Prevention of Battery Violation in WSN using Routing Loop

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 4, Issue 2, February 2014)

471

Prevention of Battery Violation in WSN using Routing Loop

Samadhan Manore

1

, Chandan Singh

2

, Dhanashree Badhan

3

, Harshala Patil

4

1,2,3,4_{Dept. of computer, SANDIP FOUNDATION SITRC, University of Pune.} Abstract— Ad-hoc Network low power wireless network

are now a great topic in the field of research. Before this there has been a substantial amount of work done in the field of denial in communication. The paper projects its focus on battery violation and the way in which the attack can be overcome in the best possible manner. Battery violation is not specifically to a particular protocol but depends on attributes of other routing protocols. Researches reveal that most of the Protocol are vulnerable to battery violation that are horrifying and can result into crashing of network. The paper illustrates how the battery violation is caused and the solutions to these violations.

Keywords— Ad-hoc network, denial of services, routing, security, Wireless sensor networks.

I. INTRODUCTION

This Ad-hoc wireless sensor networks (WSNs) promise exciting new applications in the future, such as military communication and in fields where continuous connectivity is required, which monitors environmental surroundings, factory performance and other meager applications. WSN has become an integral part of people and many

organizations, faults available have become less

sustainable. Ad-hoc network are particularly exposed to denial of service (DoS) attacks hence tremendous amount of research has been accomplished to upgrade its survivability [2][4].

In this paper we describe how routing protocols even though which are assumed to be highly secure lack protection from these attacks which we call as Battery violation ,since they are responsible for crashing of network .These are very much distinct from Denial of Service attack(DoS) and Reduction of Quality(RoQ),its effects is not immediate but it builds slowly in an network which causes network to crash .Most of the attacks are restricted to different layers of OSI Model like MAC layer or application Layer, however this Battery violation is not confined to any particular layer or a protocol but it exploits the common attribute of different routing protocols such as link state, distance vector ,geographic routing or and beacon routing. Battery violation is protocol compliant in messages, hence it is difficult to detect and prevent it. We define Battery violation as abnormal state in sending and receiving of messages in a network that leads to crashing of network.

Contributions: This paper makes three contributions. First we evaluate all the vulnerabilities in existing protocols and observe security measures to prevent Battery violation in secure routing protocols like SAODV[16] and SEAD[9] which proves insufficient to protect against Battery violation .Second we show how Battery violation has the capability to crash the network . Third we propose a system which demands modification in an existing system for detecting and preventing Battery violation.

A. Protocols and Assumption.

In this paper we consider the effect of Battery violation on various routing protocol like link-state, distance-vector geographical routing.

1. We consider the effect of battery violation on

link-state, distance vector, source routing and geographic and beacon routing protocols, as well as a logical ID-based sensor network routing protocol. According to above specified protocols we view the covered protocols as an important subset of the routing solution space, and stress that our violations are likely to apply to other protocols.

2. All routing protocols employ at least one topology

discovery period.

3. Our adversaries are attacked insiders and have the

same resources and level of network access as true nodes. Adversary location within the network is considered to be fixed and random.

4. This is far from the strongest attacker model; after this

entire configuration represents the average expected damage from Vampire attacks. Intelligent attacker placement or dynamic node compromise would make attacks more damaging.

5. While for the rest of the project will assume that a

(2)

International Journal of Emerging Technology and Advanced Engineering

472

6.Assuming that packet processing consumes at least as

much energy from the nodes and attacker, a continuously recharging attacker can keep at least one node permanently disabled at the cost of its own functionality.

B. Overview

In remaining of this paper we show how the Battery violations creep in the network for different protocols. From source node or origin we send a packets of message in the network, thus from source the packets of data creeps into the network and this is the time when Battery violations gets initiated .The packets then travels in an network but because of Battery violation the message is not able to reach its destination and causes network to crash. All routing protocols employ at least one topology discovery period, since ad-hoc deployment implies no prior knowledge of position .Our attacker are malicious immediate nodes and have the same resources and level of network access as honest nodes. Furthermore, attacker’s location within the network is assumed to be fixed and random, if attackers corrupt a number of honest nodes before the network was deployed, and cannot control their final positions. For the rest of the paper we assume that once a node is permanently disabled once its battery power is exhausted, let us briefly consider nodes that recharge their batteries in the field, using either continuous charging or switching between active and recharge cycles. In the continuous charging case, power-draining attacks would be effective only if the adversary is able to consume power at least as fast as nodes can recharge.

II. RELATED WORK

A very firstly defined of energy depletion can be

recognized in [14], as “sleep destitution misery.” As per

the name, the suggested violation halts nodes from entering a low-potential sleep process, and thus reduces their batteries quickly. Newer investigation on “denial of sleep” only considers violations at the medium access control(MAC) layer[12] and transport layers [13], but no powerful protection are explained other than increasing performance of the underlying MAC and routing protocols or replacing from source routing.

Also in non-potential-strained systems reduction of resources like bandwidth, memory, and CPU time can occur problems. Even there is important history on violations and protection against quality of service (QoS) deterioration, or reduction of quality (RoQ) violations, that outcome deterioration in net execution [7,8,10,11]. The aim of these efforts is on the transport layer than routing protocols, so it’s not suitable.

On account of batteries do not drip packets; the quality of the malicious path may remain huge.

Extra work on denial of service in ad-hoc wireless connection has principally handle with adversaries who avoid path setup, disturb communication, or conversely create routes itself to drip, change packets [5,9]. Protocols that explain safeness related to based on conditions of route discovery achievement, considering that only proven network routes are found, cannot secure against Battery violation, on account of batteries do not need or give illegal paths or restrict communication in the brief term.

Present job in minimum-power routing, which points to raise the lifetime of energy-strained interconnections by using low energy to transmit and receive packets (example: by minimal Wi-Fi transmission length)[3,6].On the other hand, batteries will increment power use even in minimum-power routing summary and when energy-conserving MAC protocols are in use; these violations cannot be violated at the MAC layer or through cross-layer. Violations will give rise to packets which traverse maximum hops than required, even suppose nodes spend minimal necessary power to transmit in the existence of batteries. Our job can be ideation of violation-resistant minimum-power routing.

Route-based DoS violation and security in [4], containing using hash chains to restrict the number of packets sent by a given node, restricting the rate at which nodes can broadcast packets as explained by Deng et al. While this concept may secure against traditional DoS, where the outcast overcome honest nodes with more amount of data, it does not defend in opposition to “intelligent” adversaries who use a less number of packets or do not generate packets at all. Aad et al also proves how intelligent packet dripping approach extremely degrades achievement of TCP streams traversing those nodes. Our adversaries are even protocol-complaint in the way that they use fine routing protocol packets. On the other hand they produce packets when honest nodes would not, or send packets with protocol headers which vary from what an honest node would outcome in the same way.

(3)

International Journal of Emerging Technology and Advanced Engineering

473 Firstly, one flavor of packet leashes depends on tightly integrated clocks, which are not used in most off-the-shelf devices. Secondly, the authors consider that packet travel time controls processing time, which may not be produced out in recent wireless networks, mostly low-power Wi-Fi sensor networks.

III. VIOLATION ON STATELESS PROTOCOLS

These attacks are still now slighted on source routing protocol. In these protocol source node declares the whole route to sink within packet header. So intermediate nodes do not made any forwarding decisions. They depend on a path defined by the source. For forwarding packet, the intermediate node finds itself in route (defined in packet header) and forwards the packet to next node. The excess work is on source to assure that the route is valid at the time of sending and that every node in route is physically near to previous node. This way has benefit of requiring very little forwarding logic at intermediate nodes, and allows for entire routes to be sender-authorized using digital signature.

There are two stateless attacks one is carousel attack and

other is stretch attack. The attacks are achieved by a

randomly-selected attacker using the meanest intelligent attack strategy to obtain average expected damage

estimates. More intelligent attackers using more

information about the network would be able to increase the strength of their attack by selecting destinations designed to maximize energy usage.

[image:3.612.346.548.125.244.2]

1. Carousel Attack: In this attack, an attacker sends a packet with a route made up as a number of loops. In this, packet travels through same set of nodes again and again. Because of this attack packet path length increases above the number of nodes in the network. Attacker can any number of nodes for carousel attack but it should be less than number of entries allowed in source route. The length of the adversarial path is a multiple of the true path, which is in turn, affected by the position of the attacker in relation to the sink, so the attackers’ position is crucial to the success of this attack.

Fig. 1 A true route would exit the loop immediately from node E to sink, but an attack packet makes its way around the loop twice more

before exiting.

2. Stretch attack: Another attack is stretch attack in same vein as carousel attack, where attacked node constructs artificially long source path. Because of that packets traverse more number of nodes in network than optimal number of nodes. A true source would select the route Source → F → E → Sink, affecting four nodes including itself, but the attacked node selects a longer route i.e. Source → A → B → C → D → E → Sink, and make packet to traverse through more nodes in the network. These routes cause nodes that do not consist in the true route to consume energy by forwarding packets; they would not receive in true scenarios.

[image:3.612.346.546.440.561.2]

(4)

International Journal of Emerging Technology and Advanced Engineering

474 The theoretical limit of the stretch attack is a packet that travel through every network node, leading to an energy consumption increase by aspect O(min(N, λ)), where N is the number of nodes in the network and λ is the maximum path length permitted. This attack is potentially less damaging per node than the carousel attack, as each packet traverse only once per node in network. However, attackers can combine carousel and stretch attacks to keep the packet in the network for longer time: this result in “stretched cycle” could be forward repeatedly in a loop. S that, even if stretch attack security is not used, route loops should still be detected and removed to prevent the combined attack. Unlike the carousel attack, where the relative positions of the source and sink are crucial, the stretch attack can achieve the same effectiveness independent of the attacker’s network position relative to the sink, so the worst-case effect is far more possibly to occur.

If we construct shorter source routes it could reduce the amount of per hop energy use on sending packets if energy minimization protocols were used after all shorter physical distances decrease required sending power, and so that battery consumption. We construct long routes greedily, considering global topology knowledge, but attacks can be also optimized to consume more energy by considering relative node distances — given enough information, our attacker could construct not just longer but maximum energy consuming paths. In hierarchical networks these attacks would be less active.

IV. MITIGATION METHODS

A. Prevention from Carousel violation:

As the paper has now clearly illustrated the way in which carousel attacks develop in a network and its devastating effects on the network. We are now in position to now design a mechanism or technique by which we can minimize this effect such attack. In a WSN network when packet of message is sent from source node (sender) to sink node (receiver), it is forwarded by intermediate nodes present in the network and this carries flow continues till it reaches the sink node. In the proposed system we overcome the carousel attack by performing various validation that ensures that packets doesn't go into infinite loop causing drainage of battery and crashing of network. For validation we define two function forward_packets(p) and verify_ packets(p) where p is packet.

Function forward_packets(p)

s ← extract_senders_address(p) //extracting message to obtain senders address

c← closest_neighbor_address(s) //find the closest neighbor in a network according to routing protocol

if(is_neighbor)

forward_packets(p)

else

{

find_neighbor(s)

forward_packets(p)

}

The above algorithm is used for forwarding the packets by intermediate node. The algorithm extracts the information from source address, this includes IP address of source and destination, then node check whether the IP address his own node and with the destination node, if it matches this means the packet was sent to him only and the process terminates. There can be another condition that the IP address of node and destination doesn't matches, in this case it will forward the packet to closest node.

Function verify_packets(p)

t ← extract_ttlvalue(p) //ttl value of packet is extracted from packet

if(t is valid AND entry_log_file is False) /*Here we do checking whether the message has already arrived in the intermediate node or not */

{

forward_packet(p) //simply forward the packet

entry_log_file=True

}

{

if(t isnot valid OR entry_log_file is True)

{ discard_packet(p) // discard the packet from node //thus preventing the packet to go into a loop

(5)

International Journal of Emerging Technology and Advanced Engineering

475 The verify_packets(p)function will check whether the packet has already arrived in the intermediate node or not. For this we are continuously tracking the message for duplication in node, as soon as the same packet arrives at node it will discard the packet and prevent duplicate packets to enter in the network. Research is being carried out to perform more number of validation using log file so that we can make network more secured from these violations.

B. Prevention from Stretch violation:

The algorithm designed for overcoming the stretch is an unconventional way. The proposed technique uses cryptography algorithm RSA 128-bit. In this algorithm there are two keys public key and primary key. As we have already studied the Stretch attack in which packets travels a longer route and continues till its TTL value expires. Thus receiver never receives the sent packets. The problem in designing the algorithm was that message should receive within the TTL value limit from sender to receiver. This is the reason we that we first make the channel secured for transmitting the packets and then exchange of packets are done. Using the principle of RSA algorithm the source generates the public key and private key. The private key is then sent to respective receiver. After receiving the private key, ACK signal is sent from receiver to sender. Receiving of ACK signal at the senders end indicate that a secured channel has been established between the sender (source) and receiver (sink).In the next stage the message is converted into cypher -text using public key and the this cypher-text is sent from source in WSN network .Due to encrypted text, nodes are unable to read the message and this adds to security of packets. These messages after receiving at receiver are decrypted using private key and the message packets are obtained in its original form. In this way we conquer the issue in which the routing path is extended by visiting node that is unnecessary. The following steps are depicted below.

Prevention from stretch attack

public_key ←generate_key_public(s) //s is source

private_key ←generate_key_private(s)

send(private_key,d) //this will send the private key to sink,here d is sink/destination

send(ACK,s) // receiver sends acknowledgment to sender

p ←encrypt(m,public_key) //encrypt function will encrypt message using public key in a packet

send(p,d) //encrypted packets are sent to sink

decrypt(p,private_key) //decrypt the cypher-text and obtain original text

Note: In this it will forward the cypher-text to intermediate node.

V. CONCLUSION

(6)

International Journal of Emerging Technology and Advanced Engineering

476

REFERENCES

[1] Gergely Acs, Levente Buttyan, and Istvan Vajda, Provably secure on demand source routing in mobile ad hoc networks, IEEE Transactions on Mobile Computing 05 (2006), no. 11.

[2] John Bellardo and Stefan Savage, 802.11 denial-of-service attacks: real vulnerabilities and practical solutions, USENIX security, 2003. [3] Jae-Hwan Chang and Leandros Tassiulas, Maximum lifetime routing

in wireless sensor networks, IEEE/ACM Transactions on Networking 12 (2004), no. 4.

[4] Jing Deng, Richard Han, and Shivakant Mishra, Defending against path based DoS attacks in wireless sensor networks, ACM workshop on security of ad hoc and sensor networks, 2005.

[5] INSENS: Intrusion-tolerant routing for wireless sensor networks, Computer Communications 29 (2006), no. 2.

[6] Sheetalkumar Doshi, Shweta Bhandare, and Timothy X. Brown, An on demand minimum energy routing protocol for a wireless ad hoc

network, ACM SIGMOBILE Mobile Computing and

Communications Review 6 (2002), no. 3.

[7] Sharon Goldberg, David Xiao, Eran Tromer, Boaz Barak, and Jennifer Rexford, Path-quality monitoring in the presence of adversaries, SIGMETRICS, 2008.

[8] Mina Guirguis, Azer Bestavros, Ibrahim Matta, and Yuting Zhang, Reduction of quality (RoQ) attacks on Internet end-systems, INFOCOM,2005

[9] Yih-Chun Hu, David B. Johnson, and Adrian Perrig, SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks, IEEE workshop on mobile computing systems and applications, 2002.

[10] Aleksandar Kuzmanovic and Edward W. Knightly, Low-rate TCP targeted denial of service attacks: the shrew vs. the mice and elephants, SIGCOMM, 2003.

[11] Xiapu Luo and Rocky K. C. Chang, On a new class of pulsing denialof- service attacks and the defense, NDSS, 2005.

[12] David R. Raymond, Randy C. Marchany, Michael I. Brownfield, and Scott F. Midkiff, Effects of denial-of-sleep attacks on wireless sensor network MAC protocols, IEEE Transactions on Vehicular Technology 58 (2009), no. 1.

[13] David R. Raymond and Scott F. Midkiff, Denial-of-service in wireless sensor networks: Attacks and defenses, IEEE Pervasive Computing 7 (2008), no. 1.

[14] Frank Stajano and Ross Anderson, The resurrecting duckling: security issues for ad-hoc wireless networks, International workshop on security protocols, 1999.

[15] Anthony D. Wood and John A. Stankovic, Denial of service in sensor networks, Computer 35 (2002), no. 10.