1.3 SECURE ROUTING IN MANET This thesis primarily focuses on the safety problems from a network layer perspective. As mentioned in chapter 2, many routing protocols for MANETs exist although none of them address the foremost necessary issue, namely, security. So as to review the attacks and threats, and to plot a protocol that addresses them, an understanding of the operating setting is required. [10] The setting may be a managed setting, wherever a typical trustworthy authority exists like a RADIUS server or it may be an open setting wherever there’s no a priori trust relationship between the nodes. [04]For example in a very field of battle , the nodes have a typical trust authority that executes the key management functions. …show more content…
Most of the attacks represent square measure targeted on the on-demand and reactive protocols like AODV, DSR, etc. The subsequent sections inspect these attacks in additional detail. . Figure 1.3: Classification of attacks on MANET routing protocols 1.5 ATTACKS EXPLOTATION MODIFICATION In this variety of attack, the protocol fields of the messages passed among the nodes is changed, there by leading to traffic subversion or Denial of Service (DoS) attacks. The subsequent sections discuss a number some of these attacks [03] (a)Redirection by changed route sequence numbers: This attack is feasible against the AODV protocol. Take into account the network shown in figure 1.4 [13]. If M could be a malicious node that overhears the published RREQ packet for the destination X originated by S, then it sends a false RREP packet with a extended route to X (adding itself to the list) and a bigger destination sequence range than that last publicized by X. This may create S to route all its packets through M, since M advertises a fresherman route to X. [17] (b)Redirection with changed hop count: This kind of attack is targeted against the AODV protocol during which a malicious node will increase the possibilities that they are enclosed on a new created route by resetting the hop count field of a RREQ packet to zero. [17] Figure 1.4: Example of MANET with a malicious node [13] (c)Denial of Service with
In this modern day and age of computing, networks are a huge part of IT. It is important now more than ever that data sent over any network, whether it be a LAN (Local Area Network) or WAN (Wide Area Network; The Internet) is kept safe, private (when required) and uninterrupted in
AODV are utilized, instead of broadcasting data packets, S start off a route discovery protocol that requires broadcasting smaller Route Request
To reduce the risk of these types of attacks, routers should be hardened, packet filtering controls should be used and routing information should be controlled.
Data Modification Attack: An adversary modifies the value of one or more the data readings either by hijacking the sender sensor or inserting itself between the sender and receivers.
3.2. BlackHole. In this attack,malicious nodes advertise very short paths (sometimes zero-cost paths) to every other node, forming routing black holes within the network [41]. As their advertisement propagates, the network routes more traffic in their direction. In addition to disrupting traffic delivery, this causes intense resource contention around the malicious node as neighbors compete for limited bandwidth.
Generic Attacks against Routing: Routing is very important function in MANETs. It can also be easily misused, leading to several types of attack. Routing protocols in general are prone to attacks from malicious nodes. These protocols
In this report I will be describing the ways in which networks can be attacked, also be giving real life example of each of the below.
The attacker correlates the packet transmission times of each node and traces the packets hop-by-hop from its source to its destination. The intuition here is that under normal scenarios, each intermediate forwarder will forward a packet towards its destination without adding additional delay or packet mixing. Privacy can be enhanced when each forwarder node adds a random delay before transmitting the packet ~\cite{zhang2012, shao2008} or route the packets to fake destinations~\cite{deng2005}.
In this example, here node A wants to send data packets to node D and starts to find the shortest path for its destination, so if node D is a malicious node then it will show that it has active route to the specified destination. It will then send the response In the example, data packets transfer in a hierarchic data center network. The link capacity is 1000 kb/s. The number on each is the traffic load. The distribution of traffic is based on equal cost multi-path (ECMP). In figure 8, we can see that the 3). Congestions
(b) Redirection with modified hop count: This type of attack is targeted against the AODV protocol in which a malicious node can increase the chances that they are included on a newly created route by resetting the hop count field of a RREQ packet to zero. [17]
Being proactive, AODV doesn’t need all its nodes in a network to maintain the routes to destinations rather request a route only when needed i.e., only the nodes which are communicating would require to maintain the route. Also AODV uses sequence numbers to avoid routing loops like in DSDV. Whenever a node needs to communicate with another node, a route has to be found and for that purpose Route Request (RREQ) message is broadcasted to all its neighbors till it reaches the destination node or route to destination. A temporary route table entry in initiated by the RREQ messages throughout the network. Once the destination or a route is found, Route Reply (RREP) message is sent back to source by unicasting along the temporary reverse path of the received RREQ message. RREP message initiates in creating a routing table entries for the destination in intermediate nodes on its way back to source. After certain amount of time these routing table entries expire. Neighbors are detected by periodic HELLO messages (a special RREP message). If a node A does not receive HELLO messages from a neighbor B through which it sends traffic, it assumes that a link is broken and the failure indication is forwarded to its active neighbors. When this message reaches the sources, then either they request a new route by sending new RREQ messages or stop sending data. HELLO messages and the
A node with the best behavior is assigned with the highest trust value e.i. 2, the nodes detected with the malicious behavior is assigned with the trust value < 0.5. The road side units (RSUs) are updated with the calculated trust values. Here, attacks related to the Link layer and physical layer are not considered. Instead, we have route trust values of the nodes and total number of nodes. Main advantage of the system is that malicious nodes are isolated from taking part in the network communication as we consider only most trustworthy node in the network.
In a sinkhole attack, the adversary’s goal is to lure nearly all the traffic from a particular area through a compromised node, creating a metaphorical sinkhole with the adversary at the center. Because nodes on, or near, the path that packets follow have many opportunities to tamper with application data, sinkhole attacks can enable many other attacks like selective forwarding. Sinkhole attacks typically work by making a compromised node look especially attractive to surrounding nodes with respect to the routing algorithm. For instance, an adversary could spoof or replay an advertisement for an extremely high quality route to a base
1. Reconnaissance - Summarize plausible active gathering, passive gathering, and active reconnaissance techniques that the adversary could have executed to gain intelligence on the target in the scenario.
The internet is a medium that is becoming progressively important as it makes information available in a quick and easy manner. It has transformed communications and acts as a global network that allows people to communicate and interact without being limited by time, boarders and distance. However, the infrastructure is vulnerable to hackers who use the system to commit cyber crime. To accomplish this, they make use of innovative stealth techniques for their malicious purposes in the internet.