2/4/2014

Dept. of ECE

EAACKA Secure IntrusionDetection System for MANETs

Demo

2/4/2014

Contents

Introduction What is MANET???? Need For IDS???? IDS

1. 2. 3. Watch dog TWOACK AACK

EAACK Performance Evaluation Simulation configuration Advantages Future enhancement Conclusion Reference
Dept. of ECE

2/4/2014

Introduction
MANET -Mobile Ad hoc NETworks IDS

-Intrusion Detection Systems

EAACK-Enhanced Adaptive ACKnowledgement

2/4/2014 Dept. of ECE

What is MANET????
Mobile Ad hoc NETworks

Wireless network Ad hoc = for this PURPOSE Used to exchange information NODES = transmitter + receiver
Nodes may be mobile Each node is willing to forward data to other nodes Communcation can be direct or indirect Nodes communicates directly within their ranges Otherwise rely on neighbours (indirectly)

2/4/2014

Dept. of ECE

Continuation.....

Properties

of MANETs

No fixed infrastructure Self configuring ability Dynamic topology Decentralized network

2/4/2014

Dept. of ECE

Continuation.

Routes between nodes may contain multiple hops

Nodes act as routers to forward packets for each other Node mobility may cause the routes change

B A C C

A
B

2/4/2014

Dept. of ECE

Continuation.

Application of MANETS
Military application
Combat regiment in the field Perhaps 4000-8000 objects in constant unpredictable motion. Intercommunication of forces Proximity, plan of battle

Sensor networks Automotive networks Industrial application

2/4/2014 Dept. of ECE

Need for IDS????

MANET vulnerable to malicious attackers

o Open medium o Wide distribution of nodes

Routing protocols assumes nodes are always cooperative Nodes are not physically protected

2/4/2014

Dept. of ECE

IDS

Intrusion Detection System Detect and report the malicious activity in ad hoc networks Researchers have proposed a number of collaborative IDS system 1. Watch dog 2. TWOACK 3. AACK

2/4/2014

Dept. of ECE

10

Watch dog
Watch dog and path rater Fails in Ambiguous collisions Receiver collision Limited transmission power False mis-behaviour report Collusion Partial dropping
2/4/2014 Dept. of ECE

11

Ambiguous collision

2/4/2014

Dept. of ECE

12

Receiver collision

2/4/2014

Dept. of ECE

13

Limited transmission power

2/4/2014

Dept. of ECE

14

False misbehaviour report

2/4/2014

Dept. of ECE

15

TWOACK

2/4/2014

Dept. of ECE

16

Continuation....

Acknowledgment-based network layer scheme Neither an enhancement or watch dog based scheme Acknowledge every data packet transmitted over every three consecutive nodes

On receiving a packet , each node is required to send back an acknowledgment packet to the node that is two hops away from it.

Solves receiver collision and limited transmission power

problem

Network overhead is present

Dept. of ECE

2/4/2014

17

AACK
Adaptive ACKnowledgement Acknowledgment-based network layer scheme Reduce network overhead Combination of TACK (similar to TWOACK) and ACK ACK-End to end acknowledgment scheme

2/4/2014 Dept. of ECE

18

ACK

S will switch to TACK scheme if it doesnt get any ACK packet within predefined time
19

2/4/2014

Dept. of ECE

The need of new IDS???

Both TWOACK and AACK fails in

1. False misbehaviour report 2. Forged acknowledgement packet

2/4/2014

Dept. of ECE

20

EAACK
Enhanced Adaptive ACKnowledgement Efficient and secure intrusion detection system for MANETs Higher malicious behaviour detection rates with minimal effect on network performance EAACK mechanism can be divided to three schemes

1. ACK(end to end acknowledgement scheme) 2. S-ACK(Secure ACK) 3. MRA(Misbehaviour Report Authentication)

2/4/2014 Dept. of ECE

21

1. ACK
End-to-end acknowledgment scheme Brings extremely low network overhead To preserve the life cycle of battery

Low network overhead Lom memory consumption

2/4/2014

Dept. of ECE

22

ACK scheme

2/4/2014

Dept. of ECE

23

2.S-ACK
Secure ACK Extension of TWOACK with digital signature Switch from ACK if S does not receive any acknowledgement packet Detect misbehaving nodes by sending S-ACK packet Every three consecutive nodes work in a group to detect misbehaving nodes

2/4/2014 Dept. of ECE

24

S-ACK scheme

Who is malicious?? F1,F2 OR F3???

2/4/2014 Dept. of ECE

25

NONE IS MALICIOUS ..............

Route is F1 F2 F3 F1 sends S-ACK data packet to F3 via the route F2 F3 Before sending F1 store # value of data packet and sending time F2 receives packet from F1 and forward to F3 F3 receives the data packet and send SACK acknowledgement

Contain # value and digital signature of F3

2/4/2014 Dept. of ECE

26

This S-ACKnowledgement is send back to the reverse route F1 receives it and verify digital signature by computing with F3 public key. If there is no malicious nodes ,then the received hash value ==original hash value

27

2/4/2014

Dept. of ECE

F1 IS MALICIOUS

False misbehaviour attack In EAACK,it initiates MRA scheme.

2/4/2014 Dept. of ECE

28

F2 IS MALICIOUS

Digital signature of F3 is needed Prevent forged acknowledgement

2/4/2014 Dept. of ECE

29

F3 IS MALICIOUS

If F3 refuses to send back acknowledgement packets, it will be marked as malicious

2/4/2014 Dept. of ECE

30

3.MRA

2/4/2014

Misbehaviour Report Authentication Designed to resolve the false misbehaviour report attack Such attack can break the entire network Basic idea - Authenticate whether the destination node has received the reported missing packet Alternate route is needed MRA packet is send via this alternate route MRA packet contains the ID of the packet that has been reported dropped Destination node search if there is a match
Dept. of ECE

31

Continuation...
If there is match,the report is fake and node ,whoever sends it, is marked as malicious If there is no match,the report is trusted.

2/4/2014

Dept. of ECE

32

EAACK SCHEME

2/4/2014

Dept. of ECE

33

Performance Evaluation
Packet delivery ratio (PDR): Ratio of the number of packets received by the destination node to the number of packets sent by the source node. Routing overhead (RO): RO defines the ratio of the amount of routingrelated transmissions.

2/4/2014

Dept. of ECE

34

Simulation configuration

Scenario 1: Malicious nodes drop all the

packets that pass through it.

Scenario 2: Set all malicious nodes to

send out false misbehavior report to the source node whenever it is possible

Scenario 3: Provide the malicious nodes

the ability to forge acknowledgment packets.

2/4/2014

Dept. of ECE

35

2/4/2014

Dept. of ECE

36

ADVANTAGES
Solves limited transmission power and receiver collision problem. Capable of detecting misbehaviour attack Ensure authentication and packet integrity Digital signatures prevents the attack of forge acknowledgement packets

2/4/2014

Dept. of ECE

37

FUTURE ENHANCEMENT
Possibilities of adopting hybrid cryptography techniques to further reduce the network overhead caused by digital signature. Examine the possibilities of adopting a key exchange mechanism to eliminate the requirement of predistributed keys. Testing the performance of EAACK in real network environment.

2/4/2014 Dept. of ECE

38

Conclusion
EAACK makes MANETs more secure The major threats like false mis behaviour report and forge acknowledgement can be detected by using this scheme.

2/4/2014

Dept. of ECE

39

REFERENCE

EAACKA Secure Intrusion-Detection System for MANETs by Elhadi M. Shakshuki, Senior Member, IEEE, Nan Kang, and Tarek R. Sheltami, Member, IEEE Detecting Misbehaving Nodes in Mobile Ad hoc Networks by Nan Kang

2/4/2014

Dept. of ECE

40

2/4/2014

Dept. of ECE

41

2/4/2014

Dept. of ECE

42