Claims:Claims
1) An energy efficient, low cost, secure mobile ad-hoc network (MANET) system for packet transmission, comprising:
• a source node, a destination node, and a plurality of intermediate nodes.
• a wireless communications device for communicating with at least one adjacent node (neighbor node).
said nodes comprise
• a micro processor.
• a transmitter to transmit one or more packets over the route.
• a receiver for receiving one or more packets transmitted.
• a data buffer to store the data to be forwarded.
• an energy source (a battery).
• a flash memory.
said source node establishes an energy efficient and secure path through said intermediate nodes, to said destination node for transferring the data.
said source node also
• checks the battery threshold of the said intermediate and said destination node.
• finds out the most trustworthy adjacent node (neighbor node).
• encrypts the data packet.
• decrypts the acknowledgement and route reply packets.
• verifies the digital signature, using a one-way hasing algorithm.

said destination node
• digitally signs the route reply and acknowledgement packets using one-way hasing algorithm.
• decrypts the data packet.
2) A system as claimed in claim 1, wherein each said node maintains a fidelity value, a battery power and an active flag of the respective neighbor nodes in the neighbor table. The system maintains:
• A Fidelity value is maintained for each of the said neighbor nodes, to decide the most trustworthy and secure node.
• A Battery power is maintained for each of the said neighbor nodes, to select a node with ample battery power left so that it can carry on the traffic coming in from the said node. A said node also calculates the battery threshold for the intermediate and destination nodes, which is based on the packets received and transmitted.
• An active flag is maintained for each of the said neighbor nodes, which signifies if a node is busy with other communication or not.
• The said node based on the battery, fidelity and active flag of the neighbor nodes decides its next hop. In case of a tie, the node with the highest battery value gets selected. Hence, discovering an energy efficient and secure route from a said source node to a said destination node, by avoiding the malicious nodes.
3) A method as claimed in claim 2, wherein a said node increases or decreases the fidelity value of a neighbor node by one depending of the different packets it receives or doesn't receive:
• The said node increases the fidelity value of a neighbor node by one, if an acknowledgement packet is received and verified.
• The said node decreases the fidelity value of a neighbor node by one, if an acknowledgement packet is not received or not verified.
• The said node decreases the fidelity value of a neighbor node by one, if a report packet is received and verified.
• The said node decreases the fidelity value of a neighbor node by one, if recommendation packet is uniquely received and verified.
4) A method as claimed in claim 3, wherein a said intermediate node sends back a report packet if the expected acknowledgement packet is not received from a node within time or not verified, hence minimizing the delay.
5) A method as claimed in claim 3, wherein a said intermediate node after sending a report packet will send a recommendation about the node (which has failed to forward the acknowledgement packet in time) to its neighbor.
6) A method as claimed in any one of the preceding claims, wherein a said node waits for a stipulated time for a particular packet to arrive, which improves the average end to end delay.
7) A method as claimed in any of the preceding claims, to detect and eliminate malicious nodes from the network by blacklisting those nodes.
8) A method as claimed in claim 7, further comprises of an network improvement factor, which measures the number of unique recommendations received from the neighbor nodes, based on which a node is blacklisted in the network.
9) A method as claimed in any one of the preceding claims, wherein if a said node cannot find a route through the selected neighbor node, will select the next best neighbor node, till the neighbor table has been exhausted:
• wherein a said node's neighbor table upon exhaustion will send back a fail message to the last hop node.
• wherein a said node upon receiving a fail message from one of the intermediate nodes, sends a route request to the next best intermediate node in its neighbor table, till the table is exhausted.
10) A method as claimed in any one of the preceding claims, wherein a said source node upon receiving a route request packet or data packet, will forward it to the next hop node. A said node upon receiving a route reply or, a report or, an acknowledgement packet, will forward it back to the last hop node.
11) A method as claimed in any one of the preceding claims, wherein a said node authenticates the message, by encrypting the message with the public key of the destination node and decrypting the message with the private key of the destination node. The method further uses digital signatures to provide data non-repudiation and data integrity. The said node digitally signs the message, before passing on the next hop node, the method:
• calculates the hash of the data to be sent using a hashing algorithm.
• hashed message is signed (encrypted) using the private key of the sender and attached to the message as the digital signature.
• receiver node calculates the hash of the original content of the packet and decrypts the encrypted hash of the message using the public key of the sender.
• if hash of the received message and the decrypted hash from the digital signature are the same, then the contents of the message are correct
12) A method as claimed in any one of the preceding claims, wherein a said node uses a lightweight self-organized key management scheme; wherein a said node uses less memory; thereby decreasing the overall system resource utilization, hence a low cost system. , Description:FIELD OF THE INVENTION
The present invention relates to the field of wireless networks and particularly to mobile ad-hoc networks, personal area network and related fields.
BACKGROUND OF THE INVENTION
Wireless networks have experienced increased development in the past decade. One of the most rapidly developing areas is mobile ad-hoc networks (MANET). MANET is an autonomous collection of mobile nodes, which communicate over wireless links, with limited bandwidth and battery power. MANETs differ from conventional wireless networks, such as cellular networks and IEEE 802.11 (infrastructure mode) networks; in that they are self-containing the network nodes can communicate directly with each other without relying on centralized infrastructures such as base stations. Additionally, MANETs are self-organizing and adaptive; they can therefore form and de-form on-the-way without the need for any system administration. These unique features make MANETs very attractive for scenarios requiring rapid network deployment, such as search and rescue operations. It is a fully self organized network as it does not rely on any established infrastructure for the network initialization and operation. Initially, it was conceptualized mainly for crisis situations like battlefields and so on. Nodes can be any wireless device like personal computers (laptops), mobile phones etc.
The applications of MANET are widely ranging from search and rescue operations to personal area networks. Since, MANET does not depend on fixed infrastructures and central authority, they are quite applicable in varied fields. However, the nodes deployed in these applications have limited battery power and vulnerable to different attacks.
Due to these vulnerabilities, MANET demands secure routing protocols, which can mitigate such malicious activities. While providing security to the message these secure routing protocols often degrade the quality of service (QoS) of the network. Hence, a tradeoff is always required between security and QoS of the network. Moreover, the limited battery life of nodes, ask for more energy efficient routing protocols. In this paper, we have proposed a more secure and energy efficient routing protocol, which is easily deployable in practical scenarios, with minimum trade-offs.
There are two general categories of MANET routing protocols: Topology-based and Position-based. Position-based routing protocols employ nodes ‘geographical position to make routing decisions. In order to utilize a position-based routing protocol, a node must be able to ascertain the geographical position of it and that of all the nodes it wishes to communicate with. This information is typically obtained via Global Positioning System (GPS) and location services. Topology based routing mechanism utilizes topology information to make routing decisions at each node. Topology information means separate route management process, like Route Request, Route Reply, etc, as disclosed in U.S.Pat.No. 20140029470 A1. There are three major categories of Topology-based routing protocols: On-demand (Reactive), Proactive & Hybrid protocols.
Reactive or “on-demand” protocols, and proactive or table-driven protocols. Reactive protocols collect routing information when a particular route is required to a destination in response to a route request. Examples of reactive protocols include ad-hoc on demand distance vector (AODV) routing, dynamic source routing (DSR), and the temporally ordered routing algorithm (TORA).
Proactive routing protocols attempt to maintain consistent, up-to-date routing information from each node to every other node in the network. Such protocols typically require each node to maintain one or more tables to store routing information, and they respond to changes in network topology by propagating updates throughout the network to maintain a consistent view of the network. Examples of such proactive routing protocols include destination-sequenced distance-vector (DSDV) routing, which is disclosed in U.S. Pat. No. 5,412,654 to Perkins; the wireless routing protocol (WRP); and cluster head gateway switch routing (CGSR).
A hybrid protocol, which uses both proactive and reactive approaches is the zone routing protocol (ZRP), which is disclosed in U.S. Pat. No. 6,304,556 to Haas.
There are some challenging security issues which need to be addressed before MANETs are ready for widespread commercial or military deployment. One of the core security issues is trust management. Trust is generally established and managed in wired and other wireless networks via centralized entities, such as certificate authorities (CAs) or key distribution centers. The absence of centralized entities in MANETs makes trust management a rather challenging problem, primarily due to the unavailability of trusted authorities to perform necessary functions such as the revocation of digital certificates.
Another intriguing MANET security problem is the issue of secure routing in the presence of selfish or malicious nodes, which selectively drop packets they are required to forward; and in so doing, these selfish or malicious entities can cause various communication problems. Also since the network is self-organizing, the topology changes randomly. Consequently, the routing protocols designed for such networks must also be adaptive to the topology changes.
Some approaches are now being developed for providing more secure data transmissions within mobile ad-hoc networks.
In Pat. 2952/MUM/2014 a system called Assignment Based Selfish & Misbehavior Detection System for Mobile Ad Hoc Networks which considers both users willingness to forward and their contact opportunity to forward packets for all others.
In Pat. US 8370894 B2 a method of enforcing security policies in a mobile ad-hoc network, by entrusting at least one first network node along a data traffic route and entrusting at least one second network node, with the control of the enforcement of the security policies by the first network node.
In Pat. US 20100217853 A1 a system and method for policy based management for a high security MANET comprises policy managers, each performing policy decision-making and policy enforcement using multiple policies containers. Each container can define a security boundary around the node. Each container can be a lightweight virtual machine. The system can also have a special container having a policy manager only evaluating policies for conflicts. In one embodiment, a node can consist of multiple network devices and each network device is a container of its own.
In Pat. 718/MUM/2008 a system for detecting malicious gray-hole nodes in a mobile ad hoc network (MANET) comprising a group of nodes, said system comprising node mapping means adapted to map each node in the MANET. Data collection means are adapted to collect data forwarding (routing) information from each node to obtain a data routing record of the node. in order to enable identification and creation of a list of good nodes and suspicious nodes; local anomaly detection means adapted to determine level of suspicion of each of said suspicious nodes; co-operative anomaly detection means adapted to identify one suspicious node at a time and monitor routing activity of said identified suspicious node with other nodes of said network to achieve a conformity status of said level of suspicion; global alarm raiser means adapted to send an alarm message in relation to said identified suspicious node to each of the other nodes of the MANET; and isolator means adapted to isolate each of said suspicious node from the MANET to achieve an uninterrupted communication in the network.
In Pat. 964/CHE/2014 a security-sensitive Applications using TAM: A Tiered Authentication of Multicast Protocol A mobile ad-hoc network (MANET) is composed of self-configuring infrastructure less network of mobile nodes. The majority of applications of MANET are in areas where rapid deployment and dynamic reconfiguration are necessary and wired network is not available. Multicast communication acts as a basis along with security in order to provide protected communication between mobile nodes in these hostile environments. One of the main challenges of securing multicast communication is source authentication, or enabling receivers of multicast data to verify that the received data originated with the claimed source and was not modified en-route. This invention presents a new Tiered Authentication scheme for Multicast traffic (TAM) combining the advantages of the time asymmetry and the secret information asymmetry paradigms and exploits network clustering to reduce overhead and ensure scalability.
Developing real life applications for MANET still demand a cardinal attention from the research community. The existing hardware applications and security methods are neither energy efficient nor fully secure nor low cost. Hence, the main goal of the invention is to build a low cost PAN, which can effectively communicate with nodes with minimal cost and battery loss.
Summary of the Invention
The invention consists of a system and a method to provide a secure and robust mechanism for mobile ad -hoc network (MANET) systems, thereby establishing communication between network entities and to mitigate the effects of the malicious entities.
According to one embodiment, a method is provided which gives weightage to battery power; and past activities of a Neighboring Node in context to the successful communication, i.e., successful sending and receiving of data packets.
According to another embodiment, a method is provided that identifies the malicious nodes and thereby recommending it to other neighbor nodes in the network. Eventually the nodes become hostile to these malicious nodes, leading to complete elimination of that node from the network.
According to another embodiment, a method is provided that will be easily deployed in areas of defense and rescue operation, with minimal cost; in terms of memory, hardware, overhead and delay.
According to another embodiment, a method is provided that will be easily deployed in the form of a Personal Area Network (PAN), in a very energy efficient manner.
For a better understanding of the invention, reference is made to the following description along with the accompanying drawing and the appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a flow diagram illustrating a method at node in accordance with the present invention.
FIG. 2 is a schematic diagram of a said node
FIG. 3 is a schematic diagram of a mobile ad hoc network, where the said nodes communicate with each other in accordance with the present invention.
FIG. 4 is a schematic diagram of a mobile ad hoc network, where the said nodes send RREQ packet from source node 1 to destination node 10, using the intermediate nodes, in accordance with the present invention.
FIG. 5 is a schematic diagram of a mobile ad hoc network, where the said nodes send RREP packet from destination node 10 to source node 1, using the intermediate nodes.
FIG. 6 is a schematic diagram of a mobile ad hoc network, where the said nodes send DATA packet from source node 1 to destination node 10, using the intermediate nodes.
FIG. 7 is a schematic diagram of a mobile ad hoc network, where the said nodes send ACK packet from destination node 10 to source node 1, using the intermediate nodes. Node 7 being a malicious node drops the packet, and Report and Recommendation packets are sent, thereby decrementing the fidelities of the corresponding nodes by one, in accordance with the present invention.
FIG. 8 is a schematic diagram of a mobile ad hoc network, where the said nodes send RREQ packets from source node 1 to destination node 10, using a new set of intermediate nodes, in accordance with the present invention.
FIG. 9 is a schematic diagram of a mobile ad hoc network, where the said nodes send RREP packet from destination node 10 to source node 1, using the new set of intermediate nodes.
FIG. 10 is a schematic diagram of a mobile ad hoc network, where the said nodes send DATA packet from source node 1 to destination node 10, using the new set of intermediate nodes.
FIG. 11 is a schematic diagram of a mobile ad hoc network, where the said nodes send ACK packet from destination node 10 to source node 1, using the new set of intermediate nodes. Nodes increment the fidelity of the corresponding nodes by one, except for the destination node.
FIG. 12 is a picture of the said node along with the Zigbee model and all other components.

DETAILED DESCRIPTION OF THE INVENTION
Fig. 1 explains the overall control flow of any said node. Fig.2 explains the overall control flow of the said source node.
Before a node can start routing packets to a destination, it has to identify its neighbors through neighbor searching. Especially in mobile networks like MANET, where the nodes move freely, this neighbor searching has to be done frequently. This neighbor searching is performed by sending Neighbor Requests (NREQs) and receiving Neighbor Replies (NREPs), as acknowledgement from neighbors. A node broadcasts the neighbor requests and waits for t_1 =2* (Average delay) time, for the neighbor reply packets to arrive.
If no NREP is received within this time, then the node keeps on sending the NREQ. The NREPs coming in are inserted into the Neighbor table. If it is a new node, then the fidelity is initialized as 0, else the old fidelity is considered. The neighbor nodes also send their battery power through the NREP packets, which is used by the source node in the battery judgment stage. If the destination node is its immediate neighbor, then the route request is sent directly, after the Battery Judgment stage.
The battery threshold for the neighbor node is calculated, in the battery judgment stage. Since a neighbor node at any instance can either be an intermediate node or destination node, two kinds of battery thresholds have been calculated.
µ_i = NREP_TX+NREQ_TX+ (¦(NREP_RX+RREQ_TX+@Report_RX+Recco_TX ))* (n-i-2)+ RREQ_RX+ RREP_RX+ RREP_TX+Data_RX+ Data_TX+ Ack_RX + Ack_TX
Where, i is the message count, which is incremented for each node with each transmission of RREQ packet, and n is the number of said nodes.
µ_d = RREP_TX + Data_RX+Ack_TX.
If the neighbor node has a battery value greater than or equal to the threshold, then that node is considered in the next stage, else a new node is selected. This battery threshold is calculated based on the packet sizes and the number of packets that node would have to send further for a successful data transmission.
At the fidelity judgment stage, whenever a said node observes that the fidelity value of a particular neighbor is greater than that of another neighbor, then the one having the greatest value is more trustworthy node than the other. With each successful data transmission, which is ensured by the Acknowledgement packet, the fidelity value for that node is increased by 1, else decreased by 1. This fidelity value can be incremented or decremented till a certain limit, which is based on the battery power of the node.
Relying on a node too much for transmission of the same packet can sometimes prove futile, since the battery power of every node is finite; assuming no infrastructure for charging battery is available. Thus, continuous transmission through a single node may drain energy of a node, such that it will be unable to send any more packets in the future. Moreover, if a node with a high fidelity value starts behaving maliciously, it would take a lot of time to bring down that node's fidelity value such that other nodes get selected over that malicious node. Hence, a maximum limit on the fidelity must be imposed on each neighbor node. Let there be a best case in which all packets are forwarded successfully. The routing packets are used for the route search. The maximum fidelity will be battery power left after route search per DATA and ACK packet transfer.
f_max = + ?(Intial Battery Power - Total power consumed for receiving and transmitting routing packets)/(Total power consumed to send data and acknowledgement packets)¦ ?
Similarly, a minimum fidelity can be calculated. Let there be a worst case, where a node has only one neighbor, and which drops every ACK packet. Initially the fidelity will be zero, so the minimum fidelity value will be negative. Since, after three such cases the node will be blacklisted, the fidelity can be maximum -3 (due to I=3, but it can be generalized depending on the level of security required). However, there may be a case in which the battery might get over before reaching -I(Network Improvement Factor). A value which is closer to zero is chosen, so that the malicious nodes can be avoided.
f_min = max{-+ ?(Intial Battery Power )/(Total power consumed to send data and transfer routing packets)¦ ?,-I} (3)
After the trustworthy node is selected, the corresponding node is sent the route request, and waits for time interval t_1=2* (Average delay), when the destination node is the immediate neighbor, (i.e., the hop count between source and destination is 1) or waits for time interval t_2 =2* (Average delay) * (Network Diameter) otherwise, for the route reply to arrive; which is the maximum possible time (i.e., in the worst case the packet travels the full Network Diameter).
The said intermediate nodes wait for the NREQ, RREQ, Data and Recommendation packets to arrive. If NREQ packet is received it replies with a NREP. As soon as an intermediate (neighbor) node, as shown in Fig. 4, receives the RREQ packet, it becomes busy, and dedicatedly caters to the originator node. This is helpful in preventing loops and other forms of attacks. In this RREQ packet the node also sends the fail array, which advertises the list of nodes which have failed to give any route for a particular destination address. The neighbor node on receiving this RREQ packet, will avoid selecting these nodes as a prospective node for data transmission, for that particular source-destination node pair. This will help preventing loops and unnecessary delay.
After timeout the originator node will move on selecting the next available node from the neighbor table. This node in turn repeats this process till it gets the destination node in its neighbor table. If the neighbor table is exhausted, then it repeats the process from beginning after a certain time interval.
After the destination node has been discovered, the RREQ is sent directly to destination. The destination node, as shown in Fig. 5, sends a RREP packet back to the originator node through the same path. The destination will wait and be busy for t_3 = 2* (MESSAGE_COUNT) * (AVG_DELAY) for the Data packet to arrive.
Once the said source node gets the route reply and verifies it, it prepares the data. The data packets are, as shown in Fig. 6, sent from the same path through which the route reply came back. The source node encrypts the data with public key of the destination node and forwards it to the Next Hop. The intermediate node on receiving the data packet will just keeps on forwarding the data packet to the next hop till it reaches the destination, as shown in Fig.6. Each and every node in this communication waits for a time interval t_3 = 2* (HOP_COUNT) * (AVG_DELAY) for the ACK packet to arrive.
The Acknowledgement is generated only by the Destination Node, as shown in Fig. 7, which is digitally signed to make sure that the destination has received the data packet, through the same routing path in a secured manner. The Intermediate nodes just keep on forwarding back the acknowledgement packet. The nodes in the path increment the fidelity on receiving the ACK packet. Hence, the fidelity of node (say) A with respect to node (say) B is incremented by 1, f_AB=1. This route is then stored in the Route table. The route table can store only one entry. So, if there are frequent transmissions to a particular destination node, then it can use the route table, which remembers only the last path. Hence, saves unnecessary request packets.
If the ACK packet is not received by any of the intermediate nodes or source node within time t_3, a node will assume that the communication is unsuccessful, as shown in Fig. 7. The node would decrement its fidelity; in case of intermediate node a Report packet is sent back to the previous hop. A node on receiving a Report packet decreases the fidelity of that node (i.e, the node sending the Report in the data path), and it generates a Report and sends it back to the last seen address, which continues till the source node is met.
When acknowledgement is not received by a node, within time that node also prepares a recommendation packet with the name of the culprit and broadcasts it. The Node which has encountered this culprit node will generate a recommendation for other neighbor nodes in the network.
On receiving such recommendation, as shown in Fig. 7, any node will first decrement the fidelity of the recommended node by 1. When 3 such unique recommendations arrive against the same node from 3 different nodes, then that node is Blacklisted and not used for further communication.
After this unsuccessful transmission of data a new path is discovered, as shown in Fig. 8, 9, 10, 11, and the data is transmitted successfully.
Fig. 12 shows the architecture of a said node along with the ZigBee component. The node contains a micro-processor, trans-receiver and LCD to display the details. The high-performance Atmel 8-bit AVR RISC-based microcontroller combines 32 KB ISP flash memory with read-while-write capabilities, 1KB EEPROM, 2KB SRAM, 23 general purpose I/O lines, 32 general purpose working registers, three flexible timer/counters with compare modes, internal and external interrupts, serial programmable USART, a byte-oriented 2-wire serial interface, SPI serial port, 6-channel 10-bit A/D converter (8-channels in TQFP and QFN/MLF packages), programmable watchdog timer with internal oscillator, and five software selectable power saving modes. The device operates between 1.8-5.5 volts. The Rx and Tx are receiver port and transmitter port respectively. The main function of Tx and Rx is to transmit and receive data to/from the peripheral devices, in our case it is the ZigBee trans-receiver. The Tx of Arduino is connected to the Data-in of ZigBee and Rx is connected to the Data-out of the ZigBee module. The first step to configure the hardware is to configure the ZigBee module which must be paired with the Arduino Board. The ZigBee will only detect signals from a same PAN ID, which must be set same for all the trans-receivers. All the trans-receivers must have a Network Id which will uniquely identify every node in the network. Fig. 11 represents the real routing nodes.
All the transmitters should belong to the same PAN ID, i.e., while setting up the ZigBee modules it should be kept in mind that all the nodes must belong to the same network ID, otherwise the Trans-receiver will not detect any signals from the other nodes. In our simulation, we have considered that only one node is sending data and one node is receiving data, the other nodes act as a routing node. Simple cryptographic symbols are used in the routing algorithm, which can be custom designed according to the use of the network. The nodes move in an enclosed region following a random waypoint model. The speed ranges from 1.4 m/s to 2.5 m/s (average walking speed) with pause time of 30 seconds.