Upload
amir-reda
View
103
Download
7
Embed Size (px)
Citation preview
i
ACKNOWLEDGEMENTS
I would like to thank my thesis advisors; Prof. Hassan Elkamchouchi, Dr. Yasmine
Abouelseoud and Dr. Sherif Khattab for helping me a lot in my master thesis journey. I would
like to express the deepest appreciation to Dr. Sherif Khattab who was abundantly helpful
through all his support, guidance and sharing his extensive knowledge during this process.
Without his encouragement and advice the success of this thesis would not have been
possible.
With a full heart, I thank my beautiful wife for her amazingly supportive and my parents,
and my many encouraging friends for all their love, help, and understanding during this
process. This thesis would have remained a dream had it not been for them. Words cannot
describe the appreciation and gratitude I have towards their huge contributions and positive
attitudes. It truly takes a village and I am lucky to be a part of a great one.
I would like to thank NS3 Google users group who helped me to understand NS3 simulator
and answered all my questions about how to implement the work of this thesis.
ii
DECLARATION
I declare that no part of the work referred to in this thesis has been submitted in support of
an application for another degree or qualification from this or any other University or
Institution.
iii
ABSTRACT
Geographical routing protocols in highly-dynamic aeronautical ad-hoc networks are
vulnerable to fake geo-location information as an attack that affects network performance. In
this thesis, a secure geographical routing and identification protocol, called SAeroRP, for
multi-hop routing in a highly dynamic aeronautical ad-hoc network is presented. SAeroRP
uses the ground station as a trusted third party for authentication and key transport. Each
packet used in the protocol is authenticated and encrypted to prevent fake geo-location
information. NS3 simulation analysis shows that the packet delivery ratio for the aeronautical
routing protocol AeroRP decreased to up to 50 %, depending on attack type and number of
attackers. On the contrary, the attack has minimal effect on SAeroRP and the packet delivery
ratio is almost the same as that without attack.
iv
SUMMARY
Identification Friend or Foe (IFF) is a technique that is used to identify aircrafts to ground
stations or air traffic control ATC centers and to acquire some data from aircraft to be used for
aircraft guidance to avoid flight accidents. For military use, IFF is responsible to identify if
this aircraft is friend to be protected from friend fires or if it is enemy aircraft to be hit to
protect our troops from its attack. IFF system has been modified through decades using new
technologies until it has been stopped in 1992 with introducing Mark XV. Due to fratricide of
the IFF system during the gulf war, this led to generate the second generation of IFF.
Air borne networks are used to connect aircrafts with each other and to connect aircrafts to
ground stations in order to regulate air traffic or provide other services to aircrafts. In order to
communicate between aircrafts and also ground stations, there are numerous routing protocols
that can be used depending on network topology or geographic information of aircrafts.
However, those protocols are vulnerable to different attacks. Another challenge in choosing a
routing protocol that suits a network is the dynamic nature of aeronautical environments.
In order to have the most appropriate gain of both network services and environment
challenges especially for military aircrafts, AeroRP routing protocol has been chosen to be
used for better performance of the network. But due to vulnerabilities to attacks, it is unsecure
for network services especially for data transfer between ground station and aircrafts and
guidance missions.
Different types of attacks are applied to AeroRP and the network performance is measured
under the attack and it is compared to the performance without any type of attack. First, we
applied a black-hole attack which deceives aircrafts with false information. Second, we
applied another type of attack, we call it GS attack. Finally, we combined both attacks and
applied both to the network and studied the effect of the attacks on network performance.
In order to avoid fratricide of old IFF systems and get the gain from air borne networks
and also avoid vulnerabilities to attacks, we present our proposed solution SAeroRP which
provides identification for aircrafts and also secure all types of communication between
aircrafts with each other or with ground stations. Moreover, the network performance is
measured using our new proposed solution and we compare between the network
performance under AeroRP and SAeroRP. Furthermore, we applied the previous attacks
scenarios to the network operating under SAeroRP and studied the effect of attacks on the
network performance. The simulation results indicate the superiority of SAeroRP over
AeroRP under different types of attacks.
v
TABLE OF CONTENTS
ACKNOWLEDGEMENTS ................................................................................................................................ I
DECLARATION ............................................................................................................................................ II
ABSTRACT ................................................................................................................................................. III
SUMMARY ................................................................................................................................................. IV
TABLE OF CONTENTS .................................................................................................................................. V
LIST OF ABBREVIATIONS ........................................................................................................................... VII
LIST OF FIGURES ........................................................................................................................................ IX
LIST OF TABLES .......................................................................................................................................... XI
CHAPTER 1.................................................................................................................................................. 1
1 INTRODUCTION .................................................................................................................................. 1
1.1 IDENTIFICATION HISTORICAL BREIF ................................................................................................. 1 1.2 AERONAUTICAL AD-HOC NETWORKS (AANETS) ............................................................................... 4 1.3 ATTACKS ON AANET’S ROUTING PROTOCOLS .................................................................................. 6 1.4 PROBLEM STATMENT ...................................................................................................................... 7 1.5 OBJECTIVE ........................................................................................................................................ 8 1.6 SCOPE .............................................................................................................................................. 8 1.7 PROPOSED SOLUTION ...................................................................................................................... 8 1.8 CONTRIBUTIONS .............................................................................................................................. 9 1.9 THESIS ORGANIZATION .................................................................................................................... 9
CHAPTER 2................................................................................................................................................. 10
2 BACKGROUND AND RELATED WORK ................................................................................................. 10
2.1 AANET ROUTING PROTOCOLS........................................................................................................ 11 2.1.1 Topology-based Routing Protocols ........................................................................................... 11 2.1.2 Geographical Routing Protocols ............................................................................................... 12
2.2 AERORP .......................................................................................................................................... 13 2.2.1 AeroRP Operation ..................................................................................................................... 13 2.2.2 Decision Metrics ........................................................................................................................ 14
2.3 X.509-BASED AUTHENTICATION AND KEY TRANSPORT ................................................................. 16 2.4 AUTHENTICATED ENCRYPTION USING AES-GCM ........................................................................... 17 2.5 GCM USAGE ................................................................................................................................... 17 2.6 AES-GCM MODEL ARCHITECTURE .................................................................................................. 19 2.7 ALGORITHM DESCRIPTION............................................................................................................. 19
2.7.1 Encryption Process .................................................................................................................... 19 2.7.2 Decryption Process .................................................................................................................... 21
2.8 ADS-B PROTOCOL OVERVIEW ........................................................................................................ 22 2.9 DPP (DUAL PATH PKI) ..................................................................................................................... 23 2.10 ADS-B/GPSR ................................................................................................................................... 24 2.11 SPAAR SECURE POSITION-AIDED AD-HOC ROUTING ..................................................................... 26
CHAPTER 3................................................................................................................................................. 27
3 DESIGN OF AERORP AND ATTACK MODEL ......................................................................................... 27
3.1 AERORP IMPLEMENTATION WITH GS ON NS3 ............................................................................... 27 3.2 AERORP HEADER FORMAT ............................................................................................................. 28 3.3 HELLO HEADER ............................................................................................................................... 29 3.4 GS GEOLOCATION HEADER ............................................................................................................ 29 3.5 GSTOPOLOGY HEADER ................................................................................................................... 30 3.6 AERORP OPERATION ...................................................................................................................... 31
vi
3.7 ATTACK MODEL.............................................................................................................................. 32
CHAPTER 4................................................................................................................................................. 35
4 DESIGN OF SAERORP ........................................................................................................................ 35
4.1 SAERORP DESIGN ........................................................................................................................... 35 4.2 SAERORP IMPLEMENTATION WITH GS ON NS3 ............................................................................. 35 4.3 AUTHENTICATIONREQUEST HEADER ............................................................................................. 36 4.4 AUTHENTICATION REPLY HEADER ................................................................................................. 37 4.5 SHELLO HEADER ............................................................................................................................. 38 4.6 SGS HEADER ................................................................................................................................... 38 4.7 SGSTOPOLOGY HEADER ................................................................................................................. 39 4.8 SAERORP OPERATION .................................................................................................................... 40 4.9 ALGORITHM DESCRIPTION............................................................................................................. 44
CHAPTER 5................................................................................................................................................. 46
5 EXPERIMENTAL EVALUATION ............................................................................................................ 46
5.1 PERFORMANCE METRICS ............................................................................................................... 46 5.2 SIMULATION SETUP ....................................................................................................................... 46 5.3 EFFECT OF ATTACKS ON AERORP ................................................................................................... 47 5.4 ANALYSIS OF AERORP VS SAERORP ...................................................................................................... 52
CHAPTER 6................................................................................................................................................. 57
6 CONCLUSIONS AND FUTURE WORK .................................................................................................. 57
REFERENCES ........................................................................................... ERROR! BOOKMARK NOT DEFINED.
vii
LIST OF ABBREVIATIONS
Abbreviation Term
AES Advanced Encryption Standard
AES-GCM The Galois / Counter Mode of Operation
MANET Mobile Ad-hoc Network
AANET Aeronautical Ad-hoc Network
AN Air-borne Node
GS Ground Station
UDP User Datagram Protocol
PKI Public Key Infrastructure
IV Initial Value
GF Galois Field
AAD Additional Authenticated Data
Cert Certificate
TTI Time to Intercept
GPS Global Positioning System
ADS-B Automatic Dependent Surveillance-Broadcast
DPP Dual path PKI
FAA Federal Aviation Administration
FTI Federal Telecommunications Infrastructure
CRL Certificate Revocation List
ATC Air Traffic Control
ECC Elliptic Curve Cryptography
RSA Rivest-Shamir-Adelman
MSB Most Significant Bit
GHASH Galois Hash Function
LET link expiration time
viii
NOMENCLATURE
Symbol Meaning
Euclidean distance
R Maximum Transmission Range
Relative Speed
Velocity in x-direction
Velocity in y-direction
Constant
Ta Time Stamp
Ra Random Number
A/B Identifier
Sa Signature of Data
Ea Encryption with RSA
K Shared Key
CertA Certificate
Plain Text
Cipher Text
ix
LIST OF FIGURES
Figure 1.1 Mark XII Modes Of Operation. ............................................................................ 3
Figure 1.2 AANET network topology [1]. ........................................................................... 5
Figure 1.3 Classification of AANETs routing protocols [1]. ............................................... 6
Figure 1.4 AANETs possible attacks [6]. ............................................................................. 7
Figure 2.1 Security Services ................................................................................................ 10
Figure 2.2 AeroRP operation flow chart .............................................................................. 13
Figure 2.3 Potential neighbor moving towards destination ................................................. 15
Figure 2.4 X.509-based protocols for authentication and key transport ............................. 16
Figure 2.5 Authenticated Encryption process using AES-GCM ......................................... 18
Figure 2.6 Authenticated Decryption using AES-GCM ...................................................... 18
Figure 2.7 AES-GCM Authentication Encryption process architecture.............................. 20
Figure 2.8 AES-GCM Authentication Decryption process ................................................. 21
Figure 2.9 ADS-B / 1090 ES data link ................................................................................ 22
Figure 2.10 Overview of the ADS-B system architecture. Aircraft receives positional data
that is transmitted via the ADS-B Out subsystem over the 1090ES or the UAT data link. It is
then received and processed by ground stations and by other aircraft via the ADS-B In
subsystem. ................................................................................................................................ 23
Figure 2.11 System integration of ADS-B and GPSR protocols ......................................... 25
Figure 2.12 ADS-B Data Integrity Mechanism ................................................................... 25
Figure 3.1 System architecture for AANET ........................................................................ 27
Figure 3.2 AeroRP Class Diagram ...................................................................................... 28
Figure 3.3 Packet format for TypeHeader ........................................................................... 28
Figure 3.4 Hello Type Header Packet .................................................................................. 29
Figure 3.5 GSGeolocation Type Header Packet .................................................................. 29
Figure 3.6 GSTopology Type Header Packet ...................................................................... 30
Figure 3.7 AeroRP Operation .............................................................................................. 32
Figure 3.8 Black hole attack ................................................................................................ 33
Figure 3.9 GS Attack ........................................................................................................... 34
Figure 4.1 SAeroRP Class Diagram .................................................................................... 36
Figure 4.2 Authentication request packet ............................................................................ 36
Figure 4.3 Authentication Reply packet .............................................................................. 37
Figure 4.4 SHello Packet ..................................................................................................... 38
Figure 4.5 SGS Header Packet ............................................................................................ 39
Figure 4.6 SGSTopology Packet Header ............................................................................. 40
x
Figure 4.7 SAeroRP Flow Chart .......................................................................................... 41
Figure 4.8 SAeroRP phase 1 Authentication and Key Transport ........................................ 42
Figure 4.9 SAeroRP phase 2 Message Encryption .............................................................. 42
Figure 4.10 Activity Diagram For SAeroRP ....................................................................... 43
Figure 5.1 Effect of Black-hole attack with different percentage of attackers on the Packet
Delivery Ratio for the AANET ................................................................................................ 48
Figure 5.2 Effect of Black-hole attack with different percentage of attackers on the End To
End Delay for the AANET ....................................................................................................... 49
Figure 5.3 Effect of GS attack with different percentage of Black hole attackers on the
Packet Delivery Ratio for the AANET ..................................................................................... 49
Figure 5.4 Effect of GS attack with different percentage of Black hole attackers on the End
To End Delay for the AANET .................................................................................................. 50
Figure 5.5 Effect of Number of Attackers on Packet Delivery Ratio (Number of ANs = 50).
.................................................................................................................................................. 51
Figure 5.6 Effect of Constant percentage of Attackers on the AANET .............................. 51
Figure 5.7 PDR Comparison Between AeroRP and SAeroRP ............................................ 53
Figure 5.8 End To End Delay Comparison Between AeroRP and SAeroRP ...................... 54
Figure 5.9 OverHead Routing Ratio Comparison Between AeroRP and SaeroRP ............. 55
Figure 5.10 PDR Comparison of AeroRP vs. SAeroRP with variable number of black-hole
attackers and 50 non-attackers. ................................................................................................. 56
xi
LIST OF TABLES
Table 1.1 IFF Modes Of Operation. ...................................................................................... 2
Table 5.1 Simulation Variables ........................................................................................... 47
1
CHAPTER 1
1 INTRODUCTION
Identification is one of the important tools needed by centralized operation centers for both
civilian and military applications in order to manage and control the movement of aircrafts. It
is clear that identification means to know the identity of the aircraft. However with time, this
has changed not only to know just the identity of the aircraft as friend or foe, but also to get
some information about the aircraft itself such as its location, height and speed. In this thesis,
a brief account on the history of identification through decades and our new approach to make
it related to new technologies in aircrafts and networking are discussed.
1.1 IDENTIFICATION HISTORICAL BREIF
IFF is an abbreviation of identification friend or foe after the use of aircraft in world war 1
it was needed to know is it my friend or not. As early as 1928, the British speculated on the
possible use of sirens, whistles, or “singing” wires to create a signal that could be heard even
if the aircraft could not be seen. Bomber command also considered schemes to use special
light signals to identify returning aircraft.
In 1939, the U.S. Navy mounted atop a destroyer a set of half-wavelength rods on a pole. A
motor rotated the pole and the rods along with it. The rotation changed the orientation of the
rods, hence their degree of resonance with distant radar and thus the strength of the radar
echoes. The radar echo from the destroyer oscillated in an obvious way that identified it as a
friend. This technique, while simple, had the same limitations as the aircraft system and
because of its simplicity was easy for an enemy to copy. The first transponders (which we can
call Cooperative question-and-answer systems which content of transponder and interrogator)
were the Mark I and Mark II developed in Britain and similar devices developed around the
same time by the U.S. Naval Research Laboratory (NRL).
These devices scanned all radar frequencies in use by friendly forces and retransmit a
pulse at the appropriate frequency whenever radar was detected. By 1941, the proliferation of
available radar frequencies required that IFF devices go to a single frequency, independent of
the radar‟s frequency. Thus, the radar could operate on whatever frequency was most
appropriate and an additional signal, part of the so-called “secondary” radar, would query the
target‟s identity. The Mark Ill was the first such device, sending and receiving signals in the
157-187 MHz. The Mark Ill became the standard IFF device used by the American, British,
and Canadian air forces during World War 2.
The Mark IV, developed at the U.S. Naval Research Laboratory (NRL), was the first IFF
system to use different frequencies for the query and the response 470 MHz and 493.5 MHz-
but it never came into widespread use. In 1942, the NRL began development of the Mark V,
also called the UNB or “United Nations Beacon,” which was to operate near 1 GHz. This
program was not completed until after the war but is important because the frequencies used-1
.03 GHz for queries and 1.09 GHz for replies-are still used today on both civilian and military
transponders. The next set of refinements appeared in the Mark “X,” which had a dozen query
and response channels available.
Mark X originally allowed aircraft to identify themselves as friendly but did not allow
different responses from different friendly aircraft. A capability, known as SIF allowed
different responses from different transponders. This capability, plus an encrypted query and
response mode added to the Mark X became Mark XII. (The Mark XII used for civilian
purposes without the encryption capability is still frequently referred to, especially in Europe,
as the Mark X-SIF.) The Mark XII was used by U.S. aircraft and ships but is not widely used
2
among U.S. allies. Mark XII sends out a query in the „„L” radar band, at a frequency of 1.03
GHz. The query is a pair of radio pulses. The time between the two pulses can be varied and
the transponder will interpret the query differently depending on the separation time between
the pulses.
The immediate predecessor of the Mark XII, the Mark X, used three different pulse
separations, each referred to as a „„mode. ‟ A pulse separation of 3 microseconds is “Mode l,”
5 microseconds is “Mode 2,” and 8 microseconds is “Mode 3.‟ These modes are still in use
today. The reply signal from the Mark X contained at least a pair of 1.09 GHz “framing"
pulses 20.3 microseconds apart. These pulses indicate when the reply message starts and
stops. Between the framing pulses of the response from the original Mark X lay six time slots
2.9 microseconds wide, each of which may or may not contain a radio pulse. A pulse in a
particular time slot represents a “1“and lack of a pulse represents a “O,‟ thus allowing
transmission of binary numerical data. Mark XII included an increase to twelve slots between
the framing pulses to allow for 4,096 possible replies. With the available number of possible
replies, airborne transponders can give a distinct reply that identifies not just whether the
aircraft is a friend but which aircraft it is-exactly as in civilian air traffic control today.
A program to develop an encrypted query mode was started in 1954. Mark XII IFF
devices have this encrypted question-and-answer mode, called Mode 4. The Mode 4 query
starts with four time synchronization pulses followed by up to 32 pulses that contain
encrypted information telling the receiving transponder that the query is a valid, friendly
query. Invalid queries are simply ignored by the transponder. The response to a Mode 4 query
is a string of three pulses. The reply can start after any of 16 possible time delays; thus by
changing the delay the reply can convey limited information.
Table 1.1 IFF Modes Of Operation.
pulse separation Delay (µ sec) Military
mode
Civilian
mode
Use
3 1 Military Function ID
5 2 Military Function ID
8 3 A Aircraft identification
17 B Not used internationally
21 C Altitude
25 D Not used internationally
3
Figure 1.1 Mark XII Modes Of Operation.
Each interrogation mode has a different time separating the pulses, except that military
Mode 3 is equivalent to civilian Mode A. The various Modes are shown in table. The pulse
separation in Mode 1 is so short that not all interrogators and transponders can handle the
insertion of a suppressor signal in Mode 1. The reply format consists of a pair of framing
pulses 20.3 microseconds apart with up to 12 signal pulses between them, although not all
modes use all the available signal pulses for information. The format is shown in Figure 1.1 .
Numerical values are transmitted in the replies in the form of four-digit “octal” or base eight
numbers of the form ABCD. Each of these digits is the sum of three pulse values.
For example, in Figure 1.1, three of the pulses are labeled Al, A2, and A4. The first digit in
the four-digit number is A which equals Al +A2+A4 where Al has a value of one, A2 a value
of two, and A4 a value of four if a pulse is present in the appropriate time slot, and zero
otherwise. Thus the decimal number 4,012, which is 7,654 in octal notation, would be
represented by A=7=A4+A2+A1, B=6=B4+B2, C=5=C4+C1, and D=4=D4. The resulting
pulse pattern is shown in Figure 1.1. Mode 4 pulses, the encrypted mode, have a different
4
format. The interrogation pulse starts with four time synchronization pulses. These are
followed by up to 32 data pulses. The arrangement of these pulses validates that the query is
indeed from a friendly interrogator and transponders should send a reply.
The reply is a set of three pulse delayed by various amounts. These formats are shown in
Figure 1.1 the three ways in which an enemy can defeat the purpose of an IFF system are
exploitation, spoofing, and denial. An enemy exploits an IFF system by getting information
from it. For example, if an enemy could record queries from a Mark XII interrogator and then
rebroadcast them, then he could trigger the Mark XII transponders and have friendly aircraft
identify themselves and reveal their positions. Even if recording valid queries were
impossible, an enemy could guess at queries, hoping to hit upon a valid combination. With
thousands of possible queries this may seem daunting, but in fact modem electronic devices
should allow transmission of scores of guessed queries per second.
Unfortunately in Gulf War in 1990 brought new attention to an old problem which is
fratricide or friendly fire that is casualties from U.S. or allied weapons fired at U.S. or allied
military personnel. Twenty-four percent of all U.S. combat fatalities in the war were caused
by friendly fire. Figure 1.1 seemed much higher than in previous wars and caused a sudden
focus on avoiding fratricide in future wars. The U.S. military and the American public are
becoming increasingly sensitive to the human costs of military involvement, especially for
contests of less than national survival. The United States has invested much in energy and
equipment to keep casualties low. The high fraction of deaths in the Persian Gulf War due to
fratricide was much higher than the nominal two percent rate frequently cited in the military
literature. Broad based data on fratricide rates are not available beyond numbers of killed and
wounded; fratricide has a compounding effect on combat effectiveness. Weapons aimed at
friends are not aimed at the enemy. Friends killed by friends are not able to fight the enemy.
Moreover, the psychological effects of friendly fire are always greater than from similar
enemy fire. Combatants expected to be shot at by the enemy.
According to the problems that mentioned above we concentrate on new technologies in
order to avoid those problems and put a solution depending on new technologies such as
AANETs and networking.
1.2 AERONAUTICAL AD-HOC NETWORKS (AANETs)
Aeronautical ad-hoc networks (AANETs) are an in-flight communication system to allow
aircraft to communicate with the ground or with each other also we can call it air borne
networks but we prefer to use AANET. AANETs represent a particularly challenging class of
MANETs (Mobile Ad-hoc Networks) where an aircraft acts as a self-aware node and
communicates with other aircraft and ground station (GS) entities. The air-borne node (AN)
acts as a router in order to forward data to other ANs or GS.
5
Figure 1.2 AANET network topology [1].
AANETs use different routing protocols which classified according to the network
structure adopted by the protocol design. Major challenges of AANETs are the design of
efficient routing protocols that dynamically find routes between two communicating nodes.
We briefly explain each type of the routing protocols.
Topology-based routing protocols depend on the network topology for forwarding the data
packets; it depends on the metrics on the network links because it depends on the address of
the destination node to forward the packet. It is divided into 3 categories, reactive in which
the routing protocols find an on demand route to the end destination by flooding the network
using route request packets and save the on demand data in a routing table which will be used
later to calculate the shortest path to destination [2].
Once a route has been established, it is maintained by a route maintenance procedure until
either the destination becomes inaccessible because a link ruptures or until the route is no
longer needed. Proactive in which the routing protocols maintain a fresh list of destinations
and their routes by periodically distribute through the network that make the source look at
the fresh routes to find the route to the destination. This strategy produces control traffic
which makes a high overhead routing; in other hand it makes low latency for route access.
Hybrid routing protocols combine between the advantages of the previous 2 types. The
routing protocols initially establish with proactive prospected routes then it serves the demand
from additionally activated nodes through reactive flooding.
6
Figure 1.3 Classification of AANETs routing protocols [1].
Geographical routing protocols require the assistance of a GPS (Global Positioning
System) to provide node position [3]. It doesn‟t require the establishment or maintenance of
routes. An advantage of geographic routing protocols is that they prevent network-wide
searches for destinations. Control and data packets can be sent in the general direction of the
destination if the recent geographical coordinates are known. This reduces control overhead in
the network.
The geographical routing protocols provide a better performance compared to topology
based protocols since there is no need for maintain routing tables or setup route paths before
sending a data packet, this is a noticeable advantages with regard to the strict latency
constraints needed for aeronautical services [4].
1.3 ATTACKS ON AANET’s ROUTING PROTOCOLS
Attacks are threats on a secure systems in order to make failing or cheating on the
information or data exchanged on the network. It can be divided into 2 main categories
according to the attack method the first category is active attack, the second one is passive
attack [5].
Active attacks involve modification of data packets with some false information. It can be
subdivided into 4 categories, masquerade which is an entity pretend to be another entity,
replay attack which uses some passive data and resend it to produce unauthorized effect,
modification which is the modification of message content, DOS (Daniel of Service) which
prevents the normal use of the network. Passive attacks are in the nature of eavesdropping or
monitoring on transmissions, it can be subdivided into 2 type‟s release of message content
which is trying to understand the content of the messages and traffic analysis in which we can
mask the content of the messages or other information.
AANETs is vulnerable to different types of attacks which can be classified into 2
categories according to the attack against the packet types, the first category is data packet
attack which attack the data packet, the second category is control packet attacks. The attacker
uses the control packets to deceive the nodes and provide it with false information which
make the node takes a false decision metrics, also attacker tries to avoid the data packet to
reach its destination.
7
Figure 1.4 AANETs possible attacks [6].
1.4 PROBLEM STATMENT
AANETs have many challenges, which can be divided into 2 main categories. The first
category is network-based. The legacy systems use a point-to-point links which has a limited
bandwidth, these links cannot cope with the demand of data exchange between the ANs and
GS [7].
The highly dynamic environment in which the AN moves in 3D with a random movement
make it unsuitable for topology based routing protocols or traditional MANET routing
protocols[8]. Therefore, the mobility of the nodes and the variability of the state of the links
result in a network with fast and unpredictable topology changes. Also high speed of nodes
(up to 7 Mach) lead to short contact time between ANs, frequent link breaks which make the
connectivity between ANs is not easy to continue for long time [9].
The second category of challenges is security-related due to AANET environment which
make it vulnerable to both active and passive attacks. Which make it needs to have a secure
system to prevent the network from attacks. In this thesis we are interested in the securing part
of the ANNETs.
The structure of AANETs is shown in Figure 1.2 GS and ANs that are communication
directly with each other or if the AN is out of transmission range of the GS or other ANs it
just forward the data packet to another AN which is near to the destination by a certain
decision metric which will deliver it to the destination. We suppose that the GS detects all the
ANs and has all the geolocation information about it. All the ANs change geolocation
information with each other by sending a hello beacon and store it in neighbor table. The GS
8
broadcasts geolocation information for all the ANs which will be stored in a position table to
have the decision metrics to forward the data to the destination or the nearest neighbor to the
destination.
Due to the reveal of geolocation information for ANs or GS broadcast this make the
network to be vulnerable to attacks and make the whole network nodes known to any
eavesdrop and discover the geolocation information of all the ANs which make the whole
mission in danger.
1.5 OBJECTIVE
Our objectives in this thesis are to
Create a secure AANET such that each node in the network is authenticated and to
secure the entire packets in the network.
Distribute a shared key in a safe way to be used in the entire network which will be
used in encrypting and decrypting the entire packets between the nodes.
Use an encryption and decryption algorithm that guarantees low latency of the
packets and provides confidentiality, authentication, integrity, and non-repudiation.
1.6 SCOPE
In this thesis our scope is constructing a secure way for identification and communication
between aircrafts with each other and with also ground stations using support of new
technologies and networking.
We choose support of AANETs new technology to support open air communication
between both aircrafts and ground stations, in order to do that we choose a good performance
routing protocol that is suitable for highly dynamic environment with random movement
which is AeroRP.
In order to do our goal first of all we need to use identification technique for each aircraft
but unfortunately as mentioned before the disadvantage of traditional identification techniques
also what make it easy to be vulnerable cause of short message so we choose another method
to make authentication for each aircraft and make a key exchange also.
In order to secure communication between the AANET nodes we use we used an
authenticated encryption method that provide the network with both message authentication
and message confidentiality.
We suppose that we have a secure channel to distribute the certificate of each node in the
network by sending a certificate request and the CA sends the certificate back to the node.
Each node creates its own RSA key pairs in order to be used during the authentication
process.
1.7 PROPOSED SOLUTION
According to the previous challenges we propose design and analysis of a routing protocol
SAeroRP. AeroRP has a better performance than traditional AANET routing protocols with
the aid of the GS [10], it solves the network based challenges and is suitable for the AANET
environment especially for very high speed ANs.
The GS advertise the geolocation information for all the ANs periodically every 5 seconds
the ANs store this information in its position table which it uses to locate destination
geolocation information, the same advertisement for each ANs advertise its own geolocation
information every second to its neighbors, neighbors store the geolocation information on its
own neighbor table.
9
AeroRP uses heuristic metric called TTI (time to intercept) which chooses the best
neighbor to forward the packet until it reaches the destination.
In order to solve the security based challenge we design SAeroRP routing protocol which
is based on AeroRP. According to the benefit of using GS in the network we use it as a trusted
third party in order to make authentication and shared key transport to the entire network as a
first phase. The second phase uses the shared key to make encrypted authentication for both
the control and data packets to prevent them from the previous attacks as shown in figure
Figure 1.4.
1.8 CONTRIBUTIONS
The contributions of this thesis are the following
Design SAeroRP secure routing protocol message headers and modes of the
protocol.
Implement AeroRP on NS3 simulator. The source code for AeroRP was not
available because of restricted rules from the university because this protocol was
designed for US DOD (department of defense)
Implement GS (Ground Station) updates. It provides location updates for aircrafts.
Implement SAeroRP on NS3.
Implement attack types on AeroRP and analyze the results using NS3 simulator.
Implement AES-GCM authentication encryption method on NS3 simulator.
1.9 THESIS ORGANIZATION
The rest of this thesis is organized as follows. Chapter 2 briefly discusses background and
related work on AANET routing protocols with some examples of it, X.509- based
authentication and key transport, authenticated encryption using AES-GCM mode and
examples for some secure AANETs routing protocols. Chapter 3 discusses AeroRP design
and different types of attacks and analyzes the results on NS3. Chapter 4 discusses SAeroRP
details. Chapter 5 discusses performance and analysis of SAeroRP using NS3 simulator.
Chapter 6 discusses conclusion.
10
CHAPTER 2
2 BACKGROUND AND RELATED WORK
Routing protocols operate in the network layer of the protocol stack and discover paths
between a source and a destination. The discovered paths are then populated in the node's
forwarding tables. When a packet arrives at an intermediate node and destined for a particular
destination, the intermediate node refers to its forwarding table to determine the next hop
address for that destination. The packet is then forwarded to that next hop node. Routing
protocols use routing algorithms to discover paths. These routing protocols are also vulnerable
to different types of attacks which affect on the decision of next hop so the data packet can‟t
be forwarded correctly.
Network security should provide some services as shown in Figure 2.1. Security services
can be divided into 2 main categories. The first one is entity and providing authentication to
this entity. Authentication is the answer of question who are you? The user is identified prior
to the access of the system resources[11].
Message or a packet should be having other services. Confidentiality is privacy for the
message or no one can know the real content of the message except the receiver. Integrity
means that the data must arrive at the receiver as it was sent with no modification.
Authentication means that the receiver must be sure of the sender identity to accept the
message. Nonrepudition means that sender can‟t deny the message which he did sent.
Figure 2.1 Security Services
11
2.1 AANET ROUTING PROTOCOLS
The primary features of AANETs such as mobility and lack of infrastructure support, pose
a significant challenge to accurate routing of packets. Thus the protocols being designed for
AANETs should take these effects into consideration. Routing protocols are classified as
topology-based and geographical-based depending on the type of information used for
discovering routes. Topology-based protocols use information about the existing links among
nodes whereas geographical-based protocols use the geographic position of nodes to perform
packet forwarding. Topology-based routing protocols are further classified as proactive,
reactive, and hybrid routing protocols.
2.1.1 Topology-based Routing Protocols
Topology-based routing protocols operate by identifying neighbors or existing link-state
information, and exchanging this with other nodes in the network. Topology-based routing
protocols are classified as proactive, reactive routing protocols based on the type of route
discovery mechanism. Source routing is orthogonal to both reactive and proactive
classification. It is a route discovery mechanism that can be classified either as a proactive or
a reactive mechanism. The following subsections will go through the types of topology-based
protocols with some examples for each one of them.
2.1.1.1 Proactive Routing Protocols
Proactive routing protocols maintain routes to all nodes in the network even if there is no
request for a route. They add new routes or update existing routes by periodically distributing
routing tables or exchanging link-state information with each other. One advantage of doing
so is that routes to any destination are ready for use if needed. Link Longevity Routing
Protocol: is an example for proactive routing protocol.
2.1.1.2 Reactive Routing Protocols
Reactive routing protocols discover routes only if required. Nodes using reactive routing
protocols will not update their routing tables periodically and will not maintain routes to all
nodes in the network. Reactive routing protocols initiate a route request message to discover
new routes if required. The main drawback of these protocols is the delay in discovering
routes to new destinations.
MUDOR: is an example for reactive routing protocol. It is an end to end routing protocol
that finds a whole path from source to destination that allows aircraft to establish multi hop
routes to other data providing aircraft. MUDOR is based on stability of nodes using the
Doppler shift of control messages [12].
MUDOR uses GPS geolocation information to increase link stability by calculating link
expiration time (LET). If we consider two mobile nodes and that have a transmission or line
of sight (LOS) range of r, speeds and , directions and and coordinates ( , ) and
( , ) respectively, the LET is predicted by
LET = ( ) √( ) ( )
(2.1)
= - (2.2)
b = – (2.3)
= - (2.4)
d = – (2.5)
12
MUDOR chooses the lowest LET for the whole path and determine path expiration time
(PET). Relative speed can be calculated with both ways Doppler shift and using GPS as
previous shown.
2.1.1.3 Hybrid Routing Protocols
Hybrid routing protocols, combine the advantages of proactive and reactive routing
protocols. The routing is initially established with some proactively prospected routes and
then serves the demand from additionally activated nodes through reactive flooding.
ARPAM is an example for hybrid routing protocol. Ad-hoc Routing Protocol for
Aeronautical Mobile Ad hoc Networks (ARPAM) is primarily an on demand and distance
vector protocol which utilizes proactive functions in specific circumstances. ARPAM
discovers the shortest route based on various criteria like distance between nodes and the
number of hops between them. Furthermore, ARPAM introduces an on demand route
maintenance mechanism which in combination with the error reporting mechanism included
in AODV protocol provides reduced routing overhead.
The ARPAM protocol broadcasts a route request (RREQ) message, similar to the AODV
routing protocol, through the Omni-directional link. RREQ messages contain geolocation
information such as position coordinates and velocity vectors. This information is needed in
calculating the current position of the originator node since after the originator emitted a
packet, its position may have considerably changed and a directional link may not be possible
to be established using the node‟s old geographic position. Additionally, it is needed in order
to provide the total distance that the packet has traveled, which is used as a metric during the
routing path selection.
When an intermediate node receives such a RREQ packet it forwards it (in case of the
existence of such link onboard) or discards it (in case of its absence). If a node is the
destination node and a directional antenna is present, it replies sending a RREP message using
the appropriate data-link in order to verify that the directional data path can be established.
When a RREQ message is received, each node caches a route back to the originator of the
request so that the RREP can be unicasted from the destination node along a path to that
originator using the requested link, or likewise from any intermediate node that is able to
satisfy the request.
Nodes send the HELLO messages periodically every HELLO_INTERVAL time period.
HELLO packet is used to discover neighbors of the nodes all the data are stored in neighbor
table, as a benefit of new air traffic management (ATM) applications in routing protocols
Automatic Dependent Surveillance - Broadcast (ADS-B) concept. The ADS-B application is
very useful in order to handle the process of neighbor discovery on behalf of the routing
protocol and in order to avoid the continuous data flow regarding the geographical
information that has to be exchanged. Using the information from the ADS-B and by
assuming that the neighbor nodes are within ADS-B data-link range, ARPAM completes the
table which contains information about the neighboring aircraft. This geographic information
is also necessary for the computation of coordinates, time and velocity of the neighbor
aircrafts[13].
2.1.2 Geographical Routing Protocols
Geographical routing protocols use the geographic position information of a node in
making forwarding decisions. The GPS receiver is commonly used to get geolocation and
velocity information of a node. Unlike topology-based protocols, geographical protocols do
not require establishment or maintenance of routes. All forwarding decisions are made based
on the current position of the destination and the source node's immediate neighbors. Based
13
on the forwarding strategy employed by a routing protocol, packets are either forwarded to
immediate neighbors closer to the destination, or closer to the source, or to all neighbors
within a particular region.
AeroRP is an example for geographical routing protocols and we concern about it in this
thesis as mentioned before in section 1.3 AeroRP cope the network-based challenges and has
a better performance than the rest of the ANNETs routing protocols.
2.2 AERORP
AeroRP is a geographic routing protocol designed for highly dynamic airborne networks
AeroRP makes only per-hop routing decisions. This is reasonable as the nodes in the airborne
network move at very high velocities often leading to breakage of links after an end-to-end
path is determined. AeroRP can operate in various modes based on the AN update
mechanism, the mission requirements, and the presence of ground stations. Based on the AN
update mechanism, it can operate in either beacon or beaconless mode. In beacon mode, an
AN advertises its presence by broadcasting periodic hello messages, whereas in beaconless
mode no messages are sent out. Depending on the mission requirements, AeroRP can perform
location-aware routing and location-unaware routing. In location-aware routing the GS and
the ANs add node's geolocation information to the control messages transmitted whereas in
location-unaware routing they do not reveal the node's geolocation information. AeroRP can
also operate in the presence of GSAs or without GSAs [14].
2.2.1 AeroRP Operation
As shown in figure Figure 2.2 it shows the flow chart of AeroRP operation and how it
works.
Figure 2.2 AeroRP operation flow chart
14
The operation of AeroRP can be divided into two phases. The first phase of operation is the
neighbor discovery phase. In this phase, an AN gathers as much information as it can about
the network topology in the following ways:
Active snooping: Active snooping is a mechanism in which the nodes snoop packets that
are being exchanged among other nodes, extract the location information from them, and
build or update their topology tables. To accomplish this, active-probing on the node's
network interface must be enabled. Location information thus gathered is only valid for a time
interval specified by neighbor HoldTime. On expiration of this time-interval, the stored
location information of a node is purged unless a new update with a higher expire time is
received. This helps in keeping track of only the active neighbors in this highly dynamic
environment.
Hello beacons: Hello beacons are transmitted by the AN if it is not transmitting any data.
This ensures that its neighboring ANs are aware of the node's presence. These messages are
usually broadcasted periodically over helloUpdateInterval with time-to-live (TTL) set to one
hop.
Ground station advertisements (GSAs): These are optional updates transmitted by the
ground station during some missions that have a predetermined mission plan. These updates
are broadcasted periodically and are exchanged among all the ANs in the network.
The AeroRP modes explained earlier affect the various neighbor discovery processes. In
beaconless mode the hello messages are not sent by any of the ANs. Therefore, neighbor
discovery relies on overhearing the packets in the medium. Depending on the mission needs,
if the AeroRP is operating in location-aware mode, then the ANs and the GS can use
geolocation information in the hello messages and the GSAs. ANs can only be aware of their
neighbors and the GS can only send out GSAs with topology information if AeroRP is
operating in location-unaware mode.
The second phase of AeroRP operation is data forwarding. In this phase, the sender node
determines the best next hop to forward a packet by using the neighbor table built in the
neighbor-discovery phase according to the decision metric TTI.
2.2.2 Decision Metrics
The Time-to-intercept (TTI) metric is used in determining the next hop neighbor. TTI is
calculated for every node from the neighbor table as:
TTI =
( 2.6 )
where, is the Euclidean distance between the current location and destination location
of a node based on the recorded location coordinates and velocity components which all are
stored in the position table which updated from the (GS) advertisement, R is the common
transmission range of all the nodes which is mainly 27800 m, and is the relative speed
between source and destination. We calculate the TTI values for all the neighbors the
neighbor with the lowest TTI value is chosen as the next hop neighbor and packets are
forwarded to this neighbor which we call best neighbor [15].
TTI is heuristic metric that gives source node an idea of how soon potential neighbors will
be at the transmission range of the destination. The relative speed component is very
important part if it is high and positive this means neighbor is moving toward destination and
if it is high and negative this means neighbor is moving away from destination.
If we have a neighbor ni that has coordinates of xi , yi and velocity vxi , vyi the velocity
vector for the node is
Vi = √ ( 2.7 )
15
Ө = ( )
( 2.8 )
The destination coordinates is yd , xd
Ө̅ = ( )
( 2.9 )
So the relative speed is
Sd = Vi (Ө Ө̅ ) ( 2.10 )
Figure 2.3 Potential neighbor moving towards destination
As shown in figure Figure 2.3 a source trying to send a data packet to destination the
source calculate TTI and get the lowest TTI to destination as follows.
vxi = -14.15 m/s, vyi = -14.15 m/s, , , , .
vi = √ = 20 m/s.
Ө = ( )
= - 135
Ө̅= ( )
= -111.8
Sd = 20 ( ̅̅ ̅̅ ̅̅ ̅ ) = 18.4 m/s.
The relative distance is
∆d = √( ) ( ) ( ) = 1077
TTI =
= -1452.3
TTI = {
( 2.11 )
TTI can possibly have values +ve, –ve or 0 values depending on the direction of the
moving node and the velocity value. TTI = 0 is a special case that the sender never choose
this node as a next hop because this node is out of transmission range and it is moving away
from the destination. Negative TTI is allowed because this means the transmitted node is in
16
transmission range of the destination and moving toward it. If TTI is positive this means that
the destination is out of the transmission range of the transmitter and the source moving
toward the destination.
For the case when the node receives a data packet for which the node itself has the best TTI
but isn‟t within transmission range of the destination, the packet can be queued in a
configurable sized for a configurable amount of time. The queue is frequently checked at a
configurable frequency to see if there is a best neighbor with lower TTI than the node that has
the packet.
There are 3 different modes for keeping the data packet in queue depending on the time the
data kept and the size [10].
Ferry mode: Queue the packet indefinitely until a node with a lower TTI is found.
Buffer mode: queue the packet in a finite sized queue with a finite time out until a node
with a lower TTI is found.
Drop mode: drop the packet.
Each AN node sends hello packet periodically each 1 second that contains geolocation
information and velocity component for the AN, the surrounding ANs within the transmission
range of the sender receive this hello packet and update its neighbor table. GS sends GS
packet periodically each 5 seconds that contain geolocation information of all the ANs, each
AN node receives this packet it updates its position table with the new coordinates of the
whole ANs in the network.
When an AN node receives a data packet, it uses its neighbor table to look for the
destination if it is on its neighbor table if it is on it just forward the packet to the destination, if
not it begins to calculate lower TTI node from its neighbor table and its position table it
extracts the position of the destination from the updated position table and calculate the TTI
for each AN in the neighbor table and choose the lowest TTI and forward the packet to it until
it arrives to destination. If the AN node itself has the best TTI it queue the packet in one of the
previous modes.
2.3 X.509-BASED AUTHENTICATION AND KEY
TRANSPORT
The X.509 standard has a strong two-way authentication protocol that is used to
authenticate entities and transport keys (normally shared session keys). As shown in figure
Figure 2.4 it explains the process of authentication and key transport. In this protocol, an
entity A (for example AN) sends its certificate, CertA, time stamp, Ta, a random number, Ra,
the identity of the second entity, B, (the GS in our protocol) and signs Ta, Ra, and B with its
private key before sending them to B, The second entity, B, checks the freshness of the time
stamp and checks that both the signed data and certificate of A are valid.
Figure 2.4 X.509-based protocols for authentication and key transport
17
If the packet is valid, B sends a reply to the request with an encrypted shared key Ea(K).
The first entity checks for the freshness of the time stamp, for the correctness of the random
number Ra that it sent to B, and for the validity of the signed data and certificate of B. If all
checks pass, A extracts the transferred shared key and uses it for the second phase to
authenticate and encrypt the packets [16].
The previous process also called challenge response process AN challenges GS with a
packet that contains its certificate to provide authentication for AN, time stamp and random
number to provide freshness for the challenge packet to prove that this packet has not used
before. The identity of the receiver is also sent to provide that this message is sent to the
receiver specifically. The sender signs all the data (time stamp, random number and identity)
with its private key. The response packet is also the same like the challenge packet but
provided by the shared key which will be used later to communicate between the network
members.
2.4 AUTHENTICATED ENCRYPTION USING AES-GCM
The main purpose of this type of encryption is to provide security services authentication,
confidentiality and integrity. It is a block cipher mode of operation that uses universal hashing
over a binary Galois field to provide authenticated encryption. It can be implemented in
hardware to achieve high speeds with low cost and low latency. Software implementations
can achieve excellent performance by using table-driven field operations. It uses mechanisms
that are supported by a well-understood theoretical foundation, and its security follows from a
single reasonable assumption about the security of the block cipher. GCM is a mode of
operation that can efficiently provide authenticated encryption at speeds of 10 gigabits per
second and above in hardware, perform well in software, and is free of intellectual property
restrictions. The mode must admit pipelined and parallelized implementations and have
minimal computational latency in order to be useful at high data rates. Counter mode has
emerged as the best method for high-speed encryption, because it meets those requirements,
while no other proposed mode meets the same criteria. CBC-MAC and the modes that use it
to provide authentication, such as CCM, EAX, and OMAC , cannot be pipelined or
parallelized, and thus are unsuitable for high data rates. OCB is covered by multiple
intellectual property claims. CWC does not share those problems, but is less appropriate for
high speed implementations. In particular, CWC‟s message authentication component uses
127-bit integer multiplication operations whose implementation costs exceed those of even
AES counter mode at high speeds, and it has a circuit depth that is twice that of GCM. In
contrast, the binary field multiplication used to provide authentication in GCM is easily
implemented at a fraction of the cost of counter mode at high speeds. GCM is capable of
acting as a stand-alone MAC, authenticating messages when there is no data to encrypt, with
no modifications. If an authentication tag is computed for a message, then part of the message
is changed, an authentication tag can be computed for the new message with computational
cost proportional to the number of bits that were changed. This feature is unique among all of
the proposed modes. it accepts initialization vectors of arbitrary length, which makes it easier
for applications to meet the requirement that all IVs be distinct. In many situations in which
authenticated encryption are needed, there is a data element that could be used as a nonce, or
as a part of a nonce, except that the length of the element(s) may exceed the block size of the
cipher. In GCM, a nonce of any size can be used as the IV.
2.5 GCM USAGE
GCM is used to encrypt the data filed and authenticate the whole packet by using the
header and a sequence number.
18
Figure 2.5 Authenticated Encryption process using AES-GCM
Figure 2.6 Authenticated Decryption using AES-GCM
The header is authenticated by including it in the AAD. The sequence number is included
in the IV. The authentication tag is carried along with the encrypted data in an Integrity Check
Value (ICV) field. Note that there is no need to pad the plaintext, since any length can be
provided as an input. In the authentication decryption operation, these fields provide the
inputs. The plaintext is the output, unless the authentication check failed. In that case, the
decrypt operation would return FAIL rather than the plaintext, and the decapsulation would
halt and the plaintext would be discarded rather than forwarded or further processed. After the
operation, the header and sequence number can be checked, and their values can be trusted.
By including the sequence number in the IV, we can satisfy the requirement that IV values be
unique. If that number is less than 96 bits long, it can be concatenated with another value in
order to form the IV. This other value could be constant, such as a string of zeros, or it could
be a random string, which adds to the security of the system because it makes the inputs less
predictable than they would be otherwise. The data needed to form the IV has to be known to
both the encrypt side and the decrypt side, but it need not all be included in the packet[17].
19
2.6 AES-GCM MODEL ARCHITECTURE
GCM has two operations, authenticated encryption and authenticated decryption. The
authenticated encryption operation has four inputs, each of which is a bit string, Secret key K,
whose length is appropriate for the underlying block cipher. An initialization vector IV, that
can have any number of bits between1and 264
. For a fixed value of the key, each IV value
must be distinct, but need not have equal lengths. 96-bit IV values can be processed more
efficiently, so that length is recommended for situations in which efficiency is critical.
Plaintext P, which can have any number of bits between 0 and 239
− 256
. Additional
authenticated data (AAD), which is denoted as A. This data is authenticated, but not
encrypted and can have any number of bits between 0 and 264
. There are 2 outputs of the
authentication encryption process Cipher text C whose length is exactly that of the plaintext P.
An authentication tag T, whose length can be any value between 0 and 128. The length of the
tag is denoted as t.
The authenticated decryption operation has five inputs: K, IV, C, A, and T. It has only a
single output, either the plaintext value P or a special symbol FAIL that indicates that the
inputs are not authentic. A cipher text C, initialization vector IV, additional authenticated data
A and tag T are authentic for key K when they are generated by the encrypt operation with
inputs K, IV, A and P, for some plaintext P. The authenticated decrypt operation will, with
high probability, return FAIL whenever its inputs were not created by the encrypt operation
with the identical key. The additional authenticated data A is used to protect information that
needs to be authenticated, but which must be left unencrypted. When using GCM to secure a
network protocol, this input could include addresses, ports, sequence numbers, protocol
version numbers, and other fields that indicate how the plaintext should be handled,
forwarded, or processed. In many situations, it is desirable to authenticate these fields, though
they must be left in the clear to allow the network or system to function properly. When this
data is included in the AAD, authentication is provided without copying the data into the
cipher text. The primary purpose of the IV is to be a nonce, that is, to be distinct for each
invocation of the encryption operation for a fixed key. It is acceptable for the IV to be
generated randomly, as long as the distinctness of the IV values is highly likely. The IV is
authenticated, and it is not necessary to include it in the AAD field. Both confidentiality and
message authentication is provided on the plaintext. The strength of the authentication of P,
IV and A is determined by the length t of the authentication tag. When the length of P is zero,
GCM acts as a MAC on the input A. The mode of operation that uses GCM as a stand-alone
message authentication code is denoted as GMAC.
2.7 ALGORITHM DESCRIPTION
The two main functions used in GCM are block cipher encryption and multiplication over
the field GF (2128
). The block cipher encryption of the value X with the key K is denoted as E
(K, X). The multiplication of two elements X, Y GF (2128
) is denoted as X · Y and the
addition of X and Y is denoted as X Y. Addition in this field is equivalent to the bitwise
exclusive or operation, and the multiplication operation is defined later[18].
2.7.1 Encryption Process
As shown in figure Figure 2.7 it shows the process of authentication encryption during
encryption process
20
Figure 2.7 AES-GCM Authentication Encryption process architecture
Suppose that n and u denote the unique pair of positive integers such that the total number
of bits in the plaintext is (n − 1)128 + u, where 1 ≤ u ≤ 128. The plaintext consists of a
sequence of n bit strings, in which the bit length of the last bit string is u, and the bit length of
the other bit strings is 128. The sequence is denoted P1, P2, ..., Pn-1, , and the bit strings are
called data blocks, n although the last bit string, , may not be a complete block. Similarly,
the cipher text is denoted n as C1, C2, ..., Cn-1, , where the number of bits in the final block
C is u. The additional authenticated data A is denoted as A1, A2, ..., Am-1, where the last
bit string may be a partial block of length v, m and v denote the unique pair of positive
integers such that the total number of bits in A is (m − 1)128 + v and 1 ≤ v ≤ 128. The
authenticated encryption operation is defined by the following equations
H = E (K, 0128
) (2.12)
{ ( ) ( *+ )
(2.13)
Yi = incr (Yi-1) for i =1,...,n (2.14)
Ci = Pi E (K, Yi) for i =1,...,n – 1 (2.15)
=
MSBu (E (K, Yn)) (2.16)
T = MSBt (GHASH (H,A,C) E (K, Y0)) (2.17) Successive counter values are generated using the function incr (), which treats the
rightmost 32 bits of its argument as a nonnegative integer with the least significant bit on the
right, and increments this value modulo 232
. More formally, the value of incr (F I) is F (I +
1 mod 232
). The function GHASH is defined by
21
GHASH (H, A,C)= Xm+n+1 (2.18)
{
( )
( ))
( )
( ))
( ( ( ) ( )))
(2.19)
2.7.2 Decryption Process
The authenticated decryption operation is similar to the encrypt operation, but with the
order of the hash step and encrypt step reversed. As shown in figure Figure 2.8.
Figure 2.8 AES-GCM Authentication Decryption process
The authentication decryption process can be defined by the following equations:
H = E (K, 0128
) (2.20)
{ ( ) ( *+ )
(2.21)
Yi = incr (Yi-1) for i =1,...,n (2.22)
Pi = Ci E (K, Yi) for i =1,...,n – 1 (2.23)
=
MSBu (E (K, Yn)) (2.24)
T' = MSBt (GHASH (H,A,C) E (K, Y0)) (2.25)
22
The tag T' that is computed by the decryption operation is compared to the tag T which is
associated with the cipher text C. If we have two tags match (in both length and value) with
each other, then the cipher text is returned. Otherwise, the special symbol FAIL is returned.
2.8 ADS-B PROTOCOL OVERVIEW
Traditionally, aircraft localization has been relying on radar systems which had been
developed for military applications, namely identification, friend or foe (IFF) systems. There
are two different concepts in conventional radars: primary surveillance radars and secondary
surveillance radars [19][20][21][22]. PSRs are independent; they work without cooperation
from the aircraft by transmitting high-frequency signals, which the target object reflects. The
echo identifies range, angular direction, velocity, size and shape of the object. SSR, on the
other hand, uses interrogations from ground stations which are responded to by transponders
in aircraft. The reply includes information such as the precise aircraft altitude, identification
codes or information about technical issues. In contrast to PSR, this approach is also much
more accurate in terms of localization and identification. As all surveillance data such as
position and status are derived directly by the aircraft, SSR is dependent. Furthermore,
cooperation by the aircraft is a requirement. Before ADS-B, all SSR systems in ATC have
been interrogation-based. So called modes are being used to query the identification and
altitude of an aircraft. There are three modes (A, C and S) currently in use in civil aviation.
Most of aircraft uses ADS-B to advertise its position, velocity, ID and urgency code through
ADS-B out subsystem with packet size 112 bits as shown in figure Figure 2.9.
Figure 2.9 ADS-B / 1090 ES data link
23
Figure 2.10 Overview of the ADS-B system architecture. Aircraft receives positional
data that is transmitted via the ADS-B Out subsystem over the 1090ES or the UAT data
link. It is then received and processed by ground stations and by other aircraft via the
ADS-B In subsystem.
As shown in figure Figure 2.9 1090ES transmission, it starts off with a preamble of two
synchronization pulses. The data block is then transmitted by utilizing pulse position
modulation (PPM).With every time slot being 1μs long, a bit is indicated by either sending a
0.5μs pulse in the first half of the slot (1-bit) or in the second half (0-bit). The downlink
format field DF (alternatively UF for uplink messages) assigns the type of the message.
1090ES uses a multipurpose format. When set to 17, it indicates that the message is an
extended squatter, enabling the transmission of 56 arbitrary bits in the ME field. The CA field
indicates information about the capabilities of the employed transponder, while the 24 bit AA
field carries the unique ICAO aircraft address which enables aircraft identification. Finally,
the PI-field provides a 24 bit CRC to detect and correct possible transmission errors. It is
possible for recipients to correct up to 5 bit errors in 1090ES messages using a fixed generator
polynomial of degree 24 [23].
2.9 DPP (DUAL PATH PKI)
It is a system for securing data communication for the aircraft during all of its flight stages.
DPP system provides DPP defines two authentication protocols, one between aircraft and
another between aircraft and ATC, to achieve source authentication. Digital signature
technology is utilized to achieve message content and source integrity as well as enable
bootstrapping DPP into current ATC systems. DPP employs cutting-edge elliptic curve
24
cryptography (ECC) algorithms to increase performance and reduce overhead [24]. DPP
system secures the AANETs through some stages.
During the aircraft manufacturing it is given a number of specific attributes that it will keep
throughout its lifetime. The manufacturer assigns a model and series to the aircraft based on
when it was made. Also, a unique Mode-S transponder code is assigned to the aircraft so that
any tower that can identify the aircraft. Further, the operator to which the aircraft is sold
assigns a unique N-Number. The FAA will grant the operator the right to operate the aircraft
and also assigns the aircraft a certificate.
In preparation for each flight aircraft file a flight plan with the FAA. These flight plans are
filled out and disseminated to all ATC centers which might require the information. When the
ATC center receives the departing aircraft‟s flight plan it referencing the route information to
determine the certificates the aircraft needs. The center uses the FTI to query the ATC center
certificate database by their designators. The center also checks the FAA‟s master CRL to
assure none of the center‟s certificates have been revoked.
During departure procedure for the flight it begins broadcasting data identification,
location, and signature blocks. The nearby ATC center begins receiving the messages and
make mutual authentication process for the flight and it gets its session certificate which is
valid during the presence of the aircraft at the control area of the ATC center.
During flight and due to the transmission range for the ATC center the aircraft may out of
range and in transmission range of the next ATC center. Secure handoff procedure occurs.
Through FTI, all centers have access to aircraft and other ATC centers‟ certificates and all
centers are securely interconnected. This allows for the safe passage of information between
centers. Before an aircraft leaves the terminal it files a flight plan which includes all ATC
centers that it will fly through. Each center is then notified of the aircraft‟s intention to enter
the center‟s airspace at some point in the future. This allows the center to be prepared for the
aircraft‟s arrival by accessing the FAA‟s certificate database ahead of time to pull required
certificates. Assuming that the aircraft is authenticated by the initial center it has a session
certificate signed by that center. Once an aircraft is about to cross the ATC center boundary
the initial center notifies the new center of the aircraft‟s entry through FTI. All the aircraft is
required to do is send its current session certificate to the new center. The new center can
access the initial center‟s certificate to get its public key and decrypt the aircraft‟s session
certificate. If the expiration date has not passed then the center knows the aircraft is verified
by the initial center. The new center now sends a new certificate to the aircraft with a new
expiration date. Once the aircraft receives the new certificate from the new ATC center it can
use that certificated to mutually authenticate other aircraft in the area.
During arrival of the aircraft it is the same procedure due to the departure as explained
before.
2.10 ADS-B/GPSR
GPSR is a well known geographic routing protocol. It uses two routing schemes: a greedy
mode and a perimeter mode. In greedy mode, GPSR forwards a packet to the closest node in
the neighbor table to the destination. If the forwarding node is itself the closest node to the
destination, GPSR switches to the perimeter mode. When the forwarding node finds a
neighbor that can greedily forward packets, it ends the perimeter mode and starts the greedy
mode again. The information on one-hop neighbors is obtained by a beaconing scheme, while
the position of the destination is obtained by a location service [25]. However, GPSR uses a
beaconing scheme for the neighbor table and location service, which increases the control
packet overhead and collision probability. The ADS-B and GPSR hybrid system totally
eliminate the GPSR beaconing overhead. Indeed, instead of sending control packets to build
25
its neighbor table, GPSR uses the state vector that is included in ADS-B messages. Such a
table is updated every second for freshness matters as shown in figure Figure 2.11.
Figure 2.11 System integration of ADS-B and GPSR protocols
Securing ADS-B/GPSR is done through two phases the first phase is securing the ADS-B
to fill a trusted neighbor table as shown in figure Figure 2.12.
Figure 2.12 ADS-B Data Integrity Mechanism
First it uses two successive hash functions a 256 bits SHA-2 (Secure Hash-2) hash
followed by a 128 bits MD5 (Message Digest 5) hash. For the signature mechanism, then use
ECDSA (Elliptic curve digital signature algorithm) which provides a good trade-off between
robustness and security overloading. As a matter of example, given a 112 bits private key
length, ECDSA provides a 224 bits signature whereas RSA (Rivest, Shamir, Adelmann)
provides a 2048 bits signature. However, the hash digest length is larger than the 112 bits
26
ECDSA input block size, meaning we need to truncate the hash before the signature. At this
point, one may expect a truncation after the first hash function (without adding a second
hash), but as the truncation increases, the collision probability on the hash also increases.
Thus, we managed to truncate on 16 bits from the 128 bits MD5 digest instead of 144 bits
from the 256 bits SHA-2 digest. Then, we divided the signature into two separate messages
(S1 and S2), computed a timestamp for each (respectively T1 and T2), then send them into
two successive ADS-B messages. When both packets are received, the destination rebuilds
the whole signature using the timestamps and the GPS clock, recomputed in its own the
signature resulting from the payload he received, then compares both signature if they match,
the ADS-B message is authenticated and assumed secure [1].
So the neighbor table now is secured and trusted according to previous step then the GPSR
packet should be encrypted with a suitable encryption type.
2.11 SPAAR SECURE POSITION-AIDED AD-HOC ROUTING
In SPAAR, with the aid of position information, a node may verify its one-hop neighbors
before including them in the routing protocol. SPAAR requires that each device can
determine its own location. GPS receivers are relatively inexpensive and lightweight, so it is
reasonable to assume that all devices in our network are equipped with one. In cases in which
a node is unable to determine its location, the source node must also know the approximate
geographic location of the destination. This may be calculated from the most recent location
and most recent velocity information stored in the source node‟s destination table. If this is
the source node‟s first attempt at communication with a particular destination, the source may
not have the destinations position. In this situation, a location service may be used. If no
location service is available, a selective flooding algorithm may be used to reach the
destination and receive its position information [26].
To participate in SPAAR, each node requires a public/private key pair, a certificate binding
its identity to its public key (signed by a trusted certificate server), and the public key of the
trusted certificate server. All nodes are deployed with the private part of a public/private key
pair. Prior to deployment, each node will request a certificate from a trusted certificate server
T. The certificate binds a nodes identity with its public key and is signed by T. The certificate
is time stamped and has an expiration time. Each node will possess T‟s public key so it can
decrypt certificates of other nodes. This allows a node N1 to inform another node N2 of its
public key, assuming node N2 was deployed correctly with T‟s public key to decrypt
certificates.
Each node maintains a neighbor table that contains the identity and position information of
each verified neighbor, along with the cryptographic keys required for secure communication
with each neighbor. A node will only accept routing messages from a node in its neighbor
table. Specifically, each node maintains two keys for each neighbor. The first is the public key
of the neighbor that is acquired from its certificate. The second is the neighbor's group
decryption key that is used to decrypt RREQs, table update messages, and other routing
messages encrypted with a group encryption key. The position information is in the form of
the neighbor's most recent location, represented as latitude; longitude coordinates, along with
the neighbor's transmission range. Finally, each entry contains the neighbor's Table Update
Sequence Number for use in the table update process.
A node only accepts routing messages from a node in its neighbor table. Each node
broadcasts hello message with its certificate, and neighbors use the certificate to verify and
obtain the sender‟s public key and store the neighbor node and its public key in the table.
SPAAR is the same like AODV to find the route to destination using route request RREQ,
route reply RREP and route error messages.
27
CHAPTER 3
3 DESIGN OF AERORP AND ATTACK MODEL
In this chapter we discuss the implementation of the routing protocol on network simulator
NS3 and the implementation of the attack model also on NS3 and its effect on the
performance of the routing protocol. As shown in figure Figure 3.1 we implemented this
system architecture. The system consist of an application that sends packets with a constant
bit rate, user data gram protocol, routing protocol AeroRP, data link layer time division
multiple access (TDMA) and a simple wireless channel as a physical media.
Figure 3.1 System architecture for AANET
3.1 AERORP IMPLEMENTATION WITH GS ON NS3
This section describes our implementation of AeroRP on NS3 with the aid of GS
advertisement as a neighbor discovery. AeroRP module depends on GS module that we build
in order to provide position and velocity which we can call location services for each ANs in
our AANET. AeroRP module itself consist of some storing tables that have geolocation
information, each AN has neighbor table that store geolocation information that it receives
from another AN neighbors and within its transmission range and position table that used to
store geolocation information that AN receives from the GS. Each AN is provided with a
queue to queue packets that destination is unreachable from the source. As shown in figure
Figure 3.2 it shows the class diagram for AeroRP.
We implemented the AeroRP routing protocol ns3::AeroRP::RoutingProtocol in NS3 by
extending from the abstract base class ns3::Ipv4RoutingProtocol. The ns3:: AeroRP::
AeroRPHeader is extended from ns3::Header. We have different types of header such as
Hello that is sent by each AN node every 1 second to advertise its geolocation information to
its neighbors and GS advertisement that broadcasted from GS every 5 seconds that has
geolocation information for all the ANs in the AANET and GS topology that have
information of the network topology. We have also declared another classes
ns3::AeroRP::NeighborTable and ns3:: AeroRP::PositionTable to store the updates of AN
geolocation information and ns3::AeroRP::RoutingTable to store all these entries in a table.
Similarly we have declared the ns3:: AeroRP::QueueEntry class to store a packet if
destination is unreachable and ns3::AeroRP::RequestQueue to store all the queued entries.
The main class that glues all these together is the ns3::AeroRP::RoutingProtocol class.
28
Figure 3.2 AeroRP Class Diagram
3.2 AERORP HEADER FORMAT
In this section we will look at the AeroRP message header formats. AeroRP uses
TypeHeader, HelloHeader, GSGeoLocationHeader, and GSTopologyHeader. The latter two
are exclusively used by the GS to send our GS advertisement. Due to different types of
AeroRP headers so we made header type in order to discriminate between each one of them as
shown in figure Figure 3.3. A summary of the contents of TypeHeader follows
Figure 3.3 Packet format for TypeHeader
AeroRP type: 8 bits
The AeroRP type field indicates the type of AeroRP message attached below. The
type can be HelloHeader, GSGeoLocationHeader, and GSTopologyHeader.
Header length: 8 bits
This field specifies the total AeroRP message header length attached to the packet.
AeroRP type message: variable bits
This field is a placeholder for the other AeroRP messages to be attached as
specified in the AeroRP type field.
29
3.3 HELLO HEADER
This type header has geolocation information and velocity for the ANs that are moving and
broadcasted to neighbors, each AN broadcast hello message every 1 second. The geolocation
information is got from GPS that is provided to each AN. As shown in figure Figure 3.4.
Figure 3.4 Hello Type Header Packet
Coordinate X : 32 bit
This field indicates the position x for the AN node that it got from the GPS system
attached in the AN.
Coordinate Y: 32 bit
This field indicates the position y for the AN node that it got from the GPS system
attached in the AN.
Coordinate Z: 32 bit
This field indicates the position Z for the AN node that it got from the GPS system
attached in the AN.
Velocity X: 32 bit
This field indicates the value of the AN velocity in x axis
Velocity Y: 32 bit
This field indicates the value of the AN velocity in y axis
Velocity Z: 32 bit
This field indicates the value of the AN velocity in z axis
Velocity sign: 8 bit
This field indicates the direction of the AN.
3.4 GS GEOLOCATION HEADER
This type header has geolocation information and velocity for all the ANs in the AANET.
The GS broadcast this type header every 5 seconds for all the ANs. We suppose that the GS
detect all the ANs in the AANET. As shown in figure Figure 3.5 it shows the fields of the GS
message.
Figure 3.5 GSGeolocation Type Header Packet
30
Coordinate X : 32 bit
This field indicates the position x for the AN node that it got from the GPS system
attached in the AN.
Coordinate Y: 32 bit
This field indicates the position y for the AN node that it got from the GPS system
attached in the AN.
Coordinate Z: 32 bit
This field indicates the position Z for the AN node that it got from the GPS system
attached in the AN.
Velocity X: 32 bit
This field indicates the value of the AN velocity in x axis
Velocity Y: 32 bit
This field indicates the value of the AN velocity in y axis
Velocity Z: 32 bit
This field indicates the value of the AN velocity in z axis
Velocity sign: 8 bit
This field indicates the direction of the AN.
Start Time: 64 bit
This field indicates the start time of this information
End Time: 64 bit
This field indicates the end time valid for this information
Node Add: 32 bit
This field indicated the address of the AN which the packet has its information
3.5 GSTOPOLOGY HEADER
This type header has a topology for the whole AANET which is advertised by the GS. The
GS calculate the distance between ANs each one of them and the others and send this
information with start and expire times for that link, and the link cost. The start and expire
times are calculated based on node's geolocation and velocity information. A link is said to be
established between two nodes if the Euclidean distance between the two is less than their
transmission range. The assumption here is that all nodes have the same transmission range.
Based on the nodes geolocation coordinates the Euclidean distance is calculated.
The link expire time is also predicted based on the node's geolocation and velocity
components. Expire time for an active link is increased until the Euclidean distance between
the new predicted locations of the two nodes is greater than their transmission ranges. GS
calculates this information for all the possible links that can be established among all the
nodes in the network. If there are n nodes in a network, considering the best case scenario
where every node is connected to every other node, the total number of possible links are n ×
(n - 1) / 2.
Figure 3.6 GSTopology Type Header Packet
31
Link Cost: 32 bit
This field indicates Link cost is used by the AN to identify a shortest path to a
destination. The GS can take many factors in determining this link cost. The lower
the link cost, the better it is to send traffic over it. The first factor to determine the
link cost is the duration for which a link will be active. The second factor is if the
links where one of the node has more resources or has more paths to a destination.
Start Time: 64 bit
This field indicates the start time specifies the time at which this link is formed.
End Time: 64 bit
This field indicates the end time specifies the time at which this link is predicted to
go down.
Node Add1: 32 bit
This field indicated the address of the AN which the packet has its information
Node Add2: 32 bit
This field indicated the address of the AN which the packet has its information
3.6 AERORP OPERATION
As we have mentioned before in section 2.2.1 AeroRP has 2 phases‟ neighbor discovery
and data forwarding. Each AN node is advertising its own hello packet every 1 second this
packet including the geolocation and velocity information of its own. Any AN with the
transmission range of the AN that sent the hello packet which is 27800 km receives this
packet and extract the information and store it on its neighbor table. The neighbor table is a
table that has the following fields AN address, X coordinate, Y coordinate, Z coordinate, X
Velocity, Y Velocity, Z Velocity, Velocity Sign.
The GS broadcast a GSGeoLocation packet every 5 seconds that contain the geolocation
information and velocity for all the ANs in the AANET. All the ANs that receive the
GSGeoLocation packets store this information in its position table. The position table is a
table that has the following fields AN address, X coordinate, Y coordinate, Z coordinate, X
Velocity, Y Velocity, Z Velocity, Velocity Sign, Start Time, End Time.
According to previous steps each AN has information about its neighbors within its
transmission range updated every 1 second stored on its neighbor table and information about
the position of all the ANs updated every 5 seconds stored on its position table.
When AN receives any of the previous control packets (GSGeoLocation, Hello) AN
discriminate if it is Hello packet it update its neighbor table, if it is GSGeoLocation packet it
update its position table.
When AN receives a data packet, it looks at its neighbor table if the destination is neighbor
it just forward the packet to the destination, if not it begins to calculate TTI and determine the
best TTI for all the neighbors that exist on its neighbor table. If it finds a lowest TTI it
forwards the packet to the best neighbor that has lowest TTI. If it couldn‟t find a lowest TTI it
consider itself the best neighbor and put it in a queue for certain time and begin to search for
best neighbor to forward the packet to it.
As shown in figure Figure 3.7 a source AN S tries to send a data packet to destination D
which is not a neighbor and out of its transmission range(black circle), first S look at its
neighbor table it will find nodes 1, 2, 3 as neighbors but not the destination so it begins to
calculate the lowest TTI neighbor AN no 3 is the worst case because it has the worst TTI
because it is moving away from the destination even it is the closest to the destination, AN no
2 is far than AN no 1 so the best neighbor with lowest TTI is AN no 1.
32
Figure 3.7 AeroRP Operation
When AN no 1 receive the data packet it looks at its neighbor table which has AN S, 3, D it
finds out D is neighbor so it directly forward the packet to it. Suppose it couldn‟t find any of
the neighbors as best neighbor and the destination is not its neighbor so it keeps it in a queue
until it finds a best neighbor with lower TTI, AN node always if it has a data packet in its
queue it checks for best neighbors after cretin amount of time.
3.7 ATTACK MODEL
Geographical routing protocols depend on geo-location information. In AeroRP, geo-
location information is sent by ANs and the GS, because AeroRP needs the neighbor
discovery phase to choose the best neighbor. This makes the routing protocol vulnerable to
active attacks from malicious nodes that send false geo-location information which deceives
the source and make it choose a bad heuristic metrics and choose a neighbor which is not a
best neighbor. AeroRP is also vulnerable to passive attacks from malicious nodes that listen to
the GS advertisements disclosing AN locations.
Black hole attack is a type of active attacks in which a malicious node acts like a Black
hole, dropping all data packets passing through it as like matter and energy disappears from
our universe in a black hole. If the attacking node is a connecting node of two connecting
components of that network, then it effectively separates the network into two disconnected
components [27].
We have implemented 2 types of active attacks on the routing protocol AeroRP and try
each one of them alone then we implement both of them and measure the performance of the
routing protocol AeroRP in each case and its effect on the AANET. In active black-hole AN
attacks, malicious nodes in the network deceive other ANs by sending false geo-location
information that gets stored in the neighbor table of the attacked node. When the attacked
33
node is in the forwarding phase, the malicious node becomes the best neighbor of the node, so
the data packets are forwarded to it; the malicious node then simply drops the packet. The
active GS attack depends on advertising false geo-location information about one or more
destinations. This makes the ANs compute wrong decision metric (TTI) values and forward
the data to nodes other than the best neighbors even without malicious ANs being in the
network.
The following figure Figure 3.8 shows an example for a malicious AN that distribute false
geolocation through bad Hello header.
Figure 3.8 Black hole attack
AN no 2 is a malicious node that broadcast bad Hello that has bad geolocation information
that deceive the source S it is the nearest to destination D than any one. So the source S store
this false geolocation information in its neighbor table and when it tries to send data packets
to destination D it begins to calculate best TTI as mentioned before it should be AN no 1 but
due to the black hole attack S will find that AN no 2 is the nearest to destination so it forward
the packet to it and simply AN no 2 drop the packet. This type of attack will cause a lot of
losses to the data packets as mentioned later.
The same problem happens if a malicious node begins to broadcast false GSGeolocation
that contains bad geolocation information about the destination which is away from the real
destination geolocation which ANs store in its position table. So the source S begins to
calculate TTI with wrong destination for the destination so it will forward the data to wrong
AN and the data sent away from real destination. As shown in figure Figure 3.9 false
destination is the other side from the real destination so the source S will forward the packet
to AN no 3 which is moving toward the fake destination.
34
Figure 3.9 GS Attack
We show the effect of AeroRP performance under attack in section 5.3 and the results
35
CHAPTER 4
4 DESIGN OF PROPOSED SECURE ROUTING
PROTOCOL (SAERORP)
We propose a secure routing protocol, SAeroRP which operates in two phases. The first
phase is authentication and key transport, in which the ANs are authenticated and they receive
the shared key from the GS using X.509-based authentication. Due to the short transmission
range of the ANs which is 27800, they cannot initiate communication directly with the GS.
Note that ANs send authentication requests in the first phase of SAeroRP. A second
transceiver is required to provide the AN with a long range (of 150 Km) and also a wider
bandwidth for communication [28].
4.1 SAERORP DESIGN
This section describes our implementation of SAeroRP on NS3 with the aid of GS which
we use as a trusted third party. SAeroRP depends on securing AANET that uses AeroRP as a
routing protocol. As mentioned before in section 2.3 how we can use X.509 protocol we use it
as authentication and key transport. In SAeroRP first initialize each AN and GS in the
AANET initialize themselves by creating their own RSA key pairs (public key and private
key) and begin to get their certificate that is provided from a certificate authority by sending a
signed certificate request which has its own public key through a secured channel to the
certificate authority, which replies with a signed certificate with a valid serial number and
valid time for each one of them.
We divided SAeroRP into two phases the first phase is authentication and key transport,
the AN sends an authentication request packet to the GS and the GS replies with an
authentication reply packet that is including the shared key which will be used in the second
phase. The second phase is authenticated encryption as described in section 2.4 each data and
control packets that is mentioned before in AeroRP headers 3.2 will be authenticated
encryption as mentioned in section 0 by adding an authentication tag that grantee the packet
arrives to destination without any type of attacks applied to the network.
4.2 SAERORP IMPLEMENTATION WITH GS ON NS3
This section describes our implementation of SAeroRP on NS3 with the aid of GS
advertisement as a neighbor discovery. SAeroRP module is an extension for AeroRP module
that we built as mentioned in section 3.1 in order to provide both identification and security
for the network. It also depends on GS module that we build in order to provide position and
velocity which we can call location services for each ANs in our AANET. SAeroRP module
itself has the same storing tables that have geolocation information, each AN has neighbor
table that store trusted geolocation information that it receives from another AN neighbors
after checking the authenticity of the Hello message if valid it stores the information in the
table if not it neglects it. The same for position table that used to store geolocation
information for the whole ANs which AN receives from the GS after checking authenticity.
Each AN is provided with a queue to queue packets that destination is unreachable from the
source. As shown in figure Figure 4.1 it shows the class diagram for SAeroRP.
Also SAeroRP module has certificate authority to provide valid certificates for a certain
time which also contain allot of information about ANs or GS such as serial number, validity
time, the issuer name and so on. It also has GCM converter in order to provide some
operations encryption, decryption and message authenticity.
36
We implemented the SAeroRP routing protocol ns3::SAeroRP::RoutingProtocol in NS3 by
extending from the abstract base class ns3::Ipv4RoutingProtocol. The ns3::SAeroRP::
SAeroRPHeader is extended from ns3::Header. We have different types of header such as
SHello that is sent by each AN node every 1 second to advertise its geolocation information to
its neighbors with authentication tag and SGS advertisement that broadcasted from GS every
5 seconds that has geolocation information for all the ANs in the AANET also concatenated
with authentication tag and SGS topology that have information of the network topology. We
have also declared another classes ns3::SAeroRP::NeighborTable and ns3::
SAeroRP::PositionTable to store the updates of AN geolocation information after checking
message authenticity and ns3::SAeroRP::RoutingTable to store all these entries in a table.
Similarly we have declared the ns3::SAeroRP::QueueEntry class to store a packet if
destination is unreachable and ns3::SAeroRP::RequestQueue to store all the queued entries.
The main class that glues all these together is the ns3::SAeroRP::RoutingProtocol class.
Figure 4.1 SAeroRP Class Diagram
4.3 AUTHENTICATIONREQUEST HEADER
This type header is responsible for authentication request, each AN at the beginning of a
mission sends an authentication request to the ground station to get the shared key which will
be used in authentication encryption process. As shown in figure Figure 4.2.
Figure 4.2 Authentication request packet
37
Certificate A: 727 bit
This field indicates that the AN sends its certificate to the GS in order to
authenticate the packet.
Time Stamp: 64 bit
This field indicates that AN sends a time stamp for the packet in order that to gain
resist of the replay attacks.
Random No: 32 bit
This field indicates that AN generate a random no and sends it to the GS.
Identifier: 8 bit
This field indicates that AN sends the identification no for the GS to the GS so it
knows that this message belongs to GS.
Sign Of Data: 256 bit
This field indicates that AN signs the time stamp, random no and identifier fields
with its private key and sends it to the GS.
4.4 AUTHENTICATION REPLY HEADER
This type header is responsible for authentication reply, GS after receiving the
authentication request and verifying the validity of the request packet it sends to the AN
authentication reply packet that includes the shared key. As shown in figure Figure 4.3.
Figure 4.3 Authentication Reply packet
Certificate B: 727 bit
This field indicates that the GS sends its certificate to the AN that requested the key
in order to authenticate the packet.
Time Stamp: 64 bit
This field indicates that GS sends a time stamp for the packet in order that to gain
resist of the replay attacks.
Random No1: 32 bit
This field indicates that GS sends again the random no it received from the AN
requested for the key.
Random No2: 32 bit
This field indicates that GS generate a random no and sends it to the AN requested
for the key.
Identifier: 8 bit
This field indicates that GS sends the identification no for the AN requested for the
key to the AN so it knows that this message belongs to this AN.
Encrypted Shared Key: 256 bit
This field indicates that GS encrypts the shared key with its public key and sends it
to the AN requested for the key.
Sign Of Data: 256 bit
This field indicates that AN signs the time stamp, random no and identifier fields
with its private key and sends it to the GS.
38
4.5 SHELLO HEADER
This type header has geolocation information and velocity for the ANs that are moving and
broadcasted to neighbors, each AN broadcast hello message every 1 second. The geolocation
information is got from GPS that is provided to each AN. As shown in figure Figure 4.4.
Figure 4.4 SHello Packet
Coordinate X : 32 bit
This field indicates the position x for the AN node that it got from the GPS system
attached in the AN.
Coordinate Y: 32 bit
This field indicates the position y for the AN node that it got from the GPS system
attached in the AN.
Coordinate Z: 32 bit
This field indicates the position Z for the AN node that it got from the GPS system
attached in the AN.
Velocity X: 32 bit
This field indicates the value of the AN velocity in x axis
Velocity Y: 32 bit
This field indicates the value of the AN velocity in y axis
Velocity Z: 32 bit
This field indicates the value of the AN velocity in z axis
Velocity sign: 8 bit
This field indicates the direction of the AN.
Authentication Tag: 16 bit
This field is responsible for guarantee that the packet has not been modified and
authenticated. As mentioned before in section 0.
4.6 SGS HEADER
This type header has geolocation information and velocity for all the ANs in the AANET.
The GS broadcast this type header every 5 seconds for all the ANs. We suppose that the GS
detect all the ANs in the AANET. As shown in figure Figure 4.5.
39
Figure 4.5 SGS Header Packet
Coordinate X : 32 bit
This field indicates the position x for the AN node that it got from the GPS system
attached in the AN.
Coordinate Y: 32 bit
This field indicates the position y for the AN node that it got from the GPS system
attached in the AN.
Coordinate Z: 32 bit
This field indicates the position Z for the AN node that it got from the GPS system
attached in the AN.
Velocity X: 32 bit
This field indicates the value of the AN velocity in x axis
Velocity Y: 32 bit
This field indicates the value of the AN velocity in y axis
Velocity Z: 32 bit
This field indicates the value of the AN velocity in z axis
Velocity sign: 8 bit
This field indicates the direction of the AN.
Start Time: 64 bit
This field indicates the start time of this information
End Time: 64 bit
This field indicates the end time valid for this information
Node Add: 32 bit
This field indicated the address of the AN which the packet has its information.
Authentication Tag: 16 bit
This field is responsible for guarantee that the packet has not been modified and
authenticated. As mentioned before in section 0
4.7 SGSTOPOLOGY HEADER
This type header has a topology for the whole AANET which is advertised by the GS. The
GS calculate the distance between ANs each one of them and the others and send this
information with start and expire times for that link, and the link cost. The start and expire
times are calculated based on node's geolocation and velocity information. A link is said to be
established between two nodes if the Euclidean distance between the two is less than their
transmission range. The assumption here is that all nodes have the same transmission range.
Based on the nodes geolocation coordinates the Euclidean distance is calculated.
40
The link expire time is also predicted based on the node's geolocation and velocity
components. Expire time for an active link is increased until the Euclidean distance between
the new predicted locations of the two nodes is greater than their transmission ranges. GS
calculates this information for all the possible links that can be established among all the
nodes in the network. If there are n nodes in a network, considering the best case scenario
where every node is connected to every other node, the total number of possible links are n ×
(n - 1) / 2.
Figure 4.6 SGSTopology Packet Header
Link Cost: 32 bit
This field indicates Link cost is used by the AN to identify a shortest path to a
destination. The GS can take many factors in determining this link cost. The lower
the link cost, the better it is to send traffic over it. The first factor to determine the
link cost is the duration for which a link will be active. The second factor is if the
links where one of the node has more resources or has more paths to a destination.
Start Time: 64 bit
This field indicates the start time specifies the time at which this link is formed.
End Time: 64 bit
This field indicates the end time specifies the time at which this link is predicted to
go down.
Node Add1: 32 bit
This field indicated the address of the AN which the packet has its information
Node Add2: 32 bit
This field indicated the address of the AN which the packet has its information.
Authentication Tag: 16 bit
This field is responsible for guarantee that the packet has not been modified and
authenticated. As mentioned before in section 0.
4.8 SAERORP OPERATION
As we mentioned before the operation of SAeroRP depends on two phases. The first phase
is authentication and key transport, and the second phase is authenticated encryption phase.
The first phase has two main purposes to do the first one is to authenticate each AN to GS and
transfer the shared key which has been generated by GS and delivered to each AN which
extract the key and use it in the second phase, also it is a point to point communication
between AN and GS and according to short transmission range of ANs so we provided two
interface cards one to provide communication between ANs and GS which is 150 mile and the
other one to provide communication between ANs and each other which is 27 mile. The
second phase uses the shared key extracted from phase 1 to authenticate and encrypt each
message control and data packets.
The following figures Figure 4.7 and Figure 4.10 explain the activity diagram of SAeroRP
and how SAeroRP algorithm is do its work. We assume that each AN node and the GS
generate its own RSA key pairs which we call initialization process and communicate in a
41
secure channel to a certificate authority (CA) by sending a secure signed certificate request by
including its public key to the CA, CA replies to the request by sending a valid certificate for
a certain period of time and have allot of information such as serial number of each node and
the valid date. The GS connect to the CA to obtain the shared key which will be used during
the operation of SAeroRP. All of that we call initialization process.
Figure 4.7 SAeroRP Flow Chart
At the first phase the GS works as a trusted third party and distribute the shared key as
shown in Figure 4.8. At the beginning of each flight mission, each AN tries to be
authenticated and sends an authentication request to the ground station using X.509 two-way
authentication. The authentication request packet has a time stamp for packet freshness, the
PKI certificate of the AN requesting authentication, the identification of the receiver (GS),
and the digital signature of all the previous data using the AN‟s private key. The GS verifies
the certificate of the AN node, the freshness of the time stamp to avoid attacks, the
identification of the GS, and the signature. If the message is verified correctly, the GS sends
an authentication reply packet that consists of the GS certificate, a time stamp, the random
number received from the AN, encrypted shared key that will be used for encrypting control
and data packets using authenticated encryption, and a digital signature of the previous data.
The AN node receives the reply packet and verifies the certificate, freshness of the time
stamp, the random number that it sent, and the signature. After the AN is authenticated, it
decrypts the shared key using the AN‟s private key and uses it to encrypt and decrypt hello
packets, GS advertisement packets, and data packets.
42
Figure 4.8 SAeroRP phase 1 Authentication and Key Transport
Figure 4.9 SAeroRP phase 2 Message Encryption
The second phase is authenticated encryption using AES-GCM as shown in Figure 4.9.
The packet header is used as the AAD and it is multiplied in GF (2128
) by the key hash, H. A
92-bit sequence number is used as an IV for AES-GCM. The IV is encrypted by the shared
key then XORed with the plaintext to create the cipher text. No matter what the packet size is,
all its contents are processed at the same time as one block. The encrypted message is
concatenated with an authentication tag, which is used for authenticating the packet. The AN
sends secure hello (SHello) packets, which are the same as AeroRP hello packets but
encrypted and concatenated with an authentication tag of length 16 bytes. The neighboring
43
node that receives the SHello packet verifies the packet authenticity by using the received
authentication tag. If the tag is verified, the AN decrypts the packet, extracts its data, and
updates the neighbor table this operation creates a trusted neighbor table; otherwise, the
received SHello is discarded. Similarly, the GS sends a secure GS advertisement (SGS)
packet with the same content as in AeroRP but encrypted and concatenated with a 16-byte
authentication tag. If the packet is authenticated by the AN by verifying the authentication
tag, it is simply will be decrypted, the data is extracted, and the position table updated this
operation creates a trusted position table; otherwise, the received SGS is discarded. Similar
processing is done for the data packets as well.
The data packet is encrypted and concatenated with 16 bytes authentication tag. If a source
S tries to send a data packet to destination D as shown in Figure 3.7, S collects data for its
neighbors by decrypting the SHello messages that are received from its neighbors and stores
the information into the neighbor table and gets the destination position from its position
table. The process of decision metrics is the same as AeroRP uses it begins to calculate best
TTI of the neighbors to forward the data packet to it until it reaches the destination D.
Figure 4.10 Activity diagram for SAeroRP
The activity diagram shows the algorithm steps which will be explained in the next section
in details.
44
4.9 ALGORITHM DESCRIPTION
The activity diagram shows the description of SAeroRP algorithm Figure 4.10. SAeroRP
has 12 steps we describe it in more details. We suppose that we have 3 entities a certificate
authority (CA) which is responsible on generating digital certificates for itself we call it root
certificate, every certificate for other entities is generated from root certificate, in this model
of trust relationships, a CA is a trusted third party trusted both by the subject (owner) of the
certificate and by the party relying upon the certificate. The other two entities is ANs air
borne nodes and ground station (GS).
1- Initialization
We assume that each entity is initialized and generate its own 2048 bit (we have not
used 1024 bit because it is vulnerable to attacks) RSA key pairs, RSA key pairs consist
of a public key which is known to any entity at the network and also used for
encrypting messages that can be decrypt by using the private key of the same RSA key
pairs and a private key which is unknown except for the entity it got. Each of ANs or
GS generates its own random number and generates the certificate parameters (name,
serial). The CA generates root certificate by using its own RSA key pairs, issuer name,
validity time and its own serial number.
A digital certificate certifies the ownership of a public key by the named subject of the
certificate. This allows others (relying parties) to rely upon signatures or on assertions
made about the private key that corresponds to the certified public key.
2- Certificate Request
Each AN or GS node sends a signed certificate request through a secure channel, the
certificate request contains of its own public key, serial number and name then sign the
request using SHA1 hash function.
3- Certificate Reply
The CA extracts the public key of the sender and serial number then set valid time for
the certificate then set the issuer name and signs the certificate reply and sends it back
to the sender. Till this step each AN or GS has its own RSA key pairs, Random number
and its own certificate.
4- Obtaining Shared Key
GS sends a request to the CA to obtain the shared key which will be used in the second
phase through a secured channel. CA generates a 32 byte shared key and sends it back
to GS.
5- Authentication Request
Each AN node in the network sends a control message we call authentication request
which is described in section 4.3 using an interface card that provide a point to point
communication between AN and GS for 150 km.
6- Authentication Request Verification
GS receives the authentication request, it checks the validity of the certificate by
compare it with root certificate and its validity time, GS checks validity of the message
ID field for GS, GS checks validity of time stamp, GS checks the sign of the previous
data by using the sender public key. From the certificate field it extracts the public key
of the AN that sent the request and its serial number. If the message is valid it sends the
reply message
7- Authentication Reply
GS replies to the AN that sent the request by a control message we call authentication
reply which is described in section 4.4
8- Authentication Reply Verification
45
AN receives authentication reply message and begins to verify it, it checks the validity
of the certificate by compare it with root certificate and its validity time, AN checks
validity of the message ID field for its own, AN checks validity of time stamp, AN
checks that the random number is the same as what it has sent, AN checks the sign of
the previous data by using the sender public key. From the certificate field it extracts
the public key of the AN that sent the request and its serial number. If the message is
valid it extracts the shared key by decrypting it.
9- GS Encrypted Message
GS begins to use the shared key to encrypt its GS broadcast messages as explained in
section 4.6, ANs which received this GS broadcast uses the shared key it received from
GS to decrypt the message
10- GS Broadcast Verification
AN received the GS broadcast message it get the auth tag that attached with the
message and uses the additional authenticated data as shown in section 2.5 and
compare the result with the attached auth tag if it is valid it decrypt the message and
extract the geolocation information and update the position table in this case we have a
trusted position table
11- Hello Encrypted Message
Each AN broadcast hello message every second with its position and speed and other
AN receives it within it transmission range 27800 m so it uses the shared key to
encrypt the message as shown in section 4.5
12- Hello Broadcast Verification
AN received the SHELLO message it get the auth tag that attached with the message
and uses the additional authenticated data as shown in section 2.5 and compare the
result with the attached auth tag if it is valid it decrypt the message and extract the
geolocation information and update the neighbor table in this case we have a trusted
neighbor table
46
CHAPTER 5
5 EXPERIMENTAL EVALUATION
SAeroRP provides secure communication for the AANETs and also provides more options
for ANs to select the best next hop neighbors and also provide a mechanism for the GS to
broadcast strategic mission plans to the ANs. AeroRP with GS updates is implemented and
simulated with NS3 network simulator. NS3 is a discrete event network simulator written in
C++. In this chapter, we introduce compare between the performance of the AeroRP and
SAeroRP. We also compare between AeroRP and SAeroRP with attacks demonstrating the
effect on the routing protocols performance in each case.
This chapter is organized as follows. The network performance metrics used for the
analysis are detailed in Section 5.1. Section 5.2 briefly explains the different simulation
parameters considered for this analysis. Section 5.3 analyses the variations in protocol's
performance while running with attack and without attack.
5.1 PERFORMANCE METRICS
The performance metrics considered for the evaluation of SAeroRP are packet delivery
ratio (PDR), routing overhead ratio, and end to end delay.
Packet Delivery Ratio (PDR): The ratio of the number of packets received at the
destination to the number of packets sent by the application. All packets sent down by the
application are not be sent by the routing protocol if there is no route to the destination.
Routing Overhead Ratio: The fraction of bytes used by the protocol for SAeroRP control
messages. Overhead for data packets is calculated by adding all control packets in bits and
divide it by the simulation time all divided by the data packet length in bits.
End To End Delay: The time taken by a packet to reach the destination node's application
from the source node's application. Delay is calculated since the time it leaves the source node
to the time it reaches the destination. It also includes the time the packet is buffered in the
neighboring node's queue.
Since each simulation is run 10 times it gives a high confidence interval on the results.
5.2 SIMULATION SETUP
This section highlights the various simulation parameters used for simulating these routing
protocols in NS3. Table 1 shows the simulation parameters that we use to evaluate the
performance of the routing protocols.
All simulations are performed on ns-3.11 for a total simulation time of 1500 s. A warm-up
time of 100 s is set so that the mobility models can reach a steady-state and the simulation is
not affected by any initial conditions.
Constant bit-rate (CBR) traffic is sent from 100 s to 1100 s. A cool-down time of 400
second is set so that any packets that are buffered can be transmitted during this time. This
ensures that all the CBR packets sent by a source have enough time to reach the destination. A
transmit power of 50 dbm is chosen to achieve a transmission range of 27800 m (15 nautical
mi).
47
Table 5.1 Simulation Variables
Variable values
Mobility model 3D Gauss Markov (0) pause time
Velocity
Simulation runs
3.5 Mach (1200 m/s)
10
Simulation area 150 km × 150 km
Application sending time
1000 s
Link layer TDMA
Packet size 1000 bytes
Sending rate 8 kb/s CBR
Transmission range AN
Authentication transmission range AN
Transmission range GS
27.8 km
150 km
150 km
Transport protocol UDP
Physical layer Simple wireless channel
Variable values
Mobility model 3D Gauss Markov (0) pause time
Velocity
Simulation runs
3.5 Mach (1200 m/s)
10
5.3 EFFECT OF ATTACKS ON AERORP
We have simulated the above two types of active attacks. We studied the effect of each
attack alone and their combined effect on AeroRP performance. For the black-hole AN attack,
the percentage of attackers has been varied from 10% to 40% of the total number of ANs. The
AN attack has been applied to a 50–node network first to study the effect of varying the
absolute number of malicious nodes. It has been found that increasing the number of attackers
adversely affected the network until 30% then increasing the number of attackers had a slight
effect.
As shown in figure Figure 5.1it shows the effect of the implement different percentage of
attackers on the ANNET and studies its effect on the packet delivery ratio, we found that the
more increasing of attackers on the network the less delivery ratio because that the source AN
has no good neighbors (not a malicious node) to forward the data packet. Also we found out
that the more we increased the attackers the less its effect on the delivery ratio because the
source will be surrounded with more than one malicious node this will make the effect of
malicious node is decreased gradually. It is obvious that the different between 30 and 40 % is
not a big difference not the same like the difference between 10 and 20 %. As shown in
48
figure Figure it shows that the end to end delay is decreased due to the increase of the AN
black hole attackers, because the attackers not forwarding any packet data so the AN nodes
that near to destination and away from attackers sends the d ata packets directly to destination
which make the delay time decreased. Note that the attackers are distributed randomly in the
AANET. Also we suppose that the attacker knows the real destination geolocation
information.
Figure 5.1 Effect of Black-hole attack with different percentage of attackers on the
Packet Delivery Ratio for the AANET
49
Figure 5.2 Effect of Black-hole attack with different percentage of attackers on the
End To End Delay for the AANET
Figure 5.3 Effect of GS attack with different percentage of Black hole attackers on
the Packet Delivery Ratio for the AANET
50
Figure 5.4 Effect of GS attack with different percentage of Black hole attackers on
the End To End Delay for the AANET
As shown in figure Figure 5.3shows the effect GS attack and both attacks on the packet
delivery ratio, GS attack deceives the AN nodes with the position of fake destination this
attack when used with black hole attack they help each other to increase the losses of the
packet delivered ratio, it is noticed that the PDR (Packet Delivery Ratio) decreased more than
when we use both type of attacks. As shown in figure Figure 5.4 EED (end to end delay),
when we use only the GS attack the delay time increased because the data packets take longer
path until it reaches to destination due to fake geolocation information for the destination. Due
to we combine both attacks together the even the packets that delivered to destination it takes
a longer time because of the fake geolocation information of destination.
51
Figure 5.5 Effect of Number of Attackers on Packet Delivery Ratio (Number of ANs =
50).
As shown in figure Figure 5.5 we apply different no of black hole attackers on AANET
that consist of only 50 AN nodes. It is obvious that when we use 5 AN attackers it decreased
the PDR to almost the half but when we increased the no of attackers it slightly decreases the
PDR because the AN is surrounded with more than one attacker which make the effect of the
attackers less on the PDR.
Figure 5.6 Effect of Constant percentage of Attackers on the AANET
As shown in figure Figure 5.6 we apply constant black hole AN attacker which is 4 ANs
and changes the no of ANs in the AANET, it is obvious that the more that we increase the
ANs the effect of the attack decreased and the PDR increased gradually because the source
can find ANs that forward the packets.
GS attacks have greater impact on performance. PDR significantly decreased and end-to-
end delay decreased as well because AeroRP lost a lot of the sent packets and only those
packets that were transmitted directly from source to destination (single-hop routes) were
delivered.
52
The attack models explained in Section 3.7 are applied to SAeroRP by providing the
attackers with self-signed certificates and wrongly-guessed shared key. The simulated
AANET contained between 10 and 100 ANs, one GS, and a single moving sink AN in the
middle of the simulation area. AeroRP is tested under ferry, beacon mode.
5.4 Comparing AeroRP and SAeroRP
It is clear that both AeroRP and SAeroRP show almost identical performance with regard
to PDR and end-to-end delay in absence of attackers; both depend on choosing the best
neighbor from the neighbor table with lower TTI. SAeroRP just makes the neighbor table and
position table trusted, so the mechanism for both is the same. The end-to-end delay is almost
the same with a little increase in the delay. The additional processing time in SAeroRP is on
average 347 microseconds. The routing overhead increased since the size of the hello and GS
packets has been increased due to concatenation of the original message with the
authentication tag. This makes their sizes bigger than their counterparts in AeroRP control
messages by 16 bytes. As shown in figures
The combined active attacks had no effect on SAeroRP as apparent in Figure 5.7. This is
because the hello messages or the GS advertisement packets from the attackers were rejected
because their authentication failed, the neighbor and position tables never included the
attackers, and thus in the forwarding phase ANs selected best-TTI next-hops from non-
attackers only. Figure 5.7 shows that PDR with SAeroRP was almost constant with a very
slight decrease because SAeroRP depends on a trusted neighbor with a lower TTI which we
call best neighbor to forward the data packet to it and due to the presence of attackers some of
the ANs cannot find a trusted best neighbor, so the node puts data in the buffer queue until it
finds a trusted best neighbor. But in AeroRP, when the number of attackers increased, the
PDR decreases gradually.
53
Figure 5.7 PDR Comparison Between AeroRP and SAeroRP
Figure 5.7 shows a comparison between PDR percentage ant the effect on the network
performance due to the new secure routing protocol SAeroRP, it is noticed that it is the same
data received for both protocols because SAeroRP depends on building trusted neighbor and
position tables from the trusted control packets.
54
Figure 5.8 End To End Delay Comparison Between AeroRP and SAeroRP
Figure 5.8 shows comparison between both protocols in the delay of data packets from
source to destination and the differ is a little bit fifer between both protocols due to the
performance of AES-GCM encryption it uses all the data packet block and process it in
parallel which make the encryption method so fast
55
Figure 5.9 OverHead Routing Ratio Comparison Between AeroRP and SaeroRP
Figure 5.9 shows a comparison between the overhead routing between both protocols, as
we can see that due to the effect of authentication tag 16 bit the overhead increased for
SAeroRP.
56
Figure 5.10 PDR Comparison of AeroRP vs. SAeroRP with variable number of
black-hole attackers and 50 non-attackers.
Figure 5.10 shows comparison between both protocols with 50 AN and different no of
attackers and the effect of attackers on both protocols, we found that AeroRP effected by
attacks but SAeroRP has no effect except for little decrease because the increase of attackers
number led to decrease of forwarding data to trusted neighbors.
57
CHAPTER 6
6 CONCLUSIONS AND FUTURE WORK
Securing geo-graphical information in air borne networks is an important issue. In this
thesis, some well-known routing protocols are reviewed demonstrating the challenges arising
from the dynamic nature of an air borne network. Motivated by these challenges, a new secure
geographical routing protocol that can be used in highly-dynamic aeronautical ad-hoc
networks (SAeroRP) has been presented. SAeroRP is designed to provide confidentiality,
authentication and integrity for the geo-location information and data packets via
cryptographic techniques. SAeroRP is also used to identify the ANs nodes as a friend or foe
by the authentication phase. It provides secure communication among the aircrafts themselves
and between an aircraft and the ground station.
NS3 simulator is used to study the impact of applying the proposed protocol on network
performance. Moreover, it is used to assess the impact of various types of attacks.
SAeroRP resists both the black-hole attack and the GS attack. The increased security
comes at the cost of a slight increase in the processing time and increased bandwidth
requirements. All previous secure routing protocols for AANETs depend on asymmetric
encryption. However, in our work, a solution depending on the use of symmetric encryption,
which is faster due to using a block cipher that operates in parallel on various blocks, is
implemented. Moreover, larger data packets can be used compared to asymmetric encryption
that can be handled in an efficient, secure way.
Future research extensions to this work include studying other mobility models of the
nodes and applying the proposed protocol to more complex network configurations.
58
REFERENCES
[1] M. S. B. Mahmoud and N. Larrieu, "An ADS-B based secure geographical routing
protocol for aeronautical ad hoc networks," in IEEE 37th Annual Computer Software and
Applications Conference Workshops (COMPSACW), July 2013, pp. 556-562.
[2] M. G. Rubinstein, I. M. Moraes, M. E. M. Campista, L. H. M. K. Costa, and O. C. M. B.
Duarte, "A survey on wireless ad hoc networks," in Mobile and Wireless Communication
Networks: IFIP 19th World Computer Congress, TC-6, 8th IFIP/IEEE Conference on Mobile
and Wireless Communications Networks, August 20-25, 2006, Santiago, Chile, G. Pujolle,
Ed. Boston, MA: Springer US, 2006, pp. 1-33.
[3] R. Suma and B. G. Premasudha, "Geographical routing protocols for mobile ad hoc
networks- a survey on their performance analysis," International Journal of Research in
Engineering and Technology, vol. 2, no. 11, pp. 579-586, 2013.
[4] A. Husain, R. Raw, B. Kumar, and A. Doegar, "Performance comparison of topology and
position based routing protocols in vehicular network environments," International Journal of
Wireless and Mobile Networks (IJWMN), vol. 3, no. 4, pp. 289-303, 2011.
[5] W. Stallings, Cryptography and Network Security: Principles and Practice, 3rd ed.
Pearson Education, 2002.
[6] C. Low, "Understanding wireless attacks and detection," SANS Institute InfoSec Reading
Room, Tech. Rep., 04 2005. [Online]. Available: https://www.sans.org/reading-
room/whitepapers/detection/understanding-wireless-attacks-detection-1633
[7] H. Narra, "Design and performance analysis of an aeronautical routing protocol with
ground station updates," PhD dissertation, University of Kansas, Kansas, USA, 2011.
[8] D. Broyles and A. Jabbar, "Design and analysis of a 3-D Gauss-Markov model for highly
dynamic airborne networks," in International Telemetering Conference Proceedings.
International Foundation for Telemetering, 2010.
[9] J. P. Rohrer, A. Jabbar, E. Perrins, and J. P. G. Sterbenz, "Cross-layer architectural
framework for highly-mobile multihop airborne telemetry networks," in Proceedings of the
IEEE Military Communications Conference (MILCOM), San Diego, CA, USA, November
2008, pp. 1-9.
[10] K. Peters, A. Jabbar, E. K. Cetinkaya, and J. P. G. Sterbenz, "A geographical routing
protocol for highly-dynamic aeronautical networks," in 2011 IEEE Wireless Communications
and Networking Conference, March 2011, pp. 492-97.
[11] B. Forouzan and D. Mukhopadhyay, Cryptography and Network Security (SIE),
McGraw Hill Education (India) Private Limited, 2011.
[12] E. Sakhaee and A. Jamalipour, "The global in-flight Internet," IEEE Journal on Selected
Areas in Communications, vol. 24, no. 9, pp. 1748-1757, Sept 2006.
59
[13] M. Iordanakis, D. Yannis, K. Karras, G. Bogdos, G. Dilintas, M. Amirfeiz, G. Colangelo,
and S. Baiotti, "Ad-hoc routing protocol for aeronautical mobile ad-hoc networks," in Fifth
International Symposium on Communication Systems, Networks and Digital Signal
Processing (CSNDSP), 2006.
[14] A. Jabbar, "AeroRP: A geolocation assisted aeronautical routing protocol for highly
dynamic telemetry environments," in International Telemetering Conference Proceedings.
International Foundation for Telemetering, 2009.
[15] J. P. Rohrer, E. K. Cetinkaya, H. Narra, D. Broyles, K. Peters, and J. P. G. Sterbenz,
"AeroRP performance in highly-dynamic airborne networks using 3D gauss-markov mobility
model," in Proceedings of the IEEE Military Communications Conference (MILCOM),
Baltimore, MD, USA, November 7-10 2011.
[16] A. J. Menezes, S. A. Vanstone, and P. C. V. Oorschot, Handbook of Applied
Cryptography, 1st ed. Boca Raton, FL, USA: CRC Press, Inc., 1996.
[17] M. J. Dworkin, "Sp 800-38d. recommendation for block cipher modes of operation:
Galois counter mode (GCM) and GMAC," Gaithersburg, MD, United States, Tech. Rep.,
2007.
[18] D. A. McGrew and J. Viega, "The security and performance of the Galois/counter mode
of operation (full version)," IACR e-print Archive, 2004. [Online]. Available:
http://eprint.iacr.org/2004/193.
[19] U.S. Congress and Office of Technology Assessment, "Who goes there: Friend or foe?"
Washington, DC, United States, Tech. Rep. OTA-ISC-537, 1993.
[20] M. Garcia, J. Hoffman, J. Rowley, and D. Stone, "Test for success: Next generation
aircraft identification system RF simulation," in Integrated Communications, Navigation and
Surveillance Conference, 2007.
[21] L. Roy, "RADAR," Carleton university course, Carleton University, 2011. [Online].
Available: http://www.doe.carleton.ca/_tforzley/elec4504/index.html
[22] W. Stamper, "Understanding mode S technology a discussion about mode S basic,
elementary and enhanced surveillance, DF17 extended squitter and ADS-B," Aircraft
Engineering and Aerospace Technology, vol. 76, no. 3, 2004.
[23] M. Strohmeier, V. Lenders, and I. Martinovic, "On the security of the automatic
dependent surveillance-broadcast protocol," IEEE Communications Surveys Tutorials, vol.
17, no. 2, pp. 1066-1087, 2015.
[24] A. Buchholz, "DPP: Dual path PKI for secure aircraft data communication," PhD
dissertation, Virginia Polytechnic Institute and State University, Virginia, USA, 2013.
[25] A. Fonseca, A. Camoes, and T. Vazao, "Geographical routing implementation in NS3,"
in Proceedings of the 5th International ICST Conference on Simulation Tools and
Techniques, ser. SIMUTOOLS '12. ICST, Brussels, Belgium, Belgium: ICST (Institute for
60
Computer Sciences, Social-Informatics and Telecommunications Engineering), 2012, pp.
353-358.
[26] S. Carter and A. Yasinsac, "Secure position aided ad hoc routing," in Communications
and Computer Networks, ACTA Press, 2002.
[27] A. Bhattacharyya, A. Banerjee, D. Bose, H. N. Saha, and D. Bhattacharyya, "Different
types of attacks in mobile ADHOC network," CoRR, vol. abs/1111.4090, 2011. [Online].
Available: http://arxiv.org/abs/1111.4090
[28] R. Franz, "High-rate wireless airborne network demonstration (HiWAND) flight test
results," in International Telemetering Conference Proceedings, International Foundation for
Telemetering, 2007.