chapter 3 srt-secure routing using trust levels...
TRANSCRIPT
93
CHAPTER 3
SRT-SECURE ROUTING USING TRUST LEVELS IN
MANETs
3.1 INTRODUCTION
Many protocols have been designed and implemented to provide
secure routing and data transfer, which ultimately results in too much
overhead and routing load in the network. Keeping this in view, the SRT
algorithm is proposed and implemented to eliminate unwanted computational
and processing overheads that degrade the network. The SRT provides a good
packet delivery ratio by choosing highly secure nodes, based on trust to
establish an authenticated route, thereby enabling secure data transfer.
The rest of the chapter is organized as follows. In section 3.2 an
overview of secure routing, using the Trust level scheme is presented;
Section 3.3 elaborates the improved secure routing scheme, using the trust
level concept; section 3.4 presents the performance evaluation, based on the
security analysis, packet delivery ratio, end to end delay, throughput, trust
compromise and routing load, and section 3.5 gives the summary.
3.2 OVERVIEW OF SRT SCHEME
In this scheme, the nodes in the network are made to fall into one of
the three lists; the Ally list, Associate list and Acquaintance list, based on the
degree of trust. The trust calculation process involves the grouping of the
94
nodes in the network, based on the parameter called the Trust rate (Trate).
Based on the level of the security needed for the data, the nodes in a specific
security level are made active for routing, depending on their trust value. This
scheme does not use any key management technique. Trust is compromised,
only if secure neighbors are not available. In this case, the route is established
by choosing the nodes in the next lower level. Simulation results show that
the proposed SRT has a better performance than the NTP and AODV, in
terms of the packet delivery ratio and end-to-end delay, both in the absence
and presence of the black hole attack. Trust compromise for the proposed
scheme also shows better results, when compared to the NTP and AODV.
3.3 SECURE ROUTING USING TRUST LEVEL SCHEME
The basic idea behind the NTP based routing is to assess the
stability of neighbors by initiating the beacons, and computing the NTP
matrix. As the NTP is not a secure routing protocol, a new algorithm is
proposed and implemented in the NTP protocol, so that the routing is
performed in a secure manner. After the first flooding of the beacons, the Trate
for each node is calculated based on the Equation (3.1).
Trate = (r-t)/r (3.1)
where, r – Number of beacons received
t – Number of beacons transmitted
The Trate values are used to classify the nodes into the three lists, the
ally list (highly secure information), associate list and acquaintance list. The
nodes are arranged in the descending order of the trust rate and the first one
third of the nodes fall in level 2, the next one third fall in level 1 and the
remaining in level 0. This process is repeated for each flooding.
95
Ally list (Level 2): The nodes in the ally list are chosen to send
highly secure information. This is useful in real time scenarios like online
banking.
Associate list (Level 1): The nodes in the associate list are chosen to
send information which requires moderate security, e.g. chat messages.
Acquaintance list (Level 0): The nodes in the acquaintance list are
chosen to send information which does not require any security, e.g.
advertisements.
A field called “level” is included in the neighbor table. If a node
has packets to send, it checks whether the destination is present in the
neighbor table. If so, it starts transmitting the packets. Otherwise, a search
packet is sent to the best neighbor of the node, which is in the same level. If
the neighbor is not found in the same level, trust is compromised by choosing
the best neighbor in the next lower level. If the destination address is found in
the neighbor table of the node receiving the search packet, then the searching
process is terminated. Otherwise, the packet is forwarded to the best neighbor
of that intermediate node. This node is entered as the next hop for the
particular destination in the route table, and the time is also recorded.
As the Trate values are calculated and the nodes are grouped after
each flooding, the malicious node (black hole attack) will be pushed to the
lower level. Thus, the malicious node is removed from the path.
3.3.1 Trust Compromise
Trust compromise is based on the number of nodes in the lower
levels when compared to that of the level of the source. When the source is in
the Ally list, the trust compromise will be the sum of the number of nodes in
96
the associate list, and twice the number of nodes in the acquaintance list, as
given in Equation (3.2).
Trust compromise = n (associate) + 2*n (acquaintance) (3.2)
where, n (associate): Number of nodes in the associate list
n (acquaintance): Number of nodes in the acquaintance list
2: Twice the number of nodes when considered from the
acquaintance list, trust compromise is less in SRT.
Figure 3.1 Intermediate Nodes in Level 2
All the intermediate nodes in level 2 are assumed as scenario 1,
which is shown in Figure 3.1. When the source and the destination are in level
2, and if all the intermediate nodes are also in level 2, the trust compromise is
quite less. This is because, all the nodes in the route have a high trust rate, and
forward the control packets better than the nodes in the other levels.
97
Figure 3.2 Intermediate Nodes in Level 1 or Level 0
One or more intermediate nodes in level 1 or level 0 are assumed as
scenario 2, which is shown in Figure 3.2. When the source is in level 2 (Ally
list) and the destination is in level 1 (Associate list) or level 0 (Acquaintance
list), the trust compromise increases. This is because; the intermediate nodes
have a lesser trust rate due to their presence in level 1 or level 0. If the best
neighbor is not in level 2, the trust compromise increases.
3.4 SIMULATION ENVIRONMENT
To analyze the security in routing and to measure the level of
compromise, the black hole attack is introduced in both the AODV and NTP.
The analysis is used to detect and eliminate the black hole attack, using the
proposed algorithm SRT which is shown in Figure 3.3 as flow chart. The following performance metrics are simulated in the AODV and NTP protocols.
1. Throughput
2. Packet Delivery Ratio
3. End to End delay
98
No
Source initiates beacons and repeats n times
Receiving neighbors reinitiate beacons
Each node receives more than One beacon packets
Search packet is sent to the best neighbor of the node which is in
the same level
Trust rate is calculated using the formula Trate = (r-t)/r
Trust is compromised by choosing a neighbor in the immediate lower level.Trust compromise = n (associate) + 2* n (acquaintance).
Secure route is established
Start
Is neighbor found in the same level?
Yes
Figure 3.3 Flow of Control in the Proposed Algorithm
99
The GloMoSim tool [GLOMOSIM Tutorial] is used to evaluate the
performance metrics. The simulated network consists of 40 nodes in a terrain
consists of 1700m X1700m. Nodes are placed randomly throughout the
terrain, and simulation is allowed to run for 1200s.
The results are simulated for 100 packets as shown in Table 3.1.
Table 3.1 Simulation Parameters
Simulation time 20 minutes Terrain area 1700 x 1700m2
Number of Nodes 40Node placement strategy Random Propagation Model Two-Ray Model Transmission range of each node 250m Mobility Model Random way point Radio type Accumulated Noise Model Network Protocol IP MAC protocols IEEE 802.11 DCF Routing Protocols NTP, AODV
3.4.1 Simulation Performance Metrics in the Absence of Black Hole
Attack
3.4.1.1 Packet delivery ratio
This is the fraction of the data packets generated by the CBR
sources that are delivered to the destination. This evaluates the ability of the
protocol to discover routes.
100
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 150.86
0.88
0.9
0.92
0.94
0.96
0.98
1
Packet delivery ratio vs Mobility(m/s)
Mobility(m/s)
SRTNTPAODV
Figure 3.4 Packet Delivery Ratio Vs Mobility (m/s) (Absence of Black
Hole Attack)
Figure 3.4 shows the plot between the node mobility and packet
delivery ratio for the SRT, NTP and AODV. The packet delivery ratio of the
proposed algorithm SRT is 1.1% greater than that of NTP and 1.33% greater
than that of AODV even at higher mobility, in the absence of malicious
nodes. The SRT has only nodes which are in level 2 in the route, and hence,
the Packet delivery Ratio (PDR) is greater.
3.4.1.2 Average end-to-end delay
This is the average delay between the sending of the data packet by
the CBR source and its receipt at the corresponding CBR receiver. This
includes all the delays caused during route acquisition, buffering and
processing at intermediate nodes.
101
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 150
5
10
15
20
25
30
35
40
45End-to-end delay (ms) vs Mobility(m/s)
Mobility(m/s)
SRTNTPAODV
Figure 3.5 End-to-End Delay (ms) Vs Mobility (m/s) (Absence of Black
Hole Attack)
Figure 3.5 is plotted between the node mobility and end-to-end
delay for SRT, NTP and AODV. At higher mobility, the SRT has 15.7%
lesser end-to-end delay than the NTP, as routing is restricted to the nodes
which fall under a particular trust level, whereas the end-to-end delay of the
SRT is 38% greater than that of AODV.
3.4.1.3 Trust compromise
Trust compromise indicates the number of lower level nodes in the
secure route. The proposed SRT algorithm selects the route such that the trust
compromise is the least in all the cases. There is a compromise between
message security (trust compromise) and end-to-end delay, which is generally
the case with most of the security algorithms. Figure 3.6 shows that in the
absence of an attack, the proposed SRT algorithm has a lesser trust
compromise when compared to the AODV and NTP.
102
10 15 20 25 30 35 40 45 500
3
6
9
12
15
18
21Trust compromise vs Number of nodes
Number of nodes
SRTNTPAODV
Figure 3.6 Trust Compromise Vs Number of Nodes (Absence of Black Hole Attack)
3.4.2 Simulation Performance Metrics in the Presence of a Black Hole Attack
Performance metrics are discussed in the presence of black hole attack.
3.4.2.1 Packet delivery ratio
Figures 3.7 and 3.8 shows the comparison of NTP, SRT, and
AODV for the packet delivery ratio metric, for nodes moving at speeds of 0-20m/s for 100 packets and 500 packets respectively. As the mobility increases, the packet delivery ratio decreases. The SRT algorithm detects the malicious nodes in the network and eliminates them. A new path is chosen to route the
packets, through nodes with a higher trust level. Hence, the packet delivery ratio of the SRT is greater when compared to that of the AODV and NTP.
The packet delivery ratio of the AODV and NTP falls drastically at higher mobility. The Packet delivery ratio of the SRT is 48% greater than that of the AODV and 22.6% greater than that of the NTP in the presence of an attack.
103
0 2 4 6 8 10 12 14 16 18 200.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1Packet delivery ratio vs Mobility(m/s)
Mobility(m/s)
SRTNTPAODV
Figure 3.7 Packet Delivery Ratio Vs Mobility (m/s) (Presence of Black Hole Attack-100 packets)
Figure 3.8 Packet Delivery Ratio Vs Mobility (m/s) (Presence of Black Hole Attack-500 packets)
104
3.4.2.2 Average end-to-end delay
Figures 3.9 and 3.10 shows the comparison of NTP, SRT and
AODV for the end-to-end delay metric for nodes moving at speeds of 0-20
m/s for 100 packets and 500 packets respectively. Delay increases with an
increase in the node speed in the SRT and NTP, whereas the delay remains
almost constant in the AODV. It is seen that the end-to-end delay in the SRT
is 47% greater than that of the AODV, because the time taken to detect the
malicious node, and to find a new route using the trust rate, is more in the
SRT.
0 2 4 6 8 10 12 14 16 18 200
1
2
3
4
5
6
7
8
9
10 x 104 End-to-end delay(ms) vs Mobility(m/s)
Mobility(m/s)
SRTNTPAODV
Figure 3.9 End-to-End Delay (s) Vs Mobility (m/s) (Presence of Black
Hole Attack-100 packets)
105
Figure 3.10 End-to-End delay (ms) Vs Mobility (m/s) (Presence of Black Hole Attack-500 packets)
3.4.2.3 Throughput
Throughput is calculated as the ratio of the output in bits to the
difference in time, between the first packet sent and the last packet received.
Figures 3.11 and 3.12 shows the comparison of NTP, SRT and AODV for
throughput metric for the nodes moving at speeds of 0-20 m/s for 100 packets
and 500 packets respectively. The throughput of the proposed algorithm,
SRT, is better than that of the AODV and NTP with attack because the
number of packets reaching the destination is higher in the SRT, as the
intermediate nodes chosen to route the packets are in the highest trust level.
For the SRT, it can be observed that even with increasing mobility, the
variations in throughput are less. The throughput performance of the SRT is
29.4% greater than that of the AODV and 56.1% greater than that of the NTP.
106
0 2 4 6 8 10 12 14 16 18 200
2000
4000
6000
8000
10000
12000Throughput (bps) vs Mobility(m/s)
Mobility(m/s)
SRTNTPAODV
Figure 3.11 Throughput (b/s) Vs Mobility (m/s) (Presence of Black Hole Attack-100 packets)
Figure 3.12 Throughput (b/s) Vs Mobility (m/s) (Presence of Black Hole Attack-500 packets)
107
3.4.2.4 Trust compromise
Figure 3.13 shows the trust compromise for SRT, NTP and
AODV. It is observed that the trust compromise is much less for the SRT
when compared with the NTP and AODV, even after the detection and
elimination of the attack. This is because, all the nodes in the route have a
high trust rate, and forward the control packets better than the nodes in the
other levels.
10 15 20 25 30 35 40 45 500
3
6
9
12
15
18
20Trust compromise vs Number of nodes
Number of nodes
SRTNTPAODV
Figure 3.13 Trust Compromise Vs Number of Nodes (Presence of Black
Hole Attack)
3.4.3 Comparison of the Performance Metrics after the Detection
and Elimination of Attack in ARAN and SRT
In this section, the performance of the proposed SRT algorithm is
compared with the well known secure protocol, ARAN (Sanzgiri et al 2002).
108
ARAN detects and protects the network from malicious actions by third
parties and peers in one particular ad hoc environment. ARAN introduces
authentication, message integrity and non-repudiation to an ad hoc
environment, as part of a minimal security policy. The ARAN protocol is
compared with the SRT in terms of the packet delivery ratio, routing load and
path length. It is shown that the packet delivery ratio of ARAN is slightly
greater than that of SRT. But, the path length and routing load is lesser in the
SRT than in ARAN.
Evaluations were done using GloMoSim. Simulation was done with
the field configurations of 20 nodes distributed over a 670m x 670m terrain.
The initial positions of the nodes were random. Node mobility was simulated
according to the random waypoint mobility model, in which each node travels
to a randomly selected location at a configured speed. The node transmission
range was 250 m. Simulations were run for constant node speeds of 0 to
10 m/s, with a pause time fixed as 30 seconds. In each session 1000 data
packets of 512 bytes, were generated at the rate of 4 packets per second. Table
3.2 shows the simulation parameters for 100 packets.
Table 3.2 Simulation Parameters
Simulation time 20 minutes
Terrain area 670 x 670 m2
Number of Nodes 20
Node placement strategy Random
Propagation Model Free-Space Model
Transmission range of each node 250m
Mobility Model Random way point
Network Protocol IP
Routing Protocols SRT, ARAN
109
3.4.3.1 Packet delivery ratio
The packet delivery ratio metric is important because data packets
passing through malicious nodes are overheard, and could potentially be
modified or dropped (Sanzgiri et al 2002). From Figure 3.14 it is observed,
that the packets dropped due to the attack are lesser in ARAN than in SRT,
because ARAN provides authentication and non-repudiation services, using
pre-determined cryptographic certificates that guarantee end-to-end
authentication. The packet delivery ratio is almost equal for both the SRT and
ARAN.
1 2 3 4 5 6 7 8 9 100.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1Packet delivery ratio vs Mobility(m/s)
Mobility(m/s)
SRTARAN
Figure 3.14 Packet Delivery Ratio Vs Mobility (m/s) (For SRT and
ARAN)
110
3.4.3.2 Average routing load
Simulations show that ARAN has a higher overall routing load and
latency in route discovery, because of the cryptographic computation
(Sanzgiri et al 2002). In SRT the routing load is 55.2% lesser when compared
with ARAN, as shown in Figure 3.15. This is because the SRT does not use
any cryptographic computation, but uses trust levels for secure routing. This
shows that the SRT has a better performance in terms of routing load.
0 2 4 6 8 100
0.05
0.1
0.15
0.2
0.25
0.3
0.35
0.4Average routing load vs Mobility(m/s)
Mobility(m/s)
SRTARAN
Figure 3.15 Average Routing Load Vs Mobility (m/s) (For SRT and
ARAN)
111
3.4.3.3 Average path length
Figure 3.16 Average Path Length Vs Mobility (m/s) (For SRT and
ARAN)
Figure 3.16 shows that the average path length for the SRT is
greater than that of the ARAN protocol, because routing in SRT is performed
by choosing the nearest neighbor based on the maximum power level, and not
the shortest path as is done in ARAN.
3.4.4 Comparison of the Performance Metrics after the Detection
and Elimination of Attack in SAODV and SRT
Secure Ad hoc On-demand Distance Vector (SAODV) routing
protocol (Mawloud Omar, 2012) (Tamilselvan et al, 2007) detects and
protects against malicious actions. SAODV protocol is compared with SRT in
0 2 4 6 8 100
0.5
1
1.5
2
2.5
3
3.5
4
4.5
5Average path length Vs Mobility (m/s)
Mobility (m/s)
SRTARAN
Ave
rage
path
leng
th(N
umbe
rof
hops
)
112
terms of end-to-end delay and routing overhead. It is shown that the end-to-
end delay of SRT is lesser than SAODV, where as the routing load of SRT
and SAODV are comparable.
When the source wants to transmit to the destination, it first
transmits the route request packet to all the neighboring nodes. The malicious
node does not transmit the data packets to the destination node, but it
intercepts/collects the data from the source node. So, it replies to the source
for the request sent. The source, instead of transmitting the data packets
immediately through the malicious node, it waits for the reply from the other
nodes. After some time it receives the characteristic replies from its
neighbors. According to SAODV solution, it first checks the path that
contains repeated next hop node to the destination. If there is no repeated
node, random path is selected and the data is transmitted through that path.
The timer expiration event is triggered if the timer that is set for collecting the
route replies for a particular route discovery is expired. SAODV is an
enhancement of the existing protocol AODV.
The evaluations were performed using the GloMoSim. Simulation
was done with the field configurations of 25 nodes distributed over an 800m x
800m terrain. The initial positions of the nodes were random with a pause
time of 30s and an inter departure time of 1s. Node mobility was simulated
according to the random waypoint mobility model, in which each node travels
to a randomly selected location at a configured speed. Node transmission
range was 250m. Simulations were run for constant node speeds of 0 to
10 m/s, with pause time fixed at 30 seconds. Each session generated 300 data
packets of 512 bytes each at the rate of 4 packets per second. Table 3.3 shows
the simulation parameters for 100 packets.
113
Table 3.3 Simulation Parameters
Simulation time 5 minutes Terrain area 800 x 800 m2
Number of Nodes 25Node placement strategy Random Propagation Model Two Ray Model Transmission range of each node 250mMobility Model Random way point Network Protocol IP Routing Protocols SRT, SAODV
3.4.4.1 Average end-to-end delay
Figure 3.17 shows the comparison of SRT and SAODV for the end-
to-end delay metric for nodes moving with speeds of 0-50m/s.
0 10 20 30 40 500
0.01
0.02
0.03
0.04
0.05
0.06
0.07
0.08
0.09
0.1End-to-end delay (ms) vs Mobility(m/s)
Mobility(m/s)
SRTSAODV
Figure 3.17 End-to-End Delay (ms) Vs Mobility (m/s) (For SRT and SAODV)
114
Delay increases with increase in node speed in SRT and SAODV. It
is seen that the end-to-end delay in SRT is 22.2% lesser than ARAN because
the time taken to find a new route using the trust rate is lesser in SRT.
3.4.4.2 Routing overhead with number of transactions
To evaluate the routing overhead, simulation is done with 25 nodes
and 8 CBR applications. The number of transaction indicates number of flows
initiated during a particular duration of time from same or different sources to
same or different destinations within the considered network.
Figure 3.18 shows the comparison of SRT and SAODV for routing
overhead metric for nodes moving with speeds of 0-50m/s. Routing overhead
increases with increase in the no. of transactions in SRT and SAODV. It is
seen that the routing overhead in SRT is 18.6% lesser than ARAN because the
nodes chosen for routing is less.
1 1.5 2 2.5 3 3.5 4 4.5 50.02
0.04
0.06
0.08
0.1
0.12
0.14
0.16
0.18
0.2Routing overhead vs Number of transactions
Number of transactions
SAODVSRT
Figure 3.18 Routing Overhead Vs Number of Transactions (For SRT
and SAODV)
115
3.4.5 Comparison of NTP and AODV with SRT
The Tables 3.4 and 3.5 describes the comparison of the results of
NTP protocol and AODV with the proposed algorithm SRT implemented in
NTP both in the absence and presence of Black hole attack.
3.4.5.1 In the absence of black hole attack
In the Table 3.4 shown below, the metrics such as packet delivery
ratio, end to end delay and trust compromise are summarized for NTP and
AODV in comparison with SRT. It is concluded from the simulation analysis
that the packet delivery ratio and trust compromise for NTP and AODV are
lesser than the proposed algorithm SRT. End to end delay for SRT is lesser
than NTP and greater than AODV.
Table 3.4 Comparison of NTP and AODV with SRT
Protocol / Parameter NTP AODV
Packet delivery ratio <1.1% <1.33%
End-to-end delay >15.7% <38%
Trust compromise <48.4% <64.6%
3.4.5.2 In the presence of black hole attack
In the Table 3.5, the metrics such as packet delivery ratio, end to
end delay, throughput and trust compromise are summarized for NTP and
AODV in comparison with SRT in the presence of black hole attack. The
result shows that SRT performs much better than NTP and AODV.
116
Table 3.5 Comparison of NTP and AODV with SRT
Protocol / Parameter NTP AODV
Packet delivery ratio <22.6% <48%
End-to-end delay >46% <47%
Throughput <56.1% <29.4%
Trust compromise <52.5% <78%
3.4.6 Comparison of ARAN and SAODV with SRT
The Table 3.6 describes the comparison of the results of ARAN and
SAODV protocols with the proposed SRT algorithm implemented in NTP. It
is observed that the routing load of SRT is lesser than ARAN. It is also
observed that SRT performs much better than SAODV where the routing load
and end to end delay are lesser than SAODV.
Table 3.6 Comparison of ARAN and SAODV with SRT
Protocol / Parameter ARAN SAODV
Packet delivery ratio >1.72% -
Average routing load >55.2% -
Average path length <30.5% -
End-to-end delay - >19.4%
Routing overhead - >15.76%
117
3.5 SUMMARY AND CONCLUDING REMARKS
In this work, routing is carried out using two protocols, the AODV
and NTP. The effect of a black hole attack by malicious nodes is analyzed in
the AODV and NTP protocols. A new method named as the SRT in MANETs
is implemented, which detects and eliminates the malicious nodes from the
network, by using trust levels calculated by means of the number of beacons
received by the nodes. This number keeps changing for every flooding of the
beacon packets. Performance metrics, such as the packet delivery ratio,
throughput, end-to-end delay and trust compromise are evaluated.
The analysis shows that the performance of the SRT algorithm is
better than that of the AODV and NTP protocols in the presence of an
attacker as well as after the elimination of the attacker. The security is thus
enhanced by assigning the trust level to the trusted nodes, so that the trusted
node does not get compromised in any situation. The trust compromise for the
SRT is also simulated, and it shows a better performance when compared to
the AODV and NTP. Also, performance metrics, such as the Packet delivery
ratio, average path length and average routing load are evaluated, and a
comparison is done between the two secure routing protocols, the ARAN
protocol and the SRT in NTP protocol. The SRT has a better performance
when compared to the ARAN, in terms of routing load. The packet delivery
ratio of the SRT is almost equal to that of ARAN. Also, performance metrics,
such as end to end delay and routing overhead are evaluated, and a
comparison is done between the two secure routing protocols, the SAODV
protocol and the SRT in NTP protocol. The SRT has a better performance
when compared to the SAODV for both the metrics.