Professional Documents
Culture Documents
Abhishek Seth
04329001
November12 ,2004
1
• Mine cite operations. 2.4.1 Dynamic Source Routing
• Urgent Business meetings. Dynamic Source Routing (DSR) uses source routing to
deliver packets from one node in the network to some
other node. The source node adds the full path to
2.3 Disadvantages the destination in terms of intermediate nodes in ev-
Some of the disadvantages of MANETs are: ery packet . This information is used by intermediate
node to determine whether to accept the packet and
• Limited resources. to whom to forward it. DSR operates on two mech-
anisms: Route Discovery and Route Maintainance.
• Limited physical security. Route Discovery is used when the sender does not
know the path upto the destination. In this mecha-
• Intrinsic mutual trust vulnerable to attacks. nism, the sender broadcasts a ROUTE REQUEST message
which contains Source Address, Destination Address
• Lack of authorization facilities.
, Identifier. Each intermediate node adds its address
• Volatile network topology makes it hard to detect in ROUTE REQUEST message and rebroadcast it, unless
malicious nodes. it has not rebroadcasted earlier. With this controlled
broadcast, the ROUTE REQUEST will ultimately reaches
• Security protocols for wired networks cannot work the destination. The destination then sends a unicast
for ad hoc networks. ROUTE REPLY message in reverse direction whose infor-
mation is obtained from list of intermediate nodes in
ROUTE REQUEST message.
2.4 Routing When the ROUTE REPLY packet reaches the source, it
The knowledge of routing protocols of MANETs is records the route contained in it and saves in its cache
important to understand the security problems in for the specific destination. For better performance,
MANETs. The routing procols used in MANETs are intermediate nodes also records this route information
different from routing protocols of traditional wired from the two route messages. All nodes overhearing
world. Some of the reasons are listed below: these packet adds meaningfull route entries in their
caches.
• Frequent Route updates. Finally, Route Maintainance Mechanism is used to no-
tify souce and potentially trigger new route discovery
• Mobility. events when changes in the network topology invali-
dates a cached route.
• Limited transmission range.
The performance criteria of nodes in MANETs are dif- 2.4.2 Adhoc On-demand Distance Vector
ferent than that of wired networks. Some of the perfor- Routing
mance metrics of MANET routing protocols are listed
below: Adhoc On demand Distance Vector rouing (AODV) is
another on-demand protocol. It has similar mechanism
• Energy consumption. of ROUTE REQUEST and ROUTE REPLY as that in DSR.
However, it does not rely on source routing, rather it
• Route Stability despite mobility. makes use of routing tables at intermediate nodes. The
nodes maintain routing table entries of all reachable
Routing protocols in Mobile Adhoc Networks are ma- nodes in the network. The entries in routing tables are
jorly of two categories: of the form: < Destination, Next Hop, No. of hops,
• Proactive Protocols Sequence Number >. Sequence number is used to main-
tain freshness. The route table is used to route data
• Reactive Protocols packets destined for a particular node and to respond
to ROUTE REQUEST. The advantage of AODV over DSR
Reactive Routing protocols are based on finding routes is that, a data packet does not need to contain whole
between two nodes , when it is required. This is dif- route to the destination.
ferent from traditional Proactive Routing Protocols in
which nodes periodically sends messages to each other
in order to maintain routes. Only Reactive Protocols 3 Security basics
are considered in this article, as they are extensively
studied and used in MANETs. Among many Reac- Before proceeding further, the reader should have the
tive Routing Protocols, only two of them are described knowledge of following terminologies of Network Secu-
below as they are mostly studied. rity:
2
• Symmetric Key Cryptograpy. • Jamming.
• Hash and Message Authentication Codes (MAC) • Packet Modifications and Dropping.
• BlackHole attack.
4 Security Problems in
MANETs • Wormhole attack.
• Rushing attack.
MANETs are much more vulnerable to attack than
wired network. This is because of the following reasons All these attacks are discussed in further subsections:
:
• Lack of Centralized Monitoring - Absence of any • High power pulsed full band jammers.
centralized infrastructure prohibits any monitor-
• Low power partial-band jammers.
ing agent in the system.
Jamming attacks can be mounted from a location re-
• Lack of Clear Line of Defense - The only use of I
mote from the targeted network. This makes this at-
line of defense - attack prevention may not suffice.
tack extremely inevitable.
Experience of security research in wired world has
taught us that we need to deploy layered security
mechanisms because security is a process that is 4.1.1 Countermeasures
as secure as its weakest link . In addition to pre- The solution to jamming is to use Spread-Spectrum
vention, we need II line of defense - detection and technology to transmit data. Spread - Spectrum con-
response. sumer more bandwidth than do narrowband transmis-
sion. It is designed to resist eavesdropping, interfer-
The possible security attacks in MANETs can be di- ence, and noise. Spreading codes are used to broaden
vided into two categories: the narrow band signal. The receiver uses the same
spreading code used by the transmitter to narrow down
• Route Logic Compromise: Incorrect routing
the spread signal to its original form. The 802.11 Wire-
control messages are injected into the network to
less standard already uses these techniques to resist
damage routing logic.
these attacks.
• Traffic Distortion Attack: All attacks that pro-
hibits data packets to transfer from the source to • Frequency-Hopping Spread Spectrum(FHSS): In
the destination, either selectively or collectively this technique , a radio signal is sent over a num-
comes under the category of Traffic Distortion At- ber of channels. At a time only one channel is
tack. This type of attack can snoop network traf- used, and the hopping sequence of using different
fic, manipulate or corrupt packet header or con- channels is determined by a pseudo-random code
tents, block or reply transmissions for some mali- sequence. Only receiver, who knows the code can
cious purposes. narrow down the signal.
1 Wireless Local Area Network
The list of some of the attacks in MANETs is as follows: 2 Industrial, Scientific and Military band
3
• Direct-Sequence Spread Spectrum(DSSS): Under of packet dropping based on frequency and selective-
these technique, each data bit in the signal is ness are given below:
transmitted as 11 bit chipping sequence (if 11 bit
chip code is used), which are converted into a • Selective dropping
waveform. The waveforms are then transmitted • Constant dropping
over a wide range of frequencies. The receiver un-
spreads the chip to recover the original data. • Periodic dropping
simply drops data or route packets. Some Variations that it absorbs all light and hence appear to be black.
4
location in the network, tunnels the packet to another M node waits for route request RREQ of sources ei-
location in the network, and replays the packet from ther selectively or collectively . Whenever the RREQ
the second location. This requires the attacker to have arrives, the malicious node M rushes the request to
just two nodes, connected by private tunnel. Tunneling the next intermediate node, in a hope to get a route
of packet can be done either by using single long-range through it. The probability of getting a route through
directional wireless link or through a direct wired link. M is higher, because of the property of all nodes to
If the distance between two end points of tunnel is select the first RREQ and forward it, and discarding
greater than the radio coverage of nodes, the tunneling the duplicate RREQ.
can always be faster than the normal multihop route If the RREQ forwarded by the attacker are the first
between the end points of tunnel. This tunnel is refered to reach each neighbour of the target, then any route
to as wormhole. discovered by this Route Discovery will include a hop
Various issues are: through the attacker. Note that even if secure routing
is used, this attack is possible. The malicious node
• Either all or selected packets are tunneled. can achieve various malicious purposes, after a route
is established through it. It includes eavesdropping
• Apart from packets destined to this node, other (if proper encryptions not used),Packet Dropping ,and
packets obtained by eaves-dropping can also be other possible attacks.
tunneled. The Rushing attack acts as an effective denial-of-
service attack against all currently proposed on-
The wormhole between two nodes can make some dis- demand ad hoc network routing protocols, including
tance nodes to believe that they are neighbours. Many secure routing protcols.
exploits can be possible after this fraud. One pow- Some of the techniques that the attacker can use for
erfull exploit is to tunnel the RREQ packets from a rushing attack:
node near the sender to some node near the destina-
tion. This prevents any routes other than through the • Quickly forward the packet without following con-
wormhole from being discovered. This is because, tun- tention protocol. Contention protocols require to
neling of RREQ can always be done faster than the wait for some time before transmitting packets in
normal multihop trasnmission of RREQ. The attacker order to prevent packet collisions.
then exploit the wormhole by discarding, rather than
• Keep the network interfaces of neighbour inter-
forwarding data packets, thereby creaing a Permanent
faces full by some DOS attack. This will lower the
Denial of Service. No other route can be discovered
chances that the neighbours will forward RREQ
as long as the wormhole is active and first come first
packet first. One way of doing this, is to send
select strategy is used for RREQ forwarding. This at-
them bogus authetication requests and keep them
tack is always possible if distance between the sender
busy in verifying these requests.
and receiver is greater than two hops.
The thing that makes this attack very strong is that, • Attacker can employ a wormhole to rush the
this attack is possible even if all communication pro- RREQ to the destination.
vides authenticity and confidentiality and even if at-
tacker has no keys.
5 Ariadne - Secure routing pro-
4.8.1 Power of wormhole attack tocol
Let A and B are far apart nodes, and believe that they Ariadne is a secure On-Demand Routing Protocol for
are neighbours because of a wormhole between them. MANETs. It prevents an attacker to tamper with un-
If best existing route from A to B is atleast 2N + 2 compromised routes and large number of types of DOS
hops long, then any node C within N hops of A would attacks. Ariadne can authenticate routing messages
be unable to communicate with B. This is because using either shared secrets between each pair of nodes,
C would find a shortest path to B through A, with or shared secrets between communicating nodes com-
maximum hop count of N + 1( hop count between A bined with broadcast authentication, or digital signa-
and B is one because of wormhole). The other path tures. Ariadne appreciates use of TESLA , an efficient
from C to B would have a length of atleast N + 2 broadcast authentication scheme. The next subsection
hop counts, which is less than the hop count of route introduces TESLA.
selected through A, and hence rejected.
5.1 TESLA
4.9 Rushing attack
TESLA is an asymmetric broadcast authentication
In rushing attack, a malicious node wants a route to be protocol. It is different than the traditional asymmet-
established through it. For this purpose, a malicious ric protocol such as RSA. RSA operations are computa-
5
tionally expensive and very costly if carried on resource • Initiator = Sender address
constrained mobile nodes. Authentication is provided
using MAC4 . MAC alone cannot be used for broadcast • target = Destination address
authentication because the receiver(s) (who know the • id = Unique id for RREQ by sender
secret key of MAC) also can forge message on behalf
of sender. TESLA makes use of loose clock synchro- • time-interval = TESLA time interval at the pes-
nization and delayed key disclosure for achieving its simistic expected arrival time of the REQ at the
purpose. target.
In brief, MAC function is a many to one function,
• hash-chain = Initialized to M ACKSD
that takes message M and secret key K as arguements
(initiator,target,id,time-interval ), where KSD
and produces a number called MAC. This MAC is ap-
is the shared secret key between source and
pended to the message being transmitted. Authentica-
destination.
tion is carried out at the receiver by recalculating MAC
of the message, if secret key is known and compare it • node-list and MAC-list = Empty list.
with the MAC appended in message. If both MAC are
same, message is authenticated. Any intermediate node A when receives the RREQ
MAC = F ( M , K ) checks for its validation and forwards the packet after
The procedure of TESLA is given below: doing following steps:
• Sender computes one way key chain • Appending its own address, A, to the node-list.
[K0 , K1 , ..., Kn ] as follows
• Replace hash-chain field with H[A, hash − chain].
Kn = Randomkey • Appending the MAC of entire RREQ, calculated
Kj−1 = H[Kj ] by its TESLA key KAi ,corresponding to time-
interval to the MAC-list.
Here K0 to Kn are keys and H is the hash function.
Finally the target node when receives the RREQ do
• The order of publishing keys is: K1 , K2 ..., Kn . the following, before replying with RREP.
This keys stream can be verified to come from sin-
gle source by calculating hash of the key Ki and • Check if TESLA keys are not disclosed yet.
comparing it with previously published key Ki−1 . • Verify the hash-chain equal to
• Before disclosing key Ki , sender sends its packet H[A n , H[A n−1 , H[..., H[A 1 , M AC KSD
authenticated with M AC(Ki ). (Initiator, target, id, time − interval)]...]]].
• The receiver, when receives packet, need to ver- After verification, the target returns a RREP to the
ify that its MAC key is not yet published. Loose initiator, containing two new field apart from RREQ
time synchronization is required for this verifica- fields: target-MAC is MAC on preceeding fields of
tion. After some time when sender publishes its RREP with key KDS , key-list is initialized to empty
key, the receiver can authenticate previously re- list.
ceived data message. The RREP is returned to initiator along the route ob-
tained by reversing the node-list. Each intermediate
• The sender has to publish its first key of the key node appends its TESLA key to the key-list . Finally
chain, subsequently after which, it can be authen- at the initiator, it checks for validity of TESLA keys in
ticated based on remaining keys of the key stream. key-list of each intermediate node, verifies the target-
MAC.
Thus, this mechanism provides broadcast authentica- The following reasoning shows that this protocol is se-
tion, without employing any public key operations. cure
5.2 Route Discovery Mechanism • Any malicious node cannot change node list, be-
cause of hash-chain is updated at each node ap-
This subsection describes a secure route discovery propriately taking into account the new node.
mechanism that make use of TESLA authentication.
In this mechanism, the source sends a RREQ packet for • Nobody can forge RREQ message as it is ap-
the destination, which contains following : <RREQ, pended by MAC, calculated by shared secret keys
initiator, target, id, time-interaval, hash-chain , node- between sender and receiver.
list, MAC-list >. Each of these parameters are ex-
• Intermediate nodes verifies themselves by append-
plained below:
ing disclosed TESLA keys in RREP, which guran-
4 MAC - Message Authentication Codes tees that they had added their entry in node-list.
6
• Initiator can safely believe that RREP comes from message in the third step of Secure Neighbour detec-
target, as the target appends the MAC of RREP tion Protocol. This message is the delegation message
containing node-list, calculated with secret key contains addresses of two neighbours and addresses of
shared with initiator. ultimate source and destination of RREQ, all signed
with first neighbour.
7
wormhole, because they are no longer in transmission 8.1.1 Path Discovery Phase
range due to external disturbances.
In this phase, source S sends a path discovery message
to all its neighbours which is destined for a receiver R.
This message contains following components:
7.2 Temporal Leashes
• TYPE , TRUST REQ, TPK
A better approach of detecting wormholes is to use
• EP KR (IDR , KS )
temporal leashes, which ensures that the packet has an
upper bound on its lifetime. In this technique, the time • EKS (IDS , P KS , T P K, T SK, SNSession IDS ,
of trasnmission of packet is appended in the packet. Sign(MS ))
The use of Temporal leashes restricts the maximum
travel distance of the packet, since the packet can travel Here TPK and TSK are temporary (public,private) key
atmost at the speed of light. It requires the network to pair used for this session. KS is the session secret key
have strong time syncronization with maximum time used by S and IDR is the address of receiver, both
syncronization error ∆. are send in this packet by encrypting with P KR : the
public key of R. The last part contains IDS : address
Let ts be the sender time of transmission of a packet
of sender S, P KS : the public key of S, SNSession IDS :
and tr be the time at receiver when it receives the
random number used to identify this session, all these
packet. The sender send in the packet, the expiration
are encrypted with session key KS . The Sign part
time te = ts + L/c + ∆. Here c is the speed of light,
protects the integrity of message.
L is the maximum distance the packet is allowed to
The information about sender and receiver are all en-
transmit. The receiver will only accept the packet if
crypted. Thus anonymity is maintained here.Only the
tr < t e .
receiver can decrypt the second part by its private key,
This mechanism also require authentication of mes- obtain the session key and hence decrypt the last part.
sages contains expiration time-stamps. For this pur- The intermediate node i process the packet as follows:
pose TESLA or its extention can be used, to prevent
any forging of time-stamps. • Check if the message has already arrived , by look-
ing at TPK, which acts as identifier of request. If
yes, then discard the message, else process it fur-
ther.
8 Anonymous Routing
• Add the following information to
While data encryption can protect the content ex- the packet, all encrypted with TPK:
changed between nodes, routing information may re- ET P K (IDi , Ki , SNSession IDi , Sign(MIDi ) Here ,
veal valuable informatin about end-users and their rela- IDi : the address of node, i, Ki : the session key
tionships. The location and relationship of the commu- used by node i for this session, SNSession IDi :
nicating entities may easily be determined from traffic random number used to identify this session by
and data analysis of packet. A protcol is discussed node i, Sign(MIDi ): Signature of whole message.
in this section which provides anonymous routing be- • Add (SNSession IDi , Ki , P reviousN ode) to inter-
tween source and destination. nal table. This will be used to forward data pack-
One of the assumption of this protcol is that the nodes ets for this route.
have sufficient computational resources. This proto- The receiver when receives this message, can iden-
col makes use of Public key based authentication and tify that this is destined to itself. However for
encrption techniques. anonymity purpose, forwards it to other nodes,
and it enters into Path Recovery Phase
8
• Send the final constructed message to the first • Flexible and Reliable Route Selection: The route
node in the reverse path. control messages described earlier cannot be modi-
fied by malicious intermediate node, without being
In the reverse direction, each intermediate node i re- detected by source or destination.
ceives this message, identifies that it belong to itself
by SNSession IDi , which is appended to this message. • Resilience against Path Hijacking: Even if some
It then finds its key correnponding to this session-id, malicious node becomes intermediate node, it can-
decrypts the message and forwards it to the next in- not break the anonymity of route discovery.
termediate node in the reverse path. The remaining
intermediate node follows similar steps. Each interme- 8.3 Security Analysis
diate node therefore removing one layer of encryption.
Finally the sender will receive the path recovery mes- • Passive attack: Malicious nodes cannot find the
sage which is of the form that is prepared by the re- sender, receiver and other intermediate node just
ceiver in first step. It extracts the keys and session-ids by eavesdropping on path discovery messages.
of all intermediate nodes. This completes the route
• Active attack: Any modification of the path dis-
finding process in anonymous manner. No intermedi-
covery messages will be detected by receiver be-
ate node and no other node knows of the full route that
cause of signatures appended, which preserves in-
is evaluated. Even the sender and receiver dont know
tegrity of message.
about this route. Only thing that sender and receiver
knows is session-ids and keys of intermediate nodes. • Denial of Service Attack: The protocol is inca-
pable of resisting DOS attack involing flooding
8.1.3 Data Transfer Phase the network with meaningless path discovery mes-
sages. It is because verification of these messages
In this phase, the sender S actually sends message to involves complex computations which is resource
receiver R. Rather than filling source and destination consuming. Also it consumes network bandwidth.
address, it builds a layered encryption packet as fol- In fact DOS attack is very difficult to resist in any
lows. protcol.
• Make a packet of the form:
EKS (DataS ), SNSession IDR .
9 Intrusion Detection in
• Encrypt and append session-id repeatedly, by us-
ing session key and session-id of each intermediate
MANETs
node in the order of reverse path of intermediate Intrusion Detection systems (IDS) serves as second line
node. of defence, after first line of defense by prevention tech-
• Broadcast the message, to allow neighbour inter- niques.
mediate node to forward it. The two major analytical techniques in intrusion de-
tection are
Each intermediate identifies the packet which is meant
to be forwarded by it by appended session-id, decrypts • Misuse detection: It uses signature of known at-
one encrytion layer and forwards the message to next tacks, to identify those attacks
intermediate node. Finaly the receiver decrypts the
• Anomaly detection: It uses established normal
inner most layer and got the message.
profiles only to identify any unreasonable devia-
tion from them.
So, data packet is transfered from source to destina-
tion and no other node including intermediate node has
any information about their route as well as their iden- 9.0.1 Architecture of an IDS agent
tity. This protocol does not require the source node to Figure 1 shows the architecture of an IDS agent that
gather and store information about the network topol- can be deployed on each mobile node. The various
ogy. The multicast mechanism and the layered encryp- components are:
tion used in the protocol, ensure the anonymity of the
sender and receiver nodes. • Data Collection Module : It collects various secu-
rity related data from various audit data sources
and preprocess them to the input format of detec-
8.2 Characteristics
tion engines.
This protocol has following characteristics :
• Detection Engine : It determines whether a partic-
• Non-Source based Routing: The source does not ular state of system is anomalous, based on prede-
require to have a global view of network topology termined normal profile of network created during
and hence the knowledge of route to destination. training process.
9
• Local Aggregation and Correlation Engine 9.1.2 Markov Chain Based Intrusion Detec-
(LACE): It aggregates and correlate various tion
detection results and transfer them to GACE.
The idea of using this model is that the routing changes
• Global Aggregation and Correlation En- in mobile nodes can be considered as random pro-
gine(GACE): Its function to aggregate detection cess with stationary transition probabilities of Markov
results from a number of nodes and globally make Chain. This statement is valid for a particular class of
decision about any malicious event. network, whose normal traffic follows a regular pattern.
Two step process of Intrusion Detection are following:
10
pared with some threashold at each iteration of 9.2.3 Feature Example
summation. Again if the ratio becomes less than
some threshold at any stage, an alert is generated. Some examples of features are given below:
Selecting the threshold T determines a tradeoff. Higher • Route related features: velocity, route add count,
value of T will increase the anomalous detection ratio, route removal count, route find count, route repair
but may also increase the false alarm ratio. Lower value count, total route change, average route length.
of T will decrease the false alarm ratio but it will also
decrease detection ratio. A proper value of T can be • Traffic related features: packet type, flow direc-
determined empirically, with desired level of trade-off. tion (sent,received,forwarded,dropped), statictical
There are some limitations of this model: measures of timing.
11
• Some solutions discussed in this article favours Proceedings of the 1st ACM workshop on Security
public key operations and some oppose it. This is of ad hoc and sensor networks, 2003 Oct.
because using public key encryptions in MANETs
is taken as highly computational problem which is [7] P.S. Yi-an Huang; Wei Fan; Wenke Lee; Yu.
actually so. However, due to decrease in the cost of Cross-feature analysis for detecting ad-hoc routing
computational power in day by day technologies, anomalies. pages 478 – 487. Distributed Comput-
MANETs will no longer believed to be resource ing Systems, 2003. Proceedings. 23rd International
constrained. But the problem of public key oper- Conference on , 19-22 May 2003, 2003.
ations being expensive remain for the long time. [8] David B. Johnson Yih-Chun Hu, Adrian Perrig.
This is because increase in computational power Ariadne: A secure on-demand routing protocol for
will also increase key sizes for appropriate level of ad hoc networks. Proceedings of the 8th annual
security. This increase in key sizes will definitely international conference on Mobile computing and
increase the computational cost. networking, 2002 Sep.
One solution to this problem is to use Elliptic
curve cryptography, which is proved to be stronger [9] David B. Johnson Yih-Chun Hu, Adrian Perrig.
than RSA for same length of key. For now, a bal- Rushing attacks and defense in wireless ad hoc net-
ance between public key operations and symmetric work routing protocols. Proceedings of the 2003
key operations should used in deploying security ACM workshop on Wireless security, 2003 Sep.
solutions in MANETs.
References
[1] Li Xu Larry Korba Azzedine Boukerche, Khalil El-
Khatib. A novel solution for achieving anonymity
in wireless ad hoc networks. Proceedings of the 1st
ACM international workshop on Performance eval-
uation of wireless ad hoc, sensor, and ubiquitous
networks, 2004 Oct.
[5] K.; Pooch U.W. Sun, B.; Wu. Routing anomaly de-
tection in mobile ad hoc networks. pages 25 – 31.
Computer Communications and Networks, 2003.
ICCCN 2003. Proceedings, 2003.
12