SlideShare a Scribd company logo

Unit_4_Full_pdf.pdf.pdf

Mathavan N
Mathavan N

The document discusses security requirements, issues, and attacks in wireless sensor networks. It describes the key requirements of confidentiality, integrity, availability, and non-repudiation. It then outlines challenges in security provisioning due to characteristics like shared broadcast channels and lack of central authority. Various attacks are defined at the network, transport, application and multi-layers including jamming, blackhole, Byzantine, and denial of service attacks. Cryptography techniques including symmetric and asymmetric key algorithms are discussed as solutions for security provisioning.

Engineering
1 of 105
Download to read offline
EC8702 AD-HOC & WIRELESS SENSOR NETWORKS UNIT –IV Part-I
UNIT IV SENSOR NETWORK SECURITY Network Security Requirements, Issues and Challenges in Security Provisioning, Network Security Attacks, Layer wise attacks in wireless sensor networks, possible solutions for jamming, tampering, black hole attack, flooding attack. Key Distribution and Management, Secure Routing – SPINS, reliability requirements in sensor networks.
NETWORK SECURITY REQUIREMENTS A security protocol for ad hoc wireless networks should satisfy the following requirements. • Confidentiality • Integrity • Availability • Non-repudiation
NETWORK SECURITY REQUIREMENTS Confidentiality: • The data sent by the sender (source node) must be understandable only to the intended receiver (destination node). • If there is any intruder, it must not be able to derive any useful information out of the data. • For ensuring confidentiality , data encryption is used. Integrity: • The data sent by the source node should reach the destination node without alteration • Any other node in the network should not interfere with the data during transmission.
NETWORK SECURITY REQUIREMENTS Availability: • The network should remain operational all the time. • Able to tolerate link failures and also be capable of surviving various attacks • Able to provide the guaranteed services for authorized user Non-repudiation: • The sender and the receiver of a message cannot later deny the message • Digital signatures are used as unique identifiers for each user
ISSUES AND CHALLENGES IN SECURITY PROVISIONING The following characteristics causes difficulty in providing security in ad hoc wireless networks ▫ Shared broadcast radio channel ▫ Insecure operating environment ▫ Lack of central authority ▫ Lack of association among nodes ▫ Limited availability of resources ▫ Physical vulnerability
ISSUES AND CHALLENGES IN SECURITY PROVISIONING Shared broadcast radio channel: • The radio channel used for communication in ad hoc wireless networks is broadcast in nature • It is shared by all nodes in the network. • Data transmitted by a node is received by all nodes within its direct transmission range. • So a intruder node could easily obtain data being transmitted in the network. • This problem can be minimized by using directional antennas.
ISSUES AND CHALLENGES IN SECURITY PROVISIONING Insecure operational environment: • The operating environments of ad hoc wireless networks are not always be secure. • In battlefield applications, nodes may move in and out of hostile and insecure enemy territory • It would be highly in danger to security attacks.
ISSUES AND CHALLENGES IN SECURITY PROVISIONING Lack of central authority: In Wired networks and infrastructure-based wireless networks : • The traffic can be monitored through certain important central points (such as routers, base stations, and access points) • Security mechanisms can also be implemented at such points. In ad hoc wireless networks : • These mechanisms cannot be applied as there is no central points.
ISSUES AND CHALLENGES IN SECURITY PROVISIONING Lack of association: • Ad-Hoc networks are dynamic in nature • So a node can join or leave the network at any point of the time • There is no proper authentication mechanism used for associating nodes with a network • Hence an intruder would be able to join into the network quite easily and carry out their attacks.
ISSUES AND CHALLENGES IN SECURITY PROVISIONING Limited resource availability: • Limited Resources such as bandwidth, battery power, and computational power in ad hoc wireless networks. • Hence, it is difficult to implement complex cryptography- based security mechanisms in such networks. Physical vulnerability: • Compact nodes and hand-held in nature. • They could get damaged easily and are also in danger to theft.
NETWORK SECURITY ATTACKS Attacks on ad hoc wireless networks can be classified into two broad categories, (i)Passive attacks (ii)Active attacks Passive Attack: • A passive attack does not disrupt the operation of the network • The opponent intrudes the data exchanged in the network without altering it. • Here, the requirement of confidentiality is violated
NETWORK SECURITY ATTACKS Drawback: • Detection of passive attacks is very difficult since the operation of the network itself does not get affected. Solution: • Use powerful encryption mechanisms to encrypt the data being transmitted and it is impossible for eavesdroppers to obtain any useful information from the data overheard.
NETWORK SECURITY ATTACKS Active Attack: • An active attack attempts to alter or destroy the data being exchanged in the network • It disrupts the normal functioning of the network. Active Attacks can be classified further into two categories, (i)External attacks (ii)Internal attacks. External attacks : • They are carried out by nodes that do not belong to the network. • These attacks can be prevented by using standard security mechanisms such as encryption techniques and firewalls.
NETWORK SECURITY ATTACKS Internal attacks : • They are the nodes that belongs to the network. • So internal attacks are more severe and difficult to detect when compared to external attacks.
Classifications of attacks
Network Layer Attacks Wormhole attack: • In this attack, an attacker receives packets at one location in the network and tunnels them to another location in the Network • Then the packets are resent into the network . • This tunnel between two colluding attackers is referred to as a wormhole. • It could be established through a single long-range wireless link or even through a wired link between the two colluding attackers.
Wormhole attack
Wormhole attack • Due to the broadcast nature of the radio channel, the attacker can create a wormhole even for packets not addressed to itself. • Though no harm is done if the wormhole is used properly for efficient relaying of packets, it puts the attacker in a powerful position compared to other nodes in the network Effects: • Due to wormhole attacks, most of the existing routing protocols for ad hoc wireless networks may fail to find valid routes.
Blackhole attack Blackhole attack: • In this attack, a malicious node falsely advertises good paths (e.g., shortest path or most stable path) to the destination node • This happens during the path-finding process (in on-demand routing protocols) or in the route update messages (in table- driven routing protocols). Effects: • Hinder(delay) to the path-finding process • Interrupt all data packets being sent to the destination node concerned.
Blackhole attack • Node A needs to transmit packets to the node E • It send a route request packet to all the nodes • The Malicious node M give false reply to node A fastly. • The node A now sends the data to the M node • The packets are dropped now.
Byzantine attack Byzantine attack: • The compromised intermediate node or a set of compromised intermediate nodes works in collusion and carries out attacks such as ▫ Creating routing loops, ▫ Routing packets on non-optimal paths ▫ Selectively dropping packets • Byzantine failures are hard to detect ,as the network would seem to be operating normally in the viewpoint of the nodes
Information disclosure Information disclosure: • A compromised node may leak confidential or important information to unauthorized nodes in the network • Such information may include information such as ▫ Network topology ▫ Geographic location of nodes ▫ Optimal routes to authorized nodes in the network
Resource consumption attack Resource consumption attack: • In this attack, a malicious node tries to consume/waste away resources of other nodes present in the network. • The limited resources that are targeted are ▫ Battery power ▫ Bandwidth ▫ Computational power • The attacks could be in the form of unnecessary requests for routes, very frequent generation of beacon packets, or forwarding of stale(old) packets to nodes.
Resource consumption attack Sleep deprivation attack: • The battery power of another node is used by keeping that node always busy by continuously pumping packets to that node • This is known as a sleep deprivation attack.
Resource consumption attack Sleep deprivation attack: • The battery power of another node is used by keeping that node always busy by continuously pumping packets to that node • This is known as a sleep deprivation attack.
Routing attacks Routing attacks: The various attacks on the routing protocol are – Routing table overflow – Routing table poisoning – Packet replication – Route cache poisoning – Rushing attack
Routing attacks Routing table overflow: Objective: • Attack aims to cause an overflow of the routing tables • In this type of attack, an adversary node broadcasts the routes of non-existent nodes to the authorized nodes present in the network. • This in turn prevent the creation of entries corresponding to new routes to authorized nodes. • Proactive routing protocols are more at risk to this attack compared to reactive routing protocols.
Routing attacks Routing table poisoning: • The compromised nodes in the networks send false routing updates or modify genuine route update packets sent to other uncompromised nodes. • Routing table poisoning may result in ▫ Sub-optimal Routing ▫ Congestion in portions of the network ▫ Some parts of the network are inaccessible.
Routing attacks Packet replication: • In this attack, an adversary node replicates stale packets. • This consumes additional bandwidth and battery power resources available to the nodes • This also causes unnecessary confusion in the routing process.
Routing attacks Route cache poisoning: • In the case of on-demand routing protocols (AODV protocol ), each node maintains a route cache • This cache holds information regarding routes that have become known to the node in the recent past. • An adversary can also alter the route cache.
Routing attacks Rushing attack: • On-demand routing protocols that use duplicate suppression during the route discovery process are vulnerable to this attack For example • Consider source node is sending RouteRequestpacket to all the neighboring nodes in the network. • An adversary node which receives a RouteRequestpacket from the source node floods the packet quickly throughout the network
Routing attacks Rushing attack: • If the neighboring nodes receives the RouteRequestpacket at first from the adversary Nodes,then it discard the original RouteRequestpacket from source node as duplicate packet. • Any route discovered by the source node would contain the adversary node as one of the intermediate nodes. • Hence, the source node would not be able to find secure routes • It is extremely difficult to detect such attacks in ad hoc wireless networks.
Transport Layer Attacks Session hijacking: • This attack is specific to the transport layer in the network protocol stack • Here, an adversary takes control over a session between two nodes. • The most authentication processes are carried out only at the start of a session • Once the session between two nodes gets established, the adversary node tricks as one of the end nodes of the session and hijacks the session.
Application Layer Attacks Repudiation: • This flaw is associated with the application layer in the network protocol stack. • In simple terms, repudiation refers to the denial or attempted denial by a node involved in a all part of communication
Other Attacks Other Attacks • These security attacks cannot strictly be associated with any specific layer in the network protocol stack. Multi-layer Attacks • Multi-layer attacks are those that could occur in any layer of the network protocol stack. Device Tampering • Ad hoc wireless networks are usually compact, soft, and hand- held in nature. • They could get damaged or stolen easily.
Multi-layer Attacks Some of the multi-layer attacks in ad hoc wireless networks are 1. Denial of Service: – Jamming: – SYN flooding – Distributed DoS attack 2. Impersonation
Denial of Service Denial of Service: • In this type of attack, an adversary attempts to prevent legitimate and authorized users to access the network services. • A denial of service (DoS) attack can be carried out in many ways. Attack I: • The classic way is to flood packets to any centralized resource (e.g.,an access point) used in the network so that the resource is no longer available to nodes in the network • This results in the network no longer operating in the regular manner • This may lead to a failure in the delivery of guaranteed services to the end users.
Denial of Service Attack II: • On the physical and MAC layers, an adversary could employ jamming signals which disrupt the on-going transmissions on the wireless channel. Attack III: • On the network layer, an adversary could take part in the routing process and exploit the routing protocol to disrupt the normal functioning of the network. • For example, an adversary node could participate in a session but simply drop a certain number of packets, which may lead to degradation in the QoS being offered by the network.
Denial of Service Attack IV: • On the higher layers, an adversary could bring down critical services such as the key management service • Some of the DoS attacks are described below. Denial of Service: – Jamming: – SYN flooding – Distributed DoS attack
Jamming Jamming: • In this form of attack, the adversary initially keeps monitoring the wireless medium • And then it determines the frequency at which the receiver node is receiving signals from the sender • It then transmits signals on that frequency so that error-free reception at the receiver is hindered To Overcome jamming: • Frequency hopping spread spectrum (FHSS) and direct sequence spread spectrum (DSSS) are used
SYN flooding SYN flooding: • The adversary node sends a large number of SYN packets to a victim node • This adversary node give fake return addresses in the SYN packets. • On receiving the SYN packets, the victim node sends back acknowledgment (SYN-ACK) packets to that address. • However, the victim node would not receive any ACK packet in return. • In effect, a half-open connection gets created.
SYN flooding SYN flooding: • The victim node builds up a table/data structure for holding information regarding all pending connections. • The increasing number of half-open connections results in an overflow in the table. • Because of the table overflow, the victim node would be forced to reject the call request from a legitimate node
Distributed DoS attack • This attack is severe • In this attack, several adversaries that are distributed throughout the network collude and prevent legitimate users from accessing the services offered by the network.
Impersonation Impersonation: • In impersonation attacks, an adversary assumes the identity and privileges of an authorized node, • It makes the network resources that may not be available to authorized node under normal circumstances • It also disrupt the normal functioning of the network by injecting false routing information into the network. • An adversary node could by chance guess the identity and authentication detailsof the authorized node (target node), or • The adversary node could spy for information regarding the identity and authentication of the target node from a previous Communication
Impersonation • It could avoid or disable the authentication mechanism at the target node. • A man-in-the-middle attack is another type of impersonation attack. • Here, the adversary reads and possibly modifies, messages between two end nodes without letting either of them know that they have been attacked. • Suppose two nodes X and Y are communicating with each other • The adversary impersonates node Y with respect to node X and impersonates node X with respect to node Y
KEY MANAGEMENT Cryptography • Cryptography is one of the most common and reliable means to overcome the attacks and to ensure security. • It is not specific to ad hoc wireless networks. • It can be applied to any communication network. • It is the study of the principles, techniques, and algorithms by which information is transformed into a disguised version. • Hence no unauthorized person can read, but which can be recovered in its original form by an intended recipient.
Cryptography • The original information to be sent from one person to another is called plaintext. • This plaintext is converted into ciphertext by the process of encryption algorithms or functions. • An authentic receiver can decrypt/decode the ciphertext back into plaintext by the process of decryption.
Cryptography • The processes of encryption and decryption are governed by keys-a small amount of information • When the key is to be kept secret to ensure the security of the system, it is called a secret key. • The secure administration of cryptographic keys is called key management • Four main goals of cryptography are (i)Confidentiality (ii)Integrity (iii) Non-Repudiation (iv)Authentication -The receiver should be able to identify the sender
Cryptography There are two major kinds of cryptographic algorithms (i) Symmetric key algorithms-Use the same key for encryption and decryption (ii)Asymmetric key algorithms-Use two different keys for encryption and decryption Symmetric key algorithms • Faster to execute electronically • It requires a secret key to be shared between the sender and receiver. • When communication needs to be established among a group of nodes, each sender-receiver pair should share a key • This makes the system non scalable.
Cryptography • If the same key is used among more than two parties, a breach of security at any one point makes the whole system in danger. Asymmetric key algorithms • They are based on some mathematical principles which make it impossible to obtain one key from another • Therefore, one of the keys can be made public while the other is kept secret (private). • This is called public key cryptography. • The network would be open to attacks once the underlying mathematical problem is solved.
Symmetric Key Algorithms There are two kinds of symmetric key algorithms (i)Using block ciphers (ii)Using stream ciphers. Using Block ciphers: • A block cipher is an encryption scheme in which the plaintext is broken into fixed-length segments called blocks • The blocks are encrypted one at a time. • The simplest examples include substitution and transposition.
Symmetric Key Algorithms-Substitution Step I: The table mapping ie the original and the substituted alphabet should be available at both the sender and receiver. Step II: The text is broken into fixed blocks. The block length used is five Step III: Each alphabet of the plaintext is substituted by another in the ciphertext
Symmetric Key Algorithms-Substitution
Symmetric Key Algorithms-Transposition A transposition cipher permutes the alphabet in the plaintext to produce the ciphertext.
Symmetric Key Algorithms Using Stream ciphers • A stream cipher has block length of one. • Eg:Vernam cipher, which uses a key of the same length as the plaintext for encryption. • The key is randomly chosen and transported securely to the receiver and used for only one communication • This forms the one-time pad which has proven to be the most secure of all cryptographic systems. • The only bottleneck here is to be able to securely send the key to the receiver.
Symmetric Key Algorithms • For example, consider a binary sting Plaintext -1 0 0 1 0 1 0 0 Key -0 1 0 1 1 0 0 1 XOR of the plaintext and key -1 1 0 0 1 1 0 1. • The plaintext is again recovered by XORing the ciphertext with the same key.
Asymmetric Key Algorithms • Asymmetric key (or public key) algorithms use different keys at the sender and receiver ends for encryption and decryption • Let the encryption process be represented by a function E, and decryption by D. • The key E is made public, while D is private, known only to the intended receiver • Then the plaintext m is transformed into the ciphertext c as c = E(m). • The receiver then decodes c by applying D. • Hence, D is such that m = D(c) = D(E(m)).
Asymmetric Key Algorithms • Anyone who wishes to send a message to this receiver encrypts it using E. • Though c can be overheard by adversaries, the function E is based on a computationally difficult mathematical problem, such as the factorization of large prime numbers. • Hence,it is not possible for adversaries to derive D given E. • Only the receiver can decrypt c using the private key D. Example of public key cryptography • RSA system-based on the integer factorization problem.
Asymmetric Key Algorithms-Digital Signature Example • Digital signatures schemes are also based on public key encryption. • In these schemes, the functions E and D are chosen such that D(E(m)) = E(D(m)) = m for any message m. • These are called reversible public key systems. • In this case, the person who wishes to sign a document encrypts it using his/her private key E, which is known only to him/her.
Asymmetric Key Algorithms-Digital Signature Example • Anybody who has his/her public key D can decrypt it and obtain the original document, if it has been signed by the corresponding sender. • In practice, a trusted third party (TTP) is agreed upon • in advance, who is responsible for issuing these digital signatures (D and E pairs) and for resolving any disputes regarding the signatures. • This is usually a governmental or business organization.
Asymmetric Key Algorithms-Digital Signature Example
Key Management Approaches Goal of key management : • To share a secret (some information) among a specified set of participants. • It Requires some varying amounts of initial configuration, communication, and computation. • More methods are available The main approaches to key management are (i)Key Predistribution (ii)Key Transport (iii)Key Arbitration (iv)Key Agreement
Key Predistribution Function of Key predistribution: • To distribute the keys to all interested parties before the start of communication. • All participants must be known a priori, during the initial configuration. • There is no mechanism to include new members in the group or to change the key. • Sub-groups may be formed and it is also an a priori decision with no flexibility during the operation. Advantages: • This method involves much less communication and computation ration.
Key Transport • The communicating entity generates keys and transports them to the other members. • The key is shared among the participating members. • This prior shared key is used to encrypt a new key and is transmitted to all corresponding nodes. • Only those nodes which have the prior shared key can decrypt it. • This is called the key encrypting key (KEK) method.
Key Transport In public key infrastructure (PKI), the key can be encrypted with each recipient’s(alice) public key and transported to it. While decrypting ,recipient should use their private key to get the message This assumes the existence of a TTP, which may not be available for ad hoc wireless networks
Key generation
Key Transport • Key transport without prior shared keys is the Shamir's three-pass protocol . • The scheme is based on a special type of encryption called commutative encryption schemes which are reversible and composable • Consider two nodes Alice and Bob wish to communicate.
Key Transport • Node Alice selects a Key m which it wants to use in its communication with node Bob. • It then generates another random key EA, using which it encrypts m to get EA(m) , and sends to node Bob. • Node Bob encrypts this with a random key EB, and sends it back to node Alice EB(EA(m)). • Now, node Alice decrypts this message with its key and get EB(m) • Finally, node BOB decrypts to get Key m.
Shamir's three-pass protocol
Key Arbitration • Key arbitration schemes use a central arbitrator to create and distribute keys among all participants. • Hence, they are a class of key transport schemes. • Networks which have a fixed infrastructure use the AP as an arbitrator, since it does not have stringent power or computation constraints. • In ad hoc wireless networks, the problem is that the arbitrator has to be powered on at all times to be accessible to all nodes. • This leads to a power drain on that particular node.
Key Arbitration An alternate method: • To make the keying service distributed • The simple replication of the arbitration at different nodes would be expensive for resource-constrained devices • This would offer many attacks. • If any one of the replicated arbitrators is attacked, the security of the whole system breaks down.
Key Agreement • Most key agreement schemes are based on asymmetric key algorithms. • They are used when two or more people want to agree upon a secret key, which will then be used for further communication. • Key agreement protocols are used to establish a secure context with many parties who wish to communicate and an insecure channel. • In group key agreement schemes, each participant contributes a part to the secret key. • These need the least amount of preconfiguration and high computational complexity
Key Agreement • Diffie-Hellman exchange- An asymmetric key algorithm based on discrete logarithms for Two party Key agreement
Key Management in Ad Hoc Wireless Networks Ad hoc wireless networks pose certain specific challenges in key management due to the lack of infrastructure. Three types of infrastructure are missing in ad hoc wireless networks. They are 1.Network infrastructure such as dedicated routers and stable links 2.Services such as name resolution, directory, and TTPs. 3.Administrative support of certifying authorities.
Key Management in Ad Hoc Wireless Networks Password-Based Group Systems • The example scenario for implementation is a meeting room, where different mobile devices want to start a secure session. • Here, the devices involved in the session are to be identified based on their location • Hence, relative location is used as the criterion for access control. • If a TTP which knows the location of the participants exists, then it can implement location-based access control.
Key Management in Ad Hoc Wireless Networks Password-Based Group Systems • A prior shared secret can be obtained by a physically more secure medium such as a wired network. • This secret can be obtained by plugging onto a wired network first, before switching to the wireless mode. • A long string or natural language phrases are given as the password for users for one session. • Such passwords are very weak and open to attack due to (i) High redundancy (ii)Reuse of passwords over different sessions.
Password-based system • Hence, protocols have been proposed to derive a strong key from the weak passwords given by the participants. • This password-based system could be ✓ Two-party, with a separate exchange between any two participants ✓ Whole group, with a leader being elected to preside over the session. • Leader election is a special case of establishing an order among all participants.
Password-based system The protocol used is as follows. • Each participant generates a random number, and sends it to all others. • When every node has received the random number of every other node, a common predecided function is applied on all the numbers to calculate a reference value. • The nodes are ordered based on the difference between their random number and the reference value.
Threshold Cryptography • Public key infrastructure (PKI) enables the easy distribution of keys and is a scalable method. • Each node has a public/private key pair, and a certifying authority (CA) can bind the keys to the particular node. • But the CA has to be present at all times, which may not be feasible in ad hoc wireless networks. • It is also not advisable to simply replicate the CA at different nodes.
Threshold Cryptography Threshold Cryptography Scheme: • There are n servers exist in the ad hoc wireless network • Out of which any (t+1) servers can jointly perform any arbitration or authorization successfully, • But t servers cannot perform the same. • Hence, up to t compromised servers can be tolerated. • This is called an (n, t + 1) configuration, where n ≥ 3t + 1.
Threshold Cryptography • To sign a certificate, each server generates a partial signature using its private key and submits it to a combiner. • The combiner can be any one of the servers. . • Using t + 1 partial signatures (obtained from itself and t other servers), the combiner computes a signature and verifies its validity using a public key.
Threshold Cryptography • If the verification fails, it means that at least one of the t + 1 keys is not valid, so another subset of t + 1 partial signatures is tried. • If the combiner itself is malicious, it cannot get a valid key,because the partial signature of itself is always invalid.
Threshold Cryptography • If the verification fails, it means that at least one of the t + 1 keys is not valid, so another subset of t + 1 partial signatures is tried. • If the combiner itself is malicious, it cannot get a valid key,because the partial signature of itself is always invalid.
Threshold Cryptography Advantages: • The scheme can be applied to asynchronous networks • No bound on message delivery or processing times. Drawbacks: • Vulnerable to DoS attacks. • Adversary can delay a node long enough to violate the synchrony assumption, thereby disrupting the system. • Mobile adversaries can move from one server to another, attack them, and get hold of their private keys.
Threshold Cryptography • Over a period of time, an adversary can have more than t private keys. Solution: • Share refreshing has been proposed, by which servers create a new independent set of shares periodically. • Hence, to break the system, an adversary has to attack and capture more than t servers within the period between two successive refreshes • This improves protection against mobile adversaries.
Self-Organized Public Key Management for Mobile Ad Hoc Networks • The self-organized public key system for ad hoc wireless networks makes use of absolutely no infrastructure – TTP, CA, or server – even during initial configuration. • The users in the ad hoc wireless network issue certificates to each other based on personal acquaintance. • A certificate is a binding between a node and its public key. • These certificates are also stored and distributed by the users themselves.
Self-Organized Public Key Management for Mobile Ad Hoc Networks • Certificates are issued only for a specified period of time and contain their time of expiry along with them. • Before it expires, the certificate is updated by the user who had issued the certificate. • Initially, each user has a local repository consisting of the certificates issued by him and the certificates issued by other users to him. • Hence, each certificate is initially stored twice, by the issuer and by the person for whom it is issued.
Self-Organized Public Key Management for Mobile Ad Hoc Networks • Periodically, certificates from neighbors are requested and the repository is updated by adding any new certificates. • If any of the certificates are conflicting (e.g., the same public key to different users, or the same user having different • public keys), it is possible that a malicious node has issued a false certificate. • A node then labels such certificates as conflicting and tries to resolve the conflict.
Self-Organized Public Key Management for Mobile Ad Hoc Networks • Various methods exist to compare the confidence in one certificate over another. • For instance, another set of certificates obtained from another neighbor can be used to take a majority decision. • This can be used to evaluate the trust in other users and detect malicious nodes. • If the certificates issued by some node are found to be wrong, then that node may be assumed to be malicious. • A certificate graph as a graph whose vertices are public keys of some nodes and whose edges are public-key certificates issued by users.
Self-Organized Public Key Management for Mobile Ad Hoc Networks • When a user X wants to obtain the public key of another user Y, he/she finds a chain of valid public key certificates leading to Y. • The chain is such that the first hop uses an edge from X, that is, a certificate issued by X, the last hop leads into Y(this is a certificate issued to Y) • All intermediate nodes are trusted through the previous certificate in the path. • The protocol assumes that trust is transitive, which may not always be valid.
Secure Routing In Ad Hoc Wireless Networks • Wired Internet- Dedicated routers controlled by the Internet service providers (ISPs) • Ad hoc wireless networks-No dedicated routers and nodes act both as regular terminals (source or destination) and also as routers for other nodes.
Secure Routing In Ad Hoc Wireless Networks The security becomes a challenging task in ad –hoc networks due to • (i)No Dedicated routers • (ii)Mobility of nodes • (iii)Multiple mode of operation • (iv)Limited processing power, • (v)Limited availability of resources such as battery power, bandwidth, and memory
Requirements of a Secure Routing Protocol for Ad Hoc Wireless Networks The fundamental requisites of a secure routing protocol for ad hoc wireless networks are listed as follows: • Detection of malicious nodes • Guarantee of correct route discovery • Confidentiality of network topology • Stability against attacks
Requirements of a Secure Routing Protocol for Ad Hoc Wireless Networks Detection of malicious nodes: A secure routing protocol should be able to (i)Detect the presence of malicious nodes in the network (ii)Avoid the participation of such nodes in the routing process. But if participated ,the routing protocol should choose paths that do not include malicious nodes. Guarantee of correct route discovery: • The routing protocol should be able to find the existing routes • It should also ensure the correctness of the selected route
Requirements of a Secure Routing Protocol for Ad Hoc Wireless Networks Confidentiality of network topology • The malicious nodes able to know the network topology by an information disclosure attack • Then the attacker find the traffic pattern in the network. • If some of the nodes are found to be more active compared to others, the attacker may try to mount (e.g., DoS) attacks on such bottleneck nodes. • This may ultimately affect the on-going routing process. • Hence, the confidentiality of the network topology is an important requirement to be met by the secure routing protocols.
Requirements of a Secure Routing Protocol for Ad Hoc Wireless Networks Stability against attacks • The routing protocol should be able to revert to its normal operating state within a finite amount of time after attack. • Th attacks should not permanently disrupt the routing process. • The protocol must also ensure Byzantine robustness, that is, the protocol should be able to find the nodes becoming malicious after some time
Security Protocols for Sensor Networks (SPINS) • SPINS consists of a suite of security protocols that are optimized for highly resource-constrained sensor networks. • SPINS consists of two main modules: (i)Sensor network encryption protocol (SNEP) (ii)A micro-version of timed, efficient, streaming, loss- tolerant authentication protocol (μTESLA). • SNEP provides ▫ Data authentication ▫ Protection from replay attacks ▫ Semantic security, all with low communication overhead of eight bytes per message.
Security Protocols in Sensor Networks (SPINS) Semantic security : An adversary cannot get any idea about the plaintext even by seeing multiple encrypted versions of the same plaintext. • Encryption of the plaintext uses a shared counter (shared between sender and receiver). • Hence, the same message is encrypted differently at different instances in time. • Message integrity and confidentiality are maintained using a message authentication code (MAC). • This is similar to a checksum derived by applying an authentication scheme with a secret shared key to the message.
Security Protocols in Sensor Networks (SPINS) • The message can be decrypted only if the same shared key is present. • The message also carries the counter value at the instance of transmission (like a time-stamp), to protect against replay attacks.
Security Protocols in Sensor Networks (SPINS) μTESLA : • It ensures an authenticated broadcast, that is, nodes which receive a packet can be assured of its sender's identity. • It requires a loose time synchronization between BS and nodes • The MAC keys are derived from a chain of keys, obtained by applying a one-way function F • A one-way function is one whose inverse is not easily computable.
Security Protocols in Sensor Networks (SPINS) • All nodes have an initial key K0 , which is some key in the key-chain. • The relationship between keys proceeds as K0 = F(K1 ), K1 = F(K2 ), and, in general, Ki = F(Ki+ 1 ). • Given K0 , K1 , ..., Ki , it is not possible to compute Ki+ 1 . • The key to be used changes periodically, and since nodes are synchronized to a common time within a bounded error • They can detect which key is to be used to encrypt/decrypt a packet at any time instant. • The BS periodically discloses the next verification key to all the nodes and this period is known to all nodes.
Security Protocols for Sensor Networks (SPINS) • There is also a specified lag of certain intervals between the usage of a key for encryption and its disclosure to all the receivers. • When the BS transmits a packet, it uses a MAC key which is still secret (not yet disclosed). • The nodes which receive this packet buffer it until the appropriate verification key is disclosed. • As soon as a packet is received, the MAC is checked to ensure that the key used in the MAC has not yet been disclosed
Security Protocols for Sensor Networks (SPINS) • The packets are decrypted once the key-disclosure packet is received from the BS. • If one of the key-disclosure packets is missed,the data packets are buffered till the next time interval, and then authenticated. • For instance, suppose the disclosure packet of Kj does not reach a node; it waits till it receives Kj+ 1 , then computes Kj = F(Kj+ 1 ) and decrypts the packets received in the previous time interval.

Recommended

Security Issues in MANET
Security Issues in MANETSecurity Issues in MANET
Security Issues in MANETNitin Verma
 
Secure routing in wsn-attacks and countermeasures
Secure routing in wsn-attacks and countermeasuresSecure routing in wsn-attacks and countermeasures
Secure routing in wsn-attacks and countermeasuresMuqeed Abdul
 
11011 a0449 secure routing wsn
11011 a0449 secure routing wsn11011 a0449 secure routing wsn
11011 a0449 secure routing wsnMuqeed Abdul
 
security in wireless sensor network
security in wireless sensor networksecurity in wireless sensor network
security in wireless sensor networkRABIA ASHRAFI
 
Manet - The Art of Networking without a Network
Manet - The Art of Networking without a NetworkManet - The Art of Networking without a Network
Manet - The Art of Networking without a NetworkTarun Varshney
 
eabcdefghiaasjsdfasdfasdfasdfasdfas1.ppt
eabcdefghiaasjsdfasdfasdfasdfasdfas1.ppteabcdefghiaasjsdfasdfasdfasdfasdfas1.ppt
eabcdefghiaasjsdfasdfasdfasdfasdfas1.pptraosg
 
Threats in wireless sensor networks
Threats in wireless sensor networksThreats in wireless sensor networks
Threats in wireless sensor networksPriya Kaushal
 
Black hole attack
Black hole attackBlack hole attack
Black hole attackRicha Kumari
 

Recommended

Security Issues in MANET
Security Issues in MANETSecurity Issues in MANET
Security Issues in MANETNitin Verma
 
Secure routing in wsn-attacks and countermeasures
Secure routing in wsn-attacks and countermeasuresSecure routing in wsn-attacks and countermeasures
Secure routing in wsn-attacks and countermeasuresMuqeed Abdul
 
11011 a0449 secure routing wsn
11011 a0449 secure routing wsn11011 a0449 secure routing wsn
11011 a0449 secure routing wsnMuqeed Abdul
 
security in wireless sensor network
security in wireless sensor networksecurity in wireless sensor network
security in wireless sensor networkRABIA ASHRAFI
 
Manet - The Art of Networking without a Network
Manet - The Art of Networking without a NetworkManet - The Art of Networking without a Network
Manet - The Art of Networking without a NetworkTarun Varshney
 
eabcdefghiaasjsdfasdfasdfasdfasdfas1.ppt
eabcdefghiaasjsdfasdfasdfasdfasdfas1.ppteabcdefghiaasjsdfasdfasdfasdfasdfas1.ppt
eabcdefghiaasjsdfasdfasdfasdfasdfas1.pptraosg
 
Threats in wireless sensor networks
Threats in wireless sensor networksThreats in wireless sensor networks
Threats in wireless sensor networksPriya Kaushal
 
Black hole attack
Black hole attackBlack hole attack
Black hole attackRicha Kumari
 
Wireless Sensor Network
Wireless Sensor NetworkWireless Sensor Network
Wireless Sensor NetworkMuhammad Farooq Hussain
 
Mobile slide
Mobile slideMobile slide
Mobile slideAman singh
 
Security in Wireless Sensor Network
Security in Wireless Sensor NetworkSecurity in Wireless Sensor Network
Security in Wireless Sensor Networkgaurav kumar
 
Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...
Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...
Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...Darwin Nesakumar
 
Wireless LAN Security
Wireless LAN SecurityWireless LAN Security
Wireless LAN SecurityAbu Rayhan Ahmmed Rimu
 
Ad hoc routing security
Ad hoc routing security Ad hoc routing security
Ad hoc routing security Harry Sunarsa
 
Security of ad hoc networks
Security of ad hoc networksSecurity of ad hoc networks
Security of ad hoc networksJayesh Rane
 
Vampire attack in wsn
Vampire attack in wsnVampire attack in wsn
Vampire attack in wsnRicha Kumari
 
Wireless Sensor Network Security
Wireless Sensor Network Security Wireless Sensor Network Security
Wireless Sensor Network Security ghaidaa WN
 
Wormhole attack
Wormhole attackWormhole attack
Wormhole attackHarsh Kishore Mishra
 
D0961927
D0961927D0961927
D0961927IOSR Journals
 
Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Tarek Gaber
 
Paper id 71201996
Paper id 71201996Paper id 71201996
Paper id 71201996IJRAT
 
Ioe module 4
Ioe module 4Ioe module 4
Ioe module 4nikshaikh786
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networksPiyush Mittal
 
Security management in mobile ad hoc networks
Security management in mobile ad hoc networksSecurity management in mobile ad hoc networks
Security management in mobile ad hoc networksProf. Dr. Noman Islam
 
Wireless sensor network survey
Wireless sensor network surveyWireless sensor network survey
Wireless sensor network survey915086731
 
Unit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTING
Unit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTINGUnit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTING
Unit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTINGdevika g
 
kuliah 02 network architecture for student .pptx
kuliah 02 network architecture for student .pptxkuliah 02 network architecture for student .pptx
kuliah 02 network architecture for student .pptxIrawanAbiyantoro1
 
Abdullah Mukhtar ppt
Abdullah Mukhtar pptAbdullah Mukhtar ppt
Abdullah Mukhtar pptAbdullah Mukhtar
 
cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...Mathavan N
 
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...Mathavan N
 

More Related Content

Similar to Unit_4_Full_pdf.pdf.pdf

Security in Wireless Sensor Network
Security in Wireless Sensor NetworkSecurity in Wireless Sensor Network
Security in Wireless Sensor Networkgaurav kumar
 
Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...
Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...
Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...Darwin Nesakumar
 
Ad hoc routing security
Ad hoc routing security Ad hoc routing security
Ad hoc routing security Harry Sunarsa
 
Security of ad hoc networks
Security of ad hoc networksSecurity of ad hoc networks
Security of ad hoc networksJayesh Rane
 
Vampire attack in wsn
Vampire attack in wsnVampire attack in wsn
Vampire attack in wsnRicha Kumari
 
Wireless Sensor Network Security
Wireless Sensor Network Security Wireless Sensor Network Security
Wireless Sensor Network Security ghaidaa WN
 
Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Tarek Gaber
 
Paper id 71201996
Paper id 71201996Paper id 71201996
Paper id 71201996IJRAT
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networksPiyush Mittal
 
Security management in mobile ad hoc networks
Security management in mobile ad hoc networksSecurity management in mobile ad hoc networks
Security management in mobile ad hoc networksProf. Dr. Noman Islam
 
Wireless sensor network survey
Wireless sensor network surveyWireless sensor network survey
Wireless sensor network survey915086731
 
Unit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTING
Unit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTINGUnit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTING
Unit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTINGdevika g
 
kuliah 02 network architecture for student .pptx
kuliah 02 network architecture for student .pptxkuliah 02 network architecture for student .pptx
kuliah 02 network architecture for student .pptxIrawanAbiyantoro1
 

Similar to Unit_4_Full_pdf.pdf.pdf (20)

Wireless Sensor Network
Wireless Sensor NetworkWireless Sensor Network
Wireless Sensor Network
 
Mobile slide
Mobile slideMobile slide
Mobile slide
 
Security in Wireless Sensor Network
Security in Wireless Sensor NetworkSecurity in Wireless Sensor Network
Security in Wireless Sensor Network
 
Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...
Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...
Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...
 
Wireless LAN Security
Wireless LAN SecurityWireless LAN Security
Wireless LAN Security
 
Ad hoc routing security
Ad hoc routing security Ad hoc routing security
Ad hoc routing security
 
Security of ad hoc networks
Security of ad hoc networksSecurity of ad hoc networks
Security of ad hoc networks
 
Vampire attack in wsn
Vampire attack in wsnVampire attack in wsn
Vampire attack in wsn
 
Wireless Sensor Network Security
Wireless Sensor Network Security Wireless Sensor Network Security
Wireless Sensor Network Security
 
Wormhole attack
Wormhole attackWormhole attack
Wormhole attack
 
D0961927
D0961927D0961927
D0961927
 
Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014
 
Paper id 71201996
Paper id 71201996Paper id 71201996
Paper id 71201996
 
Ioe module 4
Ioe module 4Ioe module 4
Ioe module 4
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networks
 
Security management in mobile ad hoc networks
Security management in mobile ad hoc networksSecurity management in mobile ad hoc networks
Security management in mobile ad hoc networks
 
Wireless sensor network survey
Wireless sensor network surveyWireless sensor network survey
Wireless sensor network survey
 
Unit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTING
Unit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTINGUnit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTING
Unit 2 -1 ADHOC WIRELESS NETWORK MOBILE COMPUTING
 
kuliah 02 network architecture for student .pptx
kuliah 02 network architecture for student .pptxkuliah 02 network architecture for student .pptx
kuliah 02 network architecture for student .pptx
 
Abdullah Mukhtar ppt
Abdullah Mukhtar pptAbdullah Mukhtar ppt
Abdullah Mukhtar ppt
 

More from Mathavan N

cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...Mathavan N
 
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...Mathavan N
 
rafkwnshru2ocnal9ta1-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
rafkwnshru2ocnal9ta1-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...rafkwnshru2ocnal9ta1-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
rafkwnshru2ocnal9ta1-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...Mathavan N
 
Presentation of Software Defined Radio.ppt
Presentation of Software Defined Radio.pptPresentation of Software Defined Radio.ppt
Presentation of Software Defined Radio.pptMathavan N
 
Engineering Presentation.ppt
Engineering Presentation.pptEngineering Presentation.ppt
Engineering Presentation.pptMathavan N
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptxMathavan N
 
UNIT_III_FULL_PPT.pdf.pdf
UNIT_III_FULL_PPT.pdf.pdfUNIT_III_FULL_PPT.pdf.pdf
UNIT_III_FULL_PPT.pdf.pdfMathavan N
 
Unit_II_ppt.pdf.pdf
Unit_II_ppt.pdf.pdfUnit_II_ppt.pdf.pdf
Unit_II_ppt.pdf.pdfMathavan N
 
Digital_Notes___UNIT_5___EC8702___AD_HOC_AND__WIRELESS_SENSOR__NETWORKS.pdf.pdf
Digital_Notes___UNIT_5___EC8702___AD_HOC_AND__WIRELESS_SENSOR__NETWORKS.pdf.pdfDigital_Notes___UNIT_5___EC8702___AD_HOC_AND__WIRELESS_SENSOR__NETWORKS.pdf.pdf
Digital_Notes___UNIT_5___EC8702___AD_HOC_AND__WIRELESS_SENSOR__NETWORKS.pdf.pdfMathavan N
 
Bio potentials.pdf
Bio potentials.pdfBio potentials.pdf
Bio potentials.pdfMathavan N
 
ECG Recording Method.pdf
ECG Recording Method.pdfECG Recording Method.pdf
ECG Recording Method.pdfMathavan N
 
Bio Amplifiers.pdf
Bio Amplifiers.pdfBio Amplifiers.pdf
Bio Amplifiers.pdfMathavan N
 
Surgical diathermy - EC8073 Medical Electronics - Hints for Slow Learner
Surgical diathermy - EC8073 Medical Electronics - Hints for Slow LearnerSurgical diathermy - EC8073 Medical Electronics - Hints for Slow Learner
Surgical diathermy - EC8073 Medical Electronics - Hints for Slow LearnerMathavan N
 
Electrode Potential with image - EC8073 Medical Electronics - Hints for Slow ...
Electrode Potential with image - EC8073 Medical Electronics - Hints for Slow ...Electrode Potential with image - EC8073 Medical Electronics - Hints for Slow ...
Electrode Potential with image - EC8073 Medical Electronics - Hints for Slow ...Mathavan N
 
Pacemaker - EC8073 Medical Electronics - Hints for Slow Learner
Pacemaker - EC8073 Medical Electronics - Hints for Slow LearnerPacemaker - EC8073 Medical Electronics - Hints for Slow Learner
Pacemaker - EC8073 Medical Electronics - Hints for Slow LearnerMathavan N
 
Electrode with image - EC8073 Medical Electronics - Hints for Slow Learner
Electrode with image - EC8073 Medical Electronics - Hints for Slow LearnerElectrode with image - EC8073 Medical Electronics - Hints for Slow Learner
Electrode with image - EC8073 Medical Electronics - Hints for Slow LearnerMathavan N
 

More from Mathavan N (20)

cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
cznamjwyr36wfmgtmdzc-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
 
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
 
rafkwnshru2ocnal9ta1-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
rafkwnshru2ocnal9ta1-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...rafkwnshru2ocnal9ta1-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
rafkwnshru2ocnal9ta1-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
 
Presentation of Software Defined Radio.ppt
Presentation of Software Defined Radio.pptPresentation of Software Defined Radio.ppt
Presentation of Software Defined Radio.ppt
 
Engineering Presentation.ppt
Engineering Presentation.pptEngineering Presentation.ppt
Engineering Presentation.ppt
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
 
UNIT_III_FULL_PPT.pdf.pdf
UNIT_III_FULL_PPT.pdf.pdfUNIT_III_FULL_PPT.pdf.pdf
UNIT_III_FULL_PPT.pdf.pdf
 
Unit_II_ppt.pdf.pdf
Unit_II_ppt.pdf.pdfUnit_II_ppt.pdf.pdf
Unit_II_ppt.pdf.pdf
 
Digital_Notes___UNIT_5___EC8702___AD_HOC_AND__WIRELESS_SENSOR__NETWORKS.pdf.pdf
Digital_Notes___UNIT_5___EC8702___AD_HOC_AND__WIRELESS_SENSOR__NETWORKS.pdf.pdfDigital_Notes___UNIT_5___EC8702___AD_HOC_AND__WIRELESS_SENSOR__NETWORKS.pdf.pdf
Digital_Notes___UNIT_5___EC8702___AD_HOC_AND__WIRELESS_SENSOR__NETWORKS.pdf.pdf
 
Ad Hoc.pptx
Ad Hoc.pptxAd Hoc.pptx
Ad Hoc.pptx
 
EMG.pdf
EMG.pdfEMG.pdf
EMG.pdf
 
EEG.pdf
EEG.pdfEEG.pdf
EEG.pdf
 
PCG.pdf
PCG.pdfPCG.pdf
PCG.pdf
 
Bio potentials.pdf
Bio potentials.pdfBio potentials.pdf
Bio potentials.pdf
 
ECG Recording Method.pdf
ECG Recording Method.pdfECG Recording Method.pdf
ECG Recording Method.pdf
 
Bio Amplifiers.pdf
Bio Amplifiers.pdfBio Amplifiers.pdf
Bio Amplifiers.pdf
 
Surgical diathermy - EC8073 Medical Electronics - Hints for Slow Learner
Surgical diathermy - EC8073 Medical Electronics - Hints for Slow LearnerSurgical diathermy - EC8073 Medical Electronics - Hints for Slow Learner
Surgical diathermy - EC8073 Medical Electronics - Hints for Slow Learner
 
Electrode Potential with image - EC8073 Medical Electronics - Hints for Slow ...
Electrode Potential with image - EC8073 Medical Electronics - Hints for Slow ...Electrode Potential with image - EC8073 Medical Electronics - Hints for Slow ...
Electrode Potential with image - EC8073 Medical Electronics - Hints for Slow ...
 
Pacemaker - EC8073 Medical Electronics - Hints for Slow Learner
Pacemaker - EC8073 Medical Electronics - Hints for Slow LearnerPacemaker - EC8073 Medical Electronics - Hints for Slow Learner
Pacemaker - EC8073 Medical Electronics - Hints for Slow Learner
 
Electrode with image - EC8073 Medical Electronics - Hints for Slow Learner
Electrode with image - EC8073 Medical Electronics - Hints for Slow LearnerElectrode with image - EC8073 Medical Electronics - Hints for Slow Learner
Electrode with image - EC8073 Medical Electronics - Hints for Slow Learner
 

Recently uploaded

(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...ranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 

Recently uploaded (20)

(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 

Unit_4_Full_pdf.pdf.pdf

  • 1. EC8702 AD-HOC & WIRELESS SENSOR NETWORKS UNIT –IV Part-I
  • 2. UNIT IV SENSOR NETWORK SECURITY Network Security Requirements, Issues and Challenges in Security Provisioning, Network Security Attacks, Layer wise attacks in wireless sensor networks, possible solutions for jamming, tampering, black hole attack, flooding attack. Key Distribution and Management, Secure Routing – SPINS, reliability requirements in sensor networks.
  • 3. NETWORK SECURITY REQUIREMENTS A security protocol for ad hoc wireless networks should satisfy the following requirements. • Confidentiality • Integrity • Availability • Non-repudiation
  • 4. NETWORK SECURITY REQUIREMENTS Confidentiality: • The data sent by the sender (source node) must be understandable only to the intended receiver (destination node). • If there is any intruder, it must not be able to derive any useful information out of the data. • For ensuring confidentiality , data encryption is used. Integrity: • The data sent by the source node should reach the destination node without alteration • Any other node in the network should not interfere with the data during transmission.
  • 5. NETWORK SECURITY REQUIREMENTS Availability: • The network should remain operational all the time. • Able to tolerate link failures and also be capable of surviving various attacks • Able to provide the guaranteed services for authorized user Non-repudiation: • The sender and the receiver of a message cannot later deny the message • Digital signatures are used as unique identifiers for each user
  • 6. ISSUES AND CHALLENGES IN SECURITY PROVISIONING The following characteristics causes difficulty in providing security in ad hoc wireless networks ▫ Shared broadcast radio channel ▫ Insecure operating environment ▫ Lack of central authority ▫ Lack of association among nodes ▫ Limited availability of resources ▫ Physical vulnerability
  • 7. ISSUES AND CHALLENGES IN SECURITY PROVISIONING Shared broadcast radio channel: • The radio channel used for communication in ad hoc wireless networks is broadcast in nature • It is shared by all nodes in the network. • Data transmitted by a node is received by all nodes within its direct transmission range. • So a intruder node could easily obtain data being transmitted in the network. • This problem can be minimized by using directional antennas.
  • 8. ISSUES AND CHALLENGES IN SECURITY PROVISIONING Insecure operational environment: • The operating environments of ad hoc wireless networks are not always be secure. • In battlefield applications, nodes may move in and out of hostile and insecure enemy territory • It would be highly in danger to security attacks.
  • 9. ISSUES AND CHALLENGES IN SECURITY PROVISIONING Lack of central authority: In Wired networks and infrastructure-based wireless networks : • The traffic can be monitored through certain important central points (such as routers, base stations, and access points) • Security mechanisms can also be implemented at such points. In ad hoc wireless networks : • These mechanisms cannot be applied as there is no central points.
  • 10. ISSUES AND CHALLENGES IN SECURITY PROVISIONING Lack of association: • Ad-Hoc networks are dynamic in nature • So a node can join or leave the network at any point of the time • There is no proper authentication mechanism used for associating nodes with a network • Hence an intruder would be able to join into the network quite easily and carry out their attacks.
  • 11. ISSUES AND CHALLENGES IN SECURITY PROVISIONING Limited resource availability: • Limited Resources such as bandwidth, battery power, and computational power in ad hoc wireless networks. • Hence, it is difficult to implement complex cryptography- based security mechanisms in such networks. Physical vulnerability: • Compact nodes and hand-held in nature. • They could get damaged easily and are also in danger to theft.
  • 12. NETWORK SECURITY ATTACKS Attacks on ad hoc wireless networks can be classified into two broad categories, (i)Passive attacks (ii)Active attacks Passive Attack: • A passive attack does not disrupt the operation of the network • The opponent intrudes the data exchanged in the network without altering it. • Here, the requirement of confidentiality is violated
  • 13. NETWORK SECURITY ATTACKS Drawback: • Detection of passive attacks is very difficult since the operation of the network itself does not get affected. Solution: • Use powerful encryption mechanisms to encrypt the data being transmitted and it is impossible for eavesdroppers to obtain any useful information from the data overheard.
  • 14. NETWORK SECURITY ATTACKS Active Attack: • An active attack attempts to alter or destroy the data being exchanged in the network • It disrupts the normal functioning of the network. Active Attacks can be classified further into two categories, (i)External attacks (ii)Internal attacks. External attacks : • They are carried out by nodes that do not belong to the network. • These attacks can be prevented by using standard security mechanisms such as encryption techniques and firewalls.
  • 15. NETWORK SECURITY ATTACKS Internal attacks : • They are the nodes that belongs to the network. • So internal attacks are more severe and difficult to detect when compared to external attacks.
  • 17. Network Layer Attacks Wormhole attack: • In this attack, an attacker receives packets at one location in the network and tunnels them to another location in the Network • Then the packets are resent into the network . • This tunnel between two colluding attackers is referred to as a wormhole. • It could be established through a single long-range wireless link or even through a wired link between the two colluding attackers.
  • 19. Wormhole attack • Due to the broadcast nature of the radio channel, the attacker can create a wormhole even for packets not addressed to itself. • Though no harm is done if the wormhole is used properly for efficient relaying of packets, it puts the attacker in a powerful position compared to other nodes in the network Effects: • Due to wormhole attacks, most of the existing routing protocols for ad hoc wireless networks may fail to find valid routes.
  • 20. Blackhole attack Blackhole attack: • In this attack, a malicious node falsely advertises good paths (e.g., shortest path or most stable path) to the destination node • This happens during the path-finding process (in on-demand routing protocols) or in the route update messages (in table- driven routing protocols). Effects: • Hinder(delay) to the path-finding process • Interrupt all data packets being sent to the destination node concerned.
  • 21. Blackhole attack • Node A needs to transmit packets to the node E • It send a route request packet to all the nodes • The Malicious node M give false reply to node A fastly. • The node A now sends the data to the M node • The packets are dropped now.
  • 22. Byzantine attack Byzantine attack: • The compromised intermediate node or a set of compromised intermediate nodes works in collusion and carries out attacks such as ▫ Creating routing loops, ▫ Routing packets on non-optimal paths ▫ Selectively dropping packets • Byzantine failures are hard to detect ,as the network would seem to be operating normally in the viewpoint of the nodes
  • 23. Information disclosure Information disclosure: • A compromised node may leak confidential or important information to unauthorized nodes in the network • Such information may include information such as ▫ Network topology ▫ Geographic location of nodes ▫ Optimal routes to authorized nodes in the network
  • 24. Resource consumption attack Resource consumption attack: • In this attack, a malicious node tries to consume/waste away resources of other nodes present in the network. • The limited resources that are targeted are ▫ Battery power ▫ Bandwidth ▫ Computational power • The attacks could be in the form of unnecessary requests for routes, very frequent generation of beacon packets, or forwarding of stale(old) packets to nodes.
  • 25. Resource consumption attack Sleep deprivation attack: • The battery power of another node is used by keeping that node always busy by continuously pumping packets to that node • This is known as a sleep deprivation attack.
  • 26. Resource consumption attack Sleep deprivation attack: • The battery power of another node is used by keeping that node always busy by continuously pumping packets to that node • This is known as a sleep deprivation attack.
  • 27. Routing attacks Routing attacks: The various attacks on the routing protocol are – Routing table overflow – Routing table poisoning – Packet replication – Route cache poisoning – Rushing attack
  • 28. Routing attacks Routing table overflow: Objective: • Attack aims to cause an overflow of the routing tables • In this type of attack, an adversary node broadcasts the routes of non-existent nodes to the authorized nodes present in the network. • This in turn prevent the creation of entries corresponding to new routes to authorized nodes. • Proactive routing protocols are more at risk to this attack compared to reactive routing protocols.
  • 29. Routing attacks Routing table poisoning: • The compromised nodes in the networks send false routing updates or modify genuine route update packets sent to other uncompromised nodes. • Routing table poisoning may result in ▫ Sub-optimal Routing ▫ Congestion in portions of the network ▫ Some parts of the network are inaccessible.
  • 30. Routing attacks Packet replication: • In this attack, an adversary node replicates stale packets. • This consumes additional bandwidth and battery power resources available to the nodes • This also causes unnecessary confusion in the routing process.
  • 31. Routing attacks Route cache poisoning: • In the case of on-demand routing protocols (AODV protocol ), each node maintains a route cache • This cache holds information regarding routes that have become known to the node in the recent past. • An adversary can also alter the route cache.
  • 32. Routing attacks Rushing attack: • On-demand routing protocols that use duplicate suppression during the route discovery process are vulnerable to this attack For example • Consider source node is sending RouteRequestpacket to all the neighboring nodes in the network. • An adversary node which receives a RouteRequestpacket from the source node floods the packet quickly throughout the network
  • 33. Routing attacks Rushing attack: • If the neighboring nodes receives the RouteRequestpacket at first from the adversary Nodes,then it discard the original RouteRequestpacket from source node as duplicate packet. • Any route discovered by the source node would contain the adversary node as one of the intermediate nodes. • Hence, the source node would not be able to find secure routes • It is extremely difficult to detect such attacks in ad hoc wireless networks.
  • 34. Transport Layer Attacks Session hijacking: • This attack is specific to the transport layer in the network protocol stack • Here, an adversary takes control over a session between two nodes. • The most authentication processes are carried out only at the start of a session • Once the session between two nodes gets established, the adversary node tricks as one of the end nodes of the session and hijacks the session.
  • 35. Application Layer Attacks Repudiation: • This flaw is associated with the application layer in the network protocol stack. • In simple terms, repudiation refers to the denial or attempted denial by a node involved in a all part of communication
  • 36. Other Attacks Other Attacks • These security attacks cannot strictly be associated with any specific layer in the network protocol stack. Multi-layer Attacks • Multi-layer attacks are those that could occur in any layer of the network protocol stack. Device Tampering • Ad hoc wireless networks are usually compact, soft, and hand- held in nature. • They could get damaged or stolen easily.
  • 37. Multi-layer Attacks Some of the multi-layer attacks in ad hoc wireless networks are 1. Denial of Service: – Jamming: – SYN flooding – Distributed DoS attack 2. Impersonation
  • 38. Denial of Service Denial of Service: • In this type of attack, an adversary attempts to prevent legitimate and authorized users to access the network services. • A denial of service (DoS) attack can be carried out in many ways. Attack I: • The classic way is to flood packets to any centralized resource (e.g.,an access point) used in the network so that the resource is no longer available to nodes in the network • This results in the network no longer operating in the regular manner • This may lead to a failure in the delivery of guaranteed services to the end users.
  • 39. Denial of Service Attack II: • On the physical and MAC layers, an adversary could employ jamming signals which disrupt the on-going transmissions on the wireless channel. Attack III: • On the network layer, an adversary could take part in the routing process and exploit the routing protocol to disrupt the normal functioning of the network. • For example, an adversary node could participate in a session but simply drop a certain number of packets, which may lead to degradation in the QoS being offered by the network.
  • 40. Denial of Service Attack IV: • On the higher layers, an adversary could bring down critical services such as the key management service • Some of the DoS attacks are described below. Denial of Service: – Jamming: – SYN flooding – Distributed DoS attack
  • 41. Jamming Jamming: • In this form of attack, the adversary initially keeps monitoring the wireless medium • And then it determines the frequency at which the receiver node is receiving signals from the sender • It then transmits signals on that frequency so that error-free reception at the receiver is hindered To Overcome jamming: • Frequency hopping spread spectrum (FHSS) and direct sequence spread spectrum (DSSS) are used
  • 42. SYN flooding SYN flooding: • The adversary node sends a large number of SYN packets to a victim node • This adversary node give fake return addresses in the SYN packets. • On receiving the SYN packets, the victim node sends back acknowledgment (SYN-ACK) packets to that address. • However, the victim node would not receive any ACK packet in return. • In effect, a half-open connection gets created.
  • 43. SYN flooding SYN flooding: • The victim node builds up a table/data structure for holding information regarding all pending connections. • The increasing number of half-open connections results in an overflow in the table. • Because of the table overflow, the victim node would be forced to reject the call request from a legitimate node
  • 44. Distributed DoS attack • This attack is severe • In this attack, several adversaries that are distributed throughout the network collude and prevent legitimate users from accessing the services offered by the network.
  • 45. Impersonation Impersonation: • In impersonation attacks, an adversary assumes the identity and privileges of an authorized node, • It makes the network resources that may not be available to authorized node under normal circumstances • It also disrupt the normal functioning of the network by injecting false routing information into the network. • An adversary node could by chance guess the identity and authentication detailsof the authorized node (target node), or • The adversary node could spy for information regarding the identity and authentication of the target node from a previous Communication
  • 46. Impersonation • It could avoid or disable the authentication mechanism at the target node. • A man-in-the-middle attack is another type of impersonation attack. • Here, the adversary reads and possibly modifies, messages between two end nodes without letting either of them know that they have been attacked. • Suppose two nodes X and Y are communicating with each other • The adversary impersonates node Y with respect to node X and impersonates node X with respect to node Y
  • 47. KEY MANAGEMENT Cryptography • Cryptography is one of the most common and reliable means to overcome the attacks and to ensure security. • It is not specific to ad hoc wireless networks. • It can be applied to any communication network. • It is the study of the principles, techniques, and algorithms by which information is transformed into a disguised version. • Hence no unauthorized person can read, but which can be recovered in its original form by an intended recipient.
  • 48. Cryptography • The original information to be sent from one person to another is called plaintext. • This plaintext is converted into ciphertext by the process of encryption algorithms or functions. • An authentic receiver can decrypt/decode the ciphertext back into plaintext by the process of decryption.
  • 49. Cryptography • The processes of encryption and decryption are governed by keys-a small amount of information • When the key is to be kept secret to ensure the security of the system, it is called a secret key. • The secure administration of cryptographic keys is called key management • Four main goals of cryptography are (i)Confidentiality (ii)Integrity (iii) Non-Repudiation (iv)Authentication -The receiver should be able to identify the sender
  • 50. Cryptography There are two major kinds of cryptographic algorithms (i) Symmetric key algorithms-Use the same key for encryption and decryption (ii)Asymmetric key algorithms-Use two different keys for encryption and decryption Symmetric key algorithms • Faster to execute electronically • It requires a secret key to be shared between the sender and receiver. • When communication needs to be established among a group of nodes, each sender-receiver pair should share a key • This makes the system non scalable.
  • 51. Cryptography • If the same key is used among more than two parties, a breach of security at any one point makes the whole system in danger. Asymmetric key algorithms • They are based on some mathematical principles which make it impossible to obtain one key from another • Therefore, one of the keys can be made public while the other is kept secret (private). • This is called public key cryptography. • The network would be open to attacks once the underlying mathematical problem is solved.
  • 52. Symmetric Key Algorithms There are two kinds of symmetric key algorithms (i)Using block ciphers (ii)Using stream ciphers. Using Block ciphers: • A block cipher is an encryption scheme in which the plaintext is broken into fixed-length segments called blocks • The blocks are encrypted one at a time. • The simplest examples include substitution and transposition.
  • 53. Symmetric Key Algorithms-Substitution Step I: The table mapping ie the original and the substituted alphabet should be available at both the sender and receiver. Step II: The text is broken into fixed blocks. The block length used is five Step III: Each alphabet of the plaintext is substituted by another in the ciphertext
  • 55. Symmetric Key Algorithms-Transposition A transposition cipher permutes the alphabet in the plaintext to produce the ciphertext.
  • 56. Symmetric Key Algorithms Using Stream ciphers • A stream cipher has block length of one. • Eg:Vernam cipher, which uses a key of the same length as the plaintext for encryption. • The key is randomly chosen and transported securely to the receiver and used for only one communication • This forms the one-time pad which has proven to be the most secure of all cryptographic systems. • The only bottleneck here is to be able to securely send the key to the receiver.
  • 57. Symmetric Key Algorithms • For example, consider a binary sting Plaintext -1 0 0 1 0 1 0 0 Key -0 1 0 1 1 0 0 1 XOR of the plaintext and key -1 1 0 0 1 1 0 1. • The plaintext is again recovered by XORing the ciphertext with the same key.
  • 58. Asymmetric Key Algorithms • Asymmetric key (or public key) algorithms use different keys at the sender and receiver ends for encryption and decryption • Let the encryption process be represented by a function E, and decryption by D. • The key E is made public, while D is private, known only to the intended receiver • Then the plaintext m is transformed into the ciphertext c as c = E(m). • The receiver then decodes c by applying D. • Hence, D is such that m = D(c) = D(E(m)).
  • 59. Asymmetric Key Algorithms • Anyone who wishes to send a message to this receiver encrypts it using E. • Though c can be overheard by adversaries, the function E is based on a computationally difficult mathematical problem, such as the factorization of large prime numbers. • Hence,it is not possible for adversaries to derive D given E. • Only the receiver can decrypt c using the private key D. Example of public key cryptography • RSA system-based on the integer factorization problem.
  • 60.
  • 61. Asymmetric Key Algorithms-Digital Signature Example • Digital signatures schemes are also based on public key encryption. • In these schemes, the functions E and D are chosen such that D(E(m)) = E(D(m)) = m for any message m. • These are called reversible public key systems. • In this case, the person who wishes to sign a document encrypts it using his/her private key E, which is known only to him/her.
  • 62. Asymmetric Key Algorithms-Digital Signature Example • Anybody who has his/her public key D can decrypt it and obtain the original document, if it has been signed by the corresponding sender. • In practice, a trusted third party (TTP) is agreed upon • in advance, who is responsible for issuing these digital signatures (D and E pairs) and for resolving any disputes regarding the signatures. • This is usually a governmental or business organization.
  • 64. Key Management Approaches Goal of key management : • To share a secret (some information) among a specified set of participants. • It Requires some varying amounts of initial configuration, communication, and computation. • More methods are available The main approaches to key management are (i)Key Predistribution (ii)Key Transport (iii)Key Arbitration (iv)Key Agreement
  • 65. Key Predistribution Function of Key predistribution: • To distribute the keys to all interested parties before the start of communication. • All participants must be known a priori, during the initial configuration. • There is no mechanism to include new members in the group or to change the key. • Sub-groups may be formed and it is also an a priori decision with no flexibility during the operation. Advantages: • This method involves much less communication and computation ration.
  • 66. Key Transport • The communicating entity generates keys and transports them to the other members. • The key is shared among the participating members. • This prior shared key is used to encrypt a new key and is transmitted to all corresponding nodes. • Only those nodes which have the prior shared key can decrypt it. • This is called the key encrypting key (KEK) method.
  • 67. Key Transport In public key infrastructure (PKI), the key can be encrypted with each recipient’s(alice) public key and transported to it. While decrypting ,recipient should use their private key to get the message This assumes the existence of a TTP, which may not be available for ad hoc wireless networks
  • 69. Key Transport • Key transport without prior shared keys is the Shamir's three-pass protocol . • The scheme is based on a special type of encryption called commutative encryption schemes which are reversible and composable • Consider two nodes Alice and Bob wish to communicate.
  • 70. Key Transport • Node Alice selects a Key m which it wants to use in its communication with node Bob. • It then generates another random key EA, using which it encrypts m to get EA(m) , and sends to node Bob. • Node Bob encrypts this with a random key EB, and sends it back to node Alice EB(EA(m)). • Now, node Alice decrypts this message with its key and get EB(m) • Finally, node BOB decrypts to get Key m.
  • 72. Key Arbitration • Key arbitration schemes use a central arbitrator to create and distribute keys among all participants. • Hence, they are a class of key transport schemes. • Networks which have a fixed infrastructure use the AP as an arbitrator, since it does not have stringent power or computation constraints. • In ad hoc wireless networks, the problem is that the arbitrator has to be powered on at all times to be accessible to all nodes. • This leads to a power drain on that particular node.
  • 73. Key Arbitration An alternate method: • To make the keying service distributed • The simple replication of the arbitration at different nodes would be expensive for resource-constrained devices • This would offer many attacks. • If any one of the replicated arbitrators is attacked, the security of the whole system breaks down.
  • 74. Key Agreement • Most key agreement schemes are based on asymmetric key algorithms. • They are used when two or more people want to agree upon a secret key, which will then be used for further communication. • Key agreement protocols are used to establish a secure context with many parties who wish to communicate and an insecure channel. • In group key agreement schemes, each participant contributes a part to the secret key. • These need the least amount of preconfiguration and high computational complexity
  • 75. Key Agreement • Diffie-Hellman exchange- An asymmetric key algorithm based on discrete logarithms for Two party Key agreement
  • 76. Key Management in Ad Hoc Wireless Networks Ad hoc wireless networks pose certain specific challenges in key management due to the lack of infrastructure. Three types of infrastructure are missing in ad hoc wireless networks. They are 1.Network infrastructure such as dedicated routers and stable links 2.Services such as name resolution, directory, and TTPs. 3.Administrative support of certifying authorities.
  • 77. Key Management in Ad Hoc Wireless Networks Password-Based Group Systems • The example scenario for implementation is a meeting room, where different mobile devices want to start a secure session. • Here, the devices involved in the session are to be identified based on their location • Hence, relative location is used as the criterion for access control. • If a TTP which knows the location of the participants exists, then it can implement location-based access control.
  • 78. Key Management in Ad Hoc Wireless Networks Password-Based Group Systems • A prior shared secret can be obtained by a physically more secure medium such as a wired network. • This secret can be obtained by plugging onto a wired network first, before switching to the wireless mode. • A long string or natural language phrases are given as the password for users for one session. • Such passwords are very weak and open to attack due to (i) High redundancy (ii)Reuse of passwords over different sessions.
  • 79. Password-based system • Hence, protocols have been proposed to derive a strong key from the weak passwords given by the participants. • This password-based system could be ✓ Two-party, with a separate exchange between any two participants ✓ Whole group, with a leader being elected to preside over the session. • Leader election is a special case of establishing an order among all participants.
  • 80. Password-based system The protocol used is as follows. • Each participant generates a random number, and sends it to all others. • When every node has received the random number of every other node, a common predecided function is applied on all the numbers to calculate a reference value. • The nodes are ordered based on the difference between their random number and the reference value.
  • 81. Threshold Cryptography • Public key infrastructure (PKI) enables the easy distribution of keys and is a scalable method. • Each node has a public/private key pair, and a certifying authority (CA) can bind the keys to the particular node. • But the CA has to be present at all times, which may not be feasible in ad hoc wireless networks. • It is also not advisable to simply replicate the CA at different nodes.
  • 82. Threshold Cryptography Threshold Cryptography Scheme: • There are n servers exist in the ad hoc wireless network • Out of which any (t+1) servers can jointly perform any arbitration or authorization successfully, • But t servers cannot perform the same. • Hence, up to t compromised servers can be tolerated. • This is called an (n, t + 1) configuration, where n ≥ 3t + 1.
  • 83. Threshold Cryptography • To sign a certificate, each server generates a partial signature using its private key and submits it to a combiner. • The combiner can be any one of the servers. . • Using t + 1 partial signatures (obtained from itself and t other servers), the combiner computes a signature and verifies its validity using a public key.
  • 84. Threshold Cryptography • If the verification fails, it means that at least one of the t + 1 keys is not valid, so another subset of t + 1 partial signatures is tried. • If the combiner itself is malicious, it cannot get a valid key,because the partial signature of itself is always invalid.
  • 85. Threshold Cryptography • If the verification fails, it means that at least one of the t + 1 keys is not valid, so another subset of t + 1 partial signatures is tried. • If the combiner itself is malicious, it cannot get a valid key,because the partial signature of itself is always invalid.
  • 86. Threshold Cryptography Advantages: • The scheme can be applied to asynchronous networks • No bound on message delivery or processing times. Drawbacks: • Vulnerable to DoS attacks. • Adversary can delay a node long enough to violate the synchrony assumption, thereby disrupting the system. • Mobile adversaries can move from one server to another, attack them, and get hold of their private keys.
  • 87. Threshold Cryptography • Over a period of time, an adversary can have more than t private keys. Solution: • Share refreshing has been proposed, by which servers create a new independent set of shares periodically. • Hence, to break the system, an adversary has to attack and capture more than t servers within the period between two successive refreshes • This improves protection against mobile adversaries.
  • 88. Self-Organized Public Key Management for Mobile Ad Hoc Networks • The self-organized public key system for ad hoc wireless networks makes use of absolutely no infrastructure – TTP, CA, or server – even during initial configuration. • The users in the ad hoc wireless network issue certificates to each other based on personal acquaintance. • A certificate is a binding between a node and its public key. • These certificates are also stored and distributed by the users themselves.
  • 89. Self-Organized Public Key Management for Mobile Ad Hoc Networks • Certificates are issued only for a specified period of time and contain their time of expiry along with them. • Before it expires, the certificate is updated by the user who had issued the certificate. • Initially, each user has a local repository consisting of the certificates issued by him and the certificates issued by other users to him. • Hence, each certificate is initially stored twice, by the issuer and by the person for whom it is issued.
  • 90. Self-Organized Public Key Management for Mobile Ad Hoc Networks • Periodically, certificates from neighbors are requested and the repository is updated by adding any new certificates. • If any of the certificates are conflicting (e.g., the same public key to different users, or the same user having different • public keys), it is possible that a malicious node has issued a false certificate. • A node then labels such certificates as conflicting and tries to resolve the conflict.
  • 91. Self-Organized Public Key Management for Mobile Ad Hoc Networks • Various methods exist to compare the confidence in one certificate over another. • For instance, another set of certificates obtained from another neighbor can be used to take a majority decision. • This can be used to evaluate the trust in other users and detect malicious nodes. • If the certificates issued by some node are found to be wrong, then that node may be assumed to be malicious. • A certificate graph as a graph whose vertices are public keys of some nodes and whose edges are public-key certificates issued by users.
  • 92. Self-Organized Public Key Management for Mobile Ad Hoc Networks • When a user X wants to obtain the public key of another user Y, he/she finds a chain of valid public key certificates leading to Y. • The chain is such that the first hop uses an edge from X, that is, a certificate issued by X, the last hop leads into Y(this is a certificate issued to Y) • All intermediate nodes are trusted through the previous certificate in the path. • The protocol assumes that trust is transitive, which may not always be valid.
  • 93. Secure Routing In Ad Hoc Wireless Networks • Wired Internet- Dedicated routers controlled by the Internet service providers (ISPs) • Ad hoc wireless networks-No dedicated routers and nodes act both as regular terminals (source or destination) and also as routers for other nodes.
  • 94. Secure Routing In Ad Hoc Wireless Networks The security becomes a challenging task in ad –hoc networks due to • (i)No Dedicated routers • (ii)Mobility of nodes • (iii)Multiple mode of operation • (iv)Limited processing power, • (v)Limited availability of resources such as battery power, bandwidth, and memory
  • 95. Requirements of a Secure Routing Protocol for Ad Hoc Wireless Networks The fundamental requisites of a secure routing protocol for ad hoc wireless networks are listed as follows: • Detection of malicious nodes • Guarantee of correct route discovery • Confidentiality of network topology • Stability against attacks
  • 96. Requirements of a Secure Routing Protocol for Ad Hoc Wireless Networks Detection of malicious nodes: A secure routing protocol should be able to (i)Detect the presence of malicious nodes in the network (ii)Avoid the participation of such nodes in the routing process. But if participated ,the routing protocol should choose paths that do not include malicious nodes. Guarantee of correct route discovery: • The routing protocol should be able to find the existing routes • It should also ensure the correctness of the selected route
  • 97. Requirements of a Secure Routing Protocol for Ad Hoc Wireless Networks Confidentiality of network topology • The malicious nodes able to know the network topology by an information disclosure attack • Then the attacker find the traffic pattern in the network. • If some of the nodes are found to be more active compared to others, the attacker may try to mount (e.g., DoS) attacks on such bottleneck nodes. • This may ultimately affect the on-going routing process. • Hence, the confidentiality of the network topology is an important requirement to be met by the secure routing protocols.
  • 98. Requirements of a Secure Routing Protocol for Ad Hoc Wireless Networks Stability against attacks • The routing protocol should be able to revert to its normal operating state within a finite amount of time after attack. • Th attacks should not permanently disrupt the routing process. • The protocol must also ensure Byzantine robustness, that is, the protocol should be able to find the nodes becoming malicious after some time
  • 99. Security Protocols for Sensor Networks (SPINS) • SPINS consists of a suite of security protocols that are optimized for highly resource-constrained sensor networks. • SPINS consists of two main modules: (i)Sensor network encryption protocol (SNEP) (ii)A micro-version of timed, efficient, streaming, loss- tolerant authentication protocol (μTESLA). • SNEP provides ▫ Data authentication ▫ Protection from replay attacks ▫ Semantic security, all with low communication overhead of eight bytes per message.
  • 100. Security Protocols in Sensor Networks (SPINS) Semantic security : An adversary cannot get any idea about the plaintext even by seeing multiple encrypted versions of the same plaintext. • Encryption of the plaintext uses a shared counter (shared between sender and receiver). • Hence, the same message is encrypted differently at different instances in time. • Message integrity and confidentiality are maintained using a message authentication code (MAC). • This is similar to a checksum derived by applying an authentication scheme with a secret shared key to the message.
  • 101. Security Protocols in Sensor Networks (SPINS) • The message can be decrypted only if the same shared key is present. • The message also carries the counter value at the instance of transmission (like a time-stamp), to protect against replay attacks.
  • 102. Security Protocols in Sensor Networks (SPINS) μTESLA : • It ensures an authenticated broadcast, that is, nodes which receive a packet can be assured of its sender's identity. • It requires a loose time synchronization between BS and nodes • The MAC keys are derived from a chain of keys, obtained by applying a one-way function F • A one-way function is one whose inverse is not easily computable.
  • 103. Security Protocols in Sensor Networks (SPINS) • All nodes have an initial key K0 , which is some key in the key-chain. • The relationship between keys proceeds as K0 = F(K1 ), K1 = F(K2 ), and, in general, Ki = F(Ki+ 1 ). • Given K0 , K1 , ..., Ki , it is not possible to compute Ki+ 1 . • The key to be used changes periodically, and since nodes are synchronized to a common time within a bounded error • They can detect which key is to be used to encrypt/decrypt a packet at any time instant. • The BS periodically discloses the next verification key to all the nodes and this period is known to all nodes.
  • 104. Security Protocols for Sensor Networks (SPINS) • There is also a specified lag of certain intervals between the usage of a key for encryption and its disclosure to all the receivers. • When the BS transmits a packet, it uses a MAC key which is still secret (not yet disclosed). • The nodes which receive this packet buffer it until the appropriate verification key is disclosed. • As soon as a packet is received, the MAC is checked to ensure that the key used in the MAC has not yet been disclosed
  • 105. Security Protocols for Sensor Networks (SPINS) • The packets are decrypted once the key-disclosure packet is received from the BS. • If one of the key-disclosure packets is missed,the data packets are buffered till the next time interval, and then authenticated. • For instance, suppose the disclosure packet of Kj does not reach a node; it waits till it receives Kj+ 1 , then computes Kj = F(Kj+ 1 ) and decrypts the packets received in the previous time interval.