3. Contents
Introduction
What is MANET????
Need For IDS????
IDS
1.
2.
3.
Watch dog
TWOACK
AACK
EAACK
Performance
Evaluation
Simulation configuration
Advantages
Future enhancement
Conclusion
Reference
11/06/13
Dept. of ECE
3
4. Introduction
MANET -Mobile Ad hoc NETworks
IDS
-Intrusion Detection Systems
EAACK-Enhanced Adaptive ACKnowledgement
11/06/13
Dept. of ECE
4
5. Mobile Ad hoc NETworks
Wireless network
Ad hoc = “for this PURPOSE”
Used to exchange information
NODES = transmitter + receiver
Nodes may be mobile
Each node is willing to forward data to other nodes
Communcation can be direct or indirect
Nodes communicates directly within their ranges
Otherwise rely on neighbours (indirectly)
11/06/13
Dept. of ECE
5
7. Continuation….
Routes
between nodes may contain multiple hops
Nodes act as routers to forward packets for each other
Node mobility may cause the routes change
B
A
A
B
C
C
D
D
11/06/13
Dept. of ECE
7
8. Continuation….
Application
of MANETS
Military application
◦ Combat regiment in the field
◦ Perhaps 4000-8000 objects
in constant unpredictable
motion.
◦ Intercommunication of forces
◦ Proximity, plan of battle
Sensor networks
Automotive networks
Industrial application
11/06/13
Dept. of ECE
8
9. MANET
vulnerable to malicious attackers
o Open medium
o Wide distribution of nodes
Routing
protocols assumes nodes are
always cooperative
Nodes are not physically protected
11/06/13
Dept. of ECE
9
10. IDS
Intrusion
Detection System
Detect and report the malicious activity in ad hoc
networks
Researchers have proposed a number of
collaborative IDS system
1. Watch dog
2. TWOACK
3. AACK
11/06/13
Dept. of ECE
10
17. Continuation....
Acknowledgment-based
Neither
network layer scheme
an enhancement or watch dog based scheme
Acknowledge
every data packet transmitted over every
three consecutive nodes
On
receiving a packet , each node is required to send
back an acknowledgment packet to the node that is two
hops away from it.
Solves
receiver collision and limited transmission power
problem
Network
11/06/13
overhead is present
Dept. of ECE
17
19. •ACK
•S will switch to TACK scheme if it doesn’t
get any ACK packet within predefined time
11/06/13
Dept. of ECE
19
20. The need of new IDS???
Both TWOACK
and AACK fails in
1. False misbehaviour report
2. Forged acknowledgement packet
11/06/13
Dept. of ECE
20
21. EAACK
Enhanced Adaptive ACKnowledgement
Efficient
and secure intrusion detection
system for MANETs
Higher malicious behaviour detection rates
with minimal effect on network performance
EAACK mechanism can be divided to three
schemes
1. ACK(end to end acknowledgement scheme)
2. S-ACK(Secure ACK)
3. MRA(Misbehaviour Report Authentication)
11/06/13
Dept. of ECE
21
24. 2.S-ACK
Secure ACK
Extension
of TWOACK with digital
signature
Switch from ACK if S does not receive
any acknowledgement packet
Detect misbehaving nodes by sending SACK packet
Every three consecutive nodes work in a
group to detect misbehaving nodes
11/06/13
Dept. of ECE
24
26. NONE IS
MALICIOUS ..............
Route
is F1 F2 F3
F1 sends S-ACK data packet to F3 via the
route F2 F3
Before sending F1 store # value of data
packet and sending time
F2 receives packet from F1 and forward to
F3
F3 receives the data packet and send S-ACK
acknowledgement
◦ Contain # value and digital signature of F3
11/06/13
Dept. of ECE
26
27. This
S-ACKnowledgement is send back
to the reverse route
F1 receives it and verify digital signature
by computing with F3 public key.
If there is no malicious nodes ,then the
received hash value ==original hash value
11/06/13
Dept. of ECE
27
28. F1 IS MALICIOUS
•False misbehaviour attack
•In EAACK,it initiates MRA scheme.
11/06/13
Dept. of ECE
28
29. F2 IS MALICIOUS
•Digital signature of F3 is needed
•Prevent forged acknowledgement
11/06/13
Dept. of ECE
29
30. F3 IS MALICIOUS
•If F3 refuses to send back acknowledgement
packets, it will be marked as malicious
11/06/13
Dept. of ECE
30
31. 3.MRA
Misbehaviour
Report Authentication
Designed to resolve the false misbehaviour report
attack
Such attack can break the entire network
Basic idea - Authenticate whether the destination node
has received the reported missing packet
Alternate route is needed
MRA packet is send via this alternate route
MRA packet contains the ID of the packet that has been
reported dropped
Destination node search if there is a match
11/06/13
Dept. of ECE
31
32. Continuation...
If
there is match,the report is fake and
node ,whoever sends it, is marked as
malicious
If there is no match,the report is trusted.
11/06/13
Dept. of ECE
32
34. Performance Evaluation
Packet
delivery ratio (PDR): Ratio of
the number of packets received by the
destination node to the number of
packets sent by the source node.
Routing overhead (RO): RO defines
the ratio of the amount of routingrelated transmissions.
11/06/13
Dept. of ECE
34
35. Simulation configuration
Scenario
1: Malicious nodes drop all the
packets that pass through it.
Scenario
2: Set all malicious nodes to
send out false misbehavior report to the
source node whenever it is possible
Scenario
3: Provide the malicious nodes
the ability to forge acknowledgment
packets.
11/06/13
Dept. of ECE
35
37. ADVANTAGES
Solves
limited transmission power and
receiver collision problem.
Capable of detecting misbehaviour attack
Ensure authentication and packet integrity
Digital signatures prevents the attack of
forge acknowledgement packets
11/06/13
Dept. of ECE
37
38. FUTURE ENHANCEMENT
Possibilities of adopting hybrid
cryptography techniques to further
reduce the network overhead caused by
digital signature.
Examine the possibilities of adopting a
key exchange mechanism to eliminate
the requirement of predistributed keys.
Testing the performance of EAACK in
real network environment.
11/06/13
Dept. of ECE
38
39. Conclusion
EAACK
makes MANETs more secure
The major threats like false mis
behaviour report and forge
acknowledgement can be detected by
using this scheme.
11/06/13
Dept. of ECE
39
40. REFERENCE
EAACK—A Secure
Intrusion-Detection System for
MANETs by Elhadi M. Shakshuki, Senior Member,
IEEE, Nan Kang, and Tarek R. Sheltami, Member,
IEEE
Detecting Misbehaving Nodes in Mobile Ad hoc
Networks by Nan Kang
11/06/13
Dept. of ECE
40