Wireless Network Security

M.Hemavathy
A.Kavitha
S.Sivakumar

Member Research Staff

Central Research Laboratory
Bharat Electronics
Bangalore
CENTRAL RESEARCH LABORATORY
 Agenda

Overview of Wireless Networks

Wireless Network Security & Issues

Introduction to WAP

WAP Security

Introduction to Ad-hoc Networks

Securing Ad-hoc Networks

CENTRAL RESEARCH LABORATORY

Overview of Wireless Networks

What is Wireless Network?

Why Wireless Networks?

Classification of Wireless Networks

Access Techniques

Limitations of Wireless Networks

CENTRAL RESEARCH LABORATORY

 What is wireless

A technology that enables two or more entities
to communicate without network cabling

A tool for convenience, for when mobility is
required in computing

A Wireless Networks uses electro magnetic
waves as carrier

CENTRAL RESEARCH LABORATORY

 Why Wireless

No wires. Convenience, flexible

Improved wireless technologies

Significant drop in cost for service providers

Significant reduction in price of wireless services

More affordable to end users

Wireless service is mobile and can be deployed
almost anywhere

Wireless service can be deployed faster and
cheaper than fixed service

CENTRAL RESEARCH LABORATORY

Classification of Wireless
Networks

Satellite Networks

Wireless WANs/MANs

Wireless LANs

Wireless PANs

Ad-hoc Networks

CENTRAL RESEARCH LABORATORY

 Satellite Networks

Wide area coverage of the earth’s surface

Broadcast transmission

Very high data rates

Deployment costs can be enormous

Long transmission delays

Links subject to short term outages or degradations

Extremely high quality of transmission

CENTRAL RESEARCH LABORATORY

 Wireless WANs/MANs

Uses cellular / digital cellular networks

Provides essentially world-wide access

Uses a dial up connection

Comparatively low bandwidth

Examples : Cellular, CDPD

3G networks promise improvement

CENTRAL RESEARCH LABORATORY

 Wireless WANs/MANs …

1G (Past)

AMPS, TACS: Analog, voice only

2G (Past/Present)

IS
- 136, GSM: <10Kbps circuit switched data

2.5G (Present)

GSM
- GPRS, GPRS
- 136: <100Kbps packet switched

3G (Immediate Future)

IMT
- 2000: <2Mbps packet switched

4G (Future)

20
- 40 Mbps
CENTRAL RESEARCH LABORATORY
 Wireless LAN

An extension of wired LAN

Higher bandwidth

Example : 802.11 a/b/g

802.11 - key technology

Versions:
802.11b – currently widely deployed
802.11a – higher bandwidth
802.11g – higher bandwidth
– backward compatible with 802.11b

CENTRAL RESEARCH LABORATORY

 Wireless PAN

Short range data transfer

Low bandwidth (up to 1mb per second)

Primarily meant for networking personal devices

(music systems, speakers, microwaves, refrigerators, etc.)

Lower data rates and transmission ranges (low power)

Essentially a cable eliminator

Limited to about 30’ between devices

Examples : IRDA, Bluetooth (802.15), UWB

CENTRAL RESEARCH LABORATORY

 Ad-Hoc Networks

Infrastructure less wireless networks

Typically applications - Military or disaster relief

Single and Multi hops

Mobile nodes function as forwarders/routers

Typical data rates (on a per-link basis) same as WLAN

significantly smaller end-to-end data rates

CENTRAL RESEARCH LABORATORY

 Wireless link issues

Multiple nodes need the medium

Shared wireless spectrum

Lead to concurrent transmissions

Many transmissions at the same time

Results in collision

Vital to prevent or minimize collisions

Controlled access

Collision avoidance / minimization
CENTRAL RESEARCH LABORATORY
 Access Techniques

TDMA - time division multiple access

Divides time into small slots

FDMA - frequency division multiple access

Each node transmits on a different frequency

CSMA - carrier sense multiple access

listen wireless channel (on a given frequency)

transmit when channel free

CDMA - code division multiple access

different spreading codes
CENTRAL RESEARCH LABORATORY
 Types of Wireless networks

CDPD - Cellular Digital Packet Data

HSCSD- High Speed Circuit Switched Data

PDC- P- Packet Data Cellular

GPRS- General Packet Radio Service

1xRTT- 1x Radio Transmission Technology

Bluetooth

IrDA- Infrared

LMDS- Local Multipoint Distribution Service

MMDS- Multichannel Multipoint Distribution Service

802.11 – WLAN- Wi- iF– Wireless Fidelity

802.16- WiMAX- Worldwide Interoperability for
Microwave Access CENTRAL RESEARCH LABORATORY
 Limitation of Wireless Networks
Availability Factors

Interference can be caused easily

Due to other devices

Intentional jamming

Network outage

Largely inaccessible in rural areas

CENTRAL RESEARCH LABORATORY

 Limitation of Wireless Networks
Environmental factors

Weather

Rain, lightening affect RF signals

Solar flares

RF interference from ambient sources

Microwave towers

Radio towers

Electromagnetic interference

Generators

Power plants
CENTRAL RESEARCH LABORATORY
 Wireless Network Security and
Issues

Wired vs. Wireless

Hacking and Cracking

Security goals

Types of Attacks

Security solutions

Case studies

CENTRAL RESEARCH LABORATORY

 Wired Vs Wireless

Wired networks offer more and better security
options than wireless

More thoroughly established standards with wired
networks

Wireless networks are much more equipment
dependent than wired networks

Easier to implement security policies on wired
networks

CENTRAL RESEARCH LABORATORY

 Hacking and Cracking

Wireless networks more susceptible to hackers/crackers

RF signals allow for more unauthorized attempts

Ubiquitous wireless networking devices allow access

Hacking

Gaining unauthorized access to networks/devices
by algorithms or penetration programs

Cracking

Extending the use of devices past original intentions

CENTRAL RESEARCH LABORATORY

 Security goals

Authentication – to prove identity

Authorization – what can be done

Accounting – tracing what was done

Integrity – to ensure data is not tampered

Confidentiality – to prevent eavesdropping

Availability – to ensure services and resources

Non Repudiation – to prevent denial of ownership

CENTRAL RESEARCH LABORATORY

 Types of Attacks

All the vulnerabilities that exist in a conventional wired network
apply to wireless technologies

Man in the Middle Attacks

Attacker intercepts identification information of the sending
and receiving parties.

Substitutes own key in both situations

Gives access to all information passed between parties

Denial of Service or Distributed Denial of Service

TCP SYN ACK Flood or Buffer Overrun – Typical DoS

CENTRAL RESEARCH LABORATORY

 Types of Attacks …

“Weak key” attacks on 802.11b

Involve algorithms in RC4 hashing algorithm and WEP
(Wired Equivalent Privacy)

Both implementations use easily broken algorithms

Dictionary attacks

Attackers use pre- populated list of frequently used
passwords and regular words

CENTRAL RESEARCH LABORATORY

 Security Solutions

Solve the problem

Application layer with encryption

SSH, SSL

Network level through link encryption

WEP, EAP or VPN, IPSEC

Wireless Intrusion Detection system

Wireless Intrusion Prevention system

CENTRAL RESEARCH LABORATORY

 Security Solutions …
Wired Equivalent Privacy (WEP)

A protocol to protect link-level data

Wireless communication between clients and AP

Encrypts data using 128 bit encryption

Provides authentication based on MAC address

Not based on users

WEP is easily breakable

CENTRAL RESEARCH LABORATORY

 Security Solutions …

IEEE 802.11i – Authentication and Security

Wi-Fi Protected Access (WPA)

Subset of 802.11i

WPA has two major components

Authentication

TKIP encryption

CENTRAL RESEARCH LABORATORY

 Security Solutions …

Authentication

IEEE 802.1x

Defined for session establishment

Both wired and wireless networks

EAP (Extensible Authentication Protocol)

Generic wrapper for authentication traffic

CENTRAL RESEARCH LABORATORY

 Security Solutions …
Temporal Key Integrity Protocol (TKIP)

Stronger privacy

Still uses RC
- 4encryption

Key rollover (temporal key)

Stronger integrity

Message Integrity Code (MIC)

Computed with own integrity algorithm (MICHAEL)

Separate integrity key

Integrity counter measures
CENTRAL RESEARCH LABORATORY
 Security solutions …

Virtual Private Networks (VPN)

Establishes secure tunnel

Uses tunneling protocol

Tunneling mechanism

To encapsulate an IP packet within another IP packet

IP Security Protocol (IPSec)

Standard for secure IP communications

By encrypting and authenticating all IP packets

CENTRAL RESEARCH LABORATORY

 Case studies

• Wireless Application Protocol and security issues

• Ad-hoc Networks and security issues

CENTRAL RESEARCH LABORATORY

Wireless Application Protocol
and
security issues

CENTRAL RESEARCH LABORATORY

 AGENDA

Introduction

WAP – Market share

WAP Architecture

WAP Challenges

WTLS

WTLS security challenges

References and resources

CENTRAL RESEARCH LABORATORY

 What is WAP?

Wireless Application Protocol (WAP)
• an open standard architecture
• set of communication protocols for wireless devices

Enables manufacturer, vendor, and technology independent
access to the Internet and advanced telephony services

Other approaches for WWW access through mobile

i- Mode (from NTT DoCoMo)

WAP is a TRAP (http://www.freeprotocols.org/wapTrap)

CENTRAL RESEARCH LABORATORY

WAP Scenario

CENTRAL RESEARCH LABORATORY

 WAP Forum

Co-founded by Ericsson, Motorola, Nokia, Phone.com

450 members
• Handset manufacturers,
• Wireless operators,
• Infrastructure manufacturers
• Software companies – platform software, content & applications

Goals
• deliver Internet services to mobile devices
• enable applications to scale across a variety of transport options and
device types
• independence from wireless network standards
• GSM, CDMA IS-95, TDMA IS-136, 3G systems (UMTS, W-
CDMA)

CENTRAL RESEARCH LABORATORY

Device Manufacturers

CENTRAL RESEARCH LABORATORY

Wireless Operators

CENTRAL RESEARCH LABORATORY

Infrastructure Manufacturers

CENTRAL RESEARCH LABORATORY

Platform Software

SOFTLINE

CL

CENTRAL RESEARCH LABORATORY

Content & Applications

CENTRAL RESEARCH LABORATORY

Content & Applications

CENTRAL RESEARCH LABORATORY

 WAP Applications

Location
- based services

Enterprise solutions

Financial services

Travel services

Gaming and Entertainment

-M Commerce

CENTRAL RESEARCH LABORATORY

 WAP Market Situation

Market potential for WAP technology & services over time

CENTRAL RESEARCH LABORATORY
 Market Survey

Forrester Research

1/3 of Europeans,219 million consumers,90% of e-commerce
executives

Report by Semico Research

79% of internet appliances will have web-capable phones

A survey by New York - based Cap Gemini America and

Corechange Inc. of Boston

Internet access via mobile phones will rise from 3 percent to a
massive 78 percent of the U.S. Internet population

CENTRAL RESEARCH LABORATORY

WAP Architecture

CENTRAL RESEARCH LABORATORY

 WAP –Internet technology comparison

Runs on top of WDP

Provided lightweight X-oriented service
• Unreliable 1-way request
MicroBrowser (WML,
• Reliable 1-way/2-way req./response
WMLScript, WTA, WTAI)

Lightweight SSL
Uses WIM/PKI-Cards

Datagram service on different

bearers
Convergence between bearer
services

Different Wireless Tech.

CENTRAL RESEARCH LABORATORY

 WAP challenges

Hand
- held devices

Smaller display

Different input device

Limited memory

Restricted power consumption

Less powerful CPU

Wireless data networks

Less bandwidth

More latency

Less connection stability

Less predictable availability
CENTRAL RESEARCH LABORATORY
 WTLS
Wireless Transport Layer Security

Based on the TLS/SSL (Transport Layer
Security/Secure Socket Layer ) protocol

Goal – to provide
• privacy (encryption)
• data integrity (MACs)
• authentication (public- k
ey and symmetric)

New features
• Datagram support
• Optimised handshake procedures
• Dynamic key refreshing

Optimized for low- bandwidth communication channels
CENTRAL RESEARCH LABORATORY
 WTLS Internal Architecture

Transaction Protocol (WTP)

Handshake Alert Application Change Cipher

WTLS Protocol Protocol Protocol Spec Protocol

Record Protocol
Record protocol

Datagram Protocol (WDP/UDP)

Bearer networks

CENTRAL RESEARCH LABORATORY

 WTLS Classes

Class 1

Anonymous encryption

Data is encrypted

Certificates are not exchanged between client and gateway

Class 2

Encryption with server authentication

Data is encrypted

Client requires a digital certificate from server

CENTRAL RESEARCH LABORATORY

 WTLS Classes

Class 3

Encryption with client and server authentication

Data is encrypted

Client and server exchange digital certificates

CENTRAL RESEARCH LABORATORY

Message Flow in Full Handshake

CENTRAL RESEARCH LABORATORY

Message Flow in Abbreviated Handshake

CENTRAL RESEARCH LABORATORY

Message Flow in Optimized Handshake

CENTRAL RESEARCH LABORATORY

 X.509 certificate

The subject's name

The issuing CA's name

The certificate's validity period

The asymmetric and symmetric algorithms used for key exchange

The subject's public key

The digital signature of the issuing CA

Alternative names for the subject (optional)

Allowed key usage- for example, whether the subject's public
key may be used for encryption, server authentication, signing
other certificates, and so on (optional)
CENTRAL RESEARCH LABORATORY
 WTLS certificate

The subject's name

The issuing CA's name

The certificate's validity period

The asymmetric and symmetric algorithms used for
key exchange

The subject's public key

The digital signature of the issuing CA

CENTRAL RESEARCH LABORATORY

WTLS Security Challenge

CENTRAL RESEARCH LABORATORY

 WTLS attacks and possible solutions

Man
- in
- the- middle

IP Spoofing

The XOR MAC and stream ciphers

The PKCS#1 attack

Unauthenticated alert messages

CENTRAL RESEARCH LABORATORY

 References and Resources

Books

Mobile communications: Jochen Schiller, Addison Wesley 2000

Understanding WAP

Official Website (specifications)

www.wapforum.org

Technical/Developer Info and tools

www.palopt.com.au/wap

www.wap.net

Major players

www.nokia.com/wap

www.ericsson.se/wap

phone.com

OpenSource effort

www.wapgateway.org (Kannel WAP gateway project)

CENTRAL RESEARCH LABORATORY

Ad hoc Networks and security issues

CENTRAL RESEARCH LABORATORY

 Outline
• Factors of influence
• Infrastructured networks
• Infrastructureless networks
• Mobile ad hoc networks
• Characteristics
• Issues
• Challenges

CENTRAL RESEARCH LABORATORY

 Introduction
• Get rid of cables
• Proliferation of wireless technologies
• Billions of service subscribers
– Voice communication
– Data communication
• More prevalent than traditional wireline

CENTRAL RESEARCH LABORATORY

 Factors
• Improved wireless technologies
• Lower installation cost than wireline
• Significant drop in cost for service providers
• More service providers
• Significant reduction in price of wireless
services
• More affordable to end users

Anytime, Anywhere Communication

CENTRAL RESEARCH LABORATORY
 Applications
• Civilian environments
– Group / Community / Enterprise / Home
networks
• Emergency operations
– Fire / Disaster / Rescue operations
• Military environments
– Tactical Battlefield area
– Sensors / UAV / UGV - NCW
• Sensor networks
• Vehicular networks
CENTRAL RESEARCH LABORATORY
 Sensor networks
• Environmental sensing network
• Surveillance network
• Industrial automation
• Traffic sensor network - congestion
monitoring
• Chemical/biological weapon detection
• Military sensor network to detect enemy’s
movement CENTRAL RESEARCH LABORATORY
 Vehicular networks
• Temporary Networks
– Moving vehicles
– Land transportation infrastructure
• Traffic lights, road signs etc.
– Other vehicles
• Ensuring smooth traffic flow
• Traffic diversion from congestion area
• Highway with limited network coverage
CENTRAL RESEARCH LABORATORY
 Wireless…
• Nodes transmit - electromagnetic propagation
• Transmitted signal received within a distance
• Transmission (Tx) range
– Power level
– Terrain
– Obstacles
– Scheme

CENTRAL RESEARCH LABORATORY

 Classification
• Wireless networks
– Basis of coverage area
• WAN / MAN / LAN / PAN
– Basis of infrastructure
• Infrastructured
– Cellular network
– WLAN
• Infrastructureless
– Ad hoc network

CENTRAL RESEARCH LABORATORY

 Infrastructured Networks
• Wireless extension
• Facilitate end-to-end communication
• Cellular architecture
– End user devices
• Small mobile phones
– Radio transmission towers
• Cover a service area
• Coverage - top of buildings/towers/high grounds
• Stationary
– Interconnected through a static wireline network

CENTRAL RESEARCH LABORATORY

Infrastructured Networks …

Cellular network
CENTRAL RESEARCH LABORATORY
 Infrastructured Networks …
• Device communicate to closest RT tower
• RT tower responsibilities
– Send data meant to nodes under coverage
– Receive data transmitted from nodes under
coverage
– Unreachable destination
• Local tower locates destination
• Retransmit to destination
• Multiple nodes need to retransmit / repeat

CENTRAL RESEARCH LABORATORY

 Infrastructured Networks …
• WLAN - wireless extension to wired LAN
• IEEE 802.11 - Wi-Fi
• Provide wireless connectivity for PC/Laptops
• Comparatively high speeds (small distances)
• Utilizes fixed access points (RT towers)
• APs aggregate and retransmit to destination
• APs interconnect to external networks

CENTRAL RESEARCH LABORATORY

Infrastructured Networks …

CENTRAL RESEARCH LABORATORY

Infrastructured Networks …

CENTRAL RESEARCH LABORATORY

 Infrastructured Networks …
• Dependent on fixed nodes (RT towers / APs)
• Require fixed infrastructure to interconnect
• Widely deployed successful architecture
– Variety of voice and data services
– Despite being inflexible (requiring fixed nodes)
• New standards for wider coverage /
bandwidth

CENTRAL RESEARCH LABORATORY

 Infrastructureless Networks
• Architecture
– where infrastructure is not available
– where infrastructure is available - incapable in addressing
needs
– where infrastructure is not necessary
– No time to establish infrastructure
• Example
– “Ad hoc” mode of 802.11
– No access points
– Single hop wireless ad hoc network
• Nodes
– Computing and communication devices
– Laptops, PDAs, mobile phones, sensors
CENTRAL RESEARCH LABORATORY
Single hop

CENTRAL RESEARCH LABORATORY

Infrastructureless Networks …
• Direct communication to reachable
nodes
• Nodes not reachable need help from
neighbors
• Nodes discover neighbors
• Neighbors receive and forward
• Repeats until destination
CENTRAL RESEARCH LABORATORY
 Multi hop
Source

Destination

CENTRAL RESEARCH LABORATORY

 Mobile ad hoc network
• Collection of cooperating
autonomous portable wireless
mobile nodes located arbitrarily
forming a temporary network without
fixed infrastructure and centralized
administration

CENTRAL RESEARCH LABORATORY

 Characteristics
• Wireless communication - Multi-hop
• Infrastructure-less or with less infrastructure
• Self-organizing and self-managing
• Most or all of the nodes are mobile
• Network topology changes dynamically
• Node is both a host and a router
• Portable devices
• Variation in scale
• Heterogeneity
CENTRAL RESEARCH LABORATORY
 Constraints
• Dynamic topology
• Mobile routers
• Bandwidth-constrained
• End-to-End data rate, throughput,
latency
– Network size, Network diameter etc.
• Energy-constrained
• Security
CENTRAL RESEARCH LABORATORY
 Issues - Multi Layer
• Physical Layer
- Adapt to changes in link characteristics
• DL Layer
- Minimize collisions, fair access
- Reliable data transport over shared medium
• Network Layer
- Determine to route packets
(efficient/effective)
- Interoperable

CENTRAL RESEARCH LABORATORY

 Issues - Multi Layer…
• Transport Layer
- Packet loss due to transmission error and
not caused by congestion
- Delay as route changes
• Application Layer
- Handle disconnections and reconnections
- Adapt to varying delay and packet losses
- Situational awareness
CENTRAL RESEARCH LABORATORY
 Challenges
• Mobility management
– Addressing and routing
• Network management
– Join, leave, merge and split
• Resource management
– Resource allocation and energy efficiency
• QoS management
– Dynamic reservation
– Adaptive error control techniques
• Error control and failure
• Security
CENTRAL RESEARCH LABORATORY
 Routing
• Typical routing protocols operate efficiently
– Frequent movements
– Intermittent connectivity
– Network splits and joins
– Events generate large amount of overhead
– Significant time to reach stability after events
• IETF - creation of novel routing protocols
• Focus on routing protocols and multicast
• www.ietf.org/html.charters/manet-charter.html
CENTRAL RESEARCH LABORATORY
 Routing
• Proactive
– Table driven
– Every node keeps routing information of others
– Routing information is updated periodically
• Reactive
– On demand
– A route is only formed upon request
• Hybrid
– Hierarchical clusters / zones

CENTRAL RESEARCH LABORATORY

 Outline

• Security analysis
• Vulnerabilities
• Attacks
• Measures to secure MANET
• Benefits
• Challenges

CENTRAL RESEARCH LABORATORY

 Security analysis
• Assessment of
– Vulnerabilities
• Flaws in the system
• State of being exposed to danger
– Threats
• Means to affect the system
• Methods / things to exploit - Agents
– Attacks
• Attempt to bypass a mechanism
• Events – success / failure

CENTRAL RESEARCH LABORATORY

 Attacks
• Success of attacks
– Inherent system vulnerability
– Effectiveness of existing countermeasures
– Deployed mechanism
• Examples of attacks
– Alter, release, delete or deny data
– Steal data
– Obtain illegitimate privileges
– Insert false data
– Modify information
– Analyze network traffic
– Obtain illegitimate access
– Disrupt operation
– System Halt

CENTRAL RESEARCH LABORATORY

 Classification
• Passive attacks
– Passively listen to wireless medium (sniffing)
– Only listen without modifying or tampering
– Target confidentiality of system
– Gathering information lead to active attacks
– Easier to launch than other attacks
• Active attacks
– Malicious action (Passive attack)
– Modify / inject packets
– Disrupt network services
CENTRAL RESEARCH LABORATORY
 Vulnerabilities
• Channel vulnerability
– Interception with physical access to Tx medium
• Cable, fiber, etc.
• Tapping into media
– Any node within Tx range potentially decode
• Capture without sender or intended receiver knowledge
• Operating frequency and attributes (modulation, coding,
etc.)
• No clear boundary and easy injection
• Mobility
– More geared to fairly static elements
– Frequent changes in networkCENTRAL
structure
RESEARCH LABORATORY
 Vulnerabilities
• Checkpoints
– Rely on traffic checkpoints
• Security devices inspect traffic
• Security policies and response
– No node can play special role
• Absence of centralized Infrastructure
– Few centrally located for management (Security / NW)
– Not applicable / No centralized control
• Routing protocols
– Matured Fixed / static elements
– Dynamic topology
CENTRAL RESEARCH LABORATORY
 Vulnerabilities
• Resource vulnerabilities
– Power supply
• Stable power source
• Battery operation
– Bandwidth
• Comparatively high bandwidth
• Limited bandwidth
– Connectivity
• Continuous connection
• Mostly intermittent connections
– Processing power
• Comparatively high
• Limited capabilities
CENTRAL RESEARCH LABORATORY
 Sources of attack
• Outsider
– Nodes not part of the network
– Try to join without authorization
• Insider
– Authorized nodes
– Compromised by unauthorized user
– Physical capturing of device
• Prevention
– Strong Identity management scheme - Device
– Strong multi factor authentication - User
CENTRAL RESEARCH LABORATORY
 Routing attacks
• Routing
– Easily misused
– Lead to several types of attacks
– Most protocols are prone to attacks
• Designed for efficiency and minimizing overheads
• Allow every node in routing process
• Lack of protocol redundancy
• Single node can impact operation
– Attack on routing tables
– Attack on routing protocols
– Disseminate false routing information
CENTRAL RESEARCH LABORATORY
 Black hole attack
• Malicious node
– Interested in packets to a particular node
– Advertises shortest path to that node
– Receive traffic destined
• To destination
• For other nodes
– Drop packets to perform DOS
– Perform man-in-the-middle attack
• redirecting packets to pretending destination nodes
CENTRAL RESEARCH LABORATORY
 Spoofing attack
• Malicious node
– Attempt to take over identity of legitimate node
– Attempt to receive all packets destined
– Advertise fake routes
• Prevention
– Each node sign each routing message
– Assumption - Key management infrastructure exists
– Overhead
• Signing each message
• Increased bandwidth overhead
• Increased CPU utilization
• Increased end-to-end delay
CENTRAL RESEARCH LABORATORY
Modifying routing packets in transit
• Malicious node
– Modify a routing message sent by another node
– Intention of misleading other nodes
– Parameters indicating freshness of routes
– Difficult to detect node modifying the message
• Prevention
– Each node sign each routing message
– Node modifying routing packets be undetected
– Detect illegal modifications and discard
– Not mislead other nodes
– Overhead
CENTRAL RESEARCH LABORATORY
 Selfish Nodes
• Malicious node
– Routing depends on participation / cooperation
– Non participating selfish nodes
– Overloaded nodes
– To conserve battery power
– Many selfish nodes- network down
• Prevention
– Protocol to monitor node participation
– Encourage node participation
– Measure based incentives
CENTRAL RESEARCH LABORATORY
 Other attacks
• Wormhole attack
– Collude to transport in out of band
• Using different channels
• Routing messages
• Data packets
– Interfere with protocol operation
• Rushing Attack
– Adversary rush routing packets to destination
– Lead to problem in routing table overflows
• Packet dropping
– Advertises routes - receive traffic destined
• Stop forwarding and drop packets
• Variation – drop routing messages
CENTRAL RESEARCH LABORATORY
 Measures to secure Manet
• Prevention approaches
– Attacker from penetrating the network
– Causing harmful effects
– Prevention mechanisms need cryptographic techniques
(Authentication, confidentiality, integrity, non
- repudiation)
• Detection approaches
– Detect penetration of preventive barriers
– Augment prevention
• Response and recovery approaches
– To ensure complete cooperation
– After detecting the penetration of barriers
CENTRAL RESEARCH LABORATORY
 Prevention
• Asymmetric cryptography
– Public keys / digital certificates securely distributed
– Network with n nodes require n public keys
– SAODV / ARAN
• Symmetric cryptography
– Symmetric keys are pre-negotiated securely
– Network with ‘n’ nodes require n*(n+1)/2 pair wise
keys
– SAR / SRP
• One-way hash chains
– To protect modification of routing information /
metrics
CENTRAL RESEARCH LABORATORY
– SEAD and Ariadne
 Intrusion detection
• No traffic concentrators (firewalls/gateways)
• Every node participate in detection and response
• Own individual IDS agent
• Monitor user / system / communication activities
• Responsibility of each node
– To detect signs of intrusion locally
– Independently
– Collaborate for broader investigation - Global IDS

CENTRAL RESEARCH LABORATORY

 Response and recovery
• Type of intrusion response
– Type of intrusion
– Type of network protocols
– Confidence in veracity of audit trace data
• Responses
– Reset communication channels between nodes
– Identifying compromised nodes and precluding them
– Notification to user for further investigation / action
– Re-authentication request to all nodes / users
– Only re-authenticated nodes recognized as legitimate nodes

CENTRAL RESEARCH LABORATORY

 Best practices
• Securing Manet very challenging task
• No one-size-fit-all and no perfect security exists
• Multiple layers of defense
• Use security as a first class constraint
– Incorporate security requirements in design
• Use a systems approach in security design
– Divide MANET security into components
– Identify and analyze each component
• Assess threats and vulnerabilities
– Discover / verify cross layer weaknesses

CENTRAL RESEARCH LABORATORY

 Challenges
• Mobility management
– Addressing and routing
• Network management
– Join, leave, merge and split
– Group-membership and access control
– Authentication and identity persistence
• Resource management
– cooperation incentives
– Resource allocation and energy efficiency
• QoS management
– Dynamic reservation
– Adaptive error control techniques
• Security
– Self-organized key management
– Trust management

CENTRAL RESEARCH LABORATORY

 Benefits
• Less dependent on infrastructure-based network
communication
• Cheaper service cost
• Saving cost on creating more network infrastructure
• Local community
– Promotes local cooperation
– Resource sharing
• Infrastructure-based network coverage
– Complement
– Extend
• Emergence of new types of
– Services
– Business models CENTRAL RESEARCH LABORATORY
 References
• Manel Guerrero Zapata “SAODV Routing”
• Bridget Dahill, Brian Neil Levine, Elizabeth Royer, Clay
Shields. A Secure Routing Protocol for Ad Hoc Networks,
10th Conference on Network Protocols (ICNP), November
2002
• S. Yi, P. Naldurg, and R. Kravets Security-Aware Ad hoc
Routing for Wireless Networks The 2nd ACM te r .
Symposium html
ne t- c h a r
on Mobile Ad Hoc Networking r te r&s /m a
Computing (MobiHoc'01),
2001 h tml. ch a
.ie tf .o r g /
ww w
• Panagiotis Papadimitratos and Zygmunt J. Haas Secure
Routing for Mobile Ad hoc Networks SCS Communication
Networks and Distributed Systems Modeling and
Simulation Conference (CNDS 2002), San Antonio, TX,
January 27-31, 2002.
• Yih-Chun Hu, David B. Johnson, and Adrian Perrig.
CENTRAL RESEARCH LABORATORY
SEAD: Proceedings of the 4th IEEE Workshop on Mobile
Computing Systems & Applications (WMCSA 2002), pp. 3-
Thank you

CENTRAL RESEARCH LABORATORY