Design and Implementation of the Extended Routing Information Protocol for Mobile Ad-Hoc Networks in Linux

Table of Contents

Acknowledgements

Abstract

List of Tables

List of Figures

Abbreviations

Chapter 1: Introduction
1.2 Motivation
1.3 Organisation

Chapter 2: Routing and Security in MANETs
2.1 Introduction to MANETs
2.2 Routing Approaches in Mobile Ad-hoc Network
2.3 Characteristics of MANETs
2.4 Advantages and Disadvantages of MANETs
2.5 Applications of MANETs
2.6 MANET Vulnerabilities
2.7 Babel:
2.7.1 Babel on Wireless Networks:
2.7.2 Babel has the following Features:
2.8 Security Goals for MANETs
2.9 Types of Routing Security Attacks
2.10 Issues and Challenges in Security Provisioning
2.11 Security Approaches in MANETs
2.12 Security Architecture for MANETs
2.13 Conclusion

Chapter 3: Literature Survey
3.1 Literature Review
3.2 Summary of Literature review

Chapter 4: Problem Statement
4.1 Aim
4.2 Project Objectives
4.3 Methodology

Chapter 5: Design and Implementation of ERIP
5.1 System Requirements
5.1.1 Computing Resources
5.1.2 Software Requirements
5.2 Functional Requirements
5.3 Non-Functional Requirements
5.4 Design of ERIP
5.4.1 State Diagram
5.5 Flowcharts for ERIP Routing Protocol
5.6 Netfilter Hooks
5.7 Netfilter Architecture:
5.8 Design Decisions for the Implementation of ERIP
5.9 Table Entries of ERIP’s Routing Table
5.10 Implementation of the ERIP Initialization Function
5.10.1 Receiver
5.10.2 Sender
5.10.3 RREQ, RREP and RERR
5.10.4 Time interval
5.10.5 Neighbour node:
5.11 Conclusion

Chapter 6: Testing and Validation
6.1 Testing the Developed Protocol
6.2 Unit Testing
6.3 System Testing
6.4 Testing the Developed Protocol
6.5 Configuration of the ERIP Protocol in Linux
6.5.1 Routing Protocol Installation and Running
6.5.2 Installation of VLC Player
6.5.3 Setting up VLC Video Streaming
6.5.4 Setup for VLC Video Streaming in Receiver Side
6.5.5 Demonstration and Routing Table Dump
6.5.6 Checking the Neighbour Node in the Routing Table

Chapter 7: Results and Discussion
7.1 Functional Test Results
7.2 Testing of ERIP in Live Scenarios:
7.3 Conclusion

Chapter 8: Conclusion
8.1 Summary
8.2 Conclusions
8.3 Recommendations for Future Work

References

List of Tables

Table 1 Security Attacks on Each Layer in MANET

Table 2 Security Issues in the Protocol Stack

Table 3 Security Architecture for MANETs

Table 4 Test Case Table for Single Node Scenario

Table 5 Test Case Table for Multiple Node Scenario

Table 6 Test Case Table for Encryption

Table 7 Test Case Table for Decryption

Table 8 Test Case Table for Sending Data to Destination Node

Table 9 Test Case Table for Routing Table Operation

Table 10 Test Case Table for Incremental Dump Operation

Table 11 Test Case Table for Beaconless Transmission

Table 12 Test Case Table for Best Path Selection

List of Figures

Figure 2.1 Overview of Mobile Ad-hoc Network

Figure 2.2 Classification of the Ad-hoc Routing Protocol

Figure 2.3 Security Approaches in MANETs

Figure 5.1 State Diagram of the Routing Protocol

Figure 5.2 General Flow Chart for the Routing Protocol

Figure 5.3 Populating the Routing Table at the Start up with Security

Figure 5.4 Updating the Routing Table

Figure 5.5 Transmitting the Data

Figure 5.6 Netfilter Hooks

Figure 5.7 Netfilter Architecture

Figure 6.1 Sender Side Streaming

Figure 6.2 Receiver Side Video Streaming

Figure 6.3 Receiver Side Video Streaming With Packet Transmission

Figure 7.1 Audio or Video Direct Streaming

Figure 7.2 Audio or Video Streming With Intermediate Node

Figure 7.3 Ip_route Results for Audio or Video Streaming

Figure 7.4 Ip_route Results for Audio or Video Streaming With Intermediate Node

Figure 7.5 Ip_route Results for Neighbour Node

Figure 7.6 Ip_route Results for Audio or Video Streaming Multiple Intermediate Nodes

Abbreviations

illustration not visible in this excerpt

Declaration

Design and Implementation of the Extended Routing Information Protocol for Mobile Ad-hoc Networks in Linux ’

The Project Dissertation is submitted in partial fulfilment of academic requirements for

M. Sc. [Engg.] Degree of Coventry University in Computer Science and Networking. This dissertation is a result of my own investigation. All sections of the text and results, which has been obtained from other sources, are fully referenced. I understand that cheating and plagiarism constitute a breach of University regulations and will be dealt with accordingly.

Signature:

Name of the Student: Ravikumar P. V.

Date: 24 March 2012

Design and Implementation of the Efficient Routing Information Protocol for Mobile Ad-hoc Networks in Linux

M. S. Ramaiah School of Advanced Studies - Postgraduate Engineering and Management Programme (PEMP)

Acknowledgements

This thesis would not have been possible without the support of many people. Firstly, I am heartily thankful to my project supervisors Mr. Narasimha Murthy K. R., Asst. Professor, Computer Engineering, and Jishmi J. Choondal, Asst. Professor, Computer Engineering, whose encouragement, guidance and support from the initial to the final step enabled me to develop a throughout understanding of the subject.

I would also like to thank Prof. N. D. Gangadhar, Head of the Computer Engineering Department for his continued support and timely help on the project formalities.

I would like to express my sincere gratitude to Dr. Govind R. Kadambi, Dean, MSRSAS, for providing valuable suggestions and encouragement to execute the project successfully.

I would like to extend my sincere thanks to the management of M. S. Ramaiah School of Advanced Studies for the help and support provided during the project. I am extremely grateful to Dr. S. R. Shankapal, Director, MSRSAS, whose emphasis for excellence and quality kept me focused on my project work and helped to complete it.

I wish to thank my parents Mr. Subbarao M. and Mrs. Aruna M. for their tremendous contributions and support both morally and financially towards the completion of this project. I am extremely grateful to them for their constant support throughout my academic work.

Design and Implementation of the Efficient Routing Information Protocol for Mobile Ad-hoc Networks in Linux

M. S. Ramaiah School of Advanced Studies - Postgraduate Engineering and Management Programme (PEMP)

Abstract

A Mobile Ad-hoc Network (MANET) is a network that can be established with no fixed infrastructure. This means that all its nodes behave as routers and take part in its discovery and maintenance of routes to other nodes in the network. Its routing protocol has to be able to cope with the new challenges that a MANET creates such as node mobility, security maintenance, quality of service, limited bandwidth and limited power supply. These challenges set new demands on MANET routing protocols, like low overhead operation, routing security and best path selection.

This Thesis deals with the design and implementation of the Extended Routing Information Protocol (ERIP) for mobile ad-hoc networks in Linux. ERIP is a proactive protocol, characterized by low overhead operation, best path selection based on hop count, loop free working and routing security. Raw sockets are used for exchange of routing information, whereas data exchange happens via TCP or UDP sockets as required by the application. Low overhead operation of ERIP is guaranteed by using the incremental dump strategy. Incremental dumping of the routing table is realized by scheduling only partial updates, instead of full. The routing table is encrypted before broadcast using a simple shared key algorithm to provide routing security.

The routing functionality of the implemented protocol is tested by first running ERIP on two laptops and using VLC media player to stream multimedia data between the laptops. The two laptops were then moved out of range of each other and intermediate nodes (laptops) were brought in that were running the same routing protocol. The data was communicated over multiple hops in near real time. The best path selection property was proved by setting up a network of ERIP nodes that had multiple paths between source and destination with different hop counts. The implemented protocol consistently routed data through the path that had the least hop count. Porting the developed protocol to the Linux kernel would allow it be part of the standard Linux distribution. Also, more complex cryptography algorithms can be implemented to provide data and routing security.

Design and Implementation of the Efficient Routing Information Protocol for Mobile Ad-hoc Networks in Linux

Chapter 1: Introduction

A Mobile ad-hoc Network (MANET) consists of a set of mobile hosts that carry out basic networking functions like- packet forwarding, routing, and service discovery without the help of an established infrastructure. Nodes of an ad hoc network relay on one another in forwarding a packet to its destination, due to the limited range of each node’s wireless transmissions. A MANET is an interconnected system of wireless nodes that communicate over bandwidth constrained wireless links. Each wireless node can function as a sender, a receiver or a router. When the node is a sender, it can send messages to any specified destination node through some route. As a receiver, it can receive messages from other nodes. When the node functions as a router, it can relay the packet to the destination or next router in the route. When necessary, each node can buffer packets awaiting transmission.

MANET has several advantages over traditional wireless networks including ease of deployment, speed of deployment, and decreased dependence on a fixed infrastructure, thus giving rise to an emerging wireless networking technology for future mobile communications.

ERIP (Gokulkrishna, et al. 2011) is a proactive routing protocol. This protocol is characterised by beaconless transmission, loop free operation, encrypted routing information and low overhead control. The protocol is secured by encrypting the routing information before forwarding it to the other nodes.

1.2 Motivation

The motivation of this Thesis is to design and implement the Extended Routing Information Protocol (ERIP) for mobile ad-hoc networks on the Linux platform. This routing protocol is characterized to provide low overhead operation and both hop to hop and end to end security. This chapter also touches upon the need for MANETs to have specialized routing protocol and the critical requirement of secure routing.

1.3 Organisation of the Thesis

The rest of this Thesis is organized as follows: chapter-2 brings out the routing concept in MANETs and explains the classification of the routing algorithms available. It also touches upon the various security requirements of MANETs, especially during routing. In the next chapter, a literature review is conducted that highlights the current state-of-art in routing. Chapter-3 concludes with a summary of the literature review; point out the disadvantages of the reviewed routing protocols. Chapter-4 presents the statement of the problem along with the Aim, Objectives and Methodology followed in the work. Chapter-5 gives a detailed explanation about the actual design and implementation of the ERIP protocol. Chapter-6 Testing and validation of the protocol is done. The results of the protocol are presented and discussed in Chapter-7. Chapter-8 summaries and draws conclusions from the rest of the Thesis along with recommendations for future work.

Chapter 2: Routing and Security in MANETs

This chapter begins with an introduction of the concept of routing in MANETs. The major categories of routing protocols are examined and a comparison is carried out to identify their advantages and disadvantages. Secondly, this chapter also presents a background to security in MANETs, with specific focus on routing security.

2.1 Introduction to MANETs

Mobile ad-hoc network is a set of wireless devices called wireless nodes, which dynamically connect and transfer information. Wireless nodes can be personal computer with wireless LAN card, laptops, Personal Digital Assistant (PDA), or other types of wireless or mobile communication devices. Figure 2.1 illustrates a MANET. In general, wireless nodes can be any computing equipment that employs air as transmission medium.

illustration not visible in this excerpt

Figure 2.1 Overview of Mobile Ad-hoc Network

In MANET, a wireless node can be the source, the destination, or an intermediate node of data transmission. When a wireless node plays the role of intermediate node, it serves as a router that can receive and forward data packets to its neighbour closer to the destination node. Due to the nature of an ad-hoc network, wireless nodes tend to keep moving rather than stay still. Therefore the network topology changes from time to time.

Earliest MANETs were called “packet radio” networks, sponsored by DARPA (1970). This packet radio predated the internet and was part of the original IP suite. Later DARPA experiments included the Survivable Radio Network (SURAN) project (1980s). Current MANETs are designed primarily for military utility (Joint Tactical Radio System) and NTDR (Near-Term Digital Radio). An ad hoc network is a collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration. In such an environment, it may be necessary for one mobile host to enlist the aid of other hosts in forwarding a packet to its destination, due to the limited range of each mobile host’s wireless transmissions. Mobile ad hoc networks (MANET) do not rely on any fixed infrastructure but communicate in a self-organized way.

2.2 Routing Approaches in Mobile Ad-hoc Network

The advent of Defence Advanced Research Projects Agency (DARPA) packet radio networks in the early 1970s; numerous routing protocols have been developed for ad hoc mobile networks. As shown in Figure 2.2, these are generally categorized as tabledriven or proactive, on-demand or reactive and hybrid routing protocols.

illustration not visible in this excerpt

Figure 2.2 Classification of the Ad-hoc Routing Protocols

Table-driven or Proactive Protocols: Proactive routing protocols attempt to maintain consistent, up-to-date routing information between every pair of nodes in the network by propagating, proactively, route updates at fixed intervals. As the resulting information is usually maintained in tables, the protocols are sometimes referred to as table-driven protocols. Representative proactive protocols include: Destination-Sequenced DistanceVector (DSDV) routing, Clustered Gateway Switch Routing (CGSR), Wireless Routing Protocol (WRP), and Optimized Link State Routing (OLSR).

On-demand or Reactive Protocols: A different approach from table-driven routing is reactive or on-demand routing. These protocols depart from the legacy Internet approach. Reactive protocols, unlike table-driven ones, establish a route to a destination when there is a demand for it, usually initiated by the source node through discovery process within the network. Once a route has been established, it is maintained by the node until either the destination becomes inaccessible or until the route is no longer used or has expired. Representative reactive routing protocols include: Dynamic Source Routing (DSR), Ad hoc On Demand Distance Vector (AODV) routing, Temporally Ordered Routing Algorithm (TORA) and Associativity Based Routing (ABR).

Hybrid Routing Protocols: Purely proactive or purely reactive protocols perform well in a limited region of network setting. However, the diverse applications of ad hoc networks across a wide range of operational conditions and network configuration pose a challenge for a single protocol to operate efficiently. For example, reactive routing protocols are well suited for networks where the call-to-mobility ratio is relatively low. Proactive routing protocols, on the other hand, are well suited for networks where this ratio is relatively high. The performance of either class of protocols degrades when the protocols are applied to regions of ad hoc networks space between the two extremes.

2.3 Characteristics of MANETs

MANETs are new paradigm of networks, offering unrestricted mobility without any underlying infrastructure. Basically, ad hoc network is a collection of nodes communicating with each other by forming a multi-hop network. Following are the characteristics of a MANET:

Dynamic Topologies: Nodes are free to move arbitrarily. The network topology may change randomly and have no restriction on their distance from other nodes. As a result of this random movement, the whole topology is changing in an unpredictable manner, which in turn gives rise to both directional as well as unidirectional links between the nodes.

Energy Constrained Operation: Almost all the nodes in an ad hoc network rely on batteries or other exhaustive means for their energy. The battery depletes due to extra work performed by the node in order to survive the network. Therefore, energy conservation is an important design optimization criterion. Bandwidth Constraint: Wireless links have significantly lower capacity than infrastructures networks. Throughput of wireless communication is much less because of the effect of the multiple access, fading, noise, interference conditions. As a result of this, congestion becomes a bottleneck in bandwidth utilization Limited Physical Security: MANETs are generally more prone to physical security threats than wireless networks because the ad hoc network is a distributed system and all the security threats relevant to such a system are pretty much present, as a result, there is an increased possibility of eavesdropping, spoofing, masquerading, and denial-of- service type attacks.

2.4 Advantages and Disadvantages of MANETs

Advantages: The following are the advantages of MANETs:

- They provide access to information and services regardless of geographic position.
- These networks can be set-up at any time and place
- These networks work without any pre-existing infrastructure.

Disadvantages: Some of the disadvantages of MANETs are:

- Limited physical security. Limited resources.
- Intrinsic mutual trust vulnerable to attacks. Lack of authorization facilities.
- Volatile network topology makes it hard to detect malicious nodes.

Security protocols for wired networks cannot work for ad-hoc networks.

2.5 Applications of MANETs

. Ad-hoc networking can be applied anywhere where there is little or no communication infrastructure or the existing infrastructure is expensive or inconvenient to use. Ad-hoc networking allows the devices to maintain connections to the network as well as easily adding and removing devices to and from the network. The set of applications for MANETs is diverse, ranging from large-scale, mobile, highly dynamic networks, to small, static networks that are constrained by power sources. Besides the legacy applications that move from traditional infrastructure environment into the ad hoc context, a great deal of new services can and will be generated for the new environment. It inc ludes:

- Military Battlefield
- Sensor Networks
- Commercial Sector
- Medical Service
- Personal Area Network

2.6 MANET Vulnerabilities

MANET is more vulnerable than a wired network because of the following reasons:

Lack of centralized management: MANET doesn’t have a centralized monitor server. The absence of management makes the detection of attacks difficult because it is not easy to monitor the traffic in a highly dynamic and large scale ad- hoc networks.

Resource availability: It is a major issue in MANET. Providing secure communication in such changing environment as well as protection against specific threats and attacks, leads to development of various security schemes and architectures.

Scalability: due to mobility of nodes, scale of ad-hoc network changing all the time. So scalability is a major issue concerning security. Security mechanism should be capable of handling a large network as well as small ones. Cooperativeness: Routing algorithm for MANETs usually assumes that nodes are cooperative and non-malicious.

Dynamic topology: The dynamic topology and changeable nodes may disturb the trust relationship among nodes. The trust may also be disturbed if some nodes are detected as compromised.

Limited power supply: the nodes in MANET need to consider restricted power supply, which will cause several problems.

2.7 Babel:

Babel is a routing protocol framework designed to be robust and efficient on both wired and wireless mesh networks, in this project the Babel framework is used to implement the MANET routing protocol.

2.7.1 Babel on Wireless Networks:

Babel was originally designed for wireless ad-hoc networks. Because Babel is extremely robust in the presence of mobility, only under very exceptional situations circumstances will Babel cause a transient routing loop. The babelz protocol variant is also able to take radio frequency into account to avoid interference. Babel enjoys fast convergence. Since Babel uses triggered updates and explicit requests for routing information, it usually converges almost immediately after the link quality measure has completed. in the presence of heavy packet loss, converging on an optimal set of routes may take up to a minute.

2.7.2 Babel has the following Features:

- It is a distance-vector protocol;
- is a proactive protocol, but with adaptive (reactive) features;
- It allows multiple link cost and route metric computation strategies (by default, it senses link quality using a variant of the ETX algorithm);
- It uses a feasibility condition that guarantees the absence of loops (the feasibility condition is taken from EIGRP and is somewhat less strict than the one in AODV)
- It uses sequence numbers to make old routes feasible again (like DSDV and AODV, but unlike EIGRP);
- Upon starvation, it reactively requests a new sequence number (like AODV, and to a certain extent EIGRP, but unlike DSDV);
- It allows redistributed external routes to be injected into the routing domain at multiple points (like EIGRP, but unlike DSDV and AODV).

2.8 Security Goals for MANETs

Some of the security goals are as follows:

1. Availability: guarantees the survivability of network services despite of service attacks. A Denial-of-Service (DoS) is a potential threat at any layer of an ad hoc network. On the media access control layer an adversary could jam the physical communication channels. On the network layer disruption of the routing operation may result in a partition of the network, rendering certain nodes inaccessible. On higher levels an attacker could bring down high-level services like key management service.
2. Confidentiality: ensures that certain information be never disclosed to unauthorized entities. It is of paramount importance to strategic or tactical military communications. Routing information must also remain confidential in some cases, because the information might be valuable for enemies to locate their targets in battlefield.
3. Integrity: ensures that a message that is on the way to destination is never corrupted. A message could be corrupted because of channel noise or because of malicious attacks on the network.
4. Authentication: it is important for a node to be sure that the node it gives authority is not an attacker or a compromised node.
5. Nonrepudiation: ensures that the originator of a message cannot deny that it is the real originator. Non-repudiation is important for detection and isolation of compromised nodes.
6. Anonymity: means all information that can be used to identify owner of node should default be kept private and not be distributed by node itself or the system software.

Security in MANET routing is best implemented as a combination of two approaches: The proactive approach attempts to prevent an attack being launched, and the reactive approach tries to detect an attack and react accordingly. Considering an example, the proactive approach can be used to ensure the correctness of routing states and the reactive approach can be implemented to protect packet forwarding operations. It becomes clear that security is most effective when prevention, detection and reaction to a security attack are implemented in the protocol.

2.9 Types of Routing Security Attacks

In MANETs, the wireless channel is accessible to all the nodes, both legitimate network users and malicious attackers. Moreover, every node is capable of functioning as a router. This is in direct contrast to wired networks that have dedicated routers. From a security perspective, we can say that there is no clear line of defence. There is no well- defined place where traffic monitoring or access control mechanisms can be deployed. Because of these reasons, MANETs are particularly vulnerable to security attacks by malicious nodes.

From a theoretical standpoint, security attacks can be classified as “active attacks” and “passive attacks”. These are explained below:

Passive Attacks: In such an attack, the enemy node does not disturb the connection in any way. It just eavesdrops on the network and collects data flowing through it. This means that the data is not confidential. This type of attack is usually difficult to detect, as the performance of the network does not change. In general, encryption is used to mitigate such attacks.

Active Attacks: In this form of attack, the intruding node actively interferes in the operation of the network. This might include actions such as dropping of packets, flooding the network with route requests and re - routing the packets. Active attacks are referred to as ‘internal attacks’ or ‘external attacks’ based on whether the intruding node belongs to the same network or a foreign network. Multihop connectivity is provided in MANETs by first ensuring one hop connectivity through link layer protocols (eg: MAC) and then by extending connectivity to multiple hops through network layer routing and data forwarding protocols (eg: ad hoc routing protocols). The logic of routing is essentially implemented in the network layer. Some of the active attacks at the network layer are:

Black Hole Attack: Here, an enemy node advertises that it has the shortest path to any required destination. This causes all other nodes to direct their data packets to this node. Then the malicious node can either drop all the packets or routes the packets outside the network.

Wormhole Attack: This is a routing attack caused by an enemy node in a network that redirects the packets that it receives outside the network to another enemy node. After the second node finished snooping on the packet, it is re - routed into the network.

Denial of Service: In this case, an enemy node might flood the network with unnecessary route request problems. This leads to congestion in the network, leading to inaccessible resources for other nodes.

Routing Table Overflow: The attacker creates routes to non-existent nodes. This is done with a view to overload and crash the routing protocol. Spoofing: A malicious node might advertise itself as belonging to the network. This creates irregular entries in the routing table and also violates confidentiality of data.

Mobile ad hoc network (MANET) is one of the recent active fields and has received marvellous attention because of their self-configuration and self-maintenance capabilities. While early research effort assumed a friendly and cooperative environment and focused on problems such as wireless channel access and multihop routing, security has become a primary concern in order to provide protected communication between nodes in a potentially hostile environment. Recent wireless research indicates that the wireless MANET presents a larger security problem than conventional wired and wireless networks.

Although mobile ad hoc networks have several advantages over the traditional wired networks, on the other sides they have a unique set of challenges. Firstly, MANETs face challenges in secure communication. For example the resource constraints on nodes in ad hoc networks limit the cryptographic measures that are used for secure messages. Thus it is influence to link attacks ranging from passive eavesdropping to active impersonation, message replay and message distortion. Secondly, mobile nodes without adequate protection are easy to compromise. An attacker can listen, modify and attempt to masquerade all the traffic on the wireless communication channel as one of the legitimate node in the network. Thirdly, static configuration may not be adequate for the dynamically changing topology in terms of security solution. Various attacks like DoS (Denial of Service) can easily be launched and flood the network with spurious routing messages through a malicious node that gives incorrect updating information by pretending to be a legitimate change of routing information. Finally, lack of cooperation and constrained capability is common in wireless MANET which makes anomalies hard to distinguish from normalcy.

In general, the wireless MANET is particularly vulnerable due to its fundamental characteristics of open medium, dynamic topology, and absence of central authorities, distribution cooperation and constrained capability.

The ultimate aim of the routing protocol is that it should be able to provide users with all these features at all times. To be able to do this, the entire protocol stack should be encompassed by the security algorithm. The security attacks in each layer are described in Table 1.

Table 1 Security Attacks on Each Layer in MANET

illustration not visible in this excerpt

2.10 Issues and Challenges in Security Provisioning

Designing a fool proof security protocol for ad hoc routing is a very challenging task due its unique characteristics such as, shared radio channel, insecure operational environment, lack of central authority and association rules among nodes and limited availability of resources. A brief discussion on how each of the above mentioned characteristics causes difficulty in providing security in ad hoc wireless network is given below.

Shared radio channel: Unlike the wired networks where a separate dedicated transmission line can be provided between a pair of end users, the radio channel used for communication in ad hoc networks is broadcast in nature and shared by all nodes in the network. Data transmitted by a node is received by all the nodes within its direct transmission range. So a malicious node can easily obtain data being transmitted in the network.

Insecure operational environment: The operational environment in which MANETs are generally used may not be always securing, for example, a battle field. In such environment, nodes may move in and out of hostile and insecure enemy territory, where they would be highly vulnerable to security attacks. Lack of central authority: In wired networks or infrastructure based wireless networks it would be possible to monitor the network traffic through routers or base stations and implement security mechanisms at those points. Since MANETs don’t have any such central points, these mechanisms can’t be applicable to them. Lack of association rules: In MANET, since nodes can leave or join the network at any point of time, if no proper authentication mechanism is used for associating nodes with the network intruders can easily join the network and carry out attacks. Limited availability of resources: Resources such as bandwidth, battery power and computational power are scare in ad hoc networks. Hence, it is difficult to implement complex cryptography-based security mechanisms in such networks.

The ultimate aim of the routing protocol is that it should be able to provide users with all these features at all times. To be able to do this, the entire protocol stack should be encompassed by the security algorithm. The security issues in each layer are described in Table 2.

Table 2 Security Issues in the Protocol Stack

illustration not visible in this excerpt

2.11 Security Approaches in MANETs

Figure 2.3 shows the security approaches in MANETs

illustration not visible in this excerpt

Figure 2.3 Security Approaches in MANETs

Security involves two approaches:

A. Proactive:-This approach attempt to thwart security threats in the first place through various cryptographic techniques.

B. Reactive: First detect the threat react accordingly. Due to the absence of a clear line of defence, a complete security solution for MANET should involve both approaches. Prevention can be achieve by secure Ad-hoc routing protocols that prevent the attackers form installing incorrect routing states at other nodes.

Because the wireless channel is open, each node can perform localized detection by overhearing on going transmission and evaluating the behaviour of its neighbours but its accuracy is limited by a number of factors such as channel error, interference and mobility. A malicious node may also abuse the security solutions and intentionally censure legitimate nodes, In order to address such issues, the detection results at individual nodes can be integrated and refined in a distributed manner to achieve consensus among a group of nodes. An alternative approach relies on explicit acknowledgement from the destination and/or intermediate nodes to the source so that the source can figure out where the packet was dropped. Once a malicious node is detected certain actions are triggered to protect the network from future attacks launched by this node the reaction component is related to the prevention component in the security system. Once multiple nodes in a local neighbourhood have reached consensus that one of their neighbours is malicious, they collectively revoke the certificate of the malicious node. The malicious node is isolated in the network as it cannot participate in the routing or packet forwarding operations in the future. The path rather allows each node to maintain its own rating for every other node it knows about. A node slowly increases the rating of well-behaved nodes overtime, but dramatically decreases the rating of a malicious node that is detected by its watchdog. Based on rating source always selects the path with the highest average rating.

2.12 Security Architecture for MANETs

The below table shows the 5-Layer security architecture for MANETs

Table 3 Security Architecture for MANETs

illustration not visible in this excerpt

1. SL1: Trust Infrastructure Layer: It refers to the basic trust relationship between nodes; SL1 poses a great challenge to system security designers. The security association established in the trust infrastructure layer must server for the upper layer security mechanism.

2. SL2: Communications Security Layer: It refers to the security mechanisms applied in the transmitting data frames in a node-to-node manner.

3. SL3: Routing Security Layer: It refers to security mechanisms applied to routing protocols. In MANET, nodes exchange information about their knowledge of neighbourhood connectivity and construct a view of the network topology so that they can route the data packets to the correct destinations.

4. SL4: Network Security: It refers to security mechanisms used by the network protocols which perform sub-network access operations from end systems to end system.

5. SL5: End-to-End Security: It refers to end system security, such as SSL, SSH, and any application-specific security protocol. The security protocols in this layer is independent of the underlying networking technology so the related security mechanisms are restricted to only intended parties.

[...]