CHAPTER 1 INTRODUCTION 1.1 MOBILE AD HOC NETWORK

Transcription

1 CHAPTER 1 INTRODUCTION 1.1 MOBILE AD HOC NETWORK A Mobile Ad hoc Network (MANET) is a self configurable collection of any number of wireless mobile devices. All the nodes in a multi-hop wireless ad hoc network cooperate with each other to form a network without the presence of any infrastructure such as access point or base station as shown in Figure 1.1. In MANET, the mobile nodes require to forward packets for each other to enable communication among nodes outside the transmission range. The nodes in the network are free to move independently in any direction, leave and join the network arbitrarily. Thus a node experiences changes in its link states regularly with other devices. Eventually, the mobility in the ad hoc network, change of link states and other properties of wireless transmission such as attenuation, multipath propagation, interference etc. create a challenge for routing protocols operating in MANET. The challenges are enhanced by the various types of devices of limited processing power and capabilities that may join in the network. We quote the definition of a mobile ad hoc network from the charter of the corresponding Internet Engineering Task Force (IETF): A Mobile Ad hoc Network (MANET) is an autonomous system of mobile routers (and associated hosts) connected by wireless links-the union of which forms an arbitrary graph. The routers are free to move randomly and organize themselves arbitrarily; thus, the network's wireless topology may change rapidly and unpredictably. Such a network may operate in a standalone fashion, or may be connected to the larger Internet" [INT1994]. 1.2 MANET CHARACTERISTICS MANET is a new paradigm of networks, offering unrestricted mobility without any underlying infrastructure. Following are the characteristics of a MANET [SCO1999]: Dynamic Topologies: The network topology may change randomly and have no restriction on their distance from other nodes. As a result of this random movement, the whole topology 1

2 is changing in an unpredictable manner, which in turn gives rise to both directional as well as unidirectional links between the nodes. [STE2004] Figure 1.1: A Typical Mobile Ad hoc Network Energy Constrained Operation: Almost all the nodes in MANET rely on batteries or other exhaustive means for their energy. The battery depletes due to extra work performed by the node in order to survive the network. Therefore, energy conservation is an important design optimization criterion. Bandwidth Constraint: Wireless links have significantly lower capacity [SVA2001] than infrastructures networks. Throughput of wireless communication is much less because of the effect of the multiple access, fading, noise, interference conditions. As a result of this, congestion becomes a bottleneck in bandwidth utilization. Limited Physical Security: MANET are generally more prone to physical security threats than wireless networks because the ad hoc network is a distributed system and all the security threats relevant to such a system are pretty much present, as a result, there is an increased possibility of eavesdropping, spoofing, masquerading [VIK2006], and denial-of-service type attacks. 1.3 MANET APPLICATIONS To understand the nature of MANET and the origin of their unique characteristics, the potential applications of ad hoc networks are briefly considered. MANET have applications in two major fields: military and commercial environments. 2

3 Military Applications The origin of networks that rely on no pre-existing infrastructure can be traced back to the early 1970s with the DARPA and PRNET projects [CKT2001] [ZJH2002], where the initial focus was on military applications. The application of ad hoc networks in a military environment is particularly attractive because of their lack of infrastructure and self-organizing nature. Consider conventional networks that rely on infrastructure such as base stations: the infrastructure introduces points of vulnerability which may be attacked and, if eliminated, dismantle the operation of the entire network. In battlefield scenarios robust and guaranteed communication is essential with potentially fatal consequences if compromised. Ad hoc networks can continue to exist even in the event of nodes disappearing or becoming disconnected due to poor wireless connectivity, moving out of range, physical attack on users, broken nodes, battery depletion or physical node damage. Applications such as sensor networks [IFA2002], positional communication systems and tactical ad hoc networks [JJU1987] will continue to be one of the driving forces behind ad hoc network development. Commercial Applications Commercial applications of ad hoc networks may include deployment of connectivity in terrains where conventional networks, such as cellular networks, are not financially viable, cannot provide sufficient coverage or need by-passing. Private networks or personal area networks (for the purpose of teleconferencing, video conferencing, peer-to-peer communications, ad hoc meetings, or more generally, collaborative applications of all kinds) are possible applications of ad hoc networks. It is anticipated that these applications will gain momentum as soon as the flexibility and convenience of self-organized ad hoc networking is fully appreciated and protocols are implemented with commercially available products. Take for example cellular networks, what was once seen as an impractical technology has now become a necessity. Emergency situations caused by geopolitical instability, natural or man-made disaster could result in existing networking infrastructure being damaged or unreliable. For example, Hurricane Katrina struck New Orleans, Louisiana on August 29, The storm destroyed most of the fixed communication infrastructure as it blanketed approximately 90,000 square 3

4 miles of the Unites States, a region almost as large as the United Kingdom [FEM2005]. In order to launch an effective disaster relief operation, communication is of the essence, even between a localized group of relief workers. Open MANET will make it possible for relief workers from various countries to establish communication on the fly, therefore eliminating the time penalty in setting up and managing conventional, fixed infrastructure networks. Search and rescue missions could also be conducted in locations not allowing access to existing communication networks [MRA2005]. Vehicular ad hoc networks allow vehicles travelling along a highway to exchange data for traffic congestion monitoring, inter vehicle communication and early warning of potential dangers ahead such as an accident, road obstruction or stationary vehicle. Several research projects have been initiated to deal with vehicular ad hoc networking [RMO2000] [WFR2001]. 1.4 CLASSIFICATION OF MANET ROUTING For the nature and challenges found in designing an ad hoc network routing protocol, a large amount of work has been done in the research community to find a perfect routing protocol for wireless ad hoc networks [STE2003]. The research has resulted to a number of routing protocols which can be classified as table-driven or proactive, on-demand or reactive and hybrid routing protocols [CSI2004] and shown in Figure 1.2. Table-Driven or Proactive Protocols: Proactive routing protocols attempt to maintain consistent, up-to-date routing information between every pair of nodes in the network by propagating, proactively, route updates at fixed intervals. As the resulting information is usually maintained in tables, the protocols are sometimes referred to as table-driven protocols. Representative proactive protocols include: Destination-Sequenced Distance Vector (DSDV) routing [CEP1994], Clustered Gateway Switch Routing (CGSR) [CCC1997], Wireless Routing Protocol (WRP) [SMU1996], and Optimized Link State Routing (OLSR) [PJA1998]. On-Demand or Reactive Protocols: A different approach from table-driven routing is reactive or on-demand routing. These protocols depart from the legacy Internet approach. Reactive protocols, unlike table-driven ones, establish a route to a destination when there is a demand for it, usually initiated by the source node through discovery process within the 4

5 network. Once a route has been established, it is maintained by the node until either the destination becomes inaccessible or until the route is no longer used or has expired. Representative reactive routing protocols include: Dynamic Source Routing (DSR) [DBJ1996], Ad hoc On Demand Distance Vector (AODV) routing [CEP1999], Temporally Ordered Routing Algorithm (TORA) [VDP1997] and Associativity Based Routing (ABR) [CKT1996]. Figure 1.2: Classification of MANET Routing Protocols Hybrid Routing Protocols: Purely proactive or purely reactive protocols perform well in a limited region of network setting. However, the diverse applications of ad hoc networks across a wide range of operational conditions and network configuration pose a challenge for a single protocol to operate efficiently [GEO2004]. For example, reactive routing protocols are well suited for networks where the call-to-mobility ratio is relatively low. Proactive routing protocols, on the other hand, are well suited for networks where this ratio is relatively high. The performance of either class of protocols degrades when the protocols are applied to regions of ad hoc networks space between the two extremes. Researchers advocate that the issue of efficient operation over a wide range of conditions can be addressed by a hybrid routing approach, where the proactive and the reactive behavior is mixed in the amounts that best match these operational conditions. Representative hybrid routing protocols include: Zone Routing Protocol (ZRP) [HAA2002] and Zone-based Hierarchal Link State routing protocol (ZHLS) [MJO1999]. 5

6 In the following sub sections we examine three protocols, the Dynamic Source Routing (DSR) Protocol, Ad hoc On-demand Distance Vector (AODV) routing protocol and Optimized Link-State Routing (OLSR), as they were found useful for the thesis work. DSR and AODV fall under reactive family, where as, OLSR is a proactive routing protocol Dynamic Source Routing (DSR) DSR [DAV2003] is a source routing protocol which means every packet will carry the list of the nodes that it will traverse to reach the destination. Every node which receives the packet first verifies whether it is the destination of the packet. If it is not, it checks its own identifier in the list of nodes carried by the packet. If the node finds itself in the list then it forwards the packet to the next node in the list which must be a direct neighbor. Otherwise it drops the packet. DSR have three main advantages. First, it is trivial to detect routing loops by identifying the repeating values in the list of node identifiers in the packet header. Second, the forwarding nodes need not to keep updated routing information to forward the packet towards the destination as it is available in the packet header and is provided by the packet source. Third, each node that receives the packet can extract routes from the packet header and cache it locally for future use. The main disadvantage of DSR is the communication overhead that each packet has to carry. This limits the applicability of the protocol in highly resource constrained environment such as sensor network and in large network where routes can be very long. DSR contains 2 phases * Route Discovery (find a path) * Route Maintenance (maintain a path) Route Discovery Route Request: Source broadcasts Route Request message for specified destination. Intermediate node adds itself to path in message and forwards (broadcasts) message toward destination as shown in Figure 1.3. Route Reply: Destination unicasts Route Reply message to source that contains complete path built by intermediate nodes. Route Maintenance In DSR, every node is responsible for confirming that the next hop in the source route 6

7 receives the packet. Also each packet is only forwarded once by a node (hop-by-hop routing). If a packet can t be received by a node, it is retransmitted up to some maximum number of times until a confirmation is received from the next hop. Figure 1.3: Route Discovery by DSR Figure 1.4: DSR Route Error As shown in Figure 1.4, if retransmission results in a failure, a Route Error message is sent to the initiator that can remove that Source Route from its Route Cache. So the initiator can check his Route Cache for another route to the target. If there is no route in the cache, a Route Request packet is broadcasted Ad hoc On-demand Distance Vector Ad hoc On-Demand Distance Vector (AODV) Routing is a routing protocol for MANET and other wireless ad-hoc networks. It is jointly developed in Nokia Research Center, University of California, Santa Barbara and University of Cincinnati. AODV [CPE2003] Routing protocol uses an on-demand approach for finding routes, that is, a route is established only when it is required by a source node for transmitting data packets as shown in figure 1.5. It employs destination sequence numbers to identify the most recent path. AODV performs the following operations: Route Discovery: whenever a node needs a next hop to forward a packet to a destination 7

8 Route Maintenance: when link breaks, rendering next hop unusable[jua2000] 1 D S 2 Figure 1.5: Route Discovery by AODV Figure 1.6: AODV Protocol s Events AODV has following events as shown in Figure 1.6. Hello: Hello messages are beacon signals used for link level acknowledgement with neighboring nodes. RREQ: AODV builds routes using a route request / route reply query cycle. When a source node desires a route to a destination for which it does not already have a route, it broadcasts a Route Request (RREQ) packet across the network. Nodes receiving this packet update their information for the source node and set up backwards pointers to the source node in the route tables. In addition to the source node's IP address, current sequence number, and broadcast ID, the RREQ also contains the most recent sequence number for the destination of which the source node is aware. A node receiving the RREQ may send a Route Reply (RREP) RREP: A node receiving the RREQ may send a route reply (RREP) if it is either the destination or if it has a route to the destination with corresponding sequence number greater than or equal to that contained in the RREQ. If this is the case, it uncast a 8

9 RREP back to the source. Otherwise, it rebroadcasts the RREQ. Nodes keep track of the RREQs source IP address and broadcast ID. If they receive a RREQ which they have already processed, they discard the RREQ and do not forward it. As the RREP propagates back to the source, nodes set up forward pointers to the destination. Once the source node receives the RREP, it may begin to forward data packets to the destination. If the source later receives a RREP containing a greater sequence number or contains the same sequence number with a smaller hop-count, it may update its routing information for that destination and begin using the better route. RERR: If a link break occurs while the route is active, the node upstream of the break propagates a route error (RERR) message to the source node to inform it of the now unreachable destination(s). After receiving the RERR, if the source node still desires the route, it can reinitiate route discovery. Advantages and Disadvantages The main advantage of this protocol is that routes are established on demand and destination sequence numbers are used to find the latest route to the destination. The connection setup delay is lower. One of the disadvantages of this protocol is that intermediate nodes can lead to inconsistent routes if the source sequence number is very old and the intermediate nodes have a higher but not the latest destination sequence number, thereby having stale entries. Also multiple Route-Reply packets in response to a single Route Request packet can lead to heavy control overhead. Another disadvantage of AODV is that the periodic beaconing leads to unnecessary bandwidth consumption [JUA2000] Optimized Link State Routing Protocol (OLSR) The Optimized Link State Routing protocol [TCL 2003] is a proactive link state routing protocol. OLSR is explained in IETF s [RFC 3626] and it is largely still in the experimental phase. There are two types of control packets used in OLSR: Hello packets and Topology Control packets (TC). Neighborhood Discovery: Hello packets are used to build the neighborhood of a node and to discover the nodes that are within the vicinity of the node and hello packets are also used to compute the multipoint relays of a node. OLSR uses the periodic broadcast of hello packets 9

10 to sense the neighborhood of a node and to verify the symmetry of radio links. The Hello messages are received by all one-hop neighbors, but are not forwarded. For every fixed interval, known as Hello Interval, the nodes will broadcast hello messages. Hello messages also allow the nodes to discover its two-hop neighbors since the node can passively listen to the transmission of its one-hop neighbor. The status of these links with the other nodes in its neighborhood can be asymmetric, symmetric or MultiPoint Relay (MPR). A symmetric link means that connectivity is bi-directional whereas asymmetric links are unidirectional. Given the set of one-hop and two-hop neighbors, a node can then proceed to select its multipoint relays, which will enable the node to reach out to all the neighbors within a two-hop range. Every node k will keep a MPR selector set, which contains all the nodes that has selected node k as a MPR. Hence, node k can only re-broadcast messages received from the nodes found in the MPR selector set [TCL 2003]. Topology Dissemination and Routing Table Calculation: Topology control (TC) messages contain the MPR selector set information of a particular node k. These TC messages are broadcast periodically within the TC interval, to other MPRs, which can further relay the information to further MPRs. Thus, any nodes within a network can be accessed either directly or through the MPRs. With the neighborhood and topological information, nodes can construct the entire network routing table. Routing to other nodes is calculated using the shortest path algorithm such as Dijkstra s algorithm. Sequence numbers are used to ensure that the routing update information is not stale. Whenever there are changes to the topology or within the neighborhood, the MPR set is re-calculated, updates are sent to the entire network so that the routing has to be re-calculated to update the route information to each known destination in the network. Full Flooding Vs Multipoint Relays: As specified above, hello messages are exchanged only between nodes one-hop away. Since the size of the MANET can be considerable, there is a need for a more efficient way of disseminating topological information. The traditional method would be pure full flooding into the network. While simple in implementation, it is not efficient since a great many control overheads are generated and not all are useful. Since a node within a network can be reached via many nodes (within the radio transmission range), only one node is necessary to transmit the message to it instead of multiple copies of the same message. MPR is a concept designed to reduce these control overheads by allowing 10

11 selective flooding to occur. Only selected MPR nodes are allowed to re-broadcast topological information as shown in Figure 1.7. (a) Pure Flooding (b) MPR Flooding Figure 1.7: Comparison of Pure Flooding and MPR Flooding 1.5 FLAWS IN MANET SECURITY MANET is very flexible for the nodes i.e. nodes can freely join and leave the network. There is no main body that keeps watching on the nodes entering and leaving the network. All these features of MANET make it vulnerable to different types of attacks. Non Secure Boundaries: MANET is vulnerable to different kind of attacks due to no clear secure boundary. In MANET, Node can join a network automatically if the network is in the radio range of the node, thus it can communicate with other nodes in the network. Due to no secure boundaries, MANET is more susceptible to attacks [SLU2009]. The attacks may be passive or active, leakage of information, false message reply, denial of service or changing the data integrity. The links are compromised and are open to link spoofing attack. [AMI2003]. There is no protection mechanism such as firewalls or access control, which may result the vulnerability of MANET to attacks. Spoofing of node s identity, data tempering, confidential information leakage and impersonating node are the results of such attacks when security is 11

12 compromised [CKT2002]. Compromised Node: Some of the attacks are to get access inside the network in order to get control over the node in the network using unfair means to carry out their malicious activities. Mobile nodes in MANET are autonomous and due to this autonomy during communication, ad-hoc network mobility makes it easier for a compromised node to change its position so frequently making it more difficult and troublesome to track the malicious activity [DBR2009]. It can be seen that the threats from compromised nodes inside the network is more dangerous than attacking threats from outside the network. No Central Management: MANET is a self-configurable network, which consists of mobile nodes where the communication among these nodes is done without a central control. Each and every node act as router and can forward and receive packets [CAR2005]. MANET works without any preexisting infrastructure. Detecting attacks and monitoring the traffic in highly dynamic and for large scale ad hoc network is very difficult due to no central management. The node connect with each other on the basis of blind mutual trust, a central entity can manage this by applying a filter on the nodes to find out the suspicious one, and let the other nodes know which node is suspicious [YON2005] [CKT2002] Shared Broadcast Radio Channel: This is in opposition to wired networks, where a separate dedicated transmission line can be provided between two end users. The radio channel used for communication in a MANET is broadcast in nature, and is shared by all nodes in the network, allowing a malicious node to easily obtain data being transmitted [JAM2002]. Lack of Association: Because of dynamic topology of MANET, there is no proper authentication mechanism that associates nodes with a network. Thus, an intruder would be able to join the network easily and carry out attacks [CKT2002]. Limited Resource Availability: The resources in MANET such as bandwidth, battery power, and computational power are limited, making it difficult to implement complex cryptography-based security mechanism in such networks [JAM2002]. Problem of Scalability: In traditional networks, where the network is build and each machine is connected to the other machine with help of wire. The network and the scale of the network, while designing it is defined and that do not change much during the use. In other words we can say that the scalability of the network is defined in the beginning phase 12

13 of the designing of the network [PAN2003]. The case is quite opposite in MANET because the nodes are mobile and due to their mobility in MANET, the scale of the MANET is changing. It is too hard to know and predict the numbers of nodes in the MANET in the future. The nodes are free to move in and out of the ad hoc network which makes the MANET very much scalable and shrinkable. Keeping this property of the MANET, the protocols and all the services including security that a MANET provides must be adaptable to such changes [YON2005]. 1.6 PROBLEM AREA IN MANET SECURITY Despite the evolution of MANET over the past decade there are still a number of security related problems that are open. This means that although solutions have been proposed none seem to satisfy all the constraints of MANET. Figure 1.8 illustrates the areas investigated within the MANET field with particular focus on security issues. Key areas of MANET security focused in this research are described next Secure Routing MANET routing protocols are designed considering efficiency as a primary concern and assume nodes cooperation. Thus, number of attacks based on routing mechanism are in MANET i.e. blackhole attack, wormhole attack, routing table overflow attack, sleep depreciation attack, location disclosure and impersonation attack, Denial of Service (DoS) attack. In blackhole attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In wormhole, two malicious collaborating nodes which are connected through a private network, can record packets at one location in the network and tunnel them to another location through the private network and retransmits them into the network. In routing table overflow, the attacker attempts to create routes to nonexistent nodes. The goal is to create enough routes to prevent new routes from being created or to overwhelm the protocol implementation. Sleep deprivation attack is practical only in mobile ad hoc networks, where battery life is a critical parameter. Battery powered devices try to conserve energy by transmitting only when absolutely necessary. An attacker can attempt to consume batteries by requesting routes, or by forwarding unnecessary packets to the node using, for 13

14 example, a black hole attack. A location disclosure attack can reveal something about the locations of nodes or the structure of the network. Routing Protocol Reasoning about Trust Power Management Self organizing Networks Quality of Service Novel threats Vulnerabilities Sensor Networks Intrusion Detection Ad hoc Networking Security DoS prevention Vehicular Networks PKI Implementation Symmetric key Management Multicasting Protocols Secure Routing Public key Management MAC protocols Access Control Key Transport (Centralized) Peer-to-Peer Key Management Key Management Key Agreement (Contributory) Group Key Management Figure1.8: Area of Interest in MANET The information gained might reveal which other nodes are adjacent to the target, or the 14

15 physical location of a node. DoS attacks are among the most prominent types of attacks. In denial of service attacks the adversary prevents or prohibits the normal use or management of network facilities or functionality. DoS attacks can be launched at any layer of an ad hoc network to exhaust node resources. Thus, secure routing in MANET is necessary that allow only authorized nodes to perform route computation and discovery even if few nodes in the network have been compromised Key Management Cryptographic schemes are used to protect both routing information and data traffic. Use of such schemes usually requires a key management service. Key management is a fundamental security service, which, by providing and managing the basic cryptographic keying material, fundamentals security services preserving confidentiality, integrity and authenticity. Secure key management with a high availability feature is at the center of providing network security [AME1996]. However, all routing schemes neglect the crucial task of secure key management and assume pre-existence and pre-sharing of secret and/or private/public key pairs [LZH1999]. This leaves key management considerations as an open research area in the ad hoc network security field. Conventional key management techniques may either require an online trusted server or not. The infrastructureless nature of MANET precludes the use of server based protocols such as Kerberos. The design of key management mechanisms for MANET is a particularly complex issue. Firstly, because of the lack of an infrastructure (e.g. dedicated servers), MANET require self-organized key management protocols. Secondly, in order to maximize MANET longevity, because nodes typically run on batteries, energy efficiency is a strict requirement in the design of key management mechanisms and protocols. Thirdly, MANET scalability, membership dynamics and sudden changes on network topology must be also contemplated in the design of a performance-aware key management service. Finally, the operational requirements and the use model of MANET applications need to be considered to design consistent key management systems Secure Group Communication Many emerging applications in MANET involve group-oriented communication using clustering. It improves the efficiency and performance in mobile environment with limited 15

16 bandwidth and limited power. In an hostile environment,such as military, it is necessary to provide secure multicast group communication. Group confidentiality is one of the issues in secure multicast group communication which requires that only valid group users could decrypt the multicast data even if the data is broadcast to the entire network. The group confidentiality requirements can be translated into three rules. First, Non-group confidentiality means nodes that were never part of the group should not have access to any key that can decrypt any multicast data sent to the group. Second, forward secrecy means nodes which left the group should not have access to any future key. This ensures that a member cannot decrypt data after it leaves the group. Third, backward secrecy means a new node that joins the session should not have access to any old key. Thus, group confidentiality problem can be solved with dynamic and robust group key management scheme. The effectiveness of secure group communication not only requires forward secrecy and backward secrecy but also depends on how quickly rekeying process take place when group membership change. 1.7 RESEARCH METHODOLOGY Research methodology defines how the development work should be carried out in the form of research activity. Research methodology can be understand as a tool that is used to investigate some area, for which data is collected, analyzed and on the basis of the analysis conclusions are drawn. There are three types of research i.e. quantitative, qualitative and mixed approach as defined in [JWC2002]. Quantitative Approach This approach is carried out by investigating the problem by means of collecting data, experiments and simulation which gives some results, these results are analyzed and decisions are made on their basis. This approach is used when the researchers wants to verify the theories they proposed, or observe the information in greater detail. Qualitative Approach This approach usually involves the knowledge claims. These claims are based on a participatory as well as on constructive perspectives. This approach follows the strategies such as ethnographies, phenomenology and grounded theories. When the researcher wants to study the context or focusing on single phenomenon or concepts, they used qualitative 16

17 approach to achieve their desired goals. Mixed Approach Mixed approach glue together both quantitative and qualitative approaches. This approach is followed when the researchers wants to base their knowledge claims on matter of fact grounds. Mixed approach has the ability to produce more complete knowledge necessary to put a theory and practice as it combined both quantitative and qualitative approaches. State of Art Problem Identification & Selection Literature Study Building Simulation Result Analysis Author s Interest Feasibility Figure 1.9: Research Methodology Author s Approach Author s approach towards the thesis is quantitative. This approach starts by studying the related literature specific to security issues in MANET. Literature review is followed by simulation modeling. The results are gathered, analyzed and conclusions are drawn on the basis of the results obtained from simulation. Figure 1.9 depicts the author s research methodology. Research Design The author divided the whole research thesis into four stages. 1) Problem Identification and Selection. 2) Literature Study. 17

18 3) Building Simulation. 4) Result Analysis Simulation Tool Network Simulation is a technique where a program models the network behavior either by calculating the interaction between the different network entities by actually capturing and playing back observations from a production network. Network Simulators are relatively fast and inexpensive as they allow the engineers to test scenarios that might be particularly difficult or expensive to emulate using real hardware. These allow designers to test new networking protocols or change the existing ones in a controlled environment. Potential advantages of simulation are, it saves time, cost and provides detail results and good understanding of event s occurrence. There are many simulators such as OPNET, NetSim, GloMoSim and NS2. We have used NS2 [NET2010] for simulation during our research work Structure of NS2 NS2 is a discrete event simulator developed at UC Berkeley and written in C++ and OTCL. Primarily, NS2 was useful for simulating LAN and WAN only. Multi-hop wireless network simulation support is provided by the Monarch Research Group at Carnegie-Mellon University. For wireless simulation, it contains physical, data link and medium access control layer. The Distributed Coordination Function (DCF) of IEEE for wireless LANs is used as MAC layer protocol. For transmitting data packets, an unslotted Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is used. Radio model is similar to commercial radio interface, Lucent s wave LAN. Wave LAN has a share-media radio with a nominal bit rate of 2 Mb/s and a nominal radio range of 250m [PER1994] [NET2010]. NS2 interprets OTCL scripts defined by user. A user describes various network components in OTCL such as libraries and scheduler objects which are then simulated by main NS2 program written in C++. Figure 1.10 shows the framework of NS2. The widely acceptance of NS2 in research and education sector is because of its free distribution and open source. NS2 is being developed and contributed by researchers and developers over the time. It is suitable for comparing different protocols, traffics and developing new protocols. 18

19 Mobility Pattern and Generated Traffic We have used Random waypoint mobility (RWP) that is a mobility model and it defines node movement pattern that is widely used to evaluate the performance of MANET protocols. Figure 1.10: NS2 Framework Figure 1.11: NS2 Simulation Overview 19

20 In RWP node s speed, direction and destination are chosen randomly once parameters are set. It produces large amounts of relative nodes movement because of which network topology changes. NS2 offers setdest command to generate waypoint mobility. Continuous Bit Rate traffic (CBR) connections are used. Source generates 512-byte long UDP packets. Source and destination pairs are chosen randomly. NS2 provide cbrgen.tcl tool to generate traffic pattern file. Figure 1.11 shows the simulation flow/run. 1.8 RESEARCH OBJECTIVE In this research work, focus has been put on the strategy to address the security issue of MANETs. MANETs have some unique characteristics that make the design of suitable security mechanisms both challenging and interesting. The security issues in MANETs will have to be resolved before these networks will find wide scale deployment. The lack of any form of trusted authority makes the design of a secure routing and low complexity key management scheme for MANETs a difficult task. Thus, the issue to design and develop an efficient and secure data communication is MANETs is still wide open. The main objective of the present work can be stated as Secure Data Accessibility in Mobile Ad hoc Networks and in order to handle the above problem, the following outline is proposed: The assessment and study of different types of routing protocols will help in better understanding of the basic characteristics and functioning of the protocols. Analysis of some of the routing protocols can be carried through simulation, using synthetically generated data sets. Further, there are various mobility models proposed for MANET simulation, it would also be interesting to note the behavior of MANET protocols when subjected to simulation under these models. It aims towards suggesting, designing and implementing a highly efficient security solution for mobile ad hoc networks by establishing secure routing and effective key management mechanism. The proposed protocols should be built upon such a platform that it is not only efficient in terms of meeting the security requirements like message integrity, data confidentiality and end to end authentication but are also cost effective and applicable in practical environment. 20

21 The proposed protocols can be validated against different RFCs proposed by IETF and the verification can be done by taking various performance metrics such as average end-to-end delay, fraction of packets dropped. 1.9 THESIS ORGANIZATION This report is organized as follows: Chapter 1 discuss mobile ad hoc networking in closer details, covering their specific characteristics, complexities and design constraints. This is followed by a classification of existing routing algorithms in MANET. Chapter 2 examines the security issues and challenges associated with mobile ad hoc networks. We also identify the different kinds of attacks MANETs faces and explore new existing approaches to secure its communication related to routing and key management. Chapter 3 introduces a new security-aware route discovery for Dynamic Source Routing in MANET in the presence of malicious nodes. We analyze the effectiveness of the proposed scheme in the presence of malicious nodes using NS2 simulator. Chapter 4 describes the two-hop authentication mechanism which regulates the behavior of nodes in the MANET to prevent from routing attacks in Optimized Link State Routing. Chapter 5 introduces an identity-based Peer-to-Peer key management scheme to provide end-to-end authentication between two users without any online certification authority. A certificateless efficient group key management scheme to achieve forward secrecy as well as back secrecy is proposed in chapter 6. In chapter 7, we introduce the improvement in Secure AODV (SAODV) to mitigate various types of hop count attacks in the route request and route reply control messages. At the end, we summarize the research and give an outline of the broader impact of the thesis and provide the scope of future research SUMMARY In this chapter, we presented MANETs as a new paradigm for wireless communication. We identified the characteristics, complexities and design constraints associated with them, discussed some of their deployment scenarios, classify the existing routing algorithms in it and the areas investigated within the MANET field with particular focus on security issues including secure routing, key management and secure group communication. 21