This document provides an overview of mobile ad hoc networks (MANets) and security attacks against them. It discusses the following key points:
1. MANets are self-configuring, dynamic wireless networks without centralized administration or fixed infrastructure that allow nodes to connect to each other.
2. Security in MANets is challenging due to the lack of infrastructure and centralized monitoring. Common attacks target the physical, data link, network, transport, and multi-layers of the network.
3. Attacks discussed include flooding, blackhole, link spoofing, wormhole, denial of service, and traffic monitoring aimed at different layers of the network. Countermeasures are needed to strengthen MANet security.
NetSim Webinar on Network Attacks and DetectionDESHPANDE M
Webinar Contents:
Why use a Network Simulator
Introduction to NetSim
Introduction to Sinkhole Attack : Attack scenario in MANET using NetSim
Intrusion Detection System: Detection mechanism in MANET using NetSim
Analyzing Metrics
Areas of R & D in MANET
Q & A
1- Mobile ad hoc networks are formed dynamically by an
autonomous system of mobile nodes that are connected
via wireless links.
2- Multihop communication- node communicate with the
help of two or more node from source to destination.
3- No existing fixed infrastructure or centralized administration –No base station.
4- Mobile nodes are free to move randomly-Network topology changes frequently
5- May Operate as standalone fashion or also can be connected to the larger internet.
6- Each node work as router
Primary Goals of Security in MANET
To assure a reliable data transfer over the communication networks and to protect the system resources a number of security services are classified in five categories:-
1-Authentication:- The process of identifying an individual , usually based on a username and password.
2- Confidentially:- Confidentiality aims at protecting the data from disclosure to unauthorized person.
Network attacks against confidentiality
* Packet capturing
Password attack
Port scanning
Dumpster Diving
Wiretapping
Phishing and Pharming
2-Non repudiation:- Integrity guarantees that a message being transferred is never corrupted.
3- Integrity:- Integrity guarantees that a message being transferred is never corrupted.
network attack against integrity
Salami attack
trust relationship attacks
Man in the middle attack
Session hijacking attacks
4- Availability:- Its ensure that data ,network resources or network services are available to legitimate user when required.
network attack against availability
Denial of services attacks
Distributed denial of services attack
SYN flood attacks and ICMP flood attacks
Electrical power attacks
Server Room environment attacks
Key management
The security in networking is in many cases dependent on proper key management.
Key management consists of various services, of which each is vital for the security
of the networking systems
* Trust model:-Its must determine how much different element in the network can trust each other.
* Cryptosystem:- Public and symmetric key mechanism can be applied .
* Key creation:- It must determine which parties are allowed to generate key to themselves.
* Key storage :- In adhoc network any network element may have to store its own key and possibly key of other element as well.
* Key distribution:- The key management service must ensure that the generated keys are securely distributed to their owners.
Mobile Ad-Hoc Networks are most usefully in current environments. It’s required high performance, networks load and Throughput. In Mobile Ad-hoc Networks Routing is the hot topic for research. Basically two types routing protocols are work in the mobile Ad-hoc Networks: 1) Proactive and 2) Reactive. Researchers have projected different routing algorithm. Important work has been done on routing in ad hoc networks, some of the important works so far were the destination-sequence distance vector (DSDV) protocol, the temporally ordered routing protocol (TORA), dynamic source routing protocol (DSR) and ad hoc on demand routing protocol (AODV). These algorithms use Open Shortest Path First (OSPF) for find optimum route source to destination.ThesisScientist.com
This presentation covers Security Issues in Mobile Adhoc Network in brief, highlighting various attacks such as Sleep Deprivation, Wormhole, Blackhole and Eavesdropping in particulars.
NetSim Webinar on Network Attacks and DetectionDESHPANDE M
Webinar Contents:
Why use a Network Simulator
Introduction to NetSim
Introduction to Sinkhole Attack : Attack scenario in MANET using NetSim
Intrusion Detection System: Detection mechanism in MANET using NetSim
Analyzing Metrics
Areas of R & D in MANET
Q & A
1- Mobile ad hoc networks are formed dynamically by an
autonomous system of mobile nodes that are connected
via wireless links.
2- Multihop communication- node communicate with the
help of two or more node from source to destination.
3- No existing fixed infrastructure or centralized administration –No base station.
4- Mobile nodes are free to move randomly-Network topology changes frequently
5- May Operate as standalone fashion or also can be connected to the larger internet.
6- Each node work as router
Primary Goals of Security in MANET
To assure a reliable data transfer over the communication networks and to protect the system resources a number of security services are classified in five categories:-
1-Authentication:- The process of identifying an individual , usually based on a username and password.
2- Confidentially:- Confidentiality aims at protecting the data from disclosure to unauthorized person.
Network attacks against confidentiality
* Packet capturing
Password attack
Port scanning
Dumpster Diving
Wiretapping
Phishing and Pharming
2-Non repudiation:- Integrity guarantees that a message being transferred is never corrupted.
3- Integrity:- Integrity guarantees that a message being transferred is never corrupted.
network attack against integrity
Salami attack
trust relationship attacks
Man in the middle attack
Session hijacking attacks
4- Availability:- Its ensure that data ,network resources or network services are available to legitimate user when required.
network attack against availability
Denial of services attacks
Distributed denial of services attack
SYN flood attacks and ICMP flood attacks
Electrical power attacks
Server Room environment attacks
Key management
The security in networking is in many cases dependent on proper key management.
Key management consists of various services, of which each is vital for the security
of the networking systems
* Trust model:-Its must determine how much different element in the network can trust each other.
* Cryptosystem:- Public and symmetric key mechanism can be applied .
* Key creation:- It must determine which parties are allowed to generate key to themselves.
* Key storage :- In adhoc network any network element may have to store its own key and possibly key of other element as well.
* Key distribution:- The key management service must ensure that the generated keys are securely distributed to their owners.
Mobile Ad-Hoc Networks are most usefully in current environments. It’s required high performance, networks load and Throughput. In Mobile Ad-hoc Networks Routing is the hot topic for research. Basically two types routing protocols are work in the mobile Ad-hoc Networks: 1) Proactive and 2) Reactive. Researchers have projected different routing algorithm. Important work has been done on routing in ad hoc networks, some of the important works so far were the destination-sequence distance vector (DSDV) protocol, the temporally ordered routing protocol (TORA), dynamic source routing protocol (DSR) and ad hoc on demand routing protocol (AODV). These algorithms use Open Shortest Path First (OSPF) for find optimum route source to destination.ThesisScientist.com
This presentation covers Security Issues in Mobile Adhoc Network in brief, highlighting various attacks such as Sleep Deprivation, Wormhole, Blackhole and Eavesdropping in particulars.
this ppt is useful for both b.e/b.tech students as well as for mca students. in this ppt u will find different types of security issues in manet and their countermeasures.
Black hole Attack Avoidance Protocol for wireless Ad-Hoc networksijsrd.com
A Mobile Ad-Hoc Network is a collection of mobile nodes or a temporary network set up by wireless mobile nodes moving arbitrary in the places that have no network infrastructure in such a manner that the interconnections between nodes are capable of changing on continual basis. Thus the nodes find a path to the destination node using routing protocols. However, due to security vulnerabilities of the routing protocols, wireless ad-hoc networks are unprotected to attacks of the malicious nodes. Various attacks and one of those attacks is the Black Hole Attack against network integrity absorbing all data packets in the network. Since the data packets do not reach the destination node on account of this attack, data loss will occur. Therefore, it is a severe attack that can be easily employed against routing in mobile ad hoc networks. There are lots of detection and defense mechanisms to eliminate the intruder that carry out the black hole attack. . Virtual Infrastructure achieves reliable transmission in Mobile Ad Hoc Network. Black Hole Attack is the major problem to affect the Virtual Infrastructure. In this paper, approach on analyzing and improving the security of AODV, which is one of the popular routing protocols for MANET. Our aim is to ensuring the avoidance against Black hole attack.
MANETs have unique characteristics like dynamic topology, wireless radio medium, limited resources and lack of centralized administration; as a result, they are vulnerable to different types of attacks in different layers of protocol stack. wormhole attack detection in wireless sensor networks
WDA: Wormhole Attack Detection Algorithm based on measuring Round Trip Delay ...ijsrd.com
The recent advancements in the wireless arena and their wide-spread utilization have introduced new security vulnerabilities. The wireless media being shared is exposed to outside world, so it is susceptible to various attacks at different layers of OSI network stack. For example, jamming and device tampering at the physical layer; disruption of the medium access control (MAC) layer; routing attacks like Blackhole, rushing, wormhole; targeted attacks on the transport protocol like session hijacking, SYN flooding or even attacks intended to disrupt specific applications through viruses, worms and Trojan Horses. Wormhole attack is one of the serious routing attacks amongst all the network layer attacks launched on MANET. Wormhole attack is launched by creation of tunnels and it leads to total disruption of the routing paths on MANET. In this paper, Wormhole detection algorithm (WDA) is proposed based on modifying the forwarding packet process that detects and isolates wormhole nodes in ad hoc on demand distance vector (AODV) routing protocol.
Black Hole Attack:
A malicious node advertises the wrong paths as good paths to the source node during the pathfinding process.
When the source selects the path including the attacker node, the traffic starts passing through the adversary node and this node starts dropping the packets selectively or in whole.
Black hole region is the entry point to a large number of harmful attacks.
Manet - The Art of Networking without a NetworkTarun Varshney
Mobile ad hoc network (MANET), or simply ad hoc network, comprises nodes that freely and dynamically self-organize into arbitrary and temporary network topology without any infrastructure support.
Survey on Efficient and Secure Anonymous Communication in ManetsEditor IJCATR
Mobile ad-hoc networks require anonymous communications in order to thwart new wireless passive attacks; and to protect new
assets of information such as nodes locations, motion patterns, network topology and traffic patterns in addition to conventional identity and
message privacy. The transmitted routing messages and cached active routing entries leave plenty of opportunities for eavesdroppers.
Anonymity and location privacy guarantees for the deployed ad hoc networks are critical in military and real time communication systems,
otherwise the entire mission may be compromised. This poses challenging constraints on MANET routing and data forwarding. To address
the new challenges, several anonymous routing schemes have been proposed recently.
this ppt is useful for both b.e/b.tech students as well as for mca students. in this ppt u will find different types of security issues in manet and their countermeasures.
Black hole Attack Avoidance Protocol for wireless Ad-Hoc networksijsrd.com
A Mobile Ad-Hoc Network is a collection of mobile nodes or a temporary network set up by wireless mobile nodes moving arbitrary in the places that have no network infrastructure in such a manner that the interconnections between nodes are capable of changing on continual basis. Thus the nodes find a path to the destination node using routing protocols. However, due to security vulnerabilities of the routing protocols, wireless ad-hoc networks are unprotected to attacks of the malicious nodes. Various attacks and one of those attacks is the Black Hole Attack against network integrity absorbing all data packets in the network. Since the data packets do not reach the destination node on account of this attack, data loss will occur. Therefore, it is a severe attack that can be easily employed against routing in mobile ad hoc networks. There are lots of detection and defense mechanisms to eliminate the intruder that carry out the black hole attack. . Virtual Infrastructure achieves reliable transmission in Mobile Ad Hoc Network. Black Hole Attack is the major problem to affect the Virtual Infrastructure. In this paper, approach on analyzing and improving the security of AODV, which is one of the popular routing protocols for MANET. Our aim is to ensuring the avoidance against Black hole attack.
MANETs have unique characteristics like dynamic topology, wireless radio medium, limited resources and lack of centralized administration; as a result, they are vulnerable to different types of attacks in different layers of protocol stack. wormhole attack detection in wireless sensor networks
WDA: Wormhole Attack Detection Algorithm based on measuring Round Trip Delay ...ijsrd.com
The recent advancements in the wireless arena and their wide-spread utilization have introduced new security vulnerabilities. The wireless media being shared is exposed to outside world, so it is susceptible to various attacks at different layers of OSI network stack. For example, jamming and device tampering at the physical layer; disruption of the medium access control (MAC) layer; routing attacks like Blackhole, rushing, wormhole; targeted attacks on the transport protocol like session hijacking, SYN flooding or even attacks intended to disrupt specific applications through viruses, worms and Trojan Horses. Wormhole attack is one of the serious routing attacks amongst all the network layer attacks launched on MANET. Wormhole attack is launched by creation of tunnels and it leads to total disruption of the routing paths on MANET. In this paper, Wormhole detection algorithm (WDA) is proposed based on modifying the forwarding packet process that detects and isolates wormhole nodes in ad hoc on demand distance vector (AODV) routing protocol.
Black Hole Attack:
A malicious node advertises the wrong paths as good paths to the source node during the pathfinding process.
When the source selects the path including the attacker node, the traffic starts passing through the adversary node and this node starts dropping the packets selectively or in whole.
Black hole region is the entry point to a large number of harmful attacks.
Manet - The Art of Networking without a NetworkTarun Varshney
Mobile ad hoc network (MANET), or simply ad hoc network, comprises nodes that freely and dynamically self-organize into arbitrary and temporary network topology without any infrastructure support.
Survey on Efficient and Secure Anonymous Communication in ManetsEditor IJCATR
Mobile ad-hoc networks require anonymous communications in order to thwart new wireless passive attacks; and to protect new
assets of information such as nodes locations, motion patterns, network topology and traffic patterns in addition to conventional identity and
message privacy. The transmitted routing messages and cached active routing entries leave plenty of opportunities for eavesdroppers.
Anonymity and location privacy guarantees for the deployed ad hoc networks are critical in military and real time communication systems,
otherwise the entire mission may be compromised. This poses challenging constraints on MANET routing and data forwarding. To address
the new challenges, several anonymous routing schemes have been proposed recently.
Android OS Security: Risks and Limitations. AISEC Technical ReportFraunhofer AISEC
The number of Androidbased
smartphones is growing rapidly. They are increasingly
used for securitycritical
private and business applications, such as online
banking or to access corporate networks. This makes them a very valuable target
for an adversary. Up to date, significant or largescale
attacks have failed,
but attacks are becoming more sophisticated and successful. Thus, security is of
paramount importance for both private and corporate users. In this paper, we
give an overview of the current state of the art of Android security and present
our extensible automated exploit execution framework. First, we provide a summary
of the Android platform, current attack techniques, and publicly known
exploits. Then, we introduce our extensible exploit execution framework which
is capable of performing automated vulnerability tests of Android smartphones.
It incorporates currently known exploits, but can be easily extended to integrate
future exploits. Finally, we discuss how malware can propagate to Android smartphones
today and in the future, and which possible threats arise. For example,
devicetodevice
infections are possible if physical access is given.
Technical report representing the State of the Art of IoT Honeypots developed for the Seminar in Advanced Topics in Computer Science course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
The paper presents which are the current technologies for honeypots systems together with an introduction to IoT Malware and Botnets & Distributed Denial of Service (DDoS) attacks.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
1. RUHR -U NIVERSITÄT B OCHUM
A RBEITSGRUPPE
I NTEGRIERTE I NFORMATIONSSYSTEME
S EMINARARBEIT
Attacks on Mobile Ad hoc Netwoks
Zdravko Danailov
2. i
Abstract
Because of the designation of the mobile ad hoc networks (MANet), namely to build up a dynamic
wireless network, which has no antecedent and strictly defined infrastructure, within areas with
limited or no available organized infrastructure, is possible for two types of parties to participate
in MANet - authentic network users as well as malicious attackers. This fact certainly arises the
question about the security. In this paperwork we pay attention to the common attacks within
MANet, which differ in their essence such as Blackhole attack, Flooding attack, jamming, Worm-
hole attack, traffic monitoring and analysis, DoS etc. and what can be done as countermeasures
against them.
5. List of Figures iv
List of Abbreviations
AODV Ad hoc On-demand Distance Vector
CTS Clear To Send
DoS Denial of Service
DSSS Direct Sequence Spread Spectrum
e.g. for example
FHSS Frequency Hopping Spread Spectrum
GSM Global System for Mobile Communications
i.e. id est
LAN Local Area Network
MANet Mobile Ad hoc Network
MIMA Man-in-the-middle Attack
MPR Multipoint Relay
OLSR Optimized Link State Routing
OSI Open System Interconnection
PDA Personal Digital Assistant
RREP Route Reply
RREQ Route Request
RTS Request To Send
SSL Secure Socket Layer
TCB Transmission Control Block
TCP Transmission Control Protocol
TLS Transport Layer Security
6. 1 Introduction 1
1 Introduction
In a world of fast developing technologies and internet network, accessible for everyone, where
there are no clear boundaries between the functionality of the "gadgets" and the possibility to com-
municate is not an option but necessity, the mobile ad hoc networks (MANet) play significant role.
As a dynamic network, which has no antecedent and strictly defined infrastructure (e.g. Wireless
Access Points), MANet makes possible the connection between different types of mediums with-
out any additional infrastructure e.g. mobile phones, laptops, personal digital assistants (PDAs),
tablets, iPads etc.. Its assembly and configuration costs nothing because every single participant
can play the role of a router, so no preparation or build-up of an infrastructure is needed. In other
words MANet is a self-configuring and self-organizing network. For these reasons a certain level
of security cannot be established within the network. In this paperwork we will pay attention to
the structure of MANet and the specific security levels within the network. For the better under-
standing of the infrastructure of MANet we will make also a comparison to the standard wireless
networks. As we present the assembly and the configuration, we will show the vulnerabilities of
the network and the different types of attacks, which are common for MANet and what can be
done as countermeasures against them.
In order to examine the structure and security within MANet, presenting some of the attacks, which
are typical for the network, the structure of this paperwork is build-up as it follows. Chapter 2 fo-
cuses on the theoretical fundamentals of the MANet infrastructure and presents some differences
in comparison to the standard WLANs. It also pays attention to the specific security network lay-
ers, which can be applied to this network. Prior to introducing the common attacks within MANet,
the different types of attacks will be classified in order to make clear, which attack against which
level of MANet security can be used. An analysis of the well-known attacks against MANet will
be performed in chapter 3, as well as countermeasures, which can strengthen up the security level
of the network. Chapter 4 will conclude with a summary on the MANet infrastructure and a crit-
ical view on the security level of the network, which have already been examined in detail in this
paperwork. Before we start with the examination of the existing attacks against MANet, we will
make clear some of the basic terms which are used in this paper.
7. 2 Preliminaries 2
2 Preliminaries
2.1 MANet
What is MANet? A mobile ad hoc network (Figure 2.1) is a dynamic self-configuring wireless
network of mobile devices (nodes), in which every single node can act as router. This router can
possess multiple hosts and wireless devices. The nodes are free to move about arbitrarily [7],
but they can interact with each other though there is no strictly defined structure or centralized
administration, using wireless connections [5]. Moreover they can connect via different types
of wireless connections (e.g. standard Wi-Fi connection, cellular or satellite transmissions) to
various networks [1]. This collection of mobile nodes "may operate in isolation, or may have
gateways to and interface with a fixed network."[7] Because of its properties, MANet finds very
good application within areas, where it is not possible or expensive and completely unprofitable to
build up a predefined, fixed infrastructure.
Figure 2.1: Structure of MANet
Regarding the way of communication between two nodes within wireless networks, there are
two types applicable to MANet - single-hop and multiple-hop network. By single-hop network
(Figure 2.2), two nodes are in direct transmission range or more exactly they can interact with one
another directly, without a forwarding of the communication transfer over a third node [4].
8. 2.1 MANet 3
Figure 2.2: Single-Hop Networks
In this specific structure, base station plays a significant role. It is involved in the communication
with every mobile node, by taking care of the channel assignment for RTS (Request To Send) and
CTS (Clear To Send) packets. Within the single-hop networks usually are reused 7 frequencies, as
the neighboring cells are using different frequencies.
Figure 2.3: Multi-Hop Networks
By multi-hop network (Figure 2.3), the communication transfer between two nodes is forwarded
over a third node [4]. As in the both figures ( 2.3, 2.2) is shown, there can exist base stations within
the network, but as already mentioned above they are not typical for MANet infrastructure (e.g.
standard wireless networks possess base stations or access points and the participants communicate
with one another, using this predefined infrastructure). In order to show what is the most common
structure of the network (MANet) we will examine Figure 2.4.
In comparison to the typical wireless network, by MANet there is no need of predefined infras-
tructure such as access points or base stations. As mentioned, within MANet every participant
(node) can play the role of a router and can establish multiple connections to other participating
9. 2.1 MANet 4
Figure 2.4: Common Infrastructure of MANet
nodes by partitioning the available bandwidth to multiple channels, if they are in the range of
coverage. Therefore MANet infrastructure can changes dynamically as e.g.:
• one or more nodes quit the network, because they are not within the range of transmission
coverage
• one or more nodes quit the network, because they are not within the range of transmission
coverage and they join another MANet infrastructure
• one or more nodes quit the network, because they just terminate their connection to the
network
• one or more nodes join the network, because they are within the range of transmission cov-
erage
As there is no strictly defined infrastructure in MANet, it is also possible to exist a hybrid
network (please see Figure 2.5), where:
1. mobile nodes can establish connection with one another within the network(MANet)
2. mobile nodes(nodes 1 and 2) can establish connection with one another over the base sta-
tion(e.g. access point)
3. mobile nodes (node 2) can establish connection to other nodes, which are not participants
within this particular MANet, but part of other network (node 3), e.g. Wi-Fi, other MANet
or cable connection
The application range of MANet spread over areas in which there is no strictly defined infras-
tructure and networks with different size has to be configured fast and dynamic. The mobile ad hoc
networks find application in battlefield communications, law enforcement, mobile conferences,
10. 2.2 Security layers in MANet 5
Figure 2.5: Hybrid Infrastructure within MANet
home networks, virtual class rooms etc. [5]. Though the variety of application all security solu-
tions for MANet have to provide security services such as authenticity, confidentiality, integrity,
anonymity and availability to the mobile users.
• Availability - Normal services required by authorized entities has to granted even if con-
nection ports are inaccessible or data routing or/and forwarding algorithms are not working
because of various attacks.
• Confidentiality - The actual data has to be protected against identifying from unauthorized
entities, so the information exchanged can be analyzed and comprehended only by the com-
municating nodes
• Integrity - The data exchanged between two nodes is not falsified (modified) in any way
during the process of transmission within the network.
• Non-repudiation - A non-repudiation service grants that a receiver cannot deny that a mes-
sage had been received, and a sender cannot deny that a message had been sent.
• Authenticity - Grants a confidence that a single node or entity is authentic - confirmation that
a node is the same as it claims to be.[10]
2.2 Security layers in MANet
In order to present some of the existing attacks in MANet in chapter 3 we will make clear what are
the different levels of security within the network and then classify them. In a standard network
(Local Area Network or LAN) there are 7 OSI layers (Physical, Data link, Network, Transport,
Session, Presentation, Application layer). In comparison to LAN or WLAN, the security of MANet
can be divided into 5 OSI layers: Application layer, Transport layer, Network layer, Data link layer
11. 2.2 Security layers in MANet 6
and Physical layer [5]. If we consider the security of MANet compared to e.g. WLAN, the attacks
on application layer of MANet cannot be determined as typical ones, because it depends on what
type of wireless medium the authentic user uses (e.g. laptop, desktop computer with wireless,
PDA, GSM etc.). Therefore the type of the applications running on one medium differs from this
running on another. So such type of attacks is not common within MANet. According to the
specific layer there are various types of attacks which differ in their essence. For example typical
attacks against the Physical layer are Jamming and Eavesdropping; against the Data link layer -
traffic monitoring and analysis; against the Network layer - Blackhole attack, Wormhole attack,
Flooding attack, Colluding misrelay attack; against the Transport layer - Session hijacking and
SYN flooding. Against the Application layer can be executed the following attacks - repudiation
and data corruption, but as we have already mentioned the attacks against the application layer are
not typical for MANet, because of the big variety of involved wireless mediums. Along with the
one-level-attacks, which focus on only one security layer, there are attacks which affect more than
one / multiple layers within MANet such as Denial of Service attack or Man-in-the-Middle attack.
A classification list of these attacks can be seen in Table 2.1.
MANet security layer Attacks
Multi-layer attacks DoS, impersonation, replay, MIMA
Application layer Repudiation, data corruption
Transport layer Session hijacking, SYN flooding
Network layer Blackhole attack, Wormhole attack, Flooding attack,
Colluding misrelay attack, Byzantine attack, Link Spoofing attack
Data link layer Traffic monitoring and analysis,
disruption MAC(802.11), WEP weakness
Physical layer Jamming, interception, eavesdropping
Table 2.1: Classification of Attacks
Because of the wide range of the attacks, which can be applied against MANet, we will stick up
to the most common attacks, which can be executed within the network, mentioned in Table 2.2.
MANet security level Attacks
Section 3.1: Physical layer Eavesdropping, Jamming/Interception
Section 3.2: Data link layer Traffic monitoring and analysis
Section 3.3: Network layer Flooding attack, Blackhole attack,
Link Spoofing attack, Wormhole attack
Section 3.4: Transport layer SYN flooding, Session hijacking
Section 3.5: Multiple-layers Denial of Service (DoS) attack
Table 2.2: Common Attacks within MANet
12. 3 Attacks on MANet 7
3 Attacks on MANet
3.1 Attacks on MANet physical layer
In this section we will pay attention to the Jamming/Interception attack and the Eavesdropping,
attacks which are specifically applied and work against MANet physical layer.
1. Eavesdropping
2. Jamming/Interception
The attacks against the physical layer of MANet such as Jamming, Interception or Eavesdrop-
ping are very generic in their essence. Using them an attacker exploits the property that more than
one host within MANet share a single wireless medium, which naturally is dispersing airwave
signals so other participants (or participating nodes) in its range can receive this signals. The at-
tackers can easily intercept the transmission, managing to tune up a receiver on the same frequency
used for exchanging of data. The Eavesdropping is a passive attack. The idea is to inject falsified
messages into the network as an intruder intercepts and obtains the exchanged data between two
authorized users. On other hand Jamming and Interception attacks (Figure 3.1) are active attacks.
As the Eavesdropping, they are also used to disrupt the communication between two interacting
nodes, by decreasing the radio signals to noise ratio. An attacker can achieve an obstruction of
concrete radio signal, generating another stronger one (using transmitter of his own), so the mes-
sages between the interacting nodes to be corrupted or lost [6, 2]. So, by using e.g. Jamming, an
attacker can execute a DoS attack, disrupting the communication between two nodes and causing
severe damages.
Figure 3.1: Jamming/Interception
13. 3.2 Attacks on MANet data link layer 8
As the approach by Eavesdropping, Jamming/Interception is to interfere the signal between two
communicating authentic nodes, so the countermeasures against these attacks are oriented at the
changing or "masking" the signal in some way. The first countermeasure, which can deal firmly
with the eavesdropping attack and minimize the risk of interception, is the implementation of
the so called Frequency Hopping Spread Spectrum (FHSS) technology. FHSS is a method for
sending/receiving a signal, using different frequencies, which are changed at fix time intervals.
In other words it is a way to encode the signal, and both the receiver and transmitter have to be
synchronized, using the same "random" frequency pattern. Though the signal is transmitted over a
single channel, it appears to be an obscure duration impulse noise for eavesdroppers, and the risk
of interference is minimized because of the multi-frequency pattern [2].
The second countermeasure is the implementation of Direct Sequence Spread Spectrum (DSSS)
technology. The idea weaved into this method is to spread an output signal via a predefined Bit-
sequence(please see Figure 3.2). The original Bit-sequence or the data input is concealed using
spreading code in such way, that one original data bit equals to multiple bits in the transmitted
signal [2]. (Spreading code bits XOR Data input bits = Transmitted Signal)
Figure 3.2: Processing of Data Signal by DSSS
3.2 Attacks on MANet data link layer
In this section we will pay attention to the traffic monitoring and analysis, which is applicable on
the MANet data link layer.
1. traffic monitoring and analysis
Traffic monitoring and analysis is not an actual attack, but an instrument to prepare such one.
Via traffic monitoring and analysis an attacker can receive information about the participating
users within the network e.g. who is communicating with whom, how often, for how long, as
well as find out what are their communication functionalities e.g. which applications by particular
node are using bandwidth, for how long etc.. Having such specific information (if an attacker
has already identified a target for his attack or has revealed the relationships of communication),
for a malicious node is easier to choose how to attack a victim node, aiming efficiency. For all
these reasons the traffic monitoring and analysis has to be considered as a massive threat to the
14. 3.3 Attacks on MANet network layer 9
communication security within MANet [2, 3]. As the traffic monitoring is no actual attack, but a
good preparation tool for an attack we won’t present any countermeasures in this section.
3.3 Attacks on MANet network layer
In this section we will pay attention to the attacks, which are specifically applied and work against
MANet network layer: flooding attack, Blackhole attack, link spoofing attack and Wormhole at-
tack. They will be presented as it follows:
1. Flooding attack
2. Blackhole attack
3. Link spoofing attack
4. Wormhole attack
3.3.1 Flooding attack
There are different types of flooding attacks, which have the goal to disrupt the routing discovery or
the maintenance phase within MANet. Basically, via flooding attack a malicious node/an attacker
aims the exhaustion of the network resources (e.g. network bandwidth) as well as consuming
the resources of an authentic network user (e.g. computational and battery power). Furthermore
an attacker can influence the network performance, by hindering the proper execution of routing
algorithm (in routing discovery phase) [5, 2]. By RREQ flooding (or routing table overflow) is
possible for an attacker to send multiple RREQs to non-existing recipient in a very short period
of time, using the AODV protocol of MANet. In other words the malicious node represents false
(non-existing) routes to all authentic nodes within the network, preventing the creation of new
actual ones and causing routing table overflow by the authentic users. The avalanche of RREQs
all over the network leads to consummation of the battery power and the network bandwidth,
causing DoS [5, 2]. As a countermeasure against the flooding attack every network participant
(actual authentic user or simply node) can compute and monitor the evaluation of all neighbors’
RREQ, and in case of outmatching of the RREQs’ limit, which is preliminarily defined, the specific
neighbor node comes with its ID in a blacklist. By this way the authentic/actual node "knows",
that it should not receive any RREQs from its neighbors, recorded in its blacklist. Furthermore the
efficiency of this countermeasure can be enhanced if the RREQ limit is not preliminarily defined
(fixed), but is computed on hand of statistical analysis over RREQ, so the risk of attack with
varying flooding rates to be minimized [5].
3.3.2 Blackhole attack
As the flooding attack, the Blackhole attack also concerns the AODV routing protocol in the net-
work layer of MANet. The completion of the attack proceeds in two steps: 1. an attacker or
15. 3.3 Attacks on MANet network layer 10
malicious node has to modify the network topology in order to create auspicious "environment"
for the attack. It presents itself as a legitimate route within the network, aiming to intercept the
data exchange between two authentic nodes. 2. Analog to interception attack in the MANet phys-
ical layer, where the attacker obstructs concrete radio signal, generating another stronger one, in
the second step of Blackhole attack the malicious node consumes the intercepted data packages; it
simply receives the information and does not forward it to the end user (destination node) [2].
Figure 3.3: Blackhole Attack
In the following paragraph, we will take a closer look at the Blackhole attack showed in Fig-
ure 3.3. The source node sends RREQs all over the network to find out the possible legitimate
routes. As the attacker receives the RREQ sent by the source node he forwards it to the destination
node and send a RREP back to the source node in order to present him as a legitimate route. After
he is picked up by the source node for the transfer of the data as an authentic user within MANet,
the attacker only intercepts the data flow, i.e. receives the information and does not forward it
to the end user (destination node). Of course, there is always a chance that the neighbors’ nodes
could detect the sequence of the falsified RREQ or RREP messages and put the malicious node in
their blacklists, terminating the data flow over it [5, 2]. Aiming more efficiency by the attack, as
well as minimization of the risk of being exposed, the malicious node can intercept not entirely the
data transfer between two interacting nodes, but can selectively forward packets. In addition, the
attacker can sufficiently modify some messages sent from particular nodes not from all.
3.3.3 Link Spoofing Attack
Just in the opposite of the Blackhole attack, where the attacker try to intercept the data flow between
two of its neighbors, by the link spoofing attack the attacker aims to intercept or terminate the
routing operations between two non-neighbor nodes. Using the OLSR protocol the malicious node
sends a fake links to the two-hop neighbors of the target, and as a result the "victim" node selects it
16. 3.3 Attacks on MANet network layer 11
as a MPR. After being an approved MPR, the attacker can perform falsifying of data, modification
or dropping of the routing traffic [5].
Figure 3.4: Link Spoofing Attack
In the following paragraph, we will take a closer look at the link spoofing attack showed in
Figure 3.4. Before the actual attack the target node has selected both nodes (one-hop neighbors)
and the attacker as MPRs. So the attacker has to advertise a fake link with the two-hop neighbor of
the target node. Because of this the attacker sends a "HALLO"- message to the neighbor (presented
by red line in Figure 3.4) and then sends a message with the fake link to the target (presented by
blue arrow in Figure 3.4). As performing the last step, the attacker forces the target node to choose
him as an only MPR, because according to the OLSR protocol specification a node has to select
its neighbor as MPR if it "is the minimum set that reaches node’s two-hop neighbors."[5]
As a countermeasure against the link spoofing attack there is a solution by which every single
node within the network is driven to notify its two-hop neighbors and doing so all participants
can acquire a view of the complete topology in "three-hop radius". So if a link spoofing attack is
executed it will be simultaneously detected [5].
3.3.4 Wormhole attack
The wormhole attack is one of the most efficient and merciless attacks, which can be executed
within MANet. Therefore two collaborating attackers should establish the so called wormhole link
(using private high speed network e.g. over Ethernet cable or optical link): connection via a direct
low-latency communication link between two separated distant points within MANet. As soon as
this direct bridge (wormhole link) is built up one of the attackers captures data exchange packets,
sends them via the wormhole link to the second one and he replays them [5].
17. 3.4 Attacks on MANet transport layer 12
Figure 3.5: Wormhole Attack
In the following paragraph, we will take a closer look at the Wormhole attack showed in Fig-
ure 3.5. The target node sends RREQs all over the network to find out the possible legitimate
routes. As the attacker 1 receives the RREQ sent by the target node he forwards it to the attacker
2 over the wormhole link between them (presented by red line in Figure 3.5). As the colluding
attacker 2 receives the RREQ, transmit it to the destination node. The destination node on its part
sends a RREP back to the target node over the wormhole link between the colluding attackers. In
order to present them as a legitimate route, the colluding attackers forward the RREP to the target
node. After they are picked up by the target node for the transfer of the data as authentic users
within MANet, the attackers can intercept the data flow, i.e. receive the information and does not
forward it to the end user (destination node), or selectively forward data packages in order to not
being caught. As a countermeasure against the Wormhole attack, there is a cryptography-based
solution proposed in "Preventing Wormhole Attacks on Wireless Ad Hoc Networks: A Graph
Theoretic Approach"[8], for the application of Local Broadcast Keys as well as "a distributed
mechanism for establishing them in randomly deployed networks."[8]
3.4 Attacks on MANet transport layer
In this section we will pay attention to the specific attacks, which are applicable on the MANet
transport layer: Session hijacking and SYN flooding attacks.
1. SYN flooding
2. Session hijacking
By SYN flooding attack the goal of the attacker (malicious node) is to achieve multiple half
opened TCP connections with an authentic user, and to keep them so without completing the
18. 3.4 Attacks on MANet transport layer 13
whole phase of synchronization [2]. During a normal phase of synchronization ( Figure 3.6: TCP
Handshake) between two authentic users:
1. "A" sends a packet with flag SYN to "B" (synchronize, sequence number = X). On the side
of "B" the Transmission Control Block (TCB) is initialized to "SYN-RECEIVED" state [9].
2. "B" sends a packet with flags SYN, ACK to "A" (synchronize acknowledge, sequence num-
ber = Y, acknowledge number = X+1).
3. "A" sends a packet with flag ACK to "B" (acknowledge, sequence number = X+1, acknowl-
edge number = Y+1). As on the side of "B" the TCB transitions to "ESTABLISHED" state
[9]. So the phase of TCP Handshake is completed and the connection between "A" and "B"
is built up.
Figure 3.6: TCP Handshake
During the attack, both the address of the malicious node and the status of the half opened
connection are in the memory of the network stack, in order to finish the SYN-phase later and to
establish the connection. Because the resources of the authentic user are limited, it is possible to
achieve flooding via SYN-messages and exhaust all resources of it. If this is achieved the authentic
node (victim-user) cannot initialize any other connection, and leads to DoS. This type of attack is
very powerful and efficient, because the SYN-messages are very small in size and their generation
does not demand a long computing time. By this reason the defender needs more resources (e.g.
computing and battery power) compared to the resources that the attacker needs for the execution
of this attack.
By session hijacking attack the goal of the attacker (malicious node) is to steal the identity of a
victim node and to achieve session with a target node. This type of attack is executed in two steps.
First, the malicious node takes over the identity of the victim node as it spoofs the IP address of
the victim and computes the particular sequence number, expected by the target node. Second, the
attacker executes a DoS attack on the victim, aiming to continue the session with the target.
Considering the weak security level of the transport layer in MANet the participants within the
network are not protected against both SYN flooding and session hijacking attacks. As a counter-
measure against these attacks can be used the implementation of the Secure Socket Layer (SSL)
and Transport Layer Security (TLS) protocols, which are based on asymmetric crypto algorithms.
19. 3.5 Multi-layer attacks on MANet 14
Their property - to secure the connections within networks, can be used to grant security by data
exchange between nodes [2].
As another very efficient countermeasure against the SYN flooding attack can be implemented
SYN Cookies. The connection establishment between two authentic nodes within the network will
proceed as it follows:
1. "A" sends a packet with flag SYN to "B" (synchronize, sequence number = X). On the side
of "B" the TCB is encoded into Sequence Number and destroyed [9].
2. "B" sends a packet with flags SYN, ACK to "A" (synchronize acknowledge, sequence num-
ber = Y, acknowledge number = X+1) as well as cookie [9].
3. "A" sends a packet with flag ACK to "B" (acknowledge, sequence number = X+1, acknowl-
edge number = Y+1) and in addition to ACK, "A" has to return the cookie. As on the side of
"B" the TCB is recovered from the acknowledged Sequence Number in ACK segment [9].
So the connection establishment with SYN cookies between "A" and "B" is completed and
the normal data exchange can proceed [9].
3.5 Multi-layer attacks on MANet
In this section we will pay attention to the multi-layer attacks within MANet (e.g. DoS, imperson-
ation, replay, man-in-the-middle attacks), and mainly Denial of Service. A multi-layer attack is an
attack which can be executed from more than one layer within a network. As we already mentioned
in section 3.1, Denial of Service can be launched, using Jamming attack on the MANet physical
layer. Moreover, it is possible to execute DoS via flooding attack (please, see section 3.3.1) on
MANet network layer, via SYN flooding and session hijacking (please, see section 3.4) on MANet
transport layer, as well as via malicious applications on the MANet application layer. Considering
the wide spectrum of possibilities to execute DoS makes this attack very unpredictable, effective
and powerful one. Furthermore, assuming that one attack can consist of other different attacks,
there are many possibilities to execute such combined-attack. For example an attacker can start
with an eavesdropping attack on the Physical layer, afterwards making traffic monitoring and anal-
ysis (on MANet Data link layer) he can proceed with SYN flooding attack or Session hijacking
attack on the Transport layer as well as with flooding attack on the Network layer causing DoS
attack or he can launch link spoofing attack, aiming to intercept or terminate the routing operations
between authentic users within the network.
20. 4 Conclusion 15
4 Conclusion
This paper pays attention to the complex and fast changing infrastructure of the mobile ad hoc
network as well as the common attacks, which occur within MANet. The theoretical fundamentals
of its dynamic infrastructure and the different types of security layers are represented to give an
overview on the system. Afterwards it offers an explanation on which specific layer what type
of attack can be executed and also what countermeasures can be taken in order to prevent this
specific attack. Because MANet is a dynamic network, which has no antecedent and strictly de-
fined infrastructure, there is also no clear line of defence. The very big variety of devices (e.g.
mobile phones, laptops, personal digital assistants (PDAs), tablets, iPads etc.), which can partic-
ipate within the network and the different security level by every single user present obstacles to
unify, standardize a security level for MANet. As we presented in chapter 3 of this paper there are
many different types of attacks such as Jamming/Interception and eavesdropping in the Physical
layer, traffic monitoring and analysis in the Data link layer, Blackhole attack, Wormhole attack,
Flooding attack and Link spoofing attack in the Network layer, Session hijacking and SYN flood-
ing in the Transport layer, which can be executed within MANet. Also there are multiple-layer
attacks, which can be started from more than one layer within the network and combined-attacks,
i.e. an attack consists of other different attacks. So in order to improve the level of security within
MANet, the weaknesses of each layer should be handled. Therefore it should be implemented
FHSS, DSSS technologies in the physical layer. Traffic analysis can be prevented by using traffic
padding and traffic rerouting techniques. The introduction of black and notification lists as well as
dynamic computation for the RREQ limit on the Network layer will minimize the risk of flooding
attack and link spoofing attack. Besides, the application of Local Broadcast Keys can prevent the
execution of the Wormhole attack. Implementation of modified, for the needs of MANet, SSL
and TLS protocols, based on asymmetric crypto algorithms will secure the connections within the
network. Furthermore, an introduction of SYN cookies will strengthen up the security level of the
transport layer.
Considering the application of all deployment scenarios on MANet, it is almost impossible to
implement this big variety of countermeasures, because of the limited power within the network
as well as the high complexity by the implementation process. Nevertheless, disregarding the
weaknesses, the Mobile Ad hoc Networks have wide range of application, because of their basic
properties - to establish connection between completely different types of mediums without any
predefined infrastructure and to change dynamically their topology. So they will play an enormous
role for the further development of various sectors e.g. health care, automotive, telecommunica-
tions and education.
21. Bibliography v
Bibliography
[1] MANET (Mobile Ad Hoc Network), http://www.techterms.com/definition/manet.
[2] Mihaela Cardei; Bing Wu; Jianmin Chen; Jie Wu. A Survey on Attacks and Countermeasures
in Mobile Ad Hoc Networks. Wireless/Mobile Network Security, page 38, 2006.
[3] Srihari Nelakuditi; Chase Gray; Jason Byrnes. Pair-wise resistance to traffic analysis in
MANETs. Mobile Computing and Communications Review, 12:20–22, 2008.
[4] Adrian Heißler. Schwarmintelligenzbasiertes Routing in mobilen Ad-hoc-netzen, volume 1.
GRIN, 2008.
[5] Rashid Hafeez Khokhar; Md Asri Ngadi; Satria Mandala. A Review of Current Routing
Attacks in Mobile Ad Hoc Networks. International Journal of Computer Science and Security,
2:12, 2008.
[6] Panos Lekkas; Randall Nichols. WIRELESS SECURITY: Models, Threats, and Solutions.
McGraw-Hill, 2002.
[7] J. Macker; S. Corson. Mobile Ad hoc Networking (MANET): Routing Protocol Performance
Issues and Evaluation Considerations. page 12, January 1999.
[8] L. Lazos; R. Poovendran; C. Meadows; L. W. Chang; P. Syverson. Preventing Wormhole At-
tacks on Wireless Ad Hoc Networks: A Graph Theoretic Approach. Wireless Communications
and Networking Conference, 2005 IEEE, 2:1193–1199, 2005.
[9] Verizon Federal Network Systems; Wesley M. Eddy. Defenses Against TCP SYN Flooding
Attacks. The Internet Protocol Journal, 9(4), December 2006.
[10] Miao Ma; Yan Zhang; Jun Zheng. Handbook of research on wireless security. Number
978-1599048994. 2008.