Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ad Hoc Networks Security

Similar presentations


Presentation on theme: "Ad Hoc Networks Security"— Presentation transcript:

1 Ad Hoc Networks Security
Marjan Kuchaki Rafsanjani Department of Computer science, Faculty of Mathematics and Computer, Shahid Bahonar University of Kerman

2 Outline Introduction Mobile Ad hoc NETworks (MANETs)
Characteristics and Advantages Design Issues and Constraints MANETs Security Vulnerabilities of MANETs Attacks on MANETs Selfish Misbehavior of Nodes Malicious Behavior of Nodes Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

3 Outline (Cont…) Vehicular Ad Hoc Networks (VANETs)
Attack Prevention Techniques Key and Trust Management Secure Routing Protocols Limitations of Prevention Techniques Intrusion Detection Systems (IDSs) Intrusion Detection Systems Classification Vehicular Ad Hoc Networks (VANETs) VANET Architecture VANET Characteristics Security Requirements VANET Challenges Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

4 Outline (Cont…) Conclusions References
Classification of Attackers and Attacks in VANETs Vehicles classification VANET Security Architecture: A sample Conclusions References Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

5 Introduction More and more computing devices are coming into existence every day, which may vary in size, capabilities, mode of interaction, and so on. As a result we are moving toward a world in which computing is omnipresent. Many modern devices, support multiple communication channels and almost all of them use wireless technology in some form. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

6 Introduction (Cont…) Ad hoc wireless networking is a technology that enables untethered, wireless networking in environments where there is no wired or cellular infrastructure (eg, battlefield, disaster recovery, etc); or, if there is an infrastructure, it is not adequate or cost effective. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

7 Introduction (Cont…) The term “ad hoc” implies that this network is a network established for a special. So, the typical ad hoc network is set up for a limited period of time. The protocols are tuned to the particular application. The application may be mobile and the environment may change dynamically. Consequently, the ad hoc protocols must self- configure to adjust to environment, traffic and mission changes. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

8 Conventional Networks
Ad-hoc Networks Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

9 Mobile Ad hoc NETworks (MANETs)
A MANET is an infrastructure-less network formed by a group of mobile nodes with wireless network interfaces. The mobile hosts dynamically establish paths among one another in order to communicate. In addition to one hop away communication, a mobile node in MANET may also function as a router to relay or forward packets, from a source node to a destination node, over multiple hops. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

10 Characteristics and Advantages
Wireless Ad-hoc-based Autonomous and infrastructureless Multi hop routing Mobility Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

11 Design Issues and Constraints
They are Infrastructureless Dynamically Changing Network Topologies Physical Layer Limitation Limited Link Bandwidth and Quality Variation in Link and Node Capabilities Energy Constrained Operation Network Robustness and Reliability Network Scalability Quality of Service Network Security Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

12 MANETs Security The specific features of MANETs present a challenge for security solutions. Many existing security solutions for conventional networks are ineffective and inefficient for many envisaged MANET deployment environments. Consequently, researchers have been working over the last decade on developing new security solutions or changing the current ones to be applicable to MANETs. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

13 Vulnerabilities of MANETs
MANETs are vulnerable to security attacks as the transmission takes place in the open medium. There is no centralized server, monitoring station, or administrator, and nodes keep on joining and leaving the network. Wireless links Dynamic topology Cooperativeness Lack of a clear line of defense Limited resources Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

14 Attacks on MANETs The security attacks can generally be distinguished into two types: Active attacks: the attacker has access to the transmission channel and the transmission technique, so that he can change the data or transmit his own data in a “camouflaged” manner. Passive attacks: the attacker can only listen to the network traffic or accumulate data from it, but the data are not altered. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

15 Active versus passive attacker
Attacks on MANETs (Cont…) Active versus passive attacker Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

16 Attacks on MANETs (Cont…)
Generally, the attacks against MANETs can be categorized into two classes, namely external and internal. In literature, these are synonymous to outsider and insider attacks respectively. While the former is mounted by nodes that do not belong to the target MANET system, the latter is launched from compromised MANET hosts. In contrast to the external attacks, the internal ones have more serious impact on the victim system. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

17 Attacks on MANETs (Cont…)
The characteristics of MANETs make them susceptible to many new attacks. At the top level, attacks can be classified according to network protocol stacks. Some attacks could occur in any layer of the network protocol stack, for example, jamming at physical layer, hello flood at network layer, and SYN flood at transport layer, all are DoS attacks. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

18 Selfish Misbehavior of Nodes
In ad hoc networks, the basic assumption that all nodes are cooperating and are well behaved may not hold well in case of MANET. It should be understood that the attacks under this category are essentially directed to improve self-performance (energy, delay, throughput, etc.) and does not interfere with the operation of the network as a whole. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

19 Selfish Misbehavior of Nodes (Cont…)
The misbehavior of a node classified as selfish can be attributed to the following factors: conservation of battery power gaining unfair share of bandwidth Therefore, in the absence of such nodes, the network will function normally, which is not the case otherwise. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

20 Malicious Behavior Nodes
These attacks are necessarily meant to disrupt the normal operation of the network in terms of network throughput and availability and hence prevent the other legitimate users from communicating. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

21 Various Attacks on Individual Layers of Protocol Stack
Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

22 Attack Prevention Techniques
Attack prevention measures, such as authentication and encryption, can be used as the first line of defense to reduce the possibilities of attacks. The prevention schemes proposed so far differ in several ways, depending on their assumptions on the intended MANET applications. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

23 Key and Trust Management
Encryption, authentication, and key management are widely used to prevent external (outsider) attacks. They however face many challenges in ad-hoc networks: First, we must deal with the dynamic topologies, both in communications and in trust relationship; the assessment of whether to trust a wireless node may change over time. Second, we must deal with the lack of fixed infrastructure support in MANET; any centralized scheme may face difficulties in deployment. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

24 Key and Trust Management (Cont…)
Both symmetric and asymmetric key systems have been proposed for MANET. Some schemes use secret key encryption for efficiency and simply assume group membership is a sufficient authentication. Such symmetric key systems have the performance advantages but scalability disadvantages: it requires one key between any pair of nodes Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

25 Key and Trust Management (Cont…)
Key generation, distribution and management in MANET is challenging because of the absence of central management. It is also a difficult problem establishing the initial trust base among nodes in a MANET. Without a pre-defined trust relationship, nodes of a spontaneous and open ad-hoc network will appear as “strangers” to each other. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

26 Secure Routing Protocols
Attack prevention mechanisms are useful to authenticate MANET nodes and prevent outsiders from masquerading as internal nodes. They however cannot prevent internal attacks such as misbehaving nodes attacking on ad-hoc routing. This will require secure routing with hardened protocols that force every nodes to abide the rules. Indeed, several such secure MANET routing protocols have been proposed to enhance or replace existing ones. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

27 For example: SEAD (Secure Efficient Ad Hoc Distance Vector) has been proposed to replace DSDV as a secure distance-vector-based MANET routing protocol. Ariadne, a new secure on-demand ad-hoc routing protocol, can secure DSR and prevent its most severe attacks such as modifying the discovered routes. ARAN and SAODV, have been proposed to secure AODV with public key cryptography. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

28 Limitations of Prevention Techniques
There is a limitation to the effects of prevention techniques in general: First, these techniques are designed for a set of known attacks. Second, each of the prevention techniques comes with added overhead and complexity. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

29 Intrusion Detection Systems (IDSs)
Since prevention techniques are limited in their effectiveness and new intrusions continually emerge, an IDS is an indispensable part of a security system. An IDS is introduced to detect possible violations of a security policy by monitoring system activities and responding to those that are apparently intrusive. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

30 Intrusion Detection Systems (IDSs) (Cont…)
Although there are many IDSs for wired networks, they do not find simple application to MANETs. Different characteristics of MANETs make conventional IDSs ineffective and inefficient for this environment. Consequently, researchers have been working recently on developing new IDSs for MANETs, or on modifying current IDSs to be applicable to MANETs. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

31 Intrusion Detection Systems (IDSs) (Cont…)
Due to the dynamic nature of MANET, intrusion detection and response in MANET must be distributed and cooperative. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

32 Intrusion Detection Systems (IDSs) (Cont…)
An IDS architecture for MANETs: IDS agents run on monitoring nodes throughout the network. Each MANET node can be the monitoring node for itself. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

33 Intrusion Detection Systems Classification
Anomaly-Based Intrusion Detection System Misuse-Based Intrusion Detection System Specification-Based Intrusion Detection System Promiscuous Monitoring-Based Intrusion Detection System Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

34 Anomaly-Based Intrusion Detection Systems
This technique profiles the symptoms of normal behaviors of the system, such as usage frequency of commands, CPU usage for programs, and the like. It detects intrusions as anomalies (i.e., deviations from the normal behavior patterns). Various techniques have been applied for anomaly detection, for example, statistical approaches, and artificial intelligence techniques such as data mining and neural networks. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

35 Anomaly-Based Intrusion Detection System (cont…)
The biggest challenge is defining normal behavior. Normal behavior can change over time and IDS systems need to adapt accordingly. That is one of the reasons for false positives (the normal activities that are detected as anomalies by IDS) can be high in anomaly-based detection. On the other hand, it is capable of detecting unknown attacks. This is important in an environment where new attacks and new vulnerabilities of systems are announced constantly. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

36 Misuse-Based Intrusion Detection System
Misuse-based IDSs compare known attack signatures with current system activities. They are generally preferred by commercial IDSs since they are efficient and have a low false-positive rate. The drawback of this approach is that it cannot detect new attacks. The system is only as strong as its signature database and this needs frequent updating for new attacks. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

37 Specification-Based Intrusion Detection system
One of the most commonly proposed intrusion detection systems for MANETs is specification based intrusion detection, where intrusions are detected as runtime violations of the specifications of routing protocols. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

38 Promiscuous Monitoring-Based Intrusion Detection System
Since wireless nodes can overhear traffic in their communication range, promiscuous monitoring is a popular method used to detect misbehavior of nodes such as dropping and modification of packets on MANETs. However, this technique might not detect misbehaving nodes in the presence of ambiguous collisions, or receiver collisions. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

39 Vehicular Ad Hoc Networks (VANETs)
With the increasing number of vehicles on the streets, an increasing population of vehicle manufacturers are looking for value-added services for providing their customers with increased safety and information. Vehicular Communication (VC) involves the use of short-range radios in each vehicle, which would allow various vehicles to communicate with each other and with road-side infrastructure. These vehicles would then form an instantiation of ad hoc networks in vehicles, popularly known as Vehicular Ad Hoc Networks (VANETs). Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

40 Vehicular Ad Hoc Networks (VANETs) (cont…)
Major applications of VANETs include: Safety information Traffic management Infotainment services Toll services location-based services Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

41 Vehicular Ad Hoc Networks (VANETs) (cont…)
Safety and traffic management, require real-time information, and this conveyed information can affect life or death decisions. Without security, a VANET system is vulnerable to a number of attacks such as propagation of false warning messages and suppression of actual warning messages, thereby causing accidents. This makes security a factor of paramount importance in building such networks. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

42 Comparison between MANETs and VANETs
Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

43 There are two communications in these networks:
VANET Architecture The main components of VANETs are: On Board Unit (OBU) Road Side Unit (RSU) Application Unit (AU) There are two communications in these networks: Vehicle to Vehicle communication (V2V) Vehicle to Infrastructure communication (V2I) Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

44 On Board Unit (OBU) Vehicles with electronic equipment, called OBU, that usually installed on-board a vehicle, exchange messages through wireless waves. It includes of a resource command processor (RCP), and resources include a read/write memory used to store and retrieve information, a user interface, a specialized interface to connect to other OBUs and a network device for short range wireless communication based on IEEE p radio technology. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

45 Road Side Unit (RSU) The RSU is a fixed wave device usually installed along the road side or in dedicated locations such as at junctions or near parking spaces. The RSU is equipped with one network device for a dedicated short range communication based on IEEE p radio technology, and can also be equipped with other network devices so as to be used for the purpose of communication within the infrastructural network. Note that road side units are expensive and costly to build units. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

46 Application Unit (AU) The AU is the device mounted within the vehicle that uses the applications provided by the provider using the communication capabilities of the OBU. The AU can be a dedicated device for safety applications or a normal device such as a personal digital assistant (PDA) to run the Internet, the AU can be connected to the OBU through a wired or wireless connection. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

47 Vehicular Ad Hoc Network
Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

48 VANETs Characteristics
Some of the unique characteristics of VANETs in comparison with other types of MANETs are: predictable mobility providing safe driving improving passenger comfort enhancing traffic efficiency no power constraints variable network density rapid changes in network topology large scale network high computational ability Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

49 Security Requirements
Major security requirements for a VANETs: Authentication Message integrity Nonrepudiation Access control Message confidentiality Privacy Availability Real-time guarantees Accurate location Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

50 VANET Challenges For implementing VANET security, it is essential to understand the unique challenges faced in such networks: Tradeoff between authentication and privacy High mobility Scale of network Real-time guarantees Incentives Location awareness Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

51 Classification of Attackers and Attacks in VANETs
The attackers can be divided into the following general categories: Selfish drivers Teenage hackers Eavesdroppers Insiders Malicious attackers Another classification: Passive versus Active Insider versus Outsider Malicious versus Rational Local versus Extended Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

52 Classification of Attackers and Attacks in VANETs (Cont…)
A brief outline of the major attacks: Denial of service Worm hole attack Impersonation Message falsification Message alteration Message delay and suppression Privacy violation Hardware tampering Sensors tampering Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

53 Vehicles classification
The vehicles in the network can be classified into three categories: Honest vehicles: a vehicle that forwards and generates messages correctly and has a normal behavior. Abnormal vehicles: a vehicle that drops or duplicates packets and propagates false information in the network. Malicious vehicles: if the abnormal behavior of a vehicle is repeated and its distrust value becomes larger than a threshold value, this vehicle is a malicious vehicle. Ad hoc Networks security Marjan Kuchaki Rafsanjani / 60

54 VANET Security Architecture: A sample
One of the first approaches for security architecture is presented using an AAA (Authentication, Authorization and Accounting) framework using tamper-proof security hardware, Vehicular PKI and use of road-side infrastructure. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

55 An architecture for VANET security
Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

56 Secure Vehicular Communication
Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

57 Conclusions In ad hoc networks, hundreds and thousands of wireless devices can participate in a limited area with wireless communications, but the information exchange among the devices needs appropriate privacy, authenticity, availability, and non-repudiation ensuring mechanisms. Without proper security policy, any type of self organizing networks (Mobile ad hoc networks (MANETs), Wireless Sensor Network (WSN), Wireless Mesh Network (WMN), and Vehicular Ad hoc Network (VANET)) is exposed to a wide variety of security vulnerabilities and threats. Other than data security in such types of networks, there are also multiple factors that should be considered for ensuring overall security. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

58 References Ad hoc Networks Security Marjan Kuchaki Rafsanjani 58 / 60
S. Basagni, M. Conti, S. Giordano and I. Stojmenovic, Mobile Ad Hoc networking, IEEE Press, 2004. P. Mohapatra and S.V. Krishnamurthy, Ad hoc Networks Technologies and Protocols, Springer, 2005. A. K. Pathan, Security of Self-Organized Networks, CRC Press, 2011. M. Kuchaki Rafsanjani and H. Fatemidokht, FBeeAdHoc: A secure routing protocol for BeeAdHoc based on fuzzy logic in MANETs, International Journal of Electronics and Communications (AEÜ), vol. 69, pp , 2015. M. Kuchaki Rafsanjani, Identifying IDS Agent Nodes Based on 3-Layered Key Management Framework for MANET, Walailak Journal of Science and Technology, vol. 11, no. 2, pp , 2014. M. Kuchaki Rafsanjani, A. A. Khavasi, A. Movaghar, An Effective Approach for Determining IDS Agent Nodes in MANET, Proceedings of the Third International Conference on Internet Technologies & Applications (ITA09), Wrexham, North Wales, UK, pp , September 8-11, 2009. M. Kuchaki Rafsanjani and H. Fatemidokht, Efficient and secure approaches for routing in VANETs, International Journal of Advanced Intelligence Paradigms, (Accepted). K. Lim and D. Manivannan, An efficient protocol for authenticated and secure message delivery in vehicular ad hoc network, Journal of Vehicular Communications, vol. 4, pp , 2016. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

59 Ad hoc Networks Security Marjan Kuchaki Rafsanjani 59 / 60
9) S. Al-Sultan, M.M. Al-Doori, A.H. Al-Bayatti and H. Zedan, A comprehensive survey on vehicular Ad Hoc network, Journal of Network and Computer Applications, vol. 37, pp , 2014. 10) H. Fatemidokht and M. Kuchaki Rafsanjani, F-Ant: An effective routing protocol for ant colony optimization based on fuzzy logic in vehicular ad hoc networks", Journal of Neural Computing and Applications, vol. 29, no. 11, 2018. 11) J. R. Douceur. The sybil attack. Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS’02), pp. 251–260, 2002. 12) M. Raya, P. Papadimitratos, and J.-P. Hubaux, Securing vehicular communications. IEEE Wireless Communications Magazine, Special Issue on Inter-Vehicular Communications, vol. 13, no. 5, pp. 8–15, 2006. 13) M. Kuchaki Rafsanjani, A. Movaghar, F. Koroupi, Investigating intrusion detection systems in MANET and comparing IDSs for detecting misbehaving nodes, Proceedings of World Academy of Science, Engineering and Technology, Venice, Italy, pp , October 29-31, 2008. 14) R.G. Engoulou, M Bellaiche, S. Pierre, A. Quintero, VANET security surveys, Computer Communications, Vol. 44, pp.1–13, 2014. Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60

60 Thank you for your attention…
Ad hoc Networks Security Marjan Kuchaki Rafsanjani / 60


Download ppt "Ad Hoc Networks Security"

Similar presentations


Ads by Google