1) Security within Ad hoc Networks
What is Adhoc network ?
Definition Of Adhoc Network :
Is a network formed without any central administration which consists of mobile nodes that use wireless interface to send packet data.
Adhoc Network Lacks in Security due to :
Dynamic Topologies and Membership
A network topology of ad hoc network is very dynamic as mobility of nodes or membership of nodes is very random and rapid. This emphasizes the need for secure solutions to be dynamic.
Vulnerable wireless link
Passive/Active link attacks like eavesdropping, spoofing, denial of service, masquerading,
impersonation are possible
Roaming in dangerous environment
Any malicious node or misbehaving node can create hostile attack or deprive all other
nodes from providing any service.
The way Nodes operate in Adhoc Networks :
Before establishing secure communication link the node should be capable enough to identify another node. As a result node needs to provide his/her identity as well as associated credentials to another node. However delivered identity and credentials need to be authenticated and protected so that authenticity and integrity of delivered identity and credentials cannot be questioned by receiver node. Every node wants to be sure that delivered identity and credentials to recipient nodes are not compromised. Communication is directly between the nodes or through intermediate nodes acting as routers.
Ad hoc network was created :
The roots of Ad hoc networking can be traced as far as 1968 when work on the ALOHA network was initiated being a single-hop protocol – that is, it did not inherently support routing. Therefore every node had to be within reach of all other participating nodes.  Inspired by ALOHA, the DARPA (Defensive Advance Research Projects Agency)began work on PRNet project in 1972. The network nodes were mobile although mobility was limited although these advanced protocol was consider protocol was consider good for the 1970s. With the progress in time, advance in microelectronics technology have made it possible to integrate nodes and network devices into a single unit called Ad hoc Network. The first usage of Adhoc Networks centered on military tactical networks, satellite networks and wearable computer networks. By 1996 this concept was introduced to MANET (Mobile Adhoc Network) and MANET WG (working group) was developed by the end of 1997 to specify the standard interfaces and protocols for support of IP-based internet working over ad hoc networks.
Nowadays usage Of Adhoc Networks :
Adhoc Network is now playing an important role in civilian forums such as campus recreation, conferences, electronic classrooms.  Vehicles on a highway can create an ad hoc network for use in disseminating traffic information. They can operate as a pure ad hoc network inwhich an individual vehicle detects traffic events and initiates a broadcast to other vehicles.
Ad hoc Network Challenges over Traditional wired system and wired networks :
Adhoc MAC Protocols issues:
There are two main categories of Mac Protocols : Random Access Protocols and Controlled Access Protocol. Due to lack of an infrastructure and the peer-to-peer nature of adhoc networking, the Random Access Protocol is chosen where the nodes int compete with one and other to gain full access to the shared medium. A Mac protocol based on Random Access Protocol is CSMA/CA (Carrier Sense Multiple Access with collision avoidance) which was selected by the IEEE 802.11 Committee as the basis for tis standards due to it inherent flexibility and because it solves hidden and expose terminal problem through RTS-CTS-DATA-ACK handshake.
The optimization to improve the performance of adhoc MAC protocols includes algorithms to reduce mobile node energy consumption, like allowing nodes to sleep during idle period and in the incorporation of directional antenna.
Adhoc routing protocols :
Adhoc Routing protocols are typically subdivided into two main categories : Proactive (Table – Driven ) routing Protocols and Reactive (On-Demand) Routing Protocols. Proactive Routing causes substantial overhead affecting bandwidth utilization, throughput as well as power usage. The advantage of using such protocol is that the routes to any destination are already available but such protocols malfunction when the mobility rate in the network is high or when there are large number of nodes in the network.
On- Demand routing protocols are distinguished by a path discovery mechanism that is initiated when a source needs to communicate with a destination that it does not know how to reach. On-Demand protocol requires less over-head than table-driven routing; but I incurs a path discovery delay in whenever a new path is needed.
The difference between the two described routing mechanism is noted by the implementation of the path discovery mechanism and optimization offered.
In a Test performed by ericsson when comparing the two reactive routing, the reactive algorithms outperformed the proactive algorithm in terms of throughput and delay.
Multicasting is the transmission of datagrams to a group of zero or more hosts identified by a single destination address. Multicasting service is essential in applications where one-to-many dissemination is necessary. Multicast routing strategy optimization resource usage; this is seen to be as an important feature for energy-and-bandwidth-constrained networks as mobile ad hoc networks. Although multicasting in MANET is a more difficult issue due to host mobility, interference of wireless signals and the broadcast nature of wireless communication.
Although there is the conviction that ad hoc multicast routing technology is a relatively immature technology area and much of ad hoc unicast routing protocols have their multicast variants. There are three basic categories of Ad hoc multicast algorithms. The first , approach is to simply flood the network. The other two approaches are : source-based and core-based (group-shared).
Quality of Service(QOS)
Qos is needed for MANET to interconnect with wired networks that support QOS (e.g ATM, Internet, etc) and for real time applications. The Qos provisioning in ad hoc network is not dedicated to any specific layer rather it requires coordinated efforts from all layers.
Mobile devices rely on batteries for energy. Battery Power is finite and represents one of the greatest constraint in designing algorithms for mobile devices.
Definition of Availability: Availability means that services provided by a node continue to be provided irrespective of attacks. Availability ensures that communication should be available all the time resulting in  the survivability of the network as  this security service is challenged during denial-of service attacks, in which all nodes inside the network can be prone to be attacked and therefore some nodes may make unavailable some services, like routing protocol or key management service.
Worldwide, the industry has shown a tremendous interest in techniques that provide short-range wireless connectivity. In this context, Bluetooth technology is seen as the key component. The main purpose of the BlueTooth is to replace fixed infrastructure with low-cost radio chips. }
 Security Issues
Performing communication in free space and the broadcast nature of ad hoc networks expose it to security attacks. Security is often considered to be the major “roadblock” in commercial application of ad hoc network technology.  From a purely cryptographic point of view, ad hoc services do not imply “new” Problems. The requirements regarding authentication, confidentiality, and integrity or non-repudiation are the same as for many others public communication networks. However in a wireless adhoc network , trust is the is a central problem.
Ad hoc Networks is insecure by its nature: there are no restrictions because of its liberty for the nodes to join, remain or leave inside a network; some of the nodes can contain malicious data which will eventually compromise the network. An additional issue is the lack of centralized system which will cause eventual problem if centralizes system is needed. Further problems are the restricted power supply can cause selfish problems and the continuous change in network will increase the scalability of protocols and services in mobile ad hoc networks.
To limit and to offer the first restrictions five security services can be implemented as stated in ISO 7498-2 : Authentication, Access Control, Data Confidentiality, Data Integrity and Non-repudiation. If these 5 security services are not implemented in the network that there is a high probability of inducing a security threat in the system.
Definition of Authentication :ensures that parties in communication with each other are genuine and not impersonators. It is necessary for the communication participants to prove their identities as what they have claimed using some techniques so as to ensure the authenticity.  In wired networks and infrastructure-based wireless networks, it is possible to implement a central authority at a point such as a router, base station, or access station. But there is no central authority in MANET, and it is more difficult to authenticate an entity. If no authentication is provided  the malicious attacker could perform impersonation attacks, divert traffic to arbitrary destinations or even scramble the routing fabric so that connectivity is severely broken in the ad hoc network.  In the case for two-party communication, data authentication can be achieved through a purely symmetric mechanism : the sender and the receiver share a secret key to compute the message authentication code (MAC) of all communicated data.
Access Control Definition Of Access Control : the way the nodes log into the networking system to be able to communicate with other nodes when initially entering the network.  Access control is tied to authentication services. In general is the most commonly of service in both network communications and individual computer systems.  There are various approaches to access control: Discretionary Access Control (DAC) offers means for defining the access control to the users themselves , Mandatory Access Control (MAC) involves centralized mechanisms to control access to objects with a formal authorization policy, Role Based Access Control (RBAC) applies the concept of roles within the subjects and objects.
Confidentiality : Definition of Confidentiality : means that certain information is only accessible to those who have been authorized to access it .To maintain the confidentiality of some confidential information, we need to keep them secret from all entities that do not have the privilege to access them.  MANET uses an open medium, so usually all nodes within the direct transmission range can obtain the data.  If confidentiality of the routing information is threatened, the adversary could be able to identify or locate nodes by eavesdropping the routing traffic they send and forward. Techniques to keep data confidential are: Encryption and directional antennas.
 Definition of Integrity : Integrity guarantees the identity of the message or packet being delivered has not been modified in transit or otherwise, and what has been received is what was originally sent. Without any integrity protection the malicious attacker can be able to kill messages, edit packet headers or even generate false traffic so that actions can be distinguished from hardware or network failure. This automatic generated traffic by malicious user is another form of attack which involves resending of data, which is called replay attack.  Integrity can be compromised in two ways: Malicious altering, Accidental Altering.
Non-repudiation Definition of Non-repudiation : means that the sender of a message cannot later deny sending the information and the receiver cannot deny the reception. Is useful especially when we need to discriminate if a node with some abnormal behaviour is compromised or not. This is done by  by producing a signature for the message, the entity cannot later deny the message. In public key cryptography a node A signs the message using its private key. All other nodes can verify the signed message by using A's public key, and A Cannot deny that it s signature is attached to the message.
The characteristics mentioned in I1.2 make MANET more susceptible to attacks within the network when compared to other forms of wireless networks. As stated by  “Network attack is similar to playing chess. It is an intelligent game between hackers and warriors in the cyberspace”. Mobile Ad hoc Network Attacks fall under a categorized group composed of different features , figure 1.2.
 In passive attacks, attackers don't disrupt the operation of routing protocol but only attempt to discover valuable information by listening to the routing traffic. Therefore  Passive Attacks are launched to steal valuable information in the targeted networks.  Furthermore, routing information can reveal relationships between nodes or disclosure their IP addresses. If a route to a particular node is requested more often than other nodes, the attacker might expect that the node is important for the functioning of the network and disabling it could bring the entire network down. Examples of Passive Attacks are Eavesdropping and traffic analysis attacks.
This is the most common attack to privacy. The main aim of using such attack is to achieve confidential information that should be remain secret during transmission of data. Such information can include location, public key, private key , passwords and other security technique that could be used. The adversary discovers the content of data transmitted by listening to the data. ”When the traffic conveys the control information about the sensor network configuration, which contains potentially more detailed information than accessible through the location server, the eavesdropping can act effectively against the privacy protection”.
In traffic analysis attacks, the adversary will be able to monitor certain transmission by matching a message sender with the recipient and therefore compromise it. This is done as with the traffic analysis technique, the attacker will known the location of the node, or even the structure of the network.
On the contrary of passive attacks , active attacks are more easily detected. This happens as active attacks actively change data transmitted with intention of creating difficulties in sending data. Alterations are done by overloading the network or breaking existing paths between network nodes.  So in active attacks the malicious attacker can be able to delete messages, inject erroneous messages, to modify messages, and to impersonate a node, thus violating availability, integrity, authentication, and non-repudiation (these and other security needs discussed earlier in section ____ ). The active attacks are furthermore categorized into four layers and one general type. On the OSI/ISO model each layer is designed to execute a specific task , making each layer vulnerable to attacks.
The application in  is described as the “applications need to be designed to handle frequent disconnection and reconnection with peer applications as well as widely varying delay and packet loss characteristic”. The main function of the application layer is to contain user data, and it normally supports protocols such as HTTP (Hypertext Transfer Protocol), SMTP (Simple Mail Transfer Protocol) and FTP (File Transfer Protocol). At this layer malicious code and attacks will often be the resultant of viruses, worms and repudiation.
Mobile virus and Worm Attacks
Malicious code is primarily spread over the internet. So there are mainly 2 techniques by which a worm can discover new routes in the network: IP address scanning and loophole of the system. The first technique is used to generate probe packets to UDP/TCP ports with different IP addresses. The matching hosts receive a copy of the worm, therefore getting infected. Example of scanning Worm is : Code Red[Cryptography and network security........]. The second technique uses a loophole of the system. This can be shown by Worm Blaster and Worm Sasser which both use different loophole. As stated by  Blaster needs a secondary channel in order to inject an infection. TFTP (trivial transfer Protocol) is utilized by the Blaster for connecting the infected machine to download the worm. This completes the infection process. Worm Sasser[http://it.slashdot.org/article.pl?sid=04/05/01/1618224
] exploits machines through a documented flaw in LSASS( Local Security Authority Subsystem Service)
 In installing firewalls and encrypting packets do not solve authentication or non-repudiation problems in general. So Repudiation attack is mainly an authentication problem which is applied in systems where a network node refuses to participate in all or part of a transaction.  An example that could be illustrated shows a selfish person that could be denied in credit card purchase or operating on any online transaction. These examples show how repudiation attack can operate in a commercial system.
[Transportlayerdef] The transport layer main task is to exchange messages on end-to-end basis using secured routes defined at higher layers. Other missions are to provide flow control, congestion control and setting up of end-to-end connection.  The transport layers must be also able to handle delay and packet loss which differentiate from wired networks. The two main attacks involved in such layer are SYN Flooding and TCP hijacking.
SYN Flood is DOS (Denial-of-service) attack which affects hosts that run on TCP processes. The goal of this attack is to take advantage of the state of The TCP by causing a host to retain enough half connection to impend the establishment of new ones. Therefore an overloading will cause these servers to limit and then quit in responding requests to open new connections.  SYN flooding uses the three-way handshake mechanism in a TCP/IP. 3 steps are needed to perform such attack. Firstly the server receives a SYN request, and then it sends an SYN/ACK packet to client. Secondly the packet is acknowledged by the client, leaving the connection half open for a period of 75 seconds (Default TCP connection timeout)  This system will cause the backlog to be full so that no new connection can connect to the server.  Thirdly the SYN request is spoofed, meaning the victim server will receive the ACK packet to complete the three-way handshake. . In order to make such attack less recognizable, the SYN's are routed to random ports and spoofed addresses are changed. As stated by  spoofing is performed to “addresses of unreachable hosts is that if the hosts were reachable, they would be able respond to the victim's SYN/ACK.” The response for SYN/ACK would be a reset signal as the host didn't sent the SYNs'. This will cause the server to eliminate connections.
TCP Session hijacking
This type of attack was implemented to create interference between pre-existing TCP connections by injecting malicious data. This attack involves in pretending of being one of these communication entities, so that the commands provided will be processed by one of the authenticated host.  The process of doing such attack involves mainly two steps: Firstly the attacker injects the malicious data, and the receiver (Node A) acknowledges it by sending an ACK packet to Node B. As imagined the latter packet will not include the sequence number that Node B requires. The second step involves in Node B trying to synchronize the TCP session with Node A by sending an ACK packet that was initially expecting. This cycle continues until an ACK storm is created.
 In UDP session hijacking, packet are not sequenced and synchronized like in TCP. So attackers will not take care about managing sequence numbers and the other TCP mechanisms.
TCP ack storm diagram
 The network layer provides the most critical service in mobile ad hoc networking, routing protocol. A numerous number of routing protocols were introduced but most of them lacked in security holes making this layer vulnerable to attacks.  For this reasons a network layer protocol designed for Mobile Ad hoc Networks must be based on connectivity and security requirements to guarantee flawless operations in higher layers.  In additional network layer is responsible to integrate with wired networks in performing certain functions like auto-configuration.
Adhoc routing protocols :
Adhoc Routing protocols are typically classified into two main categories : Proactive (Table – Driven ) routing Protocols and Reactive (On-Demand) Routing Protocols. Proactive Routing causes substantial overhead affecting bandwidth utilization, throughput as well as power usage. The advantage of using such protocol is that the routes to any destination are pre-defined but such protocols malfunction when the mobility rate in the network is high or when there are large number of nodes in the network.
On- Demand routing protocols are distinguished by a path discovery mechanism that is initiated when a source needs to communicate with a destination that it does not know how to reach. On-Demand protocol requires less over-head than table-driven routing; but it needs a path discovery delay ever time a new path is required.
The difference between the two described routing mechanisms is shown by the path discovery mechanism and optimization offered.
Proactive Routing Protocols
The Proactive Routing Protocols mainly used are : DSDV ( Destination-Sequenced Distance-Vector) and OLSR ( Optimized link State Routing ).
DSDV is a table-driven routing protocol structured on the Bellman-Ford Algorithm. DSDV Protocol is implemented in MANET by showing that each node acts as a router. Each node must create and maintain a table which holds all possible destination nodes in the network. This table should consist of the address identifier of a destination and the shortest path available to the destination node. Each router transmits update to the routing table to be consistently informed if any changes happen.
OLSR is table-driven protocol specified design for mobile ad hoc networks. OLSR utilizes flooding mechanism for transmitting link-state information but it only transmits a part of the link-state to all nodes in the network. Mainly  three operations are set up in these protocols which are: Neighbor sensing, distribution of signaling traffic and distribution of topological information. By these operation HELLO messages are deployed and TCP messages which are implemented for exchanging topology information.
Reactive Routing Protocol
The routing protocols used in reactive are: DSR (Dynamic Source Routing) and AODV.
DSR consists of having a route path of all the addresses that are present in the network.  In DSR the packet will know path it will traverse before the actual transmission is made. These routes are all stored in a routing cache called routing table. This is implemented by broadcasting a route request packets which injects the packet's address identifier to the routing table. This is called the route discovery process.
Attacks Against Routing
 Routing is one of the most important service, therefore making it the main target by the attackers to compromise. In MANET , Routing attacks can be of 2 types : attacks on routing protocols and attacks on packet discover/maintenance/forwarding phase .
Attacks at the routing discover phase : Proactive routing such as OLSR ( Optimized link state routing protocol) try to create pre-advanced paths of networks in MANET.  A source node when it needs to be routed in a destination, has either to search the entire network or find a node which aids it to find the final destination. “Many of the proposed protocols for ad hoc networks, perform a flood-based route discovery, whereby a route request (RREQ) packet is flooded across the network, possibly using an expanding ring to search to “grow” the flood until the destination is found”. This type of search can be called Omni-direction as since the source node isn't able to identify the destination than the flood cannot be in either direction. Attacks at this phase can be of 2 types: Routing table Overflow and Routing cache poisoning which are able to damage the Proactive routing protocols.
Routing table Overflow
 A malicious node tries to advertise routes which contain non-existed nodes, to authorized nodes present in the network configuration. The goal of such attack is to create overflow in the routing table and denying the creation of entries to endorsed nodes. Such attacks is applied when routing protocol is proactive.
Routing cache poisoning
Routing cache poisoning attacks aims to target the routing cache of nodes by misquoting the corrects routes within Mobile Ad hoc Network.  This attacks happens when reactive routing protocol is implemented.
Attacks at the routing maintenance phase
This type of attacks involves the broadcast the false control error messages that targets to misquote the route updates. If any node moves along an active path, the upstream nodes of the broken link attempt to broadcast a route error message to all neighbors. At this point attackers try to take advantage of the situation by injecting false route error messages in the network.
Attacks at data forwarding phase
 In this kind of attacks the nodes participates actively in both routing protocol discovery and maintenance phases without any tribulations. Any illegal activity is discovered at the stage of forwarding the data. This occurs as adversaries contribute by dropping packets, in modification of contents of the packet, replay packets, flood packets or delay time-sensitive data packets.
Location Disclosure attack
 Definition : “A location disclosure attack can reveal something about the locations of nodes or the structure of the network.”  This attacks targets the privacy requirements of a mobile ad hoc network by using several techniques like traffic analysis or simpler probing and traffic monitoring, to find the position of the node.  This kind of attacks is valid when a defined limit hop values are set on the sending routing messages. These messages generate Internet Control Message Protocol (ICMP) error-messages that show the addresses of such devices.
Sleep Deprivation Attack
 Usually, thus attack is most specific on mobile Ad hoc Networks aiming in draining off limited resources like a battery life in a Mobile. Typically battery power is tried to be conserved and only used when it is essentially required.  The attack goals is to create a state of constantly generating unnecessary requests not allowing the battery to have an idle or power preserving state. The request involved can be : Route Request(RREQ), Route Replies(RREP) or Route Error (RERR).
 In a sinkhole attack an adversary uses the faults in a routing protocol to catch the attraction of traffic form a specific area.  Therefore since Sinkhole is the basis of other attacks like eavesdropping or data modification.  This attack can be implemented by using an AODV which flaws in maximizing the sequence number or minimizing the hop count. An illusion is made as the path activated appears to be the best routing path for the nodes to initiate communication. A more aggravating problem will be issued if a centralized infrastructure would have been chosen as by impersonating the malicious node could get access to the core part of data flowing.
 Sybil attack happens when not only malicious node can impersonate a node, but can take the identity of a number of nodes. Since mobile ad hoc networks depend on communication between nodes than it is more difficult to destroy the integrity of information. ” In this scenario the effectiveness of these measures is significantly degraded “The attacker can do two things that can compromise the network. Firstly it may get access to fragmented pieces of information and secondly it can change all packets in the same transmission so that the destination node isn't able to identify any alteration in the packets anymore.
 Rushing attack is a reactive Routing protocol based on the Dynamic Source Routing Protocol. In rushing Attack malicious nodes tries to inject Route Requests packet in order to change the node list. This will aid in hastening the packet to the next node. As instructed by DSR only one RREQ packet is routed per request. So adversary can route all the packets if RREQ manages to accomplish the next node before any adjacent nodes can.
 Byzantine attack is composed of having compromised nodes being in command of authenticated devices and be able to fail the network. This attack is carried out by “creating routing loops, forwarding packets through non-optimal paths , or selectively dropping packets, which results in disruption or degradation of the routing services”.
Black Hole Attack
 In this attack the malicious node uses Routing protocols like AODV, to show them in having a legitimate route to the destination node, even though the route demonstrated is fake.[Security for wireless handbook] This advertisement is shown as having the shortest path to the node in order to communicate. As illustrate by [Attacks on MANET], in AODV, the adversary can sent a false RREP (route Replay) to the source node, despite the fact it has an available route to the destination node. This will eventually force the source node to choose the route passed from the attacker. At this point the attacker would have the control of all traffic, which the attacker can make an illegitimate use of it.
Another misuse that can generated by black hole attack , the attacker consumes the intercepted packets without forwarding.
Worm Hole Attack
Wormhole Attack states  that “a malicious node uses a path outside the network to route messages to another compromised node at some other location in the net”. By interacting with the external world, the source node could initiate a route discovery mechanism which will launch interception attacks.  As an example an attacker node A, tries to start communication by sending packets to node B. This latter node sends the traffic back to the origin node, A. Diagram __ shows the connectivity between the nodes over a wormhole link. [Attack on MANET] Like in black hole attacks the node can broadcast an RREQ or RREP to find a route available to the destination node. Unlike in black hole attack where one attacker is involved, in warm hole attack multiple malicious nodes are employed to threaten the neighboring node.
Data Link Layer
 The Link layer is present in the ISO/OSI stack to reduce collisions, allow authorized access and semi-reliable transport data through wireless links. Mobile ad hoc Network is an open multipoint peer-to-peer network architecture in which the data link layer protocols ensure the sustainability of one-hop connectivity among neighbors. Therefore the most 2 common protocols used at this layer : MAC and WEP are also vulnerable to attacks being introduced. Such attacks would stop the nodes from access or initiate specific services.
MAC Layer Attacks
The Practical usage of such protocol is to distribute contention resolution mechanism for sharing through wireless.  Problems occurs when one of the nodes available in the network is selfish. At this presence the data link layer tries to keep a maximum throughput resulting in having the channel always busy. Eventually this scenario will lead to Denial Of Service attack. The main strategy used by attackers is to use several mechanisms to modify the rules of the MAC Layer. These include the manipulation of the size of the Network Allocation Vector (NAV), assigning large idle time periods to neighbors, reducing the size of interframe Spaces and the selection of small backoff values.
WEP in  is defined as a “privacy protocol specified in IEEE 802.11 to provide wireless LAN users protection against casual eavesdropping”. WEP provides security by starting encrypting each 802.11 packet with a RC4 cipher stream produced by a 64 bit RC4 key. This type of key is made up of 24 bit initialization vector (IV) and a 40 bit WEP key. As shown clearly in  WEP has major design flaws completely broken in 2001. This paper shows that an attacker can posses the secret key of a network by only a means of a laptop in 1-2 hours. Nowadays it is possible to obtain a key in just only 60 seconds. Several attacks can be generated by WEP with most common being FMS attack, KoreK attack and ChopChop attack.
FMS attack consists of having an attacker who analyzes traffic passively recording encrypted packets including the initialization vectors utilized by these packets. Since the initialization vector transmitted is unprotected, there the malicious attacker will be able to identify the first 3 bytes of each packet delivered.
The Chopchop attacks allow the adversary to decrypt the last bytes of plaintext of an encrypted packet by sending a several packets to the network.
In KoreK Attack a person is capable to implement an advanced WEP cracking tool into the system.