Energy Based Authenticated Protocol

Published Date: 02 Nov 2017

An important characteristic of mobile adhoc wireless networks is the mobility in the network nodes. Due to this property, at the link layer, it is found that the link connectivity between the nodes in the network is not stable which increases the scope of packet loss and delay in the network. Then at the network layer, due to nodes mobility, the performance of a routing protocol degrades which decreases the throughput and packet delivery ratio. Hence networking issues such as neighbour discovery, network connectivity, scalability and routing becomes a difficult task in a MANET network.

To overcome this, an energy based AODV (E-AODV) is proposed in which an energy model is considered for designing the network and an individual energy is calculated for each node. The source and destination nodes are selected which are having peak energy levels than the other nodes and the forwarding nodes are selected based on the individual energy level with maximum energy level among the neighbouring nodes and minimum hop distance to the destination node. The packets which are to be transmitted are encrypted using a public key cryptosystem RSA-MD5 double signature algorithm which ensures an authenticated secure communication and it is described in the further sections.

3. Related Works

S.Umang, B.V.R.Reddy, M.N.Hoda [4] employs a method for determining conditions under which malicious node should be monitored. In this concept, initially a node receives a packet. Then it will check for duplicate packets and also status of sequence number in the routing table during rebroadcast RREQ (Route Request). If the sequence number is equal, then node is assumed as non malicious. Here impersonation of sequence number for a malicious node can be done and further message integrity of a packet transmission is not discussed.

Preeti Bathla, Bhawna Gupta[5] suggest that all nodes before entering a network, procure a onetime public and private key pair from the certificate authority along with the certificate authority’s public key. After this the nodes can negotiate session keys among each other. A source generates RREQ, attaches its certificate with a request for a session key from a destination node. On receipt of RREQ, the destination node verifies the certificate of source and on confirmation generates a session key. The destination finally sends RREP including encrypted session key to the source. Here the intermediate node selection is not discussed and a malicious node may also behave as an intermediate node which is not traceable.

Imran Raza, S.A.Hussain [6] proposes that every node acts as a guard node and calculates trust level of its neighbour nodes and trust level of the path is to be selected. The behaviour of guard node is dynamic and it increases or decreases trust level of neighbouring nodes depending upon their behaviour. Any node that is below the minimum level will be declared malicious and will not be included in any route selection process, until its trust level is raised. Guard nodes will check the packets forwarded by its neighbour node for packet integrity after sometime.

Ajay Mahimkar, R.K.Shyamsundar [7] implements S-MECRA (Secure and Energy Efficient Routing Protocol) which selects paths along nodes with a higher reputation number and higher residual battery capacities. Further this protocol ensures that nodes with lower residual energies are not selected on the communication paths and nodes with low reputation values are eventually eliminated from network operations. Here authentication of nodes in the network and message integrity is not discussed.

R.S, Mangrulkar, Dr.Mohammad Atique [8] implements a routing algorithm TBAODV (Trust based AODV) contains additional field in request packet which stores trust value indicating node trust on neighbour. Based on level of trust factor, the routing information will be transmitted depending upon highest trust value among all. Regarding malicious node, it can able to attack on the control packet and misbehave in the network. In this protocol, the malicious node may or may not be a trusted node. So for detecting malicious nodes, no specific mechanism has been followed.

Seung Yi, Prasad Naldurg, Robin Kravets [9] proposes that in SAR (Security Aware Adhoc Routing) protocol, the security metric is embedded into the RREQ packet itself. Intermediate nodes receive an RREQ packet with a particular security metric or trust level. If not the RREQ packet is dropped. The SAR incorporates trust levels into adhoc networks are to mirror existing organizational hierarchies and associate a value with each privilege level. These privilege values represent the security of mobile nodes.

Luo and Lu [10] present an authentication service whereby the public key certificate of each node is co-operatively generated by a set of neighbours based on the behaviour of the node as monitored by the neighbours.

Improving security in mobile adhoc networks has therefore become a hot topic in research in recent years and many solutions with various protocols have been proposed [11 – 18]

Proposed Methodology of E-AODV

E – AODV Phases

Initialization

Authentication

Result

Route Request

Route Reply

Data Transmission

Route Error

Simulation Study

Fig1 Proposed phases of E-AODV

AODV routing protocol uses an on demand approach for finding routes (i.e.) route is established only when it is required by a source node for transmitting data packets. It employs destination sequence numbers to identify the most recent path. The principal of the protocol E-AODV is that, the forwarding nodes used in transmission should be of maximum energy level which avoids packet loss and the packet which is transmitted through nodes in MANETS must be authenticated to guarantee the integrity and non-repudiation of the receiving packet.

RSA is a public key cryptosystem which is used for both encryption and authentication.RSA is combined with MD5 hashing algorithm to sign a message and transmit it from source to destination with authentication and nonrepudiation [19]. It must be infeasible for anyone to either find a message that hashes to a given value or to find two messages that hash to a same value. If either were feasible an intruder could attach a false message with the signature. The hash function MD5 has been designed specifically to have the property that finding a match is infeasible and is therefore considered suitable for use in our E-AODV protocol [20].

4.1 The Energy Model

The energy model has to be considered for designing the network. According to the radio model, various parameters affect the energy during transmission and reception. Consider that k-bit packet information is send over a distance d, the energy during transmission is

Et = Eelec ×k + εamp×k×d×d

The energy during reception is

Er = Eelec×k

where Eelec is the energy/bit consumed by the sender and receiver electronics. εamp =100pJ/bit/m2 for the transmit amplifier to achieve an acceptable Eb/No. For the mobile node, processing energy also should be considered. It is denoted as Ep. Ei is the initial energy.The total energy of the mobile node is given as

Ec = Ei - Et - Er - Ep

For an ordinary node, the energy of the initiator node or source is

Ec = Ei - Et - Er

4.2 Key management

There are two fundamental key management schemes in MANET: static and dynamic. In static key management schemes, key management functions (i.e., key generation and distribution) are handled statically. That is, the mobile nodes have a fixed number of keys loaded either prior to or shortly after network topology occurs. On the other hand, dynamic key management schemes perform keying functions (rekeying) either periodically or on demand as needed by the network. The mobile nodes dynamically exchange keys to communicate. Probably most significant advance in the history of cryptography uses two keys – a public key and a private key asymmetric since parties are not equal uses clever application of number theory concepts to function complements rather than replaces private key cryptography.Public-key/asymmetric cryptography involves the use of two keys:

a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures

a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures

Is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatures.

The application of public key cryptography can be classified into three categories,

Encryption/decryption which provides secrecy

Digital signatures which provide authentication

Key exchange of session keys which provides security.

4.3 Key Generation and Updating

Keys are generated by using Message Digest5 (MD5) algorithm by creating hexadecimal keys for each node of MAC address and IP address. During the packet transformation between mobile node to mobile node these hexadecimal MAC address and each node IP address also transformed with the key value in the encrypted form.

4.4 Messsage Encryption and Decryption:

Encryption is done always with public key. In order to encrypt with public key it need to be obtained. Public key must be authentic to avoid man-in-the middle attacks in protocols. Verifying the authenticity of the public key is difficult. When using certificates a trusted third party can be used. If certificates are not in use then some other means of verifying is used. The message to be encrypted is represented as number m,

0 < m < n - 1. If the message is longer it needs to be splitted into smaller blocks. The encryption is done by computing C = Me mod n, where the e and n are the public key, and m is the message block. The C is the encrypted message. The decyption is done by compute M = Cd mod n, where n is the modulus (from public key) and d is the private key. Digital signatures are always computed with private key. This makes them easily verifiable publicly with the public key.

4.5 Key Generation in proposed MD5 Algorithm

Four auxiliary functions that each take as input three 32-bit words and produce as output one 32-bit word.

F(X, Y, Z) = XY v not(X) Z

G(X, Y, Z) = XZ v Y not (Z)

H(X, Y, Z) = X xor Y xor Z

I(X, Y, Z) = Y xor (X v no t(Z))

In each bit position F acts as a conditional: if X then Y else Z. The function F could have been defined using + instead of v since XY and not(X)Z will never have 1's in the same bit position.). It is interesting to note that if the bits of X, Y, and Z are independent and unbiased, the each bit of F(X, Y, Z) will be independent and unbiased. The functions G, H, and I are similar to the function F, in that they act in "bitwise parallel" to produce their output from the bits of X, Y, and Z, in such a manner that if the corresponding bits of X, Y, and Z are independent and unbiased, then each bit of G(X, Y, Z), H(X, Y, Z), and I(X, Y, Z) will be independent and unbiased. Note that the function H is the bit-wise "xor" or "parity" function of its inputs. This step uses a 64-element table T [1 ... 64] constructed from the sine function.

Individual Energy Calculation

The individual Energy for each node can be calculated by using the following formula

IE = We, n (1 – (Energy / Energy Full), + n Ws (Mobility / Mobility max)

where,

N = node

Energy = residual energy

Mobility = current mobility

Energy Full=full energy

Mobility max= Max mobility level

Mobility level by two weights;

We, n = 1− (Energy/Energy Full)

Ws, u = (1 − We,u)

By using this adaption rule we can improve the life time of node in the network, given in fig 2. If a node has insufficient energy or moves frequently, a smaller that leads to a lower node degree, transmission radius, and power is desired.

4.8 Adaptive configuration Algorithm

If a node has insufficient energy or moves frequently then it is not able to transmit the packet to the destination. We define a new rule which will show the trust on node while transmission, but source and the destination have peak energy when comparing with other nodes in the network.

Fig 2: Routing Scheme with Energy Selection

Processing of E- AODV protocol

The E-AODV setup phase consists of

Initialization Phase

Authentication Phase

Result Phase

Nodes with maximum Energy and shortest hop distance to destination is selected for transmission

Next neighbor with authentication is selected

Nodes are initialized with unique IP & MAC address, Public & Private Key

Energy model is created in network and Individual Energy for each node is calculated

Initialization

Performance analysis study

Security

Data packet Encrypted using senders private key and receivers public key

Data packet Decrypted using receivers private key and senders public key

Hashed packet is recomputed to find original packet

Destination Node

Data transmission

Neighbour list is maintained in RIT and Route Request Packet is sent from Source node

Route Error

Data packet is hashed and hash value is calculated

Source Node

Y

N

Fig 3. Data Flow diagram of E-AODV

The notations used in the following phases are listed in Table 1.

Table 1 Notations used

S.No

Notations

Meaning

1

RIT

Routing Information Table

2

Sid

Source ID

3.

Did

Destination ID

4

Bid

Broadcast ID

5

Rid

Reply ID

6

Rreq

Route Request

7

Rrep

Route Reply

8

Rerr

Route Error

9

AP

Authentication Path

10

H(M)

Hashed Message

11

H(Sid(M))

Hashed Message calculated by Source ID

12

H(Did(M))

Hashed Message calculated by Destination ID

13

Sku

Source Public Key

14

Sign(Skr)

Source Private Key

15

Dku

Destination Public key

16

SignDkr

Destination Private Key

17

Eid

Error ID

18

Seq no

Sequence Number

5.1 Initialization Phase

Initially all the energy enhanced nodes are arranged in MANET topology such that the nodes are collision free in mobility as well as it enhances loop free routing.

An Energy model is considered for designing the E-AODV, an Energy based approach which is used in the network.

All the nodes are initialized in MANETS by each node having its own IP address, MAC address and sequence number.

Then each node in the network is updated by a pair of public key and private key using RSA public key cryptosystem by self generation.

The source and destination nodes are selected which have peak energy when compared with other nodes in the network.

Individual energy for each node is calculated.

After initialization is done with the node’s IP, MAC address and key updation, the nodes send signal to find the number of other nodes within range.

The synchronization between nodes takes place and the neigbour’s list for each node is maintained in the RIT.

Now each node has its own sequence number, IP address, MAC address, Public Key and Private Key as its unique ID. Further each node maintains its own neighbour’s list with individual energy value for communicating packets. So before data packet transmission starts between the nodes, the nodes are initialized with these parameters. (i.e.) Except private key all other IP, MAC addresses and Public key are known to all other nodes in the network initially.

5.2 Authentication Phase

AODV is a well known reactive protocol. Nodes in the network exchange routing information only when a communication must take place and keep this information up-to-date only as long as the communication lasts. Various process involved in this phase are described below.

5.2.1 Route Request Process

The source node floods the route request packet in the network when a route is not established between the source and the destination. According to our protocol E-AODV, the Rreq source node packet carries the

(Source ID (Source Seq no, IP address, MAC address, Public Key), Destination ID (Destination Seq no, IP address, MAC address, Public Key), Bid, AP ( ))

AP stands for Authentication Path which is initially empty when Rreq packet is broadcasted. Initially the source node broadcasts the Rreq packet to its neighbour’s list which is maintained in the RIT. Suppose if the same Rreq packet is received multiple times for the same node, which can be identified by its unique Sid , Did and Bid, the duplicate packets are discarded. The Bid is incremented each time for another Rreq packet. According to the AODV protocol the receiving neigbour nodes send back ready signals if it has the shortest route available to the destination. All the intermediate nodes having valid routes to the destination node or the destination node itself are allowed to send route reply packets to the source.

5.2.2 Route Reply Process

The Rrep packet can be send by an intermediate node as

(Source Seq.No, Destination Seq.No, Intermediate Node ID (Intermediate node Seq.No, IP Address, MAC Address, Public Key, Energy Value, Rid)

Here our secure protocol E-AODV is implemented such that within the ready signal neighbour nodes, the authenticated nodes must be selected. This is the challenging problem faced today in the security issues of MANETS. Of these neighbour nodes which send ready signal, the nodes which have maximum energy and shortest hop distance to the destination is considered and further the selected nodes with maximum energy which possess the unique parameters such as IP,MAC and public key are considered as an authentic node and are added in the Authentication Path. This authentic node selection process continues until it reaches the destination. Each time when we find an authentic node, it will be updated in the AP which is found in the Rreq packet and is maintained by the source node. Now we have found a security enabled authenticated path till the destination. Now the data transmission starts with the RSA-MD5 double signature algorithm which hashes the data packet to be sent.

5.2.3. Data Transmission Process

A hash function is nothing but a public function which maps a message of any length into a fixed length hash value, which serves as an authenticator. Now the data packet which is to be sent is hashed and the packet becomes a hashed message H (m) [21].Now the source node calculates the hash value of the message and is stored as H (Sid (M)) [22].

H (M) ====> H (Sid (M))

Then the hashed packet is digitally signed using the sender’s (source) private key first which provides authentication and data origin confidentiality from the source [23].

H (M) ====> E (SignSkr H (M))

(SignSkr H (M)) ====> α

Then again the source signed hashed message is encrypted using the receiver’s (destination) public key as a second signature [23] [24]

(SignSkr H (M)) ====> E (Dku (SignSkr H (M)))

(Dku (SignSkr H (M))) ====> β

Then these double signed data packet β is transmitted from the source to the destination as per the order maintained in the AP which is stored in the route request packet. When the data transmission completes till the destination, then all the AP data will be erased. Suppose if another data packet transmission has to be sent from the same source and destination nodes then a new route request has to be initiated from the source and a new AP will be selected from the source to destination for security purposes.

Suppose if a link breakage occurs between the intermediate authenticated nodes (or) any packet drop occurs in the intermediate nodes at the time of transmitting packets due to energy loss then a route error message will be invoked from that node and the node will be immediately removed from the AP as well as in the RIT as an authenticated node. Here it is assumed that a packet drop occur when a node becomes a malicious or a selfish node. So for avoiding such misbehaving nodes it is removed from the AP and RIT at the time of transmission.

5.2.4 Route Error Process

The Route error message can be given as

Rerr (Errored Intermediate Node ID (Seq.No, IP Address, MAC Address, Public Key, Eid)

Then the next nearest neighbour with authentication is selected from the RIT and updated in the AP. Finally the data packet reaches the destination through the authenticated nodes successfully and a secure data communication is possible through the E-AODV protocol.

5.2.5 Result Phase

After the destination node is reached, the receiver has to decrypt the double signed data packet.

(Dku (SignSkr H (M))) ====> β

D (SignDkr (β) ====> (SignSkr H (M))

(SignSkr H (M)) ====> α

D (Sku (α)) ====> H (M)

H (M) ====> H (Did (M))

First the receiver (destination node) decrypts using the receiver’s private key to ensure data integrity of the message. Since it is doubly signed, the hashed data packet is again decrypted using the sender’s public key to ensure confidentiality of the data packet. Thus this double signature ensures confidentiality, authentication and non-repudiation of source and destination [25]. At last the hashed data packet is recomputed to find the original data packet and data integrity is ensured.

H (Did (M)) ====> H (Sid (M)).

6. Simulation Set up

For simulation of proposed protocol, NS-2 simulator tool has been used. Both AODV and E-AODV protocols in network simulator 2.34 version have been simulated and the performance results are compared between the protocols. Here we select 50 nodes which are arranged in a MANET topology of network area 2000x2000 meters. Using the nam simulator trace files the various parameters such as throughput, packet delivery ratio, delay, node density and security performance are analyzed. The various parameters used are listed in Table 2.

Table 2: Parameters Used

Parameters

Assumptions

Simulator Tool

NS-2 (version 2.34)

No. of nodes

50

Minimum delay required

2 CBR units

Maximum delay required

7 CBR units

Minimum bandwidth required

4 CBR units

Network Area

2000x2000 meters

Transmission range

250 meters

MAC layer protocol

IEEE 802.11

Protocol

AODV,E-AODV

No. of packets

1000

Fig 4. Comparision of Density

Here the performance of packet delivery ratio is measured, as the node density increases. The AODV packet delivery ratio reaches a maximum threshold at node density 20 and then decreases when the number of nodes increases since the packet drop is more in normal AODV which is shown in figure4. But E-AODV attains a high packet delivery ratio even though the node increases because the selected nodes for transmission are of maximum energy and of its security enhancement during transmission which avoids packet loss.

Fig 5. Comparision of Delay

The delay is experienced by the packet from the time it was sent by a source till the time it reaches the destination. This includes all possible delays including buffering during route discovery, authentication enhancement and propagation, transfer time. In Figure 5, the two protocols used are compared at various pause time intervals. E-AODV has slightly lower delay due to strong authentication and reliability and selecting energized nodes for transmission.

Fig 6. Comparision of Packet Delivery Ratio (PDR)

It is the ratio of the total number of packets received successfully and the total number of packets transmitted. Comparison of packet delivery ratio is shown in Figure 6. The AODV attains a maximum threshold PDR at pause time 4 and maintains a constant PDR. When compared to AODV, E-AODV performance PDR increases with time since it has both reliability and security enhanced and because of the energy model used in the network which ensures no packet loss occurs during transmission.

Fig 7. Comparision of Throughput

The average rate of successful message delivery over a communication channel is called the throughput which is mainly measured in bits (or) bytes per second. The comparison of throughput is shown in Figure 7.When compared to AODV, E-AODV gives a constant high throughput since it encrypts the packet which provides authentication and security. Further the nodes with maximum energy and minimum hop distance to the destination are selected for transmission which ensures high throughput value.

Fig 8. Comparision of Security with RSA

Fig 9. Comparsion of Security Level

Comparison of security level is shown in Figure 8 and Figure 9. Here the security level of protection of

E-AODV is high since it ensures confidentiality, end to end authentication, non repudiation, data integrity and protection from hackers.

Figure 10 .Comparision of Energy Consumption

The Energy consumption graphs are compared for the two protocols AODV and E-AODV.When AODV is used for transmission, it does not check for any energy value for the nodes used in transmission which makes packet loss and the energy also decreases. But in case of E-AODV,the nodes having maximun energy only is used for transmission which makes the Energy level maintain in the same level as shown in figure 10.

From the simulation results it is proved that the performance level of E-AODV is much better than normal AODV routing protocol.

6. Conclusion

Hence our proposed authenticated secure data communication protocol E-AODV (Energy based AODV) which secures data using RSA-MD5 double signature algorithm enhances the throughput and security. Our simulation results show that the performance level of throughput increases with that of AODV. E-AODV attains a high packet delivery ratio even though the node increases because of its Energy model used and security enhancement. Further increase in packet delivery ratio with time concludes that our proposed E-AODV not only provides authenticated path in packet transmission in MANETS but also assures confidentiality, end to end authentication, end to end non-repudiation and data integrity during packet transmission in paths.