«International Journal of Innovative Research in Computer and Communication Engineering (An ISO 3297: 2007 Certified Organization) Vol.2, Special ...»
ISSN (Print): 2320-9798
International Journal of Innovative Research in Computer and Communication Engineering
(An ISO 3297: 2007 Certified Organization) Vol.2, Special Issue 1, March 2014
Proceedings of International Conference On Global Innovations In Computing Technology (ICGICT’14)
Department of CSE, JayShriram Group of Institutions, Tirupur, Tamilnadu, India on 6th & 7th March 2014
Intrusion Detection System to Detect Malicious Misbehaviour Nodes in Manet M.Vijay1, R.Sujatha2 P.G Scholar (CSE), M.Kumarasamy College of Engg, Karur1 Assist/Professor (CSE), M.Kumarasamy College of Engg, Karur2 Abstract: Mobile Computing is a technology that allows users with portable computers still have network connections while they move. In Mobile computing, mobility and scalability should be possible in many applications. Mobile Ad hoc NETwork (MANET) is one of the most important and unique applications. In MANET infrastructure does not need a fixed network. Every node act as a transmitter and receiver. Communication occurs within their same communication range only, and communicates directly each other. Otherwise, they should relay on their neighbors to send relay messages. In open medium and wide distribution of nodes make MANET vulnerable to malicious attackers. A new instruction-detection system named Enhanced Adaptive ACKnowledgment (EAACK) specially designed for MANETs. In existing system RSA and Digital Signature are used. In this paper to reduce the network overhead caused by digital signature by using AES public key cryptography system and AODV routing protocol. To develop efficient instruction-detection mechanisms, protect MANET from attacks. It detects malicious misbehavior nodes more efficiently.
Keywords: Enhanced Adaptive ACKnowledgment (EAACK); Digital Signature; Digital Signature Algorithm (DSA);
Mobile Ad hoc NETwork (MANET); Ad-hoc On demand Distance Vector (AODV); Advanced Encryption Standard (AES); Routing Overhead (RO).
I. INTRODUCTIONA mobile ad hoc network (MANET) is a one of the wireless method. The devices are moving in randomly different directions and communicating with one to another within each nodes communication range. To extend the nodes communication range, the other nodes in the network act as routers. Thus, the communication may be occurring via multiple intermediate nodes between source and destination. MANETs have a wide range of applications, specifically in military operations and emergency and disaster relief efforts , .
The open network and remote distribution method of MANET make it vulnerable to various types of attacks. For example, the nodes environmental protection, malicious attackers can easily capture and compromise nodes and make attacks. Most of the routing protocols in MANETs assume that every node in the network behaves cooperatively with other nodes and presumably not malicious attackers can easily compromise MANETs by inserting malicious or no cooperative nodes into the network. An intrusion detection system (IDSs), which is used to detect and mention an attack after it is accrued, this systems are very important to MANET’s security.
II. BACKGROUND A. Cryptography Algorithms The cryptographic algorithms are classified into two different types such as symmetric and asymmetric method .In symmetric encryption method both sender and receiver share the common key value for encryption and decryption. That the sender find some secure way to deliver the encryption/decryption key to the receiver. The key distribution needs to deliver key to the receiver and also described about the key distribution difficulties. There are large number of protocols provides various types of techniques. These protocols are to provide more secure but less performance. The public key cryptography or asymmetric cryptographic method solves the problems of key distribution. The pair keys are used for
Proceedings of International Conference On Global Innovations In Computing Technology (ICGICT’14) Organized by Department of CSE, JayShriram Group of Institutions, Tirupur, Tamilnadu, India on 6th & 7th March 2014 encryption. The data encrypts with public key and corresponding private key should used for decryption. Every user has one pair of keys. All others know the public key and the private key must be kept in secretly.
Figure: 1. Asymmetric Encryption
If anyone wants to send some information to you they read your public key and encrypt the information. Then the encrypted data received by you. The encrypted data is using your private key to decrypt it. But public key cryptosystems have one issue that users must be constantly vigilant to ensure that they are encrypting to the correct person’s key. The public keys are assured by you and the public keys to which you are encrypting data is in fact the public key of the intended receiver. The identification of correct public key of proper person is more difficult without using any third party. Everyone knows the cryptographic algorithms functionality. The sender sends his data using any one cryptographic algorithm with key value. The key value is more confidential. The key management is also more complex.
B. Overview of Hybrid Encryption Approach Hybrid encryption is a mode of encryption that merges two or more encryption systems. It is a combination of symmetric encryption and asymmetric encryption to benefit from the strengths of each form of encryption. It gives high strength which means respectively defined as speed and security. For network security there are various cryptographic algorithms are available. The symmetric cryptographic algorithms are high speed compared than asymmetric cryptographic algorithms or public key cryptographic systems like RSA, Elliptic Curve Cryptography. The public key cryptographic algorithms are more secure than symmetric algorithms. Because, it has two keys one for encryption and another one for decryption. In this hybrid encryption technique we propose asymmetric encryption for encryption/decryption and using public key cryptosystems for authentication .
III. EXISTING SYSTEMA. Digital Signature 1) Digital signature with appendix: The original message is required in the signature verification algorithm.
Digital signature algorithm (DSA)  is one of the examples for this method.
Digital signature with message recovery: This type of scheme does not require any other information besides the signature itself in the verification process. RSA  algorithm is one of the example for this method.
Figure: 2. TWOACK Scheme: Each node should send acknowledgment to middle node and source.
DSA and RSA both are implemented in existing system EAACK. The performances comparison of DSA and RSA in MANETs is one of the main purposes. Figure 2 show the general flow of data communication with digital signature. First, a fixed-length message digest is computed through a pre agreed hash function H for every message m. So that this process can be described as H (m) = d (1) Second, the sender Alice should apply its own private key Pr−Alice to the computed message digest (d). The result is a signature SigAlice. It is attached to message m and Alice’s secret private key SPr−Alice (d) = SigAlice (2) To verify the validity of the digital signature, the sender Alice always keep her private key Pr−Alice as a secret without revealing to anyone else. Or else, if the attacker Eve gets this secret private key means, she can intercept the message and easily add malicious messages with Alice’s signature and send them to Bob. These malicious messages are digitally signed by Alice and Bob sees them as legit and authentic messages from Alice. Alice can send a message m along with the signature SigAlice to Bob via an unsecured channel. Then Bob computes the received message m’ against the pre agreed hash function H to get the message digest d’. This type of process can be generalized as H (m’) = d’. (3) And Bob can verify the signature by applying Alice’s public key Pk−Alice on SigAlice, by using SPk−Alice (SigAlice,) = d. (4) If d == d_, so it is safe to claim that the message m_ transmitted through an unsecured channel is indeed sent from Alice and the message itself is intact.
Proceedings of International Conference On Global Innovations In Computing Technology (ICGICT’14) Organized by Department of CSE, JayShriram Group of Institutions, Tirupur, Tamilnadu, India on 6th & 7th March 2014 Figure 3 describes EAACK scheme work process and describes system control flow, and shows the system flow of how the EAACK scheme works.
EAACK is consisted of three major parts.1.ACK, 2.Secure ACK (S-ACK), and 3.Misbehavior Report Authentication (MRA).
ACK is an end-to-end acknowledgment scheme. And it acts as one of the part of the hybrid scheme in EAACK. It aims to reduce network overhead when no network misbehavior is detected. ACK mode in figure8 described, and node S first sends out an ACK data packet Pad1 to the destination node D. Determine all the intermediate nodes along the route between nodes S and D are cooperative and node D successfully receives Pad1. The node D is required to send back an ACK acknowledgment packet Pak1 along the same route but in a reverse order. If node S receives Pak1 within a predefined time period. Then the packet transmission from node S to node D is successful. Or else, node S will move to S-ACK mode by sending out an S-ACK data packet to detect the misbehaving nodes in the route.
TWOACK’s improved level is called as Secure ACKnowledgment. The purpose is every three consecutive nodes work in a group to detect misbehaving nodes in network. For every three consecutive nodes participate in the route. If the third node is should send an S-ACK acknowledgment packet to the first node. The purpose of introducing S-ACK mode is to detect misbehaving nodes in the presence of receiver collision or limited transmission power. Figure. 4 shows S-ACK mode, and the three consecutive nodes (i.e., F1, F2, and F3) work in a group to detect misbehavior nodes in the network.
First node F1 sends S-ACK data packet Psad1 to node F2. And then, the node F2 forwards this packet to node F3. After when node F3 receives Psad1 and node F3 is required to send back an S-ACK acknowledgment packet Psak1 to node F2.Then node F2 forwards Psak1 back to node F1. Otherwise node F1 does not receive this acknowledgment packet within a predefined time period means, nodes F2 and F3 both are reported as malicious nodes. And also, a misbehavior report will be generated by node F1 and sent to the source node S. The source node immediately trusts the misbehavior report. But EAACK requires the source node to switch to MRA mode and confirm this misbehavior report. Moreover it is a vital step to detect false misbehavior report in our proposed scheme.
Misbehavior Report Authentication (MRA) scheme is designed to detect misbehaving nodes with the presence of false misbehavior report. Then the false misbehavior report can be generated by malicious attackers to falsely report innocent nodes as malicious. This type of attack can be affecting the entire network when the attackers break down sufficient nodes and thus cause a network division. The goal of MRA scheme is to authenticate, if the destination node has received the reported missing packet through a different route. To mention the MRA mode, first the source node searches its local knowledge base and seeks for an alternative route to the destination node. Otherwise there is no other that exists.
Proceedings of International Conference On Global Innovations In Computing Technology (ICGICT’14) Organized by Department of CSE, JayShriram Group of Institutions, Tirupur, Tamilnadu, India on 6th & 7th March 2014 Then the source node starts a DSR routing request to find another route. Based on the nature function of MANETs, it is most common to find out multiple routes between two nodes.To adopting an alternative route to the destination node, we win the misbehavior reporter node. And when the destination node receives an MRA packet, it should search its local knowledge base and compares if the reported packet was received. Otherwise it is already received means, it is safe to decide that this is a false misbehavior report and whoever generated this report is marked as malicious. Or else, the misbehavior report is trusted and accepted by source node. To the adoption of MRA scheme and EAACK is capable of detecting malicious nodes despite the existence of false misbehavior report. All three major parts are relying on acknowledgment packets to detect misbehaviors in the network. It is extremely important to ensure that all acknowledgment packets in EAACK are authentic one. Or else, if the attackers are smart enough to forge acknowledgment packets. And all of the three schemes will be vulnerable.
IV. PROBLEM DEFINITIONThe existing scheme implemented both DSA and RSA in EAACK scheme. The DSA scheme always produces slightly less network overhead than RSA does. The signature size of DSA is much smaller than the signature size of RSA. The RO differences between RSA and DSA schemes vary with different numbers of malicious nodes. The number of malicious nodes are provides more ROs in the RSA scheme process. More malicious nodes require more acknowledgment packets.
Based on that it increasing the ratio of digital signature in the whole network overhead . Many of the existing IDSs in MANETs adopt an acknowledgment based scheme, including EAACK. The functions of such detection scheme largely depend on the acknowledgment packets. Hence, it is guarantee that the acknowledgment packets are valid and authentic by using digital signature. In this research work, our goal is to propose an IDS specially designed for MANETs, which solves routing overhead caused by digital signature but also improve the security in system.
V. PROPOSED SYSTEM In this paper, we propose a hybrid cryptography technique to reduce the network overhead caused by digital signature.