07-07-2012, 10:07 AM
wireless adhoc network
[attachment=27028]
1. Introduction
Ad hoc networks are a new paradigm of wireless communication for mobile hosts (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology. Figure 1.1 shows such an example: initially, nodes A and D have a direct link between them. When D moves out of A’s radio range, the link is broken. However, the network is still connected, because A can reach D through C, E, and F. Military tactical operations are still the main application of ad hoc networks today. For example, military units (e.g., soldiers, tanks, or planes), equipped with wireless communication devices, could form an ad hoc network when they roam in a battlefield. Ad hoc networks can also be used for emergency, law enforcement, and rescue missions. Since an ad hoc network can be deployed rapidly with relatively low cost, it becomes an attractive option for commercial uses such as sensor networks or virtual classrooms.
Figure 1.1 Topology change in ad hoc networks: nodes A, B, C, D, E, and F constitute an ad hoc network. The circle represents the radio range of node A. The network initially has the topology in (a), when node D moves out of the radio range of A, the network topology changes to the one in
1.1 Ad-hoc network
An ad-hoc network is a self-configuring network of wireless links connecting mobile nodes. These nodes may be routers and/or hosts. The mobile nodes communicate directly with each other and without the aid of access points, and therefore have no fixed infrastructure. They form an arbitrary topology, where the routers are free to move randomly and arrange themselves as required.
Each node or mobile device is equipped with a transmitter and receiver. They are said to be purpose-specific, autonomous and dynamic. This compares greatly with fixed wireless networks, as there is no master slave relationship that exists in a mobile ad-hoc network. Nodes rely on each other to established communication, thus each node acts as a router. Therefore, in a mobile ad-hoc network, a packet can travel from a source to a destination either directly, or through some set of intermediate packet forwarding nodes. In a wireless world, dominated by Wi-Fi, architectures which mix mesh networking and ad-hoc connections are the beginning of a technology revolution based on their simplicity.
Ad hoc networks date back to the Seventies. They were developed by the Defense Forces, to comply with a military framework. The aim was to rapidly deploy a robust, mobile and reactive network, under any circumstances. These networks then proved useful in commercial and industrial fields, first aid operations and exploration missions. Ad hoc networks, also called peer-to-peer networks, still have a long way to go in order to be fully functional and commercial, as it has its defects such as security and routing which we will discuss further.
1.2 Self configuring and self healing process in wireless ad hoc network
Each node in the ad hoc network determine their adjacent nodes for communication, based on their signal strength, which is mainly related to distance, but is also affected by obstructions or interference. Some nodes may be beyond range; others may be detectable but have insufficient signal strength for reliable communications [1].
Once the available nodes are identified, this information is communicated to other nodes, along with information about the desired destination. Using the list of available connections, the network configuration algorithm selects a particular routing for each user to its destination. This process requires system operation software to have good decision-making algorithms, based on practical criteria for signal strength, path reliability over time, and network configuration patterns.
Over time, or even near-continuously, the network will change. Users may come and go, nodes may be in motion, or changes in the electromagnetic environment may alter the propagation between nodes. As these changes take place, the network will update its configuration and identify new paths from users to destinations. This type of reconfiguration will be repeated over and over as the network changes. This is the same process used in the Internet, where system loading and hardware issues require redirection of a user’s data through different routers.
Fig1.3 Creation and adoption of Ad-hoc network. a) Determination of available nodes, b) Selection of optimal routing, c) Reconfiguration when the network makeup changes.
2. Security goals in ad-hoc network
Security is an important issue for ad hoc networks, especially for those security-sensitive applications. To secure an ad hoc network, we consider the following attributes: availability, confidentiality, authentication and non-repudiation.
Availability ensures the survivability of network services despite denial of service attacks. A denial of service attack could be launched at any layer of an ad hoc network. Availability ensures that the service offered by the network will be available to the user when expected. On the physical and media access control layers, an adversary could employ jamming to interfere with communication on physical channels. On the network layer, an adversary could disrupt the routing protocol and disconnect the network. On the higher layers, an adversary could bring down high-level services. One such target is the key management service, an essential service for any security framework.
Confidentiality ensures that certain information is never disclosed to unauthorized entities. Network transmission of sensitive information, such as strategic or tactical military information, requires confidentiality. Leakage of such information to enemies could have devastating consequences. Routing information must also remain confidential in certain cases, because the information might be valuable for enemies to identify and to locate their targets in a battlefield.
Integrity guarantees that a message being transferred is never corrupted. A message could be corrupted because of benign failures, such as radio propagation impairment, or because of malicious attacks on the network.
Authentication enables a node to ensure the identity of the peer node it is communicating with. Without authentication, an adversary could masquerade a node, thus gaining unauthorized access to resource and sensitive information and interfering with the operation of other nodes.
Finally, non-repudiation ensures that the origin of a message cannot deny having sent a message. Non- repudiation is useful for detection and isolation of compromised nodes. When a node A receives an erroneous message form a node B, non-repudiation allows A to accuse B using this message and to convince other nodes that B is compromised.
There are other security goals (e.g., authorization) that are of concern to certain applications.
2.1 Secure Routing
The contemporary routing protocols for ad-hoc networks cope well with dynamically changing topology but are not designed to accommodate defense against malicious attackers. No single standard protocol. Capture common security threats and provide guidelines to secure routing protocol. Routers exchange network topology informally in order to establish routes between nodes - another potential target for malicious attackers who intend to bring down the network. External attackers - injecting erroneous routing info, replaying old routing info or distorting routing info in order to partition a network or overloading a network with retransmissions and inefficient routing. Internal compromised nodes - more severe detection and correction more difficult Routing info signed by each node won't work since compromised nodes can generate valid signatures using their private keys. Detection of compromised nodes through routing information is also difficult due to dynamic topology of Ad-hoc networks. It can make use of some properties of Ad-hoc networks to facilitate secure routing. Routing protocols for Ad-hoc networks must handle outdated routing information to accommodate dynamic changing topology. False routing information generated by compromised nodes can also be regarded as outdated routing information. As long as there are sufficient no. of valid nodes, the routing protocol should be able to bypass the compromised nodes, this however needs the existence of multiple, possibly disjoint routes between nodes. Routing protocol should be able to make use of an alternate route if the existing one appears to have faulted.
2.2 Vulnerabilities and Attacks in Ad-hoc Networks
2.2.1 Vulnerabilities
Operation in an ad hoc network introduces some new security problems in addition to the ones already present in fixed networks. Some new vulnerability includes the following.
Easy theft of nodes: Many nodes are expected to be small in size and thus vulnerable to theft. From a routing perspective this means that a node may easily become compromised. Thus, a previously well-behaving node can unexpectedly become hostile.
Vulnerability to tampering: This difficulty is related to the problem of easy theft. It must not be trivial for example to recover private keys from the device. A less stringent version of tamper proof is tamper evidence where it is only required that a tampered node can be distinguished from the rest.
Limited computational abilities: Nodes can be devices with limited computing power. This may exclude techniques such as frequent public key cryptography during normal operation. However, symmetric cryptography is likely to be feasible in authenticating or encrypting routing message exchanges.
Battery powered operation: Many devices in an ad hoc network are assumed to be battery powered. An attacker may attempt a denial-of-service attack by creating additional transmissions or expensive computations to be carried out by a node in an attempt to exhaust its batteries.
Transient nature of services and devices: Because an ad hoc network consists of nodes that may frequently move, the set of nodes that are connected to some particular Ad- hoc network frequently changes. This can create problems for example with key management if cryptography is used in the routing protocol.
2.2.2 Attacks
2.2.2.1 Passive attacks
In a passive attack, the attacker does not disrupt the operation of a routing protocol but only attempts to discover valuable information by listening to the routing traffic. The major advantage for the attacker in passive attacks is that in a wireless environment the attack is usually impossible to detect. This also makes defending against such attacks difficult. Furthermore, routing information can reveal relationships between nodes or disclose their IP addresses. If a route to a particular node is requested more often than to other nodes, the attacker might expect that the node is important for the functioning of the network, and disabling it could bring the entire network down. Other interesting information that is disclosed by routing data is the location of nodes. Even when it might not be possible to pinpoint the exact location of a node, one may be able to discover information about the network topology. It is worth noting that in an IP network one cannot defend against these attacks for example by only using IPSec. The packets still have most of their IP headers in plaintext, and it may not even be feasible to have symmetric keys distributed to every node in a network.
2.2.2.2 Active attacks
To perform an active attack the attacker must be able to inject arbitrary packets into the network. The goal may be to attract packets destined to other nodes to the attacker for analysis or just to disable the network. A major difference in comparison with passive attacks is that an active attack can sometimes be detected. This makes active attacks a less inviting option for most attackers. Yet, it may still be a real alternative when large amounts of money are at stake such as in commercial or military environments. Next we present some types of active attacks that can usually be easily performed against an ad hoc network.
Black hole: The black hole attack is briefly introduced in [3]. In the attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In a flooding based protocol such as AODV the attacker listens to requests for routes. When the attacker receives a request for a route to the target node, the attacker creates a reply where an extremely short route is advertised. If the malicious reply reaches the requesting node before the reply from the actual node, a forged route has been created. Once the malicious device has been able to insert itself between the communicating nodes, it is able to do anything with the packets passing between them. It can choose to drop the packets to perform a denial-of-service attack, or alternatively use its place on the route as the first step in a man-in-the-middle attack.
Routing table overflow: In a routing table overflow attack the attacker attempts to create routes to nonexistent nodes. The goal is to create enough routes to prevent new routes from being created or to overwhelm the protocol implementation. Proactive routing algorithms attempt to discover routing information even before it is needed while a reactive algorithm creates a route only once it is needed. This property appears to make proactive algorithms more vulnerable to table overflow attacks. An attacker can simply send excessive route advertisements to the routers
in a network. Reactive protocols, on the other hand, do not collect routing data in advance. For example in AODV, two or more malicious nodes would need to cooperate to create false data efficiently: The other node requests routes and the other one reply with forged addresses.
Sleep deprevation: The sleep deprevation torture is briefly introduced in. Usually, this attack is practical only in ad hoc networks, where battery life is a critical parameter. Battery powered devices try to conserve energy by transmitting only when absolutely necessary. An attacker can attempt to consume batteries by requesting routes, or by forwarding unnecessary packets to the node using, for example, a black hole attack. This attack is especially suitable against devices that do not offer any services to the network or offer services only to those who have some special credentials. Regardless of the properties of the services, a node must participate in the routing process unless it is willing to risk becoming unreachable to the network.
Location disclosure: A location disclosure attack can reveal something about the locations of nodes or the structure of the network. The information gained might reveal which other nodes are adjacent to the target, or the physical location of a node. The attack can be as simple as using an equivalent of the trace route command on UNIX systems. Routing messages are sent with inadequate hop-limit values and the addresses of the devices sending the ICMP error-messages are recorded. In the end, the attacker knows which nodes are situated on the route to the target node. If the locations of some of the intermediary nodes are known, one can gain information about the location of the target as well.
[attachment=27028]
1. Introduction
Ad hoc networks are a new paradigm of wireless communication for mobile hosts (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology. Figure 1.1 shows such an example: initially, nodes A and D have a direct link between them. When D moves out of A’s radio range, the link is broken. However, the network is still connected, because A can reach D through C, E, and F. Military tactical operations are still the main application of ad hoc networks today. For example, military units (e.g., soldiers, tanks, or planes), equipped with wireless communication devices, could form an ad hoc network when they roam in a battlefield. Ad hoc networks can also be used for emergency, law enforcement, and rescue missions. Since an ad hoc network can be deployed rapidly with relatively low cost, it becomes an attractive option for commercial uses such as sensor networks or virtual classrooms.
Figure 1.1 Topology change in ad hoc networks: nodes A, B, C, D, E, and F constitute an ad hoc network. The circle represents the radio range of node A. The network initially has the topology in (a), when node D moves out of the radio range of A, the network topology changes to the one in
1.1 Ad-hoc network
An ad-hoc network is a self-configuring network of wireless links connecting mobile nodes. These nodes may be routers and/or hosts. The mobile nodes communicate directly with each other and without the aid of access points, and therefore have no fixed infrastructure. They form an arbitrary topology, where the routers are free to move randomly and arrange themselves as required.
Each node or mobile device is equipped with a transmitter and receiver. They are said to be purpose-specific, autonomous and dynamic. This compares greatly with fixed wireless networks, as there is no master slave relationship that exists in a mobile ad-hoc network. Nodes rely on each other to established communication, thus each node acts as a router. Therefore, in a mobile ad-hoc network, a packet can travel from a source to a destination either directly, or through some set of intermediate packet forwarding nodes. In a wireless world, dominated by Wi-Fi, architectures which mix mesh networking and ad-hoc connections are the beginning of a technology revolution based on their simplicity.
Ad hoc networks date back to the Seventies. They were developed by the Defense Forces, to comply with a military framework. The aim was to rapidly deploy a robust, mobile and reactive network, under any circumstances. These networks then proved useful in commercial and industrial fields, first aid operations and exploration missions. Ad hoc networks, also called peer-to-peer networks, still have a long way to go in order to be fully functional and commercial, as it has its defects such as security and routing which we will discuss further.
1.2 Self configuring and self healing process in wireless ad hoc network
Each node in the ad hoc network determine their adjacent nodes for communication, based on their signal strength, which is mainly related to distance, but is also affected by obstructions or interference. Some nodes may be beyond range; others may be detectable but have insufficient signal strength for reliable communications [1].
Once the available nodes are identified, this information is communicated to other nodes, along with information about the desired destination. Using the list of available connections, the network configuration algorithm selects a particular routing for each user to its destination. This process requires system operation software to have good decision-making algorithms, based on practical criteria for signal strength, path reliability over time, and network configuration patterns.
Over time, or even near-continuously, the network will change. Users may come and go, nodes may be in motion, or changes in the electromagnetic environment may alter the propagation between nodes. As these changes take place, the network will update its configuration and identify new paths from users to destinations. This type of reconfiguration will be repeated over and over as the network changes. This is the same process used in the Internet, where system loading and hardware issues require redirection of a user’s data through different routers.
Fig1.3 Creation and adoption of Ad-hoc network. a) Determination of available nodes, b) Selection of optimal routing, c) Reconfiguration when the network makeup changes.
2. Security goals in ad-hoc network
Security is an important issue for ad hoc networks, especially for those security-sensitive applications. To secure an ad hoc network, we consider the following attributes: availability, confidentiality, authentication and non-repudiation.
Availability ensures the survivability of network services despite denial of service attacks. A denial of service attack could be launched at any layer of an ad hoc network. Availability ensures that the service offered by the network will be available to the user when expected. On the physical and media access control layers, an adversary could employ jamming to interfere with communication on physical channels. On the network layer, an adversary could disrupt the routing protocol and disconnect the network. On the higher layers, an adversary could bring down high-level services. One such target is the key management service, an essential service for any security framework.
Confidentiality ensures that certain information is never disclosed to unauthorized entities. Network transmission of sensitive information, such as strategic or tactical military information, requires confidentiality. Leakage of such information to enemies could have devastating consequences. Routing information must also remain confidential in certain cases, because the information might be valuable for enemies to identify and to locate their targets in a battlefield.
Integrity guarantees that a message being transferred is never corrupted. A message could be corrupted because of benign failures, such as radio propagation impairment, or because of malicious attacks on the network.
Authentication enables a node to ensure the identity of the peer node it is communicating with. Without authentication, an adversary could masquerade a node, thus gaining unauthorized access to resource and sensitive information and interfering with the operation of other nodes.
Finally, non-repudiation ensures that the origin of a message cannot deny having sent a message. Non- repudiation is useful for detection and isolation of compromised nodes. When a node A receives an erroneous message form a node B, non-repudiation allows A to accuse B using this message and to convince other nodes that B is compromised.
There are other security goals (e.g., authorization) that are of concern to certain applications.
2.1 Secure Routing
The contemporary routing protocols for ad-hoc networks cope well with dynamically changing topology but are not designed to accommodate defense against malicious attackers. No single standard protocol. Capture common security threats and provide guidelines to secure routing protocol. Routers exchange network topology informally in order to establish routes between nodes - another potential target for malicious attackers who intend to bring down the network. External attackers - injecting erroneous routing info, replaying old routing info or distorting routing info in order to partition a network or overloading a network with retransmissions and inefficient routing. Internal compromised nodes - more severe detection and correction more difficult Routing info signed by each node won't work since compromised nodes can generate valid signatures using their private keys. Detection of compromised nodes through routing information is also difficult due to dynamic topology of Ad-hoc networks. It can make use of some properties of Ad-hoc networks to facilitate secure routing. Routing protocols for Ad-hoc networks must handle outdated routing information to accommodate dynamic changing topology. False routing information generated by compromised nodes can also be regarded as outdated routing information. As long as there are sufficient no. of valid nodes, the routing protocol should be able to bypass the compromised nodes, this however needs the existence of multiple, possibly disjoint routes between nodes. Routing protocol should be able to make use of an alternate route if the existing one appears to have faulted.
2.2 Vulnerabilities and Attacks in Ad-hoc Networks
2.2.1 Vulnerabilities
Operation in an ad hoc network introduces some new security problems in addition to the ones already present in fixed networks. Some new vulnerability includes the following.
Easy theft of nodes: Many nodes are expected to be small in size and thus vulnerable to theft. From a routing perspective this means that a node may easily become compromised. Thus, a previously well-behaving node can unexpectedly become hostile.
Vulnerability to tampering: This difficulty is related to the problem of easy theft. It must not be trivial for example to recover private keys from the device. A less stringent version of tamper proof is tamper evidence where it is only required that a tampered node can be distinguished from the rest.
Limited computational abilities: Nodes can be devices with limited computing power. This may exclude techniques such as frequent public key cryptography during normal operation. However, symmetric cryptography is likely to be feasible in authenticating or encrypting routing message exchanges.
Battery powered operation: Many devices in an ad hoc network are assumed to be battery powered. An attacker may attempt a denial-of-service attack by creating additional transmissions or expensive computations to be carried out by a node in an attempt to exhaust its batteries.
Transient nature of services and devices: Because an ad hoc network consists of nodes that may frequently move, the set of nodes that are connected to some particular Ad- hoc network frequently changes. This can create problems for example with key management if cryptography is used in the routing protocol.
2.2.2 Attacks
2.2.2.1 Passive attacks
In a passive attack, the attacker does not disrupt the operation of a routing protocol but only attempts to discover valuable information by listening to the routing traffic. The major advantage for the attacker in passive attacks is that in a wireless environment the attack is usually impossible to detect. This also makes defending against such attacks difficult. Furthermore, routing information can reveal relationships between nodes or disclose their IP addresses. If a route to a particular node is requested more often than to other nodes, the attacker might expect that the node is important for the functioning of the network, and disabling it could bring the entire network down. Other interesting information that is disclosed by routing data is the location of nodes. Even when it might not be possible to pinpoint the exact location of a node, one may be able to discover information about the network topology. It is worth noting that in an IP network one cannot defend against these attacks for example by only using IPSec. The packets still have most of their IP headers in plaintext, and it may not even be feasible to have symmetric keys distributed to every node in a network.
2.2.2.2 Active attacks
To perform an active attack the attacker must be able to inject arbitrary packets into the network. The goal may be to attract packets destined to other nodes to the attacker for analysis or just to disable the network. A major difference in comparison with passive attacks is that an active attack can sometimes be detected. This makes active attacks a less inviting option for most attackers. Yet, it may still be a real alternative when large amounts of money are at stake such as in commercial or military environments. Next we present some types of active attacks that can usually be easily performed against an ad hoc network.
Black hole: The black hole attack is briefly introduced in [3]. In the attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In a flooding based protocol such as AODV the attacker listens to requests for routes. When the attacker receives a request for a route to the target node, the attacker creates a reply where an extremely short route is advertised. If the malicious reply reaches the requesting node before the reply from the actual node, a forged route has been created. Once the malicious device has been able to insert itself between the communicating nodes, it is able to do anything with the packets passing between them. It can choose to drop the packets to perform a denial-of-service attack, or alternatively use its place on the route as the first step in a man-in-the-middle attack.
Routing table overflow: In a routing table overflow attack the attacker attempts to create routes to nonexistent nodes. The goal is to create enough routes to prevent new routes from being created or to overwhelm the protocol implementation. Proactive routing algorithms attempt to discover routing information even before it is needed while a reactive algorithm creates a route only once it is needed. This property appears to make proactive algorithms more vulnerable to table overflow attacks. An attacker can simply send excessive route advertisements to the routers
in a network. Reactive protocols, on the other hand, do not collect routing data in advance. For example in AODV, two or more malicious nodes would need to cooperate to create false data efficiently: The other node requests routes and the other one reply with forged addresses.
Sleep deprevation: The sleep deprevation torture is briefly introduced in. Usually, this attack is practical only in ad hoc networks, where battery life is a critical parameter. Battery powered devices try to conserve energy by transmitting only when absolutely necessary. An attacker can attempt to consume batteries by requesting routes, or by forwarding unnecessary packets to the node using, for example, a black hole attack. This attack is especially suitable against devices that do not offer any services to the network or offer services only to those who have some special credentials. Regardless of the properties of the services, a node must participate in the routing process unless it is willing to risk becoming unreachable to the network.
Location disclosure: A location disclosure attack can reveal something about the locations of nodes or the structure of the network. The information gained might reveal which other nodes are adjacent to the target, or the physical location of a node. The attack can be as simple as using an equivalent of the trace route command on UNIX systems. Routing messages are sent with inadequate hop-limit values and the addresses of the devices sending the ICMP error-messages are recorded. In the end, the attacker knows which nodes are situated on the route to the target node. If the locations of some of the intermediary nodes are known, one can gain information about the location of the target as well.