Mitigating Routing Misbehavior in Mobile Ad Hoc Networks

BySergio Marti, T.J. Giuli, Kevin Lai, & Mary Baker

Department of Computer ScienceStanford University

Presented byDimple KaulCS-396Vanderbilt University

Outline of Presentation

• Introduction • Problem & Solution• Dynamic Source Routing• Extensions• Simulation Results• Future Work• Conclusion• Comments• Questions

Introduction

An ad-hoc network is a collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration.

– Lack of Fixed infrastructure– Distributed peer-to-peer mode of operation– Multi-hop Routing– Nodes share the same media– Relatively frequent changes in nodal

constellation

Mobile Ad Hoc Networks

Applications– Military and tactical communication– Rescue missions in times of natural disasters

Misbehavior in Mobile Ad Hoc NetworksMisbehavior of node is one that agrees to participate in forwarding of packets but then drops packets that are routed through it

Types of misbehavior:• Selfish node

– Save battery power & resources– Utilize resources of other nodes for own benefit– Refuse to provide resources for benefit of others

• Malicious node– Intend to damage the network– Will not hesitate to expend resources to cause harm– Prevent other nodes from obtaining proper service

Problem

Misbehaving nodes can result into degradation of

throughput

Some contemporary solutions

• Forwarding of packets through nodes that share pre existing trust relationshipHowever, problems are:- Requires key distribution- Trusted nodes may be still overloaded ,broken or

compromised- Excludes untrusted well behaved nodes

• Isolate misbehaving of nodes from actual routing protocol for n/w.– Add Complexity to protocols whose behavior is well-

defined

Proposed solution

• Introduces techniques that improve throughput in an Ad Hoc Network in the presence of “Misbehaving” nodes

• An extra facility in n/w to detect & mitigate routing misbehavior

• This will result into no change to underlying routing algorithm

Dynamic Source Routing algorithm (DSR)

• On demand routing• Nodes maintain a route caches• Route Discovery Phase

– If not found in cache, broadcast a route request packet– Destination sends a route reply

• Route Maintenance Phase– Error packets– Link breaks– Acknowledgments

Dynamic Source Routing algorithm

source

destination

nodes

propagating RREQ

dest=1,path=1

dest=1,path=1

dest=1,path=2 1dest=2,path=2dest=1,path=3 1dest=3,path=3

dest=1,path=2 1dest=2,path=2

dest=1,path=5 2 1dest=2,path=5 2dest=5,path=5

dest=1,path=5 2 1dest=2,path=5 2dest=5,path=5

1

7

2

3

4

5

6

i

Extension of DSRWatchdog

• Detects & identifies misbehaving nodes• Maintains a buffer of transmitted packets• Monitors next hop node’s behavior• Keeps note of number of failures

S A B C D

“A” is in transmission range of “B”

Intended direction of

packet

Watchdog Weaknesses

May not detect misbehaving nodes in presence of:• Ambiguous Collision “A” should not immediately accuse “B” of misbehaving. It should watch “B” over a period of time

• Receiver Collision

S A B C D

S A B C D

Watchdog Weaknesses

• False misbehavior reporting–Falsely reporting that the other node is misbehaving

• Limit transmission power–Can be heard by previous node but not enough strong to reach destination

• Collusion–Two or more nodes collude an attack

• Partial dropping–Dropping packets at lower rate

Extension of DSR Pathrater

• Avoids routing packets through malicious nodes

• Each node maintains a rating for every other node

• A node is assigned as a “neutral” rating of 0.5• The rating of nodes on all actively used path

increase by 0.01 at periodic intervals of 200ms• The rating of nodes decrease 0.05 when a link

break is detected

Pathrater (contd..)

• High negative numbers are assigned to nodes suspected of misbehaving nodes by Watchdog

• It calculates a path metric by averaging the node rating in the path

• If there are multiple paths, the node chooses the path with the highest metric*

• It increases the throughput• It gives a comparison of the overall reliability of

different paths• Increase the ratio of overhead transmissions to

data transmission

Evaluation

Extensions were evaluated using following metrics:– Network Throughput: Percentage of sent data

packets actually received by the intended destinations

– Routing Overhead: It is the ratio of routing related transmission to data transmission in a simulation

– Effects of false Positives: Watchdog can have false positive effects on network. It happens when it reports that a node is misbehaving when in fact it is not

Assumptions

• Some assumptions are

– Links between the nodes are bi-directional– Routing protocol modified such that it has

two hop information– Malicious node does not work in groups

Methodology

• Simulated in version of Berkeley’s Network Simulator that includes wireless extensions made by the CMU Monarch project

• Simulations take place in a 670 by 670 meter flat space filled with 50 wireless nodes

• The nodes communicate using 10 constant bit rate (CBR) node to node connections

• Nodes move in straight line towards the destination at uniform speed 0-20 meter/seconds(m/s)

• The percentage of the compromised nodes vary from 0% to 40% in 5% increments

Simulation Results

• Tested various combinations of different extensions:– Watchdog (WD)– Pathrater (PR)– Send (extra) route request (SRR)

• Using two pause times– 0 second pause time :Nodes are in constant motion– 60 second pause time :pause time before & in between

node movement

Network Throughput

Four different graphs• Everything enabled• Watchdog & Pathrater enabled• Pathrater enabled• Everything disabled

Network Throughput (contd…) Throughput Vs Fraction of Misbehaving nodes

0 sec pause time

Network Throughput (contd…) Throughput Vs Fraction of Misbehaving nodes

60 sec pause time

Network Throughput (contd…)

Maximum and minimum network throughputobtained by any simulation at 40% misbehavingnodes with all features enabled

Routing Overhead

Four different graphs• Everything enabled• Watchdog & Pathrater enabled• Watchdog enabled• Everything disabled

Routing Overhead (contd…) Throughput Vs Fraction of Misbehaving

nodes

0 sec pause time

Routing Overhead (contd…)Throughput Vs Fraction of Misbehaving

nodes

60 sec pause time

Routing Overhead (contd…)

Maximum and minimum overhead obtained by any simulation at 40% misbehaving nodes with all features enabled

Routing Overhead (contd…)

• Adding watchdog only adds very minor overhead

Effect of False Detection

Two graphs • Regular watchdog • Watchdog that does not report false positives

Effect of False Detection(contd…) Throughput Vs Fraction of Misbehaving

nodes

0 sec pause time

Effect of False Detection(contd…) Throughput Vs Fraction of Misbehaving

nodes

60 sec pause time

Effect of False Detection(contd…)

Comparison of the number of false positives between the 0 second and 60 second pause time simulations. Average taken from the simulations with all features enable

Future Work

• Expand on how the threshold values could be optimized

• Evaluate watchdog & pathrater considering latency in addition to latency

• Implementation of a priori trusted relationships• Detection of multiple node collusion

Conclusion

• Ad hoc networks are vulnerable to nodes that misbehave when routing packets

• Simulation evaluates that the two techniques– increases throughput by 17% in network with

moderate mobility, while increase ratio of overhead to data transmission from 9% to 17%

– increases throughput by 27% in network with extreme mobility, while increase ratio of overhead to data transmission from 12% to 24%

Comments

• Work does not mention about how the threshold value is calculated - it is one of the important factor in detecting malicious nodes.

• If malicious nodes work in a group then it is difficult to identify them

• Paper does not address other attacks such as Mac attack, False route request and reply messages that bring down throughput in ad -hoc network

Questions?