Computer Science and Software Engineering
ISSN: 2277-128X (Volume-7, Issue-6)
2017
An Overview of Security in MANET
Kirti Gupta
(M.Tech) DCSA, KUK, India
Dr. Pardeep Kumar Mittal
Assistant Professor, DCSA, KUK, India
DOI: 10.23956/ijarcsse/V7I6/0254
Abstract: A MANET is a distributed infrastructure less network and mainly relies on individual security solutions from each mobile node and therefore centralized security control is hard to implement in it. The nature of ad hoc networks makes them vulnerable to various forms of attack. The random nature of these networks makes enforcement of security a challenging issue. The paper presents the main vulnerabilities in the mobile ad hoc networks, which have made it much easier to suffer from attacks. Then it presents the main attack types that exist in it. Finally presents the current security solutions for the mobile ad hoc network.
Keywords: Classification of Attacks, MANET, Security in MANET.
I. INTRODUCTION
Security in Mobile Ad-Hoc Network (MANET) is the most important concern for the basic functionality of network. Availability of network services, confidentiality and integrity of the data can be achieved by assuring that security issues have been met. MANET often suffer from several security attacks because of its features like open medium, changing its topology dynamically, cooperative algorithms, , lack of central monitoring and management and no clear defense mechanism. These factors have changed the battle field situation for the MANET against the security threats.
In the last few years, security of computer networks has been widely been discussed and formulized. Most of the discussions involved only static and networking based on wired systems. However, mobile Ad-Hoc networking is still in need of further discussions and development in terms of security [1]. With the emergence of ongoing and new approaches for networking, new problems and issues arises for the basics of routing. With the comparison of wired network Mobile Ad-Hoc network is different. The routing protocols designed majorly for internet is different from the mobile Ad-Hoc networks (MANET). Traditional routing table was basically made for the hosts which are connected wired to a non dynamic backbone [2]. Due to which it is not possible to support Ad-Hoc networks mainly due to the movement and dynamic topology of networks.
Due to various factors including lack of infrastructure, absence of already established trust relationship in between the different nodes and dynamic topology, the routing protocols are vulnerable to various attacks [3].
Major vulnerabilities which have been so far researched are mostly these types which include selfishness, dynamic nature, and severe resource restriction and also open network medium. MANET work without a centralized administration where node communicates with each other on the base of mutual trust. This characteristic makes MANET more vulnerable to be exploited by an attacker from inside the network. Wireless links also makes the MANET more susceptible to attacks which make it easier for the attacker to go inside the network and get access to the ongoing communication [4, 1]. Mobile nodes present within the range of wireless link can overhear and even part icipate in the network.
A. Flaws in MANETS
MANETs are very flexible for the nodes i.e. nodes can freely join andleave the network. There is no main body that keeps watching on the nodes entering and leaving the network. All these weaknesses of MANETs make it vulnerable to attacks and these are discussed below.
1) Non Secure Boundaries: MANET has no clear secure boundary, so it is vulnerable to many attacks. In MANET, nodes have the freedom to join and leave inside the network. A nodecan join a network automatically if the network is in the radio range of that node, thus it can communicate with other nodes in the network. Due to no secure boundaries, MANET is more susceptible to attacks. The attacks in MANET may be passive or active, leakage of information, false message reply, denial of service or changing the data integrity. The links are compromised and are open to various link attacks. Attacks on the link interfere between the nodes and then invading the link, destroying the link after performing malicious behavior.
In MANET there is no protection against attacks like firewalls or access control. Spoofing of node’s identity, data tempering, confidential information leakage and impersonating node are the results of such attacks when security is compromised [5].
ISSN: 2277-128X (Volume-7, Issue-6)
malicious activity. It can be seen that these threats from compromised nodes inside the network is more dangerous than attacking threats from outside the network.
3) No Central Management:MANET is a self-configurable network, which consists of Mobile nodes where the
communication among these mobile nodes is done without a central control. Each and every node act as router and can forward and receive packets [7]. MANET works without any preexisting infrastructure. This lack of centralized management leads MANET more vulnerable to attacks. Detecting attacks and monitoring the traffic in highly dynamic and for large scale Ad-Hoc network is very difficult due to no central management. When there is a central entity taking care of the network by applying proper security, authentication which node can join and which can’t. The node connect with each other on the basis of blind mutual trust on each other, a central entity can manage this by applying a filter on the nodes to find out the suspicious one, and let the other nodes know which node is suspicious.
4) Problem of Scalability: In traditional networks, where the network is built and each machine is connected to the other machine with help of wire. The network topology and the scale of the network, while designing it is defined and it do not change much during its life. Scalability of the network is defined in the beginning phase of the designing of the network. But in MANETs the nodes are mobile and due to their mobility in MANETs, the scale of the MANETs is changing. It is too hard to know and predict the numbers of nodes in the MANETs in the future. The nodes are free to move in and out of the Ad-Hoc network which makes the Ad-Hoc network very much scalable and shrinkable. Keeping this property of the MANET, the protocols and all the services that a MANET provides must be adaptable to such changes.
II. CLASSIFICATION OF ATTACKS
The attacks can be categorized on the basis of the source of the attacks i.e. Internal or External, and on the behavior of the attack i.e. Passive or Active attack. This classification is important because the attacker can exploit the network either as internal, external or/ as well as active or passive attack against the network.
A. External and Internal Attack
External attackers are mainly outside the networks who want to get access to the network and once they get access to the network they start sending fake packets. This reducesthe performance of the whole network. This attack similar to the attacks that are made against wired network. These attacks can be prevented by implementing security measures such as firewall, where the access of unauthorized person to the network can be mitigated. Where as in internal attack the attacker wants to have normal access to the network as well as participate in the normal activities of the network. The attacker gain access in the network as new node either by compromising a current node in the network or by malicious impersonation and then it starts its malicious behavior. Internal attack is more severe attacks then external attacks.
Fig. 1 External and Internal Attacks in MANETs
B. Active and Passive Attack
In active attack the attacker degrade the performance of the network, steal important information and try to destroy the data during the exchange in the network [8]. Active attacks can be an internal or an external attack. The active attacks destroy the performance of network. In this, the
attacker nodeact as internal node in the network. As node is an active part of the network it is easy for the node to exploit and hijack any internal node to use it to introduce fake packets injection or denial of service. The attacker can modify, fabricate and replays the massages. Attackers in passive attacks do not disrupt the normal operations of the network [8]. In Passive attack, the attacker listen to the network in order to get information, what is going on in the network. By listening the network, the attacker know and understand how the nodes are communicating with each other and how they are located in the network. Before the attacker launch an attack against the network, the attacker has enough information about the network that it can easily hijack and inject attack in the network.
ISSN: 2277-128X (Volume-7, Issue-6)
III. ATTACKS IN MANET
A. Warmhole Attack
Wormhole attack is a threatening attack again routing protocols for the mobile ad hocnetworks [9] [10]. In the wormhole attack, an attacker records packets (or bits) at onelocation in the network, tunnels them (possibly selectively) to another location, and replaysthem there into the network. The replay of the information will make great confusion to therouting issue in mobile ad hoc network because the nodes that get the replayed packets cannotdistinguish it from the genuine routing packets. Moreover, for tunneled distances longer thanthe normal wireless transmission range of a single hop, it is simple for the attacker to makethe tunneled packet arrive with better metric than a normal multi-hop route, which makes thevictim node be more likely to accept the tunneled packets instead of the genuine routingpackets.The routing functionality in the mobile ad hoc network will be severelyinterfered by the wormhole attack. For example, most existing ad hoc network routingprotocols, without some mechanism to defend against the wormhole attack, would be unableto find routes longer than one or two hops, severely disrupting communication.
Defenseagainst WarmholeAttack:APacket leash is a mechanism for detecting and, thus defending against wormhole attacks. A leash is any information that is added to a packet designed to restrict the packet’s maximum allowed transmission distance. There are two main leashes, which are geographical leashes and temporal leashes. A geographical leash ensures that the recipient of the packet is within a certain distance from the sender. A temporal leash ensures that the packet has an upper bound on its lifetime, which restricts the maximum travel distance. Geographical Lease or temporal lease either can prevent the wormhole attack, because it allows the receiver of packet to detect if the packet traveled further than the leash allows. A geographical leash in conjunction with a signature scheme can be used to catch the attackers that pretend to reside at multiple locations: when a legitimate node overhears the attacker claiming to be in different locations that would only be possible if the attacker could travel at a velocity above the maximum node velocity v, the legitimate node can use the signed locations to convince other legitimate nodes that the attacker is malicious.
B. Rushing Attack: An Active Attack
Rushing attack is a attack that results in denial-of-service when used against all previous on-demand ad hoc network routing protocols [11]. This attack is also particularly damaging because it can be performed by a weak attacker also. In the network, the initiator node initiates a Route Discovery for the target node. If the ROUTE REQUESTs for this Discovery forwarded by the attacker are the first to reach each neighbor of the target, then any route discovered by this Route Discovery will include a hop through the attacker. That is, when a neighbor of the target receives the rushed REQUEST from the attacker, it forwards that REQUEST, and will not forward any further REQUESTs from this Route Discovery. When non-attacking REQUESTs arrive later at these nodes, they will discard those legitimate REQUESTs. As a result, the initiator will be unable to discover any usable routes.
Fig 3.1:-Example of Rush Attack in MANET
Defense against Rushing Attack: A set of generic mechanisms that together defend against the rushing attack: secure
Neighbor Detection, secure route delegation, and randomized ROUTEREQUEST forwarding. The relations among these security mechanisms are shown below.
Fig3.2 :-Rushing Attack Defense Mechanism
ISSN: 2277-128X (Volume-7, Issue-6)
Randomized selection of the ROUTE REQUEST message to forward, which replaces traditionalduplicate suppression in on-demand route discovery, ensures that paths thatforward REQUESTs with low latency are only slightly more likely to be selected than otherpaths, but not guaranteed to be selected.
It is shown in the simulation results that this approach is efficient without introducing toomany extra overheads [14].
C. Gray Hole Attack
In gray hole attack the attacker misleads the network by agreeing to forward the packets in the network. When it receive the packets from the neighboring node, the attacker drop the packets. This is a type of active attack. In the beginning the attacker nodes behaves normally and reply true RREP messages to the nodes that started RREQ messages. When it receives the packets it starts dropping the packets and launch Denial of Service (DoS) attack. The malicious behavior of gray hole attack is different in different ways. It drops packets while forwarding them in the network. In some other gray hole attacks the attacker node behaves maliciously for the time until the packets are dropped and then switch to their normal behavior [20]. Due to this behavior it’s very difficult for the network to find out such kind of attack. Gray hole attack is also known as node misbehaving attack.
Defense against Gray Hole Attack: In [15] author described a Feasible Solution for detection and removal of gray hole attack. Each node can locally maintain its own table of black listed nodes whenever it tries to send data to any destination node and that node can also aware the network about the black listed nodes. This list of malicious nodescan be applied to discover secure path from source to destination by avoiding multiple grey hole nodes acting in corporation.
D. Flooding Attack
The flooding attack is easy to implement but cause the most damage. This kind of attack can be achieved either by using RREQ or Data flooding [18]. In RREQ flooding the attacker floods the RREQ in the whole network which takes a lot of the network resources. This can be achieved by the attacker node by selecting such I.P addresses that do not exist in the network. By doing so no node is able to answer RREP packets to these flooded RREQ. In data flooding the attacker get into the network and set up paths between all the nodes in the network. Once the paths are established the attacker injects an immense amount of useless data packets into the network which is directed to all the other nodes in the network. These immense unwanted data packets in the network congest the network. Any node that serves as destination node will be busy all the time by receiving useless and unwanted data all the time.
Defense against flooding attack: In [16] author described a list of solutions to avoid flooding attack in manet. In addition to that he also proposed a new solution to avoid flooding attack. In this paper,the influence of flooding attack on the entire network performance is analyzed under the circumstances of different parameters including the number of attack nodes, flooding frequency, network bandwidth, and the number of normal nodes.
E. Jellyfish Attack
In jellyfish attack, the attacker attacks in the network and introduce unwanted delays in the network [19]. In this type of attack, the attacker node first get access to the network, once it get into the network and became a part of the network. The attacker then introduce the delays in the network by delaying all the packets that it receives, once delays are propagated then packets are released in the network. This enables the attacker to produce high end-to-end delay, high delay jitter and considerably affects the performance of the network.
Defense against Jellyfish Attack: In [17] author described a list of solutions to avoid jellyfish attack in manet. In addition to that he also proposed a new solution to avoid jellyfish attack. This paper presents a scheme called JAM (jellyfish attack mitigation) which can be used to mitigate jellyfish attack in manet.
F. Modification Attack
The nature of Ad-Hoc network is that any node can freely join the network and can leave it. Nodes which want to attack join the network. The malicious node then later exploits the irregularities in the network amongst the nodes. It participates in the transmission process and later on some stage launches the message modification attack [13]. Misrouting and impersonation attacks are two types of modification attack.
Defense against Modification Attack: The author [21] proposed SEAD protocol as a defense against modification attack. The seed protocol utilizes a one way hash chain to prevent malicious nodes from increasing the sequence number or decreasing the hop count in routing Advertisement packets.
G. Impersonation Attack
In Ad-Hoc networks a node is free to move in and out of the network. There is no secure authentication process in order to make the network secure from malicious nodes. In MANETs IP and MAC address uniquely identifies the host. These measurements are not enough to authenticate sender. The attacker use MAC and IP spoofing in order to get identity of another node and hide into the network. This kind of attack is also known as spoofing attack [13].
ISSN: 2277-128X (Volume-7, Issue-6)
IV. SECURE ROUTING TECHNIQUES
A. Watchdog and Pathrater
Watchdog and Pathrater are two main components of a system that tries to improve performance of ad hoc networks in the presence of malicious nodes [12] [13].
Watchdog determines misbehavior by copying packets to be forwarded into a buffer and monitoring the behavior of the adjacent node to these packets. Watchdog promiscuously snoops to decide if the adjacent node forwards the packets without modifications in it or not. If the packets that are snooped match with the observing node’s buffer, then these packets are discarded; whereas packets that stay in the buffer beyond a timeout period without any successful match are flagged as having been dropped or modified. The node responsible for forwarding the packet is then noted as being supective. If the number of violations becomes greater than a certain predetermined threshold, the violating node is marked as being malicious. Information about malicious nodes is passed to the Pathrater component for inclusion in path rating evaluation.
Pathrater on an individual node works to rate all of the known nodes in a particular networkwith respect to their reliabilities. Ratings are made, and updated, from a particular node’sperspective. Nodes start with a neutral rating that is modified over time based on observedreliable or unreliable behavior during packet routing. Nodes that are observed by watchdog as malicious has given an immediate rating of -100. It should be distinguished thatmisbehavior is detected as packet mishandling/modification, whereas unreliable behavior isdetected as link breaks.
It is shown from the experiments that these two components can well reflect the reliability of the nodes based on their packet forwarding performances.
V. CONCLUSION
The paper inspects Security issues in MANET. It presents some typical &dangerous vulnerabilities in the mobile ad-hoc networks. It also presents the main attack types that threaten the current mobile ad-hoc network,their defense mechanism &several security techniques that can protect the MANET from attacks.
The research on MANET is still in an early stage. Existing proposals are typicallybased on one specific attack. They could work well in the presence of designated attacks, but there are many unanticipated or combined attacks that remainundiscovered. A lot of research is still on the way to identify new threats and createsecure mechanisms to counter those threats. More research can be done on integrated approaches to routing security and data security at different layers.
REFERENCES
[1] K. Biswas and Md. Liaqat Ali, “Security threats in Mobile Ad-Hoc Network”, Master Thesis, Blekinge Institute of Technology” Sweden, 22nd March 2007
[2] G. A. Pegueno and J. R. Rivera, “Extension to MAC 802.11 for performance Improvement in MANET”, Karlstads University, Sweden, December 2006
[3] S. Lu, L. Li, K.Y. Lam, L. Jia, “SAODV: A MANET Routing Protocol that can Withstand Black Hole Attack.,”
International Conference on Computational Intelligence and Security, 2009.
[4] P.V.Jani, “Security within Ad-Hoc Networks,” Position Paper, PAMPAS Workshop, Sept. 16/17 2002. [5] M.Parsons and P.Ebinger, “Performance Evaluation of the Impact of Attacks on mobile Ad-Hoc networks” [6] D.B.Roy, R.Chaki and N.Chaki, “A New Cluster-Based Wormhole Intrusion Detection Algorithm for Mobile
Ad-Hoc Neworks”, International Journal of Network Security and Its Application (IJNSA), Vol. 1, No.1, April, 2009.
[7] N.Shanti, Lganesan and K.Ramar, “Study of Different Attacks On Multicast Mobile Ad-HocNetwork”.
[8] C.Wei, L.Xiang, B.yuebin and G.Xiaopeng, “A New Solution for Resisting Gray Hole Attack in Mobile Ad-Hoc Networks”, Second International Conference on Communications and Networking in china, pp.366-370, Aug, 2007.
[9] Y. Hu, A. Perrig and D. Johnson, Packet Leashes: A Defense against Wormhole Attacksin Wireless Ad Hoc Networks, in Proceedings of IEEE INFOCOM’03, 2003.
[10] Y. Hu, A. Perrig and D. Johnson, Wormhole Attacks in Wireless Networks, IEEEJournal on Selected Areas in
Communications, Vol. 24, No. 2, February 2006.
[11] Y. Hu, A. Perrig and D. Johnson, Rushing Attacks and Defense in Wireless Ad HocNetwork Routing Protocols,
in Proceedings of ACM MobiCom Workshop - WiSe’03,2003.
[12] Sergio Marti, T. J. Giuli, Kevin Lai and Mary Baker, Mitigating routing misbehavior inmobile ad hoc networks, in Proceedings of the 6th annual international conference on Mobilecomputing and networking
(MobiCom’00),pages 255–265, Boston, MA, 2000.
[13] Jim Parker, Discussion Record for the 1st MANET Reading Group Meeting,http://logos.cs.umbc.edu/wiki/eb/index.php/February_10%2C_2006 (Authorizationrequired).
[14] Wenjia Li and Anupam Joshi, “Security Issues in Mobile Ad Hoc Networks - A Survey”.
[15] Sukla Banerjee, “Detection/Removal of Cooperative Black and Gray Hole Attack in Mobile Ad-Hoc Networks”,
Proceedings of the World Congress on Engineering and Computer Science 2008 WCECS 2008, October 22 - 24,
2008, San Francisco, USA.
[16] Ujwala D. Khartad& R. K. Krishna, “Route Request Flooding Attack Using Trust based Security Scheme in Manet”, International Journal of Smart Sensors and Ad Hoc Networks (IJSSAN) ISSN No. 2248‐9738
ISSN: 2277-128X (Volume-7, Issue-6)
[17] FahadSamad, Qassen Abu Ahmed, AsadullahShaikh and Abdul Aziz, “JAM: Mitigating Jellyfish Attack in Wireless Ad hoc Networks”,B.S. Chowdhary et.al.(Eds.):IMTIC 2012,CCIS 281,PP, 432-144.2012.
[18] M.T.Refaei, V.Srivastava, L.Dasilva, M.Eltoweissy, “A Reputation-Based Mechanism for Isolating Selfish nodes in Ad-Hoc Networks,” Second Annual International Conference on Mobile and Ubiquitous Systems, Networking and Services, pp.3-11, July, 2005.
[19] H.L.Nguyen,U.T.Nguyen, “Study of Different Types of Attacks on Multicast in Mobile Ad-Hoc Networks,”
International Conference on Networking, Systems, Mobile Communications and Learning Technologies,
Apr,2006.
[20] S.Marti, T.J.Giuli, K.Lai, M.Baker, “Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks”.
[21] Y. Hu, D. Johnson, and A. Perrig, SEAD: Secure Efficient Distance Vector Routing in Mobile Wireless Ad-Hoc Networks. Proc. of the 4th IEEE Workshop on Mobile Computing Systems and Applications (WMCSA’02), pp. 3-13,2002.
