fa بهبود پروتکل AODV جهت مقابله با حملات کرم‌چاله در شبکه‌های اقتضایی مقالات گروه امنیت اطلاعات Paper پژوهشي Research <p>چکیده &ndash; حمله کرم چاله یک نوع حمله فعال می‌باشد که در لایه سوم شبکه از شبکه‌های اقتضایی رخ می‌دهد. در این حمله مهاجمین با متقاعد کردن گره فرستنده برای ارسال اطلاعات از یک مسیر جعلی که کوتاه‌تر و سریع‌تر از مسیر عادی به نظر می‌رسد، سعی دارند ارسال بسته‌ها از تونل ایجاد شده انجام شود تا بتوانند، حملات آنالیز ترافیک، انکار سرویس، رها کردن بسته‌ها و یا جلورانی انتخابی را انجام دهند. هر پروتکلی که از مقیاس کم‌ترین تاخیر و کم-ترین تعداد گام برای مسیریابی استفاده کند، در برابر این حمله آسیب پذیر است.در این مقاله یک راه‌کار جدید برای مقابله با حملات کرم چاله ارائه می-دهیم. در راه‌حل پیشنهادی هر گره دارای یک وزن است و مجموع وزن‌ها در شبکه برابر صد خواهد بود. هرگاه گره‌ای قصد ارسال ترافیک به گره دیگر را داشته باشد، در بسته RREQ حداقل وزن درخواستی برای ایجاد ارتباط را بیان می‌کند. گره فرستنده با توجه به اهمیت داده‌هایی که ارسال خواهد کرد مشخص می‌کند که مجموع وزن گره‌های شرکت کننده، در فرایند کشف مسیر باید چقدر باشد. روش پیشنهادی را MAODV نامگذاری می‌کنیم. روش فوق به صورت نرم‌افزاری بوده و با توجه به این‌که از تکنیک رمزنگاری استفاده نخواهیم کرد،پیش‌بینی می‌کنیم سربار کمتری نسبت به سایر تکنیک‌ها داشته باشیم، و همچنین به علت عدم استفاده از الگوریتم‌های سخت، توان گره‌ها که اتفاقا محدود است، کمتر صرف محاسبات خواهد شد.کارایی الگوریتم پیشنهادی را در محیط ns-2 نشان خواهیم داد.</p> <p><strong>Mobile Ad hoc Networks (MANET) are vulnerable to both active and passive attacks. The wormhole attack is one of the most severe security attacks in wireless ad hoc networks, an attack that can be mounted on a wide range of wireless network protocols without compromising any cryptographic quantity or network node.&nbsp; In Wormhole attacks, one malicious node tunnels packets from its location to the other malicious node. Such wormhole attacks result in a false route with fewer. If the source chooses this fake route, malicious nodes have the option of sniff, modify, selectively forward packets or them. Existing solution defends wormhole attacks, such as SECTOR, Packet Leashes, DelPHI, directional antenna. These solutions require special hardware or strict synchronized clocks or cause message overhead, or generate false-positive alarms. A novel approach MAODV: Modified AODV is proposed to defend wormhole attacks, launched in AODV. The proposed approach is based on weight per hop. Each node in network has its own weight, given by administration due to trusty power capability. Sum of weight will not be exceeded from 100. Whenever a source node wants to send a traffic to destination, puts its minimum weight in RREQ packet to constitute the route. The destination node is selected in the route that its weight is close to destination announcement weight. Since no special hardware and no encryption techniques are used, it is likely to have less overhead and delay, compared to other techniques. </strong><br> <strong>The proposed wormhole defend mechanism is discussed in detail. Our proposed system does not require any synchronized clocks or special hardware to defend wormhole attacks. In our proposed system some parameters will be added to AODV routing protocol and make it more secure against wormhole attacks. We will name this new protocol as MAODV. In the first place, there is a master node in network, which&nbsp; weighs 100 (weighs of whole network). Whenever a node attends to enter the network, sends a join message to nearest neighbor. After receiving the message, master node will share its weights with the node requester, and sends the weight to this node requester. This process and weight sharing will be repeated after any requests to join a network, and total weight of network is not exceeded from 100. In our proposed method, each path which is created between source and destination, has a particular weight and this weight equals to intermediate node weights being added to each other. In MAODV whenever a source node wants to send RREQ packet, it adds the minimum weight to constitute route. After receiving RREQ packets, each intermediate node increases its weight beside increasing hop count. Each intermediate node does the same action, as far as destination node receives, RREQ packet among the received RREQ, one of them will be selected which its weight is the same as minimum requested weight by source, or slightly more than that. For instance, consider fig 1 which has 14 nodes. Assuming the node weights are equal for each node and its 7. As mentioned, the weight of whole network is tantamount to 100. Example 1: consider fig. 1 in which node A sends RREQ to node B. At first, node A checks its cache table to see whether there is a route between A and B, or not. If the answer is positive, it starts to send data. If the answer is negative, it sets up RREQ as follow: <A,B,1,7.25,[]> which means: A: source, B: destination, 1: hop count, 7: constitute path weight, 25: request weight, []: intermediate nodes. Each node which receives RREQ will check if it is the destination or not. If it wasn&rsquo;t: 1. Increase hop count, 2. puts its weight to constitute path weight, 3. Adds its address as an intermediate node. And then broadcasts RREQ packet to the neighbors. In this example node A sends RREQ to X and C, which are legitimate neighbor of A. When X receives the packet, modifies it as: <A,B, 2,(4,25,[X]> and forwards it to its neighbors on the other hand node. C modifies packet as: <A,B,2,(4,25,[C]> and forwards it to its neighbor D. This action will be repeated until B gets two RREQ - <A,B,4,28,25,[C,D,E]> and <A,B,7,25,48,[X,U,V,W, Z,Y> - among the received RREQ, B will be selected which its weight is the same as minimum requested weight by A, or slightly more than that, so the first route will be chosen by B. node B setup RREP packet as <A,B,1,4,25,7, [E,D,C]> which means: A: source, B: destination, 1: back path weight, 4: hop count, 25: request weight, 7: constitute path weight, [E,D,C]: intermediate nodes. </strong><br> <strong>The effectiveness of the propose mechanism is evaluated using ns2 network simulator. The simulator&#39;s outcome demonstrates that PDR in MAODV rose by 5% up to 8% in presence of two malicious nodes, compared to PDR in AODV routing protocol. The average delay point to point in MAODV is more than AODV, but on the other hand, it is less than SAODV due to not using encryption.</strong></p> شبکه MANET, حمله کرم چاله, پروتکل مسیریابی AODV, ns-2 MANET, Wormhole attacks , AODV, NS2 109 120 http://jsdp.rcisp.ac.ir/browse.php?a_code=A-10-96-3&slc_lang=fa&sid=1 hossein gharaee حسین قرائی gharaee@itrc.ac.ir 10031947532846004966 10031947532846004966 Yes itrc مرکز تحقیقات مخابرات farid mohammadi فرید محمدی farid.mohammadi@ut.ac.ir 10031947532846004967 10031947532846004967 No tehran university دانشگاه تهران