2011 Wireless Advanced

Vulnerability Assessment of AODV and SAODV Routing Protocols Against Network Routing Attacks and Performance Comparisons
{F. Maan, Y. Abbas, N. Mazhar} National University of Sciences and Technology (NUST), Islamabad, Pakistan

AbstractSecure routing is an important issue in MANETs. Routing protocols can have vulnerabilities that may be exploited by malicious nodes to disrupt the normal routing behavior. In fact, vulnerabilities may even exist in secure versions of the routing protocols, which makes secure routing a real challenge to achieve. In this paper, we present vulnerability analysis of AODV and Secure AODV (SAODV) routing protocols against routing attacks. SAODV is a secure version of the basic AODV protocol that uses asymmetric key cryptography. We simulate a number of routing attacks to show that SAODV can counter most attacks that are successful against AODV. However, SAODV has vulnerabilities of its own that allow replay attacks to succeed. We, therefore, propose a new security scheme, Robust SAODV (R-SAODV), which incorporates temporal time stamping of SAODV extensions. Temporal time stamping addresses the issue of replay attacks by ensuring the freshness of the exchanged control messages. Our simulation results in ns-2 indicate that our proposed security scheme, R-SAODV, is able to achieve similar performance as SAODV. This implies that we have achieved added security with less additional cost to the system. Index TermsPerformance, routing attacks on AODV, SAODV

I. INTRODUCTION A mobile ad hoc network (MANET) is formed by randomly moving nodes that use the wireless medium to cooperatively forward data packets for nodes that are not within direct transmission range. Unlike routing in wired networks, ad hoc routing protocols cater for node mobility and quickly adapt to dynamically changing network topology. MANETs thus possess features like adaptivity, auto-conguration and the ability to operate in an environment where no previous infrastructure exists for communication. This allows the MANETs to meet communication needs in situations like military operations, disaster relief, emergency rescue, etc, by providing rapidly installable, cost effective and easily reusable solution. Several routing protocols have been designed for MANETs [12] each aimed at optimizing network routing performance. Among the MANET routing protocols, reactive protocols have gained more attention; a reactive protocol discovers a route only when needed. This enables the reactive protocols to achieve better performance than the proactive routing protocols, which discover and maintain all possible routes in the network even though they may never be used. A survey of ad hoc routing protocols in [12][3] provides a useful comparison of their performance. Besides network performance, link

adaptation and QoS, security is another challenge that needs consideration in real world MANETs. A malicious node can mount different types of routing attacks in MANETs to disrupt the normal routing process. Many secure routing schemes have been proposed in literature against network routing attacks. Such schemes employ cryptographic techniques to provide features like source authentication, message integrity and nonrepudiation. In this paper, we carry out vulnerability analysis of a popular MANET routing protocol, AODV [2] and its secure version SAODV [15]. We describe how AODV routing can be disrupted by an attacker by launching various routing attacks and show that the same routing attacks are prevented by SAODV by the use of asymmetric cryptography. We then demonstrate that SAODV is also vulnerable to certain types of replay attacks. We present new security extensions, R-SAODV, to SAODV protocol and demonstrate that they can prevent the replay attacks. The remainder of this paper is organized as follows: Section 2 presents related work in MANET security. In Section 3, we provide a brief overview of AODV and SAODV routing protocols with focus on their security aws followed by attack simulations section 4. Section 5 describes our proposed scheme, Robust SAODV (R-SAODV), which addresses the SAODV vulnerability against replay attacks. We provide the results of our attack simulations to show the effectiveness of our proposed security scheme. Protocol performance evaluation and comparison is presented in Section 6, followed by conclusion in Section 7. II. RELATED WORK MANETs are being widely researched. Routing in ad hoc networks faces a number of challenges like dynamic topology, node mobility, lack of infrastructure, low battery life, insecure medium and limited channel capacity. Analyzing the effect of these constraints on routing performance requires extensive evaluation through simulations, which generally employs qualitative and quantitative performance metrics. A comparison of quantitative metrics like packet delivery ratio, end to end delay, average throughput, transmission efciency and energy consumption provide a fairly accurate estimate of the routing performance under varying network scenarios. Securing MANET protocols is a major challenge in ad hoc networks. In addition to security, the network performance of the

978-1-4577-0109-2/11/$26.00 2011 IEEE

36

secure protocol must also be ensured; security extensions must not cause a signicant degradation of routing performance. A number of surveys [7][5][4] cover the security issues and intrusion detection schemes in MANETs. The proactive routing protocols are more difcult to secure as compared to reactive protocols; in table-driven protocols, all nodes keep updating their routing tables based on information broadcast by other nodes. Therefore, routing table overow attacks are possible that can disrupt the routing process. Reactive protocols are more robust against replay attacks because of the nature of routing messages involved, such as with AODV. Cryptographically secure routing protocols are robust against those attacks where the attacker launches the tampering, forging or spoong attacks. However, such schemes usually fail when two or more colluding nodes replay packets using a private network or attempt a wormhole attack. The attacks such as wormhole and tunneling cannot be stopped by most cryptographically secure protocols; misbehavior detection schemes or intrusion detection system (IDS)[11] are needed to counter them. The work presented in [6][12] provides an overview of the routing techniques and security constraints of ad hoc networks. Dahill et al. [1] presented ARAN, which requires authentication among nodes using a centralized certication authority. SAODV [15] was proposed to address security aws in AODV using digital signatures. SRP [10] makes use of HMAC for message authentication. Ariadne [13], based on TESLA, was proposed for DSR and requires clock synchronization among nodes. A serious limitation with most security solutions is that the secure variants generally counter limited attack scenarios and may fail under different threat models. The scheme proposed in [11] detects only the ooding attacks. Packet leashes [18] are proposed for wormhole attacks only. SAR [17] routing mechanism is based on behavior associated with the trust level of a user. SEAD [16], based on DSDV, incorporates concatenated hash chains for routing update authentication. In Table I we summarize the security capabilities of these secure protocols against different types of network routing attacks. Yuxia Lin et al. [14] have done performance comparison of AODV and SAODV routing protocols using a testbed of 10 nodes. They did experiments in outdoor and indoor environment and compared results with ns-2 simulations. III. VULNERABILITY ASSESSMENT A. Working of AODV AODV is an reactive routing algorithm that builds routes only when desired. It uses sequence numbers to ensure the freshness of routes. To nd a path to a destination, a node using AODV broadcasts a route request (RREQ) packet. The RREQ contains the nodes IP address, current sequence number, broadcast ID and most recent sequence number for the destination known to the source node. The destination node, on receipt of RREQ, sends a route reply (RREP) packet along the reverse path established at intermediate nodes during the route discovery process. In case of a link failure, a route error (RERR) packet is sent to the source and destination nodes. By

SEAD Wormhole Spoong Blackhole Flooding Disruption Tampering

Ariadne

SRP

SAODV

ARAN

SAR

Legend : = Possible : = Not Possible

TABLE I: Secure protocols vs. Routing attacks

the use of sequence numbers, a source nodes is always able to nd new valid routes. B. Security Flaws in AODV AODV is vulnerable to routing attacks by malicious nodes due to the lack of security features; secure protocols are generally designed to have features such as authentication, integrity, condentiality and non-repudiation. AODV can easily be manipulated by a malicious node to disrupt its routing. The misbehavior of an inside attacking node is discussed in [9]. The following actions can be taken by an inside attacker to disrupt routing in AODV: 1) modify/forge RREQ or RREP packets. 2) spoof destination or source IP address to pose as legitimate network node and thus receive or drop data packets. 3) generate fake RERR packets to increase routing delay and degrade network performance. 4) cause DoS by sending fake RREPs of highest sequence numbers (like Blackhole attack). 5) create routing loops and launch sleep deprivation or resource consumption attacks to deplete node batteries. 6) replay old routing messages or make a tunnel/wormhole to disrupt the normal routing behavior. C. Secure AODV (SAODV) SAODV [15] utilizes asymmetric or public key encryption to secure the AODV routing messages against routing attacks; both the mutable header eld (hop count) and non-mutable elds (source/destination addresses, sequence numbers) are secured by SAODV extensions by using hash chains and digital signatures. A source node calculates the hash chain as follows: generates a random number or seed: seed = hash

(1)

sets the MaxHopCount eld to the TimeToLive (from the IP header): M axHopCount = T imeT oLive (2)

then calculates Tophash eld, as: T ophash = hM axHopCount (seed) (3)

and nally generates a digital signatures, as: DigitalSignature = sigx (RoutingP acket) (4)

37

Parameters Communication Type Number of Nodes Simulation Area Simulation Time Transmission Range Attacking Nodes

Values CBR 7 1000 500 m2 100 sec 200 m 1 to 3

TABLE II: Simulation parameters Fig. 1: Network topology for attack simulations

A. Network Topology Figure 1 shows the network topology used; Node S, D and A are the source, destination and attacker nodes, respectively. Figure 2 shows the results of simulated routing attacks. B. Route Disruption Attack The attacker used fake and modied RREP, RERR packets to launch the route disruption attack in the network. In all three attacks, AODV routing was disrupted while SAODV was able to preserve the normal routing behavior. The slight variation in routing from normal case for SAODV is due to processing of extra attack packets. C. Route Invasion Attack The attack was launched by modifying and forging fake RREQ and RREP packets. We can see that the attack was successful against AODV but SAODV was able to detect the forged/modied agents and drop them to counter the attack. D. Blackhole Attack Using a Blackhole, the malicious node attracts all network trafc towards itself and then drops the packets. This leads to Denial of Service (DoS) in the network since attacker forwards no data packets. To simulate the blackhole attack, two routes were initiated by the source nodes S1, S2 and S3. The attack was launched by Node A by spoong IP addresses of destination nodes in RREQs packets and generating fake RREPs with highest destination sequence numbers. Blackhole attack was not successful in SAODV because fake RREP was not veried by the intermediate nodes. E. Replay Attack In replay attack, the attacker buffers the routing messages and at some later time replays those messages by spoong one of the communicating parties. By sending old RREQ packets and spoong the IP address of Node 0, the attacker deceives the destination node into believing that Node 0 is trying again to communicate with the destination node. Destination, in return, will generate RREP for the attacking node. Now attacker is in connection with the destination node claiming itself to be the original source node S and can send data packets of its own interest. An insider attack is successful under the following scenarios: When a node reboots it loses its sequence number. A malicious node buffering the victim nodes RREQ/RREP or RERR messages can manipulate them to disrupt network routing.

This mechanism makes it hard for an attacker to modify the contents of the routing messages since digital signature of node X can only be generated by X. Decrement of the hop count eld in the routing packet (RREQ or RREP) by a malicious node can be detected when it is processed for verication, since hash eld is checked as: T ophash = hM axHopCount
hopcount

(hash)

(5)

In case of RERR broadcast, only signature of the packet is sent. On receiving the RREQ, RREP or RERR packets, the intermediate or destination nodes verify the hash chain and digital signatures before forwarding the packets. D. Security Flaws in SAODV Mostly secure protocols are designed to address only specic attack scenarios and do not provide a complete security solution, as shown in Table I. Likewise, SAODV has security weaknesses; SAODV cannot prevent certain routing attacks such as wormhole, tunneling and replay attacks, which may not exploit forging or modication of routing data. In wormhole attack, two colluding malicious nodes send routing messages through a covert private high speed (wired or high power wireless) network. Whereas in replay attack, the attacker retransmits routing packets from previous sessions to disrupt routing or establish a connection with victim node for sending data packets of its own choice. We have simulated replay attack scenarios where SAODV fails to perform authentication and non-repudiation. The following attacks are found to be successful against SAODV: Wormhole and tunneling attacks Replay attacks Flooding attacks IV. ATTACK S IMULATIONS We have simulated message tampering, forging, replay and link spoong attacks against AODV and SAODV in ns-2.29 [8]. We modied the original AODV code that comes with ns2 package to implement SAODV functionality. Libgcrypt and Openssl encryption libraries were used for digital signature creation (DSA was implemented with 512 bit public key) and hash chain generation (160 bit SHA1). Table II shows the simulation parameters.

38

(a) Route disruption with RERR

(b) Route disruption with RREP

(c) Route disruption with RREQ

(d) Route invasion by modication and forging

(e) Blackhole attack

(f) Replay attack

Fig. 2: Simulation results for routing attacks

Attacker can deploy supporting attack nodes, which can ood the victim node to exhaust its battery. This forces the node to shutdown and come alive again with new battery if it still requires data transmission. We call such action of the victim node as reboot or node reboot. After reboot, when victim node initiates route discovery for previous destination again, the attacker can replay the previously buffered routing packets to disrupt normal routing, since these buffered packets are more fresh (e.g. in terms of sequence numbers and broadcast IDs). Likewise, in multi-net scenarios when a victim node moves from one subnet to another or reboots, the attacker can perform spoong to communicate with the victim node. Replay attacks can be launched within an active session in case victim node reboots or later when current active session expires by spoong the IP address.

V. ROBUST SAODV (R-SAODV) We have modied SAODV to make it robust against the replay attacks and we call the modied version as Robust SAODV (or R-SAODV). The SAODV RREQ-ext and RREP-ext messages are modied using our proposed security scheme; we add a 32 bit timestamp eld in the extension above signature eld and 16 bit reserved eld is used by ags and counters of the proposed scheme. We assume that nodes store the session IDs (a counter triggered/incremented by session initiation e.g. ftp, telnet, etc. and borrowed from TCP/IP layer from previous or current sessions with same destinations) and timestamps of the packets received along with the node address it has communicated with. Timestamp eld is updated by successive routing packets received. Session-ID and updated timestamp will be used by nodes as reference for future

sessions with same node. Two main reasons due to which SAODV failed to prevent replay attacks are: 1) Incomplete authentication and lack of discriminating old routing packets from new packets. 2) Attacker was spoong the IP address because IP header was not secure. We can overcome these two problems by: 1) Synchronizing of clocks by communicating nodes and time-stamping of packets. 2) Use of IPsec to secure the IP header. However, the main issue in employing the above solutions is the need of clock synchronization, which itself is a challenge in real time MANET scenarios. Secondly, securing IP layer with IPsec along with SAODV at routing layer would signicantly increase the overhead; therefore, these two solutions are not feasible. We propose modications in SAODV extension messages, which enables SAODV nodes to prevent replay attacks and name it Temporary Clocks Time Stamping (TCTS) A. Temporary Clock Time Stamping Temporary clock time stamping incorporates time stamping of packets to avoid replay attacks. However, timestamps solely are not used for packet freshness validity. This is performed by certain ags and counters whose instance values are used by nodes to determine further processing of routing packets. The modied scheme we propose includes: Use of timestamp by source node (included in the SAODV extension messages), which is used by the other nodes as a reference to discriminate new packets from old ones. Session ag and session ID elds, which enable the nodes to discriminate between current session packets and those existing from previous sessions.

39

Reset ag and clock reset check (or R-CHK) eld, which enable the source node or destination node to cater for reboots or clock resets and enable validity for time stamped packets. These elds are added above the signature eld of SAODV extension message and are, therefore, secured. Our proposed modication does not require any clock synchronization among nodes and without using IPsec the replay attack is countered. Figure 3 shows the modied packet format with additional elds for R-SAODV to counter replay attacks. 1) S-Flag and Session ID: When a node initiates the rst session or a new session with the same destination node, routing packets generated will have the S (session) ag in set state. The session ID eld is incremented by 1 only once for the rst packet. For the rest of the session, S ag is 0 and session ID eld remains the same. First packet: S = 1, S ID = 1 Rest of this session: subsequent packets S = 0, S ID = 1 For subsequent sessions, the same scheme is followed and Session ID is incremented one time only. 2) R-Flag and Reset Check (R-CHK) Field: A node will set R (reset) ag and increment the reset check eld (R-CHK) under the following conditions: For the rst packet of all sessions, R is set and R-CHK is incremented by one. If within the same session, a node is rebooted or clock resets to zero, the rst packet sent will have R set and R-CHK is incremented by one. First packet: R = 1, R CHK = 1 for S = 1, S ID = 1 If no reboot occur then for rest of this session: R = 0, S = 0, R CHK = 1, S ID = 1 If node reboots then: R = 1, R CHK = 2 up to n, for all new packets generated for route discovery. 3) Timestamp: Source node after creating a routing packet, sets R ag, increments R-CHK eld (for rst packet of current session), sets S ag and increments session ID. Then initiates temporary clock and appends its instance value in timestamp eld and signature of the packet is calculated. Destination node on receiving RREQ also initiates a temporary clock whose initial value is set equal to timestamp eld from RREQ, incremented by random parameter called alpha (). It then sets S-ID, S-ag, R-CHK and R-ag values using RREQ information and appends timestamp value by calling Clock(instance). After executing encryption scheme on RREP, it is then unicast back to source, which compares timestamps (which should be greater than the RREQ timestamp value sent) after signature verication. Similar actions are performed by the destination node on timstamps of incoming RREQ packets of current session. Since source node temporal clock is being used by destination also, as reference, and new additions do not require intermediate nodes to execute any new actions, therefore, this scheme does not require any advanced time

Fig. 3: Modied SAODV RREQ-extension message

synchronization among all network nodes. The nodes need not perform complex computations as only temporal clocks are to be initiated and timestamp elds are numerically compared. Therefore, our scheme does not add much computational overhead. New packet: timestamp > Old packet: timestamp Modications in SAODV extension message for RREQ is shown in Figure 3. RREP modications are likewise. 4) Comparison of Results: Figure 2(f) shows the sensitivity of AODV, SAODV and R- SAODV to replay attacks. Replay attack was successful in AODV because of the lack of security features. In SAODV, malicious node successfully launched replay attacks. However, R-SAODV successfully countered the attack by employing temporal time stamping as shown in SAODV extension message of Figure 3. VI. PERFORMANCE COMPARISON Performance comparison of protocols (AODV, SAODV, RSAODV and DSR) was done to determine the relative performance of AODV and its secure variants. Total number of nodes was varied from 20 to 100, with maximum speed of 20m/s for CBR trafc. Simulation results are shown in Figure 4 for the following parameters. Throughput is the number of data bits delivered to the application layer of destination node in unit time. Packet Delivery Ratio is the ratio of data packets delivered successfully to destination nodes and the total number of packets generated for those destinations. Delay refers to the time taken for a packet to be transmitted across the network from source to destination. Energy per Data is the amount of energy consumed per data byte delivered. A. Throughput AODV outperforms other protocols in throughput. A decrease of 5% to 35% was observed for SAODV and R-SAODV routing protocols when the number of nodes was varied from 20 to 100. This is attributed to the increase in control overhead of cryptographic security.

40

20 0 20 40 Nodes 70

20 0 20 40

5 0
Nodes

5 0

100

20 70

40 100

Nodes

70

100

20

40

Nodes

70

100

AODV 100
Throughput

SAODV

RSAODV

DSR

100
Throughput

80 60 40 20 0 20 40 Nodes 70

80 60 40 20 0

100

RSAODV DSR AODV AODV RSAODV DSR AODV AODV AODV SAODV RSAODV AODV SAODV SAODV SAODV RSAODV DSR AODV SAODV SAODV RSAODV DSR DSR RSAODV DSR 120 120 3 20 20 3000 100 100 2.5 2500 15 15 80 80 2 2000 60 1.5 60 10 10 1500 40 1 1000 40 5 5 500 20 0.5 20 0 0 0 0 0 0 40 70 100 20 20 40 70 100 100 20 20 40 70 100 20 40 20 70 40 10070 20 40 70 100 Nodes Nodes Nodes Nodes Nodes Nodes
Delay
EPD

SAODV

RSAODV

DSR

Delay

EPD

PDR

PDR

40 Nodes

70

100

(a) Throughput
AODV SAODV RSAODV DSR 3000 2500 2000 1500 B. Delay 1000 Packet delay is 500 0 But for networks
Delay

AODV

trafc control overhead and mobility. R-SAODV and SAODV has higher packet delay; almost 5 times more for 20 node network. This is because not only the nodes are generating larger size packets (almost 6 times larger in size than AODV) but the packets also undergo additional processing for signature verication. Therefore, with an increase in the size of encrypted header and processing time for routing messages, packet delay is much higher for SAODV and R-SAODV for large networks. C. Energy per Data

3000 100 2500 80 2000 60 1500 40 1000 low for small networks of up to 40 nodes. 20 500 of 70 to 100 nodes, 0not only the network 0 20 40 20 40 increases but70the 100 delay also increases70due100 the higher to 70 100 20 40 Nodes Nodes Nodes
PDR

(b) Delay (c) Energy per Data (d) Packet Delivery Ratio AODV SAODV RSAODV DSR SAODV AODV SAODVDSR RSAODV DSR RSAODV 120 120 Fig. 4: Performance comparison results for routing protocols
100 80 60 40 0

Delay

PDR

R EFERENCES

20 [1] E. Royer et al. A secure routing protocol for ad hoc networks. Technical

Energy per data is high when the number of nodes are increased in the network. AODV and DSR perform better in terms of energy required to send a packet when the network size is increased. Energy per data is higher for SAODV and R-SAODV protocols because of the additional processing and verication of cryptographic functions. D. Packet delivery ratio Packet delivery ratio is higher for AODV and DSR. However, SAODV and R-SAODV also have comparable packet delivery ratios. VII. CONCLUSION In view of the inherently insecure wireless environment, security in MANETs is of prime concern. Additional limitations such as node mobility, low power batteries and less bandwidth make it more difcult to develop secure protocols that are capable of providing effective security against routing attacks. We have evaluated the security aws of AODV and SAODV and demonstrated that SAODV is also vulnerable to certain types of replay attacks. We, therefore, proposed and implemented in ns-2 a modied SAODV protocol, which we call as the R-SAODV. The robust protocol is able to address the security aws of SAODV and allows to counter the replay attacks. Our results indicate that the network performance of SAODV is lower than that of AODV due to the use of encryption functions. However, SAODV and R-SAODV have similar performance, which implies that we are able to achieve more security with R-SAODV at marginal additional cost.

report, University of Massachusetts, Department of Computer Science, August 2001. 40 70 100 [2] 20E. M. Royer C. E. Perkins and S. R. Das. Ad hoc on demand distance vector Nodes (AODV) routing. Technical Report Draft-Ietf-Manet-AODV13.txt, IETF Internet Draft, MANET Working Group. [3] I. Chlamtac, M. Conti and J. N. Liu. Mobile ad hoc networking: Imperatives and challenges. In Ad Hoc Networks, pages 1364, 2003. [4] B. Kannhavong et al. A survey of routing attacks in mobile ad hoc networks. In Security in Wireless Ad hoc and Sensor Networks. IEEE Wireless Communications, October 2007. [5] S. Sreepathi et al. A survey paper on security issues pertaining to ad hoc networks. Technical Report, North Carolina State University, Department of Computer Science, CSC 574 Information Systems Security. [6] M. K. Jeya Kumar and R. S. Rajesh. Performance analysis of MANET routing protocols in different mobility patterns. International Journal of Wireless Networks and Communications, 1(1):2941, 2009. [7] W. Li and A. Joshi. Security issues in mobile ad hoc networks - A survey. Technical report, Department of Computer Science and Electrical Engineering, University of Maryland, Baltimore County. [8] The network simulator. -ns2. http://www.isi.edu/nsnam/ns/. [9] P. Ning and K. Sun. How to misuse AODV: A case study of insider attacks against mobile ad hoc routing protocols. In IEEE Systems, Man and Cybernetics Society Information Assurance Workshop, pages 6067, June 2003. [10] P. Papadimitratos and Z. J. Haas. Secure routing for mobile ad hoc networks. In SCS Communication Networks and Distributed Systems Modeling and Simulation Conference, January 2002. [11] L. Qian, N. Song and X. Li . Detecting and locating wormhole attacks in wireless ad hoc networks through statistical analysis of multi-path. In IEEE Wireless Communication and Networking Conference, 2005. [12] S. Ramanthan and M. Steenstrup. A Survey of Routing Techniques for Mobile Communication Networks. Mobile Networks and Applications, 1996. [13] A. Perrig Y. C. Hu and D. Johnson. Ariadne: A secure on demand routing protocol for ad hoc networks. Technical Report Technical Report TR01-383, Rice University, December 2001. [14] Y. Lin et al. Experimental comparisons between SAODV and AODV routing protocols. Workshop on Wireless Multimedia Networking and Computing, 2005. [15] M. G. Zapata and N. Asokan. Securing ad hoc routing protocols. In WISE, September 2002. [16] Y. C. Hu, D. Johnson, and A. Perrig SEAD: Secure Efcient Distance Vector Routing For Mobile Wireless Ad Hoc Networks. In Fourth IEEE Workshop on Mobile Computing Systems and Applications, 2002. [17] S. Yi, Prasad and R. Kravets Security aware routing protocol. IEEE Network Security Conference. [18] Y. C. Hu, A. Perrig, and D. Johnson Wormhole Attacks in Wireless Networks. IEEE JSAC. 2(24), 2006

41