ngmast- wms workshop17/09/2008, cardiff, wales, uk a simulation analysis of routing misbehaviour in...

NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks

2nd International Conference and Exhibition on NEXT GENERATIONS MOBILE APPLICATIONS SERVICES

AND TECHNOLOGIES (NGMAST 2008)Workshop on Mobile and Wireless Security (WMS’08)

Abdelaziz Babakhouya CERIST Center of Research, Algiers, Algeria.

University of Béjaia, Algeria.Y. Challal and A. Bouabdallah (UTC, Heudiasyc lab.,

France )

2NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Outline

Mobile Ad hoc Network (MANET) Dynamic Source Routing protocol (DSR)

Nodes misbehaviour

Simulation Results (NS-2)

Countermeasures

Conclusion

3NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Mobile Ad hoc NETwork (MANET)

Definition MANET is a collection of wireless mobile nodes which may

form a temporary network, without the use of any fixed infrastructure or centralized administration

Features Multi-hop communication Dynamic topology Constrained resources No physical security

Applications Military and Rescue operations Civilian application

4NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Routing in MANET

Network layer Routing: Route discovery and route maintenance Data forwarding

AS DB

Source node Destination nodeIntermediate nodes

Problem: In a malicious environment, misbehaving nodes may not cooperate.

How can they misbehave? What is the effect of nodes misbehaviour on network performance ?

5NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Route discovery in DSR

11-2

11-3

1-3-4

1-3-4

1-3-4

1-2-5

1-3-4-6

1-3-4-7S

D52

1

3

4

6

7

8

Route Request (RREQ)

6NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Route discovery in DSR

S

D52

1

3

4

6

7

8

Route Reply (RREP)

1-2-5-81-2-5-8 1-2-5-8

7NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Packet forwarding in DSR

S

D52

1

3

4

6

7

8

8NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Nodes misbehaviour

G

S1

M

S2

Cooperative node: cooperate in both route discovery and packet forwarding functions.

Selfish node : try to save their own resources (energy and bandwidth). Selfish node type 1: Disable packet forwarding

function. Selfish node type 2: Disable routing function.

Malicious node: Try to sabotage other nodes, example of Black hole attack

Other parameters: Time: start/stop time of the behaviour Target: source/destination of the behaviour Degree P: [0,1] the probability of the behaviour

9NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Simulation

Objectives: What is the effect of selfish behaviour when varying the % of

misbehaving nodes? What is the effect of one malicious node when varying nodes

mobility and traffic load? Comparison between malicious behaviour and selfish

behaviour, according to the packet dropping attack strength.

Performances metrics Packet Delivery Fraction (PDF) : CBR packets received / CBR

packets sent Average End to End Delay (EED): the delay between the

sending of CBR packet by the source and its receipt by the destination.

10NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Simulation in NS2

Fixed parameters Mobility: random waypoint

Pause time = 10s, max speed = 5m/s. CBR: 20 connections,

Packets size = 512 bits; packet rate = 2 packet/s Simulation time : 500 s Target of attack : all nodes Time of attack = simulation time = 500 s

Variables parameters Density number of nodes in an area of 1000m x

1000m Low density = 30 nodes High density = 60 nodes

Probability of packets dropping P:[1.0, 0.5, 0.1]

11NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Selfish type 1

AS DB

RREQ packets from S to D

RREP packets from D to S

CBR packets from S to D

What is the effect on PDF when varying % of misbehaving nodes? We consider two scenarios:

Low density = 30 nodes, and high density = 60 nodes Probability of packets dropping: [ 1.0, 0.5, 0.1]

12NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Simulation results of selfish type 1

Degradation of PDF when the % of misbehaving nodes increases.

Node density has a negligible influence on the PDF Reduction of the attack strength when Pi decreases.

13NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Selfish type 2

AS DB

RREQ packets from S to D

RREP packets from D to S

CBR packets from S to D

Misbehaving nodes do not drop data packet What is the effect on Average EED ?

Low and high node density scenarios

14NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Simulation results of selfish type 2

Negligible influence on the PDF there exists alternative routes Degradation of EED when the percentage of misbehaving nodes

increases, especially in low density (30 nodes).

15NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Malicious node (black hole attack)

BA D

Forged RREP packets <S,A,M,D>

What is the impact on PDF, by varying mobility and number of CBR connections?

M

S C

Correct route

Forged route

16NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Simulation results of Malicious behaviour

PDF falls to 55% when only one malicious node performs the black hole attack.

Nodes Mobility and CBR connection don’t affect the metric PDF.

17NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Countermeasures

Secure routing S-AODV, SRP, ARAN, Adriane. Achieve authentication integrity and non repudiation

of the discovered route Prevent malicious nodes from being included in the discovered route.

Limitations: Do not prevent from with selfish nodes. Need of a Public Key Infrastructure (PKI) New security follows.

Detection and isolation of misbehaving nodes Watch-dog, CORE, CONFIDANT, OCEAN, SORI. Neighbours monitoring, node’s reputations and exchange

of Alarms and recommendations. False detection, need of nodes authentication

18NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Conclusion

Misbehaving node is one of the major security issues of MANET

To retain from simulation results :

RREQ dropping do not affects the PDF. However, it can really affect the average EED and lead to congestion in a low density network.

One malicious node carrying a black hole attack can have the same effect as 20% to 30% of selfish nodes type 1.

Both of data and routing packets need to be secured from selfish and malicious nodes.

NGMAST- WMS workshop 17/09/2008, Cardiff, Wales, UK

Thanks