Essay: Onion routing

3. OVERVIEW AND EXPLANATION
3.1 ONION ROUTING
It is a mechanism to provide private communications over a public network in which the sender and the receiver nodes communicate with each other anonymously by means of some intermediate nodes called onion routers. It relies on public key cryptography. The source node sets up the core of an onion with a specific route message. During a route request phase, each forwarding node adds an encrypted layer to the route request message. The source and destination nodes do not necessarily know the ID of a forwarding node. The destination node receives the onion and delivers it along the route back to the source. The intermediate node can verify its role by decrypting and deleting the outer layer of the onion. Eventually an anonymous route can be established.
3.2 GROUP SIGNATURE
Group signature scheme can provide authentications without disturbing the anonymity. Every member in a group may have a pair of group public and private keys issued by the group trust authority (i.e., group manager). The member can generate its own signature by its own private key, and such signature can be verified by other members in the group without revealing the signer’s identity. Only the group trust authority can trace the signer’s identity and revoke the group keys.
3.3 WORKING MECHANISM
Based on the AODV protocol the source node broadcasts a RREQ packet to every node in the network. If the destination node receives the RREQ to itself, it will reply an RREP packet back along the incoming path of the RREQ. In order to protect the anonymity when exchanging the route information Onion routing method and group signature is used. Onion routing is the mechanism in which the sender and the receiver nodes communicate with each other anonymously by means of some intermediate nodes called as onion routers it relies on public key cryptography. For Example the below figure 4.1 contains 6 nodes, let onion routers 4, 3, and 5 be randomly selected by the onion proxy to send the data.
Figure 4.1 Onion Routing Mechanism
In the figure 4.1 each and every node is provided with a group public and private key based on the group signature method .The private key is unique for each and every node whereas the public key is the same for all the nodes in the group. The proxy encrypts the data with 5’s public key followed by 3 and then 4.Thus an onion created in figure 4.2 is represented as
E4PU(3’s IP address,E3PU((5’sIP address,(E5PU(recipients IP address, data))))).
Figure 4.2 Key Encrypted Onion
The proxy then sends the onion to the first onion routers i.e 4. Onion router 4 peels the outer layer of the onion using its private key. It forwards the onion to 3 which now looks like figure 4.3 and is represented as
E3PU((5’s IP ADDRESS,(E5PU(recipient’s IP address, data))))
Figure 4.3 Intermediate Node 4 Peels the Outer Layer of the Onion using its Private Key
Onion router 3 peels the outer layer of the onion using its private key. It forwards the onion to 5 which now looks like figure 4.4 and is represented as (E5PU(recipient’s IP address, data)).
Figure 4.4 Intermediate Node 3 Peels the Outer Layer of the Onion Using Its Private Key.
Onion router 5 peels the outer layer of the onion using its private key. It finds the plain data and the destination address and forwards it to the destination.
Figure 4.5 Intermediate Node 5 Peels the Outer Layer of the Onion using its Private Key.
The size of the onion reduces as it nears the destination. Hence attackers can infer the details about the destination. To avoid this onions are padded at each onion router to maintain the size of the onion. Every onion routers has details of only its previous and next hop. So even if an onion router has been compromised the attacker can get only the encrypted onion. The attacker will not be able to decrypt the onion without the private keys and hence will not infer any valuable information from it. How the encryption and decryption process takes place.
3.4 ENCRYPT THE DATA
encryption(hdr->data);
send(pkt, 0);
return (TCL_OK);
}
else if (strcmp(argv[1], “start-WL-brdcast”) == 0) {
Packet* pkt = allocpkt();
hdr_ip* iph = HDR_IP(pkt);
hdr_security_packet* ph = hdr_security_packet::access(pkt);
strcpy(ph->data, “test”);
iph->daddr() = IP_BROADCAST;
iph->dport() = iph->sport();
ph->ret = 0;
send(pkt, (Handler*) 0);
return (TCL_OK);
}
else if (strcmp(argv[1], “oneway”) == 0) {
oneway=1;
return (TCL_OK);
}
}
(Agent::command(argc, argv));
}
Encryption Function voidSecurity_packetAgent::encryption(char out[])
{
int key =3;
inti=0;
for (i=0;i<strlen(out);i++)
{
out[i]=(out[i]^key)%256;
}
}
Decryption voidSecurity_packetAgent::decryption(char out[])
{
int key =3;
inti=0;
for (i=0;i<strlen(out);i++)
{
out[i]=(out[i]^key)%256;
}
}
3.5 DECRPTION FUNCTION
unsignedintSecurity_packetAgent::hashing(char value[], unsigned intlen)
{
char *word = value;
unsignedint ret = 0;
unsignedinti;
for(i=0; i<len; i++)
{
int mod = i % 256;
ret ^=(unsigned int) (word[i]) << mod;
ret ^=(unsigned int) (word[i]) >> (256 – mod);
}
return ret;
}
3.6 PERFORMANCE EVALUATIONS
Figure 6.6 Throughputs
The figure 6.6 represents the performance analysis for the throughput between the two protocols ANODV and AASR. So it is found that the average throughput of ANODV decreases obviously when compared to the AASR protocol.
Figure 6.7 Packet Loss Ratio
In this figure 6.7 the existing protocol ANODV is compared with the AASR protocol for the packet delivery ratio and found that the ANODV protocol has higher packet loss ratio then AASR protocol.
4. CONCLUSION
An Authenticated and Anonymous Routing Protocol for MANETs have been designed in adversarial environments. In this protocol the route request packets are authenticated by group signatures, to defend the potential active anonymous attacks without unveiling the node identities. The key-encrypted onion routing with a route secret verification message is designed not only to record the anonymous routes but also to prevent the intermediate nodes from inferring the real destination. Compared to ANODR, AASR provides higher throughput and lower packets loss ratio in different mobile scenarios in the presence of adversary attacks.
In future work, this AASR will be improved to reduce the packet delay by combining it with a trust based routing. With the help of the trust model, the routing protocols will be more active in detecting link failures, caused either by the mobility or adversary attacks.