ISSN (Print) : 2319-5940

ISSN (Online) : 2278-1021

International Journal of Advanced Research in Computer and Communication Engineering

Vol. 1, Issue 9, November 2012

Evaluating the performance of secure routing

protocols in Mobile Ad-hoc Networks
Shawkat K. Guirguis1, Ommelhana S .Saaid2
Professor of Computer Science & Informatics, Dept. of Information Technology,
Institute of Graduate Studies & Research, Alexandria University, Alexandria, Egypt1
Researcher in Dept. of Computer Science, Faculty of Science, Alexandria University, Alexandria , Egypt 2

ABSTRACT: Mobile ad hoc network (MANET) is a special type of mobile wireless network where a collection of mobile devices
form a temporary network without any aid of an established infrastructure. During data transmission between these devices there
may be malicious threats, attacks, and penetrations which alters the performance of the system and insecure transmission.
Multiple routing protocols especially for these conditions have been developed during the last years, to find optimized routes that
free from attacks from a source to some destination. This paper presents comparison based on simulation of three secure routing
protocol of MANET.

Keywords: Mobile Ad hoc Networks, NS2, SEAD, SAODV, SZRP

I. INTRODUCTION

A mobile ad hoc network (MANET) is a distributed paper we investigate the performance and efficiency of
dynamic system of moving wireless devices (nodes). three representative protocols for Mobile Ad hoc
Mobile ad hoc networks are autonomous systems Networks, we have chosen the secure protocols that fall
comprised of a number of mobile nodes that communicate under the most significant categories. Our simulation
using wireless transmission. They are self-organized, self- scenarios have been designed as to capture how different
configured and self controlled infrastructure-less networks. categories of MANET protocols cope with typical
This kind of network has the advantage of being able to be dynamic conditions and according to different scalability
set up and deployed quickly because it has a simple factors. We take into account variation of pause time
infrastructure set-up and no central administration . the (mobility), different packets rates and the malicious
major examples of these networks are in the military or environment , considering their effects on routing
the emergency services. efficiency (packet delivery ratio and normalized routing
In Mobile ad hoc networks the nodes are free to move, load), and network latency (end-to-end delay).
independent of each other, topology of such networks
keep on changing dynamically which makes routing much II. ROUTING IN MOBIE AD HOC NETWORKS
difficult. Therefore routing is one of the most concerns
areas in these networks. Normal routing protocol which One of the most exciting and challenging aspects of ad
works well in fixed networks does not show same hoc network is the routing issue. Most of the routing
performance in Mobile Ad Hoc Networks. In these protocols are designed for wired and structured network. It
networks routing protocols should be more dynamic so is often very hard to adopt these protocols for ad hoc
that they quickly respond to topological changes [1]. A network. Broadly routing protocols can be classified into
robust and flexible routing approach is required to three groups: reactive, proactive and hybrid. This is
efficiently use the limited resources available, while at the summarized in the following figure:
same time being adaptable to the changing network
conditions, such as network size (scalability), traffic
density and mobility.
Many security schemes from different aspects of
MANET have been proposed in order to protect the
routing information or data packets during
communications, such as secure routing protocols , In this

Copyright to IJARCCE www.ijarcce.com 710

 ISSN (Print) : 2319-5940
ISSN (Online) : 2278-1021

International Journal of Advanced Research in Computer and Communication Engineering

Vol. 1, Issue 9, November 2012

MANET Routing Availability guarantees the survivability of the network

Protocols
services despite attacks. A Denial-of-Service (DoS) is a
potential threat at any layer of an ad hoc network.
Confidentiality ensures that certain information be
never disclosed to unauthorized entities. It is of paramount
On-Demand Driven/ importance to strategic or tactical military
Table driven/
Proactive
Reactive communications.
DSDV
DSR Integrity ensures that a message that is on the way to
AODV
WRP
TORA the destination is never corrupted. A message could be
CGSR
....
.....
Hybrid
corrupted because of channel noise or because of
malicious attacks on the network.
ZRP Authentication enables a node to ensure the identity of
the peer node. Without authentication, an attacker could
masquerade as a normal node, thus gaining access to
Fig 1. classification of routing protocols sensitive information .
Non-repudiation ensures that the originator of a
A. ROACTIVE ROUTING PROTOCOLS
message cannot deny that it is the real originator. Non-
In table-driven or proactive protocols, the nodes repudiation is important for detection and isolation of
maintain an active list of routes to every other node in the compromised nodes.
network in a routing table. The tables are periodically
updated by broadcasting information to other nodes in the
network such as the Destination Sequenced Distance
Vector routing protocol(DSDV)[2].
IV. ISSUE IN SECURING THE ROUTING
B. REACTIVE ROUTING PROTOCOLS PROTOCOLS
In contrast to table driven routing protocols, on- Securing the routing protocols for ad hoc networks is a
demand routing protocols find route to a destination only very challenging task due its unique characteristics [8]. A
when it is required. The on-demand protocols have two brief discussion on how the characteristics causes
phases in common – route discovery and route difficulty in providing security in ad hoc wireless network
maintenance. In the route discovery procedure, a node is given below.
wishing to communicate with another node initiates a Shared radio channel: Unlike the wired networks where
discovery mechanism if it doesn’t have the route already a separate dedicated transmission line can be provided
in its cache. The destination node replies with a valid between a pair of end users, the radio channel used for
route. The route maintenance phase involves checking for communication in ad hoc networks is broadcast in nature
broken links in the network and updating the routing and shared by all nodes in the network. Data transmitted
tables. One of the most popular reactive protocol is Ad by a node is received by all the nodes within its direct
hoc On-demand Distance Vector routing protocol (AODV) transmission range. So a malicious node can easily obtain
[3]. data being transmitted in the network.
Insecure environment: The environment in which
C. HYBRID ROUTING PROTOCOLS MANET are generally used may not be always secure, for
Hybrid routing protocols inherit the characteristics of example, a battle field. In such environment, nodes may
both on-demand and table-driven routing protocols. Such move in and out of hostile and insecure enemy territory,
protocols are designed to minimize the control overhead where they would be highly vulnerable to security attacks.
of both proactive and reactive routing protocols. The best Lack of central authority: In wired networks or
example of hybrid routing protocols is the Zone Routing infrastructure based wireless networks it would be
Protocol (ZRP)[4]. possible to monitor the network traffic through routers or
base stations and implement security mechanisms at those
III. SECURITY GOALS points. Since MANET don’t have any such central points,
these mechanisms can’t be applicable to them.
To secure the routing protocols in MANET, researchers Lack of association rules: In MANET, since nodes can
have considered the following security services [5][6][7]: leave or join the network at any point of time, if no proper
authentication mechanism is used for associating nodes

Copyright to IJARCCE www.ijarcce.com 711

 ISSN (Print) : 2319-5940
ISSN (Online) : 2278-1021

International Journal of Advanced Research in Computer and Communication Engineering

Vol. 1, Issue 9, November 2012

with the network intruders can easily join the network and 3) Message modification : The attacker alters a legitimate
carry out attacks. message by deleting, adding to, changing, or reordering it.
Limited availability of resources: Resources such as
4) Denial-of-service: The attacker prevents or prohibits
bandwidth, battery power and computational power are
the normal use or management of communications
scare in ad hoc networks. Hence, it is difficult to
facilities.
implement complex cryptography-based security
mechanisms in such networks.
VI. SECURE ROUTING PROTOCOLS FOR AD
V. ATTACKS IN AD HOC NETWORKS HOC NETWORKS

We choosing three secure routing protocols , one based

Two kinds of attacks can be launched against ad-hoc on proactive protocol and the other based on reactive
networks [8] , passive and active attacks protocol , the last one depend in the hybrid approach of
A. PASSIVE ATTACKS the routing protocols.
A passive Attack is that attack in which an A. SAODV
unauthorized party gains access to an asset and does not The Secure Ad-hoc On-Demand Distance Vector
modify its content. The passive attacker does not send (SAODV) proposed by Zapata [9]is an extension of the
messages; it only eavesdrops on the network. The AODV routing protocol. It can be used to protect the route
malicious entity in this type of attack only listens to the discovery mechanism of AODV by providing security
traffic, without modifying or disturbing it. The main threat features like integrity, authentication and non-repudiation.
by such an attack is that some confidential information is The protocol operates mainly by using new extension
leaked to the attacker. Passive attacks can be either messages with the AODV protocol. In these extension
eavesdropping or traffic analysis. messages there is a signature produced by digesting the
1) Eavesdropping: The attacker monitors transmissions AODV packet using the private key of the original sender
for message content. An example of this attack is a person of the Routing message. The Secure-AODV scheme is
listening into the transmissions on a network topology based on the assumption that each node possesses certified
between two workstations or tuning into transmissions public keys of all network nodes. Ownership of certified
between a wireless handset and a base station. public keys enables intermediate nodes to authenticate all
in-transit routing packets. The originator of a routing
2) Traffic analysis : The attacker, in a more subtle way, control packet appends its RSA signature and the last
gains intelligence by monitoring the transmissions for element of a hash chain to the routing packets. As the
patterns of communication. A considerable amount of packets traverse the network, SAODV protocol gives two
information is contained in the flow of messages between alternatives for ROUTE REQUEST and ROUTE REPLY
communicating parties. messages. In the first case when a ROUTE REQUEST is
sent, the sender creates a signature and appends it to the
B. ACTIVE ATTACKS packet. Intermediate nodes authenticate the signature
An active attack is that attack in which an unauthorized before creating or updating the reverse route to that host.
party makes modifications to a message, data stream, or The reverse route is stored only if the signature is verified.
file. In an active attack, the malignant node actively When this packet reaches the final destination, the node
disturbs the normal operation of the network. This can be signs the ROUTE REPLY with its private key and sends it
done by forging packets, disrupting normal routing or back. The intermediate and final nodes, again verify the
consuming network resources etc. Active attacks may take signature before creating or updating a route to that host.
the form of one of four types masquerading, replay, The signature of the sender is also stored along with the
message modification, and denial-of-service (DoS). These route entry. The second case is also similar to the first one
attacks are summarized as: with the only disparity being that the ROUTE REQUEST
1) Masquerading : The attacker impersonates an message has another signature that is always stored along
authorized user and thereby gains certain unauthorized with the reverse route.
privileges.
This second signature is used in the regular and
2) Replay : The attacker monitors transmissions (passive gratuitous ROUTE REPLYs to future ROUTE
attack) and retransmits messages as the legitimate user. REQUESTs that the node might reply to as an
intermediate node.

Copyright to IJARCCE www.ijarcce.com 712

 ISSN (Print) : 2319-5940
ISSN (Online) : 2278-1021

International Journal of Advanced Research in Computer and Communication Engineering

Vol. 1, Issue 9, November 2012

B. SEAD are generated a priori and exchanged through an existing,

The Secure and Efficient Ad hoc Distance vector perhaps out of band, relationship between CA and each
routing protocol (SEAD) [10] is based upon the DSDV- CN. Before entering the ad hoc network, each node
SQ routing protocol (which is a modified version of DSDV requests a certificate from it’s nearest CA. Each node
routing protocol). It uses efficient one-way hash functions receives exactly one certificate after securely
to authenticate the lower bound of the distance metric and authenticating their identity to the CA. The methods for
sequence number in the routing table. More specifically, secure authentication to the certificate server are
for authenticating a particular sequence number and numerous and hence it is left to the developers; a
metric, the node generates a random initial value x Є significant list is provided by [15].
SZRP is a two phase protocol. The first phase is the
(0,1) where  is the length in bits of the output of the
preliminary certification process where each CN fetches
hash function, and computes the list of values
their required keys from their nearest CA. The second
h0,h1,h2,h3,…,hn, where h0=x , and hi = H(hi-1) for 0< i ≤ n ,
routing by applying the process of digital signature and
for some n. As an example, given an authenticated hi
message encryption.
value, a node can authenticate hi-3 by computing H (H (H
(hi-3))) and verifying that the resulting value equals hi. VII. SIMULATION EXPERIMENTS
Each node uses one authentic element of the hash chain in
We used standard simulator tool NS2 for simulation [16]
each routing update it sends about itself with metric 0.
Network simulator (NS2) is an event driven simulator tool
This enables the authentication for the lower bound of the
and designed specifically to study the dynamic nature of
metric in other routing updates for that node. The use of a
wireless communication networks. A scenario is set up for
hash value corresponding to sequence number and metric
simulation to evaluate the performance of three secure
in a routing update entry prevents any node from
protocols SAODV, SEAD and SZRP . This scenario is run
advertising a route greater than the destination’s own
7 times with different values of the pause time ranging
current sequence number. The receiving node
from 0 to 600 seconds for each protocol ( in total 84 run ) .
authenticates the route update by applying the hash
Other scenario is generated with different packet rate 2,4
function according to the prior authentic hash value
and 6 ,with fixed pause time . And the last scenario with
obtained and compares it with the hash value in the
malicious environment is run 6 times with different
routing update message. The update message is authentic
numbers of malicious nodes from 2 to 12 nodes for each
if both values match. The source must be authenticated
protocol ( in total 72 run).
using some kind of broadcast authentication mechanism
The data is collected according to three metrics –
such as TESLA [11]. Apart from the hash functions used,
Packet Delivery Fraction , Normalized Routing Load and
SEAD doesn’t use average settling time for sending
End to end delay .
triggered updates as in DSDV in order to prevent
eavesdropping from neighbouring nodes. A. PARAMETER SETUP
C. SZRP To get fair results between three secure routing protocol
(SAODV, SEAD and SZRP ) we fixed the scenario and
The Secure Zone Routing Protocol (SZRP) is based on
parameters setup , in following table some details on
the concept of Zone Routing Protocol (ZRP) [12,13]. It is
settings used in experiments :
a hybrid routing protocol that combines the best features
TABLE I
of both proactive and reactive approaches and adds its PARAMETER SETUP FOR SIMULATION
own security mechanisms to perform secure routing. Parameter Value
SZRP is designed to address all measure security concerns Operating System Linux Ubuntu 10.04
like end to end authentication, message/packet integrity Simulation NS-2 (Version 2.34)
and data confidentiality during both intra and inter-zone Area Size 1000 m * 1000 m
routing. For end to end authentication and message/packet Maximum Speed 20 m/s
integrity RSA digital signature mechanism is employed, Maximum Connection 20
where as data confidentiality is ensured by an integrated Packets Rate 2,4,6 Packets / Second
approach of both symmetric and asymmetric key Traffic Type CBR
encryption [14]. Simulation Time 600 (sec)
SZRP requires the presence of trusted certification Pause Time 0,100,200,300,400,500,600
servers called the certification authorities (CAs) in the Packet Size 512 bytes
Number of node 100
network. The CAs are assumed to be safe, whose public
Malicious nodes 2,4,6,8,10,12
keys are known to all valid CNs(common nodes). Keys

Copyright to IJARCCE www.ijarcce.com 713

 ISSN (Print) : 2319-5940
ISSN (Online) : 2278-1021

International Journal of Advanced Research in Computer and Communication Engineering

Vol. 1, Issue 9, November 2012

B. PERFORMANCE METRICS means that SAODV produced more throughputs compared

The performance metrics that have been used in this to SEAD and SZRP in total runtime of the simulations. At
simulation is : low pause time, SAODV gives higher PDF reading, But,
when the pause time increased SZRP perform better than
1) Packets Delivery Fractions (in percentage): SAODV and SEAD .
The ratio of the data packets delivered to the destinations In overall, PDFs percentage readings are increased
to those generated by the Constant Bit Rate (CBR) sources. from lower pause time to larger pause time because all
PDF shows how successful a protocol performs delivering nodes involved will be more steady, stable and accessible
packets from source to destination. to all active nodes.
Packet Delivery Fraction (pdf %) = (received In figure 2 , on the same pause time with increasing
packets/ sent packets) * 100 packets rate also SAODV outperform both SEAD and
SZRP . from the results we observe The PDF percentage
decrease with increasing the packets rate
Packet Delivery F raction
2) Average End to End Delay :
100
98 The delay experienced by packet from the time it was
96 sent by a source till the time it reached the destination.
PDF(%)

94 This includes all possible delays caused by buffering

92
during route discovery latency, queuing at the interface
90
88
queue, retransmission delays at the MAC and propagation
86 and transfer times. For each packet sent, calculate the
0 100 200 300 400 500 600 send time and receive time, then average it.
Pause Time(sec)

SAODV SEAD SZRP End-to-Ennd Delay

6
Fig. 1 Packet Delivery Fraction (%) vs Pause Time
5
4
Delay(s)

Packet Delivery Fraction

3
100 2

95 1
0
PDF(%)

90
0 100 200 300 400 500 600
85 Pause Time(sec)
80
SAODV SEAD SZRP
75
Packet rate = 2 Packet rate = 4 Packet rate = 6
Packet Rate
Fig. 4 End to End Delay vs Pause time

SAODV SEAD SZRP

End-to-End Delay
Fig. 2 Packet Delivery Fraction (%) vs Packets rate 5

4
Packets Delivery Fraction With Attacks
Delay(s)

80 2
70 1
60
50 0
pdf(%)

40 Packet rate =2 Packet rate =4 Packet rate =6

30 Packet Rate
20
10 SAODV SEAD SZRP
0
2 4 6 8 10 12
Fig. 5 End to End Delay vs Packets rate
No. of malicious nodes

SAODV SEAD SZRP

Fig. 3 Packet Delivery Fraction (%) vs malicious nodes

From the Figure 1, the results shows that SAODV

outperform both SEAD and SZRP in PDF percentage. It

Copyright to IJARCCE www.ijarcce.com 714

 ISSN (Print) : 2319-5940
ISSN (Online) : 2278-1021

International Journal of Advanced Research in Computer and Communication Engineering

Vol. 1, Issue 9, November 2012

End-to-End De lay With Attack s

Fig. 8 Normalize Routing Load vs Packets rate

8 Normalize Routing Load With Attacks

7
6
Delay(s)

5 350
4 300
3
2 250
1 200

NRL
0
150
2 4 6 8 10 12
100
No. of m alicious node s
50

SAODV SEAD SZRP 0

2 4 6 8 10 12
No.of malicious nodes
Fig. 6 End to End Delay vs malicious nodes
SAODV SEAD SZRP
From the result, showing in figure 4 we can see that
SAODV had higher delay , the delay in SZRP slightly less Fig. 9 Normalize Routing Load vs malicious nodes
than SEAD and become equal in large pause time.
The results from Figure 7, show that the routing load
From figure 5 with increasing packets rates the delay
decreased when reaching towards the end of the
increase , and the SAODV still have larger delay in
simulation. SZRP and SEAD out perform SAODV , we
compare with SZRP and SEAD.
also can see in lower pause time SEAD perform better
In figure 6, The delay increase with increasing the
than SZRP , but in larger pause time (Starting from 300
number of malicious node. SAODV has larger delay in
seconds) SZRP gives reading better than SEAD.
because it uses asymmetric key cryptography so it
In the figure 8 , in three protocols the routing load
requires significant processing time to compute or verify
increase with increasing packets rates, SAODV gives
signatures and hashes at each node.
highest load and then come SZRP and the lowest load
3) Normalized Routing Load : give by SEAD. On other hand in lowest pause time the
The number of routing packets transmitted for every routing load decrease because the high mobility of the
data packet sent. Each hop of the routing packet is treated nodes.
as a packet. Normalized routing load are use as the ratio Form the results showing in figure 9, The NRL also
of routing packets to the data packets. increase with more number of malicious node. SAODV
As for the calculation, Normalized Routing Load = score high load value so, SEAD and SZRP perform better
routing packets sent / packet received and less load than SAODV.

Normalize Routing Load VIII. CONCLUSION

120
100
The two most important issues in mobile ad hoc
80 networks are the performance and security. Each mobile
NRL

60 node in a MANET acts as a router by forwarding the

40
packets in the network. Hence, one of the challenges in
20
0
the design of routing protocols is that it must be tailored to
0 100 200 300 400 500 600 suit the dynamic nature of the nodes. In this paper we
Pause Time(sec)
investigate the performance and security of three secure
SAODV SEAD SZRP
MANET routing protocols. SEAD provides low
Fig. 7 Normalize Routing Load vs Pause time
computational overhead, and is relatively simple, making
it suitable for use in environments where there is low
mobility. but It need to take a collaborative security
Normalize Routing Load
approach to be to more robust . and other secure protocols
100 SAODV in the most situation more secure than SEAD but
80 it high over load due to asymmetric cryptography , the last
60
one SZRP gives a better solution towards achieving the
NRL

40

20
security goals like message integrity, data
0
confidentiality and authentication, by taking an
Packet rate =2 Packet rate =4 Packet rate =6 integrated approach of digital signature and both the
Packet Rate
symmetric and asymmetric key encryption technique.
SAODV SEAD SZRP

Copyright to IJARCCE www.ijarcce.com 715

 ISSN (Print) : 2319-5940
ISSN (Online) : 2278-1021

International Journal of Advanced Research in Computer and Communication Engineering

Vol. 1, Issue 9, November 2012

REFERENCES

[1] Nitin H. Vaidya,”Mobile Ad Hoc Networks: Routing, MAC and

Transport Issues”, University of Illinois at Urbana-Champaign,
Tutorial presented at: INFOCOM 2004 (IEEE International
Conference on Computer Communication).
[2] C. Perkins and P. Bhagwat, Highly Dynamic Destination-
Sequenced Distance-Vector Routing (DSDV) for Mobile
Computers. In Proc. of the ACM SIGCOMM, October 1994.
[3] C.E. Perkins, E. Royer, and S.R. Das, "Ad hoc on demand distance
vector (AODV) routing," Internet Draft, March 2000.
[4] Haas Z.J, “ A new routing protocol for the reconfigurable wireless
network”. In Proceedings of the 1997 IEEE 6th International
Conference on Universal Personal Communications, ICUPC '97,
San Diego, CA, October 1997; pp. 562 -- 566.
[5] Mishra Amitabh, Nadkarni Ketan M., and Ilyas Mohammad.
“Chapter 30: Security in wireless ad-hoc networks, the handbook of
Ad hoc wireless network”. , CRC PRESS Publisher, 2003.
[6] A Study of Secure Routing in MANET: various attacks and their
Countermeasures Abari Bhattacharya , Prof. Himadri Nath Saha ,
IEMCON , Jan 2011
[7] Security in Wireless Ad Hoc Networks , Eric Lee ,Science
Academy Publisher, United Kingdom , Vol. 1, No. 1, March 2011
[8] C.Siva Ram Murthy and B. S. Manoj. “Ad hoc wireless networks:
Architecture and Protocols”. Prentice Hall Publishers, May 2004,
ISBN 013147023X.
[9] M. Guerrero Zapata and N. Asokan, “Securing Ad Hoc Routing
Protocols,” Proceedings of the ACM Workshop on Wireless
Security (WiSe), ACM Press,2002, pp.1-10.
[10] Y. C. Hu, D. B. Johnson, and A. Perrig, “SEAD: Secure Efficient
Distance Vector Routing for Mobile Wireless Ad Hoc Networks,”
Ad Hoc Networks Journal, 1, 2003
[11] William Stallings. “Network Security essentials: Application and
Standards”, Pearson Education , Inc 2003, ISBN 0130351288.
[12] Haas Z. J., Pearlman M. R., and Samar P., “The Zone Routing
Protocol (ZRP)”, IETF Internet Draft, draft-ietf-manet-zone-zrp-
04.txt, July 2002.
[13] Jan Schaumann, “Analysis of Zone Routing Protocol”, Course
CS765, Stevens Institute of Technology Hoboken, New Jersey,
USA, 8th December 2002
[14] Behrouz A. Forouzan, “Cryptography and Network Security”,
Special Indian Edition, Tata McHill publication, 2007
[15] J. J. Tardo and K. Algappan, “SPX: Global authentication using
public key certificates”, In Proceedings of the 1991 IEEE
Symposium on Security and Privacy, pages 232–244, Oakland, CA
USA, May 1991. IEEE Computer Society Press.
[16] The Network Simulator NS-2 tutorial homepage,
http://www.isi.edu/nsnam/ns/tutorial/index.html

Copyright to IJARCCE www.ijarcce.com 716