Security model of wireless ad hoc network based on ADHOC-ECDSA algorithm

Abstract

Wireless ad hoc network is popular in the research direction of network, and it has quite good application foreground in both civil and military aspect. However, traditional network and wireless ad hoc network distinguishes from one another on self-organization, which leads to a new problem, that traditional network security protection technology cannot be applied directly. Now whether wireless ad hoc network can be applied and popularized, and whether safe wireless ad hoc network can be constructed to ensure its security becomes vital. In this paper, the author assumes that a model based on ADHOC-ECDSA algorithm can cover all problems, including identity authentication combined with allocation address. Then we can modify basic algorithm by applying elliptic curve, and complete safety single hop, or even complete safety multi hop based on the algorithm of routing security protocol. In this paper, by analyzing the research progress of the network and its requirements of security protection, and by applying testing machine to prevent invasion, we present specific model design plan and analysis of security protection. In the mean time, popularization of wireless ad hoc network becomes possible.

Keywords

Wireless ad hoc network ADHOC-ECDSA algorithm security model network security

1. Introduction

Wireless ad hoc network is a self-management network system with wireless receiving and transmitting function. It does not require prefabricated infrastructure, and it can multi hop without any delay. It is often used in earthquake relief work, or place where cannot be covered by traditional wired network which demands infrastructure. It is worth researching and spreading [1].

Without the support of prefabricated infrastructure, the traditional solution to security problem cannot be applied on it, which makes all of security algorithms and routing protocols of traditional network unable to apply. While again, its own security is vital, because it is often used in area such as military, and aspect like earthquake combating [2].

Faced with these problems, the scholars all over the world have been doing research and they have presented some solutions. The direction of the research is about routing protocol, node trust and invasion testing. However, few mention how we can construct a wireless network to protect comprehensively. The main idea of the paper is about full analysis on wireless ad hoc network security combined with software [3]. However, it is too simple and one-sided when analyzing complicated network that it has no possibility for operation. The paper points out the relationships among security parameter, signal processing and network topology, but the security system is not complete [4]. More, it is not clear when it comes to offering different protections to meet different needs. The paper is about a security system completed by hardware. It is mostly about wireless sensor link layer, and has no relations with network layer [5].

In this paper, we want to produce a wireless ad hoc network security model based on the problems existed in the three papers. Researchers can have a further understanding of wireless ad hoc network and do further research based on this paper. This paper also offers some experience to other researchers.

2. State of the art

2.1 Framework of wireless ad hoc network security model

Wireless ad hoc network does not need infrastructure. Therefore, traditional security protection cannot be applied, which makes it get attacked and threatened more easily [6]. Its security goal has little difference from traditional network, and also equipped with safety, integrity and usability of data, and resistance of invasion. Those network security threats also includes data theft and tampering and user identity disguise [7]. Figure 1 presents multi-layered ad hoc network security model. It is a model based on ADHOC-ECDSA algorithm. It can cover all problems, including identity authentication combined with allocation address. Then we can modify basic algorithm by applying elliptic curve, and complete safety single hop, or even complete safety multi hop based on the algorithm of routing security protocol. The following parts offer solutions to each part of security strategies to achieve usability, safety, and integrity of data.

Figure 1.

Security architecture for adhoc networks.

2.2 Security status of wireless ad hoc network

Network security routing protocol, identity authentication, user key management, routing security, testing for invasion constitutes the security system of mobile ad hoc network and sensor network. According to different attack approaches, we divide four categories to protect network, which are validation of service, denial of service, selfish nodes, and routing security [8].

In ad hoc network, each node has router function, because a mobile node or a main engine requires other nodes to send data packet to its destination node. If some nodes refuse to send data to other legal nodes, or other nodes are facing hostile attack, it may leads to severe security threat and leads to denial of service and routing attack.

Authentication and encryption technology is vital in ad hoc network security. The protocol presents an effective method to manage ad hoc network heterogeneous node. MOCA uses public key infrastructure (PKI) technology. While facing the security problem, those selfish nodes that refuse to offer transmission data to other nodes are the key. By simulating reality experiment, we come out a way to conserve energy. When forwarding transmission data, each node will consume up 80% of total energy.

Now there is a way to face the threats brought by selfish nodes. Each node needs saving a data of the selfish nodes around, which is credit ranking of neighbor nodes. According to the credit ranking, we can choose some selfish neighbor nodes to shield and isolate. The solution to ad hoc network routing attack is challenging, because nodes of ad hoc network has routing function. When designing routing protocol, we cannot put the security problem into routing protocol. Routing protocol is often divided into two categories, which are AODV and DSDV. These two can also be divided into reactive routing protocol and pre-reactive routing protocol. AODV produces requirements first. Then it will go through security test. While DSDV needs security test anywhere and anytime so that it can update security table.

3. Methodology

3.1 Basement security algorithm

In order not to produce more algorithms in network, ad hoc network requires higher security, but less complexity. Therefore, we use elliptic curve to produce a new security algorithm, which is suitable to ADHOC network. This kind of elliptic curve cryptosystem type becomes popular on research since 1997. The security is based on hard processing of discrete logarithm problem of elliptic curves over finite fields. The equation is as the following:

$\displaystyle y^{2}={x}^{3}+Ax+B\quad A,B\in K$ (1)

The difficult part is: for given discrete point P and Q, it is hard to find integral l to make IP $=$ Q. When we apply elliptic curve into cryptosystem and make P as public key and Q as private key, the biggest security point cannot be acquired by mutual deduction. For $a$ and $b$ in finite group, if there is positive integer $n$ to make $an=b$ , then solving ${n}=\log_{a}b$ is called as discrete logarithm problem on finite groups. While for discrete point P and Q on elliptic curve, obtaining i to make IP $=$ Q is called as elliptic curve discrete logarithm problem. The merit of elliptic curve cryptosystem is that once the public key length of ECC is 160, it can compare with 1024 length in RSA. When length is reduced and complexity is lowered, it can adapt to wireless environment.

In the process of encrypting by using elliptic curve, backstepping is the biggest burden in algorithm. We need to solve $K^{-1}$ in ECDSA first if we want to obtain $S$ . $K^{-1}\textit{mod }n$ is slow for large integer $K$ . When verifying signature, we still need to calculate $S^{-1}\left({\textit{mod }n}\right)$ . We construct a new signature plan, which is ADHOC-ECDSA, to make the process of calculation need no back stepping.

In ADHOC-ECDSA, we input what signature message m and substance A requires, which are main domain parameters ${D}=\left({{q},{FR},{a},{b},{G},{n},{h}}\right)$ and corresponding key pairs $\left({{d},{Q}}\right)$ . The output is elliptic curve digital signature algorithm ( $r$ , $s$ ).

3.2 Multi hop security

Without the support of prefabricated infrastructure, the traditional solution to security problem cannot be applied on it, which makes all of security algorithms and routing protocols of traditional network unable to apply. Therefore, we need to revise the protocol and algorithm on the basis of its own traits, or design a new protocol, which is only for ad hoc network. There is a routing protocol MSOSR (MANET Secure Online/Offline Signcryption Routing Protocol), which is revised on the basis of AODV by applying ADHOC-ECDSA algorithm. AODV (ADHOC On-Demand Distance Vector) protocol is a typical example of on-demand routing, which is applied extensively on MANET due to its high efficiency and low expense. The advantage is obvious while the disadvantage is fatal. The protocol has no system of security protection. When the wireless network is attacked, the network will face a complete collapse. Therefore, we need to improve its security capability by controlling router via encrypting number signature.

Figure 2.

Packet transmission rate between MSOSR and AODV (left).

4. Result analysis and discussion

The plan designs a security model, which is for fragile security system of ad hoc network. By using existing test bed and terminal device, we construct a new security protocol. It can resist wrong routing message, expired routing message and damaged routing message sent by external attacker. The efficiency is almost the same as primitive AODV, because it is divided into online and offline. By applying ADHOC-ECDSA algorithm, we can make wireless network more secure and resist more attack.

When node gets into network, each node begins to calculate offline sign cryption. It is because, that signcryption is produced randomly. Node can choose any random number to calculate sign cryption. When the request of routing begins, node will produce message packet according to routing protocol. The process of calculation is really fast, because we only need function evaluation once. When it is completed, the total data of the node and the outcome of the signcryption can be sent to neighbor node. When neighbor node receives the message packet, it will broadcast the packet to next node. To be more efficient, authentication process can be finished offline. Only through authentication, the receiving node can update its routing table according to the message in the packet. The algorithm is as the following in Table 1.

From Figs 2–4, we can know that after revision, the new designed protocol is close to primitive protocol in three aspects: network throughput, transmission rate and PREQ ratio. It can be proved that new protocol with new algorithm does not sabotage the merits of primitive protocol, and keeps the finding and maintaining ability of the primitive protocol utmost. In Fig. 5, the revised protocol is higher than primitive protocol in average end to the end when the nodes are moving. This is because routing message needs to be operated safely when receiving and sending, which consumes certain time and resource. Even so, at the end, which is the signature part, we use offline synchronization method to make the-most-consuming-time-and-energy part more effective. Therefore, total consuming time is not too much comparing to the primitive protocol. We can almost ignore it.

Table 1
Online/off line sign cryption scheme

Establishment phase	The same as ADHOC-ECDSA, $D=(q,FR,a,b,G,n,h)$
Offline phase	1. Random selection $r$ , let $r<n$ , 2. Output ( $R, K$ ), and $R=r\times G=(r_{1},r_{2})$ . $K$ is a pre assigned private key.
Online phase	1. When there is message $M$ and offline check ( $R, K$ ), let The symmetric encryption algorithm is used to obtain the cipher text $C=E_{K}(M)$ , 2. Using Hash algorithm to get $h=H(\textit{MPr}_{1})$ , 3. Calculating $S=$ (r $+$ hdr1). mod $n$ . The result is a three tuple ( $C, R, S$ ).
Validation phase	1. Using symmetric algorithms to decrypt $M=D_{K}(C)$ , 2. Using Hash algorithm to get $h=H(\textit{MPr}_{1})$ , and $r_{1}$ is the co factor of $R$ , 3. Calculating whether $S\times G-h\cdot r_{1}\times Y$ is equal to $R$ , and $Y=d_{A}G$ , If it does, accept $M$ , if not, give up $M$ .

Figure 3.

RREQ ratio between MSOSR and AODV (right).

Figure 4.

Network throughput between MSOSR and AODV (left).

Figure 5.

End to end delay between MSOSR and AODV (right).

Figure 6.

Network throughput when there are 2 attack nodes between MSOSR and AODV (left).

Figure 7.

Attack node packet loss rate when there are 2 attack nodes between MSOSR and AODV (right). Note: 1. AODV protocol; 2. MSOSR protocol.

Figures 6 and 7 give network throughput and loss rate of attack node packet, when there are two attack nodes in network using block holes. We can see that, the throughput of AODV protocol is lowered a lot after attack. When attacking nodes, its rate of interception and loss comes up to 70% of the total group due to no security measure in AODV protocol. However, for the revised algorithm, the nodes is not affected too much when attacked. When approaching no-attack-node status (Fig. 2), the transmission rate of AODV and the loss rate of attack node packet is 0, which means network is capable of verifying this attack node type. Attack node cannot sign the message right, and it will be dumped at the receiving end without doubt. In the end, the attack node will not be on the path of data division group. It represents that the improvement is obvious on revised algorithm.

5. Conclusion

Wireless ad-hoc network itself does not need infrastructure. Therefore, traditional security protection protocol cannot be applied directly. More, its own apply area is way too difficult and easily attacked. All of these disadvantages lead to its difficulty in solving security problem. The plan points out a new assumption. The author wants to build up a new protocol and measurement to solve the security problem of ad hoc network. In this paper, the author assumes that a model based on ADHOC-ECDSA algorithm can cover all problems, including identity authentication combined with allocation address. Then we can modify basic algorithm by applying elliptic curve, and complete safety single hop, or even complete safety multi hop based on the algorithm of routing security protocol. In this paper, by analyzing the research progress of the network and its requirements of security protection, and by applying testing machine to prevent invasion, we present specific model design plan and analysis of security protection. The security model in this paper can solve the security problem of ad hoc network with the angle of security system, and forms a solid ground for the practical application of ad hoc network both in military and civil. The model and its method is pragmatic, but it is applied in only one routing protocol. For other protocols, we cannot do valid deduction. We cannot do experiment under other network circumstances, which makes its validation and general applicability unable to be proved under different network circumstances.

References

Mariantonietta

L.P.

Fabio

and Daniele

, A survey on security for mobile devices, IEEE Communications Surveys and Tutorials15(1) (2013), 446–471.

and Liu

et al., Distributed combined authentication and intrusion detection with data fusion in high-security mobile ad hoc networks, IEEE Transactions on Vehicular Technology60(3) (2011), 1025–1036.

Fadlullah

Z.M.

Nishiyama

and Kato

et al., Intrusion detection system (IDS) for combating attacks against cognitive radio networks, IEEE Network27(3) (2013), 51–56.

Han

S.Y.

and Lee

, An adaptive Hello messaging scheme for neighbor discovery in on-demand MANET routing protocols, IEEE Communications Letters17(5) (2013), 1040–1043.

Mitrokotsa

and Dimitrakakis

, Intrusion detection in MANET using classification algorithms: the effects of cost and model selection, Ad Hoc Network11(1) (2013), 226–237.

Xenakis

Panos

and Stavrakakis

, A comparative evaluation of intrusion detection architectures for mobile ad hoc networks, Computers & Security30(1) (2011), 63–80.

Paillassa

Yawut

and Dhaou

, Network awareness and dynamic routing: the ad hoc network case, Computer Networks55(9) (2011), 2315–2328.

Minh

H.L.

Sexton

and Aslam

, Self-adaptive proactive routing scheme for mobile ad-hoc networks, IET Networks4(2) (2015), 128–136.