International Journal of Computer Trends and Technology (IJCTT) Volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1964

Securing AODV Using HMAC of Cryptography
for MANETs
Rooz Munjal
#1
, Pinki Tanwar
*2
, Nitin Goel
#3


1#
Department Of Computer Science &Engineering, JMIT, Radaur, Yamunanagar, India

2#
Department Of Computer Science &Engineering, JMIT, Radaur, Yamunanagar, India
3#
IP Researcher Microsoft Patent Research Engineer CPA Global, Noida , Delhi, India


Abstract A Mobile Ad Hoc Network (MANET) due to its
properties like nodes communicate in shared wireless medium
without any centralized control suffers from major
vulnerabilities. There are many threats in MANET due to
maliciousness that using attacks disrupts the network because of
insecure routing protocols like AODV, DSR which are created
without considering security in mind. MANET due to its
establishment in insecure environment makes it more vulnerable
to attacks when a malicious node is further shared to provide
different services. One example of such protocol is AODV which
is used extensively and lot of research and development is in
process. This paper deals with problems of AODV ( a reactive
protocol) firstly, hop count and sequence no fields of its control
packet which are is easily edited so it creates the possibility of
abuse by malicious nodes. Secondly, routing updates are given in
clear text form is also a security danger which reveals important
information about the network topology This paper will propose
a new approach to AODV to secure the routing. This paper uses
pseudorandom cryptographic hash function MD6 in composition
with Message Authentication Code (MAC) to secure AODV
control packets like RREQ, RREP, RERR etc. which is a very
less power consuming and effective solution for MANET. In this
paper, we have also given the detail of Modified HMAC_MD6
for providing security in route discovery.

Keywords MANETs, MD6, HMAC, AODV, Secure Routing.
I. INTRODUCTION
MANET is an autonomous system consist of group of
mobile nodes communicating with each other via radio
transceivers and organising themselves randomly; Thus, the
wireless networks topology may change rapidly and
unpredictably. Due to infrastructure-l ess property i t
i s di ffi cul t to use exi sting routing protocol s l ike
TCP/I P for network servi ces. Nodes of Ad-Hoc
network nodes perform dual role of routers as well as end
users. Due to unique feature of Ad-Hoc networks that these
nodes itself have limited transmission range and but they uses
their neighbouring nodes for forwarding packets and make
routes between far away nodes and this type of routing
protocols are already designed. This makes Ad-Hoc networks
suitable for military operations. But for this we need to be
more strongly concerned with privacy and secrecy also.These
are the scenarios which motivate us to use hashed message
authentication (HMAC) which is using MD6 hash mechanism.
The objective to use HMAC in composition with MD6 is that
existing hash functions can be used without any need of
optimization
Outline: Paper is structured as follows: Section 2 briefly
describes the previous Work related to AODV security.
Section 3 introduces the mechanism Modified HMAC_MD6
mechanism used to provide security. Section 4 provides
flowchart of proposed algorithm to provide Secure Routing in
AODV. Further, Section 5 provides the simulation results
Finally, Section 6 Concludes the paper. Section 7 presents
the Future Perspective of this work.
II. PREVIOUS WORK

There are three discrete ad hoc wireless environments:
Open , managed-open and managed-hostile which not only
differ in the level of security needed, but also in that some
have opportunity for exchange of security parameters before
the nodes are deployed. There are some requirements [4] that
must be satisfied to ensure secure path discovery in presence
of malicious adversaries and must be kept in mind when
designing a secure protocol.
1) Route signalling cannot be spoofed.
2) Fabricated routing messages should be detected.
3) Routing messages cannot be spoofed, except according to
the normal functionality of the routing protocol.
4) Routing loops should be avoided through malicious action.
5) Redirection of route from the shortest path by malicious
action should be avoided.
6) Only authorised nodes can participate in route computation
and discovery. This requirement does not change the fact that
authenticated peers may act maliciously as well

Many secure routing protocols already exist that conform to
almost all the requirements. Three of them are:
1. SAODV (Secure Ad-hoc On-Demand Distance
Vector)
SAODV [4] is an extension of AODV and provides end-to-
end authentication and node-to-node verification. It provides
authentication, integrity to ad-hoc networks by using one-way
International Journal of Computer Trends and Technology (IJCTT) Volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1965

hash chain and digital signature. It needs the use of Key
Management Scheme. The main problem with this is that it
uses Public Key Cryptography that requires considerable
amount of processing power and slows down the process to
some extent.
2. ARAN (Authenticated Routing for Ad-hoc
Networks):

ARAN [5] provides security features like authentication,
message integrity to ad-hoc networks by using a preliminary
certification process by a universally trusted third party which
is followed by a route instantiation process that ensures end-
to-end security services. The main problem with the protocol
is every node that forwards a route discovery message or a
route reply message must also sign it, which is very power
consuming and this further makes the size of the routing
messages to increase at each hop.
3. ARIADNE:
It is reactive protocol based on DSR routing protocol It is
entirely on demand In addition, Ariadne [7] is efficient, as it
uses only highly efficient symmetric cryptographic primitives.
III. AODV ROUTING PROTOCOL

AODV [2] is an on demand distance vector routing
protocol that has been build for MANETs. It is reactive in
nature as it searches for the routes only when required. It
makes use of basic route establishment and maintenance
procedures from the DSR protocol and hop-to-hop route
vectors from the DSDV protocol. AODV makes use of
sequence numbers in control packets to track accuracy and
avoiding the problem of generation of routing loops. When a
source node is wants to communicate with a destination node
who is not a direct neighbour and whose route is unknown, it
broadcasts a RREQ (Route Request) packet. Each RREQ
packet consists of a Request ID, source and the destination
node IP addresses and sequence numbers along with a hop
count and flags. The Request ID field is used to identify the
RREQ packet uniquely; the sequence number gives
information regarding the freshness and accuracy and the hop-
count maintains the number of nodes between the source and
the destination. If any intermediate node which receives
RREQ packet has not found the Source IP and ID pair or
doesnt maintain a fresher (larger sequence number) route to
the destination then, it rebroadcasts the same packet with
increase in the hop-count. Such intermediate node also creates
a REVERSE ROUTE to the source node for a certain time.
When the RREQ packet arrived at the destination node or any
intermediate node if it has a fresher route to the destination a
RREP (Route Reply) packet is generated and sent back to the
source. RREP packet contains destination node IP address,
sequence number, the source IP address, lifespan along with a
hop count and flags. Intermediate node, increments the hop
count, after receiving RREP packet establishes a Forward
Route to the source of the packet and transmits the packet on
the Reverse Route. AODV uses HELLO messages
periodically to track neighbours and find link failures to nodes
that it considers as its immediate neighbours. After detection
of a link failure for a next hop of an active route a RERR
(Route Error) message is sent to its neighbours that were using
that particular route. The problems present in the basic AODV
routing protocol are:1) Deceptive increment in Sequence
Numbers 2) Deceptive decrement in Hop Count

IV. SECURING AODV WITH MODIFIED
HMAC_MD6

There is a Modified HMAC_MD6 mechanism used to
secure AODV message. This approach calculates message
digest using appropriate hash function MD6 for all the fields (
editable as well as not editable ) of an AODV message .After
this message digest and hash function value for MD6 will be
transmitted along with the AODV message. The destination
intermediate node verifies the RREQ authenticity and integrity
by applying Modified HMAC_MD6 hash Function on the
received message. Digest generated is matched with received
digest in RREQ. If these digests matches then message is
authenticated and integrity is maintained.
The working of this mechanism is as follows:

Whenever a, mobile node originates a RREQ, RREP or
RERR message, it does the following operations:
All mobile nodes selects suitable value of hash function h for
MD6 that is to be used to make message digest, it is assumed
to be one.
Sets Hash_Function field by value of h =1.
Hash_Function =h Where, h is the value of hash function.
It calculates Message_Digest by passing the values of all the
fields to Modified HMAC_MD6.
HMAC computed works as Message_Digest for providing
authentication with integrity.
) _ _
_ || ) (( || ) ( ) (
fields all of
values ipad K h opad K h m HMAC
k


Where, h is a MD6 hash function. HMAC
k
(m) is the result of
applying the function h to m.
In addition, on receiver side, whenever a RREQ, a RREP
or a RERR message, it will do the following operations in
order to verify the valid and authenticated message:
On values of all the fields of received message except
Hash_Function and message digest fields same process of
Modified HMAC_MD6 is applied and digest is generated
After this receiver verifies that the calculated message digest
is equal to the value contained in the Message_Digest field of
received an AODV message.

International Journal of Computer Trends and Technology (IJCTT) Volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1966

) _ _ _ || ) (( ||
) ( _ ) (
fields all of value ipad K h
opad K h Digest Message m HMAC
k

Where, a ==b means: to verify that a and b are equal.

Where, a b: this will not accept the message and simply
drops it.
When an intermediate node do not have route to destination
node must rebroadcast RREQ and before forwarding a RREP
or a RERR, node will perform the following:
It once again chooses suitable value of hash function h
(may be different of earlier value of h) that is to be used to
make message digest.
Sets Hash_Function field by value of h=1.
Hash_Function =h
Applies the Modified HMAC_MD6 on values of all the
fields of message.
It calculates Message_Digest by passing the values of all
the fields to Modified HMAC_MD6 shown in Equation
Fig shows the flow chart of proposed mechanism.


Fig 1 Flow Chart of Proposed Scheme
V. MODIFIED HMAC_MD6 ALGORITHM

In the proposed secure mechanism, Modified HMAC_MD6
modification is provided to HMAC_MD6 to make this
algorithm more secure from the attacks that other hash
functions like MD5 suffer from like Birthday attack,
Exhaustive Key Search attack [9]. This paper provides HMAC
[11] a mechanism for message authentication using iterative
cryptographic hash function MD6 which provides integrity to
message in combination with modification that key used in
MAC is also generated using MD6 algorithm to provide
secure routing in MANETs. The basic HMAC_MD6
algorithm requires a key k to hash the message m and
generates the message digest. This modification causes the
key used for generating message authentication code (MAC)
is generated through MD6 compression function [9],[10]
shown in Fig 2.

Fig 2 Modified HMAC_MD6 Algorithm
1. Compute the secret key K used for generation of MAC by
using MD6 function.
2. If the keys length is longer than b i.e. 512 bytes we will use
hash function (MD6) to hash the key K to a b bit long string
K+or will pad zeros if the key is shorter than 512 bytes.
3. XOR (bitwise exclusive-OR) K+with ipad value which is
constant 0X36 repeated b/8 times to generate the block S; of
b-bit length.
4. Append m with S.
5. Operate MD6 hash function on stream produced in step 3.
6. XOR K
+
with opad which is constant value 0X5C to
produce the block S
0
of length b bit.
International Journal of Computer Trends and Technology (IJCTT) Volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1967

7. Attach the MD6 hash output computed in Step 4 with S
0
.
The objective of this modification in HMAC_MD6 is that
secret key utilized for the calculation of MAC with the help of
pseudorandom MD6 hashing function so that it provided more
security and become hard to consider by forgery.
VI. SIMULATION

This section will present the simulation environment,
metrics and the results of the proposed AODV routing
protocol.

6.1 Simulation Environment

We have successfully implemented Modified
HMAC_MD6 mechanism to secure AODV routing protocol
using NS-2.35 on UBuntu Linux version 12.04 with 4GB
RAM . The below table summarize the different configuration
values that were used in all performed simulations of general
MANET with random clustering.

Table 1. General Simulation Parameters

The simulation environment is shown below by the NAM
window showing unauthenticated Packet Drop by
unauthenticated node.


Fig 3 Shows Dropped Invalid Packets

6.2 Simulation Metrics

6.2.1 Throughput

This value represents the ratio of total number of packets
that reach their destination to the total number of packets
sent by source. It is calculated as: Throughput= Packets
Received / Packets Sent. Throughput is directly affected by
packet loss which may be caused by general network faults,
malicious nodes ,uncooperative behavior. It is calculated
based on two graphs 4.1, 4.2


Fig 4 Simulation time vs. Throughput

Parameter

Value

Simulation Time

10 Sec
No. of Nodes 25
Movement Pattern Random
Traffic Type/Application Constant Bit Rate
(CBR)
Maximum X-coordinate value 1800
Maximum Y- coordinate value 1800
Size of Packet 512 byte
MAC Protocol 802.11
Mobility Model Random Walk
Routing Protocol AODV
Observation Parameters Packets Lost, Packet
Sent, Throughput,
Jitter
International Journal of Computer Trends and Technology (IJCTT) Volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1968



Fig 4.1: Number of Received Packets

Fig 4.2: Number of Sent Packets

6.2.2 Packet Delivery Fraction

Packet Delivery Fraction is calculated for proposed AODV
routing protocol. It is the percentage of number of packets
received by the destination which are originated by source.
Fig 5: Packet Delivery Fraction vs. Simulation Time

6.2.3 Jitter

Jitter is the fluctuation of end-to-end delay from one packet
to the next packet of connection flow. Jitter, J=|D
i+1
- D
i
|
where D
i+1
is delay of i
th
+1 packet and D
i
is the delay of i
th
packet. Jitter of forwarded packets at node 0 is shown in Fig 7.


Fig 7: Jitter vs. Sequence number

6.2.4 Packet Loss
Packet loss is where network traffic fails to reach its
destination in a timely manner. Mostly packets get dropped
before the destination can be reached. Packet dropped / lost,
P
d
= P
s
-P
a
where P
s
is the amount of packet sent and P
a

amount of packet received.


Fig 8: Number of Dropped Invalid Packets
International Journal of Computer Trends and Technology (IJCTT) Volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1969

VII. CONCLUSION

In this Paper, we have presented a Modified HMAC-MD6
algorithm for securing the AODV routing protocol and
increasing resistance to key search attacks and providing
authentication as well as integrity. Much of research in the
area of Public Key Cryptography is done and it shows that it is
very slow and more power consuming than Symmetric
cryptography. This paper uses the power of HMAC by making
this non vulnerable which is a symmetric approach and
generates less calculation overhead and saves power
consumption of nodes. This paper analyses the performance
metrics like packets delivered successfully, packets lost,
unauthenticated packets dropped, network throughput, jitter
We have successfully implemented HMAC composition with
MD6 to secure AODV protocol. Lastly, according to the many
simulations that were performed, the newly proposed
Modified HMAC_MD6 scheme, built for normal AODV
routing protocol, gets a higher packet delivery fraction with
security than AODV. Thus, the proposed design, HMAC
based AODV, proves to be more efficient and less power
consuming than AODV routing protocol in defending against
both malicious and unauthenticated nodes.

VIII. FUTURE WORK

MANET is prone to various collaborative attacks because
of no centralized authority which are categorized as 1) Passive
attacks 2) Active attacks.Many of these attacks are due to
selfish and malicious nodes. In future perspective of this
dissertation, we can take into consideration the authenticated
selfish nodes in network and try to analyse the results of it on
ARAN performance. There are many techniques to increase
the strength of HMAC this dissertation uses strength of MD6
to generate the pseudorandom key while there are many other
techniques to increase the power of HMAC that can be used.
In future, HMAC_MD6 composition can be replaced with
other more secure hash functions better than MD6 found in
future. Same kind of HMAC composition with message digest
based mechanism can be designed to secure other routing
protocols like DSR,DSDV,TORA etc.

REFERENCES

[1] Ajay J angra, Nitin Goel, Priyanka, Komal, Security Aspects in
Mobile Ad Hoc Network (MANETs): A Big Picture, International
J ournal of Electronics Engineering, 2 (1),2010, pp. 189-196
C.E.Perkins and E.M.Royer, Ad-Hoc on Demand Distance Vector
Routing, Proceedings of the 2nd IEEE Workshop on Mobile
Computing Systems and Applications, pp.90-100, Feb, 1999.
[2] Asad Amir Pirzada, Chris McDonald, Secure Routing with the AODV
Protocol, (2005) Asia Pacific Conference on Communication, Perth,
IEEE, p.p. 57-61.
[3] Kimaya Sanzgiri, Daniel LaFlamme, Bridget Dahill, Brian Neil Levine,
Member, IEEE, Clay Shields, Member, IEEE, and Elizabeth M.
Belding-Royer, Member, IEEE Authenticated Routing for Ad Hoc
Networks, IEEE journal on selected areas in communications, vol. 23,
NO. 3, MARCH 2005
[4] Manel Zapata, Secure Ad hoc On-Demand Distance Vector (SAODV)
Routing, INTERNET DRAFT (September 2006) draft-guerrero-
manetsaodv-06.txt
[5] Abdalla Mahmoud Ahmed Sameh Sherif El-Kassas,Reputed
Authenticated Routing for Ad Hoc Networks Protocol (Reputed-
ARAN) ,Department of Computer Science The American University
in Cairo, Egypt
[6] Yih-chun hu and Adrian perrig and david b. Johnson, Ariadne: A
Secure On-Demand Routing Protocol for Ad Hoc Networks 2005
Springer Science + Business Media, Inc. Manufactured in The
Netherlands.
[7] Mr. Ravindra K. Gupta, Suketu D nayakSec.AODV for MANETs
using MD5 with Cryptography , Int. J . Comp. Tech. Appl., Vol 2 (4),
873-878
[8] Syeda Iffat Naqvi, Adeel Akram, Faculty of Telecom & Information
Engineering Pseudo-random Key Generation for Secure HMAC-
MD5 , 2011 IEEE
[9] Ronald L. Rivest, The MD6 hash function -A proposal to N1ST for
SHA-3.Submission to NIST, 2008
[10] NIST FIPS PUB 198, The Keyed-Hash MessageAuthentication Code
(HMAC), Federal Information Processing Standards PublicationIssued
March 6, 2002.
[11] Ns homepage - http://www.isi.edu/nsnam/ns/
[12] Ns manual - http://www.isi.edu/nsnam/ns/