survey on secure routing in ad-hoc networks

4 downloads 0 Views 207KB Size Report
[25]Markus Klann, Till Riedel, Hans Gellersen, Carl. Fischer “LifeNet: An Ad-hoc Sensor ... [27]P. Jacquet, P. Muhlethaler, and A. Qayyum,. “Optimized Link State ...
Global Journal of Advanced Engineering Technologies, Vol2, Issue 4-2013

ISSN: 2277-6370

SURVEY ON SECURE ROUTING IN AD-HOC NETWORKS Ashima Mehta1, Prof. Anuj Gupta2

1

Research Scholar (Department of Computer Science) , Rimt-Iet, Mandi Gobindgarh. 2 Professor and Head CSE, Rimt Iet, Mandi Gobindgarh.

Abstract: - Network Security which involves all the activities that organisations, enterprises undertake to protect the value and ongoing usability of assets is growing concern in the Internet world. Some of the vital security ditherers include Hijacking, Trojan horse programs Hacking, Eavesdropping, Mapping, Spoofing, Packet sniffing, DoS & DDoS attacks, etc. MANETs (Mobile ad hoc networks) are used in very suspicious and critical scenarios such as military, disaster relief operations, mine site operations, emergency rescue operations etc. The reason for the increased attention is the use of multimedia applications running in infrastructure less environment. Thus due to the disadvantage of Manets i.e limited power and dynamic topology it becomes very hard to provide a secure environment in Manet. The desire to manage these security ditherers has given birth to the notion of “Network Security”. In this paper there is complete discussion on different kinds of attacks and there desirable solutions to inhibit security to a larger extent in mobile adhoc networks. Keywords: - Manet, Attacks, RREP, RREQ, security routing

protocols I.INTRODUCTION Network Security consists of the policies adopted by the network administrator to protect the network and network accessible resources from unauthorised access and consistent and continuous monitoring and measurement of its effectiveness combined together. Due to internet’s rapid growth and development security and privacy is a growing concern in the Internet community. Manet has no fixed infrastructure and hence it is more prone to various security threats. The critical factors that affect the design and performance of a MANET include traffic pattern and load, terrestrial limitations, medium access scheme, multicasting, routing transport layer protocol, pricing scheme, network size and density, self organization, security, energy management, addressing[25].In this paper, we focus on security aspects of the MANET routing protocols. The absence of any kind of central coordination mechanism and shared wireless medium makes MANETs more vulnerable to security attacks than wired networks. Active research has been done in routing in ad-hoc networks and in the recent years many routing protocols have been developed for Manets [23, 5, 6, 22]. In order to prevent any kind of active and passive attacks a secure ad-

hoc network is required to meet the following security requirements [24, 20]. a) Authentication Every transmitting or receiving node has its own signature. Nodes must be able to authenticate that the data has been sent by the legitimate node. b) Availability Network services should be available all the time and it should be possible to correct failures to keep the connection stable. c. Confidentiality Only the intended receivers should be able to interpret the transmitted data D. Integrity Data should not change during the transmission process, i.e., data integrity must be ensured. II.BACKGROUND AND RELATED WORK In this section we discuss the related work on security challenges in MANET’s. Extensive research has been carried out on analysing the performance and other parameters for routing protocols in Manets and also comparison study has been done on various on demand and table driven protocols attacks. Various technical combats have also been designed [8, 9]. The way of approaching the Manets security has also been studied to a better extent in order to increase the performance of Manets. The functioning group of MANET is born in Internet Engineering Task Force (IETF) who worked to standardized routing protocols for MANET and gives rise to the development of various mobile devices like PDA‟s palmtops, notebooks, etc. Different attacks on standalone Manets and Manet-Internet communication have studied well in the past literature. III.OVERVIEW OF SECURITY ATTACKS The different Classes of attack on Manets include emission, location, passive monitoring of communications, motivation which is further divided into confidentiality, integrity, privacy and un-authorization [8, 12], close-in attacks, rationality, exploitation by insiders, and attacks through the service provider. Information systems and networks offer attractive targets and should be resistant to attack from the full range of threat agents, from hackers to

171

Global Journal of Advanced Engineering Technologies, Vol2, Issue 4-2013 nation-states. Attacks on Manets are divided into two main broad categories:(a) Active Attacks Active attacks are very severe on the network that can be either internal or external. These attacks prevent message flow between the nodes. Further these attacks break protection features, to introduce malicious code, and to steal or modify information. This can be done either through reading and changing the information on the data packets, denial of Services, altering the routing path by changing routing information, hop count etc. Active attacks propel by compromised nodes or malicious nodes. (b) Passive Attacks A passive attack monitors unencrypted traffic and looks for clear-text passwords and sensitive information that can be used in other types of attacks. Passive attacks include traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Passive attacks are those attacks which do not alter the normal functionality of network but silently try to listen or retrieve the vital information inside the data packets. These attacks are further classified under 4 main categories:-

ISSN: 2277-6370

attacker could mask as an authorized node using several methods. It may be possible that by chance it can guess the identity and authentication details of the authorized node or target node, or it may snoop information regarding the identity and authentication of the target node from a previous communication, or it could disable the authentication mechanism at the target node. In this attack, malicious node changes its IP address or MAC address in the outgoing packets and uses the address of another node. 2) Attacks using modification These attacks modify packets and simultaneously discompose the communication between the nodes. An attacker can hence customize the data in the packet without any kind of available knowledge of the sender or receiver. Sinkhole attacks are one such example of modification attacks. There is. Redirection by modifying the route sequence number. In order to find the best route to the destination, nodes always depends upon the metric values such as sequence no, hop count, delay etc 3) Attacks using fabrication (a) Broadcast falsified routes In this kind of attacks attacker exploit the routing information from the packet header and changes the routing path. This will change the route cache of neighbouring node. b) Routing table overflow attacks In this kind of attack, the attacker attempts to create routes to non-existing routes. If enough routes have been created, no new routes can be entered in the routing table.

Figure 1: Various types of attacks on Manets 1) Impersonification Attack This attack is also called a type of spoofing attack in which a malicious node uses IP address of another node in outgoing routing packets. When this attack gets introduced in the network there is abrupt reduction in throughput of the system [13, 15]. In this attack, a compromised node or malicious node gets access to the network management system of the network and may start changing the configuration of the system. There is decrease in packet delivery ration and consequent increase in checksum error. It is an attack on mutual authentication and therefore an

4) Wormhole Attack Wormhole attacks are severe threats to Manets. For initiating a wormhole attack, an adversary connects two distant points in the network using a direct low-latency communication link called as the wormhole link [29, 30] The wormhole link can be established by a variety of means, e.g., by using an Ethernet cable, a long-range wireless transmission, or an optical link. Once the wormhole link is established, the adversary captures wireless transmissions on one end, sends them through the wormhole link and replays them at the other end. In wormhole attack, a malignant node receives packets at one point in the network and tunnels them to another malicious node in the network. This tunnel between two colluding attackers is referred to as a wormhole. When the wormhole attacks are used by attacker in different routing protocols such as DSR and AODV the attack could prevent the discovery of routes other than through the wormhole. Consider an example in Figure 2, P and Q are two malicious nodes that encapsulate data packets and falsified the route lengths

172

Global Journal of Advanced Engineering Technologies, Vol2, Issue 4-2013 2.

Figure2: Wormhole attack 5) Rushing Attack This kind of attack is applicable on On-Demand Routing protocol. In On-Demand routing protocol only one route request packet is forwarded to find the path to the destination node [28]. This property is being used in Rushing attacks by forwarding the RREQ Packets more frequently than the other nodes so that the route including the attacker will be discovered. IV.METHODOLOGY FOR SECURE ROUTING IN MANETs The secure routing in Manets can be subdivided into two stages:(a) Prevention (b) Detection and Reaction Mobile Ad hoc Networks (MANETs) are open to a wide range of attacks due to their unique characteristics such as dynamic topology, open medium, absence of infrastructure, multi hop scenario and resource constraint[7,9,12]. An ad hoc node in mobile ad hoc networks operates as not only end terminal but also as an intermediate router. In this way, multi-hop scenario occurs in MANETs. This multi hop scenario demands security against malicious behaviour, because there may be one or more attackers in the route from source to destination. A routing protocol in MANETs is said to be securing that detects the detrimental effects of malicious node. Many security solutions for ad hoc routing have been proposed. We will first discuss some of the basic security routing protocols designed for Manets. Now, let us first take the protocols under the prevention scheme:1.

Prevention Using Asymmetric Cryptography

(a) Authenticated Routing for Ad-hoc Network (ARAN) ARAN or authenticated routing protocol solves the purpose of detecting and protecting against malicious actions by third party and peers in ad hoc network [27]. It ensures that each node knows the correct next hop on a route to the destination by public key cryptography. It has five components, Certification, Authenticated Route Discovery, Authenticated Route Set up, Route Maintenance, and Key Revocation.

ISSN: 2277-6370

Prevention Using Symmetric Cryptography

(a) Security Aware ad-hoc routing(SAR) Makes essential use of security attributes to take the routing decision [26], it does not target any protocol, but it rather provides security at a more generalized level of security. The goal is exposing security to the application and to the routing protocol. SAR uses AODV or DSR as a base protocol; it embeds the security metric into RREQ packet itself and changes the forwarding behaviour of the protocol. (b) Secure routing protocol(SRP) The protocol is based on route querying method. SRP Requires a Security Association (SA) between source and destination node. Key generated by the SA is used to encrypt and decrypt the data by the two nodes. 3.

Prevention Using One Way Hash Chains

(a) Secure Efficient Ad-hoc Distance Vector Routing(SAED) It is a proactive secure routing protocol based on DSDV-SQ-protocol. It does not rely on asymmetric encryption primitive but instead it relies on one-way hash chain for security. Provides routing message authenticity via the use of one-way hash functions to construct a set of hash values, called authenticators , associated with each node. (b) Ariadne is an on-demand Secure ad-hoc routing protocol based on DSR with symmetric cryptography. This protocol makes use of a shared key between the nodes for authentication (MAC). 4.

Prevention Using Hybrid Approach

(a) Secure Link State Routing Protocol The scope of SLSP may range from a secure neighbourhood discovery to a network-wide secure link state protocol. SLSP nodes disseminate their link state updates and maintain topological information for the subset of network nodes within R hops, To counter adversaries, SLSP protects link state update (LSU) packets from malicious alteration, as they propagate across the network[16,19]. It disallows advertisements of nonexistent, fabricated links, stops nodes from masquerading their peers, strengthens the robustness of neighbor discovery, and thwarts deliberate floods of control traffic that exhausts network and node resources. (b) Secure Ad-hoc On-Demand Distance Vector routing protocol (SAODV) The Secure Ad hoc On-Demand Distance Vector Routing Protocol (SAODV) is an extension of the AODV routing protocol that can be used to protect the route discovery mechanism providing security features like integrity, authentication and non-repudiation.

173

Global Journal of Advanced Engineering Technologies, Vol2, Issue 4-2013 TYPE

LENGTH

HASH FUNCTION TOP HASH SIGNATURE HASH

MAX HOP CONT

Figure 3: SAODV Protocol Header 5. Comparison of Various Security Routing Protocols On the basis of above discussion the comparison has been drawn for various security routing protocols:TABLE I: COMPARISON OF VARIOUS SECURITY ROUTING PROTOCOLS Proposed Protocols SAR

Rushing Attack Routing Strategy Yes On demand

Security From : Denial-ofRouting table Service modification No Yes

Tunnelling No

ARAN

Yes

On demand

No

Yes

No

SRP

Yes

On demand

Yes

Yes

No

SEAD

Yes

Table driven

Yes

Yes

No

Ariadne

Yes

On demand

Yes

Yes

No

SAODV

Yes

On demand

No

Yes

No

SLSP

Yes

Table driven

Yes

Yes

No

V.CONCLUSION Though we have studied many approaches to provide security to MANETs but still there is still many open challenges which are yet to be resolved. In this paper, overview of the various security goals, security threats and various existing routing protocols supporting security requirements is presented. Achieving high security in MANETs always require more computation on each mobile node and hence there will always be a trade between more security and performance. Moreover until now, many secure routing, data packet forwarding and link layer security solutions are proposed. However not all these security solutions provide complete security for Manets, so there is still a requirement of more secured protocol that can deal with the various demanding requirements of MANET. [1] [2] [3] [4]

[5]

REFERENCES Amitabh Mishra, “Security and Quality of Service in Ad Hoc Wireless Networks” (chapter 1, 3), ISBN- 13 978-0-521-87824-1 Handbook. A. Mishra, and K. Nadkarni, “Security in Manets”, the handbook of wireless ad hoc networks, 2002. C-K. Toh, “Manets: Protocols and Systems”, Prentice Hall, 2002. C. Perkins, and P. Bhagwat, “Highly Dynamic Destination Sequenced Distance Vector Routing (DSDV) for Mobile Computers”, ACM SGCOMM, 1994. S. Buchegger and J. L. Boudec, “Performance Analysis of the Confidant Protocol Cooperation of Nodes-Fairness in Dynamic Ad-hoc Networks,” Proc.

ISSN: 2277-6370

IEEE/ACM Symp. Mobile Ad Hoc Networking and Computing (MobiHOC), 2002. [6] R. Hauser, T., Przygienda, and G. Tsudik, “Lowering Security Overhead in Link State Routing,” Computer Networks, vol. 31, no. 8, Apr. 1999, pp. :885–94. [7] Y. Hu, A. Perrig, and D. Johnson, “Ariadne: A secure on-demand Routing Protocol for Ad hoc Networks”, ACM MOBICOM, 2002. [8] Y. Hu, D. Johnson and A. Perring, “SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks,” IEEE WMCSA, 2002. [9] P. Papadimitratos, and Z. Haas, “Secure link State Routing for Mobile Ad hoc Networks”, IEEE Wksp. Security and Assurance in Ad hoc Networks, 2003. [10] B. Hahill et l., “A Secure Protocol for Ad Hoc Networks”, OEEE CNP, 2002. [11] B. Awerbuch et al., “Ad hoc On-Demand Distance Vector Routing Protocol Resilient to Byzantine Failures”, ACM Wise, 2002. [12] Y. Wang, G. Attebury, and B. Ramamurthy, “A Survey of Security Issues in Wireless Sensor Networks,” IEEE Commun. Surveys & Tutorials, vol. 8, no. 2, Apr. 2006. [13] H. Deng, W. Li, and D. P. Agrawal, “Routing Security in Wireless Ad Hoc Networks,” IEEE Commun. Mag., vol. 40, no. 10, Oct. 2002, pp. 70–75. [14] D. Denning, “A New Paradigm for Trusted Systems,” Proc. ACM New Security Paradigms Wksp., 1993, pp. 36–41. [15] S. Devadas et al., “Pervasive Security,” Theme Panel # 3, NSF Inaugural Cyber Trust Princible Investigators Meeting and Research Directions Workshop, Baltimore, Aug. 2003. [16] A. Perrig et al., “The TESLA Broadcast Authentication Protocol”, RSA CryptoBytes, vol. 5, no. 2, 2002, --.2-13. [17] M. Zapata, and N. Asokan, “Securing Routing Protocols”, ACM Wise, 2002. [18] Hady Abdel Salam, Syed R Rizvi, and Scott Ainsworth and Stephen Olariu “A Durable Sensor Enabled Lifeline Support for Firefighters,” IEEE Autonomus Networked Sensor Systems, 2008. [19] Jaya Jacob and V. Seethalakshmi “Performance Evaluation of Various Routing Protocols in MANET,” Research Cell: An International Journal of Engineering Sciences ISSN: 2229-6913 Vol. 5, Issue Dec. 2011. [20] Su, W., and Gerla, M., “IPv6 Flow Handoff in Ad Hoc Wireless Networks Using Mobility prediction,” Proc. IEEE Globecom 1999 Dec. [21] Er. Deepinder Singh Wadhwa and Er. Tripatjot Singh Panag “Performance Comparison of Single and Multipath Routing Protocols in Adhoc Networks,” An International Journal of Computer and Technical Applications, IJCTA, ISSN:2229-6093, Vol 2 (5), Sept-Oct 2011. [22] D. Coppersmith and M. Jakobsson, “Almost Hash Sequence Traversal,” Proc. 4th Conf. Financial

174

Global Journal of Advanced Engineering Technologies, Vol2, Issue 4-2013

ISSN: 2277-6370

Cryptography (FC ‘02), Lecture Notes in computer Science, 2002. [23] D. B. Johnson, “Routing in Ad Hoc Networks of Mobile Hosts,” Proc. IEEE Wksp. Mobile Computing Systems and Applications, Dec. 1994. [24] P. Michiardi and R. Molva,, “CORE: A Collaborative Reputation Mechanism to Enforce Node Cooperation in Mobile Ad Hoc Networks,” IFIP-Communication and Multimedia Security Conf. 2002. [25] Markus Klann, Till Riedel, Hans Gellersen, Carl Fischer “LifeNet: An Ad-hoc Sensor Network and Wearable System to Provide Firefighters with Navigation Support,” Ubicomp, Innsbruck, Austria, pp. 124 – 127, 2007. [26] Y. Wang, G. Attebury, and B. Ramamurthy, “A Survey of Security Issues in Wireless Sensor Networks,” IEEE Commun. Surveys & Tutorials, vol. 8, no. 2, Apr. 2006. [27] P. Jacquet, P. Muhlethaler, and A. Qayyum, “Optimized Link State Routing Protocol,” RFC 3626, Oct. 2003. [28] L. Abusalah and A. Khokhar, “TARP Performance in a Mobile World,” Proc. 50th Annual IEEE Globecom Int’l. Conf., Washington, DC. Nov., 2007. [29] S. Marti et al., “Mitigating Routing Misbehavior in Mobile Ad Hoc Networks,” Proc. 6th Annual ACM/ IEEE Int’l. Conf. Mobile Computing and Networking, 2000, pp. 255–65. [30] Panagiotis Papadimitratos, and Zygmunt J. Haas, “Secure Routing for Mobile Ad hoc Networks”, In Proceedings of SCS Communications Networks and Distributes Systems Modeling and Simulation Conference, CNDS 2002.

175