06-06-2010, 11:27 PM
[attachment=3704]
SECURITY IN AD-HOC WIRELESS NETWORKS
Presented By:
Dr. D. Sreenivas Rao 1 A. Vani 2
1 E.C.E. Dept, J.N.T.U. College of Engineering, Hyderabad., (AP),India
2 E.C.E. Dept, J.N.T.U. College of Engineering, Hyderabad., (AP),India
ABSTRACT
Security is a major concern in the design of modern communication systems. It is articularly challenging with wireless networks such as Ad hoc networks. Ad hoc networks are dynamically reconfigured. For this reason they are vulnerable to several major security threats. This paper focus on different theoretical aspects of security services, attacks and security mechanisms.
Keywords: Security, Ad-hoc Networks, Integrity, Non-repudiation, Authentication, Digital Signatures, Hash functions, MAC.
1. INTRODUCTION
Ad hoc networks [5,15] do not have a fixed network topology. Nodes are mobile and can communicate with each other while in range, but otherwise are disconnected. This node mobility causes frequent changes of the network topology, and possible portioning. Ad hoc networks can be used to model several wireless applications, such as military operations in which the nodes are military units (soldiers, tanks and other vehicles, planets etc).equipped with wireless communication devices and more generally wireless communication system in which the fixed network is restricted. The restructuring of such networks is usually due to their mobility; however, it can also be caused by the enemy .the enemy can destroy captured devices try to use them to gather information or undermine the operations. The traditional model for static networks with Byzantine faults [7] may be used to describe some of the security threats of ad hoc networks, but what characterizes ad hoc networks is that their structure changes continuously. Furthermore, the tools which are used to establish the security (authentication, confidentiality, integrity, availability and non repudiation) of traditional networks cannot in general be easily adapted for the requirements of ad hoc networks, particularly when these get partitioned. Such issues must be addressed in order to secure ad hoc networks.
2. SECURITY SERVICES
High level security requirements for ad hoc networks are basically identical to security requirements for any other communications systems. In order to allow a reliable data transfer over the communication networks and to protect the system resources, a number of security services are required asked on their objectives, the security services are classified in five categories as availability, confidentiality, authentication, integrity and non repudiation.
2.1. Availability
Availability implies that requested services (e.g. Bandwidth and connectivity) are available in a timely manner even though there is a potential problem in the system. Availability of a network can be tempered for example by dropping off packets and by resource depletion attacks.
2.2. Confidentiality
Confidentiality ensures that classified information in the network is never disclosed to unauthorized entities. Confidentiality can be achieved by using different Encryption techniques so that only the legitimate communicative nodes can analyze and understand the transmission. The content disclosure attack reveals the contents of the message being transmitted and physical information about a particular node respectively.
2.3. Authenticity
Authenticity is a network service to determine a user's identity. Without Authentication, an attacker can impersonate any node, and in this way one by one node, it can gain control over the entire network.
2.4. Integrity
Integrity guarantees that information passed on between nodes has not been tempered in the transmission. Data can be altered both intentionally and accidentally. (for example through hardware glitches, or in case of ad hoc wireless connection through interferences)
2.5. Non-repudiation
Non-repudiation ensures that the information originator cannot deny having sent the information. This service is useful for detection and isolation of comp romised nodes in the network.Many authentication and secure routing algorithms implemented in ad hoc networks rely on trust-based concepts. The fact that a message can be attributed to a specific node helps making these algorithms more secure.
3. CHALLENGING TASKS
Similar to wireless communication systems creating additional challenges for implementation of aforementioned services. When compared to fixed networks, ad hoc networks can be viewed as even more extreme case, requiring even more sophisticated, efficient and well designed security mechanisms. The challenging tasks due to
? Insecure wireless
Communication links. ? ?Absence of a fixed
infrastructure. ? Resource constraints ( e.g. Battery power, Bandwidth, memory, CPU processing capacity) and ? Node mobility that triggers dynamic network topology.
4. SECURITY ATTACKS IN AD HOC WIRELESS NETWORKS
Providing a secure system can be achieved by preventing attacks or by detecting them and providing a mechanism to recover for those attacks. Attacks on ad hoc wireless networks can be classified as active and passive attacks, depending on whether the normal operation of the networks is disrupted or not.
4.1. Passive attack
In passive attack, an intruder snoops the data exchanged without altering it.The attacker does not actively initiate malicious actions to cheat other hosts. The goal of attacker is to obtain information that is being transmitted, thus violating the message confidentiality, since the activity of the network is not disrupted, these attacks are difficult to detect. Powerful encryption mechanism canalleviate these attacks by making difficult to read overheard packets.
4.2. Active Attacks
Inactive attacks, an attacker actively participates in disrupting the normal operation of the network services. A malicious host can create an active attack by modifying packets or by introducing false information in the ad hoc network. It confuses routing procedures and degrades network performance. Active attacks can be divided into internal and external attacks.
4.2.1. External Attacks
External attacks are carried by nodes that are not legitimate part of the network. Such attacs can be defended by using Encryption, firewalls and source authentication. In external attacks, it is possible to disrupt the communication from parking lot in front of the company office.
4.2.2: Internal Attacks
Internal Attacks are from compromised nodes that were once legitimate part of the network. Since the adversaries are already part of the ad hoc wireless network as authorized nodes. They are much more severe and difficult to detect when compared to external attacks.
5. EXISTING SECURITY SOLUTIONS
Traditional mechanisms, such as asymmetric cryptography, one way hash functions and other techniques implanting authentication, confidentiality, integrity and non-repudiation can be used whether in a wired or wireless network. On the other hand, access control, which for us stands for fire walling, seems somehow more difficult to enforce in ad hoc network.
On other hand, applicative fire walling, as achieved by proxies, cannot be considered in Manets because of their centralized nature. According to the security goals to be achieved, several mechanisms can be implemented on different network layers. Most existing mechanisms are based on cryptography and certification must be implemented to secure key exchanges.This point is particularly important in an environment prone to "Man in the Middle attacks"such as manets. A certification mechanism can be implemented in many ways ranging from a simple physical exchange of keys ,to a more sophisticated PKI based exchange .The choice depends on the configuration of the network and the required security.
6. SECURITY MECHANISM IN ADHOC WIRELESS NETWORKS
Message encryption and digital signatures are two important mechanisms for data integrity and authentication. There are two types of data encryption mechanisms. Symmetric and Asymmetric (or public key) echanisms.Symmetric cryptosystems use the same key (the secret key) for encryption and decryption of a message, and asymmetric cryptosystems use one key (the public key) to encrypt a message and another key (the private key)to decrypt it. Public and private keys are related in such a way that only the public key can be used to encrypt message and only the corresponding private key can be used for decryption purpose. Even if attacker comprises a public key, it is virtually impossible to deduce the private key.
Any code attached to an electronically transmitted message that uniquely identifies the sender is known as digital code. Digital signatures are key component of most authentication schemes. To be effective, digital signatures must be non-forgeable.Hash functions are used in creative and verification of a digital signature. It is an algorithm which creates a digital representation or fingerprint in the form of a hash value ( or hash result) of a standard length which is usually much smaller than the message and unique to it. Any change to the message will produce a different hash result even when the some hash function is used. In the case of a secure hash function, also known as a one-way hash function, it is computationally infeasible to derive the original message from knowledge of its hash value.In ad hoc wireless networks, the secrecy of the key does not ensure the integrity of the message. For this purpose, message authentication code [MAC][1] is used.
It is a hashed representation of a message and even it MAC is known, it is impractical to compute the message that generated it. A MAC, which is a cryptographic checksum is computed by the message initiator as a function of the secret key and the message being transmitted it is appended to the message. The recipient recomputes the MAC in the similar fashion upon the receiving the message.If the MAC computed by receiver matches the MAC received within the message then the recipient is assured that the message was not modified and hence security is provided.
7. CONCLUSION
In this paper, we have analyzed the security threats an ad hoc network faces and presented the security objectives that need to be
achieved. On one hand, the security-sensitive applications of ad hoc networks require high degree of security, on other hand ,ad hoc networks are inherently vulnerable to security attacks.Therefore, security mechanisms are indispensable for ad hoc networks. The idiosyncrasy of ad hoc networks poses both challenges and opportunities for these mechanisms. This paper represents [theoretically] the first step of our research to analyze the security threats to understand the security requirements for ad hoc networks, and to identity existing techniques, as well as to propose new mechanisms to secure ad hoc networks. More work needed to be done to deploy these security mechanisms on the ad hoc network and to investigate the impact of these security mechanisms on the network performance.
REFERENCES
[1] M.Bellare and P.Rogaway. Random oracle are practical: A paradigm for designing efficient protocols. First Annual
Conference on Computer and Communication Security, pp 62-73,1993.
[2] C. Boyd. Digital multisignatures.IMA Conference on cryptography and coding,H.Baker and F.C. Piper,Claredon press,pp241 -246,1986.
[3] M.Burmester and Y.Desmedt. Secure communication in an unknown network using certificates.
[4] R.L. Davies, R.M. Watson, A. Munroe
and M.Barton. "Ad hoc wireless networking contention free multiple access proceedings of 5th IEEE conference on Telecommunications", pp 73-77,1995.
[5] Y.G.Desmedit."Threshold cryptography.European Transactions on Telecommunications".
[6] D.Dolev,C. Dwork,O. Waarts and
M.yung.Perfectly secure message transmission. Journal of ACM.
[7] W.Diffie and M.E.Hellman.New directions in
cryptography. IEEE Transctions on Information Theory.
[8] A. Fiat and A.Shamir.How to prove yourself
ractical solutions to identication and signature problems. Advances in Cryptology CRYPTO'86.[9] Y.Frankel, P.Gemmel,P.Mackenzie and .Yung.Proactive RSA.
[10] Y.Frankel, P.Gemmel,P.Mackenzie
and M.Yung. Optimal resilience proactive public key crypto systems.
[11] D.B.Johnson Routing in ad hoc networks of mobile
hosts.Mobile Computing Systems and Applications,pp 158-163,1994.
[12] Q.Li and D. Rus. Sending messages to mobile users in disconnected ad hoc wireless networks.In proceedings of ACM MOBICOM 'pp 44-55, 2000.
[13] H.Luo, P.Zerfos, J.Kong, S.Lu and L.Zhang. Providing robust and ubiquitous security support for manet.9th
[14] L.Zhou and Z. Haas. Securing ad hoc networks. IEEE Network,13(6):24-30,1999.International Conference on Network Protocols,pp 251-260,2001.
AUTHOR PROFILE
completed m.tech (dsce) from jntu college of engg., anantapur, a.p. pursuing ph.d. from jntu college of engg, anantapur. qualified in pre-ph.d exam conducted by jntu. area of expertise and interest: communication systems and computer networks. experience details: total teaching experience : 6 years, research experience : 2+
