Research Of Secure Routing Protocols In Ad Hoc Networks Based On On-demand Routing Protocols

Mobile Wireless Ad Hoc networks is a kind of special and temporary self-organized network, which is composed of a collection of mobile wireless terminal units with wireless receive and dispatch device and without the use of any existing network infrastructure or any centralized administration. Mobile Ad Hoc networks originated from military scenario, but because of its fast deployment, low cost and completely distributed configuration, it is also applied in some civilian scenario and business scenario quickly. At the same time, due to the insecure nature of the wireless link, their dynamically changing topology and the limited resource of its nodes, there are various security challenges faced in Ad Hoc networks, which seriously limits the development and application of its network. The security solutions for conventional networks are usually not sufficient to provide efficient Ad Hoc operations. We have to focus on the characteristics and security threats of mobile Ad Hoc networks and design specialized secure routing mechanism for it.This thesis gives a discussion over the question of on-demand routing protocols and DATA flooding attack, and puts forward a plan to improve the three on-demand routing protocols to resist DATA flooding attack. We simulate AODV, DSR and TORA without attack and under attack based on NS2 platform firstly. Through collecting of a serial of data, we know that the DATA flooding attack has blocked normal communication in Ad Hoc networks seriously, especially to TORA. We design and carry out the plan based on NS2 platform. The simulation results validate the plan's validity.The problems in Ad Hoc networks routing protocols result in various kinds of attacks to its routing protocols, including routing falsification, routing hiding, black hole attack and denial of service attack and so on. The DATA flooding attack is one kind of denial of service attacks. Under the attack, vicious node sends a lot of useless data to some nodes, so that the Ad Hoc networks is full of RREQ and useless data. Because of that, other nodes are so busy in processing the RREQ and useless packets sent by vicious node that other useful RREQ and data packets maybe be processed late even dropped. At the same time, these useless RREQ and data packets consume a lot of energy of other nodes. So normal communication is blocked. This attack is mainly in allusion to on-demand routing protocols.The current secure routing protocols pay much attention to disguise, the security of data transmitting,black hole attack,routing discovering, while pay a little attention to the DATA flooding attack. So they can't resist the DATA flooding attack. For example, SRP, Ariadne, ARAN and SAODV, they only provide authentication among nodes in Ad Hoc networks to prevent vicious node to amend packets. Its aim is to resist external attack, but they can't resist the DATA flooding attack coming from inner nodes. The security authentication needs a lot of calculation which increases the effect of DATA flooding attack.At present,the projects in allusion to DATA flooding attack are deleting attack route and establishing secure neighbor relation.In the project of deleting attack route,the destination node which is attacked sends a RRER packet to the vicious node,so the vicious node deletes the attack route and can't attack the destination node any more.However,other nodes don't know the IP address of the vicious node,so the vicious node can attack other nodes.What's more,in this project,only the destination node could reply RREQ packets which results in that more time will be spent to find a route.In the project of establishing secure neighbor relation,one node can't let another node transmit its packets if it doesn't establish secure neighbor relation with another node.But one important characteristic of Ad Hoc networks is that its nodes are mobile.In the network in which nodes move ceaselessly,the nodes need to establish secure neighbor relation with their neighbor nodes ceaselessly to send packets.It will cost a lot of energy and time.The primary routing protocols AODV, DSR and TORA can't resist the DATA flooding attack so that normal communication is blocked seriously under attack. The reason is that the destination node doesn't do any reaction after receiving the useless data packets, and other nodes couldn't know that the data packets sent by vicious node are useless. So other nodes process the useless packets normally. Then the normal RREQ and data packets will be delayed even dropped. Under attack, the average end-to-end delay increases, packet delivery rate falls and routing overhead increases. Through the analysis upwards, this thesis puts forward a plan with basic idea of identifying and separating. After identifying the action of vicious node, the destination node sends a VNP packet to other nodes except vicious node. The VNP packet includes the IP address of the vicious node and the IP address of node which sends this VNP packet. If a node has received two VNP packets that come from different nodes but include the same vicious node IP address, the node considers the accused node as vicious node. Then when finding RREQ and data packets come from vicious node, they don't process the packets any more. So the vicious node is almost separated from the network. It can't originate DATA flooding attack after being identified. Its effect to network only exists at the beginning.At last, we take advantage of NS2 platform to improve the existing AODV, DSR and TORA routing protocols, and collect three parameters: average end-to-end delay, packet delivery rate and routing overhead. Then we compare these data with the data collected without attack and under attack but no defense. The simulation results prove the validity of the idea.To sum up, in the thesis, the effect of DATA flooding attack to the communication among normal nodes in Ad Hoc networks is researched firstly, then aim at the attack, we put forward a plan to improve the three on-demand routing protocols to resist the attack. At last, we take advantage of simulation to validate the validity of our idea. Due to limited time, the improved routing protocols are not perfect, and we will improve them during afterwards work.