Security Attacks and Detection Techniques for MANET

Discovery, Volume 15, Number 42, April 10, 2014 Security Attacks and Detection Techniques for MANET T. Prasanna Venkatesan PG Scholar Information Technology Anna University Coimbatore, India prasannait91@gmail.com Mobile Ad hoc NETworks (MANET) have the incredible growth in modern years. Mobile ad hoc networks are fast popularity because of availability of low cost mobile devices and its ability to provide instant wireless networking capabilities. MANET is a dynamic network and there is no permanent structure and also no central administration. For these kind of networks, protection is the most essential service to provide protection and prevent malicious attacks occurring in the mobile nodes. The character and configuration of MANET makes it gorgeous to various types of attackers and do some unnecessary activities with the mobile nodes. In this proposed work we are discussed about various types of attacks and in particularly with active attacks which are occurring in the network layer of the Mobile ad hoc networks. Key words Attacks, Detection, MANET, Network layer. out of the radio range means that the communication and the transmission of packets are made by the cooperation of the intermediate mobile nods throughout the entire network. [14].The network topology of the MANET may change rapidly, dynamically and unpredictably based on the own parameters. There are many network actions are performed by the mobile nodes in MANET they are [13] authentication, routing, packet discovery, packet transmission, packet forwarding, network management, discovering topology, delivery of packets. The MANET having the characteristics of open distributed medium, wide distribution of nodes in the network with the changing (dynamic) topology and there is no requirement of centralized monitoring or administration [16]. These characteristics make the MANET vulnerable to attackers. The security is one of the most important issues in the MANET. Many researchers have worked in the field of attacks in MANET [10], [11]. In the next section the various types of attacks in the MANET at the network layer is concentrated. 1. INTRODUCTION 2. MANET ATTACKS In recent days wireless ad hoc network technology emerges as one of the most valuable technology because of its flexible nature [16]. In specific the MANET is a Mobile Ad hoc NETwork with self organizing network of mobile nodes which is well suited for many kind of applications such as military operations and communication, disaster management (relief), mining activities, multimedia data transmission, instance conference between pc users, pollution monitoring, vehicular networks, robust data acquisition and to work in the dangerous situations [13], [14], [15]. Despite of these applications, mobile nodes in the MANET have their own merits such as, small storage requirement, utilization of low bandwidth, low error rate in packet transmission, limited battery power usage, easy and quick deployment, no planning required (created at the time it is needed), no need of infrastructure, no need of central controlling [13]. MANET contains the collection of mobile nodes with each of these nodes having their movement throughout the network. The communication between these mobile nodes is via the wireless links by directly or intermediate nodes and there is no fixed infrastructure because of their mobility. In MANET each node acts as a host as well as router for other nodes in network for transmission of data packets. Each of these nodes in the MANET is equipped with the wireless transmitter and the receiver for the communication and data transmission between the nodes [11]. All of these mobile nodes are free to move in the whole network randomly and create self configuring/monitoring network without any centralized control. The Mobile Ad hoc NETwork is the complex distributed system with dynamic wireless mobile nodes [16]. The mobile nodes within the radio coverage range can communicate directly with each other. If the mobile nodes are In this section it is discussed about various types of passive attacks and active attacks occurring in the network layer as shown in Fig. 1. The security issue in MANET is to protect network layer from the malicious attackers [19]. It is required to protect routing as well as data forwarding operations. First it is detailed about the passive attacks. Udhayakumar K, Prasanna Venkatesan T, Ramkumar R. Security Attacks and Detection Techniques for MANET, Discovery, 2014, 15(42), 89-93, http://www.discovery.org.in/d.htm 2.1 Passive Attacks A passive attack does not disrupt proper operation of the mobile nodes in the network. The attacker snoops the data exchanged in the network without altering it [19]. Fig. 2, shows the example of passive attack, where node 5 monitors/reads the data flow between the source and destination. Fig. 1. Types of attacks. This passive attack may be any of attack that is listed in the Fig. 1, Detection of passive attacks is very difficult since the www.discovery.org.in © 2014 Discovery Publication. All Rights Reserved 89 ABSTRACT R. Ramkumar PG Scholar Software Engineering Anna University Coimbatore, India kkrram88@gmail.com Page K. Udhayakumar PG Scholar Mainframe Technology Anna University Coimbatore, India apceudhay@gmail.com Discovery, Volume 15, Number 42, April 10, 2014 operation of network itself does not get affected. One technique of avoiding such problems is to use powerful encryption mechanisms. Fig 1 demonstrates different types of attacks in MANET. files or system information. Wiretapping is a form of snooping in which a network is monitored [17]. 2.1.3 Masquerading or Spoofing Masquerading or spoofing, is an impersonation of one entity by another, is a type of together deception and usurpation. It attracts a sufferer into believing that the entity with which it is communicating is a different entity [17]. 2.1.4 Modification or Alteration Modification or alteration is an unauthorized change of information. The goal may be deception, in which some entity relies on the modified data to determine which action to take, or in which wrong information is acknowledged as correct and is released [17]. Fig. 2. Passive attacks 2.2 2.1.1 Eavesdropping Eavesdropping is the intercepting and reading of messages and conversations by unintended receivers [10]. A message sent by a node can be heard by every device equipped with a transceiver within the radio range, and if no encryption is used then the attacker can get useful information [19]. The main aim of such attacks is to obtain the confidential information that should be kept secret during the communication [18]. 2.1.2 Snooping Snooping, the unauthorized interception of information is a form of disclosure. It is suggesting simply that some entity is listening to (or reading) communications or browsing through Active Attacks Active attacks are very severe attacks on the network that prevent message flow between the nodes. In active attacks, intruders launch intrusive activities such as modifying, injecting, forging, fabricating or dropping data of packets, resulting in various disruptions to the existing network [18], [19]. It can bring down the entire network or degrade performance significantly. The Fig. 1, shows the active attacks in the network layer of MANET [1] - [9], [12]. In line to this many researchers had concentrated in this network layer attacks which is shown in Table I. The recent development and detection mechanism of blackhole, wormhole, and rushing attacks are briefed in the following subsequent sections of this paper. Table 1.Network layer attacks and detection mechanisms X.Y. Zhang et al and P. Yi et al C. Wei el al Blackhole attack type Routing protocol (area) No forwarding of AODV, packets DSR, SAR Grayhole Attack Selectively packet S.Capkun et al Wormhole attack Man in the middle attack drops P.Papadim Rushing attack itratos and Z.J.Haas Duplicate suppression operation Aad et al Delaying the data packet transmission Creates routing loop Bing et al Jellyfish attack Wu Byzantine attack J. Sen et al Packet dropping attack Hoang Lan Neighbor Nguyen et attack al[11] Dropping packets Disrupted route Udhayakumar K, Prasanna Venkatesan T, Ramkumar R. Security Attacks and Detection Techniques for MANET, Discovery, 2014, 15(42), 89-93, http://www.discovery.org.in/d.htm of of Description of attack Malicious node receives RREQ & send forged (fake) RREP with high sequence no(fresh route) AODV Drops packets based on certain conditions or by triggering AODV Two geographically estranged adversaries create subway it can drop Route Quickly forwarding discovery counterfeit route path and counterfeit discovery of route Routing It receives the packet but does not unexpectedly transmit the packets Routing Routing of packets on non best possible routes or forming the loop DSR, AODV Selfish nodes or compromised nodes drops all packets that they receive Route Showing two nodes are discovery neighbors but actually those are not neighbor; from different networks Detection Mechanism 1.SAR 2.DPRAODV 3.CORE DCA-update key management SECTOR mechanism SMT-secure end to end data forwarding SCAN-secure packet delivary Secure routing algorithm PDA: Point Algorithm Detection SAR: secure aware routing www.discovery.org.in © 2014 Discovery Publication. All Rights Reserved 90 Name of the Attack attack (function) Page Author name Discovery, Volume 15, Number 42, April 10, 2014 DDOS attack Authentication security Attacker try to prevent CONFIDENT: cooperation of genuine & authorized user nodes Resource depletion Replicates the Routing actual packets Sinkhole attack Disturbing communication It confuses the routing SMT: secure message process by producing the transmission replica packets It declare itself as shortest SAR: secure aware routing path to destination ,change data 2.2.1 Blackhole Attack: 2.2.2 Wormhole Attack: MANET uses a reactive routing protocol such as Ad hoc On demand Distance Vector (AODV), Dynamic Source Routing (DSR), and Secure Aware routing (SAR) for the routing of the data packets. When the AODV routing protocol is used to discover the routes it works based on two types packets [18] such as Route REQest (RREQ) packet and Route REPly (RREP) packet. The source node sends the RREQ packets to all other nodes to find the shortest route between the source and the destination in the network. The malicious node receives the RREQ packet and claim that it is having the shortest route or optimum path to the node it wanted to actually transmit (destination). The malicious node sends the response by using the RREP packet that is having the shortest (fresh) route for the destination from the source [19]. It is the fake RREP with extremely short route. The colluding nodes creates an illusion [8] that two geographically separated (remote) nodes are directly connected and appears that the nodes as neighbors. But actually they are distinct from each other. The aim of the wormhole attack is to create the man in the middle attack and dropping the packets. Fig. 4. Fig. 3. Blackhole Attack Upon sending the fake RREP packet to the source node, the malicious node can able to place itself in the communicating network. It means that the transmitting packets are should be passed only by this malicious node only [4]. After sending the RREP packet, the malicious node receives the data packets from the source and does not forwards to the neighbor nodes or simply drops the packets that they received without sending to the destination node as shown in the Fig. 3.The Fig. 3, shows that the source node S sends the RREQ packet to all other nodes [0, 1, 2, 3, 4, 5, 6, 7] in network to find the shortest route to the destination for the data packet transmission. Then the malicious node 2 sends the fake RREP with the shortest route [S, 5, 2, D]. And the other actual routes for reaching the destination are [S, 5, 1, D], [S, 3, 4, D] and [S, 1, 0, 6]. Whenever the source node receives the RREP by node 2 it concludes that this is the shortest valid route sends the packet to this route. Then the node 2 does not forward to the nodes or simply drops the packets that they receive. Udhayakumar K, Prasanna Venkatesan T, Ramkumar R. Security Attacks and Detection Techniques for MANET, Discovery, 2014, 15(42), 89-93, http://www.discovery.org.in/d.htm Wormhole Attack. The malicious node receives data packets at one node and tunnels them to another malicious node as shown in the Fig. 4, this tunnel is called as wormhole. It makes the node as attractive and so that more packets are routed through these nodes. This type of attack prevents the discovery of any actual routes. In the Fig. 4, the malicious node(x, y) connects two distinct points in the space via the shortcut (A, B) route. It will disrupt the routing by short circuiting the network. This wormhole link becomes the lowest cost of path to the destination. Therefore these nodes are included for the transmission to the destination. 2.2.3 Rushing Attack In AODV routing protocol, when source nodes flood the network with route discovery packets (RREQ, RREP) in order to find routes to the destinations, every in-between node process only the first non replica packet and throw-outs any replica packets that arrive at a later time. A rushing attacker utilize this replica repression mechanism by quickly forwarding route discovery packets with a malicious RREP on behalf of some other node skipping any proper processing in order to gain access to the forwarding group [11]. In rushing attack, an intruder will “rush” (transmit early) the RREQ packet to suppress any later legitimate RREQs as shown in the Fig. 5. The source node S broadcasts a RREQ for node 3 and node 2. Now, on hearing the RREQ, the malicious node 3 www.discovery.org.in © 2014 Discovery Publication. All Rights Reserved 91 Routing Page S. Buchegger [12] [7] P. Papadimitr atos et D. Sheela et al Discovery, Volume 15, Number 42, April 10, 2014 rushes the RREQ to suppress the later legitimate RREQ. The rushing may in the following ways [19]. Malicious node 3 ignores the request forwarding delay (this is a randomized delay used by the routing protocol to avoid collision of broadcast packets). by altering the security metric to a higher or lower level cannot cause serious damage because the legitimate intermediate or destination node is supposed to drop the packet, and the invader is not capable to decrypt the packet. SAR offers a collection of cryptographic system, that includes the mechanisms similar to digital signature and encryption, which can be integrated on a need-to-use basis to prevent modification. Another mechanism for the black hole detection scheme [4] based on sequence number checking of the RREP packets. Here it is considered a scenario where an intermediate node is an attacker and suggested that, whenever a node propels a RREP backside to a source node, the midway node should also produce a request for a sequence number to the destination node. The intention node reacts by sending a packet enclosed with its sequence number to the source node. The source node then checks the originality of the route by comparing the sequence number of the RREP received from the intermediary node with the sequence number reply packet from the destination node. 3.2 Mechanisms for grayhole Attacks Fig. 5. Rushing Attack. Malicious node 3 rushes the RREQ with a higher source sequence number. This rushed RREQ from Malicious node 3 arrives first at node 6, and therefore node 6 will discard the legitimate RREQ from node 1 when it arrives later via 1, as shown in Fig. 5. Due to duplicate suppression, the actual valid RREP message from valid node will be discarded and consequently the attacking node becomes part of the route. In rushing attack, attacker node, send packets to proper node after its own filtering is done, so from outside the network, the nodes behaves normally and nothing was happened. But it might increase the delay in packet delivering to destination node [20].In this section it is briefly detailed about the active attacks on the network layer with the examples. These researches on attack are concluded that the attacks degrade the performance of the network as fit as data packet transmission. In the next section it is discussed about development of the detection mechanism by various researchers to defend against the attacks. For the greyhole detection scheme the DSR routing protocol is used. This requires each node to produce evidence on forwarding packets using an aggregated autograph algorithm. Then a checkup mechanism detects whether packets have been fallen or not. Finally, a source node uses a analytical algorithm to trace the malicious node. The slight modification of this scheme [2] is Distributed Certificate Authority (DCA) to update key organization information, smooth the progress of the detection process that uses the aggregate signature algorithm. Another mechanism for greyhole detection in AODV is requires all nodes to maintain their neighbor’s data advancing information. After a convinced time, each node checks any neighbor with whom it has not converse recently, and commence the detection practice for that node. The originator act upon a confined detection by checking the number of Request To Send (RTS) and Clear To Send (CTS) messages. If this node is found to be suspicious then it asks other neighbors of the suspected node to check and finally it makes a decision about the suspected node. 3.1 Mechanisms for blackhole Attacks The security-aware ad hoc routing protocol (SAR) can be used to defend against blackhole attack. The most of the secure routing protocols are based on on-demand protocols, such as AODV or DSR [4]. In SAR, a security metric is added into the RREQ packet, and a diverse route detection method is used. In-between nodes of the transmission receive an RREQ packet with a particular security metric or belief level. At intermediary nodes, if the security metric or belief level is pleased, the node will route the RREQ packet, and it will spread to its neighbors using controlled flooding. Otherwise, the RREQ is dropped. To implement SAR [5], it is necessary to bind the identity of a user with an associated trust level. To prevent distinctiveness thievery, stronger access control method such as authentication and authorization are required. In SAR, a malicious node that interrupts the flow of packets Udhayakumar K, Prasanna Venkatesan T, Ramkumar R. Security Attacks and Detection Techniques for MANET, Discovery, 2014, 15(42), 89-93, http://www.discovery.org.in/d.htm The major requirement in MANET is the security. So, it is essential to design a security mechanism by which it can minimize or completely remove many of those attacks. It is evident that different security mechanisms are introduced in order to prevent such network. Hence this paper addressed the different network layer attacks and detection mechanism to those attacks in MANET. In line to this, in order to provide secure communication and transmission, many researchers worked specifically on the security issues in MANETs. However, history shows that attackers often find new ways to attack and cause damage to computer systems and networks. Therefore, it is considered that enabling a protection mechanism to learn from experience and to use the existing knowledge of attacks to infer and to detect new intrusive activities in MANET is important criteria in network security. An exclusive research has to be concentrated on development and deployment of network security policies and to invent security techniques, which will be established along with direction-finding protocols in the networks with a dynamic environment such as in MANETs. Therefore the protection mechanisms need to be robust enough to protect themselves and not introduce new vulnerabilities into the system. www.discovery.org.in © 2014 Discovery Publication. All Rights Reserved Page Many researchers had developed the detection mechanism for different type of attacks in MANET specifically occurring in the network layer. In line to this development, in this section detection mechanism for blackhole and grayhole attacks are briefly discussed. 92 4. CONCLUSION 3. DETECTION MECHANISMS Discovery, Volume 15, Number 42, April 10, 2014 Udhayakumar K, Prasanna Venkatesan T, Ramkumar R. Security Attacks and Detection Techniques for MANET, Discovery, 2014, 15(42), 89-93, http://www.discovery.org.in/d.htm 93 [1] P. Papadimitratos and Z.J. Haas, “Secure Message Transmission in MANET”, Elsevier Journal of Ad Hoc Networks, 2003. [2] C. Wei, L. Xiang, B. Yuebin and G.Xiopeng, “A New Solution for Resisting Grey Hole Attack in Mobile Ad Hoc Networks”, Proc. IEEE Conf. on Communication and Networking, 2007. [3] J. Sen, M. Chandra, P. Balamurlidhar, S.G. Harihara and H.Reddy, “A Distributed Protocol for Detection of Packet Dropping Attack in Mobile Ad hoc Networks”, Proc. IEEE Conference on Telecommunication, 2007. [4] X. Y. Zhang, Y. Sekiya and Y. Wakahara, “Proposal of a Method to Detect Black Hole Attack in MANETs”, Proc. IEEE International Symposium on Autonomous Decentralized System ISADS, 2009. [5] S. Yi, P. Naldurg, and R. Kravets, “Security-Aware Adhoc Routing for Wireless Networks”, UIUC, 2002. [6] S. Capkun, L. Buttyan, and J. Hubaux, “Sector: Secure Tracking of Node Encounters in Multi-hop Wireless Networks”, Proc. of the ACM Workshop on Security of Ad Hoc and Sensor Networks, 2003. [7] I. Aad, J.P. Hubaux and E.W. Knightly, “Denial of service resilience in ad hoc networks”, Proceedings of ACM MobiCom, Philadelphia, PA, USA 2004. [8] E. A. Panaousis, L. Nazaryan and C. Politis, “Securing AODV Against Wormhole Attacks in Emergency MANET Multimedia Communications”, Sep. 7-9, 2009, London, UK. [9] O. F. Gonzalez, G. Ansa, M. Howarth and G. Pavlou, “Detection and Accusation of Packet Forwarding Misbehavior in Mobile Ad-Hoc networks”, Journal of Int. Engg, 2:1, 2008. [10] B. Wu, J. Chen and M. Cardei, “A survey on attacks, countermeasures in MANET”, Springer, 2006. [11] H. L. Nguyen and U. T. Nguyen, “A study of different types of attacks on multicast in MANET”, Elsevier, Ad Hoc Networks, 2008. [12] S. Buchegger and J. L. Boudec, “Performance Analysis of the CONFI-DANT Protocol”, Proc. of ACM Int. Sym. on MANET and Computing, 2002. [13] Y. Yoo And D. P. Agrawal, “Why Does It Pay To Be Selfish In A Manet”, IEEE Wireless Communications, Dec. 2006. [14] V. V. Ramana, A. R. M. Reddy, and K. C. Sekaran, “Bio Inspired Approach to Secure Routing in MANETs”, Int. Journal of Artificial Intelligence & Applications, Jul. 2012. [15] Q. Guan, F. R. Yu, S. Jiang, and H. Mehrvar, “Topology Control In MANET With Cooperative Communications”, IEEE Wireless Commn., 2012. [16] E. M. Shakshuki, N. Kang, and T. R. Sheltami, “EAACK - A Secure IDS for MANETs”, IEEE Trans. on Industrial Electronics, 2013. [17] M. Bishop, “Computer Security: Art and Science”, Addison Wesley, Nov. 2002. [18] Gagandeep, Aashima and P. Kumar, “Analysis of Different Security Attacks in MANETs on Protocol Stack A-Review”, International Journal of Engineering and Advanced Technology, 2012. [19] A. Nadeem and M.P. Howarth, “A Survey of MANET Intrusion Detection & Prevention Approaches for Network Layer Attacks”,IEEE Communications Surveys & Tutorials, 2013. [20] Bhattacharyya, A. Banerjee and D. Bose, “Different types of attacks in Mobile ADHOC Network: Prevention and mitigation techniques”, Institute of Engineering & Management, Saltlake. Page 5. REFERENCES www.discovery.org.in © 2014 Discovery Publication. All Rights Reserved