(II) Cluster Formation, (III) Key

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 3, March 2013)

857

High Throughput Analysis Using Topological Control &

Authentication Scheme in MANET

R. Bharathi

1

, Saranya. A.V

2 1

M.E., Lecturer, 2(M.E), Student M. Kumarasamy College of Engineering, Karur, Tamil Nadu, India

Abstract— Since MANETs are mainly composed of lightight devices with limited capabilities, efficiently manage security is crucial to reduce the performance degradation and resources consumption. In particular, mobile ad hoc networks (MANETs) based on cooperative communication (CC) present significant challenges to security issues, as well as issues of network performance and management. Thus the authentication and topology control issues are closely correlated in MANETs and they have significant impacts on throughput. While considering the spam attack in MANET with cooperative communication results low throughput in network. So the proposed Secure Adaptive Distributed Topology Control Algorithm aims at topology control and performs secure self-organization in four phases: (I)

Anti-node Detection, (II) Cluster Formation, (III) Key

Distribution; and (IV) Key Renewal, to protect against malicious node attacks.

Keywords—Cooperative communication (CC), mobile ad hoc networks (MANETs).

I. INTRODUCTION

RECENTLY, cooperative communication (CC) has been considered as a promising technique to improve transmission reliability over the ever-challenging wireless medium. CC exploits user diversity to emulate multiple-antenna systems, making use of the broadcast nature of the wireless medium by relaying the overheard messages from the source to the destination. Although CC brings significant benefits, it also raises serious security issues. For example, it is possible for malicious nodes to join the network and relay unsolicited information to the destination, thereby compromising the network. As the front line of defense, authentication is crucial for the security design. Since multiple-hop communications are used in mobile ad hoc networks with CC (CC-MANETs), not only end-to-end (e2e) but also hop-by-hop (HBH) authentication and message integrity are required to protect the network from tampering with and forging of packets by malicious nodes. Security has become the main concern and bottleneck for widely deployed wireless applications. This issue can be seen in two aspects: First, the open shared access medium is vulnerable to attacks. Second, the wireless resources are stringently constrained.

(2)

International Journal of Emerging Technology and Advanced Engineering

858

II. SYSTEM MODEL FOR TOPOLOGY CONTROL AND THE

AUTHENTICATION PROTOCOL

To jointly consider security and topology control here the system model for topology control and then introduce an authentication protocol that can be used in CC-MANETs.

A. System Model for Topology Control

In general, a network topology can be described as a graph G(V, E), including all its nodes V and link connections E among them. Network topology control is essentially to determine where to deploy links and how links work to form a good topology, which can optimize some global network performance while preserving some global graph property (i.e., connectivity). Since it is difficult to collect the entire network information in MANETs, topology control in such networks should be resolved by distributed schemes, which are executed by each individual node to optimize all the neighboring connections. Usually, a general distributed topology control problem is modeled as,

G*N = argmaxf(GN) or G*N = argminf(GN) ----(1)

Where GN(VN, EN) denotes the neighborhood graph obtained by each node. The aforementioned topology control problem contains three elements, a triple (M, P,O). M presents the network model; P represents the desired network property, which is often the network connectivity constraint; and O represents the optimization objective, which is determined by f in (1). Each topology control has its own set of rules to connect the network. A good topology G*N is constructed from the original topology

GN. How good the output topology is strongly related to the optimization objective is considered. The objective of topology control is achieved by adjusting some controllable parameters that affect link status, such as transmission power, antenna direction, channel assignment, cooperative level, and transmission manners. Considering that CC may improve communication reliability and efficiency, transmissions in a MANET may be one of the following: direct transmissions (DTs), multihop transmissions (MTs), and CCs. In CCs, the destination node decodes a combined signal from the source node and the relayed signals of interest from assistant relays. A decode-and-forward (DF) scheme is used. The other two types of transmissions can be regarded as special cooperative transmissions. A DT utilizes no relays, whereas an MT does not combine signals at the destination.

Therefore, the selection of the transmission manner and the selection of the relay node comprise a wireless link and thus determine the network topology in MANETs. A link refers to a logical connection for two neighboring nodes working possibly in one of the three transmission modes. The best type of transmissions and the best relay node can be determined according to the current channel conditions. In distributed topology control, every node independently executes the algorithm to determine the neighboring connections, which are the main element in a network topology. The entire network connectivity is preserved in an HBH manner. Suppose that the original topology

G(V,E) is connected (e.g., the transmission range is set to be sufficiently large). By preserving all the neighboring connections in E (i.e., the connection can be configured to use DT, MT, or cooperative transmission), the entire network connectivity is maintained.

B. Authentication Protocol - Secure Adaptive Distributed Topology Control Algorithm

The secure adaptive distributed topology control algorithm (SADTCA) for wireless sensor networks, organizes the sensors in four phases: Anti-node Detection, Cluster Formation, Key Distribution, and Key Renewal. The main keys used in the network are (a) Pre-distributed Key, (b) Cluster Key, and (c) Gateway Key. Each sensor is pre-distributed with three initial symmetric keys, an identification message, and a key pool. Pre-distributed key is established with key management schemes, and is used for anti-node detection and cluster formation in Phases I and II. The Cluster Key and Gateway Key are used for key distribution in Phase III. The key pool is used for key renewing in Phase IV.

B.1. Phase I- Anti-node Detection: In order to strengthen the network against spam attacks, the secure control is embedded into the SADTCA. An authenticated broadcasting mechanism, such as the μTESLA in SPINS, may be applied in this phase. In the authenticated broadcasting mechanism, a challenge is made for all sensors in the field such that normal nodes and anti-nodes can be differentiated. The challenge is that when a sensor broadcasts a Hello message to identify its neighbors, it encrypts the plaintext and then broadcasts; when receiving the Hello message, the sensor decrypts it. If the sensor decrypts the received message successfully, the sender is considered normal. Otherwise, the sender is said to be an anti-node. Therefore an network topology is formed without anti-nodes in order to make the network safe.

(3)

International Journal of Emerging Technology and Advanced Engineering

859

Thus, referring to the cluster-based topology formed in Phase II, the spam attacks can be handled by adaptively forming the quarantine region.

Notice that an external attack can be prevented by the operation of Phase I. In this work, there is no countermeasure to defend against authenticated malicious nodes. If the authenticated node is compromised and performs malicious activities, a mechanism for evicting the compromised nodes is required.

B.2. Phase II - Cluster Formation: When sensors are first deployed, the adaptive distributed topology control algorithm (ADTCA) may be used to partition the sensors into clusters. The following subsections overview the mechanisms of the ADTCA scheme for cluster formation.

Clusterhead Selection - Each sensor sets a random waiting timer, broadcasts its presence via a ‗Hello‘ signal,

and listens for its neighbor‘s ‗Hello.‘ The sensors that hear

many neighbors are good candidates for initiating new clusters; those with few neighbors should choose to wait. By adjusting randomized waiting timers, the sensors can coordinate themselves into sensible clusters, which can then be used as a basis for further communication and data processing.

Sensors update their neighbor information (i.e., a counter specifying how many neighbors it has detected) and decrease the random waiting time based on each ‗new‘

Hello message received. This encourages those sensors with many neighbors to become clusterheads.

The waiting time of sensor i at time step k and 0 < γ < 1 is inversely proportional to the number of neighbors. Therefore, if the timer expires, then the sensor declares itself to be a clusterhead, a focal point of a new cluster. However, events may intervene that cause a sensor to shorten or cancel its timer. For example, whenever the sensor detects a new neighbor, it shortens the timer. On the other hand, if a neighbor declares itself to be a clusterhead, the sensor cancels its own timer and joins the neighbor‘s new cluster.

After applying the ADTCA, there are three different kinds of sensors: (1) the clusterheads (2) sensors with an assigned cluster ID (3) sensors without an assigned cluster ID, which will join any nearby cluster after τ seconds and become 2-hop sensors, where τ is a constant chosen to be larger than all of the waiting times. In this phase, each sensor initiates 2 rounds of local flooding to its 1-hop neighboring sensors, one for broadcasting sensor ID and the other for broadcasting cluster ID, to select clusterheads and form 2-hop clusters. Hence, the time complexity is

O(2) rounds. Thus, the topology of the ad-hoc network is now represented by a hierarchical collection of clusters.

Gateway Selection - Observe that the clustering scheme induces non-overlapping clusters. Accordingly, to interconnect two adjacent non-overlapping clusters, one cluster member from each cluster must become a gateway. This subsection presents a method of choosing distributed gateways for adjacent non-overlapping clusters. Random waiting times and local information are applied to select gateways and further achieve communication between clusters. The result of the Phase II processing is that each cluster i assign a single member to communicate with each nearby cluster j. The waiting timers help to ensure that the chosen member is one of the nearest members even though the topology of the system is unknown. If the clusters are too far apart no gateway sensors will be assigned.

According to the process of cluster formation, sensors can obtain local information and know the number of neighboring sensors in adjacent clusters. Therefore, given the local information, sensors may initialize their counters for gateway selection. Based on the counter, clusterheads broadcast messages to trigger the gateway selection process. After applying the procedure for determining gateways, the gateway nodes broadcast messages to update the connectivity information and activate the linked cluster architecture.

B.3. Phase II- Key Distribution: According to the cluster construction in Phase II, a simple and efficient key distribution scheme is applied in the network. In this phase, two symmetric shared keys, a cluster key and a gateway key, are encrypted by the pre-distributed key and are distributed locally. A cluster key is a key shared by a clusterhead and all its cluster members, which is mainly used for securing locally broadcast messages, e.g., routing control information, or securing sensor messages.

[image:3.612.374.509.568.681.2]

In order to form a secure communication channel between the gateways of adjacent clusters, a symmetric shared key may be used to encrypt the sending message. In this phase, another challenge may be made to guard against anti-nodes that have not been found out in Phase I.

(4)

International Journal of Emerging Technology and Advanced Engineering

860

The challenge is that if any sensor cannot decrypt ciphertext, encrypted by a cluster key or a gateway key, the node will be removed from the member or neighbor list. Therefore, the security of intra-cluster communication and inter-cluster communication are established upon a cluster key and a shared gateway key, respectively.

B.4. Phase IV - Key Renewal: Using the same encryption key for extended periods may incur a cryptanalysis risk. To protect the sensor network and prevent the the adversary from getting the keys, key renewing may be necessary. In the case of the revocation, in order to accomplish the renewal of the keys, the originator node generates a renewal index, and forwards the index to the gateways. The procedures of key renewal are detailed as follows.

Initially all clusterheads (CHs) choose an originator to start the ―key renewals‖, and then it will send the index to all clusterheads in the network. There are many possible approaches for determining the originator. For instance, the clusterhead with the highest energy level or the clusterhead with the lowest cluster ID. After selecting the originator, it initializes the ―Key renewal‖ process and sends the index to its neighboring clusters by gateways. Then the clusterhead refreshes the two keys from the key pool and broadcasts the two new keys to their cluster members locally. The operation repeats the way through to all clusters in the network. A period of time (Tr) is set in

order to avoid that the originator does not start the ―key renewal‖ process. If the other clusters do not receive the index after Tr, they will choose a new originator from

themselves. The method helps to rescue when the previous originator is broken off.

C. Determine the Quarantine Region

If the anti-nodes are scattered randomly in the first deployment of a sensor network, the anti-nodes can be detected by authentication in Phase I of the SADTCA. On the other hand, given the cluster-based topology formed in Phase II of the SADTCA, the clusterhead and cluster members may detect external attacks and check the unsolicited messages by observing the abnormal behaviors of the sending nodes such as filtering the content of the incoming messages, detecting the frequency of the faulty messages, or checking the sending frequency of messages. Thus, these scenarios may imply a possible spam attack and then the clusterhead may broadcast a message throughout the whole cluster to announce the existence of anti-nodes. Therefore, in order to defend against spam attacks, three distributed methods, Method 1: quarantine for clusters, Method 2: quarantine for nodes, and Method 3: quarantine for infected areas, are proposed for dynamically determining the quarantine region.

[image:4.612.388.498.182.292.2]

C.1. Method 1 - Quarantine for Clusters: When the clusterhead finds out the occurrence of a spam attack, it broadcasts a message throughout the whole cluster. In this condition, the set of quarantine nodes is composed of the clusterhead and cluster members.

Figure 2.Quarantine for Clusters

Note that the performance of the SADTCA with Method 1 may be considered as a conservative approach for forming the quarantine region.

C.2. Method 2 - Quarantine for Nodes: In this scheme, the quarantine region is the region where the transmission of the anti-node can be received. Thus, the transmission range of an anti-node may be denoted as the distance between the anti-node and the borderline of the quarantine region. However, if the quarantined node is a clusterhead, the whole cluster will be quarantined since clusterheads are important nodes for controlling the cluster operation. On the other hand, if the quarantined node is a cluster member, the whole cluster will not be quarantined.

C.3. Method 3- The Infected Areas: In this method to determine the set of quarantine nodes and quarantine region with a threshold of the infected percentage of cluster coverage and uniform distribution is followed. Assuming the uniform distribution of the sensor nodes, the clusters may be located one by one from the coordinate of (0,0) in X-Y plane. Thus, a decision for quarantine region may be made with proper settings for the normal clusters and anti-nodes.

Since each cluster is responsible for sensing the scope in the network ℓ2

/NCH, the possible coverage range of a

cluster, where ℓ is the side length of the sensing square and

NCH is the number of clusters.

Assume the coordinates and the transmission range of an anti-node are (xe, ye) and re, respectively. The infected

region O between the coverage of a neighboring clusterhead and an anti-node is considered. Therefore, given the infected region O and a threshold of infected percentage of the cluster coverage η, the decision of quarantine region may be determined.

(5)

International Journal of Emerging Technology and Advanced Engineering

861

Therefore, Method 3 achieves the operation balance of Methods 1 and 2 for establishing local quarantine regions.

D. Summary

The proposed secure adaptive distributed topology control algorithm (SADTCA) for wireless sensor networks brings a tremendous increase in throughput in MANET by excluding spam attack along with the formation of trusted network to provide an secure communication.

REFERENCES

[1] M. Burkhart, P. von Rickenbach, R.Wattenhofer, and A. Zollinger, ―Does topology control reduce interference?‖ in Proc. 5th ACM Int. Symp. MANET. Comput., Japan, May 2004, pp. 9–19.

[2] N. Garg and R. Mahapatra, ―MANET security issues,‖ Int. J. Comput. Sci. Netw. Security, vol. 9, no. 8, p. 241, Aug. 2009.

[3] P. Galiotos, ―Security-Aware topology control for wireless Ad-Hoc networks,‖ in Proc. IEEE GLOBECOM, New Orleans, LA, 2008, pp. 1–6.

[4] T. Heer, S. Götz, O. G. Morchon, and K. Wehrle, ―ALPHA: An adaptive and lightweight protocol for hop-by-hop authentication,‖ in Proc. ACM CoNEXT, Spain, 2008, pp. 1–12.

[5] K. Jain, ―Security based on network topology against the wiretapping attack,‖ IEEE Wireless Commun., vol. 11, no. 1, pp. 68–71, Feb. 2004.