Abstract image of a woman sitting on books and studying on a laptop

Security management in mobile ad hoc networks

Download as PPTX, PDF
P
Prof. Dr. Noman Islam

The document discusses security challenges and attacks in mobile ad hoc networks (MANETs) along with solutions. It describes various active and passive attacks at different layers of the network including physical, link, network, transport and application layers. It also discusses secure routing protocols that use routing header information, cryptography, redundancy across routing layers, and trust models. Finally, it covers key management approaches for MANETs including cluster-based, identity-based, certificate chaining, and multicasting-based methods, as well as the use of intrusion detection systems.

Education
1 of 46
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Security Management in Mobile Ad hoc Networks Dr. Noman Islam https://sites.google.com/a/nu.edu.pk/noman-islam/ http://www.facebook.com/sir.noman.islam
Security Challenges in MANET Challenge Description Wireless link Open and physically accessible to everyone, prone to bit errors/interference Lack of secure boundaries Adversaries can easily join and become part of the network Infrastructure-less There are no specific infrastructure for addressing, key distribution, certification etc. Nodes limitation As the nodes have limited capabilities, their availability can easily be compromised Link limitation Cooperation based security algorithms must consider the bandwidth limitation associated with links Multi-hop routing As the nodes are dependent on each other for routing, adversaries can generate fabricated routes to create routing loops, false routes etc.
Active Vs Passive Attacks • An active attack is a type of attack where an attacker gets access to the medium of communication and modifies or disrupts the transmission. • A passive attack only observes the ongoing transmission but doesn’t alter or disrupts any activity. A common example is traffic analysis of the snooped data to discover passwords and confidential information of other users. • Active attacks usually target integrity and availability of system while passive attack tries to break the confidentiality of the security system.
Physical Layer Attacks • The easiest attack on this layer is signal jamming, where the hacker uses a jamming device to tune to the frequency of the nodes on the network. The jammer then generates a constant and powerful noisy signal that suppresses other messages on the network. • To counter this attack, spread spectrum techniques are recommended that changes the frequency of the signal or spread the energy of the signal to a wider spectrum.
Frequency Hopping Spread Spectrum (FHSS) • The sender switches the carrier from a set of available carriers based on a pseudo random sequence. The sender modulates the data signal with a sequence of random frequencies. The random frequency changes at regular interval of times. Both the sender and receiver are synchronized such that receiver can reconstruct the original signal.
Direct-sequence spread-spectrum • Direct-sequence spread-spectrum transmissions multiply the data being transmitted by a "noise" signal. This noise signal is a pseudorandom sequence of 1 and −1 values, at a frequency much higher than that of the original signal. • The resulting signal resembles white noise, like an audio recording of "static". However, this noise-like signal is used to exactly reconstruct the original data at the receiving end, by multiplying it by the same pseudorandom sequence (because 1 × 1 = 1, and −1 × −1 = 1). This process, known as "de- spreading", mathematically constitutes a correlation of the transmitted PN sequence with the PN sequence that the receiver already knows the transmitter is using.
Access to Device • MANET is often deployed in hostile settings like war zone, disaster recovery etc. It is possible that an adversary can get physical access to the device and then temper the device. • Using different techniques, the network information maintained in the chip can then be decoded and can be used to set off various security attacks. The physical security of mobile devices can be enforced to some extent by using some security modules like smart cards that requires PIN codes or biometrics for access.
Link Layer Attacks • The malicious node can exploit the exponential back off feature of IEEE 802.11 protocol by sending the data continuously on the medium. This makes the medium busy and other nodes don’t get opportunity to send their data. • DCF employs a CSMA/CA with binary exponential backoff algorithm
• A malicious node can also send RTS/CTS packet with large amount of data for unlimited period of time. This attack called indefinite postponement problem can jeopardize the network, as the nodes on the network are required to wait indefinitely for their turn.
Single adversary attack • In the single adversary attack, the malicious node attempts to exhaust the battery of the victim node as well as eating up the channel capacity. • For this purpose, the attacker sends large volume of data to the victim node which brings down the availability of the victim node.
Colluding adversary attack • In the colluding adversary attack, two or more malicious node sends large volume of data to each other making the transmission channel occupied and unavailable for other nodes on the network. To counter these attacks, a possible approach is to limit the data rate of nodes. • An alternative approach is to use Time Division Multiplexing, where a fixed time slot is allocated for every node to transmit its data.
Routing attacks • Intermediate nodes can add, modify, delete or unnecessarily delay the forwarding of packets • a node can launch routing table overflow attack by sending huge volume of false routes to overflow the neighbors • A malicious node can poison the routing cache of neighbors by advertising false routes that can be heard by neighbors to update their routing tables. • During route maintenance phase, an attacker can send fake route error messages that can cause the initiation of expensive route maintenance operation
• In black hole attack, a node shows its interest in forwarding a packet towards a destination during route discovery phase. The attacker rushes during route discovery to ensure a route is established through it. Later on in the forwarding phase, it drops the packet intended for the destination. A more severe form of attack is when the malicious node tempers the packet as well.
• In a wormhole attack, an attacker creates a tunnel with another attacking node. All the packets through the first attacker are tunneled to the second attacking node which then sends the packet through normal path ahead. These attacks can compromise the currently on-demand routing protocols. • In byzantine attack, an individual or a set of colluding nodes works in cooperation to perform attacks like dropping or modifying packets, creating routing loops, poisons the cache etc.
Solutions • A temporal leash specifies the time a packet should take to reach to the destination, thus avoiding wormhole attacks. Specialized routing protocols have been proposed to resolve modification (SEAD), replay (SRP) and repudiation attacks (APALLS) etc. in MANET. • Various network intrusion detection systems have been proposed that detects malicious actions on the network and isolate the identified intruders on the network.
Transport Layer attacks • Nodes can launch acknowledgment spoofing attacks by generating false acknowledgment with large window size. The source will then send data corresponding to the size of window which can cause congestion as well as exhausting the resources of victim. • Other forms of attacks can be done by acknowledgment replay, jamming acknowledgments, sequence number alteration, connection request spoofing. • The Transport Layer Security (TLS) / Secure Socket Layer (SSL) are generally recommended for securing transport layer communication. TLS/SSL is based on public key cryptography and it helps in preventing masquerading and replay attacks.
Application Layer Attacks • There are threats by malicious software (viruses, worms, Trojan) as well as from insider nodes.
Security attacks on MANET Passive Attacks Active Attacks Solutions Physical Layer Eavesdropping Traffic analysis and monitoring Signal Jamming Spread Spectrum Link Layer MAC layer disruption, adversarial attack Error Correcting Codes Network Layer Location Disclosure Attack Wormhole, Blackhole, Byzantine, Resource Consumption, Routing Table Overflow, Cache Poisoning, Rushing attacks etc. Secure Routing Protocols Transport Layer Session Hijacking Securing transport protocol using public key cryptography (TLS, SSL) Application Layer Repudiation, Viruses Firewalls, IDS
Secure Routing Protocol
Secure Routing Protocols • protocols based on exploiting routing header information to identify malicious activities in the network • protocols based on cryptographic technique to protect routing header • protocols exploiting redundancy of routing Layers • protocols based on trust information to identify malicious activities in the network • protocols that maintain anonymity of routing entities
Protocols Based on Routing Header Information • In case of normal routing operations, subsequent packets must have a higher sequence number. If a packet sequence number is less than previously received packet, misbehavior is suspected.
• A black hole attack can be recognized by analyzing the distribution of the sequence number in normal and anomalous state of the network. • A feature vector is devised that comprises of number of sent routing requests, number of replies, average difference of sequence number when the request was sent and when it is received. Using a training data set, an attack model is devised. The mean value of the feature vector is calculated using the training data. • The Euclidean distance of an input sample from the mean vector is calculated. If the distance is larger than a threshold value, it is classified as a black hole attack. At repeated intervals, the model is updated using previous interval data as a training dataset.
• In another approach, if the sequence number is higher than a threshold, the node is marked as blacklisted. In this case, an ALARM message is generated to notify other nodes. To penalize the black listed node, the routing tables of the node are neither updated nor are their messages forwarded. To calculate the threshold value, the difference between sequence number of RREP packet and the value in the routing table is first calculated. The average of this difference value is set to the threshold value. The threshold value is updated as soon as a new RREP is received. In this way, the model detects the black hole as well as prevents the attack in some cases.
Cryptography based Approaches • Secure Ad hoc On-Demand Distance Vector routing (SAODV) is an asymmetric cryptographic approach that is based on signing the non-mutable fields of AODV routing request headers. Intermediate nodes verify that the fields have not changed before creating a reverse route. After verification, the node broadcasts the request to neighboring nodes. Similar procedure is applied during the RREP message.
• Authenticated Routing for Ad hoc Networks (ARAN) is a public key cryptography approach for providing secure routing in MANET. Every node has a certificate issued by a trusted third party. For route discovery, a node generates a request packet called RDP comprising of the IP of the destination, source certificate, a nonce and current time, signed by the source private key. The intermediate nodes verify the signature using the previous node’s certificate (that is carried along with the request), sign the received message with their private key and append their own certificated with the message and rebroadcast. The destination generates a reply REP along the reverse route. The REP is signed by a node before it is forwarded to next node. The next node will verify the signature using the certificate of the previous node.
Protocols Exploiting Redundancy of Routing Layers • These protocols make use of redundancy (multiple routing paths, routing protocols etc.) to ensure the delivery of a routing message through a safe path • In AODV, during route discovery, the node waits for more than one RREP through different paths. From the redundant paths, the source extracts common hops and then constructs a safest path to route the message.
SPREAD • A slightly different strategy has been used in SPREAD. The original routing message is first decomposed into small shares using threshold secret sharing algorithm. Multiple paths towards the source are then determined using an on- demand routing algorithm. The routes are selected keeping into consideration the security levels of the node. The shares of the message are then transmitted towards the destination through these routes. At the destination, different shares of the message are then combined to generate the original message. By using the threshold secret sharing algorithm, it is ensured that if some share gets corrupted by malicious nodes, the whole message can still be reconstructed.
• One solution proposes a scheme that employs multiple routing protocols. As different routing protocols are prone to different types of attacks, the idea proposed is to switch the routing protocol upon a particular type of attack detected on the network
Protocols based on Trust Models • These approaches are based on maintaining trust information about other nodes on the network. Un-trusted nodes are disregarded during routing operation. • The most secured route is selected based on the node’s trust value • A node maintains the trust value of other nodes based on the packets exchanged and dropped by the nodes. • Associations between nodes are thus defined. The association value can be un-known (low trust), known (nodes have exchanged some messages and have moderate trust) and companion (high trust levels as nodes have exchanged lot of message in past). • During route discovery, multiple route replies are received from the nodes, as in DSR. The route replies are sorted by trust ratings. The most trusted route is then selected by the source node based on the trust values of the intermediate nodes.
• One solution proposed a trust model for secure routing. The trust vector is based on nodes experience, knowledge and recommendation of some other node x in the network. • The experience is defined as the ratio of the number of packets forwarded by x to the number of packets transmission x is responsible for. • The knowledge parameter is the probability that the data packet will be successfully transmitted between the nodes. The recommendation parameter is based on the recommendation information about x provided by other nodes of the network. • Based on these parameters, a trust routing scheme has been proposed. During route discovery, a node sends the trust information about preceding node along with route request. This ensures the spread of trust information across the whole network. Using the available trust information, the proposed approach ensures the selection of a route with the highest trust value.
• One solution presents a secure routing scheme using trust levels. The ratio of the ‘difference between beacons received and transmitted’ to the ‘beacons received by the node’ is calculated. • Based on this ratio, the nodes are sorted in descending order. The first one third of the nodes in the list is classified as ally, the next one third as associate and the last as acquaintance. • During routing, a node selects the best neighbor (with the same trust level) and sends it the packet. The neighbor then selects the best node (with the same trust level) and propagates the request ahead. This process continues until the packet is received by the destination.
Anonymous Routing • The routing messages are repeatedly encrypted like layers of onions. The intermediate nodes remove a layer of message, see the routing instructions and forward the message to next nodes. In this way, anonymity of the routing entities is preserved.
Key Management in MANET
Key Management • We define key management as the process of establishment and maintenance of keying relationship among the entities of the network. A key management solution can employ a centralized certification authority (CA) for key agreement and transport. A distributed CA can also be used where a private key is distributed to a set of nodes on the network, while the public key is known to all the nodes.
• Approaches based on organizing the nodes as clusters • Approaches based on identity based cryptography • Approaches based on certificate chaining • Approaches exploiting multicasting for key management
Cluster-based Approaches • In this approach, the whole network is divided into clusters. This reduces the storage and communication overhead. • Every cluster head node maintains a CA information table containing details about the certification authority in the local cluster (and optionally other clusters). Any node in the cluster inquires the cluster head about the whereabouts of the CAs when it wants some certification services.
Identity Based Approaches • In these approaches, the public key of the users are the derived from their identities and thus eliminates the need for public key distribution. • In an identity based system, there is a master public/private key for the whole system. During encryption, the master key of the system, id of the node and the corresponding message is provided to get a cipher text. During decryption, the master public key, the private key of the node and the cipher text is provided to get the actual text.
Certificate Chaining based Approaches • In this approach, the source node sends a message to neighbors that it directly trusts. The directly trusted node appends the certificate of the source to the routing request and forwards it to the node that it directly trusts. • This process continues until the message is received by the destination. The receiving node has the whole chain of certificate appended in the message that can be used to recover the public key of the source. The destination then replies the packet through the reverse route. The intermediate nodes append the certificate of the destination node and propagate the message ahead.
Multicasting based Approaches • These key management approaches are based on utilizing multicast structures for key distribution and maintenance in a multicast network.
Intrusion Detection System
Intrusion Detection System • Intrusion Detection Systems (IDS) are the second line-of-defense once an intruder has entered into the system after breaking the primary security mechanisms. • An intrusion is defined as any type of activity considered that attempts to compromise the security objectives. • An IDS is defined as a system comprising of the mechanisms intended to detect an intrusion, identify the source of intrusion and then isolate this source from the network.
Standalone, Cooperative and Hierarchical IDS • In standalone systems, a node works without any communication with other nodes and relies on a self- contained approach for detecting malicious activities. • In a cooperative system, every node runs an IDS system. The nodes analyses the behavior locally to identify intrusion. Global Intrusion can be identified by nodes collaborating and sharing information with each other. • In hierarchical IDS, the nodes are structured in a hierarchy and the whole network is divided in to cluster. There is a head for each cluster. An intrusion detected by a node is communicated to its cluster head. A cluster head can launch global response.
Cross Layer Intrusion Detection • A cross-layer IDS system combines information from various layers to perform the identification of intruders. • CRADS is a cross-layer IDS for routing attacks identification. As the cross-layer information from various layers leads to large feature sets, various feature reduction techniques are exploited. Using associations, various features are correlated to give a reduced set of features. Then, feedback-based filtering is used to remove uninformative and redundant information. The resultant features are then trained using Support Vector Machines (SVM). • SVM is a non-linear pattern recognition algorithm that outputs the decision boundary between normal and abnormal behavior. The simulation results illustrate the supremacy of the proposed system.
Game Theoretic Approaches • Game theory has also been employed in intrusion detection systems. • In a game theory problem, different competing entities interact with each other to achieve their objectives. • One of the approch modeled the interaction between attacker and IDS through a two player non-cooperative, non zero-sum model. The pure strategy for the IDS is to monitor for some percentage of time or not. The pure strategy for the intruder is to attack for some time or not. The game is solved using Nash Equilibrium mixed- strategy pair
Evolutionary approaches • Evolutionary approaches are the light weight solution for intrusion detection. Hence, they are suitable for the resource constrained MANET environments. • One solution presented genetic programming approach towards IDS in MANET. In genetic programming, a set of candidate solutions are evolved towards the target solution. During each step, the current candidate solutions are cross-over and mutated to generate new solutions. The new solutions are evaluated against a fitness function. Those solutions that passed the fitness criteria are selected as candidate solution and next iteration is iterated. The process is repeated until the termination criterion is satisfied.
Immune Inspired Approaches • The self-healing property of human immune system has been exploited in some research for detection of intruders. The motivation to use the immune approach is the distributed and autonomous nature of MANET similar to human immune systems. • One of the solution proposed a biologically inspired tactical infrastructure (BTSI). There is a small kernel running on every node. Similar to biology, the notion of damage is introduced. A damage is defined when an application is not getting what is expected from a source. BTSI sends damage notifications to other nodes. A reputation value is thus maintained by every node. Using machine learning techniques, state of the network in future is predicted, based upon reputation and changes in past.

More Related Content

PPTX
Grayhole
Kumud Dixit
 
PDF
Review on Grey- Hole Attack Detection and Prevention
IJARIIT
 
PDF
Blackhole attack in Manet
Prof Ansari
 
PDF
DDoS Attack and Defense Scheme in Wireless Ad hoc Networks
IJNSA Journal
 
PDF
Packet hiding methods for preventing selective jamming attacks
eSAT Publishing House
 
PDF
Wormhole attack mitigation in manet a
IJCNCJournal
 
PDF
Advisedly delayed packet attack on tcp based mobile ad-hoc networks
eSAT Journals
 
DOC
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
Vamsi IV
 
Grayhole
Kumud Dixit
 
Review on Grey- Hole Attack Detection and Prevention
IJARIIT
 
Blackhole attack in Manet
Prof Ansari
 
DDoS Attack and Defense Scheme in Wireless Ad hoc Networks
IJNSA Journal
 
Packet hiding methods for preventing selective jamming attacks
eSAT Publishing House
 
Wormhole attack mitigation in manet a
IJCNCJournal
 
Advisedly delayed packet attack on tcp based mobile ad-hoc networks
eSAT Journals
 
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
Vamsi IV
 

What's hot (20)

PDF
Advisedly delayed packet attack on tcp based mobile
eSAT Publishing House
 
PDF
AN APPROACH TO PROVIDE SECURITY IN MOBILE AD-HOC NETWORKS USING COUNTER MODE ...
IJNSA Journal
 
PDF
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
Journal For Research
 
PPTX
Protocol manet
Kunal Prajapati
 
PPTX
Vasserman-TMC13-slide
manoj kumar s
 
DOCX
Vampire attacks draining life from wireless ad hoc sensor networks
IEEEFINALYEARPROJECTS
 
PPT
Wireless sensor networks
nagibtech
 
PDF
Performance investigation of re shuffling packet attack on transport layer pr...
eSAT Journals
 
PDF
Performance investigation of re shuffling packet
eSAT Publishing House
 
PPTX
Presentation1
Rajat Soni
 
PPT
Attacks in MANET
Sunita Sahu
 
PPTX
A chaotic direct sequence spread-spectrum communication system
Mohit Chimankar
 
PPTX
Vampire attacks
Augustin Jose
 
PPTX
Threats in wireless sensor networks
Priya Kaushal
 
DOC
muti path encrypted data security architecture for mobile adhoc networks
Praveen Yadav
 
PDF
Enhance the Throughput of Wireless Network Using Multicast Routing
IOSR Journals
 
PDF
Review of Flooding Attack Detection in AODV Protocol for Mobile Ad-hoc Network
ijsrd.com
 
PDF
AODV protocol and Black Hole attack
Raj Sikarwar
 
PDF
Modified AODV Algorithm using Data Mining Process: Classification and Clustering
idescitation
 
PDF
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
IJMER
 
Advisedly delayed packet attack on tcp based mobile
eSAT Publishing House
 
AN APPROACH TO PROVIDE SECURITY IN MOBILE AD-HOC NETWORKS USING COUNTER MODE ...
IJNSA Journal
 
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
Journal For Research
 
Protocol manet
Kunal Prajapati
 
Vasserman-TMC13-slide
manoj kumar s
 
Vampire attacks draining life from wireless ad hoc sensor networks
IEEEFINALYEARPROJECTS
 
Wireless sensor networks
nagibtech
 
Performance investigation of re shuffling packet attack on transport layer pr...
eSAT Journals
 
Performance investigation of re shuffling packet
eSAT Publishing House
 
Presentation1
Rajat Soni
 
Attacks in MANET
Sunita Sahu
 
A chaotic direct sequence spread-spectrum communication system
Mohit Chimankar
 
Vampire attacks
Augustin Jose
 
Threats in wireless sensor networks
Priya Kaushal
 
muti path encrypted data security architecture for mobile adhoc networks
Praveen Yadav
 
Enhance the Throughput of Wireless Network Using Multicast Routing
IOSR Journals
 
Review of Flooding Attack Detection in AODV Protocol for Mobile Ad-hoc Network
ijsrd.com
 
AODV protocol and Black Hole attack
Raj Sikarwar
 
Modified AODV Algorithm using Data Mining Process: Classification and Clustering
idescitation
 
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
IJMER
 
Ad

Similar to Security management in mobile ad hoc networks (20)

PDF
Study of Layering-Based Attacks in a Mobile Ad Hoc Networks
IRJET Journal
 
PDF
Different Types of Attacks and Detection Techniques in Mobile Ad Hoc Network
Editor IJCATR
 
PDF
Protecting Global Records Sharing with Identity Based Access Control List
Editor IJCATR
 
PDF
E0432933
IOSR Journals
 
PDF
Injection of Attacks in MANETs
IOSR Journals
 
PPTX
Security Issues in MANET
Nitin Verma
 
PDF
An intrusion detection system for detecting malicious nodes in manet using tr...
ijctet
 
PDF
A novel approach for a secured intrusion detection system in manet
eSAT Publishing House
 
PDF
Ls3620132016
IJERA Editor
 
PPTX
Rm presentation on research paper
Zeeshan Ahmed
 
PDF
A Review Paper on Network Layer attacks in MANETs
ijsrd.com
 
PPT
Security in mobile ad hoc networks
Piyush Mittal
 
PDF
50120130406016
IAEME Publication
 
PPTX
Various Security Attacks in mobile ad hoc networks
Kishan Patel
 
PDF
Manet Security Breaches : Threat to A Secure Communication Platform
pijans
 
PDF
A comparative study of black hole attack in manet 2
IAEME Publication
 
PDF
Black Hole Attack Detection using Fuzzy Logic
International Journal of Science and Research (IJSR)
 
PDF
A Combined Approach for Worm-Hole and Black-Hole Attack Detection in MANET
IJERA Editor
 
PDF
Security in manet via different intrusion detection techniques
IAEME Publication
 
PDF
Security Issues & Challenging Attributes in Mobile Ad-Hoc Networks (MANET)
IRJET Journal
 
Study of Layering-Based Attacks in a Mobile Ad Hoc Networks
IRJET Journal
 
Different Types of Attacks and Detection Techniques in Mobile Ad Hoc Network
Editor IJCATR
 
Protecting Global Records Sharing with Identity Based Access Control List
Editor IJCATR
 
E0432933
IOSR Journals
 
Injection of Attacks in MANETs
IOSR Journals
 
Security Issues in MANET
Nitin Verma
 
An intrusion detection system for detecting malicious nodes in manet using tr...
ijctet
 
A novel approach for a secured intrusion detection system in manet
eSAT Publishing House
 
Ls3620132016
IJERA Editor
 
Rm presentation on research paper
Zeeshan Ahmed
 
A Review Paper on Network Layer attacks in MANETs
ijsrd.com
 
Security in mobile ad hoc networks
Piyush Mittal
 
50120130406016
IAEME Publication
 
Various Security Attacks in mobile ad hoc networks
Kishan Patel
 
Manet Security Breaches : Threat to A Secure Communication Platform
pijans
 
A comparative study of black hole attack in manet 2
IAEME Publication
 
Black Hole Attack Detection using Fuzzy Logic
International Journal of Science and Research (IJSR)
 
A Combined Approach for Worm-Hole and Black-Hole Attack Detection in MANET
IJERA Editor
 
Security in manet via different intrusion detection techniques
IAEME Publication
 
Security Issues & Challenging Attributes in Mobile Ad-Hoc Networks (MANET)
IRJET Journal
 
Ad

Recently uploaded (20)

PDF
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
PDF
Environmental Education MCQ BD2EE - Share Source.pdf
Dr Raja Mohammed T
 
PPTX
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
PDF
advance database management system book.pdf
hinamannan364
 
PDF
International_Financial_Reporting_Standa.pdf
VrindaTayade1
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
medical_surgical_nursing_10th_edition_ignatavicius_TEST_BANK_pdf.pdf
victor kamau
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PPTX
20th Century Theater, Methods, History.pptx
cpadilla9
 
PPTX
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
PDF
HVAC Specification 2024 according to central public works department
amitrobanipl
 
PPTX
B.Sc. DS Unit 2 Software Engineering.pptx
Dr. Pallawi Bulakh
 
PDF
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
PDF
IGGE1 Understanding the Self1234567891011
rhea22labucay
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PDF
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
PPTX
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
PPTX
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
PDF
Τίμαιος είναι φιλοσοφικός διάλογος του Πλάτωνα
iliaskessaris
 
PDF
احياء السادس العلمي - الفصل الثالث (التكاثر) منهج متميزين/كلية بغداد/موهوبين
S LS
 
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
Environmental Education MCQ BD2EE - Share Source.pdf
Dr Raja Mohammed T
 
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
advance database management system book.pdf
hinamannan364
 
International_Financial_Reporting_Standa.pdf
VrindaTayade1
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
medical_surgical_nursing_10th_edition_ignatavicius_TEST_BANK_pdf.pdf
victor kamau
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
20th Century Theater, Methods, History.pptx
cpadilla9
 
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
HVAC Specification 2024 according to central public works department
amitrobanipl
 
B.Sc. DS Unit 2 Software Engineering.pptx
Dr. Pallawi Bulakh
 
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
IGGE1 Understanding the Self1234567891011
rhea22labucay
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
Τίμαιος είναι φιλοσοφικός διάλογος του Πλάτωνα
iliaskessaris
 
احياء السادس العلمي - الفصل الثالث (التكاثر) منهج متميزين/كلية بغداد/موهوبين
S LS
 

Security management in mobile ad hoc networks

  • 1. Security Management in Mobile Ad hoc Networks Dr. Noman Islam https://sites.google.com/a/nu.edu.pk/noman-islam/ http://www.facebook.com/sir.noman.islam
  • 2. Security Challenges in MANET Challenge Description Wireless link Open and physically accessible to everyone, prone to bit errors/interference Lack of secure boundaries Adversaries can easily join and become part of the network Infrastructure-less There are no specific infrastructure for addressing, key distribution, certification etc. Nodes limitation As the nodes have limited capabilities, their availability can easily be compromised Link limitation Cooperation based security algorithms must consider the bandwidth limitation associated with links Multi-hop routing As the nodes are dependent on each other for routing, adversaries can generate fabricated routes to create routing loops, false routes etc.
  • 3. Active Vs Passive Attacks • An active attack is a type of attack where an attacker gets access to the medium of communication and modifies or disrupts the transmission. • A passive attack only observes the ongoing transmission but doesn’t alter or disrupts any activity. A common example is traffic analysis of the snooped data to discover passwords and confidential information of other users. • Active attacks usually target integrity and availability of system while passive attack tries to break the confidentiality of the security system.
  • 4. Physical Layer Attacks • The easiest attack on this layer is signal jamming, where the hacker uses a jamming device to tune to the frequency of the nodes on the network. The jammer then generates a constant and powerful noisy signal that suppresses other messages on the network. • To counter this attack, spread spectrum techniques are recommended that changes the frequency of the signal or spread the energy of the signal to a wider spectrum.
  • 5. Frequency Hopping Spread Spectrum (FHSS) • The sender switches the carrier from a set of available carriers based on a pseudo random sequence. The sender modulates the data signal with a sequence of random frequencies. The random frequency changes at regular interval of times. Both the sender and receiver are synchronized such that receiver can reconstruct the original signal.
  • 6. Direct-sequence spread-spectrum • Direct-sequence spread-spectrum transmissions multiply the data being transmitted by a "noise" signal. This noise signal is a pseudorandom sequence of 1 and −1 values, at a frequency much higher than that of the original signal. • The resulting signal resembles white noise, like an audio recording of "static". However, this noise-like signal is used to exactly reconstruct the original data at the receiving end, by multiplying it by the same pseudorandom sequence (because 1 × 1 = 1, and −1 × −1 = 1). This process, known as "de- spreading", mathematically constitutes a correlation of the transmitted PN sequence with the PN sequence that the receiver already knows the transmitter is using.
  • 7. Access to Device • MANET is often deployed in hostile settings like war zone, disaster recovery etc. It is possible that an adversary can get physical access to the device and then temper the device. • Using different techniques, the network information maintained in the chip can then be decoded and can be used to set off various security attacks. The physical security of mobile devices can be enforced to some extent by using some security modules like smart cards that requires PIN codes or biometrics for access.
  • 8. Link Layer Attacks • The malicious node can exploit the exponential back off feature of IEEE 802.11 protocol by sending the data continuously on the medium. This makes the medium busy and other nodes don’t get opportunity to send their data. • DCF employs a CSMA/CA with binary exponential backoff algorithm
  • 9. • A malicious node can also send RTS/CTS packet with large amount of data for unlimited period of time. This attack called indefinite postponement problem can jeopardize the network, as the nodes on the network are required to wait indefinitely for their turn.
  • 10. Single adversary attack • In the single adversary attack, the malicious node attempts to exhaust the battery of the victim node as well as eating up the channel capacity. • For this purpose, the attacker sends large volume of data to the victim node which brings down the availability of the victim node.
  • 11. Colluding adversary attack • In the colluding adversary attack, two or more malicious node sends large volume of data to each other making the transmission channel occupied and unavailable for other nodes on the network. To counter these attacks, a possible approach is to limit the data rate of nodes. • An alternative approach is to use Time Division Multiplexing, where a fixed time slot is allocated for every node to transmit its data.
  • 12. Routing attacks • Intermediate nodes can add, modify, delete or unnecessarily delay the forwarding of packets • a node can launch routing table overflow attack by sending huge volume of false routes to overflow the neighbors • A malicious node can poison the routing cache of neighbors by advertising false routes that can be heard by neighbors to update their routing tables. • During route maintenance phase, an attacker can send fake route error messages that can cause the initiation of expensive route maintenance operation
  • 13. • In black hole attack, a node shows its interest in forwarding a packet towards a destination during route discovery phase. The attacker rushes during route discovery to ensure a route is established through it. Later on in the forwarding phase, it drops the packet intended for the destination. A more severe form of attack is when the malicious node tempers the packet as well.
  • 14. • In a wormhole attack, an attacker creates a tunnel with another attacking node. All the packets through the first attacker are tunneled to the second attacking node which then sends the packet through normal path ahead. These attacks can compromise the currently on-demand routing protocols. • In byzantine attack, an individual or a set of colluding nodes works in cooperation to perform attacks like dropping or modifying packets, creating routing loops, poisons the cache etc.
  • 15. Solutions • A temporal leash specifies the time a packet should take to reach to the destination, thus avoiding wormhole attacks. Specialized routing protocols have been proposed to resolve modification (SEAD), replay (SRP) and repudiation attacks (APALLS) etc. in MANET. • Various network intrusion detection systems have been proposed that detects malicious actions on the network and isolate the identified intruders on the network.
  • 16. Transport Layer attacks • Nodes can launch acknowledgment spoofing attacks by generating false acknowledgment with large window size. The source will then send data corresponding to the size of window which can cause congestion as well as exhausting the resources of victim. • Other forms of attacks can be done by acknowledgment replay, jamming acknowledgments, sequence number alteration, connection request spoofing. • The Transport Layer Security (TLS) / Secure Socket Layer (SSL) are generally recommended for securing transport layer communication. TLS/SSL is based on public key cryptography and it helps in preventing masquerading and replay attacks.
  • 17. Application Layer Attacks • There are threats by malicious software (viruses, worms, Trojan) as well as from insider nodes.
  • 18. Security attacks on MANET Passive Attacks Active Attacks Solutions Physical Layer Eavesdropping Traffic analysis and monitoring Signal Jamming Spread Spectrum Link Layer MAC layer disruption, adversarial attack Error Correcting Codes Network Layer Location Disclosure Attack Wormhole, Blackhole, Byzantine, Resource Consumption, Routing Table Overflow, Cache Poisoning, Rushing attacks etc. Secure Routing Protocols Transport Layer Session Hijacking Securing transport protocol using public key cryptography (TLS, SSL) Application Layer Repudiation, Viruses Firewalls, IDS
  • 20. Secure Routing Protocols • protocols based on exploiting routing header information to identify malicious activities in the network • protocols based on cryptographic technique to protect routing header • protocols exploiting redundancy of routing Layers • protocols based on trust information to identify malicious activities in the network • protocols that maintain anonymity of routing entities
  • 21. Protocols Based on Routing Header Information • In case of normal routing operations, subsequent packets must have a higher sequence number. If a packet sequence number is less than previously received packet, misbehavior is suspected.
  • 22. • A black hole attack can be recognized by analyzing the distribution of the sequence number in normal and anomalous state of the network. • A feature vector is devised that comprises of number of sent routing requests, number of replies, average difference of sequence number when the request was sent and when it is received. Using a training data set, an attack model is devised. The mean value of the feature vector is calculated using the training data. • The Euclidean distance of an input sample from the mean vector is calculated. If the distance is larger than a threshold value, it is classified as a black hole attack. At repeated intervals, the model is updated using previous interval data as a training dataset.
  • 23. • In another approach, if the sequence number is higher than a threshold, the node is marked as blacklisted. In this case, an ALARM message is generated to notify other nodes. To penalize the black listed node, the routing tables of the node are neither updated nor are their messages forwarded. To calculate the threshold value, the difference between sequence number of RREP packet and the value in the routing table is first calculated. The average of this difference value is set to the threshold value. The threshold value is updated as soon as a new RREP is received. In this way, the model detects the black hole as well as prevents the attack in some cases.
  • 24. Cryptography based Approaches • Secure Ad hoc On-Demand Distance Vector routing (SAODV) is an asymmetric cryptographic approach that is based on signing the non-mutable fields of AODV routing request headers. Intermediate nodes verify that the fields have not changed before creating a reverse route. After verification, the node broadcasts the request to neighboring nodes. Similar procedure is applied during the RREP message.
  • 25. • Authenticated Routing for Ad hoc Networks (ARAN) is a public key cryptography approach for providing secure routing in MANET. Every node has a certificate issued by a trusted third party. For route discovery, a node generates a request packet called RDP comprising of the IP of the destination, source certificate, a nonce and current time, signed by the source private key. The intermediate nodes verify the signature using the previous node’s certificate (that is carried along with the request), sign the received message with their private key and append their own certificated with the message and rebroadcast. The destination generates a reply REP along the reverse route. The REP is signed by a node before it is forwarded to next node. The next node will verify the signature using the certificate of the previous node.
  • 26. Protocols Exploiting Redundancy of Routing Layers • These protocols make use of redundancy (multiple routing paths, routing protocols etc.) to ensure the delivery of a routing message through a safe path • In AODV, during route discovery, the node waits for more than one RREP through different paths. From the redundant paths, the source extracts common hops and then constructs a safest path to route the message.
  • 27. SPREAD • A slightly different strategy has been used in SPREAD. The original routing message is first decomposed into small shares using threshold secret sharing algorithm. Multiple paths towards the source are then determined using an on- demand routing algorithm. The routes are selected keeping into consideration the security levels of the node. The shares of the message are then transmitted towards the destination through these routes. At the destination, different shares of the message are then combined to generate the original message. By using the threshold secret sharing algorithm, it is ensured that if some share gets corrupted by malicious nodes, the whole message can still be reconstructed.
  • 28. • One solution proposes a scheme that employs multiple routing protocols. As different routing protocols are prone to different types of attacks, the idea proposed is to switch the routing protocol upon a particular type of attack detected on the network
  • 29. Protocols based on Trust Models • These approaches are based on maintaining trust information about other nodes on the network. Un-trusted nodes are disregarded during routing operation. • The most secured route is selected based on the node’s trust value • A node maintains the trust value of other nodes based on the packets exchanged and dropped by the nodes. • Associations between nodes are thus defined. The association value can be un-known (low trust), known (nodes have exchanged some messages and have moderate trust) and companion (high trust levels as nodes have exchanged lot of message in past). • During route discovery, multiple route replies are received from the nodes, as in DSR. The route replies are sorted by trust ratings. The most trusted route is then selected by the source node based on the trust values of the intermediate nodes.
  • 30. • One solution proposed a trust model for secure routing. The trust vector is based on nodes experience, knowledge and recommendation of some other node x in the network. • The experience is defined as the ratio of the number of packets forwarded by x to the number of packets transmission x is responsible for. • The knowledge parameter is the probability that the data packet will be successfully transmitted between the nodes. The recommendation parameter is based on the recommendation information about x provided by other nodes of the network. • Based on these parameters, a trust routing scheme has been proposed. During route discovery, a node sends the trust information about preceding node along with route request. This ensures the spread of trust information across the whole network. Using the available trust information, the proposed approach ensures the selection of a route with the highest trust value.
  • 31. • One solution presents a secure routing scheme using trust levels. The ratio of the ‘difference between beacons received and transmitted’ to the ‘beacons received by the node’ is calculated. • Based on this ratio, the nodes are sorted in descending order. The first one third of the nodes in the list is classified as ally, the next one third as associate and the last as acquaintance. • During routing, a node selects the best neighbor (with the same trust level) and sends it the packet. The neighbor then selects the best node (with the same trust level) and propagates the request ahead. This process continues until the packet is received by the destination.
  • 32. Anonymous Routing • The routing messages are repeatedly encrypted like layers of onions. The intermediate nodes remove a layer of message, see the routing instructions and forward the message to next nodes. In this way, anonymity of the routing entities is preserved.
  • 34. Key Management • We define key management as the process of establishment and maintenance of keying relationship among the entities of the network. A key management solution can employ a centralized certification authority (CA) for key agreement and transport. A distributed CA can also be used where a private key is distributed to a set of nodes on the network, while the public key is known to all the nodes.
  • 35. • Approaches based on organizing the nodes as clusters • Approaches based on identity based cryptography • Approaches based on certificate chaining • Approaches exploiting multicasting for key management
  • 36. Cluster-based Approaches • In this approach, the whole network is divided into clusters. This reduces the storage and communication overhead. • Every cluster head node maintains a CA information table containing details about the certification authority in the local cluster (and optionally other clusters). Any node in the cluster inquires the cluster head about the whereabouts of the CAs when it wants some certification services.
  • 37. Identity Based Approaches • In these approaches, the public key of the users are the derived from their identities and thus eliminates the need for public key distribution. • In an identity based system, there is a master public/private key for the whole system. During encryption, the master key of the system, id of the node and the corresponding message is provided to get a cipher text. During decryption, the master public key, the private key of the node and the cipher text is provided to get the actual text.
  • 38. Certificate Chaining based Approaches • In this approach, the source node sends a message to neighbors that it directly trusts. The directly trusted node appends the certificate of the source to the routing request and forwards it to the node that it directly trusts. • This process continues until the message is received by the destination. The receiving node has the whole chain of certificate appended in the message that can be used to recover the public key of the source. The destination then replies the packet through the reverse route. The intermediate nodes append the certificate of the destination node and propagate the message ahead.
  • 39. Multicasting based Approaches • These key management approaches are based on utilizing multicast structures for key distribution and maintenance in a multicast network.
  • 41. Intrusion Detection System • Intrusion Detection Systems (IDS) are the second line-of-defense once an intruder has entered into the system after breaking the primary security mechanisms. • An intrusion is defined as any type of activity considered that attempts to compromise the security objectives. • An IDS is defined as a system comprising of the mechanisms intended to detect an intrusion, identify the source of intrusion and then isolate this source from the network.
  • 42. Standalone, Cooperative and Hierarchical IDS • In standalone systems, a node works without any communication with other nodes and relies on a self- contained approach for detecting malicious activities. • In a cooperative system, every node runs an IDS system. The nodes analyses the behavior locally to identify intrusion. Global Intrusion can be identified by nodes collaborating and sharing information with each other. • In hierarchical IDS, the nodes are structured in a hierarchy and the whole network is divided in to cluster. There is a head for each cluster. An intrusion detected by a node is communicated to its cluster head. A cluster head can launch global response.
  • 43. Cross Layer Intrusion Detection • A cross-layer IDS system combines information from various layers to perform the identification of intruders. • CRADS is a cross-layer IDS for routing attacks identification. As the cross-layer information from various layers leads to large feature sets, various feature reduction techniques are exploited. Using associations, various features are correlated to give a reduced set of features. Then, feedback-based filtering is used to remove uninformative and redundant information. The resultant features are then trained using Support Vector Machines (SVM). • SVM is a non-linear pattern recognition algorithm that outputs the decision boundary between normal and abnormal behavior. The simulation results illustrate the supremacy of the proposed system.
  • 44. Game Theoretic Approaches • Game theory has also been employed in intrusion detection systems. • In a game theory problem, different competing entities interact with each other to achieve their objectives. • One of the approch modeled the interaction between attacker and IDS through a two player non-cooperative, non zero-sum model. The pure strategy for the IDS is to monitor for some percentage of time or not. The pure strategy for the intruder is to attack for some time or not. The game is solved using Nash Equilibrium mixed- strategy pair
  • 45. Evolutionary approaches • Evolutionary approaches are the light weight solution for intrusion detection. Hence, they are suitable for the resource constrained MANET environments. • One solution presented genetic programming approach towards IDS in MANET. In genetic programming, a set of candidate solutions are evolved towards the target solution. During each step, the current candidate solutions are cross-over and mutated to generate new solutions. The new solutions are evaluated against a fitness function. Those solutions that passed the fitness criteria are selected as candidate solution and next iteration is iterated. The process is repeated until the termination criterion is satisfied.
  • 46. Immune Inspired Approaches • The self-healing property of human immune system has been exploited in some research for detection of intruders. The motivation to use the immune approach is the distributed and autonomous nature of MANET similar to human immune systems. • One of the solution proposed a biologically inspired tactical infrastructure (BTSI). There is a small kernel running on every node. Similar to biology, the notion of damage is introduced. A damage is defined when an application is not getting what is expected from a source. BTSI sends damage notifications to other nodes. A reputation value is thus maintained by every node. Using machine learning techniques, state of the network in future is predicted, based upon reputation and changes in past.