19 research outputs found

    To Improve The Security Of OLSR Routing Protocol Based On Local Detection Of Link Spoofing

    Get PDF
    We survey a particular DOS attack called node separation attack and propose another moderation technique. Our answer called Denial Contradictions with Fictitious Node Mechanism (DCFM) depends on the interior information gained by every node amid routine directing, and growth of virtual (imaginary) nodes. Additionally, DCFM uses similar methods utilized by the attack so as to avert it. The overhead of the extra virtual nodes decreases as system size builds, which is steady with general claim that OLSR capacities best on huge systems. The proposed insurance avoids more than 95 percent of attacks, and the overhead required definitely diminishes as the system measure increments until it is non-discernable

    Possible Solutions of Different Security Issues and Challenges in Mobile Ad-Hoc Networks (MANETs)

    Get PDF
    Abstract-Today, the rising concern for flexible infrastructure services is a call for advanced researches in the emergence of 'Mobile Ad hoc Network'. It is a key technology that supports various ultramodern applications. Security is the important issue in every network. The security of MANET is important challenge due to its unmonitored deployment nature and its inherent resources limitation. Mobile Ad hoc Network is used in very sensitive fields such as rescue operations, home and enterprise network, education, military and airports. Therefore the addressing of security issues of network is most challenging task. Because of restricted possessions of mobile stations, the MANET security is more difficult to implement as compared to other traditional networks. Today huge research is going on in the field of security. Various techniques are now deployed to resolve the security issues. This paper provides a survey of security issues in this dynamic field such as denial of service attack, active and passive attacks, spoofing, eavesdropping, black hole attack, worm hole attack and rushing attack etc. This paper also presents a comprehensive survey of possible latest solutions available e.g. AODV (Ad hoc on demand distance vector), HMTI, Intrusion detection system, Fellowship etc

    Analysis of Black hole Attack in Ad hoc On-Demand Distance Vector (AODV) Routing Protocol : Vehicular Ad-hoc Networks (VANET) Context

    Get PDF
    In past years, popularity of Mobile Ad hoc Networks has led to the conception of Vehicular Ad hoc Networks. These networks must be highly secure before their implementation in real world. One of the vital aspects of these networks is routing protocol. Most of the protocols in VANET acknowledge all nodes in a network to be genuine by default. But there might be malicious nodes which can make the network vulnerable to various attacks. One such attacks is a black hole attack on AODV routing protocol. Because of its popularity, AODV and black hole attack are taken into consideration for this thesis. The aim of the thesis is to analyze effects of black hole attack on AODV and understand security need of routing protocols in VANET. The experimentation for this thesis was performed with 40, 60 and 80 nodes in network simulator (NS). The performance metrics such as average throughput, end to end delay and packet delivery ratio of each assumed scenarios under blackhole attack and with prevention method are calculated. The obtained calculations are compared to analyze the network performance of AODV. The results from the simulator demonstrate that overall network performance of AODV increased with black hole prevention algorithm in comparison to AODV under black hole attack only. Out of all the performance metrics that are used to analyze the network performance, the average throughput of AODV is significantly increased by 21 percent (approximately) when the mitigation algorithm is applied. The prevention approach used for the thesis can make AODV perform better against black hole attack. However, this approach is limited to a small to medium sized networks only

    Security aspects of OSPF as a MANET routing protocol

    Get PDF
    OSPF, Open Shortest Path First, is an Intra-gateway routing protocol first developed as an IETF effort. It is widely adopted in large enterprise-scale networks, being well regarded for its fast convergence and loop-free routing. It is versatile in terms of which interface types it supports, such as point-to-point links or broadcast networks. It also offers scalability through hierarchical routing and by using centralization to reduce the amount of overhead on networks which have broadcast or broadcast-similar properties. An interface type missing from the standard so far is that of a wireless network, characterized by non-guaranteed bidirectional links combined with unreliable broadcasting, and existing interface types generally perform poorly under these networks. The IETF has therefore instituted a Working Group to standardize such an interface type extension to the latest version, OSPF version 3. This interface type will permit mobility and multi-hop characteristics in addition to those of wireless links in general. Such networks are usually referred to as Mobile Ad-hoc Networks (MANET). MANET routing protocols are subject to more severe security issues than ordinary, wireline-oriented protocols are. This thesis aims to indentify key security aspects of OSPF as a MANET routing protocol

    A dynamic trust and mutual authentication scheme for MANET security

    Get PDF
    MANETs are attractive technology in providing communication in the absence of a fixed infrastructure for applications such as, first responders at a disaster site or soldiers in a battlefield (Kumar, and Mishra, 2012). The rapid growth MANET has experienced in recent years is due to its Ad Hoc capabilities that have also made it prime target of cybercrimes (Jhaveri, 2012). This has raised the question of how could we embrace the benefits of MANET without the increased security risks. MANETs have several vulnerabilities such as lack of a central point, mobility, wireless links, limited energy resources, a lack of clear line of defence, cooperative nature and non-secure communication to mention a few. This research proposes a two-phase scheme. In phase-one a novel approach is suggested by using concept of exiting trust schemes and adopting the use of Dynamic Trust Threshold Scheme (DTTS) for the selection of trusted nodes in the network and using mutual trust acknowledgement scheme of neighbour nodes to authenticate two communicating nodes. The notion of trust is used for authenticating peer nodes. The trust scheme algorithm is based on real time network dynamics, relevant to MANET conditions, as opposed to pre-determined static values. The phase-one is implemented in AODV and tested in a simulated environment using NS2. The reason for using AODV is that it’s reactive and has comparatively low routing overhead, low energy consumption and relatively better performance (Morshed, et al 2010). In order to ensure data confidentiality and end-to-end security, in phase-two, the source and destination generates a shared secret key to communicate with each other using a highly efficient Diffie Hellman Elliptic Curve scheme (Wang, Ramamurthy and Zou, 2006). The shared key is used to encrypt data between the peer nodes

    Intrusion Detection System for detecting internal threats in 6LoWPAN

    Get PDF
    6LoWPAN (IPv6 over Low-power Wireless Personal Area Network) is a standard developed by the Internet Engineering Task Force group to enable the Wireless Sensor Networks to connect to the IPv6 Internet. This standard is rapidly gaining popularity for its applicability, ranging extensively from health care to environmental monitoring. Security is one of the most crucial issues that need to be considered properly in 6LoWPAN. Common 6LoWPAN security threats can come from external or internal attackers. Cryptographic techniques are helpful in protecting the external attackers from illegally joining the network. However, because the network devices are commonly not tampered-proof, the attackers can break the cryptography codes of such devices and use them to operate like an internal source. These malicious sources can create internal attacks, which may downgrade significantly network performance. Protecting the network from these internal threats has therefore become one of the centre security problems on 6LoWPAN. This thesis investigates the security issues created by the internal threats in 6LoWPAN and proposes the use of Intrusion Detection System (IDS) to deal with such threats. Our main works are to categorise the 6LoWPAN threats into two major types, and to develop two different IDSs to detect each of this type effectively. The major contributions of this thesis are summarised as below. First, we categorise the 6LoWPAN internal threats into two main types, one that focuses on compromising directly the network performance (performance-type) and the other is to manipulate the optimal topology (topology-type), to later downgrade the network service quality indirectly. In each type, we select some typical threats to implement, and assess their particular impacts on network performance as well as identify performance metrics that are sensitive in the attacked situations, in order to form the basis detection knowledge. In addition, on studying the topology-type, we propose several novel attacks towards the Routing Protocol for Low Power and Lossy network (RPL - the underlying routing protocol in 6LoWPAN), including the Rank attack, Local Repair attack and DIS attack. Second, we develop a Bayesian-based IDS to detect the performance-type internal threats by monitoring typical attacking targets such as traffic, channel or neighbour nodes. Unlike other statistical approaches, which have a limited view by just using a single metric to monitor a specific attack, our Bayesian-based IDS can judge an abnormal behaviour with a wiser view by considering of different metrics using the insightful understanding of their relations. Such wiser view helps to increase the IDS’s accuracy significantly. Third, we develop a Specification-based IDS module to detect the topology-type internal threats based on profiling the RPL operation. In detail, we generalise the observed states and transitions of RPL control messages to construct a high-level abstract of node operations through analysing the trace files of the simulations. Our profiling technique can form all of the protocol’s legal states and transitions automatically with corresponding statistic data, which is faster and easier to verify compare with other manual specification techniques. This IDS module can detect the topology-type threats quickly with a low rate of false detection. We also propose a monitoring architecture that uses techniques from modern technologies such as LTE (Long-term Evolution), cloud computing, and multiple interface sensor devices, to expand significantly the capability of the IDS in 6LoWPAN. This architecture can enable the running of both two proposed IDSs without much overhead created, to help the system to deal with most of the typical 6LoWPAN internal threats. Overall, the simulation results in Contiki Cooja prove that our two IDS modules are effective in detecting the 6LoWPAN internal threats, with the detection accuracy is ranging between 86 to 100% depends on the types of attacks, while the False Positive is also satisfactory, with under 5% for most of the attacks. We also show that the additional energy consumptions and the overhead of the solutions are at an acceptable level to be used in the 6LoWPAN environment

    Design and Evaluation of Security Mechanism for Routing in MANETs. Elliptic Curve Diffie-Hellman cryptography mechanism to secure Dynamic Source Routing protocol (DSR) in Mobile Ad Hoc Network (MANET).

    Get PDF
    Ensuring trustworthiness through mobile nodes is a serious issue. Indeed, securing the routing protocols in Mobile Ad Hoc Network (MANET) is of paramount importance. A key exchange cryptography technique is one such protocol. Trust relationship between mobile nodes is essential. Without it, security will be further threatened. The absence of infrastructure and a dynamic topology changing reduce the performance of security and trust in mobile networks. Current proposed security solutions cannot cope with eavesdroppers and misbehaving mobile nodes. Practically, designing a key exchange cryptography system is very challenging. Some key exchanges have been proposed which cause decrease in power, memory and bandwidth and increase in computational processing for each mobile node in the network consequently leading to a high overhead. Some of the trust models have been investigated to calculate the level of trust based on recommendations or reputations. These might be the cause of internal malicious attacks. Our contribution is to provide trustworthy communications among the mobile nodes in the network in order to discourage untrustworthy mobile nodes from participating in the network to gain services. As a result, we have presented an Elliptic Curve Diffie-Hellman key exchange and trust framework mechanism for securing the communication between mobile nodes. Since our proposed model uses a small key and less calculation, it leads to a reduction in memory and bandwidth without compromising on security level. Another advantage of the trust framework model is to detect and eliminate any kind of distrust route that contain any malicious node or suspects its behavior
    corecore