“Comparison of layerwise attacks in MANETs”
Shekhar Saini, Rajesh Kumar**
A.P Department of CSE/IT, M.tech(CSE)
GIMT(Kanipla,Kurukshetra), GIMT( Kurukshetra),
[email protected], [email protected]
Abstract: The inherent properties of MANET leads to some
major issues such as power constraints, radio interference,
There are many types of attacks which can collapse the security
of MANET. These attacks can be performed on various layers of
management, service discovery, bandwidth constraints and
the network. Some attacks can be performed on any of the layer
Quality of Services (QoS). Security has been a prime concern
of MANET and others are for a particular layer. The layer-wise
among researchers. In this paper, we have surveyed various
distribution of the attacks is shown in the diagram below:-
attacks which can be implemented on various layers of
Index Terms: Qos, WMN, DOS, MANET, MAC
In Ad hoc network all the nodes are mobile and can be
connected dynamically in an arbitrary manner. There are no
fixed routers. All the nodes of these networks behave as routers
and take part in discovery and maintenance of routes to other
nodes in the network. Ad hoc networks are very helpful in
emergency search-and rescue operation, meeting or conventions
in which person wish to quickly share information
A. Security Issues in MANET
The characteristics of MANETs such as: varying topology,
mobility of nodes, provides large number of degree of freedom
and self-organizing capability of that make it completely
different from other network. Because of the characteristics of
MANETs, to design and development of secure routing is
challenging task for researcher. The various attacks which can be
Figure 1: Classification of attacks on MANET
performed on MANET is a major security flaw in MANET and
is the matter of discussion in this paper.
A. Physical Layer
network with selfish purposes to achieve large throughput,
DoS attack can be launched against physical layer by using radio
reduce power consumption and increase QoS. Selfish router
jamming device or by source of strong noise to interfere the
nodes use selfish strategy top result in the congestion of network
physical channels and may compromise the service availability.
or even the denial of service. With the Characteristics of multi-
To perform jamming attack, the attacker can launch the attack
hop and public access, it is more vulnerable for WMN to selfish
from anywhere. Due to the large coverage area and deployment
client nodes attack. The selfish attacks on routing nodes will also
of wireless mesh routers in WMN, physical layer is on the target
have large impact on the whole network performance.
of DoS attacks. Different types of jamming attacks [1] are:
1) Trivial Jamming Attack: In this attack an attacker constantly
C. Network Layer
transmits noise.
Network layer protocols extend connectivity from neighboring
2) Periodic Jamming Attack: In which an attacker transmits a
1-hops nodes to all other nodes in MANET. The connectivity
short signal periodically. These transmissions can be scheduled
between mobile hosts over a potentially multi-hop wireless link
often enough to disrupt all other communications, for example,
strongly relies on cooperative reactions among all network
with a very less period. It is also called scrambling.
3) Reactive Jamming Attack: In this attack an attacker transmits
1. Wormhole attack: An attacker records packets at one location
a signal whenever it detects that another node has initiated a
in the network and sends them to another location. Routing can
transmission, causing a collision during the second portion of the
be disturbed when routing control messages are sent anywhere
else. This tunnel is referred as a wormhole [4]. Wormhole
B. MAC Layer
attacks are severe threats to MANET routing protocols. When a
MAC layer incorporates functionality uniquely designed to
wormhole attack is used against an on-demand routing protocol
WMN as stated in draft 3.0 released in March, 2009 [2]. In it, the
(in which a new route is generated at every request), the attack
ability to search networks, participate and leave networks, and
could prevent the route to be discovered other than through the
coordinate to the radio medium is included. Possible DoS attacks
are given below [3]:
2. Blackhole attack: The blackhole attack has two features.
1. MAC Misbehavior: DoS attack can be implemented via
Firstly, the node uses the mobile ad hoc routing protocol, like
corrupting CTS / RTS frames by following steps:
AODV, to advertise itself as having a valid route to a destination
a) Unprompted CTS Attack: In this type of attack an attacker
node, even though the route is repeated, with the purpose of
transmits a CTS message with a long message duration causing
disturbing packets. Second, the attacker consumes the disturbed
all recipients to halt transmission for this duration.
packets without any forwarding. However, the attacking node is
b) Reactive RTS Jamming Attack: Whenever a node detects an
having the risk that neighboring nodes will monitor and make
RTS message, it disrupts these messages by immediately
fail the ongoing attacks. There is a more difficult to detect form
initiating a transmission. The effects of this attack are
of these attacks when an attacker selectively forwards packets.
exacerbated by the exponential back-off scheme.
An attacker changes or modifies packets produced by some
c) CTS Corrupt Jamming: When a RTS message is received, an
nodes, while leaving the packets from the other nodes without
attacker transmits noise during the CTS response.
any change, which limits the suspicion of its wrong doing.
2. Selfish attacks: The selfish nodes will reduce the resource of
3. Grayhole attack: Grayhole attack is an extension of Blackhole
Wireless channel which can be used by real nodes, thereby affect
attack in which a malicious node’s behavior is exceptionally
the network performance, and even interrupt the network
unpredictable. There are three types of Grayhole attacks [1]. In
service. There are types of selfish nodes in WMN, selfish client
first, the malicious node may drop packets from certain nodes
nodes and selfish router nodes. Selfish client nodes access
while forwards all other packets. In second type, a node may
behave maliciously for a specific time, but after that it behaves
connect and communicate using TCP, firstly they must establish
just like other ordinary nodes. Third type of attack is the
a TCP connection using a three-way handshake process.
combination of both attacks i.e. the malicious node may drop
2. Session hijacking:
Packets from specific nodes for certain time only, later it
Session hijacking takes advantage of the fact that most
behaves as a normal node. Due to these characteristics, detection
communications are protected (by providing credentials) at
of Grayhole attacks is not an easy task. A Grayhole attack can
session startup, but not thereafter. In the TCP session capturing
disturb route discovery process and degrade network’s
attack, the attacker adopts the victim’s IP address, determines the
performance [5].
right sequence number that is expected by the target node, and
4. Byzantine attack: Attacks where the adversary has full control
then performs a Denail of service attack on the victim. Thus the
of an authenticated device and can perform arbitrary behavior to
attacker take place of the the victim node and continues the
disrupt the system are referred to as Byzantine attacks [6].
session with the target.
5. Sybil attack: A Sybil attack [7] is an attack in which a node
imitates the appearance, a malicious device knowingly making
E. Application layer attacks
multiple identities, behaving as if there are a larger number of
Application layer attacks can be mobile viruses, worm attacks,
nodes (instead of just one). Malicious device extra identities are
and repudiation attacks.
referred to as Sybil identities or Sybil nodes.
1. Mobile virus and worm attacks: The application layer contains
6. Flooding attack: The attacker transmits a flood of packets
user’s data, and it normally supports no of protocols such as
toward a target node or to congest the network and decreases its
HTTP, SMTP, FTP. Malicious code, which includes many
performance. A flooding Denail of service attacks are difficult to
viruses and worms, is applicable across operating systems and
handle. Attacker may use any type of packets to congest the
applications. As we know, malicious programs are widely spread
in networks. There are a number of techniques by which a worm
can discover new machines to exploit. One example is IP address
D. Transport layer attacks
scanning used by Internet worms. That technique consists of
The objectives of TCP-like Transport layer protocols in MANET
generating probe packets to a vulnerable UDP/TCP port at many
include setting up of end to end connection, reliable delivery of
different IP addresses. Hosts that are hit by the scan respond,
packets, flow control, congestion control. Like TCP protocols in
receive a copy of the worm, and hence get infected. The Code
the Internet, the mobile node is vulnerable to the classic SYN
Red worm [9] is one of the scanning worms. Some worms use a
flooding attack or session hijacking attacks. However, a
loophole of the system. For example, Worm.Blaster and
MANET has a higher channel error rate when compared with
Worm.Sasser [9] each use a different loophole: Worm.Blaster
wired networks. Because TCP does not have any mechanism to
uses a sys-tem RPC DCOM loophole, and Worm.Sasser uses the
distinguish between whether a loss is due to congestion,
system LSASS (local security authentication subsystem service).
randomized error, or malicious attacks, TCP multiplicatively
In MANET, an attacker can also produce a worm attack using
decreases its congestion window upon experiencing losses,
any loophole of the system of the mobile ad hoc network
which degrades network performance significantly [8].
2. Repudiation attack: On the network layer, firewalls can be
1. SYN flooding attack:
installed to filter the packet coming in and going out of the
The SYN flooding attack is a denial-of-service attack. The
network. On the transport layer, entire connections can be fed to
attacker generates a large number of incomplete TCP
the port. But these solutions do not answer the problem of
connections with a target node, but it did not complete the
authentication or non-repudiation completely. Repudiation is a
process to fully establish the connection. For two nodes to
denial of participation in all or part of the communication
processes. For example, a selfish person could deny conducting
an operation on a credit card purchase, or deny any on-line bank
applied in MANET. IDS are some of the latest security tools in
transaction, which is the prototypical repudiation attack on a
the battle against attacks.
commercial system.
Hence there is not any complete way to make the attacks to
happen or stop them but we can make the effect of these attack
F. Multi-layer attacks:
less. One way to do this is active queue management. There are
Some security attacks can be launched from multiple layers
many active queue management techniques like RED, ARED,
instead of a particular layer. Examples of multi-layer attacks are
SFB etc which can make the effect of attacks less by using the
denial of service (DoS), man-in-the- middle, and impersonation
queues efficiently.
1. Denial of service: Denial of service (DoS) attacks could be
launched from several layers. An attacker can attack on physical
layer and employ signal jamming, which disrupts normal
Communication Networks" in 11th IEEE conference on Intelligent
Transportation Systems, 2008, pp 797-802.
communications. At the link layer, malicious nodes can occupy
[2] IEEE 802.11s Draft 3.0 released in March, 2009.
channels through the capture effect, which takes advantage of
[3] John Bellardo and Stefan Savage, "802.11 Denial-of-Service
the binary exponential scheme in MAC protocols and prevents
Attacks: Real Vulnerabilities and Practical Solutions" in Proceedings of
other nodes from channel access. At the network layer, the
the 12th Conference on USENIX Security Symposium - Volume 12, pp
routing process can be interrupted through routing control packet
modification, selective dropping, table over- flow, or poisoning.
[4] M. Ilyas, The Handbook of Ad Hoc Wireless Networks, CRC Press,
At the transport and application layers, SYN flooding, session
hijacking, and malicious programs can cause Denail of service
[5] Y. Hu and A. Perrig, A Survey of Secure Wireless Ad Hoc
Routing.IEEE Security & Privacy, pp. 28-39, 2004.
[6] Kai Han1, Binoy Ravindran1, and E. Douglas Jensen, "Byzantine-
2. Impersonation attacks: Impersonation attacks are just the first
Tolerant, Point To-Point Information Propagation in Untrustworthy and
step for most attacks, and are used to launch further sophisticated
Unreliable Networks" in International Conference on Network-Based
attacks. For example, a malicious node can precede an attack by
Information Systems, 2007.
altering its MAC or IP address.
[7] Douceur, J.R., Donath, J.S. "The sybil attack". In: Proceedings for
3. Man-in-the-middle attacks: An attacker sits between the
the 1st International Workshop on Peer-to-Peer Systems, 2002, pp 251-
sender and the receiver and sniffs any information being sent
between two ends. In some cases the attacker may impersonate
[8] H. Hsieh and R. Sivakumar, Transport Over Wireless Networks.
the sender to communicate with the receiver, or impersonate the
Handbook of Wireless Networks and Mobile Computing, Edited by
receiver to reply to the sender
Ivan Stojmenovic. John Wiley and Sons, Inc., 2002.
[9] N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, ”A
Security is an essential service for wired and wireless network
Taxonomy of Computer Worms”, First Workshop on Rapid Malcode
communications. The characteristics of MANET pose both
(WORM), 2003.
challenges and opportunities in achieving the security goals,
such as confidentiality, authentication, integrity, availability,
access control, and non-repudiation. There are many ways by
which we can oppose the attacks on various layers like such as
tokens and smart cards, can be used to protect against physical
attacks. intrusion detection systems (IDS) is also proposed and

IETET2013_159Raj_66CSE - IETET @ GIMT(Kurukshetra)