A Survey on threats in Mobile Ad Hoc Networks

8/11/2019 A Survey on threats in Mobile Ad Hoc Networks

1/6

International Journal of Exploring Emerging Trends in Engineering (IJEETE)

Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM

All Rights Reserved 2014 IJEETE Page 1

A Survey on threats in Mobile Ad Hoc Networks

Vishal DhillonM Tech Student, ECE, Panchkula Engineering College, Haryana, India

[email protected]

Abstract:-The wireless ad hoc network is theself configuring network where mobile nodescan leave or join the network when they want.These types of networks are much vulnerable tosecurity attacks. Much type of active and passiveattacks is possible in Ad hoc network. Todevelop suitable security solutions for such newenvironments, we must first understand howMANETs can be attacked. This chapter providesa comprehensive survey of attacks against aspecific type of target, namely the routing

protocols used by MANETs. Then we discussvarious proactive and reactive solutions proposedfor MANETs.

Keywords: MANET, Routing Protocols,AODV, Attacks, Security Mechanisms

I. IntroductionRecent advancement of wireless technologies

like Bluetooth introduced a new type of wirelesssystem known as Mobile ad-hoc network

(MANETs) which operate in the absence ofcentral access point[1]. Each node operates notonly as an end-system, but also as a router to

forward packets. It provides high mobility and

device portability that enable to node connect

network and communicate to each other. Thisflexibility makes them attractive for many

applicationssuch as military applications, wherethe network topology may change rapidly toreflect a forces operational movements, and

disaster recovery operations, where the

existing/fixed infrastructure may be non-operational. The ad hoc self-organisation also

makes them suitable for virtual conferences,

where setting up a traditional network

infrastructure is a time consuming high-cost taskand much difficult.

II. Vulnerabilities of MANETs

Wireless Links: First of all in wireless linksmakes the network there are more chances ofattacks such as eavesdropping and active

interference. As in wired networks, attackers do

not need physical access to the network to carry

out these attacks. Furthermore wireless networkshave lower bandwidths than wired networks.

Attackers can exploit this feature, consuming

network bandwidth with ease to prevent normalcommunication among nodes [2].

Dynamic Topology: MANET nodes can leave

and join the network freely, and moveindependently. As a result of this the network

topology can change frequently. It is hard to

differentiate normal behaviour of the network

For example, a node sending disruptive routinginformation can be a malicious node, or else

simply be using outdated information in goodfaith. Moreover mobility of nodes means that we

cannot assume nodes, especially critical ones.Nodes with not adequate physical protection may

often be at risk of being captured and

compromised[2].Cooperativeness: Routing algorithms for

MANETs usually assume that nodes are

cooperative and non-malicious. As a result, a

malicious attacker can easily become animportant agent and disrupt network operations

by not fulfilling the protocol specifications. For

example, a node can pretend as a neighbour toother nodes and participate in collective

decision-making mechanisms, possibly affecting

networking significantly.

Lack of a Clear Line of Defence: MANETs donot have a clear line of defence; attacks can

come from any of the directions. The boundary

that separates the inside network from the

outside world is not very clear on MANETs. Forexample, there is no well defined place where we

can fix our traffic monitoring, and access control

mechanisms. Whereas all traffic goes through


2/6




switches, routers and gateways in wired

networks, network information in MANETs is

distributed across all the nodes that can only

watch the packets sent and received in theirtransmission range.

Limited Resources: Resource constraints are a

further vulnerability. There can be a variety ofdevices on MANETs, ranging from laptops to

mobile phones. These have different computing

and storage capacities that can be the focus ofnew attacks. For example, mobile nodes

generally run on battery power [9].

III. AODV Routing ProtocolIn ad-hoc network, nodes show their presence in

the network by actively listening the broadcastedmessages by the neighboring nodes. Nodes get

the routing message and give the reply that it ispresent in the network and destination path can

also be reached through that particular node [7].If link fails routing error is sent back to the

transmitting node. Here each request for a route

has a sequence number.Nodes use the sequence number to know that

repeat route request should not be passed again

and again. Another such feature is that the route

requests can be sent only for limited number oftimes. Another such feature is that if a route

request fails, another route request may not besent. When two nodes are in an ad hoc networkwish to establish a connection between each

other, it will enable them building multihop

routes between the source and destination. It is

loop free protocol which uses DestinationSequence Numbers (DSN) to avoid counting to

infinity. This is the main feature of this protocol.

Requesting nodes in a network send DestinationSequence Numbers (DSNs) together with the

routing information from source to the

destination. It selects the best route based on thesequence number. The advantage of AODV isthat it creates no extra traffic for communication

along existing links [10].

In AODV defines three messages are sent: RouteRequests, Route Replies , And Route Errors and

these messages are used to discover the routes

across the network from source to destination by

use of UDP packets. Whenever we want to senddata new route is made by broadcasting route

request packets and final path is made when the

route reply packets are received from the nodes

at the originator node and if link fails then route

error message is generated.Each node maintains its sequence number and

broadcast ID. For every RREQ the node initiates

broadcast ID which is incremented and togetherwith the node's IP address uniquely identifies an

RREQ. At last that route will be the final route

that has the minimum hop count from source todestination [7].

Analysis is done using NS-2 is an open-source

simulation tool running on Unix-like operating

systems.

1. Back End- Programming language is used.

2. NS2 has different types of agents. In- built

protocols are used in it like AODV, DSDV and

DSR

Figure 1: AODV algorithm

Figure 2: Best path with minimum Hop Count

IV. Attacks on MANETAt the highest level, the security goals of

MANETs are not different from other networks:


3/6




most typically authentication, confidentiality,

integrity, availability, and non-repudiation [3].

Authentication is the verification of the identity

of a source of information.Confidentiality means that only authorized

people or systems can read or execute protected

data or programs. It should be noted that thesensitivity of information in MANETs may be

attacked much faster than any other information

[9].Integrity means that the information is not

changed or corrupted by unauthorized users.

Availabilityrefers to the ability of the network to

provide services as required. Denials of Service(DoS) attacks have become one of the most

worrying problems for network managers. In a

military environment, a successful DoS attack is

extremely dangerous.Non-repudiation ensures that committed actions

cannot be denied. In MANETs security goals of

a system can change in different modes (e.g.peace time and war time of a military network).

In routing attacks attackers do not follow the

specifications of routing protocols and aim to

disrupt the network communication in thefollowing ways:

Route Disruption: modifying existing routes,

creating routing loops, and causing the packetsto

be forwarded along a route that is not optimal.Node Isolation: Isolating a node or some nodes

from communicating with other nodes in the

network, partitioning the network, etc.Resource Consumption: Decreasing network

performance, consuming network bandwidth or

node resources, etc.Computational power: This clearly affects the

ability of an attacker to compromise a network.

Eavesdropped traffic can be relayed back to high

performance super-computing networks for

analysis.Deployment capability: Adversary distribution

may range from a single node to a pervasivecarpet of smart counter-dust, with a consequent

variation in attack capabilities

Location control: The location of adversary

nodes has may have a clear impact on what theadversarycan do. An adversary may be restricted

to placing attack nodes at the geographical

boundary of an enemy network.

Mobility: Mobility generally brings an increase

in power. On the other hand, mobility may

prevent an attacker from targeting one specific

victim. Moreover they have stated that even if itreduces the damage caused by the attacker, it

makes detection more difficult since the

symptoms of an attack and those arising due tothe dynamic nature of the network are difficult to

distinguish. In conclusion, the impact of mobility

on detection is a complex matter.

We can classify attacks as passive, active,

internal and external [4].

Active attacks [5]: In the active attacks the

attacker attempts to modify or alter the data

being exchanged in network. The attack may

disrupt the normal functioning of the network.Active attacks are very dangerous. Example of

active attacks is impersonation and spoofing.

Passive attacks: In a passive attack an

unauthorized node monitors and aims to find out

information about the network. The attackers do

not otherwise need to communicate with thenetwork. Hence they do not disrupt

communications or cause any direct damage tothe network. However, they can be used to get

information for future harmful attacks. Examplesof passive attacks are eavesdropping and traffic

analysis.


4/6




Further types of attacks are:

Black Hole Attack: A black hole is a malicious

node that falsely replies for route requests

without having an active route to the destinationand exploits the routing protocol to advertise

itself as having a shortest route to destination [1].

Wormhole Attack: In this attack an attacker

records packets at one location in the network

and tunnels them to another location. This tunnelbetween two colluding attackers is referred as a

wormhole. Routing can be disrupted when

routing control message are tunneled [1].

Byzantine Attack: A compromised intermediate

node works alone, or a set of compromised

intermediate nodes works in collusion and carry

out attacks. Such as selectively forwardingpackets on non-optimal paths and selectively

dropping packets which results in disruption or

degradation of the routing services [4].

Eavesdropping: The main goal of eavesdropping

is to obtain some confidential information that

should be kept secret during the communication.This confidential information may include the

location, public key, private key or even

passwords of the nodes [4].

Traffic Analysis is not necessarily an entirely

passive activity. It is perfectly feasible to engage

inprotocols, or seek to provoke communication

between nodes. Attackers may employtechniques such as RF direction finding, traffic

rate analysis, and time-correlation monitoring.

Dropping Attacks: Malicious nodes deliberately

drop all packets that are not destined for them.

While malicious nodes aim to disrupt the

network, selfish nodes aim to preserve theirresources. It might reduce the network

performance by causing data packets to be

retransmitted.

Modification Attacks: Insider attackers modify

packets to disrupt the network. It is especially

effective in routing protocols that use advertisedinformation such as remaining energy and

nearest node to the destination in the route

discovery process.

Fabrication Attacks: Here the attacker forgesnetwork packets. In fabrication attacks are

classified into active forge in which attackers

send fake messages without receiving any relatedmessage and forge reply in whichthe attackersends fake route reply messages in response to

related legitimate route request messages.

Timing Attacks: An attacker attracts other nodesby causing itself to appear closer to those nodes

thanit really is. DoS attacks, rushing attacks, and

hello flood attacks use this technique. Rushingattacks [8] occur during the Route Discovery

phase. In all existing on-demand protocols, a

node needs a route broadcasts Route Requestmessages and each node forwards only the first

arriving Route Request in order to limit the

overhead of message flooding. So, if the Route

Request forwarded by the attacker arrives first atthe destination, routes including the attacker will

be discovered instead of valid routes. Rushing

attacks can be carried out in many ways: byignoring delays at MAC or routing layers, by

wormhole attacks, by keeping other nodes

transmission queues full, or by transmitting

packets at a higher wireless transmission power .The hello flood attack is another attack that

makes the adversary attractive for many routes.

In some routing protocols, nodes broadcast Hello

packets to detect neighbouring nodes. Thesemessages are received by all one-hop neighbour

nodes, but are not forwarded to further nodes.

The attacker broadcasts many Hello packets withlarge enough transmission power that each node

receiving Hello packets assumes the adversary

node to be its neighbour. It can be highly

effective in both proactive and reactive MANETprotocols.

V. Intrusion DetectionSince prevention techniques are limited in their

effectiveness and new intrusions continually

emerge, an intrusion detection system (IDS) is anindispensable part of a security system. An IDS

is introduced to detect possible violations of a

security policy by monitoring system activities


5/6




and responding to those that are apparently

intrusive. If we detect an attack once it comes

into the network, a response can be initiated to

prevent or minimize the damage to the system[8]. An IDS also provides information about

intrusion techniques, enhancing our

understanding of attacks and informing ourdecisions regarding prevention and mitigation.

Although there are many intrusion detection

systems for wired networks, they do not findsimple application to MANETs. Different

characteristics of MANETs make conventional

IDSs ineffective and inefficient for this

environment. Consequently, researchers havebeen working recently on developing new IDSs

for MANETs, or on modifying current IDSs to

be applicable to MANETs.

Specification-Based Intrusion Detection:One of

the most commonly proposed intrusion detection

techniques for MANETs is specification-based

intrusion detection, where intrusions are detectedas runtime violations of the specifications of

routing protocols. This technique has been

applied to a variety of routing protocols onMANETs such as AODV, OLSR, DSR. In each

network monitor employs a finite state machine

(FSM) to state the specifications of AODV,

especially for the route discovery process, andmaintains a forwarding table for each monitored

node. Each RREP and RREQ message in the

range of the network monitor is monitored in a

request-reply flow which checks the situationssuch as if route request packets are forwarded by

next node or not, if route reply packets are

modified on the path or not, and the like. When anetwork monitor needs information about

previous messages or other nodes that are not in

its range, it can ask neighbouring network

monitors [8].

Anomaly-Based Intrusion Detection: This

technique profiles the symptoms of normalbehaviours of the system, such as usage

frequency of commands, CPU usage for

programs, and the like. It detects intrusions as

anomalies, i.e. deviations from the normalbehaviour patterns. Various techniques have

been applied for anomaly detection, e.g.

statistical approaches, and artificial intelligence

techniques like data mining and neural networks.

The biggest challenge is defining normal

behaviour. Normal behaviour can change overtime and IDS systems need to adapt accordingly.

Thats one of the reasons false positives the

normal activities which are detected asanomalies by IDS can be high in anomaly-

based detection. On the other hand, it is capable

of detecting unknown attacks. This is importantin an environment where new attacks and new

vulnerabilities of systems are announced

constantly [8].

Misuse-Based Intrusion Detection: Misuse-Based IDSs compare known attack signatures

with current system activities. They are generally

preferred by commercial IDSs since they are

efficient and have a low false positive rate. Thedrawback of this approach is that it cannot detect

new attacks. The system is only as strong as its

signature database and this needs frequentupdating for new attacks [8].

VI . Future Directions for ResearchNone of the proposed systems are necessarily the

best solution taking into account different

applications which they can have their own

requirements and characteristics. They alsousually consider few specific attacks and target a

specific routing protocol. Furthermore they

emphasize just a few specific MANET features.

For instance the consequences of having limitedresources is generally little explored. Some

solutions might not be suitable for some nodes

which can have limited computationalcapabilities and resources. Researchers can

develop solutions considering different

characteristics of these nodes. Cooperation and

communication between nodes is another areaneed to be explored. Proposed network

architectures should not introduce new

weakness/overheads to the system. To conclude,researcher should focus on developing solutions

suitable to MANETs specific features.

VII. ConclusionSince proposed routing protocols on MANETs

are insecure, we have mainly focused on active


6/6




routing attacks which are classified into

dropping, modification, fabrication, and timing

attacks. Attackers have also been discussed and

examined under insider and outsider attackers.Insider attacks are examined on our exemplar

routing protocol AODV. Conventional security

techniques are not directly applicable toMANETs due to their very nature. Researchers

currently focus on developing new prevention,

detection and response mechanism for MANETs.In this chapter we summarize secure routing

approaches proposed for MANETs. The

difficulty of key management on this distributed

and cooperative environment is also discussed.Furthermore we have surveyed intrusion

detection systems with different detection

techniques proposed in the literature. Each

approach and technique is presented with attacksthey can and cannot detect. To conclude,

MANET security is a complex and challenging

topic. To propose security solutions well-suitedto this new environment, we recommend

researchers investigate possible security risks to

MANETs most horoughly

VIII. References[1] Priyanka G.; Vintra.; Rahul.; MANET:Vulnerabilities, Challenges, Attacks,

Application, International Journal ofComputational Engineering & Management,2011.[2] Supriya T.; Vinti G.; A Survey of Attackson Manet Routing Protocols, InternationalJournal of Innovative Research in Science,Engineering and Technology, Vol.2, 2013.[3] Vinit G.; Manoj S.; Tanupriya C.; CharuGupta.; Advance Survey of Mobile Ad-HocNetwork, International Journal of ComputerScience and Telecommunication, Vol.2, 2011.[4] Rusha N.; Debdutta R.; Study of Various

Attacks in MANET and Elaborative DiscussionOf Rushing Attack on DSR with clusteringscheme, Int. J. Advanced Networking andApplications, Vol.03 2011.[5] Feng L.; Yinying Y.; Jie W.; Attack andFlee Game-Theory-Based Analysis onInteractions Among Nodes in MANETs, IEEETransactions on Systems, Man, andCyberneticsPart b: Cybernetics, Vol. No. 32010.

[6] Aishwarya S.; Anand U.; Meenu C.;Detection of Packet Dropping Attack UsingImproved Acknowledgement Based Scheme inMANET, Internation Journal of ComputerScience Issues, , Vol.7, 2010.[7] Sunil T.; Dr. Ashwani K.; Amandeep M.;

End to End Delay Analysis of Prominent On-demand Routing Protocols,IJCST Vol. 2, 2011.[8] Giovanni V.; Sumit G.; Kavitha S.; Elizabeth

M.; An Intrusion Detection Tool for AODV-

based Ad hoc Wireless Networks, 2004[9] Sevil .; John A.; Juan E.; Security Threats

in Mobile Ad Hoc Networks, 2010.

[10] Bhalaji N.; Reliable Routing against

Selective Packet Drop Attack in DSR basedMANET, Journal of Software, vol. 4, 2009.

[11] Aikaterini M.; Christos D,; Intrusion

Detection of Packet Dropping Attacks in MobileAd Hoc Networks, 2006.

JournalsVishal D.; Deepak K.; Manish K.;

Implementation of a Novel Technique to Detectand Isolate Selective Packet Drop Attack in

MANET, International Journal of Advanced

Computer Research and Networks Vol 2 ,Issue2, 2014 ISSN: 2278-0658.

AUTHOR BIBLOGRAPHY

Vishal Dhillon has received hisB.Tech degree in Electronics

and Comm. Engg from Rayat

Bahra Institute of Engg andNano Tech in 2012 and M

Tech from Panchkula Engg

College in Electronics and Comm. Engg

affiliated to Kurukshetra University. Presently heis working as lecturer in Department of

Engineering in MIT Hamirpur HP.

A Survey on threats in Mobile Ad Hoc Networks

Documents

Transcript of A Survey on threats in Mobile Ad Hoc Networks