ISSN: 2229-6646 (online) IJSTM Vol.

2, Issue 2, April 2011

www.ijstm.com


International Journal of Science Technology & Management Page 67

Security Vulnerabilities in Mobile Ad Hoc Networks

Vinay Kumar Nassa

Associate Prof (Deptt of ECE) Dronacharya College of Engineering, Gurgaon-123506, vinay_nassa@rediffmail.com


ABSTRACT
Science and technology play a vital role in the
present fast-growing world. In recent years,
pervasive computing has enjoyed a tremendous rise
in popularity. Here some security issues related to
the routing protocols for mobile ad hoc networks
(MANETs) are presented. A mobile ad-hoc network
is a self-configuring network of mobile routers,
connected by wireless links, which are free to move
randomly and organize themselves arbitrarily. These
types of networks operate in the absence of any fixed
infrastructure which makes them easy to deploy but
it becomes difficult to make use of the existing
routing techniques for network services. This poses a
number of challenges in ensuring the security of the
communication. Because of the changing topology
special routing protocols have been proposed to face
the routing problem in MANETs. The paper contains
two major sections: one presenting the routing
protocols in brief and their comparison, the other
presenting threats faced by the ad-hoc network
environment and provides intrusion detection
systems. Attempt is to explain the reputation based
intrusion detection system respective strengths and
problems. The paper closes with a conclusion and an
outlook on evolving trends in secure ad-hoc routing.

KEYWORDS: Ad Hoc Network, security attacks,
bandwidth, denial of Service (DoS), intrusion
Detection System (IDS), reputation.

1. INTRODUCTION

Mobile ad-hoc networks inherently have very
different properties from conventional networks. Ad-
hoc networks [4] [5] are infrastructure-less networks
in which each node participating in the network acts
as a sender and router, forwarding packets to other
nodes, emphasizing on a routing protocol different
from traditional routing protocols. As the mobile
nodes have limited transmission range, it is
necessary that multihop routing be used by one node
to exchange data with other nodes in the same or
another network, so each mobile node acts as a host
and also as a router, thus forwarding packets for
other nodes, that are not within the direct
transmission range of each other.
Mobile ad-hoc networks are a new paradigm of
wireless communication for mobile nodes. There is
no fixed infrastructure for mobile switching. The
primary reason ad-hoc networks are also called
infrastructure-less networks is that the mobile nodes
in the network dynamically establish routes to other
nodes in the network on fly (while moving). Ad-hoc
networks are often called ubiquitous computing,
which means that computers are everywhere and
information is anywhere anytime. Each node has a
wireless interface and communicates with other
nodes. Some of the examples of the nodes of ad-hoc
networks are laptop computers and personal digital
assistants (PDAs) that communicate directly with
each other. The mobile nodes play a very vital role
in such type of networks because they form their
communications as per their need. They work as
both sender and receiver and hence require some
routing protocols. As we know that these nodes are
changing their position frequently so we need some
routing protocols that quickly adapt to new topology.
These nodes can be laptops and personal digital
assistants (PDAs) having limited resources such as
storage capacity, bandwidth and battery power.
These reveal the fact that routing protocols must act
in a smart way to utilize these resources at their best.
A Mobile Adhoc Networks (MANETs) are a
collection of mobile nodes that are dynamically and
arbitrarily located in such a manner that the
ISSN: 2229-6646 (online) IJSTM Vol. 2, Issue 2, April 2011
www.ijstm.com


International Journal of Science Technology & Management Page 68

interconnections between the nodes are capable of
changing on a continual basis.
The main features of MANETs are ease of
deployment and absence of the need for any
infrastructure and it makes ideal network for many
applications. Examples of such applications are
disaster relief, conferencing, interactive information
sharing, file transfer and warfare situations, where
setting up of infrastructure is very difficult

Challenges to MANETs include changing network
topology, a limited transmission range, low
availability of bandwidth due to wireless
environment and consumption of higher control
packets for establishing and maintaining.

The wireless nature of communication and lack of
any security infrastructure raises several security
problems. Wireless ad hoc networks are vulnerable
to various attacks. These include passive
eavesdropping, active interfering, impersonation,
modification of packets and denial of-service.
Intrusion prevention measures, such as strong
authentication and redundant transmission, can be
used to tackle some of these attacks. However, these
techniques can address only a subset of the threats,
and moreover, are costly to implement due to the
limited memory and computation power on nodes.

1.1 Working of Mobile Ad hoc Networking

There are two different types of wireless
networks:
The easiest network topology is where each node
is able to reach all the other nodes with a
traditional radio relay system with a big range.
There is no use of routing protocols with this
kind of network because all nodes can see the
others.
The second kind uses also the radio relay system
but each node has a smaller range, therefore one
node has to use neighboring nodes to reach
another node that is not within its transmission
range. Then, the intermediate nodes are the
routers.


Figure 1: Working of a Ad-Hoc Network

Any routing protocol must encapsulate an essential
set of security mechanisms. These are
mechanisms that help prevent, detect, and
respond to security attacks. There are five major
security goals that need to be addressed in order
to maintain a reliable and secure ad-hoc network
environment.

They are mainly:

Confidentiality: Protection of any information
from being exposed to unintended entities. In ad-
hoc networks this is more difficult to achieve
because intermediates nodes (that act as routers)
receive the packets for other recipients, so they
can easily eavesdrop the information being
routed.
Availability: Services should be available
whenever required. There should be an
assurance of survivability despite a Denial
ISSN: 2229-6646 (online) IJSTM Vol. 2, Issue 2, April 2011
www.ijstm.com


International Journal of Science Technology & Management Page 69

of Service (DOS) attack. On physical and media
access control layer attacker can use
jamming techniques to interfere with
communication on physical channel. On network
layer the attacker can disrupt the routing protocol.
On higher layers, the attacker could bring down
high level services e.g. key management service.

Authentication: Assurance that an entity of
concern or the origin of a communication is what
it claims to be or from. Without which an attacker
would impersonate a node, thus gaining
unauthorized access to resource and sensitive
information and interfering with operation of
other nodes.
Integrity: Message being transmitted is never
altered.
Non-repudiation: Ensures that sending and
receiving parties can never deny ever sending or
receiving the message.
All the above security mechanisms must be
implemented in any ad-hoc networks so as to ensure
the security of the transmissions along that network.
Thus whenever considering any security issues with
respect to a network, we always need to ensure that
the above mentioned 5 security goals have been put
into effect and none most) of them are flawed.

2. ROUTING PROTOCOLS

Both academic and industrial efforts are currently
being done in the development of the routing
protocols for ad-hoc networks. The academic
research has been carried out on developing new
routing protocols for ad-hoc networks and its
implementation. Industrial efforts have helped to
have some widely accepted routing protocols for ad-
hoc networks. Blue Tooth supported devices have
implementations of ad-hoc routing protocols like
DSR and DSDV.
Basically there are two types of routing protocols:
1. Proactive Routing Protocols: Herein the nodes
keep updating their routing tables by periodical
messages. This can be seen in Optimized Link
State Routing Protocol (OLSR) and the Topology
Broadcast based on Reverse Path Forwarding
Protocol (TBRPF).

2. Reactive or On Demand Routing Protocols:
Here the routes are created only when they are
needed. The application of this protocol can be
seen in the Dynamic Source Routing Protocol
(DSR) and the Ad-hoc On-demand Distance
Vector Routing Protocol (AODV).

The most common ad-hoc protocols are the Ad-hoc
On-demand Distance Vector routing protocol and
the Destination-Sequenced Distance-Vector routing
protocol and the Dynamic Source Routing. All these
protocols are quite insecure because attackers can
easily obtain information about the network
topology. This is because in the AODV and DSR
protocols, the route discovery packets are carried in
clear text. Thus a malicious node can discover the
network structure just by analyzing this kind of
packets and may be able to determine the role of
each node in the network. With all this information
more serious attacks can be launched in order to
disrupt network operations.
ISSN: 2229-6646 (online) IJSTM Vol. 2, Issue 2, April 2011
www.ijstm.com


International Journal of Science Technology & Management Page 70



Figure 2: Classification of Routing Protocols

3. ATTACKS FACED BY ROUTING
PROTOCOLS

Due to their underlined architecture, ad-hoc
networks are more easily attacked than a wired
network. The attacks prevalent on ad-hoc routing
protocols can be broadly classified into passive and
active attacks.
A Passive Attack does not disrupt the operation of
the protocol, but tries to discover valuable
information by listening to traffic. Passive attacks
basically involve obtaining vital routing information
by sniffing about the network. Such attacks are
usually difficult to detect and hence, defending
against such attacks is complicated. Even if it is not
possible to identify the exact location of a node, one
may be able to discover information about the
network topology, using these attacks.

An Active Attack, however, injects arbitrary
packets and tries to disrupt the operation of the
protocol in order to limit availability, gain
authentication, or attract packets destined to other
nodes. The goal is basically to attract all packets to the attacker
for analysis or to disable the network. Such attacks can be
detected and the nodes can be identified.

4. INTRUSION DETECTION SYSTEMS

Intrusion detection is described as the process of
smartly monitoring the incidents happening in the
networked information system, examining them for
sign an intrusion of security policy. The main goal of
intrusion detection system is to protect the privacy,
integrity and availability of important networked
security systems [6]. Intrusion detection system is a
significant part of protective measures of networked
information systems from misuse. When intrusion
detection system is suitably organized, it can offer
alert telling that a system is under attack. It is
significant for intrusion detection system to reach
maximal functioning. However, intrusion detection
system is typified under two views which are as
follows:

1. The information source: host typed,
multiphase typed or network typed;
2. The intrusion detection model; irregularly
detection or abuse detection.
3.
Intrusion detection tries to detect the attacks by
investigative information records observed by
processes on the same network. These attacks are
usually split into two groups, host-typed attacks and
network-typed attacks. Host- typed attack detection
programs usually use program call data from an
audit process that tracks all system calls made on
behalf of every user on a particular computer. These
audit processes typically run on every monitored
computer. Network-typed attack detection programs
normally use network traffic information from a
network sniffer [9]. Various computer networks,
with the extensively accepted Ethernet (IEEE 802.3)
network, employ a common medium for interaction.
In an abuse detection typed intrusion detection
system, intrusions are detected by seeking behavior
that communicates to known signature of intrusion.
ISSN: 2229-6646 (online) IJSTM Vol. 2, Issue 2, April 2011
www.ijstm.com


International Journal of Science Technology & Management Page 71

In contrast, irregularity typed intrusion detection
system detects intrusions via searching for
anomalous network traffic.

The intrusion detection system can be classified at a
macroscopic level as the detector which processes
data arrival from the system to be secure. The
detector can also start probes to activate the audit
process, like demanding version codes for uses. It
utilizes three types of data:

1. Configuration data regarding the present
situation of the system.
2. Long term data describing the method
employed to observe intrusion.
3. Audit data related to the incidents that are
occurrence to the system.

The responsibility of the detector is to remove
unnecessary data from the audit trail. Then it shows
either an artificial vision of the security related
actions adopted through normal practice of the
system, or an artificial vision of the present security
situation of the system. A decision is then adopted to
assess the possibility that these events can be
considered as symptoms of an intrusion. The barrier
can then apply a corrective action to either strop the
events from being implemented or modify the
situation of the system in return to a protected state.
Figure 3 shows the Intrusion detection system.


Figure 3: Intrusion detection system

Intrusion detection systems (1DS), especially those
which are reputation-based, are a new paradigm and
are being used for enhancing security in different
areas. These systems are lightweight, easy to use and
are capable to face a wide variety of attacks as long
as they are observable. Among these mechanisms
some of the popular ones are CORE, CONFIDANT,
OCEAN and SAFE.

4.1 Reputation-Based IDS

Reputation-based IDS do not rely on the
conventional use of a common secret to establish
confidential and secure communication between two
parties. Instead, they are simply based on each
others observations [3]. To be more precise, every
node in the network monitors the emission of its
neighboring nodes and derives a reputation value for
them. If any misbehavior is detected, this
information is broadcasted to the neighboring nodes
in order to help them to protect themselves against
this fraud [1]. Different architectures using the
reputation concept for securing packet forwarding
have been proposed so far [8]. The reputation herein
is simply bound to how good routers the nodes are.
Monitoring the packet loss carried out by the is one
of the main tasks of these reputation-based systems
[7]. The monitoring operation was implemented in
CORE and CONFIDANT using a packet
ISSN: 2229-6646 (online) IJSTM Vol. 2, Issue 2, April 2011
www.ijstm.com


International Journal of Science Technology & Management Page 72

overhearing technique based on the promiscuous
mode.

4.2 Issues related Security

There are few basic problems in MANET that need
to be kept in mind while designing any security
solution. First , it is often hard to differentiate
intrusions and normal operations or conditions in
MANET because of the dynamically changing
topology and volatile physical environment. Second,
mobile nodes are autonomous units that are capable
of roaming independently in unrestricted
geographical topology. This means that nodes with
inadequate physical protection can be captured,
compromised, or hijacked. Third, decision-making
in ad hoc networks is usually decentralized and
many ad-hoc network algorithms rely on the
cooperative participation of all nodes. Most ad hoc
routing protocols are also cooperative in nature and
hence can be easily misguided by false routing
information [10].It is observed that without
countermeasure the effect of misbehavior
dramatically decreases network performance.
Intrusion prevention measures, such as
authentication and encryption can be used as the first
line of defense against attacks in MANET. However,
even if these prevention schemes can be
implemented perfectly, they still cannot eliminate all
attacks, especially the internal or insider attacks.
Also, they are costly to implement on mobile nodes
from the point of view of limited computation power
and energy needed. Another possible solution to this
problem is similar to the concept of economic
incentives, but the problem with them is that they
need a centralized banking system and tamper proof
hardware, and a more basic question is who will pay
and how much?

4.3 Working of Reputation-Based IDS

Reputation-based systems are used for enhancing
security in ad hoc networks as they model
cooperation between the nodes which is inspired
from our social behavior. As in our daily life, when
we meet somebody for the first time, we build a
reputation about him or her from our personal
(firsthand) and somebody else (secondhand)
experience. Reputation-based systems are built on
this principle. Such systems are used to decide who
to trust, and to encourage trustworthy behavior.
Resnick and Zeckhauser identify three goals for
reputation systems [8].

a. To provide information to distinguish
between a trustworthy principal and an
untrustworthy principal.
b. To encourage principals to act in a
trustworthy manner, and
c. To discourage untrustworthy principals from
participating in the service the reputation
mechanism is present to protect.

Walchdog and Path-rater arc some essential
cornponents of any Reputation-based Intrusion
detection System [2]. Complementing DSR with a
watchdog increases throughput of mobile ad- hoc
networks. Misbehavior Detection and Reputation
Systems may or may not be distributed. Here fully
distributed means whether information regarding
ones reputation is immediately propagated in the
whole network or not. In the later case nodes are
fully dependent on their own personal view about
other nodes reputation and behavior.
Distributed IDS protocols either rely only on
firsthand information or on positive secondhand
information. CONFIDANT and CORE fall into this
category. Sorne basic problems with this approach of
global reputation systems arc:

Every node has to maintain O (n) reputation
information where n is number of nodes in
network.
Extra traffic generation in reputation exchange.
Extra computation in accepting indirect
reputation information (secondhand
information), especially Bayesian Estimation.
Security issues in reputation exchange such as
reputation data packets can he modified.

ISSN: 2229-6646 (online) IJSTM Vol. 2, Issue 2, April 2011
www.ijstm.com


International Journal of Science Technology & Management Page 73

6. CONCLUSION
Mobile ad-hoc networks have properties that
increase their vulnerability to attacks. Unreliable
wireless links are vulnerable to jamming and by their
inherent broadcast nature facilitate eavesdropping.
Constraints in bandwidth, computing power, and
battery power in mobile devices can lead to
application-specific trade-offs between security and
resource consumption of the device.
Mobility/Dynamics make it hard to detect behavior
anomalies such as advertising bogus routes, because
routes in this environment change frequently. Self-
organization is a key property of ad-hoc networks.
They cannot rely on central authorities and
infrastructures, e.g. for key management. Latency is
inherently increased in wireless multi-hop networks,
rendering message exchange for security more
expensive. Multiple paths are likely to be available.
This property offers an advantage over
infrastructure-based local area networks that can be
exploited by diversity coding.
Mobile ad hoc networks have a number of
significant security issues which cannot be solved
alone by Intrusion detection systems. Physical
security of nodes is another very important issue.
Reputation systems are used to establish trust and
encourage trustworthy behavior and cooperation
among nodes.

7. REFERENCES
[1] Buchegger, S., & Le Boudec. ,J.Y. (2003). The
effect of rumor spreading in reputation systems for
mobile ad-hoc networks. In Proceedings of WiOpt
03: Modeling and Optimization in Mobile, Ad Hoe
and Wireless Networks. Sophia-Antipolis, France.

[2] Buchegger. C.T.. & Le Boudec, J.Y. (2004). A
test-bed for-misbehavior detection in mobile ad hoc
networks-how much can watchdogs really do? In
WMCSA: Proceedings of the Sixth IEEE Workshop
on Mobile Computing Systems and Applications.

[3] Buchegger, S.. & Le Boudec. J.Y. (2005). Self-
policing mobile ad hoc networks by reputation
systems. IEEE commutations Magazine.

[4] C.-K. Toh, (1997), Wireless ATM and Ad-hoc
Protocols and Architectures Kluwer Academic
Press.
[5] Das, Samir; Castenda, Robert; Yan, Jiangtao,
(1998) Comparative Performance Evaluation of
Routing Protocols for Mobile, Ad-Hoc Networks,
Proceedings of IEEE International Conference on
Computer Communications and Networks, San
Antonio, Oct. 1998,( pp. 153-161).

[6]Debar, H. An Introduction to Intrusion Detection
Systems, IBM Research Zurich Research Lab,
Saumerstrasse, 2000

[7] Marti S. Giuli, T.J. Lai. K.. & Baker. M. (2000).
Mitigating routing misbehavior in mobile ad hoe
networks. In Proceedings of the 6
th
Annual
International Conference on Mobil Computing and
Networking Table of Contents, (pp. 255-265)

[8]Resnick, P., & Zeckhauser. R. (2002). Trust
among strangers in Internet transactions: Empirical
analysis of eBays reputation system. In M. R. Bave
(Ed.). The economics of the internet and commerce:
Advances in applied microeconomics (Vol. II. pp.
127-157). Amsterdam, Elsevier Science.

[9]Siraj A., Bridges, SM. and Vaughn, R. B. Fuzzy
Cognitive Maps for Decision Support In an
Intelligent Intrusion D[tection System. Joint 9 IFSA
World Congress and 20 NAFIPS International
Conference, Volume 4, 2001, pp 2165-2170


[10]Yan. P., & Mitchell, C..J. (2003). Reputation
methods for routing security Mobile ad- hoc
networks. In Proceedings of Sympo TIC 03, Joint
1ST Workshop on Mobile Future and Symposium
on Trends in Communications, Bratislava.