Transcript Security Enhancements in AODV protocol for Wireless Ad Hoc
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Sonali Bhargava and Dharma P. Agrawal Center for Distributed & Mobile Computing Dept of ECECS, University of Cincinnati Presented By: Syeda Momina Tabish MIT - 7
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Agenda
Introduction Motivation Related Work Assumptions and background Proposed Approach Intrusion Detection Model (IDM) Intrusion Response Model (IRM) Experimental Setup Performance Metrics Simulation Results Conclusion & Future Work 2
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Introduction
AODV -- On-demand route discovery Effective use of available bandwidth Highly scalable An ad hoc network is dynamically formed when two or more mobile hosts with wireless capability come into transmission range of each other Advantage of ad hoc networks: Can be set up ‘on-the-fly’ Requires no existing infrastructure 3
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
AODV Operation
RREQ Source RERR 4
Stable Enhancement in AODV
RREP Destination
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Introduction contd.
Ad hoc network is useful in situations where geographical or terrestrial constraints demand totally distributed network system without any fixed base station.
Could be in battlefields or in any other disaster situations.
Wireless Ad hoc networks are highly susceptible to malicious attacks. They need harder security than conventional wired and static Internet.
Intrusion prevention measures such as encryption and authentication, at times fail to identify attack, as these prevention measures cannot defend against compromised mobile nodes.
5
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
6 Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Motivation
We need an Intrusion Detection system in the network to create another wall of defense Forms of Attack Passive eavesdropping Active interfering Leakage of secret information Data tampering Impersonation Denial of service Detection of compromised nodes is challenging due to Nodes are constantly mobile Protocols implemented are cooperative in nature Lack of fixed infrastructure and central authority No distinction between normalcy and abnormality
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Motivation contd.
The Attacks to routing protocol can be further classified into two types. They are: External Attack: An attack caused by nodes that do not belong to the network.
Internal Attack: An attack from nodes that belong to the network
due to them getting compromised or captured.
7
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Related Work
Yonguang Zhang and Wenke Lee: presented new intrusion detection and response mechanism. The basic assumption is that the user and program activities are observable and system should be cooperative and distributed.
Sergio Marti: introduced techniques that improve throughput in an ad hoc network by identifying misbehaving nodes that agree to forward the packet but never do so.
Venkatraman: proposed intrusion detection agent to prevent some internal attacks on the network. Intrusion detection agent runs on all the nodes and is based on Yongguang Zhang and Wenke Lee's model.
8
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Assumptions and Background
Assumption When a node is within radio range of another node they are termed as neighbors.
Every link between two nodes is bi-directional.
Nodes are in promiscuous state.
Compromised nodes do not work in teams.
9
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Proposed Approach
Identified possible internal attacks for AODV protocol and present details of Intrusion Detection Model [IDIM] and Intrusion Response Model [IRM]. The compromised nodes could cause sufficient damage by merely not cooperating. The types of malicious activities depend on the functioning of the protocol. These attacks are deterministic and can be detected by IDM and malicious nodes are isolated using IRS .
10
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
11 Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Proposed Approach contd.
Following are the internal attacks handled by IDM.
Distributed false route request: Under this attack, a malicious node generates false route requests from different radio ranges, thereby resulting in continued wastage of channel bandwidth. They cannot be categorized as malicious nodes.
Denial of service: Denial of service attack results when the network bandwidth is hijacked by the malicious node by repeatedly generating route requests. A malicious node continues to transmit control packets, as a result of which other nodes in the network can not use the resources.
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Proposed Approach contd.
Destination is Compromised: A compromised destination node does not acknowledge the route requests destined for it. This result; in re-broadcasts and increase in end-to-end routing delay. Therefore, the network throughput is severely decreased.
Impersonation: It is undesirable to have a malicious node impersonating an another node while sending that control packets to create the anomaly updation in the routing table.
Routing Information Disclosure: Malicious node leaks the confidential. information to unauthorized users in the network. This kind of attack is difficult to identify.
12
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Detection Model
Based on the model presented by Yonguang Zhang and Wenke Lee. Each node employs the detection model that utilizes the neighborhood information to detect misbehaviors of its neighbors.
The IDM is present on all the nodes. Constantly monitors the behavior of its neighbors and analyzes it to detect if the neighbor has been compromised.
13
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Handling of Internal Attacks
Secure Communication Global Response No Intrusion Response Model Yes Mal count > Threshold 14 Intrusion Detection Model Data Collection
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
15 Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Detection Model contd.
The model identifies each of the aforementioned attacks as follows:
Distributed false route request:
A route request is generated whenever a node has to send data to the particular destination.
Malicious node might generate frequent, unnecessary route requests.
Malicious node generates a false route message from different radio range, it will be difficult to identify the malicious node.
When the node in the network receive a number of route requests that is greater than a threshold count by a specific source for a destination in a particular time interval tinterval, the node is declared as malicious and the information is propagated in the network.
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Detection Model contd.
Denial of service: Malicious node launches the denial of service attack by transmitting false control packets and using the entire network resources. This results in deprivation of network resources for other nodes.
Denial of service can be launched by transmitting false routing packets or data packets. It can be identified if a node is generating the control packets that is more than the threshold count in a particular time interval tfrequency. 16
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
17 Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Detection Model contd.
Destination is Compromised:
A destination might not be able to reply, if it is (i) not in the network (ii) overloaded (iii) it did not receive route request; or if it is (iv) malicious This attack is identified when the source does not receive the reply from the destination in a particular time interval twait. The neighbors generate probe/ hello packets to determine connectivity. If the node is in the network and does not respond to route requests destined for it, it is identified as malicious.
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Detection Model contd.
Impersonation:
It can be avoided if sender encrypts the packet with its private key and other nodes decrypts with the public key of the sender. If the receiver is not able to decrypt the packet, the sender might be not the real source and hence packet will be dropped.
18
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Response Model
A node identifies that an another has been compromised when its malcount increases beyond the threshold value for that allegedly compromised node. In such cases, it propagates this information to the entire network by transmitting Mal packet. If other nodes also suspect that the node that has been detected as compromised, it reports its suspicion to the network and transmits ReMal packet. 19
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Response Model
If two or more nodes report about a particular node, Purge packet is transmitted to isolate the malicious node from the network. All nodes that have a route through the compromised node look for newer routes. All packets received from the compromised node are dropped.
20
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Experimental Setup
Used the version of Berkeley’s Network Simulator (ns) for our implementation.
Based on a 1500 by 300 meter flat space scattered with 50 wireless nodes. In which 10 are data sources.
The nodes move randomly with random speed (the speed is uniformly distributed between 0-20 sec). The MAC layer used for the simulations is IEEE 802.11
The transport protocol used for simulations is User Datagram Protocol (UDP).
21
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Experimental Setup contd.
Performance Metrics: 1. Packet Delivery Fraction: This is the ratio of CBR packets delivered to that generated and is measured as throughput.
2. Routing Overhead: The number of routing packets transmitted for every data packet sent. Each hop of the routing packet is treated as a packet. They have used the normalized routing load for comparison, which is the ratio of routing packets to the data packets.
3. Average end-to-end delay: This is the average of the delays incurred by all the packets that are successfully transmitted.
22
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Experimental Setup contd.
4. Accuracy of Predictions: Only the malicious nodes generated in the network were reported as intruders and others nodes were not claimed as malicious.
In the simulation misbehaving node is one that generate false route requests or drop the route request packets that are destined for it.
23
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Simulation Results
Routing Load vs. Pause Time 24
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Simulation Results
End to End Delay vs. Pause Time 25
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Simulation Results
Packet Delivery vs. Pause time 26
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Conclusion & Future Work
Proposed a security scheme to pro-actively prevent internal attacks.
The results of implementation show that the overheads is marginal and has negligible effects on network performance while making the protocol robust.
Working on defining more internal attacks and plan to identify solutions for them. Moreover, they plan to introduce security scheme for external attacks and incorporate those with Intrusion Detection and Response model as well.
27
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Questions ???
Thanks
28
Syeda Momina Tabish ....................................................................................................... NIIT-NUST