Fair, Efficient, and Secure Cooperation Incentive Mechanism for Multihop Cellular Networks

Transcription

1 IJIRST International Journal for Innovative Research in Science & Technology Volume 1 Issue 6 November 2014 ISSN (online): Fair, Efficient, and Secure Cooperation Incentive Mechanism for Multihop Cellular Networks M.Sasikumar PG and Research Department of Computer Science Indo-American College, Cheyyar , Thiruvannamalai District C.Parthiban PG and Research Department of Computer Science Indo-American College, Cheyyar , Thiruvannamalai District Abstract We propose a fair and efficient incentive mechanism to stimulate the node cooperation. Our mechanism applies a fair charging policy by charging the source and destination nodes when both of them benefit from the communication. To implement this charging policy efficiently, hashing operations are used in the ACK packets to reduce the number of public-key-cryptography operations. Moreover, reducing the overhead of the payment checks is essential for the efficient implementation of the incentive mechanism due to the large number of payment transactions. Instead of generating a check per message, a small-size check can be generated per route, and a check submission scheme is proposed to reduce the number of submitted checks and protect against collusion attacks. Extensive analysis and simulations demonstrate that our mechanism can secure the payment and significantly reduce the checks overhead, and the fair charging policy can be implemented almost computationally free by using hashing operations. Keywords: Cryptography FESCIM, MCN,RREQ, RREP, SCN I. INTRODUCTION Network Security has become more important to personal computer users, organizations, and the military. With the advent of the internet, security became a major concern and the history of security allows a better understanding of the emergence of security technology. The internet structure itself allowed for many security threats to occur. The architecture of the internet, when modified can reduce the possible attacks that can be sent across the network. Network security is generally taken as providing protection at the boundaries of an organization by keeping out intruders (hackers).information security, however, explicitly focuses on protecting data resources from malware attack or simple mistakes by people within an organization by use of data loss prevention techniques. Network security measures are needed to protect data during their transmission because virtually all business, Government and academic organizations are interconnected their systems with a collection of networks referred as Internet. A. Multihop Cellular Networks Hybrid ad hoc network (also called multi-hop cellular network (MCN)) is a network architecture which incorporates the ad hoc characteristics into the cellular system. The packets originated from a node are relayed through the mobile nodes to the receiver or to a base station which delivers them to the receiver. The network nodes commit bandwidth, data Multihop cellular networks (MCNs), or the next-generation networks, can significantly improve network performance and deployment and help implement many novel applications and services. However, when compared to wired and single-hop wireless networks, MCNs are highly vulnerable to serious security threats because packets may be relayed through integrated networks and autonomous devices. My research has been focusing on developing security protocols for securing MCNs. Specifically, we are interested in securing route establishment and data transmission processes, establishing stable routes, and preserving users anonymity and location privacy. We propose FESCIM, a Fair, Efficient, and Secure Cooperation Incentive Mechanism, to stimulate the node cooperation in MCN. In order to efficiently and securely charge the source and destination nodes, the lightweight hashing operations are used in the ACK packets to reduce the number of public-key-cryptography operations. The destination node generates a hash chain and signs its root, and acknowledges message reception by releasing a hash value from the hash chain. In this way, the destination node generates a signature per group of messages instead of generating a signature per message. Multihop Cellular Network (MCN), for wireless communications. MCN preserves the bandwidth of conventional Single-hop cellular networks (SCN) where the service infrastructure is constructed by fixed bases, and it also incorporates the flexibility of ad-hoc networks where wireless transmission through mobile stations in multiple hops are allowed. MCN can reduce the required number of bases or improve the throughput performance, while limiting path vulnerability encountered in adhoc networks. The considered MCN includes an accounting center, a set of base stations, and mobile nodes. All rights reserved by 202

2 Fig: The architecture of multi-hop cellular network The AC prerequisite and manages the credit accounts of the nodes, and generates private/public key pair and certificate with unique identity for each node. Once the AC receives a cheque, it updates the accounts of the participating nodes. The nodes can contact the AC at least once every few days. The sympathy foundation comes out via the abominable stations or the wired networks such as the Internet. During this connection, the nodes submit cheques, their certificates, and revise credits to almighty money and/or getting credits everywhere downright money. FESCIM can be implemented on the pinnacle of any routing protocol to establish an end-to-end communication bout provided focus the bustling identities of the nodes in the route are known to the source and destination nodes. It is important to include these identities in the source and the destination node s signatures to compose valid cheques. For Cheque-Forgery-and-Manipulation attack, the attackers attempt to forge cheques or manipulate valid cheques to increase their rewards. This is not possible with using secure hash function and signature scheme because it is not possible to forge or modify the source and destination nodes signatures and to compute the private keys from the public ones. It is also not possible to compute the hash value of the source and destination nodes signatures without computing the signatures, and to compute HD Z-X (i) from HD Z-X+1 (i). The AC can identify the attackers when the verifications of their cheques repeatedly fail. II. SIMULATION RESULTS A. Cheque Overhead FESCIM adopts more fair charging policy than Sprite and Express, the cheque size can be less. This is because of hashing the source and destination nodes signatures and signing the hash of the message instead of the message, i.e., hashing the signatures can alleviate the effect of the long RSA signature tag. For FESCIM, a cheque size depends on the number of used hash chains in the session because two hash values are attached to the cheque per hash chain. If the hash-chain size is long enough, FESCIM can generate one fixed-size cheque per route. A storage area of 1MB can store up to 8283, 5176, and 5350 cheques in FESCIM, Sprite, and Express, respectively, when one hash chain is used in FESCIM. The simulation results demonstrate that more hash chains are used in low node mobility because more packets are transmitted before the route is broken. Average Cheque Size (Bytes) It can also be seen that the probability of using only one hash chain increases with the increase of Z. Properly choosing Z can reduce the number of used hash chains, which reduces the cheque size and saves the destination node s resources because the unused hash values in a chain should not be used for other routes to secure the payment. A good Z depends on the average number of transmitted packets before the route is broken, which is related to the packet transmission rate, the node speed, and the expected number of packets transmitted in the session. All rights reserved by 203

3 The statistical distribution of the number of used Hash chains During the data transmission, a new route is established when the route is broken. For Sprite and Express, the simulation results demonstrate that the number of cheques is large due to generating a cheque per message. The increase of the nodes speed increases the number of cheques because cheques are generated for un-delivered packets. FESCIM can significantly reduce the number of cheques due to generating one cheque per route. More cheques are generated at high node mobility because the routes are more frequently broken, i.e., the messages are transmitted over larger number of routes. For Sprite and Express, the amount of paid credits is equal to the amount of earned credits because the payment is only for the nodes that relayed the un-delivered message. For FESCIM, the amount of paid credits is always more than or equal to the amount of earned credits because the source and destination nodes are charged full payment for the undelivered messages to reduce the number of submitted cheques. The increase of the nodes speed increases the amount of paid credits because more credits are paid for the undelivered messages. In FESCIM, the amount of earned credits does not depend on the nodes speed because the nodes earn credits only for the delivered messages. However, more credits are paid at high speed because the source and destination nodes pay for more undelivered messages. Fig: The end to end delay for the signed ACK mechanisms and FESCIM B. ACK Overhead For Z messages, the destination node generates Z signatures in signed ACK based incentive mechanisms, but one signature and Z hashing operations are required in the ACK packets of FESCIM. We can see that the computational times of the signing and verifying operations are sufficient for 539 and byte hashing operations, respectively; and the consumed energy for the signing and verifying operations are sufficient for 1404 and byte hashing operations, respectively, which demons trades that FESCIM can adopt fair charging policy almost computationally free. The average end-to-end delay is the average time interval between the data packet transmission and the reception of the destination node s acknowledgement. From Fig. 14, it can be seen that FESCIM can significantly reduce the end-to-end delay due to replacing the destination node s signature with the lightweight hashing operations. Above 20 connections, the delay increases significantly with and without implementing the cooperation incentive mechanism due to the significant increase in the channel contention and queuing delays. The throughput for the signed-ack mechanisms and FESCIM All rights reserved by 204

4 The average network throughput is computed by dividing the size of the received data by all the nodes over the simulation time. It can be seen that increasing the number of connections increases the network throughput until the network reaches to its capacity. FESCIM is little better because more congestions occur in signed-ack mechanisms due to the longer packet processing delay in the intermediate nodes. For Receiver-Robbery attack, the source node colludes with some intermediate nodes to steal credits from the destination node by sending bogus messages paid by the source and destination nodes or composing faked or manipulated cheques. For example, if the source node colludes with К intermediate nodes, the intermediate nodes earn credits but the source node pays for X messages. Obviously, the colluders can achieve gains. In FESCIM, the colluding nodes cannot fake or manipulate cheques to steal credits from the destination node because the destination node s signature and hash chain elements are required to compose a valid cheque. Moreover, a session cannot be established and a valid cheque cannot be composed if the destination node is not interested in the communication because its signature is required. The intermediate nodes are rewarded only when the destination node acknowledges receiving correct messages, and thus they do not earn from bogus messages. For Packet-Replay attacks, the internal or external attackers may record valid packets and replay them in different place and/or time claiming that they are fresh, to establish sessions under the name of other nodes to communicate freely. FESCIM uses time stamp to ensure that stale packets can be identified and dropped. For Impersonation attack, the attackers attempt to impersonate other nodes to communicate freely or steal credits. The attack is not possible because the nodes use their private keys to sign the packets, and the attackers cannot compute other nodes private keys. For Free-Riding attacks, two colluding intermediate nodes in a legitimate session manipulate the session packets to piggyback their data to communicate freely. To thwart this attack, the integrity of the packets should be checked at each node, and thus the first node after the colluder can detect the packet manipulation and drop the packet. For data and RREP packets, the source and destination nodes signatures can ensure the packets integrity. The integrity of the ACK packets can also be ensured because it contains one element of the hash chain, which is verified at each node. The RREQ packets are much shorter than the data packets, e.g., if a node s identity requires 4 bytes and the average number of nodes in a route is five, the average size of the RREQ packet is nearly 20 bytes, which is incomparable with 512 bytes of the data packets. FESCIM can be implemented on the top of a secure routing protocol such as ARAN and Ariadne. In the protocol, the intermediate nodes authenticate themselves to thwart the external attacks, e.g., the external attackers that are not members in the network participate in route discovery phase with the intention of dropping the data packets to launch Denial-of-Service attacks. It shows secured RREQ packets that can authenticate the intermediate nodes and thwart packet manipulation. Each intermediate node appends its certificate and signs the packet s signature to authenticate itself. In this way, launching Free-Riding attacks against RREQ packets is not possible because the packet integrity can be checked at each node. For Denial-of-Cheque-Submission attack, the colluding attackers residing close to the base station may attempt to prevent the nodes from submitting the cheques to the AC. First, the nodes accumulate the cheques and submit them to the AC in batch to reduce the communication overhead, e.g., cheques may be submitted every few days, and thus the nodes can repeatedly try to contact the AC during this time. Second, the nodes do not delete the cheques before receiving the Cheques-Submission- Confirmation packet from the AC. The nodes transmit the Cheques-Submission-Request packet to the AC to submit the cheques. This packet contains the identity of the submitter, time stamp, the cheques, and the submitter s signature. The signature authenticates the submitter, thwarts Packet-Replay attack, and ensures the packet s integrity. The AC replies with the Cheques- Submission-Confirmation packet containing the AC s signature for the cheques to confirm the submission of the cheques. Third, the nodes may change their cells due to the nodes mobility, and thus if they cannot submit the cheques through one base station, they can submit them through other base stations. Finally, the nodes can contact the AC using wired networks such as the Internet and Wi-Fi. Due to using the post-paid payment policy, the nodes can communicate even if they do not have sufficient credits at the communication time. For Payment-Denial attacks, the attackers may join the network for a short time and leave without paying their debts. Different from the traditional ad hoc networks that can be temporarily established and similar to the current single hop cellular networks, MCN is a long life network where the nodes have long-term relations with the network. Moreover, the post-paid payment policy has been widely used successfully in many services such as credit cards and cellular networks. In FESCIM, each node needs a certificate to use the network. Issuing a certificate is not free to make changing an identity costly. Similar to the existing single hop cellular networks, the AC stores the personal information of the users, and thus it can take the legal procedures against the users who do not pay. To limit the debt, a certificate lifetime is short and depends on the node s credits at the certificate issuing time and its average credit consumption rate. We can also mix both the pre-paid and the post-paid payment policies to reduce the debt amount, e.g., each node has to pay some money in advance at certificate renewal. III. CONCLUSION In this paper, we have proposed a fair, efficient, and secure cooperation incentive mechanism for MCN. In order to fairly and efficiently charge the source and destination nodes, the lightweight hashing operations are used to reduce the number of publickey-cryptography operations. Moreover, to reduce the overhead of the payment checks, one small-size check is generated per All rights reserved by 205

5 session instead of generating a check per message In this paper, instead of generating two signatures per packet (one from the source and the other from the destination), we have replaced the destination node s signature with hashing operations to reduce the number of public-key-cryptography operations nearly by half. The source node attaches a signature in each data packet to ensure the payment non repudiation and to verify the message integrity at each intermediate node to thwart Free- Riding attacks. REFERENCES [1] G. Shen, J. Liu, D. Wang, J. Wang, and S. Jin, Multi-Hop Relay for Next-Generation Wireless Access Networks, Bell Labs Technical J., vol. 13, no. 4, pp , [2] R. Schoenen, R. Halfmann, and B. Walke, MAC Performance of a 3GPP-LTE Multihop Cellular Network, Proc. IEEE Int l Conf. Comm. (ICC), pp , May [3] 3rd Generation Partnership Project, Technical Specification Group Radio Access Network, Opportunity Driven Multiple Access, 3G Technical Report , Version 1.0.0, Dec [4] S. Marti, T. Giuli, K. Lai, and M. Baker, Mitigating Routing Misbehaviour in Mobile Ad Hoc Networks, Proc. ACM MobiCom, pp , Aug [5] P. Michiardi and R. Molva, Simulation-Based Analysis of Security Exposures in Mobile Ad Hoc Networks, Proc. European Wireless Conf., Feb [6] J. Hu, Cooperation in Mobile Ad Hoc Networks, Technical Report TR , Computer Science Dept., Florida State Univ., Jan [7] G. Marias, P. Georgiadis, D. Flitzanis, and K. Mandalas, Cooperation Enforcement Schemes for MANETs: A Survey, J. Wireless Comm. and Mobile Computing, vol. 6, no. 3, pp , [8] C. Song and Q. Zhang, OMH-Suppressing Selfish Behaviour in Ad Hoc Networks with One More Hop, Mobile Networks and Applications, vol. 14, no. 2, pp , Feb [9] D. Djenouri and N. Badache, On Eliminating Packet Droppers in MANET: A Modular Solution, Ad Hoc Networks, vol. 7, no. 6, pp , Aug [10] G. Bella, G. Costantino, and S. Riccobene, Evaluating the Device Reputation Through Full Observation in MANETs, J. Information Assurance and Security, vol. 4, no. 5, pp , Mar [11] D. Johnson and D. Maltz, Dynamic Source Routing in Ad Hoc Wireless Networks, Mobile Computing, pp , chapter 5, Kluwer Academic, [12] C. Perkins and E. Royer, Ad-Hoc on-demand Distance Vector Routing, Proc. IEEE Workshop Mobile Computing Systems and Applications, pp , Feb [13] FESCIM: Fair, Efficient, and Secure Cooperation Incentive Mechanism for Multihop Cellular Networks. Mohamed M.E.A.Mahmoud and Xuemin (Sherman) Shen. [14] L. Anderegg and S. Eidenbenz, Ad hoc-vcg: A trustful and costefficient routing protocol for mobile ad hoc networks with selfish agents, Proc. of ACM MobiCom, San Diego, CA, USA, September [15] K. Sanzgiri, D. LaFlamme, B. Dahill, B. Levine, C. Shields, and E. Belding-Royer, Authenticated routing for ad hoc networks, IEEE Selected Areas in Communications, vol. 23, no. 3, pp , March [16] Y. Hu, A. Perrig, and D. Johnson, Ariadne: A secure on-demand routing protocol for adhoc networks, Proc. of ACM MobiCom, Atlanta, GA, USA, September [17] A. Mitra el at, High-performance low power sensor platforms featuring gigabyte scale storage, Proc. of IEEE/ACM Measurement, Modeling, and Performance Analysis of Wireless Sensor Networks, [18] A. Menzies, P. Oorschot, and S. Vanstone, Handbook of applied cryptography, CRC Press, Boca Raton, Fla., [19] NIST, Digital hash standard, Federal Information Processing Standards Publication 180-1, April [20] M. Wiener, Performance comparison of public-key cryptosystems, Technical Newsletter of RSA Laboratories s CryptoBytes, vol. 4, no. 1.. [21] Y. Lin and Y. Hsu, Multihop Cellular: A New Architecture for Wireless Communications, Proc. IEEE INFOCOM, vol. 3,pp , Mar [22] H. Wu, C. Qios, S. De, and O. Tonguz, Integrated Cellular and Ad Hoc Relaying systems: icar, IEEE J. Selected Areas in Comm., vol. 19, no. 10, pp , Oct [23] G. Shen, J. Liu, D. Wang, J. Wang, and S. Jin, Multi-Hop Relay for Next-Generation Wireless Access Networks, Bell Labs Technical J., vol. 13, no. 4, pp , 2009 [24] R. Schoenen, R. Halfmann, and B. Walke, MAC Performance of a 3 GPP-LTE Multihop Cellular Network, Proc. IEEE Int l Conf.Comm. (ICC), pp , May [25] 3rd Generation Partnership Project, Technical Specification Group Radio Access Network, Opportunity Driven Multiple Access, 3G Technical Report , Version 1.0.0, Dec All rights reserved by 206