A Review on Denial of service attacks and their counter 2
advertisement
International Journal of Engineering Trends and Technology (IJETT) – Volume 24 Number 2- June 2015 A Review on Denial of service attacks and their counter measures over MANETs Soni Sindhal#1, Samarth kapoor#2 Dept. of Computer Science and Engg. Swami Devi Dyal Institute Of Engg. & Tech. Panchkula(Haryana),India. Abstract—Security and QoS in ad hoc wireless networks have recently become very important and actively researched topics because of a growing demand to support live streaming audio and video in civilian as well as military applications. The wireless links between nodes are highly susceptible to link attacks, which include passive eavesdropping, active interfering, leaking secret information, data tampering, impersonation, message replay, message distortion, and denial of service. Eavesdropping might give an adversary access to secret information, violating confidentiality. Active attacks might allow the adversary to delete messages, to inject erroneous detail, to modify messages, and to impersonate a node, thus violating availability, integrity, authentication, and nonrepudiation. Ad hoc networks do not have a centralized piece of machinery such as a name server or a base station, which could lead to a single point of failure and, thus, make the network that much more vulnerable.A malicious node could attempt to flood the network with its own unicast data packets, potentially using many different destination addresses. In this paper, we provide a comprehensive overiew on different types of denial of sevice attacks and their prevention techniques over Wirless Mobile Ad hoc NETworks. being solely by interactions among their constituent wireless nodes, and it is only such interactions that are used to provide the necessary administration functions supporting such networks. Mobile ad-hoc networks offer unique versatility for certain environments and certain applications. Since no fixed infrastructure, including base stations, is prerequisite, they can be created and used any time, anywhere. Indeed, since all nodes are allowed to be mobile, the composition of such networks is necessarily time varying. Addition and deletion of nodes occur only by interactions with other nodes; no other agency is involved. Such perceived advantages elicited immediate interest in the early days among military, and rescue agencies in the use of such networks, especially under disorganized or hostile environments, including isolated scenes of natural disaster and armed conflict. Keywords— QoS, DOS, MANETs. I. INTRODUCTION Mobile ad hoc networks consist of mobile nodes interconnected by wireless multi-hop communication paths. Unlike conventional wireless networks, ad hoc networks have no fixed network infrastructure or administrative support. The topology control of such networks changes dynamically as mobile nodes join or depart the network or radio links between nodes become unusable. Conventional wireless networks require as prerequisites a fixed infrastructure netwok with centralized administration for their operation. In contrast, socalled (wireless) mobile ad hoc networks, consisting of a collection of wireless nodes, all of which may bemobile, dynamically create awireless network amongst themselves without using any such administrative support [3, 4]. An ad hoc wireless network is a collection of two or more devices equipped with wireless communications and networking capability. For the latter scenario, an intermediate node is used to passes the packet from the source toward the destination. Such devices can communicate with another node that is immediately within their radio range or one that is outside their radio range. Ad hoc wireless networks are self-creating, selforganizing, and self-administering. They come into ISSN: 2231-5381 Figure 1 : Mobile Ad hoc Networks. A. Challenges Facing Ad Hoc Mobile Networks * Spectrum Allocation and Purchase Regulations regarding the use of radio spectrum are currently under the control of the FCC. Most experimental ad hoc networks are based on the ISM band. To prevent interference, ad hoc networks must operate over some form of allowed or specified spectrum range. Most microwave ovens operate in the 2.4GHz band, therefore can interfere with wireless LAN systems. Frequency spectrum is not only tightly controlled and allocated, but it also needs to be http://www.ijettjournal.org Page 67 International Journal of Engineering Trends and Technology (IJETT) – Volume 24 Number 2- June 2015 purchased. With ad hoc networks capable of forming vector routing is not designed for wireless networks, it and deforming on-the-fly, it is not clear who should is still applicable to packet radio networks since the pay for this spectrum. rate of mobility is not high. The bulky and heavy construction of these radios make them less mobile * Service Location, Provision, and Access once deployed. However, as mentioned in the previous While protocols are important for the correct operation chapter, advances in microelectronics technology have of an ad hoc wireless network, service location, enabled the construction of portable, and highly provision, and access are equally important. Should integrated mobile devices. Hence, ad hoc mobile we continue to assume that the traditional client/server networks are different from packet radio networks RPC paradigm is appropriate for ad hoc networks. Ad since nodes can move more freely, resulting in a hoc networks comprise heterogeneous devices and dynamically changing topology. Existing distancemachines and not every one is capable of being a vector and link-state-based routing protocols are server. The concept of a client initiating concept unable to cover up with such frequent link changes in requests to a server for execution and awaiting results ad hoc wireless networks, resulting in poor route to be returned may not be attractive due to limitations convergence and very low communication throughput. in bandwidth and power. Perhaps the concept of Hence, new routing protocols are needed. remote programming as used in mobile agents is more applicable since this can reduce the interactions * Multicasting exchanged between the client and server over the The explosion in the number of Internet users is partly wireless media. attributed to the presence of video and audio conference tools. Such multiparty communcations are * Security & Privacy enabled through the presence of multicast routing Ad hoc networks are intranets and they remain as protocols. The multicast backbone consisting an intranets unless there is connectivity to the Internet. interconnection of multicast routers that are capable of Such confined communications have already tunneling multicast packets through non-multicast countered attackers who are not common in the area. routers. Some multicast protocols use a broadcast-andNote that this is not the case for wired and wireless- prune approach to build a tree rooted at the source. last hop users. Through neighbor identity Others use core nodes where the multicast tree authenication, a user can know if neighboring are originates. All such methods rely on the fact that friendly or hostile. Information sent in an ad hoc route routers are static, and once the tree is formed, tree can be protected in some way but since multiple nodes nodes will not move. However, this is not the case in are involved, the relaying of packets has to be ad hoc wireless networks. authenicated by recognizing the originator of the paket * Energy Efficiency and the flow ID or label. Most existing network protocols do not consider * Media Access energy consumption an issue since they assume the Unlike cellular networks, there is a lack of centralized presence of static hosts and routers, which are global synchronization in ad hoc wireless networks. powered by mains. However, mobile devices today are Hence, FDMA and TDMA schemes are not suitable. mostly operated by batteries. Battery technology is In addition, many MAC protocols do not deal with still lagging behind microprocessor technology. The host mobility. As such, the scheduling of packets for lifetime of an Li-ion battery today is only 2-3 hours. timely transmission to support QoS is difficult. In ad Such a limitation in the operating hours of a device hoc wireless networks, since the same media are implies the need for power conservation. In particular, shared by multiple mobile ad hoc nodes, access to the for MANETs, mobile devices must perform both the common channel must be made in a distributed role of an end system (where the user interacts and fashion, through the presence of a MAC protocol. where user applications are executed) and that of an Given the fact that there are no static nodes, nodes intermediate system (packet forwarding). Hence, cannot depends on a centralized coordinator. The forwarding packets on the behalf of others will MAC protocol must contend for access to the channel consume power, and this can be quite significant for while at the same time avoiding possible collisions nodes in an ad hoc wireless network. with neighboring nodes. The presence of mobility, and hidden terminals problems must be accounted for B. Classification af Attacks when it comes to designing MAC protocols for ad hoc Nodes in MANET can be broken, malicious or selfish. wireless networks. Broken nodes become non functional due to some link failure so cannot forward the traffic that they earlier * Routing agree to forward. Malicious nodes aimed at disrupting The presence of mobility implies that links make and the network by dropping the packets or launching break often and in an indeterministic fashion. Note denial of service attacks. Selfish nodes hinder the that the classical distributed Bellman Ford routing routing by dropping packets in order to conserve their algorithm is used to maintain and update routing energy and bandwidth. MANET found applications in information in a packet radio network. While distance military, disaster relief operations etc as it is easy to ISSN: 2231-5381 http://www.ijettjournal.org Page 68 International Journal of Engineering Trends and Technology (IJETT) – Volume 24 Number 2- June 2015 deploy. In order to encourage its need in future it is * External attacks: In external attack the attacker important to ensure secure and reliable routing in wants to cause congestion in the network this can be MANET. Before providing security we need to know done by the propagation of fake routing information. attacks related to such networks. Security aspects were The attacker disturbs the nodes to avail services [4]. not considered when adhoc protocols were designed. * Internal attacks: In internal attacks the attacker Later researchers tried to incorporate security wants to gain the access to network & wants to mechanisms on existing routing protocols. Attacks can participate in network activities. Attacker does this by be classified into two broad categories[4]: some malicious impersonation to get the access to the network as a new node or by directly through a * Passive Attacks The attacker just snoops the network without present node and using it as a basis to conduct the attack [8]. disrupting the network operation. These attacks compromise the confidentiality of the data and tell which nodes are working in promiscuous mode. i. Eavesdropping: It is reading or snooping of messages by an unintended receiver. In MANET, the nodes share a wireless medium so nodes can easily overhear communication of the nodes within its transmission range. This attack can be prevented by using encryption. ii. Selfishness: A selfish node in order to save its battery life and resources does not participate in routing either by dropping the packets or not forwarding them. Figure 2: Example of External attack * Active Attacks Attacks in which attacker disrupts the normal operation of the network by fabricating messages, dropping or modifying packets, replaying packets or tunneling them to other part of the network. Basically the content of passing message is modified. These can be internal attacks and external attacks. Figure 3: Example of Internal attack Active attacks can be further classified corresponding to different layers in MANET. Figure 4: Categorization of Attacks [7]. ISSN: 2231-5381 http://www.ijettjournal.org Page 69 International Journal of Engineering Trends and Technology (IJETT) – Volume 24 Number 2- June 2015 II. Denial of Service (DoS) The denial of service threat produced either by an unintentional failure in the system or a malicious action forms a severe security risk in any distributed system. The classical way to create a DoS attack is to flood any centralized resource so that it no longer operates correctly or crashes. But in ad hoc networks, this may not be an applicable approach, due to the distribution of responsibility as well as the lack of a centralized resource. Radio jamming and battery exhaustion are two other ways in which service can be denied to other nodes and users. A distributed DoS attack is an even more severe threat. If the attackers have enough computing power and bandwidth to operate with, smaller ad hoc networks can be crashed or congested rather easily. Compromised nodes may be able to reconfigure the routing protocol or a part of it, such that they can send routing information very frequently, thus causing congestion and preventing nodes in gaining the latest information about the changed topology of the network. If the presence of compromised nodes and the compromised routing are not detected, the consequences to the network are severe, as the network may seem to operate normally to the other nodes. This kind of invalid operation of the network initiated by malicious nodes is called a Byzantine failure. For example, a compromised node could participate in a session but simply drop a certain number of packets, which may lead to degradation in the quality of service being offered by the network. In summary, some of the examples of Denial of Service attacks are: * SYN flooding : In this type of DoS attack, the adversary sends a large number of SYN packets to a victim node, spoofing the return address of the SYN packets. On receiving the SYN packets, the victim node sends back acknowledgement (SYNACK) packets to nodes whose addresses have been specified in received SYN packets and awaits for ACKs from the senders, which never arrive. If sufficient connections are established among multiple senders and the victim, it is likely that its memory resources may be exhausted (table overflow), owing to the currently open connections and the victim cannot now accept a new legitimate request for a connection. * Jamming : This type of DoS attack is initiated by a malicious node after determining the frequency of communication used by the receiver and using the same frequency to send data to the receiver thereby interfering with its operation. Frequency hopping is an established technique to get around jamming attacks. * Distributed denial of service attack : This type of attack is launched by a group of compromised nodes who are part of the same network and who collude together to bring the network down or seriously affect its operation. ISSN: 2231-5381 III. RELATED WORK MANET is very much popular due to the fact that these networks are dynamic, infrastructure less and scalable. Despite the fact of popularity of MANET, these networks are very much exposed to attacks [5]. Wireless links also makes the MANET more susceptible to attacks which make it easier for the attacker to go inside the network and get access to the ongoing communication [6]. Different kinds of attacks have been analyzed in MANET and their affect on the network. Attack such as gray hole, where the attacker node behaves maliciously for the time until the packets are dropped and then switch to their normal behavior [7]. Security is one of the most primary concerns in MANET for the protection of communication and security of information. For network operation it is necessary to perform routing and packet forwarding. Hence numbers of security mechanisms has been made to counter measure the malicious attacks. In cryptographic approaches like S-AODV [8] and Adriane [9], the routing packets are encrypted using symmetric or asymmetric algorithm and hence external or inside attacker cannot modify the packets. However the problem with cryptographic approaches is the increased consumption of processing power and flooding attack can also be launched without forging the packets. Dahill et al. [10], proposed ARAN, a routing protocol for ad hoc networks that uses authentication and requires the use of a trusted certificate server. In ARAN end-to-end authentication is achieved by the source by having it verify that the intended destination was reached. In this process, the source trusts the destination to choose the return path. The source begins route instantiation by broadcasting a Route Discovery Packet (RDP) that is digitally signed by the source. Following this, every intermediate node verifies the integrity of the packet received by verifying the signature. The first intermediate node appends its own signature encapsulated over the signed packet that it received from the source. All subsequent intermediate nodes remove the signature of their predecessors, verify it and then append their signature to the packet. One primitive solution to vanish the RREP forging is to disable the ability to reply in a message of an intermediate node, so all reply messages should be sent out only by the destination node [11]. This method avoid intermediate node to reply which avoid in certain case the Black Hole and implements the secure protocol. This increase the routing delay in large networks and a malicious node can take advantage by replying message instead of destination node. So for this one or more routes are used by the intermediate nodes which replay the RREQ messages to confirm the routes from intermediate nodes and http://www.ijettjournal.org Page 70 International Journal of Engineering Trends and Technology (IJETT) – Volume 24 Number 2- June 2015 destination nodes for sending out the data packets. In understanding of the key attack factors and how to case if it does not exist, the reply messages is evaluate the impact of an attack, protocol designers discarded from intermediate node and alarm messages can better determine if the overhead of deploying a are sent to the network. This method avoids the Black counter-strategy is merited given the damage that an Hole problem thus preventing the network from attack can inflict. malicious node. This will result in great delay IV. CONCLUSION AND FUTURE WORK especially in large networks and in addition the attacker can fabricate a reply message on behalf of the In this paper, We covered general denial of service Various possible threats and attacks on ad hoc destination node. networks and their possible prevention. The security In [12] Aleksandar Kuzmanovic and Edward W. schemes that govern trust among communicating Knightly have analyzed several DoS traffic patterns entities are collectively known as trust management. for different TCP Variants such as TCP-Reno, New Here trust means the confidence of an entity on Reno, Tahoe and SACK ( Selective another entity based on the expectation that the other Acknowledgement ) and showed that a realistic threat entity will perform a particular action important to the to today’s Internet is low-rate DoS attacks and for one who trusts, irrespective of the ability to monitor or small Round Trip Time (RTT) flows out of a control that other entity. In the trust management heterogeneous RTT environment , are more vulnerable system, reputation system and other trust-based to low-rate DoS attacks. RED and RED –PD like systems, route selection is based on the sending node’s mechanisms unable to prevent DoS-initiated prior experience with other nodes in the network. The synchronization but not eliminate the effectiveness of dynamic feedback mechanisms are usually applied on the attack. the current ad-hoc routing protocols to rate the trust In [13] Ferdous A. Barbhuiya et. al. summarize that about other nodes in the network and make routing Transmission Control Protocol (TCP) is a transport decisions based on the trust matrix, which is formed layer protocol which provides flow control, according to the evidence collected from previous congestion avoidance and error control. TCP is interactions. By incorporating the dynamic feedback designed to provide the reliable end to end byte stream mechanism in the routing protocol, misbehaved nodes communication and little or almost no consideration are identified and avoided to forward packets. In this was given to the fact that algorithms used in TCP can way, misbehavior can be mitigated. be exploited by attackers while designing this References protocol. Low rate TCP-targeted denial of service attack is a cleverly crafted attack in which an attacker [1] Goyal, Priyanka, Vinti Parmar, and Rahul Rishi. "Manet: vulnerabilities, challenges, attacks, application." IJCEM exploits congestion avoidance algorithm and International Journal of Computational Engineering & uniformity of minimum Retransmission Time out Management 11 (2011): 32-37. period in Transmission Control Protocol. optimistic [2] Shanthi, N., L. Ganesan, and K. Ramar. "STUDY OF acknowledgement for any misbehaving TCP receiver DIFFERENT ATTACKS ON MULTICAST MOBILE AD is suggested for detection and mitigation of Induced HOC NETWORK." Journal of Theoretical & Applied Information Technology 6.4 (2009). Low rate TCP-targeted attack . This solution mitigates this Induced Low rate TCP-targeted attack by stopping [3] Pani, N. K., Mishra, S., Secure Hybrid Routing for MANET Resilient to Internal and External Attacks, ICT and Critical optimistic acknowledgement. In [14], the author disscuses the two type of attack on adhoc network. The first on is Jelly Fish and second one is Black Hole attack.Significant progress has been made towards making ad hoc networks secure and DoS resilient. In this paper, the author made the design and study DoS attacks in order to assess the damage that difficult-to-detect attackers can cause. JellyFish attack, is targeted against closed-loop flows such as TCP. This attack is protocol-compliant and yet has a devastating impact on the throughput of closedloop flows, such as TCP flows and congestioncontrolled UDP flows. These attacks are studied in a variety of settings and have provided a quantification of the damage they can inflict. As such a partitioned system is clearly undesirable, author also considered fairness measures and the mean number of hops for a received packet, as critical performance measures for a system under attack. The main guidelines are provided for protocol designers who are developing DoS-resilience mechanisms: with a better ISSN: 2231-5381 Infrastructure: Proceedings of the 48th Annual Convention of Computer Society of India, Springer International Publishing, 2014, pp. 449-458. [4] Tarunpreet Bhatia and A.K. Verma, “Security Issues in Manet: A Survey on Attacks and Defense Mechanisms”, International Journal of Advanced Research in Computer Science and Software Engineering, 3 (6), June - 2013, pp. 1382-1394. [5] S. Lu, L. Li, K.Y. Lam, L. Jia, “SAODV: A MANET Routing Protocol that can Withstand Black Hole Attack.,” International Conference on Computational Intelligence and Security, 2009. [6] K. Biswas and Md. Liaqat Ali, “Security threats in Mobile AdHoc Network”, Master Thesis, Blekinge Institute of Technology” Sweden, 22nd March 2007 [7] S.Marti, T.J.Giuli, K.Lai, M.Baker, “Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks”. [8] S. Yi and R. Kravets, Composite Key Management for AdHocNetworks.Proc. Of the 1st Annual InternationalConference on Mobile and Ubiquitous Systems: Networking and Services (MobiQuitous’04), pp. 52-61, 2004. [9] Hu, Y., Perrig, A., & Johnson, D. (2002). Ariadne: A Secure On-Demand Routing for Ad Hoc Networks. Proc. of MobiCom 2002, Atlanta http://www.ijettjournal.org Page 71 International Journal of Engineering Trends and Technology (IJETT) – Volume 24 Number 2- June 2015 [10] K. Sanzgiri, B. Dahill, B.N. Levine, C. Shields, E.M. Belding Royer, “Secure routing protocol for Ad-Hoc networks,” In Proc. of 10th IEEE International Conference on Network Protocols, Dept. of Comput. Sci., California Univ., Santa Barbara, CA, USA. Pp.78- 87, ISSN: 1092-1648, 12-15 Nov. 2002. [11] Hongmei Deng, Dharma P. Argawal, “Routing Security in Wireless Ad Hoc Networks”, IEEE Communications Magazine, October 2002. [12] Aleksandar Kuzmanovic and Edward W. Knightly, “Low Rate TCP Targeted Denial of Service Attacks” SIGCOMM’03, August 25-29, 2003. [13] Ferdous A. Barbhuiya, Vaibhav Gupta, Santosh Biswas and Sukumar Nandi, “Detection and Mitigation of Induced Low Rate TCP-Targeted Denial of Service Attack” IEEE Sixth International Conference on Software Security and Reliability, Oct. 2012. [14] Imad Aad, Jean-Pierre Hubaux, Edward W. Knightly , “Impact of Denial of Service Attacks on Ad Hoc Networks, ” IEEE/ACM transactions on networking, VOL. 16, NO. 4,pp no 791-802, Aug 2008. ISSN: 2231-5381 http://www.ijettjournal.org Page 72
