Defending against Wormhole Attack in MANET Using an Artificial Immune System

MANETs are mobile networks that are spontaneously deployed over a geographically limited area without requiring any pre-existing infrastructure. Typically, nodes are both autonomous and self-organized without requiring a central administration or a fixed network infrastructure. Due to their distributed nature, MANET is vulnerable to a specific routing misbehavior, called wormhole attack. In a wormhole attack, one malicious node tunnels packets from its location to the other malicious node. Such wormhole attacks result in a false route with fewer hop count. If the source node follows this fake route, malicious nodes have the option of delivering the packets or dropping them. This article aims at removing these attacks. For this purpose, it investigates the use of an Artificial Immune System (AIS) to defend against wormhole attack. The proposed approach learns rapidly how to detect and bypass the wormhole nodes without affecting the overall performance of the network. The proposed approach is evaluated in comparison with other existing solutions in terms of dropped packet count, packet loss ratio, throughput, packet delivery ratio, and end-to-end delay. A simulation result shows that the proposed approach offers better performance than other schemes defending against the wormhole attack.     

A modified AODV protocol for preventing blackhole attack in MANETs

Wireless Mobile Ad-Hoc Networks (MANETs) are infrastructure-less networks commonly used for dynamic connection between nodes. These networks work without any external router for maintaining the connection and the nodes themselves behave like a router. Ad-Hoc On Demand Distance Vector (AODV) routing is a widely used protocol for managing communications between the mobile nodes. A blackhole attack is one in which the nodes create a false route through them and then perform malicious activities on the transmitted packets. This paper presents a modification of the existing AODV routing protocol to prevent blackhole attacks in MANETs in an erratic terrain with a high probability of packet loss. A mathematical proof is given to confirm the effectiveness of the proposed algorithm with respect to the previous solution in the literature.     

Improving routing distance for geographic multicast with Fermat points in mobile ad hoc networks

In mobile ad hoc networks (MANETs), each node has the ability to transmit, receive, and route packets, and also moves through the field either randomly or in accordance with a pre-planned route. For enhancing the performance of MANETs, reducing the routing distance is a primary concern. For either ad hoc or static networks, the problem of minimizing the overall routing distance during multicasting is NP-complete. Therefore, it is difficult to determine an optimal solution. This paper presents an efficient geographic multicast protocol, designated as GMFP, based on the use of Fermat points. The objective of GMFP is to improve the overall routing distance for multicast tasks. Through a series of simulations, it is shown that GMFP outperforms the conventional Position-Based Multicast protocol and FERMA protocol in terms of the total routing distance, the packet transmission delay, the packet delivery ratio, and the node energy consumption. The performance improvements provided by GMFP are apparent as the scale of the network topology increases.     

HiMAC:一种用于消息认证和加密的分层安全协议

为检测并阻止恶意节点伪装成新的可信节点攻击移动自组织网络,该文提出了一种用于消息认证和加密的分层安全协议(HiMAC)。该协议将分层消息认证码用于保护移动Ad-Hoc网络中的数据传播。在源和目标之间的由中间节点转发分组时动态地计算可信路由,在每个中间节点对数据包进行签名和加密,防止攻击者篡改数据包或修改其跳数,实现数据可信传输。在NS2模拟器中,运用Crypto++库中的RSA算法对HiMAC进行测试。结果表明:HiMAC可以检测和阻止对MANET节点和数据包的攻击;与原有的A-SAODV安全机制相比,HiMAC平均跳数减少了47.1%,平均队列长度减小了35.5%,节点数据包数量降低2.5倍,其性能明显优于A-SAODV。尽管HiMAC的密码操作给路由协议带来了额外的开销,但由于HiMAC采用基于信任机制动态建立安全路由,使得节点能够动态地选择路径上的下一个节点,不必始终保持安全路由,使得HiMAC中的增减开销可以相互抵消达到平衡。     

Link stability based multicast routing scheme in MANET

The group-oriented services are one of the primary application classes that are addressed by Mobile Ad hoc Networks (MANETs) in recent years. To support such services, multicast routing is used. Thus, there is a need to design stable and reliable multicast routing protocols for MANETs to ensure better packet delivery ratio, lower delays and reduced overheads. In this paper, we propose a mesh based multicast routing scheme that finds stable multicast path from source to receivers. The multicast mesh is constructed by using route request and route reply packets with the help of multicast routing information cache and link stability database maintained at every node. The stable paths are found based on selection of stable forwarding nodes that have high stability of link connectivity. The link stability is computed by using the parameters such as received power, distance between neighboring nodes and the link quality that is assessed using bit errors in a packet. The proposed scheme is simulated over a large number of MANET nodes with wide range of mobility and the performance is evaluated. Performance of the proposed scheme is compared with two well known mesh-based multicast routing protocols, i.e., on-demand multicast routing protocol (ODMRP) and enhanced on-demand multicast routing protocol (EODMRP). It is observed that the proposed scheme produces better packet delivery ratio, reduced packet delay and reduced overheads (such as control, memory, computation, and message overheads).     

一种基于邻居信任评估的虫洞防御机制

移动adhoc网是一种新型无线移动网络,具有无中心、自组织、拓扑结构变化频繁以及开放式通讯信道等特性,因此adhoc网络下的路由协议所面临的安全问题比有线网环境中更为严重。虫洞攻击就是其中的一种,能够对adhoc网络产生致命的影响。在这种攻击下,网络的路由机制将会紊乱,特别是那些依赖通过接收对方的广播报文进行邻居探测的路由协议。本文首先从虫洞形成的根源上入手,重新定义了邻居的概念,强调了邻居作为节点信息转发第一站的功能。然后根据邻居定义,引入简化的Marsh信任模型,将邻居的以往表现作为信任评估的经验来源,再通过具体公式对邻居关系做出判定。在具体的路由过程中,节点根据信任评估值选取高可信度的邻居作为下一跳的转发节点,从而避免虫洞攻击的危害。为了验证方法的可行性,本文将模型应用于OLSR路由协议中并在NS2中进行了仿真。     

无线传感器网络中的虫洞攻击防护机制

虫洞攻击能够随意制造“热点”区域以加速消耗特定区域能量,对依赖连接的无线传感器网络来说影响最大：直接导致获得的数据混乱,结果远远偏离实际情况。现有的措施虽然有一定的抵御作用,但是它们仍然存在很多不足。针对这种情况,提出了基于信誉认证的虫洞攻击抵御机制,利用了自反馈的信誉认证机制,不需要任何额外硬件。仿真实验结果表明,基于信誉认证的虫洞抵御机制能够有效地抵御无线传感器网络中各种类型的虫洞攻击。     

一种新颖的移动自组网灰洞攻击检测方案

移动自组网(mobile ad hoc networks,MANETs)是典型的分布式网络,没有集中式的管理节点,网络拓扑动态变化,而且网络带宽有限.移动自组网无网络基础设施的特点,使其易于受到各种拒绝服务攻击(denial of service,DoS).灰洞攻击是一种类型的拒绝服务攻击,攻击者在网络状态良好的情况下,首先以诚实的方式参与路由发现过程,然后以不被察觉的方式丢弃部分或全部转发数据包.首先介绍了相关工作、DSR算法、聚合签名算法和网络模型.然后基于聚合签名算法,给出了用于检测丢包节点的3个相关算法:证据产生算法、审查算法和诊断算法.证据产生算法用于节点产生转发证据;审查算法用于审查源路由节点;诊断算法用于确定丢包节点.最后分析了算法的效率.ns-2仿真结果表明,在移动速度中等的网络中,提出的算法可以检测出多数丢包节点,且路由包开销较低.舍弃含丢包节点的路由后,数据发送率有相应的改善.     

Traceback in wireless sensor networks with packet marking and logging

In a hostile environment, sensor nodes may be compromised and then be used to launch various attacks. One severe attack is false data injection which is becoming a serious threat to wireless sensor networks. An attacker uses the compromised node to flood the network and exhaust network resources by injecting a large number of bogus packets. In this paper, we study how to locate the attack node using a framework of packet marking and packet logging. We propose a combined packet marking and logging scheme for traceback (CPMLT). In CPMLT, one packet can be marked by up to M nodes, each node marks a packet with certain probability. When one packet is marked by M nodes, the next marking node will log this packet. Through combining packet marking and logging, we can reconstruct the entire attack path to locate the attack node by collecting enough packets. In our simulation, CPMLT achieves fast traceback with little logging overhead.     

Securing DSR against wormhole attacks in multirate ad hoc networks

A wormhole attack is one of the hardest problems to detect whereas it can be easily implanted in any type of wireless ad hoc network. A wormhole attack can easily be launched by the attacker without having knowledge of the network or compromising any legitimate nodes. Most existing solutions either require special hardware devices or make strong assumptions in order to detect wormhole attacks which limit the usability of these solutions. In this paper, we present a security enhancement to dynamic source routing (DSR) protocol against wormhole attacks for ad hoc networks which relies on calculation of round trip time (RTT). Our protocol secures DSR against a wormhole attack in ad hoc networks for multirate transmissions. We also consider the processing and queuing delays of each participating node in the calculation of RTTs between neighbors which to date has not been addressed in the existing literature. This work provides two test cases that show that not taking multirate transmission into consideration results in miss identifying a wormhole attack.     

Malicious node prevention and mitigation in MANETs using a hybrid security model

Mobile ad-hoc network (MANET) has got tremendous success and attention due to its self-maintenance and self-configuration properties or behavior. Based on wired and wireless networks, the network topology of MANETs changes rapidly by means of routing attacks. Hence, providing security to this infrastructure-less network is a major issue. The routing protocols for ad-hoc networks cope well with the dynamically changing topology but are not designed to accommodate defense against malicious attacker. Malicious nodes have opportunities to modify or discard routing information or advertise fake routes to attract user data to go through themselves. In this article, we discuss a hybrid technique using anonymity, one-way trapdoor protocol, hash functions, and elliptic curve cryptographic to mitigate attacks in the MANET. The simulation is carried on NS-2 and the simulation results are dissected on different system execution measurements, for example, packet send and received, packet dropped, average network throughput, end-to-end delay, and packet delivery ratio.     

Prevention of Black Hole Attack in Multicast Routing Protocols for Mobile Ad-Hoc Networks Using a Self-Organized Public Key Infrastructure

ABSTRACT

A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2.     

Ad Hoc网络中的虫洞攻击与检测方法研究

虫洞攻击是一种针对移动自组织网络路由协议的攻击,一般是至少由两个节点进行合谋的协同攻击。攻击节点之间通过虫洞攻击能够大量吸引数据包,从而达到控制网络的目的。基于按需距离矢量路由协议,根据移动自组织网络中的虫洞攻击原理,采用NS2仿真平台,通过对按需距离矢量路由协议的修改,对虫洞攻击进行了仿真,并且分析了虫洞攻击对网络性能参数的影响。根据虫洞攻击特性,设计了三种攻击检测方法:地理位置定位、邻居信任检测以及邻居监听。将这三种方法在NS2中仿真,验证了其可行性。     

Neighbor supported reliable multipath multicast routing in MANETs

The limited battery power, unpredictable mobility and large variation of received signal strength in nodes of Mobile Ad Hoc Networks (MANETs) create link and node vulnerability and instability. Multicast routing in MANETs for group communication requires the establishment of reliable links between neighboring nodes called as reliability pair beginning from the source and extending such reliability pairs enroute to the destination. We propose a scheme for Multipath Multicast Routing in MANETs using reliable Neighbor Selection (MMRNS) mechanism. A mesh of multipath routes are established from source to multicast destinations using neighbors that have high reliability pair factor. MMRNS operates in the following phases. (1) Computation of reliability pair factor based on node power level, received differential signal strength between the nodes and mobility. (2) Pruning neighbor nodes that have reliability pair factor smaller than a threshold. (3) Discovery of multipath multicast mesh routes with the help of request and reply packets. (4) Multipath priority assignment based on minimum value of reliability pair factor of a path and information transfer from source to the multicast destinations and (5) route maintenance against link/node failures. The scheme is simulated to evaluate the performance parameters like packet delivery ratio, memory overhead, message overhead, control overhead and packet delays in comparison to the mesh based multicast routing protocols such as On-demand Multicast Routing Protocol (ODMRP) and Enhanced ODMRP (EODMRP). MMRNS performs better than ODMRP and EODMRP as observed from the simulation results.     

Detection of wormhole attacks in multi-path routed wireless ad hoc networks: A statistical analysis approach

Various routing attacks for single-path routing have been identified for wireless ad hoc networks and the corresponding counter measures have been proposed in the literature. However, the effects of routing attacks on multi-path routing have not been addressed. In this paper, the performance of multi-path routing under wormhole attack is studied in detail. The results show that multi-path routing is vulnerable to wormhole attacks. A simple scheme based on statistical analysis of multi-path (called SAM) is proposed to detect such attacks and to identify malicious nodes. Comparing to the previous approaches (for example, using packet leash), no special requirements (such as time synchronization or GPS) are needed in the proposed scheme. Simulation results demonstrate that SAM successfully detects wormhole attacks and locates the malicious nodes in networks with different topologies and with different node transmission range. Moreover, SAM may act as a module in local detection agents in an intrusion detection system (IDS) for wireless ad hoc networks.     

MimiBS: Mimicking Base-Station to Provide Location Privacy Protection in Wireless Sensor Networks

In a wireless sensor network (WSN), sink node/base station (BS) gathers data from surrounding nodes and sends them to a remote server via a gateway. BS holds important data. Therefore, it is necessary to hide its location from an inside/outside attacker. Providing BS location anonymity against a local and global adversary, we propose a novel technique called MimiBS “Mimicking Base-Station”. The key idea is the integration of aggregator nodes (ANs) with sensor nodes (SNs), while fine tuning TTL (time to live) value for fake packets, and setting some threshold value for real packet counter rpctr. MimiBS creates multiple traffic-hotspots (zones), which shifts the focus from BS to the newly created ANs hotspots. Multiple traffic-hotspots confuse the adversary while determining the real BS location information. We defend the BS location information anonymity against traffic analysis attack, and traffic tracing attack. MimiBS gives an illusion of having multiple BSs, and thus, if the attacker knows any about AN, he/she will be deceived between the real BS and ANs. MimiBS outperforms BLAST (base-station location anonymity and security technique), RW (random walk), and SP (shortest path), while conducting routing without fake packets, with fake packets, without energy consideration, and with energy consideration respectively.     

Performance evaluation of dynamic probabilistic broadcasting for flooding in mobile ad hoc networks

In mobile ad hoc networks (MANETs), flooding is a required message dissemination technique for network-wide broadcast. The conventional blind flooding algorithm causes broadcast storm problem, a high number of unnecessary packet rebroadcasts thus resulting in high contention and packet collisions. This paper proposes a new probabilistic approach that dynamically fine-tunes the rebroadcasting probability of a node for routing request packets (RREQs) according to the number of neighbour nodes. We evaluate the performance of the proposed approach for the ad hoc on demand distance vector (AODV) routing protocol and compared against the blind flooding, fixed probabilistic and adjusted probabilistic flooding [L.M.M.M. Bani-Yassein, M. Ould-Khaoua et al., Performance analysis of adjusted probabilistic broadcasting in mobile ad hoc networks, International Journal of Wireless Information Networks 13(2) (2006) 127–140; M.B. Yassein, M.O. Khaoua et al., Improving route discovery in on-demand routing protocols using local topology information in MANETs, Proceedings of the ACM international workshop on Performance Monitoring, Measurement, and Evaluation of Heterogeneous Wireless and Wired Networks, Terromolinos, Spain, ACM Press, 2006, pp. 95–99.] approaches. The simulation results show that our proposed approach demonstrates better performance than blind flooding, fixed probabilistic and adjusted flooding approaches.     

动态源路由协议(DSR)在Linux下的实现

动态源路由协议(DynamicSourceRoutingProtocol,DSR)是由移动节点组成的多跳无线AdHoc网络犤3,4犦中一种简单和行之有效的路由协议犤1犦。协议允许任一结点动态发现到达AdHoc网络中其它任意节点的路由,所有的路由信息由DSR自动地进行维护。每个DSR头部都携带了到达目的节点的完整的路由跃点列表(hoplist),中间节点只需简单地对分组进行转发即可。同时DSR协议完全按需(on-demand)的特性可以显著减少路由协议的开销,节省了电池能量,减少了分组冲突的概率并减少了潜在的大规模的路径更新信息的传播。使用DSR协议可以实现AdHoc网络的完全的自组织和自配置而无需任何已经存在的网络基础设施。论文详细论述了DSR路由协议在Linux操作系统下借助Netfilter的实现。     

On improving the efficiency of truthful routing in MANETs with selfish nodes

In Mobile Ad Hoc Networks (MANETs), nodes depend upon each other for routing and forwarding packets. However, nodes belonging to independent authorities in MANETs may behave selfishly and may not forward packets to save battery and other resources. To stimulate cooperation, nodes are rewarded for their forwarding service. Since nodes spend different cost to forward packets, it is desirable to reimburse nodes according to their cost so that nodes get incentive while the least total payment is charged to the sender. However, to maximize their utility, nodes may tell lie about their cost. This poses the requirement of truthful protocols, which maximizes the utility of nodes only when they declare their true cost. Anderegg and Eidenbenz recently proposed a truthful routing protocol, named ad hoc-VCG. This protocol incurs the route discovery overhead of O(n³), where n is the number of nodes in the network. This routing overhead is likely to become prohibitively large as the network size grows. Moreover, it leads to low network performance due to congestion and interference. We present a low-overhead truthful routing protocol for route discovery in MANETs with selfish nodes by applying mechanism design. The protocol, named LOTTO (Low Overhead Truthful rouTing prOtocol), finds a least cost path for data forwarding with a lower routing overhead of O(n²). We conduct an extensive simulation study to evaluate the performance of our protocol and compare it with ad hoc-VCG. Simulation results show that our protocol provides a much higher packet delivery ratio, generates much lower overhead and has much lower end-to-end delay.     

DIMH: A novel model to detect and isolate malicious hosts for mobile ad hoc network

Since route discovery based on broadcasting query packets is the basis of route protocol in ad hoc network, any node may compromise the routing protocol functionality by disrupting the route discovery process by modifying routing topology information, by fabricating false routing topology information and by impersonating other nodes. To solve the problem of security routing and ensure the right routing information, we present a novel model called DIMH to detect, isolate the malicious host and provide the integrity and authentication mechanism for routing information. Method of isolating malicious host and ensuring the right route information is that the i + 1 th malicious host is carried out by cooperation between the ith host and i + 2 th host. The model can validly detect attack from two colluding malicious hosts that cooperate to tamper with routing information. Our model guarantees that fabricated, compromised, or replayed route replies would either be rejected or never reach back the querying node.