JOURNAL OF COMPUTING, VOLUME 4, ISSUE 3, MARCH 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.

ORG

35

MDSR: An Approach to Secure DSR Routing Protocol

Abu Sayed Chowdhury and Suraiya Akhter
Abstract A mobile ad hoc network (MANET) is a self-configuring infrastructure less network of mobile devices connected by wireless links. Each device in a MANET is free to move independently in any direction, and will therefore change its links to other devices frequently. Each must forward traffic unrelated to its own use, and therefore be a router. The primary challenge in building a MANET is equipping each device to continuously maintain the information required to properly route traffic. Such networks may operate by themselves or may be connected to the larger Internet. MANETs are a kind of wireless ad hoc networks that usually has a routable networking environment on top of a Link Layer ad hoc network. However, MANET properties present major vulnerabilities in security. Mobile ad hoc the open and dynamic operational environment of MANET makes it very vulnerable to attacks. One common type of attacks at MANET targets at the underlying routing protocols. Because every network node in a MANET can be a router for data transmission, malicious nodes have opportunities to modify or discard routing information or even to advertise fake routes in an attempt to attract user data to go through themselves. Some new routing protocols have been proposed to address the issue of securing routing information. However, there are still limitations in existing protocols. In this paper, we present an approach named Modified Dynamic Source Routing (MDSR) to secure particularly a MANET routing protocol- Dynamic Source Routing (DSR). Computer simulation was conducted and simulation results demonstrate that our proposed MDSR significantly outperforms the existing secure protocols such as SDSR and ARIADNE . Index Terms Dynamic Source Routing, Merkle Signature, Mobile Ad hoc Network, and Security Threats.

MANETistofindacorrectrouteefficiently.

1 INTRODUCTION
n MANET, all nodes of this network are mobile and can be connected dynamically in an arbitrary manner. All nodesofthisnetworkbehaveasroutersandtakepartin discovery and maintenance of routes to other nodes in the network is a set of wireless devices called wireless nodes, whichdynamicallyconnectandtransferinformation.Figure 1illustrateswhatMANETis.Ingeneral,wirelessnodescan be any computing equipment that employs air as transmissionmedium[14].

In MANET, wireless nodes keep moving rather than staying still, the network topology changes from time to time.Anodeplayingtheroleofaroutermaygetoutofthe route between source and destination then the route is disconnected, and route discovery process has to be restarted.Thus,themaingoalofroutingprotocolin

Figure1:OverviewofMobileAdhocNetwork. MANET has various potential applications. Some typical examples include emergency searchrescue operations, meeting events, conference, and battlefield communication between moving vehicles or soldiers. A key component of MANETisanefficientroutingprotocol,sinceallofthenodes in the network act as routers. Some of challenges faced include high mobility and constrained power resources. Many routing protocols have been proposed. Security implementation in MANETs instigates new kind of attacks particularly when the protocol adopted is not adaptable to thebehavior ofthenetworks.Asimplecaseisinappropriate selectionofdigitalsignatureschemeforsecuringthepackets. The existing security scheme of MANETs routing protocols

AbuSayedChowdhuryiswiththeDepartmentofComputerScienceand Engineering,DhakaUniversityofEngineeringandTechnology(DUET), Gazipur,Bangladesh. SuraiyaAkhteriswiththeDepartmentofComputerScienceandEngineering, WorldUniversityofBangladesh(WUB),Dhaka,Bangladesh..

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 3, MARCH 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

36

such as SDSR[6], SAODV [16], ARAN etc. which employ digital signatures are not robust enough and impractical. Becauseoftheuseofdoubledigitalsignatures,thesocalled secure protocols will get worst in terms of time and memory consumption. This paper proposes an approach called Modified DSR (MDSR) which uses MSS digital signatures and hash chain. We also compare MDSR with related existing protocols such as SDSR [6] andARIADNE [5].

2 Background
2.1 Dynamic Source Routing Protocol (DSR)
DSRconsistsoftwomechanisms:routediscoveryandroute maintenance[4].

* While a route is in use, the route maintenance procedure monitorstheoperationoftherouteandinformsthesenderof anyroutingerrors. * Route_Error_Packets are sent back to source if source is found in cache, else if not in cache buffer the Route_Error_Packets perform Route_Discovery for the source. * Update the source cache using Route_error_Packet. The nodes in the way to destination can use the info of the Route_Error_Packet. To reduce the cost of Route Discovery and Route Maintenance, each node updates route caches form the info thatithaslearnedoroverheared,whichitaggressivelyused tolimitthefrequencyandpropagationofrouterequests.

2.2 Security Threats on DSR

Attackers can disrupt the correct function of DSR by modifying or fabricating routing information, or impersonating other nodes to violate availability, integrity, confidentiality, or nonrepudiation. Common ways of attackingDSRareasfollows[6]. (a) Incorrect forwarding. Modify, fabricate or impersonate RREQ,RREP,ERR. (b)Replayattacks. (c)Salvagearoutethatisnotbroken. (d)DropERRmessagesinordertopreventothernodesfrom lookingforalternativeroutes. (e) A tunneling attack by colluding to attract traffic to interceptpacketsorgatherinformation. (f)Routecachepoisoning.Itisapassiveattackagainstroute integrity. (g)Usepromiscuousmodetolisteninontrafficdestinedfor anothernode. (h) Cause a denialofservice attack caused by overload by sendingroutecontrolmessages,orformingloops. (i)Degradetheprotocolperformancebysuchaslengthening path.

2.1.1 Route Discovery

Route discovery packets are initiated if a mobile wants to send packets to another mobile which is not in cache (routing table). Sender (S) first checks the route cache. If destination (D) is not found, it runs route discovery functionandinitiatesRoute_requestpackets(RRP): * RRPS are broadcasted. It has four fields: They are source address, destination address, request id specific to the mobile and a route record list (RRL) that holds the paths thatthepacketspassed. * When the route request packet taken by a mobile it first looks if the source and request id pairs are seen before, if yes it discards the packets. If his mobile number exists in the route record list (RRL) he also discards the packets. If destination is to him, he copies the route record list to the route reply packet reversibly then sendsit to the source. If none of the above conditions then rebroadcast the packets exceptfortheones,whichitwasreceived. *Anodereceivingtherequestmayknowhowtocomplete routeusinglocalroutecache. * Destination (D) node return reply packet to sender using therecordedpath.

2.1.2 Route Maintenance

DSRusestwotypesofpacketsforroutemaintenance:Route _Error(REP)andACKS.Ifthenexthopisnotintherange of a mobile then source receives an REP. Sender then eliminates the unavailable link form all of the route cache entries ( also other nodes in the way can use this information to update the route caches). S then initiates a new Route_Discovery. ACK packets are used to verify the correctoperationsoftheroutes. * Wired routing protocols integrate route discovery and route maintenance by continuously sending periodic routingupdates.

2.3 Merkle signature

CMSSandGMSSarevariantsofMSSandaremoreefficient than the MSS because they reduces the size of MSS private key, accelerate key pair generation, and speed up signature generation. CMSS is capable of signing 240 documents, meanwhile GMSS is 280 documents. The time taken is far better than both RSA and Elliptic Curve DSA (ECDSA). The detailed discussion on CMSS and GMSS can be found in [9][11]. This paper considers these digital signatures for securingDSRroutingprotocol.

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 3, MARCH 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

37

2.4 Hash chain

Referring to Lamport [9], a hash chain is a successive applicationofhashfunctionh(x),forexampleh(h(h(h(x)))), which is denoted as h4(x). Figure 2 shows one way hash chainthatconsistsof4hashfunctions.

Figure2:Onewayhashchain.

3 Problems existing in Secure Routing Protocols

SDSR[6], ARAN, SADSR and SAODV [16] uses double digital signature scheme which get worst in terms of time and memory consumption. They use Rivest, Shamir and Adleman (RSA) publickey cryptography. The quantum computers are likely to be common in a very near future. Vandersypenet al. in 2001 successfully implemented Shors algorithm on a 7qubit quantum computer. In 2004, Buchmannetal.statedthatthenext15to20yearsfromthat year,thequantumcomputerswouldbesufficientlylargeto implement Shors ideas for breaking the digital signatures such as RSA publickey cryptography or Elliptic Curve Cryptography Digital Signature Algorithm (ECCDSA). In addition, he also pointed out that some digital signatures such as Number Theory is Really Useful (NTRU), SFLASH2andandMerkleschemearestillunbreakableby thequantumcomputers.

4 Proposed Modified DSR (MDSR)

In this section core of the MDSR will be detailed out. The first part briefly discusses the basic assumptions. This is followedbythedescriptionoftheproposedalgorithm.

4.1 Basic Assumptions

Theproposedprotocolhaverequirementsandassumption asfollows: The destination node can authenticate packets from the originator (route creator) and each of receiving nodes can authenticatepacketsfromtheprevioushops. The hop count value is protected using hash chain. It cannot be reduced by a malicious node, but could be increasedbyoneorretainedunchanged. Nodesinthenetworkhavecapabilitiesforkeys(private and public keys) creation, signatures generation, and signaturesverification. Eachnodehasonlyonepairofkeys(privateandpublic keys).Thedigitalsignature algorithmis wellknown byall nodesinthenetwork.

4.2 Proposed Algorithm

Like SDSR, It is composed of route discovery stage and routemaintenancestage.Inthecourseofroutingdiscovery,

whenanewroutetodestinationDisneededatsourcenode S,itexecutesfollowingcode: sign_Gen=NonmutuableRREQ; hc_gen=0,maxhop=ttl=1,3,; orig_RREQ=concat(REQ,S,D,S.certificate,req_id)); /*REQisrequestindicator,req_idisrequest id*/ RREQsec = Concat( orig_RREQ, hc_gen, signature, n_addr, pk); /*n_addristheaddressofpacketcreatorormodifier*/ rrl=NULL; /*rrlisroutelistexclusiveofSandD*/ cache(S,D,req_id,rrl); /*Storeintocache*/ broadcast(RREQsec,RRL,S.pk); Wheneveranodexreceives,itjustifythetypeofthemessage. Thecodeis asfollows. RREQsec: hc_tester=hop_count+1,has_from+max_hop+top_hash; /*max_hopismaximumnumberhops(nodes)forroutediscovery, has_fromiscurrentvalueofsuccessivehashfunctionforn_addr, top_hashishighestvalueofsuccessivehashfunction*/ sign_verifier=S.pk+signature+Nonmutuablefieldbytes; if(hc_tester&&sign_verifier){ if(X!=D) { ifRREQsecisreceivedforfirsttime { rrl=concat(rrl,X); cache(S,D,req_id,rrl); removepkandsignatureformRREQsec; sign_Gen=NonmutuableRREQ; hc_gen=0,maxhop=ttl=hop_to_org; RREQsec = Concat( orig RREQ, hc_gen, signature, n_addr,X.pk); broadcast(RREQsec,rrl,X.pk); else { rrl=concat(S,D,req_id,rrl); generate RREPsec ( similar process with generating RREPsec); unicast(RREPsec);/*sendRREPsectosourcealongthe reversepathinrrl*/ } RREPsec: If(X==S)

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 3, MARCH 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

38

Cache(rrl);/*rrlisthepath,thepacketswillbesendalong*/ else if(ttl>0) unicast(RREPsec); RERR: List_unreach=find_rt_table(RERRsec) If(list_unreach!=null&&ttl>0) { sign_gen=list_unreach; RERRsec=concat(origRERR,signature,X.pk); Unicast(RERRsec); }

Figure4:NormalizedRoutingLoadvs.pausetimevaluesin benignenvironment the NRL metric is, in general, inversely proportional to the PDF metric (Figure 3) which is depicted in Figure 4. A low PDFvaluecorrespondstoahighNRLvalue.

5. simulation Results and Analysis

5.1 Simulation Setup
A scenario was setup for data collection. This scenario is run 10 times with 10 different values of the mobility pause time ranging from 0 to 100 seconds. The average value of these 10 simualtion runs are then calculated with considering the metrices: Packet delivery fraction, pause time, normalized routing load, number of malicious nodes and number of malicious nodes with route drop attack. The tools used for simulation is OMNET++ [15]. Figure5:PacketDeliveryFractionvs.numberofmalicious nodes. Figure5exhibitsthatthepercentageofpacketsdeliveredin MDSRexhibitsuperiorperformance(>70%ingeneral)under securitythreats.Theeffectofmaliciousnodesisnegligible.

5.2 Performance Evaluation

Figure3:PacketDeliveryFractionvs.pausetimevaluesin benignenvironment. AsshowninFigure3,thepercentageofpacketsdeliveredin DSR and MDSR is fairly close to each other, and both methodsexhibitsuperiorperformance(~80%ingeneral).

Figure6:NormalizedRoutingLoadvs.numberofmalicious nodeswithroutedropattack. Figure6showsthatMDSRhasalmostoneffectofmalicious nodeinnormalizedroutingload.

6 Conclusion
Secure ad hoc routing protocols are necessary for normal performanceofMANET.Secureroutingprotocolscanguard theMANETagainstvarioustypesofnetworkattacks.Sofar, there are many secure routing protocols that have been proposedsuchasSAODV,SEAD,ARIADNE,SecureAODV, ARAN and more. we believe that many more are being implementedinlaboratories. However, in time, there will also be more new types of network attacks. The attackers based on their deep understanding of current secure routing protocols will find

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 3, MARCH 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

39

ways to exploit the weakness of protocols. Furthermore, thereisnocompletesecureroutingprotocolthatcanprotect the network against all kinds of routing attacks. Thus, the battlebetweensecureroutingprotocolsandroutingattacks isanonstopbattle.Secureroutingprotocolscertainlyneed to be improved to be more secure. We have tried to make DSR more secure to protest security attacks. By evaluating theimplementationandcomparingtheperformanceofour proposed MDSR in malicious environments, we have disclosed the strongness of this protocol over other secure protocolssuchasSDSRandARIADNE.

13th European Wireless 2007 (EW2007). Paris: Ecole NationaleSuprieuredeTechniquesAvances,2007. [11] P. W. Shor, PolynomialTime Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer.,SIAMJ.Comput.,1997:1484~1509 [12]K.Sadasivam,andV.Changrani,T.A.Yang,Scenario based Performance Evaluation of Secure Routing in MANETs, in Proc. of Second International Workshop on Mobile Ad Hoc Networks and Interoperability Issues, June 2005 [13] P. Sankar, Implementation of DSR algorithm using VHDL in wireless adhoc network., in Proc. of 7th References InternationalConferenceonICSICT,2004,pp.13641367. [1] S. R. Afzal, S. K. Biswas, J. Koh, T. Raza, G. Lee, D. [14] T. A. Nguyen, Evaluations of secure MANET routing Kim.,RSRP:ARobustSecureRoutingProtocolforMobile protocols in malicious environments., MSc. Thesis, The AdHocNetworks.,InProc.ofWCNC2008.pp.23132318 universityofHoustonClearLake,2006. [2] J. Buchmann, L.C.C. Garca, E. Dahmen, M. Dring, [15]OMNET++UserManualVersion3.0,Availablefrom and E. Klintsevich, CMSS An Improved Merkle http;/www.omnetpp.org/doc/manual/usman.html. SignatureScheme,inProcofINDOCRYPT,2006,pp.349 [16] M. G. Zapata, Secure Ad hoc OnDemand Distance Vector (SAODV) Routing, INTERNETDRAFT draft 363. guerreromanetsaodv06.txt.,September2006. [3]J.Buchmann,E.Dahmen,E.Klintsevich,K.Okeya,and C.Vuillaume,MerkleSignatureswithVirtuallyUnlimited SignatureCapacity,inProc.ofACNS,2007,pp.3145. [4] T. Demir, Simulation of Ad Hoc Networks with DSR Abu Sayed Chowdhury is now a Protocol, in Proc. of the Sixteenth International student of M.Sc. Engineering Symposium on Computer and Information Sciences, programme in department of Antalya/Turkey,November,2001. Computer Science and Engineering, [5]Y.Hu,A.Perrig,andD.B.Johnson,Ariadne:ASecure BangladeshUniversityofEngineering OnDemand Routing Protocol for Ad Hoc Networks., and Technology (BUET), Dhaka, WirelessNetworks11(12):2138(2005) Bangladesh. Currently, he is working [6] T. Jiang, Q. Li, and Y. Ruan, Secure Dynamic Source as a lecturer in department of Routing Protocol., In Proc. of the Forth International Computer Science and Engineering, Dhaka University of Conference on Computer and Information Technology Engineering and Technology (DUET), Gazipur, Bangladesh. (CIT),2004. His research interests include Mobile Adhoc Networks and [7] D. B. Johnson and D. A. Maltz, Dynamic Source WirelessSensorNetwoks. Routing in Ad Hoc Wireless Networks., Mobile Computing,ThomaszImielinskiandHankKorth(Editors), SuraiyaAkhterisnowastudentofM.Sc. Vol. 353, Chapter 5, pp. 153181, Kluwer Academic Engineering programme in department Publishers,1996 of Computer Science and Engineering, [8] S. Khurana, N. Gupta, and N. Aneja, Reliable Adhoc Dhaka University of Engineering and OndemandDistanceVectorRoutingProtocol.,InProc.of Technology (DUET), Gazipur, ICN/ICONS/MCL,2006. Bangladesh.Currently,sheisworkingas [9] L. Lamport, Password authentication with insecure a lecturer in department of Computer communication. Communications of the ACM, SRI Science and Engineering, World University of Bangladesh International, Menlo Park, CA., Volume 24 Issue 11, Nov. (WUB), Dhaka, Bangladesh. Her research interests include 1981 MobileAdhocNetworksandWirelessSensorNetwoks. [10]R.G.Paoliello,andL.C.Alabern,Improvingreactive routingonwirelessmultirateadhocnetworks.InProc.of