Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Special Issue: Advanced Developments in Engineering and Technology Conference Held in Lord Krishna College of Engineering Ghaziabad, India A Survey of Security Attacks in Mobile Adhoc Networks ParulTomar Assistant Professor, Department of Computer Engg, YMCA University of Science and Technology Faridabad, India Manjit Singh Student, Department of Computer Engineering YMCA University of Science and Technology Faridabad, India Abstract— A Mobile Adhoc Networks is a self configuring networks of mobile node connected through wireless links. Mobile Adhoc Networks (MANET)are characterized by multihop wireless connectivity, infrastructure less environment and frequent changing topologies. The dynamic nature of such networks makes it highly susceptible to various types of attacks. Different types of attackers attempt different types of approaches to decrease the quality of service, performance and throughput. In this paper we discuss various types of attacks. Index Terms— Application Layer attacks, MANET, Network Layer Attacks, Security Attacks, Transport Layer Attacks I. INTRODUCTION A mobile ad-hoc network or MANET is an autonomous system of mobile nodes connected by wireless links in the network [1]. The nodes are free to move randomly and organize themselves arbitrarily. Thus, the network’s wireless topology may change rapidly .Security is an essential requirement in mobile ad hoc network [2]. As compare to wired networks, risk of security attacks is higher in MANETs. This is because of the lack of a trusted centralized authority and limited resources. Attacks can be classified into two broad categories passive and active attacks [3,4]. Passive attack does not disturb the operation of network rather it monitor’s the transmission. Two types of passive attack are release of message content and traffic analysis. Detection of passive attack is difficult as the operation of network does not affect. ATTACKS Active Attack Internal attack Passive Attack External Attack Release of Message content Traffic Analysis Active attacks involve modification of data or destroy the data, being exchanged in the network disrupting normal functioning of the network. Active attack can be classified into two categories, external and internal attack. External attack involves the nodes who do not belong to the network. Internal attacks are because of compromised node in the network [5]. Following sections of this paper deal with different categories of attacks. Section II gives description about Network Layer attack. Section III is dealing with Transport layer attacks followed by Application Layer attacks in section IV. II. NETWORK LAYER ATTACKS Black hole attack[6]: A malicious node use the routing protocol to falsely advertise itself as having the shortest path to the node whose packets it want to intercept. An attacker listen the request for route in a flooding based protocol. When the attacker receives the request for a route to the destination node, it creates a reply having the shortest path to the destination. Malicious node can alter the data packet or drop the packet. For example In Figure 1 Source S want to send data to destination D and initializes the route discovery. The malicious node M claims that it has the shortest route to the destination. When it receives the route request packets it immediately © 2014, Lord Krishna College of Engineering Ghaziabad, India Page | 32 Tomar et al., International Journal of Advanced Research in Computer Science and Software Engineering 4(2), February- 2014, pp. 32-35 sends the response to node S. The source node ignores other route response messages and begin send data packet to node M. As a result malicious node receive the data, it may drop the packets or modifies the data packet. 1 2 S D M 4 Figure 1. Black hole attack Wormhole attack [3,7]: Wormhole attack leads to tunneling of data from one location to another. Here, data is received by malicious node at one location and the node, tunnel them to another location. This connection acts as wormhole for the tunnel link two attackers. For creating a wormhole at least two transceivers are set at different locations on the wireless network by the attacker. When the wormhole attack is used by the attacker in routing protocol, the attack could prevent the discovery of the routes other than through the wormhole. Falsely tunneled path X RRE Q Y S D RRE P A B C Figure 2.Worm hole Attack For example in Figure 2 the X and Y are malicious nodes that form the tunnel in the networks. The source node S when initiate the RREQ request message to find the route to the destination node D. On receiving the packet malicious node X share it with Y and later on deliver it to destination node D. Because of the high speed links source node selects route < S X Y D > for the destination. This would result in ignoring the RREQ that at route < S A B C D> ,arrives at a later time on D. Byzantine attack[8]: In the Byzantine attack, nodes are compromised in such a way that they depict malicious behavior in the network. Threat from nodes inside the network is more dangerous as compared to outside the network [8]. The attack is harder to detect as the normal mobile node become maliciously in the network. The compromised nodes look like normal nodes having normal behavior. But, they can actually destroy the routing in the network completely by using the flaw and inconsistencies in the routing protocol. They can generate new routing information that contains nonexistent links. Malicious nodes provide false link information. A compromised intermediate or set of such nodes work in collusion and carries out attacks such as creation of routing loops, routing of packets on nonoptimal path and dropping of packets which results in degradation of routing service. Byzantine Algorithm: The protocol prevents the network from the Byzantine attack. This protocol consists of following steps[1]. 1. 2. 3. Route Discovery: The source node broadcast a RREQ packet to the destination. The RREQpacket contains sequence number, source ip address, destination ip address, weight list and private key for authentication of its neighbours. The intermediate nodes receive RREQ packet and compare it in check list and rebroadcast the packet. The destination node detects the RREQ packet and verifies the key and unicast a RREP message. The source node compares the received path with the existing path and chooses the better path. Fault Detect: The intermediate node also known as probe node send a ACK message to source node .Threshold value is set if the NACK message are above the threshold fault is generated in the path. © 2014, Lord Krishna College of Engineering Ghaziabad, India Page | 33 Tomar et al., International Journal of Advanced Research in Computer Science and Software Engineering 4(2), February- 2014, pp. 32-35 4. Link weight management: In this step of protocol the weight of the link are calculated .The route discovery phase link with lower weight are better. Route Discovery Byzantine fault detection Link Weight Manageme nt Figure 3 Byzantine algorithm Resource consumption attack: In this attack, an attacker tries to consume or waste the resource of the node in the network .These resources are scarce resources (such as battery power, bandwidth, and computational power) which have limited supply to the node. Routing attacks [9]: There are several attacks on routing protocol to disrupt the normal operation of the networks. Brief descriptions of routing attacks are given below:Routing table overflow: In this case, the attacker creates route to non-existent nodes in order to cause an overflow of the routing tables. This would result in the hindrance of creation of entries corresponding to new routes to valid nodes. Packet replication: In this case the attacker replicates the stale packets which result in the consumption additional bandwidth and battery power resources available to the nodes. This would also result in confusion in the routing process. III. TRANSPORT LAYER ATTACKS There are attacks specific to the transport layers. Description of different transport layer attacks is given below: Session hijacking: In the session hijacking, the attacker spoofs the target IP address and determines the correct sequence number. After that, attacker performs the Denial of Service attack on the target. This would result in the unavailability of the target node is unavailable in the network. SYN flooding attack [3]: In this type of attack, a malicious node sends a large amount of SYN packet to the target node. On receiving the SYN Packet, target node will send back SYN-ACK to the attacker. After that, target node will waits for the response of the ACK packets, in the half open connection. Target node will then copy all the half open connection in a fixed size table. Half open connection expires because of the time out for the pending connection. However, malicious node continues sending the request packet that requests the new connections faster the expiration of the pending connection. IV. APPLICATION LAYER ATTACKS Repudiation attack [2]: Repudiation refers to the denial of participation in the connection for example a selfish person could deny conducting an operation on a credit card, denial of bank transactions. Therefore application layer firewall is needed to prevent against this type of attacks. V. CONCLUSION In this survey paper we study different security attacks in MANET. The infrastructure less and decentralized administration make such network vulnerable to attacks. In this paper we studied how different layer under protocol stack become vulnerable to various attacks. In future we will try to invent such algorithms that will detect the malicious node in the network to prevent the attack from malicious node. REFERENCES [1] Ms. Parul Tomar , Prof. P.K. Suri , and Dr. M. K. Soni “A Comparative Study for Secure Routing in MANET” International Journal of Computer Applications (0975 – 8887) Volume 4 – No.5, July 2010. [2] http://www.slideshare.net/piyushmittalin/security-in-mobile-ad-hoc-networks. [3] Abhay Kumar Rai , Rajiv Tewari and Saurabh Kant Upadhyay, “ Different Types of Attacks on Integrated MANET-internet communication”, International Journal of Computer Science and Security (IJCCSS), Volume-4, Issue-3. [4] Sunil Taneja and Ashwani Kush, “A Survey of Routing Protocols in Mobile Ad Hoc Networks”. [5] Vikrant Gokhale, S.K.Gosh, and Arobinda Gupta, “Classification of Attacks on Wireless Mobile Ad Hoc Networks and Vehicular Ad Hoc Networks a Survey”. [6] Sukla Banerjee, “Detection and removal of Cooperative Black and gray hole attack in MANET”, In proceedings of the world congress on engineering and computer science 2008 WCECS 2008 ,October 22-24,2008 ,San Francisco,USA. © 2014, Lord Krishna College of Engineering Ghaziabad, India Page | 34 Tomar et al., International Journal of Advanced Research in Computer Science and Software Engineering 4(2), February- 2014, pp. 32-35 [7] Gagandeep, Aashima, and Pawan-Kumar, “Analysis of different Security Attacks in MANETs on Protocol Stack A-Review”, International Journal of Engineering And Advanced Technology, Volume-1, Issue-5, June 2012. [8] http://www.taibahu.edu.sa/iccit/allICCITpapers/pdf/p794-sofi.pdf [9] http://www.ukessays.com/essays/computer-science/an-overview-of-manets-computer-science-essay.php [10] Ashwani Kush, Phalguni Gupta, Ram Kumar, “Performance Comparison of Wireless Routing Protocols”, Journal of the CSI, Vol. No.2, April-June 2005. [11] Zubair Muhammad Fadlullah, TarikTaleb, and Marcus Scholler, “Combating against Security Attacks against Mobile Ad Hoc Networks(MANETs)”. © 2014, Lord Krishna College of Engineering Ghaziabad, India Page | 35