Edouard Manet The Fifer, 1886. Edouard Manet The Dead Toreador, 1864.
eaack-a secure ids for manet
-
Upload
aswin-pv -
Category
Technology
-
view
4.460 -
download
0
description
Transcript of eaack-a secure ids for manet
![Page 1: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/1.jpg)
04/09/23 1Dept. of ECE
![Page 2: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/2.jpg)
EAACKEAACK—A Secure —A Secure Intrusion-DetectionIntrusion-DetectionSystem for MANETsSystem for MANETs
04/09/23 2Dept. of ECE
![Page 3: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/3.jpg)
ContentsContents Introduction What is MANET???? Need For IDS???? IDS
1. Watch dog2. TWOACK3. AACK
EAACK Performance Evaluation Simulation configuration Advantages Future enhancement Conclusion Reference
04/09/23 3Dept. of ECE
![Page 4: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/4.jpg)
IntroductionIntroduction
MANET -Mobile Ad hoc NETworks
IDS -Intrusion Detection Systems
EAACK-Enhanced Adaptive ACKnowledgement
04/09/23 4Dept. of ECE
![Page 5: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/5.jpg)
Mobile Ad hoc NETworksWireless networkAd hoc = “for this PURPOSE”Used to exchange informationNODES = transmitter + receiver
Nodes may be mobileEach node is willing to forward data to other nodesCommuncation can be direct or indirectNodes communicates directly within their rangesOtherwise rely on neighbours (indirectly)
04/09/23 5Dept. of ECE
![Page 6: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/6.jpg)
Continuation.....Continuation.....
Properties of MANETsNo fixed infrastructureSelf configuring abilityDynamic topologyDecentralized network
04/09/23 6Dept. of ECE
![Page 7: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/7.jpg)
Continuation….Continuation….
Routes between nodes may contain multiple hopsNodes act as routers to forward packets for each otherNode mobility may cause the routes change
AB
C
D
AB
C D
04/09/23 7Dept. of ECE
![Page 8: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/8.jpg)
Continuation….Continuation….
Application of MANETSMilitary application◦ Combat regiment in the field ◦ Perhaps 4000-8000 objects in constant unpredictable motion.◦ Intercommunication of forces ◦ Proximity, plan of battle
Sensor networksAutomotive networksIndustrial application
04/09/23 8Dept. of ECE
![Page 9: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/9.jpg)
MANET vulnerable to malicious attackersoOpen mediumoWide distribution of nodes
Routing protocols assumes nodes are always cooperative
Nodes are not physically protected
04/09/23 9Dept. of ECE
![Page 10: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/10.jpg)
IDSIDS Intrusion Detection SystemDetect and report the malicious activity in ad hoc
networksResearchers have proposed a number of
collaborative IDS system
1. Watch dog
2. TWOACK
3. AACK
04/09/23 10Dept. of ECE
![Page 11: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/11.jpg)
Watch dogWatch dog
04/09/23 11Dept. of ECE
![Page 12: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/12.jpg)
Ambiguous collisionAmbiguous collision
04/09/23 12Dept. of ECE
![Page 13: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/13.jpg)
Receiver collisionReceiver collision
04/09/23 13Dept. of ECE
![Page 14: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/14.jpg)
Limited transmission powerLimited transmission power
04/09/23 14Dept. of ECE
![Page 15: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/15.jpg)
False misbehaviour reportFalse misbehaviour report
04/09/23 15Dept. of ECE
![Page 16: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/16.jpg)
TWOACKTWOACK
04/09/23 16Dept. of ECE
![Page 17: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/17.jpg)
Continuation....Continuation.... Acknowledgment-based network layer scheme
Neither an enhancement or watch dog based scheme
Acknowledge every data packet transmitted over every
three consecutive nodes
On receiving a packet , each node is required to send
back an acknowledgment packet to the node that is two
hops away from it.
Solves receiver collision and limited transmission power
problem
Network overhead is present
04/09/23 17Dept. of ECE
![Page 18: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/18.jpg)
AACKAACKAdaptive ACKnowledgementAcknowledgment-based network
layer schemeReduce network overheadCombination of TACK (similar to
TWOACK) and ACKACK-End to end acknowledgment
scheme
04/09/23 18Dept. of ECE
![Page 19: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/19.jpg)
•ACKACK
•S will switch to TACK scheme if it doesn’t get any ACK packet within predefined time
04/09/23 19Dept. of ECE
![Page 20: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/20.jpg)
The need of new IDS???The need of new IDS???Both TWOACK and AACK fails in
1. False misbehaviour report2. Forged acknowledgement packet
04/09/23 20Dept. of ECE
![Page 21: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/21.jpg)
EAACKEAACKEnhanced Adaptive ACKnowledgementEfficient and secure intrusion detection
system for MANETsHigher malicious behaviour detection rates
with minimal effect on network performanceEAACK mechanism can be divided to three
schemes1. ACK(end to end acknowledgement scheme)2. S-ACK(Secure ACK)
3. MRA(Misbehaviour Report Authentication)
04/09/23 21Dept. of ECE
![Page 22: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/22.jpg)
1.1. ACKACKEnd-to-end acknowledgment
schemeBrings extremely low network
overheadTo preserve the life cycle of
battery Low network overhead Lom memory consumption
04/09/23 22Dept. of ECE
![Page 23: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/23.jpg)
ACK schemeACK scheme
04/09/23 23Dept. of ECE
![Page 24: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/24.jpg)
2.S-ACK2.S-ACKSecure ACKExtension of TWOACK with digital
signatureSwitch from ACK if S does not
receive any acknowledgement packet Detect misbehaving nodes by
sending S-ACK packetEvery three consecutive nodes work
in a group to detect misbehaving nodes
04/09/23 24Dept. of ECE
![Page 25: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/25.jpg)
S-ACK schemeS-ACK scheme
Who is malicious?? F1,F2 OR F3???
04/09/23 25Dept. of ECE
![Page 26: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/26.jpg)
NONE IS NONE IS MALICIOUS ..............MALICIOUS ..............Route is F1 F2 F3F1 sends S-ACK data packet to F3
via the route F2 F3Before sending F1 store # value of
data packet and sending timeF2 receives packet from F1 and
forward to F3F3 receives the data packet and
send S-ACK acknowledgement ◦Contain # value and digital signature of
F3
04/09/23 26Dept. of ECE
![Page 27: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/27.jpg)
This S-ACKnowledgement is send back to the reverse route
F1 receives it and verify digital signature by computing with F3 public key.
If there is no malicious nodes ,then the received hash value ==original hash value
04/09/23 27Dept. of ECE
![Page 28: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/28.jpg)
F1 IS MALICIOUSF1 IS MALICIOUS
•False misbehaviour attack •In EAACK,it initiates MRA scheme.
04/09/23 28Dept. of ECE
![Page 29: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/29.jpg)
F2 IS MALICIOUSF2 IS MALICIOUS
•Digital signature of F3 is needed•Prevent forged acknowledgement
04/09/23 29Dept. of ECE
![Page 30: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/30.jpg)
F3 IS MALICIOUSF3 IS MALICIOUS
•If F3 refuses to send back acknowledgementpackets, it will be marked as malicious
04/09/23 30Dept. of ECE
![Page 31: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/31.jpg)
3.MRA 3.MRA Misbehaviour Report AuthenticationDesigned to resolve the false misbehaviour report
attackSuch attack can break the entire networkBasic idea - Authenticate whether the
destination node has received the reported missing packet
Alternate route is neededMRA packet is send via this alternate routeMRA packet contains the ID of the packet that
has been reported droppedDestination node search if there is a match
04/09/23 31Dept. of ECE
![Page 32: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/32.jpg)
Continuation...Continuation...If there is match,the report is
fake and node ,whoever sends it, is marked as malicious
If there is no match,the report is trusted.
04/09/23 32Dept. of ECE
![Page 33: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/33.jpg)
EAACK SCHEMEEAACK SCHEME
04/09/23 33Dept. of ECE
![Page 34: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/34.jpg)
Performance EvaluationPerformance EvaluationPacket delivery ratio (PDR): Ratio of
the number of packets received by the destination node to the number of packets sent by the source node.
Routing overhead (RO): RO defines the ratio of the amount of routing-related transmissions.
04/09/23 34Dept. of ECE
![Page 35: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/35.jpg)
Simulation configurationSimulation configurationScenario 1: Malicious nodes drop all
the packets that pass through it.Scenario 2: Set all malicious nodes to
send out false misbehavior report to the source node whenever it is possible
Scenario 3: Provide the malicious nodes the ability to forge acknowledgment packets.
04/09/23 35Dept. of ECE
![Page 36: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/36.jpg)
04/09/2336Dept. of ECE
![Page 37: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/37.jpg)
ADVANTAGESADVANTAGESSolves limited transmission power and
receiver collision problem.Capable of detecting misbehaviour attackEnsure authentication and packet integrityDigital signatures prevents the attack of
forge acknowledgement packets
04/09/23 37Dept. of ECE
![Page 38: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/38.jpg)
FUTURE ENHANCEMENTFUTURE ENHANCEMENT Possibilities of adopting hybrid
cryptography techniques to further reduce the network overhead caused by digital signature.
Examine the possibilities of adopting a key exchange mechanism to eliminate the requirement of predistributed keys.
Testing the performance of EAACK in real network environment.
04/09/23 38Dept. of ECE
![Page 39: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/39.jpg)
Conclusion Conclusion
EAACK makes MANETs more secure The major threats like false mis
behaviour report and forge acknowledgement can be detected by using this scheme.
04/09/23 39Dept. of ECE
![Page 40: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/40.jpg)
REFERENCEREFERENCE
EAACK—A Secure Intrusion-Detection System for MANETs by Elhadi M. Shakshuki, Senior Member, IEEE, Nan Kang, and Tarek R. Sheltami, Member, IEEE
Detecting Misbehaving Nodes in Mobile Ad hoc Networks by Nan Kang
04/09/23 40Dept. of ECE
![Page 41: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/41.jpg)
04/09/23 41Dept. of ECE
![Page 42: eaack-a secure ids for manet](https://reader035.fdocuments.in/reader035/viewer/2022062615/547e87e6b4af9f92238b45cc/html5/thumbnails/42.jpg)
04/09/23 42Dept. of ECE