Empfohlen
Weitere ähnliche Inhalte
Andere mochten auch
Andere mochten auch (17)
Ähnlich wie eaack-a secure ids for manet
Ähnlich wie eaack-a secure ids for manet (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
eaack-a secure ids for manet
- 2. EAACK—A Secure IntrusionDetection System for MANETs 11/06/13 Dept. of ECE 2
- 3. Contents Introduction What is MANET???? Need For IDS???? IDS 1. 2. 3. Watch dog TWOACK AACK EAACK Performance Evaluation Simulation configuration Advantages Future enhancement Conclusion Reference 11/06/13 Dept. of ECE 3
- 4. Introduction MANET -Mobile Ad hoc NETworks IDS -Intrusion Detection Systems EAACK-Enhanced Adaptive ACKnowledgement 11/06/13 Dept. of ECE 4
- 5. Mobile Ad hoc NETworks Wireless network Ad hoc = “for this PURPOSE” Used to exchange information NODES = transmitter + receiver Nodes may be mobile Each node is willing to forward data to other nodes Communcation can be direct or indirect Nodes communicates directly within their ranges Otherwise rely on neighbours (indirectly) 11/06/13 Dept. of ECE 5
- 6. Continuation..... Properties of MANETs No fixed infrastructure Self configuring ability Dynamic topology Decentralized network 11/06/13 Dept. of ECE 6
- 7. Continuation…. Routes between nodes may contain multiple hops Nodes act as routers to forward packets for each other Node mobility may cause the routes change B A A B C C D D 11/06/13 Dept. of ECE 7
- 8. Continuation…. Application of MANETS Military application ◦ Combat regiment in the field ◦ Perhaps 4000-8000 objects in constant unpredictable motion. ◦ Intercommunication of forces ◦ Proximity, plan of battle Sensor networks Automotive networks Industrial application 11/06/13 Dept. of ECE 8
- 9. MANET vulnerable to malicious attackers o Open medium o Wide distribution of nodes Routing protocols assumes nodes are always cooperative Nodes are not physically protected 11/06/13 Dept. of ECE 9
- 10. IDS Intrusion Detection System Detect and report the malicious activity in ad hoc networks Researchers have proposed a number of collaborative IDS system 1. Watch dog 2. TWOACK 3. AACK 11/06/13 Dept. of ECE 10
- 11. Watch dog 11/06/13 Dept. of ECE 11
- 12. Ambiguous collision 11/06/13 Dept. of ECE 12
- 13. Receiver collision 11/06/13 Dept. of ECE 13
- 14. Limited transmission power 11/06/13 Dept. of ECE 14
- 15. False misbehaviour report 11/06/13 Dept. of ECE 15
- 17. Continuation.... Acknowledgment-based Neither network layer scheme an enhancement or watch dog based scheme Acknowledge every data packet transmitted over every three consecutive nodes On receiving a packet , each node is required to send back an acknowledgment packet to the node that is two hops away from it. Solves receiver collision and limited transmission power problem Network 11/06/13 overhead is present Dept. of ECE 17
- 18. AACK Adaptive ACKnowledgement Acknowledgment-based network layer scheme Reduce network overhead Combination of TACK (similar to TWOACK) and ACK ACK-End to end acknowledgment scheme 11/06/13 Dept. of ECE 18
- 19. •ACK •S will switch to TACK scheme if it doesn’t get any ACK packet within predefined time 11/06/13 Dept. of ECE 19
- 20. The need of new IDS??? Both TWOACK and AACK fails in 1. False misbehaviour report 2. Forged acknowledgement packet 11/06/13 Dept. of ECE 20
- 21. EAACK Enhanced Adaptive ACKnowledgement Efficient and secure intrusion detection system for MANETs Higher malicious behaviour detection rates with minimal effect on network performance EAACK mechanism can be divided to three schemes 1. ACK(end to end acknowledgement scheme) 2. S-ACK(Secure ACK) 3. MRA(Misbehaviour Report Authentication) 11/06/13 Dept. of ECE 21
- 22. 1. ACK End-to-end acknowledgment scheme Brings extremely low network overhead To preserve the life cycle of battery Low network overhead Lom memory consumption 11/06/13 Dept. of ECE 22
- 23. ACK scheme 11/06/13 Dept. of ECE 23
- 24. 2.S-ACK Secure ACK Extension of TWOACK with digital signature Switch from ACK if S does not receive any acknowledgement packet Detect misbehaving nodes by sending SACK packet Every three consecutive nodes work in a group to detect misbehaving nodes 11/06/13 Dept. of ECE 24
- 25. S-ACK scheme Who is malicious?? F1,F2 OR F3??? 11/06/13 Dept. of ECE 25
- 26. NONE IS MALICIOUS .............. Route is F1 F2 F3 F1 sends S-ACK data packet to F3 via the route F2 F3 Before sending F1 store # value of data packet and sending time F2 receives packet from F1 and forward to F3 F3 receives the data packet and send S-ACK acknowledgement ◦ Contain # value and digital signature of F3 11/06/13 Dept. of ECE 26
- 27. This S-ACKnowledgement is send back to the reverse route F1 receives it and verify digital signature by computing with F3 public key. If there is no malicious nodes ,then the received hash value ==original hash value 11/06/13 Dept. of ECE 27
- 28. F1 IS MALICIOUS •False misbehaviour attack •In EAACK,it initiates MRA scheme. 11/06/13 Dept. of ECE 28
- 29. F2 IS MALICIOUS •Digital signature of F3 is needed •Prevent forged acknowledgement 11/06/13 Dept. of ECE 29
- 30. F3 IS MALICIOUS •If F3 refuses to send back acknowledgement packets, it will be marked as malicious 11/06/13 Dept. of ECE 30
- 31. 3.MRA Misbehaviour Report Authentication Designed to resolve the false misbehaviour report attack Such attack can break the entire network Basic idea - Authenticate whether the destination node has received the reported missing packet Alternate route is needed MRA packet is send via this alternate route MRA packet contains the ID of the packet that has been reported dropped Destination node search if there is a match 11/06/13 Dept. of ECE 31
- 32. Continuation... If there is match,the report is fake and node ,whoever sends it, is marked as malicious If there is no match,the report is trusted. 11/06/13 Dept. of ECE 32
- 33. EAACK SCHEME 11/06/13 Dept. of ECE 33
- 34. Performance Evaluation Packet delivery ratio (PDR): Ratio of the number of packets received by the destination node to the number of packets sent by the source node. Routing overhead (RO): RO defines the ratio of the amount of routingrelated transmissions. 11/06/13 Dept. of ECE 34
- 35. Simulation configuration Scenario 1: Malicious nodes drop all the packets that pass through it. Scenario 2: Set all malicious nodes to send out false misbehavior report to the source node whenever it is possible Scenario 3: Provide the malicious nodes the ability to forge acknowledgment packets. 11/06/13 Dept. of ECE 35
- 37. ADVANTAGES Solves limited transmission power and receiver collision problem. Capable of detecting misbehaviour attack Ensure authentication and packet integrity Digital signatures prevents the attack of forge acknowledgement packets 11/06/13 Dept. of ECE 37
- 38. FUTURE ENHANCEMENT Possibilities of adopting hybrid cryptography techniques to further reduce the network overhead caused by digital signature. Examine the possibilities of adopting a key exchange mechanism to eliminate the requirement of predistributed keys. Testing the performance of EAACK in real network environment. 11/06/13 Dept. of ECE 38
- 39. Conclusion EAACK makes MANETs more secure The major threats like false mis behaviour report and forge acknowledgement can be detected by using this scheme. 11/06/13 Dept. of ECE 39
- 40. REFERENCE EAACK—A Secure Intrusion-Detection System for MANETs by Elhadi M. Shakshuki, Senior Member, IEEE, Nan Kang, and Tarek R. Sheltami, Member, IEEE Detecting Misbehaving Nodes in Mobile Ad hoc Networks by Nan Kang 11/06/13 Dept. of ECE 40