Anonymity Protection in MANETs By Zone Partitioning

Transcription

1 Anonymity Protection in MANETs By Zone Partitioning Shruti Mariappa Hosmani M. Tech. Scholar, Department of CSE, VTU RO, PG Centre College, Gulbarga, India Dr. Shubhangi D.C Professor & HOD, Department of CSE, VTU RO, PG Centre College, Gulbarga, India Shailaja.Shastri Asst Professor, Department of CSE, PDA College of Engineering, Gulbarga, India Abstract Anonymous routing protocols play a vital role in MANETs in order to provide secure communications by concealing the identity of the nodes and avoiding traffic analysis assail from exterior observers. So, my project focuses on providing anonymity protection to data sources, destination and route, by concealing the node s identity and location which means that it should be tough enough for other nodes to obtain its real identity and exact location of the sender and the receiver. Mobile Ad hoc Networks (MANETs) use anonymous routing protocol where as the earlier routing protocols concentrated on concealing the node identity and/or routes from outside observers by using hop-by-hop encryption method or redundant traffic in order to provide anonymity protection, but it was not that highly secure and it incurred much cost for encrypting each and every node and timing attack and intersection attack prevailed. So, the proposed algorithm i.e., an Anonymous Location Based Efficient Routing Protocol (ALERT) which uses hierarchical zone partitioning process to overcome all the aforementioned problems & also overcomes intersection & timing attacks and reduces the cost to a greater extent & enforcing higher security, ALERT offers anonymity protection to all the three i.e. source, destination & route anonymity which was not possible by earlier used protocols. Keywords- Anonymity; GPSR; Mobile Adhoc Networks; Routing protocol; Security. I. INTRODUCTION A mobile ad-hoc network (MANET) is a self-configuring infrastructure less network of mobile devices connected by wireless links. Ad-hoc is Latin and means "for this purpose". In this era, mobile ad hoc wireless network is being recognized by network industry in recent years as practical media, and it becomes an important issue for network communication in terms of minimum infrastructure as well as economic part. Mobile ad hoc wireless network technology has developed very fast now days, which increases the use of communications in certain applications, battlefield, academic, business, education, entertainment, Bluetooth, Wi-Fi, and general packet radio service etc. All mobile nodes in ad hoc network are communicated with each other directly or through intermediate nodes by using routing protocols algorithm. The goal of using routing protocols in MANET is to discover and establish routes between two nodes in order to send the data packets from the source to destination and to provide secure communications between two ends in the network with low cost. Due to its receptiveness and deconcentrate features of MANETs, it is usually not desirable for nodes to be a member of that network. Nodes in MANETs are susceptible to vicious entities that aim to tamper and analyze data and traffic analysis by communication earwig or attacking routing protocol. Anonymity protection is critical in military applications (e.g., soldier communication). Consider a MANET deployed in a battlefield. Through traffic analysis, enemies may intercept transmitted packets, track our soldiers (i.e., nodes), attack the commander nodes, and block the data transmission by comprising relay nodes (RN), thus putting us at a tactical disadvantage. It is important to form an anonymous path between the two end points and make sure that nodes on the way do not get to know where the end points are. Anonymous routing protocols play a vital role in MANETs in order to provide secure communications by concealing the identity of the nodes and avoiding traffic analysis assail from exterior observers. In order to provide anonymity protection to data sources, destination and route, by concealing the node s identity and location which means that it should be tough enough for other nodes to obtain its real identity and exact location of the sender and the receiver. In case of route anonymity opponents either en route or out of route, no node will be having the information regarding the real identity and location of intermediate nodes en route and they cannot trace back the flow of packet to the source and destination. In MANET limited resource constraint is an integral problem in which nodes labour under an energy constraint. Due to complex routing and resource constraint problem in MANET which impose strict limit on system capacity. Existing IJTEL, ISSN: , VOL.3, NO.4, AUGUST

2 anonymous routing protocol focuses on hop-by-hop encryption[2][3][4][5][6] and redundant traffic[7][8] [9] [10][11][12][13], which uses public key based encryption and high traffic generate high cost, they are also resilient to timing attack and intersection attack. For example: SDDR [14] cannot provide route anonymity, ZAP[13] only focuses on destination anonymity and ALARM cannot protect the location anonymity of source and destination. Many approaches could not provide all the aforementioned anonymity protections. So, in order to provide high anonymity protection at low cost and to overcome from timing and intersection attack. So, the proposed algorithm that used is Anonymous Location-based and efficient routing protocol (ALERT) II. REVIEW OF LITERATURE SURVEY A. Jinyang li john jannotti et al In this paper the author uses GLS( geographic location service) which has the potential to dramatically simplify the deployment of data networks. For most part this potential has not been fulfilled. Most recent wireless networks use costly wired infrastructure for all but the final hop. Therefore ad hoc can fulfill this potential because they are easy to deploy, they require no infrastructure & configure themselves automatically, but previous ad hoc techniques do not usually scale well to large network. Here author has presented mobile ad hoc networking protocol with significantly better properties than previous protocols. In many ways two facets of our system, geographic forwarding & the GLS, operate in fundamentally similar ways. Geographic forwarding moves packets along paths that bring them closer to the destination in physical space. GLS moves packets along paths bring them closer to the destination in ID space, using only information about nodes with nearby IDs at each step along the path. Both mechanisms are scalable because they only need local information in their respective spaces. B. Adrian Perrig, Ran Canetti, Dawn Song et al. Here the author has used efficient scheme called TSLA which is based on initial loose time synchronization between the sender and the receivers, followed by delayed release of keys by the sender. This paper proposes several significant modifications and improvements to TESLA. One modification allows receivers to authenticate most packets as soon as they arrive, other modification improve the scalability of the scheme, reduce the space overhead for multiple instances, increase its resistance to denial-of-service attacks. The extensions proposed in this paper are The basic TESLA scheme provides delayed authentication with additional information in apacke, they also show how we can provide immediate authentication. Reduce the communication overhead when multiple TESLA instances with different authentication delays are used concurrently. Drive a tight cover bound on the disclosure delay. Harden the sender & the receiver against denial of service attacks. C. Tracy camp, Jeff Boleng et al In this paper the author have presented a survey of mobility models that are used in the simulations of ad hoc networks. Here author describes several mobility models that represent mobile nodes whose movements are independent of each other & several mobility models that represent mobile nodes whose movements are dependent on each other. The goal of this paper is to present a number of mobility models in order to offer researchers more informed choices when they are deciding upon a mobility model to use in their performance evaluation. D. Yin-Chun Hu, David B. Johnson All the previous adhoc network routing protocols have been assumed a trusted environment. Here in this paper author designs & evaluate the secure efficient ad hoc Distance vector routing protocol(sead), a secure ad hoc network routing protocol based on the design of the destination sequence Distance vector routing protocol. In order to support use with nodes of limited CPU processing capability & to guard against DOS attacks in which a attacker attempts to cause other nodes to consume excess network bandwidth or processing time, here they have used efficient one-way hash functions & do not use asymmetric cryptographic operations in he protocol. SEAD is robust against multiple unco-ordinated attackers creating incorrect routing state in any active attackers or compromised nodes in the network. Consequently, SEAD is efficient & can be used in networks of computation & bandwidth constraint nodes. E. Seonho choi Here author has introduced a multicast authentication scheme for real-time streaming applications that is resistant to denial-of-service attacks & consumes much less resources(cpu and Buffer) at receivers. This scheme uses prediction hashing(ph) and one-way key chain(okc) technique based on erasure codes & distillation codes. PH and OKC techniques enable the receivers to significantly reduce the CPU overhead & buffer requirements compared to other block-based approach. The basic idea of prediction hashing is that each block of packets convey authentication information that will be used authenticate the next block packets instead of sending te authentication information within the same block. One-way key chain technique is already used in other contexts such as in one-time password TESLA. F. Yin-Chun Hu and Adrian perrig et al In this paper the author presented the design & evaluation of Ariadne, a new secure ad hoc network routing protocol. Ariadne provides security against one compromised node & arbitrary active attackers, and relies only on efficient symmetric cryptographic operations. Here they have found that source routing facilitates securing adhoc network routing protocols. Source routing empowers the sender to circumvent potentially malicious nodes, & enables the sender to authenticate every node in a ROUTE REPLY. Such finegrained path control is absent in most distance-vector routing protocols, which makes such protocols more challenging to fully secure. G. Mohamed F.Mokbel, Chi-Yin Chow, Walid G.Aref Here the author presents casper, a framework in which users entertain anonymous location-based services. Casper consists of two main components the location anonymizer that IJTEL, ISSN: , VOL.3, NO.4, AUGUST

3 blurs the users exact location into cloaked spatial regions and the privacy aware query processor that is responsible on providing location-based service based on the cloaked spatial regions. Drawback is that it incurs to blur each and every node location identity and it takes time even to pass the message to destination because it has to cross all the nodes. H. Tomasz Ciszkowski, Zbigniew Kotulski In this paper the author has provided a mechanism concealing a real identity of communicating nodes with an ability of resist to known attacks. Here end-to-end anonymous authentication is conducted in three-pass handshake based on an asymmetric and symmetric key cryptography. The proposed protocol consists of two complementary modules. First is in charge of anonymous authentication, establishing and maintaining bidirectional routes form source to the destination whereas second one monitors activity of nodes being along the existing or discovering path and evaluate their reputation. The process of mutual and anonymous authentication is based on the public-key cryptography and is conducted in three-pass handshake. First phase is aimed to initialize a discovery path from source S to destination D node. Node S and D know their public-keys with related pseudonyms which are distributed during network setup by trusted authority TA. Device S broadcasts a request of discovery path to node D without revealing its identity. Every node is obligated to relay this message through the entire network, in particular delivering it to the destination D. In the same way every node saves the reverse path form D to S. Node D verifies the validity of received message and if succeeds in second phase prepares and unicastly sends response to source node S using already created reverse path. The reply message travels hop-by-hop to the node S. When this message gets to the legitimate node S then its authenticity is verified. Successfully finished two phases determine bidirectional path from S to D. Generally, it is acceptable to establish several paths between nodes S and D (e.g. in order to increase performance of network), however initializing node S may choose only a subset of offered by D paths taking into account its preferences according to reputation system. This is done in former, confirmation phase of handshake. Supplementary, node D generates key material for session keys, one for every path, used by symmetric cryptography algorithms, thereby securing established data path. Here author has presented his work only on initialization and maintenance of the network model rather than sending the message. I. Zhenqiang Gong, Guang-Zhong sun, Xing Xie The study on earliaer paper showed that location-detection devices together with ubiquitous connectivity have enabled a large variety of location based services(lbs). Traditional K- anonymity method needs complex query processing algorithms at the server side. Space twist which rectifies the above short coming of traditional K-anonymity since it only requires incremental nearest neighbour(inn) queries processing techniques at the server side. However space twist may fail because it cannot guarantee K-anonymity. In this paper the author has proposed framework called KAWCR(K-anonymity without cloaked region), rectifies the shortcomings and retains the advantages of the above two techniques. KAWCK only needs the server to process INN queries and can guarantee that the users issuing the query is indistinguishable from atleast K-1 other users. The extensive experimental results show that the communication cost of KWCR for KNN queries is lower than that of both traditional K-anonymity and space twist. J. Balaji.S, Manicka Prabha.M In this paper the author uses B.A.T.M.A.N along with Attribute Based Encryption to achieve the security and to accomplish rapid transmission which is a routing protocol that maintains the best hop information in its routing table. To accomplish secured communication secret key is generated using attribute based encryption technique.to obtain fast transmission BATMAN routing scheme is used. Drawback: It maintains the details of only the best next hop and also incurs high cost to encrypt each and every node. III. PROBLEM DEFINITION The ALERT routing protocol is a light weight protocol, so it does not provide a heavy authentication against adversary attacks. Due to its nature there could be a delay in transmitting data. Hop-by-hop encryption incurs much cost, time to send data will also be more, it is not highly secure. If we use hop-byhop encryption timing attack and intersection attack prevails. So, an ALERT routing protocol is used to overcome all the aforementioned problems. IV. PROPOSED SYSTEM: In order to provide high anonymity protection (for sources, destination, and route) with low cost, we propose an Anonymous Location-based and Efficient Routing protocol (ALERT). ALERT dynamically partitions a network field into zones and randomly chooses nodes in zones as intermediate relay nodes, which form a non traceable anonymous route. In each routing step, a data forwarder partitions the network field in order to separate itself and the destination into two zones. It then randomly chooses a node in the other zone as the next relay node and uses the GPSR algorithm to send the data to the relay node. In the last step, the data is broadcasted to k nodes in the destination zone, providing k-anonymity to the destination. In addition, ALERT has a strategy to hide the data initiator among a number of initiators to strengthen the anonymity protection of the source. ALERT is also flexible enough to overcome intersection attacks and timing attacks. Advantages of Proposed System: Route anonymity, identity, and location anonymity of source and destination is provided by ALERT. Rather than relying on hop-by-hop encryption and redundant traffic, ALERT mainly uses randomized routing of one message copy to provide anonymity protection. Because of the non fixed routing path in MANETs, ALERT also overcomes from intersection and timing attack. Comprehensive experiments are conducted to evaluate ALERT s performance in comparison with other anonymous protocols IJTEL, ISSN: , VOL.3, NO.4, AUGUST

4 A. NETWORKS AND ATTACK MODELS ALERT protocol can hold for different network models with various node movement patterns such as random way point model and group mobility model. Attacks Message s sender may be revealed by merely exposing the transmission direction. Therefore sender also needs protection of anonymity. A malicious observer may also try to detect destination nodes through traffic analysis by launching an intersection attack. Therefore destination node also needs protection of anonymity. The attackers can be battery powered nodes, they can be powerful nodes that pretend to be legitimate nodes & inject packets to the networks according to the analytical results from their eavesdropped packets. B. ALERTs GROUPING PROCEDURE TO MAINTAIN HIGH ANONYMITY PROTECTION Here in ALERT routing protocol we are avoiding hop-byhop encryption by grouping the nodes under zones hence by grouping the nodes under zones the cost of encrypting of each and every node is reduced to a greater extent, high security for every node is attained because nodes are grouped under zones and the whole zone is encrypted using secret key, and Intersection attack and timing attack are also overcome by zone partitioning process. Figure 2. Routing Among Zones In ALERT The zone having k nodes where D is present in destination zone, which is denoted as Zd. K- To control degree of anonymity protection. The zone in which destination symbol resides as shown in the figure is the destination zone. In ALERT routing, each data source or forwarder executes the hierarchical zone partition. It first checks whether itself and destination are in the same zone. If so, it divides the zone alternatively in the horizontal and vertical directions. The node repeats this process until itself and zd are not in the same zone. It then randomly chooses a position in the other zone called temporary destination (TD), and uses the GPSR routing algorithm to send the data to the node closest to TD. Fig. shows an example of routing in ALERT. in which nodes are randomly disseminated. ALERT features a dynamic and unpredictable routing path, which consists of a number of dynamically determined intermediate relay nodes as shown in figure below: the Figure 1. Data Flow Diagram Of ALERT Grouping Procedure C. THE ALERT ROUTING ALGORITHM Assume that the entire network area is a rectangle in shape and nodes in it are randomly scattered figure below Figure 3. Example Of Different Zone Partitions. As shown in the above figure ALERT uses a hierarchical zone partitioning process and randomly chooses a node in the partitioned zone in each step as an intermediate relay node(i.e., data forwarder), thus it dynamically generates an unpredictable routing path for a message. As shown in the Fig.4.2, given an area, by horizontally partitioning it into two zones A1 and A2 and then vertically partitioning zone A1 to B1 and B2. After IJTEL, ISSN: , VOL.3, NO.4, AUGUST

5 that, again horizontally partition zone B2 into two zones. Such zone partitioning consecutively splits the smallest zone in an alternating horizontal and vertical manner. This partitioning process is called hierarchical zone partition. Given an S-D pair, the partition pattern in ALERT varies depending on the randomly selected TDs and the order of horizontal and vertical division, which provides a better anonymity protection. Fig.4.2, shows one possible routing paths for a packet pkt issued by sender S targeting destination D in ALERT. There are also many other possible paths. In the above figure routing flow, data source S first horizontally divides the area into two zones that are equal in size, A1 and A2, in order to separate S and ZD. S then randomly chooses the first temporary destination TD1 in zone A1 where ZD is present. Then, S relies on GPSR to send pkt to TD1. The pkt is forwarded by many relay nodes until reaching a node that cannot find a neighbor closer to TD1. This is the node that is considered to be the first random-forwarder RF1. After RF1 receives pkt, it then vertically divides the region A1 into regions B1 and B2 so that ZD and itself are separated in two different zones. Then, RF1 randomly selects the next temporary destination TD2 and uses GPSR to send pkt to TD2. This process is repeated until a packet receiver finds itself residing in ZD, i.e., a partitioned zone is ZD having k nodes. Then, the node broadcasts the pkt to the k nodes. In our anaysis, we assume that entire network area is a rectangle with side lengths and and the entire area is partitioned H times to produce a K-anonymity destination zone. We introduce two functions to calculate the two side lengths of the hth partitioned zone. is anonymous middleware working between network layer and application layer[9]. Hop-by-hop authentication is used to prevent adversaries from participating in the routing to ensure route anonymity. MASK[32] topological routing uses neighbourhood authentication in routing path discovery to ensure that the discovered route consists of legitimate nodes & are anonymous to attackers. In GPSR[3] nodes encrypt their location updates and send location updates to the location server. VI. RESULTS Figure 4. Generation Of Nodes In the above figure all the clients holding red color are nodes, the server part is shown in cream colour box, under the view group detail we can view which are all the node added under which group and view label indicates the status of the message that is sent and view multicast keys displays group secret key The side lengths of the destination zone after H partitions are and. Above figure shows the example of three partitions of the entire network area. The side lengths of the final zone after the 3 partitions are =0.5 =0.25 V. RELATED WORK By the different usage of topological information, they can be classified into on-demand or reactive routing methods and proactive routing methods[8][32][33][34] [3][4][11][10]. There Figure 5. Adding Nodes Under Groups i.e Zones To Provide High Security. In the above figure we are adding the clients under the groups after that it asks and confirms whether to join or quit the node from the group. Due to this grouping of nodes under zones, hop-by-hop encryption is not needed for each and every node, hence cost is reduced and the nodes are securely encrypted under zones and the data is securely routed. IJTEL, ISSN: , VOL.3, NO.4, AUGUST

6 Figure 9. Keys Are Generated For Each Group Figure 6. Send The Encrypted Data The above figure depicts that it first browses the file that it wants to send and then it selects the group that it wants to send, after that encrypts the data that is selected and then presses the send button to send the data, its data encryption code will be displaying on the console when it is sent. The above figure depicts that as and when the nodes are added under groups and encrypted data is sent, secret keys are generated for each group in order to decrypt the data that is sent to server, this is where we are avoiding hop-by-hop encryption by using group key to encrypt the nodes added under zone in order to provide high security and to reduce the cost and time incurred in hop-by-hop encryption of each and every node Figure 7. Encrypted data is sent After adding all the nodes under zones the clients that are added are turned to green color and the encrypted data that is sent is tick marked as you can see in the figure above Figure 10. Decryption Takes Place By Using The Secret Key Of The Group Figure 8. We can see address of the data that we have sent. In continuation with figure 7 when the data is sent by the nodes/ clients under group A we can see the same address appears on the client A and client D as that on the server part which is under key server management module. Figure 11. After Doing The Message That Was Sent Is Seen In The Console The above figure depicts that the encrypted file that was sent to the server for which we were able to see only the address of the file on that cream colour server part now after complete decryption process the whole file that was sent is visible on the console. IJTEL, ISSN: , VOL.3, NO.4, AUGUST

7 VII. CONCLUSION In MANETs due to high mobility of nodes and nodes are scattered. It is highly important to provide protection for the nodes. The anonymity protection used by earlier protocols was hop-by-hop encryption or redundant traffic which was too complex to be provided and which incurred heavy cost. So, we propose a modification over the protocols like ZAP, SDDR, ALARM to our new protocol ALERT which uses zone partitioning to hide node identities and overcomes from intersection attack and timing attack and also reduces cost to a greater extent and it is much easier compared to earlier protocols and more importantly it offers protection to all the three areas i.e. source, destination and route anonymity. REFERENCES [1] A. Pfitzmann, M. Hansen, T. Dresden, and U. Kiel, Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management a Consolidated Proposal for Terminology, Version 0.31, technical report, [1]. [2] K.E. Defrawy and G. Tsudik, ALARM: Anonymous Location- Aided Routing in Suspicious MANETs, Proc. IEEE Int l Conf. Network Protocols (ICNP), 2007.[5] [3] K. El-Khatib, L. Korba, R. Song, and G. Yee, Anonymous Secure Routing in Mobile Ad-Hoc Networks, Proc. Int l Conf. Parallel Processing Workshops (ICPPW), 2003.[14]. [4] X. Wu, J. Liu, X. Hong, and E. Bertino, Anonymous Geo- Forwarding in MANETs through Location Cloaking, IEEE Trans. Parallel and Distributed Systems, vol. 19, no. 10, pp , Oct [13]. [5] J. Raymond, Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems, Proc. Int l Workshop Designing Privacy Enhancing Technologies: Design Issues in Anonymity and Unobservability (WDIAU), pp , 2001.[16]. [6] Z. Zhi and Y.K. Choong, Anonymizing Geographic Ad Hoc Routing for Preserving Location Privacy, Proc. Third Int l Workshop Mobile Distributed Computing (ICDCSW), 2005.[3] [7] V. Pathak, D. Yao, and L. Iftode, Securing Location Aware Services over VANET Using Geographical Secure Path Routing, Proc. IEEE Int l Conf. Vehicular Electronics and safety (ICVES), 2008.[4]. [8] I. Aad, C. Castelluccia, and J. Hubaux, Packet Coding for Strong Anonymity in Ad Hoc Networks, Proc. Securecomm and Workshops, 2006.[8]. [9] Ke Liu s NS2 Code, research/ns2code/index.html, [10] X. Wu, AO2P: Ad Hoc On-Demand Position-Based Private Routing Protocol, IEEE Trans. Mobile Computing, vol. 4, no. 4, pp , July/Aug [10]. [11] B. Zhu, Z. Wan, M.S. Kankanhalli, F. Bao, and R.H. Deng, Anonymous Secure Routing in Mobile Ad-Hoc Networks, Proc. IEEE 29th Ann. Int l Conf. Local Computer Networks (LCN), 2004.[11]. [12] Y. Zhang, W. Liu, and W. Luo, Anonymous Communications in Mobile Ad Hoc Networks, Proc. IEEE INFOCOM, 2005[32]. [13] J. Kong, X. Hong, and M. Gerla, ANODR: Anonymous on Demand Routing Protocol with Untraceable Routes for Mobile Ad-Hoc Networks, Proc. ACM MobiHoc, pp , 2003[33]. [14] L. Yang, M. Jakobsson, and S. Wetzel, Discount Anonymous On Demand Routing for Mobile Ad Hoc Networks, Proc. Securecomm and Workshops, 2006 [34] IJTEL, ISSN: , VOL.3, NO.4, AUGUST