Chapter 4 Trusted neighbors based Secured Routing Scheme in WSN using Agents Secured routing in Wireless Sensor Network should focus on identifying the neighbors which are free from various types of attacks. It becomes a challenging task to identify the neighbors that are trustworthy since viruses, malwares, etc. make the nodes not only to pretend as if they are trustworthy and free from any types of attacks but also create a feeling that they are involved in avoiding all types of threats. In such a situation, traditional mechanisms of security schemes may not be sufficient and thus we need intelligent schemes to overcome the challenges. Software agent technology provides the promising secured routing mechanism where in autonomous agents are involved in identifying all types of security threats and secured routes in WSN’s with the help of neighbor nodes that are trustworthy and the routes may be created using such neighbors. In this chapter, we propose Agent based SEcured Routing using Trusted neighbors (ASERT) in WSN. ASERT selects trustworthy neighbors and establishes secured routes using software agents. ASERT relies on the trusted neighbors which are identified by agents as discussed in chapter 3. Secured routes are established operates in following phases. (1) Defining Safeguard Agency (SA) and Routing Agency (RA), both consisting of static and mobile agents and knowledge base. (2) Identification of trustworthy neighbor nodes by SA 81
25
Embed
Chapter 4 Trusted neighbors based Secured Routing Scheme ...shodhganga.inflibnet.ac.in/bitstream/10603/49296/10/10_chapter 4.pdflength using computer simulations under several conditions.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Chapter 4
Trusted neighbors based Secured
Routing Scheme in WSN using Agents
Secured routing in Wireless Sensor Network should focus on identifying the neighbors which
are free from various types of attacks. It becomes a challenging task to identify the neighbors
that are trustworthy since viruses, malwares, etc. make the nodes not only to pretend as if
they are trustworthy and free from any types of attacks but also create a feeling that they
are involved in avoiding all types of threats. In such a situation, traditional mechanisms of
security schemes may not be sufficient and thus we need intelligent schemes to overcome the
challenges. Software agent technology provides the promising secured routing mechanism
where in autonomous agents are involved in identifying all types of security threats and
secured routes in WSN’s with the help of neighbor nodes that are trustworthy and the
routes may be created using such neighbors.
In this chapter, we propose Agent based SEcured Routing using Trusted neighbors
(ASERT) in WSN. ASERT selects trustworthy neighbors and establishes secured routes
using software agents. ASERT relies on the trusted neighbors which are identified by agents
as discussed in chapter 3. Secured routes are established operates in following phases. (1)
Defining Safeguard Agency (SA) and Routing Agency (RA), both consisting of static and
mobile agents and knowledge base. (2) Identification of trustworthy neighbor nodes by SA
81
Chapter 4. Trusted neighbors based Secured Routing Scheme in WSN using Agents 82
with trust model that consists of probability and Message Authentication Codes (MAC)
model. (3) Probability model estimates the trustworthy channel and trustworthy nodes
whereas MAC model ensures them. (4) MAC’s are dynamically computed by agents by
generating the keys with the help of Random Oracle Extractor (ROE). (5) RA establishes
secured routes from source to the sink node using agents. (6) Agents effectively identify
possible security threats on wireless channel and node. (7) An improvement in packet delivery
ratio, packet delivery latency, route maintenance overhead, memory overhead and energy
consumption is achieved in ASERT as compared to two protocls, namely, Bio-inspired Trust
and Reputation model in WSN (BTRM-WSN) using ant colony based approach and Ambient
Trust Sensor Routing (ATSR) that uses trust combined with location information for routing.
4.1 Related Works
Some of the related works are as follows. A compromised node locator for detecting and
locating compromised nodes is proposed in [63]. The scheme uses collision resilient hashing
mechanism known as incremental hashing to sign the incoming, outgoing and locally gen-
erated/dropped message sets. Hash values are then sent to the sink node for trusted node
comparisons. The authors explains procedure to securely collect these hash values and then
locate compromised nodes. The scheme can also be combined with existing en-route false
report ltering methods to achieve both early false report dropping and accurate compromised
nodes isolation.
The authors in [64] discuss prior security threat analysis of third generation mobile
network architectures for wireless mesh back-hauls. It proposes security model for the con-
sidered architecture and provides a list of the basic assumptions, security objectives, assets
to be protected by intelligent act of agents. On this basis, the potential security threats are
analyzed, discussed and then assessed for their corresponding risk factors.
A secure mechanism to accomplish a trusted relationship between sensors in the wireless
networks according to trusted computing group specifications is proposed in [65]. It describes
how the trusted platform is established followed by the description on trusted authentication
Chapter 4. Trusted neighbors based Secured Routing Scheme in WSN using Agents 83
protocol that confirms only trusted nodes existed in the network. The authors also analysed
on the energy consumption for the trusted platform and the authentication protocol. Four
different ways to incorporate trust knowledge in location-based routing algorithms which
balance trust and location information is proposed in ATSR[66]. Routing solution used as
weighted routing cost function to perform trust and location-aware routing. It evaluated
delivery ratio in the existence of malicious nodes, packet latency and near optimal path
length using computer simulations under several conditions.
The authors in [67] propose a framework called UNMASK that mitigates attacks such
as wormholes, sybil attack and selective forwarding by detecting, diagnosing, and isolating
the malicious nodes. UNMASK uses the ability of a node to oversee its neighboring nodes
communication. It builds a secure routing protocol LSR(Lightweight secure routing pro-
tocol), that provides additional protection against malicious nodes by supporting multiple
node-disjoint paths on top of UNMASK. The authors in [68] propose a hierarchical trust
management protocol leveraging clustering to cope with a large number of heterogeneous
sensor nodes for scalability and re-congurability as well as to cope with selsh or malicious
sensor nodes for survivability and intrusion tolerance. The authors address the key design
issues of trust management including trust composition (what trust components are consid-
ered), trust aggregation (how information is aggregated for each trust component), and trust
formation (how trust is formed from individual trust components).
The authors in [69][70] propose TARF- a trust aware routing framework which secures
the multi-hop routing in WSNs against intruders exploiting the replay of routing information
by evaluating the trustworthiness of neighboring nodes. It identies such intruders that mis-
direct noticeable network trafc by their low trustworthiness and routes data through paths
circumventing those intruders to achieve satisfactory throughput. The authors in [71] pro-
pose LSRP- link state routing protocol based on trust by eliminating the malicious nodes
from the network. The protocol incorporates a trust computational model with direct and
indirect experiences based on traditional weighting approach of the QoS characteristics such
as packet forward, data rate, power consumption reliability. The trust management sys-
tem at the node computes trust table for network nodes using a threshold to find out the
Chapter 4. Trusted neighbors based Secured Routing Scheme in WSN using Agents 84
benevolent nodes of the network then using link state routing finds all available paths by
eliminating the malicious nodes.
4.2 Our contributions
Agent based secured routing in WSN using trusted neighbors uses two agencies: safeguard
agency and routing agency. Safeguard agency identifies trustworthy neighbors and routing
agency establishes secured routes through trustworthy neighbors. Identification of trustwor-
thy neighbors has been discussed in chapter 3.
Our contributions in this work are as follows. (1) Defining routing scheme with the help
of trustworthy neighbors and routing database. (2) Employing agents to traverse through
trustworthy neighbors and establish secured routes to the sink node using various types
of databases maintained with the nodes. (3) Monitor secured routes by adapting route
maintenance mechanism for various link/node failures and security breaches. (4) Simulation
analysis for various parameters and performance comparison with BTRM-WSN and ATSR.
4.3 Secured routing using trusted neighbors
A sensor node willing to transmit the information to the sink node securely is required to do
so by finding the trusted neighbors through which the routes can be set up. It becomes im-
portant to identify the trusted neighbors since the neighbors may be compromised by various
types of attacks. The challenge is to find trustworthy neighbors. The fundamental require-
ment to identify trustworthy neighbors depends upon two components. (1) Trustworthiness
of a channel connecting the neighbors and (2) trustworthiness of a neighbor node itself. We
use trust model that comprises of probability model and MAC model to identify trustworthy
neighbors, through which secured routes are set up. These components are discussed in trust
model.
Chapter 4. Trusted neighbors based Secured Routing Scheme in WSN using Agents 85
We use same probability model given in section 3.3.1 in chapter 3 with little modifi-
cation in MAC model to identify trusted neighbor nodes. The modification in MAC model
is in deriving keys k1 and k2 using Random Oracle Extractor instead of k-ERF generator.
The details of MAC model is discussed in this section.
4.3.1 MAC model
The cryptographic systems are designed to perform complicated encryption and hence the
message authentication becomes challenging in spite of various attacks from adversaries.
Many protocols are designed based on the assumption that the hosts posses a secret random
string known as key and it is conveniently taken for granted that the entire key is kept secret
from an adversary. There might be a possibility that an adversary may detect a part or
entire key which is called as key exposure problem and it has significant practical interests.
The primary message is encrypted with a key generated by ROE [72][73] and creating MAC
with the generated key.
The reason for using ROE for the key generation is that it provides highly randomness
in the generated key such that if any part of the key is known to the adversary, it is not
possible to recover the entire key. We introduce the mechanism of MAC generation using
ROE and describe how the scheme is implemented to identify the trusted neighbors in order
to maintain confidentiality, authentication and integrity. The ROE is used to generate
random keys. The model of the random oracle over the function f is given in Equation 4.1.
f : {0, 1}b → {0, 1}k (4.1)
which maps b dimension non-uniform input distribution to k dimension uniform output
distribution. The adversary may be allowed to search at up to t points, and possibly the
input distribution is made to depend on these t searches. This means that an extractor takes
a weakly random b-bit input with a uniform random seed and produces an k-bit output that
looks uniformly random up to t searches. The remaining unsearched (2b − t) values of f
are chosen randomly and they are independent of input space. In this process, unsearched
Chapter 4. Trusted neighbors based Secured Routing Scheme in WSN using Agents 86
values are hidden from the adversary.
We use t searches comparatively lesser than 2b such that the large number of values
are hidden from the adversary. ROE algorithm can be realised in all the sensor nodes by
selecting the suitable values of b and t depending upon the application. It requires few lines
of the codes for its implementation.
The process of generating MAC using ROE is shown in Figure 4.1. Since the keys k1
and k2 generated from ROE are highly random within a very large distribution space, it is
almost impossible for an adversary to detect the keys and thus high level of security features
such as authentication, confidentiality and integrity are maintained in ASERT.
Message
+
Message+MAC
k1
+Transmitted message
k2
Random Oracle Extractor
Random Oracle Extractor
Figure 4.1: MAC generation to identify trusted neighbors
The MAC encrypted message is sent to the neighbors that are found to be trustworthy
by probability model. Re-computation of MAC on neighbor nodes ensures the trustworthi-
ness of the wireless channel and the sensor node thereby endorsing the trusted neighbors
identified by the probability model.
4.3.2 Secured route establishment
Secured routes are established through the trustworthy neighbors that are identified by the
trust model. A sensor node willing to establish secured routes to the sink node creates
Request Packets (RQ) and distributes RQ packets to all trustworthy neighbors. Every RQ
packet is modified as Route Reply packet (RR) by the sink node upon reaching the sink
node successfully. The components of RQ and RR packets are as follows.
Chapter 4. Trusted neighbors based Secured Routing Scheme in WSN using Agents 87
• Node address: It is the address of the source node willing to establish routes to the
destination or sink node.
• Sink node address: It is the address of the sink node, where the data is to be delivered.
• Visited node address: It is the address of the neighbor node or intermediate node on
the path from source to sink node. Some of the visited nodes may become a part of
the route that is established.
• Hop Distance (HD) in meters: It is the distance between the node and its one hop
neighbor. (The distance between two nodes is obtained using the distance formula
with nodes coordinate values).
• Route Distance (RD) in meters: It is the distance between the source node and a
visited node. It helps in establishing shortest routes to the sink.
• Trusted neighbor flag (T): T=1, if the node is trustworthy, else T=0.
• Forwarding node flag (F): A trustworthy node is on the route if F=1, else F=0.
• Path Information (PI): Sequence of addresses of sensor nodes on the path from source
node to sink node. This field is appended with the address of every visited node.
• Route Establishment Flag (REF): For RQ packet, REF=1 and for RR packet REF=0.
• Sequence number (Seq-no): It is the number assigned for every RQ packet by the
source node.
Secured route establishment in WSN comprises of two phases: Request phase and
Reply phase. In request phase, RQ packets (REF=1) are routed from source node to the
sink node through trusted nodes by appending the address of every visited node in PI field.
In reply phase, shortest secured routes are established from source to sink node.
Every sensor node maintains routing and neighbor related information in its Routing
Data Base (RDB) and the routes are set up using the information in RDB. RDB gets updated
as and when the node processes RQ/RR packets during which RDB prunes the information
Chapter 4. Trusted neighbors based Secured Routing Scheme in WSN using Agents 88
related to earlier neighbors and thereby RDB has only the optimum data to be stored. A
typical RDB maintained at a node is shown in Table 4.1 where a1, a2, a3, etc. represent the
sensor node addresses. The memory overhead due to RDB is well within the capability of
available sensor nodes in the market [74]. Simulation analysis given in Figure 4.6 in Section
4.6.4 shows that the average memory overhead at each node is less than 1500 bytes for
ASERT.
Table 4.1: Routing Data Base(RDB)Node address Neighbor node RD F T Pr(TN) Seq-no.