Mitigating Routing Misbehavior in Mobile Ad Hoc Networks By Sergio Marti, T.J. Giuli, Kevin Lai, & Mary Baker Department of Computer Science Stanford University Presented by Dimple Kaul CS-396 Vanderbilt University

Outline of Presentation Introduction Problem & Solution Dynamic Source Routing Extensions Simulation Results Future Work Conclusion Comments Questions

Introduction An ad-hoc network is a collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration. –Lack of Fixed infrastructure –Distributed peer-to-peer mode of operation –Multi-hop Routing –Nodes share the same media –Relatively frequent changes in nodal constellation

Mobile Ad Hoc Networks Applications –Military and tactical communication –Rescue missions in times of natural disasters

Misbehavior in Mobile Ad Hoc Networks Misbehavior of node is one that agrees to participate in forwarding of packets but then drops packets that are routed through it Types of misbehavior: Selfish node –Save battery power & resources –Utilize resources of other nodes for own benefit –Refuse to provide resources for benefit of others Malicious node –Intend to damage the network –Will not hesitate to expend resources to cause harm –Prevent other nodes from obtaining proper service

Problem Misbehaving nodes can result into degradation of throughput

Some contemporary solutions Forwarding of packets through nodes that share pre existing trust relationship However, problems are: -Requires key distribution -Trusted nodes may be still overloaded,broken or compromised -Excludes untrusted well behaved nodes Isolate misbehaving of nodes from actual routing protocol for n/w. –Add Complexity to protocols whose behavior is well- defined

Proposed solution Introduces techniques that improve throughput in an Ad Hoc Network in the presence of “Misbehaving” nodes An extra facility in n/w to detect & mitigate routing misbehavior This will result into no change to underlying routing algorithm

Dynamic Source Routing algorithm (DSR) On demand routing Nodes maintain a route caches Route Discovery Phase –If not found in cache, broadcast a route request packet –Destination sends a route reply Route Maintenance Phase –Error packets –Link breaks –Acknowledgments

Dynamic Source Routing algorithm source destination nodes propagating RREQ dest=1,path=1 dest=1,path=2 1 dest=2,path=2 dest=1,path=3 1 dest=3,path=3 dest=1,path=2 1 dest=2,path=2 dest=1,path=5 2 1 dest=2,path=5 2 dest=5,path=5 dest=1,path=5 2 1 dest=2,path=5 2 dest=5,path= i

Extension of DSR Watchdog Detects & identifies misbehaving nodes Maintains a buffer of transmitted packets Monitors next hop node’s behavior Keeps note of number of failures SABCD “A” is in transmission range of “B” Intended direction of packet

Watchdog Weaknesses May not detect misbehaving nodes in presence of: Ambiguous Collision “A” should not immediately accuse “B” of misbehaving. It should watch “B” over a period of time Receiver Collision SABCDSABCD

Watchdog Weaknesses False misbehavior reporting –Falsely reporting that the other node is misbehaving Limit transmission power –Can be heard by previous node but not enough strong to reach destination Collusion –Two or more nodes collude an attack Partial dropping –Dropping packets at lower rate

Extension of DSR Pathrater Avoids routing packets through malicious nodes Each node maintains a rating for every other node A node is assigned as a “neutral” rating of 0.5 The rating of nodes on all actively used path increase by 0.01 at periodic intervals of 200ms The rating of nodes decrease 0.05 when a link break is detected

Pathrater (contd..) High negative numbers are assigned to nodes suspected of misbehaving nodes by Watchdog It calculates a path metric by averaging the node rating in the path If there are multiple paths, the node chooses the path with the highest metric* It increases the throughput It gives a comparison of the overall reliability of different paths Increase the ratio of overhead transmissions to data transmission

Evaluation Extensions were evaluated using following metrics: –Network Throughput: Percentage of sent data packets actually received by the intended destinations –Routing Overhead: It is the ratio of routing related transmission to data transmission in a simulation –Effects of false Positives: Watchdog can have false positive effects on network. It happens when it reports that a node is misbehaving when in fact it is not

Assumptions Some assumptions are –Links between the nodes are bi-directional –Routing protocol modified such that it has two hop information –Malicious node does not work in groups

Methodology Simulated in version of Berkeley’s Network Simulator that includes wireless extensions made by the CMU Monarch project Simulations take place in a 670 by 670 meter flat space filled with 50 wireless nodes The nodes communicate using 10 constant bit rate (CBR) node to node connections Nodes move in straight line towards the destination at uniform speed 0-20 meter/seconds(m/s) The percentage of the compromised nodes vary from 0% to 40% in 5% increments

Simulation Results Tested various combinations of different extensions: –Watchdog (WD) –Pathrater (PR) –Send (extra) route request (SRR) Using two pause times –0 second pause time :Nodes are in constant motion –60 second pause time :pause time before & in between node movement

Network Throughput Four different graphs Everything enabled Watchdog & Pathrater enabled Pathrater enabled Everything disabled

Network Throughput (contd…) Throughput Vs Fraction of Misbehaving nodes 0 sec pause time

Network Throughput (contd…) Throughput Vs Fraction of Misbehaving nodes 60 sec pause time

Network Throughput (contd…) Maximum and minimum network throughput obtained by any simulation at 40% misbehaving nodes with all features enabled

Routing Overhead Four different graphs Everything enabled Watchdog & Pathrater enabled Watchdog enabled Everything disabled

Routing Overhead (contd…) Throughput Vs Fraction of Misbehaving nodes 0 sec pause time

Routing Overhead (contd…) T hroughput Vs Fraction of Misbehaving nodes 60 sec pause time

Routing Overhead (contd…) Maximum and minimum overhead obtained by any simulation at 40% misbehaving nodes with all features enabled

Routing Overhead (contd…) Adding watchdog only adds very minor overhead

Effect of False Detection Two graphs Regular watchdog Watchdog that does not report false positives

Effect of False Detection(contd…) Throughput Vs Fraction of Misbehaving nodes 0 sec pause time

Effect of False Detection(contd…) Throughput Vs Fraction of Misbehaving nodes 60 sec pause time

Effect of False Detection(contd…) Comparison of the number of false positives between the 0 second and 60 second pause time simulations. Average taken from the simulations with all features enable

Future Work Expand on how the threshold values could be optimized Evaluate watchdog & pathrater considering latency in addition to latency Implementation of a priori trusted relationships Detection of multiple node collusion

Conclusion Ad hoc networks are vulnerable to nodes that misbehave when routing packets Simulation evaluates that the two techniques –increases throughput by 17% in network with moderate mobility, while increase ratio of overhead to data transmission from 9% to 17% –increases throughput by 27% in network with extreme mobility, while increase ratio of overhead to data transmission from 12% to 24%

Comments Work does not mention about how the threshold value is calculated - it is one of the important factor in detecting malicious nodes. If malicious nodes work in a group then it is difficult to identify them Paper does not address other attacks such as Mac attack, False route request and reply messages that bring down throughput in ad - hoc network

Questions?