IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.

8, August 2009 241

MANET Security Issues

Nishu Garg† R.P.Mahapatra††

j.i.m.s c.s.Dept C.S.E Dept

Summary term that appeared in an article in The Economist

When a routing protocol for manet Networks (mobile and ad hoc regarding the structure of future military networks) and
networks) does a route discovery, it does not discover the Mobile, Multihop, Wireless Networking (perhaps the
shortest route but the route through which the route request flood most accurate term, although a bit cumbersome).
traveled faster. In addition, since nodes are moving, a route that There is current and future need for dynamic ad hoc
was the shortest one at discovery time might stop being so in
quite a short period of time. This causes, not only a much bigger
networking technology. The emerging field of mobile
end-to-end delay, but also more collisions and faster power and nomadic computing, with its current emphasis on
consumption. In order to avoid all the performance loss due to mobile IP operation, should gradually broaden and require
these problems, this paper develops a technique to periodically highly-adaptive mobile networking technology to
discover shortcuts to the active routes that can be used with any effectively manage multihop, ad hoc network clusters
destination vector routing protocol. It also shows which can operate autonomously or, more than likely, be
how the same mechanism can be used as a bidirectional route attached at some point(s) to the fixed Internet. MANET
recovery mechanism.[1] We consider the problem of can be established extremely flexibly without any fixed
incorporating security mechanisms into routing protocols for ad base station in battlefields, military applications, and other
hoc networks. Canned security solutions like IPSec are not
applicable. We look at AODV in detail and develop a security
emergency and disaster situation. (See Figure 1)[4]
mechanism to protect its routing information. We also briefly
discuss whether our techniques would also be applicable to other
similar routing protocols and about how a key management
scheme could be used in conjunction with the solution that we
provide. [2]
Key words:
AODV,I.P,MMN,IETF

1. Introduction
With recent performance advancements in computer and
wireless communications technologies, advanced mobile
wireless computing is expected to see increasingly Some applications of MANET technology could include
widespread use and application, much of which will industrial and commercial applications involving
involve the use of the Internet Protocol (IP) suite. The cooperative mobile data exchange.
vision of mobile ad hoc networking is to support robust In addition, mesh-based mobile networks can be operated
and efficient operation in mobile wireless networks by as robust, inexpensive alternatives or enhancements to
incorporating routing functionality into mobile nodes. cell-based mobile network infrastructures. There are also
Such networks are envisioned to have dynamic, existing and future military networking requirements for
sometimes rapidly-changing, random, multihop topologies robust, IP-compliant data services within mobile wireless
which are likely composed of relatively bandwidth- communication networks [1]--many of these networks
constrained wireless links. consist of highly-dynamic autonomous topology segments.
Also, the developing technologies of "wearable"
computing and communications may provide applications
2. Challenges in Ad hoc for MANET technology. When properly combined with
The technology of Mobile Ad hoc Networking is satellite-based information delivery, MANET technology
somewhat synonymous with Mobile Packet Radio can provide an extremely flexible method for establishing
Networking (a term coined via during early military communications for fire/safety/rescue operations or other
research in the 70's and 80's), Mobile Mesh Networking (a scenarios requiring rapidly-deployable communications

Manuscript received August 5, 2009

Manuscript revised August 20, 2009
242 IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009

with survivable, efficient dynamic networking. There are likely approach or exceed network capacity frequently. As
likely other applications for MANET technology which the mobile network is often simply an extension of the
are not presently realized or envisioned by the authors. It fixed network infrastructure, mobile ad hoc users will
is, simply put, improved IP-based networking technology demand similar services. These demands will continue to
for dynamic, autonomous wireless networks. increase as multimedia computing and collaborative
networking applications rise.

3. Characteristics of MANETs 3) Energy-constrained operation: Some or all of the nodes

in a MANET may rely on batteries or other exhaustible
A MANET consists of mobile platforms (e.g., a router means for their energy. For these nodes, the most
with multiple hosts and wireless communications important system design criteria for optimization may be
devices)--herein simply referred to as "nodes"--which are energy conservation.
free to move about arbitrarily. The nodes may be located
in or on airplanes, ships, trucks, cars, perhaps even on 4) Limited physical security: Mobile wireless networks
people or very small devices, and there may be multiple are generally more prone to physical security threats than
hosts per router. A MANET is an autonomous system of are fixed- cable nets. The increased possibility of
mobile nodes. The system may operate in isolation, or eavesdropping, spoofing, and denial-of-service attacks
may have gateways to and interface with a fixed network. should be carefully considered. Existing link security
In the latter operational mode, it is typically envisioned to techniques are often applied within wireless networks to
operate as a "stub" network connecting to a fixed internet reduce security threats. As a benefit, the decentralized
work. Stub networks carry traffic originating at and/or nature of network control in MANETs provides additional
destined for internal nodes, but do not permit exogenous robustness against the single points of failure of more
traffic to "transit" through the stub network. centralized approaches.
MANET nodes are equipped with wireless transmitters
and receivers using antennas which may be omni
directional (broadcast), highly- directional (point-to-point), 4. Goals of IETF Mobile Ad Hoc Network
possibly steer able, or some combination thereof. At a (manet) Working Group
given point in time, depending on the nodes' positions and
their transmitter and receiver coverage patterns, The intent of the newly formed IETF manet working
transmission power levels and co-channel interference group is to develop a peer-to-peer mobile routing
levels, a wireless connectivity in the form of a random, capability in a purely mobile, wireless domain. This
multihop graph or "ad hoc" network exists between the capability will exist beyond the fixed network (as
nodes. This ad hoc topology may change with time as the supported by traditional IP networking) and beyond the
nodes move or adjust their transmission and reception one-hop fringe of the fixed network.
parameters. The near-term goal of the manet working group is to
standardize one (or more) intra-domain unicast routing
MANETs have several salient characteristics: protocol(s), and related network-layer support technology
which:
1) Dynamic topologies: Nodes are free to move
arbitrarily; thus, the network topology--which is typically * provides for effective operation over a wide range of
multihop--may change randomly and rapidly at mobile networking "contexts" (a context is a set of
unpredictable times, and may consist of both bidirectional characteristics describing a mobile network and its
and unidirectional links. environment);

2) Bandwidth-constrained, variable capacity links: * supports traditional, connectionless IP service;

Wireless links will continue to have significantly lower
capacity than their hardwired counterparts. In addition, * reacts efficiently to topological changes and traffic
the realized throughput of wireless communications--after demands while maintaining effective routing in a mobile
accounting for the effects of multiple access, fading, noise, networking context.
and interference conditions etc.--is often much less than a
radio's maximum transmission rate.
5. IP-Layer Mobile Routing
One effect of the relatively low to moderate link
capacities is that congestion is typically the norm rather An improved mobile routing capability at the IP layer can
than the exception, i.e. aggregate application demand will provide a benefit similar to the intention of the original
IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009 243

Internet, viz. "an interoperable internetworking capability adherence to the IP addressing architecture. Supporting
over a heterogeneous networking infrastructure". In this these features appears only to require identifying host and
case, the infrastructure is wireless, rather than hardwired, router interfaces with IP addresses, identifying a router
consisting of multiple wireless technologies, channel with a separate Router ID, and permitting routers to have
access protocols, etc. Improved IP routing and related multiple wired and wireless interfaces.
networking services provide the glue to preserve the
integrity of the mobile internetwork segment in this more 5.2. Attacks using modification –
dynamic environment. False Sequence number
In other words, a real benefit to using IP-level routing in a
MANET is to provide network-level consistency for Malicious nodes can cause redirection of network traffic
multihop networks composed of nodes using a *mixture* and DoS attacks by altering control message fields.
of physical-layer media; i.e. a mixture of what are
commonly thought of as subnet technologies. A MANET
node principally consists of a router, which may be
physically attached to multiple IP hosts (or IP-addressable
devices), which has potentially *multiple* wireless
interfaces--each interface using a *different* wireless
technology. Thus, a MANET node with interfaces using Fig: 2
technologies A and B can communicate with any other
MANET node possessing an interface with technology A In AODV, any node may divert traffic through itself by
or B. MANET nodes making routing decisions using the advertising a route to a node with a
IP fabric can intercommunicate using either or both destination_sequence_num greater than the authentic
physical-layer topologies simultaneously. As new value.
physical-layer technologies are developed, new device
drivers can be written and another physical-layer multihop 5.3. Attacks using modification – False hop counts,
topology can be seamlessly added to the IP fabric. False source routes
Likewise, older technologies can easily be dropped. Such
is the functionality and architectural flexibility that IP- AODV uses the hop count field to determine a shortest
layer routing can support, which brings with it hardware path Malicious nodes can set hop count to zero. DSR uses
economies of scale. source routes in data packets
DoS attack can be launched in DSR by altering the source
5.1. Interaction with Standard IP Routing routes in the packet headers.

In the near term, it is currently envisioned that MANETs

will function as *stub* networks, meaning that all traffic
carried by MANET nodes will either be sourced or sinked
within the MANET because of bandwidth and possibly Fig: 3
power constraints, MANETs are not presently envisioned
to function as *transit* networks carrying traffic which
enters and then leaves the MANET (although this 5.4. Attacks using modification –
restriction may be removed by subsequent technology Tunneling
advances). This substantially reduces the amount of route
advertisement required for interoperation with the existing A tunneling attack is where two or more nodes may
fixed Internet. For stub operation, routing interoperability collaborate to encapsulate messages between them.
in the near term may be achieved using some combination
of mechanisms such as MANET-based anycast and
mobile IP.
Future interoperability may be achieved using
mechanisms other than mobile IP.
Interaction with Standard IP Routing will be greatly
facilitated by usage of a common MANET addressing
Fig: 4
approach by all MANET routing protocols. Development Similarly, tunneling attacks are also a security threat to
of such an approach is underway which permits routing multipath routing protocol.
through a multi-technology fabric, permits multiple hosts
per router and ensures long-term interoperability through
244 IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009

5.5. Attacks using Impersonation snoop network traffic, eplay transmissions, manipulate
packet headers, and redirect routing messages, within a
Spoofing occurs when a node misrepresents its identity in wireless network without appropriate security provisions.
the network. While these concerns exist within wired infrastructures
Forming Loops by Spoofing. and routing protocols as well, maintaining the "physical"
security of of the transmission media is harder in practice
with MANETs. Sufficient security protection to prohibit
disruption of modification of protocol operation is desired.
This may be somewhat orthogonal to any particular
routing protocol approach, e.g. through the application of
IP Security techniques.

6) "Sleep" period operation: As a result of energy

Fig: 5
conservation, or some other need to be inactive, nodes of
a MANET may stop transmitting and/or receiving (even
6. MANET Routing Protocol Performance receiving requires power) for arbitrary time periods. A
routing protocol should be able to accommodate such
Issues sleep periods without overly adverse consequences. This
To judge the merit of a routing protocol, one needs property may require close coupling with the link-layer
metrics—both qualitative and quantitative--with which to protocol through a standardized interface.
measure its suitability and performance. These metrics
should be *independent* of any given routing protocol. 7) Unidirectional link support: Bidirectional links are
typically assumed in the design of routing algorithms, and
The following is a list of desirable qualitative properties many algorithms are incapable of functioning properly
of MANET routing protocols: over unidirectional links.
Nevertheless, unidirectional links can and do occur in
1) Distributed operation: This is an essential property, but wireless networks. Oftentimes, a sufficient number of
it should be stated nonetheless. duplex links exist so that usage of unidirectional links is
of limited added value.
2) Loop-freedom: Not required per se in light of certain However, in situations where a pair of unidirectional links
quantitative measures (i.e. performance criteria), but (in opposite directions) form the only bidirectional
generally desirable to avoid problems such as worst-case connection between two ad hoc regions, the ability to
phenomena, e.g. a small fraction of packets spinning make use of them is valuable.
around in the network for arbitrary time periods. Ad hoc
solutions such as TTL values can bound the problem, but Essential parameters that should be varied include:
a more structured and well-formed approach is generally
1) Network size--measured in the number of nodes
desirable as it usually leads to better overall performance.

3) Demand-based operation: Instead of assuming an 2) Network connectivity--the average degree of a node

(i.e. the average number of neighbors of a node)
uniform traffic distribution within the network (and
maintaining routing between all nodes at all times), let the
routing algorithm adapt to the traffic pattern on a demand 3) Topological rate of change--the speed with which a
network's topology is changing
or need basis. If this is done intelligently, it can utilize
network energy and bandwidth resources more efficiently,
at the cost of increased route discovery delay. 4) Link capacity--effective link speed measured in
bits/second,after accounting for losses due to multiple
4) Proactive operation: The flip-side of demand-based access, coding, framing etc.
operation. In certain contexts, the additional latency
demand-based operation incurs may be unacceptable. If 5) Fraction of unidirectional links--how effectively does a
bandwidth and energy resources permit, proactive protocol perform as a function of the presence of
operation is desirable in these contexts. unidirectional links?

5) Security: Without some form of network-level or link- 6) Traffic patterns--how effective is a protocol in adapting
layer security, a MANET routing protocol is vulnerable to to non-uniform or bursty traffic patterns?
many forms of attack. It may be relatively simple to
IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009 245

7) Mobility--when, and under what circumstances, is 8. Conclusion

temporal and spatial topological correlation relevant to the
performance of a routing protocol? In these cases, what is Importance of MANET cannot be denied as the world of
the most appropriate model for simulating node mobility computing is getting portable and compact.
in a MANET? Unlike wired networks, MANET pose a number of
challenges to security solutions due to their unpredictable
8) Fraction and frequency of sleeping nodes--how does a topology, wireless shared medium, heterogeneous
protocol perform in the presence of sleeping and resources and stringent resource constraints etc.
awakening nodes? Security is not a single layer issue but a multilayered issue.
It requires a multi fence security solution that provides
A MANET protocol should function effectively over a complete security spanning over the entire protocol
wide range of networking contexts--from small, stack.The Study of this important issue reveals that
collaborative, ad hoc groups to larger mobile, multihop security is divided into different directions of the work
networks. The preceding discussion of characteristics and like secure routing, key exchange, distribution and
evaluation metrics somewhat differentiate MANETs from management, secure architecture, intrusion detection and
traditional, hardwired, multihop networks. The wireless protection etc.
networking environment is one of scarcity rather than The Security research area is still open as many of the
abundance, wherein bandwidth is relatively limited, and provided solutions are designed keeping a limited size
energy may be as well. scenario and limited kind of attacks and vulnerabilities
As in wired network role definition has been very crucial
In summary, the networking opportunities for MANETs in security, keeping the same idea in mind we can apply
are intriguing and the engineering tradeoffs are many and the role based security in MANETs.
challenging. A diverse set of performance issues requires Community based solution can be
new protocols for network control.[3] used in role specification. Under this scenario policy
distribution techniques, grouping policy, membership
management are the major areas to work on.
7. Security Considerations Agent oriented solutions are very useful in many areas.
Similarly MANETs security can also be exploited due to
Mobile wireless networks are generally more prone to its distributed nature.
physical security threats than are fixed, hardwired Ad Hoc networks pose an interesting problem in
networks. Existing link-level security techniques (e.g. networking with dynamic routing and highly insecure
encryption) are often applied within wireless networks to working environment Need of Secure, Scalable, Reliable
reduce these threats. Absent link-level encryption, at the and Efficient algorithms for Key management and
network layer, the most pressing issue is one of inter- Routing.
router authentication prior to the exchange of network
control information. Several levels of authentication Passive attacks: Necessary and sufficient condition is
ranging from no security (always an option) and simple cooperation between nodes;
shared-key approaches, to full public key infrastructure- The network performance severely degrade when a large
based authentication mechanisms will be explored by the percentage of node do not cooperate in p.f. function;
group. As an adjunct to the working groups efforts, Then: need to enforce collaboration between nodes.
several optional authentication modes may be
standardized for use in MANETs. Active attacks: Routing protocols do not care of security
Security Requirements of Ad-Hoc Network Security aspect;
Requirements of Ad-Hoc Network are: Then:
Need of securing routing protocol;
• Route signaling can’t be spoofed Need of authentication mechanism to prevent spoofing
• Fabricated routing messages can’t be injected attack;
into the network Need of integrity of routing messages.
• Routing messages can’t be altered in transit
• Routing loops can’t be formed by through
malicious action
• Routes can’t be redirected from the shortest path
by malicious action
• Unauthorized nodes should be excluded from
route computation and discovery.
246 IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009

References

[1] Manel Guerrero Zapata: "Shortcut Detection and

Route Repair in Ad-hoc Networks". In Proceedings
of the Third IEEE International Conference on
Pervasive Computing and Communications
Workshops (PERCOMW'05), pp. 237-242. March
2005
[2] Manel Guerrero Zapata and N. Asokan: "Securing Ad
hoc Routing Protocols". In Proceedings of the 2002
ACM Workshop on Wireless Security (WiSe 2002),
pages 1-10. September 2002.
[3] Adamson, B., "Tactical Radio Frequency
Communication Requirements for IPng", RFC 1677,
August 1994.
[4] Sanzgiri K, Dahill B, Levine B.N and Belding-Royer
E.M, “A secure routing protocol for Ad-hoc
networks,” Proc. Of IEEE ICNP, 2002
[5] Zhou L. and Haas Z.J, “Securing Ad Hoc Networks,”
IEEE Network Magazine, vol. 13, no. 6, 1999
[6] L. Zhou and Z. J. Haas, “Securing Ad Hoc Networks”,
IEEE Networks, Volume 13, Issue 6 1999
[7] H. Luo, P. Zerfos, J. Kong, S. Lu and L. Zhang,
“Self-securing Ad Hoc Wireless Networks”, IEEE
ISCC 2002
[8] Michał Grega, Jakub Jakubiak, Krzysztof Marcisz,
Szymon Szott, “Security in Ad Hoc Networks”
[9] H Yang, H Y. Luo, F Ye, S W. Lu, and L Zhang,
Security in Mobile Ad hoc Networks: Challenges and
Solutions, IEEE Wireless Communications. February
2004. Adam Burg, “Seminar on Ad Hoc Network
Specific Attacks”
[10] Tao Lin, “Mobile Ad-hoc Network Routing
Protocols: Methodologies and Applications”, Ph.D.
Dissertation, Computer Engineering, Virginia
Polytechnic Institute and State University,
Blacksburg, Virginia, 2004.
[11] Yacine Rebahi, Vicente .E Mujica-V, Cyprien
Simons and Dorgham Sisalem, SAFE: Securing
pAcket Forwarding in ad hoc nEtworks, 5th
Workshop on Applications and Services in Wireless
Networks, ASWN 2005, June 29th - July 1st, 2005.
[12] M. Ramkumar, N. Memon, KPI: A Security
Infrastructure for Trusted Devices, Pre-Conference.
Workshop, 12th Annual Network and Distributed
System Security Symposium, San Diego, California,
2 February 2005.
[13] L.Buttyan, J.Hubaux, “Stimulating Cooperation in
Self-Organizing Mobile Ad Hoc Networks,” ACM
Journal for Mobile Networks, Special Issue on
Mobile Ad Hoc Networking, 2002.