Embed Size (px)
Transcript of cryptographic manet
Cryptographic Versus Trust-based Method s for MANET Routing Security
Abstract Mobile Ad-hoc Networks (MANETs) allow wireless nodes to form a network without requiring a xed infrastructure. Early routing protocols for MANETs failed to take security issues into account. Subsequent proposals used strong cryptographic methods to secure the routing information. In the process, however, these protocols created new avenues for denial of service (DoS). Consequently, the trade-o between security strength and DoS vulnerability has emerged as an area requiring further investigation. It is believed that dierent trust methods can be used to develop protocols at various levels in this trade-o. To gain a handle on this exchange, real world testing that evaluates the cost of existing proposals is necessary. Without this, future protocol design is mere speculation. In this project, we give the rst comparison of SAODV and TAODV, two MANET routing protocols, which address routing security through cryptographic and trust-based means respectively. We provide performance comparisons on actual resource-limited hardware. Finally, we discuss design decisions for future
IntroductionIn traditional wireless networks, a base station or access point facilitates all communications between nodes on the network and communications with destinations outside the network. In contrast, MANETs allow for the formation of a network without requiring a xed infrastructure. These networks only require that nodes have interoperable radio hardware and are using the same routing protocol to route trac over the network. The lessened requirements for such networks, along with the ability to implement them using small, resource-limited devices has made them increasingly popular in all types of application areas. For example, MANET-based sensor networks have been proposed to assist in collecting data on the battleeld. Since there is no xed infrastructure, the nodes in the network forward trac for one another in order to allow communication between nodes that are not within physical radio range. Nodes must also be able to change how they forward data over the network as individual nodes move around and acquire and lose neighbors, i.e., nodes within radio range. Routing protocols are used to determine how to forward the data as well as how to adapt to topology changes resulting from mobility. Initial MANET routing protocols, such as AODV were not
designed to withstand malicious nodes within the network or outside attackers nearby with malicious intent. Subsequent protocols and protocol extensions have been proposed address the issue of security to Many of these protocols seek to
apply cryptographic methods to the existing protocols in order to secure the information in the routing packets. It was quickly discovered, however, that while such an approach does indeed prevent tampering with the routing information, it also makes for a very simple denial of service (DoS) attack . This attack is very eective in MANETs as the devices often have limited battery power in addition to the limited computational power. Consequently, this type of DoS attack allows for an attacker to eectively shutdown nodes or otherwise disrupt the network. The trade-o between strong cryptographic security and DoS has become increasinglyimportantasMANETapplicationsaredevelopedwhichreq uireaprotocol with reasonable security and reasonable resistance to DoS, a kind of middle-ground. It has been suggested that various trust mechanisms could be used to develop new protocols with unique security assurances at dierent levels in this tradeo . However, the arguments for this have been purely theoretical or simulation-based. Determining the actual span of this trade-o in real world implementations is of utmost importance in directing future research and protocol design. It is in this context that this paper considers two proposed protocol extensions to secure MANET routing. The rst, SAODV ,
uses crytographic methods to secure the routing information in the AODV protocol. The second, TAODV , uses trust metrics to allow for better routing decisions and penalize uncooperative nodes. While some applications may be able to accept SAODVs vulnerability to DoS or TAODVs weak preventative security, most will require an intermediate protocol tailored to the specic point on the DoS/security trade-o that ts the application. The tailored protocols for these applications will also require performance that falls between that of SAODV and TAODV. Understanding how the SAODV and TAODV protocols (which are on the boundaries of the DoS/security trade-o) perform on real hardware, and to what extent there exists a performance gap is a prerequisite for being able to develop the intermediate protocols. Such evaluation is not only required for developing intermediate protocols, but also for determining the direction for development of new trust metrics for ad-hoc networks. In this paper we provide the rst performance evaluations for these protocols on real world hardware.
2. Organization ProfileCompany Profile At Mindset It solutions , We go beyond providing software solutions. We work with our clients technologies and business changes that shape their competitive advantages.
Founded in 2000, Mindset It solutions
(P) Ltd. is a
software and service provider that helps organizations deploy,
manage, and support their business-critical software more effectively. Utilizing a combination of proprietary software, services and specialized expertise, Mindset It solutions (P) Ltd. helps mid-to-large enterprises, software companies and IT service providers improve consistency, speed, and transparency with service delivery at lower costs. Mindset It solutions (P) Ltd. helps companies avoid many of the delays, costs and risks associated with the distribution and support of software on desktops, servers and remote devices. Our automated solutions include rapid, touchfree deployments, ongoing software upgrades, fixes and security patches, technology asset inventory and tracking, software license optimization, application self-healing and policy management. At Mindset It solutionsTechnologies, we go beyond providing software solutions. We work with our clients technologies and business processes that shape there competitive advantages.
About The People As a team we have the prowess to have a clear vision and realize it too. As a statistical evaluation, the team has more than 40,000 hours of expertise in providing real-time solutions in the fields of Embedded Systems, Control systems, Micro-Controllers, c Based Interfacing, Programmable Logic Controller, VLSI Design And Implementation, Networking With C, ++, java, client Server Technologies in Java,(J2EE\J2ME\J2SE\EJB),VB & VC++, Oracle and operating system concepts with LINUX.
Our Vision Dreaming a vision is possible and realizing it is our goal. Our Mission We have achieved this by creating and perfecting processes that are in par with the global standards and we deliver high quality, high value services, reliable and cost effective IT products to clients around the world. Clientele Aray InfoTech Inquirre consultancy (U.S.A) K square consultancy pvt Ltd (U.S.A) Opal solutions Texlab Solutions Vertex Business Machines JM InfoTech
Related Work DES Encryption standardDES encrypts and decrypts data in 64-bit blocks, using a 64-bit key (although the effective key strength is only 56 bits, as explained below). It takes a 64-bit block of plaintext as input and outputs a 64-bit block of ciphertext. Since it always operates on blocks of equal size and it uses both permutations and substitutions in the algorithm, DES is both a block cipher and a product cipher. DES has 16 rounds, meaning the main algorithm is repeated 16 times to produce the ciphertext. It has been found that the number of rounds is exponentially proportional to the amount of time required to find a key using a brute-force attack. So as the number of rounds increases, the security of the algorithm increases exponentially. The Data Encryption Standard (DES) was developed in the 1970s by the National Bureau of Standards with the help of the National Security Agency. Its purpose is to provide a standard method for protecting sensitive commercial and unclassified data. IBM created the first draft of the algorithm, calling it LUCIFER. DES officially became a federal standard in November of 1976.
Figure 5: DES Block Diagram Fundamentally DES performs only two operations on its input, bit shifting, and bit substitution. The key controls exactly how this process works. By doing these operations repeatedly and in a nonlinear manner you end up with a result which can not be used to retrieve the original without the key. Those familiar with chaos theory should see a great deal of similarity to what DES does. By applying relatively simple operations repeatedly a system can achieve a state of near total randomness.
DES works on 64 bits of data at a time. Each 64 bits of data is
iterated on from 1 to 16 times (16 is the DES standard). For each iteration a 48 bit subset of the 56 bit key is fed into the encryption block represented by the dashed rectangle above. Decryption is the inverse of the encryption process. The "F" module shown in the diagram is the heart of DES. It actually consists of several different transforms and non-linear substitutions. Consult one of the references in the bibliography for details.
What is the Limited DES that Enigma Implements?The limited DES mode available in the freeware version of Enigma modifies the DES standard in two ways. First of all, a 32 bit key is used instead of 56 bits [note: 32 bits, NOT 28 bits]. Secondly the data is iterated on only 4 times instead of 16. These changes reduce the computational complexity of