An Investigation of DOS Flooding Attack in VANET.

Transcription

1 A B S T R A C T International Journal of Advance Foundation and Research in Computer (IJAFRC) An Investigation of DOS Flooding Attack in VANET. Vikash Porwal, Rajeev Patel, Dr. R. K. Kapoor. National Institute of Technical Teachers Training and Research(NITTTR),Bhopal vikash.31st@gmail.com, rajeev14357@gmail.com,rkkapoor@nitttrbpl.ac.in Vehicular ad network is a sub set of mobile ad hoc network. In this network vehicles are played role as network nodes and the mobility is a defined as bi-directional mobility models. In this network basically two kind of communication performed first V2V (vehicle to vehicle) and V2I (vehicle to infrastructure). Here the need of infrastructure is used to support high mobility and bi-directional traffic in road. Therefore, RSU (road side units) are installed in between both ends in road. These road side units are works used to accept data from vehicles and forward to another vehicle in network or send it to the infrastructure monitoring server for data analysis. This infrastructure server can be used for designing a centralized control over the vehicular ad hoc network. In this paper an infrastructure server based IDS system designed for DOS flooding attack prevention. The proposed infrastructure consumes the concept of weighted clustering for clustering and cluster head selection. And using the concept of thresholding server logic is prepared for finding malicious behaviour detection in VANET clustered network. The simulation of proposed infrastructure is provided using NS2, simulation tool. Additionally using the trace files performance evaluated. The obtained performance of the proposed routing protocol is found adoptable during different experimentations. I. INTRODUCTION Ad hoc network is a group of mobile devices which is known as nodes, and these devices are communicating each other using a wireless connectivity. Additionally there is not some set infrastructure available for control and management, so the network topology and communication depends upon routing procedure. Applications of wireless networks are extended now in these days for provided that more security, reliability and availability. Vehicular ad hoc network is a type of wireless network. In this type of networks nodes are very mobile and travelling during alone highways. VANET is a relatively new technology of wireless network, therefore it keep paying attention engineers and scientists to find out new ways of secure and reliable communication. Due to this mobile character the basic communication is performed as the ad hoc network way. Therefore routing techniques are backbone of such network. The main tasks of these routing protocols are route maintenance, route discovery and efficient data delivery. Therefore the majority of attacks in such network are deployed using their routing techniques. A malicious attacker modifies the control packets, alter routing information and manipulate the exchanged packets for deploying attacks. Open and untrusted communication in these conditions may become critical. Therefore security in such network is basically required. In these networks liability of intermediate nodes during V2V and V2I is desired in order to maintain security and privacy through communication. Routing algorithms are played necessary role for security and path discovery. There are a quantity of technique are found for routing security in VANET, but most of them are developed and deployed for external attacks. On the other hand there is less research work and literature is available for preventing the internal attacks. Therefore in this work different routing based safety schemes are investigated for discovering suitable solution of internal attacks , IJAFRC All Rights Reserved

2 Therefore in this work different routing based attacks are investigated where the routers or internal network node are compromised with the security. These compromised nodes show some non-legitimate behaviour through communication such as additional flooding, Jamming or resource consumptions. These attacks are liable for degrading the network performance in terms of battery power, available bandwidth, and computational ability. Therefore an appropriate technique for detecting or preventing such kind of serious attack is required to develop. II. BACKGROUND In VANET surroundings a variety of techniques also developed by different researchers for security, some of them are listed in this section. A. Flooding-Resilient Broadcast Authentication for VANETs The present broadcast authentication standard in VANETs is vulnerable to signature flooding: excessive signature verification requests that exhaust the computational property of victims. In this paper, Hsu- Chun Hsiao et al [6] propose two capable broadcast authentication schemes, Fast Authentication (FastAuth) and Selective Authentication (SellAuth). FastAuth secures periodic single-hop beacon messages. By exploiting the sender s capability to expect its own future beacons, FastAuth enables 50 period faster verification than earlier mechanisms using the Elliptic Curve Digital Signature Algorithm. SelAuth secures multi-hop applications in which a fake signature may spread out rapidly and impact a significant number of vehicles. SelAuth provides fast isolation of malicious senders, even under a dynamic topology, while consuming only 15% 30% of the computational resources compared to other schemes. They provide both analytical and experimental evaluations based on real traffic traces and NS-2 simulations. With the near-term deployment plans of VANET on every vehicles, given approaches can make VANETs realistic. B. Biometrics-based Data Link Layer Anonymous Authentication The vehicular ad-hoc network (VANET) aims to create road traffic safer and more efficient. Security and privacy are two key factor. On the one hand, vehicle-to-vehicle (V2V) authentication requires drivers to present some extra credentials. On the other hand, drivers require privacy protections on their identities, physical locations, and other contextual information. No responsive information should be unreasonably exposed through the authentication phase. Lin Yao et al [7] propose a novel biometrics based anonymous mutual authentication with provable link-layer position privacy preservation. Through its authentication, two vehicles negotiate their temporary session key and produce two temporary MAC addresses. These two addresses, in its place of the real ones, are used in all future communication frames. They more protect the biometric privacy with the help of a biometric encryption technique. Accessible analysis and simulation results show that the protocol is greater and lightweight with high security and privacy protection. C. Application Level Broadcasting Protocol S. Vijaya kumar et al [8] develops Distribution-Adaptive Distance with Channel Quality (DADCQ) protocol. To address this necessitate they show that it performs well compared too many presented multi-hop protocols. The high cost aggravates inherent source constraint difficulty in MANETs, mainly in multimedia applications. To propos high anonymity protection, they suggest an Anonymous Locationbased Efficient Routing protocol (ALERT). It s also called Reliable Application Level Broadcasting (RALB) protocol. RALB dynamically dividers network field into zones and at random chooses nodes in zones as middle relay nodes, which form a no traceable anonymous route. RALB proposes anonymity protection to sources, destinations, and routes. RALB has policies to successfully counter intersection and timing attacks. Author theoretically analyses RALB for anonymity and efficiency. RALB achieves related routing , IJAFRC All Rights Reserved

3 helpfulness to the GPSR geographical routing protocol. The DADCQ protocol utilizes distance method to choose advancing nodes. The performance of this technique is contingent heavily on the value of the outcome threshold, but it is difficult to decide a value that results in good performance crossways. An anonymous communication protocol can make available intractability for strictly ensure anonymity of the sender when the sender communicates with the other, spatial distribution pattern, and wireless channel quality all touches the best possible value. The node recognizes its neighbour as a node that within the nodes radio range. Once the resource needs to send a packet, it usually keeps the position of the destination in the packet header which will help in promoting the packet to the destination with no route discovery or even attentiveness of the network topology. D. Public Key Infrastructure Vehicular ad hoc networks are raising technology for providing a wide range of security applications to vehicle passengers. Ensuring protection is one of the prerequisites for deploying reliable VANETs. In this article Albert Wasef et al [9] argue that public key infrastructure is the most feasible mechanism for securing VANETs can meet mainly security requirements. However, PKI cannot give sure security requirements such as location privacy, efficient authentication, and distributed and fair revocation. To complement the security services give by PKI, they introduce corresponding security mechanisms that can meet the aforementioned security necessities. Since denial of service attacks has strict consequences on network availability, which is one of the VANET safety requirements, author proposes a mechanism for mitigating the effect of DoS attacks in VANETs. Simulation results prove that the complement any mechanisms together with PKI can efficiently secure VANETs. E. Cross-layer Approach to Privacy-preserving Authentication Subir Biswas et al [10] present an anonymous authentication and verification idea for vehicular ad hoc networks (VANETs). Contribution includes vehicular communication authentication, as well as an efficient prioritized verification plan for periodic road-safety communication. A variation of elliptic curve digital signature algorithm (ECDSA) is used through identity-based (ID-based) signature where existing place information of a vehicle is utilized as ID of the corresponding vehicle. This requirements a thirdparty public key certificate for message authentication. For authentication requires verification of the signature of the received message. A high compactness road-traffic condition poses a challenge for verification of vehicular messages since essential verification time is often a lot longer than the average inter-arrival time. An adaptive verification plan uses cross layer features of WAVE-based VANETs and information relevance for verifying the received protection messages. Messages of every traffic class are verified next the corresponding verification priority. The verification probability depends on VANET s MAC-layer priorities and the application relevance of individual security messages. Performance analysis and simulation results have proved that security, privacy, scalability and efficient resource utilization. This section provides the security schemes those are generated freshly for VANET communication. In next section proposed routing security technique is described. III. ROUTING METHODOLOGY In order to find optimum solution of the VANET internal attack (DOS flooding attack) a methodology for detection and prevention is developed and designed in this section. In this presented work long highways are considered. Additionally a real world scenario is assumed, for instance in a highway various vehicles are travelling but some of them are belongs to same organization or transportation company. They are preferred to travel in a group. Thus vehicles are creating a group or a small network and they can perform communication, for supporting each other. In this context, if an intruder or compromised vehicular node can be creates issues in regular communication , IJAFRC All Rights Reserved

4 Therefore a new technique is presented for detecting and preventing the internal attack. For demonstration of the proposed methodology the working can be divided in five modules as given in figure 3.1. In this diagram first clustering is performed for creating scalable communication, then an efficient cluster head is selected for providing service, then information is provided to server for analysis of nodes behaviour and finally the malicious node detection and prevention is performed. The proposed detection and prevention technique is works on the basis of clustered organization of nodes. In this process the vehicles are first organized in cluster. For that purpose nodes attributes such as connectivity, battery power, memory and distance is evaluated from all the nodes. The optimum node from the above combination is selected as cluster head. In this organization cluster head is responsible for communicating with the infrastructure server. Cluster head compute the nodes ID, MAX FLOODING, MAX PDR (max packet dropping) for all the nodes. For transmitting this information to the intelligence server cluster head first find the nearest RSU (road side units) which is directly connected with the infrastructure server. Server obtain network parameters are tested then malicious node is decided. After that server send an acknowledgement to the concerning cluster head for malicious node information. This acknowledgement contains the information about the malicious node which is terminated by the cluster head. The different steps of the attack detection and prevention model are given as: A. Clustering In order to perform clustering in network, network oriented parameters are required to find first. The clusters are the logical organization of network nodes. Where a node is denoted as cluster head, remaining nodes are neighbor of cluster head is known as client nodes. Nodes that belong to the similar cluster head are termed as internal cluster node and nodes that belong to other clusters are known as external clusters. The clustering approaches helps in improving performance and scalability of network. Therefore some appropriate attributes are selected for clustering. 1. Clustering parameters Figure 1 Proposed System a. Connectivity: the nodes in wireless network are able to communicate directly with those nodes that are in a specified radio range. If the target node is not in range then nodes relay the packets , IJAFRC All Rights Reserved

5 to intermediate nodes for delivering data to target node. Node with higher order of connectivity shows direct communicating nodes. Therefore less number of control messages is injected in network. This results low bandwidth consumption. 2. Battery power : networks nodes having limited resources. Therefore once these are consumed then recovery of these resources is not possible immediately. For example any node loses their energy then it is out of the communication sessions, therefore with longer battery life nodes are selected for cluster head. The main advantages of such node selection, as a cluster head this node alive longer in network, therefore able to serve efficiently and for long time. a. Memory : in ad hoc network devices are prepared with the inbuilt memory and battery power, therefore these resources are considered as limited resources. Memory of the network devices are utilized to hold the intermediate packets and intermediate computational data. If the buffer is filled then node is on high load of data processing or that is in congestion, thus overfilled buffer of any node simulates the low processing capability of devices. Thus free buffered nodes are considered as cluster head. b. Distance: wireless connectivity is depends upon bandwidth. According to the observations if distance between two nodes is increases the strength of radio signal in network is become poorer. Thus fewer distance nodes are much efficient then higher distance nodes. This section describes the clustering parameters which are incorporated in the clustering scheme. The next section demonstrates the cluster head selection technique. 2. Cluster head selection In the previous section clustering parameters are discussed. But the measurements of these parameters are different from each other. Thus, for finding most appropriate node a weighted clustering scheme is suggested for combining the network parameters for comparison. C = node connectivity B = remaining battery power M = Free Memory D = distance between nodes N= number of nodes Weight estimation and cluster head selection 1. For i=1 to N 2. Find C, B, M and D 3. Calculate 4. End for 5. tempw=w[1]; 6. maxw=0; 7. For j=1 to N 8. If tempw< W[j] 9. maxw= W[j] 10. end if 11. end for 12. return maxw , IJAFRC All Rights Reserved

6 MaxW is a network node having the highest weight for efficient clustering and performance is selected as cluster head. In such clustered organization of node the entire nodes in network is bounded using a predefined set of rules and can be discussed as: 1. Nodes under similar cluster heads are known as internal cluster nodes, when they wants to exchange information the source node first send information to cluster head and then cluster head directly provide data to targeted node as figure 2, where a source node using the cluster head send data to the target node. Figure 2. Inter Cluster 2. Secondly if both the nodes are belongs to different cluster heads, than first the source node send data to their cluster head and cluster head discover target cluster where the destination is belongs, cluster head then transmit data to the Figure 3 Intra Cluster Communication Concerned cluster head and this deliver data to end client, this effect can be demonstrated using figure 3. In this diagram a source node send data to their cluster head cluster head transmit data to another cluster head and finally the data is delivered to the end target machine. 3. Information Gathering According to the clustering concept all the nodes in a cluster is able to communicate only with the help of cluster head. Thus, for whole communication and organization of nodes is responsibility of cluster head. In the proposed technique one more responsibility is assigned to the cluster head for communication with infrastructure server and information gathering of nodes. When a cluster head is elected the cluster head compute the following information from their cluster members. a. Nodes ID : a unique ID which differentiate a network device to other , IJAFRC All Rights Reserved

7 b. MAX FLOODING : the amount of packets (control messages and data packets) are flooded by a specific node c. MAX PDR : the amount of packets dropped during different communication sessions. This information is incorporated with a message and sent to the server end using RSU (road side unit). 4. Information Transmission In VANET technology the network nodes are wireless devices that are connected with each other using wireless links. These links having a limited range of connectivity therefore, the RSU (road side units) are additionally installed for proving connectivity between two nodes. These units are bi-functional which are providing both kinds of services wired and wireless. Among vehicle to RSU communication is performed using wireless connectivity and RSU to RSU and RSU to server is performed using high speed data buses. Figure 4. VANET with RSU As given in figure 4 box shape nodes are considered as vehicles and the round shape nodes are considered as RSU, these RSUs are connected by a backbone network which is directly connected to infrastructure server. This server is accepting a rich amount of data for processing and then providing the decisions to the cluster heads. 5. Attack detection and removal The server collects data samples during communication sessions and creates a threshold first using given formula. For detection of malicious attacker the following steps are taken place: 1. For each node in a cluster 2. If MAXFLOOD>= threshold 3. Label as malicious node 4. Else 5. Legitimate node 6. End if 7. End for , IJAFRC All Rights Reserved

8 In order to make decisions threshold value is compared with the current sample values, if information is found as the malicious behavior then the current node ID is extracted from the sample data. Now a decision making packet is transmitted to the concerned clustered head with the malicious node ID. The targeted cluster head now have the malicious labeled nodes ID thus during the communication if the malicious node initiate a communication then this session is forcefully dropped by the cluster head. 6. Attack Model In VANETs, nodes act as both routers and ordinary nodes. Due to dynamic network topology and lack of centralized infrastructure, network security has brought a new challenge to networking communities. Unlike traditional networks, VANETs are more vulnerable to DoS attacks due to limited resources that force nodes to be greedy in resource utilization. When there is no cooperation, activities of even a small number of nodes may significantly decrease the performance of the network. For example, a misbehaving node that discards any packets passing through it can result in repeated retransmissions, which in turn cause network congestions. Battery power is another critical resource for mobile nodes. If the battery power has been used up due to malicious attacks such as the sleep deprivation attack, the victim will not be able to provide network services. Key issues in network with the DOS flooding attack 1. During attack false RREQ packets are injected in the network. Due to this the available bandwidth is consumed. 2. For each transmission a significant amount of energy is consumed, due to false control message exchange different neighbor nodes are also transmitting the RREQ packets to their neighbors thus energy of network nodes are rapidly drain. 3. Finally due to frequent flooding in network the congestion in network can be occurred this causes the frequent packet drops in network, thus network performance is degraded. IV. SIMULATION SETUP This section provides desired network configuration for simulation of internal attack detection and prevention scheme is given using table 1. Table 1 Simulation Setup Simulation properties Values Antenna model Omni Antenna Dimension 750 X 550 Radio-propagation Two Ray Ground Channel Type Wireless Channel No of Mobile Nodes 13 Routing protocol AODV Time of simulation 10.0 Sec. The proposed technique is simulated under two different scenarios. 1. Attack simulation using traditional routing technique in this simulation scenario the traditional AODV routing is implemented and dos attack is deployed. After deploying the attack, network performance is evaluated. 2. Attack simulation using proposed routing technique the proposed technique is an AODV routing modification that allows the network for detection and prevention of DOS attack. In this , IJAFRC All Rights Reserved

9 scenario an attacker is again deployed and the performance is evaluated and compared with the previous scenarios. V. RESULT ANALYSIS This section provides results analysis and performance evaluation of the designed routing technique. 1. End to end delay The total amount of time required to successfully deliver a data packet from source to a targeted device is known as end to end delay. The end to end delay includes the data travelling time and propagation delay during communication. Figure 5 shows the end to end delay of the proposed VANET routing technique. In this diagram X axis includes the simulation time and end to end delay in terms of milliseconds is given using Y axis. Red line demonstrates the end to end delay during attack deployment in network. During DOS attack deployment the traffic of network is unevenly increases due to RREQ packets. Thus the network performance is slows down and the end to end delay becomes higher with the respect to the normal network end to end delay. On the other hand the green line demonstrates the performance of proposed secure VANET routing protocol. That algorithm successfully able to detect and prevent the malicious activity over the network thus the end to end delay is fewer with the respect of attack conditions. 2. Routing overhead Figure 5. END TO END DELAY The amount of additional packets injected in order to establish communication session is known as routing overhead. The routing overhead during both the scenarios is given using figure 6. In this diagram X axis represents the simulation time and Y axis demonstrates the amount of packets additional injected. The routing overhead of attack is demonstrated using red line and preventive technique is given using green line. According to result the proposed routing technique is able to detect and prevent DOS attack. Additionally, able to reduce the amount of control message exchange, initially the amount of flooding is higher than the remaining simulation time. Because first time network nodes creating clusters and performing the route discovery and after that the network is saturated and initial operations are performed then the routing overhead reduces continuously and most of the time remains constant , IJAFRC All Rights Reserved

10 Figure 6. Routing Overhead 3. Packet Drop Ratio The amount of packet dropped during the communication is known as packet drop ratio. In order to find packet drop ratio in terms of percentage can be evaluated using the given formula Figure 7. Packet Drop Ratio Figure 7 shows the packet drop ratio for both conditions respectively. In diagram X axis shows the simulation time in terms of seconds and the amount of packet drop in terms of percentage is given using Y axis. The performance of network during attack condition is demonstrated using red line. Most of the time during attack a significant amount of packet dropped during communication Sessions, additionally the amount of packet drop is increases as the simulation time increases. Because when the RREQ flooding attack is deployed in network the initial bandwidth is consumed rapidly over each time slice. Therefore the red line shows the incremental line for the packet drop ratio. On the other hand the proposed technique s packet drop ratio is demonstrated using green line. Most of time proposed routing technique drop a constant amount of packets thus the performance of network is enhanced in terms of packet drop ratio. VI. CONCLUSION In search of optimum VANET security an essential contribution [2] is found. Using the key management technique the author preserves the network performance for external attacks. The extension of the work [2] is provided in this research work. In order to extend the work an internal attack preservation , IJAFRC All Rights Reserved

11 technique is developed. In this simulation model VANET environment is created statically. The proposed solution for the VANET internal attack leads to incorporate the following concepts for implementation. 1. Routing protocol The organization and management of topology in VANET is performed using routing strategies. Therefore attack is deployed most of the time using routing. Thus a secure routing technique required to design for preventing VANET. 2. Clustering concept VANET supports high mobility scenarios, different vehicles having different speed and directions. Thus the frequent path breaks and network partition occurred. In order to scale the network and improve the performance of network, clustering technique is helpful for V2V and V2I communication. 3. Thresholding In order to create filter and detection of attack a comparative limit is prepared using threshold of the PDR and maximum flooding basis. For creating the proposed routing concept for securing the VANET, AODV routing protocol is modified for incorporating the detection and prevention. And simulation of the technique is provided in NS2 environment. The performance of the network with enhanced routing is evaluated in terms of packet drop ratio, end to end delay and routing overhead. The obtained result shows the effectiveness of the proposed routing technique. VII. REFERENCES [1] Maxim Raya and Jean-Pierre Hubaux, Securing vehicular ad hoc networks, Journal of Computer Security 15 (2007) IOS Press [2] Rongxing Lu, Xiaodong Lin, Xiaohui Liang, and Xuemin (Sherman) Shen, A Dynamic Privacy- Preserving Key Management Scheme for Location-Based Services in VANETs, IEEE Transactions on Intelligent transportation systems, Vol. 13, No. 1, March 2012 [3] Hongmei Deng, Wei Li, and Dharma P. Agrawal, Routing Security in Wireless Ad Hoc Networks, IEEE Communications Magazine, October 2002, /02/$ IEEE [4] Stephen Specht and Ruby Lee, Taxonomies of Distributed Denial of Service Networks, Attacks, Tools, and Countermeasures, Technical Report CE-L , May 16, 2003 [5] Balmahoon R, Peplow R, Vehicular Ad-Hoc Networks: An Introduction to Privacy, Southern African Telecommunication Networks and Applications Conference (SATNAC) will be held from 2 to 5 September 2012 [6] Hsu-Chun Hsiao, Ahren Studer, Chen Chen, Adrian Perrig, Fan Bai, Bhargav Bellur, AravindIyer, Flooding-Resilient Broadcast Authentication for VANETs, MobiCom 11, September 19 23, 2011, Las Vegas, Nevada, USA. Copyright 2011 ACM /11/09...$10.00 [7] Lin Yao, Chi Lin, Jing Deng, Fangyu Deng, Jingwei Miao, and Kangbin Yim, Biometrics-based Data Link Layer Anonymous Authentication in VANETs, Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), IEEE , IJAFRC All Rights Reserved

12 [8] S. Vijayakumar, A. Noble Mary Juliet, Dr. M. L. Valarmathi, A Reliable Application Level Broadcasting Protocol For VANET, IJCSMC, Vol. 3, Issue. 5, May 2014, pg [9] Albert Wasef And Rongxing Lu, Xiaodong Lin, Xuemin (Sherman) Shen, Complementing Public Key Infrastructure to Secure Vehicular Ad Hoc Networks, IEEE Wireless Communications, October 2010, /10/$ IEEE [10] Subir Biswas, Jelena Misic, A Cross-layer Approach to Privacy-preserving Authentication in WAVE-enabled VANETs, IEEE Transactions on Vehicular Technology, Volume:62, Issue: 5,Jun 2013 [11] Fabian Garcia Nocetti, Julio Solano Gonzalez, Ivan Stojmenovic, Connectivity Based k-hop Clustering in Wireless Networks, Telecommunication Systems 22:1 4, , 2003 Kluwer Academic Publishers , IJAFRC All Rights Reserved