Mobile Ad Hoc Networks (MANETs)
Disclaimer: This dissertation has been submitted by a student. This is not an example of the work written by our professional dissertation writers. You can view samples of our professional work here.
Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.
What is Mobile Ad Hoc Network?
With rapid development of wireless technology, the Mobile Ad Hoc Network (MANET) has emerged as a new type of wireless network. MANET is a collection of wireless mobile nodes (e.g. laptops) that dynamically function as a network without the use of any existing infrastructure and centralized administration. It is an autonomous system where each node operates not only as an end system but also as a router to forward packets for other nodes.
Since the nodes in MANET move around, the wireless links break and re-establish frequently. Furthermore, most of mobile nodes are resource limited in computing capability and battery power and therefore traditional computing content routing protocols are not suitable for MANET. Several ad hoc routing protocols have been proposed for each node acting as router and maintaining routing information.
There are many other applications of MANET. For examples, MANET can be used to provide emergency Services when the network is impaired due to the damaging of existing infrastructure . Computer scientists have predicted a world of ubiquitous computing in which computers will be all around us, constantly performing mundane tasks to make our lives a little easier. These ubiquitous computers connect in mobile ad hoc mode and change the environment or react to the change of the environment where they are suited. MANET is also found useful in the so-called sensor dust network to coordinate the activities and reports of a large collection of tiny sensor devices which could offer detailed information about terrain or environmental dangerous conditions.
Problem Statement and Motivation
Most current ad hoc routing protocols assume that the wireless network is benign and every node in the network strictly follows the routing behavior and is willing to forward packets for other nodes. Most of these protocols cope well with the dynamically changing topology. However, they do not address the problems when misbehavior nodes present in the network.A commonly observed misbehavior is packet dropping. In a practical MANET, most devices have very limited computing and battery power while packet forwarding consumes a lot of such resources. Thus some of the mobile devices would not like to forward the packets for the benefit of others and they drop packets not destined to them. On the other hand, they still make use of other nodes to forward packets that they originate. These misbehaved nodes are very difficult to identify because we cannot tell that whether the packets are dropped intentionally by the misbehaved nodes or dropped due to the node having moved out of transmission range or other link error. Packet drop significantly decreases the network performance.Traditional security mechanisms are generally not suitable for MANET because:
- The network lacks central infrastructure to apply traditional security mechanism such as access control, authentication and trusted third party.
- Limited bandwidth, battery lifetime, and computation power prohibits the deployment of complex routing protocols or encryption algorithms. New security models or mechanisms suitable for MANET must be found.
- Network topologies and memberships are constantly changing. Thus new intrusion detection system and entity recognition mechanisms that are suitable for mobile ad hoc networks must be designed to avoid or mitigate the behavior to the networks.
Trust management systems have been recently introduced as a security mechanism in MANET. In a trust management system, a communicating entity collects evidence regarding competence, honesty or security of other network participants with the purpose of making assessment or decisions regarding their trust relationships. Here trust
Objective and Sub-tasks
means the confidence of an entity on another entity based on the expectation that the other entity will perform a particular action important to the trustor, irrespective of the ability to monitor or control that other entity . For example, a trust-based routing protocol can collect the evidence of nodes misbehaving, form trust values of the nodes and select safest routes based on the trust metrics.Reputations systems are often seen as a derivation of trust management system. In the reputation system, an entity forms its trust on another entity based not only on the selfobserved evidence but also on the second hand information from third parties. One of the influential reputation systems is the DSR protocol. In the trust management system, reputation system and other trust-based systems, route selection is based on the sending node's prior experience with other nodes in the network. Its opinions about how other entities are honest are constantly changing. Thus, we call the trust management systems and their derivations as dynamic feedback mechanisms. The dynamic feedback mechanisms are usually applied on the current ad hoc routing protocols to rate the trust about other nodes in the network and make routing decisions based on the trust matrix, which is formed according to the evidence collected from previous interactions. By incorporating the dynamic feedback mechanism in the routing protocol, misbehaved nodes are identified and avoided to forward packets. In this way,misbehavior can be mitigated.
Objective and Sub-tasks
The primary objective of this thesis is to Investigate the state of the art of dynamic feedback mechanisms and protocols analyze, implement and evaluate DSR protocols to see how it improves the network performance and what are the side effects of introducing the mechanism to the mobile ad hoc network.
Following tasks must be done to achieve the primary objective.
- Study the preliminary knowledge that is required to carry out the main tasks. For example, to understand DSR protocol one must have some knowledge of Bayesian analysis; to do performance analysis one must learn the methodologies of conducting performance analysis and processing simulation data.
- Investigate security issues of mobile ad hoc network and current dynamic feedback mechanisms or protocols that are used to solve or mitigate the issues.
- Investigate and learn how to use the network simulation tool. There are several popular network simulation tools available and we need to choose the one that best suits our needs. The selected network simulator should be studied so that we can use it as platform to implement protocol and conduct simulations.
- Analyze and implement the DSR protocol based on Dynamic Source Routing protocol (DSR); evaluate the network performance.
Structure of the Report
Since we have almost gone through the chapter one, we only briefly present the content of the subsequent chapters in this section.
- Preliminary Information
- State of the Art
- Implementation and Tests Performance
- Conclusion and Future Work
we have introduced the MANET. This chapter presents other preliminary information and concepts that will be used in other parts of the thesis. Firstly four general modes of routing operations are introduced and compared. The DSR protocol, which is used as underlying routing protocol in the thesis, is explained in detail. Secondly Bayesian estimation and Beta function are explained to pave the way for the analysis of the reputation model of DSR in the chapter 4. Thirdly some techniques regarding simulation and performance analysis are presented. Finally, several popular network simulation tools are discussed and compared.
Mobile Ad Hoc Network Routing Protocols
Nowadays there are various routing protocols proposed for the MANET. The most popular ones are DSDV (Destination-Sequenced Distance Vector), TORA (Temporally- Ordered Routing Algorithm), DSR (Dynamic Source Routing) and AODV (Ad-hoc On Demand Distance Vector). These routing protocols can be categorized in different routing operation modes.
Mode of Routing Operations
These two modes concern whether or not nodes in an ad hoc network should keep track of routes to all possible destinations, or instead keep track of only those destinations of immediate interest Proactive protocols store route information even before it is needed. This kind of protocols has advantage that communications with arbitrary destination experience minimal delay. However it also suffers from the disadvantage that additional control traffic is needed to continually update stale route information. This could significantly increase routing overhead especially for the MANET where the links are often broken. Reactive protocols, on the contrary, acquire routing information only when it is actually needed. However, the latency of the communication increases tremendously especially when a node communicates to another at the first time.
Source routing vs. Hop-by-hop routing
These two modes concern whether the source node decides the route for a packet to be forwarded to the destination or the intermediate nodes are allowed to decide the next hop until the packet arrives at the destination. In the source routing protocols, the source node decides the route and puts the route information in the packet header. All the intermediate nodes forward the packet along the route faithfully. This kind of protocols has advantage that the intermediate nodes are not required to maintain the routing information. But it suffers from the disadvantage that the packet size grows because of source routing information carried in each packet. In the hop-by-hop routing protocols, it is sufficient for the source to know only how to get to the "next hop" and intermediate nodes find their own next-hops until the destination. In contrast to source routing protocols, hop-by-hop routing protocols do not increase packet size but they requires all the intermediate nodes to maintain routing information.
Table 2-1 Categories of routing protocols
has compared the performance of these four routing protocols . The results show that DSR has best throughput performance (above 95%) at all mobility rates and movement speeds. Thus we will use DSR as basic routing protocol in this thesis.
The Dynamic Source Routing Protocol (DSR)
John et al. proposed the dynamic source routing protocol (DSR)  which is a routing protocol for use in multi-hop wireless ad hoc networks of mobile nodes. DSR is an ondemand protocol, in which route are only discovered when data need to be transmitted to a node where no route has yet been discovered. The advantage of this on-demand routing protocol is that there are not any periodic routing advertisement and reducing the routing overhead. DSR is also a source routing protocol, allowing multiple routes to any destination and allows each sender to select and control the routes used in routing the packets. DSR is composed of the two main mechanisms: "Route Discovery" and "Route Maintenance" which are explained below.
Route Discovery aims at finding routes from a source node to destination. Figure 2-1 illustrates the procedure of Route Discovery. When a source node S wants to send a data packet to some destination node D, it first searches its route cache to find whether there is a route to D. If there is no route to D, then S will initiate a Route Discovery and send out
Route Request message which is propagated to all the nodes within its transmission range. At the mean time, it saves the data packet in its send buffer. The Route Request message contains the addresses of source node and destination node, a unique route request identifier and a route record which records all the intermediate nodes that this route request packet has traveled through. S appends itself to the beginning of the route record when it initiates the message.
When a node receives the Route Request message, it compares the destination address in the message with its own address to judge whether itself is the destination node. If it is not, it will append its own address in the route record and propagate the message to other nodes. If the node is the destination node, it will send a Route Reply message to the source node and the message contains the source route record which is accumulated when the Route Request message is forwarded along its way to the destination. When the destination sends the Route Reply, if it uses MAC protocols such as IEEE 802.11 that require a bidirectional link, it just reverse the source route record and use it as route to send Route Reply to the source node. Otherwise it should find the route by searching its route cache or sending out a Route Request which piggybacks the Route Reply for the source node. When the source node receives the Route Reply message, it puts the returned route into its route cache. From then on all the packets destined to the same destination will use this route until it is broken.
Since the ad hoc network is dynamic and the topology of the network changes frequently, the existing routes maintained by nodes in their route cache are often broken. After forwarding a packet, a node must attempt to confirm the reachability of the next-hop node. If the node does not receive any confirmation from the next hop during a certain period of time, it will retransmit the packet. If after a maximum number of retransmission it still does not receive any confirmation, it will think the link to the next hop is broken and will send a Route Error message to the source node.
DSR proposes three acknowledge mechanisms to confirm that data can flow over the link from that node to the next hop:
- Link-layer acknowledgement which is provided by MAC layer protocol such as IEEE 802.11.
- Passive acknowledgement in which a node hears the next-hop node forwarding the packet and thus confirms the reachability of the link.
- Network-layer acknowledgement in which a node sends an explicit acknowledgement request to its next-hop node.
Passive Acknowledgement (PACK) is important in DSR protocol because it is used to detect whether the next hop forwards the packet or drops it. We explain it in detail in this section.
Passive acknowledgement is used with the assumption that:
- Network links operates bi- directionally.
- The network interface is in the "promiscuous mode". When a node taps a new packet in "promiscuous mode" after it originates or forwards a packet, it consider it as an acknowledgement of the first packet if both of following check success.
- The Source Address, Destination Address, Protocol, Identification, and Fragment Offset fields in the IP header of the two packets MUST match.
- If either packet contains a DSR Source Route header, both packets MUST contain one, and the value in the Segments Left field in the DSR Source Route header of the new packet MUST be less than that in the first packet.
- If no matched packet is found during PACK timeout, the node will consider the link between the next hop and itself is broken and will send Route Error message to the source node.
DSR has additional features such as replying to route requests using cached routes, caching overheard routing information, packet salvaging and flow state extension and etc. We will introduce them in section 4.1 and discuss how they will impact the performance of network, how they will interact with DSR and whether they will be enabled in our simulation.
Performance Analysis Techniques
This section introduces the performance analysis techniques and methodologies that will be used in the performance evaluation.
Factors and Primary Factors
There are many parameters that will influence the simulation results and need to be carefully chosen in the simulations. Some parameters are chosen based on experience values or the conditions of the network we want to simulate. Others need to be tuned to optimize the network performance. We distinguish the two kinds of parameters as follows:
- Factors are the variables that affect the simulation result and have several alternatives. Normally they are decided based on experience.
- Primary factors are the factors whose effects need to be quantified. This kind of factors usually needs to be adjusted through simulation.
The key step of the network performance analysis is to interpret the simulation result and summarize the characteristic of the network. To avoid the inaccurate simulation results due to an extreme scenario, we usually run simulations on several different scenarios. The data set of these simulations are called sample. A single number must be presented to give the key characteristic of the sample and this single number is called an average of the data. There are three alternatives to summarize a sample
Mean is obtained by taking the sum of all observations and dividing this sum by the number of observations in the sample.
Median is obtained by sorting the observations in an increasing order and taking the observation that is in the middle of series. If the number of the observations is even, the mean of the middle two values is used as a median.
Mode is obtained by plotting a histogram and specifying the midpoint of the bucket where the histogram peaks.
Confidence Interval for the Mean
In our performance evaluation, the main objective is to compare the simulation results of DSR and Standard DSR to see whether there is any performance improvement. However, most simulation results are random in some degree due to the particularity of the node movement scenarios and we cannot tell whether the two systems are different. One way to minimize the random effect is to repeat the simulations with different scenarios as many times as possible and get a large sample space. Unfortunately, due to the time limitation we cannot conduct many simulations. points out that using confidence interval we can tell whether the two systems are different with smaller sample space. The confidence interval for the mean can be calculated using If the confidence intervals of the simulation results of the two systems have no overlap, then we can claim the two systems are different and one system is superior or inferior to the other.
GloMoSim's source and binary code can be downloaded only by academic institutions for research purposes. Commercial users must use QualNet, the commercial version of GloMoSim.
OPNET Modeler is commercial network simulation environment for network modeling and simulation. It allows the users to design and study communication networks, devices, protocols, and applications with flexibility and scalability . It simulates the network graphically and its graphical editors mirror the structure of actual networks and network components. The users can design the network model visually.The modeler uses object-oriented modeling approach. The nodes and protocols are modeled as classes with inheritance and specialization. The development language is C.
When choosing a network simulator, we normally consider the accuracy of the simulator. Unfortunately there is no conclusion on which of the above three simulator is the most accurate one. David Cavin et al. has conducted experiments to compare the accuracy of the simulators and it finds out that the results are barely comparable . Furthermore, it warns that no standalone simulations can fit all the needs of the wireless developers. It is more realistic to consider a hybrid approach in which only the lowest layers (MAC and physical layers) and the mobility model are simulated and all the upper layers (from transport to application layers) are executed on a dedicated hosts (e.g. cluster of machines). Although there is no definite conclusion about the accuracy of the three network simulators, we have to choose one of them as our simulation environment. We compare the simulators using some metrics and the results are summarized
After comparing the three simulators, we decide to choose ns2 as network simulator in our thesis because
- Ns2 is open source free software. It can be easily downloaded and installed.
- The author of the thesis has used ns2 in another network related course and gotten familiar with the simulation. Ns2 uses TCL and C++ as development languages for which the author has some programming experience.
- The author of the DSR protocol has conducted simulation on GloMoSim and gotten performance results. We want to do the simulation on a different simulation to form comparison.
State of the Art
In this chapter we will introduce the start of the art security solutions in MANET with emphasis on dynamic feedback mechanisms. Firstly, we will present the general security issues/requirements of MANET to pave the way for the future investigation. Then we will discuss the state of the art security mechanisms for MANET such as payment system,trust management system, reputation system, etc. Finally, we will summarize all the security solutions we discussed in this chapter.
Security Issues in Mobile Ad Hoc Network
Due to lack of central infrastructural and wireless links susceptible to attacks, security in ad hoc network has inherent weakness. In section 1.2 we have discussed the reasons why mobile ad hoc network imposes security challenges that cannot be solved by traditional security mechanisms. In this section, we present the general security properties required by ad hoc network.
Following are general security properties regarding ad hoc network
Confidentiality: The confdiantiality property is to protect certain information from unauthorized disclosure. The information includes not only the application data that send over the routing protocol, but also the routing information itself as well as network topology and geographical location.
Integrity: The integrity ensures that the transmitted message and other system asset are modified only by authorized parties. In the routing level, it requires all nodes in the network following correct routing procedure.
The main challenge of ensuring integrity is that without central infrastructure and powerful computing capabilities, it is difficult to apply existing cryptography and key management systems.
Availability: The availability property requires that the services or devices are exempt from denial of service, which is normally done by interruption, network or server overload. Typical examples or denial of service attack are radio jamming, in which a misbehaved node transmit radio to interference other nodes' communications, and battery exhaustion, in which a misbehaved node interact with a node for no other purpose than to consume its battery energy.
Authentication: The authentication property requires that the communication entity's identification is recognized and proved before communication starts.
Access control: This property requires restricting resources, services or data to special identities according to their access rights or group membership.
Non-repudiation: This property ensures that when data are sent from sender to receiver, the sender cannot deny that he has sent the data and the receiver cannot deny that he has received the data.
Mobile nodes may conduct different misbehavior for different purposes. Po-Wah Yau classifies the misbehaved nodes into following categories.
Failed nodes are simply those unable to perform an operation; this could be because power failure and environmental events.
Badly failed nodes exhibit features of failed nodes but they can also send false routing messages which are a threat to the integrity of the network.
Selfish nodes are typified by their unwillingness to cooperate as the protocol requires whenever there is a personal cost involved. Packet dropping is the main attack by selfish nodes.
Malicious nodes aim to deliberately disrupt the correct operation of the routing protocol, denying network service if possible. These four types of misbehaved nodes actually can be categorized in two aspects: whether their misbehaviors are intentional or unintentional, and the severity of the results.
Payment systems provide economic incentives for the cooperation in MANET. They consider that each node in MANET is its own authority and tries to maximize the benefits it gets from the network. Thus each node tends to be selfish, dropping packets not destined to them but make use of other nodes to forward their own packets. The purpose of payment systems is to encourage the cooperation within the MANET by economic incentives. There are several variations of payment systems proposed.
Nuglets is a virtual currency mechanism for charging (rewarding) server usage (provision). Nodes that use a service must pay for it (in nuglets) to nodes that provide the service. A typical service is packet forwarding which is provided by intermediate nodes to the source and the destination of the packet. Therefore either the source or the destination should pay for it.
There are two models for charging for the packet forwarding service: the Packet Purse Model (PPM) and the Packet Trade Model (PTM).
In the Packet Purse Model, the sender pays for the packet. It loads the packet with a number of nuglets when sending the packet. Each intermediate forwarding node acquires some nuglets from the packet that covers its forwarding costs. If a packet does not have enough nuglets to be forwarded, then it is discarded. If there are nuglets left in the packet once it reaches destination, the nuglets are lost. In the Packet Trade Model, the destination pays for the packet. Each intermediate node "buys" the packet from previous one for some nuglets and "sells" it to the next one for more nuglets until the destination "buys" it. Either of the two models has advantages and disadvantages. While the Packet Purse Model deters nodes from sending useless data and avoids the network overloading, the Packet Trade Model can lead to an overload of the network and the destination receives packets it does not want. On the other hand, in the Packet Purse Model it is difficult to estimate the number of nuglets that are required to reach a given destination. But thePacket Purse Model does not need to consider this problem. To take advantages of the two models and avoid the disadvantages, a hybrid model is suggested. In this model, the sender loads the packet with some nuglets before sending it.The packet is handled according to the Packet Purse Model until it runs out of nuglets. Then it is handled according to the Packet Trade Model until the destination buys it.
To address the problems encountered by the nuglets approach such as difficulty in estimating pre-load nuglets and possible network overload, another payment approach based on credit counter is suggested. In this approach, the current state of each node is described by two variables b and c, where b is the remaining battery power and cstands for the value of its nuglet counter. More precisely, b is the number of packets that the node can send using its remaining energy and c is the number of packets a node canoriginate.
A node can originate a number of packets N only when the condition c=N holds. When a node forwards a packet, nuglet counter c is increased by one and b is reduced by one. Thus in order to originate packets, each node must earn credits by forwarding packets. The counter solution requires tamper resistant hardware security module.
S. Zhong et al. proposed Sprite , a credit-based system for MANET. As opposed to Nuglets or Counter they do not require tamper-proof hardware to prevent the fabrication of payment units. Instead, they introduce a central Credit Clearance Service (CCS). The basic scheme of the system is as follows. When a node receives a message the node keeps a receipt of the message and reports to the CCS when the node has a fast connection to Credit Clearance Service (CCS). The CCS then determines the charge and credits to each node involved in the transmission of a message, depending on the reported receipts of a message.
In this scheme, the sender charges money. A node that has forwarded a message is compensated, but the credit that a node receives depends on whether or not its forwarding action is successful. Forwarding is considered successful if and only if the next node on the path reports a valid receipt to the CCS.
Discussion on the Payment Systems
The payment systems we describe in above sections either assumes a tamper resistant hardware module is available to ensure that the behavior of the node is not modified or requires a central authority server to determine the charge and credit to each node involved in the transmission of a message. Tamper resistant hardware may not be appropriate for most mobile devices because it demands advanced hardware solution and increases the cost of the devices. Lacking of central authority server is right the inherent property of MANET that causes security challenges so it is also not appropriate. Furthermore, all the approaches described above suffer from locality problems  that nodes in different locations of the network will have different chances for earning virtualcurrency, which may not be fair for all nodes. Usually nodes at the periphery of the network will have less chance to be rewarded.
Reputation systems have emerged as a way to reduce the risk entailed in interactions among total strangers in electronic marketplace. Centralized reputation systems have been adopted by many on-line electronic auctions such as eBay to collect and store reputation ratings from feedback providers in a centralized reputation database. Decentralized reputation systems used by MANET, on the other hand, do not use centralized reputation database. Instead, in these reputation systems, each node keeps the ratings about other node and updating the ratings by direct observation of the behaviorsof neighboring nodes or second hand information from other trusted nodes. Identifies three goals for reputation systems:
- To provide information to distinguish between a trust-worthy principal and an untrustworthy principals.
- To encourage principals to act in a trustworthy manner
- To discourage untrustworthy principals from participating in the service the reputation mechanism is present to protect.
Most of the reputation systems in MANET are based on trust management system. Trust is such a subjective and dynamic concept that different entities can hold different opinions on it even while facing the same situation. Trust management system can work without reputation system. For example, a mobile node can form opinion about other nodes by direct experience with the nodes.We can unify reputation system and trust management system to dynamic feedback mechanisms. Former one is a global reputation system and mobile nodes share their own experiences of interaction with other nodes. The later one is a local reputation system in which mobile nodes rating the trustability of other nodes based on its own observation.
DSR is a reputation system aiming at coping with misbehavior in MANET. The idea is to detect the misbehaved nodes and isolate them fromcommunication by not using them for routing and forwarding and by not allowing the misbehaved nodes to use itself to forward packets. DSR stands for Cooperation Of Nodes: Fairness In Dynamic Ad-hoc Network. It usually works as an extension to on demand routing protocols.
With DSR each node has four components: Monitor, Reputation System, Trust Manager and Path Manager. These components interact with each other to provide and process protocol information. Figure 3-2 illustrates the architecture of the DSR components based on DSR protocol.
Monitor is responsible for gathering firsthand information about the behavior of other nodes in the network. This is achieved by observing and detecting various attacks. A typical misbehavior is packet dropping. The monitor detect it by an enhanced Passive Acknowledge mechanism. The monitor can also detect other attacks such as message modification and fabrication through overhearing the packets forwarded by next hop.
Reputation System is the core component of DSR. It is responsible for maintaining reputation rating about other nodes in the network. The reputation rating about other nodes is updated based on the firsthand information observed by the node or the secondhand information published by other nodes. Reputation System decides whether to accept secondhand information and how much the information is incorporated to update reputation ratings. Based on reputation ratings, Reputation System identifies misbehaved nodes.
Trust Manager maintains the trust rating about other nodes in the network. Trust rating represents a node's opinion about how honest another node is as an actor in the reputation system. It is used as an alternative way to decide whether to accept second hand information. The benefit of using trust is to speed up the detection of misbehaved nodes.
Path Manager performs actions once a misbehaved node is identified, e.g. deletion of paths containing misbehaved nodes, action on receiving request for a rout containing a misbehaved node in the source route, etc.
With DSR each node collects two major types of information about other nodes which it has communicated or heard about in the network: first-hand information and second-hand information. Based on the information the reputation rating is updated. To have an accurate estimation of misbehavior, Bayesian estimation is employed to form reputation ratings and making other decisions.
DSR distinguishes trust from reputation. For each node, reputation rating represents how well a node behaves while trust rating represents how honest a node is.Reputation rating is used to decide whether the node is regular or misbehaved, while trust rating is used to decide whether the node is trustworthy or not as a recommender. Following description illustrates how DSR works to mitigate the misbehavior in the network. When a node sends a packet to its neighboring node which is supposed to forward the packet, the node detects whether the neighboring node forwards the packets by listening the packet in a promiscuous mode, which is called Passive Acknowledgement. If it hears the packet is forwarded, it updates the first-hand information and increases the reputation rating about the neighboring node. If it doesn't hear the packet within a certain time, it thinks the neighboring node misbehaves and decreases its reputation rating. Whenever the reputation rating about another node is updated, the node will identify whether it is misbehaved node or not by comparing the reputation rating with a misbehaved threshold. The identified misbehaved nodes will be reported to Path Manager which will take further actions. Every node periodically spreads the firsthand information it has collected to its neighboring nodes. If a node receives the published firsthand information and thinks the source of the information is trustable, it will incorporate the information to update the reputation ratings it keeps. It is very important to know that with DSR a node only forwards or responds to nodes with good behavior. In this way, it isolates misbehaved node by bearing grudges to it.
Similar to DSR, CORE (COllaborative REputation mechanism) also provides a mechanism to enforce node cooperation based on a collaborative monitoring technique. However, CORE is different from DSR in reputation model and the way to spread rumor. Three types of reputations are used in the CORE.
- Subjective reputation of a target node is the reputation calculated directly from a subject's observation of the target node's behavior.
- Indirect reputation is evaluated only considering the direct interaction between a subject and its neighbors.
- Function reputation is the subjective and indirect reputation calculated with respect to different functions such as forwarding a data packet, reply route request. The final reputation information is combined from the three reputations with different weight associated to the functional reputation value.
CORE consists of two basic components:
- Reputation Table (RT) is a data structure stored in each network entity, keeping the reputation data pertaining to the nodes in the network.
- The Watchdog mechanism (WD) is used to detect misbehaved nodes. With CORE only positive rating factors are distributed among the entities to avoid a misbehaving entity to distribute false information about other entities in order to initiate a denial of service (DoS) attack.
Both DSR and CORE use second-hand information which is subject to false accusations and requires a node maintaining trust relationship with other nodes. On the contrary, Sorav Bansal and Mary Baker proposed OCEAN (Observation-based Cooperation Enforcement in Ad Hoc Networks) which only uses direct first-hand observations of neighboring nodes' behavior.With OCEAN, each node has five components:
NeighborWatch is used to observe the behavior of the neighboring nodes. It can detect whether the next hop sends the packet successfully or not by Passive Acknowledgement.
RouteRanker maintains a rating for each of neighboring nodes. The rating is initialized to neutral and is incremented or decremented on receiving positive or negative events respectively from the NeighborWatch component. Once the rating of a node falls below a threshold the node is put into a fault list and is avoided to be used to forward packets.
Rank-Based Routing applies the information from NeighborWatch in the actual selection of routes. To avoid routes containing nodes in the faulty list, an avoid list is added to DSR Route Request Packet (RREQ). On re-roadcasting the RREQ, each node can add its own avoid list to the packet. The nodes receiving the RREQ will check the avoid list in RREQ and decide whether to suppress the packet or reply with Route Reply.
Malicious Traffic Rejection rejects all the traffic from nodes it considers misleading so that a node is not able to relay its own traffic under the guise of forwarding it on somebody else's behalf.
Second Chance Mechanism allows nodes previously considered misleading to become useful again since a node may "misbehave" due to accidental link error. The misleading node is removed from the faulty list after a fix period of observed inactivity.
Jiangyi Hu proposed a simple reputation based scheme, called LARS (Locally Aware Reputation System) to mitigate misbehavior and enforce cooperation . Different from global reputation based schemes, with LARS each node X only keeps the reputation values of all its one-hop neighbors N(X). The reputation values are updated based on the direct observation of the neighbors. If the reputation value of a neighbor node M is under threshold, then M is considered by X as misbehaved node. X will notify its neighbors about M's misbehavior by initiating a warning message. To avoid false accusation, conviction of the uncooperative node is co-signed by m different nodes, where m-1 is an upper bound on the number of malicious nodes in the one-hop neighborhood. If the warning message is verified, it is then broadcasted to the k-hop neighborhood and M's khop neighbors become aware of its misbehavior and refuse to serve for it.
Discussion on the Reputation Systems
Although different in reputation model and detailed implementation, all the reputation systems we have introduced have three common parts:
- All the systems detect misbehavior using mechanisms similar to Passive Acknowledgement.
- All the systems maintain reputation ratings about all or part of other nodes in the network and identify misbehaved nodes.
- All the systems react to the misbehaved nodes. Besides the systems introduced in this section, there are many other reputation systems for MANET. Basically they can be classified into following categories:
- Global reputation system in which each node knows reputation value of every othernode in the network. This is achieved by exchange indirect reputation message among the network. DSR and CORE are examples of global reputation system.
- Local reputation system in which each node only keeps the reputation value of its neighboring nodes. Instead of distributing reputation value or information periodically, the local reputation systems usually update reputation value based on its own observation. points out following disadvantages of global reputation systems Each node maintains reputation values of every other node, which costs a lot of storage. Disseminate reputation information greatly increases the volume of network traffic.
- The decision and incorporating second hand information consumes addition computation.
- The reputation information could be modified, replayed or accidentally lost during transmission. Hu thinks that the global systems are unnecessary due to above disadvantages. Although the reasons he analyzed may exist, the author of the thesis cannot totally agree with his negative conclusion about the global reputation system. To judge whether a system is good or not depends on how well it can mitigate misbehavior and improve the network performance. If the system can identify the misbehaved node precisely and send the packet successfully at the minimum tries, then the cost of above factors can be compensated.
Watchdog and Pathrater
Marti et al proposes two techniques that improve throughput in an ad hoc network in the present of misbehaved nodes .The watchdog method is used for each node to detect misbehaving nodes in the network. When a node sends a packet to next hop, it tries to overhear the packet forwarded by next hop. If it hears that the packet is forwarded by next hop and the packet matches the previous packet that it has sent itself, it considers the next hop behaves well. Otherwise it considers the next hop misbehaves. The pathrater uses the knowledge about misbehaving nodes acquired from watchdog to pick the route that is most likely to be reliable. Each node maintains a trust rating for every other node. When watchdog detects a node is misbehaving, the trust rating of the node is updated in negative way. When a node wants to choose a safe route to send packets, pathrater calculates a path metric by averaging the node ratings in the path.
Marti et al implemented the solutions on DSR protocol using ns2 as simulation environment. The simulation result shows the throughput of the network could be increased by up to 27% in a network where packet drop attack happens. However routing overhead is also increased by up to 24%.
In his master's thesis, Lennart Conrad developed an improved trust-based routing DSR . With the trust-based routing DSR each node keeps the trust value of all other nodes. Different from most reputation solutions which uses passive acknowledgement to detect whether neighboring node has forwarded a packet or not, trust-based DSR uses an explicit acknowledgement packet sent by the receiver to confirm that the packet has been forwarded by all the nodes along the route successfully. If the sender receives the acknowledgement packet within a timeout, it will increase the trust values of all the nodes along the route. Otherwise it will decrease the trust values. Then a node will choose a most trustful route when it has to send a packet. The main contribution of Lennart's solution is that he proposed alternative trust value updating and route selection strategies. The simulation results show significant improvement in throughput compared to regular DSR.
Several cryptography based routing protocols have been proposed based on the modification of existing ah hoc network routing protocols. Ariadne and Key Management System are among them.
Ariadne  is a cryptographic based security solution for on-demand routing protocol, for example, DSR. It prevents attacks of compromising routing information or Denial of Service in ad hoc network. Instead of using traditional symmetric protocols such as RSA, Ariadne primarily uses the TESLA broadcast authentication protocol for uthenticating routing messages. The advantage of TESLA is that it is not computing intensive and it only add a single message authentication code (MAC) to a message for broadcast authentication, which is very important for resource limited mobile devices. Ariadne mainly authenticates packets containing Route Request, Route Reply and Route Error to prevent misbehaved nodes changing route information. Ariadne's authentication mechanisms only check whether the route information is compromised but do not detect whether the messages are dropped. To thwarting such routing misbehavior, it uses feedback about which packets were successfully delivered. The feedback can be received either through an extra end-to-end network layer message, or by exploiting properties of transport layer such as TCP. When there are multiple routes to a single destination, Ariadne sends more fraction of packets along the route with betteroverall feedback for the nodes in it. Ariadne assumes
- Network link is bidirectional
- All nodes have loosely synchronized clocks
- One of following keys to be set up: TESLA, pairwise shared secret keys or digital signatures.
Key Management System -- Threshold Cryptography
Using cryptographic schemes to protect routing information and data traffic usually requires a key management service. Zhou et al proposes a key management system which adopts a publish key infrastructure to distribute keys. They use a so-called (n, t + 1) n=3t+1 threshold cryptography scheme which allows n servers to share the key management responsibility operations, e.g. create a digital signature, so that any t + 1 parties can perform this operation jointly but it is infeasible for at most t parties to do so, even by collusion. With threshold cryptography, each server has a public/private key pair. All nodes in the system know the public key of the service and trust any certificates signed using corresponding private key. The scheme divides the private key k of the service into n shares, assigning one share to each server. Then with t + 1 correct partial signatures the combiner is able to compute the signature for the certificate. However compromised servers cannot generate correctly signed certificates because there are at most t of them.
Discussion on the Cryptography Systems
Comparing to other security mechanisms such as payment systems and reputation systems, the cryptography systems has the advantage that it can cope well with Denial of Service attack and any form of message modification and fabrication. However, the cryptography by itself cannot effectively deal with packet drop attack. Furthermore, most of the cryptography systems assumes key distribute system available, which is the weakness of mobile ad hoc network.
Artificial Immune System - an Intrusion Detection System
Slavisa and Jean proposed an artificial immune system  , which analogs natural Immune System (IS) of human, to detect misbehavior in MANET. The natural IS has two components, innate IS and adaptive IS. The innate IS is hard-wired to detect and destroy non-self cells that contain or do not contain specific patterns on their surface. Human skin is an example of innate IS. The adaptive IS detects the non-self cells and "learns" the patterns of the cells and thus can quickly response next time. The idea of the artificial immune system is to map the natural IS elements to a detection system in MANET. For examples, the body of the human is mapped to the entire mobile ad-hoc network; Self cells are mapped to well behaving nodes and non-self cells are mapped to misbehaving nodes; Antigen is mapped to a sequence of observed DSR protocol events recognized in sequence of packet headers, i.e. "data packet sent", "data packet received", etc. The simulation shows a good detection capability. However, it is premature to draw general purpose conclusion about the performance of the AIS approach and more investigation need to be done in this area.
This section has introduced the general security issues in the MANET and various solutions that have been proposed. The solutions can be classified to several categories, payment system, reputation system, trust-based system and cryptographic system. Each system has its own advantages and disadvantages. Payment systems serve as an incentive to provide a well-defined service. They are easy to understand and implement. However, to ensure the payment not to be modified by misbehaved nodes, tamper-proof hardware and trusted third parties may have to be required. Furthermore payment systems assume that every node forwards the packets and they are not good at mitigating misbehavior. Reputation systems aim at encouraging good behavior and punishing misbehaved nodes. They can be further classified into global reputation systems and local reputation systems. Global reputation systems use secondhand information and can speed up detecting the misbehaved nodes. However, distributing the reputation information periodically increases the network overhead. Local reputation systems do not publish the reputation information and mostly use direct information about other participants in the network. They are more lightweight but may be slow at detecting misbehaved nodes. Trust-based systems are very similar to the local reputation systems in some aspects, except that it only uses firsthand information it has learned in the previous interactions with other misbehaved nodes. Furthermore, trust-based systems are different from local reputation systems in that it never influences the other entities decision by its own reputation ratings. Cryptographic systems can detect attacks that the other three systems cannot do, e.g denial of service (DoS). However, the systems assumes key distribute system available, which is normally not available in mobile ad hoc network. We also introduced an intrusion detection system, artificial immune system, which simulates human's immune system to detect attacks. The mechanism is still in the initial stage and it is not clear whether it is efficient in a real or simulated system.
In this chapter, we analyze the most important features, models and existing problems in the DSR protocol, DSR protocol and ns2. These features, models and problems will impact the software design and performance evaluation. We also make assumptions and define the name convention that will be used in the following chapters.
Analysis of DSR Protocol
Apart from the basic functions of DSR protocol that has been introduced in section 2.1, we are also interested in some additional features of DSR. These features will impact the network performance especially after the integration with DSR. We will analyze these features and decide whether they will be enabled or not in our project.In the following section, we call the DSR protocol as standard DSR and the DSR fortified DSR protocol as DSR.
The Importance of Route Redundant
All the dynamical feedback mechanisms investigated in chapter 3 rely on inherent redundancies - multiple routes available to a single destination. As long as there are enough good nodes and alternative routes, packets can go around those misbehaved nodes and arrive at a destination. Thus increasing the number of available routes to the same destination is very important. The route cache is used to store routes in the standard DSR. When a node gets a new route, either by initiating a new route discovery or by overhearing a packet which contains route information, it adds the route into the route cache. When the node wants to send a packet to a destination node, it searches a shortest route to the destination in theroute cache. If no route is found, the node will send out a Route Request to find new routes.With standard DSR, a node selects a shortest route to the destination from the route cache. In DSR, however, it works in different way. Rather than calculating the shortest hops, a node selects the route which contains no misbehaved nodes. The more alternative routes available in route cache, the more possibility that a node can find a qualified route. Thus when we decide whether to enable a DSR optional feature or not, we use thefollowing criteria:
The additional feature should be enabled if it can increase the number of routes discovered or cached. Otherwise it should be disabled.
Only Forwarding the First Route Request Message
When a node initiates a Route Discovery, it broadcasts the Route Request message to all its neighboring nodes and these neighboring nodes will append its address to the address list of the message and propagate the copy of the message to their own neighbors. There will be message flooding if the Route Request is forwarded unlimitedly. To mitigate the problem, DSR protocol specifies that a node should only forward the first copy of the same Route Request message it receives.
Figure 4-1 illustrates why the propagation of Route Request should be controlled. The intermediate node A receives a Route Request message for the first time and forwards it to B (see the dashed arrow). B forwards the Route Request to its neighboring nodes (see the dashed-dotted arrow). A receives the Route Request a second time and drops it. If the propagation of Route Request message is not controlled, A will forward the message again to B (see the dotted arrow) and the message will be forwarded endlessly.
Figure 4-2 illustrates another scenario of Route Request propagation control. To discover a route to the destination E, the source node S broadcasts a Route Request message to its neighboring nodes A, B and C. The node D receives the three copies of Route Request message from node A, B and C. (We assume D receives the first copy from B.) If D forwards all the three copies of the Route Request to E, then the number of packets is tripled compared with the case that D only forwards the Route Request it receives from B. Thus in this case, DSR requires that D only forwards the first Route Request and discards the other two.
This feature, however, limits the number of routes found in each Route Discovery. It will impact the performance of DSR as explained in the section 4.1.1. If B is a misbehaved node, then the route S à Bà C àD will be discarded in route selection and it turns out that S has to initiate another route discovery. Thus the feature has two contradictory consequences in our project: enabling the feature will increase the number of Route Discovery; disabling the feature will cause message flooding. Since message flooding can cause much more serious problem we think it is reasonable for the feature to be applied.
Caching Overheard Routing Information
In DSR a node overhearing a packet should add all usable routing information from that packet to its own route cache. DSR specifies two ways for a node to overhear the routing information:
- One way is that when the node is participating in forwarding a packet containing source route option or route error information, the node can update the information into its own route cache. This is a mandatory DSR feature.
- The other way is an optional feature. If a node is in promiscuous mode and can snoop any packets sent by its neighbors, it will update the route information contained in the snooped packets into the route cache. The second way can increase the number of routes discovered. This becomes especially important in a network where misbehaved nodes present because the more the routes are available, the more possibilities there are safe routes. Thus we will enable this feature in our implementation.
Replying to Route Requests Using Cached Routes
DSR allows a node receiving a Route Request for which it is not the target to reply with the route found in its own route cache. In the Route Reply, this node appends the source route to the target node obtained from its own route cache after a sequence of hops over which the route request has been forwarded to it. After the node sends out the Route Reply, it will not propagate the Route Request any further. Figure 4-3 illustrates the scenario of replying to Route Request using cached routes. Source node S initiates a Route Request to find routes to destination D. When B receives the Route Request, it searches its route cache and finds a route B à C à D to the destination D. Then B concatenates the route with the accumulated source route S à A in the Route Request and sends the Route Reply to source node S. Node B will not broadcast the route request further in this case.
This feature, however, will decrease the number of routes discovered. For example, if B does not reply the route request with the cached routes and instead forwards the route request to node C, E, and F. Then we can get two additional routes: S à A à B à E à D, S à A à B à F à D. (As seen in Figure 4-3, the dashed lines indicates the routes could be found). But with this feature we can only get one route. Thus, we will disablethis feature.
Route Request Hop Limit
In DSR, each Route Request message contains a "hop limit" that may be used to limit the number of intermediate nodes allowed to forward the Route Request. DSR allows a ring search feature to discover routes. In the ring search mode, the source node sends out a Route Request with hop limit zero, which means only the neighboring nodes can receive the Route Request. If no route was found in the first round of route discovery, the hop limit will be increased to allow the Route Request to be forwarded to greater range of nodes. This feature can save the routing overhead in case the destination node is one of the neighbors of the source node. However, it will also limit the number of the routes being discovered and thus will be disable in our project.
When an intermediate node forwarding a packet detects that the next hop for that packet is broken and if the node has another route to the destination in its route cache, the node will salvage packet by using the new route instead of discard it. To avoid the packet to be salvaged endlessly, a counter is maintained in the packet to count the number of times that it has been salvaged.
The packet salvaging feature can increase the number of packets arriving at the destination. However, since the node which salvages the packet changes the source route header, we should be very careful when using passive acknowledgement to detect the packet modification in DSR protocol. If a node receives a PACK packet and finds the salvage value is changed, it should not compare the source route with the original one.
Automatic Route Shortening (Gratuitous Route Reply)
DSR allows a source route to be automatically shortened if one or more intermediate nodes become unnecessary. As shown in Figure 4-4, source node S sends a packet to destination node D along the source route S à A à B à C à D. If C snoops the packet forwarded by A and finds itself on the source route but it has not explicitly receives the packet, C can confirm that node B is not necessary to participate in the forward and can be deleted from the source route. Then C sends a gratuitous route reply to notify source node S that there is a shortened route S à A àC à D.
The automatic route shortening feature can save the time for a packet to be delivered to a destination. Particularly, in a network where misbehaved nodes present, the shorter route means less possibility that the route contains misbehaved node. Thus we enable this feature in our project.
DSR Flow State Extension
Since the draft version 9, DSR has added a new feature called "flow state" to allow the routing of the most packets without an explicit source route header in the packet. In this feature, when a sending node has discovered a source route, the node can establish a flow along the route which allows each node along the route to forward the packet to the next hop based on the node's own local knowledge of the flow along which this packet is being routed. The feature ignificantly reduces the overhead of the protocol because data packet need not carry source route along the way. owever, we will not enable this feature in our project. The reason is that the flow state is a new feature and its impact on the DSR is unknown. DSR has no specification about how to deal with it. Furthermore we want to compare our simulation result with that of Sonja reported in her Ph.D thesis  which does not support flow state.
DSR provides other additional features to improve the performance of a MANET. For examples, a node will handle the queued packets in Network Interface Queue and Maintenance Buffer if it detects the next-hop link of the route of the packet is broken; when a node receives a route error it usually spreads the message to other nodes by piggybacking the route error information in the next route request packet. These features have little impact on the performance of DSR and we will not discuss them in detail.
Analysis of DSR Protocol
In this section we will analyze the state chart of DSR to pave the way for software design. We will discuss the misbehavior detection and data representation that affects the implementation. We will also discuss the network verhead introduced by DSR which is one of the tasks of performance analysis.
States and Events
As introduced in section 3.3.1, there are five modules in DSR: DSR, Monitor,Reputation system, Trust manager and Path manager. These modules are interrelated together to provide and process all kinds of information. The modules also interact with DSR to send and receive packets. Figure 4-5 shows the interactions between the modules of DSR and DSR in each node. The ovals within each module represent the most important states of the module and the arrow lines indicate events or message between the states.
The dashed lines describe how the first hand information is collected. When a node I receives a packet in the promiscuous mode from another node j within the DSR module, it passes the tapped packet to the Monitor to detect whether it is the PACK packet. If it is, the ratings about j will be updated. If the reputation rating is greater than misbehaved threshold, it will inform Path manager to delete all the paths that contains the node j from the route cache of node i. The dotted lines describe how second hand information published by the other nodes is handled. As seen in the figure, when node i receives published information it passes the information to the Reputation system to decide whether it should be accepted. If the information is accepted, the ratings about node j are updated. If the reputation rating after updating exceeds tolerance threshold, all the paths that containing the node j will be deleted from Path manager. The dashed-dotted line describes that a node periodically publishes the reputation ratingsit has about other nodes in the network. As seen, reputation system periodically calls theDSR to send out the firsthand information.
Detection of Misbehavior
Misbehavior detection is an important part of DSR. In this section we will introduce how DSR detects various misbehaviors. We will also analyze what kinds of misbehaviors cannot be detected by DSR.
Improved Passive Acknowledgement
Section 2.1.2 introduces the Passive Acknowledgement mechanism
Cite This Dissertation
To export a reference to this article please select a referencing stye below: