INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Transcription

1 INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK AN OVERVIEW OF MOBILE ADHOC NETWORK: INTRUSION DETECTION, TYPES OF ATTACKS AND ROUTING PROTOCOLS MS. KALYANI P. SABLE 1, PROF. G. D. GULHANE 2, DR. H. R. DESHMUKH 3 1. Student of Master of Engineering in (CSE), IBSS college of Engineering and Technology, Amravati, India. 2. Assistant professor Department of (CSE), IBSS College of Engineering and Technology, Amravati, India. 3. Head of the Department of (CSE), IBSS College of Engineering and Technology, Amravati, India. Accepted Date: 05/03/2015; Published Date: 01/05/2015 Abstract: Mobile ad hoc network (MANET) is an autonomous system of mobile nodes which is connected by wireless links. Each node operates as an end system and also as a router to forward packets. The nodes are free to move about and organize themselves into a network. These nodes change position frequently. A MANET is a type of adhoc network that can change locations and configure itself. Because nodes are without any predefined infrastructure and mobility then that are susceptible for intrusion and attack. Securing is an important field in this type of network. Compared to wired networks, MANETs are more vulnerable to security attacks due to the lack of a trusted centralized authority and limited resources. In this paper the concept of intrusion detection system, types of attacks and routing protocols in MANET is represented. Keywords: MANET, Intrusion Detection System, Black Hole Attack. Corresponding Author: MS. KALYANI P. SABLE Access Online On: How to Cite This Article: PAPER-QR CODE 1247

2 INTRODUCTION In wireless networking, Mobile ad hoc network is one of the more innovative and challenging areas. Consisting of devices that are autonomously self-organizing in networks, ad hoc networks offer a large degree of freedom at a lower cost than other networking solutions. A MANET is an autonomous collection of mobile users that communicate over relatively slow wireless links. Since the nodes are mobile, the network topology may change rapidly and unpredictably over time. The network is decentralized, where all network activity, including discovering the topology and delivering messages must be executed by the nodes themselves. Hence routing functionality will have to be incorporated into the mobile nodes. Each node in a wireless ad hoc network functions as both a host and a router, and the control of the network is distributed among the nodes. The network topology is in general dynamic, because the connectivity among the nodes may vary with time due to node departures, new node arrivals, and the possibility of having mobile nodes. An ad hoc wireless network should be able to handle the possibility of having mobile nodes, which will most likely increase the rate at which the network topology changes. MANET due to nodes mobility and dynamic topology that is frequently change is very susceptible to a variety of attacks such as eavesdropping, routing, packet modification, etc. and securing a MANET under such conditions is challenging. An effective way to identify when an attack occurs in a MANET is the deployment of an Intrusion Detection System (IDS). I. NETWORK SECURITY IN MANETs: Different variables have different impact on security issues and design. Especially environments, origin, range, quality of service and security criticality are variables that affect the security in the network. The ways to implement security vary if the range of the network varies. If the nodes are very far from each other s, the risk of security attacks increases. On the other hand, if the nodes are so close to each other s that they actually can have a physical contact, some secret information (e.g. secret keys) can be transmitted between the nodes without sending them on air. That would increase the level of security, because the physical communication lines are more secure than wireless communication lines. The last variable of Ad Hoc networks described with respect to security is security criticality. This means that before we think of the ways to implement security, we must consider carefully whether security is required at all or whether it matters or not if someone outside can see what packets are sent and what they contain. Is the network threatened if false packets are inserted and old packets are retransmitted? Security issues are 1248

3 not always critical, but it might cost a lot to ensure it. Sometimes there is trade-off between security and costs. II. TYPES OF ATTACKS IN MANET: Due to their particular architecture, ad-hoc networks are more easily attacked than wired network. We can distinguish two kinds of attack: the passive attacks and the active attacks. A passive attack does not disrupt the operation of the protocol, but tries to discover valuable information by listening to traffic. Instead, an active attack injects arbitrary packets and tries to disrupt the operation of the protocol in order to limit availability, gain authentication, or attract packets destined to other nodes. The routing protocols in MANET are quite insecure because attackers can easily obtain information about network topology. a. Attacks Using Modification: One of the simplest ways for a malicious node to disturb the good operation of an ad-hoc network is to announce better routes (to reach other nodes or just a specific one) than the other nodes. This kind of attack is based on the modification of the metric value for a route or by altering control message fields. b. Attacks using impersonation: These attacks are called spoofing since the malicious node hides its real IP address or MAC addresses and uses another one. As current ad-hoc routing protocols like AODV and DSR do not authenticate source IP address, a malicious node can launch many attacks by using spoofing. For example, a hacker can create loops in the network to isolate a node from the remainder of the network. To do this, the hacker just has to take IP address of other node in the network and then use them to announce new route (with smallest metric) to the others nodes. By doing this, he can easily modify the network topology as he wants. c. Attacks using fabrication: Layer Application layer Transport layer Network layer Data link layer Physical layer Multi-layer attacks Attacks Repudiation and data corruption Session hijacking, SYN flooding Wormhole, blackhole, Byzantine, flooding, Resource consumption, location disclosure attacks Traffic analysis, monitoring, disruption MAC (802.11), WEP weakness Jamming, interceptions, eavesdropping DoS, impersonation, replay, man-in-the-middle Table 1: Different types of attacks on different layers of protocol stack: Classification 1249

4 III. INTRUSION DETECTION SYSTEM: The IDS system is an integrated method for detect any attacks by analyzing and continues monitoring network activities. Intrusion detection systems can be run on each mobile node to check local traffic and detect local intrusions. These nodes can communicate local intrusion information to each other as and when needed. Figure1 show the local model of intrusion detection system. Each node has local IDS that by this, node can connect to network and local IDS checking all send or receive data in/out node. Other technique is to run intrusion detection system for self and neighbor nodes to check for malicious neighbor. The global intrusion detection system can be deployed for clusters of mobile nodes where head node is responsible for global intrusion detection for its cluster IDS architecture The existing IDS architectures for MANETs fall under three basic categories (a) stand-alone, (b) cooperative, and (c) hierarchical. Stand-alone: in stand-alone architectures every node performs IDSs locally without collaborating and respond locally. This IDS architecture has a drawback for network attacks. There limitation is in terms of detection accuracy and the type of attacks that they detect Cooperative: in this architecture all nodes in MANET have their own local IDS system. Nodes come to a decision in a distributed fashion cooperatively. Upon determination of an intrusion, nodes share this information, asset attack risk degree and take necessary actions to eliminate the intrusion using active or passive precautions. At the same time, all the nodes participate in a global detection decision making. This is more suitable to a flat MANET. Hierarchical: the hierarchical architectures amount to a multilayer approach, by dividing the network into clusters. Specific nodes are selected (based on specific criteria) to act as clusterheads and undertake various responsibilities and roles in intrusion detection, which are usually different from those of the simple cluster members. The main advantage of this architecture is effective use of constraint resources but has a drawback for highly mobile MANETs for establishing zones and detecting responsible nodes in clusters IDS engine IDS engine is responsible for detecting local intrusions using local audit data. The local intrusion detection is performed using a classification algorithm. Firstly, it performs the appropriate transformations on the selected labeled audit data. Then, it computes the classifier using 1250

5 training data and finally applies the classifier to test local audit data in order to classify it as normal or abnormal IDS watermarking techniques Watermarking is the method for protecting the related data that should exchange between nodes, or is imperceptible added to the cover-signal in order to convey the hidden data. Watermarking techniques are then applied in order to prevent the possible modification of the produced maps. IV. ROUTING PROTOCOLS IN MANETS In order to facilitate communication within the network, a routing protocol is used to discover routes between nodes. The primary goal of such an ad-hoc network routing protocol is correct and efficient route establishment between a pair of nodes so that messages may be delivered in a timely manner. Route construction should be done with a minimum of overhead and bandwidth consumption. An Ad-hoc routing protocol is a convention or standard that controls how nodes come to agree which way to route packets between computing devices in a MANET. In ad-hoc networks, nodes do not have a priori knowledge of topology of network around them, they have to discover it. The basic idea is that a new node announces its presence and listens to broadcast announcements from its neighbors. The node learns about new near nodes and ways to reach them, and announces that it can also reach those nodes. Routing protocols may generally be categorized as: (a) Table-driven OR Proactive routing protocols. (b) On-demand OR Reactive routing protocols. 1251

6 Classification of Routing Protocols in MANETs: V. BLACK HOLE ATTACK: Fig.1: Classification of Routing Protocols in MANETs Black hole problem in MANETS is a serious security problem to be solved. In this problem, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In flooding based protocol, if the malicious reply reaches the requesting node before the reply from the actual node, a forged route has been created. This malicious node then can choose whether to drop the packets to perform a denialof-service attack or to use its place on the route as the first step in a man-in-the-middle attack. One solution for black hole is to find more than one route to the destination (redundant routes, at least three different routes). Then, the source node unicasts a ping packet to the destination using these three routes (we should assign different packet IDs and sequence number, so any node who receive the first packet will not drop the second one if it exists in both paths). The receiver and the malicious in addition to any intermediate node might have a route to the destination will reply to this ping request. The source will check those acknowledgements, and process them in order to figure out which one is not safe and might have the malicious node. The second solution exploits the packet sequence number included in any packet header. The node in this situation needs to have two extra tables; the first table consists of the sequence numbers of the last packet sent to the every node in the network, and the second table for the sequence number received from every sender. During the RREP phase, the intermediate or the destination node must include the sequence number of last packet received from the source that initiates RREQ. Once the source receives this RREP, it will extract the last sequence number and then compare it with the value saved in its table. If it matches the transmission will take place. If not, this replied node is a malicious node, so an alarm message will be broadcast to warn the network about this node. 1252

7 Countermeasures for black hole attacks: Some secure routing protocols, such as the security-aware ad hoc routing protocol (SAR), can be used to defend against black hole attacks. The security-aware ad hoc routing protocol is based on on-demand protocols, such as AODV or DSR. In SAR, a security metric is added into the RREQ packet, and a different route discovery procedure is used. Intermediate nodes receive an RREQ packet with a particular security metric or trust level. At intermediate nodes, if the security metric or trust level is satisfied, the node will process the RREQ packet, and it will propagate to its neighbors using controlled flooding. Otherwise, the RREQ is dropped. If an endto-end path with the required security attributes can be found, the destination will generate a RREP packet with the specific security metric. If the destination node fails to find a route with the required security metric or trust level, it sends a notification to the sender and allows the sender to adjust the security level in order to find a route. To implement SAR, it is necessary to bind the identity of a user with an associated trust level. To prevent identity theft, stronger access control mechanisms such as authentication and authorization are required. In SAR, a simple shared secret is used to generate a symmetric encryption/decryption key per trust level. Packets are encrypted using the key associated with the trust level; nodes belonging to different levels cannot read the RREQ or RREP packets. It is assumed that an outsider cannot obtain the key. In SAR, a malicious node that interrupts the flow of packets by altering the security metric to a higher or lower level cannot cause serious damage because the legitimate intermediate or destination node is supposed to drop the packet, and the attacker is not able to decrypt the packet. SAR provides a suite of cryptographic techniques, such as digital signature and encryption, which can be incorporated on a need-to-use basis to prevent modification. CONCLUSION As the use of mobile ad hoc networks (MANETs) has increased, the security in MANETs has also become more important accordingly. The evolution in the field of mobile computing is driving a new alternative way for mobile communication, in which mobile devices form a self-creating, self-organizing and self-administering wireless network, called a mobile ad hoc network. Mobile Ad hoc networks are generally more vulnerable to physical security threats than fixed or hardwired networks. As the involvement goes on, especially the need of dense deployment such as battlefield and sensor networks, the nodes in ad-hoc networks will be smaller, cheaper, more capable, and come in all forms. In all, although the widespread deployment of ad- hoc 1253

8 networks is still year away, the research in this field will continue being very active and imaginative REFERENCES 1. Qingting Wei, Hongzou. Efficiency Evaluation & Comparison of Routing Protocols in MANETs in International Symposium on Information Science & Engineering Hongmei Deng, Wei Li, Dharma P. Agarwal, Routing Security in Wireless Ad-Hoc Networks in IEEE Communication Magazine Oct Sudipto Das, Security issues in Mobile Ad-Hoc networks 4. Tarek Sheltami & Hussein Mouftah, A Comparative study of On-Demand & Cluster Based Routing Protocols in MANETs, in IEEE Williams Schilling, Internet Protocols and Networking. 6. Jiangyi Hu, Network Layer Security of Mobile Ad-Hoc Networks. 1254