Security for Ad Hoc Networks

1 Ad Hoc NetworksBy Shashi GurungAssistant ProfessorCTIEMT

1

Ad Hoc Networks2An ad hoc network is a temporary connection between computers and devices used for a specific purpose, such as sharing documents during a meeting or playing multiplayer computer games.

An ad hoc network is made up of multiple nodes connected by links.

2

Characteristics3No fixed infrastructureAuto-configurable network and Self organizingDynamic changing topologyMobile devices join/leave the network unexpectedly; they can also move freelyEnergy-constrained-limited energyLimited bandwidthAutonomous- - Each node also serves as routerHelp to relay packets received from neighborsMultihop Communication

3

41)Distributed operation: There is no background network for the central control of the network operations, the control of the network is distributed among the nodes. The nodes involved in a adhoc should cooperate with each other and communicate among themselves and each node acts as a relay as needed, to implement specific functions such as routing and security.

2) Multi hop routing: When a node tries to send information to other nodes which is out of its communication range, the packet should be forwarded via one or more intermediate nodes.

3) Autonomous terminal: In adhoc, each mobile node is an independent node, which could function as both a host and a router.

4) Dynamic topology: Nodes are free to move arbitrarily with different speeds; thus, the network topology may change randomly and at unpredictable time. The nodes in the MANET dynamically establish routing among themselves as they travel around, establishing their own network.

5) Light-weight terminals: In maximum cases, the nodes at adhoc are mobile with less CPU capability, low power storage and small memory size.

6) No infrastructure: The adhoc network is infrasctureless network which means they are not depended on any infrastructure.

7) Dynamic changing topologyMobile devices join/leave the network unexpectedly; they can also move freely

8)-Energy Constraint-Limited energy because of dependent on battery.

Comparison5ADHOC vs. Wired networksIn MANETs, each node also works as router for forwarding packetsIn wired networks, routers perform routing taskADHOCs vs. Managed wireless networksNo infrastructure in MANETsSpecial node known as access point (AP) in managed wireless networks

5

6

7ApplicationsMilitary arena: An ad hoc networking will allow the military battleground to maintain an information network among the soldiers, vehicles and headquarters

Provincial level: Ad hoc networks can build instant link between multimedia network using notebook computers or palmtop computers to spread and share information among participants (e.g. Conferences).

Personal area network: A personal area network is a short range, localized network where nodes are usually associated with a given range.

Industry sector: Ad hoc network is widely used for commercial applications. Ad hoc network can also be used in emergency situation such as disaster relief. The rapid development of non-existing infrastructure makes the ad hoc network easily to be used in emergency situation.

Bluetooth: Bluetooth can provide short range communication between the nodes such as a laptop and mobile phone.

8The advantages of an ad hoc network include: Separation from central network administration. Self-configuring nodes are also routers. Self-healing through continuous re-configuration. Scalability incorporates the addition of more nodes. Mobility allows ad hoc networks created on the fly in any situation where there are multiple wireless devices.Flexible ad hoc can be temporarily setup at anytime, in any place. Lower getting-started costs due to decentralized administration. The nodes in ad hoc network need not rely on any hardware and software. So, it can be connected and communicated quickly.

Types of Ad Hoc NetworksMANETWSNWMNVANETs

A MANET Mobile Adhoc Network10

http://www.comp.nus.edu.sg/~xuemingq/research.html

10

Mobile Devices11Laptop computersPagers, cellular phones, PDAsIn-car navigators -Dash ExpressDash units talk to each other and form a network that connects to the InternetTraffic speed data is sent back to the company, then broadcast back to all local dash unitsSensors

11

Wireless Sensor Network (WSN)12An emerging application area for MANETsA collection of cheap to manufacture, stationary, tiny sensorsNetwork lifetime -- power as a major driving issueBattlefield surveillance, environment monitoring, health care, etc.

12

WSN Example13

http://www.alicosystems.com/wireless%20sensor.htm

13

Other MANETs applications14Collaborative work Crisis-management applicationsPersonal Area Networking (PAN)

14

MANETA Mobile Ad-hoc Network (MANET) is a collection of autonomous nodes or terminals which communicate with each other by forming a multi-hop radio network and maintaining connectivity in a decentralized manner over relatively bandwidth constrained wireless links.. Each device in a MANET is free to move independently in any direction, and will therefore change its links to other devices frequently.The topology is highly dynamic and frequent changes in the topology may be hard to predict.

Multi hop communicationMay need to traverse multiple links to reach destination

Mobility causes route changes

Network Architecture

17

Difference between Cellular and Ad-hoc Networks Cellular NetworksAd-hoc NetworksFixed, pre-located cell sites and base stations.

Slow DeploymentNo fixed base stations,

Very rapid deployment.Static backbone network topology

Single HopHighly dynamic network topologies,

Single and Multihop CommunicationRelatively favorable environment

Stable connectivity.Hostile environment (losses, noise)

Irregular connectivity.Detailed planning before base stations can be installed.Ad-hoc network automatically forms and conforms to change.

Cellular WirelessSingle hop wireless connectivity to the wired worldSpace divided into cellsA base station is responsible to communicate with hosts in its cellMobile hosts can change cells while communicatingHand-off occurs when a mobile host starts communicating via a new base station

Security Requirements in MANETs20AvailabilityAuthorization and Key ManagementData Confidentiality Data IntegrityNon-repudiation

20

Challenges/Issues in Adhoc21No infrastructure Peer-to-peer architecture with multi-hop routingMobile device physical vulnerabilityStringent resource constraintsWireless medium Node mobility

21

Threats 22Attacks External attacksInternal attacksPassive attacksActive attacksMisbehavior

22

MANET Routing Protocols23Topology-based approachesProactive routing (table driven)Reactive routing (on demand)Hybrid routingPosition-based approaches

23

Comparison24Proactive routingProactive routing protocols are also called as table driven routing protocols.

In this every node maintain routing table which contains information routes to all possible destinations.

The routing tables are updated periodically whenever the network topology changes

Not suitable for large networks as they need to maintain node entries for each and every node in the routing table of every node

E.g. DSDV, WRP, TBRPF, OLSR, etc.

24

25Reactive routingReactive routing protocol is also known as on demand routing protocolRoute is discovered whenever it is neededTwo major components 1) Route discovery: In this phase source node initiates route discovery on demand basis. Source nodes consults its route cache for the available route from source to destination otherwise if the route is not present it initiates route discovery. The source node, in the packet, includes the destination address of the node as well address of the intermediate nodes to the destination.

2) Route maintenance: Due to dynamic topology of the network cases of the route failure between the nodes arises due to link breakage etc, so route maintenance is done. Reactive protocols have acknowledgement mechanism due to which route maintenance is possible

E.g. DSR, ADOV, TORA, etc.

25

26

Hybrid routing protocol

Ccombination of both proactive and reactive routing protocol.

Proactive protocols have large overhead and less latency while reactive protocols have less overhead and more latency

It uses the route discovery mechanism of reactive protocol and the table maintenance mechanism of proactive protocol so as to avoid latency and overhead problems in the network

DSR vs. AODV27Dynamic source routing (DSR)Source broadcasts RREQ through the networkIntermediate nodes add its address to RREQ and continue broadcasting until RREP receivedFull path chosen by source and put into each packet sent

Ad hoc on-demand distance vector (AODV) Hop-by-hop routingSource sends RREQ to neighborsEach neighbor does so until reach the destinationDestination node sends RREP follow the reverse pathSource doesnt put whole path but only next hop addrress in outgoing packets

27

Route Discovery in DSRBASEFHJDCGIK

ZY

Represents a node that has received RREQ for D from SM

N

L

Route Discovery in DSRBASEFHJDCGIK

Represents transmission of RREQZY

Broadcast transmission

M

N

L

[S][X,Y] Represents list of identifiers appended to RREQ

Route Discovery in DSRBASEFHJDCGIK

Node H receives packet RREQ from two neighbors: potential for collisionZY

M

N

L

[S,E][S,C]

Route Discovery in DSRBASEFHJDCGIK

Node C receives RREQ from G and H, but does not forward it again, because node C has already forwarded RREQ onceZY

M

N

L

[S,C,G][S,E,F]

Route Discovery in DSRBASEFHJDCGIK

ZY

M

Nodes J and K both broadcast RREQ to node D Since nodes J and K are hidden from each other, their transmissions may collide N

L

[S,C,G,K][S,E,F,J]

Route Discovery in DSRBASEFHJDCGIK

ZY

Node D does not forward RREQ, because node D is the intended target of the route discoveryM

N

L

[S,E,F,J,M]

Route Discovery in DSR

Destination D on receiving the first RREQ, sends a Route Reply (RREP)

RREP is sent on a route obtained by reversing the route appended to received RREQ

RREP includes the route from S to D on which RREQ was received by node D

Route Reply in DSRBASEFHJDCGIK

ZY

MN

L

RREP [S,E,F,J,D]

Represents RREP control message

Dynamic Source Routing (DSR)

Node S on receiving RREP, caches the route included in the RREP

When node S sends a data packet to D, the entire route is included in the packet headerhence the name source routing

Intermediate nodes use the source route included in a packet to determine to whom a packet should be forwarded

Data Delivery in DSRBASEFHJDCGIK

ZY

M

N

L

DATA [S,E,F,J,D]Packet header size grows with route length

AODVRoute Requests (RREQ) are forwarded in a manner similar to DSR

When a node re-broadcasts a Route Request, it sets up a reverse path pointing towards the sourceAODV assumes symmetric (bi-directional) links

When the intended destination receives a Route Request, it replies by sending a Route Reply (RREP)

Route Reply travels along the reverse path set-up when Route Request is forwarded

AODV Forward path setupRREQ arrives at a node that has current route to the destination ( larger/same sequence number) unicast request reply (RREP) to neighborRREP travels back to the source along reverse path each upstream node updates dest_sequence_#, sets up a forward pointer to the neighbor who transmit the RREP

AODV Reverse path setupCounters : Sequence number, Broadcast idReverse PathBroadcast route request (RREQ) < source_addr, source_sequence-# , broadcast_id, dest_addr, dest_sequence_#, hop_cnt >RREQ uniquely identified by Route reply (RREP) if neighbor is the target, or knows a higher dest_sequence_#Otherwise setup a pointer to the neighbor from whom RREQ was receivedMaintain reverse path entries based on timeouts

Route Requests in AODVBASEFHJDCGIK

ZY

Represents a node that has received RREQ for D from SM

N

L

Route Requests in AODVBASEFHJDCGIK

Represents transmission of RREQZY

Broadcast transmission

M

N

L

Route Requests in AODVBASEFHJDCGIK

Represents links on Reverse PathZY

M

N

L

Reverse Path Setup in AODVBASEFHJDCGIK

Node C receives RREQ from G and H, but does not forward it again, because node C has already forwarded RREQ onceZY

M

N

L

Reverse Path Setup in AODVBASEFHJDCGIK

ZY

M

N

L

Reverse Path Setup in AODVBASEFHJDCGIK

ZY

Node D does not forward RREQ, because node D is the intended target of the RREQM

N

L

Forward Path Setup in AODVBASEFHJDCGIK

ZY

MN

L

Forward links are setup when RREP travels alongthe reverse path

Represents a link on the forward path

Route Request and Route ReplyRoute Request (RREQ) includes the last known sequence number for the destination

An intermediate node may also send a Route Reply (RREP) provided that it knows a more recent path than the one previously known to senderIntermediate nodes that forward the RREP, also record the next hop to destination

A routing table entry maintaining a reverse path is purged after a timeout intervalA routing table entry maintaining a forward path is purged if not used for a active_route_timeout interval