This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
A mobile ad hoc network is a kind of wireless communication network that does not rely on a fixed infrastructure and is lack of any centralized control. These characteristics make it vulnerable to security attack, so protecting the security of the network is essential. As wireless ad-hoc networks become feasible, the security issues have been important. Because taping and the falsification are easy in a wireless network, and it is difficult to find the attacker, defenses are more difficult than networks of cable.
Authentication, integrity and encryption are key issues pertaining to network security. Traditional authentication schemes cannot be effectively used in such decentralized networks. Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as authentication.
Authentication is an aspect of communication network security that deals with ensuring that the principals with whom one interacts are the expected ones. Informally, authentication allows the receiver to verify that the claimed sender really sent the data.
Therefore, message authentication scheme in wireless networks is paid to attention. In addition, since an ad hoc network is often achieved with the mobile terminals, the security scheme which does not need computation power and any complex mechanism is required. This project proposes an efficient message authentication scheme which improves the performance of the conventional scheme.
Keywords:- ad-hoc; authentication; chaining scheme; Enhanced tree scheme
1.1. Ad Hoc Networking - An Overview
With the rapid development of mobile technologies however, the use of networks is not limited through earthbound cables anymore. The potentials of such wireless networks are not fully explored yet. Mobile telephony is the most basic application making use of them, but the list only starts there. Mobile and Wireless technology is growing at a rapid rate. Combining peer-to-peer techniques with the opportunities that mobility offers, so called ad hoc networks have become an important field of research in recent years.
Ad hoc networks are a consequence of the research efforts in Mobile and Wireless Networks. It is a class of wireless networks where there is no fixed infrastructure. Unlike traditional wireless networks, they do not have base stations to coordinate the activities of mobile hosts. Each node acts a router transmitting messages from one node to another. These nodes also need to perform all other functions involved in any network. The hosts are also mobile, therefore the network topology changes frequently. Dynamically changing topology and lack of centralized control makes it very challenging to incorporate various network layers into ad hoc networks.
An ad-hoc network is a wireless communication network composed of mobile nodes with neither the base infrastructure network nor the base stations.
1.2. Ad Hoc Characteristics
A Mobile Ad Hoc Network (MANET) is a collection of mobile nodes that are dynamically and arbitrarily located in such a manner that the interconnection between nodes is capable of changing on a continual basis.
It is an infrastructureless network. There is no pre-image that can be made on how the network will be formed. Even after the formation of the network, the topology is still unpredictable.
Nodes in the network communicate with each other through radio signals, which are broadcasted to the whole network and can be received by everyone.
All the nodes in MANET are equally likely. No node is superior or inferior to others. There is no central control over MANET. Every node takes exactly the same responsibility in the network. Besides, no node is more credible than other nodes in nature.
Network topology continues changing. Nodes are free to join and leave the network whenever they want. They are able to move around while still maintaining their connections. In a word, the network is highly dynamic.
The mobile nodes in MANET are usually resource constrained. The joint nodes are usually laptops, PDAs and even network-enabled mobile phones. These mobile devices usually have low computational power and limited battery life.
1.3. Essentials and vulnerabilities of Ad Hoc Networks
Ad hoc networks are by nature very open to anyone. Their biggest advantage is also one of their biggest disadvantages: basically anyone with the proper hardware and knowledge of the network topology and protocols can connect to the network. This allows potential attackers to infiltrate the network and carry out attacks on its participants with the purpose of stealing or altering information. Also, depending on the application, certain nodes or network components may be exposed to physical attacks which can disrupt the functionality.
Another specialty of ad hoc networks is their heavy reliance on inter-node communication. Due to the dynamic nature of the link between the single nodes, it may happen that a certain node B is not in range of node A. In these cases, the information can be routed through intermittent nodes. The possibility that a certain data route becomes unavailable is significantly higher than in fixed-location networks. This makes it easier for attackers to disrupt the network than in conventional networks.
The rapid progress of wireless mobile communication technology has prompted new security problems and countermeasures against them. Since the mobility of users and wireless access to the network exasperate potential security threats such as eavesdropping and illegal access, security services for secure mobile communication environment should be provided. Authentication and confidentiality are essential security services to control fraud and to protect private communication against unauthorized eavesdropping, respectively. In addition, the whereabouts of a particular mobile user may need to be protected to ensure privacy.
1.4. Security in Mobile Ad Hoc Network
High level security requirements for ad hoc networks are basically identical to security requirements for any other communications system, and include following services
However, similar to wireless communication systems creating additional challenges for implementation of services when compared to fixed networks, ad hoc networks can be viewed even more extreme case, requiring even more sophisticated, efficient and well designed security mechanisms.
At the same time, the confidentiality of transported data, which is one of the most commonly mentioned security problems in wireless systems, can be easily solved once the authentication and key sharing mechanism are in place. Similar considerations apply to integrity protection, with integrity of the data stored in the devices being the most challenging issue.
So, a key research objective in the area of authentication and key management in ad hoc networks in designing cryptographic mechanisms which should be efficient is essential.
Assuming key distribution and key management are done properly, the authentication service improvement alone will be considered from now.
1.5. Existing methods
1.5.1. Encryption method.
In this encryption, a method to transmit data is done. No keys are required and security is independent of computational considerations. The message is split in two parts which are encoded using portions of the message and it is shown that decoding can not be achieved unless all subparts are received.
Four encrypted n-bit parts, labeled a', b', c', d' are generated using the equations below.
a'=a XOR c
b'=b XOR d
c'=c XOR b
d'=d XOR a XOR b
Combines vectors a' and b' and sends them through one path. Combines vectors c' and d' and sends them through the other path.
The receiver receives the four vectors a', b' c' and d' through the two different routes and decrypts the message using the following equations
a=b' XOR d'
b=a' XOR b' XOR c' XOR d'
c=a' XOR b' XOR d'
d=a' XOR c' XOR d'
1.5.2. Secure Ad hoc Routing.
There exist several proposals that attempt to architect a secure routing protocol for ad hoc networks, which incorporates the security mechanisms into existing ones (like DSR and AODV). Some of the existing secure ad hoc routing is
1.5.3. Chain Method.
In this Chain scheme, the authentication of the all transmitted packets succeeds because each packet has the hash value of the following packet, and the only first packet is signed. The signature calculation cannot begin as long as all packets do not become complete because it should sequentially calculate the hash value of the transmitted packet from the last packet. Therefore, long chain is not suitable to the real-time application. Moreover, when the chain of the hash value breaks by the packet loss, the authentication becomes interrupted. The packet structure of the chain scheme is as shown in figure1.
1.6. Drawbacks of Existing mechanisms
Some of the drawbacks are listed as follows:
In Encryption method - overhead in finding two intermediate nodes during transmission between two nodes.
Again intermediate nodes are to be trusted, which gives additional burden.
In secure as hoc routing - applicable only for that particular ad hoc routing protocol.
Figure.1.Packet Structure of Chain Scheme
2. Proposed Work
Recently ad hoc network has gained immense attention for both research and application. The inherent properties of ad hoc network and security requirements of its applications are often contradictory. The objective of this project is to improve security of Chain scheme by authentication for a mobile unit unstructured Ad hoc Network environment by considering the factors of Ad hoc Network.
Since an Ad-hoc Network uses wireless communication and flexibility is higher than fixed network, the security issue of the ad-hoc network is more difficult than fixed network. We need an authentication scheme to verify the validity of the message for a safe communication in an Ad hoc Network. It is necessary that the calculation cost of the message authentication is as small as possible in an Ad hoc Network. Therefore, it is difficult to give signature information to each message.
Secure routing is the pre-requisite for implementing secure data forwarding. The motivation is to securely forward data in MANETs in the presence of malicious nodes after the route between the source and target is discovered. There are various schemes proposed for secure data forwarding such as data forwarding based on neighbor's rating, implementing currency system in network for packet exchange, and redundantly dividing and routing message over multiple network routes.
The assumption made in this project is that proper key distribution schemes are available so that all the necessary keys are available with the participating nodes and an efficient Ad Hoc routing protocol is used to discover the paths among the nodes
2.3. Enhanced Tree scheme
The Chain scheme cannot be authenticated if the chain of hash breaks. In order to avoid this problem, each packet can be made to hold all the hash values along with the digital signature. But the difficulty with this method is that it has to carry all the information, which again increases the amount of overhead than chain scheme.
So a method is needed to avoid the chaining scheme problem. This led to the development of a new scheme called Enhanced Tree ( E-Tree) scheme. E- tree is a method to make chain of the hash value not easy to break by combining the Chain methods with the Tree method, and to suppress the overhead of the packet. The proposed method Enhanced Tree (E-Tree) scheme is based on the Tree structured scheme.
2.4. Concepts Used
2.4.1. Hash Functions
For secure communication it is required that data transmitted is not altered by any entity. Hash function is often called one-way hash function. A one way hash function is a mathematical function that is significantly easier to compute in one direction than in the opposite direction. Informally, a function f is a one way function if:
The description of f is publicly known and does not require any secure information for its operation.
Given x, it is easy to compute f(x).
Given y, in the range of f, it is hard to find an x such that f(x) = y.
In hash function, sender computes the hashed value over the data and sends it along with the original message to the receiver. The destination entity recomputes the hash value from the transmitted message and compares with the hashed value. The most common hash functions are MD5 (Message Digest 5) and SHA (Secure Hash Algorithm)
2.4.2. Digital Signature
To create a digital signature the sender first computes the hash of the original message and appends the code with the message. Then the hash code is encrypted using asymmetric encryption. On the reception end the receiver uses the same hash algorithm to compute the hash code of the message, decrypts the encrypted message using the corresponding public key and compares the hash value.
2.5. General algorithm of the proposed method
The general algorithm of the E-tree method is,
At source node
Step 1 : Divide the given message into number
of packets(eg : 16 packets).
Step 2 : Odd and even packets are processed
Even packets have the message part alone.
Odd packets have tree parts, namely
The message part, the Hash value of the adjacent even packet and the Tree value.
Step 4 : Repeat the step 2 till the last odd packet
Calculation of Tree value
Step 1: The current message and the hash value
of the adjacent even packet is
concatenated and a new hash value is
found out and named as hi.
Step 2: Repeat step 1 for all the remaining
Step 3: From the calculated hi, find hash value
of adjacent two hi's after concatenating
them. Name it as hij. Store all the hij values.
Step 4: Repeat step 3 for the rest of the packets.
Step 5: Repeat step 3 and 4 till a single hash
value is got. This gives the signature value.
Step 6: Each tree value has four parts,
For ith tree have the h i+1 hash value as the first part.
Step 7: The next two parts have the hash values hjk.
Step 8: The fourth part has the signature
value. From the previous 3 hash values
the authentication is verified by
comparing with this sign.
At receiver node
After receiving the packets at the destination side, from the packets do the authentication verification process.
If match occurs, the packet is extracted to give the original message.
In E-tree method, there are various variations depending on the method of connecting the part of chain. Here, assumption made is that one chain packet connects with one tree packet. The odd packets include message along with the Hash value of the next packet and the tree value calculated for the entire packet. Since chaining is followed for the two packets, the authentication can be improved even if the chain breaks.
2.6. Phases of the E-Tree method
There are 3 phases in this method,
Data preparation at the sender's side as given in the algorithm.
Transmission of packets using the existing routing protocol.
Authentication verification at the receiver's side.
3. Conclusions & Future work
In this paper, we proposed a method to authenticate the packet messages efficiently by using a digital signature and a comparatively high-speed hash function. As for the amount of the overhead and the hash calculation for each message, it did not depend on the length of the packet, and the E-Tree method was more excellent than the Tree method.
When compared to the linear scheme this E-Tree increases the overhead. As a future work, need to find a mechanism for computing the hash calculation so that overhead problem can be reduced. In this paper the key distribution is assumed to be perfect and efficient, which is the difficult task than other networks. So an efficient way may be used to perform the distribution of the keys to the nodes involving in Ad hoc environment