Mobile Ad-hoc Networks (MANET)

Similar documents
Mobile Ad-hoc and Sensor Networks Lesson 04 Mobile Ad-hoc Network (MANET) Routing Algorithms Part 1

Outline. CS5984 Mobile Computing. Taxonomy of Routing Protocols AODV 1/2. Dr. Ayman Abdel-Hamid. Routing Protocols in MANETs Part I

Content. 1. Introduction. 2. The Ad-hoc On-Demand Distance Vector Algorithm. 3. Simulation and Results. 4. Future Work. 5.

Routing Protocols in MANETs

LECTURE 9. Ad hoc Networks and Routing

A Novel Secure Routing Protocol for MANETs

Performance Analysis of Aodv Protocol under Black Hole Attack

AODV Routing Protocol in MANET based on Cryptographic Authentication Method

Wireless Network Security Spring 2013

A Survey on Wireless Routing Protocols (AODV, DSR, DSDV)

Wireless Network Security Spring 2015

Optimizing Performance of Routing against Black Hole Attack in MANET using AODV Protocol Prerana A. Chaudhari 1 Vanaraj B.

White Paper. Mobile Ad hoc Networking (MANET) with AODV. Revision 1.0

Mobile Ad-Hoc Networks & Routing Algorithms

QoS Routing By Ad-Hoc on Demand Vector Routing Protocol for MANET

CMPE 257: Wireless and Mobile Networking

An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks

Security Enhancement of AODV Protocol for Mobile Ad hoc Network

Routing in Ad Hoc Wireless Networks PROF. MICHAEL TSAI / DR. KATE LIN 2014/05/14

UCS-805 MOBILE COMPUTING Jan-May,2011 TOPIC 8. ALAK ROY. Assistant Professor Dept. of CSE NIT Agartala.

Performance Evaluation of Route Failure Detection in Mobile Ad Hoc Networks

Simulation & Performance Analysis of Mobile Ad-Hoc Network Routing Protocol

CHAPTER 3 IMPROVED AODV BASED ON LINK QUALITY METRICS

Ad Hoc Networks: Issues and Routing

Kapitel 5: Mobile Ad Hoc Networks. Characteristics. Applications of Ad Hoc Networks. Wireless Communication. Wireless communication networks types

Security Issues In Mobile Ad hoc Network Routing Protocols

Power aware Multi-path Routing Protocol for MANETS

A Comparative Study between AODV and DSDV Routing Protocols in Mobile Ad Hoc Networks using Network Simulator NS2

ROUTE STABILITY MODEL FOR DSR IN WIRELESS ADHOC NETWORKS

Performance Evaluation Of Ad-Hoc On Demand Routing Protocol (AODV) Using NS-3 Simulator

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Wireless Networking & Mobile Computing

A COMPARISON OF IMPROVED AODV ROUTING PROTOCOL BASED ON IEEE AND IEEE

Prevention of Black Hole Attack in AODV Routing Algorithm of MANET Using Trust Based Computing

Performance Comparison of DSDV, AODV, DSR, Routing protocols for MANETs

Performance Evaluation of Two Reactive and Proactive Mobile Ad Hoc Routing Protocols

Evaluation of Routing Protocols for Mobile Ad hoc Networks

Computation of Multiple Node Disjoint Paths

Implementation of AODV Protocol and Detection of Malicious Nodes in MANETs

CAODV Free Blackhole Attack in Ad Hoc Networks

ANewRoutingProtocolinAdHocNetworks with Unidirectional Links

PERFORMANCE ANALYSIS OF AODV ROUTING PROTOCOL IN MANETS

2013, IJARCSSE All Rights Reserved Page 85

Analysis of Routing Protocols in MANETs

Unicast Routing in Mobile Ad Hoc Networks. Dr. Ashikur Rahman CSE 6811: Wireless Ad hoc Networks

Experiment and Evaluation of a Mobile Ad Hoc Network with AODV Routing Protocol

Comparing the Impact of Black Hole and Gray Hole Attacks in Mobile Adhoc Networks

Secure routing in ad hoc and sensor networks

6367(Print), ISSN (Online) Volume 4, Issue 2, March April (2013), IAEME & TECHNOLOGY (IJCET)

ComparisonofPacketDeliveryforblackholeattackinadhocnetwork. Comparison of Packet Delivery for Black Hole Attack in ad hoc Network

A Survey on Security Analysis of Routing Protocols By J.Viji Gripsy, Dr. Anna Saro Vijendran

MANET TECHNOLOGY. Keywords: MANET, Wireless Nodes, Ad-Hoc Network, Mobile Nodes, Routes Protocols.

A Survey - Energy Efficient Routing Protocols in MANET

Comparative Study of Routing Protocols in MANET

ECS-087: Mobile Computing

Mobility and Density Aware AODV Protocol Extension for Mobile Adhoc Networks-MADA-AODV

Figure 1: Ad-Hoc routing protocols.

A Highly Effective and Efficient Route Discovery & Maintenance in DSR

Ms A.Naveena Electronics and Telematics department, GNITS, Hyderabad, India.

Lecture 13: Routing in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 3, Monday

Tietokoneverkot T

A COMPARISON OF REACTIVE ROUTING PROTOCOLS DSR, AODV AND TORA IN MANET

Recent Researches in Communications, Information Science and Education

Performance Evaluation of AODV and DSR routing protocols in MANET

Mobile Ad-hoc and Sensor Networks Lesson 05 Mobile Ad-hoc Network (MANET) Routing Algorithms Part 2

Volume 2, Issue 1, January 2012 ISSN: X International Journal of Advanced Research in Computer Science and Software Engineering

Mobile & Wireless Networking. Lecture 10: Mobile Transport Layer & Ad Hoc Networks. [Schiller, Section 8.3 & Section 9] [Reader, Part 8]

An Extensive Simulation Analysis of AODV Protocol with IEEE MAC for Chain Topology in MANET

Routing protocols in Mobile Ad Hoc Network

A Literature survey on Improving AODV protocol through cross layer design in MANET

A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols. Broch et al Presented by Brian Card

Performance Evaluation of Various Routing Protocols in MANET

Secure Routing for Mobile Ad-hoc Networks

Simulation & Implementation of Wireless Routing Protocol

Performance Analysis of MANET Routing Protocols OLSR and AODV

A Review paper on Routing Protocol Comparison

Survey on Attacks in Routing Protocols In Mobile Ad-Hoc Network

Mobile Communications. Ad-hoc and Mesh Networks

Energy and Power Aware Stable Routing Strategy for Ad hoc Wireless Networks based on DSR

Security in DOA routing protocol for Mobile Adhoc Networks

Specification-based Intrusion Detection. Michael May CIS-700 Fall 2004

Security in Mobile Ad-hoc Networks. Wormhole Attacks

Backward Aodv: An Answer To Connection Loss In Mobile Adhoc Network (Manet)

Keywords MANET, Wireless Network, Ad hoc Network

Ad Hoc Networks. Mobile Communication Networks (RCSE) Winter Semester 2012/13. Integrated Communication Systems Group Ilmenau University of Technology

A New Energy-Aware Routing Protocol for. Improving Path Stability in Ad-hoc Networks

CMPE 257: Wireless and Mobile Networking

Routing in Variable Topology Networks

Performance Evaluation of MANET through NS2 Simulation

Simulation and Comparative Analysis of AODV, DSR, DSDV and OLSR Routing Protocol in MANET Abstract Keywords:

Performance Analysis and Enhancement of Routing Protocol in Manet

Secure Routing and Transmission Protocols for Ad Hoc Networks

CS551 Ad-hoc Routing

SUMMERY, CONCLUSIONS AND FUTURE WORK

PNR: New Position based Routing Algorithm for Mobile Ad Hoc Networks

Performance Comparison and Analysis of DSDV and AODV for MANET

Effect of Variable Bit Rate Traffic Models on the Energy Consumption in MANET Routing Protocols

[Nitnaware *, 5(11): November 2018] ISSN DOI /zenodo Impact Factor

Performance Comparison of AODV and AOMDV Routing Protocols in Mobile Ad Hoc Networks

Ad Hoc Networks. Advanced Mobile Communication Networks. Integrated Communication Systems Group Ilmenau University of Technology

Transcription:

How to Misuse AODV: A Case Study of Insider Attacks against Mobile Ad-hoc Routing Protocols Kun Sun Department of rth Carolina State University Mobile Ad-hoc Networks (MANET) MANET infrastructure support Wireless communication Mobile Each node functions as ahost and router Applications for MANET Rescue missions Scientific explorations Military operations 2

Security in MANET Challenges physical boundary fixed topology Unreliable communication des subject to capture ==> compromised nodes It s likely to have insider attacks Existing work Secure routing protocols E.g., SAODV, SEAD, Ariadne Intrusion detection E.g., Watchdog and Pathrater, Anomaly detection in MANET Insider attacks have not got enough attention. Compromised node Enemy node 3 Our Work Systematic analysis of insider attacks against ad-hoc routing protocols The first step: insider attacks against AODV 4

Outline Part I: Overview of AODV Part II: Analysis scheme Analysis results Simulation results Conclusion and future work 5 Overview of AODV Ad-hoc on-demand distance vector routing Reactive (on-demand) routing protocol Initiate route discovery only when desired by a source node One of the 4 ad-hoc routing protocols considered by IETF MANET working group (with DSR, OLSR, and TBRPF) Two phases Route discovery Route request message (RREQ) Route reply message (RREP) Route reply acknowledgment (RREP-ACK) Route maintenance Route error message (RERR) 6

AODV Route Discovery. When the desired route does not exist, a source node broadcasts a route request (RREQ) message to its neighbors. 2. Each node that receives the RREQ looks in its routing table to see if it is the destination or if it has a fresh enough route to the destination. 3. If it does, it unicasts a route reply (RREP) message back to the source, otherwise re-broadcast RREQ. 4. RREP is sent back along a reverse route that was created by RREQ. 7 AODV Route Discovery (Cont.) 2 4 Source 7 Destination 3 6 5 (a) Broadcast of RREQ messages 2 4 Source 7 Destination 3 6 5 (b) Unicast of RREP message RREQ RREP AODV Route Discovery 8

AODV Route Maintenance When a node detects a link break in an active route, it sends out a RERR message to the nodes in the precursor list. When a node receives a RERR message from its neighbor, it further forwards the RERR message if its precursor list is not empty. Precursor list is updated when a node forwards the RREP messages. 9 RREQ Message Format Type J R G D U Reserved Hop Count RREQ ID Destination IP address Destination Sequence Number Originator IP Address Originator Sequence Number Hop count :the number of hops from the originator IP address to the node handling the request. Sequence number Flag G: Gratuitous RREP flag Flag D: Destination only flag

RREP Message Format Type R A Reserved Prefix Sz Hop Count Destination IP address Destination Sequence Number Originator IP Address Lifetime Lifetime: the time in milliseconds for which nodes receiving the RREP consider the route to be valid. Flag A: Acknowledgment required RERR Message Format Type N Reserved DestCount Unreachable Destination IP Address () Unreachable Destination Sequence Number () Additional Unreachable Destination IP Addresses (if needed) Additional Unreachable Destination Sequence Numbers (if needed) DestCount: the number of unreachable destinations included in the message; MUST be at least. 2

RREP-ACK Message Format Type Reserved Deal with unidirectional links Blacklist 3 Analysis Scheme Basic idea Identify misuse goals and misuse actions Misuse goals: what an attacker wants Misuse actions: misuses of AODV messages Investigate how an inside attacker can achieve these goals by misuse actions. 4

Analysis Scheme (Cont d) Atomic misuse actions Drop (DR) Simply drop the received message. Modify and forward (MF) After receiving a message, the attacker modifies it and forward the fake message to its neighbors. Forge reply (FR) Send fake message in response to a received message. Active forge (AF) Send fake message without receiving any message. 5 Analysis Scheme (Cont d) Misuse goals Route disruption (RD) Break down an existing route or prevent a new route from being established Route invasion (RI) Attacker adds itself into an route de isolation (NI) Prevent a victim node from communicating with any other nodes in the network Resource consumption (RC) Consume communication bandwidth, storage, or battery 6

Analysis Scheme (Cont d) Atomic and compound misuses Atomic misuses Misuses that can be done by manipulating one AODV message Compound misuses Combinations of atomic misuses and normal AODV messages We will focus on homogeneous compound misuses which performed by repeating atomic misuses Achieve more goals Persistent impact Other compound misuses can be analyzed through vulnerability analysis tools (e.g., Attack graphs) 7 Example: RREQ_AF_NI Actively forge one RREQ to prevent a victim node from receiving data packets for a short period time. Fake RREQ A Fake RREQ Fake RREQ A Data packet 2 3 4 2 3 4 Data packet Attacker broadcasts fake RREQ message Attacker drops data packets to node. 8

Example: RREQ_AF_NI (Cont d) In the fake RREQ message. Set the RREQ ID greater than the one maintained by node. 2. Set Hop Count to. 3. Set source IP address to node. 4. Set the source sequence number greater than current sequence number of node. 5. Set the destination IP address to a non-existent IP address. 6. Replace the source IP address in IP header to a non-existent IP address or node A s IP address. Fake RREQ A Fake RREQ 2 3 4 Data packet Fake RREQ Attacker broadcasts fake RREQ message 9 Summary of Atomic Misuses Atomic misuses of a RREQ message Atomic Misuse Route Disruption Route Invasion de Isolation Resource Consumption RREQ_DR * RREQ_MF Partial RREQ_AF Partial 2

Summary of Atomic Misuses (Cont d) Atomic misuse of a RREP Message Atomic Misuse Route Disruption Route Invasion de Isolation Resource Consumption RREP_DR * RREP_MF RREP_FR RREP_AF 2 Summary of Atomic Misuses (Cont d) Atomic misuse of a RERR message Atomic Misuse Route Disruption Route Invasion de Isolation Resource Consumption RERR_DR RERR_MF RERR_AF 22

Example of Compound Misuses RREQs_AF_RI 5 5 5 4 4 4 2 3 2 3 2 3 A A A (a) (b) (c) A sends fake RREQ from 5 to A sends RREQ from A to 5 23 Summary of Homogeneous Compound Misuses Compound Misuses Route Disruption Route Invasion de Isolation Resource Consumption RREQs_DR * RREQs_MF Partial RREQs_AF Partial RREPs_DR * RREPs_MF RREPs_FR Partial RREPs_AF Partial RERRs_DR RERRs_MF RERRs_AF 24

Simulation Network Simulator 2 (ns2) with CMU Monarch Extension Simulation Parameters Communication Type Number of des Simulation Area Simulation Time Pause Time Packet Rate Number of Connections Transmission Range Physical Link Bandwidth CBR 5 (atomic) or 2 (compound) m*6m seconds 2. seconds 4 pkt/sec 2 25m 2Mbps 25 Example Scenario: RREP_AF_RI Attack Scenario 3 4 3 4 Fake RREP 2 Attacker 2 Attacker Verify attacks by checking the trace files 26

RREP_AF_RI (Cont d) Segments of RREP_AF_RI Trace File s 7.69342932 RTR --- cbr 68 [ ] ------- [: : 3 3] [] r 7.695563792 _3_ RTR --- cbr 68 [3a 3 8] ------- [: : 3 3] [] f 7.695563792 _3_ RTR --- cbr 68 [3a 3 8] ------- [: : 29 4] [] r 7.697885792 _4_ RTR --- cbr 68 [3a 4 3 8] ------- [: : 29 4] [] 2 f 7.697885792 _4_ RTR --- cbr 68 [3a 4 3 8] ------- [: : 28 ] [] 2 r 7.7269 AGT --- cbr 68 [3a 4 8] ------- [: : 28 ] [] 3... s.67253994 _2_ RTR --- AODV 44 [ ] ------- [2:255 :255 3 3] [x4 [ 7].] (REPLY) r.68843 _3_ RTR --- AODV 44 [3a 3 2 8] ------- [2:255 :255 3 3] [x4 [ 7].] (REPLY) f.68843 _3_ RTR --- AODV 44 [3a 3 2 8] ------- [2:255 :255 29 ] [x4 2 [ 7].] (REPLY) r.682829964 RTR --- AODV 44 [3a 3 8] ------- [2:255 :255 29 ] [x4 2 [ 7].] (REPLY)... s.69378 RTR --- 7 cbr 68 [ ] ------- [: : 3 3] [5] r.62773878 _3_ RTR --- 7 cbr 68 [3a 3 8] ------- [: : 3 3] [5] f.62773878 _3_ RTR --- 7 cbr 68 [3a 3 8] ------- [: : 29 2] [5] r.62329568 _2_ RTR --- 7 cbr 68 [3a 2 3 8] ------- [: : 29 2] [5] 2 f.62329568 _2_ RTR --- 7 cbr 68 [3a 2 3 8] ------- [: : 28 4] [5] 2 r.625537484 _4_ RTR --- 7 cbr 68 [3a 4 2 8] ------- [: : 28 4] [5] 3 f.625537484 _4_ RTR --- 7 cbr 68 [3a 4 2 8] ------- [: : 27 ] [5] 3 r.62763862 AGT --- 7 cbr 68 [3a 4 8] ------- [: : 27 ] [5] 4 27 Experiment Results of Compound Misuses # of data packets 4 3 2 NORMAL RREQs _MF_RD RREQs _AF_RD.5.5 2 2.5 3 3.5 Mobility Rate (m/s) (a) Route Disruption by misuses of RREQ messages. # of data packets 5 4 3 2 NORMAL RREPs_FR_RD RREPs_AF_RD.5.5 2 2.5 3 3.5 Mobility Rate (m/s) (b) Route Disruption by misuses of RREP messages. 28

Compound Misuses (Cont d) # of packets received by victim # of packets sent by victim 8 6 4 2 8 6 4 2 NORMAL RREQs_MF_NI RREQs_AF_NI.5.5 2 2.5 3 3.5 Mobility Rate (m/s) NORMAL RREPs_AF_NI RREPs_FR_NI.5.5 2 2.5 3 3.5 Mobility Rate (m/s) (c) de Isolations by misuses of RREQ messages. (d) de Isolations by misuses of RREP messages. 29 Compound Misuses (Cont d) # of packets through attacker 5 4 3 2 Total # of data packets After RREQs_MF_RI Before misuses. After RREPs_FR_RI.5.5 2 2.5 3 3.5 Mobility Rate (m/s) NORMAL RREQs_AF_RC RREQs_MF_RC 35 3 25 2 5 5.5.5 2 2.5 3 3.5 Mobility Rate (m/s) Routing Overhead (e) Route Invasion (f) Resource Consumption 3

Conclusion First step to systematically understand insider attacks in MANET An analysis scheme Misuses of AODV Further information Full paper: NCSU Technical Report TR-23-7 Software package available at http://discovery.csc.ncsu.edu/software/misuseaodv/ Future work Analysis of secure ad-hoc routing protocols Secure AODV, SEAD, Aridane Prevention of possible misuses Efficient and effective detection 3 Thank You! 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback