sac om 20003
TRANSCRIPT
-
8/2/2019 Sac Om 20003
1/39
SUBMITTED BY :-Agrim Saraswat
Dhruv SomaniSourabh Modi
-
8/2/2019 Sac Om 20003
2/39
Ant colony optimization (ACO), a swarm
intelligence technique takes inspiration from the foraging
behavior of some ant species. These ants deposit pheromoneont he ground in order to mark some favorable path thatshould be followed by other members of the colony. Antcolony optimization exploits a similar mechanism for solvingrouting problem in MANETs.
-
8/2/2019 Sac Om 20003
3/39
Mobile ad hoc networks (MANETs)Manets are infrastructure-less networks consisting of
wireless mobile nodes which are organized in peer-to-peer and autonomous fashion. Initial work in ad hocrouting using ACO has considered only the problem ofproviding efficient mechanisms for finding paths in verydynamic networks, without considering security. Becauseof this, there are a number of attacks that hinders thesystems normal behavior. In this paper we introduceSACOM framework which incorporates securitymechanisms into routing protocols using ACO for ad hocnetworks. In addition, SACOM is developed for preventingWormhole Attack in the system without using specialized
hardware.
-
8/2/2019 Sac Om 20003
4/39
A mobile ad-hoc network (MANET) is a collection of nodescapable of movement and connected dynamically in an
arbitrary manner. Nodes of these networks function as
routers which discover and maintain routes to other nodes in
the network. The issue in MANETs is that routing protocolsmust be able to respond rapidly to topological changes in the
network. At the same time the amount of control traffic
generated by the routing protocols must be kept at a
minimum due to the limited available bandwidth through
radio interfaces.
-
8/2/2019 Sac Om 20003
5/39
Several protocols dealing with the problemsof routing in mobile ad-hoc networks have been developed.These protocols are -(a) Proactive or table driven and(b) Reactive or on demand driven.Proactive routing protocols attempts to maintain
consistent, up-to-date routing information from each node toevery other node all times. Theses protocols require eachnode to maintain on or more tables to store routinginformation and respond to topological changes bypropagating updates through the network. Thus using a
proactive protocol, a node is immediately, able to route ordrop a packet.
-
8/2/2019 Sac Om 20003
6/39
Hence the primary goal in a mobile network is to efficiently
establish one or more routes between two nodes so that theycan communicate reliably. Such a network is characterized bythe following challenges.
1) The network topology can change dynamically due to therandom movement of nodes.
2) Also any node may leave/join the network and the protocolmust adapt accordingly.
3) Although no guarantee of service can be provided, theprotocol must be able to maximize the reliability of packet inthe network for the given conditions.
-
8/2/2019 Sac Om 20003
7/39
With these factors in mind, the key parameters toface while designing a routing protocol are:
1) Effective Routing
2) Congestion Avoidance
3) Energy Consumption
4) Load Balancing
-
8/2/2019 Sac Om 20003
8/39
-
8/2/2019 Sac Om 20003
9/39
Ant colony optimization (ACO)[1] ACO is a stochastic approach for solving combinatorial
optimization problems like routing in computer networks.The idea of this optimization is based on the observation ofhow ants optimize food gathering in the nature.
[2] A pheromone trail and a heuristic pheromone value is beenused. A folk of ants move on the adjacent paths concurrentlyand asynchronously to find an optimum solution. Each antselects the next hop by making a stochastic decision usingthe existing pheromone trails and heuristic information.
-
8/2/2019 Sac Om 20003
10/39
[3] The solution is built incrementally as the ants move fromone node to another node. While moving on the path, anant evaluates this solution and deposits pheromone on itsway. This pheromone trail will be used by the future antsto make a routing decision
[4]. Ad-hoc wireless networks are increasing in popularity,
due to the spread of laptops, sensor devices, PDA andother mobile electronic devices. These devices willeventually need to communicate with each other
[5]. In some cases, without an adequate infrastructure to relyon the network must work properly.
-
8/2/2019 Sac Om 20003
11/39
Securing protocols for mobile ad hocnetworks presents unique challenges due tocharacteristics such as lack of predeployed
infrastructure, centralized policy and control.In this paper, we make a number ofcontributions to the design of secure ad hocrouting protocols.
-
8/2/2019 Sac Om 20003
12/39
A. Attacks Using Modification1) Redirection by Modified Route Sequence Numbers:
2) Redirection with Modified Hop Counts:
3) Denial-of-service with Modified Source Routes:
4) Tunneling:
-
8/2/2019 Sac Om 20003
13/39
B. Attacks Using ImpersonationC. Attacks Using Fabrication1) Falsifying Route Errors in AntHocNet:
2) Route Cache Poisoning in AntHocNet:
-
8/2/2019 Sac Om 20003
14/39
When node S wants to send a packet to node
D, but does not know a route to D, node Sinitiates a route discovery
Source node S floods Route Request (RREQ)
Each node appends own identifierwhenforwarding RREQ
-
8/2/2019 Sac Om 20003
15/39
B
A
S E
F
H
J
D
C
G
I
K
Z
Y
Represents a node that has received RREQ for D from S
M
N
L
-
8/2/2019 Sac Om 20003
16/39
B
A
S E
F
H
J
D
C
G
I
K
Represents transmission of RREQ
Z
YBroadcast transmission
M
N
L
[S]
[X,Y] Represents list of identifiers appended to RREQ
-
8/2/2019 Sac Om 20003
17/39
B
A
S E
F
H
J
D
C
G
I
K
Node H receives packet RREQ from two neighbors:potential for collision
Z
Y
M
N
L
[S,E]
[S,C]
-
8/2/2019 Sac Om 20003
18/39
B
A
S E
F
H
J
D
C
G
I
K
Node C receives RREQ from G and H, but does not forwardit again, because node C has already forwarded RREQ once
Z
Y
M
N
L
[S,C,G]
[S,E,F]
-
8/2/2019 Sac Om 20003
19/39
B
A
S E
F
H
J
D
C
G
I
K
Z
Y
M
Nodes J and K both broadcast RREQ to node D
Since nodes J and K are hidden from each other, their
transmissions may collide
N
L
[S,C,G,K]
[S,E,F,J]
-
8/2/2019 Sac Om 20003
20/39
B
A
S E
F
H
J
D
C
G
I
K
Z
Y
Node D does not forward RREQ, because node Dis the intended targetof the route discovery
M
N
L
[S,E,F,J,M]
-
8/2/2019 Sac Om 20003
21/39
Destination D on receiving the first RREQ,
sends a Route Reply (RREP)
RREP is sent on a route obtained by reversingthe route appended to received RREQ
RREP includes the route from S to D on whichRREQ was received by node D
-
8/2/2019 Sac Om 20003
22/39
B
A
S E
F
H
J
D
C
G
I
K
Z
Y
M
N
L
RREP [S,E,F,J,D]
Represents RREP control message
-
8/2/2019 Sac Om 20003
23/39
Node S on receiving RREP, caches the route
included in the RREP
When node S sends a data packet to D, theentire route is included in the packet header hence the name source routing
Intermediate nodes use the source routeincluded in a packet to determine to whom apacket should be forwarded
-
8/2/2019 Sac Om 20003
24/39
B
A
S E
F
H
J
D
C
G
I
K
Z
Y
M
N
L
DATA [S,E,F,J,D]
Packet header size grows with route length
-
8/2/2019 Sac Om 20003
25/39
Route Maintenance
Certification of Authorized Nodes
Authenticated Route DiscoveryForward Ant
Authenticated Route SetupBackward Ant
-
8/2/2019 Sac Om 20003
26/39
On demand protocol
Uses certified HELLO packet.
If node recieves HELLO,new node added.
Excepts HELLO from nth every
A message broadcasted by A to its neighbor
-
8/2/2019 Sac Om 20003
27/39
1) SACOM uses cryptographic certificates tobring authentication
2) SACOM requires the use of a trustedcertificate server CSer,whose public key isknown to all valid nodes.
3) Nodes use these certificates toauthenticate themselves to other nodes
during the exchange of routing messages 4) keys are a priori generated and exchanged
-
8/2/2019 Sac Om 20003
28/39
5) Before entering the ad hoc network, eachnode must request a certificate from CSer.
6) A node A receives a certificate from CSeras follows:
-
8/2/2019 Sac Om 20003
29/39
-
8/2/2019 Sac Om 20003
30/39
1) Goal of end-to-end authentication is forthe source to verify that the intendeddestination was reached
2) The source node A, begins route in
stantiation to destination X by broadcastingthe Forward Ant to its neighbors:
-
8/2/2019 Sac Om 20003
31/39
3) Ant includes- Ant identifier (FA)
The IP address of the destination ( IP)
A's certificate(CT) Sequence number S
4) Purpose of the S is to uniquely identify anFA coming from a source.
5)Each time A performs route discovery, itmonotonically increases the S.
-
8/2/2019 Sac Om 20003
32/39
6) When a node receives an FA, it sets up areverse path back to the source by recordingthe neighbor from which it received the ant.
7) The receiving node uses A's public key,
which it extracts from A's certificate, tovalidate the signature and verify that A'scertificate has not expired.
8) Let H be a neighbor that has receive fromAthe forward ant, which it subsequentlyforwarded.
-
8/2/2019 Sac Om 20003
33/39
9) Upon receiving the forward ant, H'sneighbor R validates the signatures for bothA, the FA, and H.
10) the neighbor it received the forward ant
from, using the certificates in the forward ant
11) R then removes H's certificate andsignature, records H as its predecessor, signsthe contents of the message originallybroadcast by A and appends its owncertificate.
-
8/2/2019 Sac Om 20003
34/39
1) After receiving the forward ant, the destinationunicasts a Backward Ant packet back along thereverse path to th source
2) Let the first node that receives the BackwardAnt sentby X be node M
3) The Backward Ant includes-
A packet type identifier(BA)
IP address of A( IP)
Certificate belonging to X (CT)
The sequence number S sent by A
-
8/2/2019 Sac Om 20003
35/39
4) Nodes that receive the Backward antforwards the packet back to the predecessorfrom which they received the original Forwardant.
5) Each node along the reverse path back tothe source signs the Backward Ant andappends its own certificate before forwardingthe Backward Ant to the next hop
6) Let M's next hop to the source be node L
-
8/2/2019 Sac Om 20003
36/39
7) L validates M's signature on the receivedmessage.
8) Removes the signature and certificate, thensigns the contents of the message
9)Also appends its own certificate beforeunicasting the REP to the next node.
10) Each node checks the sequence number
and signature of the previous hop as the REPis returned to the source
-
8/2/2019 Sac Om 20003
37/39
11) This avoids attacks where maliciousnodes instantiate routes by impersonationand re-play of X's message
12) When the source receives the backward
ant, it verifies the destinations signature andthe sequence number returned by thedestination.
-
8/2/2019 Sac Om 20003
38/39
THANK YOU !!!!
-
8/2/2019 Sac Om 20003
39/39
Queries Invited.!!!!!!