Secured Dynamic Source Routing Protocol for Mobile Sensor Networks

Transcription

1 Secured Dynamic Source Routing Protocol for Mobile Sensor Networks P.SAMUNDISWARY AND *P.DANANJAYAN Department of Electronics and Communication Engineering Sri Manakula Vinayagar Engineering College *Pondicherry Engineering College Pondicherry, INDIA Abstract:-Sensor networks consist of large number of nodes with limited energy, computation and transmission power. Each node in the network helps every other node by forwarding their packets to reach the destination.since these nodes operate in a physically insecure environment; they are vulnerable to different types of attacks such as sinkhole and wormhole. These attacks can inject malicious packets by compromising the node. Conventional routing protocols have been developed without considering the security aspects against these attacks. In this paper, a secure routing protocol named secured dynamic source routing protocol(s-dsr) is proposed for mobile sensor networks by incorporating trust based mechanism in the existing dynamic source routing protocol (DSR). Simulation results prove that S-DSR outperforms the DSR by reducing the packet drop, delay and improving the delivery ratio of the networks. Key-Words: - Wireless sensor networks: Malicious node; Sink hole; Worm hole; Dynamic source routing protocol; Trust model. 1 Introduction Wireless sensor networks have drawn a lot of attention recently due to their broad applications in both military and civilian operations. Sensor nodes in the network are characterized by severely constrained, energy resources and communicational capabilities. Each node in the network basically acts like a router. The nodes have absolute control over the data that passes through it. The sensor network architecture is shown in the Fig.1. Due to the small size and unattended deployment of the nodes, the attackers can easily capture and convert them as malicious nodes. The malicious nodes can either join the network externally or may originate internally by compromising an existing benevolent node [1]. These nodes can carry out both passive and active attacks against the networks [2]. In passive attacks a malicious node only eavesdrops upon the packet contents, while in active attacks it may imitate, drop or modify legitimate packets [3]. A common type of active attack is a sinkhole [4] in which a node, can deceitfully modify the routing packets. So, it may lure other sensor nodes to route all traffic through it. The impact of sinkhole is that it can be used to launch further active attacks on the traffic, which is routed through it. Another type of such a colluded attack is a wormhole [5] in which a Fig.1. Sensor network architecture malicious node tunnels the packet from one end of the network to another. This type of node emulates a shorter route and so network nodes prefer to use it rather than other alternate longer routes. The impact of the same is that the tunnel essentially emulates ISSN: ISBN:

2 shorter route and so network nodes prefer to use it rather than other alternate longer routes. Karlof and Wagner have revealed that routing protocols of sensor networks are especially insecure and are highly vulnerable to malicious nodes. Their analysis shows that attacks launched from insiders (the adversaries compromise the legitimate nodes and make them affect the routing topology adversely) are most dangerous. In order to protect the network against malicious attackers, number of routing protocols have been developed, which make use of cryptographic techniques to protect the network traffic. Security mechanisms used in the routing protocols of the sensor networks will detect the compromised node and then revoke the cryptographic keys of the network. But, the requirements of secure routing protocols include configuration of the nodes with encryption keys [6] and the creation of a centralized or distributed key repository to realize different security services [7] in the network. In addition to that, some secure routing protocols require excessive overheads [8]. It is difficult to apprehend in sensor networks because of their meager power.although existing secure routing protocols make use of efficient symmetric cryptography; they have other extraneous requirements like clock synchronization or geopositional systems for mobile nodes [9]. However, secure routing protocol such as secured dynamic source routing (S-DSR) protocol is available to evade sinkhole and wormhole attacks for static nodes of the sensor network. In this paper, an attempt has been made to implement S-DSR protocol in a mobile sensor network to circumvent sinkhole and wormhole attacks by including trust model in the dynamic source routing protocol. The remainder of the paper is organized as follows Section 2 describes about the dynamic source routing protocol. Section 3 deals with the secured dynamic source routing protocol. Simulation results are discussed in Section 4 to obtain packet drop consumption, delay and delivery ratio of the secured dynamic routing protocol and conclusion are drawn in Section Dynamic Source Routing Protocol The DSR protocol [10] is a reactive routing protocol, which uses IP source routing. All data packets are affixed with a DSR source route header that contains the complete list of nodes. So, the packet has to traverse in the order given in the source route header to reach a particular destination. Each intermediate node, upon receiving a data packet, forwards the packet to the next hop as listed in the source route header. During route discovery, the source node broadcasts a ROUTE REQUEST packet with a unique identification number. The ROUTE REQUEST packet contains the address of the target node to which a route is desired. All nodes that have no information regarding the target node append their IP addresses to the ROUTE REQUEST packet and rebroadcast it. In order to control the spread of the ROUTE REQUEST packets, the broadcast is done in a non propagating manner with the IP field being incremented in each route discovery. The ROUTE REQUEST packets keep on spreading until the time they reach the target node or any other node that has a route to the target node. The recipient node creates a ROUTE REPLY packet, which contains the complete list of nodes that the ROUTE REQUEST packet had traversed. The target node may respond to one or more incoming ROUTE REQUST packets depending upon implementation. Similarly, the source node may accept one or more ROUTE REPLY packets for a single target node. In the proposed model, DSR with multi-path is used [11] in which each ROUTE REQUEST packet received by the destination is responded by an independent ROUTE REPLY packet. For optimization reasons, a PATH CACHE or a LINK CACHE scheme is maintained by the nodes. When the nodes either forward or overhear the data and control packets to the other nodes, all types of information is added to their respective route cache. This information is used to limit the spread of control packets for subsequent route discoveries. 3. Secured Dynamic Source Routing Protocol 3.1 Trust Model To detect and evade sinkholes and wormholes in the network, an effort return based trust model is used [12]. The trust model uses the inherent features of the DSR protocol to derive and compute the respective trust levels in other nodes. Each node executing the trust model, measures the accuracy and authenticity of its immediate neighboring nodes by monitoring their participation in the packet forwarding mechanism. The sending node verifies the different fields of source route header in the forwarded IP packet for requisite modifications through a sequence of integrity checks. If the integrity checks succeed, it confirms that the node has acted in a benevolent manner and so its direct trust counter is incremented. On the other hand, if ISSN: ISBN:

3 the integrity check fails or the forwarding node does not transmit the packet at all, then its corresponding direct trust measure is decremented. 3.2 Detection Process Each node before transmission of a data packet, buffers the DSR source route header. After transmitting the packet, the node places its wireless interface into the promiscuous mode for the trust update interval (TUI). The TUI represents the time a sending node must wait after transmitting a packet until it overhears the retransmission by its neighbor. This interval is critically related to the mobility and traffic of the network. If this interval is made too small, it may result in ignoring of the retransmissions by an inefficient neighbor. Similarly, a large TUI value may cause energy costs and also induce errors due to nodes getting out of reception range. 3.3 Evasion Process In the DSR, the LINK CACHE is first scanned for a working route to the destination, before initiating a new route discovery. If there is no unavailability of a route from the LINK CACHE in the DSR, then Dijkstra algorithm [13] is used to find the route to reach the destination. This algorithm returns the shortest path to any destination in terms of number of hops. But, if the status of the link end node is classified as a wormhole, the cost of that link is set to infinity. So, a modified variant of the search algorithm is implemented, which finds routes with the maximum trust level, thereby evading any possible sinkholes and wormholes. There may be circumstances in which the source node may not have sufficient trust information regarding all the mobile nodes in the computed path of DSR protocol [14]. To deal with such situations, a salvaging mechanism is implemented in S-DSR. In S-DSR, the forwarding nodes verify the trust levels of all nodes present in the packet's source route header, instead of checking the connectivity of the next hop. With the standard DSR protocol, all immediate nodes blindly forward the packets to the succeeding nodes listed in the source route header. However in the S-DSR protocol, the trust level of all the remaining nodes in the source route is first verified for the existence of a sinkhole or a wormhole. Only in case of absence such malicious nodes, the packets are forwarded as per the source route header. However, in case where malicious nodes are present in the source route header, that particular packet is dropped and a corresponding ROUTE ERROR packet is sent to the originator of the data packet. 4. Simulation Result and Analysis Instead of using cryptographic techniques, the trust and mobility model is implemented in the existing DSR protocol to obtain the S-DSR protocol. The S- DSR protocol is simulated using Network Simulator-2 [15] to emulate sinkhole and wormhole attacks in the mobile sensor network. The performance parameters such as packets drop, delivery ratio and the average delay are calculated by varying the number of malicious nodes such as 2,3,4,5,6,7,8,9,10 etc. The parameters used in the simulation are listed in Table 1. TABLE 1. Simulation Parameters Simulation Parameters Values Simulation time (s) 900 Simulation area (m 2 ) Transmission range (m) 250 Number of nodes 50 Traffic type Packet rate (pkts/s) 4 CBR Fig.2. Simulation topology of the sensor networks implementing S-DSR protocol with six malicious nodes The sample NAM output is shown in Fig.2 for the mobile sensor network with six malicious nodes. Using S-DSR protocol, the packets will reach the destination node from the source nodes leaving the compromised nodes. The performance parameters of DSR and S-DSR protocols are compared in Fig.3, Fig.4 and Fig.5 ISSN: ISBN:

4 4.1 Packet Drop It is the fraction of packets that were dumped by malicious nodes without any notification. The packet loss of S-DSR is lesser than DSR protocol by 20% to 40% with respect to malicious nodes as shown in the Fig. 3.The reduction in the packets drop is due to the assignment of lower trust values and elimination of nodes that were treated as sinkholes or wormholes. 4.2 Delivery Ratio It is the ratio between the numbers of packets received by the application layer of the destination nodes to the number of packets sent by the source nodes. Eventhough the number of malicious nodes increases, the more number of packets have reached the destination nodes successfully by using S-DSR protocol. It is proved through simulation that though there is no significant change in the delivery ratio of S-DSR, it is higher than that of DSR which is shown in the Fig Average Delay Average delay gives the mean time (in seconds) taken by the packets to reach their respective destinations. It is verified through simulation shown in Fig.5 that average delay of S-DSR protocol is lesser than DSR protocol for large number of malicious nodes. The percentage of variation in the average delay of S-DSR protocol is between 70%- 75% when compared to DSR protocol. This is due to the fact that, the routes obtained from the LINK CACHE information of the node are not optimal in terms of hops but instead consists of nodes that have been found to more trustworthy than the others. Fig.3.Variation of packets drop with respect to number of malicious nodes Fig. 4.Delivery ratio with respect to malicious nodes 5. Conclusion Secured dynamic source routing protocol is implemented for mobile sensor network by using ns-2 and compared with dynamic source routing protocol for different number of malicious nodes. The results shows that on the average, the packet loss achieved using the S-DSR protocol was 30% less than the standard DSR protocol. Further more, an improvement of 72.5% in the average delay and increment in the delivery ratio have been achieved in the S-DSR protocol, even with 40% malicious nodes in the network. The reason is mainly due to the smaller trust values and the proper routing decision taken by the trust based model to get rid of the nodes which are acting as sinkholes or wormholes. Fig.5. Average delay vs. number of malicious nodes ISSN: ISBN:

5 References [1] S.Carter and A.Yasinac, Y.C.Hu, Secure position aided adhoc routing protocol, Proceedings of the IASTED Conference on Communications and Computer Networks (CCN), Cambridge, MA, USA, pp , November, [2] Y.C.Hu, A.Perrig, and DB.Johnson, Ariadne: A secure on-demand routing protocol for ad-hoc networks, Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (MobiCom), Atlanta, Georgia, USA, pp.12-23, September, [3] B.Dahill, B.N.Levine, E.Royer and C.Shields, A secure routing protocol for ad hoc networks, Proceedings of the IEEE International Conference on Network Protocols (ICNP), Paris, France, pp.78-87, November, [4] C.Karlof and D.Wagner, Secure routing in wireless sensor networks: Attacks and countermeasures, Proceedings of the 1st IEEE International Workshop on Sensor Network Protocols and Applications, Anchorage, AK, May, [5] Y.C.Hu, A.Perrig and D.B.Johnson, Packet leashes: A defense against wormhole attacks in wireless networks, Proceedings of the Twenty- Second Annual Joint Conference of the IEEE Computer and Communications Societies, San Francisco, CA, USA, vol.3, pp , 2003 [6] Asad Amir Pirzada, and Chris Mcdonald, Secure pervasive computing without a trusted third party, Proceedings of the IEEE/AC International Conference on Pervasive Services (ICPS 04), Beirut, Lebanon, July, [7] W.Stallings, Network Security Essentials, Prentice Hall, [8] D.Carman, P.Kruus and B.Matt, Constraints and approaches for distributed sensor network security, Technical report, NAI Labs, [9] A.Perrig, R.Szewczykk, J.D.Tygar, V.Wen and D.E.Culler, Spins: Security protocols for sensor networks, Wireless Networks, vol.8, no.5, pp , [10] D.B.Johnson, D.A.Maltz, and Y.Hu, The dynamic source routing protocol for mobile ad-hoc networks, Internet Engineering Task Force on Mobile Adhoc Networks, (IETF MANET), February, [11] A.Nasipuri and S.Das, On-demand multipath routing for mobile ad-hoc networks, Proceedings of the Eight International Conference on Computer Communications and Networks, Boston, USA, pp.64-70, October, [12] A.Pirzada and C.McDonald, Establishing trust in pure ad-hoc networks, Proceedings of the 27 th Australasian Computer Science Conference(ACSC), Dunedin, New Zealand, vol. 26, no.1, pp.47-54, January, [13] E.W.Dijkstra, A note on two problems in connection with graphs, Numerische Mathematics, pp.83-89, [14] A.Pirzada, A.Datta and C.Mc.Donald, Trust based routing for ad-hoc wireless networks, Proceedings of the IEEE International Conference on Networks (ICON 04), Singapore, pp , November, [15] I.Downard, Simulating sensor networks in ns-2, NRL Formal Report , Naval Research Laboratory, ISSN: ISBN: