Adhoc Network Security

Published on January 2017 | Categories: Documents | Downloads: 47 | Comments: 0 | Views: 348
of 17
Download PDF   Embed   Report

Comments

Content

Ad Hoc Communication Networks And Security

Submitted by:

Sirisha K.N.
[email protected]

someswara prasad ch.
[email protected]

GODAVARI INSTITUTE OF ENGG AND TECHNOLOGY RAJAHMUNDRY.

Abstract: Ad hoc networks are a new paradigm of wireless communication for mobile hosts (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology. In this paper, we study what the ad hoc network is, and types of ad hoc network. The architecture of the ad hoc network and the protocols used are described in this paper. The main issue ad hoc network security has also described. Finally applications, advantages, and disadvantages are given.

An ad-hoc (or "spontaneous") network is a local area network or other small network, especially one with wireless or temporary plug-in connections, in which some of the network devices are part of the network only for the duration of a communications session or, in the case of mobile or portable devices, while in some close proximity to the rest of the network. In Latin, ad hoc literally means "for this," further meaning "for this purpose only," and thus usually temporary. The term has been applied to future office or home networks in which new devices can be quickly added. using, for example, the proposed Bluetooth technology in which devices communicate with the computer and perhaps other devices using wireless transmission. Key terms: ad hoc networks, types, architecture, protocols, applications. Communication through Ad Hoc network: An ad hoc network is a (possibly mobile) collection of communications devices (nodes) that wish to communicate, but have no fixed infrastructure available, and have no pre-determined organization of available links. Individual nodes

What is ad hoc network?

are responsible for dynamically discovering which other nodes they can directly communicate with. A key assumption is that not all nodes can directly communicate with each other, so nodes are required to relay packets on behalf of other nodes in order to deliver data across the network. Thus the nodes in ad hoc form multihop radio network.

target nodes that are out of range by flooding the network with broadcasts that are forwarded by each node. Connections are possible over multiple nodes (multihop ad hoc network). Routing protocols then provide stable connections even if nodes are moving around.

Types of Wireless Ad Hoc Networks: There are two major types of wireless ad hoc networks i. ii. Mobile ad hoc networks Smart sensor networks. hoc networks

Mobile ad (MANETs): Fig. Ad hoc network representation The nodes communicate with each other over wireless links. Each node in a wireless ad hoc network functions as both a host and a router, and the control of the network is distributed among the nodes. The network topology is in general dynamic, because the connectivity among the nodes may vary with time due to node departures, new node arrivals, and the possibility of having mobile nodes. There are no explicit links in an ad hoc network, and all communication is by broadcast.Devices may search for

A MANET is an autonomous collection of mobile users that communicate over relatively bandwidth constrained wireless links. Since the nodes are mobile, the network topology may change rapidly and unpredictably over time. The network is decentralized, where all network activity including discovering the topology and delivering messages must be executed by the nodes themselves, i.e., routing functionality will be incorporated into mobile nodes. The network scenarios such as establishing survivable, efficient, dynamic communication for

emergency/rescue operations, disaster relief efforts, and military networks cannot rely on centralized and organized connectivity, and can be conceived as applications of MANETs. Factors such as variable wireless link quality, propagation path loss, fading, multi-user interference, power expended, and topological changes affect performance and dependability of the network. Requirements of MANET: • The design of network protocols regardless of the application. (A complex issue.) • Efficient distributed algorithms to determine network organization, link scheduling, and routing. • Determinination of viable routing paths and delivering messages in a decentralized environment where network topology fluctuates. (Which is not a well-defined problem?) • The network should be able to adaptively alter the routing paths to alleviate any of the above-mentioned effects. • Reservation of security, latency, reliability, intentional jamming, and recovery from failure.

Smart sensor networks: A smart sensor network consists of a number of sensors spread across a geographical area. Each sensor has wireless communication capability and sufficient intelligence for signal processing and networking of the data. Some examples of smart sensor networks are the following: • Military sensor networks to detect enemy movements, the presence of hazardous material (such as poison gases or radiation), explosions, etc. • Environmental sensor networks (such as in plains or deserts or on mountains or ocean surfaces) to detect and monitor environmental changes. • Wireless surveillance sensor networks for providing security in a shopping mall, parking garage, or other facility. Basic goals of a smart sensor network are to determine the value of some Parameter at a given location, determine the occurrence of events of interest and estimate parameters

of the detected event(s), detect an object and track the object. Sensor network requirements: • Large number of (mostly stationary) sensors. • Low energy use. • Network organization. • Collaborative processing. • Querying ability. ARCHITECTURE: A set of layers and protocols is called network architecture. Layered Approach: To reduce design complexity networks are organized as series of levels called Layers. Ad hoc network is multi-layer containing physical layer, multiple access control layer (MAC), network layer, transport layer and application layer. Flat-routed and two-tired design approaches in ad hoc are discussed in sub-point Connectivity in ad hoc network. selfsignal

Layer ‘n’ on one machine carries on a conversation with layer ‘n’ on another machine. The rules and conventions used in this conversation are collectively known as layer ‘n’ protocol. TCP/IP protocol is making universal service possible. It is used in Internetworks, Novell NetWare, APRANET etc. networks. But there are some problems using TCP/IP for ad hoc as TCP performs less predictable on wireless networks than the wired. Two critical problems over wireless multi-hop are:  Conflicts between data packets and ACKs which causes TCP performance to degrade for window sizes greater than 1 packet.  The interaction between MAC and TCP layer backoff timers which cause severe unfairness and capture conditions. Thus special protocols used for wireless, multi-hop ad hoc networks are Distance vector routing protocol (DVRP), Line state protocol, Dynamic source routing protocol, Destination sequence distance vector routing protocol (DSDVRP), Multicast routing protocol, zone routing protocol (ZRP) and Novel distributed routing protocol. These are discussed in

Protocol:

protocol section with detail working of Novel distributed routing protocol. Connectivity in Ad Hoc Network: Basically, there are two approaches in providing ad-hoc network connectivity:
i.

Fig.4 A two tiered ad hoc network In hierarchical networks, there are at least two tiers; on the lower0 tier, nodes in geographical proximity create peer-to-peer networks. In each one of these lower-tier networks, at least one node is designated to serve as a "gateway” to the higher tier. These “gateway” nodes create the higher-tier network, which usually requires more powerful transmitters/receivers. Although routing between nodes that belong to the same lower-tier network is based on peer-to-peer routing, routing between nodes that belong to different lower-tier networks is through the gateway nodes We note that the flat-routed networks are more suitable for the highly versatile communication environment as the RWN-s. The reason is that the maintenance of the hierarchies (and the associated cluster heads) is too costly in network.

ii.

Flat-routed network architectures. Hierarchical network architectures. An example of a flat-routed network is shown in Figure 3 and that of a two-tiered hierarchical network in Figure 4.

Fig.3 A flat-routed ad hoc network In flat-routed networks, all the nodes are “equal” and the packet routing is done based on peer-topeer connections, restricted only by the propagation conditions.

Protocols: Classification: Protocols are broadly classified as a. b. Proactive protocols. Reactive protocols.

when a route is needed, some sort of global search procedure is employed. In reactive protocols, because route information may not be available at the time a routing request is received; the delay to determine a route can be quite significant. Because of this long delay, pure reactive routing protocols may not be applicable to real-time communication. What is needed is a protocol that, on one hand, initiates the route determination procedure on demand, but with limited cost of the global search. The wired Internet uses routing protocols based on topological broadcast, such as the SPF. These protocols are not suitable for the RWN due to the relatively large bandwidth required for update messages. Protocols networks: used in ad-hoc

Proactive protocols: These attempts to continuously evaluate the routes within the network, so that when a packet needs to be forwarded, the route is already known and can be immediately used. The advantage of the proactive schemes is that, once a route is requested, there is little delay until route is determined. Pure proactive schemes are not appropriate for the ad-hoc (e.g.RWN) environment, as they continuously use large portion of the network capacity to keep the routing information current. Since in an adhoc nodes move quite fast, and as the changes may be more frequent than the routing requests, most of this routing information is never used. This results in an excessive waste of the network capacity. Reactive protocols: These on the other hand, invoke the route determination procedures on demand only. Thus,

The following routing protocols are generally used in ad hoc networks.  Distance vector RP.  Link state RP.  Dynamic source RP.  Novel distributed RP  Destination sequence distance vector RP.

 

Zone routing. Multicast routing.

Xerox’s XNS); and RTMP (used in AppleTalk). Link state routing protocol:

Distance-vector routing protocol: In distance vector routing, each router maintains a table giving the distance from itself to all possible destinations. Each router periodically broadcasts this information to each of its neighbor routers, and uses the values received from its neighbors to compute updated values for its own table. By comparing the distances received for each destination from each of its neighbors, a router can determine which of its neighbors is the correct “next hop” on the shortest path toward each destination. The salient advantage of DVRP is the considerable reduction in the probability of loops in the calculated routes. The main disadvantage of DVRP for the RWN is in the fact that routing nodes constantly maintain full routing information in each network node, which was obtained at relatively high cost in wireless resources. Examples of distance vector routing protocols include the routing protocol used in the DARPA Packet Radio Network; the original routing protocol for the ARPANET; RIP (used in parts of the Internet, in Novell’s IPX, and in

In this protocol each router maintains a complete picture of the topology of the entire network. Each router monitors the cost of the link to each of its neighbor routers, and periodically broadcasts an update of this information to all other routers in the network. Given this information of the cost of each link in the network, each router computes the shortest path to each possible destination. Examples of link state routing protocols include the “new” routing protocol that replaced the original protocol for the ARPANET, IS-IS (adopted by ISO as a standard routing protocol), and OSPF (used in parts of the Internet). Dynamic source routing protocol: It is a protocol for routing packets between wireless mobile hosts in an ad hoc network. Unlike routing protocols using distance vector or link state algorithms, this protocol uses dynamic source routing which adapts quickly to routing changes when host movement is frequent, yet requires little or no overhead during periods in which hosts move less frequently. Here to send a packet to another host, the sender constructs a source

route in the packet’s header, giving the address of each host in the network through which the packet should be forwarded in order to reach the destination host. The sender then transmits the packet over its wireless network interface to the first hop identified in the source route. When a host receives a packet, if this host is not the final destination of the packet, it simply transmits the packet to the next hop identified in the source route in the packet’s header. Once the packet reaches its final destination, the packet is delivered to the network layer software on that host. Dynamic source routing protocol utilizes flooding to discover a route to a destination. Optimization techniques, such as route caching reduce the route determination or maintenance overhead. In a highly dynamic environment, such as the RWN is, this type of protocols lead to a large delay and the techniques to reduce overhead may not perform well. Protocol protocol: multicast routing

protocol is inspired by the Core Based Tree (CBT) scheme. Each multicast group has a unique multicast identifier (Mid). Each multicast address identifies a host group, the group of hosts that should receive a packet sent to that address. Each multicast group is initialized and maintained by a multicast server (MS) which becomes the core of the CBT for this multicast group. Initially the multicast server broadcasts the Mid and its own node id (MSid) using a flooding algorithm. When a node receives this information, it records the pair Mid and MSid into its multicast database which can be used to join or quit this multicast group. Alternatively to avoid flooding, the multicast server registers themed on a directory server. Any node which wants to join a particular multicast group can query the directory server. Future research directions include: • The dynamic relocation of the CORE • The extension of the Internet (or ATM) multicast tree solutions to the wireless segments and • QoS multicasting DSDV protocol: Destination sequence distance vector protocol is enhancement to

As ad-hoc networks are multihop wireless networks they use Multicast Routing Protocol. A multicast protocol builds upon a cluster based wireless network infrastructure. The multicast

the distance-vector Bellman-Ford routing protocol made to support ad hoc MHs. Because each MH periodically advertises its view of network topology, this scheme is inefficient. Similar to cluster based routing this scheme uses broadcast routing and connectionless and packet forwarding approach. Zone routing protocol: In this protocol routing in the RWN is based on the notion of a routing zone, which is defined for each node and includes the nodes whose distance (e.g., in hops) is at most some predefined number. This distance is referred to here as the zone radius. Each node is required to know the topology of the network within its routing zone only and nodes are updated about topological changes only within their routing zone. Thus, even though a network can be quite large, the updates are only locally propagated. Since for radius greater than 1 the routing zones heavily overlap, the routing tends to be extremely robust. The routes within the network are specified as a sequence of nodes separated by approximately the zone radius. The Route Discovery protocol is illustrated by an example shown in figure 5 :

Fig.5 An example of zone routing Ad Hoc Network Security: Ad hoc networks are a new paradigm of wireless communication for mobile hosts (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology. Fig shows such an example: initially, nodes A and D have a direct link between them. When D moves out of A’s radio range, the link is broken. However, the network is still connected, because A can reach D through C, E, and F. Military tactical operations are still the main application of ad hoc networks today. For example, military units (e.g., soldiers, tanks, or planes), equipped with wireless communication devices, could form

an ad hoc network when they roam in a battlefield. Ad hoc networks can also be used for emergency, law enforcement, and rescue missions. Since an ad hoc network can be deployed rapidly with relatively low cost, it becomes an attractive option for commercial uses such as sensor networks or virtual classrooms. Security goals: Security is an important issue for ad hoc networks, especially for those security-sensitive applications. To secure an ad hoc network, we consider the following attributes: availability, confidentiality, integrity, authentication, and nonrepudiation.

The circle represents the radio range of node A. The network initially has the topology in (a). When node D moves out of the radio range of A, the network topology changes to the one in (b). Availability ensures the survivability of network services despite denial of service attacks. A denial of service attack could be launched at any layer of an ad hoc network. On the physical and media access control layers, an adversary could employ jamming to interfere with communication on physical channels. On the network layer, an adversary could disrupt the routing protocol and disconnect the network. On the higher layers, an adversary could bring down high-level services. One such target is the key management service, an essential service for any security framework. Confidentiality ensures that certain information is never disclosed to unauthorized entities. Network transmission of sensitive information, such as strategic or tactical military information, requires confidentiality. Leakage of such information to enemies could have devastating consequences. Routing information must also remain confidential in certain cases, because the information might be valuable for enemies to identify and

Fig: Topology change in ad hoc networks: nodes A, B, C, D, E, and F constitute an ad hoc network.

to locate their targets in a battlefield. Integrity guarantees that a message being transferred is never corrupted. A message could be corrupted because of benign failures, such as radio propagation impairment, or because of malicious attacks on the network. Authentication enables a node to ensure the identity of the peer node it is communicating with. Without authentication, an adversary could asquerade a node, thus gaining unauthorized access to resource and sensitive information and interfering with the operation of other nodes. Finally, nonrepudiation ensures that the origin of a message cannot deny having sent the message. Non repudiation is useful for detection and isolation of compromised nodes. When a node A receives an erroneous message from a node B, non-repudiation allows A to accuse B using this message and to convince other nodes that B is compromised. Challenges: The salient features of ad hoc networks pose both challenges and opportunities in achieving these security goals. First, use of wireless links renders an ad hoc network susceptible to link attacks ranging from passive eaves dropping to active

impersonation, message replay, and message distortion. Eavesdropping might give an adversary access to secret information, violating confidentiality. Active attacks might allow the adversary to delete messages, to inject erroneous messages, to modify messages, and to impersonate a node, thus violating availability, integrity, authentication, and non-repudiation. Secondly, nodes, roaming in a hostile environment (e.g., a battlefield) with relatively poor physical protection, have nonnegligible probability of being compromised. Therefore, we should not only consider malicious attacks from outside a network, but also take into account the attacks launched from within the network by compromised nodes. Therefore, to achieve high survivability, ad hoc networks should have a distributed architecture with no central entities. Introducing any central entity into our security solution could lead to significant vulnerability; that is, if this centralized entity is compromised, then the entire network is subverted. Thirdly, an ad hoc network is dynamic because of frequent changes in both its topology and its membership (i.e., nodes frequently join and leave the network). Trust

relationship among nodes also changes, for example, when certain nodes are detected as being compromised. Unlike other wireless mobile networks , such as mobile IP [21, 48, 34], nodes in an ad hoc network may dynamically become affiliated with administrative domains. Any security solution with a static configuration would not suffice. It is desirable for our security mechanisms to adapt onthe-fly to these changes. Finally, an ad hoc network may consist of hundreds or even thousands of nodes. Security mechanisms should be scalable to handle such a large network. Secure Routing: To achieve availability, routing protocols should be robust against both dynamically changing topology and malicious attacks. Routing protocols [30, 25, 43, 32, 49, 16, 23, 35] proposed for ad hoc networks cope well with the dynamically changing topology. However, none of them, to our knowledge, have accommodated mechanisms to defend against malicious attacks. Routing protocols for ad hoc networks are still under active research. There is no single standard routing protocol. Therefore, we aim to capture the common

security threats and to provide guidelines to secure routing protocols. In most routing protocols, routers exchange information on the topology of the network in order to establish routes between nodes. Such information could become a target for malicious adversaries who intend to bring the network down. There are two sources of threats to routing protocols. The first comes from external attackers. By injecting erroneous routing information, replaying old routing information, or distorting routing information, an attacker could successfully partition a network or introduce excessive traffic load into the network by causing retransmission and inefficient routing. The second and also the more severe kind of threats comes from compromised nodes, which might advertise incorrect routing information to other nodes. Detection of such incorrect information is difficult: merely requiring routing information to be signed by each node would not work, because compromised nodes are able to generate valid signatures using their private keys. To defend against the first kind of threats, nodes can protect routing information in the same way they protect data traffic, i.e., through the

use of cryptographic schemes such as digital signature. However, this defense is ineffective against attacks from compromised servers. Worse yet, as we have argued, we cannot neglect the possibility of nodes being compromised in an ad hoc network. Detection of compromised nodes through routing information is also difficult in an ad hoc network because of its dynamically changing topology: when a piece of routing information is found invalid, the information could be generated by a compromised node, or, it could have become invalid as a result of topology changes. It is difficult to distinguish between the two cases. On the other hand, we can exploit certain properties of ad hoc networks to achieve secure routing. Note that routing protocols for ad hoc networks must handle outdated routing information to accommodate the dynamically changing topology. False routing information generated by compromised nodes could, to some extent, be considered outdated information. As long as there are sufficiently many correct nodes, the routing protocol should be able to find routes that go around these compromised nodes. Such capability of the routing protocols usually relies on the inherent redundancies — multiple, possibly disjoint, routes between nodes — in ad hoc

networks. If routing protocols can discover multiple routes (e.g., protocols in ZRP [16], DSR [25], TORA [32], and AODV [35] all can achieve this), nodes can switch to an alternative route when the primary route appears to have failed. Diversity coding [1] takes advantage of multiple paths in an efficient way without message retransmission. The basic idea is to transmit redundant information through additional routes for error detection and correction. For example, if there are n disjoint routes between two nodes, then we can use n−r channels to transmit data and use the other r channels to transmit redundant information. Even if certain routes are compromised, the receiver may still be able to validate messages and to recover messages from errors using the redundant information from the additional r channels. APPLICATIONS: Ad hoc networks are required in situations where a fixed communication infrastructure, wired or wireless, does not exist or has been destroyed. In such situations it is very difficult to provide the necessary infrastructure but it is a challenging task to enable fast and reliable communication within such a network. The applications of ad hoc networks span several different

sectors of society. The applications are as below.

main

• Military (tactical) communication: For fast establishment of communication infrastructure during deployment of forces in a foreign region ad hoc networks are used. It is essential to build rapid and reliable communication. This is achieved by using ad hoc network. • Rescue missions: At the time of rescue operations communication in areas without adequate wireless coverage becomes possible only due to ad hoc networks. National security: In times of national crises if the existing infrastructure becomes non operational due to some natural disaster ad hoc network is the only alternative.


They are mainly used for setting up communication in exhibitions, conferences, or sale presentations. • Education: The network can be used to interconnect workgroups moving in an area or campus. Distributed scientific experiments can be carried out and concept of virtual classrooms can be implemented. • Sensor networks:

For communication between intelligent sensors (e.g., MEMS) mounted on mobile platforms this type of network results very useful. ADVANTAGES: 1. Use of ad-hoc networks could increase mobility and flexibility, as ad-hoc networks can be brought up and torn down in very short time. 2. Ad-hoc networks could be more economical in some cases as they eliminate fixed infrastructure costs and reduce power consumption at mobile nodes 3. Ad-hoc networks are more robust than conventional wireless networks because of their non-hierarchical



Law enforcement: Similar to tactical communication ad hoc networks play an important role in law enforcement e.g. in application such as crowd control. Commercial use: Now it is a trend to adopt ad hoc networks for commercial uses due to their unique properties. •

distributed control and management mechanisms. 4. Because of short communication links (nodeto-node instead of node to a central base station), radio emission levels could be kept at low level. This increases spectrum reuse possibility or possibility of using unlicensed bands. 5. Because of multi-hop support in ad-hoc networks, communication beyond Line Of Sight (LOS) is possible at high frequencies. LIMITATIONS: Ad-hoc networks are yet far from being deployed on large-scale commercial basis. Some fundamental ad-hoc networking problems remain unsolved or need optimized solutions. • Although various routing protocols are suggested and tested for mobile ad-hoc networks, performance metrics like throughput, delay and protocol overhead in relation to successfully transmitted data need better optimization. • An additional complexity factor in ad-hoc network design is that different layers

of the system are highly interdependent. Therefore, layers one, two and three of the standard OSI model could probably not be separated and optimized independent from the function of other layers. • Further, it is conceivable that public use of ad-hoc network requires specific regulations and charging mechanisms.

CONCLUSION:

This paper has proposed a standalone technology, ad hoc network which is multi-hop, rapidly deployable and can automatically form and adapt the changes. The current cellular network is fixed with pre-located cell sites, base stations and without multi-hop support. Though ad hoc has hostile environment, it is very important for fast and reliable communication when there is no infrastructure available. Conventional distributed protocols include extensive bandwidth, power and computation overheads for MHs in ad hoc network, a bandwidth efficient distributed routing protocol based on

novel concept of associatively, proposed here, are very suitable. REFERENCE: Computer Networks (3rd edition) -A.S.Tanenbaum 2 Internetworking with TCP/IP (vol .III) -Douglas E.Comer & David L.Stevens. 3 Networking Security Essentials -William Stallings
1

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close