Security Issues In Mobile Adhoc Networks MANETs An Overview

1
Security Issues In Mobile Adhoc
Networks(MANETs)An Overview

• Poornima Balasubramanyam
• Computer Security Laboratory
• Department Of Computer Science
• UCDavis

2
Definition of Adhoc Networks

• Perkins and Bhagwat, 94
• An adhoc network is the cooperative
  engagement of a collection of Mobile Hosts
  without the required intervention of any
  centralized Access Point.

3
Characteristics of Adhoc Networks

• Limited resources
• Wireless communication
• immediate neighborhood
• limited by radio range
• No pre-existing infrastructure
• Self-configuring
• Decentralized architecture
• Mobile hosts
• Hosts must participate in cooperative routing
• dynamically establish multi-hop routing

4
Challenges Limited Resources

• Limited Energy battery powered
• For computation
• For transmission
• Very limited bandwidth
• constrained
• varying contention with other hosts
• Limited storage and processing resources

5
Challenges Wireless Communication

• Vulnerable medium
• Susceptible to eavesdropping, jamming,
• DoS attacks
• Noisy and congested channel
• Promiscuous monitoring is degraded by hidden
  terminal effects and channel contention

6
Hidden Terminal Effects

• Well known problem in contention-based protocols
  like 802.11, CSMA, ALOHA etc.
• Two nodes hidden from each other attempt to
  transmit to same receiving node

A
B
C
7
Hidden Terminal Effects

• Well known problem in contention-based protocols
  like 802.11, CSMA, ALOHA etc.
• Two nodes hidden from each other attempt to
  transmit to same receiving node
• Collision!

A
C
B
8
RTS/CTS Handshake
1
2
4
3
9
Shortcomings of RTS/CTS

• Not a perfect solution
• Collisions do occur when RTS and CTS messages are
  sent by different nodes

10
Challenges Adhoc Networking

• Mobile hosts and dynamic infrastructure
• For routing, configuration and security
• No centralized points where traffic
  aggregation/analysis may be performed
• No choke points for firewall protection
• Intermittent connectivity caused by mobility,
  noise

11
Networking Infrastructure

• Physical topology Flat
• Logical Structure Hierarchical
• Hierarchical routing possibly imposed over
  flat topology
• Cluster nodes serving sets of nodes and between
  nodes

12
Some Operational Challenges

• Roaming in hostile environment
• Nodes may be prone to capture
• Malicious node behavior
• Meta-data protection
• Confidentiality of identity, location and
  topology
• Low security against data extraction from node
• Wireless sensor applications, smart cards etc.

13
Trust Management

• Decentralized architecture
• Possible large no. of nodes
• Transient relationships
• Limited resources
• public keys, symmetric keys, trusted CA,
• shared keys, scalability of key
  distribution

Research Issues
TRUST MANAGEMENT IS HARD!
14
Routing Protocols

• Proactive protocols
• Table driven
• Do not scale well
• Large overhead with dynamic topology
• OLSR
• Reactive protocols
• On demand route queries
• Scale better
• DSR employs source routing, route caches
• AODV hop by hop routing,
• Hybrid routing protocols may employ clustering
  and hierarchical techniques (ZRP, SAODV, etc)

15
Routing Protocols - Reactive

• AODV (Adhoc On-demand Distance Vector)
• Broadcasts RREQ,
• Unicast RREP by destination or intermediate node
  with route to a destination
• Only 1-hop information (small state)
• DSR (Dynamic Source Routing)
• Source routing
• Maintain route caches
• Route discovery and route maintenance
• Efficiency improved with aggressive caching
• using passive monitoring

16
Routing Protocols Proactive

• OLSR (Optimized Link State Routing)
• Table driven
• Periodic exchange of link information
• to maintain topology information of network
• Multi-point relays employed for optimization

17
Possible Reasons Node Leaves Network

• Mobility moves out of radio range
• Noisy Intermittent connectivity results in node
  
• effectively being absent from
  any cooperative behavior
• Selfish
• Elects to not participate in routing, etc. in
  order to conserve power
• Passive eavesdropping to update own data
• Routing,
• Intrusion information, etc.

18
Possible Reasons Node Leaves Network- Continued

• Forced
• Depleted resources
• Limited participation
• Attacked
• Forced to waste resources e.g., sleep
  deprivation

19
Kinds Of Attacks

• Outsider
• Insider
• Passive
• Active
• Link level attacks
• Routing attacks

20
Outsider Attacks

• Infiltrate ad hoc network
• modify routing information
• cause redirection of network traffic, DoS
  attacks, etc.
• Eavesdropping
• Traffic Analysis

21
Insider Attacks

• Compromised hosts
• legitimately participate in all network processes
• influence local behavior
• actively disrupt global network behavior

22
Passive Attacks

• Due to vulnerable wireless link
• Particularly susceptible in hostile environment
• Eavesdropping
• Traffic analysis
• Relative topology discovery
• possible chain-of-command discovery, etc.
• MAC/IP address disclosure

23
Active Attacks

• Inject packets into network
• Intentional packet dropping
• Distort packets before forwarding

24
Link Level Attacks

• MAC layer
• Jamming
• Unfair channel hogging exploit RTS/CTS
  handshake
• MAC Address Spoofing 802.11
• Evade NIDS that attempts to track large traffic
  from single source
• Bypass access-control lists
• Authenticated user impersonation
• See Joshua Wright, 2002. White paper Detecting
  Wireless LAN MAC Address Spoofing

25
Routing Level Attacks

• Distort routing information
• Inject false route information
• False route queries
• Replay stale information
• Send valuable routing information to other
  hostile nodes

26
Active Routing Attacks

• Black hole
• Advertise itself as best (shortest, least
  congested, etc.) path to target node
• Routing table overflow
• False routes created
• Proactive protocols more vulnerable
• In AODV/DSR, at least 2 colluding nodes needed
• 1 RREQ, 1RRER
• Location disclosure
• Send routing packets with inadequate hop-counts
  to record error messages

27
Effects of Routing Attacks

• Node Compromise
• DoS
• Starvation
• Looping
• Isolate Node
• QoS
• Introduce traffic delays to node

28
Effects of Routing Attacks Contd.

• Network Compromise
• Network Congestion
• Create Blackholes
• Sleep Deprivation
• Network Partition
• Introduce instability in routing
• Network Overload

29
Intrusion Monitoring

• Local Monitoring
• E.g., network packet analysis
• More data
• More strain on limited resources
• Local view places demands on cooperative
  management
• Cooperative Monitoring
• Intrusive behavior may be visible earlier
• More global view - possibly easier for
  cooperative intrusion management