The Flaws In Manets Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

MANET is vulnerable to different kind of attacks because there are no clear secure boundaries. Node can join a network automatically when it is in the radio range of a network, and communicate with other nodes in the network. Due to this, MANETs are susceptible to attacks. The attacks may be passive or active. False message reply, Leakage of information, Denial-of-Service, and changing the data integrity are few examples of attacks. Spoofing, confidential information leakage, data tampering and impersonating node are the possible attacks when security is compromised [101].

1.6.2 Compromised Nodes

Some of the attacks try to get access the network to gain control over the node in the network unfairly to perform malicious actions. The mobility aspect in ad hoc networks makes it easier for a compromised node to change its position at regular intervals of time, making it more difficult trace the malicious activity.

1.6.3 No Central Management

Each node acts as a router and has the ability to forward and receive packets [103]. Lack of central management in ad hoc networks makes it difficulty in monitoring traffic and detecting attacks. The node connectivity is based on a blind mutual trust. A central entity can manage this to find out the suspicious nodes and onform the same to other nodes.

1.6.4 Problem of Scalability

The scalability of the network can be defined before the design of a network. This is not same in MANETs because the nodes are mobile and hence the scale of the MANETs is changing. The nodes can join and leave the network making the Ad-Hoc network highly scalable and shrinkable.

1.7 Secure Routing

Routing is an important function in any network. The protocols designed for routing in wired or wireless have completely different characteristics. The routing protocols for wired networks are assumed to execute on trusted entities, namely routers. Routing protocols for wired networks do not handle mobility of nodes within the system. Mobility is a basic feature in ad hoc wireless networks. Resource constraints also govern the design of routing protocols for such networks. Ad hoc networks also do not have trusted entities such as routers, since every node is expected to participate in the routing function. Therefore routing protocols need to be specifically designed for wireless ad hoc networks.

Considering the unique features of Ad Hoc networks, it is expected that the mechanisms proposed to guarantee the security of conventional wired networks are not necessarily suitable or adaptable to MANETs. Special mechanisms and protocols designed specifically for Ad Hoc networks are necessary. Protocols for MANETs therefore need to mitigate the unreliability of basic network services by taking on a fully distributed, self organizing nature. From a security perspective, distributing the functionality of network services to as many nodes as possible, avoids a single point of attack.

It is understandable that most security threats target routing protocols which is assumed to be the weakest point of the mobile ad hoc network (MANET). There are various studies and many researches in this field made attempts to propose more secure protocols.

1.7.1 Overview of Routing Protocols for Ad Hoc Networks

There are two main categories of traditional routing protocols

Distance vector

Link state

Distance vector routing is the type of routing protocol that was originally used in the internet. In distance vector routing, each node maintains a table that contains the distance from that node to all other nodes in the network. Whenever a node receives a routing update from one of its neighbors, it examines that table to see whether it can reach additional destinations through that neighbor, or whether the path to some destinations through that neighbor is shorter than the existing route. In that case, the node updates its own routing table and then sends the updated table to all of its neighbors. Those in turn update their own routing tables and may send updates to their own neighbors.

DSDV is a typical example of MANET distance vector routing protocol. The challenge with the distance vector routing protocols is that they are usually slow to converge. A simple example of slow convergence is the case when a node is disconnected from the network.

The second category of routing protocols is link state routing which addresses the limitations of distance vector routing. In link state routing each node discovers its neighbors through broadcast advertisements (called Hello Messages) that each node transmits and its neighbors can hear (if they are within the transmission range of that node). Once a node has discovered its neighbors, it transmits a message called Link State Advertisement (LSA) to all other nodes in the network that lists its neighbors and cost to get to those neighbors. Each node then can use those LSAs to calculate the topology of the complete network and routes to all other nodes. OLSR is a typical example of a MANET link state routing protocol. The link state routing protocols tend to converge more quickly than distance vector routing protocols.

1.7.2 Proactive Vs. Reactive Routing

A different classification of routing protocols is based on the instance at which the routes are setup. There are three categories namely




Figure 1.2: MANET Routing Protocols

Reactive Protocols

Reactive protocols are on-demand driven protocols. They are known as reactive protocols because they do not initiate route discovery by themselves, until requested by a source node to find a route. These protocols setup routes when demanded [94, 95]. When the source node does not have a route to the node it wants to communicate with, these protocols will establish a route between them.

Reactive protocols

Don't try to find a route until demanded;

uses flooding technique to find the destination "on demand"; and

bandwidth consumption is low for sending information.

Ad Hoc on-Demand Distance Vector Protocol (AODV)

AODV described in [96] is a reactive protocol. A node can start transmission to another node in the network to which it has no route; AODV provides topology information for that node. AODV uses control messages to find a valid route to the destination node in the network.

There are three types of control messages in AODV which are discussed below.

Route Request Message (RREQ): A Source node sends RREQ message to communicate with other nodes in the network. AODV floods this message. Time-To-Live (TTL) value is added in every RREQ message, which states the number of hops it should be transmitted.

Route Reply Message (RREP): A node or any other intermediate node that has established a route to the requested node generates a RREP message back to the originator.

Route Error Message (RERR): Every node monitors the status of its link to its neighbor's nodes. When the node detects a link failure in an active route, RERR message is generated to notify the link failure.

Route Discovery Mechanism in AODV

A node "A" generates a Route Request Message (RREQ) to initiate transmission with another node "G" as shown in the Figure 1.3. This message flooded to other nodes. This process of finding destination node is repeated until a fresh route to the destination is found or destination node is located itself. Once the destination node is located a Route Reply Message is generated to the source node. Upon receipt of RREP at the source node, a route is established between "A" and "G". "A" and "G" can communicate with each other thereafter.

Figure 1.3: AODV Route Discovery

In case of a link failure, the RERR message is sent back to the source node, i.e. when the RREQ is broadcast from node "A" to the neighbor nodes, at node "E" the link is broken between "E" and "G. The scheme is shown in the Figure 1.4 below.

Figure 1.4: Route Error Message in AODV

Dynamic Source Routing Protocol (DSR)

Dynamic source routing protocol abbreviated as DSR is also a reactive protocol. DSR use to update its route caches by finding new routes. It updates its cache with new route discovered or when there exist a direct route between source and destination node. When a node wants to transmit data, it defines a route for the transmission and then starts transmitting data through the defined route.

Route Discovery Process: When a source node wants to transmit data to another node in the network, its routing cache is checked. When there is no route to the destination in its cache, an RREQ is broadcast. RREP is generated, when the destination is located or any intermediate node that has fresh enough route to the destination node [97]. When the source node receives the RREP its cache is updated.

Route Maintenance Process: When the transmission of data starts, it is the responsibility of the transmitting node to confirm the next hop about the reception of data along with source route. If confirmation is not received by the originator node, it again performs new route discovery process.

Proactive Protocols

In proactive routing protocols nodes typically try to create routes proactively before there is a need to route traffic from a specific source to destination. These protocols constantly maintain the updated topology of the network. Every node in the network knows about the other node in advance, in other words the whole network is known to all the nodes making that network. All the routing information is usually kept in tables [98]. Whenever network topology is changed, these tables are updated. The nodes exchange topology information with each other; they can have route information any time when they needed. Optimized link State Routing Protocol (OLSR) is a good example of such protocols.

Optimized Link State Routing Protocol (OLSR)

This protocol is described in RFC3626 [99]. It is a proactive protocol that and also known as table driven protocol derived from the fact it updates its routing tables. OLSR has three types of control messages which are describe bellow.

Hello: This control message is transmitted for sensing the neighbor and for Multi Point Distribution Relays (MPR) calculation.

Topology Control (TC): These are link state signaling that is performed by OLSR. MPRs are used to optimize theses messaging.

Multiple Interface Declaration (MID): MID messages contains the list of all IP addresses used by any node in the network. All the nodes running OLSR transmit these messages on more than one interface.

1.7.3 Hybrid Protocols

Hybrid protocols exploit the strengths of both reactive and proactive protocols, and combine them together to get better results. The network is divided into zones, and use different protocols in two different zones i.e. one protocol is used within zone, and the other protocol is used between them. Zone Routing Protocol (ZRP) is the example of Hybrid Routing Protocol. ZRP uses proactive mechanism for route establishment within the nodes neighborhood, and for communication amongst the neighborhood it takes the advantage of reactive protocols. These local neighborhoods are known as zones, and the protocol is named for the same reason as zone routing protocol. Each zone can have different size and each node may be within multiple overlapping zones. The size of zone is given by radius of length P, where P is number of hops to the perimeter of the zone [100].

1.7.4 Review of Secured Routing Protocols

Authenticated Routing Protocol (ARAN)

This protocol [107] detects and protects against malicious actions performed by third parties and peers in the ad hoc network. ARAN introduces uses authentication, message integrity and non-repudiation as part of minimal security policy. It consists of a preliminary certification process, a mandatory end-to-end authentication stage and an optional second stage that provides secure shortest paths.

Operation: ARAN uses a trusted certificate server (T). Each node has to request a certificate signed by T. The certificate contains the IP address of the node, its public key, a timestamp the certificate creation and a time at which the certificate expires along with the signature by T. The goal of the first stage of the ARAN protocol is to verify whether the intended destination was reached. As with any secure system based on cryptographic certificates, the key revocation issue has to be addressed in order to make sure that expired or revoked certificates do not allow the holder to access the network. The trusted certificate server (T) transmits a broadcast message to announce a certificate revocation. Revocation notices are stored until the revoked certificate expires. Any neighbor of the node possessing the revoked certificate needs to reform routing to avoid transmission through the un-trusted node. This method is not failsafe. In some cases, the un-trusted node that is having its certificate revoked may be the sole connection between two parts of the ad hoc network. In this case, the non- trusted node might not forward the notice of revocation for its certificate, resulting in a partition of the network, as nodes that have received the revocation notice will no longer forward messages through the un-trusted node, while all other nodes depend on it to reach the rest of the network. This only lasts as long as the un-trusted node's certificate would have otherwise been valid, or until the un-trusted node is no longer the sole connection between the two partitions. At the time that the revoked certificate should have expired, the un-trusted node is unable to renew the certificate, and routing across that node ceases.

Key Features of ARAN:

Protects against modification, fabrication and impersonation;

uses of asymmetric cryptography makes it a CPU and energy usage;

is not immune to the wormhole attack

A Secure On-Demand Routing Protocol for Ad Hoc Networks (ARIADNE)

An on-demand secure ad hoc routing protocol [1] based on DSR that withstands node compromise and relies only on highly efficient symmetric cryptography. ARIADNE guarantees that the target node of a route discovery process can authenticate the initiator, that the initiator can authenticate each intermediate node on the path to the destination present in the RREP message and that no intermediate node can remove a previous node in the node list in the RREQ or RREP messages.

As for the SRP [111] protocol, ARIADNE needs mechanisms to bootstrap authentic keys required by the protocol. In particular, each node needs a shared secret key (KS, D) is the shared key between a source S and a destination D) with each node it communicates with at a higher layer, an authentic TESLA [109] key for each node in the network and an authentic "Route Discovery Chain" element for each node for which this node will forward RREQ messages.

The key features are:

ARIADNE provides uses a Message Authentication Code (MAC) [110] for authentication of a routing messages.

For authentication of a broadcast packet such as RREQ, ARIADNE uses the TESLA broadcast authentication protocol.

Selfish nodes are not taken into account.

ARIADNE copes with attacks performed by malicious nodes that modify and fabricate routing information, with attacks using impersonation and, in an advanced version, with the wormhole attack.

ARIADNE is protected also from a flood of RREQ packets that could lead to the cache poisoning attack.

ARIADNE is immune to the wormhole attack only in its advanced version: using an extension called TIK (TESLA with Instant Key disclosure) that requires tight clock synchronization between the nodes, it is possible to detect anomalies caused by a wormhole based on timing discrepancies.

Secure Efficient Distance Vector Routing (SEAD)

Hu, Perrig and Johnson presented a proactive secure routing protocol based on the Destination-Sequenced Distance Vector protocol (DSDV) [112]. In a proactive (or periodic) routing protocol nodes periodically exchange routing information with other nodes in attempt to have each node always know a current route to all destinations.

SEAD [113] authenticates the sequence number using hash chains elements. The receiver of SEAD routing information also authenticates the sender, to ensure the origin of routing information from the correct node. The source of routing update messages must also be authenticated, otherwise, an attacker may create routing loops using the impersonation attack.

The key features are:

SEAD deals with attackers that modify routing information broadcasted during the update phase of the DSDVSQ protocol

SEAD uses a one-way hash chains.

Secure Routing Protocol (SRP)

The Secure Routing Protocol (SRP) [111] was designed as an extension compatible with a variety of existing reactive routing protocols. SRP combats attacks that disrupt the route discovery process and guarantees the acquisition of correct topological information:

The initiator of a route discovery can detect and discard malicious replies. SRP may further rely on the availability of a security association (SA) between the source node (S) and the destination node (T). The SA could be established using a hybrid key distribution based on the public keys of the communicating parties. S and T can exchange a secret symmetric key (KS, T) using the public keys of one another to establish a secure channel. S and T can then further proceed to mutual authentication of one another and the authentication of routing messages.

The key features are:

SRP can deal with non-colluding malicious nodes which have the ability to modify (corrupt), replay and fabricate routing packets.

Assuming that the neighbor discovery mechanism maintains information on the binding of the medium access control and the IP addresses of nodes, SRP is proven to be essentially immune to IP spoofing.

In case of the Dynamic Source Routing (DSR) protocol [114], SRP requires including a 6-word header containing unique identifiers that tag the discovery process and a message authentication code (MAC) computed using a keyed hash algorithm.

Secure Ad hoc On-Demand distance Vector (SAODV)

The Secure AODV [115] scheme assumes that each node possesses certified public keys of all nodes in the network. The originator of the routing control packet appends its RSA signature and the last element of a hash chain to the routing packets. A packet transverse the network, intermediate nodes cryptographically authenticates the signature and the hash value. The intermediate nodes generate the kth element of the hash chain, with k being the number of transverse hops, and place it in packet. The SAODV protocol gives two alternatives for ROUTE REQUEST and ROUTE REPLY messages. In the first case when a ROUTE REQUEST is sent, the sender creates a signature and appends it to packet. Intermediate nodes authenticate the signature before creating or updating the reverse route to the host. The reverse rout is stored only when the signature is verified. When the node reaches the destination, the node signs the ROUTE REPLY with its private key and sends it back. The intermediate nodes again verify the signature .The signature of the sender is again stored with the along with the route entry.

The key features are:

Ownership of certified public keys enables intermediate enable intermediate nodes to authenticate all in-transit routing packets.

The protocol operates mainly by using the new extension message with the AODV protocol.

The SAODV can be used to protect the route discovery mechanism of the AODV by providing security features like integrity, authentication and no repudiation.

Security-Aware Ad Hoc Routing (SAR)

Security-Aware Ad Hoc Routing (SAR) [116] is the generalized framework for any on demand ad-hoc routing protocol. SAR requires that nodes having same trust level must share a secret key. SAR augments the routing process using hash digests and symmetric encryption mechanisms. The signed hash digests provide message integrity while the encryption of packets ensures their confidentiality.

SAR when implemented on AODV protocol adds two additional fields to the ROUTE REQUEST packet and one additional to the ROUTE REPLY packet. The first field added to the ROUTE REQUESTPACKET is the security requirement field and is set by the sender .It indicates the preferred level of trust for the path to the destination. The Second field added to is the security guarantee that signifies the maximum level of security provided by the discovered paths. If the security requirement field has an integer representation then the security guarantee field will be the minimum of all security levels of the participating nodes in the path. If the security requirement field is represented in vectors then the security guarantee field value id computed by ANDing the security requirement values of the participating nodes in the path. The value thus computed is copied into additional security guarantee field of the ROUTE REPLY packet and sent back to the sender. This value is also copied into the routing table of nodes in the reverse path, to preserve the security information with reference to cashed paths

The key features are:

SAR uses security information to dynamically control the choice of routes installed in the routing table.

SAR enables applications to selectively implement a subset of security services based on the cost-benefit analysis.

The routes discovered by SAR may not always be the shortest between any two communicating entities in terms of hopcount. However these routes have quantifiable guarantee of the security.

SAR will find the optimal route if all the nodes on the shortest path satisfy the security requirements.

SAR may fail to find the route if the ad hoc network does not have a path on which all nodes on the path satisfy the security requirements in spite of being connected.

Secure Link State Routing Protocol (SLSP)

It provides secure proactive topology discovery and can be used as either as a stand-alone protocol or as a part of Hybrid routing framework when combined with a reactive protocol [117].

To function effectively without central key management authority, SLSP enables each node to periodically broadcast its public key to nodes within its zone. In addition each node also broadcasts signed HELLO messages containing its medium access control address and IP address pair to its neighbors. The distribution of medium access control address strengthens the scheme by forbidding nodes from spoofing at the data link layer.

To achieve theses goals a Neighbor Lookup Protocol (NLP) is made an integral part of SLSP.

The NLP is responsible for the following tasks.

Maintaining a mapping of MAC and IP layer addresses of the node's neighbors.

Identify potential discrepancies, such as the use of multiple IP addresses by a single data-link interface.

Measuring the rates at which control packets are received from each neighbor by differentiating the traffic primarily based on MAC address. This rate of incoming control packets helps in discarding nodes which maliciously seek to exhaust network resources.

The key features are:

SLSP can operate in the networks of recurrently changing topology and memberships.

SLSP is resilient against individual attackers and is capable of altering its range between local and network wide topology discovery.

SLSP employs a round robin servicing mechanism to provide the assurance the benign control traffic will be relayed even under clogging DoS attacks.

In summary Reactive protocols set up routes between two nodes only when there is a need to send actual traffic between those two nodes. Nodes using reactive routing protocols usually accomplish that by flooding the network with route request messages requesting information on the route from the source to destination. These request messages originate at the source and are flooded through out the network when the source needs to send data to the destination. Eventually the destination (or a node that has recently communicated with the destination) receives the route request message and responds to it with the necessary path information.

Proactive protocols are mostly concerned with minimizing the initial delay that data traffic experiences in reaching the destination from the source. Since the routes are established before there is a need to send traffic between the source and destination, there is no need to discover the route when data traffic actually needs to be sent. Therefore the traffic doesn't get delayed initially while waiting for the route establishment. On the contrary, reactive routing protocols result in traffic being delayed because the route needs to be discovered before the data can be routed. This delay only happens the first time that traffic between the source and destination needs to be routed. After that routes are established and do not need to be recreated until there are node movements or link failures resulting in route changes.

The problem with proactive protocols is that they generate lot of routing overhead. This is especially so when there are frequent topology changes. This is highly inefficient when there are routing updates for routes that carry traffic rarely. A reactive protocol is much more appropriate for such situations since it generates significantly lower overhead in terms of bandwidth used. In fact reactive routing protocols reduce (or eliminate) routing overhead in periods or areas of the network where there is little data traffic.

It can be inferred from the above descriptions that the routing function in ad hoc networks is a cooperative function where all nodes in the network cooperate with each other. As a result, it would be easy for an adversary to launch attacks on the routing protocols used in such networks. Most routing disruption attacks are caused by modification of the routing data. In order to prevent such attacks, it is necessary for a node that receives routing information to verify the origin and integrity of the routing data. The various proposals to secure routing in ad hoc networks mainly focus on providing mechanisms to perform this verification. The secure routing protocols are all extensions of well-known routing protocols.

1.8 Motivations

In this section, motivations for choosing this problem as a thesis project are explained. Computer scientists work mostly as theorists, researchers, or inventors and apply their higher level of theoretical knowledge and innovation to complex problems. New secure routing protocols, defense mechanisms enable mobile ad hoc networks to be widely used in the world. The results of these studies, technological impossibilities help to focus on new issues in routing. In this highly interactive environment, security concerns help to design new protocols or extend the functionality of existing protocols to provide stability in ad hoc networks

Much of the research on MANETs has focused on simulation and test bed studies, while plans for actual deployment of large-scale MANETs remain limited primarily to military and single-vendor public safety applications. There is uncertainty, in fact, as to whether a large-scale distributed ad hoc network created with hardware and software from many different vendors and controlled by many different administrative entities is even viable. The emergence of software-defined radios and, eventually, cognitive radios, may bring efficiencies in the use of spectrum and ultimately yield greater throughput.

Many researches have been done to evaluate the performance of secure routing protocols in comparison with normal routing protocols. One of the objectives of this research is to examine the additional cost of adding a security feature into non-secure routing protocols in various scenarios. The additional cost includes delay in packet transmission, the low rate of data packets over the total packets sent, etc. The networking environment in wireless schemes makes the routing protocols vulnerable to attacks ranging from passive eavesdropping to active attacks such as impersonation, message replay, message littering, network partitioning, etc. Eavesdropping is a threat to confidentiality and active attacks are threats to integrity, authentication, non-repudiation and availability. The mobility of nodes in an ad hoc environment with poor physical protection is vulnerable and they may be compromised. Once the nodes are compromised, they can be used as starting points to launch attacks against the routing protocols. In general, the attacks on routing protocols can generally be classified as routing disruption attacks and resource consumption attacks. In routing disruption attacks, the attacker tries to disrupt the routing mechanism by routing packets in wrong paths; in resource consumption attacks, some non-cooperative or selfish nodes may try to inject false packets in order to consume network bandwidth. Both of these attacks are examples of Denial of Service (DoS) attacks.

Aspects to consider, in order to guarantee the validity of the results, would be (amongst others) the type of nodes that will be used in the field, the nodes' available resources (such as processing power, memory, battery life, physical size etc.), expected mobility of the users, the users network traffic profile, the number of users participating in the network, the users' behavioral patterns and the worst case networking environment.

In the big picture, the project involves study on vulnerabilities, analysis of different routing attacks, defense mechanisms needed to overcome the present difficulties in routing and key management and also issues related to bandwidth. When all these components come together, the career possibilities can be seen easily which makes this present work challenging and interesting.