Security and privacy issues of mobile ad hoc networks

Page 1

Security and Privacy issues of Mobile Ad-Hoc Networks

Introduction: This assignment based upon security and privacy issues of mobile ad-hoc nettwork. Background Ad hoc networks are a new standard of wireless communication for movable hosts (which is called nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centres. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology [1]. Figure 1.1 shows such an example: initially, nodes A and D have a direct link between them. When D moves out of A’s radio range, the link is broken. However, the network is still connected, because A can reach D through C, E, and F.

F

F

E

E D D

C

C

A

B

A

B Figure 1.1: Topology change in Ad hoc networks.

Nodes A, B, C, D, E, and F constitute an ad hoc network. The circle represents the radio range of node A. The network initially has the topology in (a). Node D moves out of the radio range of A, the network topology changes to the one in (b).

Challenges against Ad-hoc Networks The salient features of Ad hoc networks pose both challenges and opportunities in achieving these security goals. First, use of wireless links renders an ad hoc network susceptible to link attacks ranging from passive eavesdropping to active impersonation, message reply, and message distortion. Eavesdropping might give an adversary access to secret information, violating confidentiality. Active attacks might allow the adversary to delete message, to inject erroneous message, to modify message, and to impersonate a node, thus violating availability, integrity, authentication, and non-repudiation. Secondly, node, roaming in a hostile environment with relatively poor physical protection, has non-negligible probability of being compromised. Therefore, we should not only consider malicious attacks from outside a network, but also take into account the attacks launched from within the network by compromised nodes. Therefore, to achieve high survivability, ad hoc networks should have a distributed architecture with no central entities. Introducing any central entity into our security solution could lead to significant vulnerability, that is, if this centralized entity is compromised, then the entire network is subverted. Thirdly an ad hoc network is dynamic because of frequent changes in both its topology and its membership. Trust relationship among nodes also changes, for example, when certain nodes are detected as being compromised. Unlike other wireless mobile networks, such as mobile IP, nodes in an ad hoc network may dynamically become affiliated with administrative domains. Any security solution with a static configuration would not suffice. It is desirable for our security mechanisms to adapt on the fly to these changes [6]. Finally, ad hoc network may consist of hundreds or even thousands of nodes. Security mechanisms should be scalable to handle such a large network.

Properties of Ad Hoc Networks Wireless mobile ad hoc networks have significant properties which are as follows: Dynamic Network Topology Each node in ad hoc network is free to move randomly. This feature makes the network topology change unpredictable. Also an ad hoc network may be comprised of both bi-directional and unidirectional links [3]. Thus using ad hoc networks could augment mobility and flexibility of nodes in the network [3]. Even though the network topology varies, connectivity in the network should be maintained to allow applications and services to operate without disruption. In particular, this characteristic will affect the design of routing protocols. In addition, a user in an ad hoc network will require access to a fixed network, such as the Internet, even if nodes are mobile. This needs mobility management functions allowing network access for devices located several radio hops away from a network access point [3]

Bandwidth-limited and Fluctuating Capacity Link Wireless links will remain to have substantially lower capacity compared to their hardwired counterpart [03]. Beside the throughput of wireless communication in real environments is often much less than a radios maximum transmission rate, because there may be the effects of multiple accesses, fading, noise, and interference condition and so on. The effects of high bit error rates may be more severe in a multi-hop Ad hoc network, because the aggregate of all link errors affects a multi-hop path. Moreover, more then one end-to-end route can use a given link if the link were to break. This could disrupt several sessions. However, efficient function for link layer protection, such as forward error correction (FEC) and automatic repeat request (ARQ), can significantly improve the link quality [3]. Low –power and Resource Limited Operation In most cases, the network nodes in a wireless Ad hoc network may depend on batteries or other exhaustible means for their energy [3]. This feature makes the power budget tight for all the power-consuming components in a mobile device. For example, this will after CPU processing, memory size and usage, signal processing, and transceiver output/input power [3]. For these nodes, energy conservation should be consider for the optimization as a key system design criterion [3] Constrained Physical Security In general, mobile wireless networks more likely to be vulnerable to physical security threats than are fixed-cable nets. For example, there is the increased possibility of eavesdropping, spoofing, and denial of service attack that should be carefully considered. Often current link security techniques are applied to wireless networks security threats [3]. Decentralized Network Control As an advantage, the decentralized nature of network control in mobile Ad hoc networks supports extra robustness against the single points of failure of more centralized approaches [3]. Complexity of Ad Hoc networking Despite the fact that the management of the physical layer is of fundamental importance, there has been very little research in this area; node in mobile Ad hoc networks are confronted with a number problems, which in existing mobile networks are solved by base stations. The solution space range from hierarchical cell structures is completely Ad hoc stochastic allocations. Power management is of paramount importance. General strategies for saving power need to be addressed, as well as adoptions to the specifics of nodes of general channel and source coding methods, ratio resource management and multiple accesses.

Mobile Ad hoc networks do not rely on one single technology, instead they should be able to capitalize on technology advances. One challenge is to define a set of abstractions that can be used by the upper layers and still not preclude the use of new physical layer methods as they emerge. Primitives of such abstraction are, for example the capabilities and covering ranges of multicast and nicest channel. Information such as node distribution, network density, link failures etc, must be shared among layers and the MAC layer and the network layer need to collaboration order to have a better view of network topology and to optimize the number of message in the network. Mobile ad hoc networking has the unique characteristics of being totally independent from any authority of infrastructure, providing great potential for the users. In fact roughly speaking, two or more users become ad hoc network simple by being close enough to radio constrains, without any external intervention. Moreover, telecommunication networks are expected to grow with the advent new application. Although in the past telecommunication networks were suited and developed as separate building blocks, for users of mobile ad hoc networks interaction between higher layers and low layers is essential. The network can be highly dynamic, implying that traditional routing algorithms will either not stabilize or will generate many routing updates and rapid response to topology change is needed [36]. Objective In ad hoc network, providing security is a challenging task. Because, wireless medium is lack of central control and dynamic topology. Our objective in this thesis is to provide a group member authentication protocol, which can improve the security of ad hoc network. When new node comes to connect in network then the new node needs to maintain some procedure for becoming a new member of the network. For that reason in this thesis, some verification process has been designed and implemented for a new node. After this verification, a new node is allowed to become a new member in the network. To ensure the group member authentication in secure way our objective is to design and implement the protocol which is known as Zero Knowledge Proof and Threshold Cryptography. This will ensure the authentication of a new member node in the network. Methodology In our thesis it has been implemented group member authentication protocol. For improving security by group member authentication protocol it has been implemented threshold cryptography, zero knowledge proof and broadcast message send request to member of the network, which is known as Shareholder through multicast channel. The overview methodologies of our group authentication protocol are described below: Distributor who gives secret to the members acts as a networks administrator for ad hoc network. It distributes share key to every member of this ad hoc network. After completing the distributions of share key to the share holders of the network when network is established, distributor doesn’t exist in this network. Shareholder stores there own key and listens for new node to join this network. New nodes, which want to join in the network, send a joining request through multicast channel. Multicast channel broadcast this request to all the member of this network. Shareholders send

their acknowledgment to requested node that “I am share holder, this is my address”. Address is basically an IP, port no. When new node gets acknowledgement from shareholders then it select‘t’ number of shareholders. ‘t ‘ is a threshold value of this ad hoc network. New node establish a zero knowledge proof session for‘t’ number of share holders simultaneously. Zero knowledge proof session ensure the authentication of a node of that network. After getting ‘t’ number of shared key from share holder’s new node can generate the secret key. Secret key is essential key to becoming a member of this ad hoc network. Outline of Research In this section is mentioned chapter wise over all outline of our research methodology. Chapter 2 is related works where mentioned basic concepts of ad hoc networks, types of ad hoc networks, features and application of ad hoc networks, and finally also mentioned some advantages and disadvantages of ad hoc networks. Chapter 3 is security issues where discussed about the security requirements of mobile ad hoc networks, vulnerabilities, various types of attacks and threats of mobile ad hoc networks, and some problems to provide security to mobile ad hoc networks. Chapter 4 is security in routing protocol of ad hoc networks which described some well known ad hoc routing protocols that is necessary to make the routing decision and also their existing problems. Chapter 5 is proposed group authentication protocol where depicted some idea to a new proposed protocol which is the security part of the Ad hoc network and will be able to improve the security of the ad hoc network. And finally the Chapter 6 is our conclusion part where we gave some opinion and also shared our idea for future. Summary In this chapter, ad hoc network background, security emergence, our objective, methodology and also outline of this thesis project are discussed. In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching canters. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology. Security is an important issue for ad hoc networks, especially for the securitysensitive applications. To secure an ad hoc network, it has been considered the following attributes: availability, confidentiality, integrity, authentication, and nonrepudiation. Achieving security within ad hoc networking is challenging due to some reasons are eavesdropping in channel, vulnerability of nodes, absence of infrastructure, changing topology dynamically, man in middle attack etc.

Related Work

Ad hoc networks consist of mobile nodes interconnected by wireless multi-hop communication paths. Unlike conventional wireless networks, ad hoc networks have no fixed network infrastructure or administrative support. The topology of such networks changes dynamically as mobile nodes join or depart the network or radio links between nodes become unusable. Supporting appropriate quality of service for mobile ad hoc network is a complex and difficult task because of the dynamic nature of the network topology. This chapter presents the basic concepts of ah hoc network, features of ah hoc network, types of ah hoc network, application and, advantages and disadvantages of ad hoc network. Introduction An ad-hoc or short-live network is the network of two or more mobile devices connected to each other without the help of intervening infrastructure. In contrast to a fixed wireless network, an ad-hoc network can be deployed in remote geographical locations and requires minimum setup and administration costs [1]. Moreover, the integration of an ad-hoc network with a bigger network-such as the Internet-or a wireless infrastructure network increases the coverage area and application domain of the ad-hoc network. However, communication in an ad-hoc network between different hosts that are not directly linked is an issue not only for search and rescue operations, but also for educational and business purposes [6]. The main aim of this chapter is to give an overview about mobile ad hoc networks. The rest of the chapter is organized as follow: Section 2.2 presents basic concepts of ah hoc network, while the types of ah hoc networks is presented in Section 2.3. Section 2.4 presents the features of ah hoc network, while the application of mobile ah hoc networking is presented in Section 2.5. The benefits of ad hoc network are presented in Section 2.6, while the Section 2.7 presents the drawbacks. And finally, some concluding remarks are presented in Section 2.8. Basic Concepts of Ad Hoc Networks The term Ad hoc Networking describes an automatic communications structures with a dynamic topology and self- organizing capability. The main idea behind ad hoc networks is that each node acts both as a host and as a router. Nodes that cannot establish a point-to-point connection because they are too distant relay packets to intermediate nodes which act as routers. Packets travel from the source to the destination hopping from node to node in a multi-hop fashion. Nodes that can communicate directly are called neighbours [4]. The Figure 2.1 shows the block diagram of mobile node acting both as host and as a router.

Host

Host

Host

Router

Figure 2.1: Block diagram of mobile node acting both as host and as router.

Ad hoc networks do not need any fixed, pre-existing infrastructure (e.g. base stations), therefore it can be deployed everywhere, at any time, quickly and without any cost. Due principally to the lack of any centralized infrastructure, ad hoc networks are difficult to design, may not be reliable, and cannot guarantee an exhaustive coverage: nodes may not be reachable and the network may be partitioned [4]. Ad hoc networks are dynamic networks. Nodes are free to move and network topology is always changing. Rapidity of topological changes is one of the biggest issues to take into consideration while designing an ad hoc network and fast changes are the main cause of performance deterioration. In other definition, a mobile ad hoc network (MANET) is a set of wireless mobile nodes that cooperatively form a network without specific user administration or configuration [5]. Figure 2.2, shows a simple ad-hoc network with three nodes. The outermost nodes are not within transmitter range of each other. However the middle node can be used to forward packet between the outermost nodes. The middle nod is acting as a router and the three nodes have formed an ad-hoc network.

Figure 2.2: Basic infrastructure of ad hoc network.

Types of Ad hoc Networks Wireless Ad hoc networks have two major types-one is called Mobile Ad hoc Networks (MANETs) and another one is called Wireless Ad hoc Sensor Network, which can be describe as follows: Mobile Ad hoc networks (MANETs) A mobile ad hoc network (MANET) is a type of wireless ad hoc network, and is a selfconfiguring network of mobile devices connected by any number of wireless links.

Every device in a MANET is also a router because it is required to forward traffic unrelated to its own use. Each MANET device is free to move independently, in any arbitrary direction, and thus each device will potentially change its links to other devices on a regular basis. The primary challenge for building a MANET is for each device to continuously maintain the information required to properly route traffic [7]. Such networks may operate in a standalone fashion, or may be connected to the larger Internet. MANET are special cases of several other types of wireless and mesh networks, but have some key differences, at least in common usage, as listed below: • • •

Wireless ad hoc networks - MANET are a type and subset of ad hoc networks, but MANET usually implies the creation of a routable networking environment on top of a Link Layer ad hoc network. Mesh networks - MANET are a subset of mesh networks, but many mesh networks are not mobile or are not even wireless (e.g. BGP). Wireless mesh networks - As above, MANET are a subset of wireless mesh networks, but many mesh networks are not mobile and are not designed to support mobility [4].

MANET is sometimes referred to as mobile mesh networks. MANETs have become a very popular research topic since the mid- to late 1990s due to the increasing availability of laptops and 802.11/Wi-Fi wireless networking. Many of the academic papers evaluate protocols and abilities assuming varying degrees of mobility within a bounded space, usually with all nodes within a few hops of each other, and usually with nodes sending data at a constant rate [4]. Different protocols are then evaluated based on the packet drop rate, the overhead introduced by the routing protocol, and other measures. MANET can also be classified into three major types, which are: • • •

Vehicular Ad Hoc Networks (VANET) Intelligent vehicular ad hoc network (InVANET) Internet Based Mobile Ad-hoc Networks (iMANET)

Vehicular Ad Hoc Networks (VANET) A Vehicular Ad-Hoc Network, or VANET, is a form of Mobile ad-hoc network, to provide communications among nearby vehicles and between vehicles and nearby fixed equipment, usually described as roadside equipment [12]. The main goal of VANET is providing safety and comfort for passengers. To this end a special electronic device will be placed inside each vehicle which will provide Ad-Hoc Network connectivity for the passengers. This network tends to operate without any infra-structure or legacy client and server communication. Each vehicle equipped with VANET device will be a node in the Ad-Hoc network and can receive and relay others messages through the wireless network. Collision warning, road sign alarms and in-place traffic view will give the driver essential tools to decide the best path along the way [4 12].

There are also multimedia and internet connectivity facilities for passengers, all provided within the wireless coverage of each car. Automatic payment for parking lots and toll collection are other examples of possibilities inside VANET. Most of the concerns of interest to MANets are of interest in VANets, but the details differ. Rather than moving at random, vehicles tend to move in an organized fashion. The interactions with roadside equipment can likewise be characterized fairly accurately. And finally, most vehicles are restricted in their range of motion, for example by being constrained to follow a paved highway [4]. Intelligent Vehicular Ad Hoc Networks (InVANET) Intelligent vehicular ad hoc networks (InVANETs) use WiFi IEEE 802.11 and WiMAX IEEE 802.16 for easy and effective communication between vehicles with dynamic mobility. Effective measures such as media communication between vehicles can be enabled as well methods to track automotive vehicles. InVANET is not foreseen to replace current mobile (cellular phone) communication standards [6]. Automotive vehicular information can be viewed on electronic maps using the Internet or specialized software. The advantage of WiFi based navigation system function is that it can effectively locate a vehicle which is inside big campuses like universities, airports, and tunnels. InVANET can be used as part of automotive electronics, which has to identify an optimally minimal path for navigation with minimal traffic intensity [7]. The system can also be used as a city guide to locate and identify landmarks in a new city. Communication capabilities in vehicles are the basis of an envisioned InVANET or intelligent transportation systems (ITS). Vehicles are enabled to communicate among themselves (vehicle-to-vehicle, V2V) and via roadside access points (vehicle-toroadside, V2R). Vehicular communication is expected to contribute to safer and more efficient roads by providing timely information to drivers, and also to make travel more convenient [6 7]. The integration of V2V and V2R communication is beneficial because V2R provides better service sparse networks and long distance communication, whereas V2V enables direct communication for small to medium distances/areas and at locations where roadside access points are not available. Currently there is ongoing research in the field of InVANETs for several scenarios. The main interest is in applications for traffic scenarios, mobile phone systems, sensor networks and future combat systems. Recent research has focused on topology related problems such as range optimization, routing mechanisms, or address systems, as well as security issues like traceability or encryption [12]. In addition, there are very specific research interests such as the effects of directional antennas for InVANETs and minimal power consumption for sensor networks. Most of this research aims either at a general approach to wireless networks in a broad setting or focus on an extremely specific issue. Internet Based Mobile Ad Hoc Network (iMANET) Internet Based Mobile Ad-hoc Networks (iMANET) are basically Networks in which Mobile Nodes (ad-hoc network) and Fixed Nodes (for providing internet) are present.

Fixed nodes are gateways. In such type of networks normal ad-hoc routing algorithms don't apply directly [4]. Mobile Ad hoc Sensor Networks A mobile Ad hoc sensor network consists of a number of sensor spread across a geographical area. Each sensor has wireless communication capability and some level of intelligence to process signals and to transmit data. Unlike typical sensor networks, which communicate directly with the centralized controller, a mobile ad-hoc sensor network follows a broader sequence of operational scenarios, thus demanding a less complex setup procedure. In order to support routed communications between two mobile nodes, the routing protocol determines the node connectivity and routes packets accordingly. This makes a mobile ad-hoc sensor network highly adaptable so that it can be deployed in almost all environments [3]. Mobile ad-hoc sensor networks are very beneficial in different scenarios. These networks advance operational efficiency of certain civilian applications. For example, in a military operation, it can be used to gather information about enemy location, movement, etc. As a mobile traffic sensor networks, it can be used to monitor vehicle traffic on motorways, and as a mobile surveillance sensor network, it can be used for providing security in various places such as shopping malls, hotels, and in other similar facilities. Mobile ad-hoc sensor networks can also be use to locate free and occupied spots in a parking area and to monitor environmental changes in places like forests, oceans, etc [3 4]. Two ways to classify mobile Ad hoc sensor networks are whether or not the nodes are individually addressable, and whether the data in the network is aggregated. The sensor nodes in a parking lot network should be individually addressable, so that one can determine the locations of all the free spaces. This application shows that it may be necessary to broadcast a message to all the nodes in the network. If one wants to determine the temperature in a corner of a room, then addressability may not be so important. Any node in the given region can respond. The ability of the sensor network to aggregate the data collection can greatly reduce the number of message that need to be transmitted across the network [3]. The mobile ad-hoc sensor network is a new invention with long-term potential for transforming our daily lives. In mobile ad-hoc sensor networks, each host may be equipped with a variety of sensors that can be organized to detect different local events. Moreover, an ad-hoc sensor network offers low setup and administration costs. We can expect to see their deployment on a wide scale in the near future [4]. Features of Ad Hoc Network Wireless, or single-hop networks, until recently were based on a fixed structure, basically network nodes communicating to fixed infrastructure. Mobile ad-hoc networking offers multi-hop communication, in effect network nodes communicating via other nodes. So, we find some features of Ad hoc network, which can be describe as follows:

Mobility Mobile ad-hoc networks are highly dynamic. Node mobility introduces certain scalability problems in mobile ad-hoc network protocols. When network topology changes frequently, control messages have to be sent between nodes so that new routes are found and propagated throughout the network. Rapid deployment in areas with no infrastructure often implies that the users must explore an area and perhaps form team that in turn coordinate among themselves to create a taskforce or a mission [1]. We can have individual random mobility, group mobility, motion along replanned router etc. The mobility model can have major impact on the selection of a routing scheme and can thus influences performance. Self Organization Since network infrastructure is not available, the nodes must organize and maintain the network by themselves. Node is both a host and a router .A node may want to connect to a node that is out of single-hop distance, thus routing function is necessary for each node since there is no infrastructure support [7]. Moreover, the ad hoc network must autonomously determine its own configuration parameters including: addressing, routing, clustering, position identification, power control etc. In some cases, special nodes (e.g. mobile backbone nodes) can coordinate their motion and dynamically distribute in the geographic area and provide coverage of disconnected island. Network Topology Topology changes when nodes are mobile, new nodes join in, some nodes leave, or some routes break down. Frequent, temporary, and unannounced loss of network connectivity is common [7]. In such environments, it's reasonable to expect that when topology changes happen there might be a short period where a lot of control messages will propagate across the network to distribute the new destination paths. Therefore, the protocol designer should make provision for highly dynamic and fast adapting algorithms that minimize control messages, and attempt to utilize long-lived routes to the maximum extent. Minimising control messages is also essential, because of the additional load they place in the bandwidth-constrained wireless links. There's at least an order of magnitude difference between wired and wireless data rates, with the former having a standardised 100 megabits/sec in a local Ethernet, and the latter having a nominal bit rate of 10Mbit/sec in the best case. The techniques used to reduce control messages must strike a balance between the minimum amount of messages and flooding the network each time the topology changes by keeping network state information in each node [7]. The former has the side effect that in an ever changing network topology, stale routes will appear often. While when the latter is applied to a network containing nodes with high rate of mobility, it might result in control messages consuming all the available bandwidth. This could also lead to very slow network convergence where nodes contain either incomplete or out-of-date views of the network topology.

Multi-hop Since each node can route traffic for the others, multi-hopping is possible. No default router available, every node acts as a router and forwards each other’s packets to enable information sharing between mobile hosts, Capacity of wireless technologies etc [6]. Multi-hopping is a desirable capability in ad hoc network because single-hop ad hoc network does not scale large, thus limiting the communications among the node [7]. Moreover ad hoc network exhibits multi-hops for obstacle negotiation, spectrum reuse, and energy conservation. Power Constraint Most ad hoc nodes (e.g. laptops, PDAs, sensors, etc.) have limited power supply and no capability to generate their own power (e.g. solar panels). Since nodes can be mobile, it cannot be line-powered but instead batteries power it [8]. Saving battery power in the participating nodes of a mobile ad-hoc network is an important challenge. In many kinds of mobile ad-hoc networks, mobile nodes usually rely on exhaustible means for providing energy, such as batteries. For these nodes, energy conservation suddenly becomes an important design decision. Nodes with low battery power may decide to enter a power saving mode when they having nothing to send, or until another high priority event is generated. This behaviour might affect the way the whole network is operating, since each node is responsible for forwarding another node's packets in addition to its own. If nodes decide to become "selfish" and break the collective and cooperative nature of mobile ad-hoc networking by not forwarding another node's data, the mobile ad-hoc architecture is endangered. A multitude of other problems and design trade-offs are concerned with power utilization in such networks, and this particular area is becoming the focus of increased attention [8]. Variation in Scale Design constraints that are specific to ad hoc net- working Autonomous and infrastructure-less. MANET does not depend on any established infrastructure or centralized administration. Each node operates in distributed peer-to-peer mode, acts as an independent router and generates independent data. Network management has to be distributed across different nodes, which brings added difficulty in fault detection and management Multi-hop routing .No default router available [7]. Peer-to-Peer Direct communication between peers is mandatory. This means that the piece of software forming an ad hoc application has to interact directly, without using a central server. A physical infrastructure has no impact on the fulfilment of this aspect [7]. Collocation All logical interactions between applications have to result in a physical interaction between users. This is called collocation. It means that in order to be called an ad-hoc application, the service has to be location-based [6].

Heterogeneity Each node may have different capabilities. And in order to be able to connect to infrastructure-based network (to form a hybrid network); some nodes can communicate with more than one type of network. [6].

Application of Ad hoc Networking Ad hoc wireless networks can be used wherever there is a need for establishing a networking environment for a limited duration of time. These networks provide tremendous opportunities and can be used in numerous situations, particularly where a communication infrastructure is nonexistent or difficult to establish within timing constraints. Typical Application Mobile ad hoc networks have been the focus of many recent research and development efforts. So far, ad hoc packer-radio networks have mainly been considered for military applications, where a decentralized network configuration is an operative advantage or even a necessity [1]. In the commercial sector, equipment for wireless, mobile computing has not been available at a price attractive to large markets. However, as the capacity of mobile computers increase steadily, the need for unlimited networking is also expected to rise. Commercial ah hoc networks could be used in situations where no infrastructure (fixed or cellular) is available. Examples include rescue operations in remote areas, or when local coverage must be deployed quickly at a remote construction site. Ad hoc networking could also serve as wireless public access in urban areas, providing quick deployment and exte4nded coverage [2]. The access points in networks of this kind could serve as stationary radio relay stations that perform ad hoc routing among themselves and between user nodes. Some of the access points would also provide gateways via which users might connect to a fixed backbone network at the loca level, ah hoc networks that link notebook or palmtop computer could be used to spread and share information among participants at a conference. They might also be appropriate for application in home networks where devices can communicate directly to exchange information, such as audio-video devices, alarms, and configuration updates. Perhaps the most far-reaching applications is this context are more or less autonomous networks of interconnected home robots that clean, do dished, mow the lawn, perform security surveillance, and so on [1]. Some people have been proposed ad hoc multi-hop networks (denoted sensor networks)-for example, for environment monitoring, where the networks could be used to forecast water pollution or to provide early warning of an approaching tsunami. Short-range ad hoc networks can simplify intercommunication between various mobile devices (such as a cellular phone and a PDA) by forming a personal area network (PAN), and thereby eliminate the tedious need for cables. This could also extend the mobility provided by the fixed network (that is, mobile Internet Protocol, or IP) to nodes further our in an ad hoc network domain. The Bluetooth system is

perhaps the most promising technology in the context of personal area networking [1]. In Personal Area Network (PAN) A network extension seen from the viewpoint of the traditional mobile network, a Bluetooth-based PAN opens up a new way of extending mobile networks into the user domain. Someone on a trip who has access to a Bluetooth PAN could use the General Packet Radio Service/Universal Mobile Telecommunication System (GPRS/UMTS) mobile phones a gateway to the Internet or to a corporate IP network. In terms of traffic load in the network, the aggregate traffic of the PAN would typically exceed that of the mobile phone [10]. In addition, if Bluetooth PANs could be interconnected with scatter-nets, this capacity would be increased. Figure 2.3 shows a scenario in which four Bluetooth PANs are used.

Figure 2.3: Personal Area Network (PAN) scenario

The PANs are interconnected via laptop computers with Bluetooth links. In addition, two of the PANs are connected to an IP backbone network, one via a local area network (LAN) access point and the other via a single GPRS/UMTS phone. A PAN can also encompass several different access technologies distributed among its member devices, which exploit the ad hoc functionality in the PAN. For instance, a notebook computer could have a wireless LAN (WLAN) interface (such as Institute of Electrical and Electronic Engineers [IEEE] 802.11 standards or HiperLAN/2) that provides network access when the computer is used indoors. Thus the PAN would benefit from the total aggregate of all access technologies residing in the PAN devices. As the PAN concept matures it will allow new devices and new access technologies to be incorporated into the PAN framework. It should also eliminate the need to create hybrid devices, such as PDA-mobile phone combination, because the PAN network will instead allow for wireless integration. In other word, it will not be necessary to trade

off form for function. In all the scenarios discussed above it should be emphasized that close-range radio technology, such as Bluetooth, is a key enabler for introducing the flexibility represented by the PAN concept [10]. Search-and-Rescue Applications When we face an unfortunate situation such as an earthquake, hurricane, or similar disaster, ad hoc wireless networks can prove to be very useful in search-and-rescue operations. In general, disasters leave a large population without power and communication capabilities for they destroy the infrastructures. Ad hoc wireless networks can be established without such infrastructures and can provide communications information, and take an action that they are programmed to do. A smart dress may be programmed to monitor certain conditions and vital signs of an individual on a regular basis. This could become very useful for defence personnel in combat situations. The monitored information can be processed, and appropriate action can be taken by the dress, if needed. A smart dress may even be able to indicate the exact location of the problem [10]. Health Care Applications Exchanging multimedia (audio, video, and data) information between a patient and health care facilities is very helpful in critical and emergency situations. An individual who is being transported to a hospital by an ambulance may exchange information using ad hoc communication networks. A health care professional, in many situations, is in a much better position to diagnose and prepare a treatment plan for an individual if he or she has video information rather than just audio or data information [10]. For instance, video information may be helpful in assessing the reflexes and viewing the coordination capability of a patient. Similarly, the level of injuries of a patient can be established better with visual information than with just audio or other descriptive information. Real-time ultrasound scans of a patient’s kidneys, heart, or other organs may be very helpful in preparing a treatment plan for a patient who is being transported to a hospital, prior to his or her arrival in the hospital. Such information can be transmitted through wireless communication networks, from an ambulance to hospital or to other health care professionals who are currently scattered at different places but are converging toward the hospital for treating the patient being transported [1]. Ah hoc wireless networks established within a (smart) home can also be very useful for monitoring homebound patients. Such homes may be able to make some basic decisions (based on information exchanged between various sensors participating in an ad hoc network) that are beneficial to the elderly population. Some of the actions that smart homes can take include monitoring the movement patterns inside a home, recognizing a fall of a human being, recognizing an unusual situation, and informing a relevant agency so that appropriate help can be provided, if needed. The concept of a smart dress, discussed in the subsection on defence applications (above), can also be used to monitor health conditions of patients. Such dresses may become very useful for providing heath care for our elderly population [10].

Academic Environment Applications Most of the academic institutions either already have wireless communication networks or are in the process of establishing such facilities. Such an environment provides students and faculty a convenient to interact and accomplish their mission. Ad hoc wireless networks can enhance such an environment and add many attractive features. For instance, an ad hoc wireless communication network can be established among the instructor and the students enrolled in his/her class. Such a setting can provide an easy and convenient mechanism for instructor to distribute handouts to all the students in the class and also for students to submit their assignments. Sharing information among the class participants can be as easy as click of a key on the keyboard. Due to the aura of mobility attached with the ad hoc wireless networks, such networks can also be established while on a field trip and industrial visits. Staying in touch cannot be any easier than this [10]. Industrial Environment Applications Most industrial or corporate sites have wireless communication networks in place, particularly in manufacturing environments. Manufacturing facilities, in general, have numerous electronic devices that are interconnected. Having wired connectivity leads to cluttering and crowding of space, which not only pose safety hazards but also adversely affect reliability. Use of wireless communication networks eliminates many of these concerns. If the connectivity is in the form of ad hoc wireless communication networks, that adds many attractive aspects, including mobility. The devices can be easily relocated, and the networks reconfigured based on the requirements as they arise. At the same time, communication among various communicating entities can be maintained, and corporate meetings can take place without employees gathering in the same room [10]. Drawbacks of Ad Hoc Networks Medium access control, Routing, security, limited bandwidth, and low power are some of the important challenges to the technology [7]. As far as low power is concerned, it's more of a hardware issue. However, it does effect the other operations of the adhoc network. In this section summarizes the technical problem that faces in ad hoc network mow Medium Access Control A packet collision over the air is much more severe in multi-hop environments than that in wireless LANs. Packet losses due to MAC layer contention will definitely affect the performance of the high layer networking schemes such as the TCP congestion control and routing maintenance because a node does not know whether an error is due to the collision or the unreachable address. It has been shown that multi-hop ad hoc networks perform poorly with TCP traffic as well as heavy UDP traffic [6]. The source of the above problems comes mainly from the MAC layer. The hidden terminals may introduce collision and the exposed terminals may lead to low throughput efficiency. In addition to these two notorious problems, the receiver blocking problem (i.e., the intended receiver does not respond to the sender with CTS

or ACK due to the interference or virtual carrier sensing operational requirements for the other ongoing transmissions) also deserves serious consideration. In facet, this problem becomes more severe in multi-hop environments and results in throughput inefficiency and starvation of some traffic flows or nodes. The next few subsections describe a few problems in multi-hop mobile ad hoc networks when the IEEE 802.11 MAC protocol is deployed [7]. Hidden Terminal Problem

Figure 2.4: Hidden terminal problem

The shared wireless environment of mobile ad hoc networks requires the use of appropriate medium access control (MAC) protocols to mitigate the medium contention issues, allow efficient use of limited bandwidth, and resolve so-called hidden and exposed terminal problems. These are basic issues, independent of the support of QoS; the QoS requirements add extra complexities for the MAC protocols. The issues of efficient use of bandwidth and the hidden/exposed terminal problem have been studied exhaustively and are well understood in the context of accessing and using any shared medium. We briefly discuss the “hidden-terminal” problem as an issue especially pertinent for the wireless networks [7]. Consider the scenario of Fig. 2.4, where a barrier prevents node B from receiving the transmission from D, and vice versa, or, as usually stated, B and D cannot “hear” each other. The “barrier” does not have to be physical; a large enough distance separating two nodes is the most commonly occurring “barrier” in ad hoc networks. Node C can “hear” both B and D. When B is transmitting to C, D, begin unable to “hear” B, may transmit to C as well, thus causing a collision and exposing the hiddenterminal problem. In this case, B and D are “hidden” from each other. Exposed Terminal Problem An exposed terminal is the one within the sensing range of the transmitter but not within that of the receiver. The exposed node senses the medium busy and does not transmit when the transmitter transmits, leading to bandwidth under-utilization.

Figure 2.5: Exposed terminal problem

In Fig 2.5, F is the exposed terminal to A when A is transmitting to B. F senses A’s transmission and keeps silent, although F can transmit to other nodes outside of A’s sensing range without interfering with B’s reception. In fact, in the four-way handshake procedures in IEEE 802.11 MAC, either RTS and CTS or DATA and ACK bidirectional packets are exchanged. Thus, the exposed node of one transmitter-receiver pair is also the hidden node of the other pair. So, in addition to the hidden terminal, the exposed terminal of the transmitter should not initiate any new transmission during the whole transmission process to avoid collision with the short packets ACK or CTS in IEEE 802.11 MAC. Thus, the carrier sensing strategy based on the RTS/CTS handshake will lead to a significant deficiency in spatial reuse [7]. Routing Misbehaviour Routing in mobile ad-hoc networks is achieved through mobile nodes acting as intermediate nodes. These nodes are responsible for receiving and forwarding data packets from one host to another in the network. The absence of a fixed infrastructure makes routing a challenge in a mobile ad-hoc environment. There are also several other issues which have an effect on the overall performance of the mobile ad-hoc network. Some of these issues include bandwidth constraints, hidden terminal problems, security and limited battery power of the participating nodes. These issues are somehow interrelated with the overall routing mechanism. In order to gain a better routing solution, it's almost always required to address these issues in conjunction with the routing problem of the mobile ad-hoc network. Within the traditional routing mechanism, there are also several other issues to consider. For example, a node can become selfish and refuse to forward data packets to other nodes; or the node fails to forward data packets to the destination node. Finally, a node could enter an inactive state because of a limited power supply. These are some of the issues can result in communication breakdowns and can eventually lead us to an abnormal network environment [10].

Limitation of Battery Power Limitation on the battery power of the mobile nodes is another basic issue for ad hoc networking. Limited battery power restricts the transmission range (hence the need for each node to act as a router) as well as the duration of the active period for the nodes. Below some critical thresholds for battery power, a node will not be able to function as a router, thus immediately affecting the network connectivity, possibly isolating one or more segments of the network. Fewer routers almost always mean fewer routes and, therefore, increased likelihood of degraded performance in the network. Indeed, QoS obviously becomes meaningless if a node is not even able to communicate, owing to low battery power. Since exchange of messages necessarily means power consumption, many ad hoc networking mechanisms, especially routing and security protocols, explicitly include minimal battery power consumption as a design objective. Again, power is a costly resource in mobile devices. And networking is one of the most energy consuming operations [8]. According to an experiment by Kravets and Krishnan (1998), power consumption caused by networking related activities is approximately 10% of the overall power consumption of a laptop computer. This figure rises up to 50% in handheld devices! The aim of saving power in infrastructurebased network is to minimize energy consumption in the hosts/nodes. The tactic is to move the communication and computation efforts to the fixed infrastructure, thus keeping the network interface of the devices in inactive or sleep state as long as possible. In ad hoc network every node has to contribute to maintain the network connections. Hence the aim of minimizing energy consumption of each node is inadequate. An additional aim is to maximize network lifetime [8]. Security Problems There are two types of security attack: passive and active. In a passive attack, a malicious node either ignores operations supposed to be accomplished by it (examples: silent discard, partial routing information hiding), or listens to the channel, attempting to retrieve valuable information (example: eavesdropping) [5]. In both cases the malicious node does not insert any message to the network [5]. It is hard to decide ignorance to operations from normal network failures in ad hoc networks. As for active attack, information is inserted to the network and thus the network operation or some nodes may be harmed [7]. Examples are impersonation/spoofing, modification, fabrication and disclosure attack. The security mechanisms to counter the above attacks can be ‘preventive’ by using key-based cryptography, or ‘detective’. Key distribution is at the canter of preventive mechanisms. Explain in the following section. Since no central authority, no centralized trusted third party, and no central server are available in ad hoc network, key management has to be distributed over the nodes. On the other hand, the intrusion detection system (IDS) in detective mechanisms has to monitor and rely on the audit trace that is limited to communication activities taking place within the radio range (i.e. partial and localized information) [7].

Conclusion In Ad Hoc Network basic section, it has been discussed about basic of ad hoc network, feature of ad hoc network, ad hoc application features, benefit of ad hoc network, and draw back of ad hoc network. Ad hoc networks are dynamic networks: nodes are free to move and network topology is always changing. The main idea behind ad hoc networks is that each node acts both as a host and as a router. Nodes that cannot establish a point-to-point connection because they are too distant relay packets to intermediate nodes which act as routers. Packets travel from the source to the destination hopping from node to node in a multi-hop fashion. Nodes that can communicate directly are called neighbours. Ad hoc networks are a new wireless networking paradigm for mobile hosts. Ad hoc networks features are infrastructure, router and self-organizer, network topology, multi-hop, power constraint, variation in scale and heterogeneity. Ad hoc application as a self-organizing application composed of mobile and autonomous devices, interacting as peers and which relationships are made pos-sable because of relative physical distance. More formally, three basic features must be present which are mobility, peer- to-peer, and collocation. In ad hoc network have benefits to the users, communication network operators and service providers. Medium access control, Routing, security, limited bandwidth, and low power are some of the important challenges to the technology. As far as low power is concerned, it's more of a hardware issue. The technical problem, faces in ad hoc network such as medium access control, routing, power conservation, security etc. Ad hoc network is not a one-size-fit-all measure, its’ have some limitations such as- Killer application has not turned out, another is acceptance by users is unclear, scalability remains unknown, and delay caused by multi-hopping. The channel is unprotected from outside signals. Hidden-terminal and exposed-terminal phenomena may occur.

Security Issues In ad hoc networks the communicating nodes do not necessarily rely on a fixed infrastructure, which sets new challenges for the necessary security architecture they apply. In addition, as ad hoc networks are often designed for specific environments and may have to operate with full availability even in difficult conditions, security solutions applied in more traditional networks may not directly be suitable for protecting them. However, MANETs are vulnerable to different attacks due to its fundamental characteristics such open medium, dynamic topology, absence of central administration, distributed cooperation, and constrained capability. In this chapter we introduce security attacks on mobile ah hoc networks as well as some security requirements of ad hoc network.

Introduction Ad hoc networks may be very different from each other, depending on the area of application. For instance in a computer science classroom an ad hoc network could be formed between students’ PDAs and the workstation of the teacher. In another scenario a group of soldiers is operating in a hostile environment, trying to keep their presence and mission totally unknown from the viewpoint of the enemy. The soldiers in the group work carry wearable communication devices that are able to eavesdrop the communication between enemy units, shut down hostile devices, divert the hostile traffic arbitrarily or impersonate themselves as the hostile parties. As can obviously be seen, these two scenarios of ad hoc networking are very different from each other in many ways: In the first scenario the mobile devices need to work only in a safe and friendly environment where the networking conditions are predictable. Thus no special security requirements are needed. On the other hand, in the second and rather extreme scenario the devices operate in an extremely hostile and demanding environment, in which the protection of the communication and the mere availability and operation of the network are both very vulnerable without strong protection [3]. Security is an important issue for ad hoc networks, especially for those securitysensitive applications. To secure an ad hoc network, we consider the following attributes: availability, confidentiality, integrity, authentication, and nonrepudiation .Ad hoc wireless network does not have any predefined infrastructure. Considering this principal to the lack of any centralized infrastructure, difficult to establish security ad hoc networks thus it is obvious that with lack of infrastructural support and susceptible wireless link attacks, security in ad hoc network becomes inherent weakness [3]. The main objective of this chapter is to give an overview of how the area of application affects the security requirements of ad hoc networks. The focus of the discussion is in security issues in MANETs. The rest of this chapter is designed as follows: Section 3.2 introduces to the readers about the vulnerabilities against ad hoc network, while Section 3.3 presents various types of attacks against ad hoc networks. Section 3.4 presents different types of attacks against routing layer of MANETs, where security requirements of MANETs are presented in Section 3.5. Section 3.6 presents some problems to provide security in ad hoc networks. And finally, some concluding remarks are presented in Section 3.7. Vulnerabilities against MANETs While a wireless network is more versatile than a wired one, it is also more vulnerable to attacks. This is due to the very nature of radio transmissions, which are made on the air. On a wireless network, an adversary is able to eavesdrop on all messages within the emission area, by operating in promiscuous mode and using a packet sniffer (and possibly a directional antenna) [3]. Vulnerabilities against ad hoc networks are as follows: •

Easy theft of nodes: Many nodes are expected to be small in size and thus vulnerable to theft. From a routing perspective this means that a node may

easily become compromised. Thus, a previously well-behaving node can unexpectedly become hostile.

Vulnerability to tampering: This difficulty is related to the problem of easy theft. It must not be trivial for example to recover private keys from the device. A less stringent version of tamper proofness is tamper evidence where it is only required that a tampered node can be distinguished from the rest

Limited computational abilities: Nodes can be devices with limited computing power. This may exclude techniques such as frequent public key cryptography during normal operation. However, symmetric cryptography is likely to be feasible in authenticating or encrypting routing message exchanges.

Battery powered operation: Many devices in an ah hoc network are assumed to be battery powered. An attacker may attempt a denial-ofservice attack by creating additional transmissions or expensive computations to be carried out by a node in an attempt to exhaust its batteries.

Transient nature of services and devices: Because an ad hoc network consists of nodes that may frequently move, the set of nodes that are connected to some particular ad hoc network frequently changes. This can create problems for example with key management if cryptography is used in the routing protocol.

Attacks against MANETs Attacks in mobile ad hoc networks can be happened in many ways. These attacks can be classified into two categories-one is active attacks and other is passive attacks, which can be described as follows: Passive Attacks In a passive attack, the attacker does not disrupt the operation of a routing protocol but only attempts to discover valuable information by listening to the routing traffic. The major advantage for the attacker in passive attacks is that in a wireless environment the attack is usually impossible to detect. Furthermore, routing information can reveal relationships between nodes or disclose their IP addresses. If a route to a particular node is requested more often than to other nodes, the attacker might expect that the node is important for the functioning of the network, and disabling it could bring the entire network down [3].

Other interesting information that is disclosed by routing data is the location of nodes. Even when it might not be possible to pinpoint the exact location of a node, one may be able to discover information about the network topology. It is worth noting that in an IP network one cannot defend against these attacks for example by only using IP. The packets still have most of their IP headers in plaintext, and it may not even be feasible to have symmetric keys distributed to every node in a network [3] Active Attacks To perform an active attack the attacker must be able to inject arbitrary packets into the network. The goal may be to attract packets destined to other nodes to the attacker for analysis or just to disable the network. A major difference in comparison with passive attacks is that an active attack can sometimes be detected. This makes active attacks a less inviting option for most attackers. Yet, it may still be a real alternative when a large amount of money is at stake such as in commercial or military environments [3]. Next we present some types of active attacks that can usually be easily performed against ad hoc networks: Black-hole Attack An attacker can drop received routing messages, instead of relaying them as the protocol requires, in order to reduce the quantity of routing information available to the other nodes. This is called black-hole attack. The attack can be done selectively and may have the effect of making the destination node unreachable or downgrade communications in the network. When the attacker receives a request for a route to the target node, the attacker creates a reply where an extremely short route is advertised. If the malicious reply reaches the requesting node before the reply from the actual node, a forged route has been created. Once the malicious device has been able to insert itself between the communicating nodes, it is able to do anything with the packets passing between them. It can choose to drop the packets to perform a denial-of-service attack, or alternatively use its place on the route as the request step in a man-in-the-middle attack [3]. Routing Table Overview In a routing table overview attack the attacker attempts to create routes to nonexistent nodes. The goal is to create enough routes to prevent new routes from being created or to overwhelm the protocol implementation. Proactive routing algorithms attempt to discover routing information even before it is needed while a reactive algorithm creates a route only once it is needed. This property appears to make proactive algorithms more vulnerable to table overview attacks. An attacker can simply send excessive route advertisements to the routers in a network. Reactive protocols, on the other hand, do not collect routing data in advance. For example in AODV, two or more malicious nodes would need to cooperate to create false data efficiently. The other node requests routes and the other one replies with forged addresses [3].

Sleep Deprivation Usually, sleep deprivation attack is practical only in ad hoc networks, where battery life is a critical parameter. Battery powered devices try to conserve energy by transmitting only when absolutely necessary. An attacker can attempt to consume batteries by requesting routes, or by forwarding unnecessary packets to the node using, for example, a black hole attack. This attack is especially suitable against devices that do not offer any services to the network or offer services only to those who have some special credentials. Regardless of the properties of the services, a node must participate in the routing process unless it is willing to risk becoming unreachable to the network [3]. Location Disclosure A location disclosure attack can reveal something about the locations of nodes or the structure of the network. The information gained might reveal which other nodes are adjacent to the target, or the physical location of a node. The attack can be as simple as using an equivalent of the trace route command on Unix systems. Routing messages are sent with inadequate hop-limit values and the addresses of the devices sending the ICMP error-messages are recorded. In the end, the attacker knows which nodes are situated on the route to the target node. If the locations of some of the intermediary nodes are known, one can gain information about the location of the target as well [3]. Sinkhole Attack In a sinkhole attack for sensor networks, the attacker tries to lure nearly all the traffic from a particular are through a compromised node, creating a metaphorical sinkhole with the attacker at the center. Like black hole attacks in ad hoc networks, sinkhole attacks typically work by making a compromised node look especially attractive to surrounding nodes with respect to the routing algorithm [3]. Attacks against Routing Layer These attacks may have the aim of modifying the routing protocol so that traffic flows through a specific node controlled by the attacker. An attack may also aim at impeding the formation of the network, making legitimate nodes store incorrect routes, and more generally at perturbing the network topology [3]. Attacks at the routing level can be classified into two main categories: incorrect traffic generation and incorrect traffic relaying, which are as follows: Incorrect Traffic generation This category includes attacks which consist in sending false control messages: i.e. control messages sent on behalf of another node (identity spoofing), or control messages which contain incorrect or outdated routing information. The network may exhibit Byzantine behavior, i.e. conflicting information in different parts of the

network. The consequences of this attack are degradation in network communications, unreachable nodes, and possible routing loops [3]. Cache Poisoning As an instance of incorrect traffic generation in a distance vector routing protocol, an attacker node can advertise a zero metric for all destinations, which will cause all the nodes around it to route packets toward the attacker node. Then, by dropping these packets, the attacker causes a large part of the communications exchanged in the network to be lost. In a link state protocol, the attacker can falsely declare that it has links with distant nodes. This causes incorrect routes to be stored in the routing table of legitimate nodes, also known as cache poisoning [3]. Message Bombing and other DoS Attacks The attacker can also try to perform Denial of Service on the network layer by saturating the medium with a storm of broadcast messages (message bombing), reducing nodes’ good put and possibly impeding nodes from communicating. (This is not possible under hybrid routing protocols, where nodes cannot issue broadcast communications.) The attacker can even send invalid messages just to keep nodes busy, wasting their CPU cycles and draining their battery power. In this case the attack is not aimed at modifying the network topology in a certain fashion, but rather at generally perturbing the network functions and communications. DoS attacks can be carried over on the transport layer and also on the physical layer (e.g. jamming or radio interference); in this case, they can be dealt with by using physical techniques e.g. spread spectrum modulation. Denial of Service can be accomplished over different layers and in several ways, and is quite difficult to counteract, even on a wired medium. The topics regarding a full protection against DoS attacks are beyond the scope of this thesis, and therefore are not discussed in detail [3]. Incorrect Traffic relaying Network communications coming from legitimate, protocol-compliant nodes may be polluted by misbehaving nodes. There are some attacks as follows which can be comprise in incorrect traffic relaying. Message Tampering An attacker can also modify the messages originating from other nodes before relaying them, if a mechanism for message integrity (i.e. a digest of the payload) is not utilized [3]. Replay Attack As topology changes, old control messages, though valid in the past, describe a topology configuration that no longer exists. An attacker can perform a replay attack by recording old valid control messages and re-sending them, to make other nodes update their routing tables with stale routes. This attack is successful even if control messages bear a digest or a digital signature that does not include a timestamp [3].

Wormhole Attack The wormhole attack is quite severe, and consists in recording traffic from one region of the network and replaying it in a different region. It is created by an intruder.

Figure A Wormhole created by node X.

In Fig 3.1, the intruder node X located within transmission range of legitimate nodes A and B, where A and B are not themselves within transmission range of each other. Intruder node X merely tunnels control traffic between A and B (and vice versa), without the modification presumed by the routing protocol – e.g. without stating its address as the source in the packets header – so that X is virtually invisible. This results in an extraneous inexistent A - B link which in fact is controlled by X The severity of the wormhole attack comes from the fact that it is difficult to detect, and is effective even in a network where confidentiality, integrity, authentication, and non-repudiation (via encryption, digesting, and digital signature) are preserved. Furthermore, on a distance vector routing protocol, wormholes are very likely to be chosen as routes because they provide a shorter path to the destination. This attack is also similar to invisible node attack, against the Secure Routing Protocol. Rushing Attack An offensive that can be carried out against on-demand routing protocols is the rushing attack. Typically, on-demand routing protocols state that nodes must forward only the first received Route Request from each route discovery; all further received Route requests are ignored. This is done in order to reduce cluttering. The attack consists, for the adversary, in quickly forwarding its Route Request messages when a route discovery is initiated. If the Route Requests that first reach the target’s neighbors are those of the attacker, then any discovered route includes the attacker [3]. Security Requirements in Ad hoc Network There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communication is that of cryptography.

Cryptography Cryptography is the study of the encryption and decryption of information. Encrypted information has been stored or transmitted in such a way—that is, encoded—that it is unintelligible without decoding it [23]. This allows for the secure transmission of data between two parties, which is known as confidentiality or privacy. This is accomplished primarily through the use of keys—typically very long numbers. The data is encrypted by the sender, and decrypted and subsequently used by the recipient [17]. Within the context of any applications communication, there are some specific security services that may be required in ah hoc network which are as follows: •

• •

Confidentiality: Data confidentiality is the service that prevents the unauthorised reading of data and routing packets by external users. Network confidentiality is the service preventing an external attacker from detecting that a mobile ad hoc network is present at a certain location. Traffic flow confidentiality may also be required to prevent external attackers’ information from data traffic volumes. Integrity: Data integrity is the service whereby nodes can detect modification, insertion, deletion or replay of any packets received. This can occur on an end-to-end basis, between the originator and destination node, or at a peer-to-peer level between intermediate nodes. Network integrity provides the service whereby a node can be sure that it is receiving correct and up-to-date routing information. Availability: If a node transmits a data or routing packet, the intended next-hop will receive the data packet. This is peer-to-peer availability. Endto-end availability is where an originator node has assurance that, if it generates and sends a packet, the destination node will receive the packet within a reasonable time. The availability service also includes preventing denial of service attacks, including sleep deprivation torture. Authentication: Both entity and origin authentication can be used to prevent masquerade attacks. An external node is typically prevented from impersonating an internal trusted node because it lacks the necessary authentication credentials. Authentication will also be required to prevent internal malicious nodes from masquerading as another internal node. Access control: Access control ensures that only authorised nodes can participate in routing. This service must exist in conjunction with authentication to allow nodes to deny access to unauthorised nodes. Non-repudiation: Proof of origin is required so a node cannot deny sending a data packet. The sending node can also require that proof of delivery is provided. Again, these services can be applied on an end-to-end or peer-topeer basis [16]. Dependability and reliability: If an originator node needs to discover a route to send a data packet to a destination node, this service guarantees that the originator node will obtain such a route in a reasonable times as long as the destination node is in operation and receiving data packets. Moreover, if a route breaks, the originator node will be notified of the break within a reasonable time.

Accountability: This service ensures that any action affecting security can be selectively logged and protected, allowing for appropriate reactions to attacks. As explained above, the misbehaviours demonstrated by different types of nodes will need to be detected, if not prevented. Event logging will also help provide non-repudiation, for example, preventing a node from repudiating involvement in a security violation. This service will especially help to detect attacks on the ad hoc network by internal nodes. Symmetric Cryptosystem

Symmetric cryptosystems use the same key to both encrypt and decrypt the message. This key is usually a large random number, generally in the range of 64 to 256 bits long (higher key sizes mean, all other things being equal, a higher level of security), which is used to mathematically transform the plaintext to create the cipher text [17]. Symmetric cryptosystems raise the problem of secure key distribution [15]. The encryption key must be transmitted from the sender to the receiver over a secure channel in order for the encrypted message to be secure. Same key used

Key is used

Plain Text

for Encrypt

Cipher Text

for Decrypt

Plain Text

Figure 3.2: Symmetric Cryptography Scheme

This means an infrastructure for secure key distribution is a pre-requisite for secure messaging using symmetric cryptosystems, making pure symmetric cryptosystems impractical for ad-hoc communication over the Internet [15]. Asymmetric (“Public-Key”) Cryptosystems Asymmetric cryptosystems solve the problem of secure key distribution through the use of two different keys One for encryption, and another for decryption. The encryption key is made public, and is known as the public key. The decryption key is kept secret by its owner, and is known as the private key, or the secret key. The public and private keys in an asymmetric cryptosystem are linked to each other through a mathematical relationship such that a message encrypted using a certain public key can only be decrypted using the corresponding private keyRecipient’s [17]. Recipient’s Public Key

Original message

Secret Key

Original message

Encrypted message

Encryption algorithm

Decryption algorithm

Fiigure: Asymmetric cryptosystem strategies.

There is no need to keep the public (encryption) key secret in order to prevent unauthorized decryption of an encrypted message, as the decryption operation requires the secret key, not the public key [15]. So it is easy to distribute public keys over insecure networks, enabling encrypted communications without the need for secure key distribution. Hash Functions Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents often used to ensure that an intruder or virus has not altered the file. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, help preserve the integrity of a file.

A) Secret key (symmetric) cryptography. SKC uses a single key for both encryption and decrypting.

B) Public key (asymmetric) cryptography. PKC uses two keys, one for encryption and the other for decrypting.

C) Hash function (one-way cryptography). Hash functions have no key since the plaintext is not recoverable from the cipher-test. Figure 3.4: Hash function [16]

Hash functions are sometimes misunderstood and some sources claim that no two files can have the same hash value. This isn't true, strictly speaking. Consider a hash function that provides a 128-bit hash value. There are, obviously, 2 128 possible hash values. But there are a lot more than 2128 possible files. Therefore, there have to be multiple files in fact; there have to be an infinite number of files that can have the same 128-bit hash value [16]. The difficulty is finding two files with the same hash! What is, indeed, very hard to do is to try to create a file that has a given hash value so as to force a hash value collision [16]. Problems to Provide Security in MANETs Providing adequate security measures for ad hoc networks is a challenging task. Firstly, wireless communications are easy to intercept and difficult to contain. Next to this it is easy to actively insert or modify wireless messages. This means that unprotected wireless networks are open to a wide range of attacks, including node impersonation, message injection, loss of confidentiality, etc [18]. Secondly, in many situations the nodes may be left unattended in a hostile environment. This enables adversaries to capture them and physically attack them. Proper precautions (Tamper resistance) are required to prevent attackers from extracting secret information from them. Even with these precautions, we cannot exclude that a fraction of the nodes may become compromised. This enables attacks launched from within the network [18]. Thirdly, the dynamic topology and the absence of a supporting infrastructure render most of the existing cryptographic protocols useless, as they were not developed for this dynamic environment. Any security solution with a static configuration would not suffice. Security mechanisms should be able to adapt on the fly to these changes in topology. Fourthly, many wireless nodes will have a limited energy resource (battery, solar panel, etc.). This is particularly true in the case of ad hoc sensor networks. Security solutions should be designed with this limited energy budget in mind. Finally, an ad hoc network may consist of thousands of nodes. Security mechanisms should be scalable to handle such a large network. Conclusion In this section, general security issue, general idea of security system, security problems in ad hoc networks and security challenges have been discussed. There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography. Cryptography is the study of the encryption and decryption of information. Within the context of any

applications have some specifications, which are authentication, privacy/confidentiality, integrity, non-repudiation. Symmetric cryptosystems use the same key to both encrypt and decrypt the message. This key is usually a large random number, generally in the range of 64 to 256 bits long (higher key sizes mean, all other things being equal, a higher level of security), which is used to mathematically transform the plaintext to create the cipher text. Asymmetric cryptosystems solve the problem of secure key distribution through the use of two different keys which are encryption, decryption. The encryption key is made public, and is known as the public key. The decryption key is kept secret by its owner, and is known as the private key, or the secret key. The public and private keys in an asymmetric cryptosystem are linked to each other through a mathematical relationship such that a message encrypted using a certain public key can only be decrypted using the corresponding private key. Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents often used to ensure that an intruder or virus has not altered the file. The ad hoc network poses problems to security for various types of characteristics such as - the use of wireless link renders an ad hoc network at risk to link attacks range from inactive eavesdrop to active interfering, autonomous nodes in an ad hoc network have inadequate physical protection, and therefore more easily to be captured, compromised, and hijacked, any security solution with static configuration would not be sufficient because of the dynamic topology of the networks. Providing adequate security measures for ad hoc networks is a challenging task because wireless communications are easy to intercept and difficult to contain, many wireless nodes will have a limited energy resource (battery, solar panel, etc.).

Security in Routing Protocols of Ah Hoc Networks It is commonly known to the wireless research community that use of efficient routing algorithms in ad hoc networks offers a number of considerable benefits. Some of them are: larger throughput, lower average end-to-end delay, decrement in the number of lost data packets and generally an improved network performance. Many routing protocols for such networks have been proposed so far, the most popular of which are the Destination Sequenced Distance Vector (DSDV), the Ad hoc On-demand Distance Vector routing protocol (AODV), the Distance Vector Routing protocol (DSR), the Temporarily-Ordered Routing Algorithm (TORA), and Zone Routing Protocol (ZRP) In this report we describe some ah-hoc routing protocols and also their existing drawbacks. We consider that wireless mobile terminals are spread in a large geographical area.

Introduction Ad hoc network have no centralized control (access point). So the terminals act as routers that forward data packet from sources to destinations. In order for ad hoc networks to operate as efficiently as possible, appropriate on-demand routing protocols have to be incorporated, which can find efficient routes from a source to a destination node, taking into consideration the fact that wireless stations have the freedom of movement. Mobility affects the ongoing transmissions, since a mobile node that receives and forwards packets may move beyond the coverage range of its neighbors. As a result, some (or all) of the links with its neighbors can be broken. In that case, a new route will have to be established, so as for the data flows to be restored. A quick route recovery should be one of the main characteristics of a well designed routing protocol. The main objective of this chapter is to analyze some well known ad-hoc routing protocols that is necessary to make the routing decision. We also depicted some existing drawbacks of those routing protocol. The rest of this chapter is designed as follows: Section 4.2 presents some sorts of ad-hoc routing protocols and finally some concluding remarks are presented in Section 4.3. Ad Hoc Routing Protocols In Ad hoc networking environments an application packet from a specific node may have to travel several hops in order reach its destination. The main function of a routing protocol is to from and maintains a routing table with information relevant to which the next hop for this packet should be in order to reach its ultimate destination. All the nodes have their own routing tables that they consult to forward the traffic that is not designed for them. Although the problem of routing is not a new one in computer networks, routing in Ad hoc networks due to its unique requirements can not be successfully handled by utilizing existing routing schemes such as traditional link-state and distance vector routing protocols. One of the reasons of that this example OSPF [18] and RIP [19] can not be in Ad hoc networks is that these protocols were original designed to operate in environments with relatively static topology. However, the nature of Ad hoc networks allows the participating nodes to move freely in and out of the network. Another issue that contributes to the fact that the available routing protocols can not operate in Ad hoc mode is that they were design with the assumption that all the links are bidirectional. In mobile Ad hoc network this not always the case. The difference of wireless networking hardware of the nodes or the radio signal fluctuation may result in some links becoming unidirectional. Finally, both OSPF and RIP attempt to maintain routes to all the reachable destinations, but in Ad hoc networks with high density this may lead in having large number of routing entries imposing performance overhead. Therefore, there is a need for special routing protocols that will be able to copy with the unique attributes and limitations of mobile wireless Ad hoc networks.

Properties of Ad Hoc Routing Protocol If the conventional routing protocols do not meet our demands, we need a new routing protocol. The question is what properties such protocols should have? As it is clear from the previous analysis, there is a special need for routing protocols specifically designed to address the requirement of Ad hoc networking [20]. Some of the properties that Ad hoc routing protocols should process are suggested in and are given below: •

Distributed operation: This is the most essential properties due to the decentralized nature of Ad hoc network. That is the protocol should of course be distributed. It should not be dependent on a centralized controlling node. This is the case even for stationary networks. The difference is that nodes in an ad-hoc network can enter/leave the network very easily and because of mobility the network can be partitioned. Loop-freedom: Although it is not strictly implied that a protocol has to provide loop freedom it is generally a desirable attribute as it usually leads to better overall performances. That is to improve the overall performance, we want the routing protocol to guarantee that the routes supplied are loop-free. This avoids any waste of bandwidth or CPU consumption. On demand operation: The routing protocol instead of maintaining routing table entries for all possible destinations it should rather find routs as they are needed in order to converse both energy and bandwidth. To minimize the control overhead in the network and thus not wasting network more than necessary, the protocol should be reactive. This means that the protocol should only react when needed and that the protocol should not periodically broadcast control information. Unidirectional link support: In Ad hoc networks unidirectional links can occur. The routing protocol should be able to use separate unidirectional links in both direction to replace a bidirectional link. And the radio environment can cause the formation of unidirectional links. Utilization of these links and not only the bi-directional links improves the routing protocol performance. Proactive operation: It id of the “On-demand” operation. When the reactive, on demand behaviour products unacceptable overhead in searching for routs a proactive operation is desirable. The proactive and on demand operation are analysed in following section. Security: It is fundament that the routing protocol must provide security feature that prohibit the disruption or modification of network traffic. Moreover the radio environment is especially vulnerable to impersonation attacks, so to ensure the wanted behaviour from the routing protocol, we need some sort of preventive security measures. Authentication and encryption is probably the way to go and the problem here lies within distributing keys among the nodes in the ad-hoc network. There are also discussions about using IP that uses tunnelling to transport all packets. Sleep: Due to the energy constants of the participating devices of the Ad hoc network it is required that the nodes have a sleep period resulting in

•

•

energy conservation. The routing protocol should be able to accommodate such sleep periods without overly adverse consequences. Multiple routes: To reduce the number of reactions to topological changes and congestion multiple routes could be used. If one route has become invalid, it is possible that another stored route could still be valid and thus saving the routing protocol from initiating another route discovery procedure. Quality of service support: Some sort of Quality of Service support is probably necessary to incorporate into the routing protocol. This has a lot to do with what these networks will be used for. It could for instance be real-time traffic support.

None of the proposed protocols from MANET have all these properties, but it is necessary to remember that the protocols are still under development and are probably extended with more functionality. The primary function is still to find a route to the destination, not to find the best/optimal/shortest-path route. Destination Sequenced Distance Vector (DSDV) DSDV is a hop-by-hop distance vector routing protocol that in each node has a routing table that for all reachable destinations stores the next-hop and number of hops for that destination. Like distance-vector, DSDV requires that each node periodically broadcast routing updates. The advantage with DSDV over traditional distance vector protocols is that DSDV guarantees loop-freedom [24]. To guarantee loop-freedom DSDV uses a sequence numbers to tag each route. The sequence number shows the freshness of a route and routes with higher sequence numbers are favourable. A route R is considered more favourable that R’ if R has a greater sequence number or, if the routes have the same sequence number but R has lower hop-count. The sequence number is increased when a node A detects that a route to a destination D has broken. So the next time node A advertises its routes, it will advertise the route to D with an infinite hop-count and a sequence number that is larger than before. DSDV basically is distance vector with small adjustments to make it better suited for ad-hoc networks. These adjustments consist of triggered updates that will take care of topology changes in the time between broadcasts. To reduce the amount of information in these packets there are two types of update messages defined: full and incremental dump. The full dump carries all available routing information and the incremental dump that only carries the information that has changed since the last dump [24]. Properties Because DSDV is dependent on periodic broadcasts it needs some time to converge before a route can be used. This converge time can probably be considered negligible in a static wired network, where the topology is not changing so frequently. In an adhoc network on the other hand, where the topology is expected to be very dynamic, this converge time will probably mean a lot of dropped packets before a valid route is

detected. The periodic broadcasts also add a large amount of overhead into the network. Problems The protocol requires selection of the following parameters: periodic update interval, maximum value of the "settling time" for a destination and the number of update intervals, which may transpire before a route is considered stale. These parameters will likely represent a tradeoff between the latency of valid routing information and excessive communication overhead. Ad-hoc On Demand Distance Vector (AODV) The Ah Hoc On-Demand Distance Vector (AODV) routing protocol enables multi-hop routing between participating mobile nodes wishing to establish and maintain an ahhoc network. AODV is based upon the distance vector algorithm. Features of this protocol include loop freedom and that link breakages cause immediate notifications to be sent to the affected set of nodes, but only that set. Additionally, AODV has support for multicast routing and avoids the Bellman Ford “counting to infinity” problem. The use of destination sequence numbers guarantees that a route is “fresh” [21]. The algorithm uses different messages to discover and maintain links. Whenever a node wants to try and find route to another node, its broadcasts a Route Request (RREQ) to all its neighbors. The RREQ propagates through the network until it reaches the destination or a node with a fresh enough route to the destination. Then the route is made available by unicasting a RREP back to the source. The algorithm uses hello messages (a special RREP) that are broadcast periodically to the immediate neighbors. These hello messages are local advertisements for the continued presence of the node and neighbors using routes through the broadcasting node will continue to mark the routes as valid. If hello messages stop coming from a particular node, the neighbor can assume that the node has moved away and mark that link to the node as broken and notify the affected set of nodes by sending a link failure notification (a special RREP) to that set of nodes. Route Table Management AODV needs to keep track of the following information for each route table entry: • • • • • •

Destination IP Address: IP address for the destination node. Destination Sequence Number: Sequence number for this destination. Hop Count: Number of hops to the destination. Next Hop: The neighbor, which has been designated to forward packets to the destination for this route entry. Lifetime: The time for which the route is considered valid. Active neighbor list: Neighbor nodes that are actively using this route entry.

•

Request buffer: Makes sure that a request is only processed once. Route Discovery

A node broadcasts a RREQ when it needs a route to a destination and does not have one available. This can happen if the route to the destination is unknown, or if a previously valid route expires. After broadcasting a RREQ, the node waits for a RREP. If the reply is not received within a certain time, the node may rebroadcast the RREQ or assume that there is no route too the destination. When the RREQ reaches a node that either is the destination node or a node with a valid route to the destination, a (RREP) is generated and unicasted back to the requesting node. While this RREP is forwarded, a route is created to the destination and when the RREP reaches the source node, there exists a route from the source to the destination [25]. Route Maintenance When a node detects that a route to a neighbor no longer is valid, it will remove the routing entry and send a link failure message, a triggered route reply message to the neighbors that are actively using the route, informing them that this route no longer is valid. For this purpose AODV uses an active neighbor list to keep track of the neighbors that are using a particular route. The nodes that receive this message will repeat this procedure. The message will eventually be received by the affected sources that can chose to either stop sending data or requesting a new route by sending out a new RREQ. Properties The advantage with AODV compared to classical routing protocols like distance vector and link-state is that AODV has greatly reduced the number of routing messages in the network. AODV achieves this by using a reactive approach. This is probably necessary in an ah-hoc network to get reasonably performance when the topology is changing often [1]. AODV is also routing in the more traditional sense compared to for instance source routing based proposals like DSR. The advantage with a more traditional routing protocol in an ad-hoc network is that connections from the as-hoc network to a wired network like the Internet is most likely easier. ADOV only support one route for each destination. It should however be fairly easy to modify AODV, so that it supports several routes per destination. Instead of requesting a new route when an old route becomes invalid, the next stored route to that destination could be tried. The probability for that route to still be valid should be rather high. AODV uses hello messages at the IP-level. This means that AODV does not need support from the link layer to work properly. It is however questionable if this kind of protocol can operate with good performance without support from the link layer. The hello messages add a significant overhead to the protocol [25].

AODV does not support unidirectional links. When a node receives a RREQ, it will setup a reverse route to the source by using the node that forwarded the RREQ as next hop. This means that the route reply, in most cases is unicasted back the same way as the route request used. Unidirectional link support would make it possible to utilize all links and not only the bi-directional links. It is however questionable if unidirectional links are desirable in real environment. Problems For AODV routing nodes use the routing caches to reply to route queries. These results in an ‘uncontrolled’ replies and repetitive updates in hosts’ caches yet early queries cannot stop the propagation of all query messages which are flooded all over the network. Besides that AODV uses periodic beaconing to keep routing tables updated and this creates a significant overhead to the protocol. Dynamic Source Routing (DSR) Dynamic Source Routing (DSR) also belongs to the class of reactive protocols and allows nodes to dynamically discover a route across multiple network hops to any destination. Source routing means that each packet in its carries the complete ordered list of nodes through which the packet must pass. DSR uses no periodic routing messages (e.g. no router advertisements), thereby reducing network bandwidth overhead, conserving battery power and avoiding large routing updates throughout the ad-hoc network. Instead DSR relies on support from the MAC layer (the MAC layer should inform the routing protocol about link failures). The two basic modes of operation in DSR are route discovery and route maintenance [28]. Route Discovery Route discovery is the mechanism whereby a node X wishing to send a packet to Y in Fig 4.1, obtains the source route to Y. Node X requests a route by broadcasting a Route Request (RREQ) packet. Every node receiving this RREQ searches through its route cache for a route to the requested destination. DSR stores all known routes in its route cache. If no route is found, it forwards the RREQ further and adds its own address to the recorded hop sequence. This request propagates through the network until either the destination or a node with a route to the destination is reached. When this happen a Route Reply (RREP) is unicasted back to the originator. This RREP packet contains the sequence of network hops through which it may reach the target [21]. In Route Discovery, a node first sends a RREQ with the maximum propagation limit (hop limit) set to zero, prohibiting its neighbors from rebroadcast it. At the cost of a single broadcast packet, this mechanism allows a node to query the route caches of all its neighbors. Asymmetric Link Node Y cannot reach node X

Y

X

Figure: Router discovery

Nodes can also operate their network interface in promiscuous mode, disabling the interface address filtering and causing the network protocol to receive all packets that the interface overhears. These packets are scanned for useful source routes or route error messages and then discarded. The route back to the originator can be retrieved in several ways. The simplest way is to reverse the hop record in the packet. However this assumes symmetrical links. To deal with this, DSR checks the route cache of the replying node. If a route is found, it is used instead. Another way is to piggyback the reply on a RREQ targeted at the originator. This means that DSR can compute correct routes in the presence of a asymmetric (unidirectional) links. Once a route is found, it is stored in the cache with a time stamp and the route maintenance phase begins. Properties DSR uses the key advantage of source routing. Intermediate nodes do not need to maintain up-to-date routing information in order to route the packets they forward. There is also no need for periodic routing advertisement messages, which will lead to reduce network bandwidth overhead, particularly during periods when little or no significant host movement is taking place. Battery is also conserved on the mobile hosts, both by not sending the advertisements and by not needing to receive them; a host could go down to sleep instead [21]. Problems The packets may be forwarded along stale cached routes. Same as AODV, nodes use the routing caches to reply to route queries. These results in an ‘uncontrolled’ replies and repetitive updates in hosts’ caches yet early queries cannot stop the propagation of all query messages those are flooded all over the network. DSR also suffers from a scalability problem due to the nature of source routing. As the network becomes larger, the control packets and message packets also become larger. This gives a negative impact due to limited bandwidth.

Zone Routing Protocol (ZRP) The Zone Routing Protocol (ZRP) is a hybrid of a reactive and proactive protocol. It divides the network into several routing zones and specifies two totally detached protocols that operate inside and between the routing zones. In an ad-hoc network, it can be assumed that the largest part of the traffic is directed to nearby nodes. Therefore, ZRP reduces the proactive scope to a zone centered on each node. In a limited zone, the maintenance of routing information is easier. Further, the amount of routing information that is never used is minimized. Still, nodes farther away can be reached with reactive routing. Since all nodes proactively store local routing information, route requests can be more efficiently performed without querying all the network nodes [21]. Despite the use of zones, ZRP has a flat view over the network. In this way, the organizational overhead related to hierarchical protocols can be avoided. Hierarchical routing protocols depend on the strategic assignment of gateways or landmarks, so that every node can access all levels, especially the top level. Nodes belonging to different subnets must send their communication to a subnet that is common to both nodes. This may congest parts of the network. ZRP can be categorized as a flat protocol because the zones overlap. Hence, optimal routes can be detected and network congestion can be reduced. Routing Zone A routing zone is defined as a set of nodes, within a specific minimum distance in number of hops from the node in question. The distance is referred to as the zone radius. In the example network (Figure 4.2), node S, A, F, B, C, G, and H, all the lie within a radius of two from node F. Even though node B also has a distance of 3 hops from node F, it is included in the zone since the shortest distance is only 2 hops. Border nodes or peripheral nodes are nodes whose minimum distance to the node is question is equal exactly to the zone radius. In Fig 4.2, nodes B and F are border nodes to S.

Figure: Network using ZRP. The dashed squares show the routing zones for nodes S and D.

Consider the network in Figure 4.2. Node S wants to send a packet to node D. Since node D is not in the routing zone of S, a route request is sent to the border nodes B and F. Each border node checks to see if D is in their routing zone. Neither B nor F finds the requested node in their routing zone; thus the request is forwarded to the respectively border nodes. F sends the request to S, B, C and while B sends the request to S, F, E, and G. Now the requested node D is found within the routing zone of both C and E thus a reply is generated and sent back towards the source node S [21]. To prevent the request from going back to previously queried routing zone, a Processed Request List is used. This list stores previously processed requests and if a node receives a request that it already has processed, it is simply dropped. Properties ZRP is a very interesting protocol and can be adjusted of its operation to the current network operation conditions (e.g. change the routing zone diameter). However this is not done dynamically, but instead it is suggested that this zone radius should be set by the administration of the network or with a default value by the manufacturer. The performance of this protocol depends quite a lot on this decision. ZRP also limits propagation of information about topological changes to the neighbourhood of the change only (as opposed to a fully proactive scheme, which would basically flood the entire network when a change in topology occurred). However, a change in topology can affect several routing zones [28]. Problems The problem of ZRP is that in this protocol hierarchical routing is used, so the path to a destination may be suboptimal. Again, in this protocol a node has higher-level topological information, so it requires greater memory. Temporally-Ordered Routing Algorithm (TORA) Temporally Ordered Routing Algorithm (TORA) is a distributed routing protocol. TORA is designed to minimized reaction to topological changes. A key concept in its design is that control messages are typically localized to a very small set of nodes. It guarantees that all routes are loop-free (temporary loops may form), and typically provides multiple routes for any source/destination pair. TORA can be separated into three basic functions: creating routes, maintaining routes, and erasing routes [21]. Route Maintenance Maintaining routes refers to reacting to topological changes in the network in a manner such that routes to the destination are re-established within a finite time, meaning that its directed portions return to a destination-oriented graph within a finite time. Upon detection of a network partition, all links in the portion of the

network that has become partitioned from the destination are marked as undirected to erase invalid routes. The erasing of routes is done using clear (CLR) messages. Properties TORA provides loop free paths at all instants. It provides multiple routes so that if one path is not available, other is readily available. It establishes routes quickly so that they may be used before the topology changes. It minimizes algorithmic reactions/communication overhead and thus conserves available bandwidth and increases adaptability. It is also able to detect network partitions very quickly. Problems Since TORA uses internodal co-ordination, it exhibits instability behaviour similar to "count-to-infinity" problem in distance vector routing protocols. There is a potential for oscillations to occur, especially when multiple sets of coordinating nodes are concurrently detecting partitions, erasing routes, and building new routes based on each other. Though such oscillations are temporary and route convergence will ultimately occur. Internet MANET Encapsulation Protocol (IMEP) IMEP is a protocol designed to support the operation of many routing protocols in adhoc networks. The idea is to have a common general protocol that all routing protocols can make use of (see Figure 4.3). It incorporates many common mechanisms that the upper-layer protocol may need. These include: • • • • •

Link status sensing Control message aggregation and encapsulation Broadcast reliability Network-layer address resolution Hooks for inter router security authentication procedures

Routing

IMEP

IP Figure 4.3: IMEP in the protocol stack

Problems The performance of IMEP is not so good. It adds another layer to the protocol stack. IMEP generates a lot of overhead, mainly because of IMEPs neighbor discovery mechanism that generates at least one hello message per second. Comparison So far, the protocols have been analysed theoretically. Table 4.1 summarizes and compares the result from these theoretical/qualitative analyses and shows what properties the protocols have do not have. As it can be seen from Table 4.1, none of the protocols support power conservation or Quality of Service. All protocols are distributed, thus node of the protocols is dependent on a centralized node and can therefore easily reconfigure in the event of topology changes. None of the presented protocols are adaptive, meaning that the protocols do not take any smart routing decisions when the traffic load in the network is taken into consideration. As a route selection criteria the proposed protocols use metrics such as shortest number of hops and quickest response time to a request. This can lead to the situation where all packets are routed through the same node even if there exist in better routes where the traffic load is not as large [28]

Table 4.1: Comparison between ad-hoc routing protocols

DSDV

AODV

DSR

ZRP

TORA/IMEP

Loop-free

Yes

Yes

Yes

Yes

No, short lived loops

Multiple routes

No

No

Yes

No

Yes

Distributed

Yes

Yes

Yes

Yes

Yes

Reactive

No

Yes

Yes

Partially Yes

Unidirectional link support

No

No

Yes

No

No

QoS Support

No

Yes

No

No

No

Multicast

No

Yes

No

No

No

Security

No

No

No

No

No

Power conservation

No

No

No

No

No

Periodic broadcasts

Yes

Yes

No

Yes

Yes (IMEP)

Required reliable or sequenced data

No

No

No

No

Yes

Conclusion The properties of ad-hoc networks affect the provision of security in many different ways. Because of node mobility and the dynamic nature of ad-hoc networks, link breaks are likely to be common rather than rare. This means that the network layer, in which routing takes place, is a vitally important focus for mobile ad-hoc network security measures. The mobile Ad hoc networking paradigm poses great challenges in the general field of networking. From the example of routing protocols that where presented in this chapter it is now evident that the selection of a routing protocol for use in ad-hoc networks requires careful thought. Parameters such as network size, mobility and traffic load have a great impact on the suitability of each protocol. Extensive recent research in securing routing in mobile ad-hoc networks has considered enforcing cooperation and authentication. Another key area for research, fundamental to the security of mobile ad hoc networks, is key management.

Proposed Group Authentication Protocol Nodes within nomadic environment with access to common radio link can easily participate to set up ad hoc infrastructure. But the secure communication among nodes requires the secure communication link to communicate. Before establishing secure communication link the node should be capable enough to identify another node. As a result node needs to provide his/her identity as well as associated recommendations to another node. However delivered identity and recommendations credentials need to be authenticated and protected so that authenticity and integrity of delivered identity and recommendations cannot be questioned by receiver node. Every node wants to be sure that delivered identity and recommendations to recipient nodes are not compromised. Therefore it is essential to provide security architecture to secure ad hoc networking. In this chapter we proposed a new authentication protocol that will be beneficial to provide security in mobile ad hoc environment. Introduction Why is security in ad hoc networks so difficult? Is it really any different than security in wired, fixed-topology networks? The most notable difference is that networks with a fixed structure rely on a well-known, often replicated authentication server. The authentication server is responsible for maintaining a database of all known identities within the network. When a node or user wishes to use the network, it must first send the authentication server its identity. The server then decides whether or not the identity is valid. If it is, the node or user is granted access to the network; if not, it will not be able to use any of the network services provided for authenticated users. In contrast, ad hoc networks lack servers, and thus cannot rely on a persistent database

of all known identities. Thus, the security paradigm used in fixed-structure networks is not viable in ad hoc networks. A number of well-known security paradigms have been adapted to an ad hoc setting. We present a small subset of them here for contrast; however, it should be noted than none of the techniques described is a panacea: they all lack either robustness or applicability. The rest of the chapter is organized as follows: Section 5.2 presents motivation of proposed protocol while the protocol design is presented in Section 5.3.Section 5.4 presents the key benefits of proposed protocol, while the further extension scope is presented in Section 5.5. The drawback of proposed protocol is presented in Section 5.6 and finally, some concluding remarks are presented in Section 5.7. Motivation of Proposed Protocol The main proposed protocol is used for secured group authentication purpose which can improve the resource sharing security in ad hoc network system. According to our proposed protocol a Secret which is essential to access or share resource in the ad hoc network. In our protocol, therefore, the secret group key is not only used for encrypting and decrypting data for secure communication among legitimate group members, but also used as a security incident for showing the current group membership status on each node. This group authentication protocol needs some other protocols such as Threshold cryptography protocol, Zero knowledge proof protocol. Threshold Cryptography allows a secret (or cryptographic key) to be shared among a group of users (share holders) in such a way that no single user can deduce the secret (or key) from his share alone [2]. Threshold cryptography protocol is basically the main Key sharing scheme where a secret is divided into several numbers of parts (n numbers) which is distributed to Shareholders. When‘t’ number of shareholders shared secret part are joined, it can generate the main Secret. Here‘t’ is threshold value and n is number of shares. Zero knowledge proof is another necessary protocol that allowss one party to prove its knowledge of a secret to another party without ever revealing the secret itself. A ZKP is an interactive proof system. An interactive proof system involves a prover, P, and verifier, V [15]. The role of the prover is to convince the verifier of some fact or secret through a series of rounds. Each round involves a challenge, or question, from the verifier and a response, or answer, from the prover. So, the knowledge proof is used in a ZKP session when new members want to share resource and join in ad hoc Shareholder 1 network. Shareholder 2

Shareholder 3 Shareholder 4 Shareholder 5

New Node

After getting t shared key new node compute the secret to access the network

Figure: ZKP sessions between new node and shareholders for Key Exchange mechanism by Zero knowledge proof

In the anticipated scheme, the judgment to validate a group member depends on current group membership of the node, which is given by the list of secret group keys store in the node. In other expressions, the list of secret group keys indicates criteria for another group membership in the next plot; at first, existing group members define required group membership for a non-group member to join their group, and a newcomer who wants to become a group member must prove that it has the required group membership, and then members authenticate the newcomer by verifying whether his current group membership comprehends the required group membership. Protocol Design Protocol is a set of rules and regulations for sending and receiving information on a network. For example, the Internet Protocol Suite commonly known as TCP/IP is the set of communication protocols used for the internet and other set of networks. These protocols have been established by international standards bodies and are used in almost all platforms and around the globe to ensure that all devices on the Internet can communicate successfully. The entire designs of our proposed protocol have been described in the next few sub-sections: List of Entities Entity is the keyword for defining a new object. It is a named body of data associated with a document. Once defined, an entity can be referenced any number of times within the document, via entity references. An entity typically consists of a sequence of one or more characters, either encapsulated within a declaration of the entity's existence, or encoded and stored externally in a text file. Such entities and their references are comparable to macros and include files in programming languages. However, entities don't necessarily have to contain parse able text; they may also be binary files that are included in a document only by reference, with the entity name as the value of an ENTITY-type attribute. This secured group authentication protocol has some core entities such as [2]:

• • •

Distributor Shareholder New member

Distributor A distributor act as virtual network administrator, which generates all, shared key and distribute it to the shareholders. After doing it does not exist anymore. Distributor is the initial entity, which will be in charge of secret group key generation and distribution to all the n initial shareholders (initially n must be grater than one and n will be selected by operation and also selects a threshold value of t). In the initial phase distributor also assign a unique ID to each shareholder, which is an incremental number starting from 1 to n. After the share is distributed the distributor leaves the networks and no longer needed [2]. In each group, one distributor exists as the initial entity that is started by operation. It appears only in a group initialization procedure. Shareholder Shareholder is a set (n numbers) of legitimate group members. This entity holds own share of a secret group key and a list of required group membership (i.e. verifiable knowledge). It verifies the validity of new member and gives the share of the group key to that valid node [2]. Shareholder is selected (defined) from a member node with policy basis, and the policy for selecting a shareholder node is an open issue, and may be different in different ad hoc network, which is also known as MANETs. Shareholder behaves as verifier in a ZKP session, and it runs PSS protocol with all available shareholders in the network. New Member New member is associated with a node, which tries to become a group member in a network. Before accessing to the group resources, new member must obtain shares from shareholders and generate a secret group key [2]. Communication Data Flow There are three types of Data flow, which is Differentiate by context of communication demand and medium. These are described below:

Distributor to Shareholder Communication and Data Flow

Distributor

Communication Medium

Distributor

Shareholder

Give key Generate threshold share key account to status

Shared Key Store secret & other details

Disconnecting After store secret & other parameter share holder disconnect the connection with distributor

After distribute shared key to all share holder it will no longer exist in this Ad hoc net.

Figure: Data Flow between Distributor and Shareholder

The Figure 5.2 shows the data flow between Distributor and Shareholder. Distributor first give own identity to the Shareholders and connect with the shareholders by executing ZKP. Then Shareholders request to distributor for give a secret key. Distributor then gives a secret Key to Share Holder by executing threshold cryptography and after getting a secret key share holder store it, on the other hand distributor finish the connection and Distributor remain act as a Share Holder. New Node to Shareholder Communication by Multicast Channel Data Flow between New Nodes to Share holder Communication by multicast channel is shown in fig 5.3. When a new node want to join in a network it send a request message to the n number of Shareholders through multicast channel. For Example, New member node request, “I want to join” to the Shareholders. This request message is broadcasted to the all Shareholder Nodes through multicast channel. Shareholder Nodes then send the own identity (ip and verifiable message) directly to the new member Node.

New node “I want to join”

Share

holder

Share holder

Share holder

Share holder

Multicast channel

Figure: Data Flow between New Nodes to Share holder Communication by multicast channel

As example, Share holder sends ‘I am share Holder’ to New Member Node. Shareholders send Secret value and Identity to the New Member node. Zero knowledge Proof schemes is executed and verifies the new node authentication. When new member node gets secret S from‘t’ number of shareholder node by computing secret through Threshold Cryptography scheme, it becomes a member of the network. ZKP Session between Shareholder and New Node Figure 5.4 shows New Member Node request to Share Holder to join as a member to Share Holder in Network. The new Member Node first send a message to enter into the network to n number of Share Holders .The share holders send their secret key through ZKP to the new member. Between the new member node and share holder nodes it may have lots of router/node but the routers/node will not the get the secret key of a specific share holder node that is exchanging between new member node and a shareholder node since ZKP is executed.

New node

Communication Medium

Share holder

Share request JKP

Share ‘t’ share request Share request JKP Share

Figure 5.4: Data flow of ZKP session between Shareholder and New Node

Network Establishment Network establishment process of secured group authentication protocol describe according to process activity of MANET. The whole network is divided into three categories. These are: Network Initialization In MANET since it needs not to use Infrastructure, a node is initialized when the network is firstly established. Each node is initialized as a group id .Distributor gives each node a Shared secret key as group authentication Groups at a later time. This initial experience is a secret group key as well as some other group key, but we assume this key is not used for encryption/decryption purpose but rather as an identifier for a node’s initial association to a group. Network initialization is categorized as-group initialization, node initialization, and listening for new node, which can be describe as follows: •

Group Initialization: A ‘group initialization’ includes a secret group key initialization, and a (t, n) definition for threshold cryptography. A group initialization is done by a representative in the group and is kept by the distributor. After n-1 initial share holders in the network are started; the distributor computes a polynomial for threshold cryptography and distributes shares to n-1 shareholders. The shareholders also get verifiable knowledge for this group. After the end of the group initialization, the distributor terminates its task from the network; removes all information related to the last shared key generation mechanism, and becomes an ordinary share holder by keeping its own share in the network. Node Initialization: A node is initialized when the network is firstly established. Each node is initialized as a group id. Distributor gives each node a Shared secret key as group authentication Groups at a later time. This initial experience is a secret group key as well as some other group key, but we assume this key is not used for encryption/decryption purpose but rather as an identifier for a node’s initial association to a group. Listening for New Node: After completing initialization, shareholders wait for any new node to come for joining the group. When a new node wants to become a group member, it needs to know the IP address of the n shareholders of the network group by a multicast channel. Multicast channel then inform this new members request to its shareholders. When a new node discovers n shareholders in the network, it requests the node authentication procedure to any t shareholders and starts ZKP authentication as explained in the next section. If authentication succeeds,

it gets‘t’ shares for the secret group key from them and can compute the group key. Detail Communication After initialization procedure, our group authentication and key management phases can be efficiently organized. At first, when a new node comes to an ad hoc network and wants to become a group member in the network, it must contact the shareholders to get shares of the secret group key. For this it throws a broadcast message to the multicast channel. And from the multicast channel the message is broadcast to all the members of this network. When shareholders get the joining request from multicast channel it send an acknowledgement message directly to the new Node. Then a ZKP session started between new node and shareholders. The new node then knows the threshold value i.e. t , Si ( Si is secret from i th share holder) and verifiable knowledge. When new node successfully pick all t th shares secret from different ZKP session with different share holders then it can recovery the secret and get access to enter the network. Key Benefits of Proposed Protocol There are some valuable benefits of our proposed ‘Secured Group Authentication’ protocol according to analyse the scenario for wireless ad hoc network. When new node comes in network for becoming a new member then authentication process is processed atomically. Authentication process is securely completed with the help of zero knowledge proof protocol. Joining request of new node is pass through the multicast channel so efficient communication process. When ACK received from shareholder to new node the new node starts t number of ZKP session in a parallel basis, which is managed by java Thread. Distributor also communicates with shareholder, which also occurred simultaneously with the help of java thread. Further extension scope In future we will extend the proposed protocol and will try to implement this proposed protocol using ns2 (network simulator) for its logical proof. We will also try to solve our existing problem with more analysis and hope in future it will be one of the well known secure group authentication protocol for mobile ad hoc network environment. Drawback of proposed protocol The only one major drawback of this designed protocol is that security of channel is not implemented when communication between distributor and shareholders. Conclusion In this chapter, it has been discussed about our proposed protocol, list of entities, flow of communication, network establishment process, detail communication, key benefits of proposed protocol and drawback.

In our secured group authentication protocol has some core entities such as – distributor, shareholder, and new member. And various types of data flow, which is differentiating by context of communication demand and medium, such as distributor to Shareholder communication and data, flow, new node to share holder communication by multicast channel, ZKP session between Shareholder and new node.

Conclusion and Proposal for Future Through out the research methodology, the security and privacy issues of mobile ad hoc network faces and protection objectives that need to be achieved have been analysed. Though, the security-sensitive applications of mobile ad hoc networks require high degree of security; on the other hand, mobile ad hoc networks are inherently exposed to security attacks. Therefore, security mechanisms are essential for mobile ad hoc networks. The strangeness of mobile ad hoc networks poses both challenges and opportunities for these mechanisms. Our main interest is how to establish a secure key management service in mobile ad hoc networking environment and how to provide a secured group authentication protocol. . These two issues are essential to achieving our security goals. To build a highly available and highly secure key management service, we propose to use threshold cryptography to distribute trust among a set of shareholder and Zero Knowledge proof. Furthermore, our key management service employs share refreshing to achieve proactive security and to adapt to changes in the network in a scalable way. Proactive security services have been proposed but it is not implemented in this thesis. In future hope it will be implementing successfully. A prototype of the key management service has been implemented, which shows its feasibility. At the first step of our work to analyse the security threats, to understand the security requirements for ad hoc networks, and to identify existing techniques, as well as to propose new mechanisms to secure ad hoc networks which is secured group authentication protocol. We hope more work needs to be done to implement these security mechanisms in an Ad hoc network and to investigate the impact of these security mechanisms on the network performance.

----------

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.