04/09/23 1Dept. of ECE

EAACKEAACK—A Secure —A Secure Intrusion-DetectionIntrusion-DetectionSystem for MANETsSystem for MANETs

04/09/23 2Dept. of ECE

ContentsContents Introduction What is MANET???? Need For IDS???? IDS

1. Watch dog2. TWOACK3. AACK

EAACK Performance Evaluation Simulation configuration Advantages Future enhancement Conclusion Reference

04/09/23 3Dept. of ECE

IntroductionIntroduction

MANET -Mobile Ad hoc NETworks

IDS -Intrusion Detection Systems

EAACK-Enhanced Adaptive ACKnowledgement

04/09/23 4Dept. of ECE

Mobile Ad hoc NETworksWireless networkAd hoc = “for this PURPOSE”Used to exchange informationNODES = transmitter + receiver

Nodes may be mobileEach node is willing to forward data to other nodesCommuncation can be direct or indirectNodes communicates directly within their rangesOtherwise rely on neighbours (indirectly)

04/09/23 5Dept. of ECE

Continuation.....Continuation.....

Properties of MANETsNo fixed infrastructureSelf configuring abilityDynamic topologyDecentralized network

04/09/23 6Dept. of ECE

Continuation….Continuation….

Routes between nodes may contain multiple hopsNodes act as routers to forward packets for each otherNode mobility may cause the routes change

AB

C

D

AB

C D

04/09/23 7Dept. of ECE

Continuation….Continuation….

Application of MANETSMilitary application◦ Combat regiment in the field ◦ Perhaps 4000-8000 objects in constant unpredictable motion.◦ Intercommunication of forces ◦ Proximity, plan of battle

Sensor networksAutomotive networksIndustrial application

04/09/23 8Dept. of ECE

MANET vulnerable to malicious attackersoOpen mediumoWide distribution of nodes

Routing protocols assumes nodes are always cooperative

Nodes are not physically protected

04/09/23 9Dept. of ECE

IDSIDS Intrusion Detection SystemDetect and report the malicious activity in ad hoc

networksResearchers have proposed a number of

collaborative IDS system

1. Watch dog

2. TWOACK

3. AACK

04/09/23 10Dept. of ECE

Watch dogWatch dog

04/09/23 11Dept. of ECE

Ambiguous collisionAmbiguous collision

04/09/23 12Dept. of ECE

Receiver collisionReceiver collision

04/09/23 13Dept. of ECE

Limited transmission powerLimited transmission power

04/09/23 14Dept. of ECE

False misbehaviour reportFalse misbehaviour report

04/09/23 15Dept. of ECE

TWOACKTWOACK

04/09/23 16Dept. of ECE

Continuation....Continuation.... Acknowledgment-based network layer scheme

Neither an enhancement or watch dog based scheme

Acknowledge every data packet transmitted over every

three consecutive nodes

On receiving a packet , each node is required to send

back an acknowledgment packet to the node that is two

hops away from it.

Solves receiver collision and limited transmission power

problem

Network overhead is present

04/09/23 17Dept. of ECE

AACKAACKAdaptive ACKnowledgementAcknowledgment-based network

layer schemeReduce network overheadCombination of TACK (similar to

TWOACK) and ACKACK-End to end acknowledgment

scheme

04/09/23 18Dept. of ECE

•ACKACK

•S will switch to TACK scheme if it doesn’t get any ACK packet within predefined time

04/09/23 19Dept. of ECE

The need of new IDS???The need of new IDS???Both TWOACK and AACK fails in

1. False misbehaviour report2. Forged acknowledgement packet

04/09/23 20Dept. of ECE

EAACKEAACKEnhanced Adaptive ACKnowledgementEfficient and secure intrusion detection

system for MANETsHigher malicious behaviour detection rates

with minimal effect on network performanceEAACK mechanism can be divided to three

schemes1. ACK(end to end acknowledgement scheme)2. S-ACK(Secure ACK)

3. MRA(Misbehaviour Report Authentication)

04/09/23 21Dept. of ECE

1.1. ACKACKEnd-to-end acknowledgment

schemeBrings extremely low network

overheadTo preserve the life cycle of

battery Low network overhead Lom memory consumption

04/09/23 22Dept. of ECE

ACK schemeACK scheme

04/09/23 23Dept. of ECE

2.S-ACK2.S-ACKSecure ACKExtension of TWOACK with digital

signatureSwitch from ACK if S does not

receive any acknowledgement packet Detect misbehaving nodes by

sending S-ACK packetEvery three consecutive nodes work

in a group to detect misbehaving nodes

04/09/23 24Dept. of ECE

S-ACK schemeS-ACK scheme

Who is malicious?? F1,F2 OR F3???

04/09/23 25Dept. of ECE

NONE IS NONE IS MALICIOUS ..............MALICIOUS ..............Route is F1 F2 F3F1 sends S-ACK data packet to F3

via the route F2 F3Before sending F1 store # value of

data packet and sending timeF2 receives packet from F1 and

forward to F3F3 receives the data packet and

send S-ACK acknowledgement ◦Contain # value and digital signature of

F3

04/09/23 26Dept. of ECE

This S-ACKnowledgement is send back to the reverse route

F1 receives it and verify digital signature by computing with F3 public key.

If there is no malicious nodes ,then the received hash value ==original hash value

04/09/23 27Dept. of ECE

F1 IS MALICIOUSF1 IS MALICIOUS

•False misbehaviour attack •In EAACK,it initiates MRA scheme.

04/09/23 28Dept. of ECE

F2 IS MALICIOUSF2 IS MALICIOUS

•Digital signature of F3 is needed•Prevent forged acknowledgement

04/09/23 29Dept. of ECE

F3 IS MALICIOUSF3 IS MALICIOUS

•If F3 refuses to send back acknowledgementpackets, it will be marked as malicious

04/09/23 30Dept. of ECE

3.MRA 3.MRA Misbehaviour Report AuthenticationDesigned to resolve the false misbehaviour report

attackSuch attack can break the entire networkBasic idea - Authenticate whether the

destination node has received the reported missing packet

Alternate route is neededMRA packet is send via this alternate routeMRA packet contains the ID of the packet that

has been reported droppedDestination node search if there is a match

04/09/23 31Dept. of ECE

Continuation...Continuation...If there is match,the report is

fake and node ,whoever sends it, is marked as malicious

If there is no match,the report is trusted.

04/09/23 32Dept. of ECE

EAACK SCHEMEEAACK SCHEME

04/09/23 33Dept. of ECE

Performance EvaluationPerformance EvaluationPacket delivery ratio (PDR): Ratio of

the number of packets received by the destination node to the number of packets sent by the source node.

Routing overhead (RO): RO defines the ratio of the amount of routing-related transmissions.

04/09/23 34Dept. of ECE

Simulation configurationSimulation configurationScenario 1: Malicious nodes drop all

the packets that pass through it.Scenario 2: Set all malicious nodes to

send out false misbehavior report to the source node whenever it is possible

Scenario 3: Provide the malicious nodes the ability to forge acknowledgment packets.

04/09/23 35Dept. of ECE

04/09/2336Dept. of ECE

ADVANTAGESADVANTAGESSolves limited transmission power and

receiver collision problem.Capable of detecting misbehaviour attackEnsure authentication and packet integrityDigital signatures prevents the attack of

forge acknowledgement packets

04/09/23 37Dept. of ECE

FUTURE ENHANCEMENTFUTURE ENHANCEMENT Possibilities of adopting hybrid

cryptography techniques to further reduce the network overhead caused by digital signature.

Examine the possibilities of adopting a key exchange mechanism to eliminate the requirement of predistributed keys.

Testing the performance of EAACK in real network environment.

04/09/23 38Dept. of ECE

Conclusion Conclusion

EAACK makes MANETs more secure The major threats like false mis

behaviour report and forge acknowledgement can be detected by using this scheme.

04/09/23 39Dept. of ECE

REFERENCEREFERENCE

EAACK—A Secure Intrusion-Detection System for MANETs by Elhadi M. Shakshuki, Senior Member, IEEE, Nan Kang, and Tarek R. Sheltami, Member, IEEE

Detecting Misbehaving Nodes in Mobile Ad hoc Networks by Nan Kang

04/09/23 40Dept. of ECE

04/09/23 41Dept. of ECE

04/09/23 42Dept. of ECE