Management of

MANET 8ecurity
ssues
Presenter: Aqeel-ur-Rehman
Agenda
ntroduction
Mobile Ad-Hoc Networks (MANET)
MANET Protocols
Research Trends
Security Challenges
Security Solutions
Summary
Conclusion and the Future
References
wireless communication does not have
the constraint of physical cables
Different radio frequency (RF) spectrum
ranges are used in wireless networks
ntroduction
Wireless Network Wireless Network
ntroduction
Wireless Technologies Wireless Technologies
According to the relative mobility of
hosts and routers, there are three
different types of wireless networks:
1. Fixed Wireless Network
2. Wireless Network with Fixed Access Points
3. Mobile Ad hoc Network (MANET)
Types of Wireless Networks Types of Wireless Networks
ntroduction
Fixed hosts and routers use wireless
channels to communicate with each
other.
For Example For Example
wireless network
formed by fixed
network devices
using directed
antennas, as shown
in Figure.
ixed Wireless Networks ixed Wireless Networks
ntroduction
Mobile hosts use wireless channels to
communicate with fixed access points.
Wireless Network with ixed Wireless Network with ixed
Access Points Access Points
For Example For Example
Number of mobile
laptop users in a
building that access
fixed access points,
as illustrated in
Figure.
ntroduction
A mobile ad hoc network is formed by
mobile hosts.
Mobile Ad hoc Network Mobile Ad hoc Network
For Example For Example
vehicle-to-vehicle
and ship-to-ship
networks that
communicate with
each other by relying
on peer-to-peer
routings, as shown in
Figure.
ntroduction
The MANET model is usually illustrated
as shown in Figure.
Mobile Ad hoc Network Mobile Ad hoc Network
Nodes i, j, and k are
mobile nodes in the
network. The dashed
circles shown in the
figure imply the radio
coverage areas of
nodes
ntroduction
Another kind of ad hoc network has fixed
nodes having relatively static connectivity.
For Example For Example
A sensor network is typically a fixed ad hoc
network. Network components in a sensor
network are wireless sensors instead of general-
purpose computers
Mobile Ad hoc Network Mobile Ad hoc Network
ntroduction
Autonomous and infrastructure-less
Multi-hop routing
Dynamic network topology
Device heterogeneity
Energy constrained operation
Bandwidth constrained variable capacity
links
haracteristics and omplexities haracteristics and omplexities
Mobile Ad-Hoc Networks
imited physical security
Network scalability
Self-creation, self-organization and self-
administration
haracteristics and omplexities haracteristics and omplexities
Mobile Ad-Hoc Networks
Mobile Ad-Hoc Networks
Application Application
Mobile Ad-Hoc Networks
Application Application
Researchers traditionally classify
Protocols as:
Proactive Protocols
Reactive Protocols
Hybrid of the two, based on the way they
find new routes or update existing ones.
lassification lassification
MANET Protocols
Proactive routing protocols keep routes
continuously updated,
while Reactive routing protocols react on
demand
Routing protocols can also be classified as:
ink State Protocols
more reliable, easier to debug and less bandwidth-
intensive
Distance-Vector Protocols
more complex and more compute- and memory-intensive
lassification lassification
MANET Protocols
Routers using a link state routing link state routing
protocol maintain a full or partial copy of
the network topology and costs for all
known links.
Routers using a distance distance- -vector protocol vector protocol
keep only information about next hops
to adjacent neighbors and costs for
paths to all known destinations.
lassification lassification
MANET Protocols
Examples Examples
MANET Protocols
ProtocoI ProtocoI CIassification CIassification Approach Approach
SR Proactive ink State
DSR Reactive Distance Vector
ADV Reactive Distance Vector
TRA Reactive ink State
ZRP Hybrid -
DSDV Proactive Distance Vector
FSR Proactive ink State
ANMAR Proactive ink State + Distance
Vector
8urvey 8urvey - - 11
According to a survey* of more than 1300
MANET related papers in EEE/ EE
Electronic ibrary (E online) from 1998 to
2003, some of the issues like routing and
power management attracted much attention
of the researchers. Figure showing the trends
for various issues (grouped in 15 categories)
over the six year (1998 to 2003).
#esearch Trends
C. R. Dow, P. J. Lin, S. C. Chen, J. H. Lin, and S. F. Hwang, 'A Study of Research Trends and
Experimental Guidelines in Mobile Ad-hoc Networks", Proceedings of the 19th International Conference
(AINA '05), IEEE 2005.
#esearch Trends
onclusion onclusion -- 8urvey 1 8urvey 1
The Quantity of papers shows that the Routing, Routing,
Power management and Bandwidth Power management and Bandwidth
management management are larger than the other issues
While the P addressing and fault tolerance P addressing and fault tolerance
issues are very few in quantity.
These trends shows the maturity of some issues
like routing and power management routing and power management and the
potential study value for P addressing and fault P addressing and fault
tolerance tolerance.
#esearch Trends
The growth rate for radio interface and the radio interface and the
security security are greater than the other issues.
Similarly the issues of mobility management mobility management
and fault tolerance and fault tolerance are also positive. t shows
that these issues have more potential study
values in the near future.
#esearch Trends
onclusion onclusion -- 8urvey 1 8urvey 1
Another survey* that grouped the
MANET issues in 10 different categories
showing the same trends as above.
#esearch Trends
8urvey 8urvey - - 22
Ramiro Liscano, Spontaneous Networking - Bridging the gap between ad hoc networking and ad hoc
communications, Wireless Industry Congress, Ottawa, Canada, 2003.
#esearch Trends
#esearch Trends
n above Figure, it is very much clear that
quantity of papers in the basic networking basic networking
issue issue is very high that shows the maturity and
the research undergoing on that issue.
Analysis also showing that the service and the service and
security issue security issue require more attention of the
researchers i.e. this issue has more study
potential in the future.
#esearch Trends
onclusion onclusion -- 8urvey 2 8urvey 2
Ma]or ssues Ma]or ssues
ssues in Ad Hoc Networks
Routing Fault Tolerance
P and MAC Addressing QoS and Reliability
Multicasting/ Broadcasting Mobility Management
Clustering Multiple Access
Topology ocation Services
Bandwidth Management TCP/ UDP
Power Management Radio nterface
Security Standards/ Products
Ma]or ssues Ma]or ssues
ssues in Ad Hoc Networks
Routing Fault Tolerance
P and MAC Addressing QoS and Reliability
Multicasting/ Broadcasting Mobility Management
Clustering Multiple Access
Topology ocation Services
Bandwidth Management TCP/ UDP
Power Management Radio nterface
$0curity $0curity
Standards/ Products
What is 8ecurity? What is 8ecurity?
8ecurity hallenges
Confidentiality
ntegrity
Availability
Non-repudiation
Authenticity
Privacy (location, data, identity, existence)
hallenges in Ad Hoc hallenges in Ad Hoc
8ecurity hallenges
Shared radio channel
nsecure environment
ack of central authority
ack of permanent association
imited resources
Physical vulnerability
8ecurity hallenges
Attacks on MANET Attacks on MANET
Security is not a single layer issue
But, it is a Multi-ayer/ Cross-ayer
issue

To have comprehensive security we
need:
Protocol Security
Communication Security
Physical Security
8ecurity 8olutions
Approaches Approaches
To achieve above mentioned securities,
many solution have been proposed and
are under research
Major solutions are for:
Protocol Security
Authentication and Key Management
Schemes
Trust Management
8ecurity 8olutions
Approaches Approaches
8ecurity 8olutions
Protocol 8ecurity Protocol 8ecurity
Why we need ProtocoI $0curity ???
Answer: Protocols were designed by
assuming and expecting (not Enforced not Enforced)
that all nodes are cooperative
They are having inherent shortcomings
that leads to the malicious activities
Protocol 8ecurity
#outing Protocol Attack??? #outing Protocol Attack???
Redirect traffic
Packet forwarding to wrong destination
Create routing loops
Network congestion and channel
contention in certain area
Multiple colluding attackers may
partition the network
$oIution $0cur0 ProtocoIs
#06uir020nts
Detection of malicious nodes
Guarantee of correct route discovery
Confidentiality of network topology
Stability against attacks
Protocol 8ecurity
8ecure Protocols 8ecure Protocols
8ecure Protocols
Examples Examples
ARADNE (Extension of DSR) -
SSP Secure ink State Routing Protocol
ARAN
Authenticated Routing for Ad Hoc
Networks
SADV (Extension of ADV)
Secure Ad Hoc n Demand
Distance Vector
SRP Secure Routing Protocol
SAR
Security-aware Ad Hoc Routing
Protocol
SEAD
Secure Efficient Ad Hoc Distance
Vector Routing Protocol
When we talk about Key Management
First we should know that h0r0 ar0 th0
k0ys us0/???
C#PT#AP C#PT#AP
Study of principles, techniques and algorithms
by which information is transformed into a
distinguished version.
Four main goals of Cryptography
Confidentiality Authentication
ntegrity Non-Repudiation
8ecurity 8olutions
Authentication and Key Authentication and Key
Management 8chemes Management 8chemes
Process of Encryption and Decryption is governed by
the Keys
0y
Small amount of information used by the
cryptographic algorithms
When a key is to be kept secret to ensure the
security of the system, it is called a secret key
0y Manag020nt
The secure administration of cryptographic keys
8ecurity 8olutions
Authentication and Key Authentication and Key
Management 8chemes Management 8chemes
Keys can be PubIic and Privat0
Privat0 0y Cryptography
Also Known as Symmetric Key Algorithm
Fast
Requires a secret key to be shared
between the sender and the receiver
8ecurity 8olutions
Authentication and Key Authentication and Key
Management 8chemes Management 8chemes
PubIic 0y Cryptography
Also Known as Asymmetric Key Algorithm
based on mathematical principles which
make it infeasible or impossible to obtain
one key from another
one of the keys can be made public while
the other remains secret (private)
8ecurity 8olutions
Authentication and Key Authentication and Key
Management 8chemes Management 8chemes
0y Manag020nt Approach0s
The primary goal of key management is to
share a secret (some information) among a
specified set of participants.
a2pI0s
Password-Based Group System
Threshold Cryptography
Self rganized Public Key Management for
MANETs
8ecurity 8olutions
Authentication and Key Authentication and Key
Management 8chemes Management 8chemes
Why and Where the Trust is needed???
n Ad Hoc network every node work as
Router Forward Packets of other
nodes
We need, first of all, the Trusted Users
(authentic users) and Secondly we need
that the users maintain their Trust (do
not become the $0Ifish No/0)
Different Solutions are proposed
8ecurity 8olutions
Trust Management Trust Management
PI (Key Pre-Distribution nfrastructure)
Trusting the Device instead trusting the
owner (User)
"MobiIity 0Ips $0curity
ts simply mimic human behavior: if people
want to communicate each other, they just
get close to each other in order to
exchange information and establish mutual
credential (they used secure channel like
infrared or wire)
Trust Management
8olutions 8olutions
$AF (Secure pAcket Forwarding in ad
hoc nEtworks)
Every node is responsible to monitor its neighbors
Reputation values are assigned based on the successful
forwarding transaction (+1, 0, -1)
Curr0ncy Bas0/ $oIution (Nuglets)
Network is market where services are exchanged
Virtual economy where nodes pay for service
Currency "nuglets
nly data packets require nuglets
Works with many protocols
Misbehavior not forbidden, only discouraged
Trust Management
8olutions 8olutions
Tok0n Bas0/ Coop0ration nforc020nt
Tok0ns
o Required to participate in a network
o Granted collaboratively by neighbors
o Need to be renewed
M0chanis2 co2pon0nts
o Neighbor verification
o Neighbor monitoring
o ntrusion reaction
o Security enhanced routing protocol
Trust Management
8olutions 8olutions
8ummary
Classification of Wireless Networks
Available Wireless Technologies
MANET Characteristics, Complexities
and Applications
MANET Protocols Classification
MANET Major ssues
Security Challenges and their available
Solutions
onclusion and the uture
mportance of MANET cannot be denied as the world
of computing is getting portable and compact.
Unlike wired networks, MANET pose a number of
challenges to security solutions due to their
unpredictable topology, wireless shared medium,
heterogeneous resources and stringent resource
constraints etc.
Security is not a single layer issue but a multilayered
issue
t requires a multi fence security solution that
provides complete security spanning over the entire
protocol stack
onclusion and the uture
The Study of this important issue reveals that security
is divided into different directions of the work like
secure routing, key exchange, distribution and
management, secure architecture, intrusion detection
and protection etc.
The Security research area is still open as many of
the provided solutions are designed keeping a limited
size scenario and limited kind of attacks and
vulnerabilities
onclusion and the uture
As in wired network role definition has been very
crucial in security, keeping the same idea in mind we
can apply the role based security in MANETs.
Community based solution can be used in role
specification. Under this scenario policy distribution
techniques, grouping policy, membership
management are the major areas to work on.
Agent oriented solutions are very useful in many
areas. Similarly MANETs security can also be
exploited due to its distributed nature.
#eferences
MichaI r0ga, Jakub Jakubiak, rzysztof Marcisz, $zy2on $zott,
"$0curity in A/ oc N0torks"
ang, Luo, F 0, $ Lu, an/ L Zhang, $0curity in MobiI0 A/
hoc N0torks: ChaII0ng0s an/ $oIutions, I ir0I0ss
Co22unications F0bruary 2004
A/a2 Burg, "$02inar on A/ oc N0tork $p0cific Attacks"
Tao Lin, "MobiI0 A/hoc N0tork #outing ProtocoIs: M0tho/oIogi0s
an/ AppIications", Ph iss0rtation, Co2put0r ngin00ring, Virginia
PoIyt0chnic Institut0 an/ $tat0 Univ0rsity, BIacksburg, Virginia, 2004
acin0 #0bahi, Vic0nt0 MujicaV, Cypri0n $i2ons an/ orgha2
$isaI02, $AF: $0curing pAck0t Forar/ing in a/ hoc ntorks, 5th
orkshop on AppIications an/ $0rvic0s in ir0I0ss N0torks, A$N
2005, Jun0 29th JuIy 1st, 2005
M #a2ku2ar, N M02on, PI: A $0curity Infrastructur0 for Trust0/
0vic0s, Pr0Conf0r0nc0 orkshop, 12th AnnuaI N0tork an/
istribut0/ $yst02 $0curity $y2posiu2, $an i0go, CaIifornia, 2
F0bruary 2005
L Buttyan, J ubau, "$ti2uIating Coop0ration in $0Ifrganizing
MobiI0 A/ oc N0torks," ACM JournaI for MobiI0 N0torks, $p0ciaI
Issu0 on MobiI0 A/ oc N0torking, 2002
#eferences
ang, X M0ng, $ Lu, "$CAN: $0Ifrganiz0/ N0torkLay0r
$0curity in MobiI0 A/oc N0torks", I JournaI on s0I0ct0/ ar0as
in Co22unications, F0bruary 2006
C # o, P J Lin, $ C Ch0n, J Lin, an/ $ F ang, "A $tu/y of
#0s0arch Tr0n/s an/ p0ri20ntaI ui/0Iin0s in MobiI0 A/hoc
N0torks", Proc00/ings of th0 19th Int0rnationaI Conf0r0nc0 (AINA
'05), I 2005
$r/jan Capkun, J0anPi0rr0 ubau, L0v0nt0 Buttyan, "MobiIity 0Ips
$0curity in A/ oc N0torks", Fourth ACM Int0rnationaI $y2posiu2
on MobiI0 A/ oc N0torking an/ Co2puting, AnnapoIis, MaryIan/,
U$A, Jun0 1, 200
J0ro0n o0b0k0, Ingri/ Mo0r2an, Bart ho0/t an/ Pi0t 0200st0r,
"An v0rvi0 of MobiI0 A/ oc N0torks: AppIications an/
ChaII0ng0s", 2005
#a2iro Liscano, $pontan0ous N0torking - Bri/ging th0 gap b0t00n
a/ hoc n0torking an/ a/ hoc co22unications, ir0I0ss In/ustry
Congr0ss, ttaa, Cana/a, 200
Thank you for your Thank you for your
Pati0nc0 an/ Att0ntion Pati0nc0 an/ Att0ntion
In $#
Deletion of Node
Switching the order of appending new
node in the list
Modification of the source route listed in
the RREQ or RREP (i.e. Rushing Attack)
#outing Protocol Attack
Examples Examples
In AV
Make change in distance metric
Advertising routing updates with large
sequence numbers and invalidate all
other routing updates
#outing Protocol Attack
Examples Examples
Attacks on MANET
mpersonation mpersonation
Attacks on MANET
Wormhole Wormhole
Attacks on MANET
#ushing #ushing
Attacks on MANET
Do8 and looding Do8 and looding
8ecurity hallenges
Attacks lassification Attacks lassification
Group-sharing private key system, where the
group's cooperation is required to perform
cryptography
(n,t+1) threshold cryptography Shamir's scheme Shamir's scheme
Whole service has a public/private key pair K/k
All nodes know K, and trust certificates signed with k
k is divided into n shares
k
1
+ k
2
+.+ k
t
+ k
t+1
-> k
Any subset of up to k ~ 1 shares does not leak any
information on the secret.
Shamir's scheme is perfectly secure and does not
depend on the computational power of any party.
8ecurity 8olutions
Threshold ryptography Threshold ryptography