04-09-2012, 05:25 PM
On Vulnerability and Protection of Ad Hoc On-demand Distance Vector Protocol
date.PDF (Size: 86.67 KB / Downloads: 22)
Abstract
Vulnerabilities and the attacks on Ad Hoc Ondemand
Distance Vector (AODV) protocol are investigated and
studied via analysis and simulation. The attacks are classified
by their target properties. The analysis shows that the ondemand
route query enables the malicious host to conduct real
time attacks on AODV. False distance vector and false destination
sequence attacks are studied by simulation. Two connection
scenarios: common destination and uniformly distributed
traffic load are considered. The delivery ratio, attack overhead,
and the propagation of false routes are measured by varying
the number of connections and the mobility of the hosts. The
simulation results illustrate that the attacker can confuse the
network connectivity with false routes and lead to a decrease
up to 75% in the delivery ratio. When the hosts are uniformly
distributed, the false distance vector attacks can not cheatmore
than half of the hosts. But the false destination sequence routes
can propagate to most of the network.
INTRODUCTION
Amobile Ad Hoc network is a collection of wireless hosts
that can be rapidly deployed as a multi-hop packet radio
network without the aid of any established infrastructure or
centralized administration [1]. Such networks can be used to
enable next generation of battlefield applications envisioned
by the military [2], including situation awareness systems
for maneuvering war fighters, and remotely deployed unmanned
micro-sensor networks. Ad Hoc networks can provide
communication for civilian applications, such as disaster
recovery and message exchanges among medical and
security personnel involved in rescue missions.
DESCRIPTION OF AODV
AODV is a reactive protocol that determines routes solely
on-demand. It is based on the distance vector technology.
The hosts only know the next hop to every destination.
When a source host wants to send packets to the destination
and cannot get the routes fromits routing table, it will broadcast
a Route Request (RREQ). The receivers may establish
the routes back to the source host through the paths that they
get the RREQ. If the receiver has an active route to the destination,
it will unicast a Route Reply (RREP) back to the
source. Otherwise, the RREQ will be re-broadcast further. If
a reply is sent, all hosts along that path may record the route
to the destination through this packet. Because there may
exist multiple exclusive paths between two hosts, a mobile
host can receive the same RREQ more than once. To prevent
the same request from being broadcast repeatedly, every request
is uniquely identified by a
Host ID, Broadcast ID
couple. Every host keeps a record for the RREQs that hav e
been processed. The mobile hosts send out the Route Error
(RERR) packets to their neighbors to report broken paths
and activate the route re-discovery procedure
RELATED WORK
Research in both theoretical analysis and project development
is underway to investigate the security of Ad Hoc
networks and to establish IDS. The efforts in securing communication
for wireless networks are also relevant to our
work.
Zhang and Lee studied the security characteristics of Ad
Hoc networks. They identify the difficulties in applying current
IDS to the wireless environments [16]. They presented
a generic multi-layer integrated IDS infrastructure for the
Ad Hoc networks. But solutions to some critical problems
remain. How to efficiently collect the patterns of attacks
and how to safely distribute the intrusion detection results to
individual host need further research. Bhargavan, Zhou and
Haas explored the security issues of wireless LANs [17] and
Ad Hoc networks [18]. They summarized the primary problems
to achieve security and the challenges to the routing
protocols.
CONCLUSIONS
The security of the Ad Hoc network routing protocols
is still an open problem and deserves more research work.
This paper studies the vulnerabilities and attacks on one of
the protocols – AODV. The analysis shows that although
AODV provides fair performance with reasonable overhead
and provides adaptability to both traffic load and host mobility,
the on-demand property allows the malicious host to attack
the network in real time with flexibility. It is difficult to
locate the sources of the false information. The attacks may
lead to the confusion on network connectivity or exhaustion
of the limited bandwidth, thus degrading the performance of
the networks. The simulation has shown that the attacks can
drastically lower the delivery ratio and cheat a considerable
part of the hosts with false routes.