A Routing Protocol based on Trusted and shortest Path Selection for Mobile Ad hoc Network

Hothefa Sh.Jassim1, Salman Yussof2, Tiong Sieh Kiong1, S. P. Koh1, Roslan Ismail2

1College of Engineering 2College of Information Technology

Universiti Tenaga Nasional Malaysia

E-mail: {hothefa, salman, siehkiong, johnnykoh, Roslan}@uniten.edu.my

Abstract— A mobile ad-hoc network (MANET) is a peer-to-peer wireless network where nodes can communicate with each other without the use of infrastructure such as access points or base stations. Nodes can join and leave the network at anytime and are free to move randomly and organize themselves arbitrarily. Due to this nature of MANET, it is possible that there could be some malicious and selfish nodes that try compromise the routing protocol functionality and makes MANET vulnerable to security attacks. In this paper, we present a security-enhanced AODV (Ad hoc On-demand Distance Vector Routing) routing protocol called R-AODV (Reliant Ad hoc On-demand Distance Vector Routing). The implementation of this work is done by modified a trust mechanism known as direct and recommendations trust model and then incorporating it inside AODV which will allow AODV to not just find the shortest path, but instead to find a short path that can be trusted. This enhances security by ensuring that data does not go through malicious nodes that have been known to misbehave. The R-AODV protocol has been implemented and simulated on NS-2. Based on the simulation result, it can be shown that R-AODV does provide a more reliable data transfer compared to the normal AODV if there are malicious nodes in the MANET. Keywords— Trust, security, mobile ad-hoc network (MANET), routing protocol.

I. INTRODUCTION Mobile ad hoc network (MANET) is a network composed only of nodes, these nodes do not have fixed infrastructure or any centralized controller such as access point or server to determine the route of the paths. Thus, each node in an ad hoc network has to rely on each other in order to forward packets and there is a need to use a specific cooperation mechanism to forward packet from hop to hop before it reaches a required destination by using routing protocol. Examples of available routing protocols for ad hoc network are ad hoc on-demand distance vector (AODV) [1], destination sequenced distance vector (DSDV) [2] and dynamic source routing (DSR) [3].The main concept of these routing protocols is to find the shortest path in the source-destination routes selection [4]. These routing protocols can be attacked by several types of attacks such as blackhole [5][6], denial of service DoS [7] [8] and wormhole [9]. These attacks may modify or fabricate routing of packets. Therefore, in mobile ad hoc networks, node

misbehavior due to selfish or malicious reasons can significantly degrade the performance of ad hoc networks. Due to security issues that can occur on MANET, researchers have proposed many mechanisms to prevent and reduce the risk on mobile ad hoc. Most of these mechanisms are focused on how to protect the data transmission network such as access control [9], key management [10] and they are excellent in terms data protection while some of them have focused on how to makes MANET routing protocols discover routes in a secure method such trust models mechanisms. Most of optimization goals in routing protocols are limited to improving the path resilience and the reliable of packet delivery with secure route. However, current ad hoc routing protocols have not fully addressed performance issues related to security by considering the shortest path.

In this paper we proposed an implementation of trust mechanism in the Ad-hoc On-demand Distance Vector routing protocol AODV calls R-AODV that include both trust and shortest path. R-AODV can reduce the risk on MANET that caused by some of attacks such as DoS and blackhole attacks. It also increases the packet delivery fraction by selection the best path. AODV routing protocol is described in section 2. R-AODV is explained in details in section 3. In section 4, we describe the simulation environment to evaluate the performance of R-AODV with three performance metrics (Packet Delivery Fraction, Average End-to-End delay and Normalized Routing Load).

II. AD-HOC ON-DEMAND DISTANCE VECTOR ROUTING PROTOCOL (AODV)

Currently, the most common ad-hoc protocol is the Ad-hoc On-demand Distance Vector routing protocol AODV [1].it is capable of both unicast and multicast routing. It is an on demand algorithm, meaning that it builds routes between nodes only when the source nodes needed it [10]. Also it is a method of routing messages between mobile computers which allows these mobile computers, or nodes, to pass messages through their neighbors to nodes with which they cannot directly communicate. When one node needs to send a message to another node that is not its neighbor it broadcasts a Route Request (RREQ) message. The RREQ message contains: the source, the destination, the lifespan of the message and a sequence number. Once node 1’s neighbors

Proceedings of the 2009 IEEE 9th Malaysia International Conference on Communications 15 -17 December 2009 Kuala Lumpur Malaysia

978-1-4244-5532-4/09/$26.00 ©2009 IEEE 547

receive the RREQ message, there are two options; they will forward the message if they know a route to the destination or they can send a Route Reply (RREP) message back to node if they are the destination. Fig.1 shows an example of broadcasting RREQ and unicasting RREP between source node and destination. Each node has its own routing table which is maintains the following concepts: next-hop, sequence number, hop count and information about all other nodes in the network. When a source node wants to send a data packet to some other destinations nodes in the network, it will first checks its routing table to see if any valid route exists to the destination. If a valid route exists, the source node will send the packet to the next hop found in the source routing table. In case of no existing valid route in the source routing table, source node will initiates a route discovery process, by broadcasting a RREQ message. The RREQ message contains [1]:

1) The source IP address and current sequence number.

2) The destination IP address and destination sequence number (destination sequence number is the last known destination sequence number for this destination).

3) A broadcast ID. Once intermediate node receives the RREQ, first it will checks if it has an active route, or if the existing destination sequence number is smaller than the destination sequence number field of the RREQ. If so, it rebroadcasts the RREQ from its interfaces but using its own IP address in the IP header of RREQ and the TTL in the IP header will be decreased by one, while the Hop Count field in the broadcast RREQ message is incremented by one, to account for the new hop through the intermediate node. But if a route to the Source IP Address already exists and the Source Sequence Number in the RREQ is greater than the destination sequence number of the Source IP Address in the routing table or The sequence numbers are equal, but the hop count as specified by the RREQ is now smaller than the existing hop count in the routing table, the intermediate node will creates or updates a reverse route to the Source IP Address in its routing table [1].

Fig.1 An example of broadcasting RREQ and unicasting RREP between Source node S and Destination D

III. ATTACKS ON AD-HOC ON-DEMAND DISTANCE VECTOR ROUTING PROTOCOL(AODV)

A. Attacks Using Modification Attacks using modification are generally targeted against

the integrity of routing computations [11]. Those attacks may modify the routing protocol so that attacker can control the flows of traffic through a specific node. This traffic can be dropped, redirected to a different destination, or take a longer route to the destination increasing communication delays [12]. Example for modification is that attacker nodes send fake routing packets to generate a routing loop, thus, packets will keep passing through nodes in a cycle without getting their actual destination.

Fig. 2 attacks using modification.

Fig.2 illustrates an example for modification attacks. When malicious node M receives the RREQ that generated by source node A to destination during route discovery, malicious node M will modify the sequence number and broadcasts a RREQ to C with a source sequence number lager than B, then the route from C to A will go through M instead of going through B. Or the same operation may be will happen but using RREP with node B. malicious node M will take the RREP and then send it to B with a destination sequence number lager. Thus, node M can then control the route between A and D. There are numbers of modification attacks method used such as Denial-of-Service (DoS) attacks [7] and Black hole attack [5].

B. Attacks Using Impersonation Impersonation attacks [13] are also called spoofing attacks.

A malicious node can initiate many attacks in a network by masquerading as another node (spoofing). Attacker assumes the identity of another node in the network by altering its MAC or IP address in order to alter the vision of the network topology that a benign node can gather, thus receiving messages directed to the node it fakes[11]. Usually this would be one of the first steps to intrude a network with the aim of carrying out further attacks to disrupt operation.

C. Attacks Using Fabrication Fabrication attacks are performed by generating false

routing messages. These attacks are difficult to identify as they are received as legitimate routing packets. when a malicious node hide its real IP address or MAC address and uses another one, spoofing can occur. It can modify the rooting of some nodes then lead to loops in the network which will increase the power consumption greatly.

548

IV. TRUST MODELS

1. Direct and Recommendation Trust Model

In this kind of trust model the semantics of direct trust values is different from that of recommendation trust values. Yahalom, Klein and Beth in [11] found that when doing authentication in open networks an entity often requires other entities' recommendations. These entities can be viewed as Authentication Servers (AS). This trust model is to prevent contradicting or malicious recommendations from different authentication servers. Thus, it is necessary to provide a mean of estimating the trustworthiness of AS. This trust model divides trust relationships into two types: direct trust and recommendation trust. It introduces trust values to substantiate the trust, and then derive new trust value from existing ones. Different trust values can be combined together to evaluate the trustworthy of an entity.

Direct trust means that node A can trust another node directly using all the existing experiences in A about that node. The idea of recommendation trust was adopted by many other trust model applications such as the other trust models discussed in this section.

The recommendation trust in this trust model often comes along a path. This is effective when the one-hop trust value has been known. But how to get the one-hop trust value is also a major problem that this trust model does not address.

Fig. 3: Direct and Recommendation Trust

Fig. 3 illustrates an example of direct and recommendation trust. When node A wants to send information to node E, node A needs to authenticate node E since node A does not have direct trust with node E. In this case, node A will ask other nodes’ recommendations. Node C who has direct trust for node E, can recommend node E to node B which has direct trust for node C. As a result, Node A can trust node E based on the recommendation reply from node B.

2. Fuzzy Logic Trust Model

D. W. Manchala [12] introduced this trust model that uses fuzzy logic to combine the trust matrix and verify the transactions to extend trust to transacting entities suitably. This trust model uses Weighted Trust Surface (WTS) and Fuzzy Trust Surface (FTS) to represent the trust relationships between two entities during transactions.

In this model, the identification and measurement of variables of trust are based on the quantifiable notion for trust. Also the propagation of trust and computing a single trust matrix are performed between the customer and the vendor that governs the transaction. As result, this model proposes a suitable protocol to protect privacy of trust information which can be used in electronic ecommerce.

3. A Distributed Authentication Trust Model with Recommendation Protocol

The model uses trust categories and trust values to find different levels of trust. The integral trust values in the model vary from -1 to 4 representing distinct levels of trust from absolute distrust (-1) to absolute trust (4). H.Li and M.Singhal [13], also A. Abdul-Rahman and S. Halles [14] utilized a concrete these trust values metric are given to the nodes. The trust values of a node are given in Table 1.

Table 1: Direct Trust Value Semantics

Where the number is, the trust value, and the word in “()” gives the meaning of the value. These will be in trust table created in each node in the network. In this protocol, as long as an entity’s trust value is ≥ 2, it is assigned a “yes”, meaning “trustworthy”, otherwise, it is assigned a “no”, meaning “untrustworthy”. At the beginning, all the nodes can be trusted.

When a node (A) want to trust another node (B), node A first checks its own Trust Table. If node B is in its table and the value is “yes”, then B can be trusted; if the value is “no”, B cannot be trusted. If B is not in A’s Trust Table, A sends a trust-value-request for B’s trust value to all the trustworthy nodes in its Trust Table. If any of these trustworthy nodes does not know B, this node passes A’s request to its trustworthy nodes in its trust table.

Value Meaning Description

-1 Distrust Untrustworthy

0 Ignorance Cannot make trust-related

judgment about entity

1 Minimal Lowest possible trust

2 Average Trustworthiness

3 Good More trustworthy

4 Complete Complete trust

549

4. Subjective Logic Model

Subjective logic [15][16] is a type of probabilistic logic that explicitly takes uncertainty and belief ownership into account. Arguments in subjective logic are subjective opinions about states in a state space [17]. A binomial opinion applies to a single proposition, and can be represented as a Beta distribution. A multinomial opinion applies to a collection of propositions. This approach defines a number of operators [16], where some represent generalizations of binary logic and probability calculus operators, whereas others are unique to belief theory because they depend on belief ownership. One of those operations is the discounting operator. The discounting operator can be used to derive trust along the path. Discounting is used to compute transitive trust. Assume two nodes A and B where A has referral trust in B [18], denoted by

)a,d,u,(t=w AB

AB

AB

AB

AB (Eq1)

In addition B has functional trust in C, denoted by

)a,d,u,(t=w BC

BC

BC

BC

BC (Eq2)

A's indirect functional trust in C can then be derived by discounting B's trust in C with A's trust in B. The derived trust is denoted by

(Eq3)

⊗ : The symbol used to designate this operator [18], while t:

trust, m: mistrust, u: uncertainty and a: base rate.

This mechanism has been used to provide a simple notation for expressing transitive trust relationships among people. The discounting operator is quite useful in the situations where one entity needs to give its own belief about a proposition when given many different recommendations.

IV. RELATED WORKS

Trusted AODV (TAODV) [19] is a good mechanism for AODV security. It uses subjective logic proposed by Josang [15], which is based on subjective believes about the world. In this protocol the trust about a specific node is calculated by using opinion of other nodes. The proposed framework has four basic modules; basic routing protocol, trust model, trusted routing protocol and self-organized key management

mechanism. For trust calculation it uses trust combination. A node collects opinion from all its neighbors about a metric which is calculated by Markov chains. Here the authors assume existence of a fixed public key infrastructure specific node, and then combines them to develop a trust level. For trust recommendation the node uses two special messages: Trust Request (TREQ) message and Trust Reply (TREP) message. The protocol also adds three new fields in the routing table of AODV; positive events, negative events and opinion. The new fields are used for any specific node’s trustworthiness. This protocol extends the basic AODV routing messages by adding trust information fields. TRREQ (Trusted Routing Request) and TRREP (Trusted Routing Reply) are the extended messages in TAODV. TAODV has an efficient trust calculation mechanism but in a large ad hoc network a specific node could exhaust its energy in processing the TREQ and TREP packets. Each node can broadcast TREQ and TREP messages to its neighbors with high reliability, which is very difficult to achieve in real-life situations. TAODV also make use of digital signature which can be inefficient for nodes in terms of battery life and efficiency. Trust is not transitive in nature and this scheme does not take care of this fact while calculating trust based on the opinion of other nodes[20]. In [21], Pissinou et al. designed Trust embedded AODV (T-AODV) protocol, it calculates end-to-end secure route free of malicious nodes through collaboration of nodes in the path. The header of RREQ contains an extra trust-level field. When an intermediate node receives the RREQ it modifies the trust-level field to include the trust level of the node which generates RREQ. Every node in the path checks back broadcasted RREQ from its next node to see whether it has provided the proper information [20]. In T-AODV an intermediate node cannot send the route reply and route selection is performed by utilizing the trust level through a third party involvement. This violates the concept of flexible configuration in ad hoc networks. T-AODV protocol can be attacked by colluding malicious nodes.

SAODV [23], uses cryptographic methods to secure the routing information in the AODV protocol. SAODV uses digital signatures to authenticate non-mutable fields and hash chains to authenticate the hop-count field in both RREQ and RREP messages.

V. RELIANT ON-DEMAND DISTANCE VECTOR ROUTING PROTOCOL(R-AODV)

AODV can be modified to select better path (best path (Bp)) during the route discovery cycle based on the trust and number of hops (trusted and shortest). When the route request and route reply (R-RREQ and R-RREP) messages in Reliant R-AODV are generated or forwarded by the nodes in the network, each node appends its own trust to the trust accumulator (trust summation accumulator S[t]) on these route discovery messages. Each node also updates its routing table with all the information contained in the control messages.

BC

B:AC

AC

AB

AB

AB

B:AC

BC

AB

B:AC

BC

AB

B:AC

a=a

dtdu=d

ut=u

ut=t

⊗⊗

550

∑n

=ivalue (i)trustS[t]

1 =

As the R-RREQ messages are broadcast, each intermediate node that does not have a route to the destination forwards the R-RREQ packet after appending its trust to the trust accumulator in the packet which is computed by

(Eq4)

Where: n : number of hop counts received in one path. S[t]: the trust summation accumulator.

valuetrust (i): trust value of neighbors node in routing table. Hence, at any point, the R-RREQ packet contains a list of all the nodes visited with their trust value added to trust summation accumulator S[t]. Whenever a node receives a R-RREQ packet, it will check the updates of the route to the source node. It then checks for better path (best path (Bp)) for intermediate nodes which is computed by

(Eq5)

Where: Best Path (Bp) : The best path based on trust and less hop count from source to the destination.

countHop : The hop count included in the request message. A new entry is made in the routing table for any of the intermediate nodes and assigns full trust to them, if one did not already exist. If a route entry for a node does exist, and if best path (Bp) to any of the intermediate nodes is greater than the previously known best path (Bp) to that node, the routing table entry is updated for that node and assigns new trust value computed by

(Eq6)

Where:

newvaluetrust _ : New trust value will be updated in routing table. The entry is updated by retaining the previously known sequence number for that node. Note that if the node was unknown previously, the sequence number in the routing table entry is set to zero and the trust value is computed from the trust summation accumulator S[t] over the replied hop count ( countHop ) of route. This nature of updating the routing table along with maintaining lifetimes for each route entry helps to

invalidate the stale entries and keep the route entries current, thus improving the routing accuracy of the protocol. As the RREP message is unicast back to the source, each intermediate node forwards the RREP packet by adding its trust to the trust accumulator S[t] in the packet. Hence, at any point, the RREP packet contains all the previously visited nodes. Similar to the RREQ, the routing table is updated for each intermediate node visited by the RREP in addition to the destination node. Following the guidelines of AODV, entries are also created in the precursor lists by a node forwarding a route reply back to the source. If an entry is updated to any intermediate nodes, any pending packets to that node are sent. In the following sections, we present the concepts of our Reliant AODV.

A. Route Discovery The goal of this work is for source node to select the secure route with less hop count to a destination node. The source node, S, broadcasts a route discovery message (R-RREQ) to its neighbours which contains: S broadcasts R-RREQ <Source_Addr, Source_Seq#, Broadcast_ID, Dest_Addr, Dest_Seq#, Hop_Count, S[t], Bp> As RREQ messages in AODV, for R-AODV, when a node receives R-RREQ message, it sets up a reverse path back to the source by recording the neighbour from which it received the R-RREQ. Meanwhile, when the node receives the R-RREQ, it will check whether it is the destination or not, if so, it will updates the routing table for that node and generate R-RREP. But if the receiver node was intermediate node, it attaches the trust value in its routing table to the trust summation accumulator S[t] in the message. Upon receiving the message, a node verifies the Best path in the routing table with the new best path value attached in the message, if the new best path greater than the one in the routing table, the node then update the routing table

B. Route Reply After receiving the R-RREQ, the destination node creates a route reply message (R-RREP), signs it and unicasts the reply massage back to the source over the reverse path. The destination node, D, creates the R-RREP, and sends it back to its neighbour. Route Reply message contains: D unicasts R-RREP: <Source_Addr, Dest_Addr, Dest_Seq#, Hop_Count, Lifetime, S[t], Bp>

VI. SIMULATION MODEL A detailed simulation model based on Network Simulation

version 2.33 NS2 [14] is used in the evaluation. The Linux-Ubuntu Operating System was used because it is a user-friendly platform and easy to manage and to setup a simulator. The Distributed Coordination Function (DCF) of IEEE 802.11[15] for wireless LANs is used as the MAC layer

countcount HopHopS[t]BpBestPath

⋅= )(

countnewvalue Hop

S[t]trust =_

551

protocol. An unspotted carrier sense multiple access (CSMA) technique with collision avoidance (CSMA/CA) is used to transmit the data packets. The radio model uses characteristics similar to a commercial radio interface, Lucent’s Wave LAN. Wave LAN [16] is modelled as a shared-media radio with a nominal bit rate of 2 Mb/s and a nominal radio range of 250 m [17][18]. Fig.3 shows the procedure chart to execute simulation on NS2.

Fig.3 Procedure to execute simulation on NS2.

A. Mobility

Movement of the nodes is defined by the Random Waypoint Mobility Model as described the network need to adapt to rapid changes in the topology due to the movement of nodes or the network as a whole. In this simulation, files are characterized by number of nodes. The simulation will run with movement patterns 50 nodes. The pause time is set to 0 up to 100 and the maximum speed set to 20m/s. The simulation time is set to 900s and nodes are equally distributed in 500m x 500m area.

B. Traffic Pattern and Parameters

There are three parameters: packet size, number of connections and the rate that we are sending the packets with. The traffic that will be use in this simulation is mention before which is Constant Bit Rate (CBR). The sending rate will be set to 4 packets per second. There will be one communication pattern of 5 connectivity were generate. Also we should consider the network size (number of nodes, the size of the

area that the nodes are moving within). In our simulation, we set up 50 nodes. While the size of the area of nodes movement is set up as 500m x 500m. The simulation parameters in this work are shown in table1.

Number of Nodes 50 nodes Simulation Time 900 seconds Map Size 500 m x 500 m Max Speed 25 m/s Mobility Model Random way point Traffic Type Constant bit rate (CBR) Packet Size 512 bytes Connection Rate (Nominal Radio Range)

4pkts/sec

Pause Time 20,40,60,80,100 second Number of Connection 5 bandwidth of links 2Mbit MAC layer type IEEE 802.11

TABLE I SIMULATION PARAMETERS

C. Node Misbehaviours

Although there can be many different types of misbehavior that a node can perform, for the purpose of this simulation, misbehavior is defined as the tendency of a node to drop data packets. The probability of a node to drop packets corresponds to the trust value given to that node. At the beginning of the simulation, each node is given a random trust value (1 < trust value < 100). The probability of each node to drop a packet, pd, is given by the following equation:

pd = 100 – trust value (Eq 4) For example, if a node is given a trust value of 30, then the

node will drop data packets 70% of the time.

D. Assumption

We assume there is a watchdog [22] system to monitor the misbehavior of nodes and inform other nodes about the misbehaviors neighbor node so that nodes are assigned trust values based on these misbehaviors. Therefore, nodes may have different trust value.

E. Performance Metrics

Three performance metrics are evaluated in our simulation:

1) Packet delivery Fraction The packet delivery fraction is the ratio of the total number of data packets received by destinations over the total number of data packets transmitted by sources.

2) Average end-to-end delay – The average end-to-end delay is the average of delays for all received data packet along the path (from the sources to destinations).

3) Normalized routing load– The normalized routing load is the total number of routing control packets (RREQ, RREP, and RERR) over the total number of received data packets

552

VII. PERFORMANCE RESULTS ANALYSIS

A. Packet Delivery Fraction

The packet delivery fraction of AODV without drop packet (AODV-wo-drop), AODV with drop packet (AODV-w-drop) and Reliant AODV with drop packet (R-AODV-w-drop) shown in Fig 4. The packet delivery fraction of R-AODV is usually better than that of AODV with drop. The reason is that in R-AODV node selects a fresh and trust route in the route discovery procedure by using best path mechanism to transmits data packets to destination. The use of a trusted route reduces the probability of route breakdown caused by drop. Therefore, R-AODV-w-drop will drop smaller amount of packets than AODV-w-drop with drop. Another reason is that R-AODV distributes traffic throughout the network by depending on the best path mechanism based on trust and less hop count. This will reduce the packet drop rate due to the buffer overflow in the heavily load node. In this simulation, when pause time set to 20 second which is close to 0 (continuous motion), each of them obtained lower packet delivery fraction. The reason is that changing of the topology of network caused by high motion of nodes due to less pause time. As the pause time reaches 100 second (no motion), packet delivery frication for R-AODV-w-drop will be increased to 70% due to the stable network. In summary, for node equal to 50, high values of pause time and simulation area 500m x 500m, R-AODV shows much better performance in the team of packet delivery fraction compare with the one with drop (AODV-w-drop).

Fig.4 Packet Delivery Fraction

B. Average end-to-end delay

The average end-to-end delays of original AODV without drop (AODV-wo-drop), AODV with drop (AODV-wo-drop) and R-AODV with drop (R-AODV-w-drop) are shown in Fig.5. Average end-to-end delay (seconds) is the average time it takes a data packet to reach the destination including the queue in send buffer. As routes break, nodes have to discover new routes which lead to longer end-to-end delays

and source packets are buffered at the source during route discovery. Also the area space plays a role in affecting the performance of AODV. In this case, AODV will have higher end-to-end delay due to the waiting of motion. This is because the packet may take long time in buffer till the next motion while in R-AODV will be lesser due to the trusted path that have been selected by best path mechanism.. As a result, the Average end-to-end delay in R-AODV is decreasing with the increasing of the pause time. For fix number of nodes equal to 50 and small spaces, for example 500m x 500m, R-AODV perform well but with a slightly delay.

Fig.5 Average End-to-End Delay

C. Normalized Routing Load

The comparison among R-AODV with drop with AODV without drop and AODV with drop shows different performance regardless on the degree of mobility Fig.6. When pause time set to 20 second each of AODV-wo-drop, AODV-w-drop and R-AODV-w-drop shows high routing load due to routes break or change in route directory due to the high motion of nodes. In this case, nodes need to send RRER message to notify other nodes about that routes break. And then nodes have to discover new routes by sending other RREQs messages. Once these RREQs received, destinations will generate RREPs. These messages cause high percentage of normalized routing load. As the pause time increased till no motion, normalized routing load will be lower due to the stability of node movement. Theoretically R-AODV may have very higher normalized routing load because R-AODV includes some parameters in the routing message which are trust summation and best path in order to select the trusted path with less hops count. Therefore, R-AODV may have much of RREQs and RREPs messages. However, The experimental results for fix number of nodes equal to 50 and small spaces, for example 500m x 500m, R-AODV perform well and show better result in terms of normalized routing load compare with AODV-w-drop.

553

Fig. 6 Normalized Routing Load

VIII. CONCLUSION AND FUTURE WORKS

In this paper, we proposed a new MANET routing algorithm called Reliant R-AODV which is basically an extension to the AODV routing protocol that incorporates a trust mechanism to enhance its security. The proposed algorithm was implemented and simulated using the NS-2 network simulator. In the simulation used, each node is given a trust value and this value is associated with the possibility of the node to perform a packet drop. With the inclusion of trust mechanism, it is expected that using R-AODV would result in a higher percentage of successful data delivery as compared to AODV. However, it is also expected that due to the extra processing done and the possibility that the packets may take a longer route, it is also expected that the normalized routing load and end-to-end delay would increase. Based on the simulation result, the use of R-AODV does provide a higher percentage of successful data delivery. However, the simulation has also shown that the impact to normalized routing load and end-to-end delay is very minimal. Therefore, it can be concluded that TAODV does provide enhanced security with minimal impact to performance.

In the future works, we would like optimize our Reliant AODV routing algorithm and establish some fast response mechanisms when malicious behaviors of attackers are detected. Then we will work at applying trust model into other applications (e.g. key management). A detailed simulation evaluation will be conducted in terms of packet delivery fraction, message overhead, and security analysis.

REFERENCES

[1] C. E. Perkins, E. M. Royer, “Ad hoc On-Demand Distance Vector (AODV) Routing,” RFC 3561, July 2003.

[2] A. Venugopal, K, Khaleel Ur Rahman, Zaman, Rafi U., Reddy, “Performance Comparison of On-Demand and Table Driven Ad Hoc Routing Protocols Using NCTUns.”, Computer Modeling and Simulation, UKSIM, Tenth International Conference on 1-3 April 2008 Page(s):336 – 341.

[3] D. Johnson, Y. Hu and D. Maltz, “The Dynamic Source Routing Protocol (DSR) for Mobile Ad Hoc Networks for IPv4” , rfc4728, February 2007.

[4] S. Buruhanudeen, M.Othman, B.M Ali.” Existing MANET Routing Protocols and Metrics used Towards the Efficiency and Reliability-An Overview”, Telecommunications and Malaysia International Conference on Communications, IEEE International Conference on 14-17 May 2007 Page(s):231–236.

[5] L.Tamilselvan and V. Sankaranarayanan, Prevention of Blackhole Attack in MANET, Wireless Broadband and Ultra Wideband Communications, AusWireless 2007, page(s) 21-21.

[6] M.Carvalho, “Security in Mobile Ad Hoc Networks”, Security & Privacy, IEEE, Volume 6, Issue 2, March-April 2008 Page(s):72 – 75.

[7] V. Gupta, S. V. Krishnamurthy, and M. Faloutsos, “Denial of Service Attacks at the MAC Layer in Wireless Ad Hoc Networks” , In Proc. of MILCOM, 2002, page(s): 202 - 215.

[8] I. Aad, J. Hubaux, W. Knightly E, “Impact of Denial of Service Attacks on Ad Hoc Networks”, Networking, IEEE/ACM Transactions on Volume 16, Issue 4, Aug. 2008 Page(s):791 – 802.

[9] I. Khalil, S. Bagchi , Shroff, LITEWORP: a lightweight countermeasure for the wormhole attack in multihop wireless networks N.B, Dependable

[10] K. Gorantala, “Routing Protocols in Mobile Ad-hoc Networks.”, Master’s Thesis in Computing Science, Ume°a University, Department of Computing Science, Sweden, 2006.

[11] A. Amir Pirzada, “Reliable Routing in Ad Hoc Networks Using Direct Trust Mechanisms.”, School of Computer Science and Software Engineering The University of Western Australia, Crawley, December 15, 2008, chapter 6, Page(s):131-157.

[12] L. Guang, C. Assi,”Vulnerabilities of Ad Hoc Network Routing Protocols To MAC Misbehavior.”, Wireless And Mobile Computing, Networking And Communication, IEEE International Conference on Volume 3, 22-24 Aug. 2005 Page(s):146 – 153.

[13] L. Tamilselvan and Dr. V. Sankaranarayanan, “Prevention of Impersonation Attack in Wireless Mobile Ad hoc Networks.”, IJCSN International Journal of computer Science and network Security, Volume 7, No.3, March 2007, page(s):118-123.

[14] K. Fall, and K.Vardhan, Eds., 1999, Ns notes and documentation, available from http://wwwmash.cd.berkeley.edu/ns/.

[15] E. Borgia, G. Anastasi, M.Conti, E.Gregori, 2003, IEEE 802.11 ad hoc networks: protocols, performance and open issues, in: S.Basagni, M.Conti, S.Giordano, I.Stojmenvoic (Eds), Ad hoc Networking, IEEE Press Wiley, New York.

[16] B. Tuch, “Development of WaveLAN, an ISM Band Wireless LAN”, AT&T Tech. J.,vol. 72, no. 4, 1993, page(s): 27-33.

[17] G. Anastasi, E.Borgia, M.Conti, E.Gregori, 2003, IEEE 802.11 ad hoc networks: performance measurements, icdcsw, p. 758, 23rd International Conference on Distributed Computing Systems Workshops (ICDCSW'03).

[18] IEEE, Wireless LAN Medium Access Control (MAC) and Physical layer (PHY) Specifications, IEEE Std. 802.11,1997.

[19] A Trusted AODV Routing Protocol for Mobile Ad Hoc Networks, PhD thesis, Department of Computer Science and Engineering, The Chinese University of Hong Kong, Available from: www.cse.cuhk.edu.hk/lyu/student/phd/gigi/term4/.

[20] Imran Raza , S. A. Hussain, Identification of malicious nodes in an AODV pure ad hoc network through guard nodes, Computer Communications, v.31 n.9, p.1796-1802, June, 2008.

[21] Seungjin Park, M. Al-Shurman, Seong-Moo Yoo, Black Hole Attack in Mobile Ad hoc Network, ACMSE’04, Huntsville, AL, USA, April 2004.

[22] S. Marti, T. Giuli, K. Lai, and M. Baker, Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Proc. of the Sixth Annual International Conference on Mobile Computing and Networking (MOBICOM), Boston, 2000.

[23] M. G. Zapata and N. Asokan. Securing ad hoc routing protocols. In WiSE’02: Proceedings of the ACM workshop on Wireless security. ACM Press, 2002

�

554