Ad hoc Networks Neelima Gupta University of Delhi India Neelima Gupta Dept of Computer Sc University of Delhi ATTACKS on Routing Protocols in ADHOC NETWORKS Black Hole Wormhole Rushing Attack ID: 272334
Download Presentation The PPT/PDF document "Collaborative Attacks on Routing Protoco..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Collaborative Attacks on Routing Protocols in Ad hoc Networks
Neelima
Gupta
University of Delhi
IndiaSlide2
Neelima Gupta, Dept. of Computer Sc., University of DelhiATTACKS on Routing Protocols in AD-HOC NETWORKS
Black
Hole
Wormhole
Rushing Attack
Many more AttacksSlide3
Neelima Gupta, Dept. of Computer Sc., University of DelhiBlack Hole Attack:
M
RREQ
RREQ
RREP
RREP
RREQ
RREQ
RREQ
S
DSlide4
Neelima Gupta, Dept. of Computer Sc., University of DelhiWorm Hole Attack:
Malicious nodes eavesdrops the packets, tunnel them to another location in the network and retransmit them at the other end.
M1
M2
S
DSlide5
Neelima Gupta, Dept. of Computer Sc., University of DelhiRushing Attack
Forward ROUTE Requests more quickly than legitimate nodes can do so, increase the probability that routes that include the attacker will be discovered,
Attack against all currently proposed on-demand ad hoc network routing protocols.Slide6
Neelima Gupta, Dept. of Computer Sc., University of DelhiCollaborative Attacks
Informal definition:
“Collaborative attacks (CA) occur when more than one attacker
synchronize
their actions to disturb a target network”Slide7
Neelima Gupta, Dept. of Computer Sc., University of DelhiDifferent Models of Collaborative AttackCollaborative Black hole attack
Collaborative Black hole and Wormhole attack
Collaborative Black hole and Rushing Attack Slide8
Neelima Gupta, Dept. of Computer Sc., University of DelhiCollaborative Black Hole Attack
S
M2
4
1
2
D
5
M1
3Slide9
Neelima Gupta, Dept. of Computer Sc., University of Delhi
S
M2
4
1
2
D
5
M1
3
RREQ
RREQ
RREQ
RREQ
RREQ
RREP
RREP
RREQSlide10
Neelima Gupta, Dept. of Computer Sc., University of Delhi
S
BH2
4
1
2
D
5
BH1
3
Collaborative Black Hole Attack (cont.)Slide11
Neelima Gupta, Dept. of Computer Sc., University of Delhi
S
BH2
4
1
2
D
5
BH1
3
Collaborative Black Hole Attack (cont.)Slide12
Existing ApproachesCross Validation from neighbours (especially Next Hop Neighbours) will fail
Neelima Gupta, Dept. of Computer Sc., University of DelhiSlide13
Dr. Neelima Gupta, Dept. of Computer Sc., University of Delhi
S
M2
4
1
2
D
5
M1
3
RREQ
RREQ
RREQ
RREQ
RREQ
RREQ
RREP
RREP
RREP
RREP
RREP
RREP
RREP
RREQSlide14
Neelima Gupta, Dept. of Computer Sc., University of Delhi
S
BH2
4
1
2
D
5
BH1
3
Collaborative Black Hole Attack (cont.)Slide15
Existing ApproachesNeighbour monitoringM1 will escapeNeelima Gupta, Dept. of Computer Sc., University of DelhiSlide16
Neelima Gupta, Dept. of Computer Sc., University of DelhiCollaborative Black hole and Wormhole attack
S
WH2
c4
a1
c1
D
WH1
c3
c2
BH1
RREQ
RREQ
RREQ
RREQ
RREQ
RREP
RREP
Out-of-Band Channel
a3
a2
RREQ
RREP
RREP
RREP
RREQ
RREQ
RREP
RREPSlide17
Neelima Gupta, Dept. of Computer Sc., University of DelhiCollaborative Black hole and Wormhole attack (cont.)
S
WH2
c4
a1
c1
D
WH1
c3
c2
BH1
a3
a2Slide18
Neelima Gupta, Dept. of Computer Sc., University of DelhiCollaborative Black hole and Rushing Attack
S
c4
a1
c1
D
a3
R1
c3
c2
BH1
a2
b2Slide19
Neelima Gupta, Dept. of Computer Sc., University of DelhiCollaborative Black hole and Rushing Attack (cont.)
S
c4
a1
c1
D
R1
c3
c2
BH1
RREQ
RREQ
RREQ
RREQ
RREQ
RREP
RREP
a3
a2
RREQ
RREP
RREP
b2
RREQ
RREQ
RREQ
RREP
RREQ
RREP
RREPSlide20
Neelima Gupta, Dept. of Computer Sc., University of DelhiCollaborative Black hole and Rushing Attack (cont.)
S
c4
a1
c1
D
R1
c3
c2
BH1
a3
a2
b2Slide21
Neelima Gupta, Dept. of Computer Sc., University of DelhiCurrent Proposed Solutions to handle collaborative black hole attack
Collacorative
Monitoring:
Collaborative security architecture for black hole attack prevention in mobile ad hoc networks , A
Patcha
and A
Mishra
, Proceedings of RAWCON ’03
Recursive Validation: Sanjay Ramaswamy, Huirong Fu, Manohar Sreekantaradhya, John Dixon and Kendall
Nygard. Prevention of Cooperative Black Hole Attack in wireless Ad-Hoc Networks, Intl Conference on wireless netwroks, 2003Slide22
Neelima Gupta, Dept. of Computer Sc., University of DelhiCollaborative Black Hole Attack
S
D
M2
W
W
M1Slide23
Neelima Gupta, Dept. of Computer Sc., University of DelhiConsider this scenario-
S
D
M2
W1
W
RREQ
RREP
M1
Tell W1 to monitor M1Slide24
Neelima Gupta, Dept. of Computer Sc., University of DelhiCase 1: M1 itself drops packets
S
D
M2
W
W
Data
Packets
M1
Buffer of sent packets to M1
Packets are not forwarded; M1 is MaliciousSlide25
Neelima Gupta, Dept. of Computer Sc., University of DelhiCase 2: M1 forwards but does not inform watchdog to monitor M2
S
D
M2
W
W
Data
Packets
M1
Buffer of sent packets to M1
Overhear the packets but does not know the next hop id; increments SUSPECT_NODE counter ->M1 is Malicious
Does not send SEND_DATA signalSlide26
Neelima Gupta, Dept. of Computer Sc., University of DelhiCase 3: M1 forwards and informs but M2 drops..will be caught by W2
S
D
M2
w1
w2
Data
Packets
M1
Buffer of sent packets to M1Slide27
Neelima Gupta, Dept. of Computer Sc., University of Delhi
S
D
M2
W
W
M1
Buffer of sent packets to M1
Packets are not forwarded; M2 is Malicious
SEND_DATA signalSlide28
Neelima Gupta, Dept. of Computer Sc., University of DelhiAnalysisProblem with this
appraoch
Monitoring is done during data transmission => loss of data packets. The current solutions does not specify
if and how
the lost
data is
re-transmitted
Solution : Some dummy packets may be sent before sending the data packets. Slide29
S
2
1
D
M
W
W
Data Packets
M does not have a route to D, so forward to 3 (not in route)
Data Packets
3
NULL or NON-NULL Node
Neighbor List : M
Neighbor List : 3
WSlide30
Neelima Gupta, Dept. of Computer Sc., University of DelhiAnother ProblemMalicious Nodes acting together can alternately drop packets to keep their individual SUSPECT_NODE counter less than SUSPECT_THRESHOLD, each time a route is established through them.Malicious nodes would not be detected.
Data packets are permanently lost.Slide31
Neelima Gupta, Dept. of Computer Sc., University of DelhiRecursive neighbor validation
D
S
B3
C2
A2
A1
B1
C3
C1
B2
A3
A4
B4
C4
B5
RREQ
RREQ
RREQ
RREQ
RREQ
RREQ
RREQ
RREQ
RREQ
RREQ
RREQ
RREQ
RREP
RREP
Intermediate Node, IN
Next Hop Node, NHN
RREP
RREP
RREP
RREP
RREPSlide32
Neelima Gupta, Dept. of Computer Sc., University of DelhiCurrent Proposed Solution to handle collaborative attack
Weichao Wang, Bharat Bhargava, Yi Lu, and Xiaoxin Wu. Defending against wormhole attacks in mobile ad hoc networks. In Wiley Journal Wireless Communications and Mobile Computing (WCMC), volume 6, pages 483 –503. Wiley, 2006.Slide33
Neelima Gupta, Dept. of Computer Sc., University of DelhiMonitoring /characterizing
Defense
Classification
No anomaly
anomaly
Negligible anomaly
Attack handled
Attack detectedSlide34
ChallengesTwo much of overhead in monitoring even if no attack is present. in isolating the malicious nodes recursively.We propose:
Get a count of the packets received from the destination.
If the count is less than a threshold then monitor.
If a node drops more than a certain threshold, declare it to be malicious. If more than one node drops packet, their sum is compared against the threshold. If greater, both the nodes are
delcared
to be malicious
Neelima Gupta, Dept. of Computer Sc., University of DelhiSlide35
NEED TO THINK DIFFERENTLYNeelima Gupta, Dept. of Computer Sc., University of DelhiSlide36
Neelima Gupta, Dept. of Computer Sc., University of DelhiThank You!!!