current routing attacks in manet
DESCRIPTION
SUBMITTED BY:- AANCHAL MEHTA MNW-880-2K11. CURRENT ROUTING ATTACKS IN MANET. WIRELESS NETWORKS. refers to any type of computer network that is not connected by cables of any kind. - PowerPoint PPT PresentationTRANSCRIPT
CURRENT ROUTING ATTACKS IN MANET
SUBMITTED BY:- AANCHAL MEHTA
MNW-880-2K11
WIRELESS NETWORKS
refers to any type of computer network that is not connected by cables of any kind.
a technique that helps entrepreneurs and telecommunications networks to save the cost of cables for networking in specific premises in their installations.
The transmission system is usually implemented and administrated via radio waves .
Can be classified in two types:-
a) CELLULAR WIRELESS NETWORK
b) AD HOC WIRELESS NETWORK
CELLULAR WIRELESS NETWORK
a radio network distributed over land areas called cells, each served by at least one fixed-location transceiver, known as a base station.
these are the infrastructure based networks.
each cell uses a different set of frequencies from neighbouring cells, to avoid interference and provide guaranteed bandwidth within each cell.When joined together these cells provide radio coverage over a wide geographic area.
this enables a large number of portable transceivers to communicate with each other .
these networks have various advantages such as increased capacity,reduced power use,larger coverage area,reduced interference from other signals.
AD-HOC NETWORK
MANET is a collection of mobile nodes that can communicate with each other without the use of predefined infrastructure or centralized administration.
Each device in a MANET is free to move independently in any direction, and will therefore change its links to other devices frequently.
Each must forward traffic unrelated to its own use, and therefore be a router.
ROUTING IN MANET
The two algorithm that will be discussed are:-
a) Dynamic Source Routing
b) Ad-hoc On Demand Distance Vector Routing
Dynamic Source Routing (DSR)
It is an source initiated type of adhoc routing protocol.
When node S wants to send a packet to node D, but does not know a route to D, node S initiates a route discovery and floods Route Request (RREQ) .
Each node appends its own identifier when forwarding RREQ.
Route Discovery in DSR
B
A
S E
F
H
J
D
C
G
IK
Represents a node that has received RREQ for D from S
N
Route Discovery in DSR
B
A
S E
F
H
J
D
C
G
IK
Represents transmission of RREQ
Z
YBroadcast transmission
M
N
L
[S]
Route Discovery in DSR
B
A
S E
F
H
J
D
C
G
IK
Z
Y
M
N
L
[S,E]
[S,C]
Route Discovery in DSR
B
A
S E
F
H
J
D
C
G
IK
Z
Y
M
N
L
[S,C,G]
[S,E,F]
Route Discovery in DSR
B
A
S E
F
H
J
D
C
G
IK
Z
Y
M
N
L
[S,C,G,K]
[S,E,F,J]
Route Discovery in DSR
B
A
S E
F
H
J
D
C
G
IK
Z
Y
M
N
L
[S,E,F,J,M]
Route Discovery in DSR
Destination D on receiving the first RREQ,sends a Route Reply (RREP).
RREP is sent on a route obtained by reversing the route appended to received RREQ.
RREP includes the route from S to D on which RREQ was received by node D.
Route Reply in DSR
B
A
S E
F
H
J
D
C
G
IK
Z
Y
M
N
L
RREP [S,E,F,J,D]
Represents RREP control message
Dynamic Source Routing (DSR)
Node S on receiving RREP, caches the route included in the RREP.
When node S sends a data packet to D, the entire route is included in the packet header.
Intermediate nodes use the source route included in a packet to determine to whom a packet should be forwarded.
ADHOC ON-DEMAND DISTANCE VECTOR ROUTING
DSR includes source routes in packet headers and result is large headers can sometimes degrade performance,particularly when data contents of a packet are small.
AODV attempts to improve on DSR by maintaining routing tables at the nodes, so that data packets do not have to contain routes.
Route Requests (RREQ) are forwarded in a manner similar to DSR.
When a node re-broadcasts a Route Request, it sets up a reverse path pointing towards the source AODV assumes symmetric (bi-directional) links.
When the intended destination receives a Route Request, it replies by sending a Route Reply.
Route Reply travels along the reverse path set-up when Route Request is forwarded
Route Requests in AODVRoute Requests in AODV
B
A
S EF
H
J
D
C
G
IK
Represents a node that has received RREQ for D from S
M
N
L
Route Requests in AODVRoute Requests in AODV
B
A
S EF
H
J
D
C
G
IK
Represents transmission of RREQ
Broadcast transmission
M
N
L
Route Requests in AODVRoute Requests in AODV
B
A
S EF
H
J
D
C
G
IK
Represents links on Reverse Path
M
N
L
Reverse Path Setup in AODVReverse Path Setup in AODV
B
A
S EF
H
J
D
C
G
IK
M
N
L
Reverse Path Setup in AODVReverse Path Setup in AODV
B
A
S EF
H
J
D
C
G
IK
M
N
L
Reverse Path Setup in AODVReverse Path Setup in AODV
B
A
S EF
H
J
D
C
G
IK
M
N
L
Route Reply in AODVRoute Reply in AODV
B
A
S EF
H
J
D
C
G
IK
Represents links on path taken by RREP
M
N
L
Forward Path Setup in AODVForward Path Setup in AODV
B
A
S EF
H
J
D
C
G
IK
M
N
L
Forward links are setup when RREP travels alongthe reverse path
Represents a link on the forward path
ROUTING ATTACKS IN MANET
Flooding attack
Black hole attack
Link spoofing attack
Wormhole attack
Colluding Misrelay attack
FLOODING ATTACK
attacker exhausts the network resources, such as bandwidth and to consume a node’s resources, such as computational and battery power or to disrupt the routing operation to cause severe degradation in network performance.
For example:- in AODV protocol a malicious node can send a large number of RREQs in a short period to a destination node that does not exist in the network. Because no one will reply to the RREQs, these RREQs will flood the whole network. As a result all of the node battery power, as well as network bandwidth will be consumed and could lead to denial- of-service.
TECHNIQUE TO AVOID FLOODING ATTACK IN AODV PROTOCOL
each node monitors and calculates the rate of its neighbors’ RREQ. If the RREQ rate of any neighbor exceeds the predefined threshold, the node records the ID of this neighbor in a blacklist. Then, the node drops any future RREQs from nodes that are listed in the blacklist.
DRAWBACK :-
a) it cannot prevent against the flooding attack in which the flooding rate is below the threshold.
b) if a malicious node impersonates the ID of a legitimate node and broadcasts a large number of RREQs, other nodes might put the ID of this legitimate node on the blacklist by mistake.
BLACKHOLE ATTACK
a malicious node sends fake routing information, claiming that it has an optimum route and causes other good nodes to route data packets through the malicious one.
for example:- in AODV, the attacker can send a fake RREP (including a fake destination sequence number that is fabricated to be equal or higher than the one contained in the RREQ) to the source node, claiming that it has a sufficiently fresh route to the destination node.This causes the source node to select the route that passes through the attacker. Therefore, all traffic will be routed through the attacker, and therefore, the attacker can misuse or discard the traffic.
attacker A sends a fake RREP to the source node S, claiming that it has a sufficiently fresher route than other nodes.
the attacker’s advertised sequence number is higher than other nodes’ sequence numbers, the source node S will choose the route that passes through node A.
TECHNIQUE TO AVOID BLACKHOLE ATTACK
the route confirmation request (CREQ) and route confirmation reply (CREP) is introduced to avoid the black hole attack.
the intermediate node not only sends RREPs to the source node but also sends CREQs to its next-hop node toward the destination node. After receiving a CREQ, the next-hop node looks up its cache for a route to the destination. If it has the route, it sends the CREP to the source. Upon receiving the CREP, the source node can confirm the validity of the path by comparing the path in RREP and the one in CREP. If both are matched, the source node judges that the route is correct.
DRAWBACK :-
it cannot avoid the black hole attack in which two consecutive nodes work in collusion, that is, when the next-hop node is a colluding attacker sending CREPs that support the incorrect path.
WORMHOLE ATTACK
a pair of colluding attackers record packets at one location and replay them at another location using a private high speed network.
nodes A1 and A2 are two colluding attackers and that node S is the target to be attacked.
during the attack, when source node S broadcasts an RREQ to find a route to a destination node D, its neighbors C and E forward the RREQ as usual.
however, node A1, which received the RREQ, forwarded by node C, records and tunnels the RREQ to its colluding partner A2.
node A2 rebroadcasts this RREQ to its neighbor H. Since this RREQ passed through a high speed channel, this RREQ will reach node D first.
Therefore, node D will choose route D-H-C-S to unicast an RREP to the source node S and ignore the same RREQ that arrived later.
As a result, S will select route S-H-D that indeed passed through A1 and A2 to send its data.
HOW TO AVOID WORM HOLE ATTACK
The method used to avoid worm hole attack is GEOGRAPHICAL LEACHES.
In this each node must know its own location and should have
synchronized clocks. a sender of a packet includes its current position and the
sending time. Therefore, a receiver can judge neighbor relations by computing distance between itself and the sender of the packet.
advantage of geographic leashes is that the time synchronization needs not to be highly tight.
COLLUDING MISRELAY ATTACK
multiple attackers work in collusion to modify or drop routing packets to disrupt routing operation in a MANET.
the first attacker A1 forwards routing packets as usual to avoid being detected by node T. However, the second attacker A2 drops or modifies these routing packets.