collaborative attacks on routing protocols in ad hoc networks

Collaborative Attacks on Routing Protocols in Ad hoc Networks

Neelima Gupta

University of Delhi

India

Neelima Gupta, Dept. of Computer Sc., University of Delhi

ATTACKS on Routing Protocols in AD-HOC NETWORKS Black Hole Wormhole Rushing Attack Many more Attacks


Black Hole Attack:

MRREQ

RREQ

RREPRREP

RREQ RREQ

RREQS

D


Worm Hole Attack: Malicious nodes eavesdrops the packets, tunnel

them to another location in the network and retransmit them at the other end.

M1

M2

SD


Rushing Attack

Forward ROUTE Requests more quickly than legitimate nodes can do so, increase the probability that routes that include the attacker will be discovered,

Attack against all currently proposed on-demand ad hoc network routing protocols.


Collaborative Attacks

Informal definition:

“Collaborative attacks (CA) occur when more than one attacker synchronize their actions to disturb a target

network”


Different Models of Collaborative AttackCollaborative Black hole attackCollaborative Black hole and

Wormhole attackCollaborative Black hole and

Rushing Attack


Collaborative Black Hole Attack

S

M24

12

D

5

M1

3


S

M24

1

2

D

5

M1

3RREQ

RREQ

RREQ

RREQRREQ

RREP

RREP

RREQ


S

BH2

4

1 2

D

5

BH1

3

Collaborative Black Hole Attack (cont.)

Existing ApproachesCross Validation from neighbours

(especially Next Hop Neighbours)

will fail


Dr. Neelima Gupta, Dept. of Computer Sc., University of Delhi

S

M24

1

2

D

5

M1

3RREQ

RREQ

RREQRREQ

RREQRREQ

RREP

RREP

RREP

RREP

RREP RREP RREP

RREQ


S

BH2

4

1 2

D

5

BH1

3

Collaborative Black Hole Attack (cont.)

Existing ApproachesNeighbour monitoring

M1 will escape



Collaborative Black hole and Wormhole attack

S

WH2

c4

a1

c1

D

WH1

c3c2

BH1RREQ

RR

EQ

RREQ

RREQ RREQ

RREP

RREP

Out-of-Band Channel

a3a2

RREQ

RREP

RREP

RREP

RREQ

RREQ

RREP

RREP


Collaborative Black hole and Wormhole attack (cont.)

S

WH2

c4

a1

c1

D

WH1

c3c2

BH1

a3a2


Collaborative Black hole and Rushing Attack

S

c4

a1

c1

D

a3R1

c3c2

BH1 a2

b2


Collaborative Black hole and Rushing Attack (cont.)

S

c4

a1

c1

D

R1

c3c2

BH1RREQ

RR

EQ

RREQ

RREQ RREQ

RREP

RREP

a3

a2

RREQ

RREP

RREP

b2

RREQRREQ

RREQ

RREP

RREQ

RREPRREP


Collaborative Black hole and Rushing Attack (cont.)

S

c4

a1

c1

D

R1

c3c2

BH1

a3

a2

b2


Current Proposed Solutions to handle collaborative black hole attack

Collacorative Monitoring: Collaborative security architecture for black hole attack prevention in mobile ad hoc networks , A Patcha and A Mishra, Proceedings of RAWCON ’03

Recursive Validation: Sanjay Ramaswamy, Huirong Fu, Manohar Sreekantaradhya, John Dixon and Kendall Nygard. Prevention of Cooperative Black Hole Attack in wireless Ad-Hoc Networks, Intl Conference on wireless netwroks, 2003


Collaborative Black Hole Attack

S

D

M2

W

W

M1


Consider this scenario-

S

D

M2

W1

W

RREQ

RREP

M1

Tell W1 to monitor M1


Case 1: M1 itself drops packets

S

D

M2

W

W

Data

PacketsM1

Buffer of sent packets to M1

Packets are not

forwarded; M1 is

Malicious


Case 2: M1 forwards but does not inform watchdog to monitor M2

S

DM2

W W

Data

PacketsM1


Overhear the packets but does not know the next hop id; increments

SUSPECT_NODE counter ->M1 is

Malicious

Does not send

SEND_DATA signal


Case 3: M1 forwards and informs but M2 drops..will be caught by W2

S

DM2

w1 w2

Data

PacketsM1



S

DM2

W W

M1


Packets are not

forwarded; M2 is

Malicious

SEND_DATA signal


AnalysisProblem with this appraoch

◦ Monitoring is done during data transmission => loss of data packets. The current solutions does not specify if and how the lost data is re-transmitted

Solution : Some dummy packets may be sent before sending the data packets.

S

21 DM

WW

Data

Packets

M does not have a route to D, so forward to 3

(not in route)

Data Packets

3

NULL or NON-NULL Node

Neighbor List : M

Neighbor List : 3

W


Another Problem◦Malicious Nodes acting together can

alternately drop packets to keep their individual SUSPECT_NODE counter less than SUSPECT_THRESHOLD, each time a route is established through them.

◦Malicious nodes would not be detected.◦Data packets are permanently lost.


Recursive neighbor validation

DS

B3

C2

A2A1

B1

C3C1

B2

A3A4

B4

C4

B5

RREQ

RREQRREQRR

EQ

RREQRREQ RREQ

RREQ

RREQRREQ

RREQ

RREQ

RREP

RREP

Intermediate Node, IN

Next Hop Node, NHN

RR

EP

RREP

RREP

RREP

RREP


Current Proposed Solution to handle collaborative attack

Weichao Wang, Bharat Bhargava, Yi Lu, and Xiaoxin Wu. Defending against wormhole attacks in mobile ad hoc networks. In Wiley Journal Wireless Communications and Mobile Computing (WCMC), volume 6, pages 483 –503. Wiley, 2006.


Monitoring /characterizing

Defense

Classification

No anomaly

anomaly

Negligible anomaly

Attack handled

Attack

detected

ChallengesTwo much of overhead in• monitoring even if no attack is present.• in isolating the malicious nodes recursively.We propose:1. Get a count of the packets received

from the destination.2. If the count is less than a threshold

then monitor.3. If a node drops more than a certain

threshold, declare it to be malicious. If more than one node drops packet, their sum is compared against the threshold. If greater, both the nodes are delcared to be malicious


NEED TO THINK DIFFERENTLY



Thank You!!!

collaborative attacks on routing protocols in ad hoc networks

Documents

escapeneelima gupta

failneelima gupta

university of delhiattacks

university of delhicurrent

m1m2sd4neelima gupta

university of delhidr

wormhole attack cont

network routing protocols