Your SlideShare is downloading. ×
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply



Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Vijaya Bhaskar .Ch, Nagaraju.M, Chaitanya Kumar.N / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue4, July-August 2012, pp.1227-1231Review Of Attacks And Security Threats As Securing In Wireless Ad Hoc Networks Vijaya Bhaskar .Ch , Chaitanya Kumar.N, Nagaraju.MAbstract Security is an essential requirement in mobile ad devices. In this paper an effort has been made to evaluatehoc network (MANETs). Compared to wired networks, various security threats.MANETs are more vulnerable to security attacks due to thelack of a trusted centralized authority and limitedresources. Attacks on ad hoc networks can be classified as 2. SECURITY REQUIREMENTSpassive and active attacks, depending on whether thenormal operation of the network is disrupted or not. The In any fixed or wireless network, the security isstudy here proposes a theory in this paper based on incorporated at three stages: prevention, detection and cure.Hashing as a tool. This scheme can make most of the on Key parts of prevention stage are authentication anddemand protocols secure. The study should help in making authorization. The authentication is associated withprotocols more robust against attacks and standardize authenticating the participating node, message and any otherparameters for security in routing protocols. meta-data like topology state, hop counts etc. Authorization is associated with recognition. Where detection is the abilityKeywords: security threats, Attacks, secure routing, hash to notice misbehavior carried out by a node in the network,function. the ability to take a corrective action after noticing misbehavior by a node is termed as cure.1. INTRODUCTION Different possible attacks on ad hoc networks are Wireless Ad Hoc networks interesting and eavesdropping, compromising node, distorting message,challenging is its potential use in situations where the replaying message, failing to forward message, jamminginfrastructure support to run a normal network does not signals etc. The central issues behind many of the possibleexist. Some applications include a war zone, an isolated attacks at any level of security stage are authentication,remote area, a disaster zone like earthquake affected area confidentiality, integrity, non repudiation, trustworthinessand virtual class room etc. and availability. Ad-hoc networks are self-organizing wireless There are several proposals available to solve thesenetworks, in which all end nodes act as routers. A Mobile issues, but are not comprehensive in nature as they targetAd hoc Networks (MANET) consists of a set of mobile specific threats separately. Therefore there is a strong needhosts within communication range and exchange the data to have an efficient security regime which can take care ofamong themselves without using any preexisting all the aspects of security.infrastructure. MANET nodes are typically distinguishedby their limited power, processing and memory resources 3. SECURITY THREATSas well as high degree of mobility. In such networks, thewireless mobile nodes may dynamically enter the networkand leave the network. Due to the limited transmissionrange of wireless network nodes, multiple hops are usuallyneeded for a Node to exchange information with any othernode in the network.It is very challenging for researchers to providecomprehensive security for ad hoc networks with thedesired quality of service from all possible threats.Providing security becomes even more challenging when The two broad classes of network attacks are active attacksthe participating nodes are mostly less powerful mobile and passive attacks. 1227 | P a g e
  • 2. Vijaya Bhaskar .Ch, Nagaraju.M, Chaitanya Kumar.N / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue4, July-August 2012, pp.1227-12313.1 Passive Attack  Masquerading: The attacker impersonates an authorized user and thereby gains certain unauthorized privileges. A passive attack on a communications system isone in which the attacker only eavesdrops; he may read  Replay: The attacker monitors transmissions (passivemessages he is not supposed to see, but he does not create attack) and retransmits messages as the legitimate user.or alter messages. This contrasts with an active attack inwhich the attacker may create, forge, alter, replace or  Message modification: The attacker alters a legitimatereroute messages. Generally, the term "passive attack" is message by deleting, adding to, changing, or reordering it.used in the context of cryptanalysis. For example,wiretapping an unencrypted line is a passive attack.  Denial-of-service: The attacker prevents or prohibits the normal use or management of communications facilities.There are three passive attacks that will in theory break The consequences of these attacks include, but are notany cipher except a one-time pad; variants of this work for limited to, loss of proprietary information, legal andeither block ciphers or stream ciphers: recovery costs, tarnished image, and loss of network service.  brute force attack — try all possible keys Ad hoc networks face many problems due to which a  algebraic attack — write the cipher as a system of consistent and secure network flow becomes challenging equations and solve for the key task. Some of the issues associated are given below.  code book attack — collect all possible plaintext/cipher text pairs for a block cipher, or 1) Ad Hoc networks primarily being wireless have limited the entire pseudorandom stream until it starts band-width in comparison to wired networks. Smaller repeating for a stream cipher . packets are available to transfer data and it further constraints to use lesser number of bits for security An attack in which an unauthorized party gains purposes. It has been expected that this limitation will beaccess to an asset and does not modify its content (i.e., eased with the advancement of hardware in future.eavesdropping). Passive attacks can be eithereavesdropping or traffic analysis (sometimes called traffic 2) The participating nodes of an Ad Hoc networks usuallyflow analysis). These two passive attacks are described as are mobile devices which have limited capabilities in terms of processing power, memory size and battery backup. It Eavesdropping: The attacker monitors transmissions for makes the use of digital signature , as a security measuremessage content. An example of this attack is a person less suitable as digital signatures are computation intensive.listening into the transmissions on a network topology The use of digital signatures may also consume considerablebetween two workstations or tuning into transmissions memory if digital signatures are appended by each node thatbetween a wireless handset and a base station. forwards the packet to its destination. Furthermore a PKI infrastructure is not practical in case of Ad Hoc networks. Traffic analysis: The attacker, in a more subtle way, Other problem with use of digital signature is to maintain agains intelligence by monitoring the transmissions for certificate revocation list (CRL), in the absence of a centralpatterns of communication. A considerable amount of server. The solution to this problem can be achieved byinformation is contained in the flow of messages between using some light weight security arrangements only.communicating parties. 3) The use of hashing techniques although offer efficient3.2 Active Attack security measures but have been used relatively less. Hashing technologies like MAC [4], HMAC [4], one way An active attack attempts to alter or destroy the hash chains etc have mostly been used for authenticatingdata being exchanged in the network there by disrupting routing and message information. The effectiveness ofthe normal functioning of the network. hashing techniques depends on the way the collisions have been treated. An attack whereby an unauthorized party makesmodifications to a message, data stream, or file. It ispossible to detect this type of attack but it may not bepreventable. Active attacks may take the form of one offour types masquerading, replay, message modification, LAYER Active Attacks commentand denial-of-service (DoS). These attacks are summarized MAC LAYER Jamming attack The particularas: ATTACKS class of DoS 1228 | P a g e
  • 3. Vijaya Bhaskar .Ch, Nagaraju.M, Chaitanya Kumar.N / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue4, July-August 2012, pp.1227-1231 attacks. messagesNETWORK Wormhole attack severe threats TRANSPORT Session Hijacking spoofs theLAYER to MANET LAYER attack victim‟s IPATTACKS routing ATTACKS address. protocols, DSR SYN Flooding denial-of- or AODV, the attack service attack attack could APPLICATION Repudiation attack prevent the LAYER discovery ATTACKS of any routes other than 4. SECURE ROUTING through the The routing protocols [1,2,3] with in ad hoc wormhole. networks are more vulnerable to attacks as each device acts Blackhole attack exploits the as a relay. Any tampering with the routing information can mobile ad hoc be compromise the whole network. An attacker can routing introduce rogue information with in routing information or protocol, replay old logged or stored information. consumes the The aim is to protect any information or behavior intercepted that can update or cause a change to the routing tables on packets cooperating nodes involved in an ad hoc routing protocol. without any For completeness, timeliness and ordering are added to the forwarding. list of desirable security properties that can eliminate or Byzantine attack Creates routing reduce the threat of attacks against routing protocols. loops. Techniques that can be used to guarantee these properties Routing Attacks - are described in Table 1. Routing Table Overflow, Properties Techniques Routing Table Timeliness Time stamping, Slotted Poisoning, Time Route Cache Ordering Sequence Numbering Poisoning, Rushing Attack Authenticity Password, Certificate Packet Authorization Credential Replication, Integrity Digest, Digital Signature Resource Forward Confidentiality Encryption consumption attack unnecessary packets to the Non-Repudiation Chaining of Digital victim node. Signature IP Spoofing attack impersonates a member by Table 1: Properties of secured routing occupying IP address. The following properties can be integrated into State Pollution a malicious routing protocol messages to prevent attacks that exploit the attack node gives vulnerability of unprotected information in transit: incorrect  Timeliness: Routing updates need to be delivered in a parameters in timely fashion. Update messages that arrive late may not reply reflect the true state of the links or routers on the network. Sybil attack impersonates They can cause incorrect forwarding or even propagate false nonexistent information and weaken the credibility of the update nodes information. Most ad hoc routing protocols have timestamps Fabrication Injects huge and timeout mechanisms to guarantee the freshness of the routes they provide. packets into the networks  Ordering: Out-of-order updates can also affect the Modification make changes correctness of the routing protocols. These messages may to the routing not reflect the true state of the network and may propagate 1229 | P a g e
  • 4. Vijaya Bhaskar .Ch, Nagaraju.M, Chaitanya Kumar.N / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue4, July-August 2012, pp.1227-1231false information. Ad hoc routing protocols have sequence Each of these desirable properties has a cost andnumbers that are unique within the routing domain to keep performance penalty associated with it. Some options suchupdates in order. as enforcing access control to routing tables using Authenticity: Routing updates must originate from credentials and providing non repudiation by chainingauthenticated nodes and users. Mutual authentication is the signatures are extremely expensive and impractical tobasis of a trust relationship. Simple passwords can be used implement and enforce in a generalized routing protocol.for weak authentication. Each entity can append a publickey certificate, attested by a trusted third party to claim its 5. PROPOSED SOLUTION - HASHING TECHNIQUESauthenticity. The certifying authority can implement apassword based login or a challenge-response mechanism Hash Function: Hashing techniques available areto authenticate the identity in the first place. The receiving based on the concept of a hash function that transforms anode can then verify this claim by examining the given input of arbitrary length to a value of a fixed length,certificate. One of the problems in ad hoc networking is the called the hash value. The transformation is done in aabsence of a centralized authority to issue and validate manner that it is computationally infeasible to transform thecertificates of authenticity. hash value to the original value. Hash functions are very Authorization: An authenticated user or node is issued efficient as they do not involve heavy computations andan unforgeable credential by the certificate authority. hence are applied in the area of security for messageThese credentials specify the privileges and permissions authentication and integrity checks.associated by the users or the nodes. Currently, credentials The problem with hash functions is collision.are not used in routing protocol packets, and any packet Collision is a situation where a hash function generates thecan trigger update propagations and modifications to the same hash value for more than one different input values.routing table. Collisions are possible in a hash function due to the fact that Integrity: The information carried in the routing updates it transforms an input of any length to an output of fixedcan cause the routing table to change and alter the flow of length, meaning a mapping from a larger set to a smaller set.packets in the network. Therefore, the integrity of the The solution to this problem is achieved through thecontent of these messages must be guaranteed. This can be adoption of appropriate collision resolution or avoidingaccomplished by using message digests and digital techniques. There can be three ways in which the collisionssignatures. can be handled: first by selecting a hash function that is more and more collision resistant, second by putting the Non-repudiation: Routers cannot repudiate ownership processing in an environment to minimize the chance ofof routing protocol messages they send. A major concern collisions and third by resolving when the collision reallywith the updates is the trust model associated with the takes place. The choice of a hash function, itspropagation of updates that originate from distant nodes. implementation and its associated collision resolutionAd-hoc nodes obtain information from their neighbors and technique depends on problem area that is being solved.forward it to their other neighbors. These neighbors may The popular examples of hashing functions foundforward it to other neighbors and so on. In most existing to be used in different places are HMAC, MD5, SHA-1.protocols, nodes cannot vouch for the authenticity of One way hash chain: A unique way of using hash functionsupdates that are not generated by their immediate is „one way hash chain‟. This concept was firstly used toneighbors. In order to preserve trust relationships, it provide one time password authentication and later for onebecomes necessary to form a chain of routers (using time use of digital cash. One way hash chain is the list ofsignatures to protect integrity) and authenticate every one values that are generated by applying a hash function on anin turn, following the chain to the source. This is necessary initial value repeatedly. Every value, except the initial one,because trust relationships are not transitive. Alternative is therefore generated by applying hash function to itssolutions that avoid chaining include the path attribute previous value exactly one time. This way, any value frommechanism developed for Secure BGP and secure distance that list can be authenticated by providing the previousvector routing. value in the sequence as a key. Therefore the values of a Confidentiality: In addition to integrity, sometimes it chain can be used in the reverse order of their generation.may be necessary to prevent intermediate or non-trusted The problem with hash chain is to synchronize thenodes from understanding the contents of packets as they authentication process with the revealing of the validatingare exchanged between routers. Encrypting the routing keys. A message will be incorrectly invalidated if timeprotocol packets themselves can prevent unauthorized duration in which the validating key (the previous hashusers from reading it. Only routers that have the decryption value from the hash chain) is being advertised is missedkey can decrypt these messages and participate in the Many of the implementations of one way hash chains in adrouting. This is employed when a node cannot trust one or hoc network are based on TESLA[4] protocol which wasmore of its immediate neighbors to route packets correctly, initially developed for authenticating broadcast messages.etc. 1230 | P a g e
  • 5. Vijaya Bhaskar .Ch, Nagaraju.M, Chaitanya Kumar.N / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue4, July-August 2012, pp.1227-1231Hash Trees: Hash tree is a tree of hash values that has protocols, but neither work discusses the mechanisms forbeen built up on a set of some initial values. The lowest detecting the status of these links.layer of the tree comprise of the initial values as the leafnodes, In the next layer of the tree the initial values are 7. CONCLUSIONindividually converted to their corresponding hash values In this paper, the security threats for an ad hocwhile in the subsequent layers, the hash values are network has been analyzed and presented with the securitycomputed by utilizing more than one values of the lower objectives that need to be achieved. The paper represents thelayer. Eventually we have a top hash value representing the first step of research to analyze the security threats, toroot of the tree. The top hash value can be used to understand the security requirements for ad hoc networks,authenticate any of the values within the tree. and to identify existing techniques, as well as to propose new mechanisms to secure ad hoc networks. Hashing has6. RELATED WORK been used as one of the tools. More skilled technical work Most of the work done around using Hashing has to be done to deploy these security mechanisms in an adtechniques is around authenticating messages and route hoc network and to investigate the impact of these securitytable entries. Bayyaet al [3] demonstrate the use of hashing mechanisms on the network performance depending up onas part of password based authenticated key exchange. The the requirements.problems given in this protocol are (1) the need of a strongshared secret (2) the need to constantly change the shared 8. REFERENCESsecret which in turn may prove to be computationally [1] W. Stallings,” Network and Internetwork Securityexpensive. Adrian et al [ ] used symmetric cryptography to Principles and Practice”, Prentice Hall, Englewoodsecure ad hoc networks by using one way hash chains or Cliffs, NJ, 1995.Markle hash tree as part of SEAD protocol for proactive [2] NIST, Fed. Inf. Proc. Standards, “Secure Hashrouting. In this protocol the elements of hash chain are Standard,” Pub. 180, May 1993.used directly to authenticate the sequence number and [3] Bayya, Arun. Security in Ad-hoc Networks,other metric in each entry. The problems identified with Computer Science Department. University ofSEAD protocol are (1) no provision of a secure initial key Kentuckydistribution (2) count-to-infinity problem where the routing [4] D. B. J. Yih-Chun Hu, Adrian Perrig. Ariadne: Atable update of one node forces the routing table update in secure on-demand routing protocol for ad-hocanother node which in tern forces the update in the first networks. In Proceedings of the Eighth Annualnode and so on (3) observes greater network traffic. Adrian International Conference on Mobile Computinget al [5], in one of the variants of their routing protocols and Networking (MobiCom 2002), Sept. 2002.named „Secure On-Demand Routing Protocol‟ based [5] Y. Hu, D. Johnson, and A. Perrig, “Sead: Secureauthentication on TESLA which in turn depends on using Efficient Distance Vector Routing for Mobilehashing in the form of MAC for authenticating messages. Wireless Ad Hoc Networks,” IEEE WMCSA,TESLA also takes care of constantly changing keys with 2002.the help of one-way key chains which are published on a [6] Abhay Kumar Rai, Rajiv Ranjan Tewari & Saurabhtime synchronization pattern. The problem associated with Kant Upadhyay,Adrian is strict time synchronization. Zapata [7] in its “Different Types of Attacks on Integratedproposed protocol, SAODV [7] uses a new one-way hash MANET-Internetchain for each Route Discovery to secure the metric field Communication,” International Journal ofin an RREQ packet. It also uses asymmetric cryptography Computer Science andto initially authenticate participating nodes. Adding two Security (IJCSS) Volume: 4 Issue: 3.issues to create security will demand more mathematics [7] Manel Guerrero Zapata, N. Asokan. Securing Adand slow down causing end to end delay. Maintenance of Hoc Routing Protocol. WiSe 2002PKI infrastructure is always a problem in case ofasymmetric primitives being used. [8] Pradip M. Jawandhiya et. al. / International Journal of Engineering Science and Technology Vol. 2(9),Cheung [5] and Hauser et al. [5] describe symmetric-key 2010, 4063-4071.approaches to the authentication of updates in link state 1231 | P a g e