Section 19.4. Security of Ad-Hoc Networks

19.4. Security of Ad-Hoc Networks

Because of dynamic topological changes, ad-hoc networks are vulnerable at the physical link, as they can easily be manipulated. An intruder can easily attack ad-hoc networks by loading available network resources, such as wireless links and energy (battery) levels of other users, and then disturb all users. Attackers can also disturb the normal operation of routing protocols by modifying packets. The intruder may insert spurious information into routing packets, causing erroneous routing table updates and thus misrouting. Some other security vulnerabilities of ad-hoc networks follow.

• Limited computational capabilities. Typically, nodes in ad-hoc networks are modular, independent, and limited in computational capability and therefore may become a source of vulnerability when they handle public-key cryptography during normal operation.

• Limited power supply. Since nodes normally use battery as power supply, an intruder can exhaust batteries by creating additional transmissions or excessive computations to be carried out by nodes.

• Challenging key management. Dynamic topology and movement of nodes in an adhoc network make key management difficult if cryptography is used in the routing protocol.

In any network, routing information can give an attacker access to relationships among nodes and their IP addresses. Especially in ad-hoc networks, an attacker may be able to bring the network down.

19.4.1. Types of Attacks

Attacks in ad-hoc networks are either passive or active . In a passive attack, the normal operation of a routing protocol is not interrupted . Instead, an intruder tries to gather information by listening. Active attacks can sometimes be detectable and thus are less important. In an active attack, an attacker can insert some arbitrary packets of information into the network to disable it or to attract packets destined to other nodes.

Pin Attack

With the pin , or black-hole , attack , a malicious node pretends to have the shortest path to the destination of a packet. Normally, the intruder listens to a path set-up phase and, when learns of a request for a route, sends a reply advertising a shortest route. Then, the intruder can be an official part of the network if the requesting node receives its malicious reply before the reply from a good node, and a forged route is set up. Once it becomes part of the network, the intruder can do anything within the network, such as undertaking a denial-of-service attack.

Location-Disclosure Attack

By learning the locations of intermediate nodes, an intruder can find out the location of a target node. The location-disclosure attack is made by an intruder to obtain information about the physical location of nodes in the network or the topology of the network.

Routing Table Overflow

Sometimes, an intruder can create routes whose destinations do not exist. This type of attack, known as the routing table overflow . overwhelms the usual flow of traffic, as it creates too many dummy active routes. This attack has a profound impact on proactive routing protocols, which discover routing information before it is needed, but minimal impact on reactive routing protocols , which create a route only when needed.

Energy-Exhaustion Attack

Battery- powered nodes can conserve their power by transmitting only when needed. But an intruder may try to forward unwanted packets or request repeatedly fake or unwanted destinations to use up the energy of nodes' batteries.

19.4.2. Criteria for a Secure Routing Protocol

In order to prevent ad-hoc networks from attacks and vulnerability, a routing protocol must possess the following properties:

• Authenticity. When a routing table is updated, it must check whether the updates were provided by authenticated nodes and users. The most challenging issue in adhoc networks is the lack of a centralized authority to issue and validate certificates of authenticity.

• Integrity of information. When a routing table is updated, the information carried to the routing updates must be checked for eligibility. A misleading update may alter the flow of packets in the network.

• In-order updates. Ad-hoc routing protocols must contain unique sequence numbers to maintain updates in order. Out-of-order updates may result in the propagation of wrong information.

• Maximum update time. Updates in routing tables must be done in the shortest possible time to ensure the credibility of the update information. A timestamp or time-out mechanism can normally be a solution.

• Authorization. An unforgeable credential along with the certificate authority issued to a node can determine all the privileges that the node can have.

• Routing encryption. Encrypting packets can prevent unauthorized nodes from reading them, and only those routers having the decryption key can access messages.

• Route discovery. It should always be possible to find any existing route between two points in a network.

• Protocol immunization. A routing protocol should be immune to intruding nodes and be able identify them.

• Node-privacy location. The routing protocol must protect the network from spreading the location or other unpublic information of individual nodes.

• Self-stabilization. If the self-stabilization property of ad-hoc network performs efficiently , it must stabilize the network in the presence of damages continually received from malicious nodes.

• Low computational load. Typically, an ad hoc node is limited in powers as it uses a battery. As a result, a node should be given the minimal computational load to maintain enough power to avoid any denial-of-service attacks from low available power.