Mobile Netw Appl DOI 10.

1007/s11036-011-0328-0

Trust-Based Routing Mechanism in MANET: Design and Implementation

Tameem Eissa & Shukor Abdul Razak & Rashid Hafeez Khokhar & Normalia Samian

# Springer Science+Business Media, LLC 2011

Abstract Mobile Ad hoc Network (MANET) is a selforganizing wireless network for mobile devices. It does not require any fixed infrastructure to be configured which makes it more suitable to be used in environments that require on-the-fly setup. This paper discusses the challenging issues in MANET routing security. It presents FrAODV , a trust-based scheme for securing AODV routing protocol in MANET using the friendship mechanism. The nodes can evaluate the routing paths according to some selected features (such as node reputation and identity information) before forwarding the data through these routes. We have used two types of implementation in our scheme, simulation (using NS2) and real test-bed (using JADHOC). This scheme is believed to provide a robust environment where MANET nodes can trust each other in a secure community. Keywords mobile ad hoc network . security . trust feature

1 Introduction Infrastructure networks are not suitable in environments where limited resources devices are connected through weak wireless links. In this case, the network should be able to setup on-the-fly without the aid of any administrator or manager. MANET is one solution for such environments. It is a self-organizing and self-configuring network. It is established on a temporary basis and nodes can join or leave the network at any time. For example, new nodes can quickly join or leave the network in a conference room,
T. Eissa : S. Abdul Razak (*) : R. H. Khokhar : N. Samian Universiti Putra Malaysia, Selangor, Malaysia e-mail: sabdrazak@gmail.com

battlefield or fire operation area. The lack of infrastructure and the mobility features of MANET make the routing security process a difficult task. MANET is vulnerable to many routing attacks such as redirection attack where a malicious node sends forged Rrep (Route Replay) messages with high destination sequence numbers [1]. The source node chooses the routes with the highest destination sequence numbers and discards the other routes. All data sent by the source node will be directed through these routes towards the malicious node which in turn drops this data instead of forwarding it [1]. Another famous routing attack are rushing attacks which usually happen in the reactive routing protocols where each node considers just the first route discovery packet that it receives and discards the others [2]. In this attack, malicious nodes rush route requests towards the destination which will consider these requests and ignore the others. The destination node then replies to these requests. As a result, all source and destination traffic will go through the malicious nodes [2]. Many researchers have proposed different methods to secure the routing protocols. In this research, we focus on securing AODV routing protocol. SAODV protocol has been proposed to secure AODV [3], in which both AODV messages (Rreq, Rrep) and the mutable information (hop count, hash value) is included in the protection mechanism. Each node signs Rreq and Rrep message after reducing the hop count and the hash value fields, in which these fields are changed in every hop. The signing process is accomplished by using asymmetric cryptography. SAODV can defend against black hole attack [4]. However, it cannot defend against worm-hole attack [5], hop-count altering attack and routing messages dropping attack. In this paper, friendship based AODV routing protocol has been implemented in a simulation mode (using NS2) and real test-bed (using JADHOC framework). Some trust

Mobile Netw Appl

features are identified to evaluate the node friendship in the network. A friendship mechanism algorithm is constructed to secure AODV routing protocol. This paper is organized as follows: Section 2 describes some preliminaries about MANET and trust concept. Section 3 presents our proposed FrAODV scheme. The performance evaluation of our proposed scheme for simulation and real test-bed scenario are presented in Section 4. The paper is concluded with suggestions for future work in Section 5.

2 Preliminaries 2.1 Security in MANET Flexibility, low cost, and ease of deployment are the main characteristics of MANET. Early development of MANET routing protocols (such as DSR [6], DSDV [7] and AODV [8]) did not consider important security issues. These highly dynamic routing protocols have no clear line of defence. As a result, malicious attackers can disrupt the functionality of a MANET. Recently, many MANET security protocols are designed to address one or more attacks [914], yet no protocol has proven secure against all attackers. Currently, researchers are investigating different MANET security issues which include secure routing, privacy-aware routing, group membership control, key distribution, intrusion detection and response systems, and DOS attacks. The use of threshold cryptography for MANET security was suggested in [9]. The basic idea was to distribute the trust among MANET nodes such that no less than a certain threshold of nodes is trusted. In this approach, the key element is the distributed Certification Authority (CA) which issues certificates to those nodes joining the network. The authors used a threshold signature protocol [15] to issue certificates. This approach is attractive, but cannot directly be implemented on MANET node admission. The approach is hierarchical in the sense that it only selects nodes that can serve as components of the CA, i.e., take part in admission decisions. Also, contacting distributed CA nodes in a multi-hop networks and dynamic MANET is not always possible. Buttyan and Hubaux [10] proposed to stimulate packet forwarding by remunerating intermediate forwarding nodes with some credits paid by the source. Similarly, a Secure Incentive Protocol (SIP) is proposed in [16] to motivate packet forwarding in totally self organizing MANETs without relying on any centralized infrastructure. In SIP , each node imprints a non-forged stamp on each packet forwarded as the proof of forwarding, based on which packet relays are remunerated, while packet sources and destinations are charged with appropriate credits. SIP differs from [10] in many aspects such as the source-

controlled session-based approach, the novel identifierbased session key establishment, and its flexibility and adaptability to network dynamics (e.g., the asymmetric payment model). It is, however, by no means an easy task to implement SIP in a secure, efficient manner. For example, the introduction of credits may serve not only as an incentive for cooperation, but also as a stimulus for cheating. In addition, as an add-on, any incentive scheme like SIP should be efficient and lightweight enough not to disturb other normal network functions such as routing. Zhou et al. [9] developed a credit-based collusion-resistant scheme to address node selfishness, but their approach requires a centralized credit clearance service on the backbone network, which may undermine the selforganizing, decentralized nature of MANETs. In another work, Hu and Perrig [2] proposed a new secure on-demand ad hoc network routing protocol, called Ariadne. Ariadne prevents malicious nodes from tampering with uncompromised routes consisting of uncompromised nodes, and also prevents many types of Denial-of-Service attacks. Ariadne used only highly efficient symmetric cryptographic primitives. However, their role of defending attacks is very limited, because schemes located in a single protocol layer cannot solve problems in other layers. Moreover, security attacks in a network may come simultaneously from different protocol layers. Thus, a multi-protocol layer security scheme is desired for network protocols. SCAN [13] presents a network-layer security solution that protects the control-plane (i.e., ad hoc routing) and the data-plane (i.e., packet forwarding) operations in a unified framework. It does not apply any cryptographic primitives on the routing messages. Instead, it protects routing and packets forwarding through a same reactive approach, in which local neighbouring nodes collaboratively sustain each other, monitor each other, and react to occasional attacks in their vicinity. Kong et al. [11] proposed a set of ubiquitous and robust admission protocols by considering the same problem. The security of these admission mechanisms relies upon a special variant of the proactive threshold RSA signature scheme. Unfortunately, this scheme is neither robust (i.e., it cannot tolerate malicious nodes) nor secure. Also, Saxena et al. [17] claim that, all attempts to construct secure MANET admission protocols from secure threshold/proactive RSA signature schemes have failed. Recently, Saxena et al. [18] also proposed an admission protocol for short-lived MANET which is based on secret sharing techniques using bivariate polynomials. They also presented a scheme that allows any pair of MANET nodes to efficiently establish an on-the-fly secure communication channel. Zapata and Asokan [3] proposed Secure AODV (SAODV) using digital signature to authenticate most fields of RREQ and RREP and hash chain is used to authenticate ,

Mobile Netw Appl

hop count. Network nodes authenticate AODV routing packets with an extension of SAODV digital signature to prevent certain malicious attacks. SAODV provides reasonable security in AODV routing protocol, however, SAODV relies on digital signatures and computing such signatures on resource constrained nodes is expensive. Furthermore, SAODV cannot protect against invalid routes, because an authenticated malicious attacker node that happens to be on a route between the source and destination may pass on the routing message without updating routing information. Papadimitratos and Haas proposed Secure Routing Protocol (SRP) [19] to provide end-to-end DSR security via an existing security association between the source and destination. SRP allow the destination to produce a keyed MAC over the received path sequence. The MAC is transmitted in the route reply packet that allows the source to verify the route reply has been approved by the target node. The authors of SRP provide a guided discussion on possible attacks and describe how SRP is secure if malicious attackers do not collude or work together. SRP provides further route security in the presence of noncolluding attackers by using BAN logic method [20]. However, Marshall et al. [18] described malicious attacker does not append itself to the accumulated route path during route discovery and subsequently relays the signed route reply, proving that the BAN claim is false. An additional attack against SRP is presented in [21]. This attack was discovered via visual inspection after simulatability models indicated SRP is not provably secure. Yi et al. [22] designed Security-Aware ad hoc Routing (SAR) protocol which is derived from AODV routing protocol and based on the hierarchal trust values metric and authentication. In SAR, the authors defined a new metric called trust value that governs routing protocol behaviour. This metric is to be embedded into control packets to mirror the minimum trust value required by the sender. As a result, the received packet cannot be processed or forwarded to next hop until it provides the essential trust level entrusted to the packet. SAR prevents attacks from an internal node on a higher trust level and shows better security as compared to previous routing protocols. However, defining the nodes trust values is problematic if there is no hierarchy in the network. Also, to secure the scheme, the authors suggest that all nodes at the same level of trust should share a common secret. This is not very practical, and has many key-management issues. Sanzgiri et al. [1] proposed an AODV based authenticated routing for ad hoc networks (ARAN). In ARAN, each node has a certificate signed by a trusted authority, which associates its IP address with a public key. ARAN is an ondemand protocol, broken up into route discovery and maintenance. Because ARAN uses public-key cryptogra-

phy for authentication, it is particularly vulnerable to DoS attacks based on flooding the network with bogus control packets for which signature verifications are required. As long as a node cant verify signatures at line speed, an attacker can force that node to discard some fraction of the control packets it receives. In another attempt, Carter and Yasinsac [23] proposed a Secure Position Aided Ad hoc Routing (SPAAR) protocol for a high-risk MANET environment. SPAAR is designed to fulfil the security requirements of the managed hostile environment. SPAAR protects position information with authentication, privacy, and integrity via cryptographic techniques. However, SPAAR is an anonymous on-demand protocol that requires online location servers. A Secure Link-State Protocol (SLSR) proposed in [24] used digital signatures and one-way hash chains to ensure the security of link-state updates. SLSR is a periodic protocol that receives link state information through a periodic Neighbour Location Protocol (NLP). As a part of NLP each node broadcasts a pair of signs between its IP , and MAC addresses. A nodes NLP can notify SLSR when one MAC address uses two IP addresses, or two MAC addresses claim the same IP address, or another node uses the same MAC address as the detecting node. These protocols ensure some level of integrity of MAC and IP addresses within a two-hop radius. SLSR uses the same lightweight flooding prevention mechanism as SRP, wherein nodes that relay or generate fewer link-state updates are given priority over any node that sends more link-state updates. As in SRP an attacker can masquerade , as a victim node and flood the victims neighbours with link-state updates that appear to originate at the victim. Although the victim might be able to detect the attack, due to NLPs duplicate MAC address detection functionality, the victim will have no way to protest. A brief survey of security techniques in MANET Routing can be found in [25]. 2.2 Trust-based security schemes in MANET The traditional cryptography schemes that provide authentication and data privacy do not detect when an internal node provides false routing information, or where a node does not cooperate with the other nodes to save its resources. There should be another layer of security that detects such misbehaviour. This layer is based on trust concept. This concept was first proposed in [26]. It is based on the way that human beings trust each other. When a person wants to verify another person, he usually asks his friends about this person. He also asks this person to provide him with the list of reference people who will be asked if he is to be trusted. In the same way, when a node S wants to verify another node D, the first

Mobile Netw Appl

step, S requests recommendations from the list of trusted entities (friends). This request implies a question to each entity in the list about the identity of D. Each entity answers yes (trusted) or no (un-trusted). Any entity that does not find D in its friends list forwards the request to its trusted entities list (Recommendation list). If any entity of the friends list or the recommendation list knows D and trusts him, information about D is sent back to S. In the next step, node S will ask D about the references, i.e. other entities with which he has communicated before. When S receives D references, he asks his friends list if they know these references and trusts them. S also may ask the references for references (References chain, [27]). In [28 30] also proposed to use the trust concept to evaluate the nodes in MANET. 2.3 Features selection in trust-based security schemes A good features selection scheme plays an important role in creating a trust-based MANET community. Features actually represent the characteristics or evidence properties of each node in the network. We had made a set of comparative studies on several features selection schemes in our previous work [31]. In general, feature based schemes can be divided into 2 categories including performance metrics evaluation and quantitative trust value. In the category of performance metrics evaluation, the efficiency of selected features are evaluated by using certain metrics such as routing traffic, route discovery time, routing overhead and number of data packets delivery. For instance, each feature contains its own corresponding attribute number that will be presented during packet forwarding process [32]. When a source node wants to forward a packet to its destination, it will ask its neighbouring nodes to present their features attribute number for checking. If the neighbouring nodes manage to present an attribute number that fulfills the source nodes requirement, the attribute number will be embedded in the packet format and the node is granted to forward the packet to other neighbouring nodes before reaching the required destination. The effectiveness of packet forwarding process based on selected features are measured using performance
Fig. 1 Overview of friendship routing protocol. H and M indicate honest network node and malicious node, respectively. S and D indicate the source and destination node, respectively
S

metrics such as Encryption / Key, Hardware Configuration, Battery Power, Credit History/ACK, Exposure, Organization Hierarchy, Identity, and Location. On the other hand, the quantitative trust value category represents the method of evaluating trust features by using certain mathematical functions or equations. Each feature has its own trust value metric that can be assigned based on ones judgment for a specific application. At present, there is no standard to determine value metrics. The values are determined based on intuitive decisions. The features trust value metrics are computed in a formulated equation and the output will be used to determine whether a node can be trusted or vice versa. According to recent research [32, 33], there are eight features which can be considered for performance metrics evaluation and ten features for quantitative trust value. Three features that are not very useful for both categories are battery power, credit history or acknowledgement and identity which were proposed in [28, 32].The other frequently used potential selected feature is encryption or key type which falls under the performance metrics evaluation category [28, 32, 34]. The remaining expected suitable features are trust value metric, packet precision and blacklist [33, 34]. In this paper, we have considered 3 features to represent each node in our MANET environment which includes trust value metric, packet precision and blacklists. As aforementioned in [31], the selection of these features is based on the justification that they have been frequently used in the previous six research works [28, 3236]. However, these features are subject to change after an emulation process has been carried out, which may give results on the suitability of the features used. The remaining unselected features are not discarded but are reserved for later deployment, for example, in case the current selected features are found to have weaknesses.

3 Our scheme In this section, we present our friendship-based framework proposed to secure AODV (Fig. 1). Two algorithms (FwEvaluate and RvEvaluate) are used to evaluate the

M X H M X H H X X H M X H X M H D

Mobile Netw Appl

forward and reverse routes respectively in AODV protocol. We assume that each node has identity information that cannot be forged by malicious nodes. This Identity information can be some type of smart card provided in the initialization phase. For simplicity, we use IP and MAC addresses. The friends list is created in the initialization phase and distributed (offline) to the devices. We also assume that the number of malicious nodes is less than the number of good nodes. 3.1 Friendship-based AODV routing protocol (FrAODV) In the proposed scheme, each node keeps a list of friends and the friendship value of these friends. The friendship values are represented as numbers ranging from 0 to 100. The bigger the number, the more it trusts in that node. Two algorithms are used to build up trusted routes in AODV protocol: & RvEvaluate algorithm

Figure 2 shows RvEvaluate algorithm and the explanation is as follows: & & The source node broadcasts RREQ as in the original AODV protocol. When any node receives RREQ , we have the following two cases: 1. If the current node is the final destination, it evaluates the friendship of the previous hop, and if this is not a friend it rejects the request. Otherwise it evaluates the friendship of the reverse route from the destination to the originator node by comparing its friendship value with the current routes friendship values. The friendship value of the reverse route is calculated as:
h X Pr FrHpi i1

RvFrRte

This algorithm builds up trusted reverse route from the destination and intermediate nodes to the originator node.
Receiving new RREQ

where Pr FrHpi the friendship is value of a previous hop i, h is the number of hops from the

No

I am the destination of the RREQ?

Yes

Evaluate the friendship of the previous and next hop

Evaluate the friendship of the previous hop

No

friend?

Yes

Yes

friend?

No

Reject the route

Evaluate the friendship of the route to originator

Reject the route

More friendly than existing route ?

No

Register the new route

Yes

Reject the route

Fig. 2 RvEvaluate algorithms

Mobile Netw Appl

destination node to the originator node. Then, it compares it with the friendship value of the existing route. If its less, it simply rejects the new route. Otherwise, it registers the new route as the best friendly reverse route received up to now. 2. If the current node is an intermediate node, it evaluates the friendship of the previous and the next hop and if one of these hops is not friends, it rejects the request. Otherwise it creates a reverse route from the current node to the originator node and evaluates it as in the previous step. & FwEvaluate algorithm

3.1.1 Example Lets have a look at the following example where node A wants to creates a route to node D. From Fig. 4, it can be seen that the friend value of the route ABD is: FrA ! B FrB ! D=2 8 8=2 8. While the friend value of the route ACD is FrA ! C FrC ! D=2 10 10=2 10 As a result, A chooses route ACD since it has more friendship value than route A!B!D 3.2 Friendship evaluation in FrAODV The evaluation of any node depends on the friends value appended to that node. The more friend value a node has the more trustworthiness it is granted. However, when this value is less than a specific threshold called Threshold Friendship (TF), the node is considered untrusted. As a result, all communication coming from that node is blocked. The TF value can be chosen by the network designer according to the scenario. When a node is blocked, all the Rreq and Rrep messages coming from or going to that node are rejected. 3.3 Node authentication in FrAODV scheme Mobility is achieved through a list of rules that are dynamically issued to the appropriate test-bed notebooks, changing their configuration in a controlled way. The IP and MAC addresses have been used as an identity to check the friends authentication. & Logical Address authentication

This algorithm builds up trusted forward routes from the source and intermediate nodes to the final destination node. Figure 3 shows FwEvaluate algorithm and the explanation is as follows: & The final destination node generates RREP messages according to the received RREQ message and sends them to the previous node as in the original AODV protocol. When any node receives RREP, we have the following two cases: 1. If the current node is the originator node, it evaluates the friendship of the next hop and if this is not a friend, it rejects the request. Otherwise it evaluates the friendship of the forward route from the originator node to the final destination node by comparing its friendship value with the current routes friendship value. The friendship value of the forward route is calculated as:
h X FwFrHpi i1

&

FwFrRte

Where FwFrHpi the friendship values of the next hop i, h is the number of intermediate hops from the originator node to the destination node. Then, it compares it with the friendship value of the existing route. If its less, it simply rejects the new route. Otherwise, it registers the new route as the best friendly forward route received up to now. 2. If the current node is an intermediate node, it evaluates the friendship of the previous and the next hop and if one of these hops is not friends, it rejects the request. Otherwise it creates a forward route from the current node to the destination node and evaluates it as in the previous step.

The first task of a new node is to associate itself with a Friendly MANET node. Thus, the new node listens for hello messages and selects one configuring node. Then, a hello message is created and transmitted in order to request address configuration from the selected configuring node. If an IP address is not available, the MAC address of the new node must be checked in order to uniquely identify the new node. Upon receiving a hello message, the configuring node assigns a local address to the new node, and signals this assignment through another hello message. Additionally, the configuring node marks the assigned address as used in its hello messages. & Physical Address authentication

MAC address has been used as a second identity in our friendship mechanism that works by discriminating against

Mobile Netw Appl

Receiving new RREP

No

I am the Originator of the Request?

Yes

Evaluate the friendship of the previous and next hop

Evaluate the friendship of the next hop

No

friend?

Yes

Yes

friend?

No

Reject the route

Evaluate the friendship of the route to destination

Reject the route

More friendly than existing route ?

No

Reject the route

Register the new route

Yes

Fig. 3 FwEvaluate algorithm

certain traffic at Layer 2. By specifying which node (by their MAC addresses) can communicate directly (friends) or which node cannot (blacklist) certain one hop routes can be individually discarded or accepted. In case of friend node, it is the data packet to be passed up to next node

which decides the next best hop based on the friendship value. MAC address provides extra security between mobile nodes, where in a real MANET the association would occur between wireless cells. Specifically, the MAC address of the mobile node has to be accepted by its new neighbouring nodes as well as the mobile node accepting the MAC address of its new neighbours. Through the proposed friendship mechanism, the initial topology can be specified by selecting node-to-node associations. To realize mobility, each time node is mobile and disassociated from its current neighbours. The next node that it wishes to associate with is set through friendship value. Once a scenario has been created, running the scenario causes the nodes to remotely connect to the relevant nodes and dynamically exchanges their friendship value.

4 Performance evaluation Our implementation includes two separate parts, simulation and test-bed. The simulation has been done to compare the

Fig. 4 Example on the scheme friendship mechanism

Mobile Netw Appl

Fig. 5 Packet delivery fraction for three AODV implementations under malicious attacks (100 m100 m)

Fig. 7 Normalized routing load for three AODV implementations under malicious attacks (100 m100 m)

proposed scheme with the other existing schemes and testbed implementation is done by using a real-world scenario setup. 4.1 Performance evaluation with existing schemes A simulation experiment has been done to evaluate the friendships mechanism with plugged-in trust features. The simulation is run on AODV routing protocol by using NS-2. For all simulations, the same movement models will be used where the number of mobile nodes involved is 100, the simulation time is 250 s, the pause time is varied as 0, 50, 100, 150, 200 and 250 s, and the network boundaries are set to 100 m100 m and 1000 m1000 m areas. The purpose of having two different sets of network boundaries is to determine how the proposed mechanism performs in the most and less dense areas. The test was carried out on 100 m100 m network size with 100 mobile nodes involved. Some malicious attacks have been launched to see how the proposed mechanism could endure the AODV routing protocol under such attacks. Performance comparison will be made between three implementations on
Packet Delivery Fraction (PDF)
100 90 80 70 60 50 40 30 20 10 0 0 50 100 150 200 250 Pause Time (seconds)
AODV-Malicious Attacks AODV-Friendships Mechanism (Malicious Attacks) AODV-Friendships Mechanism with Trust features (Malicious Attacks)

AODV: original AODV routing protocol, AODV with friendships mechanism without trust features and AODV with friendships mechanism that is enhanced with trust features. The performance of the proposed mechanism is evaluated using packet delivery fraction (PDF) and normalized routing load (NRL). PDF derives the ratio of received data packets over sent packets delivered to the destinations [37]. It is a measurement of a protocols successfulness delivering packets from source to destination, also known as the throughput of a network. The higher percentage value of PDF obtained denotes the better network throughput performance of a routing protocol. Meanwhile, NRL is the ratio of the number of control packets (routing packets) broadcasted by every node in the network and the number of data packets received by the destination nodes [38]. Lower NRL prescribes that a routing protocol is more efficient as less unnecessary control packets have been propagated in the network in comparison to the data packets received at destination. The PDF comparison for the three AODV implementations in 100 m100 m is illustrated in Fig. 5. From the graph, it can be seen that under malicious attacks, the implementation of proposed friendships mechanism with trust features on AODV outperforms the other two AODV implementations by approximately 10% at each interval of nodess mobility pause time. On the other hand, the other two parameters achieved percentages of PDF in the same

Fig. 6 Packet delivery fraction for three AODV implementations under malicious attacks (1000 m1000 m)

PDF (%)

Fig. 8 Friendship mechanism test-bed setup

Mobile Netw Appl Table 1 Node hardware specifications Model HP 520 HP Pavilion dv2000 HP Pavilion dv2000 Fujitsu Siemens HP Pavilion (Desktop) Processor 2.0 GHz 2.0 GHz 2.0 GHz 1.73 GHz 2.20 GHz Ram 1 GB 3 GB 3 GB 510 MB 2 GB Wireless card Intel(R) Intel(R) Intel(R) Intel(R) Linksys PRO/Wireless 3945ABG Network Connection Wireless WiFi Link 4965AGN Wireless WiFi Link 4965AGN PRO/Wireless 2200 GB Network Connection Wireless-G PCI Adapter

vicinity with each other at about 75%. The performances of the two AODV implementations are in such a way because the malicious nodes have not been excluded earlier, and that causes them to successfully carry out malicious activities. As a result, less data packets are received than sent as many have been dropped by malicious nodes. Different output patterns have been exhibited after a simulation ran in a 1000 m1000 m area as shown in Fig. 6. At high mobility level, the performance of the AODV with trust features implementation is lower than the original AODV This is because the number of total trust . relationships gained for this terrain size is smaller than the one obtained in the smaller area, leading to a smaller number of cooperation among friends. Thus, at high mobility level where a nodes movements are more frequent, more cooperative friends are needed to increase PDF performance. However, the PDF performance is increasing when the mobility level is decreasing, outperforming the original AODV . The results of routing load achieved for the three AODV implementations in 100 m100 m area are as illustrated in Fig. 7. The graph shows that the proposed AODV implementation with trust features acquired relatively lower routing loads at all pause times, whereas the remaining two AODV implementations gained higher routing loads. The result proves the hypothesis that less control (routing) packets have been broadcast in the network due to the
Fig. 9 Scenario setup

malicious nodes having been restricted from doing so with the implementation of trust features in AODV . 4.2 Performance evaluation in real test-bed implementation In order to do the experimental performance analysis of friendship based AODV networks, the experimental testbed as illustrated in Fig. 8 was constructed. The experiment was conducted in the wireless communication lab at Universiti Teknologi Malaysia. The area was approximately 20 m by 8 m and during the experiments all 5 notebooks were placed in the same lab. The laptops have the following hardware and software configurations. & Hardware configurations

All the 5 nodes have the hardware specifications as outlined in Table 1. & Software configurations

All notebooks have been installed with Windows XP . The WLAN interface of each notebook has been allocated a different IP address from a different sub network as shown in the Fig. 7. Jadhoc prompts the user to start each test-bed node that will be used to aid the user in configuring the initial MANET topology. This MANET experiment specifically tries to emulate the hops that exist between neighbours nodes and their mobility. By definition, the

Mobile Netw Appl

two hop distance between nodes indicates that they are geographically separated in such a way that they are not able to communicate directly; instead they must communicate at the Network Layer, routing via an intermediary node. This separation is shown in Fig. 8 and highlights that the wireless cells have minimal interference with one another. & Nodes Initialization

Each node should be from different subnet. The gateway of each node should be the IP address of a node that does not exist. This will launch the route requests multicasting to all the nodes in range. For example, if the node IP address is 192.168.2.1/24, the gateway is set as: 192.168.2.100 (this IP address is virtual). The wireless network of each node should be configured to use the open mode. 4.3 Scenario setup The environment used here consists of five nodes, each one provided by a wireless network interface as shown in Fig. 9. Each node is equipped with the following setup: Windows XP professional V ersion 5.1.2600 service pack 2, JDK version 1.4, JRE version 1.4, JPCAP version 0.4.4, and JADHOC version 0.2. The nodes hardware specifications are as shown in Table 1. & Experimental Results

Fig. 11 Friendship message activity

rate of one message per minute. The nodes sent messages for ten minutes, and then statistics were recorded one minute afterwards. One of the goals of this experiment is to determine how well it scales. How does our friendship mechanism performance vary with respect to the number of nodes in the network? Attempting to answer this question, we have conducted experiments by considering 3 scenarios including packet delivery ratio, friendship message activity, and average time. These scenarios are explained as follows: & Packet Delivery Ratio

This section provides the results of the performance analysis done on the basis of the scenarios and the tests described in the previous section. V arying the number of nodes can be accomplished in two basic ways. One is by varying field size, keeping node density constant. The other one is by keeping the field size constant and increasing the density. The experiments have been performed using both of these approaches. In all the simulated experiments, each node sent messages to random destinations at an average

Average packet delivery ratio has been calculated using 10 different experiments. A 10 MB data packet has been sent with TTL=128 in each experiment. UDP actual load for given load of 10240 bps, out of order sequence packets are shown both for friendship mechanism and JAdhoc. Packet Delivery Ratio of both Friendship Mechanism and JAdhoc protocol handlers was found to be between 93% to 96%, and 98% to 100% respectively, as shown in Fig. 10. The loss of packets is due to the load caused by the security messages. The original JAdhoc version does not include any security messages. This justifies why PDR is higher in

Fig. 10 Performance comparison of packet delivery ratio between friendship mechanism and Jadhoc (0.20)

Fig. 12 Performance comparison of average time between friendship mechanism and Jadhoc (0.20)

Mobile Netw Appl

the original JAdhoc than in our version. However, this loss does not have a critical effect on data communications among the nodes. & Friendship Message Activity

Friendship message activity is calculated by varying the number of nodes. The total message activity has been computed as the total number of AODV messages sent and received at each node. It is important to count both sent and received messages, as they will generally differ, for not all sent messages are received, while some messages are received many times (broadcasts). Experiments were performed by varying nodes in the lab of range 20 m by 8 m. In all experiments, each node sent one message to particular destinations. The nodes sent messages 10 times, and then statistics were recorded for each second afterwards. In this experiment, friendship message activity has been calculated per node in a constant-density field. Nodes were initially arranged in a grid format with each node separated by 5 m. From Fig. 11, it is clear that the amount of message activity is increased each time more nodes are added to the network. With mobility, destinations can become unreachable, causing route error messages to be sent and routes to be removed. To create those routes again, new route request need to be sent, resulting in the increased message activity. & Average Time

scheme in wireless PDA devices and perform the experiment in more mobility environments where nodes can move freely in a wide range of area (such as in forest or street). In future implementations, we should consider a high number of PDA nodes in the environment (at least 20 PDA devices) and evaluate the proposed scheme under this scenario.
Acknowledgment This research has been supported by the Ministry of Science, Technology and Innovation (MOSTI) Malaysia under EScience Project vote No. 79261.

References
1. Sanzgiri K, Dahill B, Levine BN, Shields C, Belding-Royer EM A secure routing protocol for ad hoc networks. In Proceedings of the 10th IEEE International Conference on Network Protocols, ICNP 02, pp 7889, Washington, DC, USA, 2002. IEEE Computer Society 2. Hu Y -C, Perrig A, Johnson DB (2003) Rushing attacks and defense in wireless ad hoc network routing protocols. In Proceedings of the 2nd ACM workshop on Wireless security,WiSe 03, pp 3040, New York, NY USA. ACM , 3. Zapata MG, Asokan N (2002) Securing ad hoc routing protocols. In Proceedings of the 1st ACM workshop on Wireless security, WiSE 02, pp 110, New York, NY USA. ACM , 4. Al-Shurman M, Yoo S-M, Park S (2004) Black hole attack in mobile ad hoc networks. In Proceedings of the 42nd annual Southeast regional conference, ACM-SE 42, pp 9697, New York, NY USA. ACM , 5. Hu Y Perrig A, Johnson DB (2003) Packet leashes: a defense -C, against wormhole attacks in wireless networks. In INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies, volume 3, pp 19761986, march-3 April 2003 6. Johnson DB, Maltz DA (1996) Dynamic Source Routing in Ad HocWireless Networks. Kluwer Academic Publishers 7. Perkins CE, Bhagwat P (1994) Highly dynamic destinationsequenced distance-vector routing (dsdv) for mobile computers. In Proceedings of the conference on Communications architectures, protocols and applications, SIGCOMM 94, pp 234244, New York, NY USA. ACM , 8. Perkins CE, Royer EM (1999) Ad-hoc on-demand distance vector routing. In Mobile Computing Systems and Applications, 1999. Proceedings. WMCSA 99. Second IEEE Workshop on, pp 90100, Feb 1999 9. Zhou L, Haas ZJ (1999) Securing ad hoc networks. Network, IEEE 13(6):2430 10. Buttan L, Hubaux J-P (2003) Stimulating cooperation in selforganizing mobile ad hoc networks. Mob Netw Appl 8:579592 11. Kong J, Luo H, Xu K, Gu DL, Gerla M, Lu S (2002) Adaptive security for multilevel ad hoc networks 12. Hu Y -C, Perrig A, Johnson DB (2005) Ariadne: a secure ondemand routing protocol for ad hoc networks. Wirel Netw 11:21 38 13. Y H, Meng X, Lu S (2002) Scane: Selforganized network-layer ang security in mobile ad hoc networks. In Proceedings of the 1st ACM workshop on Wireless security, WiSE 02, pp 1120, New Y ork, NY USA. ACM , 14. Saxena N, Tsudik G, Yi JH (2009) Efficient node admission and certificateless secure communication in short-lived manets. Parallel and Distributed Systems, IEEE Transactions 20(2):158170

Average time has been referred to in this experiment as the time taken by messages to travel from the source to the destination. The results show that the average time calculated in the proposed scheme is almost the same as the performance of the original JadHoc scheme. A small delay may happen due to the friendship messages transferring prior to sending data. However, the friendship security communication chosen in our system is lightweight and suitable for the limited resources of MANET. In other words, the security implementation that has been added to JadHoc does not cause significant delay for the messages to reach their destinations (Fig. 12).

5 Conclusion and future work In this paper we have shown that our friendship based mechanism is a useful framework to secure AODV routing protocols in MANET. We also presented in detail the routing mechanism used to evaluate the nodes using the trust concepts. We have evaluated our proposed friendship based mechanism in a real test-bed using JADHOC framework. The results show that this approach is a promising way of securing AODV routing protocols. The future work of this research is to implement the proposed

Mobile Netw Appl 15. Frankel Y Y , ung M, Desmedt Y (1994) How to share a function securely (extended summary (1994)). In Symposium on the Theory of Computation (STOC) 16. Zhang Y Lou W, Liu W, Fang Y (2007) A secure incentive , protocol for mobile ad hoc networks. Wirel Netw 13:569582 17. Saxena N, Tsudik G, Yi JH (2007) Threshold cryptography in p2p and manets: the case of access control. Comput Netw 51:3632 3649 18. Thakur V Marshall J, Yasinsac A (2003) Identifying flaws in the , secure routing protocol. In Proc. 2003 IEEE Intl. Performance, Computing, and Commun. Conf, p 167174 19. Papadimitratos P, Haas ZJ (2002) Secure routing formobile ad hoc networks. In SCS Communication Networks And Distributed Systems Modeling And Simulation Conference (CNDS 2002), pp 193204 20. Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8:1836 21. Buttyn L, V ajda I (2004) Towards provable security for ad hoc routing protocols. In In Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN, pp 94105. ACM Press 22. Yi S, Naldurg P Kravets R (2001) Security-aware ad hoc routing , for wireless networks 23. Carter S, Yasinsac A (2002) Secure position aided ad hoc routing. In Proc. IASTED Intl. Conf. Commun. And Computer Networks (CCN02), pp 329334 24. Papadimitratos P Haas ZJ (2003) Secure link state routing for , mobile ad hoc networks 25. Andel TR, Yasinsac A (2007) Surveying security analysis techniques in manet routing protocols. Communications Surveys Tutorials, IEEE 9(4):7084 26. Weimerskirch A, Thonet G (2002) A distributed light-weight authentication model for ad-hoc networks. In Proceedings of the 4th International Conference Seoul on Information Security and Cryptology, ICISC 01. Springer-V erlag, London, UK, pp 341354 27. Wang G, Wang Q, Cao J, Guo M (2007) An effective trust establishment scheme for authentication in mobile ad hoc networks, pp 749754, Oct 28. Eschenauer L, Gligor VD, Baras J (2002) On trust establishment in mobile ad-hoc networks. In In Proceedings of the Security Protocols Workshop, pp 4766. Springer-V erlag 29. Zhu S, Zhu S, Xu S, Setia S, Jajodia S (2003) Lhap: A lightweight hop-by-hop authentication protocol for ad-hoc. In In Proc. of the 23rd International Conference on Distributed Computing Systems Workshops, p 749755 30. Ren K, Li T, Wan Z, Bao F, Deng RH, Kim K (2004) Highly reliable trust establishment scheme in ad hoc networks. Comput Netw 45:687699 31. Samian N, Maarof MA, Razak SA (2008) Towards identifying features of trust in mobile ad hoc network. In Proceedings of the 2008 Second Asia International Conference on Modelling & Simulation (AMS), pages 271276, Washington, DC, USA, 2008. IEEE Comput Soc 32. Abusalah L, Khokhar A, BenBrahim G, ElHajj W (2006) Tarp: trust-aware routing protocol. In Proceedings of the 2006 international conference on Wireless communications and mobile , computing, IWCMC 06, pp 135140, New York, NY USA, ACM 33. Li H, Singhal M (2006) A secure routing protocol for wireless ad hoc networks. In Proceedings of the 39th Annual Hawaii International Conference on System Sciences - V olume 09, pages 225.1, Washington, DC, USA. IEEE Comput Soc 34. Nekkanti RK, Lee C (2004) Trust based adaptive on demand ad hoc routing protocol. In Proceedings of the 42nd annual Southeast regional conference, ACM-SE 42, pp 8893, New York, NY USA, , ACM 35. Pirzada AA, McDonald C (2004) Establishing trust in pure ad-hoc networks. 27th Conference on Australasian Computer Science (CRPIT 04), January 2004 36. Zhang P Yan Z, Virtanen T (2003) Trust evaluation based security , solution in ad hoc networks. In Proceedings of the 7th Nordic Workshop on Secure IT Systems, pp 114 37. Pandey AK (2005) Study of manet routing protocols by glomosim simulator. In International Journal Of Network Management, volume 15, pp 393410. John Wiley and Sons, Ltd 38. Rani A, Dave M (2007) Performance evaluation of modified aodv for load balancing 1. J Comput Sci