01-07-2014, 02:42 PM
EAACK—A Secure Intrusion-Detection System for MANETs
[attachment=65523]
Abstract
The migration to wireless network from wired network
has been a global trend in the past few decades. The mobility
and scalability brought by wireless network made it possible in
many applications. Among all the contemporary wireless networks,
Mobile Ad hoc NETwork (MANET) is one of the most
important and unique applications. On the contrary to traditional
network architecture, MANET does not require a fixed network
infrastructure; every single node works as both a transmitter and
a receiver. Nodes communicate directly with each other when they
are both within the same communication range. Otherwise, they
rely on their neighbors to relay messages. The self-configuring
ability of nodes inMANETmade it popular among criticalmission
applications like military use or emergency recovery. However,
the open medium and wide distribution of nodes make MANET
vulnerable to malicious attackers. In this case, it is crucial to
develop efficient intrusion-detection mechanisms to protect
MANET from attacks. With the improvements of the technology
and cut in hardware costs, we are witnessing a current trend of
expanding MANETs into industrial applications. To adjust to such
trend, we strongly believe that it is vital to address its potential
security issues. In this paper, we propose and implement a new
intrusion-detection system named Enhanced Adaptive ACKnowledgment
(EAACK) specially designed for MANETs. Compared
to contemporary approaches, EAACK demonstrates higher malicious-
behavior-detection rates in certain circumstances while does
not greatly affect the network performances
INTRODUCTION
By definition, Mobile Ad hoc NETwork (MANET) is a
collection of mobile nodes equipped with both a wireless
transmitter and a receiver that communicate with each other
via bidirectional wireless links either directly or indirectly.
Industrial remote access and control via wireless networks are
becoming more and more popular these days [35]. One of the
major advantages of wireless networks is its ability to allow
data communication between different parties and still maintain
their mobility. However, this communication is limited to
the range of transmitters. This means that two nodes cannot
communicate with each other when the distance between the
two nodes is beyond the communication range of their own.
MANET solves this problem by allowing intermediate parties
to relay data transmissions. This is achieved by dividing
MANET into two types of networks, namely, single-hop and
multihop. In a single-hop network, all nodes within the same
radio range communicate directly with each other. On the other
hand, in a multihop network, nodes rely on other intermediate
nodes to transmit if the destination node is out of their radio
range. In contrary to the traditional wireless network, MANET
has a decentralized network infrastructure. MANET does not
require a fixed infrastructure; thus, all nodes are free to move
randomly [10], [27], [29]. MANET is capable of creating a
self-configuring and self-maintaining network without the help
of a centralized infrastructure, which is often infeasible in
critical mission applications like military conflict or emergency
recovery. Minimal configuration and quick deployment make
MANET ready to be used in emergency circumstances where
an infrastructure is unavailable or unfeasible to install in scenarios
like natural or human-induced disasters, military conflicts,
and medical emergency situations
IDS in MANETs
routing protocols, nodes in MANETs assume that other nodes
always cooperate with each other to relay data. This assumption
leaves the attackers with the opportunities to achieve significant
impact on the network with just one or two compromised
nodes. To address this problem, an IDS should be added to
enhance the security level of MANETs. If MANET can detect
the attackers as soon as they enter the network, we will be
able to completely eliminate the potential damages caused by
compromised nodes at the first time. IDSs usually act as the
second layer in MANETs, and they are a great complement
to existing proactive approaches [27]. Anantvalee and Wu [4]
presented a very thorough survey on contemporary IDSs in
MANETs. In this section, we mainly describe three existing
approaches, namely, Watchdog [17], TWOACK [15], and
Adaptive ACKnowledgment (AACK) [25].
Digital Signature
Digital signatures have always been an integral part of cryptography
in history. Cryptography is the study of mathematical
techniques related to aspects of information security such as
confidentiality, data integrity, entity authentication, and data
origin authentication [18]. The development of cryptography
technique has a long and fascinating history. The pursuit of
secure communication has been conducted by human being
since 4000 years ago in Egypt, according to Kahn’s book
[30] in 1963. Such development dramatically accelerated since
the World War II, which some believe is largely due to the
globalization process
PROBLEM DEFINITION
Our proposed approach EAACK is designed to tackle three
of the six weaknesses of Watchdog scheme, namely, false
misbehavior, limited transmission power, and receiver collision.
In this section, we discuss these three weaknesses in detail.
SCHEME DESCRIPTION
In this section, we describe our proposed EAACK scheme in
detail. The approach described in this research paper is based
on our previous work [12], where the backbone of EAACK was
proposed and evaluated through implementation. In this paper,
we extend it with the introduction of digital signature to prevent
the attacker from forging acknowledgment packets.
EAACK is consisted of three major parts, namely, ACK,
secure ACK (S-ACK), and misbehavior report authentication
(MRA). In order to distinguish different packet types in different
schemes, we included a 2-b packet header in EAACK.
According to the Internet draft of DSR [11], there is 6 b
reserved in the DSR header. In EAACK, we use 2 b of the 6 b
to flag different types of packets. Details are listed in Table I.
Fig. 7 (shown later) presents a flowchart describing the
EAACK scheme. Please note that, in our proposed scheme,
we assume that the link between each node in the network is
bidirectional. Furthermore, for each communication process,
both the source node and the destination node are not malicious.
Unless specified, all acknowledgment packets described in this
research are required to be digitally signed by its sender and
verified by its receiver
Simulation Methodologies
To better investigate the performance of EAACK under
different types of attacks, we propose three scenario settings
to simulate different types of misbehaviors or attacks.
Scenario 1: In this scenario, we simulated a basic packetdropping
attack. Malicious nodes simply drop all the packets
that they receive. The purpose of this scenario is to test the
performance of IDSs against two weaknesses of Watchdog,
namely, receiver collision and limited transmission power.
Scenario 2: This scenario is designed to test IDSs’ performances
against false misbehavior report. In this case, malicious
nodes always drop the packets that they receive and send back
a false misbehavior report whenever it is possible.
CONCLUSION AND FUTURE WORK
Packet-dropping attack has always been a major threat to
the security in MANETs. In this research paper, we have
proposed a novel IDS named EAACK protocol specially designed
for MANETs and compared it against other popular
mechanisms in different scenarios through simulations. The
results demonstrated positive performances against Watchdog,
TWOACK, and AACK in the cases of receiver collision, limited
transmission power, and false misbehavior report.
Furthermore, in an effort to prevent the attackers from initiating
forged acknowledgment attacks, we extended our research
to incorporate digital signature in our proposed scheme. Although
it generates more ROs in some cases, as demonstrated
in our experiment, it can vastly improve the network’s PDR
when the attackers are smart enough to forge acknowledgment
packets.We think that this tradeoff is worthwhile when network
security is the top priority. In order to seek the optimal DSAs
in MANETs, we implemented both DSA and RSA schemes in
our simulation. Eventually, we arrived to the conclusion that the
DSA scheme is more suitable to be implemented in MANETs.
To increase the merits of our research work, we plan to
investigate the following issues in our future research:
[attachment=65523]
Abstract
The migration to wireless network from wired network
has been a global trend in the past few decades. The mobility
and scalability brought by wireless network made it possible in
many applications. Among all the contemporary wireless networks,
Mobile Ad hoc NETwork (MANET) is one of the most
important and unique applications. On the contrary to traditional
network architecture, MANET does not require a fixed network
infrastructure; every single node works as both a transmitter and
a receiver. Nodes communicate directly with each other when they
are both within the same communication range. Otherwise, they
rely on their neighbors to relay messages. The self-configuring
ability of nodes inMANETmade it popular among criticalmission
applications like military use or emergency recovery. However,
the open medium and wide distribution of nodes make MANET
vulnerable to malicious attackers. In this case, it is crucial to
develop efficient intrusion-detection mechanisms to protect
MANET from attacks. With the improvements of the technology
and cut in hardware costs, we are witnessing a current trend of
expanding MANETs into industrial applications. To adjust to such
trend, we strongly believe that it is vital to address its potential
security issues. In this paper, we propose and implement a new
intrusion-detection system named Enhanced Adaptive ACKnowledgment
(EAACK) specially designed for MANETs. Compared
to contemporary approaches, EAACK demonstrates higher malicious-
behavior-detection rates in certain circumstances while does
not greatly affect the network performances
INTRODUCTION
By definition, Mobile Ad hoc NETwork (MANET) is a
collection of mobile nodes equipped with both a wireless
transmitter and a receiver that communicate with each other
via bidirectional wireless links either directly or indirectly.
Industrial remote access and control via wireless networks are
becoming more and more popular these days [35]. One of the
major advantages of wireless networks is its ability to allow
data communication between different parties and still maintain
their mobility. However, this communication is limited to
the range of transmitters. This means that two nodes cannot
communicate with each other when the distance between the
two nodes is beyond the communication range of their own.
MANET solves this problem by allowing intermediate parties
to relay data transmissions. This is achieved by dividing
MANET into two types of networks, namely, single-hop and
multihop. In a single-hop network, all nodes within the same
radio range communicate directly with each other. On the other
hand, in a multihop network, nodes rely on other intermediate
nodes to transmit if the destination node is out of their radio
range. In contrary to the traditional wireless network, MANET
has a decentralized network infrastructure. MANET does not
require a fixed infrastructure; thus, all nodes are free to move
randomly [10], [27], [29]. MANET is capable of creating a
self-configuring and self-maintaining network without the help
of a centralized infrastructure, which is often infeasible in
critical mission applications like military conflict or emergency
recovery. Minimal configuration and quick deployment make
MANET ready to be used in emergency circumstances where
an infrastructure is unavailable or unfeasible to install in scenarios
like natural or human-induced disasters, military conflicts,
and medical emergency situations
IDS in MANETs
routing protocols, nodes in MANETs assume that other nodes
always cooperate with each other to relay data. This assumption
leaves the attackers with the opportunities to achieve significant
impact on the network with just one or two compromised
nodes. To address this problem, an IDS should be added to
enhance the security level of MANETs. If MANET can detect
the attackers as soon as they enter the network, we will be
able to completely eliminate the potential damages caused by
compromised nodes at the first time. IDSs usually act as the
second layer in MANETs, and they are a great complement
to existing proactive approaches [27]. Anantvalee and Wu [4]
presented a very thorough survey on contemporary IDSs in
MANETs. In this section, we mainly describe three existing
approaches, namely, Watchdog [17], TWOACK [15], and
Adaptive ACKnowledgment (AACK) [25].
Digital Signature
Digital signatures have always been an integral part of cryptography
in history. Cryptography is the study of mathematical
techniques related to aspects of information security such as
confidentiality, data integrity, entity authentication, and data
origin authentication [18]. The development of cryptography
technique has a long and fascinating history. The pursuit of
secure communication has been conducted by human being
since 4000 years ago in Egypt, according to Kahn’s book
[30] in 1963. Such development dramatically accelerated since
the World War II, which some believe is largely due to the
globalization process
PROBLEM DEFINITION
Our proposed approach EAACK is designed to tackle three
of the six weaknesses of Watchdog scheme, namely, false
misbehavior, limited transmission power, and receiver collision.
In this section, we discuss these three weaknesses in detail.
SCHEME DESCRIPTION
In this section, we describe our proposed EAACK scheme in
detail. The approach described in this research paper is based
on our previous work [12], where the backbone of EAACK was
proposed and evaluated through implementation. In this paper,
we extend it with the introduction of digital signature to prevent
the attacker from forging acknowledgment packets.
EAACK is consisted of three major parts, namely, ACK,
secure ACK (S-ACK), and misbehavior report authentication
(MRA). In order to distinguish different packet types in different
schemes, we included a 2-b packet header in EAACK.
According to the Internet draft of DSR [11], there is 6 b
reserved in the DSR header. In EAACK, we use 2 b of the 6 b
to flag different types of packets. Details are listed in Table I.
Fig. 7 (shown later) presents a flowchart describing the
EAACK scheme. Please note that, in our proposed scheme,
we assume that the link between each node in the network is
bidirectional. Furthermore, for each communication process,
both the source node and the destination node are not malicious.
Unless specified, all acknowledgment packets described in this
research are required to be digitally signed by its sender and
verified by its receiver
Simulation Methodologies
To better investigate the performance of EAACK under
different types of attacks, we propose three scenario settings
to simulate different types of misbehaviors or attacks.
Scenario 1: In this scenario, we simulated a basic packetdropping
attack. Malicious nodes simply drop all the packets
that they receive. The purpose of this scenario is to test the
performance of IDSs against two weaknesses of Watchdog,
namely, receiver collision and limited transmission power.
Scenario 2: This scenario is designed to test IDSs’ performances
against false misbehavior report. In this case, malicious
nodes always drop the packets that they receive and send back
a false misbehavior report whenever it is possible.
CONCLUSION AND FUTURE WORK
Packet-dropping attack has always been a major threat to
the security in MANETs. In this research paper, we have
proposed a novel IDS named EAACK protocol specially designed
for MANETs and compared it against other popular
mechanisms in different scenarios through simulations. The
results demonstrated positive performances against Watchdog,
TWOACK, and AACK in the cases of receiver collision, limited
transmission power, and false misbehavior report.
Furthermore, in an effort to prevent the attackers from initiating
forged acknowledgment attacks, we extended our research
to incorporate digital signature in our proposed scheme. Although
it generates more ROs in some cases, as demonstrated
in our experiment, it can vastly improve the network’s PDR
when the attackers are smart enough to forge acknowledgment
packets.We think that this tradeoff is worthwhile when network
security is the top priority. In order to seek the optimal DSAs
in MANETs, we implemented both DSA and RSA schemes in
our simulation. Eventually, we arrived to the conclusion that the
DSA scheme is more suitable to be implemented in MANETs.
To increase the merits of our research work, we plan to
investigate the following issues in our future research: