Ad Hoc Network Security

(1)

Security in Ad-hoc Networks

Arun Kumar Bayya

Siddhartha Gupte

Yogesh Kumar Shukla

Anil Garikapati

CS 685

Computer Science Department

University of Kentucky

(2)

Abstract

Ad-hoc networks are an emerging area of mobile computing. There are various challenges that are faced in the Ad-hoc environment. These are mostly due to the resource poorness of these networks. They are usually set up in situations of emergency, for temporary operations or simply if there are no resources to set up elaborate networks. Ad-hoc networks therefore throw up new requirements and problems in all areas of networking. The solutions for conventional networks are usually not sufficient to provide efficient Ad-hoc operations. The wireless nature of communication and lack of any security infrastructure raise several security problems. In this paper we attempt to analyze the demands of Ad-hoc environment. We focus on three areas of Ad-hoc networks, key exchange and management, Ad-hoc routing, and intrusion detection. The key issues concerning these areas have been addressed here. We have tried to compile solutions to these problems that have been active areas of research.

(3)

Acknowledgement

We thank Dr. Mukesh Singhal for his invaluable guidance throughout the compilation of this term paper.

(6)

1. Introduction

Ad-hoc networks are a new paradigm of wireless communication for mobile hosts. No fixed infrastructure such as base stations as mobile switching .Nodes within each other radio range communicate directly via wireless links while these which are far apart rely on other nodes to relay messages. Node mobility causes frequent changes in topology.

1.1 Security Goals

1) Availability: Ensures survivability despite Denial Of Service ( DOS ) attacks. On physical and media access control layer attacker can use jamming techniques to interfere with communication on physical channel. On network layer the attacker can disrupt the routing protocol. On higher layers, the attacker could bring down high level services e.g.: key management service.

2) Confidentiality: Ensures certain information is never disclosed to unauthorized entities.

3) Integrity: Message being transmitted is never corrupted.

4) Authentication: Enables a node to ensure the identity of the peer node it is communicating with. Without which an attacker would impersonate a node, thus gaining unauthorized access to resource and sensitive information and interfering with operation of other nodes.

5) Non-repudiation Ensures that the origin of a message cannot deny having sent the message.

1.2 Challenges

Use of wireless links renders an Adhoc network susceptible to link attacks ranging from passive eavesdropping to active impersonation, message replay and message distortion. Eavesdropping might give an attacker access to secret information thus violating confidentiality. Active attacks could range from deleting messages, injecting erroneous messages, impersonate a node etc thus violating availability, integrity, authentication and non-repudiation. Nodes roaming freely in a hostile environment with relatively poor physical protection have non-negligible probability of being compromised. Hence, we need to consider malicious attacks not only from outside but also from within the network from compromised nodes. For high survivability Adhoc networks should have a distributed architecture with no central entities, centrality increases vulnerability. Ad-hoc network is dynamic due to frequent changes in topology. Even the trust relationships among individual nodes also changes, especially when some

(7)

nodes are found to be compromised. Security mechanism need to be on the fly(dynamic) and not static and should be scalable. Hundreds of thousand of nodes.

1.3 Key Management

Cryptographic schemes such as digital signatures are often employed to protect both routing info as well as data. Public key systems are generally espoused because of its upper hand in key distribution. In public key infrastructure each node has a public/private key pair. Public keys distributed to other nodes, while private keys are kept to nodes themselves and that too confidentially. Third party (trusted) called Certification Authority (CA) is used for key management.CA has a public/private key pair, with its public key known to every node and signs certificates binding public keys to nodes. The trusted CA has to stay online to reflect the current bindings, since the bindings could change overtime. Public key should be revoked if the owner node is no longer trusted or is out of network. A single key management service for an Ad-hoc network is probably not a good idea, since it's likely to become Achilles’ heel of the network. If CA is down/unavailable nodes cannot get the current public keys of other nodes to establish secure connection. Also if a CA is compromised, the attacker can sign any erroneous certificates with the private key. Naive replication of CA can make the network more vulnerable, since compromising of a single replica can cause the system to fail. Hence it's more prudent to distribute the trust to a set of nodes by letting these nodes share the key management responsibility.

1.3 Secure Routing

The contemporary routing protocols for Adhoc networks cope well with dynamically changing topology but are not designed to accommodate defense against malicious attackers. No single standard protocol. Capture common security threats and provide guidelines to secure routing protocol. Routers exchange network topology informally in order to establish routes between nodes - another potential target for malicious attackers who intend to bring down the network. External attackers - injecting erroneous routing info, replaying old routing info or distorting routing info in order to partition a network or overloading a network with retransmissions and inefficient routing. Internal compromised nodes - more severe detection and correction more difficult Routing info signed by each node won't work since compromised nodes can generate valid signatures using their private keys. Detection of compromised nodes through routing information is also difficult due to dynamic topology of Adhoc networks. Can make use of some properties of adhoc networks to facilitate secure routing. Routing protocols for Adhoc networks must handle outdated routing information to accommodate dynamic changing topology. False routing information generated by compromised nodes can also be regarded as outdated routing information. As long as there are sufficient no. of valid nodes, the routing protocol should be able to bypass the compromised nodes, this however needs the existence of multiple, possibly disjoint routes between nodes. Routing protocol should be able to make use of an alternate route if the existing one appears to have faulted.

(8)

2. Key Agreement in Wireless Ad-hoc Networks

2.1 New key agreement scenario

Consider a group of people getting together for an Adhoc meeting in a room and trying to establish a wireless network through their laptops. They trust one another personally, however don't have any a priori shared secret (password) to authenticate one another. They don't want anybody outside the room to get a wind of their conversation indoors. This particular scenario is vulnerable to any attacker who not only can monitor the communication but can also modify the messages and can also insert messages and make them appear to have come from somebody inside the room. This is a classic example of Adhoc network and the most simple way to tackle this example would be through location based key agreement - to map locations to name ladles and then use identity based mechanisms for key agreement. e.g.: participants writing the IP addresses on a piece of paper and passing it around. Then a certificate based key agreement mechanism can be used. These public key certificates can allow participants to verify the binding between the IP address and keys of other participants.

Two obvious problems

a) Difficult to determine if the certificate presented by the participant has been revoked. b) Participants may be divided into 2 or more certification hierarchies and that they don't have cross certification hierarchies.

One obvious solution

A trusted third party capable of locating players, however not always feasible due to non-infrastructure nature of Adhoc networks.

Physically secure channel limited to those present in the room to negotiate the session key before switching to the insecure wireless channel.

2.2 Password based Authenticated Key Exchange

A fresh password is chosen and shared among those present in the room in order to capture the existing shared context. If this password is a long random string, can be used to setup security association, but less user friendly. Natural language phrases, more user friendly, however vulnerable to dictionary attacks. Need to derive a strong session key from a weak shared password.

(9)

2.2.1 Desirable properties for such a protocol Secrecy

Only those players that know the initial shared weak secret password should learn the session key and nobody else should.

Perfect Forward Secrecy

Warrants that if an attacker who succeeds in compromising one of the participants at a later time would be unable to figure out the session key resulting from previous runs of protocol.

Contributory key agreement

If each and every player participates in the creation of the final session key, by making a contribution, then it is called contributory key agreement.

Tolerance to disruption attempts

Not only strong attackers who can disrupt communication by jamming radio channels etc but even the weaker attackers who can insert but cannot modify or delete messages sent by players are also provided for.

2.2.2 Generic Protocol

A and B are two communicating parties with a shared secret (password) p. (EA, DA) are the keys of A.

(1) A --> B : A, P(EA).

A encrypts EA with the password and sends it to B. It also sends a label 'A' to identify itself.

(2) B knows 'P' so decrypts p(EA) extracts EA. B generates 'R' randomly, encrypts it using EA and the whole thing is encrypted with P and sent to A.

B --> A : P(EA (R)).

This message authenticates B to A, since B could extract EA from the message sent by A to B only if B knew password 'P'.

(3) A decrypts this message, extracts R, generates (challenge)A and SA , encrypts it using R and sends it to B.

A --> B : R((challenge)A, SA).

(10)

This message authenticates A to B, since A could extract R only if it knew password P.

(4) B decrypts this message, extracts (challenge)A and SA. It then computes h( ((challenge)A) where h() is a hash function. B then generates (challenge)B and SB and then sends h((challenge)A), ((challenge)B and SB to A, encrypted by R.

B --> A : R(h((challenge)A), (challenge)B, SB).

This message serves as an acknowledgement to A's previous message from step:3 and also notify A that SA has been successfully noted.(5) A decrypts this message, extracts (challenge)B and SB. A computes h((challenge)B), encrypts it using R and sends it to B. A --> B : R((challenge)B).

This message serves as an acknowledgement to B saying that SB has been noted.

Now both parties A and B know both SA and SB, so both can compute the session key K = f(SA, SB) and start communicating.

This protocol can be easily extended to multi-party case by electing a leader. The leader will broadcast the message in step1, the rest of the messages will be point to point with A acting as the leader.

At the end of each protocol run, each player shares a key with the leader. An additional round will be needed for the leader to pick a common session key and to distribute it among other players using the pair wise key the user shares with the participants. The main drawback is that this protocol is non-contributory since the key is chosen only by the leader.

However, we can slightly modify the protocol for it to act as a contributory multi-party protocol. The challenges (challenge)A and (challenge)B are used by A and B to confirm that the other knows the password P. The random quantities SA and SB which already have been generated could be used for the purpose of confirmation instead of the challenges. These quantities are used to generate the final session key K = f(SA, SB), these SA and SB could be easily used to confirm each other's knowledge of K.

Thus the modified protocol follows. (1) A --> B : A, P(EA).

(2) B --> A : P(EA (R, SB)).

Note: (challenge)B replaced by SB.

(3) A --> B : R(SA). SA used instead of (challenge)A.

(11)

(4) A --> B : K(SA, h(SA, SB)). (5) B --> A : K(SB, h(SA, SB)).

The last two steps 4 and 5 are used by the receiving party (B and A respectively) that the sending party (A and B respectively) knows K (and hence P). The h(., .) is a public hash function.

This protocol can be easily extended to multiple parties.

Let Mi i = 1 to n be the set of n players with Mn as the leader, Si being the random share contributed by Mi towards the generation of the final session key K.

(1) Mn --> ALL : Mn, P(E).

(2) Mi --> Mn : Mi, P(E(Ri, Si)), i = 1 to n-1. (3) Mn --> Mi : Ri({Sj, j = 1 to n}), i = 1 to n-1. (4) Mi --> Mn : Mi.

The last step confirms to each player that one other player knows the same key K. The multiparty protocol is contributory as every player makes its contribution towards generating the final session key. Mn takes contributions from every player and combines each one of them to generate the session key 'K'.

The protocol also provides perfect forward secrecy for all parties except for the one who knows the decryption key D, unless the decryption key is also destroyed at the end of the protocol run. The attacker who succeeds in compromising the leader Mn will be able to decipher a copy of the past session.

The protocol is also tolerant of disruption attempts by anyone except Mn. If the attacker doesn't know garbage it would send garbage message. Thus the true players agree on a key which has a contribution from the attacker, however the attacker cannot determine the session key as it does not have the knowledge of the initial shared secret (password) P.

Since the protocol is contributory, a certain amount of delay is introduced with it, since the leader has to wait for contributions from each player before it can start sending out messages.

Drawbacks

1) Any quantity encrypted using the weak secret (password) P should be random. Thus E cannot be well known long term encryption key, hence it is important to use a fresh key pair for every run of the protocol and this is computationally expensive.

(12)

2) The parts of encryption key E may have special properties which might help the attacker attempting a dictionary attack on P(E), thus care must be taken only to encrypt the unpredictable parts of E, thus increasing the computational cost of the protocol.

2.3 Password authenticated Diffie - Hellman key exchange

2.3.1 Two party version

In the elementary DH protocol, two parties A and B agree on a prime p and a generator g of the multiplicative group Zp* (i.e. the set {1, 2, …, p-1}). A and B choose random secrets SA and SB such that 1 <= SA, SB <= p-1.

(1) A computes gSA_{, encrypts it with the shared secret password P and sends it to B.} A --> B : A, P(gSA_).

(2) B extracts gSA_{from the message computes g}SB_{and also computes the session key K =} (gSA₎SB_{. B then chooses a random challenge C}

B and encrypts it using the key K. B encrypts SB using P. It then sends the two quantities to A.

B --> A : P(SB), K(CB).

(3) A extracts SB from P(SB) and computes the key K = (gSA)SB. It then extracts CB by decrypting K(CB). A then generates challenge (random) CA, encrypts both CA and CB with K and sends it to B.

A --> B : K(CA, CB).

(4) This message(3) convinces B that A was able to decrypt the message in (2) correctly. B then encrypts CA using K and sends it to A.

B --> A : K(CA).

A decrypts the message to see if the plaintext is indeed CA. This would convince A that B knew K. This would in turn convince A that B knew P.

2.3.2 Multi-party version

There are let's just say n players M1, M2, …, Mn who all share a password P, each generating a random quantity Si which is its contribution to the eventual session key K = g S1S2_ _ _Sn-1Sn_.

The protocol is divided into 3 parts. In the first part (steps 1 and 2) players Mi to Mn-1 generate an intermediate key

PI = g S1S2_ _ _Sn-1_{in n-1 steps.}

12

Fig 3.1 Routing in Ad-hoc

networks

Fig 3.2 Routing in traditional networks using router.

(13)

In the second part (steps 3 and 4) each Mi (i = 1 to n-1) has a separate with Mn, at the end of which all the players are in a position to compute K.

The third part (step 5) being the key confirmation. (1) Mi --> Mi+1 : g S1S2_ _ _Si, i = 1 to n-2 in sequence. (2) Mn-1 --> ALL : PI = g S1S2_ _ _Sn-1, broadcast.

(3) Mi --> Mn : P(Ci), i = 1 to n-1, in parallel, where Ci = PI Si’/Si and Si ‘ is the blinding factor that is randomly choosen by Mi.

(4) Mn --> Mi : (Ci) Sn, i = 1 to n-1, in parallel.

(5) Mi --> ALL : Mi, K(Mi, h(M1, M2,…, Mn) broadcast.

Step 1 consists of (n-2) sub steps. In the first sub step player M1 computes gS1 and sends it to M2 etc. At the end of the (n-2)th sub step, Mn-1 receives g S1S2_ _ _Sn-2, which it then raises by (S n-1) to get the intermediate key PI = g S1S2_ _ _Sn-1.

In step 2, Mn-1 broadcast this PI to everyone. Now every Mi (i = 1 to n-1) removes its contribution i.e, Si (i = 1 to n-1) from the PI respectively but also inserts a randomly chosen blinding factor Si, encrypts the whole thing with the shared password P.

In step 3,each Mi will in parallel send the encryption to Mn. Mn decrypts the received message to extract Ci. It then raises each Ci by Sn and returns the result in parallel to each Mi. At this point each player can compute the session key as follows K = g S1S2_ _ _Sn-1Sn_. Mn raises PI by Sn : K = (PI)Sn. Each Mi unblinds the quantity it receives from Mn and re inserts its original contribution Si to construct the session key K = g S1S2_ _ _Sn-1Sn = (PI)Sn. Finally, some player broadcasts a key confirmation message that allows each player to verify that at least one another player has decided on the same key K.

The blinding factor Si is needed for the following reasons.

(a) Without the blinding, the quantity encrypted with P by Mn-1 from step 3 is the same as what it receives in step 1.

(b) An attacker could send g S1S2_ _ _Si_{to M}

i in step 2 instead of the broadcast message (intermediate key) PI. If Mi uses this quantity to generate its message in step 3, the resulting message is same as the message received by Mi in step 1. To thwart dictionary attacks, blinding is necessary.

This protocol does provide perfect forward secrecy. It is also quasi-resilient to disruption except when Mn is compromised/disrupted.

13

Fig 3.1 Routing in Ad-hoc

networks

(14)

3. Secure routing in Ad-hoc networks

3.1 Problems associated with Ad-hoc routing

3.1.1 Infrastructure

An Ad-hoc network is an infrastructure less network. Unlike traditional networks there is no pre-deployed infrastructure such as centrally administered routers or strict policy for supporting end-to-end routing. The nodes themselves are responsible for routing packets. Each node relies on the other nodes to route packets for them. Mobile nodes in direct radio range of one another can communicate directly, but nodes that are too far apart to communicate directly must depend on the intermediate nodes to route messages for them.

3.1.2 Frequent changes in network topology

14 Fig 3.1 Routing in Ad-hoc

networks

Direct Radio Reach _Trusted

Router

(15)

Ad-hoc networks contain nodes that may frequently change their locations. Hence the topology in these networks is highly dynamic. This results in frequently changing neighbors on whom a node relies for routing. As a result traditional routing protocols can no longer be used in such an environment. This mandates new routing protocols that can handle the dynamic topology by facilitating fresh route discoveries.

3.1.3 Problems associated with wireless communication

As the communication is through wireless medium, it is possible for any intruder to tap the communication easily. Wireless channels offer poor protection and routing related control messages can be tampered. The wireless medium is susceptible to signal interference, jamming, eavesdropping and distortion. An intruder can easily eavesdrop to know sensitive routing information or jam the signals to prevent propagation of routing information or worse interrupt messages and distort them to manipulate routes. Routing protocols should be well adopted to handle such problems.

3.1.4 Problems with existing Ad-hoc routing protocols 3.1.4.1 Implicit trust relationship between neighbors

Current Ad-hoc routing protocols inherently trust all participants. Most Ad-hoc routing protocols are cooperative by nature and depend on neighboring nodes to route packets. This naive trust model allows malicious nodes to paralyze an Ad-hoc network by inserting erroneous routing updates, replaying old messages, changing routing updates or advertising incorrect routing information. While these attacks are possible in fixed network as well, the Ad-hoc environment magnifies this makes detection difficult.

3.1.4.2 Throughput

Ad-hoc networks maximize total network throughput by using all available nodes for routing and forwarding. However a node may misbehave by agreeing to forward packets and then failing to do so, because it is overloaded, selfish, malicious or broken. Misbehaving nodes can be a significant problem. Although the average loss in throughput due to misbehaving nodes is not too high, in the worst case it is very high. 15 S A B C D X M Fig. 3.3 a S A B M C D X Fig 3.4 b

(16)

3.1.4.3 Attacks using modification of protocol fields of messages

Current routing protocols assume that nodes do not alter the protocol fields of messages passed among nodes. Routing protocol packets carry important control information that governs the behavior of data transmission in Ad-hoc networks. Since the level of trust in a traditional Ad-hoc network cannot be measured or enforced, enemy nodes or compromised nodes may participate directly in the route discovery and may intercept and filter routing protocol packets to disrupt communication. Malicious nodes can easily cause redirection of network traffic and DOS attacks by simply altering these fields.

For example, in the network illustrated in Figure3.3, a malicious node M could keep traffic from reaching X by consistently advertising to B a shorter route to X than the route to X, which C is advertising.

The attacks can be classified as remote redirection attacks and denial of service attacks. Let us look at them now.

(a) Remote redirection with modified route sequence number (AODV)

Remote redirection attacks are also called black hole attacks. In the attacks, a malicious node uses routing protocol to advertise itself as the shortest path to nodes whose packets it wants to intercept. Protocols such as AODV instantiate and maintain routes by assigning monotonically increasing sequence numbers to routes towards a specific destination. In AODV, any node may divert traffic through itself by advertising a route to a node with a destination sequence number greater than the authentic value.

Figure 3.3 illustrates an example ad hoc network. Suppose a malicious node, M, receives the RREQ that originated from S for destination X after it is re-broadcast by B during route discovery. M redirects traffic towards itself by unicasting to B a RREP containing a significantly higher destination sequence num for X than the authentic value last advertised by X.

(b) Redirection with modified hop count (AODV)

A redirection attack is also possible in certain protocols, such as AODV, by modification of the hop count field in route discovery messages. When routing decisions cannot be made by other metrics, AODV uses the hop count field to determine a shortest path. In AODV, malicious nodes can attract route towards themselves by resetting the hop count field of the RREP to zero. Similarly, by setting

(17)

the hop count field of the RREP to infinity, routes will tend to be created that do not include the malicious node.

Once the malicious node has been able to insert itself between two communicating nodes it is able to do anything with the packets passing between them. It can choose to drop packets to perform a denial of service attack, or alternatively use its place on the route as a first step in man-in-the-middle attack. (c) Denial of service with modified source routes

DSR is a routing protocol, which explicitly states routes in data packets. These routes lack any integrity checks and a simple denial-of-service attack can be launched in DSR by altering the source routes in packet headers.

Modification to source routes in DSR may also include the introduction of loops in the specified path. Although DSR prevents looping during the route discovery process, there are insufficient safeguards to prevent the insertion of loops into a source route after a route has been salvaged.

3.1.5 Attacks using impersonation

Current Ad-hoc routing protocols do not authenticate source IP address. A malicious node can launch many attacks by altering its MAC or IP address. Both AODV and DSR are susceptible to this attack.

3.1.6 Attacks using fabrication

Generation of false routing messages is termed as fabrication messages. Such attacks are difficult to detect.

3.1.6.1. Falsifying route error messages in AODV or DSR

AODV and DSR implement path maintenance measures to recover broken paths when nodes move. If the destination node or an intermediate node along an active path moves, the node upstream of the link break broadcasts a route error message to all active upstream neighbors. The node also invalidates the route for this destination in its routing table.

The vulnerability is that routing attacks can be launched by sending false route error messages. Suppose node S has a route to node X via nodes A, B, and C, as in Figure3.3. A malicious node M can launch a denial of service attack against X by continually sending route error messages to B spoofing node C, indicating a broken link between nodes C and X. B receives the spoofed route error message thinking that it came from C. B deletes its routing table entry for X and forwards the route error message on to A, who then also deletes its routing table entry. If M listens and broadcasts spoofed route error messages whenever a route is established from S to X, M can successfully prevent communications between S and X.

(18)

3.1.6.2. Route cache poisoning in DSR

This is a passive attack that can occur in DSR due to promiscuous mode of updating routing table which is employed by DSR. This occurs when information stored in routing table at routers is deleted, altered or injected with false information. In addition to learning routes from headers of packets, which a node is processing along a path, routes in DSR may also be learned from promiscuously received packets. A node overhearing any packet may add the routing information contained in that packet's header to its own route cache, even if that node is not on the path from source to destination.

The vulnerability is that an attacker could easily exploit this method of learning routes and poison route caches. Suppose a malicious node M wanted to poison routes to node X. If M were to broadcast spoofed packets with source routes to X via itself, neighboring nodes that overhear the packet transmission may add the route to their route cache.

3.1.6.3. Routing table overflow attack

In routing table overflow attack, the attacker attempts to create route to non-existent nodes. The goal of the attacker is to create enough routers to prevent new routes from being created or overwhelm the protocol. Implementation and flush out legitimate routes from routing tables. Proactive routing algorithms attempt to discover routing information even before they are needed, while reactive algorithms create only when they are needed. This makes proactive algorithms more vulnerable to table overflow attacks.

3.1.7 No way to detect and isolate misbehaving nodes

As we observed earlier in section 4.1, misbehaving nodes can affect network throughput adversely in worst-case scenarios. The existing Ad-hoc routing protocols do not include any mechanism to identify misbehaving nodes. It is necessary to clearly define misbehaving nodes in order to prevent false positives. It may be possible that a node appears to be misbehaving when it is actually encountering temporary problem such as overload or low battery. A routing protocol should be able to identify misbehaving nodes and isolate them during route discovery operation.

3.1.8 Easily leak information about network topology

Ad-hoc routing protocols like AODV and DSR carry routes discovery packets in clear text. These packets contain the routes to be followed by a packet. By analyzing these packets any intruder can find out the structure of the network. The attack might use information gained to know which other nodes are adjacent to the target or the physical location of a particular node. Such an attack can be done passively. It can

(19)

reveal roles of nodes in the network and their location. Intruders can use this information to attack command ad control nodes.

3.1.9 Lack of self-stabilization property

Routing protocols should be able to recover from an attack in finite time. An intruder should not be able to permanently disable a network by injecting a smaller number of mal-informed routing packets. E.g. AODV, however is prone to self-stabilization problems as sequence numbers are used to verify route validity times, and incorrect state may remain stored in the routing tables for a long time.

3.2 Solutions to problems in Ad-hoc-routing

3.2.1 Using pre-deployed security infrastructure

Here we assume existence of certain amount of security infrastructure. The type of Ad-hoc environment that we are dealing with here is called managed-open environment.

Assumptions

A managed-open environment assumes that there is opportunity for pre-deployment. Nodes wishing to communicate can exchange initialization parameters before hand, perhaps within the security of an infrastructured network where session keys may be exchanged or through a trusted third party like a certification authority. ARAN protocol in managed-open environment

ARAN or Authenticated Routing for Ad-hoc Networks detects and protects against malicious actions by third parties and peers in Ad-hoc environment. ARAN introduces authentication, message integrity and non-repudiation to an Ad-hoc environment.

ARAN is composed of two distinct stages. The first stage is simple and requires little extra work from peers beyond traditional ad hoc protocols. Nodes that perform the optional second stage increase the security of their route, but incur additional cost for their ad hoc peers who may not comply (e.g., if they are low on battery resources).

ARAN makes use of cryptographic certificates for the purposes of authentication and non-repudiation.

(1) Stage 1

It contains a preliminary certification stage and a mandatory end-end authentication stage. It is a lightweight stage and does not demand too many resources.

(20)

(a) Preliminary Certification

ARAN requires the use of a trusted certificate server T. Before entering the Ad-hoc network, each node requests a certificate from T. For a node A,

T -> A: CertA = [IPA, KA+, t, e]KT

The certificate contains the IP address of A, the public key of A, a timestamp t of when the certificate was created, and a time e at which the certificate expires. These variables are concatenated and signed by T. All nodes must maintain fresh certificates with the trusted server and must know T’s public key.

(b) End-to-End authentication

The goal of stage 1 is for the source to verify that the intended destination was reached. In this stage, the source trusts the destination to choose the return path. (i)Source node

A source node, A, begins route instantiation to a destination X by broadcasting to its neighbors a route discovery packet (RDP):

A -> broadcast: [RDP, IPX, CertA, NA, t]KA

The RDP includes a packet type identifier (“RDP"), the IP address of the destination (IPx), A's certificate (CertA), a nonce NA , and the current time t, all signed with A's private key. Each time A performs route discovery, it monotonically increases the nonce. Nodes then store the nonce they have last seen with its timestamp.

(ii) Intermediate node for RDP

Each node records the neighbor from which it received the message. It then forwards the message to each of its neighbors, signing the contents of the message. This signature prevents spoofing attacks that may alter the route or form loops. Let A's neighbor be B.

B -> broadcast: [[RDP, IPX, CertA, NA, t]KA-]KB-, CertB

Nodes do not forward messages for which they have already seen the (NA ,IPA) tuple. Upon receiving the broadcast, B's neighbor C validates the signature with the given certificate. C then rebroadcasts the RDP to its neighbors, first removing B's signature.

C -> broadcast: [[RDP, IPX, CertA, NA, t]KA-]KC-, CertC

(21)

(iii) Destination node

Eventually, the message is received by the destination, X, who replies to the first RDP that it receives for a source and a given nonce. There is no guarantee that the first RDP received traveled along the shortest path from the source.

The destination unicasts a Reply (REP) packet back along the reverse path to the source.

X -> D: [REP, IPA, CertX, NA, t]KX -(iv) Intermediate node for REP

Nodes that receive the REP forward the packet back to the predecessor from which they received the original RDP. All REPs are signed by the sender. Let D's next hop to the source be node C.

D -> C: [[REP, IPA, CertX, NA, t]KX-]KD-, CertD

C validates D's signature, removes the signature, and then signs the contents of the message before unicasting the RDP to B.

C -> B: [[REP, IPA, CertX, NA, t]KX-]KC-, CertC

A node checks the signature of the previous hop as the REP is returned to the source. This avoids attacks where malicious nodes instantiate routes by impersonation and re-play of X's message.

(v) Source node

When the source receives the REP, it verifies that the correct nonce was returned by the destination as well as the destination's signature. Only the destination can answer an RDP packet. Other nodes that already have paths to the destination cannot reply for the destination. While other protocols allow this networking optimization, we note that removing it also removes several possible exploits and cuts down on the reply traffic received by the source. Because only the destination can send REPs, loop freedom is guaranteed easily.

Disadvantages

ARAN requires that nodes keep one routing table entry per source-destination pair that is currently active. This is certainly more costly than per-destination entries in non-secure ad hoc routing protocols.

(2) Stage 2

Stage (2) is done only after Stage (1) is over. This is because the destination certificate is required in Stage (2). This stage is primarily used for discovery of shortest path in a secure fashion. Since a path is already discovered in Stage (2), data transfer can be pipelined with Stage (2)'s shortest path discovery operation.

(22)

(i) Source

The source begins by broadcasting a Shortest Path Confirmation (SPC) message to its neighbors (the same variables are used as in stage 1).

A -> broadcast: SPC, IPX, CertX, [[IPX, CertA, NA, t]KA- ]KX+

The SPC message begins with the SPC packet identifier (“SPC"), X's IP address and certificate. The source concatenates a signed message containing the IP address of X, its certificate, a nonce and timestamp. This signed message is encrypted with X's public key so that other nodes cannot modify the contents.

(ii) Intermediate Node

A neighbor B that receives the message, rebroadcasts the message after including its own cryptographic credentials. B signs the encrypted portion of the received SPC, includes its own certificate, and re-encrypts with the public key of X. This public key can be obtained in the certificate forwarded by A.

B ->broadcast: SPC, IPX, CertX, [[[IPX, CertA, NA, t]KA-]KX+]KB-, CertB]KX+

Nodes that receive the SPC packet create entries in their routing table so as not to forward duplicate packets. The entry also serves to route the reply packet from the destination along the reverse path.

(iii) Destination Node

Once the destination X receives the SPC, it checks that all the signatures are valid. X replies to the first SPC it receives and also any SPC with a shorter recorded path. X sends a Recorded Shortest Path (RSP) message to the source through its predecessor D.

X -> D: [RSP, IPA, certX, NA, route]KX

-The source eventually receives the packet and verifies that the nonce corresponds to the

SPC is originally generated. Advantages

The onion-like signing of messages prevents nodes in the middle from changing the path in several ways. First, to increase the path length of the SPC, malicious nodes require an additional valid certificate. Second, malicious nodes cannot decrease the recorded path length or alter it because doing so would break the integrity of the encrypted data.

(23)

Route Maintenance

ARAN is an on-demand protocol. Nodes keep track of whether routes are active. When no traffic has occurred on an existing route for that route's lifetime, the route is simply de-activated in the route table. Data received on an inactive route causes nodes to generate an Error (ERR) message that travels the reverse path towards the source. Nodes also use ERR messages to report links in active routes that are broken due to node movement. All ERR message must be signed. For a route between source A and destination X, a node B generates the ERR message for its neighbor C as follows:

B -> C: [ERR, IPA, IPX, CertC, NB, t]KB-

This message is forwarded along the path towards the source without modification. A nonce and timestamp ensures the ERR message is fresh. Because messages are signed, malicious nodes cannot generate ERR messages for other nodes. The non-repudiation provided by the signed ERR message allows a node to be verified as the source of each ERR message that it sends. A node which transmits a large number of ERR messages, whether the ERR messages are valid or fabricated, should be avoided.

Key revocation

ARAN attempts a best effort key revocation that is backed up with limited time certificates. In the event that a certificate needs to be revoked, the trusted certificate server, T, sends a broadcast message to the ad hoc group that announces the revocation. Calling the revoked certificate cert r, the transmission appears as:

T -> broadcast: [revoke, CertR]KT-

Any node receiving this message re-broadcasts it to its neighbors. Revocation notices need to be stored until the revoked certificate would have expired normally. Any neighbor of the node with the revoked certificate needs to reform routing as necessary to avoid transmission through the now-untrusted node.

This method is not failsafe. If an untrusted node, whose certificate is being revoked, is the only link between 2 parts of an Ad-hoc network, it may not propagate the revocation message to the other part - leading to a partitioned network.

To detect this situation and to hasten the propagation of revocation notices, when a node meets a new neighbor, it can exchange a summary of its revocation notices with that neighbor. If these summaries do not match, the actual signed notices can be forwarded and re-broadcasted to restart propagation of the notice.

(24)

3.2.2 Concealing Network topology or structure 1) Using independent Security Agents (SA)

This method is called the Non-disclosure method (NDM). In NDM a number of independent security agents (SA) are distributed over the network. Each of these agents SAi owns a pair of asymmetric cryptographic keys KSAi and KSAi-. Sender s wishes to transmit a message M to receiver R without disclosing his location. S sends the message using a number of SAs: SA1  SA2  …SAN  R. The message is encapsulated N times using the public keys KSA1…KSAn as follows.

M’ = KSA1(SA2, (KSA2 (SA3 (…(KSAN(R, M))…))))

To deliver the packet, S sends it to the first security agent SA1 which decrypts the outer most encapsulation and forwards the packet to the next agent. Each SA knows only the address of the previous and the next hop. The last agent finally decrypts the message and forwards it to R. It introduces a large amount of overhead and hence is not preferred for routing.

2) Zone Routing Protocol (ZRP)

It is a hierarchical protocol where the network is divided in to zones. The zones operate independently from each other. ZRP involves two separate routing protocols. Such a hierarchical routing structure is favorable with respect to security since a well designed algorithm should be able to contain certain problems to small portion of the hierarchy leaving other portions unaffected.

ZRP has some features that appear to make it somewhat less susceptible to routing attacks. Its hierarchical organization hides some of the routing information within the zones. ZRP provides some form of security against disclosing network topology by dividing routing into zones, which conceal the internal organization. 3.2.3. Installing extra facilities in the network to mitigate routing misbehavior Misbehaving nodes can reduce network throughput and result in poor robustness. Sergio Marti Et al propose a technique to identify and isolate such nodes by installing a watchdog and a pathrater in the Ad-hoc network on each node.

Assumptions

It is assumed that the wireless links are bi-directional. Most MAC layer protocols require this. It also assumes support for promiscuous mode of operation for the nodes. This helps the nodes supervise each other operation. The third assumption is that the underlying Ad-hoc routing protocol is DSR. It is possible to extend the mechanism to other routing protocols as well.

(25)

Mechanism

The watchdog identifies misbehaving nodes, while the pathrater avoids routing packets through these nodes. When a node forwards a packet, the node’s watchdog verifies that the next node in the path also forwards the packet. The watchdog does this by listening promiscuously to the next node’s transmissions. If the next node does not forward the packet, then it is misbehaving. The pathrater uses this knowledge of misbehaving nodes to choose the network path that is most likely to deliver packets.

Watchdog

The watchdog method detects misbehaving nodes. Figure3.4 illustrates how the watchdog works. Node A cannot transmit all the way to node C, but it can listen in on node B’s traffic. Thus, when A transmits a packet for B to forward to C, A can often tell if B transmits the

packet. If encryption is not performed separately for each link, which can be expensive, then A can also tell if B has tampered with the payload or the header. We implement the watchdog by maintaining a buffer of recently sent packets and comparing each overheard packet with the packet in the buffer to see if there is a match. If so, the packet in the buffer is removed and forgotten by the watchdog, since it has been forwarded on. If the packet has remained in the buffer for longer than a certain timeout, the watchdog increments a failure tally for the node responsible for forwarding on the packet. If the tally exceeds a certain threshold bandwidth, it determines that the node is misbehaving and sends a message to the source notifying it of the misbehaving node.

Advantages

The watchdog mechanism can detect misbehaving nodes at forwarding level and not just the link level.

Weakness

25

S A B C

Fig 3.4 Operation of the watchdog.

(26)

It might not detect misbehaving nodes in presence of 1) ambiguous collusions 2) receiver collusions 3) limited transmission power 4) false misbehavior 5) collision 6) partial dropping.

Analysis of Watchdog's weaknesses

1) Ambiguous collision

The ambiguous collision problem prevents A from overhearing transmissions from B. As figure3.5 illustrates, a packet collision occur at A while it is listening for B to forward on a packet. A does not know if the collision was caused by forwarding on a packet as it should or if B never forwarded the packet and the collision was caused by other nodes in A’s neighborhood. Because of this uncertainty, A should instead continue to watch B over a period of time.

2) Receiver collision

26

S A B C

Fig 3.6 Receiver Collision.

D

S A B C

Fig 3.5 Ambiguous Collision.

D

(27)

In the receiver collision problem, node A can only tell whether B sends the packet to C, but it cannot tell if C receives it. If a collision occurs at C when B first forwards the packet, A only sees B forwarding the packet and assumes that C successfully receives it. Thus, B could skip retransmitting the packet and evade detection. Figure 3.6

3) False misbehavior

False misbehavior can occur when nodes falsely report other nodes as misbehaving. A malicious node could attempt to partition the network by claiming that some nodes following it in the pat h are misbehaving. For instance, node A could report that node B is not forwarding packets when in fact it is. This will cause S to mark B as misbehaving when A is the culprit. This behavior, however, will be detected. Since A is passing messages onto B (as verified by S), then any acknowledgements from D to S will go through A to S, and S will wonder why it receives replies from D when supposedly B dropped packets in the forward direction. In addition, if A drops acknowledgements to hide them from S, the node B will detect this misbehavior and will report it to D.

4) Limited transmission power

Another problem is that a misbehaving node that can control its transmission power can circumvent the watchdog. A node could limit its transmission power such that the signal is strong enough to be overheard by the previous node but too weak to be received by the true recipient.

5) Multiple colluding nodes

Multiple nodes in collusion can mount a more sophisticated attack. For example, B and C from figure3.4 could collude to cause mischief. In this case, B forwards a packet to C but does not report to A when C drops the packet. Because of its limitation, it may be necessary to disallow two consecutive untrusted nodes in a routing path.

6) Partial dropping

A node can circumvent the watchdog by dropping packets at a lower rate than the watchdog’s configured minimum misbehavior threshold. Although the watchdog will not detect this node as misbehaving, this node is forced to forward at the threshold bandwidth. In this way the watchdog serves to enforce this minimum bandwidth. For the watchdog to work properly it must know where a packet should be in two hops.

Pathrater

(28)

Just like the watchdog, the pathrater is run by each node. It combines the knowledge of misbehaving nodes with link reliability data to pick. The most reliable route. Each node maintains a rating for every other node it knows about in the network. It calculates a path metric by averaging the node ratings in the path. We choose this metric because it gives a comparison of the overall reliability of different paths and allows pathrater to emulate the shortest length path algorithm when no reliability information ahs been collected, as explained below. If there are multiple paths to the same destination, we choose the path with the highest metric. Since the pathrater depends on knowing the exact path a packet has traversed, it must be implemented on top of a source routing protocol.

The pathrater assigns ratings to nodes according to the following algorithm. When anode in the network becomes known to the pathrater (through route discovery), the pathrater assigns it a “neutral” rating of 0.5. A node always rates itself with a 1.0. This ensures that when calculating path rates, if all other nodes are neutral nodes (rather than suspected misbehaving nodes); the pathrater picks the shortest length path. The pathrater increments the ratings of nodes on all actively used paths by 0.01 at periodic intervals of 200 ms. An actively used path is one on which the node has sent a packet within the previous rate increment interval. The maximum value a neutral node can attain is 0.8. We decrement a node’s rating by 0.05 when we detect a link break during packet forwarding and the node becomes unreachable. The lower bound rating of a “neutral” node is 0.0. The pathrater does not modify the ratings of nodes that are not currently in active use.

We assign special highly negative value, -100 in the simulations, to nodes suspected of misbehaving by the watchdog mechanism. When the pathrater calculates the path metric, negative path values indicate the existence of one or more suspected misbehaving nodes in the path. If a node is marked as misbehaving due to a temporary malfunction or incorrect accusation it would be preferable if it were not permanently excluded from routing. Therefore nodes that have negative ratings should have their ratings slowly increased or set back to a non-negative value after a long timeout.

Performance

Throughput and Overhead

The watchdog and pathrater mechanism with DSR algorithm improves throughput by 27% while increasing the overhead from 12% to 24%. But this overhead is due to the way DSR operates to maintain routes. The watchdog itself adds very little overhead. Although the overhead is significant, these extensions still improve net throughput. In networks with moderate mobility throughput improves by 17% while overhead transmission increases from 9% to 17%.

(29)

3.2.4 Security-Aware Ad-hoc Routing (SAR)

It makes use of trust levels (security attributes assigned to nodes) to make informed, secure routing decision. Current routing protocols discover the shortest path between two nodes. But SAR can discover a path with desired security attributes (E.g. a path through nodes with a particular shared key).

A node initiating route discovery sets the sought security level for the route i.e. the required minimal trust level for nodes participating in the query/ reply propagation. Nodes at each trust level share symmetric encryption keys. Intermediate nodes of different levels cannot decrypt in-transit routing packets or determine whether the required security attributes can be satisfied and drop them. Only the nodes with the correct key can read the header and forward the packet. So if a packet has reached the destination, it must have been propagated by nodes at the same level, since only they can decrypt the packet, see its header and forward it.

Shortest route

Secure route

Secure Node with the key

Other nodes in the network Implementation 29 S 2 1 M2 3 6 5 4 T M1

(30)

SAR can extend any routing protocol. Here we see how to extend AODV and call it SAODV. Most of AODV’s original behavior such as on-demand discovery using flooding, reverse path maintenance and forward path setup via Route Request and Reply (RREP) messages is retained.

The RREQ (Route REQuest) and the RREP (Route REPly) packets formats are modified to carry additional security information. The RREQ packet has an additional field called RQ_SEC_REQIREMENT that indicates the required security level for the route the sender wishes to discover. This could be a bit vector.

An intermediate node at the required trust level, updates the RREQ packet by updating another new field, RQ_SEC_GUARANTEE field. The RQ_SEC_GUARANTEE field contains the minimum security offered in the route. This can be achieved if each intermediate node at the required trust level performs an ‘AND’ operation with RQ_SEC_GUARANTEE field it receives and puts the updated value back into the RQ_SEC_GUARANTEE field before forwarding the packet.

Finally the packet reaches the destination if a route exists. In the RREP packet one additional field is also added. When an RREQ successfully traverses the network to the sender, the RQ_SEC_GUARANTEE represents the minimum security level in the entire path from source to destination. So the destination copies this from the RREQ to the RREP, into a new field called RP_SEC_GUARANTEE field. The sender can use this value to determine the security level on the whole path, since the sender can find routes which offer more security than asked for, with which he can make informed decisions.

Drawbacks

A lot of encryption overhead, since each intermediate node has to performs it.

3.2.5 Secure Routing Protocol

Assumptions

A Security Association (SA) exists between the source node (S) and destination node (T).One way of establishing this SA is negotiating a shared secret key by the knowledge of the public key of the other end. The existence of the SA is justified, because the end hosts choose a secure communication scheme and consequently should be able to authenticate each other. The SA would be established by any of group key exchange schemes. However the exists of SAs with any of the intermediate nodes is unnecessary. It is required that the end nodes be able to use non-volatile memory to maintain state information regarding relayed queries, so that previously seen route requests are discarded.

It is also expected that a one to one mapping exists between MAC and IP addresses exists. 30 S 2 1 M2 3 6 5 4 T M1

(31)

Finally the broadcast nature of the radio channels requires that each transmission is received by all neighbors, which are assumed to operate in promiscuous mode (i.e. able to overhear all transmissions from nodes within the range of their transceiver).

Working

The source node (S) initiates the route discovery by constructing a route request packet. The route request packet is identified by a random query identifier (rnd#) and a sequence number (sq#). We assumed that a security association (a shared key KST) is established between source (S) and destination (T).

S constructs a Message Authentication Code (MAC) which is a hash of source, destination, random query identifier, sequence number and KST

i.e. MAC = h(S, T, rnd#, sq#, KST). In addition the identifier (IP addresses) of the traversed intermediate nodes are accumulated in the route request packet.

31 S 2 1 M2 3 6 5 4 T M1

(32)

Intermediate nodes relay route requests. The intermediate nodes also maintain a limited amount of state information regarding relayed queries (by storing their random sequence number), so that previously seen route requests are discarded.

More than one route request packet reaches the destination through different routes. The destination T calculates a MAC covering the route reply contents and then returns the packet to S over the reverse route accumulated in the respective request packet. The destination responds to one or more route request packets to provide the source with an as diverse topology picture as possible.

Advantages

• Computing the MAC is not computationally expensive.

• Message integrity is preserved.

• If confidentiality of data is required we could encrypt the pay load with the shared key KST

Different attacks on routing and how they are countered Let M1, M2 be two malicious intermediate nodes.

We denote the query request as a list { QST; n1, n2, …. nk}. QST denotes the SRP header for a query searching for T and initiated by S.

ni , i not = {1,k} are the IP addresses of the intermediate nodes and n1= S, nk= T. Similarly, a route reply is denoted as { RST; n1, n2, …. nk}

Case 1:

When M receives { QST; S} it tries to mislead S by generating{ RST; S, M1, T} i.e. it fakes that destination T is its neighbor. This is possible in a regular routing protocol, but not here, since only T can generate the MAC which is verified by S.

Case 2:

If M1 discards request packets that it receives, it narrows the topology view of S. But at the same time it practically removes itself from S’s view. Thus it cannot inflict harm to data flows originating from S, and route chosen by S would not include M1.

Case 3:

When M1 receives { RST; S,1, M1, S, 4, T} it tampers with its contents and relays{ RST; S, 1, M, Y, T}. Y being any sequence of nodes. S readily discards the reply due to the integrity protection provided by MAC.

(33)

Case 4:

When M2 receives { QST; S, 2, 3 } it corrupts the accumulated route and relays

{ QST; S, X, 3, M2} to its neighbors, where X is a false IP address. This request arrives at T, which constructs the reply and routes it over {T, M2, 3, X, S} towards S. but when node 3 receives the reply it cannot forward it any further since X is not its neighbor and the reply is dropped.

Case 5:

If M1 replays route requests to consume network resources, they will be discarded by intermediate nodes, since they maintain a list of query identifiers seen in the past. The query identifier is a random number, so that it is not guessable by the malicious node.

Case 6:

If M1 attempts to forward { QST; S, M*} i.e. it spoofs its IP address. Consequently S would accept { RST; S, M*, 1, 4, T} as a route. But the connectivity information conveyed by such a reply is correct.

However, in practice, neighbor discovery that maintain information on the binding of the MAC and IP address can strengthen the protocol. Packets would be discarded when relayed by same data link interface i.e. same MAC address with more than one different IP address.

Attacks on SRP Protocol

Tunneling

If 2 nodes collude during the 2 phases (request and reply) of a single route discovery, then the protocol could be attacked.

e.g.: if M1 received a route request, it can tunnel it to M2 i.e. discover a route to M2 and send the request encapsulated in a data packet. Then M2 broadcasts a request with the route segment between M1 and M2 falsified { QST; S, M1, Z, M2}. T receives the request and constructs a reply which is routed one {T, M2, Z, M1, S}. M2 receives the reply and tunnels it back to M1, which then returns it to S. As a result the connectivity information is only partially correct.

Replay

If M1 rewrites the RND# with some other random number, its neighbors think that it is a genuine packet and keep forwarding it, thus wasting their resources. Only when the packet reaches the destination can this misuse be detected using the MAC.

(34)

4. Intrusion detection in wireless ad-hoc networks

4.1 Need for intrusion detection

(35)

The use of wireless links renders a wireless ad-hoc network vulnerable to malicious attacks, ranging from passive eavesdropping to active interference. In wired networks however the attacker needs to gain access to the physical media eg: network wires etc or pass through a plethora of firewalls and gateways. In wireless networks the scenario is much different , there are no firewalls and gateways in place hence attacks can take place from all directions. Every node in the ad-hoc network must be prepared for encounter with the adversary.

Each mobile node in ad-hoc network is an autonomous unit in itself free to move independently. This means a node with not adequate physical protection is very much susceptible to being captured , hijacked or compromised. Its is difficult to track down a single compromised node in a large network , attacks stemming from a compromised nodes are far more detrimental and much harder to detect. Hence every node in a wireless ad-hoc network should be able to work in a mode wherein it trusts no peer.

Ad-hoc networks have a decentralized architecture, and many ad-hoc network algorithms rely on cooperative participation of the member nodes. Adversaries can exploit this lack of centralized decision making architecture to launch new types of attacks aimed at breaking the cooperative algorithms.

Furthermore, Ad-hoc routing presents more vulnerabilities than one can imagine, since most routing protocols for ad-hoc networks are cooperative by nature. The adversary who compromises a ad-hoc node could succeed in bringing down the whole network by disseminating false routing information and this could culminate into all nodes feeding data to the compromised node.

Intrusion prevention techniques like encryption and authentication can reduce the risks of intrusion but cannot completely eliminate them eg: encryption and authentication cannot defend against compromised nodes.

4.2 General overview

In general terms “Intrusion” is defined as “any set of actions that attempt to compromise integrity , confidentiality or availability of the resource”.

The protocols and systems which are meant to provide services can be the target of attacks such as Distributed Denial of Service ( DDOS ). Intrusion detection can be used as a second line of defense to protect network systems because once an intrusion is detected response can be put in place to minimize the damage or gather evidence for prosecution or launch counter offensives.

Intrusion detection assumes that “user and program activities are observable “, which means that any activity which the user or an application program initiates , gets logged somewhere into system tables or some kind of a system log and intrusion detection systems (IDS) have an easy access to these system logs. This logged system/ user related data is called audit data. Thus, Intrusion detection is all about capturing audit data , on the

(36)

basis of this audit data determining whether it is a significant aberration from normal system behavior, if yes then IDS infers that the system is under attack. Based on the type of audit data , IDS can be classified into 2 types viz.

a) Network based : Network based IDS sits on the network gateway and captures and examines network packets that go through the network hardware interface.

b) Host based : Host based IDS relies on the operating system audit data to monitor and analyze the events generated by the users or programs on the host.

4.3 Unsuitability of the Current IDS techniques for Ad-hoc paradigm

Wireless ad-hoc networks don’t have no fixed infrastructure, since almost all of current network based IDS sit on the network gateways and routers and analyze the network packets passing through them, these type of network based IDS are rendered ineffective for the wireless ad-hoc networks.

In case of wireless ad-hoc networks the only available audit data is restricted to the communication activities taking place within the radio range, and any IDS meant for these type of networks should be made to work with this partial and localized kind of audit data.

Anomaly Detection models of IDS cannot be used for wireless ad-hoc networks, since the separating line between normalcy and anomaly is obscure. A node that transmits erroneous routing information ( fabrication ) can be either a compromised or is currently out of sync due to volatile physical movement. Hence in wireless ad-hoc networks it is difficult to distinguish between false alarms and real intrusions.

4.4 New proposed architecture

IDS should be both distributed and cooperative to suit the needs of wireless ad-hoc networks. What is meant by this statement is that every node in the wireless ad-hoc network should participate in intrusion detection. Each node is responsible for detecting intrusion locally and independently but neighboring nodes can form an association and collaboratively investigate in a broader range.

Each node within the network has its own individual IDS agent and these agents run independently and monitor user and system activities as well as communication activities within the radio range. If an anomaly is detected in the local data or if the evidence is inconclusive, IDS agents on the neighboring nodes will cooperatively participate in a global intrusion detection scheme. These individual IDS agents constitute the IDS system to protect the wireless ad-hoc network.

(37)

The IDS Architecture for Wireless Ad-hoc network 37 IDS IDS IDS IDS IDS IDS

(38)

System calls activities neighboring Communication activities etc. IDS agents

Fig : A Conceptual model for an IDS agent.

A Typical IDS Agent consists of following modules viz.

1) Local Data Collection: Local Data Collection module gathers streams of real time audit data from eclectic sources, which might include user and system activities within the mobile node, communication activities by this node as well as any communication activities within the radio range of this node and observable to this node.

2) Local Detection Engine: Local detection engine analyzes the local audit data for evidence of anomalies. This requires the IDS to maintain some expert rules for the node against which the audit data collected would checked. However as more and more appliances are becoming wireless, the types of planned attacks against these appliances is going to increase and this may make the existing expert rules insufficient to tackle these newer attacks. Moreover, updating these already existing expert rules is not a simple job. So any IDS meant for a wireless ad-hoc network

38 IDS AGENT Local Response Local Detection Engine Local Data Collection Global Response Cooperative Detection engine Secure Communicatio n

Ad Hoc Network Security

Security in Ad-hoc Networks

Arun Kumar Bayya

Siddhartha Gupte

Yogesh Kumar Shukla

Anil Garikapati

CS 685

Computer Science Department

University of Kentucky

Abstract

CONTENTS

Acknowledgement

1. Introduction

1.1 Security Goals

1.2 Challenges

1.3 Key Management

1.3 Secure Routing

2. Key Agreement in Wireless Ad-hoc Networks

2.1 New key agreement scenario

2.2 Password based Authenticated Key Exchange

2.3 Password authenticated Diffie - Hellman key exchange

3. Secure routing in Ad-hoc networks

3.1 Problems associated with Ad-hoc routing

3.2 Solutions to problems in Ad-hoc-routing

3.2.4 Security-Aware Ad-hoc Routing (SAR)

3.2.5 Secure Routing Protocol

Working

Attacks on SRP Protocol

4. Intrusion detection in wireless ad-hoc networks

4.1 Need for intrusion detection

4.2 General overview

4.3 Unsuitability of the Current IDS techniques for Ad-hoc paradigm

4.4 New proposed architecture