Secure and Dynamic IP Address Configuration Scheme in MANET

Similar documents
A UBIQUITOUS PROTOCOL FOR ADDRESS DYNAMICALLY AUTO CONFIGURATION FOR MOBILE AD HOC NETWORKS

A Comparison Study of Address Autoconfiguration Schemes for Mobile Ad hoc Network

Hosts Address Auto Configuration for Mobile Ad Hoc Networks

Research on the Implementation of VoIP Service. in Mobile Ad-hoc Network

IP ADDRESS ASSIGNMENT IN A MOBILE AD HOC NETWORK

New Approach for Address Auto-Configuration in MANET Based on Virtual Address Space Mapping (VASM)

Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification

Abstract. In a wired network, layer three address assignment is a task that is mostly performed by

A Distributed Protocol for Dynamic Address. Assignment in Mobile Ad Hoc Networks

A Comparison Study of Qos Using Different Routing Algorithms In Mobile Ad Hoc Networks

A Study of Dynamic Addressing Techniques in Mobile Ad hoc Networks


DESIGN AND DEVELOPMENT OF LOAD SHARING MULTIPATH ROUTING PROTCOL FOR MOBILE AD HOC NETWORKS

Anonymous Communication in Peer-to-Peer Networks for Providing more Privacy and Security

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

An Overview of ZigBee Networks

Autoconfiguration and maintenance of the IP address in ad-hoc mobile networks

Secured Data Transmissions In Manet Using Neighbor Position Verfication Protocol

Result Analysis of Virtual IP Address Configuration Protocol

Adapting Distributed Hash Tables for Mobile Ad Hoc Networks

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Lecture 2.1 : The Distributed Bellman-Ford Algorithm. Lecture 2.2 : The Destination Sequenced Distance Vector (DSDV) protocol

RAA: A Ring-Based Address Autoconfiguration Protocol in Mobile Ad Hoc Networks

Swarm Intelligence and Network Administration: Applications in Ad Hoc Wireless Auto-Configuration

Transport layer issues in ad hoc wireless networks Dmitrij Lagutin,

Securing MANET Using Diffie Hellman Digital Signature Scheme

Student, Haryana Engineering College, Haryana, India 2 H.O.D (CSE), Haryana Engineering College, Haryana, India

SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET

TOPOLOGIES NETWORK SECURITY SERVICES

Secure Unicast Position-based Routing Protocols for Ad-Hoc Networks

LIST OF FIGURES. Figure No. Caption Page No.

Behavior Analysis of TCP Traffic in Mobile Ad Hoc Network using Reactive Routing Protocols

Study And Comparison Of Mobile Ad-Hoc Networks Using Ant Colony Optimization

A Catechistic Method for Traffic Pattern Discovery in MANET

Proposition of a new approach to adapt SIP protocol to Ad hoc Networks

SANE: A Protection Architecture For Enterprise Networks

A PKI over Ant Colony based Routing Algorithms for MANETs AntPKI

SJBIT, Bangalore, KARNATAKA

Suganya D. Computer Science and Engineering, Anna University SMK FOMRA Institute of Technology, Chennai, India

5. Security in the IPN

Unit 3 - Advanced Internet Architectures

To Study the Various Attacks and Protocols in MANET

DSR: The Dynamic Source Routing Protocol for Multi-Hop Wireless Ad Hoc Networks

A NOVEL RESOURCE EFFICIENT DMMS APPROACH

Cross Layer TCP Congestion Control Load Balancing Technique in MANET

An Implementation of Secure Wireless Network for Avoiding Black hole Attack

SECURE SIGNATURE BASED CEDAR ROUTING IN MOBILE ADHOC NETWORKS

An Energy Efficient Location Service for Mobile Ad Hoc Networks

PERFORMANCE ANALYSIS OF AD-HOC ON DEMAND DISTANCE VECTOR FOR MOBILE AD- HOC NETWORK

A networking framework for spontaneous interactions in MANETs

PERFORMANCE STUDY AND SIMULATION OF AN ANYCAST PROTOCOL FOR WIRELESS MOBILE AD HOC NETWORKS

A SECURE DATA TRANSMISSION FOR CLUSTER- BASED WIRELESS SENSOR NETWORKS IS INTRODUCED

Security Threats in Mobile Ad Hoc Networks

Security issues in Address Autoconfiguration Protocols: An improved version of the Optimized Dynamic Address Configuration Protocol

OSPF Version 2 (RFC 2328) Describes Autonomous Systems (AS) topology. Propagated by flooding: Link State Advertisements (LSAs).

About the Authors Preface Acknowledgements List of Acronyms

Survey on Load balancing protocols in MANET S (mobile ad-hoc networks)

Study of Different Types of Attacks on Multicast in Mobile Ad Hoc Networks

CHAPTER 6 SECURE PACKET TRANSMISSION IN WIRELESS SENSOR NETWORKS USING DYNAMIC ROUTING TECHNIQUES

Special Properties of Ad-hoc Wireless Network and Security Models

Wireless Network Security Spring 2014

Security and Privacy Issues in Wireless Ad Hoc, Mesh, and Sensor Networks

A Secure Intrusion Avoidance System Using Hybrid Cryptography

III. Our Proposal ASOP ROUTING ALGORITHM. A.Position Management

Client Server Registration Protocol

CROSS LAYER BASED MULTIPATH ROUTING FOR LOAD BALANCING

LOAD BALANCING AND EFFICIENT CLUSTERING FOR IMPROVING NETWORK PERFORMANCE IN AD-HOC NETWORKS

Service Discovery for Delay Tolerant Networks

Tema 5.- Seguridad. Problemas Soluciones

WIRELESS networks that are widely deployed for commercial

Department of Computer Science Institute for System Architecture, Chair for Computer Networks. File Sharing

Integrating Heterogeneous Wireless Technologies: A Cellular Aided Mobile Ad hoc Network (CAMA)

COMPARATIVE ANALYSIS OF ON -DEMAND MOBILE AD-HOC NETWORK

Anomaly Intrusion Detection System in Wireless Sensor Networks: Security Threats and Existing Approaches

Formal Measure of the Effect of MANET size over the Performance of Various Routing Protocols

Security in Ad Hoc Network

8 Conclusion and Future Work

Entropy-Based Collaborative Detection of DDoS Attacks on Community Networks

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

DYNAMIC MULTIPOINT VPN HUB AND SPOKE INTRODUCTION

Peer-to-peer Cooperative Backup System

Accelerating Service Discovery in Ad-hoc Zero Configuration Networking

Security for Ubiquitous and Adhoc Networks

Experimental Comparison of Routing and Middleware Solutions for Mobile Ad Hoc Networks: Legacy vs Cross-Layer Approach

Transport and Network Layer

Figure 1. The Example of ZigBee AODV Algorithm

Threats and Security Analysis for Enhanced Secure Neighbor Discovery Protocol (SEND) of IPv6 NDP Security

Enhanced routing performance and overhead in Mobile Ad-hoc network for big data Transmission in Telemedicine using computer communication network

Security for Ad Hoc Networks. Hang Zhao

Attacks Against Peer-to-peer Networks and Countermeasures

Routing Protocols Security in Ah Hoc Networks

Wireless Mesh Networks under FreeBSD

Performance Analysis of Load Balancing in MANET using On-demand Multipath Routing Protocol

Implementing RSA Algorithm in MANET and Comparison with RSA Digital Signature Spinder Kaur 1, Harpreet Kaur 2

Securing Internet Gateway Discovery Protocol in Ubiquitous Wireless Internet Access Networks

Optimization of AODV routing protocol in mobile ad-hoc network by introducing features of the protocol LBAR

Objectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops

Routing Protocols OSPF CHAPTER. The following topics describe supported routing protocols. Topics include OSPF, page 9-1 IS-IS Protocol, page 9-3

Transcription:

Secure and Dynamic IP Address Configuration Scheme in MANET Poulami Choudhury, Koushik Majumder and Debashis De Abstract Mobile ad hoc network (MANET) is an infrastructure-less network having dynamic topology and volatile nodes connected by wireless communication. Secure communication in MANET demands unique IP address assignment to ensure proper routing of packets. It is challenging for a decentralized network to have dynamic and unique IP addressing scheme. In this paper, we focus on the difficulties of secure message passing and assigning unique IP addresses to new nodes willing to join in MANET. The message passing is authenticated using both symmetric and asymmetric keys, and arrival conflict is diminished by time stamp. Each node being a proxy server can allocate unique IP address to new node. Each node maintains a unique tuple of own IP address, node ID, and MANET ID for efficient network merging and partitioning. This scheme offers a secure and efficient mechanism of configuring a MANET. Keywords Mobile ad hoc network IP address Routing IP address configuration Proxy server Symmetric and asymmetric key 1 Introduction MANET has very vibrant characteristics which demand unique identification of each node in network for source destination communication. There is a manual configuration scheme for configuring IP addresses in an ad hoc network. It is well P. Choudhury (&) K. Majumder D. De Department of Computer Science and Engineering, West Bengal University of Technology, Kolkata, India e-mail: poulami.me.13@gmail.com K. Majumder e-mail: koushik@ieee.org D. De e-mail: dr.debashis.de@gmail.com Ó Springer India 2015 L.C. Jain et al. (eds.), Intelligent Computing, Communication and Devices, Advances in Intelligent Systems and Computing 309, DOI 10.1007/978-81-322-2009-1_2 17

18 P. Choudhury et al. fitted in small-scale network but not for large network. Centralized server-based and fixed infrastructure network has a secure authenticated dynamic host configuration protocol (DHCP) server. As MANET is dynamic, the network might get partitioned at some times and might also merge. Therefore, manual configuration may lead to conflict of address. Centralized server DHCP cannot be used in a distributed network like MANET. For assigning an IP address, a standard IP addressing protocol should have the following objectives: dynamic IP address configuration, uniqueness, robustness, scalability, security, and adaptivity. The rest of the paper is organized as follows: A brief note on the related research work in this area is given in Sect. 2. In Sect. 3, the proposed scheme is explained in detail. In Sect. 4, conclusions are presented. 2 Related Work Review Address configuration schemes for MANET can be classified into three categories: neighbor-based schemes, decentralized schemes, and centralized schemes. The centralized scheme or leader-based allocations are DHCP, agent, or initiator-based allocation schemes. Most of the existing address allocation algorithms for a MANET use duplicate address detection (DAD) mechanism [1, 2] to resolve address conflict in the network. In neighbor-based schemes, a new node is configured by a neighbor node, so it does not suffer from network-wide flood or centralized control. In [3], a root node is also responsible for address reclamation and network merging. Therefore, if a root node fails, then the address configuration system may collapse. Ghosh et al. [4] proposed an ID-based address configuration scheme. The scheme assumes that in the initial state, the first new node in a MANET sets its address as 0. If more than one new node joins a MANET at the same time, then address conflict can occur. In this paper, both the authentication and uniqueness are taken as a matter of concern for IP address allocation in distributed and dynamic MANET network. 3 Proposed Work In this paper, we propose a secure and dynamic IP address configuration scheme. It is authenticated mutually, and uniqueness is guaranteed by using ID. We have given an improved solution to the problems that may arise due to host failures, message losses, mobility of the hosts, and network partitioning/merging. Unique address allocation scheme: Our proposed address allocation algorithm has two parts: (a) for the new node (N n )(Algorithm 1) and (b) for the proxy that assigns IP address (Algorithm 2). A new node at first generates its public key using its hardware address and private keys using a random function and one-time session key. Then, it sends the

Secure and Dynamic IP Address Configuration 19 Discover message to 1 hop broadcast nodes. And a DiscTimer () is set on. If the DiscTimer expires and no existing nodes are present in MANET, then no Choice (CHOICE) message is received. In cases when such CHOICE message is not received or if the variable counter is greater than the threshold (value 2), then the new node calls self_configure (). This function sets the IP address of the node to 169.y.0.1 (for class B) and generates Node_id and MID using random function. On the other hand, if it receives multiple CHOICE messages with Priority (Pr p ) meant for generating IP address for child, then the highest priority proxy node is chosen by the new node. The priority is set depending on the available IP address in proxy recycle list and its father s recycle list. New node then sends request message REQ to that selected highest priority proxy node along with time stamp. This REQ message is encrypted using both symmetric key cryptography and asymmetric key cryptography. After receiving REQ message from proxy node, it will send a Reply (REP) message with unique IP address to the node N n (Table 1). Next, the N n node generates its node ID using hash function on allocated IP address and public key and sets the MANET ID from father node. After that, the SELECT message is sent to the selected proxy node, and the REQTimer () is set off and acknowledgment timer (acktimer ()) is set on (Table 2). After receiving Select message from new node, the proxy n node sends an acknowledgment message along with the next IP value. And simultaneously, it broadcasts NextIP value to the nodes with same x.y.j.* (siblings). After getting the acknowledgment message from the selected proxy node, the new node is considered to be fully configured. Algorithm 3 shows the steps for generating new unique IP address from IP address of Proxy, if available. Here, the range of IP address that the root proxy (169.y.0.1) can assign is from 169.y.1.1 to 169.y.254.1, and the range of IP address that other proxy can assign is from (i) 2 to 254 for each 169.y.j. as the NextIP (i) is broadcasted to the other nodes after each time of increase in NextIP (i). So there is no limitation for any proxy node to generate next IP. Proxy nodes have no limited range of IP addresses. This scheme requires synchronization between all the nodes in MANET. So the update of NextIP should be taken place consistently (Table 3). Authentication scheme: Here, in combination of symmetric key cryptography and asymmetric key cryptography, the sender encrypts the message with the symmetric key (one-time symmetric key (K s )) algorithm and transfers encrypted message and K s. Sender also encrypts K s with receiver s public key. This process is called key wrapping. Now, sender puts both the encrypted message and symmetric key together in digital envelop and sends the digital envelop to the receiver. Receiver receives, and after opening, the digital envelop uses the same asymmetric key algorithm as was used by sender and own private key to decrypt the logical box that contains the one-time symmetric key (K s ). Finally, receiver applies the same symmetric key algorithm as was used by sender and symmetric key (K s )to decrypt the encrypted message. Each Request message has the priority, and the priorities of any two Request messages are compared according to the following algorithm: If the time stamp in one Request message T n is earlier than the one in another Request message T n 0, then T n has higher priority than T n 0.

20 P. Choudhury et al. Table 1 Algorithm 1: IP address allocation for new node N n 1. begin 2. Set threshold 2; begin true;config false;counter 1; 3. Generate PublicKey K n1;privatekey K n2;symkey K s; // public key is the har d- ware address of the node 4. if begin = = true and counter threshold then 5. DISC = {my_hw_add, K n1} and Send to 1 hop broadcast; 6. Start DiscTimer( ); 7. begin false; 8. else 9. self_configure ( ); //first node in MANET selfconfigure its IP address with X.Y.0.1(class B) 10. Config = true; 11. end 12. if more than one (SignP, CHOICE (Pr p, PrIP, K p1)) then 13. Set all the Pr p in a queue in descending order; 14. Select highest probability proxy from queue; 15. Generate SignN= (CHOICE( ), K n2); 16. if (SignP = = SignN) then 17. Generate SignN(REQ, K s); 18. Generate K wrap (K s, K p1 ); //One time Keywrap 19. Send (K wrap, SignN, T n) message to the proxy node with highest probability; //T nis the time stamp of new node 20. Start ReqTimer( ); 21. else 22. Select next highest probability proxy node from queue; 23. goto step 15; 24. end 25. if (REP+SignP+(T n+1)) message from proxy node then 26. Select OfferIP from REP message and check the TimeStamp (T n +1) nearest higher to its own TimeStamp; 27. Generate node_id T = H(Pr_IP, K p1 ); 28. Generate SignN(REP, K p1); 29. if SignN = = SignP and node_id T = = node_id P then 30. Generate node_id N =H(OfferIP, K n1); // create node id using allocated IP address and public key 31. Set MID n = MID p; 32. Generate SignN (SELECT(node_id N), K p1); 33. Send (SELECT(node_id N) + SignN) message to selected proxy; 34. Stop REQTimer( ); 35. Start acktimer( ); 36. else 37. Select next highest probability proxy node from queue; 38. goto step 15; 39. end 40. if (ACK + SignP ) is received from selected proxy then 41. Generate node_id T = H(IP,KPP ); 42. Generate SignG(K P1, ACK); 43. if SigG = = SigP and node_id T = = node_id P then 44. stop acktimer; 45. Config = true; 46. end 47. if timeout(disctimer) then 48. begin true; counter counter +1; 49. if timeout(reqtimer) then 50. begin true; counter counter +1; 51. if timeout(acktimer) then 52. begin true; counter counter +1; Departure of a node from MANET: A node in a MANET makes a request for graceful departure to its father node, and the father node allows the node to DEPART and update its recycle list by making the leaving IP address reusable. Dynamic topology, weaker wireless connection, and mobility of devices cause a node to be out of the radio range of MANET. Most of the time a node does graceless departure, which causes shortage of IP address. But by using HELLO message (message of AODV routing protocol) broadcast, a node gets the

Secure and Dynamic IP Address Configuration 21 Table 2 Algorithm 2: IP address allocation for existing proxy node 1. Begin 2. Set proxy_pub_key K p1; proxy_pri_key K p2; 3. if DISC( ) message is received from N n then 4. Set Prob_IP_alloc Pr p; 5. Generate SignP(CHOICE (Pr p, PrIP, K p1), K n1); 6. Send (CHOICE, SignP) message to the new node; 7. end 8. if (K wrap, SignN, T n) message is received from node N nthen 9. Decrypt K wrap using K p2 and get K s; //asymmetric key cryptography decryption 10. Generate SignP(REQ, K s); 11. if SignP = = SignN and T nis closest timestamp then 12. if free IP address is available in the RecycleList then 13. OfferIP = minimum IP from RecycleList; 14. Generate SignP (REP(OfferIP, config_parameters), K n1 ); 15. Send (REP+SignP+(T n+1)) message to N n; 16. else if node is able to generate new IP then 17. OfferIP = generate_ip(my_ip ); // unique IP address generation from own IP address 18. Generate SignP(REP(OfferIP, config_parameters), K n1 ); 19. Send (REP+SignP+(T n+1)) message to N n; 20. else 21. Send the REQ_F message to Father node encrypted by pub_key of Father; 22.end 23. if (REP_F(OfferIP)+SignF) message is received from father then 24. Generate node_id T= Hash(F_IP, K F1); 25. Generate SignP using REP_F(OfferIP) and public key of Father; 26. if SignP = = SignF and node_id T= = node_id Fthen 27. Generate SignP(REP(OfferIP, config_parameters), K n1 ); 28. Send (REP+SignP+(T n+1)) message to N n; 29. else 30. Generate SignP (REFUSE, K n1); 31. Send (REFUSE + SignP) message to N n; 32. end 33. else 34. Drop the (REQ, SignN, T n) message; 35. end 36. if (SELECT(node_id N) + SignN) is received from N n then 37. Generate SignG(K n1, SELECT(node_id N)); 38. Generate node_id T = H(offerIP, K n1); 39. if SignG = = SignN and node_id T = = node_id N then 40. Generate SignP (K P2,ACK); 41. Send (ACK + SignP ) message to N n; 42. Send (NextIP + SignP) to other nodes having the same x.y.j values; 43. else // unauthenticated node 44. Drop the (SELECT(node_idN) + SigN) message; 45. exit; Table 3 Algorithm 3: unique IP address generation for new node N n. generate_ip(my_ip) 1. begin 2. get my_ip x.y.j.i; Set static count 1; 3. Static J 0; Static Y 0; Static NextIP = 2; 4. if y= =0 and j= =0 then 5. J=J+1; 6. if J 254 then 7. return NEWIP x.y.j.i; 8. end 9. else if y= =0 and j!= 0 then 10. Y=Y+1; 11. if Y 254 then 12. return NEWIP x.y.j.i; 13. end 14. else if y!= 0 and j= =0 then 15. J=J+1; 16. if J 254 then 17. return NEWIP x.y.j.i; 18. end 19. else if y!= 0 and j!= 0 then 20. i=nextip; 21. NextIP++; 22. if i 254 then 23. return NEWIP x.y.j.i; 24. else 25. IP address is not available; 26. end

22 P. Choudhury et al. Table 4 Algorithm 4: partition handler 1. begin 2. Set my_ip x.y.j.i; 3. Set my_nid node_id x; 4. Set my_mid MID x; 5. if HELLO( ) message is received from other partition with MID ythen 6. if MID x<mid ythen 7. if (number of neighbor of node (child node) with MID x)<(number of neighbor of node (child node) with MID y)then 8. config = false; 9. call the address allocation algorithm as the new node N n 10. else 11. Set my_mid MID y; 12. else 13. Set my_mid generate new MID x which is greater than MID x; end information of the IP of the left node (i.e., when REPLY to the HELLO message is not received from any node that reflects that the node has left the MANET). Partition and merging in MANET: Graceless/graceful departure or mobility of MANET leads to network partitioning. So, it generates another MID for it and broadcasts to the neighbors in the new range and make a new MANET network but with same IP address. Each node in MANET is uniquely identified by a tuple which consists of (IP address, Node_id, MID). Then, the MID is checked, and if it is different, then partition handler (Algorithm 4) algorithm is followed. Let a MANET with MID x gets a HELLO () message from the other partition having MID y. If the MID x is lesser than the value of MID y, then the number of nodes in each MANET is compared. The MANET having lesser number of existing nodes will configure the nodes in it using address allocation algorithm or else set the MID with greater value (Table 4). 4 Conclusion In our scheme, each node acts as proxy node capable of allocating and generating unique IP for a new node. So the DAD is not required. The calculation cost and overhead of each node are decreased as the highest priority proxy node only sends the unique IP address to the new node. By applying time stamp, arrival conflict is diminished. Every mobile node in MANET should maintain a table of IP address, status of IP address (allocated, free, father), and public key of allocated node in a MANET. This table increases the accessibility of MANET as each node is aware of state of the MANET nodes. This is indeed a low-cost addressing scheme and authenticated too. The security threats are avoided by the proposed authentication scheme. The authenticated node can only get the IP address while joining the network.

Secure and Dynamic IP Address Configuration 23 References 1. Vaidya, N.H.: Weak duplicate address detection in Mobile Ad Hoc Networks. In: Proc. ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc02), pp. 206 216 (2002) 2. Weniger, K.: Passive duplicate address detection in Mobile Ad Hoc Networks. In: WCNC, (Florence, Italy) (2003) 3. Al-Mistarihi, M., Al-Shurman, M., Qudimat, A.: Tree based dynamic address auto configuration in mobile ad hoc networks. In: Elsevier, Computer Networks, vol. 55, pp. 1894 1908 (2011) 4. Ghosh, U., Datta, R.: A secure dynamic IP configuration scheme for mobile ad hoc networks, Ad Hoc Networks. In: Elsevier Journal Published, vol. 9(7), pp. 1327 1342 (2011)

http://www.springer.com/978-81-322-2008-4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information