Docstoc

Security in Ad-hoc Networks

Document Sample
Security in Ad-hoc Networks Powered By Docstoc
					Security in Ad-hoc Networks

       Arun Kumar Bayya
        Siddhartha Gupte
      Yogesh Kumar Shukla
         Anil Garikapati

             CS 685

   Computer Science Department
     University of Kentucky




                                 1
                                        Abstract


    Ad-hoc networks are an emerging area of mobile computing. There are various
challenges that are faced in the Ad-hoc environment. These are mostly due to the
resource poorness of these networks. They are usually set up in situations of emergency,
for temporary operations or simply if there are no resources to set up elaborate networks.
Ad-hoc networks therefore throw up new requirements and problems in all areas of
networking. The solutions for conventional networks are usually not sufficient to provide
efficient Ad-hoc operations. The wireless nature of communication and lack of any
security infrastructure raise several security problems. In this paper we attempt to analyze
the demands of Ad-hoc environment. We focus on three areas of Ad-hoc networks, key
exchange and management, Ad-hoc routing, and intrusion detection. The key issues
concerning these areas have been addressed here. We have tried to compile solutions to
these problems that have been active areas of research.




                                                                                          2
                                       CONTENTS
                                                                    Page No.
1. Introduction                                                           6
  1.1 Security Goals                                                      6
  1.2 Challenges                                                          6
  1.3 Key Management                                                      7
  1.4 Secure Routing                                                      7

2. Key management                                                         8
   2.1 New Key Management Scenarios                                       8
       *Obvious Problems                                                  8
   2.2 Password based authenticated key exchange                          8
       2.2.1 Desirable Properties for such a protocol                     9
       2.2.2 Generic protocol                                             9
   2.3 Password Authenticated Deffie Hellman Key exchange                12
       2.3.1 Two Party version                                           12
       2.3.2 Multi Party version                                         12

3. Secure Ad-hoc Routing in Ad-hoc networks                              14
   3.1 Problems associated with Ad-hoc routing                           14
       3.1.1 Infrastructure                                              14
       3.1.2 Frequent Changes in network topology                        15
       3.1.3 Problems associated with wireless communication             15
       3.1.4.Problems with existing Ad Hoc routing protocols             15
             3.1.4.1 Implicit Trust relationship                         15
             3.1.4.2 Throughput                                          15
             3.1.4.3 Attacks using modification of protocol field        16
       3.1.5 Attacks using impersonation                                 17
       3.1.6 Attacks using fabrication                                   17
              3.1.6.1 Falsifying route error messages                    17
              3.1.6.2 Route Cache poisoning                              18
              3.1.6.3 Routing table overflow                             18
       3.1.7 Misbehaving Nodes                                           18
       3.1.8 Revealing network topology                                  18
       3.1.9 Lack of self-stabilization property                         19
    3.2 Solutions to problems in Ad-hoc routing                          19
          3.2.1 Using pre-deployed security infrastructure               19
          3.2.2 Concealing network topology                              24
          3.2.3 Installing extra facilities in the network               24
          3.2.4 Security Aware Ad-hoc routing                            29
          3.2.5 Secure routing protocol                                  30

4. Intrusion detection                                                   35
    4.1 Need for intrusion detection                                     35
    4.2 General Overview                                                 35


                                                                          3
  4.3 Unsuitability of current IDS techniques                  36
  4.4 New proposed architecture                                36
        4.4.1 Intrusion response                               40
  4.5 Anomaly detection in Ad hoc networks                     40
        4.5.1 Detecting abnormal updates to routing tables     40
        4.5.2 Detecting anomalous activities in other layers   41

5. Conclusion                                                  42

6. References                                                  43




                                                                4
Acknowledgement

    We thank Dr. Mukesh Singhal for his invaluable guidance throughout the compilation
of this term paper.




                                                                                     5
1. Introduction

   Ad-hoc networks are a new paradigm of wireless communication for mobile hosts. No
fixed infrastructure such as base stations as mobile switching .Nodes within each other
radio range communicate directly via wireless links while these which are far apart rely
on other nodes to relay messages. Node mobility causes frequent changes in topology.

1.1 Security Goals
1) Availability: Ensures survivability despite Denial Of Service ( DOS ) attacks. On
physical and media access control layer attacker can use jamming techniques to interfere
with communication on physical channel. On network layer the attacker can disrupt the
routing protocol. On higher layers, the attacker could bring down high level services e.g.:
key management service.

2) Confidentiality: Ensures certain information is never disclosed to unauthorized
entities.

3) Integrity: Message being transmitted is never corrupted.

4) Authentication: Enables a node to ensure the identity of the peer node it is
communicating with. Without which an attacker would impersonate a node, thus gaining
unauthorized access to resource and sensitive information and interfering with operation
of other nodes.

5) Non-repudiation Ensures that the origin of a message cannot deny having sent the
message.


1.2 Challenges
   Use of wireless links renders an Adhoc network susceptible to link attacks ranging
from passive eavesdropping to active impersonation, message replay and message
distortion. Eavesdropping might give an attacker access to secret information thus
violating confidentiality. Active attacks could range from deleting messages, injecting
erroneous messages, impersonate a node etc thus violating availability, integrity,
authentication and non-repudiation. Nodes roaming freely in a hostile environment with
relatively poor physical protection have non-negligible probability of being
compromised. Hence, we need to consider malicious attacks not only from outside but
also from within the network from compromised nodes. For high survivability Adhoc
networks should have a distributed architecture with no central entities, centrality
increases vulnerability. Ad-hoc network is dynamic due to frequent changes in topology.
Even the trust relationships among individual nodes also changes, especially when some




                                                                                         6
nodes are found to be compromised. Security mechanism need to be on the fly(dynamic)
and not static and should be scalable. Hundreds of thousand of nodes.

1.3 Key Management
   Cryptographic schemes such as digital signatures are often employed to protect both
routing info as well as data. Public key systems are generally espoused because of its
upper hand in key distribution. In public key infrastructure each node has a public/private
key pair. Public keys distributed to other nodes, while private keys are kept to nodes
themselves and that too confidentially. Third party (trusted) called Certification Authority
(CA) is used for key management.CA has a public/private key pair, with its public key
known to every node and signs certificates binding public keys to nodes. The trusted CA
has to stay online to reflect the current bindings, since the bindings could change
overtime. Public key should be revoked if the owner node is no longer trusted or is out of
network. A single key management service for an Ad-hoc network is probably not a good
idea, since it's likely to become Achilles‟ heel of the network. If CA is down/unavailable
nodes cannot get the current public keys of other nodes to establish secure connection.
Also if a CA is compromised, the attacker can sign any erroneous certificates with the
private key. Naive replication of CA can make the network more vulnerable, since
compromising of a single replica can cause the system to fail. Hence it's more prudent to
distribute the trust to a set of nodes by letting these nodes share the key management
responsibility.



1.3 Secure Routing
    The contemporary routing protocols for Adhoc networks cope well with dynamically
changing topology but are not designed to accommodate defense against malicious
attackers. No single standard protocol. Capture common security threats and provide
guidelines to secure routing protocol. Routers exchange network topology informally in
order to establish routes between nodes - another potential target for malicious attackers
who intend to bring down the network. External attackers - injecting erroneous routing
info, replaying old routing info or distorting routing info in order to partition a network or
overloading a network with retransmissions and inefficient routing. Internal compromised
nodes - more severe detection and correction more difficult Routing info signed by each
node won't work since compromised nodes can generate valid signatures using their
private keys. Detection of compromised nodes through routing information is also
difficult due to dynamic topology of Adhoc networks. Can make use of some properties
of adhoc networks to facilitate secure routing. Routing protocols for Adhoc networks
must handle outdated routing information to accommodate dynamic changing topology.
False routing information generated by compromised nodes can also be regarded as
outdated routing information. As long as there are sufficient no. of valid nodes, the
routing protocol should be able to bypass the compromised nodes, this however needs the
existence of multiple, possibly disjoint routes between nodes. Routing protocol should be
able to make use of an alternate route if the existing one appears to have faulted.



                                                                                            7
2. Key Agreement in Wireless Ad-hoc Networks


2.1 New key agreement scenario
    Consider a group of people getting together for an Adhoc meeting in a room and
trying to establish a wireless network through their laptops. They trust one another
personally, however don't have any a priori shared secret (password) to authenticate one
another. They don't want anybody outside the room to get a wind of their conversation
indoors. This particular scenario is vulnerable to any attacker who not only can monitor
the communication but can also modify the messages and can also insert messages and
make them appear to have come from somebody inside the room. This is a classic
example of Adhoc network and the most simple way to tackle this example would be
through location based key agreement - to map locations to name ladles and then use
identity based mechanisms for key agreement. e.g.: participants writing the IP addresses
on a piece of paper and passing it around. Then a certificate based key agreement
mechanism can be used. These public key certificates can allow participants to verify the
binding between the IP address and keys of other participants.

Two obvious problems

a) Difficult to determine if the certificate presented by the participant has been revoked.
b) Participants may be divided into 2 or more certification hierarchies and that they don't
have cross certification hierarchies.

One obvious solution
  A trusted third party capable of locating players, however not always feasible due to
non-infrastructure nature of Adhoc networks.

   Physically secure channel limited to those present in the room to negotiate the session
key before switching to the insecure wireless channel.


2.2 Password based Authenticated Key Exchange
    A fresh password is chosen and shared among those present in the room in order to
capture the existing shared context. If this password is a long random string, can be used
to setup security association, but less user friendly. Natural language phrases, more user
friendly, however vulnerable to dictionary attacks. Need to derive a strong session key
from a weak shared password.




                                                                                         8
2.2.1 Desirable properties for such a protocol

Secrecy
   Only those players that know the initial shared weak secret password should learn the
session key and nobody else should.

Perfect Forward Secrecy
    Warrants that if an attacker who succeeds in compromising one of the participants at a
later time would be unable to figure out the session key resulting from previous runs of
protocol.

Contributory key agreement
   If each and every player participates in the creation of the final session key, by making
a contribution, then it is called contributory key agreement.

Tolerance to disruption attempts
   Not only strong attackers who can disrupt communication by jamming radio channels
etc but even the weaker attackers who can insert but cannot modify or delete messages
sent by players are also provided for.

2.2.2 Generic Protocol

A and B are two communicating parties with a shared secret (password) p. (EA, DA) are
the keys of A.

(1) A --> B : A, P(EA).

    A encrypts EA with the password and sends it to B. It also sends a label 'A' to identify
itself.

(2) B knows 'P' so decrypts p(EA) extracts EA. B generates 'R' randomly, encrypts it using
EA and the whole thing is encrypted with P and sent to A.

   B --> A : P(EA (R)).

   This message authenticates B to A, since B could extract EA from the message sent by
A to B only if B knew password 'P'.

(3) A decrypts this message, extracts R, generates (challenge)A and SA , encrypts it using
R and sends it to B.

   A --> B : R((challenge)A, SA).




                                                                                          9
     This message authenticates A to B, since A could extract R only if it knew password
P.

(4) B decrypts this message, extracts (challenge)A and SA. It then computes h(
((challenge)A) where h() is a hash function. B then generates (challenge)B and S B and
then sends h((challenge)A), ((challenge)B and SB to A, encrypted by R.

     B --> A : R(h((challenge)A), (challenge)B, SB).

   This message serves as an acknowledgement to A's previous message from step:3 and
also notify A that SA has been successfully noted.(5) A decrypts this message, extracts
(challenge)B and SB. A computes h((challenge)B), encrypts it using R and sends it to B.

     A --> B : R((challenge)B).

     This message serves as an acknowledgement to B saying that SB has been noted.

  Now both parties A and B know both SA and SB, so both can compute the session key
K = f(SA, SB) and start communicating.

   This protocol can be easily extended to multi-party case by electing a leader. The
leader will broadcast the message in step1, the rest of the messages will be point to point
with A acting as the leader.
   At the end of each protocol run, each player shares a key with the leader. An
additional round will be needed for the leader to pick a common session key and to
distribute it among other players using the pair wise key the user shares with the
participants. The main drawback is that this protocol is non-contributory since the key is
chosen only by the leader.

   However, we can slightly modify the protocol for it to act as a contributory multi-
party protocol. The challenges (challenge)A and (challenge)B are used by A and B to
confirm that the other knows the password P. The random quantities SA and SB which
already have been generated could be used for the purpose of confirmation instead of the
challenges. These quantities are used to generate the final session key K = f(SA, SB), these
SA and SB could be easily used to confirm each other's knowledge of K.

Thus the modified protocol follows.

(1) A --> B : A, P(EA).

(2) B --> A : P(EA (R, SB)).

Note: (challenge)B replaced by SB.

(3) A --> B : R(SA). SA used instead of (challenge)A.




                                                                                         10
(4) A --> B : K(SA, h(SA, SB)).

(5) B --> A : K(SB, h(SA, SB)).

   The last two steps 4 and 5 are used by the receiving party (B and A respectively) that
the sending party (A and B respectively) knows K (and hence P). The h(., .) is a public
hash function.

   This protocol can be easily extended to multiple parties.

Let Mi i = 1 to n be the set of n players with Mn as the leader, Si being the random share
contributed by Mi towards the generation of the final session key K.

(1) Mn --> ALL : Mn, P(E).
(2) Mi --> Mn : Mi, P(E(Ri, Si)), i = 1 to n-1.
(3) Mn --> Mi : Ri({Sj, j = 1 to n}), i = 1 to n-1.
(4) Mi --> Mn : Mi.

The last step confirms to each player that one other player knows the same key K. The
multiparty protocol is contributory as every player makes its contribution towards
generating the final session key. Mn takes contributions from every player and combines
each one of them to generate the session key 'K'.

The protocol also provides perfect forward secrecy for all parties except for the one who
knows the decryption key D, unless the decryption key is also destroyed at the end of the
protocol run. The attacker who succeeds in compromising the leader Mn will be able to
decipher a copy of the past session.

The protocol is also tolerant of disruption attempts by anyone except Mn. If the attacker
doesn't know garbage it would send garbage message. Thus the true players agree on a
key which has a contribution from the attacker, however the attacker cannot determine
the session key as it does not have the knowledge of the initial shared secret (password)
P.

Since the protocol is contributory, a certain amount of delay is introduced with it, since
the leader has to wait for contributions from each player before it can start sending out
messages.

Drawbacks

1) Any quantity encrypted using the weak secret (password) P should be random. Thus E
cannot be well known long term encryption key, hence it is important to use a fresh key
pair for every run of the protocol and this is computationally expensive.




                                                                                       11
2) The parts of encryption key E may have special properties which might help the
attacker attempting a dictionary attack on P(E), thus care must be taken only to encrypt
the unpredictable parts of E, thus increasing the computational cost of the protocol.

2.3 Password authenticated Diffie - Hellman key exchange
2.3.1 Two party version

In the elementary DH protocol, two parties A and B agree on a prime p and a generator g
of the multiplicative group Zp* (i.e. the set {1, 2, …, p-1}). A and B choose random
secrets SA and SB such that 1 <= SA, SB <= p-1.

(1) A computes gSA, encrypts it with the shared secret password P and sends it to B.

A --> B : A, P(gSA).

(2) B extracts gSA from the message computes gSB and also computes the session key K =
(gSA)SB. B then chooses a random challenge CB and encrypts it using the key K. B
encrypts SB using P. It then sends the two quantities to A.

B --> A : P(SB), K(CB).

(3) A extracts SB from P(SB) and computes the key K = (gSA)SB. It then extracts CB by
decrypting K(CB). A then generates challenge (random) CA, encrypts both CA and CB
with K and sends it to B.

A --> B : K(CA, CB).

(4) This message(3) convinces B that A was able to decrypt the message in (2) correctly.
B then encrypts CA using K and sends it to A.

B --> A : K(CA).

A decrypts the message to see if the plaintext is indeed CA. This would convince A that B
knew K. This would in turn convince A that B knew P.

2.3.2 Multi-party version

There are let's just say n players M1, M2, …, Mn who all share a password P, each
generating a random quantity Si which is its contribution to the eventual session key K =
g S1S2_ _ _Sn-1Sn.

The protocol is divided into 3 parts. In the first part (steps 1 and 2) players Mi to Mn-1
generate an intermediate key
PI = g S1S2_ _ _Sn-1 in n-1 steps.




                                                                                       12
In the second part (steps 3 and 4) each Mi (i = 1 to n-1) has a separate with Mn, at the end
of which all the players are in a position to compute K.

The third part (step 5) being the key confirmation.

(1) Mi --> Mi+1 : g S1S2_ _ _Si, i = 1 to n-2 in sequence.

(2) Mn-1 --> ALL : PI = g S1S2_ _ _Sn-1, broadcast.

(3) Mi --> Mn : P(Ci), i = 1 to n-1, in parallel, where Ci = PI Si‟/Si and Si „ is the blinding
factor that is randomly choosen by Mi.

(4) Mn --> Mi : (Ci) Sn, i = 1 to n-1, in parallel.

(5) Mi --> ALL : Mi, K(Mi, h(M1, M2,…, Mn) broadcast.

Step 1 consists of (n-2) sub steps. In the first sub step player M1 computes gS1 and sends
it to M2 etc. At the end of the (n-2)th sub step, Mn-1 receives g S1S2_ _ _Sn-2, which it then
raises by (S n-1) to get the intermediate key PI = g S1S2_ _ _Sn-1.

In step 2, Mn-1 broadcast this PI to everyone. Now every Mi (i = 1 to n-1) removes its
contribution i.e, Si (i = 1 to n-1) from the PI respectively but also inserts a randomly
chosen blinding factor Si, encrypts the whole thing with the shared password P.

In step 3,each Mi will in parallel send the encryption to Mn. Mn decrypts the received
message to extract Ci. It then raises each Ci by Sn and returns the result in parallel to each
Mi. At this point each player can compute the session key as follows K = g S1S2_ _ _Sn-1Sn.
Mn raises PI by Sn : K = (PI)Sn. Each Mi unblinds the quantity it receives from Mn and re
inserts its original contribution Si to construct the session key K = g S1S2_ _ _Sn-1Sn = (PI)Sn.

Finally, some player broadcasts a key confirmation message that allows each player to
verify that at least one another player has decided on the same key K.

The blinding factor Si is needed for the following reasons.

(a) Without the blinding, the quantity encrypted with P by Mn-1 from step 3 is the same as
what it receives in step 1.

(b) An attacker could send g S1S2_ _ _Si to Mi in step 2 instead of the broadcast message
(intermediate key) PI. If Mi uses this quantity to generate its message in step 3, the
resulting message is same as the message received by Mi in step 1. To thwart dictionary
attacks, blinding is necessary.

This protocol does provide perfect forward secrecy. It is also quasi-resilient to disruption
except when Mn is compromised/disrupted.




                                                                                              13
3. Secure routing in Ad-hoc networks


 3.1 Problems associated with Ad-hoc routing

 3.1.1 Infrastructure

    An Ad-hoc network is an infrastructure less network. Unlike traditional networks
 there is no pre-deployed infrastructure such as centrally administered routers or strict
 policy for supporting end-to-end routing. The nodes themselves are responsible for
 routing packets. Each node relies on the other nodes to route packets for them.
 Mobile nodes in direct radio range of one another can communicate directly, but
 nodes that are too far apart to communicate directly must depend on the intermediate
 nodes to route messages for them.




                          Direct Radio Reach
                                                                          Trusted
                                                                          Router




       Fig 3.1 Routing in Ad-hoc                       Fig 3.2 Routing in traditional
               networks                                        networks using
                                                       router.




 3.1.2 Frequent changes in network topology


                                                                                            14
   Ad-hoc networks contain nodes that may frequently change their locations.
Hence the topology in these networks is highly dynamic. This results in frequently
changing neighbors on whom a node relies for routing. As a result traditional
routing protocols can no longer be used in such an environment. This mandates new
routing protocols that can handle the dynamic topology by facilitating fresh route
discoveries.

3.1.3 Problems associated with wireless communication

    As the communication is through wireless medium, it is possible for any intruder
to tap the communication easily. Wireless channels offer poor protection and routing
related control messages can be tampered. The wireless medium is susceptible to
signal interference, jamming, eavesdropping and distortion. An intruder can easily
eavesdrop to know sensitive routing information or jam the signals to prevent
propagation of routing information or worse interrupt messages and distort them to
manipulate routes. Routing protocols should be well adopted to handle such
problems.

3.1.4 Problems with existing Ad-hoc routing protocols

3.1.4.1 Implicit trust relationship between neighbors

   Current Ad-hoc routing protocols inherently trust all participants. Most Ad-hoc
routing protocols are cooperative by nature and depend on neighboring nodes to
route packets. This naive trust model allows malicious nodes to paralyze an Ad-hoc
network by inserting erroneous routing updates, replaying old messages, changing
routing updates or advertising incorrect routing information. While these attacks are
possible in fixed network as well, the Ad-hoc environment magnifies this makes
detection difficult.

3.1.4.2 Throughput

    Ad-hoc networks maximize total network throughput by using all available nodes
for routing and forwarding. However a node may misbehave by agreeing to forward
packets and then failing to do so, because it is overloaded, selfish, malicious or
broken. Misbehaving nodes can be a significant problem. Although the average loss
in throughput due to misbehaving nodes is not too high, in the worst case it is very
high.




   S      A     B     C      D    X          S     A    B     M      C     D     X

                   M
                Fig. 3.3 a                                  Fig 3.4 b
                                                                                        15
3.1.4.3 Attacks using modification of protocol fields of messages

   Current routing protocols assume that nodes do not alter the protocol fields of
messages passed among nodes. Routing protocol packets carry important control
information that governs the behavior of data transmission in Ad-hoc networks.
Since the level of trust in a traditional Ad-hoc network cannot be measured or
enforced, enemy nodes or compromised nodes may participate directly in the route
discovery and may intercept and filter routing protocol packets to disrupt
communication. Malicious nodes can easily cause redirection of network traffic and
DOS attacks by simply altering these fields.
   For example, in the network illustrated in Figure3.3, a malicious node M could
keep traffic from reaching X by consistently advertising to B a shorter route to X
than the route to X, which C is advertising.

    The attacks can be classified as remote redirection attacks and denial of service
attacks. Let us look at them now.

(a) Remote redirection with modified route sequence number (AODV)

   Remote redirection attacks are also called black hole attacks. In the attacks, a
malicious node uses routing protocol to advertise itself as the shortest path to nodes
whose packets it wants to intercept. Protocols such as AODV instantiate and
maintain routes by assigning monotonically increasing sequence numbers to routes
towards a specific destination. In AODV, any node may divert traffic through itself
by advertising a route to a node with a destination sequence number greater than the
authentic value.
   Figure 3.3 illustrates an example ad hoc network. Suppose a malicious node, M,
receives the RREQ that originated from S for destination X after it is re-broadcast by
B during route discovery. M redirects traffic towards itself by unicasting to B a
RREP containing a significantly higher destination sequence num for X than the
authentic value last advertised by X.

(b) Redirection with modified hop count (AODV)

   A redirection attack is also possible in certain protocols, such as AODV, by
modification of the hop count field in route discovery messages. When routing
decisions cannot be made by other metrics, AODV uses the hop count field to
determine a shortest path. In AODV, malicious nodes can attract route towards
themselves by resetting the hop count field of the RREP to zero. Similarly, by setting




                                                                                         16
the hop count field of the RREP to infinity, routes will tend to be created that do not
include the malicious node.

    Once the malicious node has been able to insert itself between two
communicating nodes it is able to do anything with the packets passing between
them. It can choose to drop packets to perform a denial of service attack, or
alternatively use its place on the route as a first step in man-in-the-middle attack.

(c) Denial of service with modified source routes

   DSR is a routing protocol, which explicitly states routes in data packets. These
routes lack any integrity checks and a simple denial-of-service attack can be
launched in DSR by altering the source routes in packet headers.
   Modification to source routes in DSR may also include the introduction of loops
in the specified path. Although DSR prevents looping during the route discovery
process, there are insufficient safeguards to prevent the insertion of loops into a
source route after a route has been salvaged.

3.1.5 Attacks using impersonation

  Current Ad-hoc routing protocols do not authenticate source IP address. A
malicious node can launch many attacks by altering its MAC or IP address. Both
AODV and DSR are susceptible to this attack.

3.1.6 Attacks using fabrication

    Generation of false routing messages is termed as fabrication messages. Such
attacks are difficult to detect.

3.1.6.1. Falsifying route error messages in AODV or DSR

    AODV and DSR implement path maintenance measures to recover broken paths
when nodes move. If the destination node or an intermediate node along an active
path moves, the node upstream of the link break broadcasts a route error message to
all active upstream neighbors. The node also invalidates the route for this destination
in its routing table.

   The vulnerability is that routing attacks can be launched by sending false route
error messages. Suppose node S has a route to node X via nodes A, B, and C, as in
Figure3.3. A malicious node M can launch a denial of service attack against X by
continually sending route error messages to B spoofing node C, indicating a broken
link between nodes C and X. B receives the spoofed route error message thinking
that it came from C. B deletes its routing table entry for X and forwards the route
error message on to A, who then also deletes its routing table entry. If M listens and
broadcasts spoofed route error messages whenever a route is established from S to X,
M can successfully prevent communications between S and X.



                                                                                          17
3.1.6.2. Route cache poisoning in DSR

   This is a passive attack that can occur in DSR due to promiscuous mode of
updating routing table which is employed by DSR. This occurs when information
stored in routing table at routers is deleted, altered or injected with false information.
   In addition to learning routes from headers of packets, which a node is processing
along a path, routes in DSR may also be learned from promiscuously received
packets. A node overhearing any packet may add the routing information contained
in that packet's header to its own route cache, even if that node is not on the path
from source to destination.

   The vulnerability is that an attacker could easily exploit this method of learning
routes and poison route caches. Suppose a malicious node M wanted to poison routes
to node X. If M were to broadcast spoofed packets with source routes to X via itself,
neighboring nodes that overhear the packet transmission may add the route to their
route cache.

3.1.6.3. Routing table overflow attack

    In routing table overflow attack, the attacker attempts to create route to non-
existent nodes. The goal of the attacker is to create enough routers to prevent new
routes from being created or overwhelm the protocol. Implementation and flush out
legitimate routes from routing tables. Proactive routing algorithms attempt to
discover routing information even before they are needed, while reactive algorithms
create only when they are needed. This makes proactive algorithms more vulnerable
to table overflow attacks.

3.1.7 No way to detect and isolate misbehaving nodes

   As we observed earlier in section 4.1, misbehaving nodes can affect network
throughput adversely in worst-case scenarios. The existing Ad-hoc routing protocols
do not include any mechanism to identify misbehaving nodes. It is necessary to
clearly define misbehaving nodes in order to prevent false positives. It may be
possible that a node appears to be misbehaving when it is actually encountering
temporary problem such as overload or low battery. A routing protocol should be
able to identify misbehaving nodes and isolate them during route discovery
operation.

3.1.8 Easily leak information about network topology

   Ad-hoc routing protocols like AODV and DSR carry routes discovery packets in
clear text. These packets contain the routes to be followed by a packet. By analyzing
these packets any intruder can find out the structure of the network. The attack might
use information gained to know which other nodes are adjacent to the target or the
physical location of a particular node. Such an attack can be done passively. It can




                                                                                             18
reveal roles of nodes in the network and their location. Intruders can use this
information to attack command ad control nodes.

3.1.9 Lack of self-stabilization property

    Routing protocols should be able to recover from an attack in finite time. An
intruder should not be able to permanently disable a network by injecting a smaller
number of mal-informed routing packets. E.g. AODV, however is prone to self-
stabilization problems as sequence numbers are used to verify route validity times,
and incorrect state may remain stored in the routing tables for a long time.


3.2 Solutions to problems in Ad-hoc-routing

3.2.1 Using pre-deployed security infrastructure

   Here we assume existence of certain amount of security infrastructure. The type
of Ad-hoc environment that we are dealing with here is called managed-open
environment.

Assumptions

   A managed-open environment assumes that there is opportunity for pre-
deployment. Nodes wishing to communicate can exchange initialization parameters
before hand, perhaps within the security of an infrastructured network where session
keys may be exchanged or through a trusted third party like a certification authority.

ARAN protocol in managed-open environment

    ARAN or Authenticated Routing for Ad-hoc Networks detects and protects
against malicious actions by third parties and peers in Ad-hoc environment. ARAN
introduces authentication, message integrity and non-repudiation to an Ad-hoc
environment.
    ARAN is composed of two distinct stages. The first stage is simple and requires
little extra work from peers beyond traditional ad hoc protocols. Nodes that perform
the optional second stage increase the security of their route, but incur additional cost
for their ad hoc peers who may not comply (e.g., if they are low on battery
resources).
    ARAN makes use of cryptographic certificates for the purposes of authentication
and non-repudiation.

(1) Stage 1

    It contains a preliminary certification stage and a mandatory end-end
authentication stage. It is a lightweight stage and does not demand too many
resources.


                                                                                            19
(a) Preliminary Certification

   ARAN requires the use of a trusted certificate server T. Before entering the Ad-
hoc network, each node requests a certificate from T. For a node A,

  T -> A: CertA = [IPA, KA+, t, e]KT-

   The certificate contains the IP address of A, the public key of A, a timestamp t of
when the certificate was created, and a time e at which the certificate expires. These
variables are concatenated and signed by T. All nodes must maintain fresh
certificates with the trusted server and must know T‟s public key.

(b) End-to-End authentication

   The goal of stage 1 is for the source to verify that the intended destination was
reached. In this stage, the source trusts the destination to choose the return path.

(i)Source node
    A source node, A, begins route instantiation to a destination X by broadcasting to
its neighbors a route discovery packet (RDP):

   A -> broadcast: [RDP, IPX, CertA, NA, t]KA-

   The RDP includes a packet type identifier (“RDP"), the IP address of the
destination (IPx), A's certificate (CertA), a nonce NA , and the current time t, all
signed with A's private key. Each time A performs route discovery, it monotonically
increases the nonce. Nodes then store the nonce they have last seen with its
timestamp.

(ii) Intermediate node for RDP
    Each node records the neighbor from which it received the message. It then
forwards the message to each of its neighbors, signing the contents of the message.
This signature prevents spoofing attacks that may alter the route or form loops. Let
A's neighbor be B.

   B -> broadcast: [[RDP, IPX, CertA, NA, t]KA-]KB-, CertB

   Nodes do not forward messages for which they have already seen the (NA ,IPA)
tuple. Upon receiving the broadcast, B's neighbor C validates the signature with the
given certificate. C then rebroadcasts the RDP to its neighbors, first removing B's
signature.

  C -> broadcast: [[RDP, IPX, CertA, NA, t]KA-]KC-, CertC




                                                                                         20
(iii) Destination node
    Eventually, the message is received by the destination, X, who replies to the first
RDP that it receives for a source and a given nonce. There is no guarantee that the
first RDP received traveled along the shortest path from the source.
    The destination unicasts a Reply (REP) packet back along the reverse path to the
source.

   X -> D: [REP, IPA, CertX, NA, t]KX-

(iv) Intermediate node for REP
   Nodes that receive the REP forward the packet back to the predecessor from
which they received the original RDP. All REPs are signed by the sender. Let D's
next hop to the source be node C.

   D -> C: [[REP, IPA, CertX, NA, t]KX-]KD-, CertD

   C validates D's signature, removes the signature, and then signs the contents of
the message before unicasting the RDP to B.

   C -> B: [[REP, IPA, CertX, NA, t]KX-]KC-, CertC

   A node checks the signature of the previous hop as the REP is returned to the
source. This avoids attacks where malicious nodes instantiate routes by
impersonation and re-play of X's message.

(v) Source node
   When the source receives the REP, it verifies that the correct nonce was returned
by the destination as well as the destination's signature. Only the destination can
answer an RDP packet. Other nodes that already have paths to the destination cannot
reply for the destination. While other protocols allow this networking optimization,
we note that removing it also removes several possible exploits and cuts down on the
reply traffic received by the source. Because only the destination can send REPs,
loop freedom is guaranteed easily.

Disadvantages

   ARAN requires that nodes keep one routing table entry per source-destination
pair that is currently active. This is certainly more costly than per-destination entries
in non-secure ad hoc routing protocols.

(2) Stage 2

   Stage (2) is done only after Stage (1) is over. This is because the destination
certificate is required in Stage (2). This stage is primarily used for discovery of
shortest path in a secure fashion. Since a path is already discovered in Stage (2), data
transfer can be pipelined with Stage (2)'s shortest path discovery operation.



                                                                                            21
(i) Source
The source begins by broadcasting a Shortest Path Confirmation (SPC) message to
its neighbors (the same variables are used as in stage 1).

   A -> broadcast: SPC, IPX, CertX, [[IPX, CertA, NA, t]KA- ]KX+

   The SPC message begins with the SPC packet identifier (“SPC"), X's IP address
and certificate. The source concatenates a signed message containing the IP address
of X, its certificate, a nonce and timestamp. This signed message is encrypted with
X's public key so that other nodes cannot modify the contents.

(ii) Intermediate Node
    A neighbor B that receives the message, rebroadcasts the message after including
its own cryptographic credentials. B signs the encrypted portion of the received SPC,
includes its own certificate, and re-encrypts with the public key of X. This public key
can be obtained in the certificate forwarded by A.

   B ->broadcast: SPC, IPX, CertX, [[[IPX, CertA, NA, t]KA-]KX+]KB-, CertB]KX+

   Nodes that receive the SPC packet create entries in their routing table so as not to
forward duplicate packets. The entry also serves to route the reply packet from the
destination along the reverse path.

(iii) Destination Node
    Once the destination X receives the SPC, it checks that all the signatures are
valid. X replies to the first SPC it receives and also any SPC with a shorter recorded
path. X sends a Recorded Shortest Path (RSP) message to the source through its
predecessor D.

   X -> D: [RSP, IPA, certX, NA, route]KX-

The source eventually receives the packet and verifies that the nonce corresponds to
the
SPC is originally generated.

Advantages

   The onion-like signing of messages prevents nodes in the middle from changing
the path in several ways. First, to increase the path length of the SPC, malicious
nodes require an additional valid certificate. Second, malicious nodes cannot
decrease the recorded path length or alter it because doing so would break the
integrity of the encrypted data.




                                                                                          22
Route Maintenance

    ARAN is an on-demand protocol. Nodes keep track of whether routes are active.
When no traffic has occurred on an existing route for that route's lifetime, the route is
simply de-activated in the route table. Data received on an inactive route causes
nodes to generate an Error (ERR) message that travels the reverse path towards the
source. Nodes also use ERR messages to report links in active routes that are broken
due to node movement. All ERR message must be signed. For a route between
source A and destination X, a node B generates the ERR message for its neighbor C
as follows:

   B -> C: [ERR, IPA, IPX, CertC, NB, t]KB-

    This message is forwarded along the path towards the source without
modification. A nonce and timestamp ensures the ERR message is fresh. Because
messages are signed, malicious nodes cannot generate ERR messages for other
nodes. The non-repudiation provided by the signed ERR message allows a node to
be verified as the source of each ERR message that it sends. A node which transmits
a large number of ERR messages, whether the ERR messages are valid or fabricated,
should be avoided.

Key revocation

   ARAN attempts a best effort key revocation that is backed up with limited time
certificates. In the event that a certificate needs to be revoked, the trusted certificate
server, T, sends a broadcast message to the ad hoc group that announces the
revocation. Calling the revoked certificate cert r, the transmission appears as:

   T -> broadcast: [revoke, CertR]KT-

   Any node receiving this message re-broadcasts it to its neighbors. Revocation
notices need to be stored until the revoked certificate would have expired normally.
Any neighbor of the node with the revoked certificate needs to reform routing as
necessary to avoid transmission through the now-untrusted node.
   This method is not failsafe. If an untrusted node, whose certificate is being
revoked, is the only link between 2 parts of an Ad-hoc network, it may not propagate
the revocation message to the other part - leading to a partitioned network.
   To detect this situation and to hasten the propagation of revocation notices, when
a node meets a new neighbor, it can exchange a summary of its revocation notices
with that neighbor. If these summaries do not match, the actual signed notices can be
forwarded and re-broadcasted to restart propagation of the notice.




                                                                                             23
3.2.2 Concealing Network topology or structure

1) Using independent Security Agents (SA)
   This method is called the Non-disclosure method (NDM). In NDM a number of
independent security agents (SA) are distributed over the network. Each of these
agents SAi owns a pair of asymmetric cryptographic keys KSAi and KSAi-. Sender s
wishes to transmit a message M to receiver R without disclosing his location. S sends
the message using a number of SAs: SA1  SA2  …SAN  R. The message is
encapsulated N times using the public keys KSA1…KSAn as follows.

   M‟ = KSA1(SA2, (KSA2 (SA3 (…(KSAN(R, M))…))))

   To deliver the packet, S sends it to the first security agent SA1 which decrypts the
outer most encapsulation and forwards the packet to the next agent. Each SA knows
only the address of the previous and the next hop. The last agent finally decrypts the
message and forwards it to R. It introduces a large amount of overhead and hence is
not preferred for routing.

2) Zone Routing Protocol (ZRP)
   It is a hierarchical protocol where the network is divided in to zones. The zones
operate independently from each other. ZRP involves two separate routing protocols.
Such a hierarchical routing structure is favorable with respect to security since a well
designed algorithm should be able to contain certain problems to small portion of the
hierarchy leaving other portions unaffected.
   ZRP has some features that appear to make it somewhat less susceptible to
routing attacks. Its hierarchical organization hides some of the routing information
within the zones. ZRP provides some form of security against disclosing network
topology by dividing routing into zones, which conceal the internal organization.

3.2.3. Installing extra facilities in the network to mitigate routing misbehavior

    Misbehaving nodes can reduce network throughput and result in poor robustness.
Sergio Marti Et al propose a technique to identify and isolate such nodes by
installing a watchdog and a pathrater in the Ad-hoc network on each node.

Assumptions

   It is assumed that the wireless links are bi-directional. Most MAC layer protocols
require this. It also assumes support for promiscuous mode of operation for the
nodes. This helps the nodes supervise each other operation. The third assumption is
that the underlying Ad-hoc routing protocol is DSR. It is possible to extend the
mechanism to other routing protocols as well.




                                                                                           24
Mechanism

   The watchdog identifies misbehaving nodes, while the pathrater avoids routing
packets through these nodes. When a node forwards a packet, the node‟s watchdog
verifies that the next node in the path also forwards the packet. The watchdog does
this by listening promiscuously to the next node‟s transmissions. If the next node
does not forward the packet, then it is misbehaving. The pathrater uses this
knowledge of misbehaving nodes to choose the network path that is most likely to
deliver packets.

Watchdog

   The watchdog method detects misbehaving nodes. Figure3.4 illustrates how the
watchdog works. Node A cannot transmit all the way to node C, but it can listen in
on node B‟s traffic. Thus, when A transmits a packet for B to forward to C, A can
often tell if B transmits the




       S               A               B                   C            D


                      Fig 3.4 Operation of the watchdog.




packet. If encryption is not performed separately for each link, which can be
expensive, then A can also tell if B has tampered with the payload or the header.
   We implement the watchdog by maintaining a buffer of recently sent packets and
comparing each overheard packet with the packet in the buffer to see if there is a
match. If so, the packet in the buffer is removed and forgotten by the watchdog,
since it has been forwarded on. If the packet has remained in the buffer for longer
than a certain timeout, the watchdog increments a failure tally for the node
responsible for forwarding on the packet. If the tally exceeds a certain threshold
bandwidth, it determines that the node is misbehaving and sends a message to the
source notifying it of the misbehaving node.

Advantages

    The watchdog mechanism can detect misbehaving nodes at forwarding level and
not just the link level.

Weakness


                                                                                      25
   It might not detect misbehaving nodes in presence of 1) ambiguous collusions 2)
receiver collusions 3) limited transmission power 4) false misbehavior 5) collision 6)
partial dropping.

Analysis of Watchdog's weaknesses



               2                       1                   1
        S                 A                    B                   C               D


                          Fig 3.5 Ambiguous Collision.




1) Ambiguous collision

   The ambiguous collision problem prevents A from overhearing transmissions
from B. As figure3.5 illustrates, a packet collision occur at A while it is listening for
B to forward on a packet. A does not           know if the collision was caused by
forwarding on a packet as it should or if B never forwarded the packet and the
collision was caused by other nodes in A‟s neighborhood. Because of this
uncertainty, A should instead continue to watch B over a period of time.




        S                A                 B                   C             D


                             Fig 3.6 Receiver Collision.




2) Receiver collision




                                                                                            26
    In the receiver collision problem, node A can only tell whether B sends the packet
to C, but it cannot tell if C receives it. If a collision occurs at C when B first forwards
the packet, A only sees B forwarding the packet and assumes that C successfully
receives it. Thus, B could skip retransmitting the packet and evade detection. Figure
3.6

3) False misbehavior

   False misbehavior can occur when nodes falsely report other nodes as
misbehaving. A malicious node could attempt to partition the network by claiming
that some nodes following it in the pat h are misbehaving. For instance, node A
could report that node B is not forwarding packets when in fact it is. This will cause
S to mark B as misbehaving when A is the culprit. This behavior, however, will be
detected. Since A is passing messages onto B (as verified by S), then any
acknowledgements from D to S will go through A to S, and S will wonder why it
receives replies from D when supposedly B dropped packets in the forward direction.
In addition, if A drops acknowledgements to hide them from S, the node B will
detect this misbehavior and will report it to D.


4) Limited transmission power

   Another problem is that a misbehaving node that can control its transmission
power can circumvent the watchdog. A node could limit its transmission power such
that the signal is strong enough to be overheard by the previous node but too weak to
be received by the true recipient.

5) Multiple colluding nodes

   Multiple nodes in collusion can mount a more sophisticated attack. For example,
B and C from figure3.4 could collude to cause mischief. In this case, B forwards a
packet to C but does not report to A when C drops the packet. Because of its
limitation, it may be necessary to disallow two consecutive untrusted nodes in a
routing path.

6) Partial dropping

   A node can circumvent the watchdog by dropping packets at a lower rate than the
watchdog‟s configured minimum misbehavior threshold. Although the watchdog will
not detect this node as misbehaving, this node is forced to forward at the threshold
bandwidth. In this way the watchdog serves to enforce this minimum bandwidth. For
the watchdog to work properly it must know where a packet should be in two hops.


Pathrater




                                                                                              27
    Just like the watchdog, the pathrater is run by each node. It combines the
knowledge of misbehaving nodes with link reliability data to pick. The most reliable
route. Each node maintains a rating for every other node it knows about in the
network. It calculates a path metric by averaging the node ratings in the path. We
choose this metric because it gives a comparison of the overall reliability of different
paths and allows pathrater to emulate the shortest length path algorithm when no
reliability information ahs been collected, as explained below. If there are multiple
paths to the same destination, we choose the path with the highest metric. Since the
pathrater depends on knowing the exact path a packet has traversed, it must be
implemented on top of a source routing protocol.
    The pathrater assigns ratings to nodes according to the following algorithm. When
anode in the network becomes known to the pathrater (through route discovery), the
pathrater assigns it a “neutral” rating of 0.5. A node always rates itself with a 1.0.
This ensures that when calculating path rates, if all other nodes are neutral nodes
(rather than suspected misbehaving nodes); the pathrater picks the shortest length
path. The pathrater increments the ratings of nodes on all actively used paths by 0.01
at periodic intervals of 200 ms. An actively used path is one on which the node has
sent a packet within the previous rate increment interval. The maximum value a
neutral node can attain is 0.8. We decrement a node‟s rating by 0.05 when we detect
a link break during packet forwarding and the node becomes unreachable. The lower
bound rating of a “neutral” node is 0.0. The pathrater does not modify the ratings of
nodes that are not currently in active use.
    We assign special highly negative value, -100 in the simulations, to nodes
suspected of misbehaving by the watchdog mechanism. When the pathrater
calculates the path metric, negative path values indicate the existence of one or more
suspected misbehaving nodes in the path. If a node is marked as misbehaving due to
a temporary malfunction or incorrect accusation it would be preferable if it were not
permanently excluded from routing. Therefore nodes that have negative ratings
should have their ratings slowly increased or set back to a non-negative value after a
long timeout.

Performance

Throughput and Overhead

   The watchdog and pathrater mechanism with DSR algorithm improves
throughput by 27% while increasing the overhead from 12% to 24%. But this
overhead is due to the way DSR operates to maintain routes. The watchdog itself
adds very little overhead. Although the overhead is significant, these extensions still
improve net throughput. In networks with moderate mobility throughput improves by
17% while overhead transmission increases from 9% to 17%.




                                                                                           28
3.2.4 Security-Aware Ad-hoc Routing (SAR)

   It makes use of trust levels (security attributes assigned to nodes) to make informed,
secure routing decision. Current routing protocols discover the shortest path between two
nodes. But SAR can discover a path with desired security attributes (E.g. a path through
nodes with a particular shared key).

   A node initiating route discovery sets the sought security level for the route i.e. the
required minimal trust level for nodes participating in the query/ reply propagation.
Nodes at each trust level share symmetric encryption keys. Intermediate nodes of
different levels cannot decrypt in-transit routing packets or determine whether the
required security attributes can be satisfied and drop them. Only the nodes with the
correct key can read the header and forward the packet. So if a packet has reached the
destination, it must have been propagated by nodes at the same level, since only they can
decrypt the packet, see its header and forward it.




                                       Shortest route




                                 Secure route




                                                          Secure Node with the key



                                                          Other nodes in the network



                                                                                       29
Implementation

   SAR can extend any routing protocol. Here we see how to extend AODV and call it
SAODV. Most of AODV‟s original behavior such as on-demand discovery using
flooding, reverse path maintenance and forward path setup via Route Request and Reply
(RREP) messages is retained.

    The RREQ (Route REQuest) and the RREP (Route REPly) packets formats are
modified to carry additional security information. The RREQ packet has an additional
field called RQ_SEC_REQIREMENT that indicates the required security level for the
route the sender wishes to discover. This could be a bit vector.
An intermediate node at the required trust level, updates the RREQ packet by updating
another new field, RQ_SEC_GUARANTEE field. The RQ_SEC_GUARANTEE field
contains the minimum security offered in the route. This can be achieved if each
intermediate node at the required trust level performs an „AND‟ operation with
RQ_SEC_GUARANTEE field it receives and puts the updated value back into the
RQ_SEC_GUARANTEE field before forwarding the packet.

   Finally the packet reaches the destination if a route exists. In the RREP packet one
additional field is also added. When an RREQ successfully traverses the network to the
sender, the RQ_SEC_GUARANTEE represents the minimum security level in the entire
path from source to destination. So the destination copies this from the RREQ to the
RREP, into a new field called RP_SEC_GUARANTEE field. The sender can use this
value to determine the security level on the whole path, since the sender can find routes
which offer more security than asked for, with which he can make informed decisions.


Drawbacks

   A lot of encryption overhead, since each intermediate node has to performs it.

3.2.5 Secure Routing Protocol

Assumptions

   A Security Association (SA) exists between the source node (S) and destination node
(T).One way of establishing this SA is negotiating a shared secret key by the knowledge
of the public key of the other end. The existence of the SA is justified, because the end
hosts choose a secure communication scheme and consequently should be able to
authenticate each other. The SA would be established by any of group key exchange
schemes. However the exists of SAs with any of the intermediate nodes is unnecessary.
    It is required that the end nodes be able to use non-volatile memory to maintain state
information regarding relayed queries, so that previously seen route requests are
discarded.




                                                                                       30
   It is also expected that a one to one mapping exists between MAC and IP addresses
exists.

    Finally the broadcast nature of the radio channels requires that each transmission is
received by all neighbors, which are assumed to operate in promiscuous mode (i.e. able
to overhear all transmissions from nodes within the range of their transceiver).




                                      Working


                                            4

                          1                                               T




                                                          M2
 S                                    5
                 M1


                                                                              6


                      2                              3




   The source node (S) initiates the route discovery by constructing a route request
packet. The route request packet is identified by a random query identifier (rnd#) and a
sequence number (sq#). We assumed that a security association (a shared key K ST) is
established between source (S) and destination (T).



                                                                                      31
    S constructs a Message Authentication Code (MAC) which is a hash of source,
destination, random query identifier, sequence number and KST
 i.e. MAC = h(S, T, rnd#, sq#, KST). In addition the identifier (IP addresses) of the
traversed intermediate nodes are accumulated in the route request packet.

   Intermediate nodes relay route requests. The intermediate nodes also maintain a
limited amount of state information regarding relayed queries (by storing their random
sequence number), so that previously seen route requests are discarded.

   More than one route request packet reaches the destination through different routes.
The destination T calculates a MAC covering the route reply contents and then returns
the packet to S over the reverse route accumulated in the respective request packet. The
destination responds to one or more route request packets to provide the source with an as
diverse topology picture as possible.

Advantages

      Computing the MAC is not computationally expensive.
      Message integrity is preserved.
      If confidentiality of data is required we could encrypt the pay load with the
       shared key KST

Different attacks on routing and how they are countered

    Let M1, M2 be two malicious intermediate nodes.
We denote the query request as a list { QST; n1, n2, …. nk}. QST denotes the SRP header
for a query searching for T and initiated by S.
ni , i not = {1,k} are the IP addresses of the intermediate nodes and n1= S, nk= T.
Similarly, a route reply is denoted as { RST; n1, n2, …. nk}

Case 1:

  When M receives { QST; S} it tries to mislead S by generating{ RST; S, M1, T} i.e. it
fakes that destination T is its neighbor. This is possible in a regular routing protocol, but
not here, since only T can generate the MAC which is verified by S.

Case 2:

    If M1 discards request packets that it receives, it narrows the topology view of S. But
at the same time it practically removes itself from S‟s view. Thus it cannot inflict harm to
data flows originating from S, and route chosen by S would not include M1.




                                                                                          32
Case 3:

   When M1 receives { RST; S,1, M1, S, 4, T} it tampers with its contents and
relays{ RST; S, 1, M, Y, T}. Y being any sequence of nodes. S readily discards the reply
due to the integrity protection provided by MAC.

Case 4:

   When M2 receives { QST; S, 2, 3 } it corrupts the accumulated route and relays
{ QST; S, X, 3, M2} to its neighbors, where X is a false IP address. This request arrives at
T, which constructs the reply and routes it over {T, M2, 3, X, S} towards S. but when
node 3 receives the reply it cannot forward it any further since X is not its neighbor and
the reply is dropped.

Case 5:

   If M1 replays route requests to consume network resources, they will be discarded by
intermediate nodes, since they maintain a list of query identifiers seen in the past. The
query identifier is a random number, so that it is not guessable by the malicious node.


Case 6:

   If M1 attempts to forward { QST; S, M*} i.e. it spoofs its IP address. Consequently S
would accept { RST; S, M*, 1, 4, T} as a route. But the connectivity information
conveyed by such a reply is correct.
However, in practice, neighbor discovery that maintain information on the binding of the
MAC and IP address can strengthen the protocol. Packets would be discarded when
relayed by same data link interface i.e. same MAC address with more than one different
IP address.



Attacks on SRP Protocol

Tunneling

    If 2 nodes collude during the 2 phases (request and reply) of a single route discovery,
then the protocol could be attacked.
e.g.: if M1 received a route request, it can tunnel it to M2 i.e. discover a route to M2 and
send the request encapsulated in a data packet. Then M2 broadcasts a request with the
route segment between M1 and M2 falsified { QST; S, M1, Z, M2}. T receives the request
and constructs a reply which is routed one {T, M2, Z, M1, S}. M2 receives the reply and
tunnels it back to M1, which then returns it to S. As a result the connectivity information
is only partially correct.




                                                                                          33
Replay

    If M1 rewrites the RND# with some other random number, its neighbors think that it
is a genuine packet and keep forwarding it, thus wasting their resources. Only when the
packet reaches the destination can this misuse be detected using the MAC.




                                                                                    34
4. Intrusion detection in wireless ad-hoc networks

4.1 Need for intrusion detection
    The use of wireless links renders a wireless ad-hoc network vulnerable to malicious
attacks, ranging from passive eavesdropping to active interference. In wired networks
however the attacker needs to gain access to the physical media eg: network wires etc or
pass through a plethora of firewalls and gateways. In wireless networks the scenario is
much different , there are no firewalls and gateways in place hence attacks can take place
from all directions. Every node in the ad-hoc network must be prepared for encounter
with the adversary.

   Each mobile node in ad-hoc network is an autonomous unit in itself free to move
independently. This means a node with not adequate physical protection is very much
susceptible to being captured , hijacked or compromised. Its is difficult to track down a
single compromised node in a large network , attacks stemming from a compromised
nodes are far more detrimental and much harder to detect. Hence every node in a wireless
ad-hoc network should be able to work in a mode wherein it trusts no peer.

    Ad-hoc networks have a decentralized architecture, and many ad-hoc network
algorithms rely on cooperative participation of the member nodes. Adversaries can
exploit this lack of centralized decision making architecture to launch new types of
attacks aimed at breaking the cooperative algorithms.

   Furthermore, Ad-hoc routing presents more vulnerabilities than one can imagine,
since most routing protocols for ad-hoc networks are cooperative by nature. The
adversary who compromises a ad-hoc node could succeed in bringing down the whole
network by disseminating false routing information and this could culminate into all
nodes feeding data to the compromised node.

   Intrusion prevention techniques like encryption and authentication can reduce the risks
of intrusion but cannot completely eliminate them eg: encryption and authentication
cannot defend against compromised nodes.

4.2 General overview
  In general terms “Intrusion” is defined as “any set of actions that attempt to
compromise integrity , confidentiality or availability of the resource”.

    The protocols and systems which are meant to provide services can be the target of
attacks such as Distributed Denial of Service ( DDOS ). Intrusion detection can be used
as a second line of defense to protect network systems because once an intrusion is
detected response can be put in place to minimize the damage or gather evidence for
prosecution or launch counter offensives.



                                                                                       35
   Intrusion detection assumes that “user and program activities are observable “, which
means that any activity which the user or an application program initiates , gets logged
somewhere into system tables or some kind of a system log and intrusion detection
systems (IDS) have an easy access to these system logs. This logged system/ user related
data is called audit data. Thus, Intrusion detection is all about capturing audit data , on the
basis of this audit data determining whether it is a significant aberration from normal
system behavior, if yes then IDS infers that the system is under attack. Based on the type
of audit data , IDS can be classified into 2 types viz.

a) Network based : Network based IDS sits on the network gateway and captures and
   examines network packets that go through the network hardware interface.
b) Host based : Host based IDS relies on the operating system audit data to monitor and
   analyze the events generated by the users or programs on the host.


4.3 Unsuitability of the Current IDS techniques for Ad-hoc paradigm
   Wireless ad-hoc networks don‟t have no fixed infrastructure, since almost all of
current network based IDS sit on the network gateways and routers and analyze the
network packets passing through them, these type of network based IDS are rendered
ineffective for the wireless ad-hoc networks.

   In case of wireless ad-hoc networks the only available audit data is restricted to the
communication activities taking place within the radio range, and any IDS meant for
these type of networks should be made to work with this partial and localized kind of
audit data.

   Anomaly Detection models of IDS cannot be used for wireless ad-hoc networks, since
the separating line between normalcy and anomaly is obscure. A node that transmits
erroneous routing information ( fabrication ) can be either a compromised or is currently
out of sync due to volatile physical movement. Hence in wireless ad-hoc networks it is
difficult to distinguish between false alarms and real intrusions.

4.4 New proposed architecture
    IDS should be both distributed and cooperative to suit the needs of wireless ad-hoc
networks. What is meant by this statement is that every node in the wireless ad-hoc
network should participate in intrusion detection. Each node is responsible for detecting
intrusion locally and independently but neighboring nodes can form an association and
collaboratively investigate in a broader range.

   Each node within the network has its own individual IDS agent and these agents run
independently and monitor user and system activities as well as communication activities
within the radio range. If an anomaly is detected in the local data or if the evidence is
inconclusive, IDS agents on the neighboring nodes will cooperatively participate in a



                                                                                            36
global intrusion detection scheme. These individual IDS agents constitute the IDS system
to protect the wireless ad-hoc network.


               IDS
                                                        IDS




IDS
                                                                     IDS




                                  IDS
                     IDS




               The IDS Architecture for Wireless Ad-hoc network




                                                                                     37
                                  IDS AGENT

                   Local                      Global
                   Response                   Response




                   Local                      Cooperative
                   Detection                  Detection
                   Engine                     engine



                   Local Data                 Secure
                   Collection                 Communicati
                                              on




              System calls activities                            neighboring
              Communication activities etc.                      IDS agents



                     Fig : A Conceptual model for an IDS agent.



A Typical IDS Agent consists of following modules viz.

   1) Local Data Collection: Local Data Collection module gathers streams of real
   time audit data from eclectic sources, which might include user and system activities
   within the mobile node, communication activities by this node as well as any
   communication activities within the radio range of this node and observable to this
   node.
   2) Local Detection Engine: Local detection engine analyzes the local audit data for
   evidence of anomalies. This requires the IDS to maintain some expert rules for the
   node against which the audit data collected would checked. However as more and
   more appliances are becoming wireless, the types of planned attacks against these
   appliances is going to increase and this may make the existing expert rules
   insufficient to tackle these newer attacks. Moreover, updating these already existing
   expert rules is not a simple job. So any IDS meant for a wireless ad-hoc network


                                                                                     38
   should resort to statistical anomaly detection techniques. The normal behavior
   patterns called “Normal Profiles” are determined using the trace data from a “training
   “ process where all activities are normal. During the “testing” process any deviations
   from the normal profiles are recorded if at all any occur. A detection module is
   computed from the deviation data to distinguish anomalies from normalcy. There are
   always going to be normal activities which have not been observed and recorded
   before, however their deviations from the normal profile is going to be much smaller
   than those of intrusions.

   3) Cooperative Detection : If a node locally detects a known intrusion with strong
   evidence it can very well on its own infer that the network is under attack and can
   initiate a response or a remedial action. However if the evidence of an anomaly or
   intrusion is a weak one or is rather inconclusive then the node decides it needs a
   broader investigation and can initiate a global intrusion detection procedure, which
   might consist of transmitting the intrusion detection state information among
   neighbors and further down the network if necessary.

      The intrusion detection state information may be a mere level-of-confidence value
   expressed as percentage.

    With p% confidence , node A after analyzing its local data concludes that there is
     an intrusion.
    With p% confidence , node A after analyzing the local data as well as that from its
     neighbors that there is an intrusion.
    With p% confidence , node A, B, C,…. Collectively conclude that there is an
     intrusion.

   To a more specific state that lists the suspects like,

    With p% confidence, node A concludes after analyzing its local data that node X
   has been compromised.

    A distributed consensus algorithm is then derived to compute the new intrusion
detection state for the node under consideration , with the help of the state information
recently received from the other nodes in the network. The algorithm might involve a
weighted computation assuming that nearer nodes have greater effect than the far away
ones.


A majority based Intrusion Detection Algorithm can include following steps :

1) The node sends to its neighboring node an “intrusion state request”.
2) Each node , including the one which initiates this algorithm then propagates the state
   information, indicating the likelihood of an intrusion to its immediate neighbors.
3) Each node then determines whether the majority of the received reports point towards
   an intrusion, if yes then it concludes that the network is under attack.



                                                                                      39
4) Any node which detects an intrusion to the network can then initiate the
   remedial/response procedure.

    As a rule of thumb , audit data from other nodes should not be trusted as compromised
nodes might tend to send misleading data. However for compromised node sending audit
data doesn‟t hold any incentives , in doing so it might create a situation which would
result in its expulsion from the network. Hence , unless majority of nodes are
compromised, and there exists at least one valid node the remedial procedure won‟t be
initiated.

4.4.1 Intrusion response

    The type of intrusion response for wireless ad-hoc networks depends on the type of
intrusion, the type of network protocols and the confidence in the veracity of the audit
trace data. The response might range from resetting the communication channels between
nodes or identifying the compromised nodes and precluding them from the network. The
IDS agent can notify the end user to do his/her own investigation and take the necessary
action. It also sends a re-authentication requests to all the nodes in the network, to prompt
their respective end users to authenticate themselves . Only the re-authenticated nodes
participate in negotiating a new communication channel and will recognize each other as
legitimate nodes. Thus the malicious nodes can be precluded.


4.5 Anomaly detection in wireless ad-hoc networks

4.5.1 Detecting Abnormal Updates to Routing Tables

    For Ad-hoc routing protocols , the primary concern is that false routing information
generated and transmitted by a compromised node will be used by other nodes in the
network, hence a good candidate for audit data would be the updates of routing
information. A routing table basically holds the next hop to each destination node and the
distance in terms of number of hops. A legitimate change in the routing table is caused
by physical motion of the nodes or changes in the membership of the network. For a node
, it own movement and the change in its own routing table are the only data it can trust
and hence we use it as a basis of the trace data. The physical movement is measured by
distance , direction and velocity. The routing table change is measured by Percentage of
changed routes (PCR), and the percentage changes in the sum of hops of all routes
(PCH). We use percentages as measurements because the number of nodes/route is not
fixed due to dynamic nature of the wireless ad-hoc networks. During the “training”
process, a wide variety of normal situations is simulated and the corresponding trace data
is gathered for each node. The audit/trace data of all the nodes in the network are then
merged together to get a set of all normal changes to the routing table for all nodes.
The normal profile specifies the correlation of the physical movement of the node and the
changes in the routing table. The classification algorithm classifies available trace data
into ranges. Now for a particular trace data, if the PCR and/or PCR values are beyond the




                                                                                          40
valid range for a particular movement ( velocity, direction & distance ) then it is
considered to be an anomalous situation and the necessary procedures are initiated.

4.5.2 Detecting Anomalous activities in other layers

   For MAC protocols , trace data could be in the form of total number of channel
requests, the total number of nodes making those requests etc, for last s seconds. The
class can be the range of the current requests by a node. The classifier of the trace data
describes the normal profile of a request. Anomaly detection model can then be computed
on the basis of the deviation of the trace data from the normal profile.
   Similarly, at the Wireless Application layer can use service as the class and can contain
following features – for the past s seconds, the total number of requests to the same
service, total number of services requested, the average duration of service, the number of
nodes that requested service, the total number of service errors etc. A classifier for each
service then describes the for each service a normal behavior for its requests.




                                                                                         41
6. Conclusion

    We have presented an overview of the existing security scenario in the Ad-Hoc
network environment. Key management, Ad-hoc routing and intrusion detection aspects
of wireless Ad-hoc networks were discussed. Ad-hoc networking is still a raw area of
research as can be seen with the problems that exist in these networks and the emerging
solutions. The key management protocols are still very expensive and not fail safe.
Several protocols for routing in Ad-hoc networks have been proposed. There is a need to
make them more secure and robust to adapt to the demanding requirements of these
networks. Intrusion detection is a critical security area. But it is a difficult goal to achieve
in the resource deficient Ad-hoc environment. But the flexibility, ease and speed with
which these networks can be set up implies they will gain wider application. This leaves
Ad-hoc networks wide open for research to meet these demanding application.




                                                                                             42
References:

1) Intrusion Detection in Wireless Ad-hoc Networks, Yongguang Zhang, Wenke Lee

2) Key Agreement in Ad-hoc Networks, N.Asokan, Philip Ginzboorg

3) Securing Ad-hoc Networks, L. Zhou, Z.J.Haas

4) A Secure Routing Protocol for Ad Hoc Networks, Bridget Dahill, Brian Neil,
Elizabeth Royer, Clay Shields

5) Routing Security in Ad Hoc Networks, Janne Lundberg, Helsinki University of
Technology

6) Security-Aware Ad-Hoc Routing for Wireless Networks, Seung Yi, Prasad Naldurg,
Robin Kravets, Department of Computer Science.

7) Mitigating Routing Misbehaviour in Ad Hoc Networks,

8) Key Establishment in Ad Hoc Networks, Maarit Hietalahti, Helsinki University of
Technology.

9) Key Agreement in Dynamic Peer Groups, Michael Steiner, Gene Tsudik, Michael
Waidner, IEE Computer Society.

10) Mobile Ad Hoc Networking (MANET): Routing Protocol Performance Issues and
Evaluation Consideration, S. Corson, J. Macker.

11) The Resurrecting Duckling: Security Issues for Wireless Ad Hoc Mobile Networks. ,
F. Stajano and R. Anderson.

12) A Review of Current Routing Protocols for Ad Hoc Mobile Wireless Networks,
E. M. Royer and C.K. Toh .

13) The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks. J. Broch and
D.B. Johnson

14) Ad Hoc On-Demand Distance Vector Routing Protocol. C. E. Perkins and E. M.
Royer.

15) The Zone Routing Protocol (ZRP) for Ad Hoc Networks, Z. Haas and M. Pearlman.




                                                                                     43

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:17
posted:2/1/2012
language:
pages:43
jianghongl jianghongl http://
About