8/2/2019 Sac Om 20003

1/39

SUBMITTED BY :-Agrim Saraswat

Dhruv SomaniSourabh Modi

8/2/2019 Sac Om 20003

2/39

Ant colony optimization (ACO), a swarm

intelligence technique takes inspiration from the foraging

behavior of some ant species. These ants deposit pheromoneont he ground in order to mark some favorable path thatshould be followed by other members of the colony. Antcolony optimization exploits a similar mechanism for solvingrouting problem in MANETs.

8/2/2019 Sac Om 20003

3/39

Mobile ad hoc networks (MANETs)Manets are infrastructure-less networks consisting of

wireless mobile nodes which are organized in peer-to-peer and autonomous fashion. Initial work in ad hocrouting using ACO has considered only the problem ofproviding efficient mechanisms for finding paths in verydynamic networks, without considering security. Becauseof this, there are a number of attacks that hinders thesystems normal behavior. In this paper we introduceSACOM framework which incorporates securitymechanisms into routing protocols using ACO for ad hocnetworks. In addition, SACOM is developed for preventingWormhole Attack in the system without using specialized

hardware.

8/2/2019 Sac Om 20003

4/39

A mobile ad-hoc network (MANET) is a collection of nodescapable of movement and connected dynamically in an

arbitrary manner. Nodes of these networks function as

routers which discover and maintain routes to other nodes in

the network. The issue in MANETs is that routing protocolsmust be able to respond rapidly to topological changes in the

network. At the same time the amount of control traffic

generated by the routing protocols must be kept at a

minimum due to the limited available bandwidth through

radio interfaces.

8/2/2019 Sac Om 20003

5/39

Several protocols dealing with the problemsof routing in mobile ad-hoc networks have been developed.These protocols are -(a) Proactive or table driven and(b) Reactive or on demand driven.Proactive routing protocols attempts to maintain

consistent, up-to-date routing information from each node toevery other node all times. Theses protocols require eachnode to maintain on or more tables to store routinginformation and respond to topological changes bypropagating updates through the network. Thus using a

proactive protocol, a node is immediately, able to route ordrop a packet.

8/2/2019 Sac Om 20003

6/39

Hence the primary goal in a mobile network is to efficiently

establish one or more routes between two nodes so that theycan communicate reliably. Such a network is characterized bythe following challenges.

1) The network topology can change dynamically due to therandom movement of nodes.

2) Also any node may leave/join the network and the protocolmust adapt accordingly.

3) Although no guarantee of service can be provided, theprotocol must be able to maximize the reliability of packet inthe network for the given conditions.

8/2/2019 Sac Om 20003

7/39

With these factors in mind, the key parameters toface while designing a routing protocol are:

1) Effective Routing

2) Congestion Avoidance

3) Energy Consumption

4) Load Balancing

8/2/2019 Sac Om 20003

8/39

8/2/2019 Sac Om 20003

9/39

Ant colony optimization (ACO)[1] ACO is a stochastic approach for solving combinatorial

optimization problems like routing in computer networks.The idea of this optimization is based on the observation ofhow ants optimize food gathering in the nature.

[2] A pheromone trail and a heuristic pheromone value is beenused. A folk of ants move on the adjacent paths concurrentlyand asynchronously to find an optimum solution. Each antselects the next hop by making a stochastic decision usingthe existing pheromone trails and heuristic information.

8/2/2019 Sac Om 20003

10/39

[3] The solution is built incrementally as the ants move fromone node to another node. While moving on the path, anant evaluates this solution and deposits pheromone on itsway. This pheromone trail will be used by the future antsto make a routing decision

[4]. Ad-hoc wireless networks are increasing in popularity,

due to the spread of laptops, sensor devices, PDA andother mobile electronic devices. These devices willeventually need to communicate with each other

[5]. In some cases, without an adequate infrastructure to relyon the network must work properly.

8/2/2019 Sac Om 20003

11/39

Securing protocols for mobile ad hocnetworks presents unique challenges due tocharacteristics such as lack of predeployed

infrastructure, centralized policy and control.In this paper, we make a number ofcontributions to the design of secure ad hocrouting protocols.

8/2/2019 Sac Om 20003

12/39

A. Attacks Using Modification1) Redirection by Modified Route Sequence Numbers:

2) Redirection with Modified Hop Counts:

3) Denial-of-service with Modified Source Routes:

4) Tunneling:

8/2/2019 Sac Om 20003

13/39

B. Attacks Using ImpersonationC. Attacks Using Fabrication1) Falsifying Route Errors in AntHocNet:

2) Route Cache Poisoning in AntHocNet:

8/2/2019 Sac Om 20003

14/39

When node S wants to send a packet to node

D, but does not know a route to D, node Sinitiates a route discovery

Source node S floods Route Request (RREQ)

Each node appends own identifierwhenforwarding RREQ

8/2/2019 Sac Om 20003

15/39

B

A

S E

F

H

J

D

C

G

I

K

Z

Y

Represents a node that has received RREQ for D from S

M

N

L

8/2/2019 Sac Om 20003

16/39

B

A

S E

F

H

J

D

C

G

I

K

Represents transmission of RREQ

Z

YBroadcast transmission

M

N

L

[S]

[X,Y] Represents list of identifiers appended to RREQ

8/2/2019 Sac Om 20003

17/39

B

A

S E

F

H

J

D

C

G

I

K

Node H receives packet RREQ from two neighbors:potential for collision

Z

Y

M

N

L

[S,E]

[S,C]

8/2/2019 Sac Om 20003

18/39

B

A

S E

F

H

J

D

C

G

I

K

Node C receives RREQ from G and H, but does not forwardit again, because node C has already forwarded RREQ once

Z

Y

M

N

L

[S,C,G]

[S,E,F]

8/2/2019 Sac Om 20003

19/39

B

A

S E

F

H

J

D

C

G

I

K

Z

Y

M

Nodes J and K both broadcast RREQ to node D

Since nodes J and K are hidden from each other, their

transmissions may collide

N

L

[S,C,G,K]

[S,E,F,J]

8/2/2019 Sac Om 20003

20/39

B

A

S E

F

H

J

D

C

G

I

K

Z

Y

Node D does not forward RREQ, because node Dis the intended targetof the route discovery

M

N

L

[S,E,F,J,M]

8/2/2019 Sac Om 20003

21/39

Destination D on receiving the first RREQ,

sends a Route Reply (RREP)

RREP is sent on a route obtained by reversingthe route appended to received RREQ

RREP includes the route from S to D on whichRREQ was received by node D

8/2/2019 Sac Om 20003

22/39

B

A

S E

F

H

J

D

C

G

I

K

Z

Y

M

N

L

RREP [S,E,F,J,D]

Represents RREP control message

8/2/2019 Sac Om 20003

23/39

Node S on receiving RREP, caches the route

included in the RREP

When node S sends a data packet to D, theentire route is included in the packet header hence the name source routing

Intermediate nodes use the source routeincluded in a packet to determine to whom apacket should be forwarded

8/2/2019 Sac Om 20003

24/39

B

A

S E

F

H

J

D

C

G

I

K

Z

Y

M

N

L

DATA [S,E,F,J,D]

Packet header size grows with route length

8/2/2019 Sac Om 20003

25/39

Route Maintenance

Certification of Authorized Nodes

Authenticated Route DiscoveryForward Ant

Authenticated Route SetupBackward Ant

8/2/2019 Sac Om 20003

26/39

On demand protocol

Uses certified HELLO packet.

If node recieves HELLO,new node added.

Excepts HELLO from nth every

A message broadcasted by A to its neighbor

8/2/2019 Sac Om 20003

27/39

1) SACOM uses cryptographic certificates tobring authentication

2) SACOM requires the use of a trustedcertificate server CSer,whose public key isknown to all valid nodes.

3) Nodes use these certificates toauthenticate themselves to other nodes

during the exchange of routing messages 4) keys are a priori generated and exchanged

8/2/2019 Sac Om 20003

28/39

5) Before entering the ad hoc network, eachnode must request a certificate from CSer.

6) A node A receives a certificate from CSeras follows:

8/2/2019 Sac Om 20003

29/39

8/2/2019 Sac Om 20003

30/39

1) Goal of end-to-end authentication is forthe source to verify that the intendeddestination was reached

2) The source node A, begins route in

stantiation to destination X by broadcastingthe Forward Ant to its neighbors:

8/2/2019 Sac Om 20003

31/39

3) Ant includes- Ant identifier (FA)

The IP address of the destination ( IP)

A's certificate(CT) Sequence number S

4) Purpose of the S is to uniquely identify anFA coming from a source.

5)Each time A performs route discovery, itmonotonically increases the S.

8/2/2019 Sac Om 20003

32/39

6) When a node receives an FA, it sets up areverse path back to the source by recordingthe neighbor from which it received the ant.

7) The receiving node uses A's public key,

which it extracts from A's certificate, tovalidate the signature and verify that A'scertificate has not expired.

8) Let H be a neighbor that has receive fromAthe forward ant, which it subsequentlyforwarded.

8/2/2019 Sac Om 20003

33/39

9) Upon receiving the forward ant, H'sneighbor R validates the signatures for bothA, the FA, and H.

10) the neighbor it received the forward ant

from, using the certificates in the forward ant

11) R then removes H's certificate andsignature, records H as its predecessor, signsthe contents of the message originallybroadcast by A and appends its owncertificate.

8/2/2019 Sac Om 20003

34/39

1) After receiving the forward ant, the destinationunicasts a Backward Ant packet back along thereverse path to th source

2) Let the first node that receives the BackwardAnt sentby X be node M

3) The Backward Ant includes-

A packet type identifier(BA)

IP address of A( IP)

Certificate belonging to X (CT)

The sequence number S sent by A

8/2/2019 Sac Om 20003

35/39

4) Nodes that receive the Backward antforwards the packet back to the predecessorfrom which they received the original Forwardant.

5) Each node along the reverse path back tothe source signs the Backward Ant andappends its own certificate before forwardingthe Backward Ant to the next hop

6) Let M's next hop to the source be node L

8/2/2019 Sac Om 20003

36/39

7) L validates M's signature on the receivedmessage.

8) Removes the signature and certificate, thensigns the contents of the message

9)Also appends its own certificate beforeunicasting the REP to the next node.

10) Each node checks the sequence number

and signature of the previous hop as the REPis returned to the source

8/2/2019 Sac Om 20003

37/39

11) This avoids attacks where maliciousnodes instantiate routes by impersonationand re-play of X's message

12) When the source receives the backward

ant, it verifies the destinations signature andthe sequence number returned by thedestination.

8/2/2019 Sac Om 20003

38/39

THANK YOU !!!!

8/2/2019 Sac Om 20003

39/39

Queries Invited.!!!!!!