Professional Documents
Culture Documents
Dept. of ECE
2/4/2014
Contents
EAACK Performance Evaluation Simulation configuration Advantages Future enhancement Conclusion Reference
Dept. of ECE
2/4/2014
Introduction
MANET -Mobile Ad hoc NETworks IDS
What is MANET????
Mobile Ad hoc NETworks
Wireless network Ad hoc = for this PURPOSE Used to exchange information NODES = transmitter + receiver
Nodes may be mobile Each node is willing to forward data to other nodes Communcation can be direct or indirect Nodes communicates directly within their ranges Otherwise rely on neighbours (indirectly)
2/4/2014
Dept. of ECE
Continuation.....
Properties
of MANETs
2/4/2014
Dept. of ECE
Continuation.
B A C C
A
B
2/4/2014
Dept. of ECE
Continuation.
Application of MANETS
Military application
Combat regiment in the field Perhaps 4000-8000 objects in constant unpredictable motion. Intercommunication of forces Proximity, plan of battle
Routing protocols assumes nodes are always cooperative Nodes are not physically protected
2/4/2014
Dept. of ECE
IDS
Intrusion Detection System Detect and report the malicious activity in ad hoc networks Researchers have proposed a number of collaborative IDS system 1. Watch dog 2. TWOACK 3. AACK
2/4/2014
Dept. of ECE
10
Watch dog
Watch dog and path rater Fails in Ambiguous collisions Receiver collision Limited transmission power False mis-behaviour report Collusion Partial dropping
2/4/2014 Dept. of ECE
11
Ambiguous collision
2/4/2014
Dept. of ECE
12
Receiver collision
2/4/2014
Dept. of ECE
13
2/4/2014
Dept. of ECE
14
2/4/2014
Dept. of ECE
15
TWOACK
2/4/2014
Dept. of ECE
16
Continuation....
Acknowledgment-based network layer scheme Neither an enhancement or watch dog based scheme Acknowledge every data packet transmitted over every three consecutive nodes
On receiving a packet , each node is required to send back an acknowledgment packet to the node that is two hops away from it.
2/4/2014
17
AACK
Adaptive ACKnowledgement Acknowledgment-based network layer scheme Reduce network overhead Combination of TACK (similar to TWOACK) and ACK ACK-End to end acknowledgment scheme
18
ACK
S will switch to TACK scheme if it doesnt get any ACK packet within predefined time
19
2/4/2014
Dept. of ECE
2/4/2014
Dept. of ECE
20
EAACK
Enhanced Adaptive ACKnowledgement Efficient and secure intrusion detection system for MANETs Higher malicious behaviour detection rates with minimal effect on network performance EAACK mechanism can be divided to three schemes
21
1. ACK
End-to-end acknowledgment scheme Brings extremely low network overhead To preserve the life cycle of battery
2/4/2014
Dept. of ECE
22
ACK scheme
2/4/2014
Dept. of ECE
23
2.S-ACK
Secure ACK Extension of TWOACK with digital signature Switch from ACK if S does not receive any acknowledgement packet Detect misbehaving nodes by sending S-ACK packet Every three consecutive nodes work in a group to detect misbehaving nodes
24
S-ACK scheme
25
26
This S-ACKnowledgement is send back to the reverse route F1 receives it and verify digital signature by computing with F3 public key. If there is no malicious nodes ,then the received hash value ==original hash value
27
2/4/2014
Dept. of ECE
F1 IS MALICIOUS
28
F2 IS MALICIOUS
29
F3 IS MALICIOUS
30
3.MRA
2/4/2014
Misbehaviour Report Authentication Designed to resolve the false misbehaviour report attack Such attack can break the entire network Basic idea - Authenticate whether the destination node has received the reported missing packet Alternate route is needed MRA packet is send via this alternate route MRA packet contains the ID of the packet that has been reported dropped Destination node search if there is a match
Dept. of ECE
31
Continuation...
If there is match,the report is fake and node ,whoever sends it, is marked as malicious If there is no match,the report is trusted.
2/4/2014
Dept. of ECE
32
EAACK SCHEME
2/4/2014
Dept. of ECE
33
Performance Evaluation
Packet delivery ratio (PDR): Ratio of the number of packets received by the destination node to the number of packets sent by the source node. Routing overhead (RO): RO defines the ratio of the amount of routingrelated transmissions.
2/4/2014
Dept. of ECE
34
Simulation configuration
2/4/2014
Dept. of ECE
35
2/4/2014
Dept. of ECE
36
ADVANTAGES
Solves limited transmission power and receiver collision problem. Capable of detecting misbehaviour attack Ensure authentication and packet integrity Digital signatures prevents the attack of forge acknowledgement packets
2/4/2014
Dept. of ECE
37
FUTURE ENHANCEMENT
Possibilities of adopting hybrid cryptography techniques to further reduce the network overhead caused by digital signature. Examine the possibilities of adopting a key exchange mechanism to eliminate the requirement of predistributed keys. Testing the performance of EAACK in real network environment.
38
Conclusion
EAACK makes MANETs more secure The major threats like false mis behaviour report and forge acknowledgement can be detected by using this scheme.
2/4/2014
Dept. of ECE
39
REFERENCE
EAACKA Secure Intrusion-Detection System for MANETs by Elhadi M. Shakshuki, Senior Member, IEEE, Nan Kang, and Tarek R. Sheltami, Member, IEEE Detecting Misbehaving Nodes in Mobile Ad hoc Networks by Nan Kang
2/4/2014
Dept. of ECE
40
2/4/2014
Dept. of ECE
41
2/4/2014
Dept. of ECE
42