26-07-2012, 02:56 PM
A NOVEL ROUTING ATTACK IN MOBILE AD HOC NETWORKS
A NOVEL ROUTING ATTACK IN MOBILE AD HOC NETWORKS.pdf (Size: 576.41 KB / Downloads: 46)
Abstract
Mobile ad hoc networks will often be deployed in environments where the nodes of the networks are unattended and have little or no physical
protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are particularly
vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack
and its defense in ad hoc networks. The new DOS attack, called Ad Hoc Flooding Attack (AHFA), can result in denial of service when
used against on-demand routing protocols for mobile ad hoc networks, such as AODV, DSR. The intruder broadcasts mass Route Request
packets to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. After analyzed Ad Hoc
Flooding Attack, we develop Flooding Attack Prevention (FAP), a generic defense against the Ad Hoc Flooding Attack in mobile ad hoc
networks. When the intruder broadcasts exceeding packets of Route Request, the immediate neighbors of the intruder record the rate of
Route Request. Once the threshold is exceeded, nodes deny any future request packets from the intruder. The results of our implementation
show FAP can prevent the Ad Hoc Flooding attack efficiently.
Keywords: Mobile Ad Hoc Networks, Routing Protocol, Security, Denial Of Service, Ad Hoc Flooding Attack
I. Introduction
Mobile Ad hoc Network is an autonomous system of mobile nodes connected by wireless links. Each node
operates not only as an end-system, but also as a router to forward packets. The nodes are free to move about and
organize themselves into a network. Mobile ad hoc networks does not require any fixed infrastructure such as
base stations, therefore, it is an attractive networking option for connecting mobile devices quickly and
spontaneously, such as military applications, emergent operations, personal electronic device networking, and
civilian applications like an ad-hoc meeting or an ad-hoc classroom.
The mobile ad hoc networks have several salient characteristics, such as Dynamic topologies,
Bandwidth-constrained, variable capacity links, Energy-constrained operation, Limited physical security [1].
Due to these features, mobile ad hoc networks are particularly vulnerable to denial of service attacks launched
through compromised node.
In this paper, we present a new attack, the Ad Hoc Flooding Attack, which results in denial of service
when used against all previously on on-demand ad hoc networks routing protocols. In this attack, the attacker
either broadcasts a lot of Route Request packets for node ID who is not in networks so as to congest in links.
To defend routing protocols against the Ad Hoc Flooding attack, we develop a generic secure component, called
Flooding Attack Prevention (FAP), which can be applied to AODV routing protocol to allow that protocol to
resist the rushing attack.
Our main contributions in this paper are the presentation of the Ad Hoc Flooding Attack (AHFD), the
development and analysis of our new secure solution that demonstrates that it is possible to secure against the
Ad Hoc Flooding Attack, and a general design that uses this component to resist the Ad Hoc Flooding Attack.
In wired network, there is flooding attack, too. It is popularly called SYN flooding attack. It works by an
attacker sending many TCP connection requests with spoofed source addresses to a victim’s machine. Each
request causes the targeted host to instantiate data structures out of a limited pool of resources. Once the target
host’s resources are exhausted, no more incoming TCP connections can be established, thus denying further
legitimate access [2][3][4][5]. The goal of SYN flooding attack is to exhaust the resource of victim host. The Ad
Hoc Flooding Attack in this paper is to consume and exhaust the resource of the whole network and it does not
attack some node. The SYN flooding attack is launched at transport layer and the Ad Hoc Flooding Attack is
launched at network layer. The rest of the paper is organized as follows.
Section 2 provides an overview of related work. Section 3 addresses the model of Ad Hoc Flooding
ISSN : 0976-5166 382
Nallamala Sri Hari et. al. / Indian Journal of Computer Science and Engineering
Vol. 1 No. 4 382-391
Attack to mobile ad hoc network. Section 4 describes our approach to resist the Ad Hoc Flooding Attack. In
section 5, we present the simulation experiments. And section 6 concludes the paper.
This document is a template for papers submitted to International Journal of Information Technology. If your
paper is intended to this journal, please observe this format. Do not change the fonts or line spacing to squeeze
more text into a limited number of pages.
II. Related Work
The papers of mobile ad hoc networks security can be classified in three categories: key management, secure
network routing, and intrusion detection. Capkun, Buttyan and Hubaux propose a fully self- organized public
key management system that can be used to support security of ad hoc network routing protocols[6]. Zhou and
Hass first proposed to use threshold cryptography to securely distribute the Certificate Authority private
key over multiple nodes to form a collective CA service[7]. Routing security has been most noted by its
absence early in the discussion and research on ad hoc routing protocols. Since then several ad hoc routing
protocols that include some security services have been proposed: SRP[8], Ariadne[9], ARAN[10], SEAD[11].
SRP[8] assumes the existence of shared secrets between all pairs of communicating nodes and leverages this
for MAC authentication, such that fake route requests are not accepted at the destination and routes set in route
replies cannot be modified. In Ariadne[9], end-to-end authentications are got by one-way hash chain and MAC
authentication. ARAN[10] relies on public key certificates to retain hop-by-hop authentications. SEAD[11]
use elements from a one-way hash chain to provide authentication for both the sequence number and the metric
in each entry. Yongguang Zhang developed an Intrusion Detection architecture and evaluated a key mechanism
in this architecture, anomaly detection for mobile ad-hoc networks [12]. Yih-Chun Hu presents Rushing
Attack[13], which is that an attacker that can forward ROUTE REQUESTs more quickly than legitimate nodes
can do so, can increase the probability that routes that include the attacker will be discovered rather than other
valid routes. The above secure protocols are not able to prevent the Ad Hoc Flooding Attack in mobile ad hoc
network, because the attacker is compromised node who owns legitimate key.
To prevent SYN flooding attack in Internet, a lot of solution approaches have been presented so far. They can
be roughly categorized as: firewall and router filtering, operating system improvements, and protocol
improvements. Firewalls are already being used to monitor packet traffic, and protect systems from malicious
access. As a countermeasure to flooding attacks, Schuba et al. mentions that firewalls can be configured as a relay,
or as a semi-transparent gateway [2]. In RFC 2267, Ferguson and Senie described network ingress filtering that
can prevent attackers from using forged source addresses to launch a denial of service (DOS) attack [14].
Solaris/SUN has considered implementing several OS revisions to handle DOS attacks. An information
bulletin announced that SUN considered using priority queues to grant requests originating from addresses
that have given successful handshakes in the past [15]. Aura and Nikander described weaknesses of state
protocols, and methods to change state protocols into stateless ones. State protocols have an upper limit on
number of simultaneous connections, because there is a limited space available for storing connection
state information. When this limited space is exhausted, new connections are refused. To remedy this, the state
information is stored on the client rather than on the server [16]. The above solutions are designed to prevent
SYN flooding attack in wire network. They can not hold back Flood Attack in mobile ad hoc network, because
the mechanism of the Flood Attack is different from the SYN flooding attack.
III. The Model of Ad Hoc Flooding Attack
We introduce here a new attack, which we call the Ad Hoc Flooding Attack, which acts as an effective
denial-of-service attack against all currently proposed on-demand ad hoc network routing protocols, including
protocols that were designed to be secure. In particular, existing on-demand routing protocols, such as DSR
[17], AODV [18], LAR [19], and some secure routing protocols, such as SRP [8], Ariadne [9], ARAN [10],
SAODV [20][21], can not be immune from the Ad Hoc Flooding Attack. We now describe the Ad Hoc
Flooding Attack in terms of its effect on the operation of AODV [18]. Other protocols such as DSR [17],
Ariadne [9], SAODV [20], and ARAN [10] are vulnerable in the same way.
A. Overview of AODV routing protocol
In AODV, path discovery is entirely on-demand. When a source node needs to send packets to a
ISSN : 0976-5166 383
Nallamala Sri Hari et. al. / Indian Journal of Computer Science and Engineering
Vol. 1 No. 4 382-391
destination to which it has no available route, it broadcasts a RREQ (Route Request) packet to its neighbors.
Each node maintains a monotonically increasing sequence number to ensure loop free routing and supersede
stale route cache. The source node includes the known sequence number of the destination in the RREQ
packet. The intermediate node receiving a RREQ packet checks its route table entries. If it possesses a route
toward the destination with greater sequence number than that in the RREQ packet, it unicasts a RREP (Route
Reply) packet back to its neighbor from which it received the RREQ packet. Otherwise, it sets up the reverse
path and then rebroadcasts the RREQ packet. Duplicate RREQ packets received by one node are silently
dropped. This way, the RREQ packet is flooded in a controlled manner in the network, and it will
eventually arrive at the destination itself or a node that can supply a fresh route to the destination, which will
generate the RREP packet.
As the RREP packet is propagated along the reverse path to the source, the intermediate nodes
update their routing tables using distributed Bellman-Ford algorithm with additional constraint on the
sequence number, and set up the forward path.
AODV also includes the path maintenance mechanism to handle the dynamics in the network topology.
Link failures can be detected by either periodic beacons or link layer acknowledgments, such as those provided
by 802.11 MAC protocol. Once a link is broken, an unsolicited RRER packet with a fresh sequence number and
infinite hop count is propagated to all active source nodes that are currently using this link. When the source node
receives the notification of a broken link, it may restart the path discovery process if it still needs a route to the
destination.
B. Ad Hoc Flooding Attack
Flooding RREQ packets in the whole network will consume a lot of resource of network. To reduce congestion
in a network, the AODV protocol adopts some methods. A node can not originate more than
RREQ_RATELIMIT RREQ messages per second. After broadcasting a RREQ, a node waits for a RREP. If a
route is not received within round-trip milliseconds, the node may try again to discover a route by broadcasting
another RREQ, up to a maximum of retry times at the maximum TTL value. Repeated attempts by a source
node at route discovery for a single destination must utilize a binary exponential backoff. The first time a source
node broadcasts a RREQ, it waits round- trip time for the reception of a RREP. If a RREP is not received within
that time, the source node sends a new RREQ. When calculating the time to wait for the RREP after sending the
second RREQ, the source node MUST use a binary exponential backoff.
Hence, the waiting time for the RREP corresponding to the second RREQ is 2 * round-trip time. The
RREQ packets are broadcast in an incrementing ring to reduce the overhead caused by flooding the whole
network. The packets are flooded in a small area (a ring) first defined by a starting TTL (time-to-live) in the IP
headers. After RING TRAVERSAL TIME, if no RREP has been received, the flooded area is enlarged by
increasing the TTL by a fixed value. The procedure is repeated until an RREP is received by the originator of
the RREQ, i.e., the route has been found.
In the Ad Hoc Flooding Attack, the attack node violates the above rules to exhaust the network resource.
Firstly, the attacker selects many IP addresses which are not in the networks if he knows the scope of IP address
in the networks. Because no node can answer RREP packets for these RREQ, the reverse route in the route table
ISSN : 0976-5166 384
Nallamala Sri Hari et. al. / Indian Journal of Computer Science and Engineering
Vol. 1 No. 4 382-391
of node will be conserved for longer. The attacker can select random IP addresses if he can not know scope of
IP address. Secondly, the attacker successively originates mass RREQ messages for these void IP addresses.
The attacker tries to send excessive RREQ without considering RREQ_RATELIMIT within per second. The
attacker will resend the RREQ packets without waiting for the RREP or round-trip time, if he uses out these IP
addresses. The TTL of RREQ is set up to a maximum without using expanding ring search method. In the
Flooding Attacks, the whole network will be full of RREQ packets which the attacker sends. The
communication bandwidth is exhausted by the flooded RREQ packets and the resource of nodes is exhausted at
the same time. For example, the storage of route table is limited. If mass RREQ packets are coming to the node in
a little time, the storage of route table in the node will exhaust so that the node can not receive new RREQ
packet. As a result, the legitimate nodes can not set up paths to send data. Figure 1 shows that an example of
RREQ Flooding Attack. Node H is attacker and it floods mass RREQ packets all over the networks so that the
other nodes can not build paths with each other.
C. Comparison between Ad Hoc Flooding Attack and SYN Flooding Attack
The SYN flooding attacks exploit the three-way handshake mechanism in TCP/IP protocol and its limitation
in maintaining half-open connections. When a server receives a SYN request, it returns a SYN/ACK packet to
the client. Until the SYN/ACK packet is acknowledged by the client, the connection remains in half-open
state for a period of up to the TCP connection timeout, which is typically set to 75 seconds. The server has
built in its system memory a backlog queue to maintain all half-open connections. Since this backlog queue is of
finite size, once the backlog queue limit is reached, all connection requests will be dropped. If a SYN request is
spoofed, the victim server will never receive the final ACK packet to complete the three-way handshake.
Flooding spoofed SYN requests can easily exhaust the victim backlog queue of server, causing all the
incoming SYN requests to be dropped.
We compare between SYN Flooding Attack and Ad Hoc Flooding Attack in table1. The common goal of
two attacks is denial of service. But they are different in attack method, victim, protocol and so on. Therefore, the
Ad Hoc Flooding Attack is a new attack model in mobile ad hoc networks.