Struggling against selfishness and black hole attacks in MANETs

Since mobile ad hoc networks (MANETs) are infrastructureless and multi‐hop by nature, transmitting packets from any node to another usually relies on services provided by intermediate nodes. This reliance introduces a new vulnerability; one node could launch a Black Hole DoS attack by participating in the routing protocol and including itself in routes, then simply dropping packets it receives to forward. Another motivation for dropping packets in self‐organized MANETs is resource preservation. Some solutions for detecting and isolating packet droppers have been recently proposed, but almost all of them employ the promiscuous mode monitoring approach (watchdog (WD)) which suffers from many problems, especially when employing the power control technique. In this paper we propose a novel monitoring approach that overcomes some WD's shortcomings, and improves the efficiency in detection. To overcome false detections due to nodes mobility and channel conditions we propose a Bayesian technique for the judgment, allowing node redemption before judgment. Finally, we suggest a social‐based approach for the detection approval and isolation of guilty nodes. We analyze our solution and asses its performance by simulation. The results illustrate a large improvement of our monitoring solution in detection versus the WD, and an efficiency through our judgment and isolation techniques as well. Copyright © 2007 John Wiley & Sons, Ltd.     

A cluster-based countermeasure against blackhole attacks in MANETs

Mobile ad hoc networks (MANETs) become more and more popular and significant in many fields. However, the important applications of MANETs make them very attractive to attackers. The deployment scenarios, the functionality requirements, and the limited capabilities of these types of networks make them vulnerable to a large group of attacks, e.g., blackhole attacks. In this paper, we propose a cluster-based scheme for the purpose of preventing blackhole attacks in MANETs. In our scheme, we firstly present a novel algorithm that employs a powerful analytic hierarchy process (AHP) methodology to elect clusterheads (CHs). Then CHs are required to implement the blackhole attacks prevention scheme to not only detect the existence of blackhole attacks but also identify the blackhole nodes. Simulation results show that our scheme is feasible and efficient in preventing blackhole attacks.     

Invincible AODV to detect black hole and gray hole attacks in mobile ad hoc networks

Today's communication world is majorly driven by mobile nodes that demand wireless systems for their data relay. One such network is mobile ad hoc network, which is a purely wireless network with which communication is feasible instantly without any aid of preexisting infrastructure; due to this magnificent feature, it has a wide variety of applications. Mobile ad hoc network hinges on cooperative nature of the mobile nodes for relaying data. But at the same time, nodes relaying data for others may compromise, leading to various security attacks. Two main security attacks that drastically bring down the performance of mobile ad hoc network are black hole and gray hole attacks. In this paper, we propose 2 versions of invincible Ad hoc On‐Demand Distance Vector protocol to detect black hole and gray hole nodes that have bypassed preventive mechanism during route discovery process. First is the basic version, which is based on node‐to‐node frame check sequence tracking mechanism, and second is the enhanced version, which is based on signed frame check sequence tracking mechanism. They create a deterrent environment addressing all kinds of black and gray hole attacks. They also provide reliable data transmission to all the nonmalicious nodes in the network by using end‐to‐end authentication mechanism. Simulation results show better performance in packet delivery ratio when compared with other contemporary solutions while addressing all kinds of black and gray hole attacks. It shows significant improvement in end‐to‐end delay and normalized routing load over Ad hoc On‐Demand Distance Vector under black hole or gray hole attacks and also shows better throughput and packet delivery ratio than the existing solution.     

A fuzzy logic and game theory based adaptive approach for securing opportunistic networks against black hole attacks

Opportunistic networks (OppNets) are networks that can be used in situations of sparse network connectivity. Strategies for implementing secure transmission of messages in OppNets offer complex and distinctive problems that are wholly different from traditional networks using TCP/IP protocols for data transmission. In this paper, a security protocol named FuzzyPT is proposed which combats black hole attacks in OppNets. The defense mechanism is based on the information extracted from messages in the buffer, potential threat (PT) messages, and fuzzy logic. Fuzziness aids the system in being adaptive by modeling the character of nodes as either benign or malicious. It provides the network with the ability to judge the character of nodes based on relationships between different parameters instead of basing this decision on fixed conditions. FuzzyPT is observed to reduce erroneous decision‐making and decrease the number of false positives and false negatives in the system. An evolutionary game theoretic model is applied, which analyzes the decision‐making ability of relays in choosing varied strategies while forwarding messages. The evolutionary stable state is computed for the protocol, which verifies the proposition that a majority of the relays will cooperate by forwarding messages. The efficiency of the protocol is judged on various grounds such as delivery probability, network overhead ratio, packets dropped, and transmission latency. It is observed that the proposed game theoretic protocol outperforms an existing acknowledge and evolutionary game theory–based security protocol in terms of all the aforementioned performance characteristics.     

Protection of MANETs from a range of attacks using an intrusion detection and prevention system

Mobile ad hoc networks (MANETs) are well known to be vulnerable to various attacks due to their lack of centralized control, and their dynamic topology and energy-constrained operation. Much research in securing MANETs has focused on proposals which detect and prevent a specific kind of attack such as sleep deprivation, black hole, grey hole, rushing or sybil attacks. In this paper we propose a generalized intrusion detection and prevention mechanism. We use a combination of anomaly-based and knowledge-based intrusion detection to secure MANETs from a wide variety of attacks. This approach also has the capability to detect new unforeseen attacks. Simulation results of a case study shows that our proposed mechanism can successfully detect attacks, including multiple simultaneous different attacks, and identify and isolate the intruders causing a variety of attacks, with an affordable network overhead. We also investigate the impact on the MANET performance of (a) the various attacks and (b) the type of intrusion response, and we demonstrate the need for an adaptive intrusion response.     

P-SIGMA : security aware paging in end-to-end mobility management scheme

Mobile users need to maintain end-to-end connections when changing subnets. Handoff across networks often causes delay and loss of packets and make end users vulnerable to security threats that may lead to disruptions. In this paper, we design P-SIGMA , a delay and security-hardened, disruption-tolerant and signalling cost-effective end-to-end mobility management scheme by incorporating paging in SIGMA , an internet protocol diversity-based end-to-end transport layer mobility management scheme. P-SIGMA can detect and mitigate disruptions against two most common security threats: session hijacking and freeloading. We also propose a signalling cost analysis model for paging and a recovery-time model for attacks. To demonstrate performance improvement, we compare P-SIGMA with SIGMA and show the speed at which P-SIGMA can detect attacks (security breaches). We observe that P-SIGMA has lower signalling than SIGMA while maintaining all the benefits of a transport layer mobility management scheme. P-SIGMA can also detect paging related security threats with a small detection time without incurring any additional signalling.     

抗DoS攻击的多用户传感器网络广播认证方案

在vBNN-IBS签名基础上提出了一种抗DoS攻击的多用户传感器网络广播认证方案DDA-MBAS,利用散列运算及用户信息进行虚假数据过滤。与现有的多用户传感器网络广播认证方案相比,DDA-MBAS在抵抗节点妥协攻击、主动攻击的基础上,以较低的能耗过滤虚假消息并有效地限制了妥协用户发起的DoS攻击及共谋攻击的安全威胁。     

Secure communication in internet environments: a hierarchical keymanagement scheme for end-to-end encryption

A hierarchical approach for key management is presented which utilizes the existing network specific protocols at the lower levels and protocols between authentication servers and/or control centers of different networks at the higher levels. Details of this approach are discussed for specific illustrative scenarios to demonstrate the implementation simplicity. A formal verification of the security of the resulting system in the sense of protecting the privacy of privileged information is also conducted by an axiomatic procedure utilizing certain combinatory logic principles. This approach is general and can be used for verifying the security of other existing key management schemes     

A modified algorithm to improve security and performance of AODV protocol against black hole attack

Ad Hoc network is a temporal network which is managed by autonomous nodes which have the ability to communicate with each other without having fixed network infrastructure or any central base station. Due to some reasons such as dynamic changes of the network topology, trusting the nodes to each other, lack of fixed substructure for the analysis of nodes’ behaviours and loss of specific offensive lines, this type of networks is not supportive against malicious nodes’ attacks. One of these attacks is black hole attack. In this attack, the malicious nodes absorb data packets and destroy them. Thus, it is essential to present an algorithm against the black hole attacks. This article suggests a new algorithm which enhances the security of AODV routing protocol to encounter the black hole attacks. This algorithm tries to identify malicious nodes according to nodes’ behaviours in an Ad Hoc network and delete them from routing. The suggested algorithm is simulated by NS2. The simulation results show some improvements in end-to-end delay and packet delivery rate in the suggested algorithm.     

Secure and efficient scheme for fast initial link setup against key reinstallation attacks in IEEE 802.11ah networks

IEEE 802.11ah is a recently released IEEE standard to specify a wireless communication system with a long‐range, low‐power, and low data transmission rate over smart devices used in Internet of Things (IoT) systems. This new standard belongs to IEEE 802.11 wireless local area networks (WLANs) protocol family. It requires lightweight protocols to support the low‐power and low‐latency features of the IoT devices. On the other hand, an upcoming solution of fast initial link setup (FILS) specified by IEEE 802.11ai standard is a brand‐new approach aiming to establish fast and secure links among devices in WLANs to meet this new demand. It is natural and feasible to apply it to the 802.11ah networks to support massively deployed wireless nodes. However, security concerns on the link connection by the FILS scheme have not been fully eliminated, especially in the authentication process. It has been explored that a type of recently revealed malicious attack, key reinstallation attack (KRA) might be a threat to the FILS authentication. To prevent the success of the KRAs, in this paper, we proposed a secure and efficient FILS (SEF) protocol as the optional substitute of the FILS scheme. The SEF scheme is designed to eradicate potential threats from the KRAs without degrading the network performance.     

Effective allied network security system based on designed scheme with conditional legitimate probability against distributed network attacks and intrusions

Dependence on the Internet is increasing dramatically. Therefore, many researchers have given great attention to the issue of how to tighten Internet security. This study proposes a new scheme for the distributed intrusion prevention system (DIPS), in which the concept of ‘union’ is presented for satisfying the increasing requirements of Internet security issues. In this proposed design, the network intrusion detection system (NIDS) applies a misuse detection technique to detect well‐known intrusion behavior on the Internet. Meanwhile, for anomaly detection technique, a tool named ‘Scent’ (a network traffic sniffer) is combined with conditional legitimate probability to reveal previously undiscovered intrusion packets that do not match the intrusion signatures in NIDS. Moreover, blocking distributed denial‐of‐service (DDoS) attacks inside the protected allied network is also covered. To increase the detection accuracy, reduction of false positives and false negatives is also accomplished. Experimental results reveal that the suggested network security system scheme is effective and efficient in resolving the intrusion activity problem of real network environments. Copyright © 2011 John Wiley & Sons, Ltd.     

SeRWA: A secure routing protocol against wormhole attacks in sensor networks

A wormhole attack is particularly harmful against routing in sensor networks where an attacker receives packets at one location in the network, tunnels and then replays them at another remote location in the network. A wormhole attack can be easily launched by an attacker without compromising any sensor nodes. Since most of the routing protocols do not have mechanisms to defend the network against wormhole attacks, the route request can be tunneled to the target area by the attacker through wormholes. Thus, the sensor nodes in the target area build the route through the attacker. Later, the attacker can tamper the data, messages, or selectively forward data messages to disrupt the functions of the sensor network. Researchers have used some special hardware such as the directional antenna and the precise synchronized clock to defend the sensor network against wormhole attacks during the neighbor discovery process. In this paper, we propose a Secure Routing protocol against wormhole attacks in sensor networks (SeRWA). SeRWA protocol avoids using any special hardware such as the directional antenna and the precise synchronized clock to detect a wormhole. Moreover, it provides a real secure route against the wormhole attack. Simulation results show that SeRWA protocol only has very small false positives for wormhole detection during the neighbor discovery process (less than 10%). The average energy usage at each node for SeRWA protocol during the neighbor discovery and route discovery is below 25 mJ, which is much lower than the available energy (15 kJ) at each node. The cost analysis shows that SeRWA protocol only needs small memory usage at each node (below 14 kB if each node has 20 neighbors), which is suitable for the sensor network.     

Blind MPEG-2 video watermarking robust against geometric attacks: a set of approaches in DCT domain.

A set of robust MPEG-2 video watermarking techniques is proposed, focusing on commonly used typical geometric processing for bit-rate reduction, cropping, removal of any rows, arbitrary-ratio downscaling, and frame dropping. Both the embedding and the extraction of watermarks are done in the compressed domain, so the computational cost is low. Moreover, the watermark extraction is blind, i.e., no original unwatermarked MPEG-2 video is needed for watermark extraction. The presented technique is applicable not only to MPEG-2 video, but also to other DCT-based coding videos. Selected experimental results validate our techniques.     

Tunneling techniques for end-to-end VPNs: generic deployment in an optical testbed environment

Service providers today are constantly seeking to offer multiple services on a single common infrastructure. For instance, it is desirable sometimes to provide transport services transparently to data traffic encapsulated over different network layers. Tunneling is a technique for encapsulating a packet or frame within another packet of the same or a different network layer. One of the motivations for tunneling is bridging various heterogeneous networks that use different protocols for communication. Tunneling is also used for providing private and secure communications over a publicly shared network. This article investigates the interactions between different tunneling technologies in order to provide end-to-end virtual connectivity to end clients. Particularly, the article describes the technical details of the implementation of various layer 2 tunneling techniques - such as L2TP, GRE, and MPLS-based tunnels - in order to establish an end-to-end virtual connection service as a concatenation of services offered by the different network domains along the path between end users.     

SenLeash：一种无线传感器网络虫洞攻击约束防御机制

针对邻居发现或路由发现阶段可能受到虫洞攻击的问题,提出了一种约束防御机制SenLeash,通过限制消息传输的距离来防御虫洞攻击。SenLeash依赖2个因子：每个节点到初始基站的距离和一个精选的接收距离阈值。基于接收信号强度RSSI,提出了一种nRSSI测量方法,在网络初始化阶段用来测量每个节点到初始基站的距离。基于每个节点的接收概率和MAC层的最大重传次数,对接收距离阈值的选择方法进行了研究。实验结果表明,SenLeash可有效减少由虫洞攻击导致的虚假邻居节点个数和无效回复消息个数。     

Non deterministic caches: a simple and effective defense against side channel attacks

Side channel cryptanalysis has received significant attention lately, because it provides a low-cost and facile way to reveal the secret information held on a secure computing system. One particular type of side channel attacks, called cache-based side channel attacks, aims to deduce information about the state of a cryptographic algorithm or its key by observing the data-dependent behavior of a microprocessor’s cache memory. These attacks have been proven successful and very hard to protect against. In this paper, we introduce the use of the Cache Decay approach as an aid to guard against cache-based side channel attacks. Cache Decay controls the lifetime (called decay interval) of the cache items and was initially proposed for cache power leakage savings. By randomly selecting the decay interval of the cache, we actually create caches with non-deterministic behavior in regard to their statistics. Thus, as we demonstrate, multiple runs of the same algorithm (performing on the same input) will result in different cache statistics, defending against the attacker and reinforcing the protection offered by the system. In our work, we use a cycle-based processor simulator, enhanced with the required modifications, in order to evaluate our proposal and show that our technique can be used effectively to protect against cache-based side channel attacks.     

Electronic protection and routing optimization of MANETs operating in an electronic warfare environment

Domination of the electromagnetic spectrum is a crucial component of the 21st century warfare. In the harsh electromagnetic environment of the modern battlefield, it is of the utmost importance to deny the opposing force the opportunity to attack or exploit the detection/interception of friendly communications assets through the deployment of electronic protection (EP) measures in order to attain low probability of detection (LPD), low probability of interception (LPI) and anti-jam (A/J). Given that directional antennas are a suitable means to achieve both extended range and LPD/LPI, this paper proposes mechanisms to optimize the trade-off between these capabilities, minimizing the number of hops and end-to-end delay when routing packets in a multi-hop ad-hoc network, while taking into account stealth requirements. The novel scheme is based on a variant of Fisheye State Routing, coupled with a power control algorithm to guarantee a LPD/LPI beyond the zone covered by the omni-directional radiation footprint of the network. The performance of the proposed scheme is evaluated through computer simulation.     

An EDRI-based approach for detecting and eliminating cooperative black hole nodes in MANET

Mobile Ad hoc Network (MANET) is a self-configurable, self-maintenance network with wireless, mobile nodes. Special features of MANET like dynamic topology, hop-by-hop communications and open network boundary, made security highly challengeable in this network. From security aspect, routing protocols are highly vulnerable against a wide range of attacks like black hole. In black hole attack malicious node injects fault routing information to the network and leads all data packets toward it-self. In this paper, we proposed an approach to detect and eliminate cooperative malicious nodes in MANET with AODV routing protocol. A data control packet is used in order to check the nodes in selected path; also, by using an Extended Data Routing Information table, all malicious nodes in selected path are detected, then, eliminated from network. For evaluation, our approach and a previous work have been implemented using Opnet 14 in different scenarios. Referring to simulation results, the proposed approach decreases packet overhead and delay of security mechanism with no false positive detection. In addition, network throughput is improved by using the proposed approach.     

SRDPV: secure route discovery and privacy-preserving verification in MANETs

In the routing discovery phase of the Mobile Ad hoc Networks (MANETs), the source node tries to find a fast and secure path to transmit data. However, the adversaries attempt to get the rights of routing during this phase ,then the networks can easily be paralyzed during the data transmission phase. During the routing discovery phase, finding a good path is already a challenge and verifying the security of the established path without revealing any privacy of the nodes adds a new dimension to the problem. In this paper, we present SRDPV, an approach that helps the source find the benign destination dynamically and conducts privacy-preserving verification of the path. Our approach first finds the benign destination. Then, it spreads the verification tasks across multiple nodes and verifies the log entries without revealing private data of the nodes. Unlike the traditional debugging system to detect the faults or misbehaviors of the nodes after the attacks, SRDPV can guarantee the source to avoid transmitting data through malicious nodes at the beginning and perform the verification without introducing a third party. We demonstrate the effectiveness of the approach by applying SRDPV in two scenarios: resisting the collaborative black-hole attack of the AODV protocol and detecting injected malicious intermediated routers which commit active and passive attacks in MANETs. We compared our approach with the existing secure routing algorithms and the results show that our approach can detect the malicious nodes, and the overhead of SRDPV is moderate.