Security in Mobile Ad Hoc Networks (MANETs) Group : ►NS. Farid Zafar Sheikh ►NS. Muhammad Zulkifl Khalid ►NS. Muhammad Ali Akbar ►NS. Wasif Mehmood Awan

Security in Mobile Ad Hoc Security in Mobile Ad Hoc Networks Networks

(MANETs)(MANETs)

Group :►NS. Farid Zafar Sheikh

►NS. Muhammad Zulkifl Khalid

►NS. Muhammad Ali Akbar

►NS. Wasif Mehmood Awan

Department Of Electrical Engg. College Of E&ME (NUST) ,Rwp.

INTRODUCTIONINTRODUCTION

MMobile obile AAdhoc dhoc NETNETwork (MANETs)work (MANETs) AAdhoc dhoc OOn-demand n-demand DDistance istance VVector ector

(AODV)(AODV) Security Threats to existing protocolsSecurity Threats to existing protocols SSecure – ecure – AODVAODV (SAODV) (SAODV) Security analysis Security analysis ConclusionConclusion

MANETsMANETs

One of the most prevalent areas of One of the most prevalent areas of research in the recent years research in the recent years

Communication via wireless means Communication via wireless means without need of infrastructurewithout need of infrastructure

Nodes can perform the roles of both Nodes can perform the roles of both hosts and routers hosts and routers

No centralized controller and No centralized controller and infrastructureinfrastructure

Dynamic network topologyDynamic network topology

Advantages Of MANETsAdvantages Of MANETs

Can access information and services Can access information and services regardless of geographic positionregardless of geographic position

Can set up computer networks at any Can set up computer networks at any place and time place and time

No need of dedicated infrastructure, No need of dedicated infrastructure, hence cost-effective.hence cost-effective.

Can cope with Dynamic Topologies.Can cope with Dynamic Topologies. With improved algorithms, becoming With improved algorithms, becoming

more scalable.more scalable.

Disadvantages Of MANETsDisadvantages Of MANETs

Limited resourcesLimited resources Limited physical securityLimited physical security Limited Bandwidth, high error rateLimited Bandwidth, high error rate Mutual trust vulnerable to attacksMutual trust vulnerable to attacks Security protocols for wired networks Security protocols for wired networks

cannot work well for ad hoc networkscannot work well for ad hoc networks

MANETsMANETs

Classification based on routing table Classification based on routing table maintenance.maintenance.Table Driven : Also called Proactive Table Driven : Also called Proactive

routing protocols. Maintain routes with routing protocols. Maintain routes with every host at all time.every host at all time.

On-Demand : Also called Reactive On-Demand : Also called Reactive routing protocols. Create routes to routing protocols. Create routes to remote hosts on-demand.remote hosts on-demand.

MANETsMANETs Available ad hoc routing protocolsAvailable ad hoc routing protocols

Proactive (table driven) approachesProactive (table driven) approaches DSDV (Destination Sequenced Distance DSDV (Destination Sequenced Distance

Vector)Vector) OLSR (Optimized Link State Routing)OLSR (Optimized Link State Routing)

Reactive (on demand) approachesReactive (on demand) approaches DSRDSR (Dynamic Source Routing) (Dynamic Source Routing) AODVAODV (Ad-hoc On-demand Distance Vector) (Ad-hoc On-demand Distance Vector)

Ad hoc On-demand Distance Ad hoc On-demand Distance Vector (AODV)Vector (AODV)

Uses routing tables, with one route Uses routing tables, with one route entry per destination entry per destination Each entry stores next hop towards Each entry stores next hop towards

destinationdestination

AODVAODVRoute Discovery ProcessRoute Discovery Process

Broadcasting route request (RREQ) packets Broadcasting route request (RREQ) packets Each RREQ is uniquely identified by the Each RREQ is uniquely identified by the

sender address, destination address and sender address, destination address and request idrequest id

If the node is either the destination node or If the node is either the destination node or has a route to the destination nodehas a route to the destination node Returns a route reply (RREP) containing the Returns a route reply (RREP) containing the

route, to senderroute, to sender

AODV AODV Route Discovery ProcessRoute Discovery Process

5

1

4

2

3

6

7

8

Source

Destination

Propagation of a Route Request (RREQ) Packet


5

1

4

2

3

6

7

8

Source

Destination

Path Taken By the Route Reply (RREP) Packet


Maintaining “fresh-enough” routesMaintaining “fresh-enough” routesUses sequence numbers Uses sequence numbers Node compares the destination Node compares the destination

sequence number of the RREQ with that sequence number of the RREQ with that of its route table entryof its route table entry

Either responds with its own route if Either responds with its own route if entry is fresh, or rebroadcasts the RREQ entry is fresh, or rebroadcasts the RREQ to its neighborsto its neighbors


Loop preventionLoop preventionBefore forwarding route request, check Before forwarding route request, check

broadcast_id of RREQbroadcast_id of RREQDropped those that were already Dropped those that were already

processedprocessedRouting table consists of ‘precursor’ & Routing table consists of ‘precursor’ &

‘outgoing’ lists‘outgoing’ lists Precursor list of nodes that use node for Precursor list of nodes that use node for

forwarding packetsforwarding packets Outgoing list of nodes which act asOutgoing list of nodes which act as ‘next ‘next

hops’ in a routehops’ in a route

AODVAODVRoute MaintenanceRoute Maintenance

A routing table entry is “expired” if it is not A routing table entry is “expired” if it is not used recently.used recently.

A set of predecessor nodes is maintained A set of predecessor nodes is maintained per routing table entryper routing table entry

These nodes are notified with a RERR if These nodes are notified with a RERR if entry expiresentry expires

If a link break occurs while the route is If a link break occurs while the route is active, the node upstream of the break active, the node upstream of the break propagates a RERR message to the source propagates a RERR message to the source nodenode

Attacks Possible On Attacks Possible On Existing ProtocolsExisting Protocols

Attacks using modification Attacks using modification Attacks using impersonation Attacks using impersonation Other forms of attacks Other forms of attacks

Attacks Using ModificationAttacks Using Modification

Cause redirection of network traffic Cause redirection of network traffic and Denial of Service (DoS) attacks and Denial of Service (DoS) attacks by by Altering the protocol fields in routing Altering the protocol fields in routing

messages messages Injecting routing messages into the Injecting routing messages into the

network with falsified values in these network with falsified values in these fields. fields.

Sn = 99

Sn = 10Sn = 99

Redirection with modified route sequence numbers

A B X

M

Source Destination

RREQARREQB

RREQB

Attacks using ModificationAttacks using Modification

Source Destination

Hop count = 0

Hop count = 0

Hop count = 2

Redirection with modified hop counts

A B X

M

Source Destination

RREQA RREQB

RREQB


A

M D

C XSource Destination

<M,C,D,X> <M,C,X>

Denial of service with modified source routes

RERR

RERR


Attacks Using ImpersonationAttacks Using Impersonation

By impersonating another node By impersonating another node (spoofing), a malicious node can (spoofing), a malicious node can launch many attacks in a network launch many attacks in a network

Traffic belonging to impersonated Traffic belonging to impersonated node redirected to malicious node node redirected to malicious node (eavesdropping). (eavesdropping).

Spoofing is readily combined with Spoofing is readily combined with modification attacks to create loops modification attacks to create loops in routesin routes


Malicious nodes don’t need to Malicious nodes don’t need to impersonate a single node of impersonate a single node of networknetwork

It can take up identity of multiple It can take up identity of multiple nodes of a network (Sybil Attack)nodes of a network (Sybil Attack)

Data belonging to multiple nodes can Data belonging to multiple nodes can be compromisedbe compromised


By generating false RERR messagesBy generating false RERR messages Routes passing through targeted Routes passing through targeted

node would be disruptednode would be disrupted

I am C!!I am C!!

A

B D

C XSource Destination

MRERR: D is broken

RERR: D is broken

Routing entries for X

Routing entries for X

Falsifying route error messages in AODV and DSR

Attacks using ImpersonationAttacks using Impersonation

Other Forms of AttacksOther Forms of Attacks

Wormhole attackWormhole attack Two attacker nodes A and BTwo attacker nodes A and B linkedlinked via a via a

private network connectionprivate network connection AA forwards every packet received forwards every packet received

through the wormhole to Bthrough the wormhole to B for for broadcasting, and converselybroadcasting, and conversely

Potentially disrupts routing by short Potentially disrupts routing by short circuiting the normal flow of routing circuiting the normal flow of routing packetspackets

SAODVSAODV

An extension of the AODV routing An extension of the AODV routing protocol protocol

Providing security features like integrity Providing security features like integrity and authentication.and authentication.

Each node has a signature key pair from a Each node has a signature key pair from a suitable asymmetric cryptosystem suitable asymmetric cryptosystem (OpenSSL)(OpenSSL)

Each node is capable of securely verifying Each node is capable of securely verifying the association between the address of a the association between the address of a given ad hoc node and the public key of given ad hoc node and the public key of that nodethat node

SAODVSAODVDigital SignaturesDigital Signatures

Used to protect the integrity of the non Used to protect the integrity of the non mutable data in RREQ and RREP messagesmutable data in RREQ and RREP messages

Sign everything but the Hop Count Sign everything but the Hop Count (mutable) of the AODV message and the (mutable) of the AODV message and the Hash from the SAODV extensionHash from the SAODV extension

When a node receives a routing message, When a node receives a routing message, it will verify the signature before any other it will verify the signature before any other actionaction

SAODVSAODVHash ChainsHash Chains

Used to authenticate the hop count Used to authenticate the hop count of RREQ and RREP messages of RREQ and RREP messages

Ensures that the hop count has not Ensures that the hop count has not been altered by an attackerbeen altered by an attacker

Is formed by applying a one-way Is formed by applying a one-way hash function repeatedly to a seed hash function repeatedly to a seed


Calculating Top hashCalculating Top hash Generates a random number as the “seed”Generates a random number as the “seed” Set the Max_Hop_Count field in the message to Set the Max_Hop_Count field in the message to

the TTL value of the packet.the TTL value of the packet. Determine the Hash function and use it to Determine the Hash function and use it to

calculate the Top Hash which is obtained by calculate the Top Hash which is obtained by hashing the seed Max_Hop_Count times. hashing the seed Max_Hop_Count times.

Top Hash = hTop Hash = hMax Hop CountMax Hop Count (seed) (seed)Where:Where: – – h is a hash function.h is a hash function.

All this information is stored in the messageAll this information is stored in the message

RREQ / RREP ExtensionRREQ / RREP Extension


Verification of hop CountVerification of hop Count When a node receives a RREQ or a RREP messageWhen a node receives a RREQ or a RREP message

Applies the hash function Maximum Hop Count minus Applies the hash function Maximum Hop Count minus Hop Count times to the value in the Hash field,Hop Count times to the value in the Hash field,

Top Hash = hTop Hash = hMax Hop Count – Hop_CountMax Hop Count – Hop_Count (seed) (seed) Verifies that the resultant value is equal to the value Verifies that the resultant value is equal to the value

contained in the Top Hash field.contained in the Top Hash field. If it is a valid message,If it is a valid message,

The node applies the hash function to the Hash value The node applies the hash function to the Hash value before forwarding itbefore forwarding it

All the fields mentioned above except the Hash All the fields mentioned above except the Hash field are protected by digital signatures in order field are protected by digital signatures in order to protect their integrityto protect their integrity

SAODVSAODVRoute ErrorsRoute Errors

RERR corruption may cause route RERR corruption may cause route destructiondestruction

Every node uses digital signatures to Every node uses digital signatures to sign the whole message sign the whole message

Any neighbour that receives it Any neighbour that receives it verifies the signatureverifies the signature

Destination Sequence no. never Destination Sequence no. never updated from RERRupdated from RERR

SAODVSAODVSecurity AnalysisSecurity Analysis

The digital signature serves as proof The digital signature serves as proof of validity of the information of validity of the information contained in the routing message contained in the routing message

Thus, formation of loops by malicious Thus, formation of loops by malicious nodes through spoofing is prevented nodes through spoofing is prevented Able to detect that the malicious nodes Able to detect that the malicious nodes

are sending out false messages. are sending out false messages.


A node attempting to transmit false A node attempting to transmit false RERR messages will not succeedRERR messages will not succeedDigital signature will reveal that it is not Digital signature will reveal that it is not

on the route and hence is not supposed on the route and hence is not supposed to send a RERR.to send a RERR.

Sequence number in the RREQs and Sequence number in the RREQs and RREPs also protected by the digital RREPs also protected by the digital signature. signature. Any modifications to the sequence Any modifications to the sequence

number will invalidate the messagenumber will invalidate the message


The hop authentication implemented The hop authentication implemented using hash chains counters the using hash chains counters the ability of a malicious node for ability of a malicious node for mounting an attack by modifying the mounting an attack by modifying the hop counthop count


SAODV is able to handle all attacks SAODV is able to handle all attacks using either modification or using either modification or impersonation impersonation

However, it is unable to cope with However, it is unable to cope with wormhole attacks.wormhole attacks.

SAODVSAODVKey Management & DistributionKey Management & Distribution

One approach can be that nodes are One approach can be that nodes are assigned keys on boot-up by a assigned keys on boot-up by a central authoritycentral authority

Assumption is that:Assumption is that:key distribution is already donekey distribution is already doneEvery node has list of shared keys of Every node has list of shared keys of

networknetwork

ConclusionConclusion MANET’s are among the fastest evolving network designsMANET’s are among the fastest evolving network designs No need for infrastructure, hence installation costs are No need for infrastructure, hence installation costs are

minimum.minimum. Provided limited bandwidth and security threats are a BIG Provided limited bandwidth and security threats are a BIG

issue.issue. Security needs greater than for fixed topology networks Security needs greater than for fixed topology networks

due to ad hoc nature.due to ad hoc nature. Security features can be incorporated using various Security features can be incorporated using various

cryptographic schemescryptographic schemes Security increases packet overhead, further reducing Security increases packet overhead, further reducing

bandwidth.bandwidth. No protocol yet designed which exhibits complete security No protocol yet designed which exhibits complete security

features.features. Hence, secure routing on Mobile Adhoc Networks still in an Hence, secure routing on Mobile Adhoc Networks still in an

evolutionary phase. evolutionary phase.

We thank you for your patience!We thank you for your patience!

open for questions , if any…open for questions , if any…

Documents

Security in Mobile Ad Hoc Networks (MANETs) Group : ►NS. Farid Zafar Sheikh ►NS. Muhammad Zulkifl Khalid ►NS. Muhammad Ali Akbar ►NS. Wasif Mehmood Awan