Wireless Security Threats, Vulnerabilities and Their Defense Mechanisms

Wireless Security Threats, Vulnerabilities and Their

Defense Mechanisms

Ankur Bawiskar

, Prashant Sawant

, Dr.B.B.Meshram

1 2 _{Department of Computer Technology, Veermata Jijabai Technological Institute, Mumbai} 3

Head of Department of Computer Technology, Veermata Jijabai Technological Institute, Mumbai 1 _{Email- ankur_bawiskar311989@yahoo.com}

2_{Email- psawant27feb1990@gmail.com} 3_{Email- bbmeshram@vjti.ac.in}

Abstract- In today’s world means of communications has changed rapidly and the main focus is on wireless communications. Communication in wireless mode has many threats. This paper discusses a brief overview of various threats to wireless networks at various layers and also presents a survey of the defense mechanisms. The main aim is to discuss attacks on MANET and their defense mechanisms. Communication in wireless mode is more challenging as compared to wired mode because of dynamically changing network topology. Wireless networks are mostly used in military applications and commercial applications. This paper also discusses internal threats and external threats. It also gives an overview of routing protocols being used in wireless networks and various attacks that take place against these routing protocols and their counter measures.

Keywords – AODV, Black hole attack, Byzantine attack, DSR, MANET, Sybil attack, Wormhole attack

I.INTRODUCTION

Wireless networks are those networks that consist of nodes communicating with each other using a wireless channel/medium. Wireless medium is available to both legitimate network users and malicious attackers. Wireless networks are mainly categorized into two types- Infrastructure based and Ad hoc based. Infrastructure based wireless networks are those networks that have a centralized node/device. The tasks such as channel allocation, beaconing and route maintenance are handled by the centralized node. So there are no issues in infrastructure based networks. Ad hoc wireless networks also known as MANETs consist of various nodes independent of each other such that there is no centralized mechanism. The nodes themselves handle various tasks such as routing, maintaining routes, etc. So the ad hoc networks are susceptible to various attacks. The threats to ad hoc networks can be to various layers of tcp/ip or from the routing protocols being used in ad hoc networks. A malicious attacker can configure itself to act as a router and break or disrupt the network operations.

The rest of the paper is organized as follows. Security requirements are explained in section II. Threats and Vulnerabilities in Wireless Networks are explained in section III. Ad hoc routing terminologies are given in section IV. Attacks on Ad hoc Routing Protocols are explained in section V. Defense Mechanisms for on-demand Routing Protocols are explained in section VI. Section VII contains Conclusion.

II.SECURITY REQUIREMENTS

In Wireless networks there are following security requirements:

A. Confidentiality –

Figure 1. Loss of Confidentiality

B. Integrity-

The integrity of a network means providing a guarantee that message being transferred does not get corrupt in the transit. A message can be altered in various ways such as it can be replayed, removed, destroyed. All nodes in the network should follow correct routing procedures and should possess correct routing information.

Figure 2. Loss of Integrity

C. Availability-

The third requirement i.e. availability guarantees that network will be available at all times in the context that the routing information will be accessible all the time on an on-demand basis. Inability to satisfy this requirement will lead to denial of service.

Figure 3. Attack of Availability

D. Authorization-

Authorization guarantees that routing information should be accessible to only authorized node. The network should be able to distinguish between authorized and unauthorized nodes and accordingly policy should be made.

E. Authenticity-

F. Non-repudiation-

Non repudiation ensures that the sender and the receiver of the message cannot disagree with the fact that they have sent or received the message. Consider an example node A sending a message to node B. Node A cannot deny that it has not sent the message and Node B cannot deny that it was not the receiver of the message. This can be achieved using digital signature on both sides of communications.

III.THREATSANDVULNERABILITIESINWIRELESSNETWORKS

Wireless networks are exposed to various threats and vulnerabilities. Wireless networks are vulnerable because of they are of open medium nature. Ad hoc network have dynamically changing topology and also there is no centralized monitoring and management. Generally a model is used to classify threats or attacks called as threat model. The attacks particularly in MANETS are classified into two categories namely passive attacks and active attacks.

Passive attacks: Passive attacks are those attacks that only snoop the traffic without modifying the data or traffic between the two nodes. In this the attacker does not disrupt the normal routing but only tries to gather valuable information by snooping the traffic.

Active attacks: Active attacks are those attacks that either modifies the data being exchanged or dropping of packets in network. All the attacks that are performed on various layers come under the category of active attacks.

Figure 4. Classifications of Attacks

There are also attacks against the various layers of Tcp/ip protocol stack. The attacks can be shown as follows:

Layer Attacks

Application DoS, Worms, CSRF, SQL

Injection, Viruses

Transport Session hijacking, Covert

channel

Network Black hole, Byzantine,

Wormhole, Rushing, Sybil

MAC Layer Signal Jamming, Sniffing

Figure 5. Attacks on various Layers

A. Application Layer-

The application layer is responsible for running the services. The attacks that are made against this layer are Denial of Service, executing malicious code, worms, etc. The defense mechanism for this layer is proper maintenance of sequence numbers and also maintaining the routing information to avoid denial of service.

B. Transport Layer-

header and using a channel for communication that goes undiscoverable. The defense mechanisms for the session hijacking are change of session id immediately after logging into a session.

C. Network Layer-

The attacks on network layer mainly involve the attacks on the various routing protocols used in ad hoc networks such as AODV protocol and the DSR protocol. The various attacks taking place on these routing protocols are Black hole, Byzantine, Sybil and Wormhole attacks. These attacks are discussed in detail further.

D. MAC Layer-

The attacks on MAC layer are associated with the channel allocation for the wireless medium. Various attacks such as signal jamming can lead to denial of service. Sniffing can lead to modification of the packets being transferred in the wireless medium. To avoid sniffing packets can be encrypted at the sender side and decrypted at the receiver side. There are various encryption techniques and the standards being used include WPA and WEP.

E. Multi Layer-

The attacks that occur in any layer of the network protocol stack come under this category [20]. The attacks included are spoofing attacks, denial of service attack etc.

IV.ADHOC ROUTING TERMINOLOGY

A. Introduction-

The wireless network consisting of ad hoc network has Ad hoc routing protocols that adapt themselves to the dynamic changing topology of the network. The protocols used are categorized into two types: Proactive and Reactive [10].

Proactive: Proactive protocols use periodic updates to broadcast the route information throughout the whole network. It uses advertising for updating the dynamic changing network topology. Examples of proactive protocols are OLSR (Optimized Link State Routing) and TBRFP (Topology Broadcast Reverse Path Forwarding).

Reactive: Reactive protocols usually contain two parts i.e. route discovery and route maintenance. This method uses broadcasting of route discovery message and on return path information is stored from source to destination. Examples of reactive protocols are AODV (Ad hoc On-Demand Distance Vector), DSR (Dynamic Source Routing) and LAR (Location Aided Routing).

B. Terms and Terminology-

Figure 6. Nodes in wireless networks

In the above diagram node A is the source node/originator node. Node B is one hop away from node A so it is the neighbor node of A. Node D is the destination node to which the packet from node A is destined. Nodes B, C are acting as intermediate nodes for data packets that flow between A and D.

V. ATTACKS ON ADHOC ROUTING PROTOCOLS

The wireless ad hoc networks are having dynamically changing topologies. They do not form an infrastructure. They need routing protocols that can adapt to this dynamically changing environment. Two most common ad hoc routing protocols being used are AODV and DSR. These are explained in brief as below.

1) AODV- Ad hoc On Demand Distance Vector

This protocol is an extension to distance vector routing used in wired network to provide on demand routing. The basis of AODV protocol contains two phases route discovery and route maintenance. The types of messages under these two phases are Route Request (RREQ), Route Reply (RREP) and Route Error (RERR) [9]. RREQ and RREP are control messages used in route discovery phase and RERR control message is used in route maintenance phase. Whenever a node initiates route discovery to send a data packet to a destination it performs broadcasting of this route request message. The RREQ contains source address, destination address, sequence number and broadcast identifier. The destination responds to this message with a route reply message and other nodes which receive RREQ broadcast it. The sequence number field is used to guarantee that all routes are loop-free and contain most recent information on routing [9]. The broadcast identifier is used to uniquely identify the source of RREQ message [9]. The attacks on AODV routing protocol are black hole attack, wormhole attack, rushing attack and routing table overflow [2]. The AODV steps can be depicted in a diagram as below: [9]

Figure 7. AODV Route discovery and reply

2) DSR- Dynamic Source Routing

Dynamic Source routing is also a reactive based ad hoc routing protocol. It is also able to handle dynamically changing network topology. The meaning of source routing is that each data packet contains in its header the complete list of nodes that the packet should traverse to reach the destination. The source node should know the complete path to the destination. DSR also operates in two modes: route discovery and route maintenance. Route discovery mode is used when Node x wants to send data packet to node y but doesn’t have the complete path. Route maintenance mode is used by the sender S to check whether network topology has been changed otherwise it will have to find another route to destination D. The various attacks possible are rushing attack, black hole attack and sleep deprivation.

A. Blackhole Attack-

The black hole attack is caused by an authorized node present in the network [10] [1]. Although this attack is caused when AODV routing protocol is used, it can also happen when we use DSR protocol. There are two ways this attack can happen

1) Using false address-

In this method the malicious node will masquerade or use false address which may belong to another node. This cause all the data packets to reach at attacker’s node instead of the true owner of the source address. All nodes in the network point their routes to this malicious node. The attacker can then drop the data packets.

Figure 8. Black hole attack

2) Sending false route reply messages-

The attacker exploits the AODV protocol [1]. Whenever a source node sends a route request message (RREQ) it waits for some time to get the reply. If the malicious node receives this RREQ message, it sends a false route reply message to the source node with modified higher sequence number. If the reply from attacker reaches to the source node before legitimate route reply message then attack occurs. This leads to an assumption by the source node that this node has a fresh and accurate route to destination. The source node denies any other reply messages and starts sending the data packets through the malicious node. The malicious node can now drop the packets and doesn’t allow forwarding.

B. Gray hole Attack-

The gray hole attack is a variation of black hole attack. In this attack the attacker drops packets selectively [1]. The attacker can use any policy of dropping the packets. It can drop all UDP packets while forwarding the TCP packets. The attacker can also use statistical method such as dropping only 50% of the packets. This can cause heavy destabilization of the network.

C. Route Table overflow-

Every node in ad hoc network maintains the routing table that helps the node in forwarding the data packet. In routing [2] table overflow attack the attacker tries to create routes to nodes that doesn’t exist at all. This will cause new routes from being created. This attack happens mostly against proactive routing algorithms because they tend to discover the route before sending the data. This attack can also happen in reactive routing algorithms but it is difficult to create such attack.

D. Sleep Deprivation-

E. Rushing Attack-

This attack takes place in both reactive and proactive routing protocols i.e. AODV and DSR. In an on-demand routing protocol a node needing a route to a destination floods the network with a route request messages (RREQ) [4]. To limit the overhead of this flooding each node typically forwards only one route request message originating from any route discovery. This property is being exploited by the attacker. If the route request messages forwarded by an attacker are the first to reach each and every neighbor of the target, then any route formed will include a path through the attacker. The neighbors of the targets forward only these requests and drop any further legitimate requests. The rushing attack can be shown as below: [4]. In the figure the nodes with grey color are those that forward the rushed request to the target node H.

Figure 9. Rushing Attack in Ad hoc Networks

Rushing attack can be performed by a weak attacker. It doesn’t require network resources to carry out the attack. This attack can lead to denial of service attack.

F. Wormhole Attack-

Figure 10. Wormhole Attack Scenarios

In the above figure there are two regions Region 1 with nodes: {a, d, r, s, f} Region 2 with nodes: {e, b, c, m, n}

A wormhole link exists between end points ‘f’ and ‘c’. As both the end points transmit signal at high frequency nodes on both the sides can detect this signal. Nodes in region 1 assume that nodes in region 2 are their neighbors and vice versa. Consider an example-traffic between nodes a and e can now happen in a single hop through the wormhole link instead of multi hop path. Thus all traffic is now flowing through this wormhole link. The normal link between nodes a and e is either through node n or node m but using the wormhole link it is through f and c.

G. Byzantine Attack-

Wireless ad hoc network consist of malicious nodes. [1]. In this attack the malicious nodes tries to create routing loops or routing of data packets on the non-optimal routes or can also drop packets. Such operations are considered as invalid operations of the network. It is not easy to identify such type of attack because from user point of view the network is behaving normally.

VI. DEFENSE MECHANISMS FOR ON-DEMAND ROUTING PROTOCOLS

A. Defense Mechanisms for Dos Attacks-

Denial of service can occur on any layer of the protocol stack. The DoS is a severe attack that should be prevented [6]. There can be various countermeasures such as:

• Cognitive radio implementation can be used to avoid signal jamming at the physical layer which happens often. • There are various encryption techniques that can be used to prevent modification of the data packets travelling

through the network. WEP is an old technique that can be used. Latest techniques such as WPA, WPA 2 can be used.

• Intrusion detection and prevention system can be used to detect known attack and also unknown patterns.

B. Cryptography and Digital Signature-

Digital signature can be used to verify the originator of the packet and also to provide non-repudiation security requirement. Such technique can be used to avoid Byzantine attack which is caused because of false nodes. If the nodes can produce digital signatures and check each other then path can be established effectively. Public key cryptography can be used by the nodes present in the ad hoc network. Various cryptographic techniques such as DES, Triple DES and AES can be used.

C. Secure Routing-

Secure routing is necessary for the availability of the network at all time. Routing protocols should be robust against dynamically changing topology and malicious attacks. AODV and DSR are the two most frequently used ad hoc routing protocols. The various methods and extension to current routing protocols for security purpose are as follows: [1] [7]

1. Secure AODV-

It is an extension to AODV protocol. The routing messages used in SAODV such as route requests and route replies are authenticated to guarantee their integrity and authenticity. A simple technique used is the sender signs the message with its private key and receiver verify the signature using his public key. Hash chain is used to avoid any modification or tampering of hop count by malicious node. One limitation of SAODV is heavy computation involved in asymmetric method.

2. SAR-Secure Aware Ad hoc Routing

One limitation of this extension is it needs different keys for different security levels and this causes increase in number of keys.

3. SEAD- Secure Efficient Ad hoc Distance Vector Routing

It is mainly an extension to DSDV. This protocol can avoid DoS attacks, routing attacks. Malicious nodes and non malicious nodes are differentiated using authentication. It uses one way hash function.

4. ARAN- Authenticated Routing for Ad hoc Networks

This extension can be applied to both DSR and AODV. This method uses a certification authority (CA) which assigns a digital certificate to every node on the network. All nodes that want to enter the network must request a certificate from the CA. But this method slows down the overall performance of ad hoc network.

5. MAODV- Modified AODV

This is an extension to AODV protocol. Each node keeps two extra tables one is known as pending packet table and another is node rating table. In the pending packet table each node maintains track of the packets it has sent. In node rating table each node maintains rating of nodes which are next to it i.e. neighbor nodes. This protocol prevents the black hole attack.

6. WAP- Wormhole Attack Prevention

In this method all nodes monitor its neighbor’s behavior when they send the route request message (RREQ) to the destination by using a specific list called Neighbor List [14]. When source node receives some route reply messages (RREP), it can detect a route under wormhole attack among the routes. If a wormhole node is detected source node records them in wormhole node list.

7. RTT Mechanism

RTT stands for round trip time. It is the time taken between sending a route request message and receiving a route reply message [14]. The RTT between two fake neighbors will be certainly higher then RTT between two real neighbors. In this mechanism each node calculates the RTT between itself and all its neighbors. This mechanism doesn’t require any special hardware and is easy to implement.

8. Ariadne

Ariadne is a robust protocol based on DSR. It used Message Authentication Code (MAC) to verify a message and also has anti-spoofing mechanisms. It makes use of symmetric key cryptography. Every intermediate node on a particular route adds along with its address its own message authentication code. Because of this the source node can authenticate all entries in the route reply path. But this protocol has some limitation and it is vulnerable to invisible node attack, wormhole attack and rushing attack.

1. Prevention of rushing attack

The rushing attack can be prevented by using the following 3 operations: [4]

• Secure Neighbor Detection- It allows forwarding of the route request message only if the node is in the given maximum transmission range.

• Secure Route Delegation- Once node is found to be a neighbor it signs a route delegation message which allows current node to forward the route request message further.

• Randomized route request forwarding- It ensures that paths that forward requests with low latency are only slightly more likely to be selected than other paths.

This technique consisting of three operations can be used effectively with either DSR or AODV protocols.

2. Lightweight Computation

VII. CONCLUSIONS

Security in wireless ad hoc network is a critical issue that needs to be handled. Most of the communication today is wireless so it needs to be protected. Ad hoc routing protocols have been extended to prevent various attacks, but they also have some limitations. This paper mostly focuses on AODV routing protocol. In this paper we have discussed some of the important threats that mobile ad hoc networks face. The paper also discusses their brief overview of the defense mechanisms. This paper also discusses various attacks on the protocol stack. This paper can act as a basis for understanding the various attacks possible in wireless ad hoc network and also their countermeasures.

References

[1] G.S. Mamatha, Dr. S.C. Sharma: Network Layer Attacks and Defense Mechanisms in MANETS- A Survey. In Internationa Journal of Computer Applications, November 2010.

[2] Qifeng Lu: Vulnerability of Wireless Routing Protocols. In University of Massachusetts, December 2002.

[3] Shahan Yang and John S. Baras: Modeling Vulnerabilities of Ad Hoc Routing Protocols. In 1st ACM Workshop Security of Ad hoc and Sensor Networks, 2003.

[4] YihChun Hu, Adrian Perring, David B. Johnson: Rushing Attacks and Defenses in Wireless Ad hoc Network Routing Protocols. In ACM Journal, September 2003.

[5] Svetlana Radosavac, John S. Baras, Iordanis Koutsopoulos: A framework for MAC Protocol Misbehavior Detection in Wireless Networks. .In ACM Journal, September 2005.

[6] Dr. M.S.Aswal, Paramjeet Rawat, Tarun Kumar: Threats and Vulnerabilities in Wireless Mesh Networks. In International Journal of Recent Trends in Engineering, November 2009.

[7] Nitish Balachandran: Surveying Solutions to Securing On-Demand Routing Protocols on MANETs. In BITS Pilani.

[8] Ritesh Maheshwari, Jie Gao and Samir R Das: Detecting Wormhole Attacks in Wireless Networks Using Connectivty Information. In Stony Brook University.

[9] Sreedhar. C, Dr. S. Madhusudhana Verma and Dr. N. Kasiviswanath: Potential Security Attacks On Wireless networks and Their Countermeasure. In International Journal of Computer Science & Information Technology (IJCSIT), October 2010.

[10] Po-Wah Yau and Chris J. Mitchell: Security Vulnerabilities in Ad hoc Networks. In Royal Holloway and University of London.

[11] Sachin Dev Kanawat, Pankaj Singh Parihar: Attacks in Wireless Networks. In International Journal of Smart Sensors and Ad hoc Networks (IJSSAN). In 2011.

[12] Hai Vu, Ajay Kulkarni, Kamil Sarac, and Neeraj Mittal: WORMEROS- A new framework for defending against Wormhole Attacks on Wireless Ad Hoc Networks. In Springer, 2008.

[13] S.A.Arunmozhi and Y.Venkataramani: DDos Attack and Defense Scheme in Wireless Ad Hoc Networks. In International Journal of Network Security & Its Applications, May 2011.

[14] Sun Choi, Doo-young Kim, Do-hyeon Lee, Jae-il Jung: WAP- Wormhole Attack Prevention Algorithm in Mobile Ad Hoc Networks. In IEEE International Conference on Sensor Networks, Ubiquitous and Trustworthy Computing, 2008.

[15] YihChun Hu, Adrian Perring, David B. Johnson: Wormhole Attacks in Wireless Networks. In IEEE Journal on Selected Areas in Communications, February 2006.

[16] Weichao Wang and Aidong Lu: Visualization Assisted Detection of Sybil Attacks in Wireless Networks. In ACM Journal, November 2006. [17] Yongguang Zhang: A Multilayer IP Security Protocol for TCP Performance Enhancement in Wireless Networks. In IEEE Journal on

Selected Areas in Communications, May 2004.

[18] Amol A. Bhosle, Tushar P. Thosar and Snehal Mehatre: Black Hole and Worm Hole Attack in Routing Protocol AODV in MANET. In International Journal of Computer Science, Engineering and Applications, February 2012.

[19] Nital Mistry and Devesh C Jinwala: Improving AODV Protocol against Black hole attacks. In Proceedings of the International MultiConference of Engineers and Computer Scientists, March 2010.

[20] Shalini Jain and Dr.Satbir Jain: Detection and Prevention of Wormhole attack in mobile Ad hoc networks. In International Journal of Computer Theory and Engineering, February 2010.