Two Anonymous Cooperative Cache-Based Data Access Schemes in Mobile Ad Hoc Networks

Mobile ad hoc network has been extensively studied in recent years due to its potential applications in civilian and military environments. Cooperative caching, which allows the sharing and coordination of cached data among multiple nodes, could be employed to improve data accessibility and reduce data access cost in mobile ad hoc networks. In this paper, we give anonymity requirements for cooperative cache-based data access in mobile ad hoc networks and present two efficient anonymous data access schemes based on onion message and pseudonym-based encryption, respectively. The proposed schemes can not only protect confidentiality of sensitive cache data but can also protect privacy of nodes and routes.


Introduction
A mobile adhoc network (MANET) is a self-configuring temporary network of mobile devices connected by wireless links without infrastructure support.The benefits of flexible routing, global connectivity and a highly adaptive potential make MANETs suitable for a wide range of applications in both military and commercial environments, such as battlefields, disaster relief operations, personal area networking, mobile information sharing, and vehicular networks.
Similar to the wired network, security requirements for MANETs include availability, confidentiality, integrity, authentication, nonrepudiation.Compared to the wired network, MANET is more vulnerable to security attacks due to its features of open medium, dynamic changing topology, cooperative algorithms, lack of centralized monitoring and management point, and so forth [1].
Traffic analysis is one of the most serious security attacks in MANETs due to the broadcast nature of the wireless medium.In this attack, adversaries can obtain sensitive information about the applications even without revealing the contents of the messages just by observing network traffic pattern.For example, an attacker can identify the communicating parties and their positions by tracing and analyzing the network traffic patterns.This may lead to severe threats in security-sensitive applications.For instance, in a battle field the enemy can physically destroy the important mobile nodes if they can identify and locate such nodes by traffic analysis.Ideally, a node should be able to keep its identity, its location and its correspondents private, that is, remain anonymous.Simple traffic padding approach by generating dummy traffic into the network does not aim to hide the identifiers of communicating nodes and so cannot completely prevent traffic analysis.
In order to thwart traffic analysis attack, anonymous mobile ad hoc routing protocols are developed and have been attracting the attention of more and more researchers in recent years.The most current anonymous routing protocols for MANETs assume that mobile users share pairwise secrets before they start an anonymous communication session.This assumption is impractical for many ad hoc scenarios where pairwise shared keys are difficult to be set up in advance.
Song et al. [2] presented an anonymous dynamic source routing protocol for MANETs.The protocol employs anonymous onion routing between the source and destination, and each intermediate node owns a shared session key with the source and destination nodes when the protocol is completed.Zhang et al. [3] proposed an anonymous on-demand routing protocol based on identity-based encryption [4] for MANETs.In their approach, nodes use pseudonyms instead of their real identifiers, and each node can dynamically changes its pseudonyms.Each node self-generates a set of pseudonyms and submit them to the trusted authority, and the trusted authority generates corresponding private keys and sends them back to the node.The drawback of Zhang et al. 's approach is the underlying anonymous communications are not blind to the trusted private key generator (PKG).Later, Huang [5] presented an anonymous communication system for MANETs based on pseudonym-based cryptography without trusted PKG.Sheklabadi and Berenjkoub [6] proposed an anonymous version of authenticated routing for ad hoc networks (ARAN), which can provide a variety of anonymous functionalities such as identity privacy, location privacy, and route anonymity together with security features of ARAN.However, the proposed protocol is based on a impractical assumption that there is a shared secret between the source and the destination.
Although routing is an important issue in MANETs, other issues such as data access are also very important since the ultimate goal of using MANETs is to provide data access to mobile nodes.Caching techniques are an efficient way for increasing the performance in data communication, which has been widely used in different fields such as CPU design, multiprocessor, memory architecture, or router design.Internet uses cache placement and replacement in proxy servers and cooperative caching architecture to reduce the network traffic and average latency of data query significantly [7].As mobile nodes in ad hoc networks may have similar tasks and share common interest, cooperative caching, which allows the sharing and coordination of cached data among multiple nodes, can be used to reduce the bandwidth and power consumption.However, cooperative caching techniques designed for wired networks may not be applied directly to MANETs due to their dynamic topology and constrained resources (i.e., bandwidth, battery power, and computational capacity).
Ting and Chang [8] proposed a cooperative caching scheme for wireless ad hoc networks called GroupCaching, which allows each mobile host and its 1-hop neighbors form a group, and the caching status is exchanged and maintained periodically in a group.Yin and Cao [9] proposed three cooperative caching schemes for ad hoc networks, called CachePath, CacheData, and HybridCache, respectively.Zhao et al. [10] proposed a novel asymmetric cooperative cache approach, where the data requests are transmitted to the cache layer on every node, but the data replies are only transmitted to the cache layer at the intermediate nodes that need to cache the data.Recently, Wu and Cao [11] proposed a Voronoi Diagram-based cooperative cache discovery approach to reduce data access cost by limiting the cache information update and query within a single Voronoi Region.Currently existing cooperative caching schemes in MANETs have not yet considered the problem of anonymity.
In this paper, we give anonymity requirements for cooperative cache based data access in MANETs, and present two efficient anonymous cooperative cache based data access schemes based on onion message and pseudonym-based encryption, respectively.The proposed schemes cannot only protect confidentiality of sensitive cache data but can also protect privacy of nodes and routes.
The rest of this paper is organized as follows.Some necessary background knowledge about bilinear pairings and pseudonym-based encryption are introduced in Section 2. The anonymity requirements and system model of anonymous cooperative cache based data access in MANETs are explained in Section 3. Our proposed anonymous cooperative cache based data access schemes in MANETs based on onion message and pseudonym-based encryption are described in Sections 4 and 5, respectively.Anonymity and security analysis of the two proposed cooperative cache based data access schemes in MANETs are presented in Section 6.We conclude our work in Section 7.

Preliminary Works
We first introduce some notations.If S is a set, then ∈  S denotes the operation of picking an element  uniformly at random from S. A function () is negligible if for every  > 0, there exists a   , such that () < 1/  for all  >   .

Bilinear Pairings and the Bilinear Diffie-Hellman Assumption.
Let G 1 be an additive cyclic group of large prime order  and G 2 be a multiplicative cyclic group of the same order .In particular, G 1 is a subgroup of the group of points on an elliptic curve over a finite field and G 2 is a subgroup of the multiplicative group over a finite field.Let  be a generator of G 1 .A bilinear pairing is an admissible map ê : G 1 ×G 1 → G 2 and satisfies the following properties.(ii) Nondegeneracy.The map does not send all pairs in The bilinear group generator g(1  ) is an algorithm that takes as input a security parameter  and outputs a bilinear group (, G 1 , G 2 , ê), where  is a prime of size 2  , G 1 and G 2 are cyclic groups of order , and ê is an admissible bilinear map.
Given a bilinear group (, G 1 , G 2 , ê) generated by g(), and (, , , ) for some , , ∈  Z *  .The BDH problem in the bilinear group where the probability is over the random choice of , ,  in Z *  , the random choice of  ∈ G 1 , and the random bits of A.
We say that the BDH assumption holds in the bilinear group (, G 1 , G 2 , ê) if no probabilistic polynomial time (in ) algorithm has a nonnegligible advantage in solving the BDH problem in the bilinear group (, G 1 , G 2 , ê).

Pseudonym-Based Encryption Scheme.
Huang proposed a pseudonym-based encryption (PBE) scheme without trusted PKG to provide anonymous communication [5], which is described as follows.
(i) Setup.The PKG generates and publish system parameters as where  denote bit length of plaintext,  : Otherwise, A outputs   as the decryption of .
Huang [5] proved that the above scheme is semantically secure pseudonym based encryption in the random oracle model assuming BDH is hard in groups generated by g.

System Model
The system model for our proposed anonymous cooperative cache based data access schemes in MANETs is illustrated as Figure 1.There are  intermediate nodes between the source node and the destination node along the routing path.We denote the source node, nodes en route, and the destination node as ,   (1 ≤  ≤ ), and , respectively.
The proposed anonymous cooperative cache based data access schemes in MANETs consist of the following four steps.
(i) Route Request Phase.The source node first constructs and initializes the route request message packet (RREQ) and broadcasts to search for the destination node who has a copy of required data cache.(ii) Route Reply Phase.The destination node constructs and sends a route reply packet (RREP) back to the source node along the path found by the first step.
(iii) Data Request Phase.The source node sends data cache request message packet (DREQ) to the destination node.
(iv) Anonymous Data Transmission Phase.The destination node transfers the requested data cache back to the source node.
We define an internal adversary as a node that is compromised and on the routing path.An external adversary is a compromised node not on the path, or an external node not directly participating in the MANET, that is, it only eavesdrops on traffic between nodes.
We make the following two assumptions for our anonymous cooperative cache-based data access schemes in MANETs.
(i) All wireless links are symmetric, which means that if node  is in transmission range of some node , so  is in transmission range of  as well.
(ii) Adversaries have unbounded eavesdropping capability but bounded computing and node intrusion capabilities.
To resist outsider attack, our anonymous cooperative cache based data access schemes should prevent outsider adversary from learning the identity of source node and destination node, and intermediate nodes en route.To resist insider attack, our anonymous cooperative cache based data access schemes should prevent insider adversary from determining whether another node is the source or the destination, or an intermediate node en route of a particular message.So, we consider the following three types of anonymity for our anonymous cooperative cache based data access schemes in MANETs.
(i) Anonymity of source and destination nodes.Both the source and destination nodes is anonymous to others, and no one knows the location of the source node or destination node.
(ii) Anonymity of intermediate nodes.Nobody knows the real identities and location of intermediate nodes, even the node en route cannot know the real identities and locations of other nodes.
(iii) Anonymity of the route.Adversaries cannot trace a packet flow back to its source or the destinations.Nobody knows the real routing path between the source and destination nodes.For adversaries not in the route, they have no information on any part of the route.
For convenience of presentation, we introduce the notations that will be used in our proposed anonymous cooperative cache based data access schemes in notations section.

Anonymous Data Access Scheme Based on Onion Packet
RREQ field indicates that it is the the route request message packet, SEQ field indicates the packet sequence number that serves as the unique identifier of the request, and it is also used by the intermediate nodes to validate whether an route reply is generated by the real destination in the route reply phase.PDN  field indicates the pseudonym of the source node, which is the temporary identity of node .When a node   receives a route request message packet with the following format it processes the packet according to the following steps.
(1) Check whether the packet has already been received by using the fields SEQ as the unique identifier for the packet. ( The field PDN  denotes a pseudonym generated by node   for this session, the field K  denotes a symmetric session key generated randomly by node   that will be used to encrypt the data from neighbor (this field is not set in this phase).Finally node   replaces the field PDN −1 with PDN  in the received route request message packet and rebroadcasts the request to all its neighbors. ( where PDN −1 is the pseudonym that the destination node  got the route request message packet from the previous hop.
Then the destination node generates a route reply message packet with the following format: where Finally, the destination node broadcasts the route reply message packet to all its neighbors.For every intermediate node   who receives the route reply message packet, it first checks whether there is an entry in its anonymous routing table whose SEQ and PDN  fields are the same as those of the received packet.If there exists such an entry, then node   checks whether the field PDN  of this entry is equal to the field PDN −1 of the packet.If yes, node   chooses a symmetric key K  and fills it into the field K  of this entry.Furthermore, node   replaces the field PDN −1 of the packet with the field PDN −1 recorded by itself, and changes field ONI of the packet into the following format: Finally, node   broadcasts the packet to its neighbors.This process loops until the source node  gets the packet.The source node  decrypts the received ONI by using its corresponding private key   , thus the source node can get all the symmetric encryption keys   and pseudonym of nodes PDN  along the path.

Data Request Phase.
The source node  generates and broadcasts the data cache request packet with the following format: where The intermediate node   determine whether he is in the path by checking the field PDN  in the received data packet against his pseudonym.If yes, node   decrypts the ONI and gets the pseudonym for the next hop.Then node   replaces the field PDN  with decrypted pseudonym.For the destination node , when it decrypts the ONI, it gets the route information.

Anonymous Data Transmission
Phase.The process of data cache transmission is similar with the process of the data cache request.The difference is that the route path information are included in the process of data cache request, while the cache-related data are included in the process of data cache transmission.Every node has to broadcast the request packets to the entire MANET to get the cache data in our proposed scheme.Recently, Wu and Cao [11] proposed a Voronoi Diagram based cooperative cache discovery approach to reduce data access cost by limiting the cache information update and query within a single Voronoi Region.We can further extend our anonymous data access scheme according to the following idea: for each type of cache, all nodes send the route request packets.Once nodes receive route reply packets, they compute the length of hops for every received packet and choose the shortest two.If the two shortest paths are equal, then we assure that the node is the edge node of the Voronoi Region.So for that type of cache, the node will stop broadcasting the request packet to these nodes.

Anonymous Data Access Scheme
Based on PBE 5.1.Route Request Phase.The source node  cannot find some data in the local cache, it asks for its neighbor nodes by broadcasting a route request message packet with the following format: where PDN 0 and PDN  are two pseudonyms generated by the source node, and PDN 0 is used to represent source node's identity, while PDN  will be used to encrypt the requested data.
Once the intermediate node   received the route request message packet,   first verifies the signature of the previous hop to ensure the validity of the pseudonym PDN −1 .If the verification fails, it discards the route request message packet.Otherwise,   checks whether it has a cache copy of the corresponding CID.If yes, node   is the destination node.If not, node   replaces the fourth field, PDN 0 , in the route request message packet with its own pseudonym PDN  , and add a new route record with the following format into its local routing table: where the fifth field is set for the pseudonym of the next hop PDN +1 .Afterwards, it goes on broadcasting the route request message packet.

Analysis on the Proposed Anonymous Data Access Schemes
In the context of anonymity analysis, we assume that adversaries may be en route as well as out of the route and they are interested in the privacy information about the route and nodes en route.We use pseudonyms to identify the nodes without unveiling the real identities and locations of all the nodes, thus the privacy of locations and identities of the nodes are well protected.In our anonymous data access scheme based on onion packet, the information of route is encrypted, the whole routing path are only known by the source node and destination node.The path consists of pseudonyms of each node, intermediate nodes may only know the number of hops, the proposed anonymous data access scheme based on onion packet provides weak anonymity.In our anonymous data access scheme based on PBE, the information of the routing path is only recorded separately in the route table of each node with pseudonyms.Even adversaries en route can get nothing about the route except pseudonyms of its previous hop and next hop.The pseudonym of the source node used for encrypting the data is transferred along the path, however, it uses another pseudonym to participate in the route path.So even the next hop of the source node knows nothing about the fact it is the source node, thus our proposed anonymous data access scheme based on PBE provides strong anonymity.
In our proposed two anonymous data access schemes, passive eavesdropper can only catch packets encrypted by a public key or a session key.For active adversaries who may pretend to be the destination node to send fake route reply packet to the requested node and control some nodes along the routing path, they could only get the pseudonyms of the previous hop and next hop and the encrypted data packet.
In our proposed anonymous data access scheme based on onion packet, DOS attacker cannot control which node they get the cache data from, and they do not know the true identity of the cache node.In our proposed anonymous data access scheme based on PBE, the node has to be authenticated before it requests the cache data.Thus our proposed anonymous data access schemes can resist DOS attack.

Conclusion
Secure anonymity cooperative caching is one of the important task in mobile ad hoc networks in certain privacy vital environments.In this paper, we give anonymity requirements for cooperative cache-based data access in mobile ad hoc networks and present two efficient anonymous data access scheme based on onion message and pseudonym-based encryption, respectively.The proposed schemes cannot only protect the privacy of nodes and routes but can also resist both passive and active attacks.

Figure 1 :
Figure 1: Route from source node to destination node.
4.1.Route Request Phase.The route request phase allows a source node  to discover and establish a routing path to a destination node  through a number of intermediate nodes.To keep communication anonymity, none of the intermediate nodes participating in this phase should discover the identities of  and .The source node  constructs a route request message packet with the following format and broadcasts to all its neighboring nodes: [RREQ, SEQ, PDN  , CID, PDN −1 , k  ] .
ii) If node   has not the requested cache data, it records SEQ, PDN  , PDN −1 into its routing table and generates a new routing table entry as follows: ) If the packet has not been received, then   checks whether it has the requested cache data or not.(i)If the node has the requested cache data (i.e., node   is the destination node), then the process jumps to the route reply phase.( i) If PDN −1 is one of the nodes in the routing table, drop the packet and stop.(ii) Otherwise, node   records the pseudonym PDN −1 into its routing table as one of the reverse node.The reverse node is the next node in the reverse path towards the source in the route reply phase.
) If the packet has been received, then   checks whether the pseudonym PDN −1 has been recorded in the routing table associated with SEQ.( Phase.Suppose that the node  finds the cache copy of the requested data according to its SEQ and CID after received the route request packet.It goes on broadcasting with certain probability to confuse adversaries in order to protect the privacy that it is the destination node.If the destination node  receives many packets with the same keywords (SEQ, CID), it only responses to the first route request packet by generating a route reply message packet with the following format:[RREP, SEQ, CID, ẼPDN −1 (PDN  ) , PDN −1 , Sig PDN +1 ] .CID, PDN −1 , PDN  , 0, TTL] .(14)Theintermediate node   in the replying path firstly checks whether the field PDN −1 is equal to its own pseudonym or not.If it is not, node   then discards the packet.Otherwise node   continues to verify the signature in the packet to ensure the validity of the PDN +1 .And then node   checks the route table against keywords (SEQ, CID) after received the route reply packet.It discards the packet if there is not a corresponding item.Otherwise it decrypts the item ẼPDN −1 (PDN  ) to get PDN  using the corresponding private key.Then node   encrypts PDN −1 (the pseudonym of the node itself) using PDN −2 to get the new route reply packet and goes on broadcasting.The function of encryption is to keep the privacy of the identity of PDN −1 .SEQ, CID, ẼPDN +1 (PDN  , PDN  )] .(15) The intermediate node checks the anonymous route table to decide whether it is the corresponding node by matching the PDN +1 of the received packet and PDN  of the node itself.If it is the correct match, it can decrypt to obtain PDN  of the packet.Then it matches it with the PDN −1 in the route table to decide whether it is the right path to follow.It discards the packet if they do not match.Otherwise it decrypts the packet and replace the field PDN  with PDN +1 (actually the pseudonym of the node itself) and encrypts (PDN +1 , PDN  ) with PDN +2 and keeps on broadcasting.The intermediate node   decrypts the field ẼPDN −1 (PDN  ) of the received data cache reply message packet to get PDN  , then node   try to match it with field PDN +1 in the local routing table.If there is no match, node   discards the packet.Otherwise, node   generates new data cache reply message packet by replacing the field PDN −1 and PDN  with the pseudonym of the previous hop and the current node   , respectively.Then node   goes on broadcasting the new data cache reply message packet.Finally, the source node  receives the data cache reply message packet, gets the required data by decrypting the packet with the private key corresponding to PDN  , and broadcasts the packet with a certain probability.
and encrypts its pseudonym with PDN −1 .Then it broadcasts the data cache reply message packet with the following format: [DREP, SEQ, CID, ẼPDN  (data) , ẼPDN −1 (PDN  )] .(16) : the pseudonym of the source node  PDN  : the pseudonym of the destination node  PDN  : the pseudonym of the intermediate node   TTL: time-to-live values K  : the symmetric key chosen by the intermediate node   E  (): encrypt message  by symmetric encryption with key    : the public key of the source node    : the public key of the destination node  Ê (): encrypt message  by asymmetric encryption with public key  ẼPDN  (): encrypt message  by using pseudonym based encryption scheme with pseudonym PDN  ONI: the onion data packet Sig PDN  : the signature generated by node with pseudonym PDN  .