IJCET Revisiting Experiment Detecting Replay Modification

International Journal of Computer Engineering (IJCET), ISSN 0976 – 6367(Print),
International Journal of Computer Engineering and Technology
ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEME
and Technology (IJCET), ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online) Volume 1
IJCET
Number 2, Sep - Oct (2010), pp. 118- 132 ©IAEME
© IAEME, http://www.iaeme.com/ijcet.html

REVISITING THE EXPERIMENT ON DETECTING OF
REPLAY AND MESSAGE MODIFICATION
Prof.D.P.Gaikwad
Assist. Prof. in Computer Engineering Department
AISSM S’s COE, Pune
E-Mail: dp.g@rediffmail.com

Dr. J V Aghav
Associate Professor in Computer Department
College of Engineering, and Pune
ABSTRACT
The wireless networks and mobile computing applications are rapidly changing
the landscape of network security. These technologies create new vulnerabilities that do
not exist in wired network. Some of the techniques and methods of network securities are
ineffective. The traditional way of protecting networks with firewalls and encryption
software are not sufficient for detecting new types of attack in wireless environment. So,
we need to develop new architecture and mechanisms to protect the wireless networks
and mobile computing applications. Many network security systems available in market
are capable to secure networks from various kinds of attacks. These techniques are rule
dependent and some are rule independent and they are playing important role in
information security. The modern network security systems are too complex and time-
consuming. These are not affordable on the basis of its cost as well as performance.
Many network security systems are not platform independent. In this paper, we
demonstrate and revisit experimental standalone methodologies that detect the message
modification, replay attacks, an identification of unauthorized users in ad-hoc networks.
The proposed system is simple, economical, and platform independent.
Keywords: Opponent, Intrusion, NIDS, Anomaly, Misuse, Ad-hoc Network, Digital
Signature, Wormhole.

118

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),

I INTORDUCTION
The network in which the physical connection is not exits is called as Wireless
network. The communication is done without physical communication media between
two wireless device or hosts. Due to this the speed of wireless communication is slower
than wired network. The mobility is the main feature of wireless network, so we can
move it from one place to another. Due to dynamic topology nature of the wireless
network, there are many possibilities to attack wireless devices. Now days, there are
many mobile computing applications in market. We need to develop and deploy intrusion
detection and response techniques to secure mobile computing applications. We can
broadly categorize the attacks in three groups as follows.
First of all, the passive eavesdropping to active interfering can be done by
opponent in wireless network. In wired network the opponent must gain the physical
access to the network and pass through the several lines of defense at firewall, router and
gateways level to connect with other device or host. So the opponent can not easily
attack any node in the network. But in wireless network, the attacks can come from all
directions and target at any node. The different attacks such as leaking secret information,
message modification, and node impersonation can be possible in wireless network.
Secondly, all mobile nodes are autonomous units in network that can
independently roam in entire network. The wireless nodes can be captured, compromised,
and hijacked easily with inadequate physical protection. It is difficult to detect
compromised node in global scale network. The attacks by a compromised node from
within the network may far more damaging and much harder. Therefore, mobile nodes
and the infrastructure must be prepared to operate in trusted network. We have used the
digital signature approach to build the trusted wireless network environment.
Third, the decision-making system in wireless network or mobile computing
environment is decentralized. The most wireless network algorithms depend on the
cooperative participation of all nodes and the infrastructure. In the decentralized authority
network, the opponent can exploit the new types of attacks that can break the cooperative
algorithms. In summarization, the wireless network has not a clear line of defense. It is
vulnerable due to its features of open medium, dynamic network topological change,

119


cooperative algorithms, lack of centralized monitoring and management point and lack of
a clear line of defense. Every wireless node must be prepared for encounters with an
opponent directly or indirectly. The opponent can not exploit any vulnerability in
network because the wireless network management is centralized in our system. In this
paper, we have focused on ad-hoc networks and propose a new model for detecting
message replay, modification attack and response.
II LITERATURE SURVEY
A. Attacks in Wireless Environment
We can define the wireless network in many ways as mobile ad-hoc network
which is a collection of wireless PCs or mobile phones that can be rapidly deployed as a
multi hop packet radio network without the aid of any infrastructure or any centralized
administration [2]. In other words or a mobile Ad-hoc network is a collection of nodes
that is connected through a wireless medium forming rapidly changing topologies.
Following are the special properties of mobile ad-hoc network which are essential for the
flexibility of a mobile ad-hoc network.
1. The communication media is wireless.
2. There is no consistency in network topology and membership in the evolving
environment.
3. There does not exist trust in the communication between two nodes.
4. There are limitations on bandwidth, battery lifetime, and computation power. This
prohibits the deployment of complex routing protocols or encryption algorithms [1].
The dynamic topology changing characteristic of Ad-hoc network allows node to
join and leave the connection to network at any point of time. So it can not secure the
network from vulnerabilities of attack.
There are many Security threats in wireless network. The data sends over the air
in Wireless LAN. So, the may be accessible outside the physical boundary of an
organization.
The wireless traffic can be intercepted and monitored by unauthorized person.
The wireless traffic should be encrypted for secure communication. If the traffic is not
encrypted properly, the packets can be viewed by anyone using adaptor. The some

120


program can receive, view, and store all packets circulating on a given Wireless LAN.
The transmitter jamming is also possible in wireless network. [5]. The Denial of Service,
Reduction of Service and Man in Middle are common attack in Wireless LAN. In these
attacks, the attacker sends malicious traffic in the network [6]. The Denial OF Service
attack is caused by flooding other wireless clients by duplicating IP or MAC address and
by sending bogus packets to target client. In Denial of Service attack, one user or a group
of user send too much information or requests to server. Due to large requests from
different clients, the server’s system resources such as memory, routing services,
application software, and operating system, processing bandwidth, queue position etc.
becomes busy. That is why the server cannot handle normal, valid requests made from
legitimate user [6].
The Cache Poisoning is attacks which can occur in network. In this attack, the
information stored in routing tables is deleted, injected or modified, with false
information. We need to observe and analyze these anomaly activities to protect network.
Black hole attack in which all traffic is redirected to a specific node only and may not
forward to any traffic. Routing Loop attack in which the loop is introduced in a route
path. Network Partition attack in which whole network is partitioned into sub- networks.
Due to partition, the nodes in different sub networks cannot communicate to each other
even though a route between them actually does exist. In Selfishness attack a node is not
serving as a relay to other nodes. In Fabricated Route Messages attack the Route
messages is modified with malicious information. An incorrect route is advertised into
the network or the opponent can modify the sequence number held in control messages to
the maximal allowed value. Rushing attack is same as route message attack. It can be
used to improve Fabricated Route Messages. In several routing protocols, some route
message types have the property that only the message that arrives first is accepted by a
recipient. The attacker simply disseminates a malicious control message quickly to block
legitimate messages that arrive later. Wormhole creates a tunnel between two nodes that
can be utilized to transmit packets secretly. In Packet dropping attack opponent node
drops data packets (conditionally or randomly) in network. Spoofing inject data or
control packets with modified source addresses. Malicious Flooding is same as DOS

121


attack which deliver unusually large amount of data or control packets to the whole
network or some target nodes.
Identifying the types of attacks and providing the solution to these attacks can be
done. Identifying the real time attacks also can be done in real-time by forming multiple
numbers of wireless nodes in the cluster. By implementing the Dynamic Source Routing
protocol we can detect and prevent the different attacks in wireless network.
B. Security Techniques in Wireless Environment
We have described some important security technique in very short. To provide
data confidentiality in wireless network as wired network the IEEE 802.11 Standard
Wired Equivalent Privacy encryption mechanism is used [8, 9]. Equivalent Privacy
encryption mechanism uses the RC4 stream ciphering encryption algorithm. Wired
Equivalent Privacy encryption mechanism is used to protect wireless communication
from eavesdropping and to prevent unauthorized access to network. Wired Equivalent
Privacy encryption mechanism uses a single, static shared key which is strong weakness
of it [9].
The Virtual Private Network technology is another solution for securing the
wireless data. It is used to secure communications between remote locations via the
Internet. The client of Wireless Network uses a Virtual Private Network tunnel in which
communication data remain encrypted until it reaches the gateway of Virtual Private
Network or Access Point (AP). The Virtual Private Network is not self-managing
technology. The alternative solution is Wi-Fi Protected Access. The Wi-Fi Protected
Access eliminates most 802.11 security issues because it adopts a Temporal Key
Integrity Protocol for data confidentiality and authentication mechanisms. The Wi-Fi
Protected Access is capable to fix only known attack by using Wired Equivalent
Privacy encryption mechanism. It is not used to detect denial-of-service attacks. The
802.1X port based network access control and the Extensible Authentication Protocol
are used for strong authentication for each connection [10]. The new IEEE 802.11i
standard provides authentication and privacy. 802.11i's confidentiality service is built
on top of AES strong encryption algorithm. The IEEE 802.11i also can not detect the
Denial Of Service attack [9, 10, 11, 12, and 14].

122


C. Types of Intrusion/Attacks Detection Systems
Using Intrusion detection system we can ensure integrity and authenticity of
data. Intrusion Detection system also and can protect wired and wireless network from
unauthorized users. An Intrusion Detection System is a System that is used to identify
intrusions, which may be unauthorized users, misuse or abuses of computer systems by
either authorized users or external opponent. It is very challenging job to identify and
prevent intrusion malicious activities or any attack in network for it’s security.
Intrusion Detection Software is used to detect computer network from unauthorized
user and prevent malicious activities. The intrusion detection learning task is to build a
classifier capable of distinguishing between attack, intrusion, and bad connections,
normal or good connections [3]. There are many types of Intrusion Detection software
technologies. They are divided into the following four groups based on the type of
events that they monitor and the ways in which they are deployed.
1. Network Based system monitors network traffic for particular network
segments or devices. It analyses the network and application protocol activity to
identify suspicious activity. It can identify many different types of events of interest. It
is most commonly deployed at a boundary between networks, such as in firewalls or
routers, virtual private network (VPN) servers, remote access servers etc..
2. Wireless Intrusion detection System monitors wireless network traffic of
data. It analyses wireless networking protocols to identify suspicious activity involving
the protocols. It can identify suspicious activity in the application or higher-layer
network protocols such as TCP, UDP. It is most commonly deployed within range of an
organization’s wireless network to monitor it, but can also be deployed to locations
where unauthorized wireless networking could be occurring. These are developed for
Wireless LANs to response to the threats against Wireless LANs and Wireless LAN
clients. The figure 1 shows the general architecture of the wireless intrusion detection
System.

123


Wireless Data
Capturing
Module

Data Preprocessing
Module

Detector Trainer (Ann, G
Module A, F.Logic)

Decision Making
Module

Figure 1 Wireless Intrusion Detection System
3. Network Behaviour Analysis (NBA) system which examines network traffic to
identify threats that generate unusual traffic flows, such as Distributed Denial Of Service
attacks, certain forms of malware such as worms, backdoors and policy violations.
Network Behaviour Analysis systems are most often deployed to monitor flows on an
organization’s internal networks and are also sometimes deployed where they can
monitor flows between an organization’s networks and external networks such as Internet
or business partners’ networks.
4. Host-Based system which monitors the characteristics of a single host and the
events occurring within that host for suspicious activity. Examples of characteristics are
system logs, running processes, application activity, file access and modification, system
and application configuration changes. Host-based Intrusion Detection System is most
commonly deployed on critical hosts such as publicly accessible servers and servers
containing sensitive information. Network-based Intrusion Detection System and some
forms of host-based Intrusion Detection System have been commercially available for
over ten years. Network behaviour analysis software is a somewhat newer form of
Intrusion Detection System that evolved in part from products created primarily to detect
Distribute Denial Of Service attacks and in part from products developed to monitor
traffic flows on internal networks [3].

124


D. Related work in Wireless Network
The many researchers have developed and trying develope to develop the system
which could protect the wired as well as wireless network from different attacks. We
have surveyed different paper of researchers as a study. In this paper, we are discussing
some selected paper to explain their contribution and methods or methodologies used to
develop their own system as follows.
P.C.KISHORE RAJA, M.SUGANTHI, SUNDER [16] have described a novel
idea of wireless intrusion detection using Media Access Control layer feature set. In
wireless network Media Access Control layer do communication and maintain it to share
radio channel. The protocol is used to enhance communication in wireless media. The
proactive mechanism used in Media Access Control is used to detect intrusion and
anomaly behavior, but cannot give perfect prevention. Authors have proposed their work
to offer new approach to defense intrusion in wireless network. They have used Media
Access Control layer feature set to characterize wireless node behavior. The Behavior
Based Intrusion Detection technique is used which is contrast to signature based
technique. The signature based technique may be impractical for wireless network
because it is very difficult to specify, update and distribute the signature attack in
wireless network. The Genetic Algorithm is used on feature set of Maida Access Control
to learn normal behavior and profile it. The past behavior is used to pre direct the current
wireless node behavior.
JEYANTHI HALL, MICHEL BARBEAU AND EVANGELOS KRANAKIS
[17] has demonstrated novel approach for detecting the Media access control address
spoofing attack in their paper. This novel approach incorporates Radio Frequency
Fingerprinting into wireless intrusion detection system. Radio Frequency Fingerprinting
technique that is used to identify a transceiver based on the transient portion of the signal
it generates. They have used feasible Bayesian filter and Radio Frequency Fingerprinting
to improve the success rate of Wireless Intrusion Detection System to detect Media
access control address spoofing attack
LEON REZNIK AND CARLL HOFFMAN [4] describes the development of the
Sensor Network Anomaly Detection System (SNADS). SNADS support signal change

125


detection in sensor networks. The SNADS provides a cross-platform management of core
sensor network operation. They have used neural network approach to define and fix the
rules for detection of anomaly in network.. SNADS was designed for heterogeneous
system. The system is written in Java.
MOFREH SALEM, AMANY SARHAN, MOSTAFA ABU-BAKR[5] described
in their paper the technique to detect the DOS attacks in WLANs(Wireless LAN) Their
system also is capable for preventing the detected attackers in future The intruders’
database (IDB) is used in system which creates and modifies each time an intruder is
detected. This database is used by the technique to inhibit intruders from bringing the
network down by a DOS attack.
DOUGLAS MADORY [6] has proposed a method of spoof detection using signal
strength analysis in his paper. Due to low-quality wireless networking cards, it is very
difficult to detect wireless spoofs. He proposed his work for detecting wireless spoof
using signal strengthening technique using Discrete Fourier Transformation algorithm.
H.BELLAAJ, R.KETATA, A.HSINI [7] have proposed a new fuzzy logic
approach to perform analysis and detection of intrusion in 802.11wireless networks. The
algorithms construct the networks and generate many cases of daily traffic and intrusion.
It catches different values of system and network parameters. The system generate fuzzy
rules from numerical data .The system also implement a new rule base on each computer
and start system. The system seems auto rule generator for detecting new attack.
III PROPOSED SET UP FOR DETECTION OF ATTACKS
The different systems currently in markets are capable to secure networks from
various kinds of attacks. Some of them are rule dependant and some are rule independent
and they are playing important role in information security. The security system we are
presenting is a stand-alone system. It is an intelligent attempt to secure networks from
various combined attacks namely message modification and replay attacks in wireless
network. As well as it secure from unauthorized users.
We are presenting a distributed intrusion detection system. The system will be
installed on each node that is authorized users. Security is provided by giving them a
username and a password. These nodes cooperate to each other while deciding the attack

126


type and finding the intruder. In the presented system we are introducing an intrusion
detection system that is capable to detect intruders who modifies and do replay attack.
The first thing is that we are providing valid username and password to the each user in
network. Using that it can login and can run the system. Now further more a digital
signature is generated and distributed between valid users only. If someone is logged in
and have no the digital signature then it will be traced as intruder. The digital signature is
used to inspect the user for giving authorization. . All authorized user are allowed to use
the network. So, this system is used to form the network of trusted user.
The system is implemented to create replay and message modification attacks by
intruder. The figure 2 shows the overall architecture of our system. We show how our
system reacts to this kind of active attacks and how analyze the situation so that we get
exact intruder. In actual intruder hikes the packet and unpack it. Then he modifies the
contents and just broad cast to all other nodes in the network, causing replay attack that is
sending same message again and again. At the same time message modification active
attack is being caused. Now the system is here that detects such attacks and find out who
is behind it and display the details like IP address of the intruder and the message
contents and corresponding changes made in that.

Figure 2 The Architecture for Wireless Network
The Authentication and data integrity also can achieve using this system. The
implementation language java has given wide portability and simplicity [13, 15]. It is
very simple to install and operate. Not more manual energy is required. Security is
provided to system itself by maintaining valid usernames and password.

127


Functions of System
1. This proposed solution provides the authentication. In this system, Digital
signatures is generated and distributed to the trusted persons only. And while
communicating with them the Unique distributed digital signatures are validated. If
validation fails the corresponding person is blacklisted and further watch is kept on his
activities.
2. This system also provides data integrity by identifying the message
modification done by intruder. For the purpose the actual data and data size is validated at
the time of reception of messages against original one and looked for any variations. If
any such mismatch found the intruder is detected and his IP address and his modification
in original message is displayed.
System Description: The user can interact with the system through the user
interface. There are different screens are available for the users to enter the details.
Following figures are the main snapshots of the system. Figure 3 is showing the Digital
Signature generated by software.

Figure 3 Digital Signature Generated by System
This Digital Signature is distributed among the user in entire network. The user
who does not have a Digital Signature is defined as intrusion. His message is not shown
in Message Inbox window. It is shown in intrusion’s list with his IP address.
Figure 4 is showing the message which is broadcasted by sender. This main
Message Box which receive the message those are sent by Authorized person only. If the
modified message is sent by authorized or unauthorized person who do not have Digital
Signature will not put in this message inbox.

128


Figure 4 Message in Message box showing IP address and path
Figure 5 is showing the Search window which gives the status of incoming
message. The message indicating false is original message which broadcasted by other
trusted station. If this message modified and sent by unauthorized person, then it will be
indicate as true.

Figure 5 Message Broad casted by Authorised Persons in Network

Figure 6 is showing the Message Inbox which indicates the message sent by
intruder. The message “intruder Message“ is modified by unauthorized user in network.
We can easily identify the intruder in network by checking the path through which the
message is broadcasted to the destination.

129


IV. FUTURE WORK
Due to the inability of NIDS to see all the traffic on switched Ethernet, many
companies are now turning to Host-based IDS (second generation). These products can
use far more efficient intrusion detection techniques such as heuristic rules and analysis.
Depending on the sophistication of the sensor, it may also learn and establish user
profiles as part of its behavior database.

Figure 6 Message Broad casted by Intruders in Network
A strong IDS Security Policy is the HEART of commercial IDS. It should
Provides worthwhile information about malicious network traffic and can be programmed
to minimize damage. It should be help to identify the source of the incoming probes or
attacks and could be used to identify intruders. The good IDS should alert security
person. But our system does not give any burglar alarm. Our further intension is to
introduce the very strong alert system for security manger’s alertness. Right now we
have focus on only certain attacks but it can be make to find work under different passive
and active attacks. And can produce more accurate and explanatory results can be
displayed.
CONCLUSION
In the presented work we have revisited the various experiments that result in
detection of message modification, replay attacks and also finds answers on unauthorized
users. This standalone experiment is robust and functioning as the set objectives. The

130


Java implementation is virtually portable and platform independent. The set up is simple,
economical and demonstrates the results on alterations by intruders.
REFERENCES
[1] “Trusted Routing and Intruder Identification in Mobile Ad Hoc Net works”. Bharat
Bhargava, Michael Zoltowsk, Pascal MeunierPurdue. University, West Lafayette,
IN 47907, USA.
[2] “A distributed routing algorithm for mobile radio networks” M. Corson and A.
Ephremides . MILCOM 89, 1989.
[3] “Recent Trends in IDS: Approaches and Tools”. D.P.Gaikwad, M.A.Pradhan”.
Department of Computer Engineering, AISSM”S College Of Engg., Pune -1, 2010.
[4] “Development of the Intelligent Sensor Network Anomaly Detection System:
Problems and Solutions”. Leon Reznik and Carll Hoffman
[5] “A DOS Attack Intrusion Detection and Inhibition Technique for Wireless Computer
Networks “.Mofreh Salem, Amany Sarhan, Mostafa Abu-Bakr. Computers and
System Dept, Faculty of Engineering,Mansoura Univ., Egypt.
[6] “New Methods of Spoof Detection in 802.11b Wireless Networking”. Douglas
Madory. Thesis Submitted to the Faculty in partial fulfillment of the requirements
for the degree of Master of Science.
[7] “Fuzzy approach for 802.11 wireless intrusion detection”. H.BELLAAJ,,
R.KETATA, A.HSINI . Military Academy of Fondouk Jedid Nabeul Tunisia
[8] “An Efficient Collision-Free MAC Protocols for Ad Hoc Wireless Network”.
Tiantong You, Chi-Hsiang Yeh, Hossam Hassanein: BROADEN .In proceedings of
the 3rd International, Workshop on Wireless Local Networks, LCN 2003, October
2003.
[9] “Security Issues in IEEE 802.11 Wireless Local-Area Networks: A Survey”. Arunesh
Mishra, Nick L. Petroni, and William A. Arbaugh.. Wireless Communications and
Mobile Computing Journal, vol. 4, no. 8, pp. 821-833, 2004.
[10] “Wi-Fi Alliance. Securing Wi-Fi Wireless Networks with Today’s Technologies”.
White paper, February 2003.
[11] “Distributed monitoring of Wi-Fi Channel”. Aime M and Calandriello G (2005).

131


[12] “802.11 denial of service attacks: real Vulnerabilities and practical solutions”.
Bellardo J and Savage S (2003). In proceedings of the 11th USENIX security
symposium, pages15-18, Washington D.C, USA.
[13] “Java 2 the Complete Reference”. Herbert Schildt .Tata Mc Grwa Hill
[14] “A system to Detect greedy behavior In IEEE 802.11”. Shannon C.E. and W.
Weaver
[15] “The Java 2 Black Book”. Steven Holzner
[16] “Wireless Node Misbehavior Detection Using Genetic Algorithm”, P.C.Kishore
Raja, M.Suganthi, Sunder. Information Technology Journal 7(1):143-148, 2008.
[17] “Enhancing Intrusion Detection In Wireless Networks Using Radio Frequency
Fingerprinting”. Jeyanthi Hall, Michel Barbeau and Evangelos Kranakis. School of
Computer Science Carleton University 1125 Colonel By Drive Ottawa, Ontario,
Canada.

132

IJCET Revisiting Experiment Detecting Replay Modification

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (10)

Ähnlich wie IJCET Revisiting Experiment Detecting Replay Modification

Ähnlich wie IJCET Revisiting Experiment Detecting Replay Modification (20)

Mehr von iaemedu

Mehr von iaemedu (20)

IJCET Revisiting Experiment Detecting Replay Modification