Various Security Attacks in mobile ad hoc networks
Download as PPTX, PDF2 likes1,839 views
The document outlines various security attacks in mobile ad-hoc networks. It discusses the different types of routing protocols used in MANETs including proactive, reactive, and hybrid protocols. It then classifies security attacks into two categories: data traffic attacks and control traffic attacks. Specific attacks described include black hole, gray hole, jellyfish, worm hole, hello flood, bogus registration, man in middle, rushing, cache poisoning, and Sybil attacks. The document provides details on how each attack is carried out and its impact on the network.
Various Security Attacks in mobile ad hoc networks
- 1. Various Security Attacks in Mobile Ad-hoc Networks Prepared by: Kishan N. Patel
- 2. OUTLINE Overview Of Manet Manet Challenges Routing Protocols Routing Attacks Proactive Routing Protocol Reactive Routing Protocol Hybrid Routing Protocol Classification Of Attacks I. Data Traffic Attacks II. Control Traffic Attacksc Conclusion
- 3. OVERVIEW OF MANET A mobile ad hoc network (MANET) is a continuously self- configuring, infrastructure-less network of mobile devices connected without wires. Host movement is frequent. Topology changes frequently. No cellular infrastructure. Multi-hop wireless links. Data must be routed via intermediate nodes. A B A B
- 4. MANET CHALLENGES Packet loss due to transmission errors Variable capacity links Frequent disconnections/partitions Limited communication bandwidth Broadcast nature of the communications Dynamically changing topologies/routes Lack of mobility awareness by system/applications Short battery lifetime Limited capacities
- 5. ROUTING PROTOCOLS Ad hoc routing protocols can be classified as either proactive or reactive depending on the method used to discover and maintain routes. Proactive routing protocols discover and maintain a complete set of routes for the lifetime of the network. In contrast, reactive routing protocols only find routes when needed, and maintain those routes for the duration of communication. The primary objective of a routing protocol must be to set up an optimal route that has minimal overhead and consume minimum bandwidth
- 6. TYPE PROTOCOL Proactive (Table-driven) DSDV, OLSR, WRP, CGSR, FSR Reactive (On-demand) AODV, DSR, ACOR, ABR Hybrid TORA, ZRP, ARPAM, OORP, HSR, CGSR,
- 7. ROUTING ATTACKS Due to lack of trusted centralized administration, limited bandwidth, limited power, wireless links, dynamic topology and easy eavesdropping MANETs are more susceptible to security attacks than existing conventional networks. An attacker can violate them by passively or actively attacking on Ad hoc Networks. Both active and passive attacks can be launched on any layer of the network protocol stack on Ad hoc networks.
- 8. PROACTIVE ROUTING PROTOCOL In networks utilizing a proactive routing protocol, every node maintains one or more tables representing the entire topology of the network. These tables are updated regularly in order to maintain a up-to-date routing information from each node to every other node. The main disadvantages of such algorithms are: 1. Respective amount of data for maintenance. 2. Slow reaction on restructuring and failures.
- 9. REACTIVE ROUTING PROTOCOL This type of protocol combines the advantages of proactive and reactive routing. The routing is initially established with some proactively prospected routes and then serves the demand from additionally activated nodes through reactive flooding. The choice of one or the other method requires predetermination for typical cases. The main disadvantages of such algorithms are: 1. Advantage depends on number of other nodes activated. 2. Reaction to traffic demand depends on gradient of traffic volume.
- 10. HYBRID ROUTING PROTOCOL Hybrid Routing is a third classification of routing algorithm. Hybrid routing protocols use distance-vectors for more accurate metrics to determine the best paths to destination networks, and report routing information only when there is a change in the topology of the network.
- 11. TYPES OF ATTACKS EXAMPLE Passive Attacks Traffic analysis, Traffic monitoring and eavesdropping Active Attacks Modification, impersonation, fabrication, jamming and message replay
- 12. CLASSIFICATION OF ATTACKS we have categorized the presently existing attacks into two broad categories: DATA traffic attacks and CONTROL traffic attacks. This classification is based on their common characteristics and attack goals. For example: Black-Hole attack drops packets every time. Gray-Hole attack also drops packets but its action is based on two conditions: time or sender node.
- 14. DATA Traffic Attack DATA traffic attack deals either in nodes dropping data packets passing through them or in delaying of forwarding of the data packets. Some types of attacks choose victim packets for dropping while some of them drop all of them irrespective of sender nodes. This may highly degrade the quality of service and increases end to end delay. This also causes significant loss of important data. For e.g., a 100Mbps wireless link can behave as 1Mbps connection. Moreover, unless there is a redundant path around the erratic node, some of the nodes can be unreachable from each other altogether.
- 15. Black-Hole Attack In this attack, a malicious node acts like a Black hole, dropping all data packets passing through it as like matter and energy disappears from our universe in a black hole. If the attacking node is a connecting node of two connecting components of that network, then it effectively separates the ne Here the Black-Hole node separates the network into two Parts: 1. Collecting multiple RREP messages (from more than two nodes) and thus hoping multiple redundant paths to the destination node and then buffering the packets until a safe route is found. 2. Maintaining a table in each node with previous sequence number in increasing order. Each node before forwarding packets increases the sequence number. The sender node broadcasts RREQ to its neighbors and once this RREQ reaches the destination, it replies with a RREP with last packet sequence number. If the intermediate node finds that RREP contains a wrong sequence number, it understands that somewhere something went wrong.
- 16. Cooperative Black-Hole Attack This attack is similar to Black-Hole attack, but more than one malicious node tries to disrupt the network simultaneously. It is one of the most severe DATA traffic attack and can totally disrupt the operation of an Ad Hoc network. Mostly the only solution becomes finding alternating route to the destination, if at all exists. Detection method is similar to ordinary Black-Hole attack. In addition another solution is securing routing and node discovery in MANET by any suitable protocol such as SAODV, SNRP, SND, SRDP etc. Since each node is already trusted, black hole node should not be appearing in the network.
- 17. Gray-Hole Attack Gray-Hole attack has its own characteristic behavior. It too drops DATA packets, but node’s malicious activity is limited to certain conditions or trigger. Two most common type of behavior: 1. Node dependent attack – drops DATA packets destined towards a certain victim node or coming from certain node while for other nodes it behaves normally by routing DATA packets to the destination nodes correctly. 2. Time dependent attack – drops DATA packets based on some predetermined/trigger time while behaving normally during the other instances.
- 18. Jellyfish Attack Jellyfish attack is somewhat different from Black-Hole & Gray- Hole attack. Instead of blindly dropping the data packets, it delays them before finally delivering them. It may even scramble the order of packets in which they are received and sends it in random order. This disrupts the normal flow control mechanism used by nodes for reliable transmission. Jellyfish attack can result in significant end to end delay and thereby degrading QoS. Few of the methods used by attacker in this attack:
- 19. CONTROL Traffic Attack Mobile Ad-Hoc Network (MANET) is inherently vulnerable to attack due to its fundamental characteristics, such as open medium, distributed nodes, autonomy of nodes participation in network (nodes can join and leave the network on its will), lack of centralized authority which can enforce security on the network, distributed co-ordination and cooperation.
- 20. Worm Hole Attack Worm hole, in cosmological term, connects two distant points in space via a shortcut route. In the same way in MANET also one or more attacking node can disrupt routing by short-circuiting the network, thereby disrupting usual flow of packets. If this link becomes the lowest cost path to the destination then these malicious nodes will always be chosen while sending packets to that destination. The attacking node then can either monitor the traffic or can even disrupt the flow (via one of the DATA traffic attack).
- 21. HELLO Flood Attack The attacker node floods the network with a high quality route with a powerful transmitter. So, every node can forward their packets towards this node hoping it to be a better route to destination. Some can forward packets for those destinations which are out of the reach of the attacker node. A single high power transmitter can convince that all the nodes are his neighbor. The attacker node need not generate a legitimate traffic; it can just perform a selective replay attack as its power overwhelms other transceivers.
- 22. Bogus Registration Attack A Bogus registration attack is an active attack in which an attacker disguises itself as another node either by sending stolen beacon or generating such false beacons to register himself with a node as a neighbor. Once registered, it can snoop transmitted packets or may disrupt the network altogether. But this type of attack is difficult to achieve as the attacker needs to intimately know the masquerading nodes identity and network topology .
- 23. Man in Middle Attack In Man in Middle attack, the attacker node creeps into a valid route and tries to sniff packets flowing through it. To perform man in middle attack, the attacker first needs to be part of that route. It can do that by either temporarily disrupting the route by deregistering a node by sending malicious disassociation beacon captured previously or registering itself in next route timeout event. One way of protecting packets flowing through MANET from prying eyes is encrypting each packet. Though key distribution becomes a security issue.
- 24. Rushing Attack Each node before transmitting its data, first establishes a valid route to destination. Sender node broadcasts a RREQ (route request) message in neighborhood and valid routes replies with RREP (route reply) with proper route information. Some of the protocols use duplicate suppression mechanism to limit the route request and reply chatter in the network. Rushing attack exploits this duplicate suppression mechanism. Rushing attacker quickly forwards with a malicious RREP on behalf of some other node skipping any proper processing / Due to duplicate suppression, actual valid RREP message from valid node will be discarded and consequently the attacking node becomes part of the route . In rushing attack, attacker node does send packets to proper node after its own filtering is done, so from outside the network behaves normally as if nothing happened. But it might increase the delay in packet delivering to destination node
- 25. Cache Poisoning Attack Generally in AODV, each node keeps few of its most recent transmission routes until timeout occurs for each entry. So each route lingers for some time in node’s memory. If some malicious node performs a routing attack then they will stay in node’s route table until timeout occurs or a better route is found. An attacker node can advertise a zero metric to all of its destinations. Such route will not be overwritten unless timeout occurs. It can even advertise itself as a route to a distant node which is out of its reach. Once it becomes a part of the route, the attacker node can perform its malicious activity. Effect of Cache poisoning can be limited by either adding boundary leashes or by token authentication. Also each node can maintain its friend-foe list based on historical statistics of neighboring nodes performance.
- 26. Sybil Attack Sybil attack manifests itself by faking multiple identities by pretending to be consisting of multiple nodes in the network. So one single node can assume the role of multiple nodes and can monitor or hamper multiple nodes at a time. If Sybil attack is performed over a blackmailing attack, then level of disruption can be quite high. Success in Sybil attack depends on how the identities are generated in the system.
- 27. Conclusion We categorize the different types of ad hoc security attacks based on their characteristics to reduce the mitigation period. By bringing the attacks under these two categories the complicacy of naming also reduces. We have look on the existing algorithms needed to avoid the attacks and have tried to bind the attacks into categories according to that .
- 28. THANK YOU