Advanced Networking & Security

1. Introduction

As technology continues to develop, computers are further integrated in to everything we

interact with; such as medical devices, home appliances and vehicles. These devices often
communicate through ad hoc networks. Due to the nature of ad hoc networks, there are multiple
routing protocols and communication methods available and security is not often at the forefront
of these network designs. This paper will discuss the potential security issues these networks face,
and examine a simulation in which one of these networks is attacked and shut down completely.
 The advantages of ad ad hoc are it’s ease of establishment, being able to function without
infrastructure of and a dynamic topology, though implementation can vary, including: no central
control, limited resources, mobility or custom routing protocols. Each feature has it’s own
potential security flaw. As noted in an example by Yau and Mitchell, 2003, an ad hoc network
with limited resources may not be able to implement standard routing protocols, and must run a
custom protocol which may not have sufficient security rules in place.

2. Literature Review
2.1 - Ad Hoc Security overview

Recent literature suggests that security is not typically examined when building an ad hoc
network. Consequently it has become a key concern to provide protected communication between
nodes. Different mechanisms can be employed to provide the necessary security requirements,
commonly authentication, access control and digital signatures (Mlandenovic and Jovanovic,
2012). Alternatively, preventative methods such as encryption, symmetric and asymmetric, can
improve the integrity of data during its transmission on an ad hoc network. Threshold encryption
can hide data by dividing it in to smaller parts (Wu, Chen, Wu and Cardei, 2006). With this in
mind, understanding the types of attacks that can be performed and what security measures can be
implemented will be key in building an ad hoc network that ensures confidentiality, reliability and
integrity of user data.

The threat model for ad hoc networks is not characteristic to ad hoc, as they can also be
performed on wired networks. They can include routing, internal and external threats (Derveloy,
2012). This helps to further understand the requirements of ad hoc security, as known preventative
measures can be applied.

Research has suggested that despite the aforementioned mechanisms, ad hoc ease of
establishment and use is also its biggest disadvantage regarding security. There are many attacks
available, including routing protocols and nodes in routing process (Mlandenovic and Jovanovic,
2012).

Evidence suggests that ad hoc networks are reliant on the resources available in each node.
As mobile devices, energy is often stored in batteries which can be drained on the maintenance of
the network, excess routing and the transfer of information. Knowing this, any attack on the
network is an attack on its resources (Djenouri, Khelladi and Badache, 2005).

‘Active attacks’ are attacks that cause energy expenditure to remove the threat of attacks,
prevent anomalies in standard network (external attack) operation or requires the a node that’s
disturbing work which endangers the network to use energy to attack the rest of the network
(internal attack). Active attacks can change, destroy or generate data that’s transferred through the
network, disturbing normal node operation. External attacks can be protected through typical
mechanisms such as firewalls, application security and encryption. Internal attacks start through
authorised nodes that have been compromised (Mlandenovic and Jovanovic).

Similarly, ‘passive attacks’ are attacks that do not require the expenditure of energy of nodes
on a network. Passive external and internal attacks do not disturb the network, rather unauthorized
monitoring of data without changing it by targeting the data link and physical layers. These attacks
can be prevented through encryption and protective network protocols (Sanzgiri et al, 2002).

Understanding how passive and active attacks disturb ad hoc networks will assist in building
a simulation and how they can impact real-world operation. For example, if a vehicle is subject to
a passive attack, information such as common travel routes and confidential phonecalls can be
gathered which can be used to gather further information on a victim for more malicious attacks,
or in an attempt to gain a ransom.

2.2 - Threat Model

Routing Threats (P. W. Yau and C. J. Mitchell, 2003)

When it comes to the confidentiality of data with regards to routing threats, the primary threat
is towards the “privacy of routing data itself”. Should routing data be compromised, further
information can be gathered such as the network topology or geographical location, leading to
additional threats.

Integrity of such data relies on the networks routing information accuracy. Potential attacks,
as noted in 2.1 can include altering existing routing data; or including new, yet incorrect routing
information.

Further to this, the availability of ad hoc networks refers to the nodes having on-demand
access to routing information at all times. Routing operations and security protocols should not
interrupt or interfere with nodes obtaining data.
P. W. Yau and C. J. Mitchell finally discuss the enforcement of accountability of network
nodes, should the security protocols be unable to prevent an attack, it should be able to detect it.
With this in mind, actions should be logged so allow appropriate reactionary action to be taken.

With this in mind, when creating the simulation, it should provide information on the origin
of the infection and how it has spreading. Whilst the simulation will lack the capability to take
reactionary action, preventative actions can be prepared in advance for a real-world attack - such
as disconnecting devices that are not yet under attack to continue operating.

2.3 - Example attack

Modification attacks (Sanzgiri et al, 2002)

These are active attacks that change, inserts or deletes data in an unauthorized fashion,
represented to a node as legitimate. Research shows that most ad hoc routing protocols use a ‘hop
counter’ parameter to determine the shortest route to a target, allowing malicious code to set false
hop counts or false route sequence. By redirecting network traffic, a Denial of Service attack can
be performed through communication delay or energy waste.

The above screenshot (Sanzgiri et al, 2002) shows a malicious node [1] that can send
messages to other nodes on the network. By claiming the shortest route between [c] and [d] is
fastest by passing through [1] rather than [b], [1] is able to take over the session and create
communication delay and energy expenditure.

Sanzgiri et al, 2002, also demonstrates another possibility - network communication

interruption. The above screenshot illustrates the shortest route between [c] and [d] passes through
the malicious node [1]. In the event that a session between [c] and [d] is in progress, and that [c]
has a route to [d] in it’s cache [c - e - a - 1 - b - f - d], when the packet reaches node [1], the source
route may be changed by removing [f] and forwarding it to [b]. Once [b] receives the packet of
data, it will attempt to forward it directly to [d], but will fail due to them not being in direct range
and unable to communicate.
 Following research laid out by Sanzgiri et al (2002), modifying data can be extremely
damaging to an ad hoc network, using their illustrations and gaining greater understanding of
modification attacks in an ad hoc network, an accurate simulation can be developed that clearly
illustrates this.

3. NetLogo Implementation

The NetLogo design is intended to simulate a virus spreading across the network. This should
include nodes that can become immune from infection, infected, not infected and offline. The
simulation should demonstrate a denial of service attack, as it infects each node and provides a
time until recovery as well as immunity from an attack.

It has been implemented to display a small-medium sized ad-hoc network, with multiple
devices linked to each other. Using a spatially clustered network, the simulation is capable of
linking nodes that the infection can spread across as shown in the below screenshot.

The design displays nodes, which nodes are not infected, infected and immune. The infection
spreads to connected devices and are on a timer before they become immune. Further iterations of
the design will display data travelling across the network, which can provide a simulation of a
modification attack - which this simulation is loosely based on.

Continued development will also provide additional methods to protect nodes, as it is

currently limited. In it’s current state, the simulation accurately displays how a network can be
infected by a DDOS attacks, with nodes regularly becoming infected, immune and infected again.