Mitigating Routing Misbehavior in Mobile Ad Hoc Networks

1
Mitigating Routing Misbehavior in Mobile Ad Hoc
Networks

• By
• Sergio Marti, T.J. Giuli, Kevin Lai, Mary Baker
• Department of Computer Science
• Stanford University

Presented by Dimple Kaul CS-396 Vanderbilt
University
2
Outline of Presentation

• Introduction
• Problem Solution
• Dynamic Source Routing
• Extensions
• Simulation Results
• Future Work
• Conclusion
• Comments
• Questions

3
Introduction

• An ad-hoc network is a collection of wireless
  mobile hosts forming a temporary network without
  the aid of any established infrastructure or
  centralized administration.
• Lack of Fixed infrastructure
• Distributed peer-to-peer mode of operation
• Multi-hop Routing
• Nodes share the same media
• Relatively frequent changes in nodal
  constellation

4
Mobile Ad Hoc Networks

• Applications
• Military and tactical communication
• Rescue missions in times of natural disasters

5
Misbehavior in Mobile Ad Hoc Networks

• Misbehavior of node is one that agrees to
  participate in forwarding of packets but then
  drops packets that are routed through it
• Types of misbehavior
• Selfish node
• Save battery power resources
• Utilize resources of other nodes for own benefit
• Refuse to provide resources for benefit of others
• Malicious node
• Intend to damage the network
• Will not hesitate to expend resources to cause
  harm
• Prevent other nodes from obtaining proper service

6
Problem

• Misbehaving nodes can result into degradation of
  throughput

7
Some contemporary solutions

• Forwarding of packets through nodes that share
  pre existing trust relationship
• However, problems are
• Requires key distribution
• Trusted nodes may be still overloaded ,broken or
  compromised
• Excludes untrusted well behaved nodes
• Isolate misbehaving of nodes from actual routing
  protocol for n/w.
• Add Complexity to protocols whose behavior is
  well-defined

8
Proposed solution

• Introduces techniques that improve throughput in
  an Ad Hoc Network in the presence of
  Misbehaving nodes
• An extra facility in n/w to detect mitigate
  routing misbehavior
• This will result into no change to underlying
  routing algorithm

9
Dynamic Source Routing algorithm (DSR)

• On demand routing
• Nodes maintain a route caches
• Route Discovery Phase
• If not found in cache, broadcast a route request
  packet
• Destination sends a route reply
• Route Maintenance Phase
• Error packets
• Link breaks
• Acknowledgments

10
Dynamic Source Routing algorithm
nodes
i
propagating RREQ
2
5
dest1,path2 1
dest1,path1
source
dest2,path2
1
4
destination
6
dest1,path2 1
dest1,path5 2 1 dest2,path5 2 dest5,path5
dest2,path2
dest1,path3 1
3
dest3,path3
dest1,path5 2 1 dest2,path5 2 dest5,path5
dest1,path1
7
11
Extension of DSRWatchdog

• Detects identifies misbehaving nodes
• Maintains a buffer of transmitted packets
• Monitors next hop nodes behavior
• Keeps note of number of failures

A is in transmission range of B
Intended direction of packet
12
Watchdog Weaknesses

• May not detect misbehaving nodes in presence of
• Ambiguous Collision
• A should not immediately accuse B of
  misbehaving. It should watch B over a period
  of time

• Receiver Collision

13
Watchdog Weaknesses

• False misbehavior reporting
• Falsely reporting that the other node is
  misbehaving
• Limit transmission power
• Can be heard by previous node but not enough
  strong to reach destination
• Collusion
• Two or more nodes collude an attack
• Partial dropping
• Dropping packets at lower rate

14
Extension of DSR Pathrater

• Avoids routing packets through malicious nodes
• Each node maintains a rating for every other node
• A node is assigned as a neutral rating of 0.5
• The rating of nodes on all actively used path
  increase by 0.01 at periodic intervals of 200ms
• The rating of nodes decrease 0.05 when a link
  break is detected

15
Pathrater (contd..)

• High negative numbers are assigned to nodes
  suspected of misbehaving nodes by Watchdog
• It calculates a path metric by averaging the node
  rating in the path
• If there are multiple paths, the node chooses the
  path with the highest metric
• It increases the throughput
• It gives a comparison of the overall reliability
  of different paths
• Increase the ratio of overhead transmissions to
  data transmission

16
Evaluation

• Extensions were evaluated using following
  metrics
• Network Throughput Percentage of sent data
  packets actually received by the intended
  destinations
• Routing Overhead It is the ratio of routing
  related transmission to data transmission in a
  simulation
• Effects of false Positives Watchdog can have
  false positive effects on network. It happens
  when it reports that a node is misbehaving when
  in fact it is not

17
Assumptions

• Some assumptions are
• Links between the nodes are bi-directional
• Routing protocol modified such that it has two
  hop information
• Malicious node does not work in groups

18
Methodology

• Simulated in version of Berkeleys Network
  Simulator that includes wireless extensions made
  by the CMU Monarch project
• Simulations take place in a 670 by 670 meter flat
  space filled with 50 wireless nodes
• The nodes communicate using 10 constant bit rate
  (CBR) node to node connections
• Nodes move in straight line towards the
  destination at uniform speed 0-20
  meter/seconds(m/s)
• The percentage of the compromised nodes vary from
  0 to 40 in 5 increments

19
Simulation Results

• Tested various combinations of different
  extensions
• Watchdog (WD)
• Pathrater (PR)
• Send (extra) route request (SRR)
• Using two pause times
• 0 second pause time Nodes are in constant
  motion
• 60 second pause time pause time before in
  between node movement

20
Network Throughput

• Four different graphs
• Everything enabled
• Watchdog Pathrater enabled
• Pathrater enabled
• Everything disabled

21
Network Throughput (contd) Throughput Vs
Fraction of Misbehaving nodes
0 sec pause time
22
Network Throughput (contd) Throughput Vs
Fraction of Misbehaving nodes
60 sec pause time
23
Network Throughput (contd)

• Maximum and minimum network throughput
• obtained by any simulation at 40 misbehaving
• nodes with all features enabled

24
Routing Overhead

• Four different graphs
• Everything enabled
• Watchdog Pathrater enabled
• Watchdog enabled
• Everything disabled

25
Routing Overhead (contd) Throughput Vs Fraction
of Misbehaving nodes
0 sec pause time
26
Routing Overhead (contd)Throughput Vs Fraction
of Misbehaving nodes
60 sec pause time
27
Routing Overhead (contd)

• Maximum and minimum overhead obtained by any
  simulation at 40 misbehaving nodes with all
  features enabled

28
Routing Overhead (contd)

• Adding watchdog only adds very minor overhead

29
Effect of False Detection

• Two graphs
• Regular watchdog
• Watchdog that does not report false positives

30
Effect of False Detection(contd) Throughput Vs
Fraction of Misbehaving nodes
0 sec pause time
31
Effect of False Detection(contd) Throughput Vs
Fraction of Misbehaving nodes
60 sec pause time
32
Effect of False Detection(contd)

• Comparison of the number of false positives
  between the 0 second and 60 second pause time
  simulations. Average taken from the simulations
  with all features enable

33
Future Work

• Expand on how the threshold values could be
  optimized
• Evaluate watchdog pathrater considering latency
  in addition to latency
• Implementation of a priori trusted relationships
• Detection of multiple node collusion

34
Conclusion

• Ad hoc networks are vulnerable to nodes that
  misbehave when routing packets
• Simulation evaluates that the two techniques
• increases throughput by 17 in network with
  moderate mobility, while increase ratio of
  overhead to data transmission from 9 to 17
• increases throughput by 27 in network with
  extreme mobility, while increase ratio of
  overhead to data transmission from 12 to 24

35
Comments

• Work does not mention about how the threshold
  value is calculated - it is one of the important
  factor in detecting malicious nodes.
• If malicious nodes work in a group then it is
  difficult to identify them
• Paper does not address other attacks such as Mac
  attack, False route request and reply messages
  that bring down throughput in ad -hoc network

36
Questions?