CBSRP: Cluster Based Secure Routing Protocol - Semantic Scholar

3 downloads 252 Views 250KB Size Report
Signature is not necessary inside cluster communication. For. Cluster-Cluster authentication we proposed to use Digital. Signature. CBSRP ensures secure ...
CBSRP: Cluster Based Secure Routing Protocol Md. Monzur Morshed1, 2

Md. Rafiqul Islam1

Department of Computer Science American International University-Bangladesh1 TigerHATS2 [email protected], [email protected]

Department of Computer Science American International University-Bangladesh1 Dhaka, Bangladesh [email protected]

Abstract— Cluster Based Secure Routing Protocol (CBSRP) is a MANET routing protocol that ensures secure key management and communication between mobile nodes. It uses Digital Signature and One Way Hashing technique for secure communication. According to CBSRP, it forms a group of small clusters consist of 4-5 nodes and after that the communication takes place between mobile nodes. Inside a cluster, there is always a cluster node or cluster head. The cluster head inside the cluster is not permanent as other nodes stay in the queue and based on the priority new cluster node or cluster head is elected from rest of the node. Inside a cluster, mobile nodes are authenticated using One Way Hashing concept and Digital Signature is not necessary inside cluster communication. For Cluster-Cluster authentication we proposed to use Digital Signature. CBSRP ensures secure communication which will be energy efficient as we segmented the whole network into small set of clusters. Keywords— Secure Management, Cluster

I.

Routing;

MANET;

CBSRP;

Key

INTRODUCTION

Security in MANETs is a big issue due to its rapid use and application in military. Military networks have mission-critical tasks and information. Improper use of information or using forged information may cause unwanted information leakage and responsible for inaccurate results. Most security schemes in MANETs make use of symmetric key cryptography where one thing required in either case in the use of keys for secure communication. Managing key distribution is not unique to MANETs, but again constraints such as small memory capacity make centralized keying techniques impossible. A security scheme in MANETs must provide efficient key distribution while maintaining the ability for communication between all relevant nodes [1]. In this paper, we proposed a model of secure routing protocol “Cluster Based Secure Routing Protocol (CBSRP)” which is a cluster oriented key distribution method based on one way hash chain and digital signature. According to our proposed model, the cluster node will be elected during the initial network setup process. After electing the cluster node, each of the mobile node’s hash key will be indexed in cluster node’s cache. One way hash functions are used to construct disposable secret keys instead of choosing private key in public key infrastructure [2]. The reason to use one way hash function is to ensure integrity. Any nodes can take part as cluster node based on their request made which is fully dependent on requests made first. In next step, path

between cluster-cluster nodes will setup. Once Cluster-Cluster authentication will be authenticated using Digital Signature, cluster node(s) will be elected inside cluster(s) and follow the process of past cluster operation occurred. The aim of CBSRP is to ensure secure key management among mobile/cluster nodes and secure communication. Along with these aims, CBSRP is energy efficient method as we considered the whole network into a group of small clusters so that it can ensure load balancing among mobile nodes. II.

RELATED RESEARCH STUDY

In reference [3], authors proposed a novel Cluster Based Routing Protocol (CBRP) to improve the sensor network lifetime. According to their research result, CBRP achieves a good performance in terms of lifetime by balancing the energy load among all the nodes. In reference [4], authors employed the secret-sharing technique to distribute a system master-key among a preselected set of nodes, called D-PKGs that offers a collaborative private-key-generation service to satisfy the demand for private keys during network operation. They identified pinpoint attacks against D-PKGs and propose anonymizing D-PKGs as the countermeasure. They also determined the optimal secret-sharing parameters to achieve the maximum security. In reference [5], authors presented a new trust evaluation scheme in an ad hoc network. They proposed a cluster-based trust evaluation scheme, in which neighboring nodes form a cluster and select one node as a cluster head and it was proposed to overcome the limited information about unfamiliar nodes and to reduce the required memory space. In reference [6], authors presented a framework for key management that provides redundancy and robustness for Security Association (SA) establishment between pairs of nodes in MANETs. Their proposed Key Management Systems (KMS) uses a modified hierarchical trust Public Key Infrastructure (PKI) model in which nodes can dynamically assume management roles. The system ensures high service availability for the network members through a number of schemes. A novel behavior grading mechanism provides security criteria for the network nodes and aids the management functions of the KMS to revoke or reissue certificates for nodes. This mechanism in based on the notion of trust, and more specifically on Security Associations (SAs) among nodes in the entire network. According to their research result, this KMS increases service availability for all nodes, increases flexibility in accommodating new nodes,

minimizes pre-configuration, and can dynamically reconfigure itself based on the network environment. In reference [7], authors proposed a two layer hierarchical routing protocol called Cluster Based Hierarchical Routing Protocol (CBHRP). They introduced a new concept called head-set, consists of one active cluster head and some other associate cluster heads within a cluster. The head-set members are responsible for control and management of the network. According to their result CBHRP protocol is energy efficient and enhances the life time of sensor network as compared to LEACH. In reference [8], authors proposed a hierarchical key management scheme (HKMS) for secure group communication in MANETs. To ensure strong security they encrypted a packet twice. Due to dynamic changes in MANET, they also emphasized group maintenance. In reference [9], authors designed a multiple access scheme to broadcast control messages, and proposed a new access-based clustering protocol (ABCP), in which cluster formation is heavily influenced by the outcome of the multiple accesses. According to their research, ABCP provides generic, flexible, rapidly deployed and stable cluster architecture for upper layer protocols. It makes clustering decision directly based on the result of channel access. It requires fewer control overheads and shorter convergence time than the other clustering criteria. In reference [10], authors proposed group key management architecture and key agreement protocols for secure communication in MANETs overseen by Unmanned Aerial Vehicles (UAVs). They used the implicitly certified public keys method that reduces the overhead of the certificate validation checking process and improves computational efficiency. The proposed architecture uses a two-layered key management approach, where a group of nodes in divided into: cell groups consisting of ground nodes, and control groups consisting of cell group managers. This approach benefits the effects of membership change are restricted to the single cell group. In reference [11], authors proposed ELCH (Extending Lifetime of Cluster Head) routing protocol having the properties of self-configuration and hierarchal routing. It reforms the existing routing protocols in several aspects and constructs clusters on the basis of radio radius and the number of cluster members so that the clusters in the network are equally distributed. III.

DESCRIPTION OF CLUSTER BASED SECURE ROUTING PROTOCOL (CBSRP)

According to our proposed model (CBSRP) for secure routing, we have considered a group of small clusters which includes 45 nodes along with a cluster node or cluster head. In Figure1, the blue circled nodes are mobile node/cluster member and the gray node is cluster node/cluster head. According to Figure 1, Grey Circle: Cluster Node Blue Circle: Mobile/Sensor Node/Cluster Member

Figure 1: Single Cluster Scenario Cluster Node: A node that is configured to be a cluster member. A cluster node might or might not be a current member [12]. Cluster Member: An active member of the current cluster incarnation. This member is capable of sharing resources with other cluster members and providing services both to other cluster members and to clients of the cluster [12].

Figure 2: One Way Hashing between Node1-Node2 Inside a single cluster (Figure 1), initial communication set up between nodes will take place using one hashing mechanism (Figure 2). Once they are authenticated the communication will be done in traditional Ad Hoc Communication way. Our proposed model forms a small cluster of 3-4 nodes with a cluster node. It means 4-5 mobile nodes will set up a small cloud and if there are 4 nodes then the single cluster will have 3 nodes plus 1 cluster node. And if 5 nodes then the single cluster will have 4 nodes plus 1 cluster node. We proposed this model considering limited power source in MANETs and

WSNs. It will also be easy for the small cluster networks to distribute key using one way hashing concept. According to Figure 2, it is a scenario of One Way Hashing between Node1 and Node2. The purpose of One Way Hashing is to ensure authentication between mobile or sensor nodes. The scenario depicts the authentication process of Node 1 and Node2 for secure communication. The whole process takes place in 4 (four) steps. Initially, Node1 send requests Node2 to set a communication path and sends Node1’s Hash information and network information i which also known as network parameters such as Channel Access Probability, Transmission Power or Radius, Network Load, Density of Nodes, Latency, Data Rate, Bit Error Rate and Energy Consumption. After first step, now Node2 sends N2 (Node2’s Hash Key) and N1 req information to cluster node. In third step, Cluster node sends N1 (Node1’s Hash Key) and N2 (Node2’s Hash Key) to Node1. Finally, Node1 sends N2 (Node2’s Hash Key) to Node2 which verifies the authenticity of (Node1 and Node2) via Cluster Head by exchanging their Hash Keys. TABLE I.

HASH KEY/VALUE EXCHANGE BETWEEN NODES INSIDE SINGLE CLUSTER (FIGURE 1)

Node1 Hash Key

Cluster Node Node2 Node3 Hash Key Hash Key

Node4 Hash Key

Node2 Hash Key

Node1 Node3 Hash Key

Node4 Hash Key

Node1 Hash Key

Node2 Node3 Hash Key

Node4 Hash Key

Node1 Hash Key

Node3 Node2 Hash Key

Node4 Hash Key

Node1 Hash Key

Node4 Node2 Hash Key

Node3 Hash Key

Initially, after forming a cluster according to Figure 1, Cluster node is formed and rest of the mobile nodes’ Hash Key/value will be sent to Cluster node inside the cluster. Now the Cluster node is informed about the mobile nodes that are exist inside the single cluster. After this process, mobiles nodes will share each other’s Hash Key/value via Cluster node. Once mobile nodes share their Hash Key, the nodes will communicate using the concept of distance vector routing. We have considered Cluster node in our proposed model to ensure security as each node will have to authenticate them via Cluster node. Once the mobiles nodes are authenticated then they can request other nodes for secure data transmission. As a result, while intruder or malicious nodes intrude the network or particular mobile nodes then the mobile nodes will recognize it as outsider or unknown node and malicious nodes will be discarded and blocked. The reason is malicious node/s do not know the formation of Hash Key/value, so it cannot generate such Hash Key/value. There is a possibility of DoS/DDos attack but our proposed method is capable of preventing such attacks in small scale. If the mobile nodes receive any unknown request then mobile nodes first check whether they have the Hash Key of that node or not. If the mobiles nodes do not find unknown node’s Hash Key/value in their Hash Key table then the unknown node will be blocked and discarded. Steps of One Way Hashing In Figure 2: Step 1: Initially Node 1 sends its Hash key to Node 2 Step 2: Node 2 sends its key and node information to Cluster Node C1 Step 3: Node 1 acquires information from Cluster Node C1 Step 4: Finally, Node 1 sends Node 2’s secret information to communicate securely. TABLE II.

N1 req N1 N2 i H1 Hc1 ID1 ID2 IDc1 TABLE III.

In (Table I), we have explained the proposed scenario (Figure 1). Inside the Cluster there are four mobile nodes and one cluster node. Initially the mobile nodes cannot communicate with each other. In order to communicate each other, mobile nodes have to authenticate them via Cluster node (Figure 2). According to Table I and Figure 1, each mobile/sensor node will contain the Hash key of other mobile/sensor nodes. Here, we generated the Hash key based on Node ID, Node Private Key, Data/Message, and Network Parameters which is ensuring the security of node’s private key as other nodes do not know the sequence of private key, only hash key sequence are known to them.

Node ID TABLE IV.

Node ID

NOTATION USED IN THE SCHEME (FIGURE 2)

Node 1 request to communication with Node 2 Information of Node 1 Information of Node 2 Network Parameters Hash Key of Node 1 Hash Key of Cluster Node C1 Node 1’s ID Node 2’s ID Cluster Node C1’s ID HASH KEY GENERATION FOR SINGLE CLUSTER OPERATION

Hash Key Generation Node Private Data/Message Key

Network Parameters

DIGITAL SIGNATURE GENERATION FOR CLUSTER-CLUSTER OPERATION

Digital Signature Generation Certificate Node Private Key Generate Hash Key

Figure 3: Cluster-Cluster authentication using Digital Signature (Image developed based on the idea of [15, 16])

Figure 4: Cluster-Cluster Signature Verification Table III depicts the Hash Key Generation process of our proposed method. Network Parameters are considered as Channel Access Probability, Transmission Power or Radius, Network Load, Density of Nodes, Latency, Data Rate, Bit Error Rate and Energy Consumption. More specifically Network Parameters are user defined. Depending on network and available resources Network Parameters are kept arbitrary. Considering ad hoc low power and minimizing computation cost, there are also several securing routing protocols (ARIADNE by Hu, Perrig, & Johnson, 2002 [13]; LHAP by Zhu, Xu, Setia, and Jajodia [17]) that are proposed to use symmetric keys to encrypt and authenticate. One way Hash function is a commonly used cryptographic technique that derives other techniques such as Hash Chain, TESLA key, Merkle Hash Tree and Hash Tree chain [1]. We suggest using Symmetric cryptography primitives considering minimum computation cost, hash function and timestamp for our proposed model based on the concept of ARIADNE [13] due to its high efficiency. ARIADNE is the secure extension of DSR [13] that uses a one-way HMAC key chain (i.e., TESLA) for message authentication. A receiver is assumed to possess the last released key of the sender's TESLA key chain [14].

Table IV depicts the process of Digital Signature generation for our proposed model. Here, Certificate can be the Node MAC Address or may be any unique random number that proves the authenticity of particular Node. Digital signatures, hash functions, and hash functions based on a message authentication code (HMAC) (Menezes, Oorschot, & Vanstone, 1996) [18] are techniques used for data authentication or integrity purposes in securing MANETs [2], and for our proposed method we suggest similar mechanism to securely share digital signature to ensure Cluster-Cluster authentication and communication securely. TABLE V.

m Kp, A S Kpub, B C Kp, B Kpub, A

NOTATION USED IN THE SCHEME (FIGURE 4)

Message Private Key of A Produced Signature Public key of B Cipher text Private Key of B Public Key of A

According to Figure 4, A sends message and B receives it. i) A produces signature S: S = E(Kp, A, m) ii) Now A enciphers (encrypts) S using B’s public key: C = E(Kpub, B, S) iii) B receives C and deciphers it: Figure 6: Multiple Clusters while transmission

S = D(Kp, B, C) iv) B verifies that A signed m: m = D(Kpub, A, S)

Figure 7: Cluster-Cluster Path Setup Figure 6 shows the communication between multiple clusters. For Cluster-Cluster communication Cluster Nodes have to authenticate themselves using Digital Signature and for secure data communication/information sharing One Way Hashing method is considered. Figure 7 shows the Cluster-Cluster Path Setup. IV.

CONCLUSION

In this paper, we proposed a secure routing protocol named "Cluster Based Secure Routing Protocol". Our design approach considers (1) a cluster model, (2) cluster to cluster communication, (3) hash key management and (4) digital signature to ensure secure communication and information sharing. Our framework is suitable for ad-hoc network applications where the overall group population is stable, the subgroup communication is frequent and highly dynamic, and the mobility of a mobile node within its cluster and communication range. Our proposed method is not only limited to Ad-hoc network but it is also applicable in secure cloud computing. REFERENCES [1]

[2]

Figure 5: Flow Chart of Proposed Model

F. Amin, A. H. Jahangir, and H. Rasifard, "Analysis of Public-Key Cryptography for Wireless Sensor Networks Security", World Academy of Science, Engineering and Technology 41, 2008 J. Chen and J. Wu, "A Survey on Cryptography Applied to Secure Mobile Ad Hoc Networks and Wireless Sensor Networks" to appear in Handbook of Research on Developments and Trends in WIreless Sensor Networks: From Principle to Practice, H. Jin and W. Jiang (eds), IGI Global, 2010.

[3]

Bager Zarei, Mohammad Zeynali and Vahid Majid Nezhad, "Novel cluster based routing protocol in wireless sensor networks". IJCSI Intl. J. Comput. Sci. 7(4), 32-36, 2010 [4] Y. Zhang, W. Liu, W. Lou, Y. Fang, and Y. Kwon, “AC-PKI: Anonymous and certificateless public-key infrastructure for mobile ad hoc networks,” in IEEE ICC’05, Seoul, Korea, May 2005. [5] S. Jin, C. Park, D. Choi, K. Chung, H. Yoon, Cluster-based trust evaluation scheme in an ad hoc network, ETRI Journal 27 (4) (2005) pp. 465–468. [6] G. Hadjichristofi, W. Adams, and N. Davis, "A Framework for Key Management in Mobile Ad Hoc Networks", International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II, 2005, pp. 568-573. [7] Md. Golam Rashed, M. Hasnat Kabir, Muhammad Sajjadur Rahim, Syaikh Enayet Ullah, "Cluster Based Hierarchical Routing Protocol For Wireless Sensor Network", International Journal of Computer and Network Security (IJCNS) Edition Volume 2 No, May 2010. [8] Nen-Chung Wang , Shian-Zhang Fang , “A hierarchical key management scheme for secure group communications in mobile ad hoc networks”, Science Direct, The Journal of Systems and Software 2007. [9] Ting-Chao Hou and Tzu-Jane Tsai, “An Access-Based Clustering Protocol for Multihop Wireless Ad Hoc Networks,” IEEE JSAC, vol. 19, no. 7, July., 2001, pp. 1201–10. [10] K. H. Rhee, Y. H. Park, and G. Tsudik, “An Architecture for Key Management in Hierarchical Mobile Ad-hoc Networks,” J. Commun. and Networks, vol. 6, no. 2, June 2004, pp. 156–62. [11] Jalil Jabari Lotf, Mehdi Nozad Bonab and Siavash Khorsandi. A Novel Cluster-based Routing Protocol with Extending Lifetime forWireless Sensor Networks, In Proceedings of International Conference on Wireless and Optical Communications Networks(WOCN ’08), 2008.

[12] Cluster Node and Cluter Member URL: http://docs.oracle.com/cd/E19263-01/816-6873/index.html [13] Y. Hu, A. Perrig, D. Johnson, Ariadne: a secure ondemand routing protocol for ad hoc networks, in: ACM Annual International Conference on Mobile Computing and Networking (MOBICOM), September 2002, pp. 12–23. [14] Hao Yang, Haiyun Luo, Fan Ye, Songwu Lu, and Lixia Zhang, "Security in Mobile Ad Hoc Networks: Challanges and Solutions" [15] Vagner Schoaba, Felipe Eduardo Gomes Sikansi, Luiz Castelo Branco, "Digital Signature for Mobile Devices: A New Implementation and Evaluation"; International Journal of Future Generation Communication and Networking, Vol. 4, No. 2, June, 2011 [16] Digital Signature Diagram URL: http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svg [17] S. Zhu, S. Xu, S. Setia, and S. Jajodia, "LHAP:a lightweight hop-by-hop authentication protocol for ad-hoc networks" in Proceedings of International Workshop on Mobileand Wireless Network, 2003. [18] Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone., “Handbook of Applied Cryptography” CRC Press ISBN: 0-8493-85237. October 1996, 816 pages