DETECTION OF PACKET FORWARDING MISBEHAVIOR IN WIRELESS NETWORK

Transcription

1 DETECTION OF PACKET FORWARDING MISBEHAVIOR IN WIRELESS NETWORK 1 N.Karthikeyan 2 Dr.M.Ravindran 1 Research Scholar, Bharathiar University, Coimbatore Associate Professor, Department of Computer Science, Government Arts College, Madurai. Abstract Wireless networks are susceptible to having their effective operation compromised by a variety of security attacks. Nodes may misbehave either because they are malicious and deliberately wish to disrupt the network, or because they are selfish and wish to conserve their own limited resources such as power, or for other reasons. The wireless nature and inherent features of mobile ad hoc networks makes them vulnerable to a wide variety of attacks by misbehaving nodes. Such attacks range from passive eavesdropping, where a node tries to obtain unauthorized access to data destined for another node, to active interference where malicious nodes hinder network performance by not obeying globally acceptable rules. For instance, a node can behave maliciously by not forwarding packets on behalf of other peer nodes. This paper presents a mechanism that enables the detection of nodes that exhibit packet forwarding misbehavior. Keywords: Misbehavior detection, Packet forwarding, Routing misbehavior. I. INTRODUCTION In a wireless ad hoc network, all individual nodes has to cooperate with each other during packet forwarding primarily due to their limited transmission range and the lack of physical network infrastructure. Wireless ad-hoc network provides the flexibility and scalability where the nodes are not confined to geographical restriction and are able to join or leave the network freely and randomly. Therefore, wireless ad hoc network has been widely deployed in military, scientific research, mission-critical operation and civilian application. Despite having such benefits, wireless ad hoc network is notorious for poor administration as the wireless transmission is vulnerable to security attack. Contrary to the conventional wireless network, wireless ad hoc network does not have an absolute control over the nodes behavior as they are owned by multiple authorities. As a result, legitimate packets may be dropped purposely by misbehaved nodes and might disrupt the network if not taken seriously. The wireless nature and inherent features of mobile ad hoc networks makes them vulnerable to a wide variety of attacks by misbehaving nodes. Such attacks range from passive eavesdropping, where a node tries to obtain unauthorized access to data destined for another node, to active interference where malicious nodes hinder network performance by not obeying globally acceptable rules. For instance, a node can behave maliciously by not forwarding packets on behalf of other peer nodes. However, when a node exhibits malicious behavior it is not always because it intends to do so. A node may also misbehave because it is overloaded, broken, compromised or congested in addition to intentionally being selfish or malicious. Misbehavior can be divided into two categories: 1350

2 routing misbehavior (failure to behave in accordance with a routing protocol) and packet forwarding misbehavior (failure to correctly forward data packets in accordance with a data transfer protocol). This paper focuses on the packet forwarding misbehavior. Our approach consists of an algorithm that enables packet forwarding misbehavior detection. Our scheme detects misbehaving nodes (whether selfish, malicious or otherwise) capable of launching two known attacks: the simplest of them is the black hole attack. In this attack a misbehaving node drops all the packets that it receives instead of normally forwarding them. A variation on this is a gray hole attack in which nodes either drop packets selectively (e.g. Dropping all UDP packets while forwarding TCP packets) or drop packets in a statistical manner (e.g. dropping 50% of the packets or dropping them with a probabilistic distribution). Both types of gray hole attacks seek to disrupt the network without being detected by the security measures in place. II. RELATED WORK Felegyhazi et al. [1] presents a game theoretic model to analyze the cooperation in both dynamic and static scenarios. The simulation result shows that cooperation solely based on the self-interests of the nodes couldn't be realized in practical and an incentive mechanism is needed. In SORI [2] all nodes maintain a confidence level table for them to exchange information with each other and penalize the bad reputation selfish node. They use one-way hashing to ensure the selfish node couldn't impersonate other nodes in improving its own reputation. However, a malicious node can always fake the information and keep condemning other innocent nodes and eventually causing a chaos in the network. SMDP [3] is a session-based detection protocol and it use the principle of data flow conversation where the data flow in and flow out from a node should always be equal. At the end of each data session, all the nodes along the path will send the total packet they received to the previous hop and the total packet they transmitted to the next hop. After gathering all these transmission reports, all the nodes will rebroadcast the sum of the packets to the surrounding nodes. A node will be suspected if the total transmission is much different from the total reception. Digital signature has been used to ensure no one can fake the integrity of the report. However, the source can defame the next forwarder by reporting an incorrect number of total transmitted packets. The Secure Routing Protocol (SRP) [4] and Authenticated Routing for Ad hoc Networks (ARAN) [5] assume the existence of a priori relationships in a network: in the case of SRP between the two communicating nodes, and for ARAN between each node in the network and a certificate server. Both protocols perform an endto-end authentication and intermediate nodes are not allowed to reply to route requests even if they know a route to the destination. However, a priori relationships in MANETs may not exist. These approaches secure the path discovery and establishment functionality of routing protocols and our approach complements them by securing the data forwarding functionality. The routing protocol proposed in [6] offers resilience to disruption or degradation of the routing service by an algorithm that allows the detection of a malicious link after log n faults have occurred on a path, where n is the hop length of the path. In [7] each node is able to detect signs of intrusion locally and neighboring nodes collaborate to further investigate malicious behavior. In both these approaches a node uses its own data to 1351

3 identify another node as an intruder. In contrast, in our approach a node detects anomalies in packet forwarding based on data acquired by other nodes in the network as well as on its own data, thus potentially obtaining a more balanced evaluation of a node s behavior. III. SYSTEM MODEL 3.1. Assumptions and Terminologies We assume the wireless ad hoc network is well established and all the nodes interested to communicate with the base station for some reason e.g., Internet access. Since most of the packets owing upward to the base station, we can assume it resembles some type of hierarchical network. In addition, the central authority can be trusted absolutely and it has no incentive to misbehave. The base station is the central authority of the network and it has good knowledge of the topology of the network. Besides, we assume all the missing packets are mainly caused by the misbehavior of the nodes. Misbehaved node and misbehaver are used interchangeably to refer to the node who does not forward packet properly and/or posses a bad intention in defaming other innocent nodes by exploiting the existing protocol. nodes are spiteful nodes with intention to degrade the network performance by defaming other innocent nodes. We name this type of attack as reputation attack. IV. DESIGN CONSIDERATION Most of the detection mechanisms fail to serve the primary purpose due to their improper penalization method and the ambiguous accusation. For simple illustration, 16 nodes are deployed in grid and all the nodes in the network send data packet to the base station (node a) periodically (see Figure-1). The links in the network represents the connectivity of the nodes. Node k is a misbehaved node that drops node p's legitimate packets. In this case, only node l, o and p are able to detect node k's misbehavior (by using promiscuous listening) and they will penalize node k by dropping its packet in return. However, their penalization is useless as node k relies its upstream nodes (node j, f, and g) to forward its data packets to node a. For convenience, we name this issue as improper penalization as the penalization is not executed by all the surrounding nodes of the misbehaved node Attack Model We consider the packet losses are mainly due to the misbehaved nodes in network. Thus, we further classify misbehaved nodes as the selfish nodes and the malicious nodes. Selfish nodes always consider about their own benefits only and refuse to forward legitimate packets from others. Normally, we term this kind of misbehavior as packet drop attack. Malicious Figure 1: Simple 16 nodes in a Grid 1352

4 Another similar issue is the ambiguousness of the accusation where a node is unsure about the truthfulness of the accusation report sent by a neighbouring node. The accusation may be sent by a malicious node who intends to disgrace other innocent node(s). Assuming node l is penalizing node k as it is dropping node p packet. Node k can revenge back by telling node g and h that node l is a misbehaved node. In this case, node l hardly can defend for itself as node g and h are not aware of the node k misbehavior at downstream. penalization period over. Our proposed approach has overcome the issues mentioned above in the sense that the accusation of the victim is taken as the reference whereas the final conviction is based on the feedback of the random appointed investigation agents. Hence, the probability of the reputation attack is kept to a very low degree. Moreover, only the central authority can issue the blacklist table for all the nodes to execute the penalization together and thus the detected misbehaver(s) will be recognized and isolated at network-wide. V. DETECTION AND ACCUSATION Firstly, the victim node accuses a misbehaved node by sending a secret accusation report to the base station through a steady route and subsequently the base station will assign a set of random k agents which are the neighbouring node of the accused node (except the accuser itself) to investigate the accusation. These agents investigate the suspected nodes by sending dummy packet with the accuser identity such that the suspected node could not aware of the investigation process. Then, these investigation agents will observe the response of the suspected node and send back the result to the base station for further action secretly. The base station will gather sufficient feedbacks and the conviction is based on the majority vote. Once the misbehaved node is convicted, its identity will be included in the base station blacklist table and sent to all the nodes in the network. VI. RESULTS AND DISCUSSION Consider 50 static nodes sending data in a network of size 1000 x 1000 meter. We assume all the dropped packets are mainly caused by the misbehaved nodes instead of the link error. The shortest path algorithm was used to search for the next route to forward the data to base station. Figure-2 (a): Seflish nodes network Eventually, the detected misbehaving node(s) will be isolated from the network until the 1353

5 could reduce the false positive detection percentage in the network. The correct detection percentage is slightly reduced as some part of the network may have insufficient agents to complete the investigation. VI. CONCLUSION Figure-2 (b): Malicious nodes network The above Figure-2 (a) and (b) shows the detection effectiveness against the selfish nodes and malicious nodes threats. This could achieve a high correct detection percentage in an ideal network where only a small number of selfish nodes existed in the network. As the number of selfish nodes increases, correct detection degrade but the false positive detection is still kept to zero percentage. In real world, multiple of malicious nodes might exist in network that threatened the innocent nodes. The increasing number of malicious nodes will augment the false positive detection in the network (Figure-2(b)). In other words, more of innocent nodes is defamed by malicious nodes. Meanwhile, the correct detection percentage is increasing too as the independent malicious nodes mistakenly accuses each other. Next, we examine the influence of the amount of investigators for the detection effectiveness. In an ideal selfish nodes existence network, the number of the investigators has no significant influence to detection effectiveness as selfish nodes do not defame other innocent nodes. However, in a malicious nodes existence network, we observed that the higher number of investigator agents Wireless networks rely on the uninterrupted availability of the wireless medium to interconnect participating nodes. However, the open nature of this medium leaves it vulnerable to multiple security threats. Anyone with a transceiver can eavesdrop on wireless transmissions, inject spurious messages, or jam legitimate ones. We propose a simple yet effective scheme to identify misbehaving forwarders that drop or modify packets in wireless networks. REFERENCES 1. Felegyhazi, M., J.P. Hubaux, and L. Buttyan, Nash equilibria of packet forwarding strategies in wireless ad hoc networks, IEEE Transactions on Mobile Computing, pp , He, Q., D. Wu, and P. Khosla, SORI: A secure and objective reputation based incentive scheme for ad hoc networks, Proc. of IEEE Wireless Communications and Networking Conference (WCNC2004), Fahad, T., D. Djenouri, R. Askwith, and M. Merabti, A new low cost sessions-based misbehavior detection protocol (SMDP) for MANET, AINA Workshops, Vol. 1, pp ,

6 4. P. Papadimitratos, and Z. J. Haas, Secure routing for mobile ad hoc networks, Proceedings of the SCS Communication Networks and Distributed Systems Modeling and Simulation Conference, pp , K. Sanzgiri, B. Dahill, B. N. Levine, C. Shields, and E. M. Belding-Royer, A secure routing protocol for ad hoc networks, Proceedings of the 10 th IEEE International Conference on Network Protocols, pp , S. Marti, T. J. Giuli, K. Lai, and M. Baker, Mitigating Routing Misbehavior in Mobile ad hoc networks, Proceedings of the 6 th ACM International Conference on Mobile Computing and Networking, pp , R. Rao, and G. Kesidis, Detecting malicious packet dropping using statistically regular traffic patterns in multi-hop wireless networks that are not bandwidth limited, Proceedings of the 2003 IEEE Global Telecommunications Conference, vol.5, pp , B. Awerbuch, D. Holmes, C. Nita-Rotaru, and H.Rubens, An on-demand secure routing protocol resilient to Byzantine failures, proceedings of the 3 rd ACM Workshop on Wireless Security, pp , Y. Zhang, and W. Lee, Intrusion detection in wireless ad-hoc networks, Proceedings of the 6 th ACM International Conference on Mobile Computing and Networking, pp , August P. Papadimitratos, and Z. Haas, Secure data communication in mobile ad hoc networks, IEEE Journal on Selected Areas in Communications, vol. 24, issue 2, pp , J. Kong, P. Zerfos, H. Luo, S. Lu, and L. Zhang, Providing robust and ubiquitous security support for mobile ad-hoc networks, Proceedings of the 9 th IEEE International Conference on Network Protocols, pp , L. Zhou, and Z. Haas, Securing ad hoc networks, IEEE Network Magazine, vol. 13, issue 6,