Improving Intrusion Detection in MANETs. Researching Systems in Mobile Ad Hoc Networks

Table of Contents

Abstract

Introduction

Security Concerns in Mobile Networking

MANETs

Security Concerns with MANETs

Threats and Countermeasures
Routing for MANETS
Routing Protocols
Insecurities in MANET Routing Protocols
Intrusion Detection for MANETs

Conclusion

References

Bibliography

Abstract

This paper investigates the rise in popularity of MANETs (Mobile Ad Hoc Networks) and discusses their valuable role in all manner of situations that require a rapid deployment, and a highly flexible and dynamic approach to mobile networking. The paper examines the advantages, along with the limitations of MANETs, and identifies many of the current security concerns. Examining these concerns has exposed DoS attacks as being of high priority when planning for, and provisioning a secure network. The role of the IDS has been identified as being a crucial element in the security requirements. However, it has also been identified that the IDS is not a single solution, and that there are a number of options available, each suited to a particular scenario. Many of the IDS solutions have been identified as being complex and difficult to administer and maintain, and can lead to aggressive resource consumption.

In conclusion to this paper it is felt that there is further work to be done to ` develop a low resource intensive node based IDS design methodology to help protect MANET nodes from DoS attacks’.

Introduction

The ubiquitous nature of mobile communications means that connecting to the home, corporate or cellular network for many has now become a common occurrence, and in many situations even essential. The growth of 802.11 wireless networking along with 3&4G fixed cell mobile communications is evident, and widely publicised. Snyder (2012) discussed the growth of wireless technologies and identified the importance of harnessing the vast potential within this area of technology, such as in education, news and media, military, automotive, also medical applications, such as in-body communications. Snyder (2012) also states that ‘wireless technology is one of the fastest growing technologies that are being implemented by various industries`.

illustration not visible in this excerpt

Figure 1: Growth in Mobile data traffic. (Cisco 2013)

Cisco (2013) predicts a 66% growth in mobile data traffic from 2012 to reach 11.2 Exabytes by 2017; this predicted growth can be seen in figure 1. This is growth so far is reported as being a `13 fold increase on 2012’. The white paper does identify that 41% of the 11.2 Exabytes of mobile data traffic will be consumed by Asia Pacific (APAC) users, and 18.7% by North American users. Cisco (2013) identifies that a major factor in the growth of mobile data traffic will be largely due to the increased availability, and the lower cost of mobile devices. Figure 2 shows the relationship between this predicated mobile data traffic consumption and the percentage of mobile devices that are predicted to consume the data.

illustration not visible in this excerpt

Figure 2: Data consumption by device. (Cisco 2013)

The mobile devices required to allow the user to connect to mobile networks are easily accessible, relatively inexpensive and easy for the end user to operate. Many organisations now allow users to access the network via personal mobile devices, this allows employees and visitors the flexibility to access documents, keep up to date with appointments, check emails and even make VoIP calls. This suggests a new paradigm in the way organisations are allowing employees to connect to the corporate network. This new shift in working practices brings with it new challenges for the security planners and network administrators. Allowing employees to access the corporate network via their own mobile device could have the potential to cause disruption to the network, introduce malware, or even result in a breach of the organisation’s data protection agreement. PWC (2013) reported that 9% of large organisations were subject to a data or security breach in the last year; these breaches were a result of smart phones and table PC accessing the corporate network. The report suggests that many organisations are falling behind on the issue of securing employee owned mobile devices when accessing the network, the report also identifies that one third of small businesses have not thought about mobile security. The survey also identifies security concerns relating to mobile devices and the increasing use of BYOD (Bring Your Own Devices). Deloitte (2013) conducted a survey of 120 large organisations with the aim of gathering data on current security considerations and concerns. The results show that there has been 74% increase in the use of BYODs, and that this will only continue to grow. The report also states that the increase in BYODs has caused considerable `security headaches’ and suggested that the organisational security is becoming difficult to manage and these user devices are beginning to blur the traditional security boundaries. From this it would be safe to assume that there is much to be studied and learned about this shift in paradigm and that network and security administrators should have a sound understanding of threats posed from intentional and unintentional security breaches on both the wired and wireless network infrastructure.

Security Concerns in Mobile Networking

Network security is now very high on the agenda of any organization with an ICT infrastructure. Chan Tin (2010) stated that `some’ newspapers had reported that a number of gambling website owners have been paying blackmailers not to attack and bring down their servers. Unfortunately Chan-tin made no reference to identify the sources that were said to be the recipients of these blackmail attempts. Prolexic (2013) released an article stating that that a number of organisations that own online gambling sites have been subject to blackmail attempts. The perpetrators of the blackmail attempts were reported to have demanded up to $50,000 to prevent ‘new waves’ of DoS attacks from bringing down the online gambling sites. The blackmailers are reported to have used a version of the Dirt-Jumper DDoS Toolkit to carry out attacks on the gambling servers. This does appear to highlight the fact that, although DoS attacks have been around quite a while in terms of networked communications, they may still pose a significant threat to organisations that have an online presence. DoS attacks on wired networked systems have been well documented since the 1980’s, with that, mitigation strategies for the numerous variants of DoS attacks have also been documented. The threat of a DoS attack is no longer solely in the domain of the wired network, DoS attacks are now known to pose a significant threat to mobile IP communications. Lee et al (2007) discussed the potential of a DoS attack faced by 3G mobile handsets. The vulnerability was identified as existing at the control plane of 3G devices, and as this is a lower level feature of the operating system architecture, Lee et al (2007) suggest that this type of DoS attack, referred to as a signalling attack will bypass current intrusion detection devices.

The growth in demand for wireless connectivity as an adjunct to the traditional wired network infrastructure shows no sign of abating, nor does the demand for more flexibility and mobility. With the popularity of BYOD (Bring Your Own Devices) and cloud computing we are now starting to see challenges for the network administrator, challenges from within the network boundary. Patrolling and controlling what goes on at the network edge is now only part of the process of securing the network. Dearing (2013) highlighted this by suggesting that the ‘urgency concerning the ability to effectively monitor what is happening inside the bounds of the network is growing rapidly’.

The rise in popularity of mobile communications has seen an increase in the use and deployment of 802.11 Wireless Local Area Networks (WLANs). The popularity of WLANs can be attributed to the relatively low cost and ease of deployment. An important consideration when discussing security in the context of wireless networks is that most WLANs are merely extensions to the wired infrastructure adding flexibility and mobility. Arockiam & Vani (2010) indicated that `one of the major attacks 802.11 WLANs face is DoS attacks’. The empirical evidence supporting this claim came from carrying out a number of experiments in a WLAN environment. The results of the experiments showed that Wireless devices were susceptible to disassociation flooding and deauthentication DoS attacks. Mölsä (2005) stated that DoS attacks are a far more serious threat to mobile ad-hoc networks than they are to wired networks. This is identified as being mostly due to the complexities of the dynamic network topology and the open architecture associated with MANETs. Mölsä (2005) also identifies DoS attacks on military mobile communications, the type of DoS attacks discussed were associated with mobile routing protocols, and states that these ‘sub-types’ of DoS attacks are among the most widely researched. The forwarding and routing processes on many devices that run routing protocols are carried out at the control plane. It had been seen in (Lee et al 2007) that low level attacks that occur at the control plan are difficult for IDSs to detect. The survey on security breaches carried out by (PWC 2013) identified that 39% of large companies had experienced a DoS attack, which was up 30% from the previous year. Although, these figures are not identified as relating directly to wired or wireless breaches, it does suggest that DoS attacks on organisations are on the increase. Also from the survey results it can be seen that large organisations do place more emphasis on security that SMEs.

There has been much written about the subject of wireless technologies in the popular media, and as this paper has so far proven, the use of mobile devices being used to connect to the home, work or 3/4G service provider networks show no sign of slowing down. The numerous popular technology publications, both online and on the magazine stands are starting to report on well known security issues relating mobile devices, and many are offering the user guidance on how to protect their home wireless network, or their mobile device. However, there is little written in the popular technology press on the subject of MANETs (Mobile Ad-Hoc Networks) which is now starting to mature as a mobile communications technology. The remainder of the paper will look at MANETs, the importance and growth of MANETs, along with security concerns and any the mitigation strategies that are available.

MANETs

There is a relatively new, but very important development in mobile communications that does not receive as much public attention as say 3/4G or 802.11 networks. MANETs (Mobile Ad-Hoc Networks) have been developed to work in the most remote and inhospitable environments on the planet, either on land, sea or air, areas where other wireless technologies would not be able operate effectively. The fact that MANETs are not as fixed in the public domain as its wireless counterparts should not detract from the importance of MANETs.

MANETs are self-configuring communications networks that can be used in search and rescue situations, for military applications, and for commercial and education environments. The importance of wireless communications in disaster situations was highlighted in the immediate aftermath of the 9/11 terrorist attack on the world trade centre (Malone 2004). On the night of September 11th 2001 the WERT (Wireless Emergency Response Team) was setup in an effort to coordinate and centralise the rescue effort, as the communications between emergency services, rescue workers and survivors trapped at the site were mostly by way of one-to-one cellular connections.

MANETs differ from fixed wireless infrastructures such as cellular and wireless LAN (Local Area Network) extensions in that each end device, referred to as the node, can act as a transmitter, receiver, repeater and router. Each node is mobile and is free to roam in and around the network. Each node must be able to administer its own resources such as power management, memory, routing information and security services. Torres et al (2012) discussed the ‘finite resources’ of MANET nodes in rescue and emergency scenarios, and identified the importance of carefully managing these resources. The authors also discussed the need for continuity in communications throughout the network, even more so when deployed in military or search and rescue scenarios where the safety and well-being of individuals is at stake.

Security Concerns with MANETs

So far this paper has looked at the growth in mobile communications and identified that there is strong evidence that like their wired counterparts, mobile communications technologies are still susceptible to DoS attacks. In this paper it has been proven that the threat of DoS attacks are of major concern to organisations, especially were websites, server and WAPs are concerned. However, when one considers the mission critical nature of a MANET node in, for instance, a medical, military or search and rescue application it is clear to see that a successful DoS attack carried out on a MANET node could have could have disastrous or even fatal consequences. The remainder of this paper will focus on security concerns associated MANETs and in particular DoS attacks.

MANETs by their design and configuration are considered more susceptible to attacks than their wired counterparts. As with any network design, thorough consideration should be given to providing security services that attempt to ensure availability, authentication, confidentiality, integrity and non-repudiation (Bhaya & Alasada 2011). The taxonomy of attacks on MANETs can be divided into two distinct categories, namely passive attacks and active attacks (Sharma & Bhadana 2010). Table 1 identifies a number of examples of security threat and classifies them as either active for passive types of attack.

Abbildung in dieser Leseprobe nicht enthalten

Table 1: Passive and Active attacks. (Sharma et al 2011)

Passive attacks occur when transmissions are covertly intercepted by a rogue node, generally with the intension of gathering important information such as sensitive data, usernames and passwords, or data relating to the physical or logical topology of the network. Active attacks are conceived to cause disruption to the operation of the network in a much more overt manner. Active attacks can cause noticeable disruptions on normal operations of services or processes, force the overuse of bandwidth or node resources, and even cause instability in the routing protocols used. There has been much written on the subject of security concerns associated with MANETs, and a large proportion of the published works on the subject covers network layer issues such as security relating to the various routing protocols available for use in MANETs. In table 2 a number of threats to MANETs have been identified, these threats have been linked to a corresponding layer of the OSI model; this indicates that MANETs have vulnerabilities spanning the seven layer of the OSI model. The table does not contain a complete list of threats to MANETs as there are many more that could be discussed. The threats contained in the table represent only a sample set as there are a number of other threats and also, quite a few variations on a theme.

[...]