Clone attack detection and data loss prevention in mobile ad hoc networks. Ganapathy Mani. 1 Introduction

Transcription

1 Int. J. Space-Based and Stated omptng, Vol. 5, No. 1, lone attack detecton and data loss preventon n moble ad hoc networks Ganapathy Man Department of ompter Scence, George Washngton Unversty, Washngton, D, USA Emal: [email protected] Abstract: Wreless ad hoc networks, moble ad hoc networks (MANETs) n partclar, are not protected by tamper-resstant or eqpped wth hgh-storage-capacty hardware becase of ther low-cost and small sze. So they are hghly vlnerable to ntrson, node compromse, physcal captre attacks and data loss. De to harsh envronments where these devces operate, they face data loss and redced data avalablty, and f captred by an attacker, the devces can easly be compromsed and cloned. The cloned devces wll have the same entty as legtmate devces and nteract wth other devces to compromse them. In ths paper, we propose two mechansms: 1) novel clone attack detecton scheme log n log ot detecton (LLD) and system-we annoncement detecton (SWAD) sng low-energy dynamc (LED) clsterng; 2) combnatoral replcaton and partton (ORP) of data parwse balanced desgn property of combnatoral arrangement to prevent data loss. These mechansms can be extrapolated to geospatal networks as well. Keywords: moble ad hoc networks; MANETs; data loss; clone attacks; replca attacks; combnatoral desgn; data replcaton; data avalablty; falt-tolerance. Reference to ths paper shold be made as follows: Man, G. (2015) lone attack detecton and data loss preventon n moble ad hoc networks, Int. J. Space-Based and Stated omptng, Vol. 5, No. 1, pp Bographcal notes: Ganapathy Man receved hs Master n ompter Scence at the George Washngton Unversty n Washngton D, USA. He s a Lectrer n the Department of ompter Scence at George Washngton Unversty. Hs research nterests nclde network protocols, dstrbted systems, nformaton management, and hman-compter nteracton. He has athored several nternatonal conference pblcatons and nvted for several presentatons. He receved hs Bachelor s degree n Electroncs and ommncaton Engneerng from Anna Unversty, Inda. Ths paper s a revsed and expanded verson of a paper enttled ORP: an effcent protocol to prevent data loss n moble ad-hoc networks presented at the 27th IEEE Internatonal onference on Advanced Informaton Networkng and Applcatons Workshop (WAINA), Barcelona, Span, March Introdcton Two of the maor concerns n moble ad hoc networks (MANETs) are detectng or preventng clonng (replca) attacks as well as preventng data loss to ncrease the falt-tolerance of the entre network. 1.1 Data loss n MANETs De to npredctable node movements, harsh workng envronments, and qck battery exhaston, the devces n the network often loose ther commncaton lnks creatng mltple parttons n the network. Stdes (Vallr et al., 2008; Derhab and Badache, 2009) have shown the sgnfcant negatve mpacts de to the loss of data drng commncaton. MANETs are of paramont mportance n dsaster management, search and resce mssons, mltary and law enforcement actvtes, and combat zones drng war. Data loss and lack of data avalablty drng commncaton can have devastatng conseqences n those operatons Inadeqaces of crrent soltons n preventng data loss There are several schemes of data replcaton protocols sch as Hara and Madra (2006), and Derhab and Badache (2006) to prevent data loss n MANETs. Any mechansm that ses data replcaton mst address the challenges faced by MANETs sch as lmted energy storage of devces, fast dranage of battery, lmted storage capacty, and npredctable node moblty n the network. Two basc approaches based on floodng the network have been proposed to tackle data loss n MANETs: opyrght 2015 Inderscence Enterprses Ltd.

2 10 G. Man 1 a dstrbted approach of floodng the entre network wth the nformaton abot the data or metadata (nformaton abot the real data) 2 selectve floodng throgh algorthms based on gossp or epemc where the messages are sent to the near by nodes that are chosen randomly. The frst method s not feasble de to the lmted storage space of MANETs devces and the second method cannot be sed n sparse networks becase the devces that are far away wll not receve the messages de to the lmted commncaton range. Even f they are wllng to commncate to the long dstances, t wold reslt n ncreased commncaton overhead ths dranng the battery. Reference pont grop moblty (RPGM) proposed by Wang and L (2002). Here, the athors assme constant speed for the devces n MANETs. Bt n the real world, the devces n MANETs can have dfferent velocty levels for each ndval devce determned by the servce provers. Sawa et al. (2006), and Haas and Lang (1999) proposed Qorm (sbset)-based replcaton mechansm where sbsets of replcated servers wll be selected randomly and they wll perform the operatons among that sbset of devces. Ths saves energy for each devce becase ts commncaton range s redced. Bt these sbset of devces face the danger of dranng ther batteres fast. Snce the entre network s based on these sbsets of devces, f the battery s draned, t cold eopardse the entre network s fnctonalty. They are also constraned by very lmted memory space. hen et al. (2002) proposed a dstrbted mechansm where each node s aware of ts partton and broadcasts an annoncement called ad to the entre network. The message ad contans the nformaton abot the free space avalable n the node, seqence nmber, and processor tlsaton. Local nodes wll pdate ther lookp tables based on ths message. Bt the lookp table s nformaton ncreases exponentally becase of the node movements ths ncreasng the storage overhead. Dynamc connectvty-based gropng (DBG), statc access freqency (SAF), dynamc access freqency, and neghborhood (DAFN) methods were proposed by Hara (2001) to ncrease the data avalablty throgh reallocaton methods. Bt these methods reallocaton perod s a constant ths they cannot adapt to the npredctable movement and varos rotng mechansms of MANETs Or contrbtons to solve the problem We propose combnatoral replcaton and partton (ORP) scheme to make a perfect dstrbton of replcated data among host nodes n the network. Or scheme sgnfcantly redces the data loss and ncreases the data avalablty. Usng combnatoral organsaton (balanced block desgns) of the network commncaton lnks, ORP allows the data tem to be replcated only few tmes and yet sgnfcantly ncreases the data avalablty. ORP ncreases the ntrnsc relablty of the entre network wth ts falt-tolerance capablty. It also allows the nodes that have replcated data tems to nteract concrrently ths allowng faster data transmsson. Becase the moble nodes wll be aware of ther remanng energy and speed, they can reqest another node to contne the work f t s movng fast or f there s no or lttle energy remanng. Ths ncreases data avalablty as well as falt-tolerance of the network. The devces wth hgh remanng energy and average speed wll only be selected to be the host of data transmsson. The devce wth the low energy wll not partcpate n the network partton ths extendng ts lfe. 1.2 lone attacks n MANETs Secrty n MANETs s a wely stded topc and there are sgnfcant challenges n preventng as well as detectng the attacks (Martn and Gyennet, 2011; Meng et al., 2013; Atass et al., 2014; Indra and Tanea, 2014). De to ther low cost and small sze, MANETs are very sefl n several areas. Bt t comes at the cost of secrty. A recent stdy (Glgor, 2007) shows that MANETs are hghly ssceptble to physcal captre and/or node compromse attacks becase of the low-cost hardware, small sze, and very lmted resorces n the devces. As a conseqence, the attackers can lanch node clone attacks n whch an attacker can deploy several cloned nodes n the network. These clones can collde and become the base of several other attacks. MANETs commncaton protocols bascally rely on forwardng/relay. The clones can easly manplate these protocols and mslead the entre network and case sgnfcant damage by blockng traffc n the network, compromse commncaton channels, and lanch gray-hole and wormhole attacks (H et al., 2002; Song et al., 2005). Snce these clones have all the credentals sch as keys, proper IDs etc. as that of legtmate devces n the network, they can partcpate n the network s commncaton processes. Ths can lead to varos nser attacks (L et al., 2007; apkn and Hbax, 2005) and take over of the entre network. In a recent stdy these clones are referred to as attack mltplers (Xng and heng, 2010). So t s crcal to devse soltons for ths problem whle sng less resorces (storage, comptaton, power, etc.) from the devces n the network Inadeqaces of crrent soltons to detect clone attacks The detecton of clone attacks n MANETs s a hard challenge de to the need for desgnng schemes wth respect to nderlyng moblty, the large nmber of we spread cloned nodes, and cloned nodes collson. A method proposed n Shaw and Knsner (1997) stores a nqe sgnatre for the devce based on ts sgnal transmsson characterstcs at the base staton. Any devce that volates

3 lone attack detecton and data loss preventon n moble ad hoc networks 11 the sgnatre characterstcs wold consered to be a cloned node. Procedres lke ths are sed by cell phone network admnstrators to prevent the clonng of devces. Bt n moble mlt-hop envronments, t s very hard for the base staton to track ndval devces and ther mlt-hop way transmsson characterstcs. Some of the crrent methods to detect clones, fal de to node moblty, local vew of the network by the detecton devces, and they fal to address node collsons. Other localsed schemes (L et al., 2007) fal to detect clone attacks when they are wely dstrbted n the network. A centralsed herarchcal method was proposed n ho et al. (2007) where the network wll be dved nto several sb-regons and each one wll have a header node to keep track of the devces n the sb-regons. From the herarchcal tree, chld nodes report to the header nodes and header nodes report to base staton. When combnng the member lsts reported by chld nodes, a header node checks the ntersecton of two node reports and any empty ntersecton ndcates the presence of cloned nodes n the network. Brooks et al. (2007) also proposed a centralsed scheme where the base staton collects the key sage statstcs (nmber of tmes a key s sed for commncaton processes) and detects clones n freqency doman,.e., freqent se of the key cases the base staton to report a clone attack based on the assmpton that the nmber of node pars that select the same random key s ndependent and entcally dstrbted. Eschenaer and Glgor (2002) proposed a scheme where the random keys are preloaded to each node and two other neghbors establsh a shared key f the preloaded keys have at least one n common. There have been three recent stdes for clone attacks detecton n moble envronment. A localsed scheme XED was proposed n Y et al. (2008) n whch each node remembers the random nmber t ssed when t met wth other nodes. When these two nodes meet agan, they check ths random nmber they exchanged last tme. If the nmbers do not match then they report clone attacks. Even thogh ths scheme does not have any lmtaton on the nmber of clones/compromsed nodes n the network, the scheme wll fal f the nodes collde wth each other. They can mslead the protocol by synchronsng ther random nmber to respond to legtmate nodes. Another centralsed solton called SPRT was proposed n Ho et al. (2009). If the speed of the node s more than the ntal speed lmt set by the servce prover, they predct that there mst be clone attacks n the network. Bt collsve nodes can synchronse ther movements and he from the detecton protocols. Same as XED, SPRT does not resst the colldng clones. Detecton protocols TDD and SDD were proposed n Xng and heng (2010). They detect clones both n tme and space (locaton) doman based on a key exchange mechansm. MANET nodes se an ordered one-way encrypton fncton called a challenge chan to perodcally report ther locaton and tme to ther two-hop neghbors. Volaton of challenge chan order and nqe locaton at a gven tme epoch s consered to be a clone attack on the node. These methods works fne wth collsve nodes and moblty. Bt when t comes to sparse networks (Garetto et al., 2008), a node cannot follow the two-hop neghborhood rle, and ths the compromsed nodes can collde. Normal node behavors sch as swtchng off or sddenly loosng sgnal cold wrongly be nterpreted as clone attacks. Snce each node mst save the logs of all the nodes t meets, the storage cost ncreases lnearly and the energy consmpton ncreases drastcally. Bt MANET devces are not desgned to save large amonts of data or posses hge batteres Or contrbtons to solve the problem In ths paper, we propose two schemes to detect clones wth LED clsterng. These methods allow the clones to generate contradctory nformaton. omparng wth the exstng stdes mentoned n the ntrodcton, we have the followng sgnfcant nqe contrbtons. Or schemes have the capablty of makng the clones generate contradctory nformaton when they engage n exchange wth other nodes or move to a new clster. Snce or methods do not have any lmtatons on the nmber of clones and ther dstrbton n the network, we prove excellent reslence aganst collsve clones. Snce we do not make any assmptons abot the moblty models, or scheme can be appled to we range of MANETs. These are sgnfcant mprovements compared to the schemes (Ho et al., 2009; Y et al., 2008). Unlke Xng and heng (2010), we ntate the detecton process whenever t s necessary nstead of constantly reportng to nearby nodes. We take advantage of system-we annoncements (SWAs) to make sre that the clster head knows the crrent stats of the node, whch avos msnterpretaton of normal slence (lke swtched off) of a node. The network s dved nto clsters, whch makes or scheme a localsed one. Bt at the same tme, we make sre t has globalsed vew of the entre network throgh clster heads. Fnally, or schemes make se of a smple one-way hash fncton for clone detecton, whch prodces very low comptaton overhead. 2 Assmptons, notatons and models 2.1 Network model We conser the networks consstng of moble devces or wreless sensors wth moblty [vehclar ad hoc networks (VANETs) and nternet-based moble ad hoc networks (MANETs)]. In most cases, these devces are not eqpped wth tamper-resstant hardware. The commncaton range of the network s from NR mn to NR max and R mn to R max s for

4 12 G. Man a node. Table 1 represents the notatons that we sed n ths paper. Table 1 Notatons MH d UT NR N R 2 R c t R H T R H hp f Sg lc D P Table of notatons Means Moble host for data transfer Data tem Update trgger for data messages ommncaton range of the entre network N nodes n network One se length of a clster Area of a clster Nmber of nodes n a clster The commncaton range of a node The clster lster head Trgger for secrty Hash fncton Hash par Fncton Sgnatre Locaton coordnates Dstance between the node and clster head Remanng power n the devce Network clsters We dve the commncaton range nto eqal parts to form a network clster gr (NG) formaton. We assme that each se of the network clsters wll be eqal n sze, whch can help to manage clsters effectvely wthot any confson over bondares. Each clster can have ther own shape as long as they satsfy the followng eqaton, NRmax Rmax = (1) λ where Rmax s the commncaton range of the clsters, λ s the desred nmber of clsters n the network, λ 1, NR max %λ 0, and Rmax Rmax. An advantage of ths arrangement s that the servce prover wll be able to set the vale for λ based on the overhead that they wll be able to sstan. Ths gves the flexblty to the servce prover to set the rght nmber of clsters based on ther reqrements and other factors sch as cost and energy. Also, we se ths arrangement to redce long dstance commncaton overhead. These bondares for clsters can be montored and mantaned throgh GPS (Hofmann-Wellenhof et al., 1993) systems. Each clster ( ) wll have a clster head ( H ) for montorng c t nmber of nodes. These clster heads wll have sffcent battery power (P), and storage capacty to carry ot the tasks. Each clster wll have two backp nodes to take over the H s responsbltes n case the clster head stops commncaton [W et al. (2008), and Yons and Fahmy (2004) show havng clster head backps s possble]. One H backp wll be close to the crrent H and another backp wll be far from the H. We wll dscss the ratonale behnd ths arrangement n Secton 5. Drng the deployment of the nodes, the clster heads are ntally selected by the network servce prover (or base staton). lster heads store the nformaton abot all the nodes n ther clster. We assme that every node n a clster s able to obtan nformaton abot ts locaton coordnates and verfy other nodes locaton n the clster throgh GPS (Hofmann-Wellenhof et al., 1993) or other postonng methods (Thaeler et al., 2005; Y et al., 2007b). We frther assme that the clocks of all nodes are loosely synchronsed. We se t 1, t 2, t 3,, t,, t, to represent the tme moments n the clster where t < t gven <,, Z +. We assme that the data s parttoned nto data tems (d ) based on or combnatoral arrangement. Ths data partton can be done on packet level or data level. Each moble host MH (MH ) wll have a data tem ( d ) and some moble hosts MH wll have a replcated ( d ) verson of ths data tem Moblty model R After deployng the nodes, they can exercse dfferent moblty models. A node s speed can vary as per ts needs from 0 to V max where V max = maxmm velocty of the node set by the servce prover. Each node n the network has the capablty of releasng SWAs when an event s trggered. These SWAs are responsble for ntatng the commncaton process between a node and clster head. We assme that an attacker shold ntate any of these trggers to clone or compromse a node. We defne the trggers that cold release a SWA as swtched-off, swtched-on, transmttng, recevng, and sdden ncrease n speed becase we assme that an attacker wll attempt at least one of those operatons to clone a devce. We denote these trggers as (TR m ) where m = logn, logot, on, off, tx, rx, and V max (here, logn and logot are nothng bt the trggers set off when a node leaves a clster to on another and on, off are swtched on and off. Recent stdy (Perrone and Nelson, 2004) dscsses these knds of attacks based on on-off). These trggers wold ntate the commncaton process between the clster head and a node. We assme that once the adversary compromses a node, he/she wll try to captre other nodes and clone them as soon as possble by connectng to other devces to: 1 transfer hs malcos code 2 copy vtal nformaton from the node to hs devce. The attacker also has to move fast to get away from the captred locaton to avo beng detected, whch wll ncrease the velocty of the devce. So we assme that the attacker mst ntate any one of these trggers when the attacker tres to captre or compromse more nodes to clone.

5 lone attack detecton and data loss preventon n moble ad hoc networks Secrty model Before deployment, node s pre-assgned wth a par prvate and pblc keys (Xng and heng, 2010) and a nqe. s also preloaded wth a one-way hash fncton H and a nqe random prvate seed. can create a one-way hash set wth H and the nqe random prvate seed. Ths hash set s denoted by hp 0, hp 1, hp 2,, hp, hp +1, hp +2, where hp = H(hp +1 ) (hp s nothng bt a hash par).we also assme that the node stores a locaton generaton fncton f lc and a tme generaton fncton f tme where f lc (, t) comptes the locaton coordnates of the node gven ts and tme t. f tme (, hp, t ) comptes tme gven an, a hash par hp, and the tme moment when the commncaton was ntated. Gven the node the tme s calclated by t = f tme (, hp, t ). Let each node algn wth an nteger 1, we se hash par hp as a seed for mappng 1 to another nteger 2, we then set t = t. As exstng stdes sggest, we assme that once a node s compromsed or captred, all the nformaton (e.g., codes, keys, ID, etc.) of the node can be extracted from t. An attacker that has captred a node can deploy clones of anywhere n the network. So these clones can act as legtmate nodes, partcpate n the network actvty, and lanch varos nternal attacks. For example, they can nect false data and mslead other nodes and base staton, whch can case severe traffc and network otage. Wth ths, we also assme the clones can collaborate wth other clones deployed by the attacker; they are advanced, effcent, and can attempt to be slent avo detecton. Based on these assmptons, all exstng approaches lack n detectng certan types of node replcaton attacks n MANETs. 3 ombnatoral replcaton and parttonng protocol OPR s the combnaton of two parts: SWAs and Replcaton sng balanced ncomplete block desgn (BIBD). 3.1 Data replcaton and partton wth BIBD ORP, presented n Man (2013), s based on the combnatoral property of BIBD: A BIBD desgn on a set of v elements s a collecton of b k-sbsets sch that each element appears exactly n r sbsets and each par of elements appear exactly n λ sbsets. The BIBD s represented by ts parameters n standard notaton: (b, v, r, k, λ)-confgraton (Man et al., 2013). For example, conser a small network wth seven nodes and a dataset D. The data n the dataset wll be parttoned nto seven sbsets (data tems) accordng to the BIBD. So D = {d 1, d 2, d 3, d 4, d 5, d 6, d 7 } whch constttes a BIBD partton of (7, 7, 3, 3, 1)- confgraton. Ths data can be splt nto packet level or data level. In ths confgraton there are seven data blocks (DB) are avalable and each wth three data tems (sbsets): DB 1 = {d 1, d 5, d 7 }, DB 2 = {d 1, d 2, d 6 }, DB 3 = {d 2, d 3, d 7 }, DB 4 = {d 1, d 3, d 4 }, DB 5 = {d 2, d 4, d 5 }, DB 6 = {d 3, d 5, d 6 }, DB 7 = {d 4, d 6, d 7 }. There are other smlar confgratons sch as (7, 7, 3, 3, 1)-confgraton: (12, 9, 4, 3, 1), (13, 13, 4, 4, 1), (21, 21, 5, 5, 1), (26, 13, 6, 3, 1), etc. For any practcal se of ths desgn, we do not reqre a perfectly nform desgn of network wth BIBD. The devaton from the balance does not affect the fnctonng of the network. The parwse balanced property characterses the followng combnatoral desgn: for any par of data tems d and d, there s a DB DB x, to whch both data tems belong smltaneosly (Man, 2013). The evalaton of these parameters s gven n Secton BIBD partton of data n MANETs The devces n the network wll be parttoned based on BIBD. In ths case, each moble host node wll have ther own data tem wth the other two replcated data tems avalable n and acqred from other two host nodes. Fgre 1 gves the archtectre of the BIBD wth (7, 7, 3, 3, 1)-confgraton. PB represents the processng block for moble host, X s the data tem (d), L s commncaton lnk between the nodes and M s the memory of moble host. Ths network connecton strctre allows changes to the data tems to be pdated smltaneosly and ndependently n all the nodes wth ther replcated data tems throgh the commncaton confgraton (lnks). One of the mportant featres of ths arrangement s that the data tems wll not nterfere wth one another drng transmsson or recepton. Ths featre creates an effcent dstrbted strctre for the network that spports the obect-orented system desgn. As per the defnton of the parwse balanced desgn (PDB) property, takng any par of data tems from PB, X 2 and X 4, we can always fnd a PB wth those two data tems. X 2 and X 4 are avalable n PB 5. So f any data tem s corrpted n any of the processng host node, ts always possble to fnd the a replacement of the corrpted tem. Ths not only ncreases the data avalablty, t also ncreases the falt-tolerance of the network and ths of the data tems. Fgre 1 An example archtectre of BIBD: (7, 7, 3, 3, 1-confgraton (see onlne verson for colors)

6 14 G. Man 3.3 SWA ORP Each devce n the MANET commncates wth ther replca devce by the SWA whenever there s an pdate or a change has been made to the data tem. For ths ORP-SWA, we conser for pdate trggers (UT) that wll ntate a SWA: 1 node s gong ot of the commncaton range ( UT Rmax ) 2 low remanng battery power ( UT Pmn ) 3 an pdate or q change has occrred for the data tem (UT pdate ) 4 devce swtches off (UT off ). The SWA wll nclde the average speed, remanng battery power, and locaton coordnates of the movng devce. MH MH MH ( ) Msg : UT MH MH P V lc t MH MH Here, t s the tme when SWA was ntated, V s the velocty of the host node, and P s the power remanng n the host node. V MH = lc t lc t where > and, Z +. Throgh the SWA-ORP each node can calclate ts replca nodes average velocty, remanng battery power, and the commncaton range. In case, f any one of these parameters of a node s odd then the replca node wll look for another elgble near by node to replcate the data of the bad (compromsed) node. Ths ensres the constant data avalablty and redces data loss. The host node mantans a lookp table ( table MH ) to store the logs of changng nformaton abot the replca host nodes as well as ts replcated data tems. 4 lone attack detecton protocols We overcome the problem of detectng node clonng attacks sng two schemes. We wll detal or log n log ot detecton (LLD) scheme and system we annoncement detecton (SWAD) schemes. Frst, we need to ntrodce or SWA protocol, whch s the bass for both LLD and SWAD. 4.1 SWA clone attacks When s leavng ts crrent clster and ons a new clster t releases the followng messages, Msg H : ( TRlog ot H Sg ( H ) hp Sg t lc P ) Msg H : ( ( ) ) log 1 TR n H Sg H hp+ Sg t lc P (2) where TR s the trgger that ntated the commncaton, Sg s the sgnatre of sgned by H ( ) wth s ( H s) pblc key for the commncaton message, H s the clster head of the last clster from whch the node s leavng, Sg( H ) s the last clster head s sgnatre, whch s the proof that the node was ndeed n the clster, lc and t represents the locaton coordnates and tme at whch the commncaton was trggered, hp represents the hash par whose ndex s smaller than all the nssed hash pars. Here, D s the dstance between and H. After the commncaton s fnshed, removes the hash par hp. So s next hash par wll be hp +1. Table 2 The table of MH storng SWA receved from a replca Node ID Detals MH UT MH MH MH P V lc t off MH k MH MH MH UT MH P V lc t mn P The clster head mantans Table 2 ( table c ) for the nformaton t obtans from SWAs from each node. It also mantans a separate table for the nformaton abot each node s dstance (D) from H H D lc lc V and speed (Velocty), where = (3) = lc t lc t The nodes and v have commncated wth the clster head drng the tme perod δ. The sage of δ wll be explaned n Secton 5. The node cannot alter or tamper wth ts hash pars becase the hash pars and the order of ther delvery are closely montored by the clster head. So gven a node : It cannot sse hash pars that are dplcated becase each hash par n s hash set s nqe. The new hash pars mst comply wth the one-way property, whch means they can be sed to compte the prevos one bt not the other way arond. It cannot skp a hash par and sse a new hash par to H snce the clster head wll have pdated nformaton abot s hash par and ts order. It cannot be n two modes (trggers) at a gven tme. For example, the node cannot be swtched-off and swtched-on at the same tme. cannot consectvely send a message to clster head wth swtched-on or off. If node ssed a swtched-off trgger then the next message shold carry swtched-on trgger. (4)

7 lone attack detecton and data loss preventon n moble ad hoc networks 15 5 Underlyng ratonale of or approach We derve the followng specs from the SWA of ORP. A trgger s set off at the followng event and SWA ntaton follows: 1 hgh velocty or gong otse of the commncaton range 2 low remanng battery power. Ths SWA s ntated to select a new host for the data tem. It also notfes the detals abot ts crrent staton to the nodes that are reqestng ts data tem along wth another close by replca. In ths way, the reqestng node can obtan the data tem from that elgble devce. In order to force the moble host nodes for the proper process of ntatng data transfer, selectng a new moble host to have the data tem replcated, we entfy the followng rles: 1 When host node receves a reqest for the data tem, t mst posses sffcent energy to do the data transfer. If not, t forwards the reqest to the closest node wth more energy and ts replcated data tem. Pmn P MH (5) 2 The host node mst be nder the maxmm velocty lmt allowed by the servce prover. MH V V (6) max 3 The dstance between the transmttng node and recevng node mst be small MH L loc loc (7) MH We derve the followng specs from the SWA of clone attacks: 1 At any gven tme, the locaton coordnates and hash par of a node n the network mst be nqe whch means a node cannot appear n two clsters or at two locatons at the same tme. 2 The locaton coordnates, hash par of a node mst be n consectve order along the perceved path and tme coordnates. Based on 1, 2 the nformaton of the message mst satsfy the followng rle. Any volaton of these wll be nterpreted as clone attack on node. 3 The ordnal order of hp n and hp n n s hash par mst be the same as that of t and t. In other words, n < n,ff t < t andf hp hp (8) n n Based on the rles and specs specfed above, we constrct the algorthms for the protocols for data loss preventon and clone attack detecton. ORP Data Transfer Protocol MH MH Inpt: Msg V, P, table MH MH MH Otpt: 0=Sccess, 1=Dfferent node was chosen for transfer MH MH fncton ORP( V, P ) node Reqest receved by H b for data block d ( P P and V V ) then Hb f Hb mn max Begn Transfer Retrn 0 else f ( table 0) then MH Accordng to Secton 5 rles Identfy the stable replca for transfer Notfy abot replca node to reqestng Begn Transfer Retrn 1 else f ( MsgMH MH UT was ntated) then Accordng to Secton 5 Select a new host to replcate data tem Notfy other replca host nodes Retrn 0 end f end f end f end fncton The tme complexty of the Algorthm 1 s O(1) when the speed and power are mantaned wthot any dstractons. Bt when a SWA s trggered then the node goes throgh the replca nodes (nodes wth the replcated data tems) elgblty n table to ether reqest or notfy the reglar MH nodes as well as the host nodes. The tme complexty for ths process s O(b), where b s the nmber of moble nodes partcpatng n the ORP partton. 5.1 LLD: log n log ot detecton In ths part, we present or LLD scheme, an athentcaton and centralsed mechansm to detect clone attacks n MANETs. In ths procedre, two clster heads from dfferent clsters partcpate wth a sngle node.

8 16 G. Man LLD checkng on at tme nterval t n H H n n m n Inpt:, hp, hp, TR, t, table, table Otpt: 0=Normal, 1=lone Detected fncton LLD(, hp, TR, t, table, table ) f ( s leavng the clster m n at tn ) then ntates SWA wth TR logoff to H n the clster, where H, calclates H n 1 t f (, hp, t ) tme t of. tme Locaton f lc (, t) n 1 locaton to send Msg H ( H ) Locaton Msg Sg Msg sent from to H along wth H sgnatre. Accordng to the Secton 5 rles f ( s message s consstent) then Retrn 0 H backps & table c are pdated by H else Retrn 1 H alerts the clster abot. end f end f f ( s onng the clster at t n ) then then ntates SWA wth TR logn to Perform steps 3 7 for H H H forwards s Msg to H to verfy f ( s fond n Retrn 1 else Retrn 0 nfo end f end f end fncton table c wthot TR logoff ) H sends Msg(OK) to H H deletes s detals from table. table, H Backps are pdated wth s c The algorthm s basc concept s as follows: When the node leaves the clster and moves to another clster t generates a SWA wth TR logn and sends the pdated annoncement wth new hash par to H at tme t n. H sends a message to H wth s recently receved message and lanches a secrty check. H checks table c for any other nodes c wth the same entty wth dfferent TR drng the tme nterval δ. H wll be able to verfy easly, becase of the one-way property of the hash par by sng preloaded hp 0 or any of the prevosly ssed hash pars. Message from mst have consstent locaton and hash par clams accordng to Secton 5. Any volaton of the rles n Secton 5 wold prompt the clster head to sse an alert to the whole clster and nearby clster heads abot node. Then node wll be saved n all nodes n the network as a threat. After recevng hp n the H calclates the tme t sng the fncton f tme. An mportant pont to note here s the comptaton of the tme t and the exchange process s lghtly dffered to the tme t n 1. Wth ths we can clearly see that: 1 After deletng the nformaton abot node, f H receves any pdated nformaton from a node wth s, t s clearly a clone. So cannot engage n clster actvty wthot ts prevos clster head s clearance. 2 Snce there s a dfference n tme to calclate t and report to the H, an attacker cannot determne the t wthot ts hash par. By one-way property of the hash par, the attacker cannot determne the tme t or locaton to send the message. Let s conser an example. If has sccessflly left the clster and f H receves a message from a dplcate of nse ts clster then t clearly ndcates a clone attack n the network. It s not only that the clone node d not go throgh LLD bt the message wll not be complyng wth the rles specfed n Secton SWAD: system we annoncement detecton When an exchange (transfer or recevng) takes place between two devces, a SWA message wll be ntated Msg H : ( TRtx v H Sg ( H ) hp Sg t lc P ) Msg v H : v v v v v ( TRrx v H Sg ( H ) hp Sg t lc P ) where s the node, whch s transferrng the data and v s the node that s recevng the data. v wll also send the message to the clster head wth the r x tag for the trgger. To make every node follow the exchange process fathflly, we mpose the followng strateges: As soon as the node s connected wth another node v for an exchange process (transmt or receve), sends an pdated nformaton wth the trgger. v wll also follow the same procedre and pdates the nformaton by sendng ts crrent exchange process

9 lone attack detecton and data loss preventon n moble ad hoc networks 17 wth the trgger. For example, f s transmttng and pdates clster head wth tx trgger then v mst pdate the nformaton wth rx trgger. If a node s gong to be swtched off by the ser, t shold pdate ts nformaton wth an off trgger. And t shold follow the order of ths process. For example, f node pdates ts nformaton wth an off trgger, the next tme t shold pdate ts Msg wth an on trgger. Based on or strateges, we derve the followng rles: Rle 1 For a node n the network, t shold not travel faster than V max and t wll not be able to perform exchange processes wth more than a few devces. Rle 2 Some trggers follow an order ths cannot be n the same trgger at the same tme. For example, TR off mst be followed by TR on and vse-versa. Also, cannot be n two dfferent trggers at the same tme. SWAD heck on and v Inpt:, v, table, Msg, Msg H v H Otpt: 0=Normal, 1=lone Detected, 2=H absent 3=N/A 1: v fncton SWAD(, v, table, Msg, Msg ) 2:, v ntates SWA wth TR rx and TR tx to H 3: f ( table 0) then 4: Accordng to rles n Secton 5 5: f (Msg, Msg v are consstent) then 6: Retrn 0 7: Send acknowledgement to node and v 8: f (Acknowledgment was not receved) then 9: Retrn 2 10: and v report wth Error 2. 11: Backp H takes over responsbltes 12: end f 13: else 14: Retrn 1 lone attack on and v 15: H alerts the clster abot and/or v 16: end f 17: else 18: Retrn N/A No Acton 19: end f 20: end fncton and v can be checked wth ther message by ther H and t can determne whch one s makng false clams abot ts locaton and hash par. SWAD check apples to the trgger off and on and goes throgh the same process of detecton. Unlke TDD (Xng and heng, 2010), SWAD does not conser a swtched off node to be a clone. Another mportant factor s that these trggers can be extended as per the network provers secrty need. For example, they can add gong nto a low sgnal zone or gong nto sleep or awake as trggers, so that each node wll go throgh SWAD. 5.3 lster dynamcs LED clster formaton In or detecton scheme, clster heads play an mportant role n montorng the devces n the system. Fgre 2 shows the clsters n a network. A clster head compromse wold be catastrophc to the network and we take some measres to avo t. In order to manage the tasks, we apply the followng strateges: 1 The power (battery) remanng mst be greater than all the other nodes n clster. 2 If the clster head s gong throgh an exchange process (transferrng or recevng) for ther mportant secrty, system-confgraton, and operatng system fles then the clster head notfes the backp clsters. 3 If node wants to become a clster head, ts velocty shold be less than all other nodes n the clster. Note: We conser these knds of exchange processes as a threat. Remarks: After a certan system-confgred low power level, the H looses ts credentals and the near by backp node takes over. Fgre 2 Random sx-clsters NG wth LED clsterng (see onlne verson for colors) Note: Red nodes represent clster heads, green nodes represent long dstance clster head backps, and ble nodes represent short dstance clster head backps lster head change and selecton When each node engages nto a clster, the clster head calclates ther velocty, dstance and saves both vales n a table (table ch ) wth the crrent power level t receved from the node. These nodes wll be sorted based on the power remanng n each node. The frst two devces wold be the next contenders for the clster heads. Both of the clster head backps wll be aware of ther responsblty and notfy the crrent clster head when ther energy s redced below threshold or Velocty max has been reached. We denote the

10 18 G. Man c near by clster head backp as H and longer dstance l clster head backp H. In some of the attacks, attackers tend to cooperate and captre many close by devces. Or proposed clster head arrangement wll prevent these knds of coordnated attacks snce the new clster head wold be very far away from the crrent one. The clster head selecton algorthm explans n whch scenaro the long dstance clster head back p wold be consered. lster Head Selecton Inpt: table ch Otpt: 0=Sccess, 1=No Acton 1: fncton HS(table ch ) 2: f (table ch 0) then 3: Sort table ch by Power and Velocty 4: Accordng to the rles n Secton 5 H 5: f ( P s low or H s leavng ) then c 6: Notfy H 7: H deletes table 8: Retrn 0 9: end f 10: f (, v report Error 2 or H s n TR off ) then 11: l H takes over as clster head 12: end f 13: Accordng to the rles n Secton 5 H 14: f ( Velocty Veloctymax ) then 15: l Notfy H to take over. 16: end f 17: else 18: Retrn 1 19: end f 20: end fncton If the trgger represents a threat, we select a H backp from long dstance. To be safe, we assme swtchng o and removng battery, whch cases sdden absent of clster head, are secrty threats. The H selecton process makes sre that the clster head wll not be compromsed easly. Each clster head n the clster wll also go throgh the same detecton protocols as they engage n the exchange processes. We conser transmttng or recevng mportant system confgratons or operatng system fles to be a credble threat for compromsng nodes. So when these knds of exchanges happen, the clster head wll notfy the backp clster head to take over and the new clster head wll determne the new backp clster heads, and the table wll be pdated (sent) to them. 6 Effcency analyss 6.1 Evalaton of parameters for ORP In the notaton (b, v, r, k, λ), b s the nmber of devces n the networks partcpatng n ORP, v s the nmber of commncaton or network lnks among the partcpatng devces, r-nmber of devces connected by the commncaton lnk to transmt or receve the data, k s the nmber of replcated data tems (d) n the devce, and λ s the nmber of tmes a par of data tems appear together n a host node. The detaled performance analyss has been proved n or prevos work (Man, 2013). Snce, b k = v r (9) ( k 1) r = λ ( v 1) (10) v b (11) the actal mplementaton of the PBD property does not reqre a perfectly nform BIBD. The parameter λ determnes the network s falt-tolerance capablty. Let s conser a small system, for example, λ = 1 and k = 3. To bld a system wth PBD property, v r (12) 6 2 v b (13) 6 So a system of 20 data tems wold reqre more than 60 moble host nodes as well as ten commncaton lnks. 6.2 Secrty analyss of clone detecton Or schemes are based on detectng the contradctory nformaton of a node and ts clone c generate n the clster. We analyse three dfferent scenaros of detecton and show that node and c always generate hash par contradcton n the clster Hash par contradcton Followng the precedence set by Xng and heng (2010), we analyse three dfferent possbltes of hash par contradcton and derve the probablty of detecton accracy. onser sses the hash par hp n 1 at t and ts clone c generates hp n2 at t, where t > t and lets assme δ t t where δ s a random tme moment. Let S hp be the set of hash pars generated by nodes and c wthn [t, t + δ] and [t δ, t ]. Shp = { hpn, hp 1 n1+ 1,..., hpn } 1+ x and S = { hp,..., hp, hp }. c c c hpc n2 y n2+ 1 n2 Gven the node and c and the hash par sets they have ssed to the clster head at [t, t + δ], there are three dfferent scenaros where c wll generate a hash par contradcton [Note: The followng cases actally match wth protocols proposed n Xng and heng (2010), bt

11 lone attack detecton and data loss preventon n moble ad hoc networks 19 these scenaros are accompaned by the stats of LED clsterng]. 1 n 2 < n 1 : The ndex of the hash par hp c n s smaller than 2 hp 1, n whch shows n 2 mst have been ssed earler than n 1 and hp c n s an expred hash par. Ths clearly 2 ndcates that there s a hash par contradcton and the clster head wold be able to take mmedate acton. 2 n 1 n 2 n 1 + x: Here, the hash pars are generated wthn the tme δ, whch means that they generate a contradctory hash par that volates rles specfed n Secton 5 and nqeness of each hash par. In another words, the hash pars ssed by c and cannot be the same wthn the tme draton δ. 3 n 2 > n 1 + x: 3 node cannot have made ths many exchanges or log n and ot of so many clsters. So cannot sse x + 1 hash pars wthn δ. Ths, Shp ( hp ) ssed by shold be n consectve order n s hash par. So the maxmm hash par ndex that can sse at δ s hp n1 + x. So the clster head sses a warnng to all the nodes n the clster and nearby clster heads Nmber of cloned nodes based detecton accracy The probablty of a trgger, sendng a message to the clster head, s hgher de to the extensve trgger mechansms for mplyng a possble attack. So gven the nmber of clones avalable n the network, or SWAD s detecton accracy Prob (SWAD) approaches a 100%. 6.3 Storage, commncaton, comptaton analyss In ths secton, we frst compare the performance of the detecton schemes n Table 3 wth the recent related stdes n terms of a node s storage, commncaton and comptaton costs. Table 3 The table of H whch stores the nformaton that t has receved from at the tme nterval δ Node ID Detals TR, Sg H, hp, Sg, t, lc, P m ( ) TR, Sg H, hp, Sg, t, lc, P v m ( ) When verfyng the legtmacy of, LLD and SWAD reqest to send flc ( H, t ). So the comptaton overhead for both schemes to be lanched on any node s O(1). Snce flc ( H, t ). s a random locaton coordnate n the clster, the commncaton cost of both the schemes s O(1). Snce both of or schemes are localsed procedres, the commncaton and comptaton cost wold be O(1). An ndval node does not have to keep the record of any exchanges and each node does not store anythng except the prevosly ssed hash par, and ths the storage overhead wold be O(1). Bt for the H and backps, they have to save and pdate the transactons from the clster nodes. So the storage overhead wold be O(c t ) and the H selecton process wold take O(c t ). Snce or scheme s localsed throgh clsters, H wold not have to deal wth large nmber of nodes. ompared to other exstng schemes, n LLD and SWAD, nodes mantan constant commncaton, comptaton, and storage costs. Also, these schemes are hghly falt-tolerant snce they have two backp clster heads. 6.4 Performance metrcs ORP addresses the followng sses: 1 Replcaton cost: Nmber of replcated nodes that are deployed n the network. To ncrease the data avalablty, the nodes have to have the same replcated data tem. Ths may ncrease the replcaton cost as well as the storage cost of the entre network. 2 Lve moble nodes: Nmber of moble nodes wth enogh battery power to stay alve. The nodes can dran ther batteres by commncatng freqently and nnecessarly. 3 Data avalablty: The probablty to access the data tem when that partclar data tem was reqested. Whenever the data tem s reqested by a node, t s mportant for the data tem to be avalable mmedately. Otherwse the movement of the MANET node can dsrpt the commncaton and may lead to data loss. 4 Mantenance cost: The commncaton as well as the comptaton cost of mantanng clster-based network Smlaton reslts for ORP Usng NS2, we mplemented a smlaton of ORP blt 1,000 1,000 network wth 65 moble hosts. The commncaton range was set to 70 metres (takng Bletooth devces nto accont) and random walk model was employed snce the model emlates the npredctable movements of the MANET devces. We set the sze of each data tem to be 1 MB. All of the moble nodes wll have the same characterstcs as well as access freqences (nmber of tmes a data tem s accessed). We employed the energy model proposed n Feeney and Nlsson (2001), and Y et al. (2007a), and started the system wth 60,000 Joles for each moble. For Table 5, we se Derhab and Badache s (2009) metrcs methods. Energy-aware and partton-aware protocols wth server s demse predcton have hgh data avalablty. Bt the networks wthot the capablty of predctng the server s demse wll have medm data avalablty. ORP s desgned to be aware of energy, speed, partton, and the demse of the host node. Eqpped wth these attrbtes, ORP sgnfcantly controls the data loss.

12 20 G. Man Fgre 3 omparson of data avalablty (see onlne verson for colors) Table 4 Storage, commncaton, and comptaton cost of detectng clones Schemes Storage ommncaton omptaton XED (Y et al., O(1) O(N) O(1) 2008) SPRT (Ho et al., 2009) TDD (Xng and heng, 2010) SDD (Xng and heng, 2010) O( N ) O(1) O(1) O( N ) O(N) O(θ(t)) O(d) O(N) O(d) LLD, SWAD O(1) O(1) O(1) LLD, SWAD O(c t ) O(1) O(1) (for H) Note: In TDD θ(t) s the nmber of meetngs node makes wth other nodes, n SDD (L, LW) d s the nmber of randomly selected nodes for comparson. Fgre 4 omparson of nmber of moble hosts alve (see onlne verson for colors) Fgre 3 and Fgre 4 show the comparson between ORP as well as weghted easy access-battery (WEA-B) method, expected access (EA) method, weghted easy access (WEA) method, and weghted easy access-hop (WEA-H) method that are developed n Y et al. (2007a). EA method replcates the data tem that s freqently accessed. WEA ncreases the weghted access a mltplcaton of data tems accessed n neghborng nodes as well as ts own of the data tems ths makng the data avalablty to be hgher. WEA-battery s nothng bt a method where each moble host wll dynamcally change the weght of the data tem based on ts remanng battery power. In WEA-H method, the moble host nodes wll conser the length of the path n whch the data wll be roted to the reqester node. Table 5 Performance comparson of exstng schemes wth ORP sng performance metrc model Scheme Data avalablty Replcaton cost DPA (hen et al., 2002) PA DAG-based (Derhab and Badache, 2006) Hgh Medm hgh O(n) l/stable sbgraph WEAB (Y et al., Medm hgh O(n) 2007a) KRP (Zheng et al., Medm hgh O(n) 2005) ORP Very hgh O(k) Sorce: Derhab and Badache (2009) We ran 15 smlatons each for the draton of 10,000 seconds. We randomly slence the nodes to see the effects of ORP. ORP managed to mantan a steady data avalablty from 80% to 90%, whch s 20% to 50% hgher than the schemes sggested n Y et al. (2007a). Snce ORP s an energy-aware protocol, the moble hosts rarely exhast ther batteres. As a reslt, the nodes n the network partton wll be alve for a long tme lsterng Or clsterng arrangement reqres that the nodes only have to commncate wth clster head. So t redces energy dranage from MANET nodes. We nvestgated or schemes performance n NS2 wth random waypont model (Sant, 2012) wth Y et al. s (2007a) energy settngs. We sed 1,000 1,000 m network wth = 200 m and Rmax 100 nodes. Exchange processes n both schemes were set to random. In Fgre 5, we compare the energy consmpton of LLD and SWAD wth the crrent best solton for detectng clone attacks n the network (Xng and heng, 2010). Or smlatons show that TDD and SDD take more energy

13 lone attack detecton and data loss preventon n moble ad hoc networks 21 from MANET devces de to the reqrement to constantly commncate wth ther two-hop neghbors and pdate ther stats. So they de early becase of commncaton and storage overhead. On the contrary, LLD and SWAD ntate the commncaton process between a node and a clster head only when there s a necessty. Hence, the energy consmpton for these algorthms s mch less compared to others. Fgre 5 Nmber of nodes alve n the network wth LLD and SWAD (see onlne verson for colors) n the network. Or analyss ndcates that these schemes can tackle node collsons and detect clones wth hgh accracy. We also proposed ORP a combnatoral dstrbted network desgn to mprove data avalablty and prevent data loss whle redcng the energy consmpton of the moble devces. The secrty and data loss preventon protocols are ncorporated nto a smple yet effcent localexchange protocols. Ths research offers several new drectons for rotng, network formaton, and moble commncaton strateges. In the ftre, we ntend to nvestgate the clster management cost and energy effcent hardware desgns for MANETs n the framework of nternet of thngs (Bar et al., 2013). Acknowledgements We wold lke to thank Prof. Smon Berkovch for hs sggestons and comments on combnatoral balanced block desgns. We also wold lke to thank Prof. Xzhen heng for her advse and comments on clone attack detecton protocols. Fnally, we wold lke to thank Prof. Abdo Yossef, charman of the ompter Scence Department at George Washngton Unversty, for generosly allocatng an offce space and eqpment to condct ths research Overhead analyss Table 4 shows the overhead of ndval algorthms from 2 dfferent schemes. When the area of a clster ( R ) s very small and the node moblty nse the clster s hgh, the commncaton overhead may ncrease, bt the storage and comptaton cost stay the same. To solve ths sse, or scheme gves the freedom of settng the sze (area) of the clster to the servce prover, so that they can adst the area based on ther own reqrements and redce the commncaton overhead. For example, f the servce prover has a hghly moble network, then ncreasng the sze of the clster wold redce the nmber of exectons of the LLD and clster head selecton algorthms, whch wold reslt n low commncaton overhead. 7 onclsons In ths paper, we presented the technqes for preventng data loss and detectng clone attacks n MANETs. Many exstng approaches for clone attack detecton depend on a statc network models or localsed schemes wthot a global vew of the network and nmber of clones n the network. Few other methods prove soltons to these problems bt wth hgh storage or commncaton or comptaton cost. Or LLD and SWAD methods wth LED clsterng address these fndamental dependences and lmtatons wth low overhead. Snce we are sng a one-way hash fncton, the comptaton cost s mch less compared to other schemes and or scheme can be appled to any moblty model. Or methods do not depend on dstrbton or nmber of clones References Atass, A., Sayegh, N., Elha, I., hehab, A. and Kayss, A. (2014) Decentralsed malcos node detenton n WSN, Internatonal Jornal of Space-Based and Stated omptng, Vol. 4, No. 1, pp Bar, N., Man, G. and Berkovch, S. (2013) Internet of thngs as methodologcal concept, 2013 Forth Internatonal onference on omptng for Geospatal Research and Applcaton (OM.Geo), IEEE, pp Brooks, R., Govndara, P.Y., Prrett, M., Vaykrshnan, N. and Kandemr, M.T. (2007) On the detecton of clones n sensor networks sng random key predstrbton, IEEE Transactons on Systems, Man, and ybernetcs, Part : Applcatons and Revews, Vol. 37, No. 6, pp apkn, S. and Hbax, J.P. (2005) Secre postonng of wreless devces wth applcaton to sensor networks, Proceedngs of IEEE ompter and ommncatons Socetes, March, Vol. 3, pp hen, K., Shah, S.H. and Nahrstedt, K. (2002) ross-layer desgn for data accessblty n moble ad hoc networks, Wreless Personal ommncatons, Vol. 21, No. 1, pp ho, H., Zh, S. and La Porta, T.F. (2007) SET: Detectng node clones n sensor networks, Thrd Internatonal onference on Secrty and Prvacy n ommncatons Networks and the Workshops, Secreomm 2007, September, pp Derhab, A. and Badache, N. (2006) Localzed hybr data delvery scheme sng k-hop clsterng algorthm n ad hoc networks, IEEE Internatonal onference on Moble Adhoc and Sensor Systems (MASS), October, pp Derhab, A. and Badache, N. (2009) Data replcaton protocols for moble ad-hoc networks: a srvey and taxonomy, ommncatons Srveys & Ttorals, Vol. 11, No. 2, pp.33 51, IEEE.

14 22 G. Man Eschenaer, L. and Glgor, V.D. (2002) A key-management scheme for dstrbted sensor networks, Proceedngs of the 9th AM onference on ompter and ommncatons Secrty, November, pp Feeney, L.M. and Nlsson, M. (2001) Investgatng the energy consmpton of a wreless network nterface n an ad hoc networkng envronment, n INFOOM 2001, pp Garetto, M., Gaccone, P. and Leonard, E. (2008) apacty scalng of sparse moble ad hoc networks, IEEE 27th onference on ompter ommncatons, INFOOM 2008, Aprl, pp Glgor, V.D. (2007) Handlng New Adversares n Secre Moble Ad-Hoc Networks, Defence Techncal Informaton enter Docments, Maryland Unversty ollege Park, Department of Electrcal and ompter Engneerng. Haas, Z.J. and Lang, B. (1999) Ad-hoc moblty management wth randomzed database grops, IEEE Internatonal onference on ommncatons, Vol. 3, pp Hara, T. (2001) Effectve replca allocaton n ad hoc networks for mprovng data accessblty, INFOOM 2001, Vol. 3, pp Hara, T. and Madra, S.K. (2006) Data replcaton for mprovng data accessblty n ad hoc networks, IEEE Transactons on Moble omptng, Vol. 5, No. 11, pp Ho, J.W., Wrght, M. and Das, S.K. (2009) Fast detecton of replca node attacks n moble sensor networks sng seqental analyss, IEEE INFOOM 2009, pp Hofmann-Wellenhof, B., Lchtenegger, H. and ollns, J. (1993) Global Postonng System. Theory and Practce, pp , Sprnger, Wen (Astra), (USA), ISBN: H, Y.., Perrg, A. and Johnson, D.B. (2002) Wormhole Detecton n Wreless Ad Hoc Networks, Department of ompter Scence, Rce Unversty, Tech. Rep. TR Indra, G. and Tanea, R. (2014) A tme stamp-based ellptc crve cryptosystem for wreless ad-hoc sensor networks, Internatonal Jornal of Space-Based and Stated omptng, Vol. 4, No. 1, pp L, F., heng, X. and hen, D. (2007) Inser attacker detecton n wreless sensor networks, 26th IEEE Internatonal onference on ompter ommncatons, May, pp Man, G. (2013) ORP: An effcent protocol to prevent data loss n moble ad-hoc networks, 27th Internatonal onference on Advanced Informaton Networkng and Applcatons Workshops (WAINA), pp Man, G., Berkovch, S. and Lao, D. (2013) Balanced block desgn archtectre for parallel comptng n moble PUs/GPUs, IEEE Forth Internatonal onference on omptng for Geospatal Research and Applcatons (OM.Geo), pp Martn, D. and Gyennet, H. (2011) Secrty n wreless sensor networks: a srvey of attacks and contermeasres, Internatonal Jornal of Space-Based and Stated omptng, Vol. 1, No. 2, pp Meng, N., Wang, J., Kodama, E. and Takata, T. (2013) Redcng data leakage possblty reslted from eavesdroppng n wreless sensor network, Internatonal Jornal of Space-Based and Stated omptng, Vol. 3, No. 1, pp Perrone, L.F. and Nelson, S.. (2004) A stdy of on-off attack models for wreless ad hoc networks, 1st Workshop on Operator-Asssted (Wreless Mesh) ommnty Networks, pp Sant, P. (2012) The random waypont model, Moblty Models for Next Generaton Wreless Networks: Ad Hoc, Vehclar and Mesh Networks, pp Sawa, Y., Shnohara, M., Kanzak, A., Hara, T. and Nsho, S. (2006) onsstency management among replcas sng a qorm system n ad hoc networks, 7th Internatonal onference on Moble Data Management, May, pp Shaw, D. and Knsner, W. (1997) Mltfractal modellng of rado transmtter transents for classfcaton, Proceedngs of WESANEX, May, pp Song, N., Qan, L. and L, X. (2005) Wormhole attacks detecton n wreless ad hoc networks: a statstcal analyss approach, 19th IEEE Internatonal Parallel and Dstrbted Processng Symposm, Aprl, p.8. Thaeler, A., Dng, M. and heng, X. (2005) TPS: an mproved locaton dscovery scheme for sensor networks wth long-range beacons, Jornal of Parallel and Dstrbted omptng, Vol. 65, No. 2, pp Vallr, A., Grenwald, L. and Hnter, N. (2008) Realm: replcaton of data for a logcal grop based MANET database, Database and Expert Systems Applcatons, Janary, pp , Sprnger. Wang, K.H. and L, B. (2002) Effcent and garanteed servce coverage n parttonable moble ad-hoc networks, n INFOOM 2002, Vol. 2, pp W, Z., Song, H., Jang, S. and X, X. (2007) A gr-based stable rotng algorthm n moble ad hoc networks, Frst Asa Internatonal onference on Modellng & Smlaton, March, pp Xng, K. and heng, X. (2010) From tme doman to space doman: detectng replca attacks n moble ad hoc networks, Proceedngs of INFOOM, March, pp.1 9. Y, J., Yang, S. and ha, H. (2007a) Data replcaton conserng power consmpton n ad hoc networks, Internatonal onference on Moble Data Management, May, pp Y, J., Yang, S. and ha, H. (2007b) Mlt-hop-based Monte arlo localzaton for moble sensor networks, 4th Annal IEEE ommncatons Socety onference on Sensor, Mesh and Ad Hoc ommncatons and Networks, Jne, pp Yons, O. and Fahmy, S. (2004) HEED: a hybr, energy-effcent, dstrbted clsterng approach for ad hoc sensor networks, IEEE Transactons on Moble omptng, Vol. 3, No. 4, pp Y,.M., L,.S. and Ko, S.Y. (2008) Moble sensor network reslent aganst node replcaton attacks, 5th Annal IEEE ommncatons Socety onference on Sensor, Mesh and Ad Hoc ommncatons and Networks, SEON 08, Jne, pp Zheng, J., S, J. and L, X. (2005) A clsterng-based data replcaton algorthm n moble ad hoc networks for mprovng data avalablty, Internatonal onference on Moble Data Management, Sprnger, Berln, Heelberg, pp