Er. Banita Chadha* et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No.

9, Issue No. 1, 101 - 104

Security Architecture for Mobile Adhoc Networks

Er. Banita Chadhaa, Er. Zatin Guptab
Lecturer, Department of Information and Technology, Maharishi Markandeshwar Engineering College, Maharishi Markandeshwar University, Mullana, Ambala (Haryana) banit23@yahoo.com, Tel No: 91-8059666060. B Student, Department of Computer Science and Engineering, Maharishi Markandeshwar Engineering College, Maharishi Markandeshwar University, Mullana, Ambala (Haryana) zatin.gupta2000@gmail.com, + 919996097545
A

ABSTRACT Although security issues in Mobile Ad-hoc NETworks (MANETs) have been a major focus in the recent years, the development of most secure schemes for these networks has not been entirely achieved till now. This paper summarizes three main technical contributions about Security Architecture for Wireless Ad hoc Networks. This paper will provide an overview of two of the most important security problems in MANETs: Authentication and Cooperation. In an ad hoc network there is no supporting infrastructure like base stations, access points or wireless switching centers. The two main conclusions of our research are that authentication issues that have to be taken into account with a global vision at the first stage of any network formation, and that a good cooperative enforcement scheme seems to be the best solution to the selshness problem. A general description of functionalities in each layer is given and we analyze the security mechanisms in military applications in the scope of the proposed security architecture. Keywords: Security Attacks, Layered Architecture of MANETs. 1. INTRODUCTION

Ad hoc networks are subject to various kinds of attacks. Wireless communication links can be eavesdropped on without noticeable effort and communication protocols on all layers are vulnerable to specific attacks. In contrast to wireline networks, known attacks like masquerading, man-in-the-middle, and replaying of messages can easily be carried out. A central issue concerning the design of any service in ad hoc networks is not to rely on any centralized entities, because such entities would obviously be easy to attack, and their reach ability could not be guaranteed at all times for all participants of the network. Therefore, it is not possible to implement a centralized, trusted entity for managing public keys of the participants as performed in local area networks or the Internet. Instead, a distributed solution must be found. The nature of ad hoc networks poses a great challenge to system security designers due to the following reasons:

IJ A
ISSN: 2230-7818

1) The wireless network is more susceptible to attacks ranging from passive eavesdropping to active interfering.

@ 2011 http://www.ijaest.iserp.org. All rights Reserved.

ES
I.

2) The lack of an online CA or Trusted Third Party adds the difficulty to deploy security mechanisms. 3) Mobile devices tend to have limited power consumption and computation capabilities which makes it more vulnerable to Denial of Service attacks and incapable to execute computation-heavy algorithms like public key algorithms 4) In MANETs, there are more probabilities for trusted node being compromised and then being used by adversary to launch attacks on networks, in another word, we need to consider both insider attacks and outsider attacks in mobile ad hoc networks, in which insider attacks are more difficult to deal with 5) Node mobility enforces frequent networking. Reconfiguration which creates more chances for attacks, for example, it is difficult to distinguish between state routing information and faked routing information. Security in Ad- hoc networks:

Providing adequate security measures for ad hoc networks is a challenging task. In a security concept, typically striving for goals like

Page 101

Er. Banita Chadha* et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 9, Issue No. 1, 101 - 104

2. SECURITY ARCHITECTURE FOR MANETS:

A layered architecture can provide such advantages as modularity, simplicity, flexibility, and standardization of protocols. Follow this thought; we present here a layered secure architecture for MANETs in Figure 1. The figure depicts five-layer security architecture for MANETs, and the functionalities of each layer are illustrated as below:

IJ A
Figure 1
ISSN: 2230-7818

1. SL1, Trust Infrastructure Layer: refers to the basic trust relationship between nodes, for example, like a well deployed PKI environment. Since in

ES

authenticity, integrity, confidentiality, nonrepudiation and availability, authentication of communicating entities is of particular importance as it forms the basis for achieving the other security goals: e.g., encryption is worthless if the communication partners have not verified their identities before. There are five main security services for MANETs: authentication, confidentiality, integrity, non-repudiation, availability. Authentication means that correct identity is known to communicating partner. Confidentiality means certain message Information is kept secure from unauthorized party. Integrity means message is unaltered during the communication. Non-repudiation means the origin of a message cannot deny having sent the message. Availability means the normal service provision in face of all kinds of attacks. In this paper, we propose security architecture from a layered view, then the functionalities of each layer is described. We further analyze the application of the proposed security architecture in military applications.

MANETs, there is no centralized authority to help establish the trust relationship between communicating nodes, the security mechanisms in this layer are expected to be constructed in a distributed manner and are the basic building block of the whole security system. Thus, SL1 poses a great challenge to system security designers. The security association established in trust infrastructure layer must serve for the upper layer security mechanisms. 2. SL2, Communications Security Layer: refers to the security mechanisms applied in transmitting data frames in a node-to-node manner, such as security protocol WEP working in data link layer in OSI model, or physical protection mechanisms like frequency hopping. Security Mechanisms deployed in this layer may keep data frame from eavesdropping, interception, alteration, or dropping from unauthorized party along the route from the source to the destination. 3. SL3, Routing Security Layer: refers to security mechanisms applied to routing protocols. In MANET, nodes exchange information about their knowledge of neighborhood connectivity and construct a view of the network topology so that they can route the data packets to the correct destinations. Every node is required to participate in the routing activity and routing is an important part to keep the network connected. Hence, SL3 is of particular significance in MANETs. In fact, the routing security layer involves two aspects: secure routing and secure data forwarding. In secure routing aspect, nodes are required to cooperate to share correct routing information to keep the network connected efficiently; in secure data forwarding aspect, data packets on the fly should be protected from tampering, dropping, and altering by any unauthorized party. 4. SL4, Network Security Layer: refers to the security mechanisms used by the network protocols which perform sub-network access operations from end system to end system. For example, we can achieve the security services like peer entity authentication, confidentiality and integrity as the network layer security protocol IPSec provides

@ 2011 http://www.ijaest.iserp.org. All rights Reserved.

Page 102

Er. Banita Chadha* et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 9, Issue No. 1, 101 - 104

5. SL5, End-to-End Security Layer: refers to end system security, such as SSL, SSH, and any application-specific security protocol. The security protocols in this layer is independent of the underlying networking technology since the related security mechanisms are restricted to only intended parties. The provision of any security service in this layer is highly dependent upon security requirements related to specific applications. 3. SECURITY CHALLENGES:

1) Impersonation: An Act whereby one Entity assumes the identity and privileges of another Entity without restrictions and without any indication visible to the recipients of the impersonator's calls that delicately has taken place as shown in Figure 2.

4. SECURITY ATTACKS:

MANETs vulnerabilities and lacks give rise to attacks at network layer of ISO/OSI stack. There are basically two types of attacks: Active and Passive. In an active attack, information is inserted to the network and thus the network operation or some nodes may be harmed. Examples are Impersonation, Modification, Fabrication and Disclosure attack. Nodes that perform active attacks with the aim of damaging other nodes by causing network outage are considered to be malicious. In a passive attack, a malicious node either ignores operations supposed to be accomplished by it (examples: silent discard, partial routing information hiding), or listens to the channel, attempting to retrieve valuable information (example: vesdropping). Nodes that perform passive attacks with the aim of saving battery life for their own communications are considered to be selfish.

IJ A
ISSN: 2230-7818

In this paper, we are discussing some of the active attacks given below:

ES

1) Channel Vulnerability: Broadcast Wireless channels allow message Eavesdropping and injection easily. 2) Node Vulnerability: Nodes do not reside in physically protected places, thus easily fall under attack. 3) Absence of Infrastructure: Certification/ Authentication Authorities are absent. 4) Dynamically Changing Network Topology puts security of routing protocols under threat. 5) Power and Computational Limitations prevent the use of complex Encryption Algorithms.

2) Blackhole attacks: A Blackhole is a malicious node that falsely replies for route requests without having an active route to the destination and exploits the Routing Protocol to advertise itself as having a good and valid path to a destination node. As shown in Figure 3, a malicious node tries to become an element of an active route, if there is a chance and it has bad intention of disrupting data packets being sent to the destination node or obstructing the route discovery process.

3) Grayhole attacks: A Grayhole may forward all packets to certain nodes but may drop packets coming from or destined to specific nodes. In this

T
Figure.2 Figure 3
Page 103

@ 2011 http://www.ijaest.iserp.org. All rights Reserved.

Er. Banita Chadha* et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 9, Issue No. 1, 101 - 104

type of attack, node may behave maliciously for some time but later on it behaves absolutely normally. This type of attacks is more difficult compared to black hole attack. 4) Wormhole attacks: In a wormhole attack, a malicious node can record packets (or bits) at one location in the network and tunnel them to another location through a private network shared with a colluding malicious node. Wormhole attack can be done with one node also, but generally two or more attackers connect via a link called wormhole link. Wormhole attack is of three types: Closed Wormhole, Half Open Wormhole, and Open Wormhole. All of these have been shown in Figure 4.

6. REFERENCES: [1] Balakrishnan, V. Varadharajan, U. K. Tupakula, and P.Lucs, "Trust Integrated Cooperation Architecture for Mobile Ad-hoc Networks". Proceedings of 4th IEEE International Symposium on Wireless Communication Systems (ISWCS 2007), Trondheim, Norway, 2007. [2] L. Buttyan and J. Hubaux, "Nuglets: A Virtual Currency to Stimulate Cooperation in Selforganized Ad hoc Networks". Technical Report (DSC/2001/001), Swiss Federal Institute of Technology, 2001. [3] P. Papadimitratos, Z. Haas, Secure Data Transmission in Mobile Ad Hoc Networks, ACM Workshop on Wireless Security, 2003. [4] M.S. Corson, J.P. Maker, and J.H. Cernicione, Internet-based Mobile Ad Hoc Networking, IEEE Internet Computing, pages 6370, July-August 1999. [5] Lidong Zhou and Zygmunt J. Hass, Securing Ad Hoc Networks, IEEE Networks Special Issue on Network Security, November/December 1999. [6] B. Dahill, B. Levine, E. Royer, and C. Shields. A Secure Routing Protocol for Ad Hoc Networks. Technical Report UMCS- 2001-037, CS Dept., Umass 2001. [7] D. Balfanz, D.K.Smetters, P.Stewart and H. Chi Wong: Talking To Strangers: Authentication in Ad Hoc Wireless Networks, appeared in Network and Distributed System Security Symposium, 2002. [8] F. Stajano and R. Anderson: The Resurrecting Duckling: Security Issues for Ad-Hoc Wireless networks. In Proceedings of the 7th International Workshop on Security Protocols, 1999. [9] H. Yang, X. Meng and S. Lu: Self-Organized Network-Layer Security in Mobile Ad Hoc Networks, ACM, 2002. [10] J. Kong, P. Zerfos, H. Luo, S. Lu, and L. Zhang, Providing Robust and Ubiquitous Security Support for Mobile Ad Hoc Networks, Proc. Ninth Intl Conf. Network Protocols(ICNP), Nov. 2001. [11]J-P. Hubaux, L. Buttyan and S. Capkun: The Quest for Security in Mobile Ad Hoc Networks, Proceedings of the 2nd ACM MobiHOC, 2001. [12] L.Buttyan, J. Hubaux Enforcing Service Availability in Mobile Ad-Hoc WANs, 1st IEEE/ACM workshop on Mobile Ad Hoc Networking and Computing, 2000.

MANETs require a reliable, efficient, and scalable and most importantly, a secure protocol as they are highly insecure, self-organizing, rapidly deployed and they use dynamic routing. In this paper, we discussed the vulnerable nature of the mobile ad hoc network, and owe to that; there are numerous security threats that disturb the development of it. This paper also covers the security attributes and the various challenges to security design. This paper also presents the security issues. Then it presents the main attack types that exist in it. This Paper has focused on designing security architecture in tackling security challenges that mobile ad hoc networks are facing.

IJ A
Figure 4 5. CONCLUSION:
ISSN: 2230-7818

ES
@ 2011 http://www.ijaest.iserp.org. All rights Reserved.

Page 104