International Journal of Research in Advanced Technology - IJORAT

Vol. 1, Issue 6, JUNE 2016

MASQUERADE ATTACK DETECTION

AND PREVENTION USING ENHANCED
KEY MANAGEMENT TECHNIQUES
B.Sridevi1, M.Gopika2
Professor, ECE, Velammal College of Engineering and Technology, Madurai, India1
P.G Scholar, Communication Systems, Velammal College of Engineering and Technology, Madurai, India2
Abstract: Wireless Networks is one of the most progressive areas of technology development in real time
applications. In this technology, security plays a crucial role. In order to provide a secure transmission of
packets in wireless networks Wifi Protected Access (WAP) technique has been introduced. As advances in these
techniques increase so does the attack to penetrate in WAP raises, such attacks include Denial Of Service (DOS).
The DOS attacks differ for each layer in Open System Interconnection in which the attack in packet transfer
takes place in network layer. The Masquerade attack in network layer is the major problem since it can
impersonate as some other node in the network. Even though the cryptographic technique is used, a node of
same network can act as some other node. To prevent such attack new key is introduced. When the node enters
a network the base station provides a private key and public key to the node and it will form a unique key and
store it in the routing table. When the packet transfer request is send the base station forms a secure path by
checking each node with the public key and unique key combination. As a unique key is not known to other
nodes in the network they can only access the public key, hence while checking for combination key the
malicious node will be caught and it will be dropped and other secure path will be updated in the routing table.
By using the combination key instead of public key throughput value is improved by 40%.
Keywords: Wi-Fi Protected Access, Denial of service (DOS), Masquerade attack, NS3.

I.

INTRODUCTION

Wireless technology has rapid growth in the history of

technological development; wireless network has its usage
in every field. The wide ranges of data are transfer and
receive through these networks. The cellular phones are
great example of wireless networks. As the network user
increases the confidentiality of the data send through this
network should also increase. The most widely used
technique is Wifi Protected Access (WAP), Wifi Protected
Access 2 (WPA2). Here we discuss about Denial Of Service
(DOS) attack. This attack takes place in each and every
layer of the Open System Interconnection (OSI). They vary
according to the situation and level of security. We are
discussing about Masquerade attack which takes place in
Network Layer, this attack is type of Misdirection attack.
A. Wired Equivalent Privacy
Wired Equivalent Privacy (WEP) Protocol is an
IEEE 802.11 standard, which involves encryption to
provide confidentiality, authentication and integrity. It is
used in wired communication and it is used in wireless
network to obtain the same result as that of wired network.
Even though the process to implement it in wireless
network is simple it does not provide the same results, since
there are many tools to break the encryption. In order to use
this protocol there should be best and most secure
encryption method. In [1], two cases of attacks are studied
in which the packet transfer rate is reduced while using
WEP. Same kind of case is discussed in [2], which needs
new key within 60 seconds to maintain the packet transfer
All Rights Reserved 2016 IJORAT

in secure manner. As for the new key produced in [2] may

involve RC4 technique, but there are many complications
regarding this technique which is detailed in [3]. In [4],
various hash techniques are used as the encryption
techniques in particular SHA3 is used.
B. Wi-Fi Protected Access and Wi-Fi Protected Access 2
To overcome the problems in WEP Wi-Fi Protected
Access (WPA) is used. It is a wireless security protocol
modelled using secure encryption technique which is
Temporal Key Integrity Protocol (TKIP)[1]. This provides
integrity for the users. While introducing this technique it is
said to be more secure but as attacker got information
regarding the protocol it becomes vulnerable. To make the
network free of attacks next protocol is devised.
Wi-Fi Protected Access 2 (WPA2), is also a IEEE
802.11 based wireless security protocol. The major problem
in previous method is anyone can enter the network which
leads to attack thus to remedy that this technique only uses
authorised users. These users can access a wireless device,
which also includes encryption techniques such as
Advanced
Encryption
Standard
(AES),
stronger
authentication control (e.g. Extensible Authentication
Protocol or EAP), key management, replay attack
protection and data integrity.
In [6], the hole196 attack vulnerability is checked
using the ASMiTM. In [5], various protocols are discussed
in which the comparison among WEP, WPA and WPA2 is
detailed.
TKIP was designed to use with WPA[1] while the

International Journal of Research in Advanced Technology - IJORAT

Vol. 1, Issue 6, JUNE 2016

stronger algorithm AES was designed to use with WPA2. In

[7], usual methods are discussed and also concluded that
they are not as secure as they thought so new techniques
where developed in which the WPA-PSK is one type, but
there is complications regarding these techniques. Thus by
using other techniques which has less problems in
implementing should be developed.
C. Denial Of Service
A Denial-Of-Service (DoS) attack is which makes
a network inaccessible to the users and this problem cannot
be overcome once it starts. Thus DOS maybe be permanent
which leads to eternal damage of the network. The
temporary damage will give time for the attacker to find the
important information in the network and it maybe
misdirected to some other place which is known as black
hole and wormhole attack. Even though the packet is
encrypted and attacker cannot decrypt the packet to obtain
the message thats not the goal for them. The destined user
should not get the packet is the ultimate aim in black hole
technique. The DOS symptoms may vary according to the
security technique. Some of the basic symptoms are:
Down of website due to overloading.
Warning provided due to change in networks usual
activity.
Website not in reach for certain user.
Number of spam mails increase.
Automatic disconnection of internet connection
whether it is wired or wireless.
The DOS attack can be large and it will sometimes
cover the whole country or certain geographical region. The
major target of the attacker is to make the authorized users
not to use the network. The bonus of this attack will give
the information in the network. The DDoS attack is next
stage in DoS attack. The DoS attack will vary according to
its process such as completely making the network crash
and next one will make the information flood and thus
original information will be lost among the network. The
DoS attack will takes place in many ranges. If the IP
address of the attacker is switching to every part of the
world then that is a complicate attack. IP address spoofing
is the major problem in the network which is detailed in
[9],[10] which includes the DoS attack. In [8] the DoS
attacked is detailed when it takes place in clouds.
DOS in network layer:
DoS attack takes place in every layer in Open
System Interconnection (OSI). The attacks vary for each
layer, we taken network layer into consideration in which
there are many attacks. The most common and high
damageable attack is masquerade attack. The black hole and
worm hole attack also comes under network layer DoS
attacks. In [12], the masquerade attack is detailed, the
WPA2 or WPA is used in every wireless networks but the
problem is when the attack is happen due to someone inside
the network. There may be authorized entry and may be the
user will be a legitimate user for some period of time. After
certain period they may change to the malicious node. In
which the user ultimate goal is to avoid the network to
transfer of packet to the destined node. Thus there are many
techniques to find the malicious node or impersonate node.
All Rights Reserved 2016 IJORAT

The next attack in network, black hole and worm

hole attack is detailed in [13]. Here, one malicious node will
leads to many as they create a chain of malicious node,
which will be detected and prevented using certain
techniques and according to their arrangement in the
network.
TABLE-1.1 Denial-of-service attacks and defences by
protocol layer.

Layer

DoS attacks

Physical

Jamming, tampering

Link

Collision, exhaustion

Network

Neglect and greed, homing,

misdirection, black holes,
wormhole.
Flooding, desynchronization.

Transport

The masquerade attack is which impersonate the

user in the network and request the destined packet to itself.

Fig. 1.1 Masquerade Attack

The problem with it is that the user in network may
be authorized using encryption techniques. As all users in
the network know each others public key so they can easily
impersonate other users using the known keys.

II.

PROPOSED METHODOLOGY

As Wired Equivalent Privacy (WEP) provides

secure transmission, WPA and WPA2 provides more secure
transmission than WEP since there are some problems
when comes to WEP usage in wireless network.
- Security features in Wireless products are
frequently not enabled.
-

Use of static WEP keys (keys are in use for a very

long time). WEP does not provide key
management.

Cryptographic keys are short.

No user authentication occurs only devices are

authenticated. A stolen device can access the
network.

Identity based systems are vulnerable.

Packet integrity is poor.

DOS attacks are possible.

International Journal of Research in Advanced Technology - IJORAT

Vol. 1, Issue 6, JUNE 2016

To overcome the masquerade attack new key is

III.
PERFORMANCE ANALYSIS
introduced. Combination of public key and unique key is
checked each time the destination node sends request to
A. Throughput
source node. The malicious node can get the public key of
It is a measure of how many units of information
the destination but not the unique key hence when the of a system can process in a given amount of time.
combination is checked, base station finds the malicious
node and then it will be dropped. When a new node TABLE 2 Throughput Comparison Between
introduces into the network the base station gives it a Combination Key And Public Key
private key, public key and a unique key. Base station
stores the combination of public key and unique key. When Time(s) Combination key (KB/s) Public key(KB/s)
a source node receives request from the destination node,
1
0.06
0.0321
source node gets the public key and unique key of the
5
0.317
0.1607
destination node. Source checks the combination with base
10
0.634
0.3215
station.
15
0.9216
0.4822
A. Procedure
20
1.268
0.6430
When the node enters the network the base station
25
1.586
0.8037
provides with the private key and public key to
that node.
By using some random cryptographic technique
such as AES or SHA along with WPA2 protocol
the encrypted packet can be obtained.

By using the private key and public key and some

other technique the unique key is formed and
stored in the base station.

The base station consists of the routing table which

consists of private key, routing information and the
combination of public key and unique key.

Destination node sends request to the source node.

Every node in the network undergo authorization

whether they are legitimate node.

In each hop the nodes combination key will be

referenced with the base station.

combination key

throughput (KB/S)

public key

2
1.5
1
0.5
0
0

5 10 15 20 25
time (s)

Fig. 2 Throughput comparison

A. Netanim output

Packet transfer without malicious node

If the node proves to be an authorized one then it is
The normal process of packet transfer takes place
included in the routing process. The authorization by mapping the secure path for transmission. The base
is done using the combination key.
station checks each node with its combination key which
comprises of both public key and unique key. The output is
For each hop the routing table will be updated.
shown in net animator.
For time period from 1 to 5 seconds the usual
The destination node sends the packet request signal
packet transfer takes place as there is no malicious which consists of its public key and identity which is
node in the network.
encrypted with unique key which is known only to the base
After 5 seconds the node 3 in the network will be station and the node itself, the packet is encrypted using the
act as a malicious node by impersonating the sources private key. The base station consists of the list of
nodes in its network and each nodes combination key, the
destination node.
public key of a certain node is known to all the nodes in the
When the destination node sends request source network. So if the node in the network impersonate some
node checks for combination key and found that other node it can only obtain the public key of that node, so
3rd nodes combination is not same as in the base when the source node checks the identity of the node with
station.
base station the malicious node will be caught since its
combination key is different. Thus the malicious node will
rd
Then base station will drop the 3 node and update
be dropped. The routing table in the base station will be
the routing table with new route for packet
updated for each hop.
transfer.
Packet Transfer with Malicious Node
The drop of malicious node takes place once the
source node finds it and then the secure path will be
updated in the routing table.

All Rights Reserved 2016 IJORAT

International Journal of Research in Advanced Technology - IJORAT

Vol. 1, Issue 6, JUNE 2016

random methods and in which extra step is included to

devise the unique key, the unique key is formed by private
and public keys. The unique key will be formed at the end
of encryption process and it will analyse in the base station
by decryption at the start of the hopping process. The key
formation output will be shown in terminal output screen.

C. Trace File Output:

Fig. 3 Netanim Output for Secure Packet Transfer

Fig. 4 Netanim Output For Network with Malicious

Node
B. Terminal Output
Key Formation for Every Node

Fig. 5 Terminal Output

Each node in the network consists of private key,
public key and unique key.
When the node is move into the certain network it will
be known by base station which provides the secret key and
public key, then using these keys the unique key will be
formed by using any cryptographic technique, the technique
is kept random to confuse the attacker. The most secure
method is AES. But to keep the attacker guessing we use

All Rights Reserved 2016 IJORAT

Node:
Sent packets:
Received packets:
Dropped packets:
Data sent:
Data received:
Data dropped:
Throughput:
Bytes/second
Good put:
Bytes/second
Lambda:
packets/second
EN:
EW:
Little's result:
-> EN:
-> EW*lambda:
Average length of:
-> Sent packets:
-> Received packets:

0
12
12
0
3.116 KB
6.504 KB
0.0 B
318.16859055194493

Node:
Sent packets:
Received packets:
Dropped packets:
Data sent:
Data received:
Data dropped:
Throughput:
Bytes/second
Good put:
Bytes/second
Lambda:
packets/second
EN:
EW:
Little's result:
-> EN:
-> EW*lambda:
Average length of:
-> Sent packets:
-> Received packets:

1
19
19
0
6.91 KB
6.91 KB
0.0 B
705.566418714358

Node:
Sent packets:
Received packets:
Dropped packets:
Data sent:
Data received:
Data dropped:
Throughput:
Bytes/second

2
14
14
0
4.2 KB
4.2 KB
0.0 B
428.85368431263436

261.3965313905581
1.225296240893241
0.0 packet(s)
0.0 second(s)
0.0
0.0
259.0 Bytes
542.0 Bytes

627.3516753373394
1.9400523814142983
0.0 packet(s)
0.0 second(s)
0.0
0.0
363.0 Bytes
363.0 Bytes

International Journal of Research in Advanced Technology - IJORAT

Vol. 1, Issue 6, JUNE 2016

Goodput:
Bytes/second
Lambda:
packets/second
EN:
EW:
Little's result:
-> EN:
-> EW*lambda:
Average length of:
-> Sent packets:
-> Received packets:

365.95514394678133

Node:
Sent packets:
Received packets:
Dropped packets:
Data sent:
Data received:
Data dropped:
Throughput:
Goodput:
Lambda:
EN:
EW:
Little's result:
-> EN:
-> EW*lambda:
Average length of:
-> Sent packets:
-> Received packets:

3
0
0
0
0.0 B
0.0 B
0.0 B
0.0 Bytes/second
0.0 Bytes/second
0.0 packets/second
0.0 packet(s)
0.0 second(s)

IV.

1.4295122810421146
0.0 packet(s)
0.0 second(s)
0.0
0.0
300.0 Bytes
300.0 Bytes

0.0
0.0
0.0 Bytes
0.0 Bytes

CONCLUSION

From our project we have few conclusions which can

be utilized for future work in DOS attack defences in
wireless networks. By using NS3 we compared the
throughput for the network while using the combination key
which consists of combined form of unique key and public
key with the public key alone. As the unique and public key
combination is used, the base station can easily find the
malicious node in the network. Updating the routing table
for each hop provides node with more security. Throughput
is better for network which uses the unique key
combination rather than public key alone. Then the
animation of node movement is shown using the Netanim
tool, in which the Netanim tool shows the packet transfer
without malicious node and with malicious node. In
presence of malicious node the network drops that
particular node and continues to update the routing table
with new secure path for remaining packet transmission.
In future work various mobility model can be
included to study the properties of the network.

[4] Ashish Kumar., Vishal Arora., Analyzing the

performance and security by using SHA3 in WEP, Engineering
and Technology (ICETECH), 2015 IEEE International
Conference. Pp.1-4. 20-22 march 2015.
[5] Lashkari, A. Mansoor, M. Danesh, A., "Wired
Equivalent Privacy versus Wi-Fi Protected Access(WPA)",
International Conference on Signal Processing Systems. pp. 445449. (2009).
[6] Mayank Agarwal., Santosh Biswas., Sukumar Nandi.,
Advanced Stealth Man-in-The-Middle Attack in WPA2 Encrypted
Wi-Fi Networks IEEE Communications Letters (Volume:19 ,
Issue: 4 ). Pp. 581-584. 2015.
[7]
Ying Wang., Zhigang Jin ., Ximan Zhao., Practical
Defense against WEP and WPA-PSK Attack for WLAN, 6th
International Conference on Wireless Communications
Networking and Mobile Computing (WiCOM) pp. 1-4. sept 2010.
[8] S. Yu, Y. Tian, S. Guo, D. Wu, Can We Beat DDoS
Attacks in Clouds?, IEEE Transactions on Parallel and
Distributed Systems, vol. 25, no. 9, pp. 2245-2254, 2014.
[9] R. Maheshwari, C. R. Krishna, M. S. Brahma,
Defending Network System against IP Spoofing based
Distributed DoS attacks using DPHCF-RTT Packet Filtering
Technique, IEEE International Conference on Issues and
Challenges in Intelligent Computing Techniques (ICICT), pp. 206209, 2014
[10] M. Nagaratna, V. K. Prasad, S. T. Kumar, Detecting
and Preventing IP-spoofed DDoS Attacks by Encrypted Marking
based Detection and Filtering (EMDAF), IEEE International
Conference on Advances in Recent Technologies in
Communication and Computing, pp. 753-755, 2009.
[11] T. Peng , C. Leckie and K. Ramamohanarao,
"Prevention from distributed denial of service attacks using
history-based IP filtering", Proc. ICC, pp. 2003
[12] S. E. Coulla and B. K. Szymanski, "Sequence alignment
for masquerade detection", J. Comput. Statist. Data Anal., vol. 52,
no. 8, pp. 4116-4131, 2008.
[13] Banerjee Sukla, 2008. Detection/Removal of
Cooperative Black and Gray Hole Attack in Mobile Ad-Hoc
Networks. Proceedings of the World Congress on Engineering
and Computer Science 2008 WCECS, San Francisco, USA.
[14] Hu, Y., A. Perrig and D. Johnson., Packet Leashes: A
Defense against Wormhole Attacks in Wireless Ad Hoc
Networks. Proc. of IEEE INFORCOM. 2002
[15] Singh Virendra Pal., Sweta Jain., Jyoti Singhai., Hello
Flood Attack and its Countermeasures in Wireless Sensor
Networks. International Journal of Computer Science Issues,
7(3): 11 2010.

REFERENCES
[1] Erik T., Martin B. T., "Practical attacks against WEP
and WPA", ACM WiSec 2009, pp. 79-85, (2009).
[2] Erik T., Ralf-Philipp W., Andrei P., "Breaking 104 Bit
WEP in Less Than 60 Seconds", Lecture Notes in Computer
Science, vol. 4867/2008, pp. 188-202, (2008).
[3] Fluhrer, S., Mantin, I., Shamir, A., "Weaknesses in the
key scheduling algorithm of RC4", LNCS, vol. 2259, pp. 1-24,
(2001).

All Rights Reserved 2016 IJORAT