Sonali Bhargava and Dharma P. Agrawal Center for Distributed & Mobile Computing Dept of ECECS, University of Cincinnati Security Enhancements in AODV protocol for Wireless Ad Hoc Networks Presented By: Syeda Momina Tabish MIT - 7

Agenda Syeda Momina Tabish NIIT-NUST 2 Introduction Motivation Related Work Assumptions and background Proposed Approach Intrusion Detection Model (IDM) Intrusion Response Model (IRM) Experimental Setup Performance Metrics Simulation Results Conclusion & Future Work Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Introduction Syeda Momina Tabish NIIT-NUST 3 AODV -- On-demand route discovery Effective use of available bandwidth Highly scalable An ad hoc network is dynamically formed when two or more mobile hosts with wireless capability come into transmission range of each other Advantage of ad hoc networks: Can be set up ‘on-the-fly’ Requires no existing infrastructure Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Stable Enhancement in AODV 4 AODV Operation Source Destination RREQ RREP Data RERR Data

Introduction contd. Syeda Momina Tabish NIIT-NUST 5 Ad hoc network is useful in situations where geographical or terrestrial constraints demand totally distributed network system without any fixed base station. Could be in battlefields or in any other disaster situations. Wireless Ad hoc networks are highly susceptible to malicious attacks. They need harder security than conventional wired and static Internet. Intrusion prevention measures such as encryption and authentication, at times fail to identify attack, as these prevention measures cannot defend against compromised mobile nodes. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Motivation Syeda Momina Tabish NIIT-NUST 6 We need an Intrusion Detection system in the network to create another wall of defense Forms of Attack Passive eavesdropping Active interfering Leakage of secret information Data tampering Impersonation Denial of service Detection of compromised nodes is challenging due to Nodes are constantly mobile Protocols implemented are cooperative in nature Lack of fixed infrastructure and central authority No distinction between normalcy and abnormality Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Motivation contd. Syeda Momina Tabish NIIT-NUST 7 The Attacks to routing protocol can be further classified into two types. They are: External Attack: An attack caused by nodes that do not belong to the network. Internal Attack: An attack from nodes that belong to the network due to them getting compromised or captured.

Related Work Syeda Momina Tabish NIIT-NUST 8 Yonguang Zhang and Wenke Lee: presented new intrusion detection and response mechanism. The basic assumption is that the user and program activities are observable and system should be cooperative and distributed. Sergio Marti: introduced techniques that improve throughput in an ad hoc network by identifying misbehaving nodes that agree to forward the packet but never do so. Venkatraman: proposed intrusion detection agent to prevent some internal attacks on the network. Intrusion detection agent runs on all the nodes and is based on Yongguang Zhang and Wenke Lee's model. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Assumptions and Background Syeda Momina Tabish NIIT-NUST 9 Assumption When a node is within radio range of another node they are termed as neighbors. Every link between two nodes is bi-directional. Nodes are in promiscuous state. Compromised nodes do not work in teams. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Proposed Approach Identified possible internal attacks for AODV protocol and present details of Intrusion Detection Model [IDIM] and Intrusion Response Model [IRM]. The compromised nodes could cause sufficient damage by merely not cooperating. The types of malicious activities depend on the functioning of the protocol. These attacks are deterministic and can be detected by IDM and malicious nodes are isolated using IRS. Syeda Momina Tabish NIIT-NUST 10

Proposed Approach contd. Syeda Momina Tabish NIIT-NUST 11 Following are the internal attacks handled by IDM. Distributed false route request: Under this attack, a malicious node generates false route requests from different radio ranges, thereby resulting in continued wastage of channel bandwidth. They cannot be categorized as malicious nodes. Denial of service: Denial of service attack results when the network bandwidth is hijacked by the malicious node by repeatedly generating route requests. A malicious node continues to transmit control packets, as a result of which other nodes in the network can not use the resources. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Proposed Approach contd. Syeda Momina Tabish NIIT-NUST 12 Destination is Compromised: A compromised destination node does not acknowledge the route requests destined for it. This result; in re-broadcasts and increase in end-to-end routing delay. Therefore, the network throughput is severely decreased. Impersonation: It is undesirable to have a malicious node impersonating an another node while sending that control packets to create the anomaly updation in the routing table. Routing Information Disclosure: Malicious node leaks the confidential. information to unauthorized users in the network. This kind of attack is difficult to identify. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Intrusion Detection Model Syeda Momina Tabish NIIT-NUST 13 Based on the model presented by Yonguang Zhang and Wenke Lee. Each node employs the detection model that utilizes the neighborhood information to detect misbehaviors of its neighbors. The IDM is present on all the nodes. Constantly monitors the behavior of its neighbors and analyzes it to detect if the neighbor has been compromised. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Handling of Internal Attacks Syeda Momina Tabish NIIT-NUST 14 Security Enhancements in AODV protocol for Wireless Ad Hoc Networks Data Collection Secure Communication Global Response Intrusion Response Model Intrusion Detection Model Mal count > Threshold Yes No

Intrusion Detection Model contd. Syeda Momina Tabish NIIT-NUST 15 The model identifies each of the aforementioned attacks as follows: Distributed false route request: A route request is generated whenever a node has to send data to the particular destination. Malicious node might generate frequent, unnecessary route requests. Malicious node generates a false route message from different radio range, it will be difficult to identify the malicious node. When the node in the network receive a number of route requests that is greater than a threshold count by a specific source for a destination in a particular time interval tinterval, the node is declared as malicious and the information is propagated in the network. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Intrusion Detection Model contd. Syeda Momina Tabish NIIT-NUST 16 Denial of service: Malicious node launches the denial of service attack by transmitting false control packets and using the entire network resources. This results in deprivation of network resources for other nodes. Denial of service can be launched by transmitting false routing packets or data packets. It can be identified if a node is generating the control packets that is more than the threshold count in a particular time interval tfrequency. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Intrusion Detection Model contd. Syeda Momina Tabish NIIT-NUST 17 Destination is Compromised: A destination might not be able to reply, if it is (i) not in the network (ii) overloaded (iii) it did not receive route request; or if it is (iv) malicious This attack is identified when the source does not receive the reply from the destination in a particular time interval twait. The neighbors generate probe/ hello packets to determine connectivity. If the node is in the network and does not respond to route requests destined for it, it is identified as malicious. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Intrusion Detection Model contd. Syeda Momina Tabish NIIT-NUST 18 Impersonation: It can be avoided if sender encrypts the packet with its private key and other nodes decrypts with the public key of the sender. If the receiver is not able to decrypt the packet, the sender might be not the real source and hence packet will be dropped. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Intrusion Response Model Syeda Momina Tabish NIIT-NUST 19 A node identifies that an another has been compromised when its malcount increases beyond the threshold value for that allegedly compromised node. In such cases, it propagates this information to the entire network by transmitting Mal packet. If other nodes also suspect that the node that has been detected as compromised, it reports its suspicion to the network and transmits ReMal packet. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Intrusion Response Model Syeda Momina Tabish NIIT-NUST 20 If two or more nodes report about a particular node, Purge packet is transmitted to isolate the malicious node from the network. All nodes that have a route through the compromised node look for newer routes. All packets received from the compromised node are dropped. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Experimental Setup Syeda Momina Tabish NIIT-NUST 21 Used the version of Berkeley’s Network Simulator (ns) for our implementation. Based on a 1500 by 300 meter flat space scattered with 50 wireless nodes. In which 10 are data sources. The nodes move randomly with random speed (the speed is uniformly distributed between 0-20 sec). The MAC layer used for the simulations is IEEE The transport protocol used for simulations is User Datagram Protocol (UDP). Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Experimental Setup contd. Syeda Momina Tabish NIIT-NUST 22 Performance Metrics: 1. Packet Delivery Fraction: This is the ratio of CBR packets delivered to that generated and is measured as throughput. 2. Routing Overhead: The number of routing packets transmitted for every data packet sent. Each hop of the routing packet is treated as a packet. They have used the normalized routing load for comparison, which is the ratio of routing packets to the data packets. 3. Average end-to-end delay: This is the average of the delays incurred by all the packets that are successfully transmitted. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Experimental Setup contd. Syeda Momina Tabish NIIT-NUST Accuracy of Predictions: Only the malicious nodes generated in the network were reported as intruders and others nodes were not claimed as malicious. In the simulation misbehaving node is one that generate false route requests or drop the route request packets that are destined for it. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Simulation Results Syeda Momina Tabish NIIT-NUST 24 Routing Load vs. Pause Time Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Simulation Results Syeda Momina Tabish NIIT-NUST 25 End to End Delay vs. Pause Time Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Simulation Results Syeda Momina Tabish NIIT-NUST 26 Packet Delivery vs. Pause time Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Conclusion & Future Work Syeda Momina Tabish NIIT-NUST 27 Proposed a security scheme to pro-actively prevent internal attacks. The results of implementation show that the overheads is marginal and has negligible effects on network performance while making the protocol robust. Working on defining more internal attacks and plan to identify solutions for them. Moreover, they plan to introduce security scheme for external attacks and incorporate those with Intrusion Detection and Response model as well. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

Thanks Syeda Momina Tabish NIIT-NUST 28 Questions ???