See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/323737308

A Survey on MANET Security Challanges, Attacks and its Countermeasures

Conference Paper · February 2014

CITATIONS READS
8 173

1 author:

Godwin Ponsam
SRM Institute of Science and Technology
16 PUBLICATIONS 22 CITATIONS

SEE PROFILE

All content following this page was uploaded by Godwin Ponsam on 15 March 2018.

The user has requested enhancement of the downloaded file.

 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 1, January – February 2014 ISSN 2278-6856

A Survey on MANET Security Challenges,

Attacks and its Countermeasures
J. Godwin Ponsam1, Dr. R.Srinivasan2
1
Research Scholar, SRM University
2
Professor Emeritus, Directorate of Research, SRM University

Abstract: Ad-hoc networks have lots of challenges than we have surveyed the security weakness in each layer and
traditional networks. It has challenges like infrastuctureless the current available security solutions.. First section will
and selforganizing networks. They don’t have any fixed describe security goals required for secure routing in
infrastructure. In Manets there will be no centralized MANET. Second Section gives detailed description of
authority to manage the network. Nodes have to rely on other various attacks on MANET. Third section will provide
nodes to keep the network connected. As the ad-hoc network various solutions proposed by the researchers against
is dynamic and every transmission in these networks become
these attacks. Last section provides future directions for a
vulnerable to many number of attacks and security becomes a
major issue. In this survey paper we study the different
secure MANET.
security attacks to ad-hoc networks and also discussed
available solutions. We try to provide a brief introduction to 2. SECURITY GOALS
the types of attacks and possible counter measures to preventThe following are five major security goals which require
the attacks. preventing from attacks [2]:
a) Authentication: Authentication ensures that the
Keywords: Attacks, MANET, IDS , DOS communication or transmission of data is done only by
the authorized nodes.[5] Without authentication any
1. INTRODUCTION malicious node can pretend to be a trusted node in the
A Mobile Ad hoc Network (MANET) is a collection of network and can adversely affect the data transfer
mobile node connected through wireless links. In between the nodes.
MANET all nodes are connected with the nodes near in b) Availability: Availability ensures the services should be
communication range. So if a node wants to communicate available even in the presence of the attacks. Systems
to another node it sends the data to the destination node should be able to take care of various attacks such as
through the neighbor node. Now the neighbor node will denial of services, energy starvation attacks, and node
act as router like wired network. In wired network misbehavior.
security protocols will be implemented in router node. But c) Confidentiality: Confidentiality ensures that data
implementing security in MANET is a challenging task. should be accessible only to the intended party. No other
Because here node itself will be acting as a router node. node except sender and receiver node can read the
So identifying neighbor node as a legitimate node or information. This is implemented through data
malicious node is a difficult thing in MANET shown in encryption techniques.
Figure 1. Communication in the network depends upon d) Integrity: Integrity ensures transmitted data is not
the trust on each other also communication can work being altered by any other malicious node.
properly if each node co-operate for data transmission. As e) Non-Repudiation: Non-repudiation ensures that neither
MANET has no fixed infrastructure, they have more a sender nor a receiver should not deny a transmitted
security threats when compared to the infrastructure message.
based wireless networks. Each communication layer has
lots of attacks in MANET due to it dynamic 3. MANET Security Challenges [1]
1) Dynamic topology: In Manets node may join or leave
dynamically. As node moves frequently establishing
trust among nodes is very difficult.
2) Battery Constraints: Mobile nodes will be running with
battery. If node power utilized unnecessarily then node
may comes to idle state.[4]
3) Lack of Central Authority: In MANET there will be no
centralized authority like infrastructure network. So
implementing security without centralized authority is
Fig 1. MANET a challenging task.
nature, lack of centralized monitoring, and limited
resources like bandwidth and battery power. In this paper

Volume 3, Issue 1 January – February 2014 Page 274

 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 1, January – February 2014 ISSN 2278-6856

4) Insecure Environment: Nodes may move randomly in this node to bring the network down. Includes Covert
MANET. So malicious node may attack and steal the channels, Traffic analysis, Shifting to compromised keys.
data.
Physical Layer Attacks
4. . Attacks on MANET 1) Eavesdropping: In eavesdropping attack, attacker tries
Active Attacks to get the secret information during communication.
Performed by attackers for replicating, modifying and 2) Jamming: Jamming attack will be implemented by
deletion of exchanged data. They try to change the knowing the frequency malicious nodes sends jam signal
behavior of the protocol [3]. These attacks are meant to to disturb the communication.
degrade or prevent message flow among the nodes. Such 3) Active Interference: An active interference is a type of
attacks collectively can be called as DOS attacks that denial of service attack which distorts the
either degrade or completely block the communication communications
between the nodes. Another type of attack involves
insertion of extraneous packets in the network to cause Link Layer Attacks
congestion. Outdated routing information may be The data link layer can classified as to what effect it has
replayed back to the nodes in the network. Active attacks on the state of the network as a whole .
can be detected sometimes and this reason makes active 1) Selfish Misbehaviour of Nodes: In the selfish
attack less used by an attacker. misbehavior nodes will act as selfish and will not
Passive Attacks be willing to participate in forwarding process
As discussed in [16] this type of attack involves 2) DOS Attack: This attack prevents authorized
unauthorized listening of the routing packets. Attacker access of resources to the legitimate node.
may eavesdrop on all the routing updates. In this case an 3) Resoure Exhaustion: Malicious nodes makes
attacker does not disrupt the operation of a routing repeated collision to drain the battery power
protocol rather it only listens to it to discover the valuable 4) Malicious Behaviour of nodes The main task of
information about the routing. Such attacks are difficult malicious node is to disrupt normal operation of
to be detected. From the routing packets an attacker may routing protocol. The impact of such attack is
understand about a node which is important in the increased when the communication takes place
network and route to that node is being requested very between neighbouring nodes.
often by every other node. So an attacker tries to disable
Table 1. Layer Attacks in MANET
Layers Attacks Solutions
Physical Jamming Using Spread spectrum mechanisms FHSS,
Eavesdropping DHSS
Active Interference
Data Link Selfish Misbehaviour of Nodes Secure link layer protocol like LLSP using
Malicious Behaviour of nodes WPA
DOS
Misdirecting Traffic
Attacking neighbour sensing protocols
Worm Hole Attack Securing routing protocols like SAODV,
Network Black Hole Attack SAR, ARAN to overcome blackhole,
Byzantine Attack impersonation attacks, packet leashes,
Information Disclosure SECTOR
Resource Consumption mechanism for wormhole attack
Routing Attack
Routing Table Overflow
Routing Table Poisoning
Packet Replication
Route Cache Poisoning
Rushing Attack
Transport Session Hijacking Securing End to End communication (SSL,
SYN Flooding TLS, SET)
Application Virus, Worms Firewalls
Dos, Man in the Middle Attack
Impersonation

Volume 3, Issue 1 January – February 2014 Page 275

 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 1, January – February 2014
4) Attacking neighbour sensing protocols: Malicious
nodes advertise fake error messages so that important
links interface are marked as broken.
Network Layer Attacks
Black Hole Attack:
In black hole attack the attacker node advertises other
node that it has shortest route to reach destination. If this
reply reaches before the actual reply a forged route will be
established including the malicious node. Now the
malicious node can drop packet or perform DOS attack or
Man in the middle attack.
Wormhole Attack:
In wormhole attack involves the cooperation
between two attacking nodes [18]. One attacker captures
the packet and tunnels it to the other attacker. The link
between the attackers is high speed communication link.
These two attackers makes the topology under their
control.
Routing Table Poisoning Attack:
In routing table poisoning attack attacker poisons the
routing table by changing the routes in the routing table.
Other way is to inject RREQ packet with high sequence
number. The packet with low sequence number will be
deleted. This leads to selection of wrong routes.
Sleep Depravation:
In this attack resources of a node is consumed
unnecessarily by the attacker node by generating
requesting for unexisting destinations. These leads to
battery wastage and network bandwidth wastage
Impersonation Attack:
In impersonation attack attacker nodes impersonates itself
as legitimate node and sends false routing information
and masks itself as sending from trusted node.
Node Isolation Attack:
In this attack attacker node prevents network information
about a particular node or group of nodes from the rest of
network. Hence other nodes will not know about the
existence of this node.
Location Disclosure Attack:
In location disclosure attack attacker node by probing or
by traffic analysis will locate the node and structure of the
network
Rushing Attack:
In rushing attack attacker node rushes to send route
request to target nodes. These makes the target node to
reject the legitimate node route request and makes
attacker node to insert in any communication[9].
Blackmail:
The attack happens due to lack of authenticity and it
grants provision for any node to corrupt other node’s
legitimate information. Nodes usually keep information of
perceived malicious nodes in a blacklist. This attack is
relevant against routing protocols that use mechanisms
for the identification of malicious nodes and propagate
messages that try to blacklist the offender. An attacker
Volume 3, Issue 1 January – February 2014
ISSN 2278-6856
may fabricate such reporting messages and tell other
nodes in the network to add that node to their blacklists
and isolate legitimate nodes from the network [18].
The Invisible Node Attack(INA) :
Andel et al.[19] have defined the invisible node attack
and proved it to be different from the existing attacks
(man in the middle, masquerading, and wormhole) and
established its uniqueness. They have defined it as In any
protocol that depends on identification for any
functionality, any node that effectively participates in that
protocol without revealing its identity is an invisible node
and the action and protocol impact is termed an INA.
Discussing the effects of INA on different routing
protocols, they have shown it to be a unsolvable attack so
far.
Byzantine Attack:
In Byzantine attack
A compromised intermediate node works alone or a set of
compromised intermediate node works in collusion and
carry out attacks. These attacks create routing loops,
forwards packets through non optimal paths. It is difficult
to detect this attack.
Transport Layer Attacks
Session Hijacking: In session hijacking attacker hijacks
the session after its set up. Here the attacker spoofs the IP
address and launches the various attacks using the right
sequence number.
Application Layer Attacks
Malicious code attacks: Malicious code attacks include,
Viruses, Worms can attack both operating system and
user application.
Multilayer Attacks
The DoS attacks, impersonation attacks, man-in-the-
middle attacks, and many other attacks can target
multiple layers.
Denial of service: Denial of service (DoS) attacks could
be launched from several layers. An attacker can employ
signal jamming at the physical layer, which disrupts
normal communications. At the link layer, malicious
nodes can occupy channels through the capture effect,
which takes advantage of the binary exponential scheme
in MAC protocols and prevents other nodes from channel
access. At the network layer, the routing process can be
interrupted through routing control packet modification,
selective dropping, table overflow, or poisoning[6]. At the
transport and application layers, SYN flooding, session
hijacking, and malicious programs can cause DoS attacks.
Impersonation attacks: Impersonation attacks are just
the first step for most attacks, and are used to launch
further sophisticated attacks.
Man-in-the-middle attacks: An attacker sits between the
sender and the receiver and sniffs any information being
sent between two ends.
Page 276
 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 1, January – February 2014
5. Security Solutions in MANET
Physical Layer
At this layer spread spectrum technology such as
frequency hopping (FHSS) & direct sequence (DSSS) [5]
can be used to prevent eavesdropping attack. It changes
frequency in random fashion to make signal capture
difficult
It also minimizes the potential for interference from other
radio & electromagnetic devices .
Link Layer
Traffic analysis is prevented by encryption at data link
layer. WEP has been widely criticized. A dynamic mix
method is used to hide the source & destination
information during message delivery via cryptography
method & to “mix” nodes in the network [12]. WEP and
WPA provides authentication mechanism for any node to
join in network. LLSP is used to provide security at data
link layer. But LLSP uses encryption algorithm to prevent
from attacks. SLSP is used to prevent DOS attack, Man in
the middle attack and its suitable for authenticating new
nodes and not suitable for real time traffic.
Network Layer
SAODV routing protocol is used to prevent against
blackhole attack but it requires heavy weight encryption
algorithm[8]. (SAR) can be used to defend against black
hole attacks. In SAR it needs excessive encryption and
decryption at each hop. ARAN can be used to defend
against impersonation & repudiation attacks. It may not
defend against authenticated selfish nodes. Security
protocol SEAD is used against modification attacks [13].
Table 2. Describes the network layer protocols and its
limitations
Transport Layer
In transport layer end-to-end encryption provides message
confidentiality between two nodes. SSL protocol
implements end to end security for a session. attacks are
DoS attacks, impersonation attacks, man-in-the-middle
attacks. The countermeasures for these attacks need to be
implemented at different layers.
Defense against multi-layer attacks
Denial of service: Denial of service (DoS) attacks can be
launched from several layers. In physical layer attacker
employs signal jamming attack which disturbs
Table 2. Security Solution and its limitations in Network Layer
Author Attack
Cerri. D Politec di Milan, Blackhole Attack
Ghioni A
Seung Yi, Prasad Naldurg, Replay Attacks
Robin Kravets [20]
Davide Cerri and DOS, Man in the Middle
Alessandro Ghioni Attack
Volume 3, Issue 1 January – February 2014
ISSN 2278-6856
communications. At the link layer, malicious nodes can
occupy channels through the capture effect, which takes
advantage of the binary exponential scheme in MAC
protocols and prevents other nodes from channel access.
At the network layer, the routing table overflow attack
fills the routing table with unnecessary or fake routes
which leads to a DOS attack. At the transport and
application layers, SYN flooding makes the other node to
overload and it leads to DoS attacks.
Application Layer
In Application layer firewalls can effectively prevent
many attack & application specific modules. An intrusion
detection system (IDS) can be used as second line of
defense.
MultiLayer Attack
Multiple layer attacks are difficult to detect. Because
these attack may happen in data link layer or network
layer or in transport layer. Such
Defense against key management attacks
Cryptography algorithms are security primitives, which
are widely used for the purposes of authentication,
confidentiality, integrity, and non-repudiation. Most
cryptographic systems rely on the underlining secure,
robust, and efficient key management system. Key
management is in the central part of any secure
communication, and is the weak point of system security
and protocol design[7]. A key is a piece of input
information for cryptography algorithms. If the key were
released, the encrypted information would be disclosed.
The secrecy of the symmetric key and private key must be
assured locally[10,11]. The Key Encryption Key (KEK)
approach could be used at local hosts to build a line of
defense
MANET intrusion detection systems (IDS)
There are many IDS are currently available in MANET
for detecting intrusions. In anomaly detection if there is a
deviation from normal behavior then it will be identified
as intrusion. But in anamoly based detection it may not
detect if it deviates from normal activity. There is a
chance for high false positive rate. Bella et al.
Solution Remarks
SAODV Requires heavyweight
asymmetric cryptographic
algorithm
SAR Require excessive encrypting
and decrypting at each hop.
Discovered route may not be
shortest path
Adoptive SAODV Routing Overhead and High
Processing Power, Time delay
Page 277
 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 1, January – February 2014
Bridget, Brain Neil, Active Attacks
Elizabeth Royer, Clay
Shields
Chu-Hsing Lin,Tunghai Wormhole attack
Univ, Taipei,Wei-Shen
Lai,Yen-Lin Huang; Mei-
Chun Chou [21]
[22] propose a behavior based IDS that bases node
reputation on the energy it uses for others in comparison
with the energy it uses for itself: Buchegger and Le
Boudec propose a distributed IDS called CONFIDANT
which extends DSR by measuring reputation with ‘‘no
forwarding’’ behavior. Michiardi and Molva propose an
IDS called CORE. Neighbors of a suspect calculate its
subjective reputation score from experience of some
property f (for example, DSR routing or packet
forwarding) weighting earlier and later observations
differently, and nodes calculate a suspect’s functional
reputation over multiple f weighting various f differently
and aging (decreasing over time) the reputations of
inactive nodes. Vigna et al. [23] propose a multitrust
traffic based IDS. The authors focus on auditing AODV
data. They found packet drop attacks had the best
detection rate and spoofing attacks had the lowest false
positive rate. Tseng et al. use an AODV based FSM to
establish a specification for a traffic based IDS.
Distributed network monitors maintain an FSM for each
routing transaction
6. Future Directions
There are lots of researches done in MANET for so many
years. Many security solutions are provided by
researchers. But still the security solutions in MANET are
not sufficient due to its various challenges. DOS attack,
Man in the middle attack is still open in MANET. More
research is needed on secure routing protocol, key
management, trust based systems, integrated approaches
to routing security, data security in different level and
cooperation enforcement. The security solutions of
existing routing protocols are subject to a variety of
attacks that can allow attackers to influence a victim’s
selection of routes or enable denial-of-service attack. So,
necessity of secure routing protocol is inevitable.
Cryptography is one of the most common security
mechanisms and its strength relies on the secure key
management. The public cryptography scheme depends
upon centralized CA (Certificate Authority) which is
known as a security weak point in MANET. Symmetric
cryptography is efficient but suffers from potential attack
on key distribution. Hence, efficient key agreement and
Volume 3, Issue 1 January – February 2014
ISSN 2278-6856
in establishing routes
ARAN Cannot defend against
authenticated Selfish nodes
SEAD It doesn’t provide a way to
prevent an attacker from
tampering with “next hop” or
“destination” columns. Instead,
it relies on doing neighbor
authentication,
which is bad
distribution in MANET is an ongoing research area.
Finally, Building a trust-based system and integrating it
to the intrusion detection system can be considered as a
future research. Identifying new security threats as well as
new countermeasures demands more research in MANET
7. Conclusion
In this paper we have surveyed several attacks related to
different layers in ad-hoc networks. As ad hoc networks
are vulnerable to many types of attacks the security of this
network is a major issue. Many researchers are trying to
prevent the attacks done on ad-hoc networks at various
levels. A variety of such attacks have been discussed. We
have overviewed the challenges and solutions of the
security threats in mobile ad hoc networks. In our study,
we present a variety of attacks related to different layers.
Here we focus on the currently used security
countermeasures to defend against these attacks. A lot of
research is still being carried out to identify new threats to
ad-hoc networks & securing them.
References
[1] Hao yang, Haiyun luo, Fan ye, Songwu lu, and Lixia
zhang,”Security in Mobile Adhoc Networks:
Challenges and Solutions”, IEEE Wireless
Communications, Feb 2004
[2] C.-K Toh, Ad Hoc Mobile Wireless Networks:
Protocols and Systems, Prentice Hall, New Jersey, pp:
34-37, 2007.
[3] C. Siva Ram Murthy, and B.S. Manoj, Ad Hoc
Wireless Networks: Architectures and Protocols,
Prentice Hall communications engineering and
emerging technologies series Upper Saddle River,
New Jersey, 2004.
[4] I.Chlamtac, M.Conti, and J.Liu, “Mobile Ad Hoc
Networking: Imperatives and Challenges,” Ad Hoc
Networks, vol. 1, no. 1, pp. 13-64, 2003.
[5] J.P.Hubaux, L.Buttyan, S.Capkun, “The Quest For
Security In Mobile Ad Hoc Networks,” Proceedings
of the ACM Symposium on Mobile Ad Hoc
Networking and Computing (MobiHOC), October,
2001.
Page 278
 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 1, January – February 2014 ISSN 2278-6856

[6] A.Menaka Pushpa M.E., “Trust Based Secure Networks”, in: proceedings of acm symposium on
Routing in AODV Routing Protocol”, IEEE 2009, mobile ad hoc networking & computing,2002
ISSN: 978-1-4244-4793-0/09, pp. 1-6. [21] Wei-Shen Lai,, Chu-Hsing Lin, Jung-Chun Liu, Yen-
[7] H. Deng, W. Li, Agrawal, D.P., “Routing security in Lin Huang, Mei-Chun Chou,” I-SEAD: A Secure
wireless ad hoc networks,” Cincinnati Univ., OH, Routing Protocol for Mobile Ad Hoc Networks”
USA; IEEE Communications Magazine, Oct. 2002, IJOMUE, Vol.3, No.4, October 2008.
Volume: 40, page(s): 70- 75, ISSN: 0163-6804 [22] G. Bella, G. Costantino, S. Riccobene, Managing
[8] Y. Hu, A. Perrig, and D. Johnson, “Ariadne: A reputation over manets, in: Fourth International
Secure On-Demand Routing for Ad Hoc Conference on Information Assurance and Security,
Networks,”Proc. of MobiCom 2002, Atlanta, 2002. Naples, Italy, 2008, pp. 255–260
[9] S.marti. T.Giuli, K. Lai, and M.Baker, Mitigating [23] G. Vigna, S. Gwalani, K. Srinivasan, E. Belding-
routing misbehavior in mobile ad-hoc networks.in Royer, R. Kemmerer, An intrusion detection tool for
proc. Of MOBICOM, 2000 aodv-based ad hoc wireless networks, in: 20th Annual
[10] V. Cahill et al., “Using trust for secure collaboration Computer Security Applications Conference, Tucson,
in uncertain environments,” Pervasive Computing, AZ, USA, 2004,pp. 16–27.
IEEE, vol. 2, no. 3, pp. 52–61, 2003.
[11] A. A. Pirzada and C. Mcdonald, “Trust
Establishment In Pure Adhoc Networks,” Wireless
Personal Communications, vol. 37, no. 1- 2, pp. 139-
168, Apr. 2006.
[12] S. Marti, T. Giuli, K. Lai, and M. Baker, Mitigating
Routing Misbehavior in Mobile Ad Hoc Networks,
Proc. of the Sixth Annual International Conference
on Mobile Computing and Networking (MOBICOM),
Boston, 2000.
[13] Y. Zhang and W. Lee, Intrusion Detection in
Wireless Ad-hoc Networks, Proc. of the Sixth Annual
International Conference on Mobile Computing and
Networking (MOBICOM), Boston, 2000.
[14] T.Karygiannis And L.Owens, Wireless Network
Security-802.11, Bluetooth And Handheld Devices.
National Institute Of Standards And Technology.
Technology Administration, U.S Department Of
Commerce, special Publication 800-848, 2002.
[15] L.Hu And D. Evans, Using Directional Antennas To
Prevent Wormhole Attacks.Pro Of Networks And
Distributed System Security Symposium (NDSS).
[16] M. Ilyas, The Handbook Of Ad-Hoc Wireless
Networks, CRC Press, 2003.
[17] X.Lin, R.Lu, H.Zhu, P.H.Ho, X.Shen and Z.Cao,
“ASRPAKE: An Anonymous Secure Routing
Protocol with Authenticated Key Exchange for
Wireless Ad Hoc Networks,” IEEE International
Conference on Communications, ICC '07, pp. 1247 –
1253, June 2007
[18] B.Kannhavong, H.Nakayama, Y.Nemoto, N.Kato,
A.Jamalipour, “A Survey Of Routing Attacks In
Mobile Ad Hoc Networks,” IEEE Wireless
Communications, vol. 14, issue 5, pp. 85-91, October
2007
[19] T.R.Andel and A.Yasinsac, “The Invisible Node
Attack Revisited,” Proceedings of IEEE
SoutheastCon 2007, pp. 686 – 691, March 2007
[20] Seung Yi, Prasad Naldurg, Robin Kravets,” A
Security-Aware Routing Protocol for Wireless AdHoc

Volume 3, Issue 1 January – February 2014 Page 279

View publication stats