Djenouri Djamel & Nadjib Badache

LSI-TR0704

Apri 2004 l

Two hops ACK, A New Approach for Selfish Nodes Detection in Mobile Ad hoc Networks Djamel DJENOURI§ , Nadjib BADACHE‡ §: Basic Software Laboratory, CERIST, Algiers, Algeria E − mail: [email protected] ‡: Computer Science Department, University of Science and technology, Algiers, Algeria E − mail: [email protected]

Abstract The resource limitation of nodes used in the ad hoc network, particulary the energy limitation, along with the multi-hop nature of this network may cause a new phenomena which does not exist in the traditional networks. To save its energy, a node may behave selfishly, thereby it uses the forwarding service of other nodes, but it does not forward packets for them. This deviation from the correct behavior represents a potential threat against the service availability , which is one of the most important security requirements. Recently, some solutions have been proposed, however, almost all these solutions rely on the watchdog [1] technique which contains many problems. In this paper, we propose the two hops ACK ; a new approach to mitigate these problems Key words: mobile ad hoc networks, security, selfishness, packet forwarding, energy consumption, power control

1.

Introduction

A mobile ad hoc network (MANET) is a temporary infrastructureless network, formed by a set of mobile hosts that dynamically establish their own network on the fly, without relying on any central administration. Mobile hosts used in MANET have to ensure the services that were ensured by the powerful fixed infrastructure in traditional networks, the packet forwarding is one of these services. In some MANETs applications, such as the battlefield or the rescue operations, all the nodes have a common goal and their applications belong to a single authority. For this reason, the nodes are cooperative by nature. However, in many civilian applications, such as networks of cars and provision of communication facilities in remote areas, the nodes typically do not belong to a single authority and they do not pursue a common goal. In such networks, forwarding packets for other nodes is not in the direct interest of any node, so there is no good reason to trust nodes and assume that they always cooperate. Indeed, nodes try to save resources, particulary, each node tries to save its battery power which is a precious resource. Recent studies show that most of the nodes energy in MANETs is likely to be devoted to forward packets in behalf of other nodes. For instance, Levente Buttyan and jean-pierre Hubaux simulation studies [2] show that when the average number of hops from a source to a destination is around 5, then almost 80% of the transmission energy will be devoted to packet forwarding. Therefore, to save energy, the nodes may misbehave and tend to be selfish, a selfish node regarding the packet forwarding process is a node which take advantage of the forwarding service and ask others to forward its own packets, but it does not participate in this service. Some solutions have been Recently proposed, however, almost all these solutions rely on the watchdog [1] technique which contains many problems that will be presented latter. To mitigate these problems we propose a new technique which we call two hops acknowledgment. The remainder of this paper is organized as follows: In the next section we present the related work, and we briefly present the watchdog technique in section 3. Section 4 is devoted to the presentation of 1

Two hops ACK, A New Approach for Selfish Nodes Detection in Mobile Ad hoc Networks

our solution. Finally, section 5 concludes the paper and summarizes the future works.

2.

Related work

The emergent problem of selfishness in MANETs has Recently received attention among researchers, and some solutions have been proposed. In our previous work [3] we have surveyed these solutions and classified them into two main categories; reactive solutions that aim at detecting the misbehavior when it appears in the network, and preventive solutions which try to inhibit the misbehavior either by motivating nodes to cooperate or by taking measures to prevent packets from being dropped. To the best of our knowledge, Sergio et al are the firsts who dealt with the problem of selfishness on packet forwarding in MANETs. In [1] they define two techniques which they call watchdog and pathrather, the former is to identify misbehaving nodes whereas the latter helps the routing protocol to avoid these nodes. These techniques are used along with DSR [4] to built a misbehavior mitigating routing protocol, the watchdog was used by almost all the subsequent proposed reactive solutions, nevertheless, this technique has many drawbacks, as it will be shown later. In [5] Yang et all describe a unified network layer solution to protect both routing and data forwarding in the context of AODV. Pietro Michiardi and Refik Molva [6] suggest a generic reputationbased mechanism, namely CORE (Collaborative Reputation Mechanism to enforce node cooperation in MANETs), it is supposed to be easily integrated with any network function. Another reputation-based solution is proposed by Sonja Buchegger and Jean-Yves Le Boudec [7], they propose a protocol called CONFIDANT (Cooperation Of Nodes Fairness in Dynamic Ad hoc Networks), it relies on the DSR [4] routing protocol wich is used as benchmark in their GloMosim-based simulation study performed to evaluate the new DSR fortified by CONFIDANT. All these solutions, however, rely on the watchdog technique, then they inherit all the watchdog’s problems. Levente Buttyan and Jean-Pierre Hubaux [8] propose a preventive economic-based approach which stimulates the nodes to cooperate, this solution is modelized and analyzed in their further work [2]. They introduce what they call virtual currency or nuglets, a long with mechanisms for charging/rewarding service usage/provision. The main idea of this technique is that nodes which use a service must pay for it (in nuglets) to nodes that provide the service. Another preventive mechanism is the game theory approach, in [9] Vikram Srinivasan et al propose a solution to stimulate cooperation based on this approach. In this solution nodes are sometimes allowed to refuse the participation in the data forwarding process, we think this can presents a potential risk of the service unavailability. These preventive solutions just motivate nodes to cooperate, but do not aim at detecting the misbehaving nodes and do not inhibit nodes to behave selfishly. In [10] Panagiotis Papadimitratos and Zygmunt J.Haas present the SMTP protocol, it prevents the selfishness effects (packets lost) by dispersing packets, and detects it by employing the end-to-end feedbacks, this kind of feedbacks allows the detection of the routes containing selfish nodes but fails to detect these selfish nodes.

3.

Overview of watchdog

The watchdog method is a basic technique on which many further solutions rely. It aims to detect misbehaving nodes that do not forward packets by monitoring neighbors in the promiscuous mode. A node A transmits a packet to B to forward to C, A monitors B’s forwarding by promiscuously listening to all the packets sent in its neighborhood. The watchdog is implemented at A by maintaining a buffer of the recently sent packets and comparing each overheard packet with the packets in the buffer to see if there is a match. If so, the packet in the buffer is removed and forgotten by the watchdog, since it has been forwarded. If a packet has remained in the buffer for longer than a certain timeout, 2

LSITR-0704

the watchdog increments a failure tally of the node responsible for forwarding the packet, if the tally exceeds a certain threshold, the monitor (node A) determines that the node B is misbehaving and sends a message to the source notifying it of the misbehaving node. The watchdog technique supposes that each transmission can be overheard by all neighbors if no collusion take place, however, this assumption is not inevitably correct when the transmission power is not constant. For instance, the use of the power control technique [11], like in the recently proposed power-aware routing protocols [12, 11], renders some nodes unable to overhear transmissions even though they are within the sender’s power range. In this case we remark a serious problem when using the watchdog, namely the possibility of false detections (false positives in Intrusion Detection Systems terminology). Assume that B uses controlled powers, and the required power from B to C is less than the one needed to reach A from B, thereby the packets sent from B to C will not be received at A. The node A may accuse wrongly B as misbehaving even though it forwards packets to C. Hence the watchdog fails when the power control technique is employed, the purpose of our proposal is to overcome this problem. Moreover,this technique cannot detect the misbehavior in many cases, in [3] we have presented and analyzed all these cases. For space limitation, we just cite them: 1. Partial dropping: node B can circumvent the watchdog by dropping packets at a lower rate than the watchdog’s configured minimum misbehavior threshold 2. Receiver collusion: after a collusion at node C, B could skip retransmitting the packet without being detected by A 3.False misbehavior: A node may falsely report other innocent nodes in its neighborhood as misbehaving to avoid getting packets to forward 4. Insufficient transmission power: B can control its transmission power to circumvent the watchdog. if A is closer to B than C, then B could attempt to save its energy consumed for forwarding packets by adjusting its transmission power such that the power is strong enough to be overheard by the previous node (A) but too weak to be received by the true recipient (C) 5. Cooperated misbehavior: B and C could collude to cause mischief. In this case, B forwards a packet to C but does not report to A when C drops the packet.

4. 4.1.

The new approach Solution overview

In this paper we define a new approach to mitigate the watchdog problem related to the power control usage. In our approach, like in the watchdog, each node monitors the forwarding of each packet it sends. A source routing protocol is assumed to be used. To explain the concepts we suppose without lose of generality that A sends packets to B and monitors its forwarding to C. We define a new kind of feedbacks that we call two hops ACK, it is an ACK that travels two hops, node C acknowledges packets sent from A, it sends this latter,via B, a spacial ACK. the node B could, however, escape from forwarding the packet without being detected by sending A a falsified two hops ACK. Not that performing in this way is power economic for B since sending a short packet like an ACK consumes too less energy than sending a data packet. To avoid this vulnerability we use an asymmetric cryptographic based strategy as follows: Node A generates a random number and encrypts it with C’s public key (PK) then appends it in the packet’s header as well as A’s address, when C receives the packet it gets the number back, decrypts it using its secret key (SK), encrypts it using A’s PK and puts it in a two hops ACK, this packet is 3

Two hops ACK, A New Approach for Selfish Nodes Detection in Mobile Ad hoc Networks

Figure 1: Solution’s framework

sent back to A via B, A decrypts the random number and checks if the number within the packet match with the one it has generated to validate the B’s forwarding regarding the appropriate packet. However, if B does not forward the packet, A will not receive the two hops ACK then it will be able to detect this misbehavior after a time out. This strategy needs a security association between each per of nodes to ensure that nodes share their PK with each other. This requires a key distribution mechanisms which is out of the scope of our purpose, anyway, a mechanism like [13] or [14] can be used. Another problem whould take place when the node C misbehave, if C does neither forward the packet nor send the two hops ACK back to A, B could be supposed by A to not forward the packet even it actually does. To overcome this problem we propose that the sending of the two hops ACKs is provided implicitly upon the reception of the packet at the MAC layer, and we assume that lower layers (the MAC and physical layers) are robust and tamper resistance, this can be ensured by the hardware and the operating system of each node. However, the upper layer including the network layer may be tampered by a selfish or a malicious. That is the operations of the lower layers cannot be modified by any node. Hence the node C could not escape from sending the two hops ACK back to A upon the reception of the packet, thereby the B’s monitoring is performed accurately. We point out that our assumption on the robustness of lower layers does not mean that a node cannot send a falsified packet. Our solution is composed of two parts, the first one is located at the network layer and can be viewed as a sub layer at the bottom of this layer, whereas the second one is located in the MAC layer and is a sub layer at the top of this latter. Figure 1 illustrates this framework.

4.2.

The protocol

Each node, except the destination, is monitored by the previous node. To monitor its successor, each node i adds the random number it generates for each packet encrypted with its successor’s successor PK along with i’s address to each packet it receives from the routing protocol, and maintains the generated random number as well as the monitored node (i’s successor) address in an entry within the Wait2HopsACK buffer. When a packet is received from another node X, i’s MAC component automatically generates and sends X back a two hops ACK after encrypting and decrypting again the random number as described previously. The Network layer component removes the appropriate entry upon the reception of the two hops ACK, and as a timeout is associated to each entry, the luck of the two hops ACK after the timeout results in the increasing of the rating regarding the appropriate forwarder node. a node is considered as selfish if its rating exceeds a given threshold. Like in the watchdog, we use this rating and we do not accuse directly the forwarder, because lost of packets may be caused by channel conditions or nodes mobility and is not inevitably du to an intentional misbehave. Algorithm 1 and 2 describes respectively the network component and the MAC component. 4

LSITR-0704

Algorithm 1 Network module of solution 1 When receive a packet D from the routing protocol to send to node X (X either the next hop or the destination and i is either the source or a forwarding node): if (X 6= D’s destination) then R = a generated random number Y = X’s successor in the source route append (RPY , i) to D’s header add(R,X) to the buffer Wait2HopsACK end if send D to X When receive a packet D from the MAC protocol sent by X: if X 6= D’s source then remove the random number generated by X’s predecessor from the header along with the corresponding node address end if send the packet to the network layer protocol When receive a two hops ACK packet TwoHopsACK from the MAC layer component R0 = T woHopsACK.RandSI if (R0 , T woHopsACK.sender) ∈ W ait2HopsACK then remove (R’,TwoHopsACK.sender) from Wait2HopsACK end if When a timeout out of a Wait2HopsACK entry (R,X) is exceeded increment the rating regarding node X if X’s rating > threshold then consider X as a misbehavior end if

Algorithm 2 MAC layer located component of solution 1 when receive a packet D sent by X from the MAC protocol if X 6= D 0 ssource then Y = X’s predecessor in the source route Get the random number R generated by y R 0 = R SI R00 = R0P Y construct a two hops ACK packet TwoHopsACK TwoHopsACK.Rand= R00 TwoHopsACK.sender=I TwoHopsACK.dest=Y send two hops ACK to X end if pass the packet up to the network component when receive a two hops ACK packet TwoHopsACK if TwoHopsACK.dest 6= i then TwoHopsACK.sender=i forward TwoHopsACK to TwoHopsACK.dest else pass the packet up to the network layer component end if

5

Two hops ACK, A New Approach for Selfish Nodes Detection in Mobile Ad hoc Networks

5.

Conclusion and future work

As we have seen, the watch dog technique, which is used by almost all the solutions currently proposed to detect the selfish nodes on packets forwarding in MANETs, fails when the power control is employed. In this paper, we have proposed a new approach that overcomes this problem. Unlike the end to end ACK, our approach allows to detect the misbehaving node. Moreover, it resolves the problems related to cases 2 and 4 of the watchdog (section3). Nevertheless, our solution requires an important overhead. If we assume the average path length is H hops, the communication complexity is: O 2*(H-1) two hops ACK transmissions for each packet. As a perspective, we plan to improve the solution and decrease the overhead by aggregating each n two hops ACK on just one, that is each n successive packets will be acknowledged by just one two hops ACK. This will decrease the overhead and divides its complexity by n. We also plan in our further research to proof the correctness of our protocol, to conduct an analytic study, and to evaluate its performance by simulation. We also intend to complete the proposal by given rigorous definitions to the threshold used, to define actions that have to be taken when a node is accused as a selfish, and to define mechanism allowing nodes to exchange their knowledge regarding nodes that behave selfishly.

References [1] S. Marti, T. Giuli, K. Lai, and M. Baker. Mitigating routing misbehavior in mobile ad hoc networks. In ACM Mobile Computing and Networking, MOBICOM 2000, pages 255–65, 2000. [2] L. Buttyan and J.-P. Hubaux. Stimulating cooperation in self-organizing mobile ad hoc networks. ACM/Kluwer Mobile Networks and Applications, Vol 8, N 5, October 2003. [3] Djamel Djenouri and Nadjib Badache. Selfishness an emergent threat on packet forwarding in mobile ad hoc networks. LSI Technical report, LSI-TR0604, University of Scinece and technology houari boumediene, Algiers, Algeria, April 2004. [4] B.Johnson David and A.Maltz David. Dynamic source routing in ad hoc wireless networks. Mobile Computing, Chapter 5, pages 153–181, 1996. [5] X. Meng H. Yang and S. Lu. Self-organized network layer security in mobile ad hoc networks. In ACM MOBICOM Wireless Security Workshop (WiSe’02), Georgia, Atlanta, USA, September 2002. [6] Pietro Michiardi and Refik Molva. Core: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks. In Communication and Multimedia Security 2002 Conference, Portoroz, Slovenia, September 26-27 2002. [7] Sonja Buchegger and Jean-Yves Le Boudec. Performance analysis of the confidant, protocol cooperation of nodes fairness in dynamic ad hoc networks. In Third ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc’02), Lausanne, Switzerland, pages 80–91, June 2002. [8] L. Buttyan and J.-P. Hubaux. Nuglets: a virtual currency to stimulate cooperation in selforganized mobile ad hoc networks. Technical report No. DSC/2001/001, Swiss Federal Institution of Technology, Lausanne, Switzerland, January 2001. [9] Vikram Srinivasan, Pavan Nuggehalli, Carla F.Chiasserini, and Ramesh R.Rao. Cooperation in wireless ad hoc networks. In IEEE INFOCOM’03, San Francisco, California, USA, April 2003. [10] Panagiotis Papadimitratos and Zygmunt J. Haas. Secure data transmission in mobile ad hoc networks. In ACM MOBICOM Wireless Security Workshop (WiSe’03), San Diego, California, USA, September 2003. 6

LSITR-0704

[11] Sheetalkumar Doshi and Timothy Brown. Minimum energy routing schemes for a wireless ad hoc network. In IEEE INFOCOM 2002, 2002. [12] Djamel Djenouri and Nadjib Badache. An energy efficient routing protocol for mobile ad hoc network. In The second proceeding of the Mediterranean Workshop on Ad-Hoc Networks, MedHoc-Nets 2003, Mahdia, Tunisia, pages 113–122, 25-27 June 2003. [13] Seung Yi and Robin Kravetso. Moca : Mobile certificate authority for wireless ad hoc networks. In The second anunual PKI research workshop (PKI 03), Gaithersburg, 2003. [14] Srdjan Capkun, Levente Buttyan, and Jean-Pierre Hubaux. Self-organized public-key management for mobile ad hoc networks. IEEE Transactions on Mobile Computing, Vol.2, No.1, pages 52–64, January 2003.

7

LSI-TR0704 Apri l 2004

contains many problems. In this paper, we propose the two hops ACK; a new approach to mitigate these problems. Key words: mobile ad hoc networks, security, ...
Download PDF
247KB Sizes 0 Downloads 187 Views
Report

Recommend Documents

Sydow, J., Lindkvist, L., & DeFillippi, R. (2004).
Sydow, J., Lindkvist, L., & DeFillippi, R. (2004 ... IN-EUROPEAN GROUP FOR ORGANIZATIONAL STUDIES.pdf. Sydow, J., Lindkvist, L., & DeFillippi, R. (2004) .
l=k vxLr 2004 ds fy;s -
eksVj eSd sfud. 221. osYMj ¼xSl ,aM bysfDVªd½. 32 midj.k ;kaf=dh. 221. osYMj ¼xSl ,aM bysfDVªd½. 116. VuZj. 116. vkbZ-Vh-bZ-,l-,e. 226. dfVax ,aM Lohbax.
l|||l|||||l||||||||l
Jun 15, 2007 - 3/2005. (64) Patent No.: 8,067,038. * cited by examiner. Issued: Nov. 29, 2011. _. App1_ NO;. 123,041,875. Primary Examiner * Michael Meller.
l|| |||l| |||l| ||l|| "ill III III"
Aug 3, 2004 - This invention relates generally to techniques for utilizing interactive .... ing procedure in advance, so that the personal channel pro gram is ready for ..... illustration, and in alternate embodiments, the present inven tion may ...
@ \l. l. l.
Primary Examiner—Louis S. Zarfas. [22] Flled'. NOV' 30' 1996. Assistant Examiner—Monica A. Weingart. [51] LOC (6) Cl. ....................................................... .. 22-01.
L-Cysteinyl-L-prolyl-L-alanyl-L-valyl-L-lysyl-L-arginyl-L-aspartyl-L ...
... Signature on file. Date: 07 June 2017. Contact for inquiries from interested parties: Rod Hafner. Telephone: +44 1865 598078. Email: [email protected].
l||||l
Dec 22, 2000 - Lee et al., 1993 43rd IEEE Vehicular Technology Confer. 5,305,308 A ... dom Through Wireless Technology, PacTel Corporation,. 5,313,461 A ...
l|||l
Dec 14, 2012 - A long-felt but unful?lled need in the art is a system to reduce the transactional .... 1 (prior art) is an illustration of the current state-of the-art. FIG.
l||||l
Primary Examiner * John Strege. (64) patent NO':. 7'480'396. (74) Attorney, Agent, or Firm * Stevens LaW Group; David. Issued: Jan. 20, 2009. R Stevens.
l||||l
e?icient than opening many different ?les to “build-up” a speci?c con?guration of an .... desktop, portable, rack-mounted or tablet con?guration. Additionally, the ...
ll|l|||||l|||llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
Jul 5, 1995 - [57]. ABSTRACT. A synthetic color arrangement for a night vision inclusive .... and a power supply or energy source, 204, for the other FIG. 2 elements. .... tion provides an alternative and more informative output display for an ...
3 -l-l- 6
memory allocation functions, array of pointers, programming applications' pointers to ... Computer Programming & Data Structures, E Balagurusamy' 4'n edition ...
l||||l
PA (Us); P0111 strange, Princeton ... 2006, and provisional application N0~ 60/863,673, ?led 0n ... and device involve applying a Fourier approximation to.
l||||l
Assume that at certain temperature changes, ATL and ATS, louver 12 and shield 24 are coupled as shoWn in FIG. 3C. Louver 12 rotates through an angle 6L ...
( ) ( ) ( )L ( ) ( ) ( )L ( )
(a)Color source, (b)Photoshop Gray, (c)Color2Gray, (d)Proposed, (e)PCA Gray ... (c) Direct embedding (d) Poisson embedding (e) Photoshop Gray (f) PCA Gray.
l||||l
Jul 5, 2011 - YeW, ” Science 260Z214*216, Apr. 9, 1993. 2005'. Wani .... Sheet 16 0119 m. .ME iczea?m R: F3d. _ _ .O. _ u. 13. %. LOW w. G] | lw. [Fm m. U.
l||||l
Eric C. Hansen, Norfolk, VA (US). An unmanned ?oating platform is provided for continual ... (60) ggégisional application N°~ 61/005,117, ?led 011 MW 26,.
l||||l
Papadopoulos, C.V.; discloses heterogeneity of distributed databases. (73) ASSignee: ... protocol for main memory database systems Parallel and Distributed.
i i l A/V l l
Jul 20, 2006 - mation on a selected object in a selected program; a data processor Which receives broadcasting signals, selects and demodulates from the received broadcasting signals the selected program, and separates additional information from the
l|||l|llllllllIlllllllllllllllllllllllllllllllllllllIllllllllllllllllllllll
Jun 8, 1992 - blade has been the forming of grooves or recesses on the . periphery of the inking roller. The ink beads that accu mulate are pushed into these ...
l B3 l
fabrication process has been attracting considerable atten tion, because the ..... compounds prepared by epoxidating a double bond contained in the molecule ...
4 -l-l- 4
Condensers, Chimney and cooling towers. Nuclear Power Stations: Nuclear Fission and Chain reaction, Nuclearfuels, · Principle of operation ol Nuclear reactor, ...
2004 COM.pdf
May 8, 2004 - OX1 3SR, United Kingdom. Ãe-mail: [email protected] ... cells in uncontaminated rhizosphere soil than bulk soil, indicating the presence of ... 'field application vector' approach reported by Lajoie et al. [23], who engineered a ...