INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 3 ISSUE 3 – MARCH 2015 – ISSN: 2349 – 9303
Using FRD Algorithm for Cluster Head Selection and Certificate Revocation of Adversary Nodes to Form a Secure Cluster in MANET V.Dhinesh1 1
Computer Science and Engineering SVS College of Engineering Coimbatore, India dhineshhicet@gmail.com
M.Sivakumar2(Asist.Prof) 2
Computer Science and Engineering SVS College of Engineering Coimbatore, India siva.recursion@gmail.com
Abstract—The major challenge in the wireless network service is to provide the guaranteed service. To overcome
this challenge we are going to use an important integral component called certificate revocation. In this paper, we concentrate on the issue of certificate revocation to separate attackers from further contributing in the network activities. By proposing the Enhanced Cluster based Certificate Revocation with Vindication Capability (CCRVC) scheme, we can quickly and accurately revoke the certificates of the malicious nodes. We can improve the reliability of the scheme by maintaining the Vote List (VL) by the Certificate Authority (CA). To enhance the accuracy, we propose the threshold based mechanism to assess and vindicate the warned node is the malicious node or not. By both numerical and simulation analysis, we evaluate the performance of our scheme. The demonstration result that the proposed certificate revocation scheme is efficient and effective to guarantee secure communications in MANET. Index terms—MANET, Certificate Authority (CA), Cluster Based Certificate Revocation with Vindication Capability (CCRVC), Fuzzy Relevance Degreeand Security. ————————————————————
1
INTRODUCTION
D
ue to the mobility features such as ease of deployment and dynamic topology, MANETs have received increased attention in recent years. A lot of increasing researches on the mobile distributed computing. A MANET is consisting of number of nodes with-out the infrastructure and those nodes are connected with wireless communication. MANET is self-organized wireless network, which consists of mobile nodes that can freely move in the network such as laptops, cell phones, Personal Digital Assistant(PDA), and the topology of the ad hoc network isdynamical changing.These mobile devices are cooperating with each other and forward the packets between those nodes to extend the limited wireless transmission range of each node by multi-hop relaying, which is used for various applicationssuch as military operation, disaster relief, emergency communications. One of the most crucial requirements for network service is security. The design of MANET is a major challenge is to protect their vulnerabilities from security attacks. Provisioning protected communications
IJTET©2015
between mobile nodes in an antagonistic environment, in which a malicious attacker can launching attacks to disturb network security, is a primary concern. Owing to the lack of infrastructure, mobile nodes in a MANET have to implement all features of network functionality themselves; they act as both end user and routers, transmit packets for other nodes. MANET is the most open network environment, here nodes can freely join and leave from the network. Forcomplete security solution, the MANET should encompass all the threecomponents: prevention, detection, revocation. Certification plays an important role in secure network communication. The mobile nodes in the MANETs have an additional functionality of forwarding to the other nodes in the network. There is router to do the packet forwarding operation in wired networks. The wireless network is available for both legitimate networks, and malicious attackers. Therefore, wireless on demand MANETs are more susceptible to the attacks, while comparing with wired. The certificate revocation scheme provides fundamental security solutions such as facilitating security, conveying real trust, ensuring integrity and so on to all. The terrific amounts of
91
INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 3 ISSUE 3 – MARCH 2015 – ISSN: 2349 – 9303 research are happening on the certificate revocation field, which includes the certificate distribution from a third party. It ensures that each node in the network has a trusted third party digital signature. Any node can freely join in the network at a particular instant of time for the attack detection. Certificate revocation is the process of enlisting and removing the certificate of the nodes which are launch attacks on the neighbor nodes. In this paper, we are focusing primarily on the security issue of MANET and also the process of certificate revocation. I am going to use the different method to select the cluster head and compare the performance of the technique with the existing methods. This paper organized as follows: In the next section (section 2) we are going to give the brief overview of certificate revocation techniques in MANET and also analyze the advantage and disadvantage of voting based and non-voting based scheme. Section 3 gives the cluster head selection using theFuzzy Relevance Degree algorithm. Section 4 gives the proposed schema used. Finally, I conclude the paper in the following section.
2. RELATED WORKS Researchers pay a much attention in ensures the fundamental security of infrastructure less MANETs. Due to the limited physical protection of nodes, the dynamical topology changing, the vulnerability of wireless link and the lack of infrastructure, it is difficult to secure MANETs. In this section, we briefly introduce the existing methods for certificate revocation.
2.1 Voting based mechanism The certificate of the malicious nodes will be revoked through the votes from the neighbor nodes. In this schema, all nodes have to participate in the voting system to evict the malicious nodes. URSA proposed by Luo et al used a voting system to evict nodes. In URSA the certificate authority issue the valid certificate to the nodes, which are all join in the network. The node with a valid certificate is considered to be a legitimate node. A node before enter in to the network, that will get valid certificate from the CA. The major disadvantage of this voting based mechanism is, it does not address the false accusation from their neighbor malicious nodes. Arboit et al in their work putsother mechanisms. It allows the nodes in the network to vote together. The nodes vote with variable weights is the major difference from the Luo et al it ensuring the larger accuracy. By using the reliability and trustworthiness of the node, calculate the weight of anode, which derives from the past behavior the node such as accusing other nodes and
IJTET©2015
accusation from other node. When the weighted sum from voters against the node exceeds a predefined threshold, the certificate of the accused node will be revoked. This is the way to improve the accuracy of the certificate revocation.
2.2 Non-Voting based mechanism In the non-voting based mechanism, any node with a valid certificate can accuse a malicious node. Clulow et al proposed a new strategy called “suicide for the common good” which can quickly complete the certificate revocation by only one accusation. In this strategy the certificate of the accusing node will be revoked by sacrificing itself to improve the accuracy of the strategy. Due its suicidal strategy, the time taken to revoke the certificate of the malicious node and communications overhead of the certificate revocation procedure is reduced. This suicidal strategy does not concentrate on the false accusation so it degrade the accuracy of the scheme 2.3 Cluster Based Certificate Revocation Scheme Park et al proposed a new strategy called cluster based certificate revocation scheme. The control message is managed by the trusted third party and also it maintains Black list (BL) and Warned list (WL). The WL contains accusing and accused node, the BL contains malicious node. Any single neighboring node can revoke the certificate of the malicious node. It also deals with the issue of false accusation and it reduces the time taken to revoke the certificate of the malicious node. Wei Liu et al provide the vindication capability for the certificate revocation technique. Before recovering the certificate of the nodes in the WL, it verifies the threshold value to vindicate the warned nodes as legitimate node or not. In the existing system discussed previously, a node proclaims itself as a cluster head. The node periodically propagates CH Hello packet to its neighbors. The method of CH selection is a faulty method in the existing methods. So we are using the Fuzzy relevance Degree to select a CH. 3. PROPOSED WORK 3.1Model of the Cluster Based Scheme In this section, we present the cluster based revocation scheme which can quickly revoke the certificate of the malicious node. Clustering is a method of grouping the nodes in the network based on some criteria. I assumed that the cluster contain 10 to 50 nodes. The main aim is that the CH with in the cluster has the rights to revoke the certificate of the malicious node and also it maintains 2 different lists which contain accusing and accused node with in the list called Warned List (WL) and Black List (BL) respectively. 3.1.1 Cluster Construction We proposed the cluster based architecture to construct
92
INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 3 ISSUE 3 – MARCH 2015 – ISSN: 2349 – 9303 the topology. Nodes in the network work together to form the cluster consists of CH along with Cluster Members (CMs) positioned with-in the transmission range of the CH. Before the node joining in the network, that should get a valid certificate from the third party, which have the rights to distribute the certificate to the nodes to communicate with each other freely in the MANET.
3.1.2 Cluster Head Selection By using a Fuzzy relevance Degree algorithm we can maintain the cluster, to secure a cluster. This established cluster allows the easier access and transmission of packet from one secured cluster to the other cluster, further happens reducing the transfer rate and also reduces the effect of topological changes. 3.1.3 FSV Structure The basic of the Fuzzy Relevance Degree algorithm is FSV (Fuzzy State Viewing). This is a table structure like algorithm showed in the figure. This table structure algorithm consists of five parameters, which is shownwith the Fig1. When a node communicates among itself, the FSV comes in the transfer of packets. The FRD value which is represented by µ will pass, when two nodes communicate between each other. When two nodes exchange the packets among each other, the range of µ is form 0 to 1, which helps in the avoidance of interference. By using the proposed FRD algorithm, we are going to select the CH in the secured cluster. The consequently result in the selection of Cluster Members. The packet transmission among each node will be through gateway node which helps in the broadcasting of packets. ID µ Level M-hop Balance
M-hop(Multi-hop): The cluster creation and its management is control is based on the µ value. By separating the transfer process into multi hops range from 1-hop to several multi-hops is done by this parameter. Balance: Each and every node in the cluster should participate in the process of CH selection. This parameter provides the way to allocation of cluster head in the secure cluster.
Each node in the cluster must have the FRD value denoted by µ. The FRD value is used to form a secure cluster with high reliability and the optimum transfer of data packets. This FRD value(µ) is used by the nodes in the communication process which is calculated by using the parameter like mobility, distance and power. The value of µ is range from 0 to 1. Cluster head is selected from each node at once advocates itself. The energy of the each node in the cluster must be stable and also the characteristics of the with-in the cluster must be similar. Figure 2 denotes the structure of the cluster before the formation of the cluster. Figure 3 denotes the structure of the cluster after the formation of the cluster. Any node in the cluster, which having more power and signal strength, derived from the RS will be selected as a CH. In figure 3 C1,C2 clusters are communicating with-out gateway node so it is not secure.
Fig 1.Packet Structure of FSV
The parameter of the packet is explained as follows Identifier: Each and every node participates in the cluster will have a unique identifier. It helps to avoid the interference and make faster the process of CH selection. Fuzzy Relevance Degree(µ): the value of Fuzzy Relevance Degree (µ) is used to communicate the nodes with each other. When the node participating in the communication process, the µ value will be sent by the corresponding neighbor nodes. This µ value is calculated by the parameters like mobility, distance and power. The range of µ is from 0 to 1. Where the FRD value can be selected accordingly, this will be formed as a set. Level: This is the third parameter in the FSV structure. The value is arranged into set previously, this will be categorized into low level, middle level and high level. The level parameter is one of the criteria to select the node as CH, CM and gateway node.
IJTET©2015
Fig2. Structure before the cluster formation
Fig3. Modified Cluster structure
To balance the cluster formation as shown in the figure3 C1, C2 is joined and act as a single cluster so there is no need of any gateway node between C1 and C2. By using the FRD value the above cluster formation
93
INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 3 ISSUE 3 – MARCH 2015 – ISSN: 2349 – 9303 was done. Acceptable values will be selected from the set, which will support in the balancing of the structure using the balance parameters. It also helps in maintaining the process of allocating CH and controlling the management process. Therefore, we develop a secure cluster that has a high transfer rate in terms of communication between nodes in the mobile ad-hoc network. 3.1.4 Function of Cluster Head The cluster contains a CH along with the CMs. The main function of the CH is to form a secure cluster and monitoring each node. The CH is in charge of updating two list called Warned List (WL) and Black List (BL) respectively. The BL contains the accused node which was accused by more than the threshold value. The WL contains both accusing and also accused node respectively. The CH updates each list according to receive the control packets. Each node can accuse a node only once.
not, then the neighbor node will send the accusation packet to the CH, which is shown in the Fig5(a). After receiving the accusation packet from the neighbor node, the CH should check the validity of the certificate of the accusing node. The CH should verify that the voting information in the VL which is maintained by the CA to avoid false accusations. If it is valid the accusing and accused nodes should enlist in the WL and number of accusation against the same node is greater than the threshold value then that will be listed in the black list. Finally the revocation is broadcast to each node in the cluster and any neighbor node can revoke the certificate of the malicious node.
Fig5. Efficient Certificate Revocation Fig6. Control packets
Fig4. System Architecture
3.1.5 Function of Certificate Authority It is a trusted third party who is called as Certificate Authority is developed in the cluster based scheme to enable each node brings the certificate from it. Certificate Authority is in charge of updating a list called Vote List(VL). The CA updates the VL accords to receive the control packets. CA broadcasts the information of the VL to the entire network in order to avoid the malicious node to accuse a legitimate node. Each node with in the network should monitor the neighbor node and vote for the node in the VL, which is maintained by the CA. 3.1.6 Certificate Revocation To revoke the certificate of the malicious node, we need to consider 3 stages: accusing the node, verifying the accusing node and notifying to each node in the cluster. The revocation process is started by detecting the malicious node. The neighbor node verifies the BL to match whether the detected node is present or not. If
IJTET©2015
3.2 List Management 3.2.1Warned List It contains both accusing and also accused node. Any node in the cluster can accuse a node if the certificate of the accusing node is valid and it does not have negative vote in the VL which is maintained by the CA. The possible for the false accusation is very low so this revocation scheme is highly reliable. 3.2.2 Black list It contains only accused node which is also called as malicious node. The BL will be broadcast to each CH to revoke the certificate of the malicious node, which is listed in the BL. 3.2.3 Vote List The list, which is used to vindicate the accusing node, is a legitimate or not. It contains four fields such as node id, Cluster id, positive vote, negative vote. ID CID Positive vote Negative vote Fig5. Vote List
ID: Each node in the cluster can have a unique identifier for faster access and avoid collusion. CID: Each Cluster in the network should have a unique cluster ID to differentiate the clusters. 2 nodes can have the same ID, but the CID of the 2 nodes should be different.
94
INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 3 ISSUE 3 – MARCH 2015 – ISSN: 2349 – 9303
Positive vote: Any node in the cluster should be monitored by the neighbor node to check whether the node is a malicious or not. The node does not loss the packets and sends the packets to the corresponding sink node the neighbor node will give the positive vote. Negative vote: If a node loss the packets and it does not send the packets to the corresponding sink node then the neighbor node will give negative vote.
Whether a node has a single negative vote then that corresponding node cannot accuse any other nodes in the network. 4. CONCLUSION In this paper, I have addressed a major issue to make sure the security for MANET and also how to select the CH for the secure cluster. The existing methods use the method of neighbor sensing protocol to select the CH, just by declaring the hello packets. But I proposed the FRD method for the head selection process, including various parameters like life time, battery power, distance between them, velocity of nodes and also FRD value(µ). The revocation scheme is effectively done by the neighboring node by exceeding the accusation against the corresponding node. The false accusation is avoided by maintaining the VL to verify the status of the accusing node. Before the revocation process the status of the accused node is compared with the VL. Therefore the probability of occurrence of the false accusation is very low. The efficient selection of CH and the process of certificate revocation is help in the creation of a secure cluster and also improve the performance of the network. The network simulator is used to detect the enhancement. The scheme increased the throughput by the usage and it is efficient for so far.
REFERENCES [1] H. Yang, H. Luo, F. Ye, S. Lu, and L. Zhang, “Security in Mobile Ad Hoc Networks: Challenges and Solutions,” IEEE Wireless Comm.,vol. 11, no. 1, pp. 38-47, Feb. 2004. [2] INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies (Volume: 1) [3] L. Zhou, B. Cchneider, and R. Van Renesse, “COCA: A Secure Distributed Online Certification Authority,” ACM Trans. ComputerSystems, vol. 20, no. 4, pp. 329-368, Nov. 2002. [4] P. Yi, Z. Dai, Y. Zhong, and S. Zhang, “Resisting Flooding Attacks in Ad Hoc Networks,” Proc. Int’l Conf. Information Technology:Coding and Computing, vol. 2, pp. 657-662, Apr. 2005 [5] B. Kannhavong, H. Nakayama, A. Jamalipour, Y. Nemoto, and N Kato, “A Survey of Routing
IJTET©2015
Attacks in MANET,” IEEE Wireless Comm.Magazine, vol. 14, no. 5, pp. 85-91, Oct. 2007 [6] H. Nakayama, S. Kurosawa, A. Jamalipour, Y. Nemoto, and N. Kato, “A Dynamic Anomaly Detection Scheme for Aodv-Based Mobile AdHoc Networks,” IEEE Trans. Vehicular Technology, vol. 58, no. 5, pp. 2471-2481, June 2009. [7] J. Newsome, E. Shi, D. Song, and A. Perrig, “The Sybil Attack in Sensor Network: Analysis & Defenses,” Proc. Third Int’l Symp.Information Processing in Sensor Networks, pp. 259-268, 2004. [8] H. Luo, J. Kong, P. Zerfos, S. Lu, and L. Zhang, “URSA: Ubiquitous and Robust Access Control for Mobile Ad HocNetworks,” IEEE/ACM Trans. Networking, vol. 12, no. 6, pp. 1049-1063, Oct. 2004. [9] G. Arboit, C. Crepeau, C.R. Davis, and M. Maheswaran, “A Localized Certificate Revocation Scheme for Mobile Ad Hoc Networks,”Ad Hoc Network, vol. 6, no. 1, pp. 17-31, Jan. 2008 [10] J. Clulow and T. Moore, “Suicide for the Common Good: A New Strategy for Credential Revocation in Self-organizing Systems,”ACMSIGOPS Operating Systems Rev., vol. 40, no. 3, pp. 18-21, July 2006. [11] K. Park, H. Nishiyama, N. Ansari, and N. Kato, “Certificate Revocation to Cope with False Accusations in Mobile Ad HocNetworks,” Proc. IEEE 71st Vehicular Technology Conf. (VTC ’10), May 16-19, 2010. [12] Wei Liu, Student Member, IEEE, Hiroki Nishiyama, Member, IEEE, NirwanAnsari, Fellow, IEEE, Jie Yang, and Nei Kato, SeniorMember, IEEE , “Cluster-Based Certificate Revocation with Vindication Capability for Mobile Ad Hoc Networks” [13] J. Lian, K. Naik, and G.B. Agnew, “A Framework for Evaluating the Performance of Cluster Algorithms for Hierarchical Networks,”IEEE/ACM Trans. Networking, vol. 15, no. 6, pp. 1478-1489, Dec. 2007. [14] Dai Zhi-Feng,li Yuan-Xiang,HeGuo-Liang Tong Ya-La Shen Xian-Jun,”Uncertain Data Management for Wireless Sensor Networks UsingRough Set Theory”,2006 IEEE. [15] Ye Tian,MinSheng, Jiandong Li, YanZhang,Junliang Yao and Di Tang,”Energy aware Dynamic Topology Control Algorithm for wireless AdHoc Networks”,2008 IEEE
95