Document Sample
Adaptive-threat-modeling-for-secure-manet-routing-protocol Powered By Docstoc
					International Journal of Scientific & Technology Research Volume 1, Issue 4, May 2012                                               ISSN 2277-8616

     Adaptive Threat Modeling For Secure MANET
                  Routing Protocol
                                                     Megha Rastogi, Kamal Kant Ahirwar

     Abstract— Wireless communication seems to make great advancements day by day. The recent need for the mobile ad-hoc networks is to
     support safe and secure transmission with no compromisation in efficiency by incorporating safe routes into mobile networks. The problem
     related to security in MANET ―Is there any method for identifying the true strength of the attacker during route discovery?‖is best rescued
     by threat models. Threat Model is the technique to identify threats, vulnerabilities, attacks and countermeasures of a network. In general
     threat modeling is a risk assessment process. Threat modeling is normally done in the route discovery phase of the network development
     before investing money, time and resources. Threat model analyses the capabilities of the attacker and evaluates trust. Current Threat
     models are limited in their ability to evaluate trust and also lacks in providing some strong countermeasures in securing routes. They do not
     provide any parameter on the basis of which security can be rated. Developing an adaptive threat model for routing protocol that can
     evaluate security and rate threat as low, medium and high presents significant challenges. In this paper, we have proposed an adaptive
     threat model that successfully evaluates trust of the intermediate nodes and rate the threat as low, medium and high and allow us to decide
     whether to continue with the current route or set up a new one.

     Index Terms— Mobile ad-hoc networks, Secure routing, Threat modeling, Risk assessment, Adaptive threat model, Trust evaluation, Threat


1. Introduction
A Mobile Ad-hoc Network (MANET) is characterized as a                           Ad-hoc routing protocols commonly works using two –
self organized infrastructure less network consist of mobile                    phased routing approaches:
nodes connected with each other through wireless links. All
mobile nodes of MANET are free to move in any direction                                       Route Discovery Phase: In this phase, route is
independent of each other and therefore exhibit an ever-                                      first determined.
changing dynamic topology. As a result of which it becomes                                    Data Forwarding Phase: In this phase, data is
very difficult to trust the intermediate devices whether they                                 forwarded from source to destination over the
are following the protocols rules or not. Threat model [7] will                               above identified route.
therefore help in evaluating this trust and enable us to
progress towards achieving secure routes. Thus the                              Developing a proper threat model against MANET routing
primary challenge in establishing a MANET is to figure out                      protocols presents a significant challenge. In this paper we
whether each intermediate node is continuously maintaining                      propose an adaptive threat model to analyze attacks
the routing information. Routing protocols that are widely                      against the route discovery phase in MANET routing
used in MANETs are categorized into three main                                  protocols and rate them as low, medium and high as per
categories:                                                                     the severity of the threat.

            Proactive Protocol                                                  2 NETWORK LAYER ATTACKS
            Reactive Protocol                                                   In order to identify an attacker’s capability, an
            Hybrid Protocol                                                     understanding of network layer attacks is must. Any attack
                                                                                in routing phase may disrupt the overall communication and
                                                                                the entire network can be paralyzed. Thus, security in
                                                                                network layer plays a very crucial role in the security of the
           ————————————————                                                     entire network. An attacker can attack by either absorbing
 Megha Rastogi is currently pursuing masters degree                             network traffic or injecting themselves [7] into the path
 program in computer science engineering in Amity                               between the source- destinations pair and thus controlling
 University, India, PH-9911497137. E-mail:                                      the network traffic flow.
 Kamal Kant Ahirwar is currently pursuing doctoral degree
 program in mobile computing engineering in Amity
 University, India, PH-9718281158. E-mail:

International Journal of Scientific & Technology Research Volume 1, Issue 4, May 2012                         ISSN 2277-8616

        2(a) Node absorbing traffic (Outsider node)                Malicious insiders are much more difficult to defend against
                                                                   than malicious outsiders because they hold trusted
                                                                   legitimate keys. Also insider nodes can play as outsider
                                                                   malicious nodes as well.

                                                                   3 TRADITIONAL MANET THREAT MODEL
      2(b) Node injecting into the path (Insider node)             There are several traditional threat models that were
                                                                   proposed earlier. The most common of them are as follows:
Various types of networking attacks can be categorized as
following:                                                                 Dolev-Yao Manet Threat Model[1]
                                                                           Active-N-M Attacker Model
Table 2.1: Different network layer attacks [6]                             Parametric Attacker Threat Model

                                                                   Table 3.1: Drawbacks of traditional threat models

                                                                   The Dolev-Yao model is the most traditional model that can
                                                                   be used to track attackers against authentication protocols.
                                                                   The authors define the attacker as [1]: ―someone who first
                                                                   taps the communication line to obtain messages and then
                                                                   tries everything he can to discover the shared secret‖. The
                                                                   Dolev-Yao attacker in a MANET is strong enough to
                                                                   capture any packet from the network and can also forward
                                                                   packet to any node in the network without anyone’s liability.
                                                                   However since the attacker can successfully divide the
                                                                   communication link between two nodes into two hop system
                                                                   passing through the attacker as intermediate node, the
                                                                   model can be regarded as the most effective way to
                                                                   evaluate MANET routing protocol. Unfortunately, the Dolev-
                                                                   Yao model is not been able to predict an attackers
2.1 Attack Sources                                                 capability to utmost precision as results from a limited
MANETs employ two types of attack sources: outsider or             attacker evaluation may claim security that can be
insider attacker node [4], [7].                                    subverted by changing the attacker restrictions.

   • Outsider attacker nodes: These do not possess                 4 AN ADAPTIVE THREAT MODEL
trusted keys. They simply works on message relay, replay,          The Dolev-Yao attacker model though provides the
or delay to affect routing protocols.                              strongest approach towards MANETs security suffers from
   • Insider attacker nodes: These are the fully trusted           some major drawbacks. Dolev-Vao model assumes the
nodes with proper legitimate keys. They pose threat when           attacker to be as powerful as any non-malicious node in the
they are compromised.                                              network. But modeling the strongest attacker does not
                                                                   provide the precision to identify the minimum capabilities
                                                                   required to break a protocol [1].Violation of a routing
International Journal of Scientific & Technology Research Volume 1, Issue 4, May 2012                           ISSN 2277-8616

protocol does not necessarily dependent on the capabilities
of an attacker but also on how well a routing protocol finds
the most trusted routes. An adaptive threat model made
certain amendments in the Dolev-Vao model for precisely
evaluating an attacker’s true strength. The model mainly
focuses [7] on how the possible routes can be violated by
the attacker instead of focusing on probable network
attacks, number of attackers, or attacker strength. In this
approach we can find out the true strength of the Dolev-Vao
attacker by considering the following:

         Whether the attacker is an insider or an outsider.
         Whether the attacker can be compromised or not.
         Number of attackers existing in the network.

Adaptive threat modeling deals with finding the minimum
attacker’s capability for violating the trusted routes as
determined by the route discovery phase .Identifying the
attacker’s minimum capability enables the network analyst
to protect the trusted network routes against the malicious
intruders thereby upgrading the network’s performance. An
attacker’s capability can lie between any of the following            5 CHALLENGES
outcomes: It can be same as the non-malicious node, or it             Developing an adaptive threat model for the mobile Ad hoc
can have unlimited receive radius, transmission radius                networks itself is a big challenge. Furthermore establishing
same as non-malicious node or there can be no limitation.             trust between intermediate nodes is most challenging as
After identifying attacker’s capability, we can scale the             nodes needs to be identified as insider or outsider nodes.
threat by rating them as low, medium and high. Threat                 Outsider nodes are easier to be tackled by violating them
rating will help to identify whether it is advisable to proceed       from the network but insider nodes are more difficult to be
with the proposed route or not and how far our network is             defended as they are the trusted keys holder. They can
secure against all kinds of network attacks? The rating will          harm the network to any extent by exhibiting themselves as
be as follows:                                                        insider or outsider malicious node. Again setting an all new
                                                                      topology for the maximum rated threat is again an overhead
   Low: The route is considered secure with minute routing            on the networks performance.
anomalies which can be ignored.
   Medium: The route is not secured and requires major                6 CONCLUSION
changes in its configuration for successful routing.
   High: The route is fully corrupted and needs to be                 In this paper we discussed the Dolev Yao attacker threat
dropped out.                                                          models being used to evaluate the MANET route discovery
                                                                      process. We have also studied various network layer
We know that attacking capability for an attacker can range           attacks in MANET. Our contribution provides an adaptive
from minimum to maximum. Final security assessment [5]                threat model for MANET security evaluations and also rates
can be done as per the given rules:                                   it as low, medium and high. Instead of claiming protocol
                                                                      security based on attacker assumptions, we adapt the
   Table 4.1: Final risk rating                                       attacker capabilities in order to determine at what point a
                                                                      protocol may fail. We get the answers to the following
                                                                      problems through this review paper:

                                                                         1.    Why threat modeling is required in mobile Ad hoc
                                                                         2.    What kinds of network attacks are possible in route
                                                                      discovery phase of the routing protocols?
                                                                         3.    How nodes are categorized as insider and outsider
                                                                         4.    What traditional approaches are followed for
                                                                      security in routing protocols?
                                                                         5.    How adaptive threat model actually provides
                                                                      solution to routing security problems?
                                                                         6.    In what ways a node having legitimate trust keys
                                                                      can be harmful to the network?
                                                                         7.    What measures can be taken to avoid a malicious
                                                                      node’s goal?
                                                                         8.    How Adaptive threat model can be used to rate
                                                                      various security threats?
International Journal of Scientific & Technology Research Volume 1, Issue 4, May 2012   ISSN 2277-8616

[1] Dolev, D., and A. Yao,‖ On the security of public key
protocols, IEEE Transactions on Information Theory.‖ 29
(1983), 198-208.

[2] John A. Clark, John Murdoch, John A. Mcdermid,‖
Threat modeling for mobile ad hoc and sensor networks,‖
ITA Conference 1569048773

[3] Nanz, S.,‖Specification and Security Analysis of Mobile
Ad-Hoc Networks,‖ PhD. thesis, Imperial College, London,

[4] M.Massey‖ The Attacker in Ubiquitous Computing
Environments,‖ unpublished

[5] Marshall, J., V. Thakur, and A. Yasinsac, Identifying
flaws in the secure routing protocol, Proc. 2003 IEEE
International     Performance,      Computing,       and
Communications Conference. (2003), 167-174.

[6] Rappaport, T.S., Wireless Communications Principles &
Practices. 1999.

[7] Todd R.Andel, Alec Yasinsac,‖Adaptive Threat Modeling
for Secure Ad Hoc Routing Protocols‖, Electronic Notes in
Theoretical Computer Science 197 (2008) 3–14.


Shared By:
About International Journal of Scientific & Technology Research is an open access quality publication of peer reviewed and refereed international journals from diverse fields in sciences, engineering and technologies Open Access that emphasizes new research, development and their applications.