Efficient Method for Secure Transmission from Malicious Nodes through Certificate Authentication | Open Access Journals

ISSN ONLINE(2320-9801) PRINT (2320-9798)

Efficient Method for Secure Transmission from Malicious Nodes through Certificate Authentication

M.L.Vijin Stephi1 and Dr.B.Latha2
  1. PG Student, M.E.Computer Science and Engineering, Sri Sairam Engineering College, Chennai-44, Tamilnadu, India
  2. Professor, Department of CSE, Sri Sairam Engineering College, Chennai-44, Tamilnadu, India
Related article at Pubmed, Scholar Google

Visit for more related articles at International Journal of Innovative Research in Computer and Communication Engineering

Abstract

The main reason for switching from wired network to wireless is the dynamic nature of the nodes. Since the nodes in the MANET have the capability of moving, there is a high possibility of violating the security of the network. The certificate verification involves maintaining secure connections against spoofing and invalid certificates; and the certificate validation examines the certificates to check the recipient’s identity. In this paper we proposed a scheme called certificate revocation to prevent the network from malicious attacks. If the certificate of the malicious node is revoked, then it is impossible to communicate with any other nodes in the network by the malicious node. By doing so, it is possible to have Cluster-to-Cluster communication in a secure manner.

Keywords

Cluster-based routing protocol, Certificate Revocation, Certificate Verification and Validation, MANET, security, Cluster-to-Cluster;

INTRODUCTION

Mobile Ad hoc Networks (MANETs) are a kind of wireless ad hoc network. It is a self-configuring network of mobile devices and does not need any infrastructure. This type of mobile network is formed by a number of self-organized mobile nodes such as cell phones, palm handheld computers, iPods, etc. These devices can act as both routers and end users. The reason for using MANET is it does not need any infrastructure support. So it is not assured that all the nodes in the network are trusted. It has all the functionalities of traditional network such as seamless interaction, neighbor discovery, data routing abilities. It provides flexible network architecture so that it can able to provide communication in the case of the limited connectivity range and resource constraints. It enables fast establishment of networks and using the service discovery protocol each node finds its neighbor node to transmit the packet. The MANET architecture is shown in the figure 1
Each device in MANET is free to join, free to move independently in any direction and then leave the network at any time. Due to the dynamic nature MANET is vulnerable to any kind of attacks. If any intermediate node that does not transmit the receiving packet to its neighbor or it sends many numbers of acknowledgements for a single received packet, then this type of node is considered as a malicious node. This node violates the security of the network. Protecting legitimate nodes in the network from malicious attacks must be considered. To improve security certificate revocation scheme is used and is completely based on public key infrastructure (PKI). This scheme enhances the security and robustness of the network.
Certificate is a certificate provided by the Trusted Authority (TA) which makes the mobile node that joins in the network authenticated. Any node that wants to communicate with other nodes in the network has to get the certificate from the Trusted Authority. Without the certificate it cannot able to communicate with other nodes in the network. Similarly each node can transmit packet to the nodes which are in the transmission range.

RELATED WORK

For mobile ad hoc networks many types of certificate revocation techniques have been developed. The simplest technique is Certificate Revocation List (CRL) [1]. In this technique, the list is managed by single CA or it can be shared by multiple CAs. Each node in the network can be assigned with a digital signature which is valid for a particular time period.CA revokes the certificate of the malicious nodes and puts them in the CRL. The information about the list of nodes in the CRL is broadcasted to all the nodes in the network.
URSA technique [2] does not support any third party system such as CA to issue a certificate for authentication. The nodes get their certificate from their neighborhood nodes to join in the network. It gets votes either from the neighborhood node or from all the nodes in the network to decide whether the particular node is accused or not. This type of voting does not address false accusation and makes the network overhead higher. Such a technique is called voting-based certificate revocation.
Another approach that comes under non-Voting-based scheme is Suicide for common good [3]. In this technique CA is responsible for managing the certificates of all the nodes which are joining in the network. Here the accusing node sacrifices itself to remove an attacker node from the network. The main drawback in this approach is it does not differentiate the falsely accused node from the legitimate malicious attackers.

PROPOSED WORK

Cluster-based Certificate Revocation scheme [4] is used to revoke the certificate of the accused node to prevent the network from the attack. To find the accused node, the nodes in the network are grouped into several clusters. The process of clustering is done by using the Cluster- based Routing Protocol (CBRP). Each cluster in the network has a head called Cluster Head (CH) and the other nodes within the cluster are called as Cluster Members (CMs). Cluster Members should be in the transmission range of the Cluster Head. Authentication is done by the Trusted Authority and is also called as Certificate Authority (CA). The clustered network is shown in figure 2.
It is possible to detect the falsely accused node using the CH. The CH is selected based on either by getting votes from the nodes in its transmission range or by considering the information like packet handling rate, how many packets it has transmitted already and its energy. The former technique increases the overhead in the network and there is a chance of losing packet; so it is not preferred and the latter technique has the advantage over voting based scheme. It does not need any packet transmission to vote and hence reduces the network traffic in the network.
To make revocation process success and quicker, it needs Warned List (WL), Black List (BL). The WL is used to hold the accusing nodes and the BL is used to hold the accused nodes.CA generates certificate and send to all CHs. All CHs generate their own master key. CH sends its master key to its members within the cluster. By using the master key of the corresponding CH, all CMs generate subordinate keys. The master key is split into n subordinate keys; where n is the number of CMs. The subordinate key should be matched with the master key of its CH. If both are not matched, they should not able to communicate with each other. The entire process is shown in the figure 3.
It is possible to implement cluster-to-cluster communication or group-to-group transmission. In general, different cluster heads have different keys. To communicate these two cluster heads, they should be matched. Generally they do not match. To make these two keys matched, advanced hashing function method is used.
Certificate verification is an important tool which is used to protect the secure connections from spoofing and invalid certificates. Spoofing is an attack in which the attacker node transmits packets with the source address field containing an address of a legitimate node which has valid certificate to transfer; similarly any attacker node without valid certificate can send unwanted packets to the various nodes in the network to violate security. Such kinds of attacks can be avoided by certificate verification process.
Certificate Validation examines the certificate of the recipient’s identity. This prevents the network from unwanted packet transfer from legitimate node to the malicious node and thereby can improve the security of MANET.

IMPLEMENTATION

The CA provides certificate to each node in the network. If there is any accused node in the network, then it will not transmit the original packet from the source to the destination. To make the transmission secure, the certificate of the attacker node should be revoked.
The revocation process involves three stages - accusing, verifying and notifying. If the accused node is found, its certificate is verified for its certificate. If the certificate is invalid, it is revoked. At last the notification is sent to all the nodes through the cluster heads in the network except to the one which is the malicious. After that the WL, BL are updated for denoting the revocation process. If the node is falsely accused, then it is removed from the black list and is kept in the warned list.
The virtual implementation of this paper is shown using Network Simulator (NS2.34) and Fedora Operating System. The implementation of this technique is shown in the following figures. Each node in the Mobile Ad Hoc Network transmits Hello packets to the neighborhood nodes to determine the active links.
The existing system of voting based mechanisms has many disadvantages. This can be illustrated in the figure 4. There may be a loss of packets while electing for cluster head and there may be a chance of selecting malicious node as a cluster head. It also increased the communication overhead and increased revocation time.
After both certificate verification and validations, the Cluster Heads are selected for secure communication among the nodes in MANET. This is shown in figure 5

CONCLUSION

In this paper we have overcome the demerits of the existing voting-based certificate revocation by revoking the certificate of the malicious node by forming clusters in the network, which reduces the network traffic. Similarly, the time taken to perform certificate revocation is reduced in this proposed technique when compared with the time taken in the existing voting- based technique. It increases the reliability and the accuracy of the network. Group-to-group transmission is achieved. The effectiveness of the cluster based technique has been experimented using network simulator.

Tables at a glance

Table icon Table icon
Table 1 Table 2
 

Figures at a glance

Figure 1 Figure 2 Figure 3 Figure 4 Figure 5
Figure 1 Figure 2 Figure 3 Figure 4 Figure 5
 

References