A Survey on threats in Mobile Ad Hoc Networks
Transcript of A Survey on threats in Mobile Ad Hoc Networks
-
8/11/2019 A Survey on threats in Mobile Ad Hoc Networks
1/6
International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 1
A Survey on threats in Mobile Ad Hoc Networks
Vishal DhillonM Tech Student, ECE, Panchkula Engineering College, Haryana, India
Abstract:-The wireless ad hoc network is theself configuring network where mobile nodescan leave or join the network when they want.These types of networks are much vulnerable tosecurity attacks. Much type of active and passiveattacks is possible in Ad hoc network. Todevelop suitable security solutions for such newenvironments, we must first understand howMANETs can be attacked. This chapter providesa comprehensive survey of attacks against aspecific type of target, namely the routing
protocols used by MANETs. Then we discussvarious proactive and reactive solutions proposedfor MANETs.
Keywords: MANET, Routing Protocols,AODV, Attacks, Security Mechanisms
I. IntroductionRecent advancement of wireless technologies
like Bluetooth introduced a new type of wirelesssystem known as Mobile ad-hoc network
(MANETs) which operate in the absence ofcentral access point[1]. Each node operates notonly as an end-system, but also as a router to
forward packets. It provides high mobility and
device portability that enable to node connect
network and communicate to each other. Thisflexibility makes them attractive for many
applicationssuch as military applications, wherethe network topology may change rapidly toreflect a forces operational movements, and
disaster recovery operations, where the
existing/fixed infrastructure may be non-operational. The ad hoc self-organisation also
makes them suitable for virtual conferences,
where setting up a traditional network
infrastructure is a time consuming high-cost taskand much difficult.
II. Vulnerabilities of MANETs
Wireless Links: First of all in wireless linksmakes the network there are more chances ofattacks such as eavesdropping and active
interference. As in wired networks, attackers do
not need physical access to the network to carry
out these attacks. Furthermore wireless networkshave lower bandwidths than wired networks.
Attackers can exploit this feature, consuming
network bandwidth with ease to prevent normalcommunication among nodes [2].
Dynamic Topology: MANET nodes can leave
and join the network freely, and moveindependently. As a result of this the network
topology can change frequently. It is hard to
differentiate normal behaviour of the network
For example, a node sending disruptive routinginformation can be a malicious node, or else
simply be using outdated information in goodfaith. Moreover mobility of nodes means that we
cannot assume nodes, especially critical ones.Nodes with not adequate physical protection may
often be at risk of being captured and
compromised[2].Cooperativeness: Routing algorithms for
MANETs usually assume that nodes are
cooperative and non-malicious. As a result, a
malicious attacker can easily become animportant agent and disrupt network operations
by not fulfilling the protocol specifications. For
example, a node can pretend as a neighbour toother nodes and participate in collective
decision-making mechanisms, possibly affecting
networking significantly.
Lack of a Clear Line of Defence: MANETs donot have a clear line of defence; attacks can
come from any of the directions. The boundary
that separates the inside network from the
outside world is not very clear on MANETs. Forexample, there is no well defined place where we
can fix our traffic monitoring, and access control
mechanisms. Whereas all traffic goes through
-
8/11/2019 A Survey on threats in Mobile Ad Hoc Networks
2/6
International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 2
switches, routers and gateways in wired
networks, network information in MANETs is
distributed across all the nodes that can only
watch the packets sent and received in theirtransmission range.
Limited Resources: Resource constraints are a
further vulnerability. There can be a variety ofdevices on MANETs, ranging from laptops to
mobile phones. These have different computing
and storage capacities that can be the focus ofnew attacks. For example, mobile nodes
generally run on battery power [9].
III. AODV Routing ProtocolIn ad-hoc network, nodes show their presence in
the network by actively listening the broadcastedmessages by the neighboring nodes. Nodes get
the routing message and give the reply that it ispresent in the network and destination path can
also be reached through that particular node [7].If link fails routing error is sent back to the
transmitting node. Here each request for a route
has a sequence number.Nodes use the sequence number to know that
repeat route request should not be passed again
and again. Another such feature is that the route
requests can be sent only for limited number oftimes. Another such feature is that if a route
request fails, another route request may not besent. When two nodes are in an ad hoc networkwish to establish a connection between each
other, it will enable them building multihop
routes between the source and destination. It is
loop free protocol which uses DestinationSequence Numbers (DSN) to avoid counting to
infinity. This is the main feature of this protocol.
Requesting nodes in a network send DestinationSequence Numbers (DSNs) together with the
routing information from source to the
destination. It selects the best route based on thesequence number. The advantage of AODV isthat it creates no extra traffic for communication
along existing links [10].
In AODV defines three messages are sent: RouteRequests, Route Replies , And Route Errors and
these messages are used to discover the routes
across the network from source to destination by
use of UDP packets. Whenever we want to senddata new route is made by broadcasting route
request packets and final path is made when the
route reply packets are received from the nodes
at the originator node and if link fails then route
error message is generated.Each node maintains its sequence number and
broadcast ID. For every RREQ the node initiates
broadcast ID which is incremented and togetherwith the node's IP address uniquely identifies an
RREQ. At last that route will be the final route
that has the minimum hop count from source todestination [7].
Analysis is done using NS-2 is an open-source
simulation tool running on Unix-like operating
systems.
1. Back End- Programming language is used.
2. NS2 has different types of agents. In- built
protocols are used in it like AODV, DSDV and
DSR
Figure 1: AODV algorithm
Figure 2: Best path with minimum Hop Count
IV. Attacks on MANETAt the highest level, the security goals of
MANETs are not different from other networks:
-
8/11/2019 A Survey on threats in Mobile Ad Hoc Networks
3/6
International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 3
most typically authentication, confidentiality,
integrity, availability, and non-repudiation [3].
Authentication is the verification of the identity
of a source of information.Confidentiality means that only authorized
people or systems can read or execute protected
data or programs. It should be noted that thesensitivity of information in MANETs may be
attacked much faster than any other information
[9].Integrity means that the information is not
changed or corrupted by unauthorized users.
Availabilityrefers to the ability of the network to
provide services as required. Denials of Service(DoS) attacks have become one of the most
worrying problems for network managers. In a
military environment, a successful DoS attack is
extremely dangerous.Non-repudiation ensures that committed actions
cannot be denied. In MANETs security goals of
a system can change in different modes (e.g.peace time and war time of a military network).
In routing attacks attackers do not follow the
specifications of routing protocols and aim to
disrupt the network communication in thefollowing ways:
Route Disruption: modifying existing routes,
creating routing loops, and causing the packetsto
be forwarded along a route that is not optimal.Node Isolation: Isolating a node or some nodes
from communicating with other nodes in the
network, partitioning the network, etc.Resource Consumption: Decreasing network
performance, consuming network bandwidth or
node resources, etc.Computational power: This clearly affects the
ability of an attacker to compromise a network.
Eavesdropped traffic can be relayed back to high
performance super-computing networks for
analysis.Deployment capability: Adversary distribution
may range from a single node to a pervasivecarpet of smart counter-dust, with a consequent
variation in attack capabilities
Location control: The location of adversary
nodes has may have a clear impact on what theadversarycan do. An adversary may be restricted
to placing attack nodes at the geographical
boundary of an enemy network.
Mobility: Mobility generally brings an increase
in power. On the other hand, mobility may
prevent an attacker from targeting one specific
victim. Moreover they have stated that even if itreduces the damage caused by the attacker, it
makes detection more difficult since the
symptoms of an attack and those arising due tothe dynamic nature of the network are difficult to
distinguish. In conclusion, the impact of mobility
on detection is a complex matter.
We can classify attacks as passive, active,
internal and external [4].
Active attacks [5]: In the active attacks the
attacker attempts to modify or alter the data
being exchanged in network. The attack may
disrupt the normal functioning of the network.Active attacks are very dangerous. Example of
active attacks is impersonation and spoofing.
Passive attacks: In a passive attack an
unauthorized node monitors and aims to find out
information about the network. The attackers do
not otherwise need to communicate with thenetwork. Hence they do not disrupt
communications or cause any direct damage tothe network. However, they can be used to get
information for future harmful attacks. Examplesof passive attacks are eavesdropping and traffic
analysis.
-
8/11/2019 A Survey on threats in Mobile Ad Hoc Networks
4/6
International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 4
Further types of attacks are:
Black Hole Attack: A black hole is a malicious
node that falsely replies for route requests
without having an active route to the destinationand exploits the routing protocol to advertise
itself as having a shortest route to destination [1].
Wormhole Attack: In this attack an attacker
records packets at one location in the network
and tunnels them to another location. This tunnelbetween two colluding attackers is referred as a
wormhole. Routing can be disrupted when
routing control message are tunneled [1].
Byzantine Attack: A compromised intermediate
node works alone, or a set of compromised
intermediate nodes works in collusion and carry
out attacks. Such as selectively forwardingpackets on non-optimal paths and selectively
dropping packets which results in disruption or
degradation of the routing services [4].
Eavesdropping: The main goal of eavesdropping
is to obtain some confidential information that
should be kept secret during the communication.This confidential information may include the
location, public key, private key or even
passwords of the nodes [4].
Traffic Analysis is not necessarily an entirely
passive activity. It is perfectly feasible to engage
inprotocols, or seek to provoke communication
between nodes. Attackers may employtechniques such as RF direction finding, traffic
rate analysis, and time-correlation monitoring.
Dropping Attacks: Malicious nodes deliberately
drop all packets that are not destined for them.
While malicious nodes aim to disrupt the
network, selfish nodes aim to preserve theirresources. It might reduce the network
performance by causing data packets to be
retransmitted.
Modification Attacks: Insider attackers modify
packets to disrupt the network. It is especially
effective in routing protocols that use advertisedinformation such as remaining energy and
nearest node to the destination in the route
discovery process.
Fabrication Attacks: Here the attacker forgesnetwork packets. In fabrication attacks are
classified into active forge in which attackers
send fake messages without receiving any relatedmessage and forge reply in whichthe attackersends fake route reply messages in response to
related legitimate route request messages.
Timing Attacks: An attacker attracts other nodesby causing itself to appear closer to those nodes
thanit really is. DoS attacks, rushing attacks, and
hello flood attacks use this technique. Rushingattacks [8] occur during the Route Discovery
phase. In all existing on-demand protocols, a
node needs a route broadcasts Route Requestmessages and each node forwards only the first
arriving Route Request in order to limit the
overhead of message flooding. So, if the Route
Request forwarded by the attacker arrives first atthe destination, routes including the attacker will
be discovered instead of valid routes. Rushing
attacks can be carried out in many ways: byignoring delays at MAC or routing layers, by
wormhole attacks, by keeping other nodes
transmission queues full, or by transmitting
packets at a higher wireless transmission power .The hello flood attack is another attack that
makes the adversary attractive for many routes.
In some routing protocols, nodes broadcast Hello
packets to detect neighbouring nodes. Thesemessages are received by all one-hop neighbour
nodes, but are not forwarded to further nodes.
The attacker broadcasts many Hello packets withlarge enough transmission power that each node
receiving Hello packets assumes the adversary
node to be its neighbour. It can be highly
effective in both proactive and reactive MANETprotocols.
V. Intrusion DetectionSince prevention techniques are limited in their
effectiveness and new intrusions continually
emerge, an intrusion detection system (IDS) is anindispensable part of a security system. An IDS
is introduced to detect possible violations of a
security policy by monitoring system activities
-
8/11/2019 A Survey on threats in Mobile Ad Hoc Networks
5/6
International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 5
and responding to those that are apparently
intrusive. If we detect an attack once it comes
into the network, a response can be initiated to
prevent or minimize the damage to the system[8]. An IDS also provides information about
intrusion techniques, enhancing our
understanding of attacks and informing ourdecisions regarding prevention and mitigation.
Although there are many intrusion detection
systems for wired networks, they do not findsimple application to MANETs. Different
characteristics of MANETs make conventional
IDSs ineffective and inefficient for this
environment. Consequently, researchers havebeen working recently on developing new IDSs
for MANETs, or on modifying current IDSs to
be applicable to MANETs.
Specification-Based Intrusion Detection:One of
the most commonly proposed intrusion detection
techniques for MANETs is specification-based
intrusion detection, where intrusions are detectedas runtime violations of the specifications of
routing protocols. This technique has been
applied to a variety of routing protocols onMANETs such as AODV, OLSR, DSR. In each
network monitor employs a finite state machine
(FSM) to state the specifications of AODV,
especially for the route discovery process, andmaintains a forwarding table for each monitored
node. Each RREP and RREQ message in the
range of the network monitor is monitored in a
request-reply flow which checks the situationssuch as if route request packets are forwarded by
next node or not, if route reply packets are
modified on the path or not, and the like. When anetwork monitor needs information about
previous messages or other nodes that are not in
its range, it can ask neighbouring network
monitors [8].
Anomaly-Based Intrusion Detection: This
technique profiles the symptoms of normalbehaviours of the system, such as usage
frequency of commands, CPU usage for
programs, and the like. It detects intrusions as
anomalies, i.e. deviations from the normalbehaviour patterns. Various techniques have
been applied for anomaly detection, e.g.
statistical approaches, and artificial intelligence
techniques like data mining and neural networks.
The biggest challenge is defining normal
behaviour. Normal behaviour can change overtime and IDS systems need to adapt accordingly.
Thats one of the reasons false positives the
normal activities which are detected asanomalies by IDS can be high in anomaly-
based detection. On the other hand, it is capable
of detecting unknown attacks. This is importantin an environment where new attacks and new
vulnerabilities of systems are announced
constantly [8].
Misuse-Based Intrusion Detection: Misuse-Based IDSs compare known attack signatures
with current system activities. They are generally
preferred by commercial IDSs since they are
efficient and have a low false positive rate. Thedrawback of this approach is that it cannot detect
new attacks. The system is only as strong as its
signature database and this needs frequentupdating for new attacks [8].
VI . Future Directions for ResearchNone of the proposed systems are necessarily the
best solution taking into account different
applications which they can have their own
requirements and characteristics. They alsousually consider few specific attacks and target a
specific routing protocol. Furthermore they
emphasize just a few specific MANET features.
For instance the consequences of having limitedresources is generally little explored. Some
solutions might not be suitable for some nodes
which can have limited computationalcapabilities and resources. Researchers can
develop solutions considering different
characteristics of these nodes. Cooperation and
communication between nodes is another areaneed to be explored. Proposed network
architectures should not introduce new
weakness/overheads to the system. To conclude,researcher should focus on developing solutions
suitable to MANETs specific features.
VII. ConclusionSince proposed routing protocols on MANETs
are insecure, we have mainly focused on active
-
8/11/2019 A Survey on threats in Mobile Ad Hoc Networks
6/6
International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 6
routing attacks which are classified into
dropping, modification, fabrication, and timing
attacks. Attackers have also been discussed and
examined under insider and outsider attackers.Insider attacks are examined on our exemplar
routing protocol AODV. Conventional security
techniques are not directly applicable toMANETs due to their very nature. Researchers
currently focus on developing new prevention,
detection and response mechanism for MANETs.In this chapter we summarize secure routing
approaches proposed for MANETs. The
difficulty of key management on this distributed
and cooperative environment is also discussed.Furthermore we have surveyed intrusion
detection systems with different detection
techniques proposed in the literature. Each
approach and technique is presented with attacksthey can and cannot detect. To conclude,
MANET security is a complex and challenging
topic. To propose security solutions well-suitedto this new environment, we recommend
researchers investigate possible security risks to
MANETs most horoughly
VIII. References[1] Priyanka G.; Vintra.; Rahul.; MANET:Vulnerabilities, Challenges, Attacks,
Application, International Journal ofComputational Engineering & Management,2011.[2] Supriya T.; Vinti G.; A Survey of Attackson Manet Routing Protocols, InternationalJournal of Innovative Research in Science,Engineering and Technology, Vol.2, 2013.[3] Vinit G.; Manoj S.; Tanupriya C.; CharuGupta.; Advance Survey of Mobile Ad-HocNetwork, International Journal of ComputerScience and Telecommunication, Vol.2, 2011.[4] Rusha N.; Debdutta R.; Study of Various
Attacks in MANET and Elaborative DiscussionOf Rushing Attack on DSR with clusteringscheme, Int. J. Advanced Networking andApplications, Vol.03 2011.[5] Feng L.; Yinying Y.; Jie W.; Attack andFlee Game-Theory-Based Analysis onInteractions Among Nodes in MANETs, IEEETransactions on Systems, Man, andCyberneticsPart b: Cybernetics, Vol. No. 32010.
[6] Aishwarya S.; Anand U.; Meenu C.;Detection of Packet Dropping Attack UsingImproved Acknowledgement Based Scheme inMANET, Internation Journal of ComputerScience Issues, , Vol.7, 2010.[7] Sunil T.; Dr. Ashwani K.; Amandeep M.;
End to End Delay Analysis of Prominent On-demand Routing Protocols,IJCST Vol. 2, 2011.[8] Giovanni V.; Sumit G.; Kavitha S.; Elizabeth
M.; An Intrusion Detection Tool for AODV-
based Ad hoc Wireless Networks, 2004[9] Sevil .; John A.; Juan E.; Security Threats
in Mobile Ad Hoc Networks, 2010.
[10] Bhalaji N.; Reliable Routing against
Selective Packet Drop Attack in DSR basedMANET, Journal of Software, vol. 4, 2009.
[11] Aikaterini M.; Christos D,; Intrusion
Detection of Packet Dropping Attacks in MobileAd Hoc Networks, 2006.
JournalsVishal D.; Deepak K.; Manish K.;
Implementation of a Novel Technique to Detectand Isolate Selective Packet Drop Attack in
MANET, International Journal of Advanced
Computer Research and Networks Vol 2 ,Issue2, 2014 ISSN: 2278-0658.
AUTHOR BIBLOGRAPHY
Vishal Dhillon has received hisB.Tech degree in Electronics
and Comm. Engg from Rayat
Bahra Institute of Engg andNano Tech in 2012 and M
Tech from Panchkula Engg
College in Electronics and Comm. Engg
affiliated to Kurukshetra University. Presently heis working as lecturer in Department of
Engineering in MIT Hamirpur HP.