Evaluation of security of routing protocols in ad hoc networks against worm tunnel attack

Dissertation for receiving a Master's Degree (M.Sc

Computer Engineering (Software Orientation)

Abstract

     With the developments in networks and communication technologies, wireless networks are used more. Among them, we can refer to ad hoc networks. Due to the many applications of these networks, the need for security is very important for their proper functioning. One One of the problems that threatens the security of routing in these networks is the tunnel worm attack, which was taken from the physics theory of John Wheeler (an American physicist) in 1957. This attack is a serious threat against the routing of case networks by creating a virtual private tunnel, and as a result, they connect two non-adjacent nodes Much of the path is traveled without increasing the amount of steps and the package reaches the destination with only two steps, and this path is definitely chosen as the shortest path in this research. We have studied the various proposed protocols to deal with the tunnel worm. Based on the simulation results, the throughput of the OLSR protocol is higher than AODV, and the throughput has increased with the increase in the number of nodes and the density of the network. The delay in AODV is higher due to the sender's waiting to receive a response from the receiver, and in the network under attack, we have a sudden increase in delay, which is a sign of packet transmission from the created tunnel. In OLSR, the delay increase from normal to under attack is very small. Therefore, the OLSR protocol is proposed to deal with the tunnel worm in ad hoc networks.

Key words: ad hoc networks, routing, security, tunnel worm attack, throughput

Chapter 1

Ad hoc networks and types of security attacks

in these networks

Ad hoc networks [1]

With the advancements in networking and communication technologies, portable wireless devices are found in most of our activities. Most people use laptop computers, desktops, and devices that utilize mobile technology. Among these wireless networks, case networks can be mentioned. Ad hoc networks are networks made up of wireless hosts connected by wireless links. These networks do not require the use of fixed and prefabricated infrastructures such as central station [2], router [3] and switch [4], but only a number of wireless nodes that connect to non-neighboring nodes with the help of communication with neighboring nodes. The routing operations in these networks are performed by the nodes themselves, and in fact, each node acts as a router and forwards data packets for other nodes in the network.[1] In these networks, the network may experience topology changes quickly and unpredictably. Due to the ease and speed of implementing these networks, as well as not depending on pre-made structures, they have many applications such as connecting laptops to each other, military environments and remote control of battles, search and rescue operations to restore and obtain information in unexpected incidents. Maintaining and updating routing information requires security. In fact, security is a necessary condition for the proper functioning of the network, and without it, there is no guarantee for the correct performance of actions, and attackers can easily penetrate the network and disrupt its integrity. [2] In this research, while examining the types of attacks and protocols to deal with the tunnel worm, we have simulated these protocols and based on the results, we introduce the protocol that has the highest throughput and the lowest delay as the most secure protocol. External[5] and internal attacks[6]. External attacks are attacks carried out by one or more nodes outside the network, and most security measures are applied against such attacks.Internal attacks are attacks that are carried out by authorized nodes inside the network, and it is usually difficult to prevent them. From another point of view, the attacks are divided into two categories: active [7] and passive [8]. But in active attacks, the adversary, in addition to eavesdropping on data, can change them to his advantage. The next view is in terms of the layers that are attacked, that is, the attack can take place on the physical, data link, network, and application layers. There are other types of attacks such as non-participation in routing operations or disconnection, which lead to denial of service attacks, and the only way to prevent them is to find the hostile node. Another attack is the spoofing attack, where a hostile node can impersonate itself instead of a legitimate node. Another type of attack is denial of service attack. In this type of attack, the attacker injects a large number of worthless packets into the network, which consume a large part of the network resources. [3] Two other types of attacks are: routing failure attack [9] and routing consumption attack [10]. In the routing failure attack, the attacker tries to send his packets as an authorized packet on the network so that they are spent in ineffective ways, in the routing consumption attack, the attacker tries to consume the bandwidth or memory and computing power of the node by sending an unauthorized packet. Another type of attack is the attack [11], in the route discovery operation, the attacking node sends its request much faster than the authorized node, and its packet will be accepted with a higher probability. The attacker can build a path in which he himself exists with a high probability.

Some attacks are specific to ad hoc networks, such as tunnel worm attacks[12]. Tunnelworm is derived from a physics theory proposed by John Wheeler (American physicist) in 1957. This attack is considered as a sophisticated attack in which two active attackers short-circuit the normal flow of messages by creating a virtual private tunnel, thereby making two non-adjacent nodes neighbors. A tunnel worm attack can pose a serious threat to the routing of case networks. In fact, it can be said that this attack is a topological spatio-temporal property that is a shortcut between time and space. As a result of this attack, a large amount of the path is covered by this private network without increasing the step value [13], and the packet reaches the destination with only two steps, and this path is definitely chosen as the shortest path. A tunnel worm is a hypothetical shortcut that connects distant areas and two adversarial nodes create an illusion in which two distant areas are connected by nodes in such a way that they appear to be neighbors but are actually at a distance from each other. The route, which we call RREQ[14] for short, broadcasts in the network, and every intermediate node that hears it for the first time re-broadcasts it in the network.

Route response phase: As soon as it receives an RREQ message, the destination sends the route response packet in the opposite direction to the source. The route response packet is abbreviated as RREP [15].

Tunnel worm attack severely affects the routing operation in the network. For example, as shown in the figure below, if the hostile node C transmits the route request packets of S to the destination of one of the nodes J, D, H, A, through its high-speed link with K, the target nodes of the node will think that node K is in their neighborhood or just one step away from them. Therefore, the packet is transmitted through the tunnel created between node C and node K.

Tunnelworm attacks and its types:

Tunnelworm attack using encapsulation [16]: according to the figure on the next page, X and Y are two hostile nodes, when node A sends the route request packet, the packet reaches node X.

Node X creates a virtual container between itself and the next hostile node, which is Y in this case, and transfers the packet inside this container. After receiving the packet in Y, node Y directs the packet to destination B. The point is that due to the closed enclosure, the step length does not increase when passing through the u-v-w-z nodes.