Security Attacks and Routing Protocol Approaches for Mobile Adhoc Networks

Security Attacks and Routing Protocol Approaches for Mobile Adhoc Networks V. Deepika 1, V. Sowmya Devi 2, Dr. Nagaratna P Hegde 3 1 Assistant Professor, CSE Dept, JITS College, Karimnagar Dist, AP, India 1 deepuvodnala8@gmail.com 2 Associate Professor, CSE Dept, JITS College, Karimnagar Dist, AP, India 2 vallala.sowmya@gmail.com 3 Associate Professor, CSE Dept, Vasavi College of Engineering, HYD, AP, India 3 nagaratnaph@yahoo.com Abstract In this paper, we discuss network security attacks and various routing protocols in Mobile Ad-hoc Network. It also presents types of distributed denial of service attacks, multicast security and security problems of mobile ad-hoc network. It explains proactive, reactive and hybrid protocols briefly. Mainly it concentrates on destination sequenced distance vector, ad-hoc on-demand distance vector routing protocols. Keywords Proactive, Reactive and Hybrid protocols, DSDV, AODV protocols, DSR. I. INTRODUCTION A Mobile ad-hoc network [8] (MANET) is an autonomous system of mobile routers connected by wireless links. The routers are free to move randomly and organize themselves arbitrarily. Thus, the network's wireless topology may change rapidly and unpredictably. Ad-hoc networks are the networks that are not connected to any static infrastructure means wired. An ad-hoc network is a LAN or other small network, especially one with wireless connections, in which some of the network devices are part of the network only for the duration of a communications session. The Destination Sequenced Distance Vector (DSDV) [2] protocol adds a new attribute, sequence number, to each route table entry at each node. Ad-hoc On-Demand Vector (AODV) is a very simple, efficient, and effective routing protocol for Mobile Ad-hoc Networks which do not have fixed topology. This algorithm was motivated by the limited bandwidth that is available in the media that are used for wireless communications. II. MOBILE ADHOC NETWORKS Mobile ad-hoc networks [8] operate without any fixed infrastructure and centralized administration. It is an autonomous system of mobile nodes connected by wireless links having capability to operate as host and router as well as routing functionality is incorporated in mobile nodes, they are capable to discover topology and deliver messages to other nodes themselves. The dynamic nature of network topology increases the challenges of design of ad-hoc networks. MANETs have several salient characteristics: Dynamic topologies: Nodes are free to move arbitrarily. Thus the network topology which is typically multi-hop may change randomly and rapidly at unpredictable times, and may consist of both bidirectional and unidirectional links [8]. Bandwidth-constrained, variable capacity links: Wireless links will continue to have significantly lower capacity than their hardwired counterparts. The realized throughput of wireless communications is after accounting for the effects of multiple access, fading, noise, and interference conditions, etc. Energy-constrained operation: Some or all of the nodes in a MANET [8] may rely on batteries or other exhaustible means for their energy. For these nodes, the most important system design criteria for optimization may be energy conservation. Limited physical security: Mobile wireless networks are generally more prone to physical security threats than are fixed cable nets. The increased possibility of eavesdropping, spoofing [8], and denial-of-service attacks should be carefully considered. III. TYPES OF DISTRIBUTED DENIAL OF SERVICE ATTACK There are two main classes of DDoS attacks: bandwidth depletion and resource depletion attacks [6]. A. Bandwidth depletion Bandwidth depletion attack is designed to flood the victim network with unwanted traffic by sending that prevents legitimate traffic from reaching the victim system. Bandwidth attacks can be divided to flood attacks and amplification attacks. B. Resource depletion Resource depletion attack is an attack that is designed to tie up the resources of a victim system. This is done by exploiting the TCP protocol and sending willfully incorrect semantic IP packets to crash the victim system. This type of attack can be divided to protocol exploit attacks and malformed packet attacks. The DDoS attacks [6] can also be classified as follow: 1) Network Device Level: DDOS attacks at the Network Device Level lay more stress to exhaust the hardware resources of network devices or try to take the advantage of loopholes in the software. For example a possible attack on a router can be buffer overrun error in password checking International Conference on Communications & Signal Processing, 2 nd -4 th, April 2012, Ongole. 75

routines by typing extremely long passwords which can cause a router to crash. 2) OS Level: These types of attacks take advantage of the pitfalls left behind by the operating system while implementing the protocols. Common example is ICMP echo requests also called Ping of Death having total data size grater then the IP packet size which can cause certain operating systems to crash, freeze, or reboot due to buffer overflow. 3) Application level: The attacks at application level bring down either a service or sometimes the whole system by taking advantage of certain flaws of network applications that are running on the system or by using such applications to withdraw the resources from the system [6]. Most common examples of such attacks are: HTTP flood attacks Mail bombs DNS based attacks, in which attackers flood DNS servers with bogus but well formed requests. 4) Data Flooding: In these types of attacks the attacker [6] transmits the large amount of data to exhaust the recourses of the system or the device. Three categories of this type of attack are: Amplification attacks: Smurf attack and Fraggle attack Oscillation attacks Simple flooding. 5) Protocol level: DDOS may take advantage of certain standard protocol features, for example several attacks exploit the fact that IP source addresses can be spoofed [6]. The different types of protocol level attacks are: TCP SYN flood where the attacker requests for multiple TCP session initiation, but does not finalize the TCP handshake after the responding by server to the request. Thus these half open TCP sessions consume more memory of victim. PUSH + ACK flood the server with packets such as ACK or PSH/ACK. IV. MULTICAST SECURITY Wireless mobile ad hoc nature of MANET brings new security challenges to network design. Mobile ad hoc networks, due to their unique characteristics, are generally more vulnerable to information and physical security threats than wired networks or infrastructure based wireless networks. Here, we explore the various security requirements [1] (goals) for wireless ad hoc network and the different types of threats on ad hoc network faces. The primary objectives of a multicast security infrastructure are to maintain secrecy and guarantee authentication for all group communication so that only legitimate senders can multicast packets to the group and only packets sent by legitimate group members are accepted. Other security concerns include anonymity, non-repudiation, access control, trust issues, maintaining service availability to protect the network from clogging attacks, etc. Security in multicast is thus considerably more complicated than in the unicast case. Most unicast solutions are prohibitively inefficient for multicast scenarios. Factors affecting security are group type, group size, member (node) characteristics (power, storage, availability), membership dynamics, membership control, number and type of senders, volume and type of traffic and routing algorithm [1] used. Issues in secure multicast routing: The fundamental aspects of computer security like confidentiality, integrity, authentication and non-repudiation are valid when production of routing in network is discussed. Confidentiality ensures that classified information in the network is never disclosed to unauthorized entities. Sensitive information, such as strategic military decisions or location information requires confidentiality. Leakage of such information to enemies could have devastating consequences [1]. Integrity guarantees that a message being transferred between nodes is never altered or corrupted. Data can be altered either intentionally by malicious nodes in the network or accidentally because of benign failures, such as radio propagation impairment or through hardware glitches in the network. Availability implies that the requested services (e.g. bandwidth and connectivity) are available in a timely manner even though there is a potential problem in the system. In this way, one by one node, it can gain control over the entire network. Finally, non-repudiation ensures that the information originator cannot deny having sent the message. Non-repudiation is useful for detection and isolation of compromised nodes. V. TAXONOMY OF ROUTING S IN MANET s A. Proactive (Table-Driven routing) protocols Proactive protocols [5] are close to wired routing protocols in the manner that the routing table is built before the data has to be sent. That means these protocols are constantly making requests to their neighbors in order to draw a network topology and then build the routing table. The disadvantage of this principle is to not be reactive to topology changes, as the tables are pre-established. At the time the data has to be sent, it is not certain that the gateway designed by the routing table will still be there to forward the data. Snooping: Snooping [5] is a unauthorized access to another person's data. It is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission. Snooping can include casual observance of an e-mail that appears on another's computer screen or watching what someone else is typing. More sophisticated snooping uses software programs to remotely monitor activity on a computer or network device. B. Reactive (On Demand routing) protocols International Conference on Communications & Signal Processing, 2 nd -4 th, April 2012, Ongole. 76

Reactive protocols are more specific to ad-hoc networks [5]. Contrary to the proactive algorithm, they ask their neighbors for a route when they have data to send. If the neighbors do not have any known route, they broadcast the request, and so on. Once the final destination has been reached by these broadcasts, an answer is built and forwarded back to the source. This source can then transmit the data on the newly discovered route. C. Hybrid protocols A Hybrid protocol [4] will use the two above algorithms. The main goal is to reduce broadcasts and latency, but improve the dynamism impact. The whole network will be separated into logical zones, and each zone will have a gateway. Inside each zone, the active protocol will be used. For inter-zone routing, a proactive protocol will be used. VI. TYPES OF DYNAMIC ROUTING S Dynamic routing protocols [2] are classified depending on what the routers tell each other and how they use the information to form their routing tables. They are Distance vector protocols and Link state protocols Most of the protocols available in the networks fit into one of the two categories. Distance Vector Protocols: By using the distance vector protocols [2], each router over the internetwork send the neighboring routers, the information about destination that it knows how to reach. Moreover to say the routers sends two pieces of information first, the router tells, how far it thinks the destination is and secondly, it tells in what direction (vector) to use to get to the destination. When the router receives the information from the others, it could then develop a table of destination addresses, distances and associated neighboring routers, and from this table then select the shortest route to the destination. Using a distance vector protocol, the router simply forwards the packet to the neighboring host (or destination) with the available shortest path in the routing table and assumes that the receiving router will know how to forward the packet beyond that point. The best example for this is the routing information protocol (RIP). Link-State Protocols: In link state protocols [2], a router doesn t provide the information about the destination instead it provides the information about the topology of the network. This usually consist of the network segments and links that are attached to that particular router along with the state of the link i.e., whether the link is in active state or the inactive state. VII. PROBLEMS WITH ROUTING IN MANETs Asymmetric links: Most of the wired networks rely on the symmetric links which are always fixed. But this is not a case with ad-hoc networks as the nodes are mobile and constantly changing their position within network. Routing Overhead: In wireless ad-hoc networks, nodes often change their location within network. So, some stale routes are generated in the routing table which leads to unnecessary routing overhead. Interference: This is the major problem with mobile adhoc networks [2] as links come and go depending on the transmission characteristics, one transmission might interfere with another one and node might overhear transmissions of other nodes and can corrupt the total transmission. Dynamic Topology: This is also the major problem with adhoc routing since the topology is not constant. The mobile node might move or medium characteristics might change. VIII. DESTINATION SEQUENCED DISTANCE VECTOR The destination sequenced distance vector [2] (DSDV) routing protocol is a proactive routing protocol, which is a modification of conventional Bellman-Ford routing algorithm. This protocol adds a new attribute, sequence number, to each route table entry at each node. Routing table is maintained at each node and with this table node transmits the packets to other nodes in the network. Protocol Overview and activities: Each node in the network maintains routing table for the transmission of the packets and also for the connectivity to different stations in the network. These stations list for all the available destinations, and the number of hops required to reach each destination in the routing table. The routing entry is tagged with a sequence number which is originated by the destination station. In order to maintain the consistency, each station transmits and updates its routing [2] table periodically. The packets being broadcasted between stations indicate which stations are accessible and how many hops are required to reach that particular station. The packets may be transmitted containing the layer 2 or layer 3 address. Routing information is advertised by broadcasting or multicasting the packets which are transmitted periodically as when the nodes move within the network. The DSDV protocol requires that each mobile station in the network must constant, advertise to each of its neighbors, its own routing table. Since, the entries in the table my change very quickly, the advertisement should be made frequently to ensure that every node can locate its neighbors in the network. In this way, the node can exchange its data even if there is no direct communication link. Advantages of DSDV: DSDV protocol guarantees loop free paths. Count to infinity problem is reduced in DSDV. We can avoid extra traffic with incremental updates instead of full dump updates. Path Selection: DSDV maintains only the best path instead of maintaining multiple paths to every destination. With this, the amount of space in routing table is reduced [2]. Limitations of DSDV: Wastage of bandwidth due to unnecessary advertising of routing information even if there is no change in the network topology. International Conference on Communications & Signal Processing, 2 nd -4 th, April 2012, Ongole. 77

DSDV doesn t support Multi path Routing. It is difficult to determine a time delay for the advertisement of routes. It is difficult to maintain the routing [2] table s advertisement for larger network. Each and every host in the network should maintain a routing table for advertising, which consumes more bandwidth. IX. ADHOC ON-DEMAND DISTANCE VECTOR AODV is a very simple, efficient, and effective routing protocol [2] for Mobile Ad-hoc Networks which do not have fixed topology. This algorithm was motivated by the limited bandwidth that is available in the media that are used for wireless communications. It borrows most of the advantageous concepts from DSR and DSDV algorithms. The on demand route discovery and route maintenance from DSR and hop-by-hop routing, usage of node sequence numbers from DSDV make the algorithm cope up with topology and routing information. Obtaining the routes purely on-demand makes AODV a very useful and desired algorithm for MANETs [2]. Working of AODV: Each mobile host in the network acts as a specialized router and routes are obtained as needed, thus making the network self-starting. Each node in the network maintains a routing table with the routing information entries to its neighboring nodes, and two separate counters: a node sequence number and a broadcast-id [2]. When a node (say, source node S ) has to communicate with another (say, destination node D ), it increments its broadcast-id and initiates path discovery by broadcasting a route request packet RREQ to its neighbors. The RREQ contains the following fields: source-addr source-sequence# -to maintain freshness info about the route to the source. dest-addr dest-sequence# - specifies how fresh a route to the destination must be before it is accepted by the source. hop-cnt The (source-addr, broadcase-id) pair is used to identify the RREQ uniquely. Then the dynamic route table entry establishment begins at all the nodes in the network that are on the path from S to D. Advanced uses of AODV: Because of its reactive nature, AODV can handle highly dynamic behavior of Vehicle Ad-hoc networks. Used for both unicasts and multicasts [2] using the J (Join multicast group) flag in the packets. Limitations/Disadvantages of AODV: Requirement on broadcast medium: The algorithm expects/requires that the nodes in the broadcast medium can detect each others broadcasts. Overhead on the bandwidth: Overhead on bandwidth will be occurred compared to DSR [2], when an RREQ travels from node to node in the process of discovering the route info on demand. No reuse of routing info: AODV lacks an efficient route maintenance technique. The routing info is always obtained on demand, including for common casetraffic. It is vulnerable to misuse: The messages can be misused for insider attacks including route disruption, route invasion, node isolation, and resource consumption. High route discovery latency: AODV is a reactive routing protocol. This means that AODV [2] does not discover a route until a flow is initiated. This route discovery latency result can be high in large-scale mesh networks. X. SECURITY ATTACKS ON AD-HOC ROUTING The complexity and uniqueness of MANETs make them most vulnerable to security threats than their wired counterparts. Attacks on ad hoc wireless networks can be classified as passive and active attacks, depending on whether the normal operation of the network is disrupted or not. A. Passive attacks A passive attack [1] does not disrupt the normal operation of the network. The attacker snoop the data exchanged in the network without altering it. Here the requirement of confidentiality gets violated. Detection of passive attack is very difficult since the operation of the network itself doesn t get affected. B. Active attacks An active attack attempts [1] to alter to destroy the data being exchanged in the network there by disrupting the normal functioning of the network. Active attacks can be internal or external. External attacks are carried out by nodes that do not belong to the network. Internal attacks are from compromised nodes that are part of the network. Since the attacker is already part of the network, internal attacks are more severe and hard to detect than external attacks. Depending upon the various attacking behavior routing attacks can be classified into five categories: attacks using information disclosure, impersonation (masquerading or spoofing), modification, fabrication, and replay of packets. XI. DYNAMIC SOURCE ROUTING Dynamic Source Routing [3] (DSR) is an Ad Hoc routing protocol which is based on the theory of source-based routing rather than table-based. This protocol is sourceinitiated rather than hop-by-hop. This is particularly designed for use in multi hop wireless ad hoc networks of mobile nodes. Basically, DSR protocol does not need any existing network infrastructure or administration and this allows the Network to be completely self-organizing and selfconfiguring. This Protocol is composed of two essential parts of route discovery and route maintenance. Every node maintains a cache to store recently discovered paths. When a node desires to send a packet to some node, it first checks its entry in the cache. If it is there, then it uses that path to transmit the packet and also attach its source address on the packet. If it is not there in the cache or the entry in cache is expired (because of long time idle), the sender broadcasts [3] a route request packet to all of its neighbors asking for a path to the destination. The sender will be waiting till the route is discovered. International Conference on Communications & Signal Processing, 2 nd -4 th, April 2012, Ongole. 78

During waiting time, the sender can perform other tasks such as ending/forwarding other packets. As the route request packet arrives to any of the nodes, they check from their neighbor or from their caches whether the destination asked is known or unknown. When the route is discovered, the required packets will be transmitted by the sender on the discovered route [3]. The node will also maintain the age information of the entry so as to know whether the cache is fresh or not. When a data packet is received by any intermediate node, it first checks whether the packet is meant for itself or not. If it is meant for itself, the packet is received otherwise the same will be forwarded using the path attached on the data packet. Since in Ad hoc network, any link might fail anytime. Therefore, route maintenance process will constantly monitors and will also notify the nodes if there is any failure in the path. Benefits and Limitations of DSR: One of the main benefit of DSR protocol is that there is no need to keep routing table so as to route a given data packet as the entire route is contained in the packet header. The limitations of DSR protocol is that this is not scalable to large networks and even requires significantly more processing resources than most other protocols. Basically, In order to obtain the routing information, each node must spend lot of time to process any control data it receives, even if it is not the intended recipient [3]. XII. S OVERVIEW The DSDV, AODV and DSR protocols are having the following differences: Node overhead: For DSDV and AODV protocols, it is medium, but for DSR, it is high. Network overhead: For DSDV protocol it is high, for AODV protocol it is medium, but for DSR, it is low. Route mechanism: in DSDV and AODV protocols, we have to consider route table with next hop, but for DSR, complete routes cached. Route discovery: For AODV and DSR protocols, it is ondemand [3], but for DSDV, it is periodic. CONCLUSION This paper presented the network security issues and protocols in mobile ad-hoc network. And also it has dynamic and self-organizing nature which makes them useful in particular situations. In this paper, we discussed network security attacks and comparisons among various routing protocols in Mobile Ad-hoc Network. It specifies various types of distributed denial of service attacks and security problems of MANET. The study reveals that, DSDV routing protocol consumes more bandwidth, because of the frequent broadcasting of routing updates. While the AODV is better than DSDV as it doesn t maintain any routing tables at nodes which results in less overhead and more bandwidth. From the above, chapters, it can be assumed that DSDV routing protocols works better for smaller networks but not for larger networks. So, my conclusion is that, AODV routing protocol is best suited for general mobile ad-hoc networks as it consumes less bandwidth and lower overhead when compared with DSDV routing protocol. REFERENCES [1]. STUDY OF DIFFERENT ATTACKS ON MULTICAST MOBILE AD HOC NETWORK [2]. Routing Protocols in Mobile Ad-hoc Networks, Krishna Gorantala [3]. A Survey of Routing Protocols in Mobile Ad-Hoc Networks, Sunil Taneja and Ashwani Kush [4]. Introduction to Mobile Ad hoc Networks (MANETs), Advanced Computer Networks [5]. Different Types of Attacks on Integrated MANET- Internet Communication [6]. Distributed Denial of Service Attacks in Mobile Ad-hoc Networks, Gurjinder Kaur, Yogesh Chaba, V. K. Jain [7]. Performance Comparison of MANET (Mobile Ad hoc Network) Protocols (ODMRP with AMRIS and MAODV),Aparna K International Conference on Communications & Signal Processing, 2 nd -4 th, April 2012, Ongole. 79