ISSN : 2278-845X
EISSN : 2278-8468
NAMITA UIKE1*, VAIBHAV LOHKARE2, BHAGYASHRI DEULKAR3, PRAFUL TAYDE4
1Department of Computer Science and Engineering, Jawaharlal Darda Institute of Technology, Yavatmal- 445001, MS, India.
2Department of Computer Science and Engineering, Jawaharlal Darda Institute of Technology, Yavatmal- 445001, MS, India.
3Department of Computer Science and Engineering, Jawaharlal Darda Institute of Technology, Yavatmal- 445001, MS, India.
4Department of Computer Science and Engineering, Jawaharlal Darda Institute of Technology, Yavatmal- 445001, MS, India.
* Corresponding Author : namitauike7@gmail.com
Received : 07-03-2012 Accepted : 10-05-2012 Published : 14-05-2012
Volume : 1 Issue : 1 Pages : 5 - 8
World Res J Trans Algorithm 1.1 (2012):5-8
Mobile Ad-hoc Networks (MANET) is the self organizing collection of mobile nodes. That means nodes in network can join or leave network on their own will. So it is necessary to find out the mechanism which handles this nature of nodes which insures integrity and security inside the network. There are number of protocols present in the MANET. The routing protocols in MANET may generally be categorized as: table-driven/proactive and source-initiated (demand-driven)/reactive. In our paper we focus on the Hierarchical Optimized Link State Routing (HOLSR) protocol which is derived from OLSR protocol which is a proactive protocol. It improves the scalability of heterogeneous Mobile Ad-Hoc Networks (MANETs). It uses Multipoint Relay (MPR) nodes as a flooding mechanism for distributing control information. Though the HOLSR is more advantageous than OLSR but also have some disadvantages, Such as in HOLSR a misbehaving node can affect the topology map acquisition process by interrupting the flooding of control information or disturbing the MPR selection process. In this paper, we present a classification of flooding disruption attacks which affect the topology map acquisition process in HOLSR networks and precautionary mechanisms to mitigate the effect of this kind of attacks.
HOLSR, security, flooding mechanisms, MPR.
A mobile ad hoc network (MANET) is a dynamic wireless network that can be formed without any pre-existing infrastructure. Mobile nodes in MANET can communicate with each other without any pre-existing infrastructure where each node can act as a router. There are so many protocols present in MANET one of which is Optimized Link State Routing (OLSR) protocol categorized under proactive protocols. In this paper we are going to present Hierarchical Optimized Link State Routing (HOLSR) protocol which is derived from the OLSR protocol and implements Multipoint Relay (MPR) nodes as a flooding mechanism for distributing control information.
A main difference in OLSR and HOLSR is that, HOLSR organizes the network in logical levels and distributes the nodes in clusters. The core optimization of this protocol is to select Multipoint Relays (MPRs) as a flooding mechanism for distributing TC and HTC messages to all levels of the hierarchical architecture.
In HOLSR, topology map acquisition [14] is the ability of any given node to acquire a complete view of the network connectivity (i.e., routing tables) according to their topological level in the network. A node with an incomplete topological map is unable of calculating routing paths and forwarding data. In this context, a malicious node is defined as a node that interrupts the flooding of control traffic information or does not obey the rules of the protocol to maintain the hierarchical architecture. Topology map acquisition is affected by a malicious node that performs a flooding disruption attack to interrupt the propagation of control information. This attack can be performed by a misbehaving node that reports either a false identity (i.e., identity spoofing) or a false link (i.e., link spoofing) to perturb the proper selection of the MPRs. Furthermore, a malicious node might not relay properly control traffic information on behalf other nodes. Thus, the nodes in the network will not be able of constructing a complete map of other nodes attached to its cluster or in lower hierarchical levels.
In this paper, we analyze flooding disruption attacks that affect the topology map acquisition process in HOLSR networks. Additionally, we present preventive mechanisms to mitigate the effect of this kind of attacks. Also we explain the effect of the flooding disruption attacks in HOLSR networks, however other hierarchical approaches based on the OLSR protocol that implement the MPR mechanism to flood control information at both inter-cluster and intra-cluster levels, are also affected by the attacks that we describe further.
This section presents an overview of the original OLSR protocol. OLSR is a proactive routing protocol designed exclusively for MANETs. The OLSR protocol is hop-by-hop routing, i.e., each routing table lists, for every reachable destination, the address of the next node along the path to that destination. Every node learns about its one and two-hop neighbors by periodically generating and receiving Hello messages. Hello messages are not retransmitted further. The MPR set is selected so that every two-hop neighbor is reachable through, at least, one MPR. Every node reports the nodes it has selected as MPRs in its Hello Messages. With this information, the nodes build their MPR selector set, i.e., the set of nodes that have selected a given node as an MPR. TC messages are generated exclusively by the MPRs. A node that has an empty MPR selector set does not send or retransmit any TC message. The originator of TC message advertises itself as the last hop to reach all nodes included in its selector table. This information allows each node to construct and to maintain its topology table [11] Additionally, OLSR implements HNA and Multiple Interface Declaration (MID) messages. HNA messages are used to inject external routing information into an OLSR network and to provide connectivity to nodes with non-OLSR interfaces. MID messages are used to declare the presence of multiple interfaces on a node. HNA and MID are optional and fully retransmitted by the MPRs.
MANETs are by nature formed by heterogeneous devices and nodes that can join the network without following a predictable pattern. Furthermore, scalability is a problem in MANETS. Scalability can be defined as the capacity of the network to adjust or to maintain its performance even if the number of nodes in the network increases [8] . OLSR is a flat routing protocol and the performance of the protocol tends to degrade when the number of nodes increases due to a higher number of topology control messages propagated through the network. The MPR mechanism is local and therefore very scalable. However, the diffusion by all the nodes in the network of all the link-state information is less scalable. However, OLSR’s performance decreases in large heterogeneous ad hoc networks. Additionally, OLSR does not distinguish the capabilities of its member nodes and, in consequence, does not exploit nodes with higher capabilities. Thus, HOLSR [15] is an approach designed to improve the scalability of OLSR protocol in large-scale heterogeneous networks. The main improvements are a reduction in the amount of topology control traffic and efficient use of high capacity nodes. HOLSR organizes the network in hierarchical clusters. This architecture allows to reduce the routing computational cost, i.e., in case a link is broken only nodes inside the same cluster have to recalculate their routing table while nodes in different clusters are not affected. In HOLSR [15] , nodes are organized according to their capacities.
The HOLSR [15] network architecture is illustrated in [Fig-1] At level 1, there are low capability nodes and one interface represented by circles. Nodes at the topology level 2 are equipped with up to two wireless interfaces, designated by squares. Nodes at level 2 employ one interface to communicate with nodes at level 1. Nodes at level 3, designated by triangles, represent high-capacity nodes with up to three wireless interfaces to communicate with nodes at every level. Thus, in [Fig-1] , node F3 represents node F’s interface at level 3. The only restriction for nodes at levels 2 and 3 is that they have at least one interface to communicate with nodes at levels 2 or 3, respectively. For instance, in [Fig-1] node F has two interfaces and can communicate with nodes at levels 2 and 3. Node A has also two interfaces and establishes communication with nodes at levels 1 and 2. Node D can just communicate with nodes at level 2. In the example, the notation used to name the clusters reflects the level of the cluster and the cluster head, e.g., C1.A means that the cluster is at level 1 and the cluster head is node A.
[Table-1] .
Nevertheless, HOLSR [15] is designed without security measures. Therefore, a misbehaving node can affect the topology map acquisition process by interrupting the flooding of control information or disturbing the MPR selection process. The flooding mechanism for control traffic information in an HOLSR network is based on the correct selection of the MPRs. Control traffic messages (i.e., TC and HTC messages) are forwarded exclusively by the MPRs. An attacker seeking to interrupt the control traffic flooding can either (a) manipulate the information about the one and two-hop neighbors of a given node to cause the MPR selection to fail, or (b) misbehave during the generation and forwarding processes. Thus, a node will receive incomplete information about other nodes in its cluster or in lower level clusters. The attack has a cross layer impact if the affected node is a cluster head with an interface to an upper level. In this case, nodes in the upper level will fail to compute a route to nodes in lower levels of the network. Following subsections present various attacks in detail.
The identity spoofing attack [14] is performed by a malicious node pretending to be a different node in the network. The goal of the attack is to report false information about nodes one or two-hops away in order to maliciously affect the MPR selection process. [Fig-2a] illustrates an example where node x spoofs the identity of node d and broadcasts hello message advertising a valid link with node c. Then, node a will receive Hello messages from node x indicating that node d has links with nodes c and f. In this case, node a selects incorrectly node d as the only element in its MPR set. In consequence, node c is unreachable through the MPR set and will never receive TC or HTC messages. [Fig-2b] presents an example where the attacker affects the MPR selection of a node at distance two hops. The malicious node x spoofs the identity of node c, i.e., nodes f and e will generate Hello messages advertising node c as a one-hop neighbor. From the point of view of node a nodes b, e, f and d have node c as a one hop neighbor. As a result of the attack, node a can select incorrectly nodes f or e as a MPR. In this case, nodes b and d will not forward control traffic information to node c because they are not included in the MPR set.
The link spoofing attack [14] is performed by a malicious node that reports an inexistent link to other nodes in the network. The objective of the attacker is to manipulate the information about the nodes one or two hops away and be selected as part of the MPR set. Once the malicious node has been selected as an MPR, it neither generates nor forwards control traffic information. The flooding disruption attack due to link spoofing is illustrated in [Fig-3a] . In this example, node x spoofs links to nodes e and c. Node x sends Hello messages and looks like the best option to be selected as an MPR for node a. Node a receives the Hello messages from node x and computes incorrectly its MPR set by selecting node x as the only element to reach nodes e and c. Thus, all routing information will not reach nodes two hops away from node a. A variant of the attack can be performed by reporting a link to an inexistent node.
In an HOLSR [15] network, the MPR selection reduces at minimum the overhead generated by control traffic messages, if every node selects its MPR set with the following conditions: (i) the MPR set is kept at minimum, (ii) an MPR retransmits control traffic messages if and only if the sender node is included in its selector table and (iii) only partial link state information is transmitted, i.e., an MPR reports only links with its selector nodes. Nevertheless, we can loosen up the previous restriction in order to offer a higher level of security while maintaining a tradeoff between security and performance. In the following subsections, we explain a set of strategies to reduce the effect of flooding disruption attacks. The strategies that we describe are based on the selection of MPRs with additional coverage, generation of TC messages with redundant link state information and a non source-dependent forwarding mechanism.
Additional coverage in the selection of the MPRs is the ability of a node to select redundant MPRs. The selection of MPRs must be as small as possible to reduce the overhead generated by flooding the network with TC messages. Nevertheless, additional coverage allows a node to advertise its presence to more nodes in the network. In this manner, extra coverage helps to maintain the integrity of the network in spite of the presence of malicious nodes during the execution of HOLSR. The selection of MPRs with extra coverage this approach is named as a k-Covered-MPR set. However, the overhead generated by the excessive number of TC and HTC messages reduces the performance of the network. This problem is addressed with an improved k-Robust-MPR selection, which balances security and traffic overhead. Fig.(5) presents examples of the resulting MPR selection strategies with or without additional coverage.
The RFC3626 [12] defines the MPR Coverage parameter to specify by how many one-hop nodes any two-hop neighbors must be covered. If MPR Coverage is equal to one, then the overhead is kept at minimum and the function is equivalent to the MPR selection without additional coverage. If MPR Coverage is equal to k, a node selects its MPR set such as any two-hop neighbor is covered by k one-hop neighbors, whenever possible. A poorly covered node, is a node in the two-hop neighborhood that cannot be covered by at least k nodes in the one-hop neighborhood. The MPR Coverage parameter is local to every node in the network. Nodes with different values of MPR Coverage may operate in a same network. [Fig-5a] shows a k-Covered-MPR selection with a value of k equal to two.
A k-Robust-MPR selection [5] computes an MPR set that is composed of, at most, k +1 disjoint groups, i.e., every two-hop node is covered. The k-Robust-MPR selection algorithm is as follows:
1. First, we obtain a subset Mi such that Mi is subset of N1(n) and covers all the nodes in N2(n).
2. We repeat the process until it is not possible to find a new disjoint subset Mi that covers all the nodes in N2(n).
3. The MPR set is formed by the union, if it is possible, of k disjoint subsets Mi. Where assume the following notation:
• d(n, u): number of hops between nodes n and u.
• N1(n) := {n1 : d(n, n1) ≤ 1}
• N≤ 2(n) := {n2 : d(n, n2) ≤ 2}
• N2(n) := N≤ 2(n) \ N1(n)
• M: M is an MPR set for node n if and only if MN1(n) such that for every node n2 € N2(n), N1(n2) ∩ M ≠null.
The resulting MPR set has two main properties: (a) in a k-Robust-MPR set it is possible to discard a maximum of k MPR sets and the remaining set it is still a valid MPR set and (b) if we can only find k’+1 disjoint MPR sets, such that k’+1 is less or equal than a value of k, we obtain a valid k’-robust-MPR set. Fig.5(b) shows a k- Robust-MPR selection with a value of k equal to one. For instance, node i can select either {g} or {f, j} as valid disjoint MPR sets, then node i can compute a 1-Robust- MPR set formed by {g, f, j}. Then, if node g misbehaves, node i can discard it and the subset {f, j} remains as a valid MPR set.
We express sincere gratitude to our guide for providing their valuable guidance and necessary facilities needed for the successful completion of this paper throughout. Last but not least, we thank our parents for their support and thank all our friends and well-wishers who were a constant source of inspiration.
In this paper, we presented taxonomy of flooding disruption attacks that affect the topology map acquisition in HOLSR networks. These kinds of attacks affect either the MPR selection process or the flooding of control traffic information for inter-cluster or intra-cluster communication. Additionally, we present a set of strategies to mitigate the effect of this kind of attacks. According to that, it is possible to mitigate the effect of flooding disruption attacks by selecting the MPR sets with additional coverage or generating control traffic with redundant information.
[1] Hajami A., Oudidi K. and Elkoutbi M. (2010) 10th Annual International Conference, 181-188. IEEE.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[2] Palma D. and Curado M. (2009) Proceedings of the 8th International Conference on Ad-Hoc, Mobile and Wireless Networks, ADHOC-NOW, 354-359, Berlin, Heidelberg.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[3] Baccelli E. (2006) IFIP International Federation for Information Processing, 197, 265-274.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[4] Ros F.J. and Ruiz P.M. (2007) Proceedings of the 2007 international conference on Wireless communications and mobile computing, 202-207, ACM.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[5] Cervera G., Barbeau M., Garcia-Alfaro J. and Kranakis E. (2010) 5th International Conference on Risks and Security of Internet and Systems (CRISIS), 81-88, Montreal, Canada.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[6] Macker J., Downard I., Dean J. and Adamson B. (2007) ACM SIGMOBILE Mobile Computing and Communications Review, 11(3), 1-11.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[7] Moy J. (1988) IETF Internet Draft, http://www.ietf.org/rfc/rfc2328.txt.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[8] Villasenor-Gonzalez L., Ge Y. and Lamont L. (2005) IEEE Communications Magazine, 43(7), 118-125.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[9] Voorhaen M., Van de Velde E. and Blondia C. (2006) IFIP International Federation for Information Processing, Challenges in Ad Hoc Networking, 197, 139-148.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[10] Arce P., Guerri J.C., Pajares A. and L´azaro O. (2008) Mobile Networks and Applications, 13(3-4), 324-336.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[11] Jacquet P., Muhlethaler P., Clausen T., Laouiti A., Qayyum A. and Viennot L. (2001) IEEE International Multi Topic Conference. IEEE INMIC, 62-68. Lahore University of Management Sciences, Pakistan.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[12] Clausen T. and Jacquet P. (2003) IETF Internet Draft, http://www.ietf.org/rfc/rfc3626.txt.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[13] Henderson T. et. al. (2011) Software package retrieved from http://www.nsnam.org/.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[14] Herberg U. and Clausen T. (2010) International Journal of Network Security & Its Applications (IJNSA), 2(2).
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[15] Gimer Cervera, Michel Barbeau, Joaquin Garcia-Alfaroy and Evangelos Kranakis (2011) Ninth Annual Communication Networks and Services Research Conference. Mitigation of Flooding Disruption Attacks in Hierarchical OLSR Networks.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
 | Fig. 1- Example of a hierarchical OLSR network |
 | Fig. 2a- Flooding disruption due to identity spoofing attacks. (a) Node x spoofs d and reports an incorrect link between node c and d. One-hop address duplication. |
 | Fig. 2b- Flooding disruption due to identity spoofing attacks. (b) Node x spoofs c and affects node a’s MPR selection. Two-hop address duplication. |
 | Fig. 3a- Flooding disruption due to link spoofing attacks (a) Node x spoofs links to nodes e and c |
 | Fig. 5a- MPR selection in an HOLSR cluster with additional coverage. (a) K-covered–MPR selection k equal to two |
 | Fig. 5b- MPR selection in an HOLSR cluster with additional coverage. (b) K-robust-MPR selection k equal to one |
 | Table 1- Taxonomy of HOLSR messages *Optional message |