Monday, June 3, 2019
Mobile Ad Hoc Networks (MANETs)
wandering Ad Hoc intercommunicates (MANETs)IntroductionWhat is Mobile Ad Hoc profit?With rapid development of wireless technology, the Mobile Ad Hoc Ne twainrk (MANET) has emerged as a new type of wireless profits. MANET is a collection of wireless wide awake bosss (e.g. laptops) that energizing tout ensembley sound as a interlocking without the occasion of any(prenominal) animate infrastructure and centralize administration. It is an autonomous dust where distri scarceively guest operates non just as an end system but overly as a despatchr to forward sheafs for separate lymph glands.Since the nodes in MANET move around, the wireless links assault and re-establish frequently. Furthermore, intimately of diligent nodes atomic figure of speech 18 re come p machinationicular(a) in reckoning capability and outpouring force play and at that placefore handed-d decl atomic number 18 computing content routing colloquys protocols ar not adapted for MANET. S everal ad hoc routing protocols acquit been proposed for separately node acting as wayr and maintaining routing discipline. there argon more new(prenominal) applications of MANET. For examples, MANET screwing be employ to provide emergency Services when the net profit is impaired due to the damaging of existing infrastructure 8. Computer scientists pitch predicted a world of give way computing in which computers provide be alone around us, constantly arrangeing mundane tasks to render our lives a little easier. These ubiquitous computers connect in spry ad hoc mode and change the purlieu or react to the change of the environment where they be suited. MANET is also found useful in the altogethereged(prenominal) sensor dust intercommunicate to coordinate the activities and reports of a large collection of tiny sensor devices which could offer detailed learning intimately(predicate) terrain or environmental dangerous stipulations.Problem Statement and Motivat ion to the highest degree current ad hoc routing protocols assume that the wireless net income is benign and every node in the ne twork strictly follows the routing behavior and is leave behinding to forward sh atomic number 18s for other nodes. Most of these protocols cope well with the propelling in eachy changing topology. However, they do not finish the problems when misbehavior nodes present in the network.A comm besides observed misbehavior is share dropping. In a practical MANET, most devices have very limited computing and assault and battery part while packet advancement devastates a attraction of much(prenominal)(prenominal) re fenders. indeed some of the mobile devices would not like to forward the packets for the benefit of others and they drop packets not destined to them. On the other hand, they still light upon use of other nodes to forward packets that they originate. These misbehaved nodes are very difficult to identify because we cannot tell that whether the packets are dropped measuredly by the misbehaved nodes or dropped due to the node having go out of transmission range or other link error. sheaf drop significantly decreases the network functioning.Traditional protective covering mechanisms are generally not suitable for MANET becauseThe network lacks central infrastructure to apply traditional security mechanism such as entry control, authentication and indisputable third party.Limited bandwidth, battery lifetime, and computation power prohibits the deployment of complex routing protocols or encryption algorithms. New security models or mechanisms suitable for MANET mustinessiness be found.Network topologies and memberships are constantly changing. and then new intrusion detection system and entity recognition mechanisms that are suitable for mobile ad hoc networks must be designed to parry or extenuate the behavior to the networks.Trust management systems have been recently wrapd as a security mechanism in MANET. In a avow management system, a communicating entity collects demonstrate regarding competence, honesty or security of other network participants with the calculate of making legal opinion or decisions regarding their trust relationships. Here trust quarry and Sub-tasks sozzleds the self-assurance of an entity on another entity establish on the expectation that the other entity impart perform a particular action important to the trustor, disregardless of the ability to monitor or control that other entity . For example, a trust- ground routing protocol can collect the express of nodes misbehaving, form trust apprizes of the nodes and select safest paths establish on the trust metrics.Reputations systems are often seen as a derivation of trust management system. In the reputation system, an entity forms its trust on another entity base not only on the selfobserved evidence but also on the second hand information from third parties. One of the influential reputati on systems is the DSR protocol. In the trust management system, reputation system and other trust-based systems, route selection is based on the direct nodes prior experience with other nodes in the network. Its opinions about how other entities are honest are constantly changing. Thus, we call the trust management systems and their derivations as dynamic feedback mechanisms. The dynamic feedback mechanisms are ordinarily applied on the current ad hoc routing protocols to rate the trust about other nodes in the network and make routing decisions based on the trust matrix, which is formed according to the evidence collected from previous interactions. By incorporating the dynamic feedback mechanism in the routing protocol, misbehaved nodes are identified and avoided to forward packets. In this way,misbehavior can be mitigated.Objective and Sub-tasksThe primary accusative of this dissertation is to Investigate the state of the art of dynamic feedback mechanisms and protocols analyz e, weapon and evaluate DSR protocols to see how it improves the network exertion and what are the side powers of introducing the mechanism to the mobile ad hoc network.Following tasks must be done to achieve the primary objective.Study the preliminary association that is ask to carry out the main tasks. For example, to agnise DSR protocol one must have some knowledge of Bayesian analysis to do mathematical operation analysis one must learn the methodologies of takeing exploit analysis and processing disguise selective information.Investigate security issues of mobile ad hoc network and current dynamic feedback mechanisms or protocols that are use to solve or mitigate the issues.Investigate and learn how to use the network simulation tool. There are several commonplace network simulation tools available and we want to hold the one that best suits our needs. The selected network simulator should be studied so that we can use it as plan to implement protocol and conduct s imulations.Analyze and implement the DSR protocol based on Dynamic acknowledgment Routing protocol (DSR) evaluate the network performance.Structure of the underwriteSince we have almost gone through the chapter one, we only briefly present the content of the subsequent chapters in this incision.Preliminary InformationState of the Art epitomeDesignImplementation and Tests PerformanceAnalysis demonstration and Future WorkPreliminary informationwe have introduced the MANET. This chapter presents other preliminary information and concepts that leave behind be used in other parts of the thesis. foremost iv general modes of routing mathematical processs are introduced and differentiated. The DSR protocol, which is used as underlying routing protocol in the thesis, is explained in detail. Secondly Bayesian estimation and Beta function are explained to pave the way for the analysis of the reputation model of DSR in the chapter 4. Thirdly some techniques regarding simulation and perf ormance analysis are presented. Finally, several pop network simulation tools are discussed and compared.Mobile Ad Hoc Network Routing ProtocolsNowadays there are confused routing protocols proposed for the MANET. The most popular ones are DSDV (Destination-Sequenced Distance Vector), TORA (Temporally- legitimate Routing Algorithm), DSR (Dynamic Source Routing) and AODV (Ad-hoc On Demand Distance Vector). These routing protocols can be categorized in opposite routing operation modes.Mode of Routing OperationsThese two modes concern whether or not nodes in an ad hoc network should keep track of routes to all possible addresss, or instead keep track of only those destinations of immediate occupy Proactive protocols store route information even before it is needed. This kind of protocols has advantage that chats with exacting destination experience minimal delay. However it also suffers from the disadvantage that additional control traffic is needed to continually update stale route information. This could significantly increase routing overhead especially for the MANET where the links are often broken. Reactive protocols, on the contrary, acquire routing information only when it is actually needed. However, the latency of the communication increases staggeringly especially when a node communicates to another at the first time.Source routing vs. Hop-by-hop routingThese two modes concern whether the etymon node influences the route for a packet to be forwarded to the destination or the mediocre nodes are allowed to decide the near hop until the packet arrives at the destination. In the source routing protocols, the source node decides the route and puts the route information in the packet header. All the intermediate nodes forward the packet on the route faithfully. This kind of protocols has advantage that the intermediate nodes are not required to maintain the routing information. But it suffers from the disadvantage that the packet size grows bec ause of source routing information carried in each packet. In the hop-by-hop routing protocols, it is sufficient for the source to know only how to cling to the next hop and intermediate nodes find their induce next-hops until the destination. In contrast to source routing protocols, hop-by-hop routing protocols do not increase packet size but they requires all the intermediate nodes to maintain routing information.Table 2-1 Categories of routing protocolshas compared the performance of these four routing protocols . The results show that DSR has best throughput performance (above 95%) at all mobility rates and movement speeds. Thus we allow use DSR as basic routing protocol in this thesis.The Dynamic Source Routing Protocol (DSR)John et al. proposed the dynamic source routing protocol (DSR) 1 which is a routing protocol for use in multi-hop wireless ad hoc networks of mobile nodes. DSR is an ondemand protocol, in which route are only discovered when data need to be transmitted t o a node where no route has yet been discovered. The advantage of this on-demand routing protocol is that there are not any periodic routing advertisement and reducing the routing overhead. DSR is also a source routing protocol, allowing multiple routes to any destination and allows each maneuverer to select and control the routes used in routing the packets. DSR is composed of the two main mechanisms dispatch Discovery and travel guidebook Maintenance which are explained below. alley Discovery track Discovery aims at finding routes from a source node to destination. Figure 2-1 illustrates the procedure of passage Discovery. When a source node S wants to send a data packet to some destination node D, it first searches its route compile to find whether there is a route to D. If there is no route to D, then S will initiate a Route Discovery and send outRoute Request core which is propagated to all the nodes within its transmission range. At the mean time, it saves the data packe t in its send buffer. The Route Request gist contains the addresses of source node and destination node, a unique route request identifier and a route record which records all the intermediate nodes that this route request packet has traveled through. S appends itself to the beginning of the route record when it initiates the message.When a node receives the Route Request message, it compares the destination address in the message with its sustain address to count on whether itself is the destination node. If it is not, it will append its own address in the route record and propagate the message to other nodes. If the node is the destination node, it will send a Route retort message to the source node and the message contains the source route record which is accumulated when the Route Request message is forwarded along its way to the destination. When the destination sends the Route Reply, if it uses MAC protocols such as IEEE 802.11 that require a bidirectional link, it just r everse the source route record and use it as route to send Route Reply to the source node. Otherwise it should find the route by searching its route cache or displace out a Route Request which piggybacks the Route Reply for the source node. When the source node receives the Route Reply message, it puts the returned route into its route cache. From then on all the packets destined to the same destination will use this route until it is broken.Route MaintenanceSince the ad hoc network is dynamic and the topology of the network changes frequently, the existing routes maintained by nodes in their route cache are often broken. After transport a packet, a node must attempt to fix the reachability of the next-hop node. If the node does not receive any substantiation from the next hop during a certain period of time, it will retransmit the packet. If after a utmost number of retransmission it still does not receive any confirmation, it will think the link to the next hop is broken and will send a Route erroneousness message to the source node.DSR proposes three acknowledge mechanisms to confirm that data can flow over the link from that node to the next hopLink-layer acknowledgment which is provided by MAC layer protocol such as IEEE 802.11.Passive acknowledgement in which a node hears the next-hop node forwarding the packet and thence confirms the reachability of the link.Network-layer acknowledgement in which a node sends an lucid acknowledgement request to its next-hop node.Passive AcknowledgementPassive Acknowledgement (PACK) is important in DSR protocol because it is used to detect whether the next hop forwards the packet or drops it. We explain it in detail in this section.Passive acknowledgement is used with the assumption thatNetwork links operates bi- directionally.The network interface is in the wanton mode. When a node taps a new packet in promiscuous mode after it originates or forwards a packet, it bring it as an acknowledgement of the first pac ket if both of following check success.The Source Address, Destination Address, Protocol, Identification, and Fragment first-class honours degree fields in the IP header of the two packets MUST match.If either packet contains a DSR Source Route header, both packets MUST contain one, and the value in the Segments Left field in the DSR Source Route header of the new packet MUST be less than that in the first packet.If no matched packet is found during PACK timeout, the node will lot the link between the next hop and itself is broken and will send Route Error message to the source node.Additional featuresDSR has additional features such as replying to route requests exploitation cached routes, caching overheard routing information, packet salvaging and flow state extension and etc. We will introduce them in section 4.1 and discuss how they will mend the performance of network, how they will interact with DSR and whether they will be enabled in our simulation.Performance Analysis Te chniquesThis section introduces the performance analysis techniques and methodologies that will be used in the performance evaluation.Factors and Primary FactorsThere are many parameters that will influence the simulation results and need to be carefully chosen in the simulations. Some parameters are chosen based on experience values or the conditions of the network we want to simulate. Others need to be tuned to optimize the network performance. We strike the two kinds of parameters as followsFactors are the variables that affect the simulation result and have several alternatives. Normally they are decided based on experience.Primary factors are the factors whose effects need to be quantified. This kind of factors usually needs to be adjusted through simulation.Data MeasurementThe mark step of the network performance analysis is to figure the simulation result and summarize the feature film of the network. To avoid the in spotless simulation results due to an extreme scenario, we usually run simulations on several different scenarios. The data set of these simulations are called sample. A single number must be presented to give the name characteristic of the sample and this single number is called an average of the data. There are three alternatives to summarize a sample symbolize is obtained by taking the sum of all observations and dividing this sum by the number of observations in the sample. median value is obtained by sorting the observations in an increasing order and taking the observation that is in the middle of series. If the number of the observations is even, the mean of the middle two values is used as a median.Mode is obtained by plotting a histogram and specifying the midpoint of the bucket where the histogram peaks.Confidence Interval for the MeanIn our performance evaluation, the main objective is to compare the simulation results of DSR and Standard DSR to see whether there is any performance improvement. However, most simulation resul ts are ergodic in some degree due to the distinctiveness of the node movement scenarios and we cannot tell whether the two systems are different. One way to minimize the random effect is to repeat the simulations with different scenarios as many time as possible and get a large sample space. Unfortunately, due to the time limitation we cannot conduct many simulations. points out that using confidence musical interval we can tell whether the two systems are different with smaller sample space. The confidence interval for the mean can be calculated using If the confidence intervals of the simulation results of the two systems have no overlap, then we can claim the two systems are different and one system is superior or wanting(p) to the other.GloMoSims source and binary code can be downloaded only by academic institutions for research purposes. commercial-grade users must use QualNet, the commercial version of GloMoSim.OPNET modelerOPNET patterner is commercial network simulati on environment for network modeling and simulation. It allows the users to design and study communication networks, devices, protocols, and applications with flexibility and scalability 30. It simulates the network graphically and its graphical editors reflect the structure of actual networks and network components. The users can design the network model visually.The modeler uses object-oriented modeling approach. The nodes and protocols are modeled as classes with inheritance and specialization. The development speech is C.ComparisonWhen choosing a network simulator, we normally consider the accuracy of the simulator. Unfortunately there is no last on which of the above three simulator is the most accurate one. David Cavin et al. has conducted experiments to compare the accuracy of the simulators and it finds out that the results are barely comparable 31. Furthermore, it warns that no standalone simulations can fit all the needs of the wireless developers. It is more realistic t o consider a hybrid approach in which only the lowest layers (MAC and physical layers) and the mobility model are fictive and all the upper layers (from transport to application layers) are executed on a dedicated hosts (e.g. cluster of machines). Although there is no definite conclusion about the accuracy of the three network simulators, we have to drive one of them as our simulation environment. We compare the simulators using some metrics and the results are summarizedAfter canvas the three simulators, we decide to choose ns2 as network simulator in our thesis becauseNs2 is open source free software. It can be easily downloaded and installed.The author of the thesis has used ns2 in another network cogitate course and gotten familiar with the simulation. Ns2 uses TCL and C++ as development languages for which the author has some programming experience.The author of the DSR protocol has conducted simulation on GloMoSim and gotten performance results. We want to do the simulatio n on a different simulation to form comparison.State of the ArtIn this chapter we will introduce the start of the art security solutions in MANET with emphasis on dynamic feedback mechanisms. Firstly, we will present the general security issues/requirements of MANET to pave the way for the forthcoming investigation. Then we will discuss the state of the art security mechanisms for MANET such as payment system,trust management system, reputation system, etc. Finally, we will summarize all the security solutions we discussed in this chapter.Security Issues in Mobile Ad Hoc NetworkDue to lack of central infrastructural and wireless links susceptible to attacks, security in ad hoc network has inherent weakness. In section 1.2 we have discussed the reasons why mobile ad hoc network imposes security challenges that cannot be solved by traditional security mechanisms. In this section, we present the general security properties required by ad hoc network.Following are general security prop erties regarding ad hoc networkConfidentiality The confdiantiality place is to protect certain information from unauthorized disclosure. The information includes not only the application data that send over the routing protocol, but also the routing information itself as well as network topology and geographic location.Integrity The integrity ensures that the transmitted message and other system asset are modified only by authorized parties. In the routing level, it requires all nodes in the network following correct routing procedure.The main challenge of ensuring integrity is that without central infrastructure and powerful computing capabilities, it is difficult to apply existing cryptography and key management systems.Availability The availability property requires that the run or devices are exempt from denial of portion, which is normally done by interruption, network or innkeeper overload. Typical examples or denial of service attack are radio jamming, in which a misbehav ed node transmit radio to interference other nodes communications, and battery exhaustion, in which a misbehaved node interact with a node for no other purpose than to consume its battery energy.Authentication The authentication property requires that the communication entitys identification is recognized and proved before communication starts.Access control This property requires restricting resources, services or data to special identities according to their main course in effect(p)s or group membership.Non-repudiation This property ensures that when data are sent from sender to receiver, the sender cannot deny that he has sent the data and the receiver cannot deny that he has received the data.Mobile nodes may conduct different misbehavior for different purposes. Po-Wah Yau classifies the misbehaved nodes into following categories.Failed nodes are only when those unable to perform an operation this could be because power failure and environmental events.Badly failed nodes exhib it features of failed nodes but they can also send false routing messages which are a threat to the integrity of the network.Selfish nodes are typified by their unwillingness to cooperate as the protocol requires whenever there is a personal cost involved. Packet dropping is the main attack by self-serving nodes.Malicious nodes aim to deliberately disrupt the correct operation of the routing protocol, denying network service if possible. These four types of misbehaved nodes actually can be categorized in two aspects whether their misbehaviors are intentional or unintentional, and the severity of the results.Payment SystemsPayment systems provide economic incentives for the cooperation in MANET. They consider that each node in MANET is its own confidence and tries to maximize the benefits it gets from the network. Thus each node tends to be selfish, dropping packets not destined to them but make use of other nodes to forward their own packets. The purpose of payment systems is to e ncourage the cooperation within the MANET by economic incentives. There are several variations of payment systems proposed.NugletsNuglets is a virtual currency mechanism for charging (rewarding) server practice (provision). Nodes that use a service must pay for it (in nuglets) to nodes that provide the service. A typical service is packet forwarding which is provided by intermediate nodes to the source and the destination of the packet. Therefore either the source or the destination should pay for it.There are two models for charging for the packet forwarding service the Packet Purse precedent (PPM) and the Packet mass Model (PTM).In the Packet Purse Model, the sender pays for the packet. It loads the packet with a number of nuglets when direct the packet. Each intermediate forwarding node acquires some nuglets from the packet that covers its forwarding costs. If a packet does not have enough nuglets to be forwarded, then it is discarded. If there are nuglets left in the packet once it reaches destination, the nuglets are lost. In the Packet Trade Model, the destination pays for the packet. Each intermediate node buys the packet from previous one for some nuglets and sells it to the next one for more nuglets until the destination buys it. Either of the two models has advantages and disadvantages. While the Packet Purse Model deters nodes from move useless data and avoids the network overloading, the Packet Trade Model can lead to an overload of the network and the destination receives packets it does not want. On the other hand, in the Packet Purse Model it is difficult to aim the number of nuglets that are required to reach a given destination. But thePacket Purse Model does not need to consider this problem. To take advantages of the two models and avoid the disadvantages, a hybrid model is suggested. In this model, the sender loads the packet with some nuglets before sending it.The packet is handled according to the Packet Purse Model until it runs ou t of nuglets. Then it is handled according to the Packet Trade Model until the destination buys it.CounterTo address the problems encountered by the nuglets approach such as difficulty in estimating pre-load nuglets and possible network overload, another payment approach based on credit counter is suggested. In this approach, the current state of each node is expound by two variables b and c, where b is the remaining battery power and cstands for the value of its nuglet counter. More precisely, b is the number of packets that the node can send using its remaining energy and c is the number of packets a node canoriginate.A node can originate a number of packets N only when the condition c=N holds. When a node forwards a packet, nuglet counter c is increased by one and b is reduced by one. Thus in order to originate packets, each node must earn credits by forwarding packets. The counter solution requires tamper wicked computer ironware security module.SpiritS. Zhong et al. proposed Sprite 19, a credit-based system for MANET. As opposed to Nuglets or Counter they do not require tamper-proof hardware to prevent the equivocation of payment units. Instead, they introduce a central Credit clearance Service (CCS). The basic scheme of the system is as follows. When a node receives a message the node keeps a receipt of the message and reports to the CCS when the node has a fast connection to Credit Clearance Service (CCS). The CCS then determines the energize and credits to each node involved in the transmission of a message, depending on the reported receipts of a message.In this scheme, the sender charges money. A node that has forwarded a message is compensated, but the credit that a node receives depends on whether or not its forwarding action is successful. send on is considered successful if and only if the next node on the path reports a valid receipt to the CCS.Discussion on the Payment SystemsThe payment systems we describe in above sections either assum es a tamper resistant hardware module is available to ensure that the behavior of the node is not modified or requires a central authority server to determine the charge and credit to each node involved in the transmission of a message. Tamper resistant hardware may not be appropriate for most mobile devices because it demands advanced hardware solution and increases the cost of the devices. Lacking of central authority server is right the inherent property of MANET that causes security challenges so it is also not appropriate. Furthermore, all the approaches described above suffer from locality problems 20 that nodes in different locations of the network will have different jeopardizes for earning virtualcurrency, which may not be fair for all nodes. Usually nodes at the periphery of the network will have less chance to be rewarded.Reputation SystemReputation systems have emerged as a way to reduce the risk entailed in interactions among total strangers in electronic marketplace. centralise reputation systems have been adopted by many on-line electronic auctions such as eBay to collect and store reputation ratings from feedback providers in a centralized reputation database. Decentralized reputation systems used by MANET, on the other hand, do not use centralized reputation database. Instead, in these reputation systems, each node keeps the ratings about other node and update the ratings by direct observation of the behaviorsof neighboring nodes or second hand information from other trusted nodes. Identifies three goals for reputation systemsTo provide information to distinguish between a trust-worthy principal and an untrustworthy principals.To encourage principals to act in a trustworthy meansTo discourage untrustworthy principals from participating in the service the reputation mechanism is present to protect.Most of the reputation systems in MANET are based on trust management system. Trust is such a intrinsic and dynamic concept that different entiti es can hold different opinions on it even while confront the same situation. Trust management system can work without reputation system. For example, a mobile node can form opinion about other nodes by direct experience with the nodes.We can merge reputation system and trust management system to dynamic feedback mechanisms. Former one is a spherical reputation system and mobile nodes share their own experiences of interaction with other nodes. The later one is a local reputation system in which mobile nodes rating the trustability of other nodes based on its own observation.DSRDSR is a reputation system aiming at coping with misbehavior in MANET. The idea is to detect the misbehaved nodes and impound them fromcommunication by not using them for routing and forwarding and by not allowing the misbehaved nodes to use itself to forward packets. DSR stands for Cooperation Of Nodes Fairness In Dynamic Ad-hoc Network. It usually works as an extension to on demand routingMobile Ad Hoc N etworks (MANETs)Mobile Ad Hoc Networks (MANETs)IntroductionWhat is Mobile Ad Hoc Network?With rapid development of wireless technology, the Mobile Ad Hoc Network (MANET) has emerged as a new type of wireless network. MANET is a collection of wireless mobile nodes (e.g. laptops) that dynamically function as a network without the use of any existing infrastructure and centralized administration. It is an autonomous system where each node operates not only as an end system but also as a router to forward packets for other nodes.Since the nodes in MANET move around, the wireless links break and re-establish frequently. Furthermore, most of mobile nodes are resource limited in computing capability and battery power and therefore traditional computing content routing protocols are not suitable for MANET. Several ad hoc routing protocols have been proposed for each node acting as router and maintaining routing information.There are many other applications of MANET. For examples, MANET can be used to provide emergency Services when the network is impaired due to the damaging of existing infrastructure 8. Computer scientists have predicted a world of ubiquitous computing in which computers will be all around us, constantly performing mundane tasks to make our lives a little easier. These ubiquitous computers connect in mobile ad hoc mode and change the environment or react to the change of the environment where they are suited. MANET is also found useful in the so-called sensor dust network to coordinate the activities and reports of a large collection of tiny sensor devices which could offer detailed information about terrain or environmental dangerous conditions.Problem Statement and MotivationMost current ad hoc routing protocols assume that the wireless network is benign and every node in the network strictly follows the routing behavior and is willing to forward packets for other nodes. Most of these protocols cope well with the dynamically changing topology. Howe ver, they do not address the problems when misbehavior nodes present in the network.A commonly observed misbehavior is packet dropping. In a practical MANET, most devices have very limited computing and battery power while packet forwarding consumes a lot of such resources. Thus some of the mobile devices would not like to forward the packets for the benefit of others and they drop packets not destined to them. On the other hand, they still make use of other nodes to forward packets that they originate. These misbehaved nodes are very difficult to identify because we cannot tell that whether the packets are dropped intentionally by the misbehaved nodes or dropped due to the node having moved out of transmission range or other link error. Packet drop significantly decreases the network performance.Traditional security mechanisms are generally not suitable for MANET becauseThe network lacks central infrastructure to apply traditional security mechanism such as access control, authenti cation and trusted third party.Limited bandwidth, battery lifetime, and computation power prohibits the deployment of complex routing protocols or encryption algorithms. New security models or mechanisms suitable for MANET must be found.Network topologies and memberships are constantly changing. Thus new intrusion detection system and entity recognition mechanisms that are suitable for mobile ad hoc networks must be designed to avoid or mitigate the behavior to the networks.Trust management systems have been recently introduced as a security mechanism in MANET. In a trust management system, a communicating entity collects evidence regarding competence, honesty or security of other network participants with the purpose of making assessment or decisions regarding their trust relationships. Here trustObjective and Sub-tasksmeans the confidence of an entity on another entity based on the expectation that the other entity will perform a particular action important to the trustor, irrespe ctive of the ability to monitor or control that other entity . For example, a trust-based routing protocol can collect the evidence of nodes misbehaving, form trust values of the nodes and select safest routes based on the trust metrics.Reputations systems are often seen as a derivation of trust management system. In the reputation system, an entity forms its trust on another entity based not only on the selfobserved evidence but also on the second hand information from third parties. One of the influential reputation systems is the DSR protocol. In the trust management system, reputation system and other trust-based systems, route selection is based on the sending nodes prior experience with other nodes in the network. Its opinions about how other entities are honest are constantly changing. Thus, we call the trust management systems and their derivations as dynamic feedback mechanisms. The dynamic feedback mechanisms are usually applied on the current ad hoc routing protocols to r ate the trust about other nodes in the network and make routing decisions based on the trust matrix, which is formed according to the evidence collected from previous interactions. By incorporating the dynamic feedback mechanism in the routing protocol, misbehaved nodes are identified and avoided to forward packets. In this way,misbehavior can be mitigated.Objective and Sub-tasksThe primary objective of this thesis is to Investigate the state of the art of dynamic feedback mechanisms and protocols analyze, implement and evaluate DSR protocols to see how it improves the network performance and what are the side effects of introducing the mechanism to the mobile ad hoc network.Following tasks must be done to achieve the primary objective.Study the preliminary knowledge that is required to carry out the main tasks. For example, to understand DSR protocol one must have some knowledge of Bayesian analysis to do performance analysis one must learn the methodologies of conducting performan ce analysis and processing simulation data.Investigate security issues of mobile ad hoc network and current dynamic feedback mechanisms or protocols that are used to solve or mitigate the issues.Investigate and learn how to use the network simulation tool. There are several popular network simulation tools available and we need to choose the one that best suits our needs. The selected network simulator should be studied so that we can use it as platform to implement protocol and conduct simulations.Analyze and implement the DSR protocol based on Dynamic Source Routing protocol (DSR) evaluate the network performance.Structure of the ReportSince we have almost gone through the chapter one, we only briefly present the content of the subsequent chapters in this section.Preliminary InformationState of the ArtAnalysisDesignImplementation and Tests PerformanceAnalysisConclusion and Future WorkPreliminary informationwe have introduced the MANET. This chapter presents other preliminary infor mation and concepts that will be used in other parts of the thesis. Firstly four general modes of routing operations are introduced and compared. The DSR protocol, which is used as underlying routing protocol in the thesis, is explained in detail. Secondly Bayesian estimation and Beta function are explained to pave the way for the analysis of the reputation model of DSR in the chapter 4. Thirdly some techniques regarding simulation and performance analysis are presented. Finally, several popular network simulation tools are discussed and compared.Mobile Ad Hoc Network Routing ProtocolsNowadays there are various routing protocols proposed for the MANET. The most popular ones are DSDV (Destination-Sequenced Distance Vector), TORA (Temporally- Ordered Routing Algorithm), DSR (Dynamic Source Routing) and AODV (Ad-hoc On Demand Distance Vector). These routing protocols can be categorized in different routing operation modes.Mode of Routing OperationsThese two modes concern whether or not nodes in an ad hoc network should keep track of routes to all possible destinations, or instead keep track of only those destinations of immediate interest Proactive protocols store route information even before it is needed. This kind of protocols has advantage that communications with arbitrary destination experience minimal delay. However it also suffers from the disadvantage that additional control traffic is needed to continually update stale route information. This could significantly increase routing overhead especially for the MANET where the links are often broken. Reactive protocols, on the contrary, acquire routing information only when it is actually needed. However, the latency of the communication increases tremendously especially when a node communicates to another at the first time.Source routing vs. Hop-by-hop routingThese two modes concern whether the source node decides the route for a packet to be forwarded to the destination or the intermediate nodes are allowe d to decide the next hop until the packet arrives at the destination. In the source routing protocols, the source node decides the route and puts the route information in the packet header. All the intermediate nodes forward the packet along the route faithfully. This kind of protocols has advantage that the intermediate nodes are not required to maintain the routing information. But it suffers from the disadvantage that the packet size grows because of source routing information carried in each packet. In the hop-by-hop routing protocols, it is sufficient for the source to know only how to get to the next hop and intermediate nodes find their own next-hops until the destination. In contrast to source routing protocols, hop-by-hop routing protocols do not increase packet size but they requires all the intermediate nodes to maintain routing information.Table 2-1 Categories of routing protocolshas compared the performance of these four routing protocols . The results show that DSR has best throughput performance (above 95%) at all mobility rates and movement speeds. Thus we will use DSR as basic routing protocol in this thesis.The Dynamic Source Routing Protocol (DSR)John et al. proposed the dynamic source routing protocol (DSR) 1 which is a routing protocol for use in multi-hop wireless ad hoc networks of mobile nodes. DSR is an ondemand protocol, in which route are only discovered when data need to be transmitted to a node where no route has yet been discovered. The advantage of this on-demand routing protocol is that there are not any periodic routing advertisement and reducing the routing overhead. DSR is also a source routing protocol, allowing multiple routes to any destination and allows each sender to select and control the routes used in routing the packets. DSR is composed of the two main mechanisms Route Discovery and Route Maintenance which are explained below.Route DiscoveryRoute Discovery aims at finding routes from a source node to destination. Fi gure 2-1 illustrates the procedure of Route Discovery. When a source node S wants to send a data packet to some destination node D, it first searches its route cache to find whether there is a route to D. If there is no route to D, then S will initiate a Route Discovery and send outRoute Request message which is propagated to all the nodes within its transmission range. At the mean time, it saves the data packet in its send buffer. The Route Request message contains the addresses of source node and destination node, a unique route request identifier and a route record which records all the intermediate nodes that this route request packet has traveled through. S appends itself to the beginning of the route record when it initiates the message.When a node receives the Route Request message, it compares the destination address in the message with its own address to judge whether itself is the destination node. If it is not, it will append its own address in the route record and propag ate the message to other nodes. If the node is the destination node, it will send a Route Reply message to the source node and the message contains the source route record which is accumulated when the Route Request message is forwarded along its way to the destination. When the destination sends the Route Reply, if it uses MAC protocols such as IEEE 802.11 that require a bidirectional link, it just reverse the source route record and use it as route to send Route Reply to the source node. Otherwise it should find the route by searching its route cache or sending out a Route Request which piggybacks the Route Reply for the source node. When the source node receives the Route Reply message, it puts the returned route into its route cache. From then on all the packets destined to the same destination will use this route until it is broken.Route MaintenanceSince the ad hoc network is dynamic and the topology of the network changes frequently, the existing routes maintained by nodes in their route cache are often broken. After forwarding a packet, a node must attempt to confirm the reachability of the next-hop node. If the node does not receive any confirmation from the next hop during a certain period of time, it will retransmit the packet. If after a maximum number of retransmission it still does not receive any confirmation, it will think the link to the next hop is broken and will send a Route Error message to the source node.DSR proposes three acknowledge mechanisms to confirm that data can flow over the link from that node to the next hopLink-layer acknowledgement which is provided by MAC layer protocol such as IEEE 802.11.Passive acknowledgement in which a node hears the next-hop node forwarding the packet and thus confirms the reachability of the link.Network-layer acknowledgement in which a node sends an explicit acknowledgement request to its next-hop node.Passive AcknowledgementPassive Acknowledgement (PACK) is important in DSR protocol because it is us ed to detect whether the next hop forwards the packet or drops it. We explain it in detail in this section.Passive acknowledgement is used with the assumption thatNetwork links operates bi- directionally.The network interface is in the promiscuous mode. When a node taps a new packet in promiscuous mode after it originates or forwards a packet, it consider it as an acknowledgement of the first packet if both of following check success.The Source Address, Destination Address, Protocol, Identification, and Fragment Offset fields in the IP header of the two packets MUST match.If either packet contains a DSR Source Route header, both packets MUST contain one, and the value in the Segments Left field in the DSR Source Route header of the new packet MUST be less than that in the first packet.If no matched packet is found during PACK timeout, the node will consider the link between the next hop and itself is broken and will send Route Error message to the source node.Additional featuresDSR has additional features such as replying to route requests using cached routes, caching overheard routing information, packet salvaging and flow state extension and etc. We will introduce them in section 4.1 and discuss how they will impact the performance of network, how they will interact with DSR and whether they will be enabled in our simulation.Performance Analysis TechniquesThis section introduces the performance analysis techniques and methodologies that will be used in the performance evaluation.Factors and Primary FactorsThere are many parameters that will influence the simulation results and need to be carefully chosen in the simulations. Some parameters are chosen based on experience values or the conditions of the network we want to simulate. Others need to be tuned to optimize the network performance. We distinguish the two kinds of parameters as followsFactors are the variables that affect the simulation result and have several alternatives. Normally they are decided b ased on experience.Primary factors are the factors whose effects need to be quantified. This kind of factors usually needs to be adjusted through simulation.Data MeasurementThe key step of the network performance analysis is to interpret the simulation result and summarize the characteristic of the network. To avoid the inaccurate simulation results due to an extreme scenario, we usually run simulations on several different scenarios. The data set of these simulations are called sample. A single number must be presented to give the key characteristic of the sample and this single number is called an average of the data. There are three alternatives to summarize a sampleMean is obtained by taking the sum of all observations and dividing this sum by the number of observations in the sample.Median is obtained by sorting the observations in an increasing order and taking the observation that is in the middle of series. If the number of the observations is even, the mean of the middle tw o values is used as a median.Mode is obtained by plotting a histogram and specifying the midpoint of the bucket where the histogram peaks.Confidence Interval for the MeanIn our performance evaluation, the main objective is to compare the simulation results of DSR and Standard DSR to see whether there is any performance improvement. However, most simulation results are random in some degree due to the particularity of the node movement scenarios and we cannot tell whether the two systems are different. One way to minimize the random effect is to repeat the simulations with different scenarios as many times as possible and get a large sample space. Unfortunately, due to the time limitation we cannot conduct many simulations. points out that using confidence interval we can tell whether the two systems are different with smaller sample space. The confidence interval for the mean can be calculated using If the confidence intervals of the simulation results of the two systems have no ove rlap, then we can claim the two systems are different and one system is superior or inferior to the other.GloMoSims source and binary code can be downloaded only by academic institutions for research purposes. Commercial users must use QualNet, the commercial version of GloMoSim.OPNET ModelerOPNET Modeler is commercial network simulation environment for network modeling and simulation. It allows the users to design and study communication networks, devices, protocols, and applications with flexibility and scalability 30. It simulates the network graphically and its graphical editors mirror the structure of actual networks and network components. The users can design the network model visually.The modeler uses object-oriented modeling approach. The nodes and protocols are modeled as classes with inheritance and specialization. The development language is C.ComparisonWhen choosing a network simulator, we normally consider the accuracy of the simulator. Unfortunately there is no conclu sion on which of the above three simulator is the most accurate one. David Cavin et al. has conducted experiments to compare the accuracy of the simulators and it finds out that the results are barely comparable 31. Furthermore, it warns that no standalone simulations can fit all the needs of the wireless developers. It is more realistic to consider a hybrid approach in which only the lowest layers (MAC and physical layers) and the mobility model are simulated and all the upper layers (from transport to application layers) are executed on a dedicated hosts (e.g. cluster of machines). Although there is no definite conclusion about the accuracy of the three network simulators, we have to choose one of them as our simulation environment. We compare the simulators using some metrics and the results are summarizedAfter comparing the three simulators, we decide to choose ns2 as network simulator in our thesis becauseNs2 is open source free software. It can be easily downloaded and install ed.The author of the thesis has used ns2 in another network related course and gotten familiar with the simulation. Ns2 uses TCL and C++ as development languages for which the author has some programming experience.The author of the DSR protocol has conducted simulation on GloMoSim and gotten performance results. We want to do the simulation on a different simulation to form comparison.State of the ArtIn this chapter we will introduce the start of the art security solutions in MANET with emphasis on dynamic feedback mechanisms. Firstly, we will present the general security issues/requirements of MANET to pave the way for the future investigation. Then we will discuss the state of the art security mechanisms for MANET such as payment system,trust management system, reputation system, etc. Finally, we will summarize all the security solutions we discussed in this chapter.Security Issues in Mobile Ad Hoc NetworkDue to lack of central infrastructural and wireless links susceptible to at tacks, security in ad hoc network has inherent weakness. In section 1.2 we have discussed the reasons why mobile ad hoc network imposes security challenges that cannot be solved by traditional security mechanisms. In this section, we present the general security properties required by ad hoc network.Following are general security properties regarding ad hoc networkConfidentiality The confdiantiality property is to protect certain information from unauthorized disclosure. The information includes not only the application data that send over the routing protocol, but also the routing information itself as well as network topology and geographical location.Integrity The integrity ensures that the transmitted message and other system asset are modified only by authorized parties. In the routing level, it requires all nodes in the network following correct routing procedure.The main challenge of ensuring integrity is that without central infrastructure and powerful computing capabilities , it is difficult to apply existing cryptography and key management systems.Availability The availability property requires that the services or devices are exempt from denial of service, which is normally done by interruption, network or server overload. Typical examples or denial of service attack are radio jamming, in which a misbehaved node transmit radio to interference other nodes communications, and battery exhaustion, in which a misbehaved node interact with a node for no other purpose than to consume its battery energy.Authentication The authentication property requires that the communication entitys identification is recognized and proved before communication starts.Access control This property requires restricting resources, services or data to special identities according to their access rights or group membership.Non-repudiation This property ensures that when data are sent from sender to receiver, the sender cannot deny that he has sent the data and the receiver cannot deny that he has received the data.Mobile nodes may conduct different misbehavior for different purposes. Po-Wah Yau classifies the misbehaved nodes into following categories.Failed nodes are simply those unable to perform an operation this could be because power failure and environmental events.Badly failed nodes exhibit features of failed nodes but they can also send false routing messages which are a threat to the integrity of the network.Selfish nodes are typified by their unwillingness to cooperate as the protocol requires whenever there is a personal cost involved. Packet dropping is the main attack by selfish nodes.Malicious nodes aim to deliberately disrupt the correct operation of the routing protocol, denying network service if possible. These four types of misbehaved nodes actually can be categorized in two aspects whether their misbehaviors are intentional or unintentional, and the severity of the results.Payment SystemsPayment systems provide economic incentives for th e cooperation in MANET. They consider that each node in MANET is its own authority and tries to maximize the benefits it gets from the network. Thus each node tends to be selfish, dropping packets not destined to them but make use of other nodes to forward their own packets. The purpose of payment systems is to encourage the cooperation within the MANET by economic incentives. There are several variations of payment systems proposed.NugletsNuglets is a virtual currency mechanism for charging (rewarding) server usage (provision). Nodes that use a service must pay for it (in nuglets) to nodes that provide the service. A typical service is packet forwarding which is provided by intermediate nodes to the source and the destination of the packet. Therefore either the source or the destination should pay for it.There are two models for charging for the packet forwarding service the Packet Purse Model (PPM) and the Packet Trade Model (PTM).In the Packet Purse Model, the sender pays for the packet. It loads the packet with a number of nuglets when sending the packet. Each intermediate forwarding node acquires some nuglets from the packet that covers its forwarding costs. If a packet does not have enough nuglets to be forwarded, then it is discarded. If there are nuglets left in the packet once it reaches destination, the nuglets are lost. In the Packet Trade Model, the destination pays for the packet. Each intermediate node buys the packet from previous one for some nuglets and sells it to the next one for more nuglets until the destination buys it. Either of the two models has advantages and disadvantages. While the Packet Purse Model deters nodes from sending useless data and avoids the network overloading, the Packet Trade Model can lead to an overload of the network and the destination receives packets it does not want. On the other hand, in the Packet Purse Model it is difficult to estimate the number of nuglets that are required to reach a given destination. But thePacket Purse Model does not need to consider this problem. To take advantages of the two models and avoid the disadvantages, a hybrid model is suggested. In this model, the sender loads the packet with some nuglets before sending it.The packet is handled according to the Packet Purse Model until it runs out of nuglets. Then it is handled according to the Packet Trade Model until the destination buys it.CounterTo address the problems encountered by the nuglets approach such as difficulty in estimating pre-load nuglets and possible network overload, another payment approach based on credit counter is suggested. In this approach, the current state of each node is described by two variables b and c, where b is the remaining battery power and cstands for the value of its nuglet counter. More precisely, b is the number of packets that the node can send using its remaining energy and c is the number of packets a node canoriginate.A node can originate a number of packets N only when the condition c=N holds. When a node forwards a packet, nuglet counter c is increased by one and b is reduced by one. Thus in order to originate packets, each node must earn credits by forwarding packets. The counter solution requires tamper resistant hardware security module.SpiritS. Zhong et al. proposed Sprite 19, a credit-based system for MANET. As opposed to Nuglets or Counter they do not require tamper-proof hardware to prevent the fabrication of payment units. Instead, they introduce a central Credit Clearance Service (CCS). The basic scheme of the system is as follows. When a node receives a message the node keeps a receipt of the message and reports to the CCS when the node has a fast connection to Credit Clearance Service (CCS). The CCS then determines the charge and credits to each node involved in the transmission of a message, depending on the reported receipts of a message.In this scheme, the sender charges money. A node that has forwarded a message is compensated, but th e credit that a node receives depends on whether or not its forwarding action is successful. Forwarding is considered successful if and only if the next node on the path reports a valid receipt to the CCS.Discussion on the Payment SystemsThe payment systems we describe in above sections either assumes a tamper resistant hardware module is available to ensure that the behavior of the node is not modified or requires a central authority server to determine the charge and credit to each node involved in the transmission of a message. Tamper resistant hardware may not be appropriate for most mobile devices because it demands advanced hardware solution and increases the cost of the devices. Lacking of central authority server is right the inherent property of MANET that causes security challenges so it is also not appropriate. Furthermore, all the approaches described above suffer from locality problems 20 that nodes in different locations of the network will have different chances for e arning virtualcurrency, which may not be fair for all nodes. Usually nodes at the periphery of the network will have less chance to be rewarded.Reputation SystemReputation systems have emerged as a way to reduce the risk entailed in interactions among total strangers in electronic marketplace. Centralized reputation systems have been adopted by many on-line electronic auctions such as eBay to collect and store reputation ratings from feedback providers in a centralized reputation database. Decentralized reputation systems used by MANET, on the other hand, do not use centralized reputation database. Instead, in these reputation systems, each node keeps the ratings about other node and updating the ratings by direct observation of the behaviorsof neighboring nodes or second hand information from other trusted nodes. Identifies three goals for reputation systemsTo provide information to distinguish between a trust-worthy principal and an untrustworthy principals.To encourage principals to act in a trustworthy mannerTo discourage untrustworthy principals from participating in the service the reputation mechanism is present to protect.Most of the reputation systems in MANET are based on trust management system. Trust is such a subjective and dynamic concept that different entities can hold different opinions on it even while facing the same situation. Trust management system can work without reputation system. For example, a mobile node can form opinion about other nodes by direct experience with the nodes.We can unify reputation system and trust management system to dynamic feedback mechanisms. Former one is a global reputation system and mobile nodes share their own experiences of interaction with other nodes. The later one is a local reputation system in which mobile nodes rating the trustability of other nodes based on its own observation.DSRDSR is a reputation system aiming at coping with misbehavior in MANET. The idea is to detect the misbehaved nodes and iso late them fromcommunication by not using them for routing and forwarding and by not allowing the misbehaved nodes to use itself to forward packets. DSR stands for Cooperation Of Nodes Fairness In Dynamic Ad-hoc Network. It usually works as an extension to on demand routing
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.