- Security Threats in Mobile Ad Hoc Network. - This thesis is submitted to the Department of Interaction and System Design, School of Engineering at Blekinge Institute of Technology in partial fulfillment of the requirements for the degree of Master of Science in Computer Science. - Rune Gustavsson for his suggestions, guidance, constant encouragement and enduring patience throughout the progress of the thesis. - Mobile Ad Hoc Network (MANET) is a collection of communication devices or nodes that wish to communicate without any fixed infrastructure and pre-determined organization of available links. - Although the ongoing trend is to adopt ad hoc networks for commercial uses due to their certain unique properties, the main challenge is the vulnerability to security attacks. - In this thesis, we identify the existent security threats an ad hoc network faces, the security services required to be achieved and the countermeasures for attacks in each layer. - 3.1 Ad hoc network and a malicious node. - 3.2 Ad hoc network with DoS attack. - An ad hoc network is a collection of wireless mobile nodes that forms a temporary network without any centralized administration. - Each node participates in an ad hoc routing protocol that allows it to discover multihop paths through the network to any other node. - This idea of Mobile ad hoc network is also called infrastructureless networking, since the mobile nodes in the network dynamically establish routing among themselves to form their own network on the fly [2].. - Now-a-days, Mobile ad hoc network (MANET) is one of the recent active fields and has received marvelous attention because of their self-configuration and self-maintenance capabilities [16]. - Chapter 1 Introduction Although mobile ad hoc networks have several advantages over the traditional wired networks, on the other sides they have a unique set of challenges. - For example the resource constraints on nodes in ad hoc networks limit the cryptographic measures that are used for secure messages. - An attacker can listen, modify and attempt to masquerade all the traffic on the wireless communication channel as one of the legitimate node in the network. - A number of researches are done on security challenges and solutions in Mobile ad hoc network. - have defined a method that is designed to ensure equal participation among members of the ad hoc group, and that gives each node the authority to issue certificates [3]. - [8] have proposed a secure ad hoc routing protocol based on secret sharing. - also have designed a general framework for secure ad hoc routing [17]. - In this thesis, we focus on the overall security threats and challenges in Mobile ad hoc networks (MANET). - The solutions of the current problems are also reported here so that one may get direction.. - This study provides a good understanding of the current security challenges and solutions of the MANETs. - How the security services like confidentiality, integrity and authentication can be achieved from mobile ad hoc networks? What steps should be taken?. - What are the countermeasures? How the security of the entire system is ensured?. - Chapter 2 is an overview of the security goals that must be achieved to ensure secure communication in MANET. - Chapter 3 presents the security exploits possible in ad hoc network. - Chapter 9 focuses on the solutions of the problems described in previous sections. - Network layer Protecting the ad hoc routing and forwarding protocols Data link layer Protecting the wireless MAC protocol and providing link. - The ultimate goals of the security solutions for MANETs is to provide security services, such as authentication, confidentiality, integrity, authentication, nonrepudiation, anonymity and availability to mobile users. - For example, on the physical and media access control layers, an adversary could employ jamming to interfere with communication on physical channel while on network layer it could disrupt the routing protocol and continuity of services of the network. - Chapter 2 Security Services adversary could masquerade as a node, thus gaining unauthorized access to resource and sensitive information and interfering with the operations of the other nodes [18].. - An ad hoc network may consist of hundreds or even thousands of nodes. - Otherwise, the newly added node in the network can be compromised by the attacker and used for gaining unauthorized access of the whole system. - The current Mobile ad hoc networks allow for many different types of attacks. - In this chapter, our focus is on vulnerabilities and exposures in the current ad hoc network. - Figure 3.1: Ad hoc network and a malicious node. - Figure 3.2: Ad hoc network with Dos attack. - As there is no authentication of data packets in current ad hoc network, a malicious node can launch many attacks in a network by masquerading as another node i.e. - Spoofing is occurred when a malicious node misrepresents its identity in the network (such as altering its MAC or IP address in outgoing packets) and alters the target of the network topology that a benign node can gather. - At first, M changes its MAC address to match A’s, moves closer to B and out of the range of A. - Similarly, M again changes its MAC address to match B’s, moves closer to C and out of the range of B. - In the fig. - Mobile Ad Hoc Networks (MANETs) rely on the cooperation of all the participating nodes. - But one of the different kinds of misbehavior a node may exhibit is selfishness. - The security of the ad hoc networks greatly depends on the secure routing protocol, transmission technology and communication mechanisms used by the participating nodes. - The rest of the thesis describes the threats in each layer in the protocol stack and prescribes solution of those attacks.. - An attacker with sufficient transmission power and knowledge of the physical and medium access control layer mechanisms can gain access to the wireless medium. - Many attacks can be launched in link layer by disrupting the cooperation of the protocols of this layer.. - Wireless medium access control (MAC) protocols have to coordinate the transmission of the nodes on the common communication or transmission medium. - All the neighbors of the sender and receiver update their NAV field according to the time that they overheard for transmission duration. - The attacker in the local neighborhood is also aware of the duration of the ongoing transmission and he/she may transmit a few bits within this period to incur bit errors in a victim’s link layer frame via wireless interference [16].. - Some of the weakness of the WEP is described below.. - The initialization vector (IV) used in WEP is a 24-bit field which is sent in clear and is a part of the RC4 leads to probabilistic cipher key recovery attack or most commonly known as analytical attack.. - Most of the link layer attacks in MANET are removed by enhancing the existing protocol or proposing a new protocol to thwart such threats. - Security Threats in Network Layer. - Establishing an optimal and efficient route between the communicating parties is the primary concern of the routing protocols of MANET. - Thus, security in network layer plays an important role in the security of the whole network.. - The family of routing attacks refers to any action of advertising routing updates that does not follow the specifications of the routing protocols. - Routing cache poisoning attack uses the advantage of the promiscuous mode of routing table updating. - Most of the recent research suffers from this problem. - The Ad-hoc On-demand Distance Vector (AODV) routing algorithm is a reactive algorithm that routes data across wireless mesh networks. - Authenticated Routing for Ad-hoc Networks (ARAN) is an on-demand routing protocol that detects and protects against malicious actions carried out by third parties and peers in particular ad-hoc environment [14]. - Though ARAN is designed to enhance ad-hoc security, still it is immune to rushing attack (described in section 6.2.4.4).. - ARIADNE is an on-demand secure ad-hoc routing protocol based on DSR that implements highly efficient symmetric cryptography. - Specifically, SEAD builds on the DSDV-SQ version of the DSDV (Destination Sequenced Distance Vector) protocol. - At first step, the malicious node exploits the mobile ad hoc routing protocol such as AODV, to advertise itself as having a valid route to a destination node, even though the route is spurious, with the intention of intercepting the packets. - Figure 6.2: The black-hole problem. - An attacker or compromised node thus can disrupt the normal functionalities of the MANET. - Location disclosure attack is a part of the information disclosure attack. - The malicious node leaks information regarding the location or the structure of the network and uses the information for further attack. - Traffic analysis is one of the unsolved security attacks against MANETs.. - The network layer of the MANET is more immune to attack than all other layers. - The receiver also generates another ISN and sends a SYN message including the ISN as an acknowledgement of the received SYN message. - During SYN flooding attack, a malicious node sends a large amount of SYN packets to the target node, spoofing the return address of the SYN packets. - The victim node stores all the SYN packets in a fixed-size table as it waits for the acknowledgement of the three-way handshake. - in MANET.. - One of the vulnerabilities in link layer is its binary exponential backoff scheme which we described in fifth chapter 5.4 section.. - In this chapter we described the countermeasures of the attacks imposed in different layers. - Mobile Ad Hoc Networks have the ability to setup networks on the fly in a harsh environment where it may not possible to deploy a traditional network infrastructure.. - Whether ad hoc networks have vast potential, still there are many challenges left to overcome. - In this thesis, we have overviewed the challenges and solutions of the security threats in mobile ad hoc networks. - This isolation of attacks on the basis of different layers makes easy to understand about the security attacks in ad hoc networks. - ‘How the security services like confidentiality, integrity and authentication can be achieved from mobile ad hoc networks? What steps should be taken?’ is the second research question. - The third question is ‘what are the countermeasures? How the security of the entire system is ensured?’ We focus on the potential countermeasures (chapter 9) either currently used in wired or wireless networking or newly designed specifically for MANET in our study. - In addition, we can say that security must be ensured for the entire system since a single weak point may give the attacker the opportunity to gain the access of the system and perform malicious tasks. - Cryptography is one of the most common security mechanisms and its strength relies on the secure key management. - Finally, Building a sound trust-based system and integrating it to the current preventive approaches, solution of the node selfishness problem can be considered in future research. - of the ACM Workshop on Security of Ad Hoc and Sensor Networks,” 2003.. - Li, Agrawal, D.P., “Routing security in wireless ad hoc networks,” Cincinnati Univ., OH, USA. - Capkun., “The quest for security immobile ad hoc network,” In Proc.. - Johnson, “Ariadne: A Secure On-Demand Routing for Ad Hoc Networks,”. - Johnson, “Packet Leashes: A Defense AgainstWormhole Attacks inWireless Ad Hoc Networks,” Proc. - Kong et al., “Providing robust and ubiquitous security support for mobile ad-hoc networks,” In Proc.. - Molva, “Ad hoc networks security,” IEEE Press Wiley, New York, 2003.. - Song, “The TESLA Broadcast Authentication Protocol,”. - Belding-Royer, “Secure routing protocol for ad hoc networks,” In Proc. - Cardei, “A Survey of Attacks and Countermeasures in Mobile Ad Hoc Networks,” Department of Computer Science and Engineering, Florida Atlantic University, http://student.fau.edu/jchen8/web/papers/SurveyBookchapter.pdf. - Zhang, “Security in mobile ad hoc networks: challenges and solutions,” In proc. - Kravets, “Security-aware ad hoc routing for wireless networks,” In Proc.. - Haas, Cornell Univ., “Securing ad hoc networks,” IEEE Network, Nov/Dec 1999, Volume: 13, Page(s): 24-30, ISSN: 0890-8044
Xem thử không khả dụng, vui lòng xem tại trang nguồn hoặc xem
Tóm tắt