Manets Such As Vulnerability Analysis Computer Science Essay

Published Date: 02 Nov 2017

Chapter 2

LITERATURE SURVEY

The aim of this chapter is to provide literature review concerning the present research area, on routing protocol design issues related to security aspects of MANETs such as vulnerability analysis and defense against attacks. The mechanisms used to detect and defend against those attacks are studied.

Guaranteeing delivery and the capability to handle dynamic connectivity are the most important issues for routing protocols in Mobile Ad hoc Networks. The issues related to routing in wireless ad hoc networks depend on the specific environment or application, with emphasis on following problems.

Overhead.

Power consumption.

Quality of service (QoS).

A routing protocol may need to balance traffic based on the traffic load on links.

The routing protocol design issues must consider security aspects to defend against attacks, such as Sniffer, Man-in-the-Middle, or Denial-of-Service (DoS).

The Global Positioning System (GPS) used in wireless ad hoc networks such as military battlefields helps in sharing information with different access points.

Mobility prediction can improve routing in wireless networks such as the IRIDIUM system satellite network.

Medium Access Control Layer propagates information to the network layer so that neighbors can be detected.

The power of received signals from a neighboring node can be used to decide whether this neighbor is moving closer or further away.

Cross-Layer design in MANET is also a "hot" topic in the design of new MANET protocols.

The above issues are the topics for the researches over a long period time which makes MANETs more interesting and highly open to focus on designing of new routing protocols or to enhance the existing ones to make them more stable to detect and defect against routing attacks.

2.1 Generic Attacks against Routing

In this study the focus is on three types of attacks and their impact on routing in ad hoc networks. The three types of attacks are:

Wormhole

Rushing

Sybil

2.1.1 Wormhole Attacks

A wormhole attack typically requires the presence of at least two colluding nodes in an ad hoc network. The malicious nodes need to be geographically separated so that the attack may be effective. In this attack, a malicious node captures packets from one location and "tunnels" these packets to the other malicious node, which is assumed to be located at some distance. The second malicious node is then expected to replay the "tunneled" packets locally. The malicious nodes could use this attack to undermine the correct operation of various protocols in ad hoc networks.

The services such as data aggregation, protocols that depend on location information, data delivery can be impacted by this attack. The wormhole attack can be successful even without access to any cryptographic material of the nodes such as the knowledge of the keys used by valid nodes in the system. There have been proposals to protect networks from these attacks by detecting them.

Y.Hu et al., [85] proposed a general mechanism for detecting and thus defending against wormhole attacks. In this case generally an attacker records a packet or individual bits from a packet, at one location in the network, tunnels the data to another location, and replays the packet there. The wormhole places the attacker in a very powerful position, able to further exploit any of the attacks mentioned above, allowing the attacker to gain unauthorized access, disrupt routing, or perform a denial-of-service (DoS). The concept of leashes was used to detect wormhole attacks.

An efficient authentication protocol, called TIK (TESLA with Instant Key disclosure), was used with temporal leashes in the work to defend against wormhole attacks. This protocol provides instant authentication of received packets. The authors carried out an evaluation study for the suitability of a protocol for use in ad hoc networks, and measured computational power and memory currently available in mobile devices. Furthermore, the analysis has proved that Packet leashes provide a way for a sender and a receiver to ensure that a wormhole attacker is not causing the signal to propagate farther than the specified radius. When geographic leashes are used, nodes also detect tunneling across obstacles otherwise impenetrable by radio, such as mountains. As with other cryptographic primitives, a malicious receiver can refuse to check the leash, just like a malicious receiver can refuse to check the authentication on a packet. This may allow an attacker to tunnel a packet to another attacker without detection.

To implement distributed algorithms and coordinate the cooperation among network nodes, a number of control messages need to be exchanged in every local neighborhood. To deliver protocol status updates, nodes broadcast their up-to-date information. In addition, the inherent broadcast nature of the wireless medium significantly reduces the energy expenditure for sending an identical message from a single sender to multiple receivers within the same neighborhood. Hence, broadcasting is an efficient and frequent operation in many network functions. However, a wireless ad hoc network may be deployed in hostile environments, where network nodes operate un-tethered. Moreover, the wireless medium exposes any message transmission to a receiver located within the communication range. Hence, in a wireless environment, it is critical to secure any broadcast transmission from a node to its immediate neighbors.

A node receiving a broadcast transmission must verify that the message has not been altered in transit (integrity);

It originates from a valid and identifiable network source (authenticity);

the message is not a replay of an old transmission (freshness) and that;

in case of a local broadcast intended only for immediate neighbors, that the source lies within the receiving node’s communication range.

The above observations motivated Poovendran and Lazos [87] to present a graph theoretic framework for modeling the wormhole links and derived the necessary and sufficient conditions that can effectively detect and defend against wormhole attacks. The authors tried to show that any candidate solution proposed to prevent wormholes should construct a communication graph using radio range of the network nodes. Local Broadcast Keys (LBK) was proposed in order to prevent wormholes based on the principles of cryptography. The authors proposed a decentralized solution do not need time synchronization or time measurement and requires only a small fraction of the nodes to know their location.

2.1.2 Rushing Attacks

In an ad hoc network, nodes cooperate and forward packets to each other. This allows nodes to communicate beyond their transmission range. Many of proposed routing protocols are desired to operate in an on-demand fashion. The on-demand routing protocols have a tendency to incur lower overhead and faster reaction time when compared to other types of proactive routing based mechanisms. Significant attention had been devoted for developing a number of secure on-demand routing protocols to protect from possible attacks on network routing.

To overcome such issues Hu et al., [88] has introduced the concept of rushing attack which results in a Denial-of-Service, against all previously published on-demand routing protocols for MANETs. The rushing attack prevents previously published secure on-demand routing protocols to find routes longer than two-hops.

DSR, AODV, and secure routing protocols such as ARIADNE, ARAN, and SAODV based on them, are unable to discover routes. The authors developed Rushing Attack Prevention (RAP) to defend against rushing attacks for on-demand protocols. RAP incurred minimal cost overhead in find a working route, and it provides security properties even against the strong rushing attacks.

Route Discovery Protocol (RDP) replaces the existing mechanism and thwarts the rushing attack. The approach used was generic and any protocol that is designed to use duplicate suppression in Route Discovery can use the results to fend off rushing attacks. RAP can be integrated with other secure routing protocols; RAP incurs minimal cost overhead unless the underlying secure protocol cannot find valid routes. When RAP is enabled, it incurs higher overhead when compared to the standard Route Discovery techniques, but it can find usable routes. Thus RAP allows successful routing and packet delivery.

2.1.3. Sybil Attacks

The Sybil attack consists of a node assuming several node identities while using only one physical device. The additional identities can be obtained either by impersonating other nodes or by making use of false identities. These identities can all be used simultaneously or over a period of time. This attack san impact several services in ad hoc networks. It can impact multipath routing proposed by Karlof and Wagner [89], where a set of supposedly disjoint paths can all be passing through the same malicious node which is using several Sybil identities. This attack can also impact data aggregation where the same node can contribute multiple readings each using a different identity as given by Cole [92]. Fair resource allocation mechanisms will also be affected since a node can claim more than its fair share by using the various Sybil identities. Mechanisms based on trust, voting is also affected by this attack.

A simple approach for detecting Sybil attacks could be to issue a public-key certificate to each of the identities. The problem is the need for central authority that can distribute the certificates. In addition, this solution requires higher computational capabilities that might be available on resource constrained devices such as sensor nodes. Resource testing was suggested as an approach to prevent Sybil attacks. This approach makes use of the fact that each node is limited in resources. The test then verifies if each identity has the proper amount of the tested resource. Thus, the implicit assumption here is that every identity has the same quantity of the tested resource. The resources suggested were computation, storage and communication.

2.2 Vulnerability Analysis and Defense against Attacks: Implications of Trust-Based Cross-Layer Security

In ad hoc networks, secure routing protocols is one of the fundamental challenges. While many secure routing schemes focus on preventing attackers from entering the network through secure key distribution/authentication and secure neighbor discovery, trust management can guard routing even if malicious nodes have gained access to the network. This study is concerned with routing attacks and protection mechanisms for ad hoc networks. The main aim of this study is to identify a framework to enhance the Trust-Based Cross-Layer Protocol which quantitatively measures trust, model trust propagation. The trust evaluation systems can defend against malicious attacks. Use of the proposed trust evaluation system ensures security in ad hoc networks by establishing secure routing and assisting in malicious node detection. As long as recommendations are taken into consideration, malicious parties can provide dishonest recommendations as discussed by Rajaram [19] to frame up good parties and/or boost trust values of malicious peers. This attack, referred to as the bad mouthing attack, is the most straightforward attack and has been discussed in many existing trust management or reputation systems.

On-Off attack means that malicious entities behave alternatively well and badly, hoping that they can remain undetected while causing damage. This attack exploits the dynamic properties of trust, through time-domain inconsistent behaviors. Trust is a dynamic event. While an attacker can behave inconsistently in the time domain, he can also behave inconsistently in the user domain. In particular, malicious entities can impair good nodes’ recommendation trust by performing differently to different peers. This attack is referred to as the conflicting behavior attack. If a malicious node can create several fake IDs, the trust management system suffers from the Sybil attack. The fake IDs can share or even take the blame, which should be given to the malicious node.

Caballero [18] focused on vulnerabilities of Intrusion Detection Systems in Mobile Ad hoc Networks, and the possible attacks against the routing system, and some of the Intrusion Detection Systems (IDSs) proposed. Routing system is the most vulnerable point from mobile ad-hoc networks. This vulnerability implies a risk of Denial of Service (DoS) attacks against certain nodes, or even the whole network. Furthermore, this risk is not acceptable in those scenarios which are more susceptible to implement mobile ad hoc networks such as those exposed in the introduction: battlefield, or establishing communications after natural disasters.

This work briefly described some common deficiencies found in the intrusion detection systems based on the reviews. The authors felt that future work is still needed for improving actual intrusion detection systems for MANETs, and that research should consider the deficiencies which were neglected in previous research.

Zhang et al., [20] have proposed a secure incentive protocol for mobile ad hoc networks. The proper functioning of mobile ad hoc networks depends on the hypothesis that each individual node is ready to forward packets for others. This common assumption, however, might be undermined by the existence of selfish users who are reluctant to act as packet relays in order to save their own resources. Such non-cooperative behavior would cause the sharp degradation of network throughput. To address this problem, the authors proposed a credit-based Secure Incentive Protocol (SIP) to stimulate cooperation among mobile nodes with individual interests. SIP can be implemented in a fully distributed way and does not require any pre-deployed infrastructure. In addition, SIP is immune to a wide range of attacks and is of low communication overhead by using a Bloom filter. Detailed simulation studies have confirmed the efficacy and efficiency of SIP. The effectiveness of SIP was validated through extensive simulations. SIP can be extended to multicast routing and it can be combined with reputation based approaches to provide a unified solution against node selfishness.

Currently, routing protocols for mobile ad hoc networks, such as the DSR and AODV are based on the assumption that all nodes will cooperate. Without node cooperation, in a Mobile ad hoc network, no route can be established, no packet can be forwarded, let alone any network applications. However, cooperative behavior, such as forwarding other node's messages, cannot be taken for granted. We can identify two types of uncooperative nodes: faulty or malicious and selfish. Faulty/malicious behavior refers to the broad class of misbehavior in which nodes are either faulty and therefore cannot follow a protocol, or are intentionally malicious and try to attack the system. Selfishness refers to noncooperation in certain network operations. In mobile ad hoc networks, the main threat from selfish nodes is dropping of packets (blackhole), which may affect the performance of the network severely. Both Faulty/malicious nodes and selfish nodes are misbehaved nodes. Due to the ad hoc nature of mobile ad hoc networks, enforcing cooperation in such networks is particularly challenging. The unique characteristics of mobile ad hoc networks raise certain requirements for the security mechanism.

Bhalaji et al., [26] have proposed an approach based on the relationship between the nodes to make them to cooperate in an ad hoc environment. The trust values of each node in the network are calculated by the trust units. The relationship estimator has determined the relationship status of the nodes by using the calculated trust values. The proposed enhanced protocol was compared with the standard DSR protocol and the results are analyzed using the network simulator-2.za. The Trust Enhanced DSR protocol is tested under different scenarios by varying the number of malicious nodes and node moving speed. It is also tested varying the number of nodes in simulation. For the performance analysis the parameters throughput, packet delivery ratio and total number of drops/Malicious nodes are considered.

Meka et al., [27] have proposed a trust based framework to improve the security and robustness of ad hoc network routing protocols. For constructing their trust framework they have selected the AODV routing protocol. Making minimum changes for implementing AODV and attaining increased level of security and reliability is their goal. The schemes were based on incentives & penalties depending on the behavior of network nodes. Their schemes incur minimal additional overhead and preserve the lightweight nature of AODV.

Muhammad Mahmudul Islam et al., [28] have presented a framework of a Link Level Security Protocol (LLSP) to be deployed in a Suburban Ad hoc Network (SAHN). They have analyzed various security aspects of LLSP to validate its effectiveness. To determine LLSP's practicability, the authors estimated the timing requirement for each authentication process. Their initial work has indicated that LLSP is a suitable link-level security service for an ad hoc network similar to a Suburban Ad Hoc Network (SAHN).

Shiqun Li et al., [29] have explored that the security issues of wireless sensor networks, and in particular proposed an efficient Link Layer Security Scheme. To minimize computation and communication overheads of the scheme, they have designed a lightweight Cipher Block Chaining (CBC-X) mode Encryption/Decryption algorithm that attained encryption/decryption and authentication all in one. The authors also devised a novel padding technique, enabling the scheme to achieve zero redundancy on sending encrypted/authenticated packets. As a result, security operations incur no extra byte in their scheme.

2.3 An Improvement to Trust Based Cross-Layer Security Protocol against Sybil Attacks (DAS)

Peer-to-Peer (P2P) systems have become a fundamental part of today’s communication. Several examples for currently widely deployed P2P systems exist, such as the telephony system Skype or the content distribution network Bit Torrent. One of the most important characteristics is scalability making it attractive for resource-demanding applications. Due to the distributed self-organizing concept, these systems can cope with a huge number of participants and are still able to provide sufficient performance. At this point, approaches based on central components are often limited or can only be realized with complex and therefore more expensive systems. The ability of P2P systems to scale with a growing number of participants is also complemented with a high robustness against failures of single nodes. To achieve this robustness, redundancy mechanisms (i.e., data replication and alternative routing paths) are employed.

Although the decentralized characteristics of P2P systems offer several advantages, the missing central instance comes along with a certain vulnerability to attacks as central instances typically act as authorization authorities. A very severe one is the Sybil attack which was first formulated by Douceur [31]. An attacker who performs a Sybil attack tries to forge multiple identities to subvert existing redundancy mechanisms. If he succeeds, he is in the position to use these identities to control a certain fraction of the P2P network. Assuming that the attacker is able to occupy sufficient identities, he ultimately can influence and control the entire system. Therefore, the Sybil attack poses a serious threat to P2P systems. Douceur shows with his abstract model that distributed approaches to defend the Sybil attack cannot be completely secure.

The trust management system suffers from the Sybil attack described in [31]. The fake IDs can share or even take the blame, which should be given to the malicious node. An effective defense mechanism against Sybil attacks would help in removal of a primary obstacle associated with collaboration of tasks on Peer-to-Peer (P2P). A trusted third party can be used to control Sybil attacks that issues and verifies credentials.

The investigations into Sybil attacks by Liu et al., [21] showed that t special assumptions are made to prevent them. Resource-Challenge approaches require the challenges to be posed or validated simultaneously. Moreover, the adversary or misfeasor may have significantly more resources than an end user.

Puzzles that require human efforts (CAPTCHAs [22]) can be reposted on the adversary’s web site. Such challenges must be performed in a direct fashion instead of having trust in someone else’s challenge results, due to the fact that Sybil nodes can vouch for each other.

Liu et al., [21] suggested that network coordinates can be used for determination of multiple identities belonging to the same user

A simple approach for detecting the Sybil identities could be to issue a public-key certificate to each of the identities. There is a need for central authority to distribute the certificates. In addition this solution requires higher computational capabilities than might be available or resource constrained devices such as sensor nodes.

Resource testing was suggested by Douceur [93] as an approach to prevent Sybil attacks. This approach makes use of the fact that each node is limited in some resources. The test then verifies if each identity has the proper amount of the tested resource. Thus the implicit assumption here is that every identity has the same quantity of the tested resource. Another resource suggested is the radio. Here the assumption is that every physical device has only one radio that is incapable of simultaneously transmitting and receiving on more than one channel. Thus a node that desires to verify if any of its neighbors are Sybil identities will allocate a channel to each of its neighbors. The neighboring node is expected to transmit a message on the allocated channel. The verifier node then picks random channels to listen to. If no message is heard on the channel selected then the corresponding node identity is assumed to be a Sybil identity.

Another approach was given by Newsome et al., [90] to detect Sybil identity using the random key pre-distribution technique. When using random key management schemes, a node is loaded with a set of random keys before deployment. This scheme can be leveraged to detect Sybil identities if the set of keys assigned to a node is related to the identity of the node. As a result a node claiming any identity will have to prove the claimed identity by also demonstrating that it has the keys corresponding to that identity. The node does so by participating in encryption of decryption operations with the key. In this case an adversary will first have to compromise many nodes, thereby getting access to the keys corresponding to each identity. Following this the adversary might be able to create fake identities. Some other approaches proposed are based on verifying the location for each of the node identities or on registering the identities with a base station.

Another approach for detecting Sybil attacks is given by Zhang et al., [91]. In this scheme each node is provided a unique secret key by a central authority. A hash chain is derived from this secret key by the node. The node is also provided an identity certificate by the central authority binding the node’s identity to the secret information. A node that claims a given identity is then expected to present the identity certificate and prove that it possesses the unique information certified in the identity certificate. The proof might be needed during every interaction between two nodes. The hashing property of pre-image resistance can be used to create the proof. Thus the identity certificate might contain the authenticated value of the root of the hash chain, while every proof instance might require the node to expose the predecessor value in the hash chain.

2.4 An Enhanced Secure Route Formation Using Secure Key Management Mechanism for MANETs (SCRFKM)

To enhance security in ad hoc networks, the trustworthiness of participating entities plays a vital role. Wireless broadcast is an effective approach to find route information among number of nodes. To provide secure access to routing table in wireless route formation, use of symmetric key based encryption ensures that only nodes with valid keys can decrypt the route information. Regarding various broadcasts, an efficient key management to distribute and change keys for access control in route establishment is in great demand.

Among various approaches, broadcasting allows a very efficient usage of the scarce wireless bandwidth, because it allows simultaneous access by an arbitrary number of mobile nodes [39]. Wireless data broadcast services have been available as commercial products for many years. A wireless data broadcast system can thus be assumed to consist of three components such as

The broadcast server;

The mobile devices;

The communication mechanism.

The server broadcasts route formation requests on air. A mobile node that receives the broadcast information filters the nodes request according to node’s queries and privileges.

The specialty of the broadcast system is that

(a) the routing server determines the schedule to broadcast all route requests on air and;

(b) the mobile nodes listen to the broadcast channel but only retrieve data (filter data out) based on nodes’ queries.

The communication mechanism includes wireless broadcast channels and uplink channels. Broadcast channel is the main mechanism for data dissemination. Route request data is broadcast at regular intervals of time so that nodes can recover lost or missed route requests. The uplink channels, which have limited bandwidth, are reserved for occasional uses to dynamically route change requests.

The critical security requirements of this type of broadcast routing service have not yet been addressed, i.e. broadcast service providers need to ensure backward and forward secrecy as suggested by Wallner et al., [40] and Snoeyink et al., [41] with respect to membership dynamics. In the wireless broadcast environment, any node can monitor the broadcast channel and record the broadcast data of route formation. If the routing information data is not encrypted, the content is open to the public and anyone can access the routing information data and thus may lead to adversaries’ modification of routing information. In addition, a node may only subscribe to a few routes. If routing information data in other routing tables are not encrypted, the node can obtain data beyond the subscription privilege. Hence, access control should be enforced via encrypting routing data in a proper way so that only subscribing nodes can access the broadcast routing information data, and subscribing nodes can only access the data to which they subscribe.

The study included two categories of key management schemes in the literature may be applied in broadcast services:

Logic Key Hierarchy (LKH) based techniques proposed for multicast services by Wallner et al., [40], Snoeyink et al., [41], Wong et al., [43], Kimet al., [44], Setia et al., [45], Yang et al., [46], Onen and Molva [47] and Briscoe [48]

Broadcast Encryption Techniques are given by Briscoe [48], Wool [49], Just et al., [50], Luby and Staddon[51], Fiat and Naor [52], Blundo and Cresti [53] and Naor et al., [54] in current broadcast services.

Secure key management for wireless broadcast is closely related to secure group key management in networking from the perspective of Mittra [42]. Logical Key Hierarchy (LKH) is proposed uses a key tree for each group of nodes who subscribe the same route.

There other key management schemes in the literature for multicast and broadcast services for routing establishment are as follows.

Briscoe [48] used arbitrarily revealed key sequences to do scalable multicast key management without any overhead on joins/leaves.

Wool [49] proposed two schemes that insert an index head into packets for decryption. However, both of them require pre-planned subscription, which contradicts the fact that in pervasive computing and air data access, a node may change subscriptions at any moment.

Luby and Staddon [51] proposed a scheme to yield maximal resilience against arbitrary coalitions of non-privileged nodes.

Zero-message scheme was given by Fiat and Naor [52].

Blundo and Cresti [53] proposed that the broadcast server do not require dissemination of any message in order to generate a common key.

Naor et al., [54] proposed a stateless scheme to facilitate group members to obtain updated session keys even if they miss some previous key distribution messages. Although this scheme is more efficient than LKH in rekey operations, it mainly handles revocation when a node stops subscription. It does not efficiently support joins, which are crucial in our system.

Perrig et al., [62], Staddon et al., [65] proposed self-healing approaches for group members to recover the session keys by combining information from previous key distribution information. Compared with LKH-based approaches, key management schemes in broadcast route information encryption are less flexible regarding possible subscriptions.

2.5 Spectrum Management Policy for Wireless Ad Hoc Networks

Wireless communication attracts enormous investments, while at the same time user requirements continuously increase. Moreover, evolution in wireless technologies should keep pace with the aforementioned fields, in order to facilitate the integration of innovative services and applications in everyday communication. Ad hoc wireless networks will soon be utilized for public safety, military, sensor, and wireless 802.11 networks. These ad hoc networks will be peer to peer and do not include base stations. The communication method used in these networks will likely be dynamic spectrum access cognitive radio.

The regulations issued by the working group of Wireless World Research Forum with respect to Cognitive Radio and the efficient management of spectrum and radio resources in reconfigurable systems. An important requirement is gaining the spectrum regulatory community acceptance that machine readable spectrum access policies (both allocations and technical parameters) can be implemented in mobile transceivers on a real time basis to accomplish spectrum sharing. Other important regulatory and implementation issues are also addressed.

The regulation of radio spectrum has different characteristics:

Licensed spectrum for exclusive usage enforced and protected through the regulator. Frequency bands sold for being used by Universal Mobile Telecommunications System (UMTS) are an example for the exclusive usage rights at licensed spectrum.

Licensed Spectrum for Shared Usage restricted to a specific technology. The frequencies assigned to Digital European Cordless Telecommunications (DECT) and Personal Communications Service (PCS) are an example for this model. The secondary usage of underutilized licensed spectrum through intelligent radio systems is a different kind of sharing licensed spectrum and will be discussed.

Unlicensed Spectrum that is available to all users operating in conformance to regulated technical etiquettes or standards, like the U-NII bands at 5 GHz.

Open Spectrum allows anyone to access any range of spectrum without any permission under consideration of a minimum set of rules from technical standards or etiquettes that are required for sharing spectrum.

The report of the Federal Communications Commission (FCC’s) Spectrum Policy Task Force [FCCS, 70] defines spectrum regulatory mechanisms in a similar way. Professor Martin Cave [83] has expressed that Radio spectrum regulation has to take influence on the development of access protocols and standards to balance the following goals [JMP]. A new type of measurements improving spectrum opportunity identification is developed in the standardization group of IEEE 802.11k as given in Institute of Electrical and Electronics Engineers, Inc., [75] which provides means for measurement, reporting, estimation and identification of characteristics of spectrum usage. Spectrum awareness for distributed resource sharing in IEEE 802.11e/k as suggested by Mangold et al., [76], is described in [SMLB] while radio resource measurements for opportunistic spectrum usage on the basis of 802.11k are analyzed in [SMLB].

The aim of this study is to emphasize the identification of alternatives. Regulatory changes should be evolutionary starting at a national/regional level and move to a global basis. This study is directed for identification of a number of regulatory alternatives such as Cognitive Radio and Ad Hoc Networks. Dynamic Frequency Selection is the key enabling driver of next-generation wireless networks and cognitive radio networks with respect to efficiently managing spectrum and brought into view the relevant regulatory management policies and perspectives.

2.6 Summary of the Present Work

The overall work in this thesis is organized as follows:

Vulnerability Analysis and Defense against Attacks and Implications of Trust-Based Cross-Layer Security:

In chapter 3, a study is carried out to find various vulnerabilities and routing attacks. The main aim of this study is to analyze the implications of Trust-Based Cross-Layer Security (TBLS) using trust management scheme. Confidentiality and Authentication of packets is obtained in both link and routing layers of MANETs.

A framework was presented to enhance the Trust-Based Cross-Layer protocol which quantitatively measures trust, model trust propagation. The trust evaluation systems can defend against malicious attacks. Defense techniques are developed based on the identification of attacks against the trust systems. Use of the proposed trust evaluation system ensures security in ad hoc networks by establishing secure routing and assisting in malicious node detection. The distributed concept of the proposed system can significantly improve throughput in the network and effectively deal with detection of malicious behaviors in ad hoc networks.

In this work, a modification to Trust-Based Security Protocol has been developed to achieve confidentiality and authentication of packets at both link and routing layers of MANETs. Simulation results show considerable improvement in the performance and some of the attacks which are not covered in this work have to be addressed.

Improvement to Trust-Based Cross-Layer Security Protocol against Sybil Attacks (DAS):

In chapter 4, a study of the corruptive or malicious influences of Sybil attacks will be carried out. The aim of this study is to reduce the corruptive/malicious influences of Sybil attacks. Malicious users in general may create multiple identities with few trust relationships. Hence there is a disproportionately small gap in the graph between the honest nodes and the Sybil identities. The effectiveness of DAS both analytically and experimentally was simulated.

This work tried to reduce the corruptive influences of Sybil attacks. To enhance security in ad hoc networks, the trustworthiness of participating entities plays a vital role. The trust-based security-protocol is based on a cross-layer approach and designed to achieve confidentiality and authentication of packets at both routing and link layers. But it doesn’t address few attacks like Bad Mouthing Attack, On-Off Attack, and Conflicting Behavior Attack, Sybil Attack and Newcomer Attack.

In this work DAS has been proposed, a protocol for reducing of the corruptive/malicious influences of Sybil attacks. Malicious users in general may create multiple identities with few trust relationships. Hence there is a disproportionately small gap in the graph between the honest nodes and the Sybil identities. DAS exploits this property so as to restrict the number of Sybil identities created by a malicious user. The effectiveness of DAS both analytically and experimentally was simulated. This work tried to reduce the corruptive influences of Sybil attacks.

DAS relies on properties of the users’ underlying social network, namely that

the honest region of the network is fast mixing, and

malicious users may create many nodes but relatively few attack edges.

In all the simulation experiments with one million nodes, DAS ensured that

the number and size of Sybil groups are properly restricted for 99.8% of the honest users, and

an honest node can accept, and be accepted by, 99.8% of all other honest nodes.

Still a lot more dimensions have to be worked on and the future work is still wide open.

Enhanced Secure Route Formation Using Secure Key Management Mechanism For MANETS (SCRFKM):

In chapter 5 an efficient key management scheme namely SCRFKM is proposed. The aim of this study is to handle key distribution difficulties be exploring all possibilities in complex route formation possibilities and node activities.

SCRFKM is designed to have the following advantages.

it supports all route request activities in MANETs;

a node only needs to possess a single set of keys for all requested route formation operations, instead of separate sets of keys for each request, and

identify the minimum set of keys that must be changed to ensure routing security and minimize the rekey cost.

To enhance security in ad hoc networks, evaluation of the trustworthiness of participating entities plays a vital role, since trust is the major driving force for collaboration especially in route formation from source to destination. Wireless broadcast is an effective approach to find route information between any number of nodes. To provide secure access to routing table in wireless route formation, symmetric encryption is used to ensure that only nodes assume to own the valid keys have the capability of decrypting the route information. Regarding various broadcasts, an efficient key management to distribute and change keys for access control in route establishment is in great demand.

In this work, the issues of key management in support of secure wireless broadcast services for route formation were investigated. This proposed SCRFKM is scalable, efficient and secure key management approach in the broadcast system.

The key forest was used to exploit the overlapping nature between nodes and programs in broadcast services. SCRFKM allows multiple programs share a single tree so that the nodes subscribing these programs can hold fewer keys. In addition, shared key management approach was also proposed to further reduce rekey cost by identifying the minimal set of keys to be changed to ensure broadcast security. This approach is also applicable to other LKH based approaches to reduce the rekey cost as in SCRFKM.

The simulations show that SCRFKM can save about 25% of communication overhead and about 30%of decryption cost for each node, compared with logical key hierarchy based approaches.

Further deep investigations have to be explored in case of Rekey Operations.

Spectrum Management Policy for Wireless Ad Hoc Networks

Wireless communication attracts enormous investments, while at the same time user requirements continuously increase. Moreover, evolution in wireless technologies should keep pace with the aforementioned fields, in order to facilitate the integration of innovative services and applications in everyday communication. Ad hoc wireless networks will soon be utilized for public safety, military, sensor, and wireless 802.11 networks. These ad hoc networks will be Peer-to-Peer and not include base stations. The communication method used in these networks will likely be dynamic spectrum access cognitive radio.

The regulations issued by the working group of Wireless World Research Forum with respect to Cognitive Radio and the efficient management of spectrum and radio resources in reconfigurable systems. An important requirement is gaining the spectrum regulatory community acceptance that machine readable spectrum access policies (both allocations and technical parameters) can be implemented in mobile transceivers on a real time basis to accomplish spectrum sharing. Other important regulatory and implementation issues were also addressed.

The future of telecommunications is anticipated to be both an evolution of converged mobile communication systems and IP networks; at the same time, cognitive radio capabilities will lead to the ubiquitous availability of a great variety of innovative services, delivered via a multitude of Radio Access Technologies (RATs). To achieve this vision, it is mandatory to identify and embrace the requirements for support of heterogeneity in wireless access technologies; including the requirements and capabilities of different services, mobility patterns, devices, and so forth. The ability of terminals and network segments to seamlessly adapt to changes in the radio environment will be provided through the mechanisms offered by the re-configurability concept. Moreover, with the use of reconfigurable technologies, more flexible network architecture can be achieved and programmable network management can be carried out.

In such context, the major reasons and challenges were also prospected; that reconfigurable networks meet it outlined the migration of reconfigurable networks and cognitive radio and set the prospect for the basic radio resource management mechanisms needed to embrace their introduction and commercialization. Moreover, since the demand for spectrum gradually increases and will continue to do so in future systems, in this paper some key-issues were presented such as Dynamic Frequency Selection is the key enabling driver of next-generation wireless networks and cognitive radio networks with respect to efficiently managing spectrum and brought into view the relevant regulatory management policies and perspectives.