Security Enhancements in AODV protocol for
Wireless Ad Hoc Networks
Sonali Bhargava and Dharma P. Agrawal Center for
Distributed & Mobile Computing Dept of ECECS,
University of Cincinnati
Presented By:
Syeda Momina Tabish
MIT - 7
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Agenda
 Introduction
 Motivation
 Related Work
 Assumptions and background
 Proposed Approach
 Intrusion Detection Model (IDM)
 Intrusion Response Model (IRM)
 Experimental Setup
 Performance Metrics
 Simulation Results
 Conclusion & Future Work
2
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Introduction
 AODV -- On-demand route discovery
 Effective use of available bandwidth
 Highly scalable
 An ad hoc network is dynamically formed when two or more
mobile hosts with wireless capability come into transmission
range of each other
 Advantage of ad hoc networks:
 Can be set up ‘on-the-fly’
 Requires no existing infrastructure
3
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
AODV Operation
Data
Data
RREQ
Source
RERR
RREP
4
Stable Enhancement in AODV
Destination
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Introduction contd.
 Ad hoc network is useful in situations where geographical or
terrestrial constraints demand totally distributed network
system without any fixed base station.
 Could be in battlefields or in any other disaster situations.
 Wireless Ad hoc networks are highly susceptible to malicious
attacks. They need harder security than conventional wired
and static Internet.
 Intrusion prevention measures such as encryption and
authentication, at times fail to identify attack, as these
prevention measures cannot defend against compromised
mobile nodes.
5
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Motivation
 We need an Intrusion Detection system in the network to create
another wall of defense
 Forms of Attack






Passive eavesdropping
Active interfering
Leakage of secret information
Data tampering
Impersonation
Denial of service
 Detection of compromised nodes is challenging due to




6
Nodes are constantly mobile
Protocols implemented are cooperative in nature
Lack of fixed infrastructure and central authority
No distinction between normalcy and abnormality
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Motivation contd.
 The Attacks to routing protocol can be further classified into
two types. They are:
 External Attack: An attack caused by nodes that do not belong to
the network.
 Internal Attack: An attack from nodes that belong to the network
due to them getting compromised or captured.
7
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Related Work
 Yonguang Zhang and Wenke Lee: presented new intrusion
detection and response mechanism. The basic assumption is that
the user and program activities are observable and system should
be cooperative and distributed.
 Sergio Marti: introduced techniques that improve throughput in
an ad hoc network by identifying misbehaving nodes that agree to
forward the packet but never do so.
 Venkatraman: proposed intrusion detection agent to prevent some
internal attacks on the network. Intrusion detection agent runs on
all the nodes and is based on Yongguang Zhang and Wenke Lee's
model.
8
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Assumptions and Background
 Assumption
 When a node is within radio range of another node they are
termed as neighbors.
 Every link between two nodes is bi-directional.
 Nodes are in promiscuous state.
 Compromised nodes do not work in teams.
9
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Proposed Approach
 Identified possible internal attacks for AODV protocol and
present details of Intrusion Detection Model [IDIM] and
Intrusion Response Model [IRM].
 The compromised nodes could cause sufficient damage by
merely not cooperating.
 The types of malicious activities depend on the functioning of
the protocol.
 These attacks are deterministic and can be detected by IDM
and malicious nodes are isolated using IRS .
10
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Proposed Approach contd.
Following are the internal attacks handled by IDM.
 Distributed false route request: Under this attack, a
malicious node generates false route requests from different
radio ranges, thereby resulting in continued wastage of
channel bandwidth. They cannot be categorized as malicious
nodes.
 Denial of service: Denial of service attack results when the
network bandwidth is hijacked by the malicious node by
repeatedly generating route requests. A malicious node
continues to transmit control packets, as a result of which
other nodes in the network can not use the resources.
11
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Proposed Approach contd.
 Destination is Compromised: A compromised
destination node does not acknowledge the route requests
destined for it. This result; in re-broadcasts and increase in
end-to-end routing delay. Therefore, the network throughput
is severely decreased.
 Impersonation: It is undesirable to have a malicious node
impersonating an another node while sending that control
packets to create the anomaly updation in the routing table.
 Routing Information Disclosure: Malicious node leaks
the confidential. information to unauthorized users in the
network. This kind of attack is difficult to identify.
12
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Detection Model
 Based on the model presented by Yonguang Zhang and Wenke
Lee.
 Each node employs the detection model that utilizes the
neighborhood information to detect misbehaviors of its
neighbors.
 The IDM is present on all the nodes. Constantly monitors the
behavior of its neighbors and analyzes it to detect if the
neighbor has been compromised.
13
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Handling of Internal Attacks
Secure Communication
Global Response
Intrusion Response Model
Yes
No
Mal count
>
Threshold
Intrusion Detection Model
Data Collection
14
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Detection Model contd.
 The model identifies each of the aforementioned attacks as
follows:
 Distributed false route request:
 A route request is generated whenever a node has to send data to the
particular destination.
 Malicious node might generate frequent, unnecessary route requests.
 Malicious node generates a false route message from different radio
range, it will be difficult to identify the malicious node.
 When the node in the network receive a number of route requests
that is greater than a threshold count by a specific source for a
destination in a particular time interval tinterval, the node is declared as
malicious and the information is propagated in the network.
15
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Detection Model contd.
 Denial of service:
 Malicious node launches the denial of service attack by transmitting false
control packets and using the entire network resources.
 This results in deprivation of network resources for other nodes.
 Denial of service can be launched by transmitting false routing packets or
data packets.
 It can be identified if a node is generating the control packets that is more
than the threshold count in a particular time interval tfrequency.
16
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Detection Model contd.
 Destination is Compromised:
 A destination might not be able to reply, if it is
 (i) not in the network
 (ii) overloaded
 (iii) it did not receive route request; or if it is
 (iv) malicious
 This attack is identified when the source does not receive the reply from
the destination in a particular time interval twait.
 The neighbors generate probe/ hello packets to determine
connectivity. If the node is in the network and does not respond to route
requests destined for it, it is identified as malicious.
17
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Detection Model contd.
 Impersonation:
 It can be avoided if sender encrypts the packet with its private key and
other nodes decrypts with the public key of the sender.
 If the receiver is not able to decrypt the packet, the sender might be not
the real source and hence packet will be dropped.
18
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Response Model
 A node identifies that an another has been compromised
when its malcount increases beyond the threshold value for that
allegedly compromised node.
 In such cases, it propagates this information to the entire
network by transmitting Mal packet.
 If other nodes also suspect that the node that has been
detected as compromised, it reports its suspicion to the
network and transmits ReMal packet.
19
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Intrusion Response Model
 If two or more nodes report about a particular node, Purge
packet is transmitted to isolate the malicious node from the
network.
 All nodes that have a route through the compromised node
look for newer routes.
 All packets received from the compromised node are
dropped.
20
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Experimental Setup
 Used the version of Berkeley’s Network Simulator (ns) for
our implementation.
 Based on a 1500 by 300 meter flat space scattered with 50
wireless nodes. In which 10 are data sources.
 The nodes move randomly with random speed (the speed is
uniformly distributed between 0-20 sec).
 The MAC layer used for the simulations is IEEE 802.11
 The transport protocol used for simulations is User Datagram
Protocol (UDP).
21
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Experimental Setup contd.
 Performance Metrics:
 1. Packet Delivery Fraction: This is the ratio of CBR packets delivered
to that generated and is measured as throughput.
 2. Routing Overhead: The number of routing packets transmitted for
every data packet sent. Each hop of the routing packet is treated as a
packet. They have used the normalized routing load for comparison,
which is the ratio of routing packets to the data packets.
 3. Average end-to-end delay: This is the average of the delays
incurred by all the packets that are successfully transmitted.
22
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Experimental Setup contd.
 4. Accuracy of Predictions: Only the malicious nodes generated in
the network were reported as intruders and others nodes were not
claimed as malicious.
 In the simulation misbehaving node is one that generate
false route requests or drop the route request packets
that are destined for it.
23
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Simulation Results
 Routing Load vs. Pause Time
24
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Simulation Results
 End to End Delay vs. Pause Time
25
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Simulation Results
 Packet Delivery vs. Pause time
26
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Security Enhancements in AODV protocol for Wireless Ad Hoc Networks
Conclusion & Future Work
 Proposed a security scheme to pro-actively prevent internal
attacks.
 The results of implementation show that the overheads is
marginal and has negligible effects on network performance
while making the protocol robust.
 Working on defining more internal attacks and plan to
identify solutions for them.
 Moreover, they plan to introduce security scheme for
external attacks and incorporate those with Intrusion
Detection and Response model as well.
27
Syeda Momina Tabish ....................................................................................................... NIIT-NUST
Questions ???
Thanks
28
Syeda Momina Tabish ....................................................................................................... NIIT-NUST