The Characteristics And Applications Of Manets Computer Science Essay Example

nodes. The success of communication greatly relies on the cooperation of other nodes. The nodes themselves are responsible for dynamically discovering other nodes within radio range for communication. Figure 1.1 illustrates a Heterogeneous Mobile Ad hoc Network (MANET). Typical MANET nodes include Laptops, PDAs, Pocket PCs, Cellular Phones, Internet Mobile Phones, Palmtops, or any other mobile wireless devices.

These devices are usually lightweight and run on batteries. Figure 1.1 shows a heterogeneous MANET with various devices, including a PDA, pocket PC, laptop, mobile phone, and mobile device. Since the mobile phone is out of range for the pocket PC, the laptop is used to retransmit data from the pocket PC to the mobile phone. The main characteristics of MANETs include the lack of centralized control, lack of node association, high host mobility, constantly changing network topology, shared broadcast radio channel, insecure operating environment, physical vulnerability, and limited resources such as CPU processing capacity, memory power, battery power, and bandwidth [2, 6, 7, 8]. MANETs have dynamic network topologies where nodes can move independently in any direction, leading to frequent and random changes in the wireless topology with bidirectional links as the primary component.

Low Bandwidth: Wireless networks have lower capacity and shorter transmission range compared to fixed infrastructure networks. The throughput of wireless communication is less than wired communication due to factors like multiple access, fading, noise, and interference conditions.

Limited Battery Power: The nodes or hosts rely on small batteries and other exhaustible energy sources. Thus, conserving energy is crucial for design optimization.

Decentralized Control: MANET's functionality depends on the cooperation of participating nodes because of the unreliable links.

The implementation of protocols requiring

a centralized authority or administrator becomes challenging in wireless ad hoc networks due to unreliable communications and weak physical protection. The shared-medium nature and unstable channel quality of wireless links often result in a high packet-loss rate and re-routing instability, causing throughput drops in multi-hop networks. Consequently, security solutions in wireless ad hoc networks cannot rely on reliable communication. In addition, MANETs are more susceptible to physical security threats compared to fixed-cable networks due to the compact, soft, and hand-held nature of mobile nodes.

The current trend is towards smaller and more portable devices, which are susceptible to damage, loss, theft, and misuse. This presents a higher risk of different types of attacks that require careful consideration. Scalability is a major challenge due to the limited memory and processing power of mobile devices, especially when dealing with large network sizes. Networks with up to 10,000 or even 100,000 nodes are anticipated, making scalability an essential aspect in the overall design process.

1.1.2 Applications of MANETs There are numerous applications for MANETs, ranging from small, static networks with power constraints to large-scale, mobile, and highly dynamic networks. Some significant examples include establishing efficient and reliable communication in network-centric military/battlefield environments, emergency/rescue operations, disaster relief operations, intelligent transportation systems, conferences, fault-tolerant mobile sensor grids, smart homes, patient monitoring, environment control, and other security-sensitive applications [2, 5, 7, 9]. These applications often require specific security guarantees and reliable communication. Military Tactical Operations: MANETs are used to quickly establish military communications and deploy troops in hostile or unknown environments. Search and Rescue Operations: MANETs support communication in areas with limited or no wireless infrastructure support.

Disaster Relief Operations: This technology is used

for communication in situations where the existing infrastructure has been destroyed or rendered inoperable. Law Enforcement: It provides secure and fast communication during law enforcement operations. Commercial Use: This technology enables communication in exhibitions, conferences, and large gatherings. It can also be valuable for collaborative computing in business scenarios outside of office environments, where people often need to have outside meetings to cooperate and exchange information on a project. 1.1.3 Routing in MANETs: The mobility of nodes greatly influences the behavior of ad hoc networks.

The nodes within the network have the freedom to move in any direction and adjust the routes. Each node in MANET functions as a router and is capable of finding and maintaining routes within the network. The nodes are also responsible for dynamically locating other nodes to enable communication. In cases where a node needs to communicate with a node outside of its transmission range, a multi-hop routing strategy is employed, involving intermediate nodes. The wireless topology of the network undergoes frequent and unpredictable changes.

To enable spontaneous and efficient communication between nodes in a network without infrastructure, a routing protocol is employed for discovering the most optimal routes. The primary challenge lies in establishing accurate and efficient routes between node pairs while ensuring the timely delivery of packets. Traditional routing protocols designed for wired networks are unsuitable for mobile ad hoc networks (MANETs) due to the dynamic nature of the nodes. Route construction should minimize overhead and bandwidth consumption. Extensive research has proposed and evaluated various routing protocols – proactive, reactive, and hybrid – for effective packet routing [3]. However, these protocols fail to address potential threats that seek to disrupt

the protocol itself, making them susceptible to node misbehavior.

Malicious nodes or selfish nodes are nodes that drop all the packets. A malicious node behaves this way in order to damage the network's functioning. On the other hand, a selfish node does it to save battery life by not participating in the routing protocol or forwarding packets. A malicious node can deceive other nodes by advertising attractive routes, leading them to route their messages through the malicious node. Current ad hoc routing protocols lack trust between nodes, making them insecure. These protocols are only optimized for quickly spreading routing information as the network changes [4]. Security is crucial in MANETs because all network services are configured on-the-fly.

Inadequate initial design of the security in a specific MANET architecture makes it challenging to attain security objectives for practical networks during deployment [12, 13]. The typical objectives for securing a MANET include confidentiality (privacy), availability, integrity, authenticity, and non-repudiation. Confidentiality guarantees that unauthorized nodes never access secret information in the network.

The assurance that data is not disclosed to unauthorized parties is known as confidentiality. Availability refers to the timely access of network services by authorized users. Integrity ensures that message or packet transfer between nodes remains unaltered and free from corruption.

Authentication guarantees that the data is legitimate and verifies the identity of the peer node. Non-repudiation prevents the originator of a message from denying their responsibility for sending it.

The text highlights the security challenges presented by node mobility in a Mobile Ad hoc Network (MANET). MANETs differ from traditional wired and wireless networks in their open medium, dynamic network topology, lack of central administration, distributed cooperation, limited capability, and

absence of a clear line of defense. These characteristics make MANETs vulnerable to various types of security attacks. The wireless nature of MANETs enables attackers to intercept, inject, and interfere with communication. Without proper security measures, mobile hosts are susceptible to being captured, compromised, and controlled by malicious nodes. Malicious nodes can disrupt the network intentionally, resulting in packet losses for the entire network. The consequences of such attacks include the leakage of sensitive information, contamination of messages, and impersonation of nodes.

Addressing security concerns is crucial before deploying MANETs. Cryptographic techniques are typically used to ensure secure communications in wired and wireless networks. However, these methods are not suitable for securing MANETs. The main challenge of a public-key based security system is ensuring accessibility and authenticity verification of each user's public key. To solve this issue, a public key infrastructure (PKI) is implemented. In this approach, a trusted third party (TTP) holds the public key certificates of all participating entities and serves as an online certification authority (CA) for providing public key verification.

MANETs do not offer access to trusted authorities or centralized servers. The implementation of public key management and certificate distribution is more difficult due to several challenges, such as problematic key exchange and session handling, lack of infrastructure and centralized services, frequent node mobility, wireless link instability, potential network partitions, and the need to configure all network services on-the-fly. Therefore, traditional security solutions that rely on online trusted authorities or certificate repositories are not suitable for securing MANETs. The use of public key cryptography and certificates is an effective method for securing a MANET.

The primary security challenges in MANETs involve ensuring the secure

storage of key/data in devices, authenticating devices for communication, establishing session keys securely among authenticated devices, and routing securely in multi-hop networks [4]. Security in MANETs encompasses protecting privacy (confidentiality), availability, integrity, and non-repudiation. It necessitates identifying potential attacks, threats, and vulnerabilities to prevent unauthorized access, use, modification or destruction. A security attack refers to any unauthorized action that compromises or bypasses information security.

The potential consequences of an attack include altering, revealing, or denying data [10, 11, 14]. There are two primary classifications for attacks on MANETs: passive attacks and active attacks, as demonstrated in Figure 1.2. Both passive and active attacks can occur at any level of the network protocol stack [3]. Passive attacks aim to collect valuable information by monitoring the traffic channel without proper authorization, without affecting system resources or normal network operation. Figure 1.3 displays a diagrammatic representation of a passive attacker C eavesdropping on the communication channel between A and B.

Figure 1.3: A passive attack includes different types, such as eavesdropping (information leakage), traffic monitoring, and analysis. Detecting passive attacks is difficult since they do not alter the data. It is important to prioritize prevention over detection when dealing with passive attacks. One approach is to use robust encryption methods to protect transmitted data, making it difficult for attackers to retrieve valuable information. In situations involving radio transmission, eavesdropping (information leakage) serves as a straightforward passive attack where malicious nodes intercept all traffic, including routing data, providing them access to routing information.

When a message is transmitted wirelessly, it can be intercepted and captured by an attacker who is within range of the radio transmission. This interception includes sensitive routing information.

Neither the sender nor the intended receiver can determine if the transmission has been eavesdropped on by someone who is not physically connected to the medium.

Traffic monitoring involves collecting information about network nodes, such as their identities, locations, and the volume of data they transmit. Traffic analysis entails analyzing the intercepted traffic to extract details about the characteristics of the transmission. For instance, it can disclose which nodes engage in frequent communication or exchange large amounts of data. Exploiting this information enables launching further attacks.

Active Attacks: An active attack is when someone tries to alter or destroy system resources and the exchanged data in a network. This is done by injecting or modifying packets, with the goal of gaining authentication and disrupting the normal functioning of network services. Figure 1.4 shows an example of an active attack, where attacker C can listen, modify, and inject messages between A and B. Active attacks can be internal or external [5]. External attacks are performed by nodes that are not part of the network.

These attacks are launched by adversaries who lack proper authorization and seek to access network operations and resources unlawfully. External attacks have the purpose of causing network congestion, blocking access to specific network functions, or disrupting the entire network. Some common attacks conducted by external attackers include injecting bogus packets, conducting denial of service attacks, and impersonating others. On the other hand, internal attacks originate from compromised nodes within the network. Internal attacks are more severe and challenging to identify because the attackers possess valuable and secret information from compromised or hijacked nodes and have privileged access rights to network resources. Whether executed by an

external adversary or an internally compromised node, active attacks involve various actions such as impersonation, modification, fabrication, and replication.

The different types of active attacks include MAC Layer attacks, Network Layer attacks, Transportation Layer attacks, Application Layer attacks, and Multi Layer attacks, as shown in Figure 1.5. MAC Layer Attacks: In Jamming Attack, the adversary monitors the wireless medium to determine the frequency at which the receiver node is receiving signals from the sender. It then transmits signals on that frequency to hinder error-free reception at the receiver [3]. Figure 1.5: Classification of security attacks Network Layer Attacks involve Wormhole Attack, where two compromised nodes can communicate with each other through a private network connection. A malicious node captures packets from one location in the network and "tunnels" them to another malicious node at a different location.

The second malicious node is expected to replay the "tunneled" packets locally, creating a tunnel between two colluding attackers known as a wormhole. The wormhole can drop packets by bypassing the normal routing flow or selectively forward packets to avoid detection [15, 16, 17]. A black hole attack, on the other hand, is a denial of service where a malicious node attracts all packets by falsely claiming to have the shortest path to the destination node it wants to intercept. It then absorbs these packets without forwarding them to the actual destination. In other words, the malicious node advertises itself as having the shortest path and causes surrounding nodes to route packets towards it [15].

Sinkhole Attack – The adversary's objective in a sinkhole attack is to capture most of the traffic from a specific area by exploiting a compromised node.

This action forms a figurative sinkhole with the adversary positioned at its core. As nodes located along the path of transmitted packets have numerous opportunities to manipulate application data [18, 19], one motivation behind executing a sinkhole attack is to facilitate selective forwarding. By ensuring that all traffic within the targeted area flows through the compromised node, the adversary gains the ability to selectively obstruct or modify packets originating from any node in that area. Gray Hole Attack – A gray hole attack is a variant of the black hole attack, but distinct in the sense that the malicious node is not immediately malicious; it becomes malicious at a later time. In this attack, the attacker selectively drops all data packets but allows control messages to pass through the node [20, 21].

Selective dropping of packets, as seen in gray hole attacks, is more difficult to detect than black hole attacks. Byzantine attacks occur when compromised intermediate nodes collaborate to create routing loops, divert packets to non-optimal paths, and selectively drop packets. Detecting Byzantine failures is challenging as the throughput of attacker nodes appears the same as other nodes [22]. Information disclosure attacks involve compromised nodes attempting to reveal confidential network topology, node locations, or optimal routes to unauthorized entities [7][23]. Resource consumption attacks involve malicious nodes depleting the resources of other network nodes through excessive route discovery requests, frequent beacon packet generation, or forwarding unnecessary packets (stale information).

The limited availability of battery power, bandwidth, and computational power in MANETs [24, 25] targets the resources. In a Man-In-The-Middle Attack, an attacker who is a neighbor to a node in the routing path alters transmitted data

and injects modified packets into the network. In this attack, a malicious node impersonates the receiver to the sender and the sender to the receiver without either party realizing they have been attacked. The intention of this attack is to read or modify the messages between the two parties [12].

The Neighbor Attack is when an intermediate node records its ID in a received packet before forwarding it. However, attackers will forward the packet without recording its ID, causing two nodes to believe they are neighbors even though they are not within communication range. This disrupts the route. The goal of neighbor attackers is to disrupt multicast routes by creating false communication between nodes [15].

Routing Attacks involve altering routing information and data in routing control packets. There are various types of routing attacks, including routing table overflow attack, routing table poisoning attack, packet replication attack, route cache poisoning attack, and rushing attack. These attacks are aimed at disrupting the network's operation [3].

A Routing Table Overflow Attack occurs when an adversary node advertises routes to non-existing authorized nodes in the network.

The main objective of this attack is to overflow the routing tables, which would prevent the creation of entries for new routes to authorized nodes. Proactive routing protocols are more susceptible to this attack compared to reactive routing protocols. Routing Table Poisoning Attack: In this attack, a malicious node sends false routing updates to other uncompromised nodes, leading to suboptimal routing, network congestion, or network inaccessibility. Packet Replication Attack: In this attack, an adversary node replicates stale packets.

The consumption of additional bandwidth and battery power resources by nodes and the confusion caused during the routing process can

be considered as drawbacks. Another type of attack called Route Cache Poisoning Attack occurs when nodes are updating their route tables, leading to deletion, alteration, and injection of false information. Another attack known as Rushing Attack involves an adversary sending routing packets towards the destination, resulting in routing problems.

An attacker node that receives a route request packet from the source node rapidly floods the packet throughout the network, outpacing other nodes' reactions to the same packet. Route discovery-based on demand routing protocols are susceptible to this type of attack [26]. Stealth attacks can be divided into two categories. The first category of attacks aims to "hi-jack" or perform traffic analysis on filtered traffic to and from victim nodes.

These attacks are launched through various methods, such as altering routing information. By using legitimate routing messages, an attacker can deceive honest nodes into disrupting their routing tables, thus redirecting traffic. The second type of attack involves dividing the network and decreasing its efficiency by disconnecting targeted nodes in multiple ways. This can be accomplished by routing a substantial volume of data through the victim node, resulting in the depletion of its energy resources or causing the perception of unavailability due to the excessive number of dropped messages. As a result, neighboring routers will not utilize the node that is under attack, isolating it.

The methods are known as stealth attacks because they decrease the expense of initiating the attacks and decrease the detectability of the attacker [27]. Transportation Layer Attacks: Session Hijacking Attack – Session hijacking is the primary attack on the transport layer. In this situation, an enemy gains control over a session between two nodes.

Because most authentication processes only occur at the beginning of a session, once the session between two nodes is established, the enemy node pretends to be one of the end nodes of the session and seizes control of the session. Session hijacking can occur at both the network and application levels.

Application Layer Attacks: The main attack at the application layer is the repudiation attack. Repudiation refers to the denial or attempted denial by a communication node of its participation in the communication. This is an important requirement for security protocols in communication networks, ensuring that a node cannot later deny sending the data.

Multi Layer Attacks: Multi-layer attacks can occur in any layer of the network protocol stack.

Common multi-layer attacks include denial of service, impersonation or sybil attack, manipulation of network traffic, device tampering, jellyfish attack, and eclipse attack. A denial of service attack occurs when an adversary tries to prevent legitimate users from accessing network services, rendering the target nodes unable to receive legitimate traffic. These attacks can target CPU power, battery power, and transmission bandwidth. To carry out a denial of service attack, a malicious node may request routes or forward unnecessary packets to drain another node's batteries. This type of attack can be executed at different layers of the network protocol stack such as the physical layer, link layer, and network layer [4, 12, 31].

The Sybil Attack, also known as a masquerade, impersonation, or spoofing attack, involves a single malicious node trying to steal the identity of other nodes in the network. The attacker achieves this by advertising false or fake routes. They may take on multiple identities

by either impersonating or forging other nodes or using false identities. The attacker then sends packets over the network with the identity of other nodes, tricking the destination into thinking that the packet originated from the original source [28]. Sybil attacks are categorized into three types: direct or indirect communication, fabricated or stolen identity, and simultaneity.

In direct communication, Sybil nodes communicate directly with legitimate nodes. In indirect communication, messages sent to Sybil nodes are routed through malicious nodes. An attacker can create a new identity or steal an existing one by destroying or temporarily disabling the impersonated node. All Sybil identities can participate in the network simultaneously or be cycled through. A misrouting attack, also known as a manipulation of network traffic attack, occurs when a node disrupts the protocol operation by falsely claiming to have a better route than the current one. In this attack, a non-legitimate node redirects routing messages and sends data packets to the wrong destination.

This attack is conducted by changing the metric value of a route, manipulating control message fields of a route, altering the final destination address of a data packet, or sending a data packet to the incorrect next hop in the route to the destination [30]. A Weak Physical Protection attack (Device Tampering Attack) occurs when nodes in a MANET, unlike nodes in a wired network, are typically small, soft, and portable. These nodes can be easily damaged, lost, stolen, and exploited by an adversary. In military applications, mobile nodes are vulnerable to capture, compromise, and hijacking. In hostile environments like these, providing perfect physical protection is nearly impossible [3].

Jellyfish Attack: In this type of

attack, the jellyfish attacker infiltrates the multicast forwarding group and unnecessarily delays the forwarding of data packets, resulting in significant end-to-end delays. This ultimately reduces the performance of real-time applications [31].

Eclipse Attack: The eclipse attack involves gradually poisoning the routing tables of uncompromised nodes with links to a group of compromised nodes. This malicious behavior is detrimental to the network and has been extensively studied [12, 15, 18].

Security Solutions in MANET: MANETs are particularly vulnerable to various types of security attacks due to their inherent characteristics. It is crucial to implement adequate security measures to protect ad hoc routing in these networks.

Available security solutions are used to overcome attacks and reduce the possibilities of them. There are two types of security solutions: preventive and detective. Preventive solutions use message encryption techniques, while detective solutions use digital signatures and cryptographic hash functions. Key and trust management are preventive schemes for external attacks, while secure routing protocols are countermeasures for internal attacks [5, 7]. The difficulty of providing security for MANETs is the motivation for this work.

The use of security solutions in a traditional wired network is not appropriate because they rely on online trusted authorities. Unlike conventional networks, MANETs lack online access to trusted authorities and centralized servers. Consequently, implementing key management in these networks is especially challenging.

Key management is considered essential for secure communication in MANETs. Security in MANETs can be achieved through either a single authority domain or full self-organization. In the single authority domain, certification and keys are issued by a single authority. Conversely, in full self-organization, security does not rely on any trusted authority or fixed server. The conventional approach to public

key management involves using public key infrastructure. This system utilizes a trusted third party (TTP) that holds the public key certificates of all participating entities and acts as an online certification authority (CA) to provide public key verification services.

Implementing public key management in MANETs is particularly challenging due to certain characteristics. These include problematic key exchange and session handling, the absence of a central authority or infrastructure, frequent node mobility and changes in the wireless topology of the network, a shared radio channel, limited availability of resources such as CPU processing capacity, memory, and battery power, and the possibility of network partitions where nodes can join or leave at any time. This can be further exacerbated by potential security attacks. Existing routing protocols often do not address potential threats that aim to disrupt the protocol itself and are vulnerable to node misbehavior. Given the lack of a prior