Professional Documents
Culture Documents
DOI 10.1007/s11276-016-1240-0
123
Wireless Netw
messages from the side of a genuine MC by preventing Anonymity It means that all the information needed to
the genuine user from accessing network services [19]. recognize the present user must be kept confidential and
Intentional Collision of Frames When two or more not disseminated to other communicating parties.
nodes try to send at same frequency and time, then Availability It makes certain the survivability of
collision occurred that causes the frames to be rejected network services nevertheless of DoS attacks, in which
or retransmitted. The challenger violates the communi- the whole nodes in the network are the attack objective,
cation protocol and continuously transmits the messages and thus some selfish nodes make the network services
in an attempt to make the collisions. An attacker can also engaged [3338].
use repeated collisions to cause resource exhaustion [19].
Security is a key requirement in WMNs. In Sect. 2, we
Compromised or Forged MR An attacker compromises
analyzed some of the paper related to the attack detection and
one or more MRs in a network by physical tampering or
defense techniques in WMN. Some techniques for detection
logical break-in. The opponent may announce rogue
of various attack are present, but still those papers have the
MRs to launch a variety of attacks. MRs that is fake or
following problems: (1) excessive packets are directly aban-
compromised may be used to attack the wireless link to
doned instead of processed and lower priority Packets are
implement the attacks such as passive eavesdropping,
discarded which may cause packet loss [39]; (2) the protocol
jamming, replay and false message injection, traffic
[40] incurs little overhead in terms of control overhead due to
analysis, and so forth [19].
cryptographic extension and acquisition delay; (3) simulation
Pre-Computation and Partial Matching Attack In a pre-
result found in [41] shows that this system is not so secure for
computation attack or time memory trade-off (TMTO)
large number of nodes, and it has higher running time; (4)
attacks, the attacker calculates and gathers the infor-
WARP [42] initially suffers from packet loss due to the
mation before launching the attack. When actual
probable selection of wormhole nodes; and (5) there will be
transmission starts, the attacker uses the information,
always some detection inaccuracy in this method [43].
which is calculated before to accelerate the cryptanal-
From the analysis, we find that attacks are the major issues
ysis process. TMTO attacks are against a large number
while providing security. We find that the wormhole attacks
of cryptographic solutions [19].
and DoS attacks are big issue in securing WMN, so we will try
Impersonation Attack Compromised nodes may be able
to develop a mechanism that is able to detect these attacks. In
to join the network and cause the serious problems
this paper, we propose a Monitoring Technique for Worm-
when appropriate authentication of parties is not
hole-Free Routing and DoS Attack Defense in WMNs. This
supported. This node sends the false routing informa-
technique can eliminate wormhole and DoS attacks while
tion and acts like some other trusted nodes [2027].
achieving better performance compared to the existing works.
The security requirements of Wireless Mesh Networks The paper is organized as follows. Section 2 describes
are as follows [2832]: the related works and Sect. 3 provides the detailed expla-
nation of the proposed work. Section 4 explains the sim-
Confidentiality It means that the confidential informa-
ulation results. Finally, Sect. 5 concludes the work.
tion is accessible only to those who are authoritative to
access that.
Integrity It assured that a message that is being
transferred is never corrupted. Integrity can be com- 2 Literature review
promised mainly in the following two ways: (1)
malicious altering in which a message could be Luan et al. [39] have discussed about the detection of
detached, replayed, or revised by an antagonist by a Denial of Service (DoS) attacks in WMN and proposed a
malicious attacker and (2) accidental altering which is detection scheme based on zone-based hierarchical net-
like a transmission error, goals on the network that is work model. End-to-end authentication, the utilization rate
observed as malicious altering. of cache memory, two-threshold value, and distributed
Authenticity It assured that the competitors in commu- voting are used to detect DoS attackers. Packet received
nication are authentic or not (imitators). delay, transmission rate, packet load, and byte load are the
Non-repudiation It guarantees that the sender and the performance metrics considered. This scheme successfully
receiver of a message cannot contradict. It is construc- decreases the harm that is caused by a DoS attack and
tive for recognition and segregation of a node with improves the reliability of the network. While forwarding
some nonstandard behavior. message packets, the excessive packets will be directly
Authorization Here, an entity is issued a permit by the abandoned instead of processing when a neighbors packet
confidence certificate authority. Authorization assigns reach the threshold, and at the time of DoS attack, lower
the diverse access rights to uncommon levels of users. priority packets will be discarded.
123
Wireless Netw
Bansal et al. [40] have proposed a secure Hybrid WMN wormhole free routing and DoS attack defense. We assume
(HWMN) routing protocol for WMN, which is a secure H hybrid WMN (HWM).
extension of layer-2 routing protocol for IEEE 802.11s. This In the proposed solution, first we will apply the finite
technique employs the cryptographic extensions for providing state model [43] in which the node keeps the information of
the authenticity and integrity of HWMN protocol routing its sender and neighborhood receiver along with the
messages and thwarts unauthorized manipulation of variable information of the neighbor nodes that receive the broad-
fields in the routing information elements. The performance cast messages (RREQ) sent by the node itself with
metrics like throughput are discussed here. However, it encryption keys. Each node acts as a monitor node for its
experiences little overhead in terms of control overhead due to neighbors. For a routing session, each monitor node
cryptographic extension and acquisition delay. examines a sequence of interleaved Local Message Block
Kandah et al. [41] have discussed various malicious (LMB) with authorized certificates. For every T second, the
attacks and proposed an effective secure key management monitoring node appeals to a detection algorithm that maps
scheme (SKeMS) in WMN. This scheme seeks an encryption its neighbors into two clusters and then classifies into two
key assignment such that the persuaded network is securely types, namely selfish node and cooperative node.
key associated and well sheltered against potential malicious Using the collected information of RREQ and RREP by
eavesdropping attacks. This scheme assigns the available the monitoring nodes, route requests traversing the worm-
encryption keys amid entire nodes in the network. The per- hole link are detected, and a wormhole-aware secure
formance metrics like neighbor compromise ability ratio, routing [42] is established. Wormhole-free paths are
malicious eavesdropping ability ratio, running time, and total selected by monitoring received RREQs by checking the
neighbor compromise ability are used. Simulation results state transition table of the neighboring nodes. The route
find that the MEA ratio increases with increase in number of discovery procedure will be similar to Hybrid Wireless
nodes, which means that this system is not so secure for large Mesh Protocol (HWMP). It is the default path-selection
number of nodes, and it has higher running time. (routing) protocol for IEEE 802.11-based WMN. It is a
Matam et al. [42] have proposed a wormhole-resistant combination (hybrid) of on-demand route selection mode
secure routing algorithm (WRSR) in WMN to notice the and proactive tree-based approach [42].
presence of wormhole through route discovery process and For the detection of DoS attacks, a table for priority is
quarantine it. WRSR knows route requirements negotiating a setup by the monitoring node for each of its neighbors based
wormhole and prevents such routes from being established. on the frequency of sending data [39]. When the collabo-
WRSR employs the unit disk graph for deciding the essential rated DoS attack occurs, packets with low priority will be
and adequate circumstance for identifying a wormhole-free discarded first to ensure stable transmission of legitimate
path. WRSR contain its capability to protect against all forms nodes. The corresponding DoS attacker node will be
of wormhole attacks without relying on any extra hardware. removed from the routing table by the edge routers (Fig. 1).
Performance metrics such as packet delivery ratio, latency,
packet loss, and detection rate are used. However, WARP 3.2 Finite state model [43]
initially suffers from packet loss due to the credible selection
of wormhole nodes in the initial route discovery process. In this finite state model, a message unit has been defined.
Gamer et al. [43] have proposed inference-based clustering This message unit contains all the messages analogous to a
algorithm for identifying the selfish nodes in Wireless Mesh RREQ broadcast and the unicast RREP. In this message
Network. The statistical theory of inference is primarily uti- unit, not all the transmissions are observed by a node. A
lized for providing reliable clustering of the nodes by local node can monitor only the part of message unit, the Local
observations of the nodes. In each node, a finite state model is Message Unit (LMU). LMU allows a node to observe the
built on AODV protocol based on local surveillance. The transmitted messages by its neighbor nodes and messages
performance metrics like packet dropping, detection rate, false overheard. A node maintains the details of its sender and
alarm rate and detection rate are used here. However, there will neighborhood receiver for all message transmission in a
be always some detection inaccuracy present in this approach. LMU. The neighbor nodes that receive the RREQ messages
from the node are monitored by the node itself (Fig. 2).
From the above figure, we can observe various states
3 Proposed solution (numeric present on the node represent the state of the
node) that a neighbor node goes through for each LMU.
3.1 Overview The numbers mentioned on the nodes are explained in the
Table 1. In the above figure, shaded nodes represent their
In order to solve the issues mentioned in the previous final sates. Each message causes a state transition in each
section, we propose an anomaly detection technique for of its neighbor nodes finite state machine. The neighbor
123
Wireless Netw
123
Wireless Netw
123
Wireless Netw
the neighbor node on receiving the RREQ and identify a this priority mechanism, the highest priority data packets
RREQ that traverses a wormhole. A received RREQ should are sent at the first turn. The priority of the data packets is
satisfy the necessary wormhole-free path criterion, which decided by the nodes priority, that is, if a node sends k
can be detected by a neighbor node of a wormhole node number of data packets in 1 s, then the nodes priority will
and can easily be set apart. be changed to 1/k by its neighbors. So, in this way, the data
Wormhole-Free Routing Algorithm packets with the highest priority are processed first in the
network [39].
Step 1: Initially, WFR checks if any route exists from
Node assigns a buffer in each neighbor nodes. The
source node S or not. If no route exists, then the
threshold value of the buffer is set to Pn. The neighbor with
source node broadcasts a new RREQ (RREQN)
higher priority is allocated to more buffers. This means that
message to all the nodes in the network.
the Pn of the neighbor is larger. When a neighbors packets
Step 2: When an intermediate node (NI) receives his
have reached the threshold, then its excessive packets will
RREQN, it checks RREQID and sequence number
be directly abandoned instead of processed and extra
received in RREQN. This RREQN may reach an
allocated buffer will be taken back.
intermediate node through different hop
Each node set a threshold P for its total size of buffer,
addresses in the network.
which is the sum of all Pn (P = P1 ? P2 ? Pn). When
Step 3: Node NI compares the two-hop address present
some nodes join to launch a collaborated DOS attack and
in RREQN with the two-hop addresses of a set of
the total used buffer exceeds the threshold P, some packets
existing routing entries in the network. If this
will be discarded, and their allocated buffer would be taken
matches, then the routing table will be updated.
back. Packets with lower priority will be discarded more.
Step 4: Furthermore, if no matching found, then node NI
If a node finds its neighbor node being a DoS attacker,
compares the three and four-hop addresses
it will notify its backbone router. Then, the backbone
present in RREQN.
router would disconnect the attacker with the network and
Step 5: If any one of the three-/four-hop addresses
would revoke its authorized key and update the key pair
present in RREQN matches, then the RREQ is
of the network. Finally, the backbone router announces
selected and state of the routing entry is set to
that this neighbor node is an ineligible user to the other
stable.
neighbor nodes and its neighbor backbone router [39]
Step 6: If none of the comparisons match, a new
(Fig. 4).
transient routing entry is created for the
In the above figure, the node X and node Y need to
corresponding RREQID.
transfer data packets to node B and node C, but the node
Step 7: While comparing the two hop addresses present
Y is an attacked node in the network, that is, the node
in the RREQN, the HWMP rejects the selfish
X ? node C and node Y ? node B. This transmission of
nodes (SN) that are found in the above Sect. 3.2.
the data packets takes through node A. This node A
before transmitting the data packets, it checks the priority
3.3.1 RREQ and RREP process table (Table 3). According to the priority of the data
packets, the node A transmits the data packets to the next
The main goal of WFR is to choose a wormhole-free path node. From the below table, we can observe that the data
for the transmission. Neighbor nodes monitor the received packets of node X have higher priority than the node Y
RREQs just to find the paths, which are free from worm- since node Y is malicious node. Due to this reason, the
holes. When an RREQ is confirmed to be wormhole free, the priority of node Ys data packets will be lesser than the
corresponding routing entry is elevated to stable state from node Xs data packets in the network. So, the data packets
transient state. Like all the intermediate nodes in the net- of the node X will be processed first at the node A. This
work, the intermediate node NI processes multiple RREQs priority table is formed based on the Finite State
to the destination node before selecting an optimal worm- Machine.
hole-free path also satisfying the route selection criteria. It
unicasts an RREP to receive a stable RREQ. Consequently,
intermediate nodes broadcast the RREP through wormhole- 4 Simulation results
free routes, which are found in the network.
4.1 Simulation model and parameters
3.4 DDoS attack detection
The Network Simulator (NS2) [44], is used to simulate the
In this approach, the priority mechanism has been adopted proposed architecture. In the simulation, 50 mobile nodes
in order to reduce the DDoS attackers in the network. In move in a 500 m 9 500 m region for 50 s of simulation
123
Wireless Netw
123
Wireless Netw
Delay(Sec)
8 20
6 WRDAD 15 WRDAD
4 WRSR 10 WRSR
2 5
0 0
1 2 3 4 5 1 2 3 4 5
Attackers Attackers
Attackers Vs Drop(Scen-1)
4000 Attackers Vs Drop(Scen-2)
30000
3000
WRDAD
Pkts
Pkts
WRSR
1000 10000 WRSR
0 0
1 2 3 4 5 1 2 3 4 5
Attackers Attackers
0 0
1 2 3 4 5 1 2 3 4 5
Attackers Attackers
Fig. 8 Attackers versus delivery ratio Fig. 11 Attackers versus delivery ratio
4.4 Scenario-2 (through mesh gateway) when compared to WRSR. This is due to the fact that
WRDAD eliminates both selfish and DDoS attacks, in
In this scenario, the data is transmitted from a mesh node to addition to worm-hole attacks.
another mesh node using the mesh gateway. Here also, the
number of DoS and worm-hole attackers are as varied from
1 to 5. 5 Conclusion
Figure 9 shows the delay of WRDAD and WRSR
techniques for increased number of attackers. It is trivial In this paper, a monitoring technique for Wormhole-Free
that when the attackers are more, the end-to-end delay Routing and DoS Attack Defense for Wireless Mesh Net-
increases because of detections and eliminations, as seen in works is proposed. Initially, finite-state model is applied
the figure. From the figure, we can see that the delay is where the node keeps the information about its RREQ that
same up to 2 attackers for both the schemes and beyond 2 is sent and received in its neighborhood. Wormhole-free
attackers, WRDAD attains 22 % lesser delay than WRSR, routes are discovered through a wormhole-aware secure
since it mitigates the DoS attacks also in addition to worm- routing in the network. Lastly, the priority mechanism is
hole attacks. applied where the data packets are transmitted based on
When the attackers are increased, naturally the packet their priority. Based on the finite-state model and priority
drop will be more thus degrading the packet delivery ratio. mechanism, the malicious or wormhole nodes in the net-
Figures 10 and 11 show the packet drop and delivery ratio work are removed. Through this approach, it possible to
of WRDAD and WRSR techniques, respectively, for more achieve wormhole-free routes, and also the network can
number of attackers. We can see that the packet drop is differentiate between the cooperative nodes and selfish
65 % less and delivery ratio is 35 % more for WRDAD nodes, and remove these selfish nodes from the network.
123
Wireless Netw
By simulation results, it was shown that the proposed 18. Yen, Y.-S., et al. (2011). Flooding-limited and multi-constrained
technique reduces the packet drop due to attacks and QoS multicast routing based on the genetic algorithm for
MANETs. Mathematical and Computer Modelling, 53(1112),
increases the packet delivery ratio. Although the current 22382250.
work focuses on static mesh network, the future work will 19. Sen, J. (2013). Secure and privacy-preserving authentication
focus on mobile mesh network. protocols for wireless mesh networks. Innovation Lab, Tata
Consultancy Services Ltd. eprint arXiv: 1209.1803, Publication
Date: 09/2012. doi:10.5772/39176. www.intechopen.com.
20. Redwan, H., & Kim, K.-H. (2008). Survey of security require-
ments, attacks and network integration in wireless mesh net-
References works. 978-0-7695-3540-1/08 $25.00 2008 IEEE. doi:10.1109/
FCST.2008.
1. Jayanthi, M., & Mukunthan, M. A. (2012). A security architec- 21. Spyropoulos, T., et al. (2010). Routing for disruption tolerant
ture for implementing anonymity and traceability in wireless networks: Taxonomy and design. Wireless Networks, 16(8),
mesh network using clustering concept. International Journal of 23492370.
Soft Computing and Engineering (IJSCE). ISSN: 2231-2307, vol 22. Vasilakos, A., et al. (2012). Delay tolerant networks: Protocols
1, Issue-ETIC-2011. and applications. Boca Raton: CRC Press.
2. Li, C., Wang, Z., & Yang, C. (2011). Secure routing for wireless 23. Youssef, M., et al. (2014). Routing metrics of cognitive radio
mesh networks. International Journal of Network Security, 13(2), networks: A survey. IEEE Communications Surveys and Tutori-
109120. als, 16(1), 92109.
3. Oliviero, F., & Romano, S. P. (2008). A reputation-based metric 24. Woungang, I., et al. (2013). Routing in opportunistic networks.
for secure routing in wireless mesh networks. In IEEE GLO- Berlin: Springer.
BECOM, 978-1-4244-2324-8/08/$25.00 . IEEE. 25. Zhang, X. M., et al. (2015). Interference-based topology control
4. Lin, H., Ma, J., Hu, J., & Yang, K. (2012). PA-SHWMP: A algorithm for delay-constrained mobile Ad hoc networks. IEEE
privacy-aware secure hybrid wireless mesh protocol for IEEE Transactions on Mobile Computing, 14(4), 742754.
802.11s wireless mesh networks. EURASIP Journal on Wireless 26. Duarte, P. B. F., et al. (2012). On the partially overlapped channel
Communications and Networking. doi:10.1186/1687-1499-2012- assignment on wireless mesh network backbone: A game theo-
69. retic approach. IEEE Journal on Selected Areas in Communica-
5. Khan, K., & Akbar, M. (2008). Authentication in multi-hop tions, 30(1), 119127.
wireless mesh networks. World Academy of Science, Engineering 27. Attar, A., et al. (2012). A survey of security challenges in cog-
and Technology, 2(10). nitive radio networks: Solutions and future research directions.
6. Zeng, Y., et al. (2013). Directional routing and scheduling for Proceedings of the IEEE, 100(12), 31723186.
green vehicular delay tolerant networks. Wireless Networks, 28. Vasilakos, A. V., et al. (2015). Information centric network:
19(2), 161173. Research challenges and opportunities. Journal of Network and
7. Jing, Q., et al. (2014). Security of the internet of things: Per- Computer Applications, 52, 110.
spectives and challenges. Wireless Networks, 20(8), 24812501. 29. Yao, Y. et al. (2013) EDAL: An energy-efficient, delay-aware,
8. Wang, X., et al. (2012). A survey of green mobile networks: and lifetime-balancing data collection protocol for wireless sen-
Opportunities and challenges. MONET, 17(1), 420. sor networks. In MASS 1(pp. 82190).
9. Li, X., et al. (2015). A review of industrial wireless networks in 30. Marwaha, S. et al. (2004). Evolutionary fuzzy multi-objective routing
the context of industry 4.0. Wireless Networks. doi:10.1007/ for wireless mobile ad hoc networks. In Evolutionary Computation,
s11276-015-1133-7. 2004. CEC2004. Congress on. (Vol. 2, pp. 19641971).
10. Li, P. et al. (2012). CodePipe: An opportunistic feeding and 31. Vasilakos, A. et al. (2003). Optimizing QoS routing in hierar-
routing protocol for reliable multicast with pipelined network chical ATM networks using computational intelligence tech-
coding. In INFOCOM (pp. 100108). niques. IEEE Systems, Man, and Cybernetics, Part C: Appli-
11. Song, Y., et al. (2014). A biology-based algorithm to minimal cations and Reviews.
exposure problem of wireless sensor networks. IEEE Transac- 32. Quan, W. et al. (2014). TB2F: Tree-bitmap and bloom-filter for a
tions on Network and Service Management, 11(3), 417430. scalable and efficient name lookup in content-centric networking.
12. Liu, L., et al. (2015). Physarum optimization: A biology-inspired In IFIP Networking.
algorithm for the steiner tree problem in networks. IEEE Trans- 33. Aswal, M. S., Rawat, P., & Kumar, T. (2009). Threats and vul-
actions on Computers, 64(3), 819832. nerabilities in wireless mesh networks. International Journal of
13. Liu, Y., et al. (2010). Multi-layer clustering routing algorithm for Recent Trends in Engineering, 2(4).
wireless vehicular sensor networks. IET Communications, 4(7), 34. Yao, G., et al. (2015). Passive IP traceback: Disclosing the
810816. locations of IP spoofers from path backscatter. IEEE Transac-
14. Busch, C., et al. (2012). Approximating congestion ? dilation in tions on Information Forensics and Security, 10(3), 471484.
networks via quality of routing games. IEEE Transactions on 35. Yang, H., et al. (2014). Provably secure three-party authenticated
Computers, 61(9), 12701283. key agreement protocol using smart cards. Computer Networks,
15. Li, P., et al. (2014). Reliable multicast with pipelined network 58, 2938.
coding using opportunistic feeding and routing. IEEE Transac- 36. Liu, B., et al. (2014). Toward incentivizing anti-spoofing
tions on Parallel and Distributed Systems, 25(12), 32643273. deployment. IEEE Transactions on Information Forensics and
16. Meng, T., et al. (2015). Spatial reusability-aware routing in multi- Security, 9(3), 436450.
hop wireless networks. IEEE Transactions on Computers. doi:10. 37. Zhou, J., et al. (2015). Secure and privacy preserving protocol for
1109/TC.2015.2417543. cloud-based vehicular DTNs. IEEE Transactions on Information
17. Dvir, A., et al. (2011). Backpressure-based routing protocol for Forensics and Security, 10(6), 12991314.
DTNs. ACM SIGCOMM Computer Communication Review, 38. Liu, J., et al. (2016). Leveraging software-defined networking for
41(4), 405406. security policy enforcement. Information Sciences, 327, 288299.
123
Wireless Netw
39. Luan, L., Fu, Y., & Xiao, P. (2012). An effective denial of service Dr. S. Mercy Shalinie is
attack detection method in wireless mesh networks. Physics working as Professor and Head
Procedia, 33, 354360. of the Department of Computer
40. Bansal, D., Sofat, S., & Singh, G. (2010). Secure routing protocol Science and Engineering Thia-
for hybrid wireless mesh network (HWMN). In Computer and garajar College of Engineering,
Communication Technology (ICCCT), 2010 International Con- Madurai, India. She has pub-
ference (pp. 837843). Print ISBN: 978-1-4244-9033-2, 978-1- lished over 130 research papers
4244-9034/10/$26.002010 IEEE, 1719 Sept. 2010. in referred journals and reputed
41. Kandah, F., Singh, Y., & Zhang, W. (2012). Mitigating eaves- conferences. Her area of research
dropping attack using secure key management scheme in wireless interest includes Machine
mesh networks. Journal of Communications, 7(8), 596605. Learning and Security Systems.
42. Matam, R., & Tripathy, S. (2013). WRSR: Wormhole-resistant
secure routing for wireless mesh networks. EURASIP Journal on
Wireless Communications and Networking.
43. Sen, J. (2010). Efficient routing anomaly detection in wireless
mesh networks. In First International Conference on Integrated
Intelligent Computing, 978-0-7695-4152-5/10 $26.00 2010
IEEE.
44. Network Simulator: http://www.isi.edu/nsnam/ns.
123