Intelligent Secure Routing Model For MANET
Rizwan R. Rangara ,Rupika S. Jaipuria ,Gauri N.Yenugwar. Computer Science and Engineering, Jawaharlal Darda Institute of Engineering and Technology, Yavatmal[M.S.], India.
[email protected] Abstract A mobile ad hoc network is a collection of nodes that is connected through a wireless medium forming rapidly changing topologies. Compared to wired networks, MANETs are more vulnerable to security attacks due to the lack of a trusted centralized authority, easy eavesdropping, dynamic network topology, and limited resources. This paper introduces a intelligent secure routing model for MANET. The intelligent model first detects the type of attack and chooses the optimum routing protocol according to the network attack. Keywords- NLP, Black hole, Replay, PKD, LSU, ADS.
I.
INTRODUCTION
A MANET is a self-organizing system of mobile nodes that communicate with each other via wireless links with no fixed infrastructure or centralized administration such as base stations or access points. Hence, MANETs are suitable for applications in which no infrastructure exists such as military battlefield, emergency rescue, vehicular communications and mining operations. In these applications, communication and collaboration among a given group of nodes are necessary. Instead of using multiple unicast transmissions, it is, therefore, advantageous to use multicast in order to save network bandwidth and resources, since a single message can be delivered to multiple receivers simultaneously. Among all the research issues, security is an essential requirement in MANET environments. Compared to wired networks, MANETs are more vulnerable to security attacks due to the lack of a trusted centralized authority, easy eavesdropping, limited power and bandwidth, and dynamic network topology. The security issue of MANETs in group communications is even more challenging because of the involvement of multiple senders and multiple receivers. Although several security attacks in MANETs have been studied in the literature, the focus of earlier research is on unicast applications. The effects of security attacks on multicast MANETs are, therefore, still unknown. This paper introduces a secure routing protocol for MANET that detects various types of attacks in the network using an attack detection system (ADS) and switches to a particular protocol that can resist that attack. II. ROUTING IN MANET Routing in mobile ad hoc networks faces additional problems and challenges when compared to routing in
Prof. P M. Jawandhiya Assistant Professor, Computer Science and Engineering, Jawaharlal Darda Institute of Engineering & Technology,Yavatmal[M.S], India.
[email protected] traditional wired networks with fixed infrastructure. There are several well-known protocols in the literature that have been specifically developed to cope with the limitations imposed by ad hoc networking environments. The problem of routing in such environments is aggravated by limiting factors such as rapidly changing topologies, high power consumption, low bandwidth and high error rates. Most of the existing routing protocols follow two different design approaches to confront the inherent characteristics of ad hoc networks, namely the table-driven and the source-initiated on-demand approaches. III. TYPES OF ATTACKS IN MANET The attacks in MANET can be classified into two major categories: External attacks and Internal attacks, according the domain of the attacks. Some papers refer to outsider and insider attacks. External attacks are carried out by nodes that do not belong to the domain of the network. Internal attacks are from compromised nodes, which are actually part of the network. Internal attacks are more severe when compared with outside attacks since the insider knows valuable and secret Information, and possesses privileged access rights. Based on a threat analysis and the identified capabilities of the potential attackers, we will now discuss several specific attacks that can target the operation of a routing protocol in an ad hoc network. A. Black hole attack : The black hole attack has two properties. First, the node exploits the mobile ad hoc routing protocol, such as AODV, to advertise itself as having a valid route to a destination node, even though the route is Spurious, with the intention of intercepting packets. Second, the attacker consumes the intercepted packets without any forwarding. However, the attacker runs the risk that neighboring nodes will monitor and expose the ongoing attacks. There is a more subtle form of these attacks when an attacker selectively forwards packets. An attacker suppresses or modifies packets originating from some nodes, while leaving the data from the other nodes unaffected, which limits the suspicion of its wrongdoing. B. Replay attack : An attacker that performs a replay attack injects into the network routing traffic that has been captured previously. This attack usually targets the freshness of routes, but can also be used to undermine poor
C. Denial of service attack: Denial of service attacks aim at the complete disruption of the routing function and therefore the whole operation of the ad hoc network. Specific instances of denial of service attacks include the routing table overflow and the sleep deprivation torture. x Routing table overflow attack: A malicious node advertises routes that go to non-existent nodes to the authorized nodes present in the network. It usually happens in proactive routing algorithms, which update routing information periodically. The attacker tries to create enough routes to prevent new routes from being created. The proactive routing algorithms are more vulnerable to table overflow attacks because proactive routing algorithms attempt to discover routing information before it is actually needed. An attacker can simply send excessive route advertisements to overflow the victim’s routing table. x Sleep deprivation torture attack: Energy is a critical parameter in the MANET. Battery-powered devices try to conserve energy by transmitting only when absolutely necessary. The sleep deprivation torture attack aims at the consumption of batteries of a specific node by constantly keeping it engaged in routing decisions.
hybrid model. The main operational requirement of SLSP is the existence of an asymmetric key pair for every network interface of a node. Participating nodes are identified by the IP addresses of their interfaces. The specific mechanism for the certification of public keys is not addressed by the protocol, as previously proposed key management solutions are assumed to be in operation. Furthermore, SLSP limits its scope to secure only the process of topology discovery; parties that participate in it and decide to misbehave during data transmission are not detected or penalized. SLSP can be logically divided into three components, namely public key distribution, neighbor discovery and link state updates. To avoid the need of a central key management server, nodes broadcast their public key certificates within their zone using signed public key distribution (PKD) packets. Receiving nodes are then able to verify subsequent SLSP packets from the source node. Link state information is also broadcasted periodically using the Neighbor Lookup Protocol (NLP), an internal part of SLSP. NLP hello messages are also signed and include the sending node’s MAC Address and IP address for the current network interface. This allows a node’s neighbors to maintain a mapping of MAC and IP addresses. By generating notification messages, NLP can inform SLSP when suspicious discrepancies are observed, like two different IP addresses having the same MAC, or a node trying to claim the MAC of the current node, etc. Such notifications are used to inform SLSP to discard the suspicious packets. Link state update (LSU) packets are identified by the IP address of the initiating node and include a 32-bit sequence number for providing updates. The hop count included in the packet is authenticated using hash chains, as we have previously seen in the SAODV and other protocols. The authentication of the hash chain itself is performed through the anchor that is included in the digitally signed part of an LSU message. Nodes that receive an LSU verify the attached signature using a public key they have previously cached in the pubic key distribution phase of the protocol. The hops traversed field of the LSU is set to hashed hops traversed, the TTL is decremented and finally the packet is broadcasted again. To protect against denial of service attacks, SLSP nodes maintain a priority ranking of their neighboring nodes based on the rate of control traffic they have observed. High priorities are given to nodes that generate LSU packets with the lowest rate. This functionality enables the neighbors of malicious nodes that flood control packets at very high rates to limit the effectiveness of the attack. SLSP provides a proactive secure link state routing solution for ad hoc networks. By securing the neighbour discovery process and using NLP as a way to detect discrepancies between IP and MAC addresses, SLSP offers protection against individual malicious nodes. As it is mentioned by the authors, SLSP is vulnerable to colluding attackers that fabricate non-existing links between themselves and flood this information to their neighboring nodes.
D. Routing table poisoning attack: Routing protocols maintain tables which hold information regarding routes of the network. In poisoning attacks the malicious nodes generate and send fabricated signaling traffic, or modify legitimate messages from other nodes, in order to create false entries in the tables of the participating nodes. For example, an attacker can send routing updates that do not correspond to actual changes in the topology of the ad hoc network. Routing table poisoning attacks can result in selection of non-optimal routes, creation of routing loops, bottlenecks and even partitioning certain parts of the network. IV. AD HOC ROUTING PROTOCOLS Till date several protocols have been developed to defend against various attacks on MANET. In this paper we have mainly concentrated on two protocols i.e. Secure link state protocol (SLSP) and On-demand Secure Routing Protocol Resilient to Byzantine Failures (OSRP) to provide countermeasures against all the attacks mentioned in Section III. In this section we have analyzed the detailed working of these protocols and their efficiency to defend against various attacks. A. Secure Link State Routing Protocol (SLSP) The Secure Link State Routing Protocol (SLSP) [1] has been proposed to provide secure proactive routing for mobile ad hoc networks. It secures the discovery and the distribution of link state information both for locally and network-wide scoped topologies. SLSP can be employed as stand-alone solution for proactive link-state routing, or combined with a reactive ad hoc routing protocol creating a
453
This protocol is efficient to resist attacks such as replay, denial of service and routing table poisoning but fails to defend against the black hole attack.
return acknowledgements to the source node. Data packets originating from the source contain a list of nodes, known as probe nodes, which are required to send acknowledgements for every received packet. If the number of unacknowledged packets violates an acceptable threshold a fault is registered on the path. Thus, a malicious node is not able to drop packets without actually dropping the list of the probe nodes. The list contains non-overlapping intervals that cover a route, where each interval covers the sub-path between two consecutive nodes [2]. Using binary search the fault detection algorithm is able to locate a faulty link after log n faults have been detected, where n is the length of the route where a fault was registered. In order to avoid expensive asymmetric operations on a per packet basis, the protocol requires the existence of shared keys between the source node and each probe node for ensuring the authenticity and integrity of the acknowledgements. The third and final phase of the protocol manages the weights of the links that were identified as faulty by the previous phase. When a link is identified as faulty the corresponding weight value is doubled. The protocol maintains counters associated with each link and when this counter reaches zero the weight of the associated link is halved.
B. On-demand Secure Routing Protocol Resilient to Byzantine Failures (OSRP) The problem of malicious nodes in an ad hoc network performing byzantine attacks in order to disrupt the routing function is studied in [2]. The authors propose an ondemand secure routing protocol that is able to function in the presence of colluding nodes introducing byzantine failures in the process of routing. Their approach is based on the detection of faulty links after log n faults have occurred, where n is the length of the route. The protocol bases ondemand route discovery on weight values of paths, and the paths that are identified as malicious are assigned increased weights. The authors define the term byzantine behavior as any action taken by an authenticated node that disrupts the routing process. The utilized detection method avoids the identification of nodes as malicious, but instead tries to attribute a flaw to a link between two nodes. The protocol is separated into three different phases, namely route discovery with fault avoidance, byzantine fault detection and link weight management. The phases operate in sequence and each one receives the output of the previous as input (see Figure 1). The metric upon which path selection is based consists of link weights, where high weights represent an unreliable path. Every node that participates in the network is required to maintain a weight list and update it according to the results of the fault detection phase. The first phase of the protocol is responsible for establishing a route between the initiating and the destination node. The initiating node signs with its private key a route request message that is broadcasted to all of its neighbors. The message includes the address of the initiator, the address of the destination, a sequence number and a weight list. When an intermediate node receives a route request it checks if a request with the same identifiers has been seen before. If such a request does not exist in its list it verifies the signature of the initiator adds the request to its list and rebroadcasts it. Upon receiving a request the destination node checks the validity of the signature and creates a signed route response message. The response contains the source and destination addresses, a sequence number and the weight list from the request message. The destination node broadcasts the response to its neighboring nodes. Intermediate nodes compute the total weight of the path by summing the weight of all the links on the specified path to the current node. If the total computed weight is less than that of any previous response message with the same identifiers, the current node verifies all the signatures, appends its own identifier, signs it and broadcasts it. The initiating node performs the same process as the intermediate nodes upon receiving a route response. The initiator updates the route to the destination if a received path is better than the one already used. The second phase of the protocol, byzantine fault detection, requires specific nodes on a discovered path to
Figure 1. The three phases of the protocol operate in sequence and each one receives the output of the previous as input. TABLE I.
Attacks Black Hole Replay Denial Of Service Routing Table Poisoning
DEFENCE AGAINST ATTACKS [3]
Protocol SLSP No Yes Yes
OSRP Yes Yes No
Yes
Yes
The main goal of the protocol is to provide a robust ondemand ad hoc routing service that is resilient to byzantine failures. The operation of the protocol requires the existence of public-key infrastructure in the ad hoc network to certify the authenticity of the participating nodes’ public-keys. Based on this assumption, the protocol manages to discover a fault-free path if one exists even in an environment with colluding malicious nodes. As the authors note, a limitation rests in the inability of the protocol to prevent wormhole attacks. However, if the wormhole link demonstrates byzantine behavior then the protocol will detect it and avoid it. This protocol is efficient to resist attacks such as replay, denial of service and routing table poisoning but fails to defend against the black hole attack.
454
acknowledgement (ACK) for every received packet to the source, whose entry is maintained in a routing table at the source node. If the number of acknowledged packets violets an acceptable threshold, a routing table overflow attack is detected. The attacks, black hole and sleep deprivation torture occurs generally in route discovery phase whereas the routing table overflow attack occurs in route maintenance phase.
V. CHALANGES IN ROUTING PROTOCOL As discussed in section IV, the routing protocol SLSP fails to resist the black hole attack whereas the routing protocol OSRP faces denial of service attack but both the protocols can efficiently resist replay and routing table poisoning attacks. Thus, these paper aims at proposing a new model “Intelligent Secure Routing Model” that combines features of both the protocols to resist the above discussed attacks in section III.
F. Switch: Whenever ADS detects a particular attack which is not resisted by the underlying protocol, it switches another protocol to carry the further transmission. There are two possible cases for switching: x Case1: If the underlying protocol before attack detection is SLSP and the black hole attack is detected, it switches to OSRP protocol. x Case2: If the underlying protocol before attack detection is OSRP and the denial of service attack is detected, it switches to SLSP protocol. Thus, by using this model, we are able to detect and resist all the mentioned attacks. The schematic view of the proposed model is as follows:
VI. INTELLIGENT MODEL FOR SECURE ROUTING PROTOCOL To implement this model, all the participating nodes in MANET must have the resources needed for the working of both SLSP and OSRP protocols. The two main components in this model which must be implemented at every node are: E. Attack detection system (ADS): This intelligent system is capable of detecting various attacks in MANET. In this paper, we have mainly concentrated on detection of following attacks: x Black hole attack: To detect this attack every node that participates in the ad hoc network employs the watchdog functionality in order to verify that its neighbors correctly forward packets. When a node transmits a packet to the next node in the path, it tries to promiscuously listen if the next node will also transmit it. Furthermore, if there is no link encryption utilized in the network, the listening node can also verify that the next node did not modify the packet before transmitting it [4]. The watchdog of a node maintains copies of recently forwarded packets and compares them with the packet transmissions overheard by the neighboring nodes. If a node that was supposed to forward a packet fails to do so within a certain timeout period, the watchdog reports a black hole attack. x Sleep deprivation torture: Before transmitting data in MANET, every protocol must undergo through a route discovery phase in which an optimum path from source to destination is established. For this, the source broadcasts a route request packet (RREQ) to the neighboring nodes which finally reaches to the destination. The destination then replies with a route response packet (RREP) back to the source. There can be multiple path responses and the source selects an optimum path among them. But a malicious node can continuously send multiple route responses to the source there by consuming its battery by constantly keeping it engaged in routing decisions. x Routing table overflow: After establishing an optimum path between source and destination, the data packets are sent through the network. The nodes participating in the optimum path are called as probe nodes. Upon receiving the data packet, the probe nodes are responsible for sending
Figure 2. Intelligent Secure Routing Model
VII. CONCLUSION AND FUTURE WORK In this paper, we have dealt with various attacks in MANET and also working of various routing protocols that can resist attacks such as black hole, replay, denial of service and routing table poisoning. Finally we have designed an intelligent and secure routing model which is capable of resisting all these attacks. The attacks other than these are beyond the scope of this model. ACKNOWLEDGMENT We express our sincere gratitude to Dr. A W. Kolhatkar, Principal JDIET for being constant source of inspiration.
455
Lastly I would like to thank all my friends Rutvij V Newaskar, Gauri Yenugwar and Jayesh Bhoyar for being there to support at any walk of this paper. REFERENCES [1]
[2]
[3] [4]
P. Papadimitratos, and Z.J. Haas, “Secure Link State Routing for Mobile Ad hoc Networks,” Proc. IEEE Workshop on Security and Assurance in Ad hoc Networks, IEEE Press, 2003, pp. 27-31. B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens, “An OnDemand Secure Routing Protocol Resilient to Byzantine Failures,” WISE’02, Atlanta, Georgia, September 2002, pp. 21-30. Patroklos G. Argyroudis and Donal O’Mahony, “ Secure Routing for Mobile Ad hoc Networks” S. Marti, T.J. Giuli, K. Lai, and M. Baker, “Mitigating Routing Misbehavior in Mobile Ad hoc Networks,” Proc. 6th Annual ACM/IEEE Int’l. Conf. Mobile Computing and Networking (Mobicom’00), Boston, Massachusetts, August 2000, pp. 255-265
456
