Skip to search form Skip to main content Skip to account menu You are currently offline. Some features of the site may not work correctly. Save to Library Save. Create Alert Alert. Share This Paper. Background Citations. Methods Citations. Figures and Tables from this paper. Citation Type. Has PDF. Publication Type. More Filters. As nodes are mobile they can move arbitrarily, … Expand. View 1 excerpt, cites background. The mobile devices can move freely and dynamically within their self organize and temporary ad hoc … Expand.
Due to the high flexibility, these kind of networks are heavily used in rescue … Expand. AODV always give preferences to fresh or new information, thus node updates its routing table if they receive a message with a sequence number higher than the last recorded one for the destination. Reader can go through AODV links for more detailed information. In order to protect against insider attacks, it is necessary to understand how an insider can attack a wireless ad-hoc network.
Several attacks have been discussed in several literatures. In this chapter we have discussed different existing threats on AODV protocols with references to the above mention literatures. On the basis of actions performed by the interceptor they can be categorizes as follows.
For example, in the network illustrated in Fig. Below are detailed several of the attacks that can occur if particular fields of routing messages in specific routing protocols are altered or falsified. Subsequent traffic destined for D that travels through A will be directed toward M.
Malicious nodes can increase the chances they are included on a newly created route by resetting the hop count field of the RREQ to zero.
Such an attack is most threatening when combined with spoofing. Consequently, when an authentic intermediate node receives the altered packet, it attempts to forward the packet to destination but fails because of altered route send by M. After retransmitting the packet a specified maximum number of attempts, the intermediate node should return a route error message to the source node. But the malicious node M which is sitting in between the path may continue the denial-of-service attack by dropping this route error message.
A tunneling attack is where two or more nodes may collaborate to encapsulate and exchange messages between them along existing data routes. One vulnerability is that two such nodes may collaborate to falsely represent the length of available paths by encapsulating and tunneling between them legitimate routing messages generated by other nodes.
In this case, tunneling prevents honest intermediate nodes from correctly incrementing the metric used to measure path lengths.
Solid lines denote actual paths between nodes, the thin line denotes the tunnel, and the dotted line denotes the path that M1 and M2 falsely claim is between them.
If route instantiation is determined by metrics that are governed solely by the operation of the routing protocol such as a hop count metric , tunneling can cause routing metrics to be misrepresented. Only an unalterable physical metric such as time delay can provide a dependable measure of path length. The following example illustrates how an impersonation attack can work in AODV. A malicious node can intentionally come close to the nodes each node and behave as other valid node by modifying its MAC address to their address and can send false routing message to divert the route towards it.
The attacker can perform this attack in such a way that all neighbouring node may fall in a loop link and isolated from all other node of the network. Such attacks can be difficult to verify as invalid constructs, especially in the case of fabricated error messages that claim a neighbor cannot be contacted. A malicious node M can launch a denial-of-service attack against a destination node D which has only link to M by continually sending route error messages to its neighbouring nodes, indicating a broken link between nodes M and D.
Any node receives the spoofed route error message thinking that it came from a valid node deletes its routing table entry for D and forwards the route error message on to its neighbours.
The goal of the attacker is to create enough routers to prevent new routes from being created or overwhelm the protocol. Implementation and flush out legitimate routes from routing tables. Proactive routing algorithms attempt to discover routing information even before they are needed, while reactive algorithms create only when they are needed.
This makes proactive algorithms more vulnerable to table overflow attacks. Intuitively, atomic misuses are performed by manipulating a single routing message, which cannot be further divided.
In contrast, compound misuses are composed of multiple atomic misuses, and possibly normal uses of the routing protocol. First, it is necessary to identify a number of misuse goals that an inside attacker may want to achieve, and then study how these goals may be achieved through misuses of the routing messages. The misuse goals that we have considered are listed as follows.
Route Disruption RD :- Route Disruption means either breaking down an existing route or preventing a new route from being established. Figure 3: The malicious node M performs route disruption by breaking the existing route between A and C Route Invasion RI :- Route invasion means that an inside attacker adds itself into a route between two endpoints of a communication channel. Figure 2: Malicious node achieves route invasion by adding itself to the route between A to D Node Isolation NI :- Node isolation refers to preventing a given node from communicating with any other node in the network.
It differs from Route Disruption in that Route Disruption is targeting at a route with two given endpoints, while node isolation is aiming at all possible routes.
Figure 3: Node C has been isolated by the attacker M from rest of the nodes in the network. Resource Consumption RC :- Resource consumption refers to consuming the communication bandwidth in the network or storage space at individual nodes. For example, an inside attacker may consume the network bandwidth by either forming a loop in the network.
As an example, Route Disruption, route, Invasion and Route Isolation has been shown diagrammatically using figure 1, 2 and 3 respectively. Analysis of atomic misuses can be done in an effective way through understanding the effects of possible atomic misuse actions.
Each atomic misuse action is an indivisible manipulation of one routing message. Specifically, the atomic misuse actions in AODV have been divided into the following four categories: Drop DR : Here, the attacker simply drops the received routing message. Modify and Forward MF : After receiving a routing message, the attacker modifies one or several fields in the message and then forwards the message to its neighbor s via unicast or broadcast. Forge Reply FR : The attacker sends a faked message in response to the received routing message.
Active Forge AF : The attacker sends a faked routing message without receiving any related message. As already mentioned that compound misuse can be performed by combining atomic misuses, one category of compound misuse is to simply repeating the same type of atomic misuses.
0コメント