The Characteristics And Applications Of Manets Computer Science Essay

The Characteristics And activitys Of Manets Computer Science EssayChapter 1The advent of ubiquitous reason and the creation of new, actorful, efficient, man-portable computing devices collect focused the importance of prompt and wireless electronic profiting. Mobile wireless talks and networking is an emerging technology that all(prenominal)ows users to access reading and services electronically at either time, regardless of their geographic positions. there ar two attributes of wireless networks nucleotide based wireless networks and infrastructure-less wireless networks (ad hoc networks). The infrastructure based wireless networks have way of lifers and gateship canal as stationary comp unitynts to which diligent knobs within the network connect. Mobile inspissations connect to the ne atomic number 18st base station whose discourse radius c everyplaces the bea that the lymph nodes are in. When a mobile node moves step forward of the coverage area of a base station, it is handed off to a new base station that covers the area that the node is now in. Cellular knell technology is a typical example of an infrastructure network.The second eccentric of wireless network is the ad hoc network. The term ad hoc tends to diametric forms and toilette be mobile, stand alone, or networked1. A Mobile Ad hoc NETwork (MANET) is a self-organized wireless communication short lived network that contains accumulation of mobile nodes. The mobile nodes communicate with one an new(prenominal) by wireless intercommunicate links without the use of any pre-established fixed communication network infrastructure or centralize administration, such(prenominal) as base stations or access points, and with no human intervention 2, 3, 5, 6, 7.Self-organizing means that MANETs have the ability to spontaneously form a network of mobile nodes or hosts, merged together or partitioned into separate networks on-the-fly depending on the networking needs and dynamical ly handle the joining or leaving of nodes in the network. The major objectives of self organized MANET are scalability, reliability, and availability. Mobile nodes are low capacity autonomous computing devices that are capable of roaming respectively. Because of the position that nodes are mobile, the network topology changes rapidly and unpredictably over time. Each mobile node acts as both a host and a alter channelr to relay information (forward packets) to other mobile nodes. The success of the communication elevatedly depends on the other nodes cooperation. The nodes themselves are responsible for dynamically discovering other nodes to communicate in radio range.Figure 1.1 Heterogeneous Mobile Ad hoc Network (MANET)Typical MANET nodes are Laptops, PDAs, Pocket PCs, Cellular Phones, Internet Mobil Phones, Palmtops or any other mobile wireless devices. These devices are typically lightweight and barrage operated. Figure 1.1 illustrates an example of a heterogeneous MANET a nd its communication technology which contains one PDA, one pocket PC, one laptop, one mobile phone and one mobile device. Since mobile phone is outside pocket PCs transmission range, the selective information from pocket PC to mobile phone must be retransmitted by laptop.1.1.1 Characteristics of MANETsThe main characteristics of MANETs are the complete lack of modify control, lack of association among nodes, rapid mobility of hosts, frequent dynamically varying network topology, shared broadcast radio channel, insecure operating environment, animal(prenominal) vulnerability and limited availability of resources, such as CPU processing capacity, memory power, battery power, and bandwidth 2, 6, 7, 8.Dynamic Network Topologies The nodes in MANETs are free to move independently in any direction. The networks wireless topology may change frequently and arbitrarily at unpredictable times and primarily consists of bidirectional links.Low Bandwidth These networks have lower capacity a nd shorter transmission range than fixed infrastructure networks. The through with(predicate)put of wireless communication is lesser than wired communication because of the effect of the eight-fold access, fading, noise, and interference conditions.Limited Battery Power The nodes or hosts operate on small batteries and other exhaustible means of energy. So, energy conservation is the most important design optimization criteria.Decentralized Control Due to un reliable links, the working of MANET depends upon cooperation of participating nodes. Thus, implementation of any protocol that involves a centralized authority or administrator becomes troublesome.Unreliable Communications The shared-medium nature and unstable channel quality of wireless links may result in high packet-loss rate and re-routing instability, which is a common phenomenon that leads to throughput drops in multi- hop-skip networks. This implies that the pledge solution in wireless ad hoc networks provokenot rel y on reliable communication.Weak Physical Protection MANETs are much prone to physical protection threats than fixed-cable nets. Mobile nodes are usually compact, soft and handheld in nature. Today, portable devices are getting smaller and smaller. They could get damaged or lost or stolen easily and misused by an foe. The increased possibility of different types of rapes should be carefully considered.Scalability Due to the limited memory and processing power on mobile devices, the scalability is a key out problem when we consider a large network size. Networks of 10,000 or even 100,000 nodes are envisioned, and scalability is one of the major design concerns.1.1.2 Applications of MANETsThere are many applications of MANETs. The domain of applications for MANETs is diverse, ranging from small, static networks that are constrained by power sources to large-scale, mobile, highly dynamic networks. Significant examples imply establishing survivable, efficient, dynamic communicatio n for network-centric military/battlefield environments, emergency/rescue operations, disaster relief operations, intelligent transportation systems, conferences, fault-tolerant mobile sensor grids, smart homes, patient monitoring, environment control, and other security sensitive applications. Most of these applications demand a detail security guarantees and reliable communication 2, 5, 7, 9. whatever well known applications areMilitary Tactical Operations For fast and possibly short term establishment of military communications and troop deployments in hostile and/or unknown environments.Search and Rescue Operations For communication in areas with little or no wireless infrastructure support.Disaster accompaniment Operations For communication in environments where the existing infrastructure is destroyed or left inoperable.Law Enforcement For secure and fast communication during law enforcement operations.Commercial recitation For enabling communications in exhibitions, confe rences and large gatherings. For some business scenarios, the need for collaborative computing might be more important outside piece environments than inside a building. After all, it is often the case where people do need to have outside meetings to cooperate and exchange information on a given project.1.1.3 Routing in MANETsNode mobility has a large impact on the behavior of ad hoc networks. The nodes in the network are free to move independently in any direction to change the routes. Every node in MANET acts as a router that discovers and maintains routes in the network. The nodes themselves are responsible for dynamically discovering other nodes to communicate. When a node wants to communicate with a node outside its transmission range, a multi-hop routing strategy is used which involves some intermediate nodes. The networks wireless topology changes frequently and helter-skelter at unpredictable times.In format to allow truly spontaneous, infrastructure-less networking and e fficient end-to-end communication with the network of nodes, a routing protocol is used to discover the optimal routes amidst the nodes. Hence, the primary challenge is to establish a correct and efficient route amid a pair of nodes and to ensure the correct and by the way pitching of packets. The routing protocols meant for wired networks cannot be used for MANETs because routing in MANETs is nontrivial due to the highly dynamic nature of the mobile nodes. Route construction should be done with a marginal of overhead and bandwidth consumption.An extensive number of research works on designing the various routing protocols pro officious, reactive, and hybrid have been proposed in the literature and widely evaluated for efficient routing of packets 3. However, they do not address possible threats aiming at the disruption of the protocol itself and often are vulnerable to node misbehavior. A node dropping all the packets is considered as catty node or selfish nodes. A venomo us node misbehaves because it intends to damage network functioning. A selfish node does so because it wants to save battery life for its own communication by simply not participating in the routing protocol or by not executing the packet furtherance. A despiteful node could falsely advertise very attractive routes and thereby convince other nodes to route their messages via that malicious node.With the lack of a priori trust between nodes, current ad hoc routing protocols are completely insecure and optimized only to spread routing information quickly as the network changes 4.1.1.4 Security in MANETsSecurity is an prerequisite service for MANET because all network services are configured on-the-fly. When the security of a given MANET architecture is not properly designed from the beginning, it is difficult to procure the security goals in practical networks during the network deployment 12, 13.To secure a MANET, one usually considers the objectives confidentiality (privacy), av ailability, integrity, authenticity and non-repudiation. Confidentiality ensures that secret information in the network is never revealed to self-appointed nodes. i.e. the assurance that data is not disclosed to unauthorized parties. Availability ensures that the requested network services, such as bandwidth and connectivity, are available in a timely manner and service is not denied to authorize users. i.e. the assurance that data is readily accessible. Integrity ensures that message or packet being transferred between nodes is not alter or corrupted. i.e. the assurance that data is genuine. Authentication ensures the correct identity of the peer node it is communicating with. Non-repudiation ensures that the originator of a message cannot falsely deny having displace the message. i.e. the assurance that a node cannot later deny the data was sent by it.Node mobility in a MANET poses many security problems and vulnerable to different types of security beleaguers than conventiona l wired and wireless networks due to their open medium, dynamic network topology, absence of central administration, distributed cooperation, constrained capability, and lack of clear line of defense. The unconstrained nature of a wireless medium of MANETs allows the aggressors for interception, injection, and interference of communication. Without proper security, mobile hosts are easily captured, compromised and hijacked by malicious nodes. Malicious nodes behavior may advisedly disrupt the network so that the w quite a little network will be suffering from packet losses. Damages include leaking secret information, message contamination and node personation.Before MANETs are successfully deployed, security issues must be addressed. Usually, cryptographic techniques are used for secure communications in wired and wireless networks. The manner of using security solutions of traditional wired networks is not suitable for providing security in MANETs. The main problem of any public -key based security system is to muddle distributively users public key available to others in such a way that its authenticity is verifiable. Conventional security solutions to provide public key steering is implemented with public key infrastructure (PKI), in which a sure third party (TTP) holds the public key certificates of all participating entities and acts as an online proof authority (CA) to provide a public key verification service. MANETs do not provide on-line access to trusted authorities or to centralized servers. Implementing public key management and certificate distribution is more challenging due to the problematic key exchange, session handling, absence of any infrastructure and centralized services, frequent node mobility, wireless link instability, possible network partitions, and configuration of all network services on-the-fly. For these reasons, traditional security solutions that require on-line trusted authorities or certificate repositories are not we ll suited for securing MANETs. Use of public key cryptography and certificates is one of the effective ways of securing a MANET.The main security problems that need to be dealt with in MANETs are the secure storage of key/data in the devices the authentication of devices that wish to communicate to severally other the secure key establishment of a session key among authenticated devices and the secure routing in multi-hop networks 4.1.1.5 Security Attacks in MANETsSecurity means defend the privacy (confidentiality), availability, integrity and non-repudiation. Security implies the identification of potential attacks, threats and vulnerability of a certain system from unauthorized access, use, modification or destruction. A security attack is any action that compromises or bypasses the security of information illegally or in an unauthorized way. The attack may alter, release, or deny data 10, 11, 14.The attacks on the MANETs can be broadly classified into two categories still atta cks and active attacks as shown in Figure 1.2. Both passive and active attacks can be made on any layer of the network protocol stack 3.Figure 1.2 Types of security attacksPassive Attacks A passive attack attempts to retrieve priceless information by listening to avocation channel without proper authorization, but does not affect system resources and the normal functioning of the network. Figure 1.3 shows a conventional description of a passive attacker C, eavesdropping on the communication channel between A and B.Figure 1.3 A passive attackThe different types of passive attacks are eavesdropping (information leakage), traffic monitoring, and analysis. Passive attacks are very difficult to detect because they do not involve any alteration of the data. The emphasis in transaction with passive attacks is on prevention rather than detection. One of the solutions to the problem is to use powerful encryption mechanism to encrypt the data being transmitted, thereby do it impossible fo r the attacker to get useful information from the data overheard.Eavesdropping (information leakage) is a very easy passive attack in the radio transmission environment, where malicious nodes capture all traffic, including routing traffic, and thus obtain routing information. When one sends a message over the wireless medium, an attacker equipped with a suitable transceiver in the radio range of the transmission can intercept and capture all traffic including the sensitive routing information. The sender or the intended receiver has no means of catching if the transmission has been eavesdropping in the radio transmission by the adversary who do not physically connect to the medium.Traffic monitoring collects information of network nodes such as the identities and locations of nodes and the amount of data transmitted among them. Traffic analysis means that a malicious node analyses all captured/received traffic in order to extract information about the characteristics of transmissi on, such as, which nodes are communicating frequently or exchange huge amounts of data. This information could be exploited to launch just attacks.Active Attacks An active attack attempts to alter or destroy system resources and the data being exchanged in the network by injecting or modifying haughty packets, thus gain authentication and tries to affect or disrupt the normal functioning of the network services. An active attack involves information interruption, modification, or fabrication.Figure 1.4 An active attackAs shown in Figure 1.4, an active attacker C can listen, modify, and inject messages into the communication channel between A and B. Active attacks can be either internal or external 5. External attacks are carried out by nodes that do not belong to the network. These attacks are launched by adversaries who are not initially authorized to participate in the network operations and access the resources without authorization. External attacks usually aim to cause netwo rk congestion, denying access to specific network function or to disrupt the whole network operations. Bogus packets injection, self-control of service, and impersonation are some of the attacks that are usually initiated by the external attackers. Internal attacks are from compromised nodes that are part of the network.Compared with external attacks, internal attacks are more serious and hard to detect because the attackers know valuable and secret information from compromised or hijacked nodes and possess privileged access rights to the network resources. Active attacks, whether carried out by an external adversary or an internal compromised node, involves actions such as impersonation (masquerading or spoofing), modification, fabrication and replication.The active attacks are classified into different types MAC class attacks, Network Layer attacks, Transportation Layer attacks, Application Layer attacks and Multi Layer attacks as shown in Figure 1.5.MAC Layer AttacksJamming Att ack In this form of attack, the adversary initially keeps monitoring the wireless medium in order to determine the frequency at which the receiver node is receiving signals from the sender. It then transmits signals on that frequency so that error free reception at the receiver is hindered 3.Figure 1.5 Classification of security attacksNetwork Layer AttacksWormhole Attack In this attack, two compromised nodes can communicate with each other by a hush-hush network connection. A malicious node captures packets from one location in the network and tunnels these packets to the other malicious node at another location. The second malicious node is then expected to replay the tunneled packets locally. The tunnel between two colluding attackers is referred to as a wormhole. The wormhole can drop packets by short-circuiting the normal flow of routing packets or it can selectively forward packets to avoid detection 15, 16, 17.Black Hole Attack A black hole attack is a kind of denial of s ervice where a malicious node attracts all packets by falsely claiming (advertising) a shortest path to the destination node whose packets it wants to intercept and then absorb them without forwarding to the destination 15. i.e. a malicious node falsely advertise itself as having the shortest path to the destination node whose packets it wants to intercept causing all nodes around it to route packets towards it.Sinkhole Attack In a sinkhole attack, the adversarys goal is to attract nearly all the traffic from a particular area through a compromised node, creating a metaphorical sinkhole with the adversary at the center. Because nodes on or near the path that packets follow have many opportunities to tamper with application data 18, 19. One motivation for mounting a sinkhole attack is that it makes selective forwarding trivial by ensuring that all traffic in the targeted area flows through a compromised node, an adversary can selectively suppress or modify packets originating from a ny node in the area.Gray Hole Attack A immemorial hole attack is a variation of the black hole attack, where the malicious node is not initially malicious, it turns malicious sometime later. In this attack, an attacker drops all data packets but it lets control messages to route through it 20, 21. This selective dropping makes gray hole attacks much more difficult to detect than black hole attack.Byzantine Attack In this attack, a compromised intermediate node or a set of compromised intermediate nodes works in collusion and collectively carries out attacks such as creating routing loops, routing packets on non-optimal paths, and selectively dropping packets. Byzantine failures are hard to detect because throughput of attacker nodes as same as other nodes 22. education Disclosure Attack In this, a compromised node attempts to reveal confidential or important information regarding the network topology (the structure of the network), geographic locations of nodes, or optimal route s to unauthorized nodes in the network 723.Resource Consumption Attack In this attack, a malicious node deliberately tries to consume/waste outside(a) the resources of other nodes present in the network by requesting excessive route discovery (unnecessary route request control messages), very frequent generation of beacon light packets, or by forwarding unnecessary packets (stale information) to that node. The resources that are targeted are battery power, bandwidth, and computational power, which are only limitedly available in MANETs 24, 25.Man-In-The-Middle Attack In this, the attacker exists as a neighbor to any one node in the routing path and alters data that is being transmitted and injects modified packet into network. i.e. a malicious node impersonates the receiver with respect to the sender, and the sender with respect to the receiver, without having either of them realize that they have been attacked with an intension to read or modify the messages between two parties 12. neighbour Attack In this attack, upon receiving a packet, an intermediate node records its ID in the packet before forwarding the packet to the next node. An attacker, however, simply forwards the packet without transcription its ID in the packet to make two nodes that are not within the communication range of each other believe that they are neighbors (i.e., one-hop away from each other), resulting in a disrupted route. The goal of neighbor attackers is to disrupt multicast routes by devising two nodes that are in fact out of each others communication range believe that they can communicate instantly with each other 15.Routing Attacks In this attack, attackers try to alter the routing information and data in the routing control packet. There are several types of routing attacks, such as routing table overflow attack, routing table poisoning attack, packet replication attack, route cache poisoning attack, and rushing attack, attach on the routing protocol which are aimed at disrupting the operation of the network 3.-Routing Table Overflow Attack In this attack, an adversary node advertises routes to non-existing authorized nodes present in the network. The main objective of such an attack is to cause an overflow of the routing tables, which would, in turn, prevent the creation of entries corresponding to new routes to authorized nodes. Proactive routing protocols are more vulnerable to this attack compared to reactive routing protocols.-Routing Table Poisoning Attack In this attack, a malicious node sends false routing updates to other uncompromised nodes. Such an attack may result in suboptimal routing, network congestion or even make some part of the network inaccessible.-Packet Replication Attack In this attack, an adversary node replicates stale packets. This consumes additional bandwidth and battery power resources available to the nodes and overly causes unnecessary confusion in the routing process.-Route Cache Poisoning Attack This attack perishs when nodes are in the updating mode of their tables route. Information stored in the routing tables deleted, changed, and injected with false information.-Rushing Attack In this case, an adversary can rush some routing packets towards the destination, starring(p) to problems with routing. i.e. an adversary node which receives a route request packet from the source node floods the packet quickly throughout the network before other nodes which also receive the same route request packet can react. On demand routing protocols that use route discovery process are vulnerable to this type of attack 26.Stealth Attacks Stealth attacks are classified into two classes. The premier(prenominal) class of attacks attempts to hi-jack or perform traffic analysis on filtered traffic to and from dupe nodes. These attacks are mounted, for example, by the modification of routing information. An attacker can divert traffic by using authentic routing messages to fool honest nodes into disrupt ing their routing tables. The second class partitions the network and centres good put by disconnecting victim nodes in several ways. For example, the attacker can route a large amount of data through the victim node. This may totally consume the nodes energy resources or create a perception of unavailability due the large quantities of messages being dropped by the victim. Consequently the node under attack will not be used by neighboring routers and becomes isolated. The methods are referred to as stealth attacks since they minimize the cost of launching the attacks and reduce the visibility of the attacker 27.Transportation Layer AttacksSession Hijacking Attack Session hijacking is the major transport layer attack. Here, an adversary takes control over a session between two nodes. Since most authentication processes are carried out only at the start of a session, once the session between two nodes gets established, the adversary node masquerades as one of the end nodes of the session and hijacks the session. Session hijacking occurs on two levels the network level and application level.Application Layer AttacksRepudiation Attack Repudiation attack is the main application layer level attack. Repudiation refers to the denial or attempted denial by a node involved in a communication of having participated in all or part of the communication 3. Non-repudiation is one of the important requirements for a security protocol in any communication network and assures that a node cannot later deny the data was sent by it.Multi Layer AttacksMulti-layer attacks are those that could occur in any layer of the network protocol stack. Denial of service, impersonation or sybil attack, manipulation of network traffic, device tampering, jellifish attack and eclipse attack are some of the common multi-layer attacks.Denial of Service Attack In this attack, an adversary always attempts to prevent legitimate and authorized users of network services from accessing those service s, where legitimate traffic cannot reach the target nodes. Denial of Service (DoS) attacks are against CPU power, battery power and transmission bandwidth. A malicious node may launch a DoS attack against another node by requesting routes from that node, or by forwarding unnecessary packets to that node in an attempt to wear down (draining) the other nodes batteries. A DoS attack can be carried out in many ways and against any layer in the network protocol stack, namely, physical layer, link layer, and network layer 4, 12, 31.Sybil Attack This attack is also known as masquerade or impersonation or spoofing attack. In this attack, a undivided malicious node attempts to take out the identity of other nodes in the network by advertising false/fake routes. i.e. an attacker pretends to have multiple identities obtained either by impersonating (forges) other nodes or by making use of false identities. It then attempts to send packets over network with identity of other nodes making the destination believe that the packet is from original source 28.Sybil attacks are classified into three categories direct/indirect communication, fabricated/stolen identity, and simultaneity. In the direct communication, Sybil nodes communicate directly with legitimate nodes, whereas in the indirect communication, messages sent to Sybil nodes are routed through malicious nodes. An attacker can fabricate a new identity or it can simply steal it after destroying or temporarily disabling the impersonated node. All Sybil identities can participate simultaneously in the network or they may be cycled through 29.Misrouting Attack This attack is also known as manipulation of network traffic attack. This is a very simple way for a node to disturb the protocol operation by announcing that it has better route than the existing one. In the misrouting attack, a non-legitimate node redirects the routing message and sends data packet to the wrong destination. This type of attack is carried out by modifying metric value of a route or by altering control message fields of a route or modifying the final destination address of the data packet or by forwarding a data packet to the wrong next hop in the route to the destination 30.Device Tampering Attack (Weak Physical Protection) Unlike nodes in a wired network, nodes in MANETs are usually compact, soft, and hand-held in nature. They could get damaged or lost or stolen easily and misused by an adversary. In military applications, mobile nodes are subject to capturing, conciliative and hijacking. In such hostile environments, it is almost impossible to provide perfect physical protection 3.Jellyfish Attack A jellyfish attacker first needs to intrude into the multicast forwarding group. It then delays data packets unnecessarily for some amount of time before forwarding them. This result in significantly high end-to-end delays and, thus, degrades the performance of real-time applications 31.Eclipse Attack A pattern of misbehavio r called an eclipse attack, which consists of the gradual poisoning of good (uncompromised) nodes routing tables with links to a combination of adversarial nodes (compromised nodes) 12, 15, 18.1.1.6 Security Solutions in MANETVarious kinds of security attacks are possible on ad hoc routing. Due to inherent characteristics, MANETs are highly susceptible to malicious attacks. To overpower these attacks, available security solutions are used. Attack prevention measures can be used as the first line of defense to reduce the possibilities of attacks.There are two types of security solutions preventive and detective to overcome these attacks. Preventive solutions are typically based on message encryption techniques, while detective solutions include the application of digital signature and cryptographic hash functions. The prevention schemes proposed for external attacks are key and trust management, whereas the countermeasures for internal attacks are secure routing protocols 5, 7.1.2 Motivation of the clipProviding security for MANETs is a difficult problem. The method of using security solutions of a traditional wired network is not suitable. All those methods require online trusted authority. In contrast with conventional networks, MANETs do not provide on-line access to trusted authorities or to centralized servers. For this reason, key management is particularly difficult to implement in such networks. However, key management is deemed as the fundamental essential part of any secure communication.There are two ways to introduce security in MANETs 1. through a single authority domain, where certification and keys are issued by a single authority, and 2. through full self-organization, where security does not rely on any trusted authority or fixed server. Conventional public key management is implemented with public key infrastructure, in which a trusted third party (TTP) holds the public key certificates of all participating entities and acts as an online