Security Management in Mobile

Ad hoc Networks
Dr. Noman Islam
https://sites.google.com/a/nu.edu.pk/noman-islam/
http://www.facebook.com/sir.noman.islam
Security Challenges in MANET
Challenge Description
Wireless link Open and physically accessible to everyone, prone to bit
errors/interference
Lack of secure Adversaries can easily join and become part of the network
boundaries
Infrastructure-less There are no specific infrastructure for addressing, key
distribution, certification etc.
Nodes limitation As the nodes have limited capabilities, their availability can
easily be compromised
Link limitation Cooperation based security algorithms must consider the
bandwidth limitation associated with links
Multi-hop routing As the nodes are dependent on each other for routing,
adversaries can generate fabricated routes to create routing
loops, false routes etc.
 Active Vs Passive Attacks
An active attack is a type of attack where an attacker
gets access to the medium of communication and
modifies or disrupts the transmission.
A passive attack only observes the ongoing
transmission but doesnt alter or disrupts any activity.
A common example is traffic analysis of the snooped
data to discover passwords and confidential
information of other users.
Active attacks usually target integrity and availability of
system while passive attack tries to break the
confidentiality of the security system.
 Physical Layer Attacks
The easiest attack on this layer is signal jamming,
where the hacker uses a jamming device to tune
to the frequency of the nodes on the network.
The jammer then generates a constant and
powerful noisy signal that suppresses other
messages on the network.
To counter this attack, spread spectrum
techniques are recommended that changes the
frequency of the signal or spread the energy of
the signal to a wider spectrum.
 Frequency Hopping Spread Spectrum
(FHSS)
The sender switches the carrier from a set of
available carriers based on a pseudo random
sequence. The sender modulates the data
signal with a sequence of random frequencies.
The random frequency changes at regular
interval of times. Both the sender and receiver
are synchronized such that receiver can
reconstruct the original signal.
 Direct-sequence spread-spectrum
Direct-sequence spread-spectrum transmissions multiply the
data being transmitted by a "noise" signal. This noise signal is
a pseudorandom sequence of 1 and 1 values, at a frequency
much higher than that of the original signal.
The resulting signal resembles white noise, like an audio
recording of "static". However, this noise-like signal is used to
exactly reconstruct the original data at the receiving end, by
multiplying it by the same pseudorandom sequence (because
1 1 = 1, and 1 1 = 1). This process, known as "de-
spreading", mathematically constitutes a correlation of the
transmitted PN sequence with the PN sequence that the
receiver already knows the transmitter is using.
 Access to Device
MANET is often deployed in hostile settings like
war zone, disaster recovery etc. It is possible that
an adversary can get physical access to the device
and then temper the device.
Using different techniques, the network
information maintained in the chip can then be
decoded and can be used to set off various
security attacks. The physical security of mobile
devices can be enforced to some extent by using
some security modules like smart cards that
requires PIN codes or biometrics for access.
 Link Layer Attacks
The malicious node can exploit the
exponential back off feature of IEEE 802.11
protocol by sending the data continuously on
the medium. This makes the medium busy
and other nodes dont get opportunity to send
their data.
DCF employs a CSMA/CA with binary
exponential backoff algorithm
 A malicious node can also send RTS/CTS
packet with large amount of data for
unlimited period of time. This attack called
indefinite postponement problem can
jeopardize the network, as the nodes on the
network are required to wait indefinitely for
their turn.
 Single adversary attack
In the single adversary attack, the malicious
node attempts to exhaust the battery of the
victim node as well as eating up the channel
capacity.
For this purpose, the attacker sends large
volume of data to the victim node which
brings down the availability of the victim
node.
 Colluding adversary attack
In the colluding adversary attack, two or more
malicious node sends large volume of data to
each other making the transmission channel
occupied and unavailable for other nodes on the
network. To counter these attacks, a possible
approach is to limit the data rate of nodes.
An alternative approach is to use Time Division
Multiplexing, where a fixed time slot is allocated
for every node to transmit its data.
 Routing attacks
Intermediate nodes can add, modify, delete or
unnecessarily delay the forwarding of packets
a node can launch routing table overflow attack by
sending huge volume of false routes to overflow the
neighbors
A malicious node can poison the routing cache of
neighbors by advertising false routes that can be heard
by neighbors to update their routing tables.
During route maintenance phase, an attacker can send
fake route error messages that can cause the initiation
of expensive route maintenance operation
 In black hole attack, a node shows its interest
in forwarding a packet towards a destination
during route discovery phase. The attacker
rushes during route discovery to ensure a
route is established through it. Later on in the
forwarding phase, it drops the packet
intended for the destination. A more severe
form of attack is when the malicious node
tempers the packet as well.
 In a wormhole attack, an attacker creates a
tunnel with another attacking node. All the
packets through the first attacker are tunneled to
the second attacking node which then sends the
packet through normal path ahead. These attacks
can compromise the currently on-demand
routing protocols.
In byzantine attack, an individual or a set of
colluding nodes works in cooperation to perform
attacks like dropping or modifying packets,
creating routing loops, poisons the cache etc.
 Solutions
A temporal leash specifies the time a packet
should take to reach to the destination, thus
avoiding wormhole attacks. Specialized routing
protocols have been proposed to resolve
modification (SEAD), replay (SRP) and repudiation
attacks (APALLS) etc. in MANET.
Various network intrusion detection systems have
been proposed that detects malicious actions on
the network and isolate the identified intruders
on the network.
 Transport Layer attacks
Nodes can launch acknowledgment spoofing attacks by
generating false acknowledgment with large window size.
The source will then send data corresponding to the size of
window which can cause congestion as well as exhausting
the resources of victim.
Other forms of attacks can be done by acknowledgment
replay, jamming acknowledgments, sequence number
alteration, connection request spoofing.
The Transport Layer Security (TLS) / Secure Socket Layer
(SSL) are generally recommended for securing transport
layer communication. TLS/SSL is based on public key
cryptography and it helps in preventing masquerading and
replay attacks.
 Application Layer Attacks
There are threats by malicious software
(viruses, worms, Trojan) as well as from
insider nodes.
 Security attacks on MANET
Passive Attacks Active Attacks Solutions
Physical Layer Signal Jamming Spread Spectrum
MAC layer disruption, Error Correcting
Link Layer
adversarial attack Codes
Wormhole, Blackhole,
Location Byzantine, Resource
Secure Routing
Network Layer Disclosure Consumption, Routing Table
Eavesdropping Protocols
Attack Overflow, Cache Poisoning,
Traffic analysis
Rushing attacks etc.
and monitoring
Securing transport
protocol using public
Transport Layer Session Hijacking
key cryptography
(TLS, SSL)
Application Layer Repudiation, Viruses Firewalls, IDS
Secure Routing Protocol
 Secure Routing Protocols
protocols based on exploiting routing header
information to identify malicious activities in the
network
protocols based on cryptographic technique to
protect routing header
protocols exploiting redundancy of routing Layers
protocols based on trust information to identify
malicious activities in the network
protocols that maintain anonymity of routing
entities
 Protocols Based on Routing Header
Information
In case of normal routing operations,
subsequent packets must have a higher
sequence number. If a packet sequence
number is less than previously received
packet, misbehavior is suspected.
 A black hole attack can be recognized by analyzing the
distribution of the sequence number in normal and
anomalous state of the network.
A feature vector is devised that comprises of number of
sent routing requests, number of replies, average
difference of sequence number when the request was sent
and when it is received. Using a training data set, an attack
model is devised. The mean value of the feature vector is
calculated using the training data.
The Euclidean distance of an input sample from the mean
vector is calculated. If the distance is larger than a
threshold value, it is classified as a black hole attack. At
repeated intervals, the model is updated using previous
interval data as a training dataset.
 In another approach, if the sequence number is higher
than a threshold, the node is marked as blacklisted. In
this case, an ALARM message is generated to notify
other nodes. To penalize the black listed node, the
routing tables of the node are neither updated nor are
their messages forwarded. To calculate the threshold
value, the difference between sequence number of
RREP packet and the value in the routing table is first
calculated. The average of this difference value is set to
the threshold value. The threshold value is updated as
soon as a new RREP is received. In this way, the model
detects the black hole as well as prevents the attack in
some cases.
 Cryptography based Approaches
Secure Ad hoc On-Demand Distance Vector
routing (SAODV) is an asymmetric
cryptographic approach that is based on
signing the non-mutable fields of AODV
routing request headers. Intermediate nodes
verify that the fields have not changed before
creating a reverse route. After verification, the
node broadcasts the request to neighboring
nodes. Similar procedure is applied during the
RREP message.
 Authenticated Routing for Ad hoc Networks (ARAN) is a public key
cryptography approach for providing secure routing in MANET.
Every node has a certificate issued by a trusted third party. For
route discovery, a node generates a request packet called RDP
comprising of the IP of the destination, source certificate, a nonce
and current time, signed by the source private key. The
intermediate nodes verify the signature using the previous nodes
certificate (that is carried along with the request), sign the received
message with their private key and append their own certificated
with the message and rebroadcast. The destination generates a
reply REP along the reverse route. The REP is signed by a node
before it is forwarded to next node. The next node will verify the
signature using the certificate of the previous node.
 Protocols Exploiting Redundancy of
Routing Layers
These protocols make use of redundancy
(multiple routing paths, routing protocols etc.)
to ensure the delivery of a routing message
through a safe path
In AODV, during route discovery, the node
waits for more than one RREP through
different paths. From the redundant paths,
the source extracts common hops and then
constructs a safest path to route the message.
 SPREAD
A slightly different strategy has been used in SPREAD. The
original routing message is first decomposed into small
shares using threshold secret sharing algorithm. Multiple
paths towards the source are then determined using an on-
demand routing algorithm. The routes are selected keeping
into consideration the security levels of the node. The
shares of the message are then transmitted towards the
destination through these routes. At the destination,
different shares of the message are then combined to
generate the original message. By using the threshold
secret sharing algorithm, it is ensured that if some share
gets corrupted by malicious nodes, the whole message can
still be reconstructed.
 One solution proposes a scheme that employs
multiple routing protocols. As different
routing protocols are prone to different types
of attacks, the idea proposed is to switch the
routing protocol upon a particular type of
attack detected on the network
 Protocols based on Trust Models
These approaches are based on maintaining trust information about other
nodes on the network. Un-trusted nodes are disregarded during routing
operation.
The most secured route is selected based on the nodes trust value
A node maintains the trust value of other nodes based on the packets
exchanged and dropped by the nodes.
Associations between nodes are thus defined. The association value can
be un-known (low trust), known (nodes have exchanged some messages
and have moderate trust) and companion (high trust levels as nodes have
exchanged lot of message in past).
During route discovery, multiple route replies are received from the nodes,
as in DSR. The route replies are sorted by trust ratings. The most trusted
route is then selected by the source node based on the trust values of the
intermediate nodes.
 One solution proposed a trust model for secure routing. The trust vector is
based on nodes experience, knowledge and recommendation of some
other node x in the network.
The experience is defined as the ratio of the number of packets forwarded
by x to the number of packets transmission x is responsible for.
The knowledge parameter is the probability that the data packet will be
successfully transmitted between the nodes. The recommendation
parameter is based on the recommendation information about x provided
by other nodes of the network.
Based on these parameters, a trust routing scheme has been proposed.
During route discovery, a node sends the trust information about
preceding node along with route request. This ensures the spread of trust
information across the whole network. Using the available trust
information, the proposed approach ensures the selection of a route with
the highest trust value.
 One solution presents a secure routing scheme using trust
levels. The ratio of the difference between beacons
received and transmitted to the beacons received by the
node is calculated.
Based on this ratio, the nodes are sorted in descending
order. The first one third of the nodes in the list is classified
as ally, the next one third as associate and the last as
acquaintance.
During routing, a node selects the best neighbor (with the
same trust level) and sends it the packet. The neighbor
then selects the best node (with the same trust level) and
propagates the request ahead. This process continues until
the packet is received by the destination.
 Anonymous Routing
The routing messages are repeatedly
encrypted like layers of onions. The
intermediate nodes remove a layer of
message, see the routing instructions and
forward the message to next nodes. In this
way, anonymity of the routing entities is
preserved.
Key Management in MANET
 Key Management
We define key management as the process of
establishment and maintenance of keying
relationship among the entities of the
network. A key management solution can
employ a centralized certification authority
(CA) for key agreement and transport. A
distributed CA can also be used where a
private key is distributed to a set of nodes on
the network, while the public key is known to
all the nodes.
 Approaches based on organizing the nodes as
clusters
Approaches based on identity based
cryptography
Approaches based on certificate chaining
Approaches exploiting multicasting for key
management
 Cluster-based Approaches
In this approach, the whole network is divided
into clusters. This reduces the storage and
communication overhead.
Every cluster head node maintains a CA
information table containing details about the
certification authority in the local cluster (and
optionally other clusters). Any node in the cluster
inquires the cluster head about the whereabouts
of the CAs when it wants some certification
services.
 Identity Based Approaches
In these approaches, the public key of the users
are the derived from their identities and thus
eliminates the need for public key distribution.
In an identity based system, there is a master
public/private key for the whole system. During
encryption, the master key of the system, id of
the node and the corresponding message is
provided to get a cipher text. During decryption,
the master public key, the private key of the node
and the cipher text is provided to get the actual
text.
Certificate Chaining based Approaches
In this approach, the source node sends a message to
neighbors that it directly trusts. The directly trusted
node appends the certificate of the source to the
routing request and forwards it to the node that it
directly trusts.
This process continues until the message is received by
the destination. The receiving node has the whole
chain of certificate appended in the message that can
be used to recover the public key of the source. The
destination then replies the packet through the reverse
route. The intermediate nodes append the certificate
of the destination node and propagate the message
ahead.
 Multicasting based Approaches
These key management approaches are based
on utilizing multicast structures for key
distribution and maintenance in a multicast
network.
Intrusion Detection System
 Intrusion Detection System
Intrusion Detection Systems (IDS) are the second
line-of-defense once an intruder has entered into
the system after breaking the primary security
mechanisms.
An intrusion is defined as any type of activity
considered that attempts to compromise the
security objectives.
An IDS is defined as a system comprising of the
mechanisms intended to detect an intrusion,
identify the source of intrusion and then isolate
this source from the network.
 Standalone, Cooperative and
Hierarchical IDS
In standalone systems, a node works without any
communication with other nodes and relies on a self-
contained approach for detecting malicious activities.
In a cooperative system, every node runs an IDS system.
The nodes analyses the behavior locally to identify
intrusion. Global Intrusion can be identified by nodes
collaborating and sharing information with each other.
In hierarchical IDS, the nodes are structured in a hierarchy
and the whole network is divided in to cluster. There is a
head for each cluster. An intrusion detected by a node is
communicated to its cluster head. A cluster head can
launch global response.
 Cross Layer Intrusion Detection
A cross-layer IDS system combines information from various
layers to perform the identification of intruders.
CRADS is a cross-layer IDS for routing attacks identification.
As the cross-layer information from various layers leads to
large feature sets, various feature reduction techniques are
exploited. Using associations, various features are
correlated to give a reduced set of features. Then,
feedback-based filtering is used to remove uninformative
and redundant information. The resultant features are then
trained using Support Vector Machines (SVM).
SVM is a non-linear pattern recognition algorithm that
outputs the decision boundary between normal and
abnormal behavior. The simulation results illustrate the
supremacy of the proposed system.
 Game Theoretic Approaches
Game theory has also been employed in intrusion
detection systems.
In a game theory problem, different competing entities
interact with each other to achieve their objectives.
One of the approch modeled the interaction between
attacker and IDS through a two player non-cooperative,
non zero-sum model. The pure strategy for the IDS is to
monitor for some percentage of time or not. The pure
strategy for the intruder is to attack for some time or
not. The game is solved using Nash Equilibrium mixed-
strategy pair
 Evolutionary approaches
Evolutionary approaches are the light weight solution
for intrusion detection. Hence, they are suitable for the
resource constrained MANET environments.
One solution presented genetic programming approach
towards IDS in MANET. In genetic programming, a set
of candidate solutions are evolved towards the target
solution. During each step, the current candidate
solutions are cross-over and mutated to generate new
solutions. The new solutions are evaluated against a
fitness function. Those solutions that passed the
fitness criteria are selected as candidate solution and
next iteration is iterated. The process is repeated until
the termination criterion is satisfied.
 Immune Inspired Approaches
The self-healing property of human immune system has
been exploited in some research for detection of intruders.
The motivation to use the immune approach is the
distributed and autonomous nature of MANET similar to
human immune systems.
One of the solution proposed a biologically inspired tactical
infrastructure (BTSI). There is a small kernel running on
every node. Similar to biology, the notion of damage is
introduced. A damage is defined when an application is not
getting what is expected from a source. BTSI sends damage
notifications to other nodes. A reputation value is thus
maintained by every node. Using machine learning
techniques, state of the network in future is predicted,
based upon reputation and changes in past.