Download pdf - Routing Protocols Security in Ah Hoc Networks

8/12/2019 Routing Protocols Security in Ah Hoc Networks

1/10

Routing Protocols Security in Ah Hoc Networks

Ebrahim Mohammed

Louis Dargin

Oakland University School of Computer Science and Engineering

CSE 681 Information Security

[email protected]

[email protected]

Abstract

Mobile Ad hoc networks, also known as MANETs, are a new and useful innovation inthe field of mobile wireless communication. Due to the various applications that have

been and can be developed under this technology including ocean and wildlife

monitoring, manufacturing machinery performance monitoring, building safety andearthquake monitoring, and many military applications, MANETs have been attracting

many researchers. Unlike other types of networks, MANETs are usually deployed

without a centralized control unit; the devices participating in a MANET rely on other

units to route information to their destinations. This, along with the fact that MANETnodes are often constrained in power, makes MANETs vulnerable to various malicious

attacks and applying the routing techniques that work with wired networks is infeasible

here. In this research project we will analyze the routing protocols and security attacks insuch networks. We will survey MANET routing protocols and security schema. Finally,

we will propose new features to secure Ad hoc on demand Distance Vector routing

protocol (AODV) against Denial of Service (DOS) attacks, and to detect malicious nodes,

including black and gray holes attacks.

Keywords:ad hoc network, black hole, routing protocols, security, AODV

Introduction:

A mobile ad-hoc network (MANET) consists of wireless devices, commonly called

"nodes," that communicate with each other without a central access point. Essentially,

each MANET node is a router. They are typically used to quickly set up a network wherea wired infrastructure does not exist. Also, through the use other nodes that lie along the

path, MANETS allow for nodes to communicate with out-of-range destinations. We willrefer to those in-between nodes as "Intermediate Nodes." A common routing protocol(the set of rules defining how routing nodes determine the path that packets follow to

reach their destination) is used to route communications through intermediate nodes. In

this research paper, we will discuss the types of MANET routing protocols available, andthe types of attacks that are possible against them. MANET security should be defined in

every layer of the network, in this paper we will focus on the network layer.

1
mailto:[email protected]:[email protected]:[email protected]:[email protected]


2/10

The nodes in ad hoc networks functions as routers that discover and maintain routes to

other nodes in the network. The primary goal of a MANET routing protocol is toestablish a correct and efficient route between a pair of nodes so that messages may be

delivered in a timely manner. If routing can be misdirected, the entire network can be

paralyzed. Thus, routing security plays an important role in the security of the whole

network. The nature of MANET networks presents a unique set of problems. Thevulnerabilities include:

Broadcasting wireless channels allow malicious nodes to gain access to the network

and then eavesdropping and injection messages easily

Nodes are also routers, so MANETs are dynamic change network topology.

Computing resources in MANET nodes are quite limited. Attacks can be design to

disable nodes by drawing them to exceed their bandwidth, processing power, RAMstorage, or battery life limitations. Examples of this are routing table overflow and energy

consummation.

Unattended wireless nodes can be easily stolen. An attacker can use a stolen node todevelop a malicious decoy, and plant it near the original nodes. This can lead to

impersonation and information disclosureWireless MANET nodes are inherently vulnerable to insider attacks.

The rest of the paper is organized as follow. In section 2, we introduce types of routing

protocols for MANETs. Next, in section 3, we present security challenges and types ofattacks. Then, in section4, we introduce the current mechanism to prevent such attacks.

After that, in section 5, we describe the way AODV (Ad hoc on demand Distance Vector)

protocol works, and we propose a solution to detect malicious nodes like black and grayhole nodes, prevent against external attack to like Dos, and a detection of member

malicious nodes. Finally, in section 6, we discuss the future work for this research.

2-Types of routing protocols in MANETs

Routing is the most important aspect in ad hoc network since ad hoc network topology

frequently changes and multi-hop communication is required. Several routing protocols

have been developed, and most of them are designed without security in mind. They

generally they can be classified into three types: Proactive (Table Driven), Reactive (ondemand routing), and Hybrid.

Proactive protocols:Every node in the topology maintains the routing information in atable format; they are also called table driven protocols. The routing table holds a

complete set of destination address and the list of intermediate nodes needed to reach

each destination. The routing tables are updated whenever the network topology changes(i.e. existing nodes are moved or dropped, or new nodes are introduced). Such changes

are announced to every other node. This ensures that each sender knows the route in

advance of packet transmissions. Unfortunately, this is one of the disadvantages of thiscategory of protocols; if a malicious node has the routing information before packet data

transmission takes place; it will be able to change routes, drop packets, etc. Another

problem is that rapid changes in network topology might overwhelm the network with

2


3/10

control messages (messages for updating the routing table at every node) and the excess

messaging overhead will compromise the throughput of actual data transmissions.Examples of proactive protocols are DV (Distance Vector) protocol, DSDV (Destination

Sequenced Distance Vector) protocol, WRP (Wireless Routing Protocol), and FSR

(Fisheye State Routing) protocol [5]. They are called table-driven protocols since the

routing table will be updated for each change in link states in a network and routes arediscovered using information stored in routing tables.

Reactive protocols:They differ from the proactive protocols in that the node will onlydiscovers a route when it is desired by the source node. When a node wants to send

information to another node in a network, a source node will initiates a route-discovery

process. Once a route is discovered, it is maintained in the temporary cache at a sourcenode unless it is expired or unless some event happens (e.g., a link failure) that requires

another route discovery to start over again. One advantage of Reactive protocols is that

they require less storage for routing information compared to proactive protocols,because there is no need to obtain and maintain the routing information for every node in

a network. Another advantage is that intermediate nodes do not have to make routingdecisions. An obvious disadvantage in reactive protocols is the delay due to route

discovery; this is called the "route acquisition delay." Furthermore, since routediscoveries require global broadcasts, if routing information changes frequently, which is

common in MANETs, and if route discoveries are needed for those changed routes, they

may generate a large volume of messaging overhead. Currently popular reactiveprotocols include DSR (Dynamic Source Routing), AODV (Ad hoc On Demand Distance

Vector), and ABR (Associativity Based Routing) [1].

Hybrid (combination of proactive and reactive) Protocols:Because of the

disadvantages of the previous protocols such as initial delay due to route discovery andhigh control overhead in reactive protocols, a pure reactive protocol may not be the best

solution for routing in MANETs. On the other hand, a pure proactive protocol used for a

large network may not be possible to deploy because of the need to keep a large routingtable at all times. A protocol that uses the best features of both reactive and proactive

protocol may be a better solution. An example for such an approach is the ZRP (Zone

Routing Protocol), Centralized Ad hoc Network Architecture (CANA).

3- Types of Attacks on MANETs:

We mentioned earlier that the nature of MANETs make them vulnerable to attacks that

are not feasible in wired networks. Attacks on MANETs can be classified into PassiveAttack and Active attacks. Passive attacks do not disrupt the operation of the protocol,

but try to discover information by listening to traffic or sniffing on packet transmission.

On the other hand, active attacks try to disrupt the protocol operation, inject arbitrarypackets, and gain authentication. In this research we will introduce a classification on the

active attacks on MANETs [8].

Classification of the Active attacks

3


4/10

Attacks based on modification: One very simple way for a node to disturb the protocol

operation is to announce that it has a better route than the existing one. This can beachieved by modifying metric values for a route or by altering control message fields.

There are 3 ways in which this can be done:

Redirection by Changing the Route Sequence Number:network nodes rely on metrics likehop count; smaller values help indicate the best path to take through network. Hence, a

simple way to attack a network is to report a smaller number than the last best value.Redirection by Altering Hop Count:This attack is more specific to the AODV protocolwherein the optimum path is chosen by the hop count metric. A malicious node can

disturb the network by announcing the smallest hop count value to reach the

compromised node. In general, an attacker would use a value of zero to ensure thesmallest hop count.Denial of Service by Altering Routing Information: Consider a scenario wherein node A

wants to communicate with node E. At node A, the routing path in the header is A-B-C-D-E. If B is a compromised node, it can alter the routing path to A-B-C-E. Since there

exists no direct route from C to E, C will drop the packet. Thus, A will never be able toaccess any service / information from E.

Impersonation Attacks

In this attack, the malicious node hides its IP address and uses another IP address in the

network, this is known as spoofing.

Fabrication Attacks:there are three types that can be classified here.Falsification of Rote Error Messages: The weakness of this architecture is that whenevera node moves, the closest node sends an error message to the other nodes so as to

inform them that a route is no longer accessible. If an attacker can cause a DoS attack byspoofing any node and sending error messages to the all other nodes, it can isolate any

node quite easily. This is most common in AODV and DSR protocol.

Routing table overflow attack:Consider ad-hoc networks that use a proactive protocol

i.e. an algorithm which tries to find routing information even before it is needed; this

creates vulnerabilities since the attacker can attempt to create routes to non-existent

nodes. If enough routes are created, new routes can no longer be added due to anoverwhelming pressure on the protocol.

Route poisoning: This passive attack occurs when nodes are in the updating mode of theirrouting tables. Information stored in the routing tables get deleted, changed, and injected

with false information.

4- Techniques to secure MANETs:

There are two techniques that are the most common approaches today are:

Prevention: This is a scenario where the solution is to stop nodes from initiating attack.

Prevention mechanisms usually require encryption techniques to provide authentication,

4


5/10

integrity, etc. Some proposals use symmetric algorithms, some use asymmetric

algorithms, and others using one way hashing.Prevention using Asymmetric cryptography: SAODV and ARAN (Authenticated Routing

for Ad hoc) are two protocol proposed in this category. SAODV secures the AODV

protocol by digitally signing the fields of the routing message, for authentication. ARAN

makes use of the cryptographic certificate to offer the routing certificate [3].Prevention using Symmetric cryptography: SAR (Security aware ad hoc routing) and

SRP (Secure routing protocol) are the two protocols in this category that can be applied

to most of the commonly used protocol today. SAR attempts to use the traditional sharedsymmetric key encryption, and involves some sort of key distribution system to distribute

the trust level keys to the correct devices. SRP is based on security association via secret

key schema to provide routing informationPrevention using one-way hash chain: SEAD and Ariadne are two protocols that use this

mechanism. SEAD implements one way hash chains to protect modification of routing

information like sequence number and source route. Ariadne relies on efficient symmetriccryptography [10].

Detection and Reaction:These are solutions that attempt to identify the malicious

activities in the network and take actions against such nodes. Examples includeByzantine, Confidant, DSR, CORE, and using watchdog and pathrater. Wachdog and

Pathrater can be deployed to most existing protocols. Wachdog is used to identify the

misbehaving nodes while the parthrater avoids routing packets through these nodes [9].

5- Ad hoc On Demand Distance Vector Routing:Ad-hoc On Demand Distance Vector

(AODV) protocol is a reactive routing protocol; however it has a feature of proactiveprotocol in a sense that a source node stores the valid routes for the next hop node in

routing table. AODV uses a distributed approach [1]; meaning that source nodes do notknow the routing sequence of the intermediate nodes it has to go through to reach the

destination. AODV uses the route discovery and route reply process to create and

maintain a route on demand. In the route discovery phase for a source node to sendinformation to a destination node, it first looks up its own routing table to see if a valid

route exists. If a valid route does not exist, a source node broadcasts a global route

request message (RREQ) that contains the source address, source sequence number,

destination address, destination sequence number, broadcast ID, and hop count [5]. Thecombination of the source address and the broadcast-ID is used to uniquely identify each

RREQ message. A node that receives the RREQ message which is usually the nearest

node to the source node replies immediately with a routing reply (RREP) if it has a freshroute. Otherwise, it forwards the RREQ message to establish the route to the destination.

The sender selects the first node to respond with a RREP (Routing Reply) as the

intermediate node to send messages through. During the route discovery phase a forwardpointer link between source node, destination node, and all the intermediate nodes as the

RREQ messages propagate in the routing discovery, Figure [1]. Similarly, backward

pointer links between all nodes as the RREP messages propagate back to the source node,Figure [2]. This result in a pair of forward and backward pointers set up between all the

intermediate nodes participating in the routing process, Figure [3].

5


6/10

Figure [1] RREQ Prorogate Figure [2] RREP Prorogate

Figure [3] pair of forward and backward pointers in each node.

Figure [1] Traffic from sender Node0 to receiver Node3

Figure [2] forward bytes when Node2 not present. Figure [3] forward bytes when

Node2 present

We used a network simulation tool (NS-2) to simulate traffic in AODV protocol, the

figures above show the corresponding process of route discovery through the closest path

in the network. In the arrangement of the simulation, node 2 is close to the source node 0

SN

SN DNSN DS

DS

6


7/10

so if node2 is present in the network, then traffic sequence will go through 0-2-4-3. If it is

not present then traffic will flaw through this route sequence will follow 0-1-4-3.

AODV maintains the routing process by having three messages. A route error message

that generate when any links in a route fails, a route-error message is generated by an

intermediate node to source nodes on the link and this message will propagate to everysource node that uses the failed link. Then, source nodes will initiate the route discovery

process. A periodic hello messages between immediate neighbor nodes are required to

prevent the forward and backward pointers from expiration and make sure the nodes stillan available and participating in the routing process. Finally, route time-out message that

delete the links between intermediate nodes if there is no activity on a route for a certain

amount of time.

Security Problems in AODV and possible solutions

AODV is vulnerable to a well known malicious node called black hole and gray hole

attacks. These nodes are planted by a hacker. They tend to be the first node to respond toa RREQ message broadcast by the source node because they do not check their own

routing table to see if there is a route to the destination. These nodes can ignore packets

that are routed to them, and as a result they can perform denial of service attack. GreyHole is a node that can switch from behaving correctly to behaving like a black hole.

This is done to avoid detection. Some researchers [4] discussed and proposed a solution

to a black hole attack by Disable the ability for intermediate nodes to reply to an RREP;and only allow the destination to reply. Venkatraman [7] presents two models to secure

AODV: EAPM (External Attack Prevention Model), and IADM (Internal AttackDetection Model). Previously proposed protocols to secure AODV including SAODV

(Secure Ad Hoc Distance Vector) are still vulnerable to some external and internal

attacks. SAODV uses Assymetric cryptography mechanism to authenticate the fields ofthe routing message by using a digital signature, which is quite strong technique.

However, when considering external attacks, SAODV still vulnerable to malicious nodes

attacks like black hole and Denial of service attack. In our solution to this problem we are

introducing a schema that can be implemented to AODV protocol to ensure detectingexternal malicious nodes like black hole and also ensure authentication between member

nodes in network to prevent a against possible denial of service attack. In our research we

are not sure how multiple black holes nodes will be detected, but previous researcheshave proposed a solution to this problem [6].

.

Solution

To detect black and gray hole nodes, we propose having the sender occasionally check

through all available routes, whether the destination received all of its messages intact.This must be done after some data has been sent. In order to circumvent any black hole

nodes that might interfering with message traffic, the sender broadcast a "check" request

message (figure 2), and the destination's response would follow the same route as the

7


8/10

request (figure 3). To deal with the possibility of a node altering or faking the client

response, the sender compares each response with the data that it sent to the destination.If the responses differ from what the sender sent, it may indicate a bad link or a malicious

node. If any two client responses differ, that is almost a sure sign of a malicious node. In

any case, the sender can choose another intermediate node for sending its data, as shown

in figure 4, or send an alarm.

Two new control messages can be added to the AODV protocol to facilitate this. One,

which we call "RRCS" for "Routing Request Checksum" is broadcast by the sender toreach the destination, like an RREQ when no intermediate nodes hold a route to the

destination. Each node through which it passes adds its ID to RRCS. The destination

responds to each RREQ it receives with the second control message, RCSR for "RoutingChecksum Reply." It contain a checksum or CRC code of the data that the client

received from the server, including routing control messages, and the size of the data that

it received. It also contains a copy of the list of nodes that its corresponding RREQpassed through; and each node that the RRCS passes through refers to that list, in reverse

order, to determine the next node to forward it to. This ensures that the RCSR followsthe exact route as the RRCS, in reverse order. As the server receives each RCSR

response, it compares its checksum with the checksum of the data that was sent.

Figure 1 Figure 2

Figure 3 Figure 4

To prevent denial of service attack on AODV protocol based network from an external

malicious node and intruder or from an internal misbehaving node that can flood the

network with any kind of control messages, such as RREQ and RREP. A set of two typesof keys in the member nodes will be used in this protocol. Secret key shared between all

nodes and public-private key pair for each node. Using this approach will provide a

8


9/10

mechanism to authenticate member nodes in the same group that have the same shared

secret key. Therefore, an external malicious node planted physically by external user canbe identified and any member nodes receive any messages from a node that does not have

the secret shared key will drop that message. This will detect and prevent the external

attacks including Dos attack. Also, internal nodes and messages between them will be

authenticated by digital signature using their own private key. This will provide internalsecurity to an external node that assumingly got the shares key. This node will not be able

to communicate with member nodes since it will not use its private key.

Applying the previous mentioned approach of using the digital signature to authenticate

all messages between member nodes will provide us with a way to detect the

misbehaving nodes in the member community; such node can not deny sending particularinformation since member nodes send messages authenticated through their own private

key. If misbehaving node detected regularly, then neighbors nodes will report to other

member nodes in the network. We also propose applying the fingerprint mechanism toauthenticate specific users to have access to certain nodes, and also to prevent any non

legitimate user to gain access to member nodes in the network.

Proposal Risk:

We identified some questions that cross the mind concerning our proposed methodology,

these questions are: Q1-What if another problem prevented the destination from receivingall of the packets that were sent. Q2- What about the network and power overhead

involved in broadcasting a new message. Q3- What if another malicious node, in the pathof an alternative route between the sender and the destination, alters the destinations

response. Q4- What if another malicious node alters the destinations positive response to

say that no data has been sent?

A1-As long as the TCP protocol is used to transfer the data, this shouldnt be a problem,

since TCP provides reliable delivery. If such a problem still occurred, it would be better

for the sender to sent messages through a different route.A2-The interval in which the checksum message is sent can be varied based on the

application requirements. In this, there would be a tradeoff between security and network

traffic.A3- We are assuming a reliable path between sender and destination since we proposed

technique to detect external malicious nodes and a way to authenticate internal nodes. If

there are no good paths between the sender and the destination, this may fail to detect ablack hole attack.

A4-The system would know that a bad node exists anyway and would send an alarm to

other nodes. Further action can then be taken to identify and isolate malicious nodes

6- Future Research

9


10/10

In this paper we have analyzed routing protocols and security issues of MANETs; we

also described AODV protocol and proposed methods to solve security issues of theblack hole, Dos, and detecting and reporting malicious nodes in AODV protocol.

As future work, we are intended to test the performance of our solutions through

simulation, and also demonstrate how our solutions can co-exist with other published

solutions.

References:

[1] C. Karlof and D. Wagner., Secure Routing in Wireless Sensor Networks: Attacks

and Countermeasures, Sensor Network Protocols and Applications (SNPA'03), May

2003

[2] Anthon Wood, A. D., and Stankovic, J. A. Denial of service in sensor networks. IEEE

Computing (2002), 54--62.

[3] Deng, J., Han, R., Mishra, S.: INSENS: Intrusion-tolerant routing in wireless SensorNetworks. Technical Report CU CS-939-02, Department of Computer Science,

University of Colorado, November 2002.http://citeseer.ist.psu.edu/680475.html

[4] H. Deng, W. Li, and D. Agrawal, "Routing Security in Wireless Ad Hoc Networks,"IEEE Comm. Magazine, vol. 40, no. 10, 2002, pp. 70 75.

[5] P Papadimitratos, Secure Data Communications in Mobile Ad Hoc NetworksIEEE Journal On Selected Areas In Communications, vol. 24, No. 2, February 2006 pp

346 356

[6] S. Ramaswamy, H. Fu, M. Sreekantaradhya, J. Dixon, K. Nygard Prevention of

Cooperative Black Hole Attack in Wireless Ad Hoc Networks

[7] L. Venkatraman and D.P. Agrawal, Strategies for enhancing routing security in

protocols for mobile ad hoc networks,J. Parallel Distrib. Comp., 2002.

[8] S. Yi, P. Naldurg, and R. Kravets Security-Aware Ad hoc Routing for Wireless

Networks The Second ACM Symposium on Mobile Ad Hoc Networking & Computing

(MobiHoc'01), 2001.(another version Security-Aware Ad Hoc Routing Protocol forWireless Networks,Report, August, 2001)

[9] Sergio Marti and T. J. Giuli and Kevin Lai and Mary Baker. Mitigating routingmisbehavior in mobile ad hoc networks.Mobile Computing and Networking (2000):

[10] Yih-Chun Hu, David B. Johnson, and Adrian Perrig. SEAD: Secure EfficientDistance Vector Routing for Mobile Wireless Ad Hoc Networks. Proceedings of the 4th

IEEE Workshop on Mobile Computing Systems & Applications (WMCSA 2002), pp. 3-

13, IEEE, Calicoon, NY, June 2002.

10
http://citeseer.ist.psu.edu/680475.htmlhttp://www.ccs.neu.edu/papers/ad-hoc-network/secuaware_routi_adhoc%5B1%5D.pshttp://www.ccs.neu.edu/papers/ad-hoc-network/marti00mitigating.pdfhttp://www.ccs.neu.edu/papers/ad-hoc-network/marti00mitigating.pdfhttp://www.ccs.neu.edu/papers/ad-hoc-network/secuaware_routi_adhoc%5B1%5D.pshttp://citeseer.ist.psu.edu/680475.html