Professional Documents
Culture Documents
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 45
Abstract— The popularity graph of ad hoc networks are incredibly increasing with the increase of its utilization in all fields. No
messy wired physical infrastructure and other innumerable advantages made this technology the first choice in emergency,
disaster management, healthcare, education, business etc. some time ad hoc networks have to pay the price for their
vulnerable features. This new technology and its associated protocols have numerous loopholes which may be the honey pots
for attackers.This paper has focused three major areas of wireless communication i.e. ad-hoc network, mesh network and
sensor network. These networks are mostly at risk of denial of service (DoS) attacks initiated through compromised nodes or
intruders. To avoid such attacks some of cryptographic algorithms, key management schemes and security models are
proposed but the networks are still insecure. Our goal here is to investigate the major issues, attacks and challenges belonging
to these networks. Some proposed schemes are also discussed here that mitigate these issues with a comparative study on the
basis of their performances. In future we will analyze and compare the routing protocols in wireless ad-hoc networks.
—————————— ——————————
1 INTRODUCTION
fers a new direction for researchers. low computation and reasonable level of security. Thus
low computational cryptographic such as symmetric
2 ISSUES AND PROBLEMS cryptography and threshold secrete sharing schemes
Wireless communication has emerged as a major may be use. RC pattern can be in between RR and CC
breakthrough in conventional wired communications. pattern. These three models fit in to group communi-
It has altered messy wired world into a smooth and cation models [2].
flexible ambiance. According to a well known adage,
there is no unmixed good in this world; execution of wire- Ana Paula [3] proposed a decentralized Intrusion De-
less network particularly ad-hoc network, sensor net- tection System (IDS) model that fits the demands and
work and mesh network carries various security and limitations of WSNs. The model is based on three
performance issues. These issues include: phases. Phase-1 perform data acquisition. Only those
messages are filtered and store which useful to the rule
2.1 Current Security Models and Prevailing application phase. Phase- 2 is rule application, each
Attacks: extracted messages from phase 1 is estimated accord-
Different performance, administration and manage- ing to a sequence of rules precise to each message type.
ment issues of a wireless network encountered due to If a message unsuccessful in one of the rules, failure
improper security model. Many security methods counters is incremented and discard the message, oth-
don’t guard against a number of prevailing threats. erwise message is discarded from data-structure list.
Therefore Wireless networks shows lack of satisfactory Intrusion detection is perform in Phase-3, that checks if
guarantees on security, during communications. Some round-failure value is greater than cumulative value or
of proposed solutions for these issues are discuss be- not, in case of greater value, then signal attack indica-
low: tion is generated [3].
Majority of at hand wireless network security models
are highly insecure and defenseless to active and pas- Sidra et al [4] defined distributed dynamically confi-
sive attackers. The hybrid Wireless Intrusion System gurable firewall architecture for Mobile Ad-hoc Net-
(WIDS) provides a model to combat the attackers. The works (MANETs). The model has three internal data
model is based on three phases; data-set generation, structures that are firewall table, Reject list & black list.
IDS creation and test phases. For data-set generation, Firewall table is used to maintain the entries of data
various types of files, for regular and attack types will flow for each new establish connection with five col-
be created. For IDS creation, a simple agent with five umns containing source & destination address, num-
modules is designed. The first module sniffs the traffic ber of packets arrived, threshold and life time of each
and sends it either Anomaly or Misuse detection en- entry. If number of packets crosses the threshold limit
gines. If inputs are not handled by both engines, it then incoming packets for that entry will be blocked by
sends it to probable attack module for more precise the firewall, which will be deleted from table if life
examination. If the attack is detected the engine call time exceeds. If for any entry in the firewall table,
the alarm module. Finally in test phase, used the data- number of packets arrived is greater than threshold
set collected in the first phase to test the wireless intru- and lifetime exceeds then it will be place it in the reject
sion detection agent in phase two [1]. list with double lifetime and threshold value will de-
crease. Blacklist hold entries of those nodes which
Due to distributed nature and short of globally trusted maintain its entry in the reject list five times [4].
central establishment, the WMNs shows lack of satis-
factory guarantees on security. Li Gao et al. [2] has deal Another security model for MANETs is proposed by
with low-computational and scalable key managing L.Prema [5], named Enhancement on Intrusion Detec-
model for WMNs. This key management model has tion Systems for Ad-hoc Networks (EIDAN). The EI-
three levels of key management, including key man- DAN architecture model has four logical components.
agement protocols for mesh router pattern (RR), mesh First component is Traffic Interception Module, con-
client pattern (CC) and mesh router & mesh client pat- fines the incoming traffic from the network & selects
tern (RC). RR pattern is required highest level of secu- which of these packets should be more examines.
rity, may use efficient cryptography such as PKI, two- Event Generation Module is accountable for abstract-
party Diffie-Hellman schemes. CC pattern is required ing the necessary information essential for the attack
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 2, FEBRUARY 2011, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 47
analysis module. Attack Analysis module checks the cast the RREQs packet that goes by on all the ways
presence of attacks, if attack is present then send these from that source node. The RREQs received by target
malicious packets to counter measure module. Finally node, forwards the RREPs by using the reverse route.
the Counter Measure Module is responsible for taking If the RREPs arrive from the trustworthy intermediate
any further action on packets. Either the packets are node, starts to send data. Otherwise ask for further
dropped or taking some actions on malicious packets request. If the node is detected to be wicked node by
comes from the attack analysis module [5]. the two hop acknowledgement mechanism then to
provide solution to attack, perform secure message
transmission [7].
tance node, if RREQ value is less than its threshold, the if found legitimate, they start to search their AMTTs,
RREQ forwards otherwise discards. Same rule will be and put equivalent item’s validity indication as 1 or
applied in case of Stanger node. The threshold values else they discard this RREP. When two nodes finish
are considered as friend > acquaintance > stranger [15]. their communication, source node will send RANC
(route announcement) to other intermediate nodes, all
Ping Yi et al. [16] Proposed Flooding Attack Prevention nodes receives RANC will delete corresponding items
(FAP), a general defense against the Ad Hoc Flooding in their AMTTS table [18].
Attack. The scheme based on neighbor suppression.
The main idea of neighbor suppression is that each Flooding attack mitigation scheme present [19] de-
neighbor calculates the rate of RREQ originated by scribe as for every node, it observes the neighbor’s
intruder. If the rate exceeds some threshold, all neigh- packets generated during an interval. The Packets are
bors will not receive and forward packets from intrud- dropped if the rates of transmission packets are ex-
er. Every node has to maintain two tables Rate-RREQ ceeded from threshold limit i.e. ‘α’. But if the same
& Blacklist. The Rate-RREQ has two columns: Node-ID neighbor exceeds ‘α’ by blacklist-threshold ‘β’ then it is
and RREQ-time. If a node receives a RREQ, it looks up consider as flooding node. Now put this node to black-
the node ID in the table of Rate-RREQ, to ensure who list as a flooder and discarded all packets comes from
is requesting. Find node ID and increment RREQ-time flooded neighbor node. The node continuous monitors
field by 1. If RREQ-time is greater than the threshold the behavior of blacklisted neighbor node in the suc-
value, put node ID into Blacklist [16]. cessive periods. The blacklisted node has to show gen-
tle behavior for ‘γ’ interval or whitelist-threshold to
As in AODV the node set outs RREQ packet according turn into white-listed. Given the blacklisted neighbor is
to FIFO rule. In flooding attack prevention scheme experienced to be gentle, the observing node then whi-
[17], the FIFO has changed with rule of priority. Nodes telists the neighbor and starts to forward the packets
maintain the priority & threshold for its neighbor for the neighbor [19].
node. The node priority is inversely proportion with
RREQ frequency. If RREQ frequency of attacker in- 2.3.4 DOS Attack:
creases by threshold value, the node will not entertain Denial of service attack can attempt to flood a network,
further RREQ from the attacker node. This technique is thereby preventing legitimate network traffic and pre-
called Neighbor Suppression, which uses to mitigate vent a particular individual from accessing a service.
RREQ flooding attack. For data flooding attack, path With the inherent resource limitations and vulnerabili-
cutoff scheme is uses. The attacker has established a ties of WSN devices, they can easily catch attacks spe-
path from the invader to victim node ahead. Once the cially Denial-of-Service (DOS) attack.
victim locates the DATA Flooding Attack, the path can
be cut off from the attacker [17]. In [20] author survey different attack especially DOS
attack to discover the attacker, his capabilities, purpose
of the attack and the end result. He studied that Jam-
ming is intentional intrusion with radio reception to
deny the target. Spread-spectrum techniques can be
used to overcome jamming problem. The intruder can
damage, destroy or tamper the sensor nodes, camouf-
laging the packaging & using low-probability of inter-
cept radio techniques, can mitigate these problems. An
attacker can deliberately cause collisions, error correct-
ing codes can be use to avoid attack. In selective for-
Fig. 2: neighbor nodes isolate attacker [17] warding sensor device can only neglect to forward cer-
tain messages, multiple disjoint routing paths and di-
S. Li et al. [18] proposed Avoiding Mistaken Transmis- versity coding can be use to overcome this problem. In
sion Table (AMTT) scheme to combat Flooding attack. wormhole attack, enemies collaborate to offer a low-
Each node establishes an AMTT table to record re-
latency side-channel for communication packets are
ceived RREQ packages and other fields. When one
node wants to send package to any other node, it totally controlled by these two adversaries. Packet
floods RREQ package. Each node receiving this RREQ leashes scheme can be use to overcome this problem
fills the fields of its AMTT table, sets the RREQ Num [20].
field as 1. Now whenever receives a RREQ with the
same node, the RREQ Num value increases by 1. The The following table provides a dash board in under-
destination node receive RREQ, it fills AMTT table &
sends RREP package. Other node checks it validity and standing the effectiveness of above IDS schemes.
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 2, FEBRUARY 2011, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG
Wireless Intrusion Detection Yes. The use of agents Yes Yes Impersonation, net- Yes. using
system (WIDS) [Ref. 1] will slow down the work discovery, man-in- the Yazd
communication. the-middle, DOS. university
test bed
Distributed dynamically confi- Yes. To maintain extra No. Single point of Yes Data flooding attacks No.
gurable firewall architecture [4] attributes of a table. failure possible
Enhancement on Intrusion De- No. without interfer- Yes Yes Resource Consumption Yes.
tection Systems for Ad-hoc ing routing operations. Attacks, Packet Drop- Using NS-2
Networks (EIDAN) [5] ping attacks, Fabrica-
tion Attack.
Security extension to deal with No. Scheme has no yes yes Dropping of data pack- Yes.
the selfish node attack [7] cryptography or ets, selfish behavior of Using NS-2
agents. nodes.
Multipath Routing [11] Yes. Multipath in- Yes Yes Wormhole attack Yes.
creases transmission Using NS-2
overhead.
Wormhole Attack Prevention No. scheme has no Yes Yes Wormhole attack Yes.
(WAP) [12] special hardware or Using
cryptography. only QualNet
energy inefficient
Intrusion Detection using Ano- No. scheme minimizes Yes Yes black hole attack Yes.
maly Detection (IDAD) scheme the number of extra Using NS-2
[13] routing packets.
The extent of friendship be- No. scheme increases No. malicious pack- No Flooding attack No. Only
tween the nodes [15] throughput ets are still present in used AODV
network protocol.
Flooding Attack Prevention Yes. Scheme has little No. fail to resist cor- yes Ad-hoc Flooding attack Yes.
(FAP) [16] overload. porative work of two Using NS-2
or more attacking
nodes
Avoiding Mistaken Transmission Yes. The use of tables Yes. But within li- No. fail to Flooding attack No
Table(AMTT) [18] will slow down the mited links. work on
communication more link
process.
Novel technique to deal with No. Yes yes Flooding attack Yes.
flooding attacks [19] Using NS-2
4 CONCLUSION AND FUTURE WORK tion attacks but still have limitations which raise ques-
tions on their usability. The protocols associated with
In this paper, we investigate some very common but
MANETs require more research; especially reactive
challenging issues experienced by ad-hoc wireless
protocols may be traped by intruders at the time of
communication. We have divided our studies into
route discovery process. Our comparative study on
three sub-domains i.e. Security Models, Vulnerability
the basis of proposed IDS, may provide a direction and
in Current Protocols and Attacks. Security attacks are
thinking towards solution space. The role of this paper
major issue of ad hoc networks which can be mitigated
is to spell out the severity of current security chal-
by adopting some proposed schemes. Here we ex-
lenges and other correlated issues in ad hoc wireless
plored the proposed methodologies and security
communications.
schemes that guard against large number of attacks
including DOS, Wormhole, Blackhole and Flooding
attacks. Indeed these schemes are effective for detec-
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 2, FEBRUARY 2011, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 51
• Future research in the area of vulnerabilities in [9] Buttyan, L.; Csik, L.: “Security Analysis of Reliable Transport
Layer Protocols for Wireless Sensor Networks” Pervasive Com-
current security models in wireless networks
puting and Communications Workshops (PERCOM Workshops),
would concentrate on intelligent agents to en- 2010 8th IEEE International Conference, Publication Year: 2010 ,
hance the precision of intrusion detection rate Page(s): 419 - 424
and replace static threshold values with dy- [10] Al-Wakeel, S.S.; Al-Swailemm SA.: “PRSA: A Path Redundancy
namic values. Based Security Algorithm for Wireless Sensor Networks” Wire-
• Future research in the area of current wireless less Communications and Networking Conference, 2007.WCNC
2007. IEEE , Publication Year: 2007 , Page(s): 4156 - 4160
protocols would concentrate on higher trans-
[11] Taheri, Mahdi; Naderi, Majid; Barekatain, Mohammad Bagher:
mission with low-cost, flexible and lesser
“New Approach for Detection and defending the Wormhole
energy consumption, which is still a challeng- Attacks in Wireless Ad Hoc Networks” Electrical Engineering
ing open issue. Also all current intrusion de- (ICEE), 2010 18th Iranian Conference on, 2010 , Page(s): 331 - 335
tection schemes discover attacks only by in [12] Sun Choi; Doo-young Kim; Do-hyeon Lee; Jae-il Jung: “WAP:
view of the single layer but no robust intrusion Wormhole Attack Prevention Algorithm in Mobile Ad Hoc
detection method exists for wireless mesh en- Networks” Sensor Networks, Ubiquitous and Trustworthy Compu-
ting, 2008. SUTC '08. IEEE International Conference ,2008 pp.343 -
vironments. 348
• Future research in the area of security issues
[13] Alem, Yibeltal Fantahun; Xuan, Zhao Cheng: “Preventing Black
and attacks would concentrate on network- Hole Attack in Mobile Ad-hoc Networks Using Anomaly De-
based IDS as majority of proposed IDS uses tection” Future Computer and Communication (ICFCC), 2010 2nd
host-based IDS schema. International Conference , 2010 , Page(s): V3-672 - V3-676
[14] Shahid Shehzad Bajwa, M. Khalid Khan:“Grouped Black hole
REFERENCES Attacks Security Model(GBHASM) for Wireless Ad-Hoc Net-
works” Computer and Automation Engineering (ICCAE), 2010 The
[1] Haddadi, F.; Sarram, M.A: “Wireless Intrusion Detection Sys-
2nd International Conference Vol.1 , 2010 pp. 756-760
tem Using a Lightweight Agent”computer and network technology
(ICCNT), second international conference on digital object identifi- [15] Revathi Venkataraman, M. Pushpalatha, and T. Rama Rao,
er,2010 pp.84-87 SRM University:“ Performance Analysis of Flooding Attack
Prevention Algorithm in MANETs” worldacademy of science, en-
[2] Li Gao; Chang, E.; Parvin, S.; Song Han; Dillon, T: “A Secure
gineering and technology , 2009
Key Management Model for Wireless Mesh Networks” Ad-
vanced Information Networking and Applications (AINA), 2010 24th [16] Ping Yi; Zhoulin Dai; Yiping Zhong; Shiyong Zhang:“ A New
IEEE International Conference on Digital Object Identifier, 2010 Routing Attack in Mobile Ad Hoc Networks” International jour-
pp.655 – 660 nal of information technology Vol. 11 No.2
[3] Ana Paula R. da Silva. Marcelo H.T. Martins. Bruno P.S. Rocha. [17] Ping Yi; Zhoulin Dai; Yiping Zhong; Shiyong Zhang: “Resisting
Antonio A.F. Loureiro: “Decentralized Intrusion Detection in Flooding Attacks in Ad-hoc Networks” Information Technology:
Wireless Sensor Networks” Q2SWinet, 05, October 13, 2005, Coding and Computing, 2005. ITCC 2005. International Conference ,
Montreal, Quebec, Canada. ACM, 2005 2005 Page(s): 657 - 662 Vol. 2
[4] Sidra Akram, Izza Zubair, M. Hasan Islam: “Fully Distributed [18] Shaomei Li; Qiang Liu; Hongchang Chen; Mantang Tan.: “A
Dynamically Configurable Firewall to Resist DOS Attacks in New Method to Resist Flooding Attacks in Ad Hoc Networks”
MANET” Networked Digital Technologies, 2009. NDT '09. First In- Wireless Communications, Networking and Mobile Computing,
ternational Conference on Digital Object Identifier, 2009 pp.547 - 2006. WiCOM 2006.International Conference, 2006 , Page(s): 1 – 4
549 [19] Balakrishnan, V.; Varadharajan, V.; Tupakula, U.; Moe, M.E.G.:
[5] Rajeswari, L. Prema; Annie, R. Arockia Xavier; Kannan, A: “Mitigating Flooding Attacks in Mobile Ad-hoc Networks Sup-
“Enhanced Intrusion Detection Techniques for Mobile Ad Hoc porting Anonymous Communications” Wireless Broadband and
Networks” Information and Communication Technology in Electric- Ultra Wideband Communications, 2007. AusWireless 2007. The 2nd
al Sciences (ICTES 2007), 2007. ICTES. IET-UK International Con- International Conference, 2007 , Page(s): 29 – 29
ference , 2007 , Page(s): 1008 - 1013 [20] Anthony D. Wood and John A.Stankovie..: “A Taxonomy for
[6] Seth, S.; Gankotiya, A.; Jindal, A.: “Current State of Art Re- Denial-of-Service Attacks in Wireless Sensor Networks” Com-
search Issues and Challenges in Wireless Mesh Networks” puter Engineering and Applications (ICCEA), 2010 Second Interna-
Computer Engineering and Applications (ICCEA), 2010 Second In- tional Conference 2010 , Page(s): 199 – 203
ternational Conference 2010 , Page(s): 199 – 203
[7] Sankareswary, P.; Suganthi, R.; Sumathi, G.: “Impact of Selfish AUTHORS’ PROFILES
Nodes in Multicast Ad-hoc on demand Distance Vector Proto-
col” Wireless Communication and Sensor Computing, 2010. Kashif Laeeq is a lecturer at the department of
ICWCSC 2010. International Conference, 2010 , Page(s): 1 - 6 Computer Science in Federal Urdu University of
[8] Bansal, Divya; Sofat, Sanjeev.: “Securing IEEE 802.11 based Arts, Science & Technology, Karachi. He ob-
Hybrid Wireless Mesh Networks” E-Health Networking, Digital tained his first master degree (M.Sc) in Mathe-
Ecosystems and Technologies (EDT), 2010 International Conference matics from University of Karachi and did his
on Volume: 1, Publication Year: 2010 , Page(s): 431 – 435 second master (MCS) in computer science from
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 2, FEBRUARY 2011, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG