MITIGATING NODE ISOLATION ATTACK IN OLSR PROTOCOL USING DCFM TECHNIQUE

A Mobile Ad Hoc Network (MANET) is a collection of mobile devices which are connected by wireless links without the use of any fixed infrastructures or centralized access points. The Optimized Link State Routing (OLSR) protocol is an important proactive routing protocol designed for mobile ad hoc networks. It employs periodic exchange of messages to maintain topology information of the network at each node. Based on topology information, each node is able to calculate the optimal route to a destination. One major DoS attack against the Optimized Link State Routing protocol (OLSR) known as the node isolation attack occurs when topological knowledge of the network is exploited by an attacker who is able to isolate the victim from the rest of the network and subsequently deny communication services to the victim. The proposed method named Denial Contradictions with Fictitious Node Mechanism (DCFM) relies on the internal knowledge acquired by each node during routine routing, and augmentation of virtual (fictitious) nodes. Moreover, DCFM utilizes the same techniques used by the attack in order to prevent it. DCFM successfully prevents the attack, specifically in the realistic scenario in which all nodes in the network are mobile

A Study on Preventing Node Isolation Attack in OLSR Protocol

AbstractA mobile ad hoc network (MANET) is a wireless communication system of continuously self-configuring and infrastructure-less network of mobile devices which can move independently in any direction at any time.Routing protocols is required for message exchange in MANET. The most widely used routing protocol is OLSR (Optimized Link State Routing Protocol). It is efficient in bandwidth utilization and path calculation. But it is vulnerable to many types of attacks. In this paper, we discuss about various methods used to prevent a type of Denial of Service (DoS) attack called the node isolation attack that is capable to compromise OLSR protocol

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

A New Approach for DDoS attacks to discriminate the attack level and provide security for DDoS nodes in MANET

Mobile Ad Hoc Networks (MANETs) enable versatile hosts to frame a correspondence arrange without a prefixed framework. In military applications portable specially appointed system assumes essential part since it is particularly planned network for on request necessity and in circumstances where set up of physical network isn't conceivable. Despite the fact that it gives high adaptability, it likewise conveys more difficulties for MANETs to battle against malicious assaults. In any case, the property of mobility and excess additionally motivates new plans to outline safeguard procedure. In this paper, we propose a procedure to relieve DDoS assaults in MANETs. Expect that a malicious attacker ordinarily targets particular victims. The attacker will surrender if the assault neglected to accomplish the coveted objectives after a specific length of assaulting time. In our assurance system, we exploit high excess and select a protection node. Once a DDoS attack has been identified, the suspicious movement will be diverted to the protection node. The victim will work typically, and it is sensible to expect that the attacker will stop the trivial endeavors. Through escalated recreation test utilizing NS-2, we have confirmed the viability of our approach and assessed the cost and overhead of the framework

Mitigating packet dropping problem in mobile ad hoc networks: Proposals and challenges

In mobile ad hoc networks (MANETs), nodes usually cooperate and forward each other's packets in order to enable out of range communication. However, in hostile environments, some nodes may deny to do so, either for saving their own resources or for intentionally disrupting regular communications. This type of misbehavior is generally referred to as packet dropping attack or black hole attack, which is considered as one of the most destructive attacks that leads to the network collapse. The special network characteristics, such as limited battery power and mobility, make the prevention techniques based on cryptographic primitives ineffective to cope with such attack. Rather, a more proactive alternative is required to ensure the safety of the forwarding function by staving off malicious nodes from being involved in routing paths. Once such scheme fails, some economic-based approaches can be adopted to alleviate the attack consequences by motivating the nodes cooperation. As a backup, detection and reaction schemes remain as the final defense line to identify the misbehaving nodes and punish them. In this paper, we make a comprehensive survey investigation on the state-of-the-art countermeasures to deal with the packet dropping attack. Furthermore, we examine the challenges that remain to be tackled by researchers for constructing an in-depth defense against such a sophisticated attack. © 2011 IEEE

An Improved Wormhole Attack Detection and Prevention Method for Wireless Mesh Networks

Network coding has been shown to be an effective approach to improve the wireless system performance. However, many security issues impede its wide deployment in practice.Besides the well-studied pollution attacks, there is another severe threat, that of wormhole attacks, which undermines the performance gain of network coding. Since the underlying characteristics of network coding systems are distinctly different from traditional wireless networks, the impact of wormhole attacks and countermeasures are generally unknown. In this paper, we quantify wormholes� devastating harmful impact on network coding system performance through experiments. We first propose a centralized algorithm to detect wormholes and show its correctness rigorously. For the distributed wireless network, we propose DAWN, a Distributed detection Algorithm against Wormhole in wireless Network coding systems, by exploring the change of the flow directions of the innovative packets caused by wormholes. We rigorously prove that DAWN guarantees a good lower bound of successful detection rate. We perform analysis on the resistance of DAWN against collusion attacks.We find that the robustness depends on the node density in the network, and prove a necessary condition to achieve collusion-resistance. DAWN does not rely on any location information, global synchronization assumptions or special hardware/middleware. It is only based on the local information that can be obtained from regular network coding protocols, and thus the overhead of our algorithms is tolerable. Extensive experimental results have verified the effectiveness and the efficiency of DAWN

Detecting wormhole and Byzantine attacks in mobile ad hoc networks

The recent advancements in the wireless technology and their wide-spread utilization have made tremendous enhancements in productivity in the corporate and industrial sectors. However, these recent progresses have also introduced new security vulnerabilities. Since the wireless shared medium is completely exposed to outsiders, it is susceptible to attacks that could target any of the OSI layers in the network stack. For example, jamming of the physical layer, disruption of the medium access control (MAC) layer coordination packets, attacks against the routing infrastructure, targeted attacks on the transport protocol, or even attacks intended to disrupt specific applications. Unfortunately, the effects of applying the security techniques used in wired networks, such as access control and authentication, to wireless and mobile networks have been unsatisfactory due the unique features of such networks. As a result, achieving security goals for mobile ad hoc networks (MANET) has gained significant attention in recent years. Many critical applications of MANET, such as emergency rescue operations, military tactical communication, and business operations like mining and oil drilling platforms, require a friendly and cooperative environment.The aim of this study is to design detection mechanisms for traditional wormhole and Byzantine wormhole attacks by using the topological comparison and round trip time (RTT) measurements. The first step for detecting traditional wormhole attack is that an initiator of the detection process populates its one-hop neighbor list, and also calculates the average round trip time (RTTavg). Meanwhile, a list of suspected neighbors is generated on the basis of RTTavg and RTT. Then, topological information is exchanged between the initiator and all the suspected neighbors to detect the presence of a wormhole link.In this thesis, we also focus on detecting Byzantine wormhole attack in MANET. In the case of detecting such attacks, the initiator creates its one hop neighbor list and calculates the average RTTavg. The initiator also generates a suspected list of its three hop neighbors. In the next phase, the initiator exchanges topological information with all the one hop neighbors to detect the presence of any Byzantine wormhole tunnel. One of the major concerns for the topological comparison based approach is to give the initially suspected nodes a second chance to prove their reliability by exchanging topological information.We have implemented the detection algorithms in ad hoc on demand distance vector (AODV) and optimized link state routing (OLSR) routing protocols. Then, performance evaluation of the proposed detection mechanisms is conducted. We also compared our proposed detection methods with some of the existing detection methods by simulation. The results show that our schemes can achieve better detection performance

Secure Routing and Medium Access Protocols inWireless Multi-hop Networks

While the rapid proliferation of mobile devices along with the tremendous growth of various applications using wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless multi-hop networks has recently received considerable attention in the research community. These relevant security issues are fundamentally different from those of wireline networks due to the special characteristics of wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues are extremely hard to cope with due to the absence of trust relationships between the nodes. To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR, and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows. As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose effective countermeasures. As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters) to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest rather than punishing them