A Collaborative Contact- Based Certificate Revocation scheme for malicious node in MANET
1457871791-CONFERENCE.docx (Size: 193.97 KB / Downloads: 4)
Abstract: Mobile ad-hoc networks (MANETs) assume that mobile nodes voluntary cooperate in order to work properly,some nodes can refuse to cooperate leading to a selfish node behaviour. Watchdog (CoCoWa) as a collaborative approach based on the diffusion of local selfish nodes awareness when a contact occurs, so that information about selfish nodes is quickly propagated. But it is a cost intensive activity .Thus,We proposed cluster based certificate revocation with vindication capability (CCRVC) algorithm .We focus on the issue of certificate revocation to isolate attackers from further participating in network activities..This scheme is effective in MANET.
Stands for “Mobile Ad hoc Network”. A MANET is a type of ad hoc network that can change locations and configure itself on the fly. Because MANETS are mobile, they use wireless connections to connect to various networks. This can be a standard wi-fi connection, or another medium such as a cellular or satellite transmission.MANET is a highly flexible network where nodes can freely move and joint with no fixed infrastructure,and thus it is vulnerable to attacks by malicious users.To reduce the damage from attacks, attackers must be immediately removed from the network by using a certification system.
The Collaborative Contact-based Watchdog (CoCoWa) as a scheme for detecting selfish nodes that combines local watchdog detections and the dissemination of this information on the network. If one node has previously detected a selﬁsh node it can transmit this information to other nodes when a contact occurs. This way, nodes have second hand information about the selﬁsh nodes in the network. The goal of our approach is to reduce the detection time and to improve the precision by reducing the effect of both false negatives and false positives .The diffusion of information about positive or negative detection so of selﬁsh nodes introduces several issues about the reputation of the neighbour nodes. The ﬁrst issue is the con- solidation of information, that is, the trust about neighbour’s positive and negative detections, specially when it does not match with the local watchdog detection.Another issue is the case of malicious nodes .Finally, the pernicious effect of malicious nodes can be reduced using the reputation detection scheme.. We ﬁrst introduce the architecture of CoCoWa discusses the characterisation of contact occur- rence. Then presents a performance model for evaluating our approach and the evaluation of CoCoWa in terms of detection time and overhead using the analytical model. It has some disadvantages like false positive and false negative detection,receiver collision ,partial dropping.
In this section, we briefly introduce the existing approaches for certificate revocation, which are classified into two categories: voting- based mechanism and non-voting-based mechanism.
2.1 Voting-Based Mechanism
The so-called voting-based mechanism is defined as the means of revoking a malicious attacker’s certificate through votes from valid neighboring nodes. URSA  proposed by Luo et al. uses a voting-based mechanism to evict nodes. The certificates of newly joining nodes are issued by their neighbors. The certificate of an attacker is revoked on the basis of votes from its neighbors. When the number of negative votes exceeds a predetermined number, the certificate of the accused node will be revoked. Since nodes cannot communicate with others without valid certificates, revoking the certificate of a voted node implies isolation of that node from network activities. Determining the threshold, however, remains a challenge. The scheme proposed by Arboit etal.allows allnodes in the network to vote together. As with URSA, no Certification Authority (CA) exists in the network.The primary difference from URSA is that nodes vote with variable weights. The weight of a node is calculated in terms of the reliability and trustworthiness of the node that is derived from its past behaviors, like the number of accusations against other nodes and that against itself from others. The stronger its reliability, the greater the weight will be acquired. The certificate of an accused node is revoked when the weighted sum from voters against the node exceeds a predefined threshold.
2.2 Non-Voting-Based Mechanism
In the non-voting-based mechanism, a given node deemed as a malicious attacker will be decided by any node with a valid certificate. Clulow et al.  proposed a fully distributed “suicide for the common good” strategy, where certificate revocation can be quickly completed by only one accusation. The accusing node has to sacrifice itself to remove an attacker from the network. Park et al.  proposed a cluster-based certificate revocation scheme, a trusted certification authority is responsible to manage control messages, holding the accuser and accused node in the warning list (WL) and blacklist (BL), respectively. The certificate of the malicious attacker node can be revoked by any single neighboring node. In addition, it can also deal with the issue of false accusation that enables the falsely accused node to be removed from the blacklist by its cluster head (CH). It takes a short time to complete the process of handling the certificate revocation.
As discussed above, we compare the advantages and disadvantages between voting-based and non-voting-based mechanisms. The significant advantage of the voting-based mechanism is the high accuracy in confirming the given accused node as a real malicious attacker or not. The decision process to satisfy the condition of certificate revocation is, however, slow. Also, it incurs heavy communications overhead to exchange the accusation information for each other. On the contrary, the non-voting-based method can revoke a suspicious misbehaved node by only one accusation from any single node with valid certification in the network. It is able to drastically simplify the decision- making process for rapid certificate revocation as well as reduce the communications overhead. However, the accu- racy of determining an accused node as a malicious attacker and the reliability of certificate revocation will be degraded as compared with the voting-based method. In this paper, we propose a Cluster-based Certificate Revocation with Vindication Capability (CCRVC) scheme. Like our previously proposed cluster-based schemes .On the other hand, CCRVC inherits the merits of both the voting- based and non-voting-based schemes, in achieving prompt revocation and lowering overhead as compared to the voting-based scheme, improving the reliability and accuracy as compared to the non-voting-based scheme. Our scheme can quickly revoke the malicious device’s certficate, stop the device access to the network, and enhance network security.
MODEL OF THE CLUSTER-BASED SCHEME
In this section, we introduce the model of the proposed cluster-based revocation scheme, which can quickly revoke attacker nodes upon receiving only one accusation from a neighboring node. The scheme maintains two different lists, warning list and blacklist, in order to guard against malicious nodes from further framing other legitimate nodes. Moreover, by adopting the clustering architecture, the cluster head can address false accusation to revive the falsely revoked nodes. Owing to addressing only the issue of certificate revocation, not certificate distribution, the scheme assumes that all nodes have already received certificates before joining the network. On the other hand, we focus on the procedure of certificate revocation once a malicious attacker has been identified, rather than the attack detection mechanism itself. Each node is able to detect its neighboring attack nodes which are within one-hop away.
3.1 Cluster Construction
Nodes cooperate to form clusters, and each cluster consists of a CH along with some Cluster Members (CMs) located within the transmission range of their CH. Before nodes can join the network, they have to acquire valid certificates from the CA,which is responsible for distributing and managing certificates of all nodes, so that nodes can communicate with each other unrestrainedly in a MANET. While a node takes part in the network, it is allowed to declare itself as a CH with a probability of R. Note that neighbor sensing protocols, such as periodical broadcast of hello messages, are effective approaches used in routing protocols to check the availability of links between neighbor- ing nodes. A new link is detected if a node receives a new hello message. Otherwise, the link is considered discon- nected if none of the hello messages is received from the neighboring node during a time period. In this model, if a node proclaims itself as a CH, it propagates a CH Hello Packet (CHP) to notify neighboring nodes periodically. The nodes that are in this CH’s transmission range can accept the packet to participate in this cluster as cluster members. On the other hand, when a node is deemed to be a CM, it has to wait for CHP. Upon receiving CHP, the CM replies with a CM Hello Packet (CMP) to set up connection with the CH. Afterward, the CM will join this cluster; meanwhile, CH and CM keep in touch with each other by sending CHP and CMP in the time period Tu.We note that each CM is assumed to belong to two different clusters in order to provide robustness against changes in topology. In case a CM moves out of the transmission range of its CH, it has to search for other CHP to participate in a new cluster.Especially,if the node does not receive any CHP for a certain period of time 2Tu, namely, there is no CH within its one-hop range, it will declare itself as a CH and propagate CHP to form a new cluster. On the other hand, in case a CH has no CM in its neighborhood range, but if there are other CHs in its neighborhood, this node assigns itself as a CM to communicate with two of the CHs.
3.2 Function of Certification Authority
A trusted third party, certification authority, is deployed in the cluster-based scheme to enable each mobile node to preload the certificate. The CA is also in charge of updating two lists, WL and Blacklist, which are used to hold the accusing and accused nodes’ information, respectively. Concretely, the BL is responsible for holding the node accused as an attacker, while the WL is used to hold the corresponding accusing node. The CA updates each list according to received control packets. Note that each neighbor is allowed to accuse a given node only once. This will be detailed in the threshold mechanism described in Section 4. Furthermore, the CA broadcasts the information of the WL and BL to the entire network in order to revoke the certificates of nodes listed in the BL and isolate them from the network.
3.3 Reliability-Based Node Classification According to the behavior of nodes in the network, three types of nodes are classified according to their behaviors: legitimate, malicious, and attacker nodes. A legitimate node is deemed to secure communications with other nodes. It is able to correctly detect attacks from
malicious attacker nodes and accuse them positively, and to revoke their certificates in order to guarantee network security. A malicious node does not execute protocols to identify misbehavior, vote honestly, and revoke malicious attackers. In particular, it is able to falsely accuse a legitimate node to revoke its certificate successfully. The so-called attacker node is defined as a special malicious node which can launch attacks on its neighbors to disrupt secure communications in the network. In our scheme, these nodes can be further classified into three categories based on their reliability: normal node, warned node, and revoked node. When a node joins the network and does not launch attacks, it is regarded as a normal node with high reliability that has the ability to accuse other nodes and to declare itself as a CH or a CM. Moreover, we should note that normal nodes consist of legitimate nodes and potential malicious nodes. Nodes that are listed in the warning list are deemed as warned nodes with low reliability. Warned nodes are considered suspicious because the warning list contains a mixture of legitimate nodes and a few malicious nodes (see Section 3.4.2). Warned nodes are permitted to communicate with their neighbors with some restrictions, e.g., they are unable to accuse neighbors any more, in order to avoid further abuse of accusation by malicious nodes. The accused nodes that are held in the blacklist are regarded as revoked nodes with little reliability. Revoked nodes are considered as malicious attackers deprived of their certificates and evicted from the network.The classification of these kinds of nodes is summarized in fig.1.
3.4 Certificate Revocation
3.4.1 Procedure of Revoking Malicious Certificates
We present the process of certificate revocation in this section. To revoke a malicious attacker’s certificate, we need to consider three stages: accusing, verifying, and notifying. The revocation procedure begins at detecting the presence of attacks from the attacker node. Then, the neighboring node checks the local list BL to match whether this attacker has been found or not. If not, the neighboring node casts the Accusation Packet (AP) to the CA,which the format of accusation packet is shown in figure.2a. Note that each legitimate neighbor promises to take part in the revocation process, providing revocation request against the detected node. After that, once receiving the first arrived accusation packet, the CA verifies the certificate validation of the
accusing node: if valid, the accused node is deemed as a malicious attacker to be put into the BL.Meanwhile, the accusing node is held in the WL.Finally,by broadcasting the revocation message(see the format in fig.2b) including the WL and BL throughthe whole network by the CA, nodes that are in the BL are successfully revoked from procedure of revocation is described in the following:
. Step 1. Neighboring nodes B, C, D, and E detect attacks from node M. . Step 2. Each of them sends out an accusation packet to the CA against M. Step 3. According to the first received packet (e.g., fromnodeB),the CA hold Band Minthe WLand BL, respectively, after verifying the validity of node B. . Step 4. The CA disseminates the revocation message to all nodes in the network. Step 5. Nodes update their local WL and BL to revoke M’s certificate.