Attacksonmobileadhocnetworks 120420092725-phpapp01

287 views

Published on

  • Be the first to comment

  • Be the first to like this

Attacksonmobileadhocnetworks 120420092725-phpapp01

  1. 1. RUHR-UNIVERSITÄT BOCHUM ARBEITSGRUPPE INTEGRIERTE INFORMATIONSSYSTEME SEMINARARBEIT Attacks on Mobile Ad hoc Netwoks Zdravko Danailov
  2. 2. i Abstract Because of the designation of the mobile ad hoc networks (MANet), namely to build up a dynamic wireless network, which has no antecedent and strictly defined infrastructure, within areas with limited or no available organized infrastructure, is possible for two types of parties to participate in MANet - authentic network users as well as malicious attackers. This fact certainly arises the question about the security. In this paperwork we pay attention to the common attacks within MANet, which differ in their essence such as Blackhole attack, Flooding attack, jamming, Worm- hole attack, traffic monitoring and analysis, DoS etc. and what can be done as countermeasures against them.
  3. 3. Contents ii Contents 1 Introduction 1 2 Preliminaries 2 2.1 MANet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.2 Security layers in MANet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3 Attacks on MANet 7 3.1 Attacks on MANet physical layer . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.2 Attacks on MANet data link layer . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.3 Attacks on MANet network layer . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.3.1 Flooding attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.3.2 Blackhole attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.3.3 Link Spoofing Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.3.4 Wormhole attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.4 Attacks on MANet transport layer . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.5 Multi-layer attacks on MANet . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4 Conclusion 15
  4. 4. List of Figures iii List of Figures 2.1 Structure of MANet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.2 Single-Hop Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.3 Multi-Hop Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.4 Common Infrastructure of MANet . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.5 Hybrid Infrastructure within MANet . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1 Jamming/Interception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.2 Processing of Data Signal by DSSS . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.3 Blackhole Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.4 Link Spoofing Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.5 Wormhole Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.6 TCP Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
  5. 5. List of Figures iv List of Abbreviations AODV Ad hoc On-demand Distance Vector CTS Clear To Send DoS Denial of Service DSSS Direct Sequence Spread Spectrum e.g. for example FHSS Frequency Hopping Spread Spectrum GSM Global System for Mobile Communications i.e. id est LAN Local Area Network MANet Mobile Ad hoc Network MIMA Man-in-the-middle Attack MPR Multipoint Relay OLSR Optimized Link State Routing OSI Open System Interconnection PDA Personal Digital Assistant RREP Route Reply RREQ Route Request RTS Request To Send SSL Secure Socket Layer TCB Transmission Control Block TCP Transmission Control Protocol TLS Transport Layer Security
  6. 6. 1 Introduction 1 1 Introduction In a world of fast developing technologies and internet network, accessible for everyone, where there are no clear boundaries between the functionality of the "gadgets" and the possibility to com- municate is not an option but necessity, the mobile ad hoc networks (MANet) play significant role. As a dynamic network, which has no antecedent and strictly defined infrastructure (e.g. Wireless Access Points), MANet makes possible the connection between different types of mediums with- out any additional infrastructure e.g. mobile phones, laptops, personal digital assistants (PDAs), tablets, iPads etc.. Its assembly and configuration costs nothing because every single participant can play the role of a router, so no preparation or build-up of an infrastructure is needed. In other words MANet is a self-configuring and self-organizing network. For these reasons a certain level of security cannot be established within the network. In this paperwork we will pay attention to the structure of MANet and the specific security levels within the network. For the better under- standing of the infrastructure of MANet we will make also a comparison to the standard wireless networks. As we present the assembly and the configuration, we will show the vulnerabilities of the network and the different types of attacks, which are common for MANet and what can be done as countermeasures against them. In order to examine the structure and security within MANet, presenting some of the attacks, which are typical for the network, the structure of this paperwork is build-up as it follows. Chapter 2 fo- cuses on the theoretical fundamentals of the MANet infrastructure and presents some differences in comparison to the standard WLANs. It also pays attention to the specific security network lay- ers, which can be applied to this network. Prior to introducing the common attacks within MANet, the different types of attacks will be classified in order to make clear, which attack against which level of MANet security can be used. An analysis of the well-known attacks against MANet will be performed in chapter 3, as well as countermeasures, which can strengthen up the security level of the network. Chapter 4 will conclude with a summary on the MANet infrastructure and a crit- ical view on the security level of the network, which have already been examined in detail in this paperwork. Before we start with the examination of the existing attacks against MANet, we will make clear some of the basic terms which are used in this paper.
  7. 7. 2 Preliminaries 2 2 Preliminaries 2.1 MANet What is MANet? A mobile ad hoc network (Figure 2.1) is a dynamic self-configuring wireless network of mobile devices (nodes), in which every single node can act as router. This router can possess multiple hosts and wireless devices. The nodes are free to move about arbitrarily [7], but they can interact with each other though there is no strictly defined structure or centralized administration, using wireless connections [5]. Moreover they can connect via different types of wireless connections (e.g. standard Wi-Fi connection, cellular or satellite transmissions) to various networks [1]. This collection of mobile nodes "may operate in isolation, or may have gateways to and interface with a fixed network."[7] Because of its properties, MANet finds very good application within areas, where it is not possible or expensive and completely unprofitable to build up a predefined, fixed infrastructure. Figure 2.1: Structure of MANet Regarding the way of communication between two nodes within wireless networks, there are two types applicable to MANet - single-hop and multiple-hop network. By single-hop network (Figure 2.2), two nodes are in direct transmission range or more exactly they can interact with one another directly, without a forwarding of the communication transfer over a third node [4].
  8. 8. 2.1 MANet 3 Figure 2.2: Single-Hop Networks In this specific structure, base station plays a significant role. It is involved in the communication with every mobile node, by taking care of the channel assignment for RTS (Request To Send) and CTS (Clear To Send) packets. Within the single-hop networks usually are reused 7 frequencies, as the neighboring cells are using different frequencies. Figure 2.3: Multi-Hop Networks By multi-hop network (Figure 2.3), the communication transfer between two nodes is forwarded over a third node [4]. As in the both figures ( 2.3, 2.2) is shown, there can exist base stations within the network, but as already mentioned above they are not typical for MANet infrastructure (e.g. standard wireless networks possess base stations or access points and the participants communicate with one another, using this predefined infrastructure). In order to show what is the most common structure of the network (MANet) we will examine Figure 2.4. In comparison to the typical wireless network, by MANet there is no need of predefined infras- tructure such as access points or base stations. As mentioned, within MANet every participant (node) can play the role of a router and can establish multiple connections to other participating
  9. 9. 2.1 MANet 4 Figure 2.4: Common Infrastructure of MANet nodes by partitioning the available bandwidth to multiple channels, if they are in the range of coverage. Therefore MANet infrastructure can changes dynamically as e.g.: • one or more nodes quit the network, because they are not within the range of transmission coverage • one or more nodes quit the network, because they are not within the range of transmission coverage and they join another MANet infrastructure • one or more nodes quit the network, because they just terminate their connection to the network • one or more nodes join the network, because they are within the range of transmission cov- erage As there is no strictly defined infrastructure in MANet, it is also possible to exist a hybrid network (please see Figure 2.5), where: 1. mobile nodes can establish connection with one another within the network(MANet) 2. mobile nodes(nodes 1 and 2) can establish connection with one another over the base sta- tion(e.g. access point) 3. mobile nodes (node 2) can establish connection to other nodes, which are not participants within this particular MANet, but part of other network (node 3), e.g. Wi-Fi, other MANet or cable connection The application range of MANet spread over areas in which there is no strictly defined infras- tructure and networks with different size has to be configured fast and dynamic. The mobile ad hoc networks find application in battlefield communications, law enforcement, mobile conferences,
  10. 10. 2.2 Security layers in MANet 5 Figure 2.5: Hybrid Infrastructure within MANet home networks, virtual class rooms etc. [5]. Though the variety of application all security solu- tions for MANet have to provide security services such as authenticity, confidentiality, integrity, anonymity and availability to the mobile users. • Availability - Normal services required by authorized entities has to granted even if con- nection ports are inaccessible or data routing or/and forwarding algorithms are not working because of various attacks. • Confidentiality - The actual data has to be protected against identifying from unauthorized entities, so the information exchanged can be analyzed and comprehended only by the com- municating nodes • Integrity - The data exchanged between two nodes is not falsified (modified) in any way during the process of transmission within the network. • Non-repudiation - A non-repudiation service grants that a receiver cannot deny that a mes- sage had been received, and a sender cannot deny that a message had been sent. • Authenticity - Grants a confidence that a single node or entity is authentic - confirmation that a node is the same as it claims to be.[10] 2.2 Security layers in MANet In order to present some of the existing attacks in MANet in chapter 3 we will make clear what are the different levels of security within the network and then classify them. In a standard network (Local Area Network or LAN) there are 7 OSI layers (Physical, Data link, Network, Transport, Session, Presentation, Application layer). In comparison to LAN or WLAN, the security of MANet can be divided into 5 OSI layers: Application layer, Transport layer, Network layer, Data link layer
  11. 11. 2.2 Security layers in MANet 6 and Physical layer [5]. If we consider the security of MANet compared to e.g. WLAN, the attacks on application layer of MANet cannot be determined as typical ones, because it depends on what type of wireless medium the authentic user uses (e.g. laptop, desktop computer with wireless, PDA, GSM etc.). Therefore the type of the applications running on one medium differs from this running on another. So such type of attacks is not common within MANet. According to the specific layer there are various types of attacks which differ in their essence. For example typical attacks against the Physical layer are Jamming and Eavesdropping; against the Data link layer - traffic monitoring and analysis; against the Network layer - Blackhole attack, Wormhole attack, Flooding attack, Colluding misrelay attack; against the Transport layer - Session hijacking and SYN flooding. Against the Application layer can be executed the following attacks - repudiation and data corruption, but as we have already mentioned the attacks against the application layer are not typical for MANet, because of the big variety of involved wireless mediums. Along with the one-level-attacks, which focus on only one security layer, there are attacks which affect more than one / multiple layers within MANet such as Denial of Service attack or Man-in-the-Middle attack. A classification list of these attacks can be seen in Table 2.1. MANet security layer Attacks Multi-layer attacks DoS, impersonation, replay, MIMA Application layer Repudiation, data corruption Transport layer Session hijacking, SYN flooding Network layer Blackhole attack, Wormhole attack, Flooding attack, Colluding misrelay attack, Byzantine attack, Link Spoofing attack Data link layer Traffic monitoring and analysis, disruption MAC(802.11), WEP weakness Physical layer Jamming, interception, eavesdropping Table 2.1: Classification of Attacks Because of the wide range of the attacks, which can be applied against MANet, we will stick up to the most common attacks, which can be executed within the network, mentioned in Table 2.2. MANet security level Attacks Section 3.1: Physical layer Eavesdropping, Jamming/Interception Section 3.2: Data link layer Traffic monitoring and analysis Section 3.3: Network layer Flooding attack, Blackhole attack, Link Spoofing attack, Wormhole attack Section 3.4: Transport layer SYN flooding, Session hijacking Section 3.5: Multiple-layers Denial of Service (DoS) attack Table 2.2: Common Attacks within MANet
  12. 12. 3 Attacks on MANet 7 3 Attacks on MANet 3.1 Attacks on MANet physical layer In this section we will pay attention to the Jamming/Interception attack and the Eavesdropping, attacks which are specifically applied and work against MANet physical layer. 1. Eavesdropping 2. Jamming/Interception The attacks against the physical layer of MANet such as Jamming, Interception or Eavesdrop- ping are very generic in their essence. Using them an attacker exploits the property that more than one host within MANet share a single wireless medium, which naturally is dispersing airwave signals so other participants (or participating nodes) in its range can receive this signals. The at- tackers can easily intercept the transmission, managing to tune up a receiver on the same frequency used for exchanging of data. The Eavesdropping is a passive attack. The idea is to inject falsified messages into the network as an intruder intercepts and obtains the exchanged data between two authorized users. On other hand Jamming and Interception attacks (Figure 3.1) are active attacks. As the Eavesdropping, they are also used to disrupt the communication between two interacting nodes, by decreasing the radio signals to noise ratio. An attacker can achieve an obstruction of concrete radio signal, generating another stronger one (using transmitter of his own), so the mes- sages between the interacting nodes to be corrupted or lost [6, 2]. So, by using e.g. Jamming, an attacker can execute a DoS attack, disrupting the communication between two nodes and causing severe damages. Figure 3.1: Jamming/Interception
  13. 13. 3.2 Attacks on MANet data link layer 8 As the approach by Eavesdropping, Jamming/Interception is to interfere the signal between two communicating authentic nodes, so the countermeasures against these attacks are oriented at the changing or "masking" the signal in some way. The first countermeasure, which can deal firmly with the eavesdropping attack and minimize the risk of interception, is the implementation of the so called Frequency Hopping Spread Spectrum (FHSS) technology. FHSS is a method for sending/receiving a signal, using different frequencies, which are changed at fix time intervals. In other words it is a way to encode the signal, and both the receiver and transmitter have to be synchronized, using the same "random" frequency pattern. Though the signal is transmitted over a single channel, it appears to be an obscure duration impulse noise for eavesdroppers, and the risk of interference is minimized because of the multi-frequency pattern [2]. The second countermeasure is the implementation of Direct Sequence Spread Spectrum (DSSS) technology. The idea weaved into this method is to spread an output signal via a predefined Bit- sequence(please see Figure 3.2). The original Bit-sequence or the data input is concealed using spreading code in such way, that one original data bit equals to multiple bits in the transmitted signal [2]. (Spreading code bits XOR Data input bits = Transmitted Signal) Figure 3.2: Processing of Data Signal by DSSS 3.2 Attacks on MANet data link layer In this section we will pay attention to the traffic monitoring and analysis, which is applicable on the MANet data link layer. 1. traffic monitoring and analysis Traffic monitoring and analysis is not an actual attack, but an instrument to prepare such one. Via traffic monitoring and analysis an attacker can receive information about the participating users within the network e.g. who is communicating with whom, how often, for how long, as well as find out what are their communication functionalities e.g. which applications by particular node are using bandwidth, for how long etc.. Having such specific information (if an attacker has already identified a target for his attack or has revealed the relationships of communication), for a malicious node is easier to choose how to attack a victim node, aiming efficiency. For all these reasons the traffic monitoring and analysis has to be considered as a massive threat to the
  14. 14. 3.3 Attacks on MANet network layer 9 communication security within MANet [2, 3]. As the traffic monitoring is no actual attack, but a good preparation tool for an attack we won’t present any countermeasures in this section. 3.3 Attacks on MANet network layer In this section we will pay attention to the attacks, which are specifically applied and work against MANet network layer: flooding attack, Blackhole attack, link spoofing attack and Wormhole at- tack. They will be presented as it follows: 1. Flooding attack 2. Blackhole attack 3. Link spoofing attack 4. Wormhole attack 3.3.1 Flooding attack There are different types of flooding attacks, which have the goal to disrupt the routing discovery or the maintenance phase within MANet. Basically, via flooding attack a malicious node/an attacker aims the exhaustion of the network resources (e.g. network bandwidth) as well as consuming the resources of an authentic network user (e.g. computational and battery power). Furthermore an attacker can influence the network performance, by hindering the proper execution of routing algorithm (in routing discovery phase) [5, 2]. By RREQ flooding (or routing table overflow) is possible for an attacker to send multiple RREQs to non-existing recipient in a very short period of time, using the AODV protocol of MANet. In other words the malicious node represents false (non-existing) routes to all authentic nodes within the network, preventing the creation of new actual ones and causing routing table overflow by the authentic users. The avalanche of RREQs all over the network leads to consummation of the battery power and the network bandwidth, causing DoS [5, 2]. As a countermeasure against the flooding attack every network participant (actual authentic user or simply node) can compute and monitor the evaluation of all neighbors’ RREQ, and in case of outmatching of the RREQs’ limit, which is preliminarily defined, the specific neighbor node comes with its ID in a blacklist. By this way the authentic/actual node "knows", that it should not receive any RREQs from its neighbors, recorded in its blacklist. Furthermore the efficiency of this countermeasure can be enhanced if the RREQ limit is not preliminarily defined (fixed), but is computed on hand of statistical analysis over RREQ, so the risk of attack with varying flooding rates to be minimized [5]. 3.3.2 Blackhole attack As the flooding attack, the Blackhole attack also concerns the AODV routing protocol in the net- work layer of MANet. The completion of the attack proceeds in two steps: 1. an attacker or
  15. 15. 3.3 Attacks on MANet network layer 10 malicious node has to modify the network topology in order to create auspicious "environment" for the attack. It presents itself as a legitimate route within the network, aiming to intercept the data exchange between two authentic nodes. 2. Analog to interception attack in the MANet phys- ical layer, where the attacker obstructs concrete radio signal, generating another stronger one, in the second step of Blackhole attack the malicious node consumes the intercepted data packages; it simply receives the information and does not forward it to the end user (destination node) [2]. Figure 3.3: Blackhole Attack In the following paragraph, we will take a closer look at the Blackhole attack showed in Fig- ure 3.3. The source node sends RREQs all over the network to find out the possible legitimate routes. As the attacker receives the RREQ sent by the source node he forwards it to the destination node and send a RREP back to the source node in order to present him as a legitimate route. After he is picked up by the source node for the transfer of the data as an authentic user within MANet, the attacker only intercepts the data flow, i.e. receives the information and does not forward it to the end user (destination node). Of course, there is always a chance that the neighbors’ nodes could detect the sequence of the falsified RREQ or RREP messages and put the malicious node in their blacklists, terminating the data flow over it [5, 2]. Aiming more efficiency by the attack, as well as minimization of the risk of being exposed, the malicious node can intercept not entirely the data transfer between two interacting nodes, but can selectively forward packets. In addition, the attacker can sufficiently modify some messages sent from particular nodes not from all. 3.3.3 Link Spoofing Attack Just in the opposite of the Blackhole attack, where the attacker try to intercept the data flow between two of its neighbors, by the link spoofing attack the attacker aims to intercept or terminate the routing operations between two non-neighbor nodes. Using the OLSR protocol the malicious node sends a fake links to the two-hop neighbors of the target, and as a result the "victim" node selects it
  16. 16. 3.3 Attacks on MANet network layer 11 as a MPR. After being an approved MPR, the attacker can perform falsifying of data, modification or dropping of the routing traffic [5]. Figure 3.4: Link Spoofing Attack In the following paragraph, we will take a closer look at the link spoofing attack showed in Figure 3.4. Before the actual attack the target node has selected both nodes (one-hop neighbors) and the attacker as MPRs. So the attacker has to advertise a fake link with the two-hop neighbor of the target node. Because of this the attacker sends a "HALLO"- message to the neighbor (presented by red line in Figure 3.4) and then sends a message with the fake link to the target (presented by blue arrow in Figure 3.4). As performing the last step, the attacker forces the target node to choose him as an only MPR, because according to the OLSR protocol specification a node has to select its neighbor as MPR if it "is the minimum set that reaches node’s two-hop neighbors."[5] As a countermeasure against the link spoofing attack there is a solution by which every single node within the network is driven to notify its two-hop neighbors and doing so all participants can acquire a view of the complete topology in "three-hop radius". So if a link spoofing attack is executed it will be simultaneously detected [5]. 3.3.4 Wormhole attack The wormhole attack is one of the most efficient and merciless attacks, which can be executed within MANet. Therefore two collaborating attackers should establish the so called wormhole link (using private high speed network e.g. over Ethernet cable or optical link): connection via a direct low-latency communication link between two separated distant points within MANet. As soon as this direct bridge (wormhole link) is built up one of the attackers captures data exchange packets, sends them via the wormhole link to the second one and he replays them [5].
  17. 17. 3.4 Attacks on MANet transport layer 12 Figure 3.5: Wormhole Attack In the following paragraph, we will take a closer look at the Wormhole attack showed in Fig- ure 3.5. The target node sends RREQs all over the network to find out the possible legitimate routes. As the attacker 1 receives the RREQ sent by the target node he forwards it to the attacker 2 over the wormhole link between them (presented by red line in Figure 3.5). As the colluding attacker 2 receives the RREQ, transmit it to the destination node. The destination node on its part sends a RREP back to the target node over the wormhole link between the colluding attackers. In order to present them as a legitimate route, the colluding attackers forward the RREP to the target node. After they are picked up by the target node for the transfer of the data as authentic users within MANet, the attackers can intercept the data flow, i.e. receive the information and does not forward it to the end user (destination node), or selectively forward data packages in order to not being caught. As a countermeasure against the Wormhole attack, there is a cryptography-based solution proposed in "Preventing Wormhole Attacks on Wireless Ad Hoc Networks: A Graph Theoretic Approach"[8], for the application of Local Broadcast Keys as well as "a distributed mechanism for establishing them in randomly deployed networks."[8] 3.4 Attacks on MANet transport layer In this section we will pay attention to the specific attacks, which are applicable on the MANet transport layer: Session hijacking and SYN flooding attacks. 1. SYN flooding 2. Session hijacking By SYN flooding attack the goal of the attacker (malicious node) is to achieve multiple half opened TCP connections with an authentic user, and to keep them so without completing the
  18. 18. 3.4 Attacks on MANet transport layer 13 whole phase of synchronization [2]. During a normal phase of synchronization ( Figure 3.6: TCP Handshake) between two authentic users: 1. "A" sends a packet with flag SYN to "B" (synchronize, sequence number = X). On the side of "B" the Transmission Control Block (TCB) is initialized to "SYN-RECEIVED" state [9]. 2. "B" sends a packet with flags SYN, ACK to "A" (synchronize acknowledge, sequence num- ber = Y, acknowledge number = X+1). 3. "A" sends a packet with flag ACK to "B" (acknowledge, sequence number = X+1, acknowl- edge number = Y+1). As on the side of "B" the TCB transitions to "ESTABLISHED" state [9]. So the phase of TCP Handshake is completed and the connection between "A" and "B" is built up. Figure 3.6: TCP Handshake During the attack, both the address of the malicious node and the status of the half opened connection are in the memory of the network stack, in order to finish the SYN-phase later and to establish the connection. Because the resources of the authentic user are limited, it is possible to achieve flooding via SYN-messages and exhaust all resources of it. If this is achieved the authentic node (victim-user) cannot initialize any other connection, and leads to DoS. This type of attack is very powerful and efficient, because the SYN-messages are very small in size and their generation does not demand a long computing time. By this reason the defender needs more resources (e.g. computing and battery power) compared to the resources that the attacker needs for the execution of this attack. By session hijacking attack the goal of the attacker (malicious node) is to steal the identity of a victim node and to achieve session with a target node. This type of attack is executed in two steps. First, the malicious node takes over the identity of the victim node as it spoofs the IP address of the victim and computes the particular sequence number, expected by the target node. Second, the attacker executes a DoS attack on the victim, aiming to continue the session with the target. Considering the weak security level of the transport layer in MANet the participants within the network are not protected against both SYN flooding and session hijacking attacks. As a counter- measure against these attacks can be used the implementation of the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols, which are based on asymmetric crypto algorithms.
  19. 19. 3.5 Multi-layer attacks on MANet 14 Their property - to secure the connections within networks, can be used to grant security by data exchange between nodes [2]. As another very efficient countermeasure against the SYN flooding attack can be implemented SYN Cookies. The connection establishment between two authentic nodes within the network will proceed as it follows: 1. "A" sends a packet with flag SYN to "B" (synchronize, sequence number = X). On the side of "B" the TCB is encoded into Sequence Number and destroyed [9]. 2. "B" sends a packet with flags SYN, ACK to "A" (synchronize acknowledge, sequence num- ber = Y, acknowledge number = X+1) as well as cookie [9]. 3. "A" sends a packet with flag ACK to "B" (acknowledge, sequence number = X+1, acknowl- edge number = Y+1) and in addition to ACK, "A" has to return the cookie. As on the side of "B" the TCB is recovered from the acknowledged Sequence Number in ACK segment [9]. So the connection establishment with SYN cookies between "A" and "B" is completed and the normal data exchange can proceed [9]. 3.5 Multi-layer attacks on MANet In this section we will pay attention to the multi-layer attacks within MANet (e.g. DoS, imperson- ation, replay, man-in-the-middle attacks), and mainly Denial of Service. A multi-layer attack is an attack which can be executed from more than one layer within a network. As we already mentioned in section 3.1, Denial of Service can be launched, using Jamming attack on the MANet physical layer. Moreover, it is possible to execute DoS via flooding attack (please, see section 3.3.1) on MANet network layer, via SYN flooding and session hijacking (please, see section 3.4) on MANet transport layer, as well as via malicious applications on the MANet application layer. Considering the wide spectrum of possibilities to execute DoS makes this attack very unpredictable, effective and powerful one. Furthermore, assuming that one attack can consist of other different attacks, there are many possibilities to execute such combined-attack. For example an attacker can start with an eavesdropping attack on the Physical layer, afterwards making traffic monitoring and anal- ysis (on MANet Data link layer) he can proceed with SYN flooding attack or Session hijacking attack on the Transport layer as well as with flooding attack on the Network layer causing DoS attack or he can launch link spoofing attack, aiming to intercept or terminate the routing operations between authentic users within the network.
  20. 20. 4 Conclusion 15 4 Conclusion This paper pays attention to the complex and fast changing infrastructure of the mobile ad hoc network as well as the common attacks, which occur within MANet. The theoretical fundamentals of its dynamic infrastructure and the different types of security layers are represented to give an overview on the system. Afterwards it offers an explanation on which specific layer what type of attack can be executed and also what countermeasures can be taken in order to prevent this specific attack. Because MANet is a dynamic network, which has no antecedent and strictly de- fined infrastructure, there is also no clear line of defence. The very big variety of devices (e.g. mobile phones, laptops, personal digital assistants (PDAs), tablets, iPads etc.), which can partic- ipate within the network and the different security level by every single user present obstacles to unify, standardize a security level for MANet. As we presented in chapter 3 of this paper there are many different types of attacks such as Jamming/Interception and eavesdropping in the Physical layer, traffic monitoring and analysis in the Data link layer, Blackhole attack, Wormhole attack, Flooding attack and Link spoofing attack in the Network layer, Session hijacking and SYN flood- ing in the Transport layer, which can be executed within MANet. Also there are multiple-layer attacks, which can be started from more than one layer within the network and combined-attacks, i.e. an attack consists of other different attacks. So in order to improve the level of security within MANet, the weaknesses of each layer should be handled. Therefore it should be implemented FHSS, DSSS technologies in the physical layer. Traffic analysis can be prevented by using traffic padding and traffic rerouting techniques. The introduction of black and notification lists as well as dynamic computation for the RREQ limit on the Network layer will minimize the risk of flooding attack and link spoofing attack. Besides, the application of Local Broadcast Keys can prevent the execution of the Wormhole attack. Implementation of modified, for the needs of MANet, SSL and TLS protocols, based on asymmetric crypto algorithms will secure the connections within the network. Furthermore, an introduction of SYN cookies will strengthen up the security level of the transport layer. Considering the application of all deployment scenarios on MANet, it is almost impossible to implement this big variety of countermeasures, because of the limited power within the network as well as the high complexity by the implementation process. Nevertheless, disregarding the weaknesses, the Mobile Ad hoc Networks have wide range of application, because of their basic properties - to establish connection between completely different types of mediums without any predefined infrastructure and to change dynamically their topology. So they will play an enormous role for the further development of various sectors e.g. health care, automotive, telecommunica- tions and education.
  21. 21. Bibliography v Bibliography [1] MANET (Mobile Ad Hoc Network), http://www.techterms.com/definition/manet. [2] Mihaela Cardei; Bing Wu; Jianmin Chen; Jie Wu. A Survey on Attacks and Countermeasures in Mobile Ad Hoc Networks. Wireless/Mobile Network Security, page 38, 2006. [3] Srihari Nelakuditi; Chase Gray; Jason Byrnes. Pair-wise resistance to traffic analysis in MANETs. Mobile Computing and Communications Review, 12:20–22, 2008. [4] Adrian Heißler. Schwarmintelligenzbasiertes Routing in mobilen Ad-hoc-netzen, volume 1. GRIN, 2008. [5] Rashid Hafeez Khokhar; Md Asri Ngadi; Satria Mandala. A Review of Current Routing Attacks in Mobile Ad Hoc Networks. International Journal of Computer Science and Security, 2:12, 2008. [6] Panos Lekkas; Randall Nichols. WIRELESS SECURITY: Models, Threats, and Solutions. McGraw-Hill, 2002. [7] J. Macker; S. Corson. Mobile Ad hoc Networking (MANET): Routing Protocol Performance Issues and Evaluation Considerations. page 12, January 1999. [8] L. Lazos; R. Poovendran; C. Meadows; L. W. Chang; P. Syverson. Preventing Wormhole At- tacks on Wireless Ad Hoc Networks: A Graph Theoretic Approach. Wireless Communications and Networking Conference, 2005 IEEE, 2:1193–1199, 2005. [9] Verizon Federal Network Systems; Wesley M. Eddy. Defenses Against TCP SYN Flooding Attacks. The Internet Protocol Journal, 9(4), December 2006. [10] Miao Ma; Yan Zhang; Jun Zheng. Handbook of research on wireless security. Number 978-1599048994. 2008.

×