Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sonali Bhargava and Dharma P. Agrawal Center for Distributed & Mobile Computing Dept of ECECS, University of Cincinnati Security Enhancements in AODV protocol.

Published byLesley Cordelia Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Sonali Bhargava and Dharma P. Agrawal Center for Distributed & Mobile Computing Dept of ECECS, University of Cincinnati Security Enhancements in AODV protocol."— Presentation transcript:

1 Sonali Bhargava and Dharma P. Agrawal Center for Distributed & Mobile Computing Dept of ECECS, University of Cincinnati Security Enhancements in AODV protocol for Wireless Ad Hoc Networks Presented By: Syeda Momina Tabish MIT - 7

2 Agenda Syeda Momina Tabish....................................................................................................... NIIT-NUST 2 Introduction Motivation Related Work Assumptions and background Proposed Approach Intrusion Detection Model (IDM) Intrusion Response Model (IRM) Experimental Setup Performance Metrics Simulation Results Conclusion & Future Work Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

3 Introduction Syeda Momina Tabish....................................................................................................... NIIT-NUST 3 AODV -- On-demand route discovery Effective use of available bandwidth Highly scalable An ad hoc network is dynamically formed when two or more mobile hosts with wireless capability come into transmission range of each other Advantage of ad hoc networks: Can be set up ‘on-the-fly’ Requires no existing infrastructure Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

4 Stable Enhancement in AODV 4 AODV Operation Source Destination RREQ RREP Data RERR Data

5 Introduction contd. Syeda Momina Tabish....................................................................................................... NIIT-NUST 5 Ad hoc network is useful in situations where geographical or terrestrial constraints demand totally distributed network system without any fixed base station. Could be in battlefields or in any other disaster situations. Wireless Ad hoc networks are highly susceptible to malicious attacks. They need harder security than conventional wired and static Internet. Intrusion prevention measures such as encryption and authentication, at times fail to identify attack, as these prevention measures cannot defend against compromised mobile nodes. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

6 Motivation Syeda Momina Tabish....................................................................................................... NIIT-NUST 6 We need an Intrusion Detection system in the network to create another wall of defense Forms of Attack Passive eavesdropping Active interfering Leakage of secret information Data tampering Impersonation Denial of service Detection of compromised nodes is challenging due to Nodes are constantly mobile Protocols implemented are cooperative in nature Lack of fixed infrastructure and central authority No distinction between normalcy and abnormality Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

7 Motivation contd. Syeda Momina Tabish....................................................................................................... NIIT-NUST 7 The Attacks to routing protocol can be further classified into two types. They are: External Attack: An attack caused by nodes that do not belong to the network. Internal Attack: An attack from nodes that belong to the network due to them getting compromised or captured.

8 Related Work Syeda Momina Tabish....................................................................................................... NIIT-NUST 8 Yonguang Zhang and Wenke Lee: presented new intrusion detection and response mechanism. The basic assumption is that the user and program activities are observable and system should be cooperative and distributed. Sergio Marti: introduced techniques that improve throughput in an ad hoc network by identifying misbehaving nodes that agree to forward the packet but never do so. Venkatraman: proposed intrusion detection agent to prevent some internal attacks on the network. Intrusion detection agent runs on all the nodes and is based on Yongguang Zhang and Wenke Lee's model. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

9 Assumptions and Background Syeda Momina Tabish....................................................................................................... NIIT-NUST 9 Assumption When a node is within radio range of another node they are termed as neighbors. Every link between two nodes is bi-directional. Nodes are in promiscuous state. Compromised nodes do not work in teams. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

10 Proposed Approach Identified possible internal attacks for AODV protocol and present details of Intrusion Detection Model [IDIM] and Intrusion Response Model [IRM]. The compromised nodes could cause sufficient damage by merely not cooperating. The types of malicious activities depend on the functioning of the protocol. These attacks are deterministic and can be detected by IDM and malicious nodes are isolated using IRS. Syeda Momina Tabish....................................................................................................... NIIT-NUST 10

11 Proposed Approach contd. Syeda Momina Tabish....................................................................................................... NIIT-NUST 11 Following are the internal attacks handled by IDM. Distributed false route request: Under this attack, a malicious node generates false route requests from different radio ranges, thereby resulting in continued wastage of channel bandwidth. They cannot be categorized as malicious nodes. Denial of service: Denial of service attack results when the network bandwidth is hijacked by the malicious node by repeatedly generating route requests. A malicious node continues to transmit control packets, as a result of which other nodes in the network can not use the resources. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

12 Proposed Approach contd. Syeda Momina Tabish....................................................................................................... NIIT-NUST 12 Destination is Compromised: A compromised destination node does not acknowledge the route requests destined for it. This result; in re-broadcasts and increase in end-to-end routing delay. Therefore, the network throughput is severely decreased. Impersonation: It is undesirable to have a malicious node impersonating an another node while sending that control packets to create the anomaly updation in the routing table. Routing Information Disclosure: Malicious node leaks the confidential. information to unauthorized users in the network. This kind of attack is difficult to identify. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

13 Intrusion Detection Model Syeda Momina Tabish....................................................................................................... NIIT-NUST 13 Based on the model presented by Yonguang Zhang and Wenke Lee. Each node employs the detection model that utilizes the neighborhood information to detect misbehaviors of its neighbors. The IDM is present on all the nodes. Constantly monitors the behavior of its neighbors and analyzes it to detect if the neighbor has been compromised. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

14 Handling of Internal Attacks Syeda Momina Tabish....................................................................................................... NIIT-NUST 14 Security Enhancements in AODV protocol for Wireless Ad Hoc Networks Data Collection Secure Communication Global Response Intrusion Response Model Intrusion Detection Model Mal count > Threshold Yes No

15 Intrusion Detection Model contd. Syeda Momina Tabish....................................................................................................... NIIT-NUST 15 The model identifies each of the aforementioned attacks as follows: Distributed false route request: A route request is generated whenever a node has to send data to the particular destination. Malicious node might generate frequent, unnecessary route requests. Malicious node generates a false route message from different radio range, it will be difficult to identify the malicious node. When the node in the network receive a number of route requests that is greater than a threshold count by a specific source for a destination in a particular time interval tinterval, the node is declared as malicious and the information is propagated in the network. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

16 Intrusion Detection Model contd. Syeda Momina Tabish....................................................................................................... NIIT-NUST 16 Denial of service: Malicious node launches the denial of service attack by transmitting false control packets and using the entire network resources. This results in deprivation of network resources for other nodes. Denial of service can be launched by transmitting false routing packets or data packets. It can be identified if a node is generating the control packets that is more than the threshold count in a particular time interval tfrequency. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

17 Intrusion Detection Model contd. Syeda Momina Tabish....................................................................................................... NIIT-NUST 17 Destination is Compromised: A destination might not be able to reply, if it is (i) not in the network (ii) overloaded (iii) it did not receive route request; or if it is (iv) malicious This attack is identified when the source does not receive the reply from the destination in a particular time interval twait. The neighbors generate probe/ hello packets to determine connectivity. If the node is in the network and does not respond to route requests destined for it, it is identified as malicious. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

18 Intrusion Detection Model contd. Syeda Momina Tabish....................................................................................................... NIIT-NUST 18 Impersonation: It can be avoided if sender encrypts the packet with its private key and other nodes decrypts with the public key of the sender. If the receiver is not able to decrypt the packet, the sender might be not the real source and hence packet will be dropped. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

19 Intrusion Response Model Syeda Momina Tabish....................................................................................................... NIIT-NUST 19 A node identifies that an another has been compromised when its malcount increases beyond the threshold value for that allegedly compromised node. In such cases, it propagates this information to the entire network by transmitting Mal packet. If other nodes also suspect that the node that has been detected as compromised, it reports its suspicion to the network and transmits ReMal packet. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

20 Intrusion Response Model Syeda Momina Tabish....................................................................................................... NIIT-NUST 20 If two or more nodes report about a particular node, Purge packet is transmitted to isolate the malicious node from the network. All nodes that have a route through the compromised node look for newer routes. All packets received from the compromised node are dropped. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

21 Experimental Setup Syeda Momina Tabish....................................................................................................... NIIT-NUST 21 Used the version of Berkeley’s Network Simulator (ns) for our implementation. Based on a 1500 by 300 meter flat space scattered with 50 wireless nodes. In which 10 are data sources. The nodes move randomly with random speed (the speed is uniformly distributed between 0-20 sec). The MAC layer used for the simulations is IEEE 802.11 The transport protocol used for simulations is User Datagram Protocol (UDP). Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

22 Experimental Setup contd. Syeda Momina Tabish....................................................................................................... NIIT-NUST 22 Performance Metrics: 1. Packet Delivery Fraction: This is the ratio of CBR packets delivered to that generated and is measured as throughput. 2. Routing Overhead: The number of routing packets transmitted for every data packet sent. Each hop of the routing packet is treated as a packet. They have used the normalized routing load for comparison, which is the ratio of routing packets to the data packets. 3. Average end-to-end delay: This is the average of the delays incurred by all the packets that are successfully transmitted. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

23 Experimental Setup contd. Syeda Momina Tabish....................................................................................................... NIIT-NUST 23 4. Accuracy of Predictions: Only the malicious nodes generated in the network were reported as intruders and others nodes were not claimed as malicious. In the simulation misbehaving node is one that generate false route requests or drop the route request packets that are destined for it. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

24 Simulation Results Syeda Momina Tabish....................................................................................................... NIIT-NUST 24 Routing Load vs. Pause Time Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

25 Simulation Results Syeda Momina Tabish....................................................................................................... NIIT-NUST 25 End to End Delay vs. Pause Time Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

26 Simulation Results Syeda Momina Tabish....................................................................................................... NIIT-NUST 26 Packet Delivery vs. Pause time Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

27 Conclusion & Future Work Syeda Momina Tabish....................................................................................................... NIIT-NUST 27 Proposed a security scheme to pro-actively prevent internal attacks. The results of implementation show that the overheads is marginal and has negligible effects on network performance while making the protocol robust. Working on defining more internal attacks and plan to identify solutions for them. Moreover, they plan to introduce security scheme for external attacks and incorporate those with Intrusion Detection and Response model as well. Security Enhancements in AODV protocol for Wireless Ad Hoc Networks

28 Thanks Syeda Momina Tabish....................................................................................................... NIIT-NUST 28 Questions ???

Download ppt "Sonali Bhargava and Dharma P. Agrawal Center for Distributed & Mobile Computing Dept of ECECS, University of Cincinnati Security Enhancements in AODV protocol."

Similar presentations

Security in Mobile Ad Hoc Networks

Security in Mobile Ad Hoc Networks
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Collaborative Attacks on Routing Protocols in Ad hoc Networks Neelima Gupta University of Delhi India.

Collaborative Attacks on Routing Protocols in Ad hoc Networks Neelima Gupta University of Delhi India.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Mobile Ad hoc Biosensor Network Muzammil KP S7,ECE Govt. Engg. College, Wayanad.

A Mobile Ad hoc Biosensor Network Muzammil KP S7,ECE Govt. Engg. College, Wayanad.
DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.

DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.
Mitigating Routing Misbehavior in Mobile Ad Hoc Networks By Sergio Marti, T.J. Giuli, Kevin Lai, & Mary Baker Department of Computer Science Stanford University.

Mitigating Routing Misbehavior in Mobile Ad Hoc Networks By Sergio Marti, T.J. Giuli, Kevin Lai, & Mary Baker Department of Computer Science Stanford University.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.

NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.
Secure Routing with AODV Protocol for Mobile Ad Hoc Networks Anitha Prahladachar Tahira Farid Course: 60-564 Instructor: Dr. Aggarwal.

Secure Routing with AODV Protocol for Mobile Ad Hoc Networks Anitha Prahladachar Tahira Farid Course: Instructor: Dr. Aggarwal.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
On Security Study of Two Distance Vector Routing Protocols for Ad Hoc Networks Weichao Wang, Yi Lu, Bharat Bhargava CERIAS and Department of Computer Sciences.

On Security Study of Two Distance Vector Routing Protocols for Ad Hoc Networks Weichao Wang, Yi Lu, Bharat Bhargava CERIAS and Department of Computer Sciences.
An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.

An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Ad-Hoc Networking Course Instructor: Carlos Pomalaza-Ráez D. D. Perkins, H. D. Hughes, and C. B. Owen: ”Factors Affecting the Performance of Ad Hoc Networks”,

Ad-Hoc Networking Course Instructor: Carlos Pomalaza-Ráez D. D. Perkins, H. D. Hughes, and C. B. Owen: ”Factors Affecting the Performance of Ad Hoc Networks”,
Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland

Similar presentations

Ads by Google