Introduction
An ad hoc network can be defined as a set of wireless mobile communication devices that can establish a temporary network without using a centralized network administration or available physical connections such as wired networks. An environment like this imposes the need for a single mobile node to enlist all the other hosts when the node is transmitting a packet to the required destination, because of the limitation imposed by the transmission range associated with wireless networks (Bulent & Wendi, 2010). This implies that each of the nodes in an ad hoc network does not only function as a host, but also plays the role of a router for packet forwarding to other mobile nodes within the ad hoc network (Meghanathan, 2010). Therefore, every node in the ad hoc network is involved in the routing protocol, which facilitates the detection of multi-hop paths in the network to other mobile nodes (Hoang, 2006).
Background
The use of the MANET for commercial purposes is gaining popularity due to the self-maintenance and self-configuration characteristics of the MANETs (Molva & MIchiardi, 2003). The initial design of the MANET emphasized on the problems associated with access by means of wireless channel and multi-hop routing. The security vulnerabilities of the MANET are a principal concern with respect to the provision of secure communication among the mobile nodes in a hostile environment. Current studies on wireless communication have revealed that the Wireless Mobile ad hoc network has high levels of security vulnerability compared to traditional wired and wireless networks (Khan, 2011).
Types of Security Attacks in Manets
The Mobile ad hoc networks that are presently used are vulnerable to various forms of attacks. Despite the fact that these vulnerabilities are also existent in wired networks, they are usually easy to address through fixing the network infrastructure. The two main types of security attacks in MANETs are passive and active attacks. An active attack is initiated when the node has to incur some extra energy costs when performing the threat, while passive attacks are mainly because of lack of cooperation with the objective of saving the energy costs at the node in a selfish manner. The main objective of active attacks is to inflict damages on other mobile nodes through causing outages in the network, and usually perceived as malicious. On the other hand, nodes that initiate passive attacks with the principal objective of saving energy to facilitate their own communication are viewed as being selfish. The main types of attacks that affect the Mobile ad hoc networks include attacks of modification impersonation, fabrication, lack of cooperation and wormhole (Meghanathan, 2010).
An attack of modification occurs in instances whereby an unauthorized entity gains access to the network and interferes with the network. For instance, a malicious code can be used for the purposes of redirecting the traffic, initiate a Denial-of-Service attacks through a modification of the message fields, and transmission of false values for the routing message (Bulent & Wendi, 2010). Attacks of modification also affect the integrity of the computations used for routing purposes. The common effects of modification include network traffic dropping and redirection to an unintended destination and using longer routes, which results to unwanted delays in communication (Meghanathan, 2010).
Impersonation attacks in ad hoc networks are primarily because there are no authentication strategies for the packets of data in the present architecture of ad hoc networks. Impersonation attacks are initiated when malicious codes pretend to be another node in the network through spoofing, which takes place when the identity of a malicious code in an ad hoc network is misrepresented, which in turn changes the destination of the network topology that a genuine node can collect. Spoofing can cause network partitioning and the formation of loops in the packets that are being used for routing (Meghanathan, 2010).
Attacks of fabrication usually involve unauthorized access and insertion of counterfeit elements into a system (Hoang, 2006). In the case of MANETS, attacks of fabrication involves the generation of false messages for routing. Attacks of fabrication are usually difficult to detect because they present themselves as genuine constructs. In particular, fabrication causes error messages that block the access of an adjacent node. Routing error messages can initiate a Denial-of-Service attack through blocking communication between adjacent nodes in a mobile ad hoc network (Molva & MIchiardi, 2003).
Wormholes attacks take place when more than one node works in partnership to encapsulate and exchange messages among themselves within the current data routes (Hoang, 2006). This offers an opportunity for a node to interrupt the normal flow of data messages through the creation of virtual vertex cut within the mobile ad hoc network that is under control by the scheming attackers (Pathan, 2010).
The reliability of MANET is determined by the collaboration of all the nodes within the network. The basic argument is that, if more nodes collaborate for transferring traffic, then the MANET becomes extra powerful. Attacks associated with lack of cooperation results to one or more nodes exhibiting a selfish behavior. If a node becomes selfish, it jams its resources while at the same time it is consuming the resources of other nodes. This can hinder the proper operation of the network through failing to participate in the network operations or failing to forward the packets (Pathan, 2010).
In general, the security of Mobile ad hoc networks is significantly dependent on a routing protocol that secure, the communication mechanism deployed by the active nodes and the transmission technologies. The following section discusses the threats that affect each of the layers in the protocol stack of the MANET and the solutions to address the attacks.
Security Threats in Each of the Layers of the MANET
Security threats that affect the physical layer of the MANET
The security of the physical layer of the MANET is essential in eliminating any potential attacks that may be initiated at this layer. Therefore, the physical layer has to become accustomed to the swift changes concerning the characteristics of the links. The most common form of attacks that can be initiated at the physical layer includes Denial-of Service, interference, jamming and eavesdropping. The fact that the MANET makes use of radio signal increases its vulnerability to its signal being jammed or intercepted. In addition, a malicious attacker can easily disrupt the operations of a MANET physically. Using sufficient transmission power and adequate knowledge of MAC layer mechanisms, one can have access to the wireless MANETs (Prasant & Srikanth, 2005).
Eavesdropping
Eavesdropping refers to a situation whereby messages are read by unintended targets, who can initiate conversations in response to those messages. The nodes in mobile ad hoc networks normally share a wireless medium, implying that communication between the nodes makes use of the Radio Frequency spectrum and broadcast in a manner that it facilitates easy interception and then adjusted to proper frequency. The outcome of this is that the forwarded message can be overhead, or worse still, there can be cases of injection of fake data passages into the mobile network (Ranjan, 2010).
Interference and Jamming
Radio signals are susceptible to being jammed and interference, which can impose message losses or corruption. This usually takes place when a powerful transmitter overpowers the target signal and imposes communication disruptions. The most prevalent form of signal interference that affect the physical layer of the MANET include signal noise, which can be either random or pulse generated noise (Prasant & Srikanth, 2005).
In general, the network topology of the MANET is extremely dynamic owing to the fact that nodes regularly depart or join the network. In addition, the communication channel deployed by the mobile ad hoc network is constrained by bandwidth that is shared between the various elements found in the network (University of Waterloo, Dept. of Electrical and Computer Engineering, 2008). This makes the communication channel susceptible to interferences and errors that result to bandwidth issues and delay. These volatile characteristics of the MANET are potential exploits for an attacker.
Security threats that affect the Link layer of the MANET
The network architecture of the MANET is based on an open P2P architecture that is multi-point, whereby the link layer protocols serve to maintain the connectivity with the adjacent nodes using one-hop. This architecture facilitates the launching of attacks in the link layer through a disruption of the collaboration of the protocols that function in the link layer. Wireless MAC protocols must be able to manage the transmission between the nodes found in the transmission medium for the MANET (University of Waterloo, Dept. of Electrical and Computer Engineering, 2008). The IEEE 802.11 MAC protocol deploys the distributed contention resolution mechanism that depends on dissimilar coordination functions; they include the Distributed Coordination Function (DCF) and the Point Coordination Function-PCF (Pathan, 2010). The DCF is a fully distributed access protocol that makes use of the Carrier Sense Multiple Access with Collision Avoidance mechanism, while the PCF is a centralized access protocol. The following are the potential threats that can be initiated at the data link layer (Hoang, 2006).
Potential Threats in IEEE 802.11 MAC
This is usually susceptible to Denial of Service attacks. In order to initiate a Denial of Service attack, the attacker can make use of the binary exponential back-off algorithm. For example, the corruption of frames can be done by the addition of bits or simply ignoring a transmission process in progress. The binary exponential algorithm usually favors the last winner amongst the nodes that are contending, which results to capture effect, implying that the nodes that are heavily loaded have a tendency of capturing the communication channel through nonstop transmission of data (Molva & MIchiardi, 2003). This results to adjacent nodes that are loaded lightly to back-off. As a result, malicious node can exploit this concept of capture effect. In addition, it can result to a chain reaction within the protocols found in the upper level by making use of the backing off algorithm such as Transport Control Protocol window management.
The Network Allocation Vector (NAV) is also a significant threat vulnerability of the IEEE 802.11 MAC that can facilitate the initiation of a Denial of Service attack (Bulent & Wendi, 2010). The NAV field is carried using the Ready to Send/Clear to send frames -RTS/CTS (University of Waterloo, Dept. of Electrical and Computer Engineering, 2008). This implies that an attacker in the MANET can overhear an ongoing transmission and its respective duration, and can make use of this vulnerability to send some bits because of the time duration allocated to him/her.
Potential threats in the IEEE 802.11 WEP
The Wired Equivalent Privacy (WEP) is one of the security schemes that the IEEE 802.11 uses, and was established to offer security to Wide Local Area Network. However, there are significant design flaws and weaknesses depending on the manner in which the RC4 cipher is deployed in the WEP (Sudip & Subhas, 2009). It is arguably evident the WEP is susceptible to attacks associated with message privacy and integrity threats (Basagni, 2004). The following are the weakness associated with the WEP.
- There is lack of specification of the key management in the WEP protocol, posing a probable exploit by attackers.
- The initial vector (IV) that WEP uses is a 24-bit field that is transmitted as part of the RC4 and in clear, leading to its vulnerability to attacks associated with the recovery of the cipher key.
- The fact that both non-cryptographic integrity algorithm and CRC 32 uses the same stream chipper presents security vulnerability for initiation of attacks associated with message integrity and message privacy.
In general, most of the security attacks can be initiated at the link layer of the MANET can be eliminated by an enhancement of the current protocols or the establishment of new protocols to combat such attacks. This can be achieved by developing protocols that have high levels of cryptographic strength and security such as the development of the WPA and RSN/AESCCMP (Ritu & Lahta, 2008).
Security threats that affect the Network Layer of the MANET
In the network architecture of the MANET, the nodes are used for routing purposes, detection and maintenance of routes to other mobile nodes within the ad hoc network. The primary concern of the routing protocols deployed in the MANET architecture is to establish a proficient and optimal route that connects the various communication devices and entities in the network. Launching an attack during the process of routing can inflict a disruption in the entire communication process, implying that the functionality of the entire ad hoc network can be jeopardized by an attack on the network layer. This implies that security of the network layer is vital for the security of the entire network (Bulent & Wendi, 2010).
The development of routing protocols in the MANET has the primary objective of fostering secure communication and elimination of the current protocols. The routing protocols are classified into table-driven and on-demand routing protocols. Table-driven routing protocols make use of the proactive scheme, implying that they have to maintain updated routing data from each of nodes found in the network. On-demand routing protocols make use of the reactive scheme, and they only establish routes when the source asks for it. Some of the routing protocols that rely on the on-demand scheme include the Admission Control enabled On Demand Routing (ACOR) and Dynamic Source Routing (DSR). Routing protocols can also make use of a mixture of proactive and reactive methods, usually referred to as Hybrid routing protocols (University of Waterloo, Dept. of Electrical and Computer Engineering, 2008).
Attacks in the network layer can take various forms; such as, the absorption of the traffic, interception between the source and target, thereby controlling the traffic flow for the MANET. Attacks on the network layer of the MANET are broadly classified into routing and packet forwarding attacks. The following are some of the attacks that can be initiated in the network layer (Basagni, 2004).
Routing Table Overflow Attack
The Routing Table overflow attack takes place in routing algorithms that rely on proactive schemes (Aggelou, 2004), which are constantly updating the routing data. A routing table overflow attack is initiated by the creation of routes to nodes that do not exist in the network. An attacker can simply initiate this by sending more routing advertisements in order to create an overflow in the routing table of the target. The objective is to create more routes in order to inhibit the creation of any new routes; as a result, an overwhelming on the routing protocol takes place due to this type of attack (Basagni, 2004).
Routing Cache Poisoning Attack
This kind of attack exploits the vulnerability imposed the promiscuous mode associated with the update of the routing table in the MANET. This takes place when there is deletion, alteration or false injection of information in the routing table (Aggelou, 2004).
In summary, the network layer of the mobile ad hoc network is invulnerable to threats compared to other layers. This is achieved by the implementation of secure routing algorithms. Since there is no distinctive algorithm that can be used to address all the threats, it is vital they should be implemented together in order to enhance the invulnerability of the network layer to potential threats (Bulent & Wendi, 2010).
Security threats that affect the transport layer in the MANET
The potential threats that may affect the transport layer includes issues related to authentication, security during end to end communications using data encryption, addressing communication delays and losses of data packets. The protocols found in the transport layer are used for facilitating end-to-end communication, controlling data flow, ensuring that there is guaranteed delivery of packets, controlling the congestion and finalizing end-to-end communication. The nodes in mobile ad hoc networks are susceptible to attacks associated with the SYN flooding and session hijacking. The following are some of the attacks that can be initiated in the transport layer of the MANET (Pathan, 2010).
SYN flooding attacks
This kind of attack is s form of a Denial-of-Service attack initiated by the creation of more TCP connections with the target node. The Transport Control Protocol connection between two communication elements in the network is established after the completion of the three-way handshake. During the initiation of a SYN flooding attack, a malicious code is used to send huge amounts of SYN packets to the destination node, and then it spoofs the return address of the SYN data packets. When the destination machine get the SYN data packets, it issues a SYN-ACK data packet to the source machine after which it waits for a response from the source, which is the ACK packet. The delayed connection requests pose vulnerability for an attack (Bulent & Wendi, 2010).
Session Hijacking
This attack is a form a critical error and provides an opportunity through which a malicious code is misrepresented as a genuine system in the network. In most cases, authentication takes place during the beginning of the session start up. As a result, the attacker can exploit this and initiate a session hijacking attack. Initially, the attacker performs a spoofing on the IP address of the destination machine and obtains the right sequence number. The attacker then initiates a Denial of Service attack on the victim node. The outcome of this is that the destination node is made unavailable for a given duration of time and the attacker poses as a legitimate system in the network and continues with the session (Boukerche, 2009).
TCP ACK Storm
In order to perform this kind of attack, a TCP session hijacking is launched during the onset of session set up, after which an injected session data is sent (University of Waterloo, Dept. of Electrical and Computer Engineering, 2008).
In summary, there are high communication channel errors in mobile ad hoc networks compared to wired networks. This is because the TCL lacks an appropriate mechanism that can be used for differentiating the cause of the loss such as due to congestion malicious threats or instances of random errors (Aggelou, 2004).
Security threats that affect the Application Layer of the MANET
It is important that applications be designed so that they can cope with the constant connection and disconnection with other peer applications and the prevalent cases of communication delay and packet losses. This is primarily because the application layer stores users’ data and offers support for various protocols such as Hyper Text Transfer Protocol, TELNET and File Transfer Protocol, which have significant security vulnerabilities and offer access points for potential attackers. The principal kinds of attacks that can be initiated at the application layer include malicious code and repudiation attacks (Khan, 2011).
Malicious Code attacks
Malicious codes such as viruses, Trojan horses and worms serve as a threat because they can affect the functionality of the system software and the application software. In the case of MANETs, an attacker can initiate this kinds of attacks in order obtain network information and other user data from the communication devices in the network.
Repudiation attacks
Repudiation simply means the denial of involvement in the communication process. MANETs are vulnerable to attacks of repudiation because they authentication and non-repudiation measure implemented in the network and transport layer are not adequate to eliminate repudiation attacks.
In summary, the principal issue of concern in the MANET is security in end-to-end communication. A heterogeneous network is vulnerable to numerous security threats that have a tendency of increasing the latency of packet delivery and increase loss of packets. Therefore, the principal security concern in application layer entails the detection and prevention of viruses, worms and malicious codes (Boukerche, 2009).
Prevention Measures for the Security Threats in MANET
Enhancing security in MANETs has the prime objective of fostering secure and effecting communication between the devices on the network. Therefore, security has to be implemented in the fundamental network operations such as routing and packet forwarding. The implication of this is that it is vital for countermeasures to be incorporated during the early phases of the design. The following are the two major countermeasures for enhancing the security of MANETs.
Preventive mechanism
This involves the use of conventional strategies such as access control, encryption and authentication to implement the first line of defensive strategies (Boukerche, 2009).
Reactive mechanism
This deploys the use of methods such as intrusion detection systems, Defense in depth and cooperation enforcement mechanisms to facilitate the detection of potential threats in mobile ad hoc networks and address them appropriately (Aggelou, 2004). The following are the security measures that can be deployed at the various layers of the MANET.
Counter strategies that can implemented to curb the attacks at the physical layer
The physical layer is prone to attacks associated with the jamming of the transmission signal, denial-of-service attacks and other forms of passive attacks. In order to curb signal jamming, the spread spectrum technology is deployed (Aggelou, 2004). The spread spectrum technology alters the transmission frequency randomly and makes use of a wide frequency spectrum making it difficult to detect, tune and capture the transmission signal. The spread spectrum technologies that can be implemented include the Frequency Hoping Spread Spectrum and the Direct Sequence Spread Spectrum, which helps in eliminating the interception of the radio signals used for data transmission (Basagni, 2004).
Counter strategies that can be implemented to curb attacks at the link layer
The significant security issue in the link layer involves the protection of the wireless MAC protocol and offering link-layer security support (Basagni, 2004). The most contributing security vulnerability at the link layer is the exponential back-off algorithm discussed earlier. This has been addressed by a security extension and the initial IEEE 802.11 back off algorithm has been adjusted so that the back-off timer at the destination is offered by the source (Prasant & Srikanth, 2005). Threats associated with the consumption of resources that are initiated using the NAV field are still a prevalent challenge, although strategies have been suggested to address the problems, for instance the ERA-802.11 (University of Waterloo, Dept. of Electrical and Computer Engineering, 2008). The weakness associated with the WEP has been addressed 802.11i/WPA. In addition, the RSN/AES CCMP also enhances the strength of security in wireless networks.
Counter strategies that can be implemented to curb attacks on the network layer
The first line of defense that ensures high levels of security in the network layer must entail the use of secure routing protocols. Active attacks such as the alteration of routing messages can be eliminated by use of source authentication strategies and mechanisms that can ensure there is message integrity. The available technologies for the implementation of this includes the Message Authentication Code, hashed Message Authentication Code, one-way hashed message authentication code and digital signatures (University of Waterloo, Dept, of Electrical and Computer Engineering, 2008). The detection of a wormhole attack can be implemented using an unchangeable and independent physical metric, for example using time delay. Packet leashes can also be used in combating this kind of threat. IP security is used frequently in the network layer of the internet model and can be used in the MANET to enhance the security of the network layer (Basagni, 2004). Secure routing protocols such as the ARAN can also be used to prevent security threats associated with alteration of the sequence number, hop counts, source routes, spoofing and fabrication attacks. The principal objective is to ensure that messages from intermediate node are not replied; implying that all reply messages should originate from the target node (Pathan, 2010).
Counter strategies that can be implemented to curb attacks at the transport layer
The major security concern at the transport layer is ensuring that there is a secure point-to-point communication, which can be implemented using data encryption. TCP is used for ensuring that there is reliable connection in the internet model, however, it cannot effectively address the security issues in mobile ad hoc networks. Other technologies that have been implemented although they do not effectively eliminate security threats in the MANET include Transport Control Protocol feedback (TCP-F), Transport Control Protocol explicit failure notification (TCP-ELFN), ad-hoc transmission control protocol, and ad hoc transport protocol (University of Waterloo, Dept, of Electrical and Computer Engineering, 2008). Some of the effective security measures that can be implemented in the transport layer include Secure Socket Layer, Transport Layer Security and Private Communications Transport, which were designed basing on the principles of public key cryptography to facilitate security during the communication process (Prasant & Srikanth, 2005).
Counter strategies that can be used to curb attacks at the application layer
Firewall can be used to enhance security the application layer against threats such as viruses, worms and spyware. Firewall offers access control, the authentication of the user, packet filtering and network filtering. Other approaches include making use of anti-spyware applications. However, firewalls do not guarantee total security at the application layer because there are instances whereby an attacker can bypass or go through the firewall. Intrusion Detection Systems can also be used to foster security at the application layer and helps in the prevention of unauthorized access to network services (Bulent & Wendi, 2010).
Conclusion
Ad hoc networks are essential owing to the ability to maintain and configure themselves, despite these distinctive properties, the significant challenge towards the implementation of a MANET is the increasing security concerns. The paper has discussed the kinds of security threats at each of the layers and appropriate strategies that can be used to counter them. Currently, the solutions serve to address a specific kind of attack but they cannot guarantee the security of the whole system (Bulent & Wendi, 2010). A lot of research is required to facilitate the development of secure routing protocols and trust based systems.
References
Aggelou, G. (2004). Mobile ad hoc networks: design and integration. New York: McGraw-Hill.
Basagni, S. (2004). Mobile ad hoc networking. New York: Wiley-IEEE.
Boukerche, A. (2009). Algorithms and protocols for wireless and mobile ad hoc networks. New York: John Wiley and Sons.
Bulent, T., & Wendi, H. (2010). obile Ad Hoc Networks: Energy-Efficient Real-Time Data Communications. New York: Springer.
Hoang, N. (2006). Multicast security in mobile ad hoc networks. New York: York University.
Khan, S. (2011). Mobile Ad Hoc Networks: Current Status and Future Trends. New Jersey: Taylor and Francis.
Meghanathan, N. (2010). Recent Trends in Network Security and Applications: Third nternational Conference, CNSA 2010, Chennai, India, July 23-25,. New York: Springer.
Molva, R., & MIchiardi, P. (2003). Ad Hoc networks security. New York: IEEE Press Wiley.
Pathan, A.-S. (2010). Security of Self-Organizing Networks: MANET, WSN, WMN, VANET. New York: Taylor and Francis.
Prasant, M., & Srikanth, K. (2005). Ad hoc networks: technologies and protocols. New York: Springer.
Ranjan, R. (2010). Handbook of Mobility Models and Mobile Ad Hoc Networks. New York: Springer.
Ritu, C., & Lahta, K. (2008). Policy-driven mobile ad hoc network management. New York: Wiley-IEEE.
Sudip, M., & Subhas, C. ,. (2009). Guide to Wireless Ad Hoc Networks. New York: Springer.
University of Waterloo. Dept. of Electrical and Computer Engineering. (2008). Authentication and key exchange in mobile ad hoc networks. Ottawa: University of Waterloo.