An Efficient Enhancement for the Security of A-saodv Protocol

This study analyzed the performance of SAODV and A-SAODV and proposed a security improvement for SAODV by introducing the concept of trust level. Further optimization has also been imposed on the current SAODV to minimize the processing overhead and delays, while maximizing the routing throughputs. NS2 simulation Results demonstrate the improved performance of our modified A-SAODV scheme.


INTRODUCTION
The mobile Ad hoc network is a multi-hop, selforganize wireless network which is widely used in battlefield, conference communication and disaster evacuation .etc.But it is easily attacked because of the open transmission medium and the mode of selforganization.In addition, many security routing protocols designed for ad hoc network are too complex to implement.Hence, it's important to design a high efficient and secure routing protocol which can work autonomously under unmanned operation circumstance in ad hoc networks (David and Alessandro, 2008;Deng-Yin and Jun-Ling, 2010;Liang-Long et al., 2009).
Traditional security routing protocols, such as SAODV, SRP, SEAD, ARAN and SAR, resist attacks by authentication and encryption in link layer, multipath routing and duplex identity authentication.These protocols have been trying to optimize the performance on security, extensibility, robustness and communication complexity and calculation burden.However it is still an open problem to tradeoff between security and efficiency.In this study, we focused on the popular SAODV, aiming to optimize its security efficiency.
SAODV is a security routing protocol with high efficiency, which originates from AODV protocol.The security measures, such as digital signature, authentication and hash chain, win enhance the security while increasing the computation burden and time delay, which deteriorates the protocol performance.We therefore have to improve SAODV for better protocol performance.
Many researchers have proposed improvement schemes on SAODV.It was shown in Liang-Long (2009) that they studied some evaluation and performance comparisons of AODV, SAODV and A-SAODV routing protocols, based on the performance metrics rather than security metrics.In the research of Manuel (2002) and Papadimitratos and Haas (2002), they proposed improvement schemes on SAODV based on adaptive mechanism namely A-SAODV.
This study compares SAODV protocol with A-SAODV protocol and proposed an improved scheme.We introduced the concept of trust level into A-SAODV based on adaptive mechanism and optimized it furthermore, which achieved effective integration of security and efficiency.In the second strategy, the signature process is similar to the first one.The different process is that the source node needs to generate two digital signatures for RREQ.When intermediate nodes certify the first signature, they need to store the second signature in the reverse routing to the source node.When these nodes work as the intermediate nodes to response the routing request from other nodes, they will carry stored signature in the responded RREP packet as the evidence of owning the routing to the destination node.

ANALYZE THE PERFORMANCE OF SAODV
The protocol can protect against all kinds of external attacks efficiently.However the authentication of node has to do a great deal of calculation and the design of double signature increases the complexity of packet length and nodes.Furthermore, the protocol needs to be improved at turner attacking detection and resisting refusing service attack.
• Optimizing the SAODV: A-SAODV: Recently, Cerri and Ghion proposed and realized a performance optimizing of SAODV based on adaptive mechanism: A-SAODV (Adaptive-SAODV)protocol.This protocol is used for multithread application.It includes two threads; one is specialized in execution of encryption operation, which can avoid obstruction on other packet processing.Other completes all other functions, Such as routing message processing, SAODV routing table management, timeout management, SAODV packet production and packet transfer etc.These two threads communicate through a FIFO queue which stores all packets that need to signature and verification.
We noticed that AODV protocol is more efficient because intermediate node can reply RREP instead of destination node and this operation will not aggravate node's burden.It's different under the same condition in SAODV that intermediate nodes need a large number of calculating to complete signature verification course when they reply RREP instead of destination node.This certainly will aggravate nodes processing burden and cause delay and obstruction.In order to solve this problem, A-SAODV optimized double signature characteristic by using adaptive reply decision.Intermediate nodes reply RREQ according to themselves load status.When the burden of packet signature or verification production is overload, intermediate nodes will not reply RREP.The concrete implement processes of A-SAODV adaptive reply decision are as follows: We assumed that the nodes of buffer queue storage need signature and verification of routing packet and buffer queue length can reflect current load status of nodes.In the beginning, protocol sets a queue threshold for buffer queue of nodes.The threshold can dynamically adjust according to the change of external conditions during the execution process.When intermediate nodes receive RREQ with satisfying condition to reply RREP, they will check buffer queue length.Vice versa they will continue forwarding RREQ instead of producing response.
Besides using adaptive mechanism, the protocol has been optimized in other ways.For example in order to avoid repeated treatment, we use cache storage signature to verify the latest routing packet and use key ring for key management.These optimization measures improve the performance of SAODV.However, the protocol exist deficiencies in some aspects such as avoiding routing group flooding, reducing amount of calculation and signature time.

SECURITY IMPROVEMENT METHOD OF A-SAODV
On the basis of above analysis, a method of security improvement is introduced.
• Network setup: In this study, an improved method is based on three setting as follows: o Select a smaller TTL (  in the routing table of the nodes.Furthermore, during the updating new information of load status and trust level, the time interval setup is a problem.Because if the time interval is overtime, the information of load status and trust level can't be updated on time, it leads the node to make a mistake discernment and selection.If the time interval is short, although node can obtain the latest information of load status and trust level, but information update frequently lead to large network traffic.In order to solve this problem, hello messages can carry the information of load status and trust level.Nodes realize information of load status and trust level in neighbor node updating periodically through hello messages.
• The extended frame format of routing group signature and introduction of field: Figure 2 shows the extended frame format of routing group signature adopted by improvement scheme, which extended frame is appended behind the routing group.Type field is the signature extended type.Its value is 32 in RREQ field, 33 in RREP field and 34 in RRER field.Length is the sum of the total length after this field, which unit is byte.Hash function field means using hash function.It's 1 when using MD5 algorithm and 2 when using SHA-1 algorithm.But encryption calculation increases the burden of node and limits the improvement of protocol performance.A-SAODV protocol use adaptive mechanism and threshold mechanism to improve SAODV.We introduced the trust level mechanism to A-SAODV and improved adaptive mechanism of A-SAODV and obtained the balance between security and efficiency.Simulation result shows that our improved scheme can shorten the delay of End-to-End, increase throughputs and enhance the security of A-SAODV protocol.Therefore, the robustness of AODV routing security protocol is not only depending on the robustness of security mechanism but also depending on the measurement of route performance.

Fig. 2 :
Fig. 2: The extended frame format of routing group signature Fig. 4: Average throughputs without Time to leave) value as TTL threshold.A packet arrivals at destination node or is discarded after passing by TTL hop count.
A is the total work times of node M during the monitor period of node N to node M. A suitable value is adopted as TL threshold.When the trust level of intermediate node is less than TL threshold, it will not participate in routing selection process.•Load status of neighbor node and trust level in information maintenance: In the above implementation, during the improvement of protocol, every intermediate nodes need to maintain and update the information of load status and trust level related to neighbor nodes in the routing table.It's necessary to add new queue length and trust level fields to store the information The value of MaxHopCount field is appointed when source node produces routing packet.The value of TopHash field is the result of hash calculation which is calculated MaxHopCount times by hash function and it is appointed by