Royer, C. Shields. (2001) “A Secure Routing Protocol for Ad Hoc Networks,” Technical Report UM-CS- 2001-037, EE&CS, Univ. of Michigan, Aug.
16.    L. Lamport, R. Shostak, and M. Pease, (1995) “The Byzantine generals problem,” in Advances in Ultra-Dependable Distributed Systems, N. Suri, C. J. Walter, and M. M. Hugue (Eds.), IEEE Computer Society Press.
17.    Y. Hu, A. Perrig, and D. Johnson, (2003) “Packet leashes: A defense against wormhole attacks in wireless ad hoc networks,” in IEEE Infocom: Proceedings of the 22nd Annual IEEE Conference on Computer Communications, 2003, pp. 1976–1986.
18.    P. Papadimitratos and Z. Haas, (2003) “Secure data transmission in mobile ad hoc networks,” in Proceedings of WiSe.
19.    P. Papadimitratos, Z.J. Haas, P. Samar, (2002) The secure routing protocol (SRP) for ad hoc networks, Internet Draft, draftpapadimitratos- secure-routing-protocol-00.txt, December.
20.    K. Sanzgiri, B. N. Levine, C. Shields, B. Dahill, and E. M. Belding-Royer, (2002)“A secure routing protocol for ad hoc networks,” in Proceedings of the 10th IEEE International Conference on Network Protocols, November.