Documente Academic
Documente Profesional
Documente Cultură
com
1. Intr d!ct" n:
#$%&! is a self configuring network of mobile nodes connected by wireless links the union of which forms an arbitrary topology. "n recent years mobile ad hoc networks (#$%&!s) have received
tremendous attention because of their self configuration and self maintenance capabilities. 'hile research effort assumed a friendly and cooperative environment and focused on problems such as wireless channel access and multihop routing* security has become a primary concern in order to provide protected communication between nodes in a potentially hostile environment. $lthough security has long been an active research topic in networks, the unique characteristics of
%etwork operation can be easily jeopardi0ed if countermeasures are not embedded into their design. T s$c!r$ an ad ' c n$t+ r,0 t'$ * (( +"n) attr"b!t$s /a. b$ c ns"d$r$d: $vailability
B A
E E Gateway
1 Stand-alone MANET
After one of the nodes is configured as a gateway, the entire network is connected to an external network like Internet
#. Pr$s$ntat" n !t%!t:
#obile ad hoc networks -verview. +hallenges in Securing #$%&!S. -ngoing .esearch in securing #$%&!S. +onclusion.
wormhole
wormhole link can be established by a variety of means, e.g., by using a Ethernet cable, a long-range wireless transmission, or an optical link. Once the wormhole link is established, the adversary captures wireless transmissions on one end, sends them through the wormhole link and replays them at the other end.
monitoring, sensing etc. But being a broadcast offers an medium, innate wireless advantage medium to any An example is shown in the above figure. Here X and Y are the two end-points of the wormhole link (called as wormholes). X replays in its
adversary who intends to spy in or disrupt the network. Wormhole attacks are one of most easy to deploy for such an
disruption. They can also spy on the packets going through and use the large amount of collected information to break any network security. The wormhole attack will also affect connectivity-based localization algorithms and protocols based on localization, like geographic routing, will find many inconsistencies disruption. "n a wormhole attack a malicious node can record packets (or bits) at one location in the network and tunnel then to another location through a private network shared with a colluding malicious node .#ost e,isting ad hoc routing protocols would be unable to find consistent routes to any destination. 'hen an attacker forwards only routing control messages and not data packets, communication may be severely damaged.
$ormhole Attacks
#ost packets will be routed to the wormhole. !he wormhole can drop packets or more subtly, selectively forward packets to avoid detection.
2. SOLUTIONS
TO
resulting
in
further
network
WORMHOLE
ATTACKS
AND
COUNTERMEASUREMENTS1 "n an ad hoc network, several researchers have worked on pretending and detecting wormhole attacks specifically. "n section $ we discuss a technique called 2packet leashes3, which allows preventing packets from traveling farther than radio transmission range. "n section 4 e,plain about wormhole prevention methods that rely on .ound !rip message !ime (.!!). 5inally, in section + we discuss wormhole detection or prevention techniques suitable for only particular kinds of networks and in / discuss summary of wormhole discovery methods. 4.1. Packet leashes 6acket 7eash is a mechanism to detect and defend against wormhole attacks. !he mechanism proposes two types of leashes for this purpose1 8eographic and !emporal. "n 8eographic 7eashes, each node knows its precise position and all nodes have a loosely synchroni0ed clock. &ach node, before sending a packet, appends its current position and transmission time to it. !he receiving node, on receipt of the packet, computes the distance to the sender and the
3.
On) "n)
R$s$arc'
"n
S$c!r"n)
MANETs% 3.1. S$c!r$ r$/ t$ %ass+ rd %r t c ( O-$r-"$+ !he S.6 protocol has a number of desirable properties1 it allows a user to authenticate himself to a server, it is resistant to dictionary
attacks
encrypted with a local key at one end of the network can not be decrypted at another end. 7a0os proposes to use hashed messages from 7$8%s to detect wormholes during the key establishment. $ node can detect certain inconsistencies in messages from different 7$8%s if a wormhole is present. 'ithout a wormhole, a node should not be able to hear two 7$8%s that are far from each other, and should not be able to hear the same message from one guard twice. Ghalil et al propose a protocol for wormhole attack discovery in static networks they call 7ite'orp. "n 7ite'orp, once deployed, nodes obtain full two hop routing information from their neighbours. 'hile
does not require a trusted third party. "t effectively conveys a 0ero knowledge password
proof
password can be guessed at per attempt in revision ; of the protocol. -ne of the interesting properties of the protocol is that even if one or two of the cryptographic primitives it uses are attacked, it is still secure. !he S.6 protocol has been revised several
www.1000projects.com www.fullinterview.com www.chetanasprojects.com times, and is currently at revision si,. !he S.6 protocol creates a large private key shared between the two parties in a manner similar to /iffie Fellman, and then verifies to both parties that the two keys are identical and that both sides have the userHs password. "n cases where encrypted communications as well as authentication are required, the S.6 protocol is more securing than the alternative
SSF
intermediate node can remove a previous node in node list in the ..&J or ..&6 messages. $.$% secure routing protocol (conceived as an on demand routing protocol) that detects and protects against malicious actions carried out by third parties and peers in the ad hoc environment. "t introduces authentication, message integrity and non-re"udiation as part of a minimal security policy for the ad hoc environment. +onsists of a preliminary certification process, a mandatory end to end authentication stage and an optional second stage that provides secure shortest paths.
protocol and faster than using /iffie with signed messages. "t is also
Fellman
independent of third parties, unlike Gerberos. !he S.6 protocol, version > is described in
.5+ =I?A.
S.6 version ; is also used for strong 3.#. D$a("n) +"t' S$(*"s' and Ma("c" !s N d$s:
+-%5"/$%! (+ooperation -5 %odes, 5airness in dynamic ad hoc by means of combined monitoring and reporting and establishes routes by avoiding misbehaving nodes "t is designed as an e,tension to a routing protocol such as /S.. $nother approach is a !oken based +ooperation &nforcement Scheme that requires each node of the token in order to operations. !okens ad hoc networks to hold a in the to network a node are granted participate
password authentication in SS79!7S and other standards such as &$6 and S$#7, and is being standardi0ed in "&&& 61>;> and "S-9"&+ 11EE0 ?. !he Secure &outing !rotocol (S.6) is designed as an e,tension compatible with a variety of e,isting reactive routing protocols. S.6 combats attacks that disrupt the route discovery process and guarantees the acquisition of correct topological information. $."$/%& ($ Secure .outing 6rotocol based on /S.) guarantees that the target node of a route discovery process can authenticate the initiator. !he initiator can in turn authenticate each intermediate node on the path to the destination present in the ..&6 messages. %o www.1000projects.com www.fullinterview.com www.chetanasprojects.com
collaboratively by its neighboring based on the monitoring of the node3s contribution to packet forwarding and routing operations. Upon e,piration of the token, each node renews its token through a token renewal e,change with its neighbors.
3.&.
K$.
/ana)$/$nt
and
N d$
A!t'$nt"cat" n:
6rogram. 7anguages, Ool. ?, no. >, pp. >B= ?01, Luly 1IB=. :?< 7. Khou and K.L. Faas, MSecuring $d Foc %etworks,N "&&& %etwork #aga0ine, vol. 1>, no.;, %ovember9/ecember 1III. :A< 5. Stajano and .. $nderson, M!he .esurrecting /uckling1 Security "ssues for $d Foc 'ireless %etworks,N Security 6rotocols, Eth "nternational 'orkshop, 7%+S, Springer Oerlag, 1III. :;< "&&& Std. B0=.11, M'ireless 7$% #edia $ccess +ontrol (#$+) and 6hysical 7ayer (6FP) Specifications,N 1III. :E< .. Kucceratto, and +. $dams, MUsing &lliptic +urve /iffie Fellman in the S6G# 8SS $6",N "nternet /raft, "&!5, $ug. :B< /. 4. Lohnson et al, M!he /ynamic Source .outing 6rotocol for #obile $d Foc %etworks,N "nternet /raft, "&!5 #$%&! 'orking 8roup, #arch =nd, =001. :I< Grawc0yk, F., 4ellare, #., and .. +anetti, QF#$+1 :10< %. Geyed Fashing $sokan, 6. for #essage MGey $uthentication,Q .5+ =10?, 5ebruary 1IIE. 8in0boorg, $greement in $d Foc %etworks,N +omputer +ommunications => (1E)1 1;=E 1;>E %ov. 1 =000.
4. C nc(!s" n%
Security of ad hoc networks has recently gained momentum in the research community /ue to the open nature of ad hoc networks and their inherent lack of infrastructure, security e,posures can be an impediment to basic network operation Security solution for #$%&! has to cope with a challenging environment including scarce energy and computational resources and lack of persistent structure RE1ERENCES:
:1< 6. 6apadimitratos and K.L. Faas, MSecure #essage !ransmission in #obile $d Foc %etworks,N submitted for 6ublication. :=< 6. 6apadimitratos, MSecure .outing1 #ethods for 6rotecting .outing "nfrastructures D $ Survey,N work in progress. :>< 7. 7amport, .. Shostak, #. 6ease, M!he 4y0antine 8enerals 6roblem,N $+# !rans. www.1000projects.com www.fullinterview.com www.chetanasprojects.com
www.1000projects.com www.fullinterview.com www.chetanasprojects.com :11< $lfred #ene0es, 6aul van -orschot and Scott Oanstone, MFandbook of $pplied +ryptography,N +.+ 6ress, -ctober 1II; D Ath reprinting, $ug. =001. :1=< '. /iffie, in #.&. Fellman, M%ew "&&& directions cryptography,N