ISSN ONLINE(2320-9801) PRINT (2320-9798)

All submissions of the EM system will be redirected to Online Manuscript Submission System. Authors are requested to submit articles directly to Online Manuscript Submission System of respective journal.

Secure Wireless Ad-Hoc Sensor Network from Vampire Attack Using M-DSDV

Ranjitha.R1, Sivaraman.P2
  1. P.G Scholar, Department of Computer Science and Engineering, Karpaga Vinayaga College of Engineering and Technology, Chengalpet, Tamil Nadu, India
  2. Associate Professor, Department of Computer Science and Engineering, Karpaga Vinayaga College of Engineering and Technology, Chengalpet, Tamil Nadu, India.
Related article at Pubmed, Scholar Google

Visit for more related articles at International Journal of Innovative Research in Computer and Communication Engineering

Abstract

Ad-hoc sensor network are exciting research area in pervasive computing. There are lots of protocols established to protect from DOS attack, but it is not perfectly possible. One such DOS attack is Vampire attack. This vampire attack is a resource depletion attacks at the routing protocol layer, which permanently disconnect the networks by quickly draining nodes’ battery power. These “Vampire” attacks are not specific to any specific protocol, but rather depend on the characteristics of many popular classes of routing protocols. This project illustrates a technique to tolerate the attack by employing the Cluster Head. In case of each Vampire attack, the Cluster Head employs in this situation and distributes the packet to destination without dropping the packet. Thus give a successful and reliable message delivery even in case of Vampire attack. In the worst case, a single Vampire can increase network-wide energy usage by a factor of O(N), where N is the number of network nodes.

KEYWORDS

Denial of service, ad-hoc networks, sensor networks, stretch attack, carousel attack, routing.

INTRODUCTION

Ad-hoc wireless sensor networks (WSNs) promise raisingnew applications in the upcoming future, such as continuous connectivity, ubiquitous on-demand calculating power, and immediately-deployable communication for military and first responders. Such networks already monitor environmental conditions, factory performance, and troop deployment, to name a few applications. Due to their ad-hoc organization, wireless ad-hoc networks are specifically vulnerable to denial of service (DoS) attacks , and a great deal of research has been done to enhance survivability. While these schemes can prevent attacks on the network in short-term availability, they do not tackle attacks that have effect on long-term availability — the most stable denial of service attack is to entirely deplete nodes’ batteries. This is an occurrence of a resource depletion attack, with battery power as the resource of attention.
In this paper we consider how routing protocols, still those designed to be secure, its lack protection from these attacks, which we call as Vampire attacks, because they drain the life from networks nodes. These attacks are different from previously-studied reduction of quality(RoQ), Denail of service(DoS), and routing infrastructure attacks as they do not disturb direct availability, but somewhat work over time to entirely disconnect a network. While some of the individual attacks are simple, and resource exhaustion and power-draining attacks have been discussed before , previous work has been mostly restricted to other levels of the protocol stack, e.g. medium access control (MAC) or application layers, and to our discussion there is little discussion, and no complete analysis or mitigation, of routinglayer source exhaustion attacks.
Vampire attacks are not protocol-specific, in that they do not depend on design properties or implementation faults of specific routing protocols, but rather utilize common properties of protocol classes such as link-state, source routing, geographic, distance-vector, and beacon routing. Neither do these attacks depend on flooding the network with huge amounts of data, but somewhat try to transmit as little data as possible to attain the biggest energy drain, preventing a rate limiting solution. Because Vampires make use protocol-compliant messages, these attacks are very complicated to detect and prevent.
In [2] authors used average residual battery level of the entire network and it was calculated by adding two fields to the RREQ packet header of a on-demand routing algorithm i) average residual battery energy of the nodes on the path ii) number of hops that the RREQ packet has passed through. According to their equation retransmission time is proportional to residual battery energy. Those nodes having more battery energy than the average energy will be selected because its retransmission time will be less. Small hop count is selected at the stage when most of the nodes have same retransmission time. Individual battery power of a node is considered as a metric to prolong the network lifetime in [3]. Authors used an optimization function which considers nature of the packet, size of the packet and distance between the nodes, number of hops and transmission time are also considered for optimization.
In [ 4] initial population for Genetic Algorithm has been computed from the multicast group which has a set of paths from source to destination and the calculated lifetime of each path. Lifetime of the path is used as a fitness function. Fitness function will select the highest chromosomes which is having highest lifetime. Cross over and mutation operators are used to enhance the selection. In [5] authors improved AODV protocol by implementing a balanced energy consumption idea into route discovery process. RREQ message will be forwarded when the nodes have sufficient amount of energy to transmit the message otherwise message will be dropped. This condition will be checked with threshold value which is dynamically changing. It allows a node with over used battery to refuse to route the traffic in order to prolong the network life.
In [6] Authors had modified the route table of AODV adding power factor field. Only active nodes can take part in rout selection and remaining nodes can be idle. The lifetime of a node is calculated and transmitted along with Hello packets. In [7] authors considered the individual battery power of the node and number of hops, as the large number of hops will help in reducing the range of the transmission power. Route discovery has been done in the same way as being done in on-demand routing algorithms. After packet has been reached to the destination, destination will wait for time δt and collects all the packets. After time δt it calls the optimization function to select the path and send RREP. Optimization function uses the individual node’s battery energy; if node is having low energy level then optimization function will not use that node.

OVERVIEW

In the rest of this paper, we present a sequence of increasingly damaging Vampire attacks, calculate the vulnerability of some example protocols, and propose how to improve resilience. In source routing protocols, we illustrate how a malicious packet source can able to specify paths through the network which are far longer than optimal, wasting energy at middle nodes who further forward the packet based on the included source route.
In routing process where forwarding decisions are made independently by each node (as opposed to specified by the source), we recommend how directional antenna and wormhole attacks can be used to distribute packets to several remote network positions, forcing packet processing at nodes that would not usually receive that packet at all, and thus rising network-wide energy expenditure. Finally, we illustrate how an adversary can target not only packet forwarding but also route and topology discovery phases — if discovery messages are flooded, an adversary can, for the cost of a single packet, consume energy at each node in the network. In our first attack, an adversary composes packets with purposely introduced routing loops. We call it the carousel attack, since it sends packets in circles as shown in Figure 1(a). It targets source routing protocols by exploiting the limited authentication of message headers at forwarding nodes, allowing a single packet to continually traverse the same set of nodes.
In our second attack, also targeting source routing, an adversary constructs artificially long routes, potentially traversing every node in the network. We describe this stretch attack, since it increases packet path lengths, causing packets to be processed by a number of nodes that is independent of hop count along the shortest path between the adversary and packet destination.

RELATED WORK

Jelly Fish Attack: This type of attack is used for closed loop flow such as TCP. A critical strength of the Jelly Fish Attack is that it maintains compliance with all control plane and data plane protocols in order to make detection and diagnosis costly and time consuming. The key principle that Jelly Fish attack use to facilitate is targeting end-to end congestion control.
Black Hole Attack: This type of attack is used for open loop control flows. Black Hole nodes participate in all routing control plane operations. However, once paths are established, Black Holes simply drop all packets. Although refusing to forward data is not protocol compliant.
Path quality monitoring: They design and analyze path-quality monitoring protocols that reliably raise an alarm when the packet-loss rate and delay exceed a threshold, even when an adversary tries to bias monitoring results by selectively delaying, dropping, modifying, injecting, or preferentially treating packets.

STATEFUL PROTOCOLS AND THEIR ATTACKS

A stateful protocol is where nodes are aware of their topology, forwarding decisions, its state. It need the server to store and record the transaction so they can be recalled or resumed. Two significant classes are link state and distance –vector. Example of link-state is OLSR and example of distance-vector is DSDV. Both these protocols are proactive, which routes to all reachable nodes in the network and minimizes the initial delay. OLSR keeps the record of up and down state of links and flood routing updates. DSDV is also known as Distributed Bellman-Ford or RIP (Routing Information Protocol). Every node maintains a routing table that contains all available destinations, the next node to reach to destination, the number of hops to reach the destination and periodically send table to all neighbors to maintain topology. Both these protocols are not vulnerable to carousel and stretch attacks.
In fact, any time adversaries cannot indicate the full path, the potential for Vampire attack is reduced. Two types of attacks in stateful protocol are directional antenna attack and malicious discovery attack. Directional antenna attack: In this the vampires have little control over the packets progress, but they still waste energy by restarting a packet in various parts of network. They will deposit the packets in arbitrary path of network due to this energy is consumed, O(d) where d is the network diameter, d/2 .It is also considered as half worm hole attack.
Packet leashes cannot prevent this kind of attack since they are not meant to protect against malicious message source but only intermediary. Malicious Discovery Attack: It is also called as spurious rote discovery. Both AODV and DSR are vulnerable to this attack since nodes may initiate discovery at any time, not just during the topology change. This type of attack becomes serious when nodes claim that long distance route has changed. This attack is trivial in open networks. Packet leashes cannot prevent this type of attack. This is similar to route flapping in BGP.

STATELESS PROTOCOLS AND THEIR ATTACKS

A stateless protocol does not require the server to retain session information or status about each communications partner for the duration of multiple requests. It is communication protocol that treats ach request as an independent transaction that is unrelated to any previous request so that the communication consists of independent pairs of requests and responses. The two most common types of attacks are Carousel attack shown in Figure[1.a] and Stretch attack shown in Figure[1.b]. It is called Stretch attack, since it increases packet path lengths, causing packets to be processed by a number of nodes that is independent of hop count along the shortest path between the adversary and packet destination. The carousel on the other hand sends packets in circles. It targets source routing protocols by exploiting the limited verification of message headers at forwarding nodes, allowing a single packet to repeatedly traverse the same set of nodes.

COORDINATE AND BEACON PROTOCOLS

The two examples of coordinate and beacon protocols are GPSR and BVR. These protocols use physical coordinates or beacon distances for routing. In GPSR a packet may encounter a dead end (i.e. target separated by a wall or obstruction).The packet is then diverted until a path to the target is available .They do not take path length into account when routing around local obstructions. In BVR the packets are routed towards a node (beacon) close to the target. Each node makes independent forwarding decisions hence the vampire attacks (draining node life) is said to be limited.
These protocols can also be victims to directional antenna attacks just like the link state and distance – vector protocols leading to energy increase factors of O (d) per message, where d is the network diameter. local factor of O (c) energy loss, where c is the circumference of the obstructions in hops.

CLEAN-SLATE SENSOR NETWORK ROUTING PROTOCOL

In this section we show that a clean-slate secure sensor network routing protocol by Parno, Luk, Gaustad, and Perrig(“PLGP” from here on) can be modified to provably resist Vampire attacks during the packet forwarding phase.
The original version of the protocol, although designed for security, is vulnerable to Vampire attacks. PLGP consists of a topology discovery phase, followed by a packet forwarding phase, with the former optionally repeated on a fixed schedule to ensure that topology information stays current. (There is no on-demand discovery.) Discovery deterministically organizes nodes into a tree that will later be used as an addressing scheme. When discovery begins, each node has a limited view of the network — the node knows only itself. Nodes discover their neighbors using local broadcast, and form ever-expanding “neighborhoods,” stopping when the entire network is a single group. Throughout this process, nodes build a tree of neighbor relationships and group membership that will later be used for addressing and routing.
At the end of discovery, each node should compute the same address tree as other nodes. All leaf nodes in the tree are physical nodes in the network, and their virtual addresses correspond to their position in the tree (see Figure 6). All nodes learn each others’ virtual addresses and cryptographic keys. The final address tree is verifiable after network convergence, and all forwarding decisions can be independently verified.
Furthermore, assuming each legitimate network node has a unique certificate of membership (assigned before network deployment), nodes who attempt to join multiple groups, produce clones of themselves in multiple locations, or otherwise cheat during discovery can be identified and evicted.
Topology discovery. Discovery begins with a time-limited period during which every node must announce its presence by broadcasting a certificate of identity, including its public key (from now on referred to as node ID), signed by a trusted offline authority. Each node starts as its own group of size one, with a virtual address 0. Nodes who overhear presence broadcasts form groups with their neighbors. When two individual nodes (each with an initial address 0) form a group of size two, one of them takes the address 0, and the other becomes 1. Groups merge preferentially with the smallest neighboring group, which may be a single node. We may think of groups acting as individual nodes, with decisions made using secure multiparty computation. Like individual nodes, each group will initially choose a group address 0, and will choose 0 or 1 when merging with another group.
Each group member pretends the group address to their own address, e.g. node 0 in group 0 becomes 0.0, node 0 in group 1 becomes 1.0, and so on. Each time two groups merge, the address of each node is lengthened by one bit. Implicitly, this forms a binary tree of all addresses in the network, with node addresses as leaved. Note that this tree is not a virtual coordinate system, as the only information coded by the tree are neighbor relationships among nodes. Nodes will request to join with the smallest group in their vicinity, with ties broken by group IDs, which are computed cooperatively by the entire group as a deterministic function of individual member IDs. When larger groups merge, they both broadcast their group IDs (and the IDs of all group members) to each other, and proceed with a merge protocol identical to the two-node case. Groups that have grown large enough that some members are not within radio range of other groups will communicate through “gateway nodes,” which are within range of both groups. Each node stores the identity of one or more nodes through which it heard an announcement that another group exists. That node may have itself heard the information second-hand, so every node within a group will end up with a next-hop path to every other group, as in distance-vector. By the end of topology discovery, each node learns every other node’s virtual address, public key, and certificate, since every group members knows the identities of all other group members and the network converges to a single group.
Packet forwarding. During the forwarding phase, all decisions are made independently by each node. When receiving a packet, a node determines the next hop by finding the most significant bit of its address that differs from the message originator’s address (see Figure 6). Thus every forwarding event (except when a packet is moving within a group in order to reach a gateway node to proceed to the next group) shortens the logical distance to the destination, since node addresses should be strictly closer to the destination.

PERFORMANCE ANALYSIS

PLGP imposes increased setup cost over BVR , but compares favorably to in terms of packet forwarding overhead. While path stretch increases by a factor of 1.5–2, message delivery success without resorting to localized flooding is improved: PLGP never floods, while BVR must flood 5–10% of packets depending on network size and topology . PLGP also demonstrates more equitable routing load distribution and path diversity than BVR. Since the forwarding phase should last considerably longer than setup, PLGP offers performance comparable to BVR in the average case.

CONCLUSION

In this paper we defined Vampire attacks, a new class of resource consumption attacks that use routing protocols to permanently disable ad-hoc wireless sensor networks by depleting nodes’ battery power. These attacks do not depend on particular protocols or implementations, but rather expose vulnerabilities in a number of popular protocol classes. We showed a number of proof-of-concept attacks against representative examples of existing routing protocols using a small number of weak adversaries, and measured their attack success on a randomly-generated topology of 30 nodes. Simulation results show that depending on the location of the adversary, network energy expenditure during the forwarding phase increases from between 50 to 1,000 percent. Theoretical worst-case energy usage can increase by as much as a factor of O(N) per adversary per packet, where N is the network size. We proposed defenses against some of the forwarding-phase attacks and described PLGPa, the first sensor network routing protocol that provably bounds damage from Vampire attacks by verifying that packets consistently make progress toward their destinations. We have not offered a fully satisfactory solution for Vampire attacks during the topology discovery phase, but suggested some intuition about damage limitations possible with further modifications to PLGPa. Derivation of damage bounds and defenses for topology discovery, as well as handling mobile networks, is left for future work.

Figures at a glance

Figure 1a Figure 1b Figure 6 Figure 7
Figure 1a Figure 1b Figure 6 Figure 7
 

References