IJRET: International Journal of Research in Engineering and Technology
eISSN: 2319-1163 | pISSN: 2321-7308
SECURITY IN AD-HOC NETWORKS
Raja Iswary1, Rohit Kumar Das2
1
2
Department of Information Technology, Assam University, Silchar
Department of Information Technology, Assam University, Silchar
Abstract
On wireless computer networks, ad-hoc mode is a method for wireless devices to directly communicate with each other. Operating in
ad-hoc mode allows all wireless devices within range of each other to discover and communicated in peer -to-peer fashion. One main
challenge in design of these networks is their vulnerability to security attacks. The growing popularity and widespread applications of
wireless networks are directly proportionate to their propensity for security exploitation. In this paper we have discussed a bout the
potential attacks and security issues of routing protocols face by ad-hoc network.
Keywords: Ad-hoc network, Network Attacks, Routing Protocols
----------------------------------------------------------------------***-------------------------------------------------------------------1. INTRODUCTION
An ad hoc network is made up of multiple “nodes” connected
by “links”. An ad-hoc network is a local area network (LAN)
that is built spontaneously as devices connect. Instead of relying
on a base station to coordinate the flow of messages to each
node in the network, the individual network nodes forward
packets to and from each other. Basically, an ad hoc network is
a temporary network connection created for a specific purpose
(such as transferring data from one computer to another). An ad
hoc network typically refers to any set of networks where all
devices have equal status on a network and are free to associate
with any other ad hoc network devices in link range. As the
medium of transmission is wireless the security aspect for this
type of transmission is very high and is one of the major
concerned issues. In this paper, for the first section we will see
some of the security aspects for the ad-hoc network, the second
section is be consisting of the vulnerable attacks and then the
routing protocols.
2. SECURITY IN AD-HOC NETWORK
2.1 Network Availability
Services should be available whenever required. Availability is
a key concern in wireless network security. It relates to the
survivability and operability of a wireless network.
Fig 1: Topology change in ad hoc networks: nodes A, B, C, D,
E, and F constitute an ad hoc network.
The circle represents the radio range of node A. The network
initially has the topology in (a). When node D moves out of the
radio range of A, the network topology changes to the one in (b)
Availability ensures not only operational efficiency, but also
data delivery. This is usually done by the routing protocol. [2]
2.2 Integrity
Data which are being transmitted over the wireless ad-hoc
network are integrated in such a way that they cannot be
corrupted.
2.3 Authentication
Authentication is the ability of a node to identify the node with
which it is communicating. If authentication process is not
enabling then the attacker could gain unauthorized access to
resource and can get sensitive information of other nodes.
__________________________________________________________________________________________
Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org
98
IJRET: International Journal of Research in Engineering and Technology
2.4 Confidentiality
It ensures that some sensitive information is never disclosed to
any unauthorized users.
2.5 Non-repudiation
eISSN: 2319-1163 | pISSN: 2321-7308
messages are tunneled. This tunnel between two colluding
attackers is referred as a wormhole. There are several variations
to the wormhole attack. Such as Wormhole using Out-of-Band
Channel, Wormhole with High Power Transmission, Wormhole
using Packet Relay, Wormhole using Protocol Deviations. [3]
Non-repudiation states that the sender of the message cannot
deny having sent it. Non-repudiation is useful for detection and
isolation of compromised nodes. [4]
3. ATTACK ON AD HOC NETWORK
3.1 Denial of Service Attacks
A denial of service attack is the most common attack to deny
network availability. On the physical and media access control
layers, an adversary could employ jamming to interfere with
communication on physical channels. On the network layer, an
adversary could disrupt the routing protocol and disconnect the
network. On the higher layers, an adversary could bring down
high-level services. As Wireless devices use CSMA/CA
protocol to transmit data. If a user wants to transmit data must
first listen to the channel to check for activity. If the channel is
idle, the user can begin transmission. Otherwise, the user must
wait until the channel is free. By design most wireless devices
share the communication medium. However, it is possible for a
device to constantly transmit energy on the frequency of a
wireless network, making the channel unavailable. This
effectively denies all service (data transmission) on the network.
There is no realistic protection against such an attack. If a node
has the appropriate hardware, a DoS attacked can be mitigated.
If the channel remains unavailable for a predetermined amount
of time, an alternative channel (RF) may be used.
Fig 2: Wormhole attack
3.5 Blackhole attack
Here a node provides an arbitrary false shortest path route
replies to the route requests it receives. These fake replies can
be use simply to attract all traffic to it in order to perform a
denial of service attack by dropping the received packets. The
attacker consumes the intercepted packets without any
forwarding. However, the attacker runs the risk that neighboring
nodes will monitor and expose the ongoing attacks. There is a
more subtle form of these attacks when an attacker selectively
forwards packets. An attacker suppresses or modifies packets
originating from some nodes, while leaving the data from the
other nodes unaffected, which limits the suspicion of its
wrongdoing.
3.2 Passive Attack
The passive attacks only intercept the message transmitted in
the network without disturbing the transmission. The attacker
will be able to analyze the valuable information like network
topology to perform further attacks. Unfortunately, this kind of
attack in wireless network is impossible to detect due to the
nature of wireless network that its medium is air which is
widely open to every user within the domain. Passive attacks
threaten confidentiality of data.
3.3 Active Attack
An active attack attempts to alter or destroy the data being
exchanged in the network there by disrupting the normal
functioning of the network. This threat violates the security of
the system. Some examples of active attacks are data
interruption, interception, modification and fabrication.
3.4 Wormhole Attack
This is a network layer attack where the attacker records packets
at one location in the network and tunnels them to another
location. Routing can be disrupted when routing control
Fig 3: Blackhole attack
3.6 Location Disclosure
The actual location of a device needs to be kept hidden for
reasons of privacy of the user. In this approach, an attacker is
able to detect the location of nodes or may even get the entire
structure of the network.
3.7 Packet Replication
This attack fall under the routing attack category where the stale
packets are replicated which require additional bandwidth. This
results in confusion in the routing process as it will be difficult
to identify which of the packet to forward to the other nodes. [4,
5]
__________________________________________________________________________________________
Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org
99
IJRET: International Journal of Research in Engineering and Technology
eISSN: 2319-1163 | pISSN: 2321-7308
4. EXPLORATION OF SECURITY CONCERN IN
4.1.3 Global State Routing (GAR):
AD-HOC
In Global state routing the entire network is not flooded as is the
case with Dynamic Destination-Sequence Distance-vector
routing. Here three tables are maintained for each node: a
neighbor list, a topology table, a next hop table and a distance
table.
NETWORK
USING
ROUTING
PROTOCOL
A clear distinction exists between a wired and wireless when it
comes to a routing protocol mechanism. Routing in traditional
wired networks with fixed infrastructure when compared with a
wireless faces certain problems. A limitations imposed by the
Ad-hoc infrastructure as whether or not a routes records need to
be created, whether or not a routing protocol should depend on a
centralized entity or a routing protocol should be energy
efficient imposes a serious concern. Thus, knowing the fact that
this limitation are indeed serious concern so mechanisms that
are operable in a most suitable ways are proposed as most
existing routing protocol follow up two different approaches
that deal with an Ad-hoc networks: the table driven and the
source-initiated on-demand approaches. [6]
4.2 Reactive Routing Protocols (Source-Initiated onDemand):
In this approach a source node initiates a rote discovery function
where a route is created only when the source node requires a
route to specific destinations. Being a less resource intensive as
compared to Proactive routing there is no need of periodic
transmission of updates as information responds are achieved
when demand arises.
Some Classification based on Reactive Routing Protocol:
4.1 Proactive Routing Protocols (The Table Driven)
A Clear and consistent view of the network topology by
propagating periodic updates and maintaining at all times
routing information regarding the connectivity of every node to
all other nodes that participate in the network follows a
Proactive Mechanism. This provides a quick way to route data
across the network which turns out to be an expensive one in a
small network as minimal of activity involved in it.
Some Classification based on Proactive Routing Protocol:
4.1.1 Dynamic Destination-Sequenced Distance-Vector
Routing Protocol (DSDV)
In this approach each and every nodes that are within the
network maintains a routing table information containing each
destinations and the number of hops required which follows a
Bellman-Ford routing algorithms. Every significant change are
propagated as each node broadcasts its routing table where
updates are sent in either full or incremental dumps i.e. in case
of full dump the entire table is sent and in case of incremental
only the routing data that has changed are sent.
4.1.2 Wireless Routing Protocol (WRP):
WRP uses an enhanced version of the distance-vector routing
protocol, which uses the Bellman-Ford algorithm to calculate
paths. The tables that are maintained by a node are the
following: Distance table (DT), Routing table (RT), link cost
table (LCT), and a message retransmission list (MRL). The
protocol introduces mechanisms which reduce route loops and
ensure reliable message exchange. To overcome the count-toinfinity problem and to enable faster convergence, it employs a
unique method of maintaining information regarding the
shortest distance to every destination node in the network and
hop node on the path to every destination node.
4.2.1 Ad Hoc on-Demand Distance Vector Routing
(AODV)
DSDV is improved an enhanced by AODV. It is a Reactive
routing protocol, meaning that it establishes a route to a
destination only on demand. AODV is, as the name indicates,
a distance-vector routing protocol. AODV avoids the countingto-infinity problem of other distance-vector protocols by using
sequence numbers on route updates, a technique pioneered
by DSDV.
AODV
is
capable
of
both unicast and multicast routing. In AODV based on the
demand for route information the Broadcast is minimized. Its
simplicity is that when broadcasting RREQ packet between a
source and destination an immediate node receives and forwards
it to the destination.
4.2.2 Dynamic Source Routing
Dynamic Source Routing' (DSR) is a routing protocol which
forms a route on-demand when a transmitting computer requests
one. However, it uses source routing instead of relying on the
routing table at each intermediate device. This protocol is truly
based on source routing whereby all the routing information is
maintained at mobile nodes. It has only two major phases which
are Route Discovery and Route Maintenance. Route Reply
would only be generated if the message has reached the
intended destination node.
Dynamic source routing protocol (DSR) is an on-demand
protocol designed to restrict the bandwidth consumed by control
packets in ad hoc wireless networks by eliminating the periodic
table-update messages required in the table-driven approach.
__________________________________________________________________________________________
Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org
100
IJRET: International Journal of Research in Engineering and Technology
5. ROUTING PROTOCOL SECURITY
The determination of the flow of data from node to node can be
obtained through the routing protocol. As the flow of data from
source to destination passes through many intermediate nodes in
a wireless environment it is prone to be intercepted. So security
aspects need to be improved for secure communication. A
number of security measures are undertaken to limit the risks.
Encryption: Making a data secure follows the mechanism of
Encryption where a data that a sender wants to sent towards its
destination needs to be encrypted such that the data is not easily
broken or known to the outside world. On the other side i.e. at
the destination the data is easily broken down by the decryption
mechanism.
Depending upon the Energy required, Memory and
Computation Power the techniques like RSA and DiffieHellman are use for Encryption-Decryption mechanism.
Authentication: In a wireless environment a node makes itself
authenticated to other available nodes by creating neighborhood
tables where the various identification numbers are include in
the table. The sending node enters its own identification number
and sends towards the destination. Once the identification
number is verified using the neighborhood table by the receiver
the data is forwarded to the destination.
Authentication-Encryption: Combining the features of both
Authentication and Encryption a more secure way of
communication among the nodes can be achieved and prevent
nodes from being intercepted. Using the similar authentication
technique mentioned above, the transmitting node includes its
identification number and that same number encrypted in the
data header. When the receiving node receives the data, it
verifies the sender’s node identification and decrypts the
encrypted identification number. If both identification numbers
match, the data is forwarded.
eISSN: 2319-1163 | pISSN: 2321-7308
Message Integrity. A Digital Signature is being used as it is an
on-demand routing protocol. When communicating between
node A wants and node Z, it broadcasts a route discovery packet
(RDP). The IP field specifies the IP address of Z. The message
includes A’s certificate, a nonce that increases every time A
sends an RDP along with a time stamp. The message is signed
with A’s private key. When intermediate node B receives the
message, it verifies the authenticity by extracting A’s public key
from the certificate within the message. After checking to make
sure the certificate has not expired, node B sets up a (reverse)
route towards the originator A of the RDP. If this is the first
time that node B has seen this message, it attaches its own
certificate, signs the message with its private key and
rebroadcasts the RDP. Once node Z finally receives the
message, it signs the message with its private key, IP address
and certificate and sends a route reply (RREP) message. Nodes
unicast the RREP message to the originator A through the
discovered path. As the REP traverses the path, the intermediate
nodes remove the certificate and signature of the previous node.
Finally, node A receives the RREP and verifies the authenticity
of the response.
6.2 Secure Ad Hoc On-Demand Distance Vector
(SAODV)
Source authentication, import authorization, integrity and data
authentication services are provided by SAODV in which it
assumes that there is a key management system (KMS) that
assigns keys to the nodes, verifying the association of the public
keys and the node identities. Hash chains are used to secure the
hop count and digital signatures authenticate the message fields.
Applying a one-way hash function to a random seed value a
hash chain provides integrity for hop count.
6.3 Secure Efficient Ad Hoc Distance Vector (SEAD)
These are the most basic techniques in securing the data in Adhoc network.
Taking into account the various limited resources (network
bandwidth, processing capabilities, and memory and battery
power) of the nodes SEAD provides secure distance vector
routing. It uses a one-way Hash function and follows the way as
DSDV performs. [1]
6. SECURE ROUTING PROTOCOLS:
7. CONCLUSIONS
With respect to the performance and security a secure routing
protocol offers additional features in regards to security in Adhoc Mobile network and also their protection from different
types of Attacks. Various Secure routing Protocols that provide
performance and security are as follows:
In today’s world the wireless technology is growing in a repaid
fashion because of their easy implementation and use. A
technology with advantage also comes with certain
disadvantages. As the medium of transmission in wireless
technology is not secure so, in this paper, we have analyzed the
security for an ad hoc network faces and presented the operation
of routing protocol based on security prospective. Various
attacks for the ad-hoc networks is been declared.
6.1 Authenticated Routing for Ad Hoc Networks
(ARAN)
The detection and protection against the malicious attackers by
third parties and peers in Ad-hoc environment guarded by
ARAN by performing Authentication, non-repudiation and
__________________________________________________________________________________________
Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org
101
IJRET: International Journal of Research in Engineering and Technology
eISSN: 2319-1163 | pISSN: 2321-7308
REFERENCES
[1]. Barbeau, M. and Kranakis, E. Principles of Ad Hoc
Networking. John Wiley and Sons Publication . 2007.
[2]. Zhang, H., Olariu, S., Cao, J. Mobile Ad-hoc Sensor
Networks: Third International Conference. Springer, 2007.
MSN 2007. Beijing, China. December 12-14, 2007.
[3]. Das, V. and Vijaykumar, R. Information and
Communication Technologies. International Conference, ICT
2010. Kochi, Kerala, India. September 2010.
[4]. Science Academy Transactions on Computer and
Communication Networks, Vol. 1, No. 1, March 2011
[5]. Securing Ad Hoc Networks, Lidong Zhou Department of
Computer Science, Cornell University Ithaca, NY 14853
[6]. Kejun Liu, Jing Deng, Member, IEEE, Pramod K.
Varshney, Fellow, IEEE, and Kashyap Balakrishnan, Member,
IEEE, “An Acknowledgment-Based Approach for the Detection
of Routing Misbehavior in MANETs” IEEE Transaction on
Mobile Computing, VOL. 6, NO. 5, May 2007
__________________________________________________________________________________________
Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org
102