Security in Security in MobileMobile

Ad Hoc NetworksAd Hoc NetworksThao p LeThao p Le

tple@cs.wichita.edutple@cs.wichita.eduDepartment of Computer Department of Computer

Sciences, Sciences, Wichita State UniversityWichita State University

Outline of PresentationOutline of Presentation

Induction to MANET (Induction to MANET (MMobile obile AAd-Hoc d-Hoc NetNetwork)work)

Ad Hoc Networks ArchitectureAd Hoc Networks Architecture Attacks to Ad Hoc NetworksAttacks to Ad Hoc Networks Challenge of Ad Hoc NetworksChallenge of Ad Hoc Networks Security SolutionSecurity Solution ConclusionConclusion

IntroductionIntroduction Ad hoc networks are collections of mobile Ad hoc networks are collections of mobile

nodes with links that are made or broken in nodes with links that are made or broken in an arbitrary way.an arbitrary way.

No centralized controller and infrastructure.No centralized controller and infrastructure. Allows free mobilityAllows free mobility Node acts as host and router to assist in

transmitting data to other nodes in its range. Can be quickly and inexpensively setupCan be quickly and inexpensively setup Applications: military, emergency and

disaster situations.

MANETs: AdvantagesMANETs: Advantages

Can access information and services Can access information and services regardless of geographic positionregardless of geographic position

Can set up computer networks at Can set up computer networks at any place and timeany place and time

Ad Hoc Networks Ad Hoc Networks ArchitectureArchitecture

Rapid setup timeRapid setup timeAd hoc mode only needs the setting up of Ad hoc mode only needs the setting up of radio network interface card (NICs) in the radio network interface card (NICs) in the user devices.user devices.

Better performance possibleBetter performance possibleThe question of performance with ad hoc The question of performance with ad hoc mode is certainly doubtful.mode is certainly doubtful.

Limited network access.Limited network access.There is no distribution system with ad hoc There is no distribution system with ad hoc wireless LANs, users don’t have effective wireless LANs, users don’t have effective access to the internet and other wired access to the internet and other wired network services.network services.

Ad Hoc Networks Ad Hoc Networks Architecture (cont.)Architecture (cont.)

Difficult network managementDifficult network managementNetwork management becomes a Network management becomes a headache with ad hoc networks headache with ad hoc networks because of the fluidity of the because of the fluidity of the network topology and lack of a network topology and lack of a centralized device.centralized device.

Attacks to Ad Hoc Attacks to Ad Hoc NetworksNetworks

Two types of attacks target Ad Hoc Two types of attacks target Ad Hoc networknetwork• External attacks:External attacks:

MAC layer jammingMAC layer jamming Traffic analysisTraffic analysis

• Internal attacks:Internal attacks: Compromised host sending false routing Compromised host sending false routing

informationinformation Fake authentication and authorizationFake authentication and authorization Traffic floodingTraffic flooding

Challenge of Ad Hoc Challenge of Ad Hoc NetworksNetworks

Dynamic topologyDynamic topology Movement, node failure, etc.Movement, node failure, etc.

Heterogeneous and decentralized Heterogeneous and decentralized controlcontrol

Limited resourcesLimited resources Bandwidth, processing ability, energyBandwidth, processing ability, energy

Unfriendly environmentUnfriendly environment Selfish nodes, malicious attackersSelfish nodes, malicious attackers

Challenge of Ad Hoc Challenge of Ad Hoc Networks (cont.)Networks (cont.)

Authentication and accounting Authentication and accounting No fixed membershipNo fixed membership

Security concern Security concern Open medium without any centralized controlOpen medium without any centralized control

Real time servicesReal time services Dynamic topology and slow routing Dynamic topology and slow routing

information distributioninformation distribution Limited bandwidthLimited bandwidth

Congestion is typically the norm rather than Congestion is typically the norm rather than the exception.the exception.

Problems with Security Problems with Security MeasuresMeasures

Deficiencies of intrusion preventionDeficiencies of intrusion prevention• Increases the overhead during normal Increases the overhead during normal

operations of Ad Hoc networksoperations of Ad Hoc networks• Restriction on power consumption and Restriction on power consumption and

computation capability prevent the usage computation capability prevent the usage of complex encryption algorithmsof complex encryption algorithms

• Flat infrastructure increases the Flat infrastructure increases the difficulty for the key management and difficulty for the key management and distributiondistribution

• Cannot guard against internal attacksCannot guard against internal attacks

Security SolutionSecurity Solution

The Multi-fence Approach in Security The Multi-fence Approach in Security SolutionSolution• The proactive approach attempts to The proactive approach attempts to

prevent security threats in the first prevent security threats in the first place.place.

• The reactive approach seeks to detect The reactive approach seeks to detect threats a posteriori (derived by threats a posteriori (derived by reasoning from observed facts) and react reasoning from observed facts) and react accordingly. The reactive approach is accordingly. The reactive approach is widely used to protect packet forwarding widely used to protect packet forwarding operations.operations.

Security Solution (cont.)Security Solution (cont.)

Ad hoc Secure RoutingAd hoc Secure Routing• Source Node Routing( DSR)Source Node Routing( DSR)• Distance Vector Routing (DSDV and Distance Vector Routing (DSDV and

AODV)AODV)• Link State Routing: Secure Link State Link State Routing: Secure Link State

Routing (SLSP)Routing (SLSP)• Other Routing Protocols: ARANOther Routing Protocols: ARAN

ConclusionConclusion The research on MANET security is still in its early The research on MANET security is still in its early

stage. The existing proposals are typically attack-stage. The existing proposals are typically attack-oriented in that they first identify several security oriented in that they first identify several security threats and then enhance the existing protocol or threats and then enhance the existing protocol or propose a new protocol to thwart such threats. propose a new protocol to thwart such threats. Because the solutions are designed explicitly with Because the solutions are designed explicitly with certain attack models in mind, they work well in the certain attack models in mind, they work well in the presence of designated attacks but may collapse presence of designated attacks but may collapse under anticipated attacks. Therefore, a more under anticipated attacks. Therefore, a more ambitious goal for ad hoc network security is to ambitious goal for ad hoc network security is to develop a multi-fence security solution that is develop a multi-fence security solution that is embedded into possibly every component in the embedded into possibly every component in the network, resulting in in-depth protection that offers network, resulting in in-depth protection that offers multiple lines of defense against many both known multiple lines of defense against many both known and unknown security threats.and unknown security threats.

SourcesSources [1] Cavin et al., "On the accuracy of MANET simulators," [1] Cavin et al., "On the accuracy of MANET simulators,"

Proc. ACM Workshop on Princ. Mobile ComputingProc. ACM Workshop on Princ. Mobile Computing [2] K.-W. Chin, et al., "Implementation Experience with [2] K.-W. Chin, et al., "Implementation Experience with

MANET Routing Protocols," MANET Routing Protocols," ACM SIGCOMM Computer ACM SIGCOMM Computer Communications ReviewCommunications Review, Nov. 2002, pp. 49-59. Available , Nov. 2002, pp. 49-59. Available online.online.

[3] Frodigh, et al, "Wireless Ad Hoc Networking: The Art of [3] Frodigh, et al, "Wireless Ad Hoc Networking: The Art of Networking without a Network," Networking without a Network," Ericsson ReviewEricsson Review, No. 4, , No. 4, 2000. online2000. online.. [4] M. S. Corson et al., "Internet-Based Mobile [4] M. S. Corson et al., "Internet-Based Mobile Ad Hoc Networking," Ad Hoc Networking," IEEE Internet ComputingIEEE Internet Computing, July-August , July-August 19991999

[5] C. Elliott and B. Heile, "Self-Organizing, Self-Healing [5] C. Elliott and B. Heile, "Self-Organizing, Self-Healing Wireless Networks," Wireless Networks," Proc. 2000 IEEE Proc. 2000 IEEE

[6] K. Kim, "A New Mobile Environment: Mobile Ad Hoc [6] K. Kim, "A New Mobile Environment: Mobile Ad Hoc Networks (MANET)," Networks (MANET)," IEEE IEEE

[7] C. Perkins and E Royer, “Ad Hoc On-Demand Distance [7] C. Perkins and E Royer, “Ad Hoc On-Demand Distance Vector Routing,” Vector Routing,” 2nd IEEE Wksp. Mobile Comp. Sys.and 2nd IEEE Wksp. Mobile Comp. Sys.and Apps.Apps., 1999 , 1999