With present advances in technology, wireless networks are getting more popularity. These networks let the users the liberty to travel from one location to another without disruption of their computing services. The Ad-hoc networks, are the subset of wireless networks, let you the configuration of a wireless network without the require for access point. Technology under development for wireless ad hoc networks has quickly become a crucial part of our life since it provides “anytime, anywhere” networking services for mobile users. Wireless ad hoc networks can be dynamically set up without relying on any pre-existing infrastructure, such as Public Key Infrastructure, and central management for communications. However, such infrastructure-less characteristic of the networks also makes them vulnerable to security attacks. Numerous protocols have been planned in order to attain a high degree of safety based on a mixture of human-mediated communication and an normal Dolev-Yao communication medium. One of which is the Symmetrised Hash Commitment Before Knowledge protocol or the SHCBK protocol ( A. W. Roscoe and Long Nguyen, 2006). The protocol design seeks to optimise the amount of security that the humans can attain for a known quantity of work. This dissertation presents an implementation of the SHCBK protocol for securing ad hoc networks over Wi-Fi through…..main chapters. The first chapter contains…... The second……..The third……… The forth …………

Chapter 1


A wireless ad hoc network is a de-centralized wireless network. The network is called ad hoc for the reason that each hop is ready to send onward data for other hop, and so the resolving that which of hops will send the data to the forward hops is dynamically established on the network connectivity. This is in dissimilarity to wired networks in which routers execute the duty of routing. It is also in difference to organize the wireless networks. In which a particular node recognized as an admission point manages communication among other nodes. All taking part parties in an ad hoc network have the same opinion to recognize and send onward messages, to and from each other. With this type of elasticity, wireless networks have the capability to form anyplace, at any occasion, as long as two or more wireless users are enthusiastic to have the communicate between them. Mobile nodes inside an ad-hoc network move from one location to another. However, finding ways to model these movements is not obvious. In order to evaluate an ad hoc network performance it is necessary to develop and use mobility models that accurately represent movements of the mobile nodes. In this paper we present performance evaluation of various entity mobility models in terms of the traveling patterns of mobile node. MANET is a self-configuring network that is formed automatically via wireless links by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. The mobile nodes forward packets for each other, allowing communication among nodes outside wireless transmission range hop by hop. Due to dynamic infrastructure-less nature and be deficient in the centralized monitoring points, the ad hoc networks are susceptible to attacks. The Attacks on the ad- hoc network routing protocols can disturb the network performance and dependability. Wireless networks use radio waves to broadcast the signals and survive in essentially two dissimilar flavors, communications and ad-hoc. In communications mode all traffic is transmitted among

The HOPs via an admission point which controls the network and gives it with the safety system. The most usually used normal for wireless networks is the 802.11 principles or Wi-Fi which in fact is not a standard but a entire relatives of principles using the same protocol. The safety in wireless networks by Wi-Fi consists of WEP, WPA and now lately WPA2 which is essentially a ended version of WPA. WPA was shaped as an middle safety system while WPA2 was finalized and experienced since the preceding system contained several serious weaknesses.

Benefits and applications of ad-hoc Networks

Ad-hoc networking need not want any admission points as contrasting to wireless networks in Communications mode. This makes them functional in a set of diverse applications. It is mainly used in Military applications and in save operations where the accessible communication communications Has been damaged or is unavailable, for example later than earthquakes and other disasters. But ad-hoc is these days also being used in a lot of commercial applications. Like we see that mobile phones and PDAs using the Bluetooth protocol system, seeing as it is quick and fairly simple to setup and doesn't need any additional tools.

Characteristics and standards of ad-hoc

As the wireless standard 802.11 does hold up ad-hoc networks, it is extremely limited since it doesn't offer routing among the nodes, so a hop can only arrive at the straight noticeable nodes in its place protocols similar to the Ad-hoc, On-demand Distance Vector protocol or Dynamic Source Routing protocol can not be used. These routing protocols are so called immediate routing protocols, sense that it gives a route to a target only when wanted. In difference the other usually used routing protocols on the Internet are practical sense that they will set up routes separately of the traffic in the network. This implies that the reactive network is quiet

pending a connection that is wanted and thus lessens the overcrowding in the network. DSR is an even additional optimized protocol which doesn't need for the sending forwarding computers to have current routing tables but have a list of network addresses in the form of the packet. The protocol because of eavesdrops the limited network traffic and listens for this routing data and information included in the packets and adds it to its personal routing table. One of the major goals when scheming mobile ad-hoc networks where the nodes go about and the topology rapidly alters is to defend the network connectivity among the hops over potentially multi hop channels. To obtain multi hop connection you must offer one-hop connectivity throughout the link-layer and expand that to multi- hop connectivity throughout routing and data that is forwarding protocols in the network-layer.

Many corporations make substantial investments in their wire- less infrastructure. For example, Microsoft's IEEE 802.11 based Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy or else, to republish, to position on servers or to redistribute to lists, requires prior specific permission and/or a fee. Wireless (Wi-Fi) network consists of approximately 5,000 access points (APs) supporting 25,000 users each day in 277 buildings, covering more than 17 million square feet [10]. In addition to the equipment costs, the costs of planning, deploying, and maintaining such networks is substantial. Thus, it is important to develop infrastructure that improves the ability of Information Technology (IT) departments to manage and secure their wireless networks.

In recent years, researchers have uncovered security vulnerability- ties in Wi-Fi networks [20]. They showed that the Wired Equiv- agency Protocol (WEP), the popular 802.11 security mechanism that most corporations were using at the time, was fundamentally flawed. In a series of highly publicized papers, they showed that

802.11 networks could be compromised easily. The community reacted quickly by developing and deploying alternate security so- lotions including VPNs, IEEE 802.1x [30], several variations of EAP [14], Smart cards, and more recently WPA [29]. Yet, the wire- less LAN (WLAN) security problem was not completely resolved. Last year, Microsoft conducted a series of interviews with WLAN administrators of several large and small organizations [10]. The goal of these interviews was to understand the difficulties involved in deploying and managing corporate WLANs. The issue of WLAN security came up repeatedly during these interviews. All administrators felt that WLAN security was a problem. They were unhappy with the quality of the tools they had at their disposal. Many of them would periodically walk around their buildings using WLAN scanning software looking for security vulnerabilities. Some hired expensive outside consultants to conduct security vulnerability analyses of their WLAN deployment, only to conclude that what they really needed was an on-going monitoring and alerting system. Most administrators believed that better systems to manage WLAN security are needed.

Even after protocols such as IEEE 802.1x and WPA are deployed, corporate networks can be compromised by off-the-shelf 802.11 hardware and software. For example, an unauthorized AP can be connected to the corporate Ethernet, allowing unauthorized clients to connect to the corporate network. The rogue AP may be con- nected by a malicious person or, as is more often the case, by an employee who innocently connects an AP in his office without realizing that he is compromising the corporate network. A rogue AP can circumvent the elaborate security measures that the IT department may have put in place to protect the company's intellectual property. To test our assertion that people inadvertently compromise the security of their networks, we conducted an experiment in two large organizations that had secured their WLANs using one of the methods mentioned previously. We walked around with a WLAN- enabled laptop in a small section of the two campuses looking for APs to which we could connect.

Chapter 2


Here I attempts to provide a comprehensive overview of attacks and secure routing. It first analyzes the reason that ad hoc network is vulnerable to attacks. Then it presents the well known attacks and the popular secure protocols. Is out of its radio range, the cooperation of other nodes in the Network is needed. This is known as multi-hop communication. Therefore, each node must do something as both a host and a router at the same time.

In most wireless networking environments in productive use today the users' devices communicate either via some networking infrastructure in the form of base stations and a backbonenetwork,ordirectlywiththeirintended communication partner, e.g. by means of 802.11 in ad hoc networks

In distinction a mobile ad-hoc network is a self-configuring network that is formed automatically via wireless links by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Every hop in the mobile ad-hoc networks is ready with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication area. Hops are more often share the same physical media. They broadcast and obtain signals at the same frequency band, and chase the same hopping series or spreading code. If the purpose node is not inside the broadcasting range of the sending node, then the sending node takes help of the intermediate hops to communicate with the purpose node by relaying the messages hop by hop. Fig.2 describes the Mobile ad-hoc network. In order for a node to forward a packet to a node that


Securing wireless ad hoc networks is a highly demanding issue. Due to dynamic scattered infrastructure-less nature and be deficient in of centralized monitoring points, the ad hoc networks are susceptible to a variety of attacks. Ad hoc networks have to manage with the same kinds of vulnerabilities as their wired counterparts. As well as with new vulnerabilities specific to the ad hoc context. In addition, conventional vulnerabilities are also accentuated by the ad hoc paradigm. Initially, the wireless channel is available for the both genuine network users and cruel attackers. The ad hoc networks are vulnerable to attacks ranging from static eavesdropping to active prying. Secondly, the be short of an online CA or Trusted Third Party adds the complexity to organize security mechanisms. Thirdly, mobile devices be inclined to have limited power consumption and calculation capabilities which make it more vulnerable to Denial of Service attacks and incapable to execute computation-heavy algorithms like public key algorithms

Fourthly, in MANETs, therearemore probabilities for trusted node being compromised and then life form used by adversary to launch attacks on networks. Lastly, node mobility and recurrent topology changes enforce frequent networking reconfiguration which creates more chances for attacks, for example, it is difficult to discriminate between stale routing information and faked routing information.

Ad -hoc networks attacks can be differentiated as passive and active. Passive attack signifies that the assailant does not send any message, but just listens to the channel. Passive attacks do not disturb the process of a protocol, but only makes the attempts to find out valuable information. Active attacks may either being directed to disturb the normal operation of a exact node or target the performance of the ad hoc network as a whole. For passive attacks, the attacker listens to the channel and packets that are containing clandestine information might be eavesdropped, which violates privacy. In a wireless environment it is usually not possible to notice this attack, as it does not create any new traffic in the network. Active attacks, counting injecting packets to unacceptable destinations into the network, deleting packets, changing the contents of packets, and impersonating other hops infringe ease of use, veracity, verification, and non-repudiation. Different from the passive attacks, active attacks can be detected and ultimately avoided by the legal nodes that contribute in an ad hoc network .

We broadly classify these attacks as passive and active. The classification is important for understanding the strengths and limitations of the DAIR security management system.


Eavesdropping is a passive attack. The attacker passively listens to the traffic on the wireless network and gleans useful information. The listener may use sophisticated code breaking techniques. Countermeasures include use of better encryption techniques as well as physical security measures such as use of radio-opaque wallpaper. Passive attacks are difficult, if not impossible, to detect and we do not address them in this paper.


Any attack that allows a user to gain unauthorized access to the network is called an Intrusion attack. Intrusion attacks are active attacks and several such attacks are possible.

An attacker can compromise the corporate network by gaining physical access to its wired network and connecting a wireless AP to it. The AP creates a “hole” through which unauthorized clients can connect, bypassing the elaborate security measures that the IT department may have put in place. A similar attack can be carried out by using ad-hoc wireless networks instead of APs. A corporate network may also be compromised when an attacker finds and uses an unsecured AP connected to the network by an unsuspecting employee. The widespread availability of inexpensive, easy-to- deploy APs and wireless routers has exacerbated this problem. As mentioned earlier, we found several unsecured APs in large organizations. The DAIR security management system can detect both rogue APs and rogue ad-hoc networks. Another way a corporate network can be compromised is when an attacker obtains the credentials (e.g., WEP passwords, IEEE 802.1x certificates) needed to connect to the corporate network. The DAIR security management system can not currently detect such attacks.

Denial of Service (DoS)

Denial of Service attacks are active attacks. A diversity of DoS attacks are possible. Some DoS attacks exploit flaws in the IEEE 802.11 protocol. For example, a disassociation attack is where the attacker sends a series of fake disassociation or deauthentication messages, causing legitimate clients to disconnect from the AP. In a NAV attack, the attacker generates packets with large duration values in the frame header, thereby forcing legiti- mate clients to wait for long periods of time before accessing the network . In a DIFS attack, the attacker exploits certain timing- related features in the IEEE 802.11 protocol to aggressively steal bandwidth from legitimate users. In all three cases, the attacker transmits packets in an abnormal way, either by generating non-compliant packets, or by transmitting compliant packets at an abnormally high rate. The DAIR security management system can detect such attacks. DoS attacks are also possible by creating large amount of RF noise in the neighborhood of the network. The DAIR security management system can detect such attacks by comparing current observations with historical data observed from multiple vantage points. DoS attacks can also be mounted by gaining access to the corporate wired network and attacking the APs from the wired side. The DAIR system does not handle DoS attacks on the wired network.


Phishing is an active attack. An attacker sets up a wireless AP that masquerades as a legitimate corporate AP (same SSID, per- haps even same BSSIDs). If the client does not use mutual authentication, it is possible for the attacker to lure unsuspecting legiti- mate users to connect to its AP. The attacker can then use a variety of techniques to extract private information (for example, sniff for passwords). The DAIR system can detect phishing attacks. How- ever, we do not describe solutions to phishing attacks in this paper.


Certain active attacks can be easily performed alongside an ad -hoc network. Understanding possible shape of attacks is for all time the first step towards increasing good safety solutions. Based on this danger analysis and the recognized capabilities of the potential attackers, several well recognized attacks that can target the operation of a routing protocol in an ad hoc network are discussed.

  • Impersonation. In this kind of attack, nodes may be clever to join the network untraceable or can able to send the false routing data/information, camouflaged as some other trusted node.
  • Wormhole. The wormhole attack involves the collaboration stuck between two attackers. One attacker gets the routing traffic at one point of the network and changes their path to another point in the network that shares a confidential communication link between the attackers, then selectively injects tunnel traffic back into the network. The two colluding assailant can potentially deform the topology and set up routes under the control over the wormhole link.
  • Rushing attacks: The ROUTE REQUESTs for this Discovery sanded forwarded by the attacker can be the 1st to approach each neighbor of the target, then any way exposed by this Route Discovery will comprise a hop through the attacker. That is, when a neighbor of the target gets the hurried REQUEST from the attacker, and it forwards that REQUEST, and will not send onward any further REQUESTs from this Route Discovery. When non-attacking REQUESTs arrive later at these nodes, they will discard those legitimate REQUESTs.
  • Blackmail: The attack incurs outstanding to be short of of genuineness and it grants stipulation for any node to corrupt other node's legal information. Hops more often keep the data/ information of apparent malevolent nodes in a blacklist. This attack is pertinent alongside routing protocols that use mechanisms for the recognition of malicious nodes and spread messages that try to blacklist the criminal. An attacker may make such coverage messages and tell other nodes in the network to put in that hop to their blacklists and cut off legitimate nodes from the network.

Chapter 3

Secure Routing

The previously presented ad hoc routing protocols with no security contemplation assume that all participating nodes do not maliciously troublemaking the operation of the protocol. However, the continuation of malicious entities cannot be unnoticed in any system, particularly in open ones like ad hoc networks. Safe routing protocols manage with malicious nodes that can disturb the right performance of a routing protocol by changing routing information. By fabricating the wrong routing data or information and by impersonating other nodes. These safe routing protocols for ad hoc networks are either totally new stand-alone protocols, or in some cases incorporations of security mechanisms into obtainable protocols. Generally the obtainable safe routing protocols that have been future can be generally secret into two types, those that use hash chains, and those that in order to function require predefined trust relations. This method, jointly nodes can efficiently validate the legitimate traffic and distinguish the unauthenticated packets from outsider attackers.


  • SEAD: Safe Efficient Ad hoc Distance-vector routing protocol. A safe ad hoc network routing protocol that is established on the design of the Destination Sequenced Distance Vector routing protocol. To hold up employ of SEAD with hops of partial CPU processing abilities, and to guard against modification of the source address for a routing update and attacks in which an rejection of service attacks makes attempts to reason other nodes to use surplus network bandwidth or processing time of the network, efficient one way hash

Chains but not cryptographic operations are used in the verification of the series number and the metric field of a routing table update message. When a node in SEAD sends a routing update, the node includes one hash value from the hash chain with each entry in that update. The nodes sets the purpose address in that entry to that target node's address, the metric and series number to the values for that target in its routing table, and the hash value to the hash of the hash value conventional in the routing update entry from which it learned that route to that destination. When a node receives a routing inform, for each entry in that update, the node checks the verification on that entry, by the target address, sequence number, and metric in the conventional entry, together with the newest prior genuine hash value established by this node from that destination's hash chain. The hash value of each entry is hashed the right number of times and it is compared to the before authenticated value. Depending on this contrast the routing update is either established as authenticated, or discarded.

  • Ariadne; Ariadne is a safe on-demand ad hoc routing protocol based on DSR that restricts attackers or the mutual hops from tampering with uncompromised routes containing of uncompromised hops, and also stops a lot of types of DOS attacks. In addition, Ariadne uses only extremely well-organized symmetric cryptographic primitives. To induce the objective of the authority of each field in a ROUTE REQUEST, the originator simply includes in the REQUEST a MAC computed with key over exclusive data. The object can with no trouble corroborate the authenticity and newness of the ROUTE REQUEST using the shared key. One-way hash functions are use to confirm that no hop was absent which is called per hop hashing. Three alternative methods to attain hop list verification. The TESLA protocol, digital signatures, and typical MACs. When Ariadne Route detection is used with TESLA, every node authenticates the original data in the REQUEST. The objective buffers and does not fire the REPLY awaiting middle nodes can discharge the matching TESLA keys. Ariadne Route Discovery using MAC is the majority well-organized way of the three option verification mechanisms, but it asks couple wise communal keys among all nodes. The MAC list in the ROUTE REQUEST is computed by a key common among the object and the present node. The MACs are verified at the target and are not returned in the ROUTE REPLY. If Ariadne way detection is used with digital signatures, the MAC list in the ROUTE REQUEST becomes a signature list.
  • SRP: The safe Routing Protocol consists of quite a lot of safety extensions that can be practical to existing ad hoc routing protocols as long as end-to-end verification. The one and only requirement of the future scheme is the sustained existence of a security association between the node initiating the query and the sought destination. The safety association is used to found a common secret between the two nodes, and the non mutable types of the exchanged routing messages are confined by this shared secret. The method is robust in the occurrence of a number of non-colluding nodes, and provides
  • Routing Table Overflow: In a routing table spread out attack the malevolent node floods the network with bogus route formation packets to non existing nodes to overpower the routing protocol implementations in order to devour the resources of the participating nodes and interrupt the establishment of legal routes. The goal is to create enough routes to prevent new routes from being created or to engulf the protocol execution. Proactive routing protocols are more vulnerable to this attack, since they attempt to produce and preserve routes to all possible destinations. A spiteful node to apply this attack can simply send unnecessary route advertisements to the network. To apply this harasses in order to target a reactive protocol like AODV is to some extent more involved since two nodes are obligatory. The first node should make a genuine request for a route and the malicious node should reply with a forged address.
  • Sleep Depravation: The sleep scarcity afflict aims at the utilization of store of a specific node by constantly keeping it busy in routing decisions. This attack floods the network with routing traffic in order to munch through battery life from the nodes and accessible bandwidth from the ad hoc network. The malicious node continually requirements for either existing or non-existing destinations forces the neighboring nodes to procedure and forward these packets and therefore munch through batteries and network bandwidth hindering the normal operation of the network.
  • Location disclosure: Location disclosure is an attack that targets the solitude necessities of an ad hoc network. Through the use of traffic analysis techniques or with simpler probing and monitoring methods an attacker is able to discover the location of a node, and the structure of the network. If the locations of some of the intermediary nodes are known, one can gain information about the location of the destination node as well.
  • Routing table poisoning: Routing protocols uphold tables which hold information on the subject of routes of the network. In poisoning attacks the malevolent nodes create and send untrue traffic, or modify legitimate messages from other nodes, in order to create false entries in the tables of the participating nodes. One more option is injecting a RREQ package with a high sequence number. This will reason that all other legal RREQ packets with lower sequence number will be deleted. Routing table poisoning attacks can result in selection of non-optimal routes, creation of routing loops, bottlenecks and even partitioning sure parts of the network.
  • Black Hole: A malicious node uses the routing protocol to insert fake route answers to the route needs it receives promotion itself as having the straight path to a target whose packets it needs to cut off. Once the fake route has been recognized the mean node is able to become a member of the lively route and intercept the communication packets. Network traffic is diverted through the malicious node for eavesdropping, or be a focus for all traffic to it in order to execute a DOS by dropping the received packets or the first step to a man-in-the-middle attack.

While the safety requirements for ad hoc networks are the similar the ones for fixed networks, namely ease of use, privacy, reliability, validation, and non-repudiation mobile wireless networks are usually more susceptible to information and physical safety fears than fixed wired networks. Securing wireless ad hoc networks is chiefly tricky for many reasons as well as vulnerability of channels and nodes, nonattendance of communications, dynamically altering topology and etc.; The wireless channel is available to both legal network users and malicious attackers. The abstract of centralized management makes the traditional security solutions based on certification establishment and on-line servers unsuitable. A malicious attacker can willingly become a router and disturb network operations by deliberately disobeying the protocol specifications. The nodes can move arbitrarily and liberally in any way and systematize themselves arbitrarily. They can stick together or leave the network at any time. The network topology changes regularly, rapidly and randomly which considerably alters the status of trust among nodes and adds the complexity to routing among the mobile nodes. The egoism that nodes in ad hoc networks may tend to reject providing services for the advantage of other nodes in order to keep their own possessions introduces new security issues that are not address in the infrastructure-based network

Chapter No 3

Distributed Security Scheme for Mobile Ad Hoc Networks

In difference to fixed networks a central certification power is not possible in ad hoc networks. Distributing the functionality of certification power over number of nodes is a probable solution. This can be got by creating n shares for a clandestine key and distributing them to n different node. Key can be generating by combining the shares using doorsill cryptography methods. Mobile ad-hoc networks are extremely active. Topology differences and link crack occur fairly often. Therefore, we require a safety answer which is active, too. Any malicious or disobedient nodes can produce antagonistic attacks. These types of attacks can gravely injure essential aspects of safety, such as veracity, confidentiality and space to yourself of the node. Current ad-hoc routing protocols are totally unsure of yourself. Furthermore, obtainable safe routing mechanisms are either too luxurious or have impractical necessities. In ad hoc network, safety solution should separate the attackers and compromised nodes in the network. Proactively dividing the attackers make it sure that they cannot carry on to attack and waste the network resources in future. A safety solution should have lessening transparency over. Attacks beside ad-hoc routing protocols can be categorize as active or passive. A passive attack does not upset the functioning of the protocol, but tries to discover valuable information by listening to traffic. An active attack inserts arbitrary packets and tries to upset the operation of the protocol in order to bound the accessibility, gain confirmation, or attract packets meant to other nodes. In ad hoc network disobedient node can advertise its accessibility. Nearby nodes changs its route table with the new route and ahead the packet through the disobedient node. Misbehaving node can alter or even drop the packet. So mobile nodes must be able to prove the reliability of a new neighbor before adding it to the route table. Also it is imperative to care for the data packets from eavesdropping. Once the cluster member link has reputable a secured link, they can further switch symmetric key and encrypt data packet to ensure data in private and integrity.


Clustering is a method by which nodes are placed into groups, called clusters. A cluster head is designated for each cluster. A cluster head establishes a list of the nodes belonging to the similar cluster. It also maintains a path to each of these nodes. The path is updated in a proactive manner. Similarly, A cluster head maintains a list of the gateways to the neighboring clusters. Using the information gathered from the members of the cluster, each cluster head distribute the shares to the cluster members. Each cluster head select a set of gateway nodes. In order to have a secure communication between inter cluster nodes, gateway nodes can act as the trusted member of the corresponding cluster. Through the trusted members secured communication link can be established between two clusters. The cluster head can operate as a trusted certificate authority and it can distribute the certificate share to all cluster members. When a member node fails, at least one of its neighbors reports this node failure to the cluster head. If a cluster head fails, this cluster has to be re-organized and it affects the normal functioning of the network. We propose a novel fully distributed cluster based safety mechanism without cluster head.

We assume that self organized mobile networks are shaped by a group of nodes having a suitable individuality (for example communication between the military officials or disaster recovery team). In our design each node is granted temporary admission into the network using an identity verification process. Each node generates a code using the equation (1) and forwards the node ID and code to the neighboring nodes. To confirm the identity of the sender, neighboring nodes calculates the hash code using the equation (2). If the generated code and well-known code are same, it accepts the sender as a applicable member and add the sender node ID to set S. (S is the set of all valid neighbors and vibrant clustering algorithm uses set S to create non-overlapping clusters) time when the network is in high-quality condition without any attacks. By adopting the cluster based security scheme it cause less overhead as the network is in operation and proactively isolate the attacker.After initial verification all nodes are continuously monitored by the neighboring nodes and credits are its credits as it stays and behaves well in the network.

. The period of validity is propositional to its credits. Miss-behaving nodes credits are decremented; it will be denied network access when it reaches the minimum threshold level.

Probabilistic Clustering Model

It is possible to characterize this type of phenomena to which the poisson distribution is possible. T1, T2, T3 … Tn are the non-overlapping intervals, then the number of nodes entering into the cluster boundary in the interval is independent. There exists a constant q such that the probability of one event (exactly one node enters into the cluster boundary or leaves the cluster boundary) occurs in the interval of length dt is approximated to q*dt. The probability of two or more events will occur during an interval is approximately zero. So the experiment can be called a poisson experiment. For such experiment, if X counts the number of events occurs during any given interval, then it can be shown that X posses a poisson distribution. If the three poisson condition do hold and is X counts the number of events occurs during some specific time interval duration t, the X is poisson distributed with = qt .

E(x) is a parameter that carries information regarding the central tendency of the random phenomenon modeled by X. E(x) is often sufficient to give a partial description in terms of moments of the random variable. A moment generating function of a distribution can be employed to find the

the dominating set. Cluster creation module forms the non-overlapping clusters based on the valid neighbor set data. Gateway nodes are identified by the cluster maintenance module and all members maintain the list of gateway nodes. Shortest path to moments of the random phenomenon.

Function M X (t ) of the gateway nodes can be calculated from the local route

table. In addition to the other routing information, it variable t is definition as the moment of the random phenomenon X with respect to time t. The cluster topology changes can be represented using the random experiment X.

The probability of nodes entering into the cluster boundary and nodes leaving a particular boundary can be calculated from the moment generating function and its mean and variance. Figure given below illustrates the protocol stack architecture of our security system. Figure illustrates the composition of our security solution, whichconsistsof fiveinteracted components.

Cluster Gateway Node Selection Process

MANETs can be shape as an undirected graph with weights for nodes, G, G= [V, E] V, is the position of the mobile nodes and the E the combination of the bidirectional wireless link. G and V are together dynamic set.

Maintain the public key of all cluster members. In dynamic network environment asymmetric keys can be used to encrypt/decrypt the data.

Cluster Maintenance

Cluster preservation module proactively maintains the route information of all cluster members. There are four topology changes that requires cluster updating.

Node Switches ON:

This will be handled in exactly the same way as cluster formation. This case includes the case when a new node enters into the cluster boundary which is not currently a member of any cluster. A new link (with a node already bound to a cluster) is detected:

This means that an existing node (say, Node A) has moved into the hearing range of another node (Node B). Both nodes A and B will find out the cluster affiliations of each other, update their own routing tables and broadcast this information to their respective cluster members. Note that both these nodes may now become gateway nodes (if both of them are in different clusters).