A Security Adaptive Protocol Suite: Ranked Neighbor Discovery (RND) and Security

Adaptive AODV (SA-AODV)

Rasib Hassan Khan , K. M. Imtiaz-ud-Din , Abdullah Ali Faruq , Abu Raihan Mostofa Kamal , Prof. Dr. Abdul Mottalib

Department of Computer Science and Information Technology,

Islamic University of Technology (IUT), Board Bazar, Gazipur, Dhaka

E-mail: rasib85@hotmail.com, imtu7986@hotmail.com, himel0000@yahoo.com,

raihanrcc@gmail.com, mottalib@iut-dhaka.edu

Abstract - With the increasing demand of mobility and ad hoc networking, vulnerability of wireless networks is also becoming a crucial issue. This dissertation sheds light on the security features of wireless communication, and proposes a model with an increased integration of security features. The proposed model, a Ranked Neighbor Discovery (RND), and a Security Adaptive Ad-Hoc On-Demand Distance Vector (SA-AODV) routing protocol suite lays out the percept of solution for the security issues, which includes the neighbor discovery, as well as the routing protocol for transmission. The neighbor discovery phase consists of the determination of trusted neighbors, based on distance metrics, leading to a process of trust ranking. The routing protocol, using the fact of the trusted neighbors, and the required security level, then sets up a security adapted route from the source to its destination. The main advantage of this protocol pair would be the achievement to obtain a route with a user-defined level of security for a specific application. The two protocols thus provide the anchor to a package for a total solution for a secured environment for wireless transmission with an increased integration of security features.

I. Introduction Wireless technologies have become increasingly popular in our everyday business and personal lives, and gadgets like laptops, personal digital assistants (PDA), cellular phones are common, allowing everyone access to the world of information. Thus, as the ultimate backbone of communication is turning out to be wireless, the security of the medium of transmission is becoming an increasingly important issue. In wireless networks, ad hoc networking is currently a very active area of research, and the development of the most optimum protocol for all terrain use is still an aim trying

to be fulfilled. In an ad hoc network, wireless nodes cooperate to form a network, forwarding packets for each other to allow nodes not within direct wireless transmission range of each other to communicate. In contrast to traditional network routing protocols, for example for wired networks, the behavior of ad hoc networks can be quite dynamic due to factors such as node movement and variations in radio propagation condition, creating frequent changes in network topology, differing concentration in traffic load on the network, and other challenges to the operation of the network protocols, and thus must adapt more quickly. Wireless networks implement two sets of protocols, for a secured networking environment. One is the initial phase of neighbor discovery [1], and next comes the play of the routing protocols [7, 8]. The neighbor discovery phase is very crucial, in the sense that, the routing protocols will use the information from this phase, for setting up a route from a specific source to its destination. Extensive studies ensued in many protocols, and repeated improvements of the existing ones. Many of these applications may run in non-trusted environments and may therefore require the use of a secure routing protocol. The basic problem with all of these protocols still remains; the functionality to reduce packet drops during transmission, the mechanism to detect wormholes, tunnels, and ability to distinguish between adversary nodes and trusted nodes.

5th International Conference on Electrical and Computer EngineeringICECE 2008, 20-22 December 2008, Dhaka, Bangladesh

978-1-4244-2015-5/08/$25.00 (c)2008 IEEE 588

II. A Formal Definition of Security A routing protocol is said to be (statistically) secure if, for any configuration and any real-world adversary, there exists an ideal-world adversary, such that the output of the real-world model is (statistically) indistinguishable from the output of the ideal-world model. [2]

III. The Wireless Environment A. Securing the Process of Neighbor Discovery Many wireless networking mechanisms, notably routing, require that wireless nodes be aware of their neighborhood. This means that the nodes must know which other nodes they can communicate with directly. The procedure used to acquire this knowledge is called neighbor discovery [1]. In mobile wireless networks, the neighbor relationships change dynamically, which makes neighbor discovery an important mechanism. Neighbor discovery can be achieved through simple protocols, where a node that wants to determine who its neighbors are broadcasts a neighbor discovery request, and every node that receives this request responds with a neighbor discovery reply. Receiving a reply means that the requesting node and the responding node can hear each other's transmission, and can communicate with each other directly, and hence are neighbors. The neighbor discovery protocol is sometimes called “hello protocol", and the request and the reply are called “hello messages" [1]. An adversary can try to thwart the successful execution of the neighbor discovery protocol, for instance, by jamming the communication between two nodes, or by providing a node with false information regarding another node, which is not a direct neighbor in reality, but leading on to make the requesting node believe that the other node is indeed a direct neighbor. In this way, the adversary achieves that two nodes, which otherwise could communicate directly, cannot establish a neighbor relationship, or a relationship with faulty information [1, 3, 5]. Blocking the links between many pairs of nodes in this manner can have serious consequences to the connectivity of the network, and on the upper layer protocols, such as routing and transmission. The different types of secured neighbor discovery protocols are the centralized approaches of Statistical Detection, Multi-Dimensional Scaling [1, 2]. The other approach, the decentralized mechanisms, [2] are those with Position Information of Anchors, Directional

Antennas, and Distance Estimation Techniques, which include Geographical Leashing, Temporal Leashing, and Mutual Authenticated Distance-Bounding (MAD). We will however consider the Temporal Leashing with TESLA [9] Instant Key-Disclosure (TIK) [2], protocol as the base, with a modification, for the proposed RND protocol. B. The Routing Protocols The main divisions of protocol categorization are in terms of reactive and proactive. Proactive protocol can be termed as those which act on their own, which means they find routing paths independently of the usage of the paths. On the other hand, reactive routes are those which set up a route only when demanded by a source to communicate with a destination. In regular use, we find the reactive protocols in practice, namely Dynamic Source Routing (DSR) protocol [2, 7], and Ad-Hoc On-Demand Distance Vector (AODV) protocols [2, 8]. DSR is a routing protocol, similar to AODV in that it forms a route on-demand when a transmitting computer requests one. This protocol is truly based on source routing whereby all the routing information is maintained and continually updated at the mobile nodes. The main disadvantages in DSR are that, it does not locally repair a broken link; the stale route cache information could result in inconsistencies; the connection setup delay is higher; performance degrades rapidly with increasing mobility; and routing overhead is high. When compared to the other protocol, AODV, which has been jointly developed in Nokia Research Center of University of California, Santa Barbara and University of Cincinnati, it has a lot of significant advantages. AODV has already been modified into the Secured AODV (SAODV), and is globally the most recognized and implemented protocol for wireless networks. The SAODV is an extension of the AODV routing protocol that can be used to protect the route discovery mechanism providing security features like integrity, authentication and non-repudiation. AODV, a distance vector protocol, remains silent until a request is generated, and then sets up the route on the basis of next hop addresses. With AODV, we can avail the advantages if it being capable of unicast and multicast routing, distance-vector routing, avoidance to the counting-to-infinity problem, setting up of the latest route to the destination, and the connection setup delay being less. We will later see why these features are important, and how these facts are used in the modified form in SA-AODV.

589

IV. A Security Adaptive Protocol Suite The proposed process is a technique for neighbor discovery, combined with a routing protocol, the whole of which is based on a rank-based system. In the phase of neighbor discovery, the neighboring nodes will be assigned a rank, with which we will be able to judge the trustworthiness of a neighboring node. With the information we have collected with the rank-based system of trust for the neighboring nodes, we will then proceed onto a routing protocol. Talking in shallow terms, this protocol will be having different levels of implementation, with different levels of security for the application for which the route is being created. Whenever a route is demanded from a source to a destination, the source will judge the security requirement of the application, and then, with the ranking information at the neighboring nodes, it will thus route the packet to its destination. It most cases, it will be considered that a higher secured route will have a trade-off with respect to performance for a longer path. A. Ranked Neighbor Discovery (RND) A straightforward idea for wormhole detection is to estimate the real physical distance between the nodes that are believed to be neighbors. With general knowledge, we can say that, if a node that is physically further away than what the routing table information reflects, then there is presence of a wormhole in the network [1, 3, 5]. The distance estimation techniques of temporal leashing will the main point of focus for the modified form of the algorithm for neighbor discovery. The main idea of the mechanism is to add some information to the packets that restricts their maximum allowed transmission distance. With this information, we are actually limiting

the maximum distance that the packet will travel. A temporal leash is based on timing information, and it ensures that the packet has an upper bound on its lifetime. In this process, it a requirement that the nodes have tightly synchronized clocks, such that the maximum difference Δt between any two nodes' clocks is in the order of a few hundred nanoseconds. Thus, we see that the difference of time is a crucial factor in this case. As a result, we need to have a very efficient technique, which will efficiently synchronize the sender and the receiver. In this regard, we will use the TESLA with Instant Key-disclosure (TIK), to authenticate temporal leashes in packets. TESLA combines the advantages of digital signatures and Message Authentication Codes (MAC). The method of TESLA is discussed in the referred paper, and instead, we here discuss the concept of the TIK protocol for synchronization. It has been observed that the authentication delay of TESLA can be removed in an environment where the nodes' clocks are tightly synchronized, and the TIK protocol is based on this fact. TESLA requires that the MAC value of the packet is received earlier by the receiver than the time at which the TESLA key used for computing the MAC is disclosed by the sender. This can be achieved by sending the MAC value at the beginning of the transmission and disclosing the TESLA key at the end of the same transmission, as shown in figure-1. When the entire MAC is received, the receiver's clock shows:

tr + TMAC When the key disclosure is started, the sender's clock shows:

ts + TMAC + TPKT At the same moment, time at the receiver can be a minimum value of:

ts - Δt + TMAC + TPKT

Figure 1: Timing diagram to show the sequence of information correspondence between the sender and the receiver for them to synchronize in TIC, before they start to transmit data [2].

590

Hence, the receiver thus checks for the TESLA condition to be satisfied (i.e., the full MAC is received before any bit of the key with which it was computed is released), and the receiver can start the verification of the MAC essentially without any delay:

tr + TMAC < ts - Δt + TMAC + TPKT where ts is known to the receiver from the temporal leash in the packet. Clearly, in order for this to work, very precise timings are needed and, in particular, Δt must be very small (or otherwise packets need to be extremely long). After the phase of synchronization, the process of distance estimation begins. When sending a packet, the sender includes in the packet the time ts of sending the first bit of the packet. When receiving a packet, ts is compared to the time tr of receiving the first bit of the packet at the receiver. More precisely, the receiver computes an upper bound on its distance d′ to the sender as:

d′ = Vlight(tr – ts- Δt) [Vlight = Speed of light] (1) After that, the sender node will then calculate the trust values, or the rank of its neighbors, based on its predefined maximum range, or the maximum radius of its transmission, T. We consider in this case, that the defined range of ranks, R, for the neighbors is on a scale of 0 to 4. Thus, the value of d′, previously obtained from equation (1), is now compared to T, as shown in the table below. Table 1: Checking of d′ and T, and corresponding R

Distance Estimation Rank Assigned, R d′≤T/4 4

T/4<d′≤ T/2 3 T/2<d′≤3T/4 2 3RT/4<d′≤T 1

T>d′ 0 In figure 2, we see a node going though the phase of the ranked neighbor discovery. In this specific scenario, we consider T = 150m. Thus, the messages revealed three neighbors, A, B, and C, placed at 100m, 125m, and 50m respectively. Therefore, the assigned ranks to the respective nodes are shown table 2.

Table 2: Distance estimation results from figure 2 and the assigned ranks to the neighbors

Max Transmission Distance, T = 150 m

Node Distance of neighbor, d′ (m)

Rank Assigned, R

A 100 (T/2<d′≤3T/4) 2 B 125 (3RT/4<d′≤T) 1 C 50 (T/4<d′≤T/2) 3

With the trust ranks assigned to the discovered neighbors, the source node will update its routing table information in its cache. When the requirement arises for the routing of a packet, it will then go on to proceed with a security adaptive routing, discussed in the next sub-section. B. Security Adaptive Ad-Hoc On-demand Vector Routing (SA-AODV) The ad-hoc on-demand distance vector (AODV) routing is a routing protocol for Mobile Ad-hoc Networks (MANETs) and other wireless ad-hoc networks. AODV is capable of both unicast and multicast routing. The fact that AODV is a reactive protocol implies that it sets up a route only when it is required. AODV is, as we can see from the name, a distance-vector routing protocol. AODV avoids the counting-to-infinity problem of other distance-vector protocols by using sequence numbers on route updates. Considering the fact that AODV is a reactive protocol, and it avoids the counting to infinity problem, by the use of sequencing numbers, we will consider this to the basic backbone protocol for a security adaptive protocol, the SA-AODV.

Figure 2: A node going through the phase of neighbor discovery, and assigning ranks to them.

591

By the use of a RND algorithm, we were able to distinctively distinguish the wormholes present in the network. After that, we assigned the different levels of trust, denoted by the rank value, and did never discard any information about any node, may that be an adversary, or a valid node. When a route is requested from a source node, A, to a destination node, B, in AODV, a route request is broadcasted. In this case, the basic principal will be same, but the only difference lies in the fact that, before a route request is broadcasted, the security level requirement has to be defined, being called here as the Minimum Security Level (MSL), from a MSL-Database (MSL-DB). This will be done on a predefined scaling basis, related to the rank values for the nodes. Thus, with a security requirement level, the node now directively broadcasts the route request only to the nodes with a minimum level of trust. This specific operation is being possible to be implemented, as because AODV is able to unicast, as well as multicast. The neighbors, upon receipt of the request, will react the same way, as it is done in the traditional AODV, except for the slight change in the way it rebroadcast, as mentioned above. The process of directive broadcasting, with reference to the MSL, will help the Route Requests reach the destination, but through a route, which has a defined MSL, with respect to its physical distance estimation. Thus, upon receipt of the Route Request by the destination node, it sends back the Route Reply.

Therefore, the route discovery mechanism will return a path from the source to the destination, with a defined security requirement, defined here as a Security Adapted Route (SAR). In case a route is not being able to be established with the initial MSL, with which the Route Request was broadcasted, an Error packet will be generated. The source node will be notified of the fact that the route request that has been sent is not returning a path with the defined MSL. In this scenario, the source will now define a new minimum MSL, by decrementing the MSL value, and will rebroadcast the Route Request to a new set of nodes. This pro-activity ensures that no matter what is the current state of the network, we will always get the best route with the required security level for a specific demanded link for a specific application, from a source to a destination. In figure-3, a scenario for routing in SA-AODV is demonstrated. As to the figure, it can be seen a source node at first determines the MSL from the database (step 1). The Route Request is then directively broadcasted to only those nodes, with rank equal to or greater to MSL (step 2). Each and every subsequent node, that receives the Route Request, forwards the packet, maintaining the MSL requirement (step 3). As the Route Requests are being forwarded in this manner, a node receives the request, and finds an entry on its routing table being maintained in its cache. The node then sends the Route Reply back to the source node, with the route information for the SAR (step 4). As the

Figure 3: The steps (1 to 5) for routing in SA-AODV

592

routing is being done from the source to another node, there might be a lot of packets being circulated in loops, and also nodes which does not have any neighbors with the defined MSL. For these cases, as soon as the nodes find a packet with an old sequence number, or the node does not find any neighbors to forward it to, the packet is dropped (step 5), and this ensures that the network is not jammed with unwanted and useless Route Request packets. If a route is not found, after a certain time-to-live (TTL), a new request is broadcasted, with a decremented value of MSL (step 6). C. The Security Adaptive Protocol as a Solution The proposed model is only a theoretical model, designed with the main objective of focusing on the security issues of a wireless environment. The main egress of wireless communication is the challenge of physical distances to be doled out by the routing protocol. This loophole is the vulnerability which adversary nodes try to explore, and thus, when dealing with a secured application over the wireless network, it is a valid trade off with the overall performance of the network if security is concerned. If the advantages of the model are mooted upon, the following features will be exposed: • Sender and receiver are synchronized before the

transmission begins. • Exchange of keys ensures authenticity of the

transmission. • An upper bound for the real physical distances is

being estimated. • Wormholes and tunnels are being discovered. • Ranks for the trust values are being assigned, which

ensures the validity of the positions of the nodes. • The MSL for different applications ensures the

communicating nodes of the security requirement. • The adjustment of the MSL ensures that at any

present time, the most secured path available is always returned.

• The feature of directive broadcasting of route requests ensures minimum number of packets in the network.

• The use of sequence numbers let the nodes identify the old useless request packets, keeps the network free from unnecessary traffic.

The model is definitely not the best proposal for any ideal wireless environment. The exchange of keys, the synchronization, and the other security features will definitely reduce the level of performance. The additional field of MSL will also increase the size of the route request packets, and thus again, slowing down the process. There will also be the requirement to introduce a database to maintain the MSL for the different

applications. The mobility of the nodes is also a concern. This is because, after the phase of discovery, between the periods of the beaconing, if the nodes are displaced from their reference positions there will again be the factor of lost packets.

V. Future works and conclusion This proposed model, being on theoretical grounds, does not ensure the optimum performance in implementation levels. Thus, close to real world simulations will be the next focus for the continuum on this topic. Apart from that, cryptographic viewpoints are also being considered, and forthcoming works are intended to include them too. There are always a lot of scopes for improvement for advanced technologies. For wireless networks, being the most researched arena, continual improvements, and better and more efficient techniques are being developed every day. Even after all these, we can never be able to make the ultimate optimum protocol, ideal for all sorts of environments, platforms, and applications. All we can try to do is to generate the best option for a specific wireless environment.

References

[1] Panos Papadimitratos, Marcin Poturalski, Patrik Schaller, Pascal Lafourcade, David Basin, Srdjan Capkun, Jean-Pierre Hubaux - Secure Neighbour Discovery: A Fundamental Element for Mobile Ad Hoc Networking, IEEE February 2008.

[2] Levente Buttyán and Jean-Pierre Hubaux - Security and cooperation in Wireless Networks, July 27, 2007.

[3] YihChun Hu, Adrian Perrig, David B. Johnson - Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols, September 2003.

[4] Menezes, P. van, Oorschot, and S. Vanstone - Handbook of Applied Cryptography.

[5] Yih-Chun Hu, Adrian Perrig, David B. Johnson - Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks.

[6] Amit Kumar Saha, Khoa Anh To, Santashil PalChaudhuri, Shu Du, David B. Johnson - Physical Implementation and Evaluation of Ad Hoc Network Routing Protocols using Unmodified Simulation Models, April 2005.

[7] David B. Johnson and David A. Maltz - Dynamic Source Routing in Ad Hoc Wireless Networks in Mobile Computing, edited by Tomasz Imielinski and Hank Korth, Kluwer Academic Publishers, 1996.

[8] Charles E. Perkins and Elizabeth M. Royer - Ad-Hoc On-Demand Distance Vector Routing, February 1999.

[9] A. Perrig, R. Canetti, J. D. Tygar, and D. Song - Efficient authentication and signing of multicast streams over lossy channels. In Proceedings of the IEEE Symposium on Research in Security and Privacy, May 2000.

593