The wireless ad hoc network is the self configuring network where mobile nodes can leave or join the network when they want. These types of networks are much vulnerable to security attacks. Much type of active and passive attacks is possible in Ad hoc network. To develop suitable security solutions for such new environments, we must first understand how MANETs can be attacked. This chapter provides a comprehensive survey of attacks against a specific type of target, namely the routing protocols used by MANETs. Then we discuss various proactive and reactive solutions proposed for MANETs.
The wireless ad hoc network is the self configuring network where mobile nodes can leave or join the network when they want. These types of networks are much vulnerable to security attacks. Much type of active and passive attacks is possible in Ad hoc network. To develop suitable security solutions for such new environments, we must first understand how MANETs can be attacked. This chapter provides a comprehensive survey of attacks against a specific type of target, namely the routing protocols used by MANETs. Then we discuss various proactive and reactive solutions proposed for MANETs.
The wireless ad hoc network is the self configuring network where mobile nodes can leave or join the network when they want. These types of networks are much vulnerable to security attacks. Much type of active and passive attacks is possible in Ad hoc network. To develop suitable security solutions for such new environments, we must first understand how MANETs can be attacked. This chapter provides a comprehensive survey of attacks against a specific type of target, namely the routing protocols used by MANETs. Then we discuss various proactive and reactive solutions proposed for MANETs.
International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 1 A Survey on threats in Mobile Ad Hoc Networks
Vishal Dhillon M Tech Student, ECE, Panchkula Engineering College, Haryana, India vishaldhillon91@gmail.com Abstract:- The wireless ad hoc network is the self configuring network where mobile nodes can leave or join the network when they want. These types of networks are much vulnerable to security attacks. Much type of active and passive attacks is possible in Ad hoc network. To develop suitable security solutions for such new environments, we must first understand how MANETs can be attacked. This chapter provides a comprehensive survey of attacks against a specific type of target, namely the routing protocols used by MANETs. Then we discuss various proactive and reactive solutions proposed for MANETs.
I. Introduction Recent advancement of wireless technologies like Bluetooth introduced a new type of wireless system known as Mobile ad-hoc network (MANETs) which operate in the absence of central access point[1]. Each node operates not only as an end-system, but also as a router to forward packets. It provides high mobility and device portability that enable to node connect network and communicate to each other. This flexibility makes them attractive for many applications such as military applications, where the network topology may change rapidly to reflect a forces operational movements, and disaster recovery operations, where the existing/fixed infrastructure may be non- operational. The ad hoc self-organisation also makes them suitable for virtual conferences, where setting up a traditional network infrastructure is a time consuming high-cost task and much difficult.
II. Vulnerabilities of MANETs Wireless Links: First of all in wireless links makes the network there are more chances of attacks such as eavesdropping and active interference. As in wired networks, attackers do not need physical access to the network to carry out these attacks. Furthermore wireless networks have lower bandwidths than wired networks. Attackers can exploit this feature, consuming network bandwidth with ease to prevent normal communication among nodes [2]. Dynamic Topology: MANET nodes can leave and join the network freely, and move independently. As a result of this the network topology can change frequently. It is hard to differentiate normal behaviour of the network For example, a node sending disruptive routing information can be a malicious node, or else simply be using outdated information in good faith. Moreover mobility of nodes means that we cannot assume nodes, especially critical ones. Nodes with not adequate physical protection may often be at risk of being captured and compromised[2]. Cooperativeness: Routing algorithms for MANETs usually assume that nodes are cooperative and non-malicious. As a result, a malicious attacker can easily become an important agent and disrupt network operations by not fulfilling the protocol specifications. For example, a node can pretend as a neighbour to other nodes and participate in collective decision-making mechanisms, possibly affecting networking significantly. Lack of a Clear Line of Defence: MANETs do not have a clear line of defence; attacks can come from any of the directions. The boundary that separates the inside network from the outside world is not very clear on MANETs. For example, there is no well defined place where we can fix our traffic monitoring, and access control mechanisms. Whereas all traffic goes through International Journal of Exploring Emerging Trends in Engineering (IJEETE) Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM All Rights Reserved 2014 IJEETE Page 2 switches, routers and gateways in wired networks, network information in MANETs is distributed across all the nodes that can only watch the packets sent and received in their transmission range. Limited Resources: Resource constraints are a further vulnerability. There can be a variety of devices on MANETs, ranging from laptops to mobile phones. These have different computing and storage capacities that can be the focus of new attacks. For example, mobile nodes generally run on battery power [9].
III. AODV Routing Protocol In ad-hoc network, nodes show their presence in the network by actively listening the broadcasted messages by the neighboring nodes. Nodes get the routing message and give the reply that it is present in the network and destination path can also be reached through that particular node [7]. If link fails routing error is sent back to the transmitting node. Here each request for a route has a sequence number. Nodes use the sequence number to know that repeat route request should not be passed again and again. Another such feature is that the route requests can be sent only for limited number of times. Another such feature is that if a route request fails, another route request may not be sent. When two nodes are in an ad hoc network wish to establish a connection between each other, it will enable them building multihop routes between the source and destination. It is loop free protocol which uses Destination Sequence Numbers (DSN) to avoid counting to infinity. This is the main feature of this protocol. Requesting nodes in a network send Destination Sequence Numbers (DSNs) together with the routing information from source to the destination. It selects the best route based on the sequence number. The advantage of AODV is that it creates no extra traffic for communication along existing links [10]. In AODV defines three messages are sent: Route Requests, Route Replies , And Route Errors and these messages are used to discover the routes across the network from source to destination by use of UDP packets. Whenever we want to send data new route is made by broadcasting route request packets and final path is made when the route reply packets are received from the nodes at the originator node and if link fails then route error message is generated. Each node maintains its sequence number and broadcast ID. For every RREQ the node initiates broadcast ID which is incremented and together with the node's IP address uniquely identifies an RREQ. At last that route will be the final route that has the minimum hop count from source to destination [7]. Analysis is done using NS-2 is an open-source simulation tool running on Unix-like operating systems. 1. Back End- Programming language is used. 2. NS2 has different types of agents. In- built protocols are used in it like AODV, DSDV and DSR
Figure 1: AODV algorithm
Figure 2: Best path with minimum Hop Count
IV. Attacks on MANET At the highest level, the security goals of MANETs are not different from other networks: International Journal of Exploring Emerging Trends in Engineering (IJEETE) Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM All Rights Reserved 2014 IJEETE Page 3 most typically authentication, confidentiality, integrity, availability, and non-repudiation [3]. Authentication is the verification of the identity of a source of information. Confidentiality means that only authorized people or systems can read or execute protected data or programs. It should be noted that the sensitivity of information in MANETs may be attacked much faster than any other information [9]. Integrity means that the information is not changed or corrupted by unauthorized users. Availability refers to the ability of the network to provide services as required. Denials of Service (DoS) attacks have become one of the most worrying problems for network managers. In a military environment, a successful DoS attack is extremely dangerous. Non-repudiation ensures that committed actions cannot be denied. In MANETs security goals of a system can change in different modes (e.g. peace time and war time of a military network). In routing attacks attackers do not follow the specifications of routing protocols and aim to disrupt the network communication in the following ways: Route Disruption: modifying existing routes, creating routing loops, and causing the packets to be forwarded along a route that is not optimal. Node Isolation: Isolating a node or some nodes from communicating with other nodes in the network, partitioning the network, etc. Resource Consumption: Decreasing network performance, consuming network bandwidth or node resources, etc. Computational power: This clearly affects the ability of an attacker to compromise a network. Eavesdropped traffic can be relayed back to high performance super-computing networks for analysis. Deployment capability: Adversary distribution may range from a single node to a pervasive carpet of smart counter-dust, with a consequent variation in attack capabilities Location control: The location of adversary nodes has may have a clear impact on what the adversary can do. An adversary may be restricted to placing attack nodes at the geographical boundary of an enemy network. Mobility: Mobility generally brings an increase in power. On the other hand, mobility may prevent an attacker from targeting one specific victim. Moreover they have stated that even if it reduces the damage caused by the attacker, it makes detection more difficult since the symptoms of an attack and those arising due to the dynamic nature of the network are difficult to distinguish. In conclusion, the impact of mobility on detection is a complex matter.
We can classify attacks as passive, active, internal and external [4].
Active attacks [5]: In the active attacks the attacker attempts to modify or alter the data being exchanged in network. The attack may disrupt the normal functioning of the network. Active attacks are very dangerous. Example of active attacks is impersonation and spoofing.
Passive attacks: In a passive attack an unauthorized node monitors and aims to find out information about the network. The attackers do not otherwise need to communicate with the network. Hence they do not disrupt communications or cause any direct damage to the network. However, they can be used to get information for future harmful attacks. Examples of passive attacks are eavesdropping and traffic analysis.
International Journal of Exploring Emerging Trends in Engineering (IJEETE) Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM All Rights Reserved 2014 IJEETE Page 4 Further types of attacks are: Black Hole Attack: A black hole is a malicious node that falsely replies for route requests without having an active route to the destination and exploits the routing protocol to advertise itself as having a shortest route to destination [1].
Wormhole Attack: In this attack an attacker records packets at one location in the network and tunnels them to another location. This tunnel between two colluding attackers is referred as a wormhole. Routing can be disrupted when routing control message are tunneled [1].
Byzantine Attack: A compromised intermediate node works alone, or a set of compromised intermediate nodes works in collusion and carry out attacks. Such as selectively forwarding packets on non-optimal paths and selectively dropping packets which results in disruption or degradation of the routing services [4].
Eavesdropping: The main goal of eavesdropping is to obtain some confidential information that should be kept secret during the communication. This confidential information may include the location, public key, private key or even passwords of the nodes [4].
Traffic Analysis is not necessarily an entirely passive activity. It is perfectly feasible to engage in protocols, or seek to provoke communication between nodes. Attackers may employ techniques such as RF direction finding, traffic rate analysis, and time-correlation monitoring.
Dropping Attacks: Malicious nodes deliberately drop all packets that are not destined for them. While malicious nodes aim to disrupt the network, selfish nodes aim to preserve their resources. It might reduce the network performance by causing data packets to be retransmitted.
Modification Attacks: Insider attackers modify packets to disrupt the network. It is especially effective in routing protocols that use advertised information such as remaining energy and nearest node to the destination in the route discovery process.
Fabrication Attacks: Here the attacker forges network packets. In fabrication attacks are classified into active forge in which attackers send fake messages without receiving any related message and forge reply in which the attacker sends fake route reply messages in response to related legitimate route request messages.
Timing Attacks: An attacker attracts other nodes by causing itself to appear closer to those nodes than it really is. DoS attacks, rushing attacks, and hello flood attacks use this technique. Rushing attacks [8] occur during the Route Discovery phase. In all existing on-demand protocols, a node needs a route broadcasts Route Request messages and each node forwards only the first arriving Route Request in order to limit the overhead of message flooding. So, if the Route Request forwarded by the attacker arrives first at the destination, routes including the attacker will be discovered instead of valid routes. Rushing attacks can be carried out in many ways: by ignoring delays at MAC or routing layers, by wormhole attacks, by keeping other nodes transmission queues full, or by transmitting packets at a higher wireless transmission power . The hello flood attack is another attack that makes the adversary attractive for many routes. In some routing protocols, nodes broadcast Hello packets to detect neighbouring nodes. These messages are received by all one-hop neighbour nodes, but are not forwarded to further nodes. The attacker broadcasts many Hello packets with large enough transmission power that each node receiving Hello packets assumes the adversary node to be its neighbour. It can be highly effective in both proactive and reactive MANET protocols.
V. Intrusion Detection Since prevention techniques are limited in their effectiveness and new intrusions continually emerge, an intrusion detection system (IDS) is an indispensable part of a security system. An IDS is introduced to detect possible violations of a security policy by monitoring system activities International Journal of Exploring Emerging Trends in Engineering (IJEETE) Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM All Rights Reserved 2014 IJEETE Page 5 and responding to those that are apparently intrusive. If we detect an attack once it comes into the network, a response can be initiated to prevent or minimize the damage to the system [8]. An IDS also provides information about intrusion techniques, enhancing our understanding of attacks and informing our decisions regarding prevention and mitigation. Although there are many intrusion detection systems for wired networks, they do not find simple application to MANETs. Different characteristics of MANETs make conventional IDSs ineffective and inefficient for this environment. Consequently, researchers have been working recently on developing new IDSs for MANETs, or on modifying current IDSs to be applicable to MANETs.
Specification-Based Intrusion Detection: One of the most commonly proposed intrusion detection techniques for MANETs is specification-based intrusion detection, where intrusions are detected as runtime violations of the specifications of routing protocols. This technique has been applied to a variety of routing protocols on MANETs such as AODV, OLSR, DSR. In each network monitor employs a finite state machine (FSM) to state the specifications of AODV, especially for the route discovery process, and maintains a forwarding table for each monitored node. Each RREP and RREQ message in the range of the network monitor is monitored in a request-reply flow which checks the situations such as if route request packets are forwarded by next node or not, if route reply packets are modified on the path or not, and the like. When a network monitor needs information about previous messages or other nodes that are not in its range, it can ask neighbouring network monitors [8].
Anomaly-Based Intrusion Detection: This technique profiles the symptoms of normal behaviours of the system, such as usage frequency of commands, CPU usage for programs, and the like. It detects intrusions as anomalies, i.e. deviations from the normal behaviour patterns. Various techniques have been applied for anomaly detection, e.g. statistical approaches, and artificial intelligence techniques like data mining and neural networks. The biggest challenge is defining normal behaviour. Normal behaviour can change over time and IDS systems need to adapt accordingly. Thats one of the reasons false positives the normal activities which are detected as anomalies by IDS can be high in anomaly- based detection. On the other hand, it is capable of detecting unknown attacks. This is important in an environment where new attacks and new vulnerabilities of systems are announced constantly [8]. Misuse-Based Intrusion Detection: Misuse- Based IDSs compare known attack signatures with current system activities. They are generally preferred by commercial IDSs since they are efficient and have a low false positive rate. The drawback of this approach is that it cannot detect new attacks. The system is only as strong as its signature database and this needs frequent updating for new attacks [8].
VI . Future Directions for Research None of the proposed systems are necessarily the best solution taking into account different applications which they can have their own requirements and characteristics. They also usually consider few specific attacks and target a specific routing protocol. Furthermore they emphasize just a few specific MANET features. For instance the consequences of having limited resources is generally little explored. Some solutions might not be suitable for some nodes which can have limited computational capabilities and resources. Researchers can develop solutions considering different characteristics of these nodes. Cooperation and communication between nodes is another area need to be explored. Proposed network architectures should not introduce new weakness/overheads to the system. To conclude, researcher should focus on developing solutions suitable to MANETs specific features.
VII. Conclusion Since proposed routing protocols on MANETs are insecure, we have mainly focused on active International Journal of Exploring Emerging Trends in Engineering (IJEETE) Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM All Rights Reserved 2014 IJEETE Page 6 routing attacks which are classified into dropping, modification, fabrication, and timing attacks. Attackers have also been discussed and examined under insider and outsider attackers. Insider attacks are examined on our exemplar routing protocol AODV. Conventional security techniques are not directly applicable to MANETs due to their very nature. Researchers currently focus on developing new prevention, detection and response mechanism for MANETs. In this chapter we summarize secure routing approaches proposed for MANETs. The difficulty of key management on this distributed and cooperative environment is also discussed. Furthermore we have surveyed intrusion detection systems with different detection techniques proposed in the literature. Each approach and technique is presented with attacks they can and cannot detect. To conclude, MANET security is a complex and challenging topic. To propose security solutions well-suited to this new environment, we recommend researchers investigate possible security risks to MANETs most horoughly
VIII. References [1] Priyanka G.; Vintra.; Rahul.; MANET: Vulnerabilities, Challenges, Attacks, Application, International Journal of Computational Engineering & Management, 2011. [2] Supriya T.; Vinti G.; A Survey of Attacks on Manet Routing Protocols, International Journal of Innovative Research in Science, Engineering and Technology, Vol.2, 2013. [3] Vinit G.; Manoj S.; Tanupriya C.; Charu Gupta.; Advance Survey of Mobile Ad-Hoc Network, International Journal of Computer Science and Telecommunication, Vol.2, 2011. [4] Rusha N.; Debdutta R.; Study of Various Attacks in MANET and Elaborative Discussion Of Rushing Attack on DSR with clustering scheme, Int. J. Advanced Networking and Applications, Vol.03 2011. [5] Feng L.; Yinying Y.; Jie W.; Attack and Flee Game-Theory-Based Analysis on Interactions Among Nodes in MANETs, IEEE Transactions on Systems, Man, and CyberneticsPart b: Cybernetics, Vol. No. 3 2010. [6] Aishwarya S.; Anand U.; Meenu C.; Detection of Packet Dropping Attack Using Improved Acknowledgement Based Scheme in MANET, Internation Journal of Computer Science Issues, , Vol.7, 2010. [7] Sunil T.; Dr. Ashwani K.; Amandeep M.; End to End Delay Analysis of Prominent On- demand Routing Protocols, IJCST Vol. 2, 2011. [8] Giovanni V.; Sumit G.; Kavitha S.; Elizabeth M.; An Intrusion Detection Tool for AODV- based Ad hoc Wireless Networks, 2004 [9] Sevil .; John A.; Juan E.; Security Threats in Mobile Ad Hoc Networks, 2010. [10] Bhalaji N.; Reliable Routing against Selective Packet Drop Attack in DSR based MANET, Journal of Software, vol. 4, 2009. [11] Aikaterini M.; Christos D,; Intrusion Detection of Packet Dropping Attacks in Mobile Ad Hoc Networks, 2006.
Journals Vishal D.; Deepak K.; Manish K.; Implementation of a Novel Technique to Detect and Isolate Selective Packet Drop Attack in MANET, International Journal of Advanced Computer Research and Networks Vol 2 , Issue2, 2014 ISSN: 2278-0658.
AUTHOR BIBLOGRAPHY Vishal Dhillon has received his B.Tech degree in Electronics and Comm. Engg from Rayat Bahra Institute of Engg and Nano Tech in 2012 and M Tech from Panchkula Engg College in Electronics and Comm. Engg affiliated to Kurukshetra University. Presently he is working as lecturer in Department of Engineering in MIT Hamirpur HP.