Proceedings of the International Conference on Pattern Recognition, Informatics and Medical Engineering, March 21-23, 2012

978-1-4673-1039-0/12/$31.00 ©2012 IEEE

ORZEF: An Optimized Routing using Zone to Establish Security in Manet using Multipath and

Friend-Based Ad Hoc Routing

Gokulnath Thandavarayan PG Scholar

Dept. of CSE Kongu Engineering College

Erode TamilNadu, India.

E-mail: gokulnathreach@gmail.com

Sangeetha K Asistant Professor

Dept. of CSE Kongu Engineering College

Erode TamilNadu, India.

E-mail: sangeetha_k@kongu.ac.in

Selvaraj Seerangan PG Scholar

Dept. of CSE Kongu Engineering College

Erode TamilNadu, India.

E-mail: cseselva@gmail.com

Abstract- Mobile Ad Hoc Network (MANET) is a wireless communication with a collection of devices that communicate with each other without the aid of any centralized administrator. Due to its properties MANET environment is prone to attacks in routes. ORZEF is a self-motivated routing system to provide has less security secure routing. When a node enters into a zone it distributes its secret key upto two hop count nodes and it shares their secret keys by using asymmetric key encryption. For each node routing zone is defined separately using its radius. When there is a malicious activity in the environment the authentication algorithm is initiated to isolate the malicious nodes. As a result of this scheme, the network will be able to effectively isolate the malicious nodes. Through extensive simulation analysis using QualNet simulator it is concluded that this scheme provides an efficient approach towards security and easier detection of the malicious nodes in the mobile ad hoc network and the power also utilized effectively.

Keyword- MANET; Zone; Symmetric encryption; Asymmetric encryption; Challenge algorithm; Multipath routing;

I. INTRODUCTION In MANET the machines are fully mobile as long as they

remain in the radio range but security is the major concern in the MANET environment. Data transmitted from source can be easily hacked by the intruders. Using a packet sniffer within the emission area all messages can be eavesdrop. Many researches are undergoing to establish security in MANET.

To establish security in MANET the malicious nodes should be isolated and data transmission should be secured by using cryptography techniques. In this paper we propose a routing level security protocol ORZEF: An Optimized Routing using Zone to Establish Security in Manet using Multipath and Friend-based ad hoc routing. Initially we create a secure bond between every two nodes, the node distribute its unique secret key to its pair in the environment. To stop malicious nodes to participate in the route establishment authentication must be done periodically. Challenge algorithm is used for the authenticate the nodes. The algorithm provides a robust

mechanism for isolating malicious nodes and gives a best approach to establish security in MANET.

II. OVERVIEW In ORZEF protocol the zones are defined for every

individual node. Due to dynamic in nature when nodes meet each other, it will share their secret key. Thus the nodes have several trust relationships and form a secure community. The distribution of the secret key is carried out by public key cryptography. Later when there is a data transmission between the two nodes, the secret key is used for encrypting the data. The algorithm uses possess key list and friend key list to store the secret key. The received secret key is stored in friend key list and the generated key is stored in possess key list. A unique ID is given to every secret key in the stored table to identify the corresponding nodes.

The authentication for nodes is done by challenge algorithm. Node which completes the challenge successfully stored in friend list. Later by using share through friend’s task the list is shared among the neighbor nodes. A node which doesn’t complete the challenge is shifted to question mark list but it is not shared among neighbors because to stop grudge wars.

III. RELATED WORK This section discusses about the previous work done in the

field of secure routing. Secure routing protocol must provide Authentication, Access Control, Confidentiality, Privacy, Integrity, Authorization, Anonymity, Non-Repudiation, Freshness, Availability and Resilience to attack.

a) Payment Systems [4]: Using the payment system nodes gain their trust level. For their good behaviour in the environment nodes gain points.

b) Reputation Systems [5, 6]: For trusted nodes better reputation is awarded. Better reputation nodes get better service and the nodes which have less reputation will have a less service and its trust level is low.

c) Cryptography-based systems [7]: Cryptography systems use symmetric and asymmetric key technique to

International Conference on Pattern Recognition, Informatics and Medical Engineering (PRIME-2012)

222

implement security. The algorithms used are computationally difficult for a malicious node to break the encrypted message.

IV. ORZEF PROTOCOL ORZEF protocol uses six different tables for route

selection and the lists used are discussed in this section.

a) Possess key list: The secret keys distributed to neighbors are stored in the list. The list stores secret keys and unique ID’s. Secret keys are used to decrypt the message sent by the destination. ID’s are used to referring the destination.

b) Friend key list: The secret keys distributed by neighbors are stored in the list. The list stores secret keys and unique ID’s. Secret keys are used to encrypt the message sent by the source. ID’s are used to referring the source.

c) Friend List: The nodes which are qualified in the challenge algorithm are stored in this list. The node is rated from 0 to 10.

d) Question Mark List: If a node detects a suspicious activity of a particular node it will be moved in this list.

e) Unauthenticated List: The list of nodes of which no security information is present.

f) DR: Data rating, this is the rating given to nodes after they transmit some amount of data for the source node.

V. ORZEF ALGORITHM DESCRIPTION The proposed ORZEF algorithm is divided into the

following four stages namely zones [11], share secret key, challenge algorithm [2], multipath routing. The link flow between the different stages of the protocol is shown in Fig. 1 The routing of data in the protocol is on demand but other process is periodic.

Figure 1. Stages of ORZEF Algorithm A. ZONE

In MANET mobility of nodes ranges up to 70 km/hr. A routing zone is defined by its transmission power. By reducing the transmission power such that a node will cover up to two hop counter nodes and this behavior will save battery power. When a new node is entered in to a MANET environment it distributes a control packet. The packet contains a public key and a hop counter and initially the hop counter is set to two. On receiving it the neighbor nodes decrease one hop counter and again distribute to its neighbor nodes. If the hop counter value is one the neighbor nodes doesn’t forward the packet further more. If the neighbor had already received that request

it just drops it. While reply to the request the neighbor nodes will generate a symmetric key and encrypt it with the source public key and sent it to the source. The reply message contains a cipher, public key, sequence number, source and destination address. The cipher text contains the secret key encrypted by the source key. Public key is generated by the destination. The sequence number is used to refer the hop count and the sequence number is increased when the packet transmitted by intermediate nodes. Due to mobility the nodes move from one zone to other zone. On sharing its secret key to many zones a virtual path is created between the source and the destination in the earlier stage itself. When two nodes have already shared their secret key and if the hop count is one it will drop all the new request or it will forward to other neighbors.

B. SHARE SECRET KEY It is a mechanism of share secret keys inside the zones,

when two nodes are in the same zone let us assume node A and node B with possess key list and friend key list.

a) Step 1: Initially node A send beacon signals to check the status of the neighbour nodes.

b) Step 2: On receiving the signal directly from node A, node B send the public key and a ID to node A.

c) Step 3: Now node A generate a secret key uniquely for node B and store it in possess key list with its ID then the secret key is encrypted with node B’s public key and transmitted to node B. Along with this cipher text A also transmits its public key to node B.

d) Step 4: On receiving the encrypted message node B decrypt it and store the secret key in its friend key list. Now node B generates a secret key for node A and transmits using node A public key public key.

e) Step 5: Now both nodes save the secret key in both possess key list and friend key list. The secret key is used for the future data transmission.

VI. CHALLENGE ALGORITHM If malicious activity is present in the environment

challenge algorithm is used to authenticate nodes.

a) Step 1: In the new environment, each node will generate a pair of large prime integers which is secret. The nodes share their secret key inside the zone and initially neighbors are stored in the unauthenticated list.

b) Step 2: Now the node A picks one of the neighbors, and performs the usual Share Friends Stage. While transmitting data if there is a malicious activity like packet dropping or message tampering source node initiates a challenge to the intermediate nodes.

c) Step 3: Assume as a response the neighbor node B will sends its friend list or if the friend list is empty it send the unauthenticated list.

d) Step 4: On receiving the message the node A picks up a node which has a reliable path. Let us say the node is C.

e) Step 5: To reach C node A has two ways. One is through B and another is the selected reliable path.

Shared Secret Key

Posses Key List Friend Key List

Challenge Algorithm

Friend List Unauthenticated List Question Mark List

Route Establish

Symmetric Encryption

Asymmetric Encryption

Multipath Routing

Zone Network

International Conference on Pattern Recognition, Informatics and Medical Engineering (PRIME-2012)

223

f) Step 6: Now node A sends a random prime number “n” to both route and initiate challenge. A also includes its own public key with the challenge.

g) Step7: Intermediate nodes see the encrypted message as a normal data packet and routes it. As C decrypts the data packet and responds to the challenge. C computes cd mod n and encrypts it with A public key. Cipher text is send to the two paths.

h) Step 8: A receives the message from both routes and decrypts it. If both the messages are same then node A adds node B at the bottom of its friend list.

� Rate friends: Friends are rated from zero to ten. Initially nodes that completed the challenge successfully stored in the friend list. Using Share Friends stage neighbor list is added in the node.

� Data rating: The data rating is updated by a node for its friend on the basis of amount of data it transfers for it. The DR of a friend node varies by the number of data packets transferred through it.

VII. ROUTE ESTABLISHMENT When a node wants to transmit data to a particular

destination, it initiates a DSR [3] protocol. Source evaluates the route available to the destination node on the basis of its friend list. The Route Reply messages contain the public key of the destination node.

A. RULES TO SELECT A PATH � RULE 1: If both source and destination have shared

their secret key earlier in the zone, it finds a shortest path with more number of trusted nodes between source and destination and transmits the data. Source encrypts the data by the secret key stored in friend key list and transmits to destination. On receiving the chipper text destination decrypt the message by its secret key that is stored in possess key list.

� RULE 2: If source doesn’t have the secret key of destination. The source checks the friend list and selects a path with more trusted nodes and transmits the data. The data is encrypted by destination public key.

� RULE 3: If the routes have more malicious nodes than the trusted nodes, the source split the data into sub packets encrypt the data by using public key of destination and route through different paths through trusted nodes.

B. DESCRIPTION FOR MULTIPATH While transmitting the route reply the intermediate nodes

increase the value by +1 in the hop counter. If (t<m) in every paths, were t is total number of trusted nodes and m is the total number of malicious nodes in the route the source selects the multipath routing [10]. The traffic originated at the source is split up and sent over different routes to avoid congestion and use resources more efficiently.

VIII. PERFORMANCE METRICS The performance metrics of this protocol is carried out

using QualNet simulator. The analysis of the protocol is carried out in various metrics by increase in the total number of nodes.

The Fig. 2 shows, the number of packets transmitted securely in the network. ORZEF shows good result when compared with FACES and ZRP it works well because it uses symmetric, asymmetric encryption technique and multipath routing dynamically according to the current status environment. The number of malicious node isolated from the network are shown in Fig. 3, both ORZEF and FACES gives more or less same result as it uses the same challenging algorithm. The total energy used by the network is shown in Fig. 4, in ORZEF we don’t uses a promiscuous mode and energy is consumed.

Figure 2. Number of Packets Transmitted Securely versus Number of Nodes

Figure 3. Number of Malicious Nodes isolated versus Number of Nodes

1000 2000 3000 4000 5000 6000 7000 8000 9000

10000

20 40 60 80 No.

of p

acke

ts tr

ansm

itted

secu

rily

Total No. of Nodes

PACKETS TRANSMITTED SECURILY

ORZEF

FACES

ZRP

0 1 2 3 4 5 6 7 8 9

20 30 40 50 60 70 80 No.

of

PACK

ETS

TRAN

SMIT

TED

SECU

RELY

Total No. of nodes

MALICIOUS NODES ISOLATED

ORZEF

FACES

International Conference on Pattern Recognition, Informatics and Medical Engineering (PRIME-2012)

224

Figure 4. Number of Energy Consumed versus Number of Nodes

IX. CONCLUSION The system offers a robust and secure scheme for mobile

ad hoc networks. The exchange of symmetric key between nodes makes the data to transmit in very secure fashion even in the place where malicious nodes are more than the trusted nodes. It makes the cryptanalysis practically impossible for malicious nodes. Challenges turn out to be well-organized mechanism to authenticate nodes because the malicious nodes cannot differentiate between a packet that is meant for a challenge and the one meant for normal data routing. This provides an inherent security to the network and the malicious nodes are easily uncovered. Since the algorithm does not rely on any scheme to spread information about misbehaving nodes, the chances of grudge wars taking place in the network are naught. Challenges and symmetric key exchange are periodic progression where data transmission by nodes is on demand. Before transmitting the data, source checks with the rules for selecting the path. Multipath routing is selected only when there is less minimum number of trusted nodes in every path. This on the other hand reduces overheads and hence reduces the chances of unsecured routing through malicious nodes. This dynamic change of protocol makes the proposed system efficient.

REFERENCES

[1] Daniele Raffo and Dr. Paul Mühlethaler “Security Schemes for the OLSR Protocol for Ad Hoc Networks” on September 15, 2005.

[2] S.K.Dhurandher and M.S Obaidat “FACES: Friend-Based Ad Hoc Routing Using Challenges to Establish Security in MANETs Systems” IEEE SYSTEMS JOURNAL, VOL. 5, NO. 2, JUNE 2011

[3] D. Johnson and D. Maltz, “Dynamic source routing in ad hoc wireless networks,” in Book Chapter inMobile Computing, T. Imielinski and H. Korth, Eds. Dordrecht, The Netherlands: Kluwer, 1996, pp. 131–181.

[4] L. Buttyan, L., J.-P. Hubaux, Stimulating Cooperation in Self- Organizing Mobile Ad Hoc Networks. Technical Report DSC/2001/046, EPFL-DI-ICA, August 2001.

[5] S. Buchegger, J.-Y. LeBoudec, Performance analysis of the CONFIDANT protocol: cooperation of nodes—fairness in dynamic ad-

hoc networks, in: Proceedings of IEEE/ACM Symposium on Mobile AdHoc Networking and Computing (MobiHOC), Lausanne, Switzerland, June 2002.

[6] P. Michiardi, R. Molva, CORE: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks, in:Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security, 2002, pp. 107–121.

[7] Y.-C. Hu, A. Perrig, Johnson D.B. Ariadne, A secure on-demand routing protocol for ad hoc networks, in: Proceedings of MOBICOM 2002, Atlanta, Georgia, USA

[8] J. Orlin Grabbe “The Data Encryption Standard Algorithm Illustrated” http://orlingrabbe.com/des.htm

[9] Philip J. Erdelsky “RSA Public-Key Cryptography” October 25, 2001 (revised August 22, 2002)

[10] M.T.Toussaint “Multipath Routing in Mobile Ad Hoc Networks” CACTUS/D2003.7 22-08-2003.

[11] N. Beijar “Zone Routing Protocol (ZRP)” Networking Laboratory, Helsinki University of Technology P.O. Box 3000, FIN-02015 HUT, Finland Email: Nicklas.Beijar@hut.fi

0 20 40 60 80

100 120

20 40 60 80

Perc

enta

ge o

f Net

wor

k En

ergy

use

d (%

)

Total No. of Nodes

ENERGY USED BY NETWORK

ORZEF

FACES

ZRP