SECURITY ISSUES IN WIRELESS

NETWORKS

November 13, 2010

 Abstract

Wireless Mesh Network (WMN) is a new wireless networking paradigm. Un-

like traditional wireless networks, WMNs do not rely on any fixed infrastructure.
Instead, hosts rely on each other to keep the network connected. Wireless In-
ternet service providers are choosing WMNs to offer Internet connectivity, as it
allows a fast, easy and inexpensive network deployment. Wireless Mesh Net-
works have several constraints like limitation in resource and source mobility
that causes security in these networks to pose as a big challenge. One major
challenge in the design of these networks is their vulnerability to security at-
tacks. In this seminar, we discuss the principal security issues for WMNs. We
explore and analyze the threats that WMNs are prone to. We emphasize on the
attacks in the MAC layer and Network layer.
0.1 Introduction
Wireless Mesh Networks (WMNs) represent a good solution to providing
wireless Internet connectivity in a sizable geographic area; this new and promis-
ing paradigm allows network deployment at a much lower cost than with classic
wireless networks. In WMNs, it is possible to cover the same area, as compared
to WiFi, with less wireless routers, which makes the use of WMNs a compelling
economical case; WMNs are thus suitable for areas that do not have existing
data cabling or for the deployment of a temporary wireless network.
WMN has been a field of active research in recent years. However, most of the
research has been focused around various protocols for multi hop routing leaving
the area of security mostly unexplored. At the same time, new applications of
WMNs introduce a need for strong privacy protection and security mechanisms.
In this seminar, first, in section 2, we look at the some of the security chal-
lenges that Wireless Mesh Networks poses because of some constraints like CPU,
Battery, Mobility and Bandwidth. In section 3, we will discuss the basic high
level security issues that every network has; such as availability, authenticity,
integrity and confidentiality. In sections 4.5 and 6, we will discuss potential at-
tacks in WMNs, attacks on the MAC (Media Access Control) layer and attacks
on the Network layer respectively.

0.2 Constraints and Security Challenges

0.2.1 Constraints
There are four main constraints in wireless mesh network or in any system
which has mobile clients such as PDAs, cell-phones etc.

0.2.2 CPU
Large computations on the end nodes are slow, as computing power of the
processor is small.

0.2.3 Battery
Total energy resource is very limited and it is not desirable to use the device for
large computations and transmissions.

0.2.4 Mobility
Nodes can be mobile, which can produce latency in the convergence of the
network.

0.2.5 Bandwidth
Bandwidth in amongst the mobile nodes is also limited.

1
 Because of these constraints WMNs poses challenges in achieving security
goals like wireless links in WMNs make it prone to active attacks, passive at-
tacks and message distortion. In WMNs, passive attacks would compromise
confidentiality and active attacks would result in violating availability, integrity,
authentication, and non-repudiation.

0.3 Security Challenges

Some more critical security challenges are

0.3.1 Detecting the Corrupted Nodes.

For a WMN it is critical to identify the compromised nodes within it. First
of all, the physical protection of the node is crucial. Then there is a possible
attack by the removal or replacement of a node. The second would be a passive
attack on a node, which is very much difficult to identify. In the third case, the
attacker might change the internal state of the node for attacking the routing
algorithm etc.

0.3.2 Multi-Hop Routing.

The routing mechanism in WMN needs to be secured. The attacker can affect
the routing mechanism and the functionality of the WMN by inserting false
routing messages. To alter the routing mechanism, the attacker may temper
with the routing messages, modify the state of one of the nodes, use replicated
nodes and/or perform DoS attacks.

0.4 Security Issues

High-level security issues for WMNs are basically identical to security re-
quirements for any other communication system, and include following attributes:

0.4.1 Availability.
Availability ensures the survivability of network services despite attacks. The
availability in a WMN can be compromised by the following ways.

0.4.2 Signal Jamming.

On the physical and media access control layers, an attacker can attack on avail-
ability of the network by employing jamming to interface with communication
on physical channel.

2
0.4.3 Denial of Service (DoS)
. A DoS attack can be launched at any layer of wireless mesh network. There
are many ways of instigating a DoS. A common technique is to flood the target
system with requests. The target system becomes so overwhelmed by the request
that it could not process normal traffic. In a mesh network, DoS attack can be
launched either externally or by a compromised node (internally).

0.4.4 Battery Exhaustion.

Battery life is the most critical parameter for many nodes in a wireless mesh
network. Battery exhaustion attack also known as ’sleep deprivation attack’ is a
real threat and is more hazardous than simple denial of service attacks. Attack
on CPU computation may deny the availability of the service while battery
exhaustion can disable the victim node.

0.5 Authenticity
Authenticity enables a node to ensure the identity of the peer node it is
communicating with. Without authenticity, an adversary could masquerade a
node, thus gaining unauthorized access to resources and sensitive information
and interfering with the operation of other nodes.

0.6 Integrity
The concept of integrity ensures that the contents of data or correspondences
are preserved intact through the transfer from sender to receiver. Integrity
embodies the guarantee that a message sent is the message received, that is,
it was not altered either intentionally or unintentionally during transmission.
Attack on Integrity is usually done in two ways: by the intentional alteration
of the data for vandalism or revenge or by the unintentional alteration of the
data caused by operator input, computer system, or faulty application errors.
The usual mechanism, to ensure integrity of data, is using hash functions and
message digestion.

0.7 Confidentiality
The concept of confidentiality is the assurance that sensitive data is being
accessed and viewed only by those who are authorized to see it. Whether the
data contains trade secrets for commercial business, secret classified government
information, or private medical or financial records, confidentiality implies that
data is protected from breaches from unauthorized persons and the damage
that would be done to the organization, person, and governmental body by
such breaches. For confidentiality, authenticity needs to be implemented first.

3
It is pointless to attempt to protect the secrecy of a communication without
first ensuring that one is talking to the right principal. Once, authenticity is
achieved, confidentiality is achieve by simply encrypting the message.

0.8 POSSIBLE ATTACKS IN WMNS

Some of the possible attacks in WMN are listed below:

0.8.1 External Attacks

They are those, which are launched by intruders who are not part of a WMN
and try to gain illegitimate access to the network e.g. DoS (Denial of Service
Attack).

0.8.2 Internal Attack

Internal attack is launched by the internal nodes, which are a part of the
WMN, they may be the selfish nodes or the malicious nodes that have been
possibly been compromised by the attacker.

0.9 MAC Layer

The attacks on the MAC layer can be:

0.9.1 Eavesdropping
Network Eavesdropping or network sniffing is a MAC layer attack consisting
of capturing packets from the network transmitted by others computers and
reading the data content in search of sensitive information like passwords, session
tokens, or any kind of confidential information. The attack could be done using
tools called network sniffers. These tools collect packets on the network and,
depending on the quality of the tool, analyze the collected data like protocol
decoders or stream reassembling. Network Eavesdropping is a passive attack
which is very difficult to discover. It could be identified by the effect of the
preliminary condition or, in some cases, by inducing the evil system to respond
a fake request directed to the evil system IP but with the MAC address of a
different system.

0.9.2 Reply attack

Copy or eavesdrop data between two nodes and then transmit these legiti-
mate messages at a later stage to masquerade as a legitimate user. The replay
attack, often known as the man-in-the-middle attack, can be launched by exter-
nal as well as internal nodes. An external malicious node (not part of WMN)

4
can eavesdrop on the broadcast communication between two nodes (A and B)
in the network,
It can then transmit these legitimate messages at a later stage of time to
gain access to the network resources. Generally, the authentication information
is replayed where the attacker deceives a node (node B in Figure) to believe
that the attacker is a legitimate node (node A in Figure). On a similar note,
an internal malicious node, which is an intermediate hop between two commu-
nicating nodes, can keep a copy of all relayed data. It can then retransmit this
data at a later point in time to gain the unauthorized access to the network
resources.

0.9.3 Link Layer Jamming Attack

It is the attack generated with the regular transmits MAC frames headers
with no payload on the transmission channel, which conform to the MAC pro-
tocol being used in the victim network. As a result the legitimate nodes always
find the channel busy and back off for random period of time before sensing the
channel again .This may leads to the DoS or energy depletion for the legitimate
users.

0.9.4 MAC Spoofing Attack

Eavesdrop on the network to determine the MAC addresses of legitimate
devices and masquerade as a legitimate user. An attacker can even inject a
large number of bogus frames into the network to deplete the resources (in
particular, bandwidth and energy), which may lead to denial of service for the
legitimate nodes.

0.10 Network Layer Attacks

The attacks on the network layer can be broadly divided into: 1. Control
Plane Attacks 2. Data Plane Attack. Control plane attacks target the routing
functionality of the network layer. The aim here is to achieve unavailability
of routes or coerce the network to opt for sub-optimum routes. Data plane
attacks aim to affect and hamper the forwarding functionality of the network.
The objective of the attacker here is to cause DOS (Denial of Service) to the
legitimate user by making user data unavailable or by injecting malicious data
into the network. The attacks in detail

0.11 CONTROL PLANE ATTACK

The control plane attacks can be divided into: 1. Rushing Attacks 2. Worm
hole Attacks 3. Black hole Attacks 4. Grey hole Attacks 5. Sybil Attacks Apart
from these, two other types of attacks to which Wireless Mesh Networks are
prone to are a. Network Partitioning attacks b. Routing Loop Attacks

5
0.11.1 Rushing Attacks:
Rushing attacks the route discovery mechanism of on-demand routing pro-
tocols. In this protocol, the concerned node floods the other nodes with the
route request message. This route request message is identified by a sequence
number. To contain the flooding each node forwards only the first message and
drops the rest having the same sequence number. In order to avoid collision,
on-demand routing protocols specify a time delay between receiving of a route
request message by a particular node and forwarding it. In rushing attack, it
happens that the malicious or bad node forwards the route request message to
the target node before any intermediate node from source to destination. As a
consequence, the malicious node gets included in the route from source to des-
tination. Once included, these corrupt nodes drop the packets at will. Hence a
DOS is caused.

0.11.2 Worm hole Attack:

This attack is similar to rushing attack in its objective although it uses
a different technique altogether. Two or more malicious nodes combine by
establishing a tunnel using a wired connection or high speed wireless connection
etc. Route request messages are forwarded between the malicious nodes through
this tunnel. The first route request message to reach the destination is the one
from the malicious nodes. In turn these malicious nodes get included into the
routing path from source to destination. Once included, these malicious nodes
start their dirty job. They either drop all the packets resulting in a complete
denial of service or they opt for selective packet dropping to evade detection.

0.11.3 Black hole Attack:

Black hole attacks also cause denial of service in wireless mesh networks.
Here, the malicious nodes always send a positive response to a route request,
although it may not have a valid route to the destination. Since it is the first
to reply to route request message, hence all traffic in the neighborhood of the
malicious node gets drawn towards it. So, all packets might be dropped, result-
ing in denial of service. Another variant of Blackhole attack is the co-operative
blackhole attack, where multiple malicious nodes get together to disrupt the
routing and packet forwarding functionality of the network.

0.11.4 Grey hole Attack:

A Grey hole attack is a variant of the blackhole attack. In a blackhole attack,
a malicious node gets detected quite easily because it drops all traffic it is meant
to forward. On the other hand, in a Grey hole attack, the malicious node avoids
detection by dropping the packets selectively. This enables the malicious node
to go undetected for a longer period of time.

6
 Figure 1: Worm hole Attack

0.11.5 Sybil Attack:

In a Sybil attack, a malicious node creates multiple identities in the network,
each identity appearing as a legitimate node. In the networking scenario, a
number of services like packet forwarding, routing, collaborative security mech-
anisms can be disrupted using a Sybil attack. If the malicious nodes create
multiple identities in the network, the legitimate nodes assuming these identi-
ties to be distinct network nodes, will add these identities to the list of distinct
paths available to a particular destination. When these fake nodes receive the
packets, they get processed by the malicious nodes that create the identities.
The malicious nodes then might launch a Grey hole, Worm hole, Black hole
attack etc. Even in the absence of any other attack, a Sybil attack is potent
enough to degrade the overall performance of the network.

0.11.6 Network Partitioning Attack:

In Network Partitioning attack, the malicious nodes combine to disrupt the
routing tables in a way so that the entire network is divided into non-connected
partitions. This gives rise to the denial of service problem. Routing Loop
Attack: Routing Loop attacks affect the packet forwarding functionality and
packets keep circulating in loops till the maximum hop count is reached. At
this stage, the packets are dropped or discarded.

7
0.11.7 DATA PLANE ATTACK
The Data Plane attacks comprise of attacks that are primarily launched by
selfish/compromised nodes. This leads to the denial of service and degradation
of overall performance of the network. Passive Eavesdropping which is also
predominant in the MAC layer is a Data Plane attack. This has been discussed
before in connection to MAC layer attacks. Selfish behavior of nodes in the
network is a major security issue because wireless mesh network nodes rely
heavily on each other for packet forwarding. A selfish node may drop all packets,
or it might drop the packets selectively. Selfish behavior may be easily mistaken
for link failure or network congestion. Malicious intermediate-hop nodes might
inject junk packets into the network. Network resources like bandwidth and
packet processing time may be wasted in forwarding junk packets leading to
DOS. Routing functionality may also be disrupted by injection of maliciously
crafted control packets by the compromised nodes.

0.12 Conclusion
In this seminar, we considered the security issues in wireless mesh networks
that render these networks vulnerable to security attacks. Different security
attacks on the MAC layer and network layer of wireless mesh networks have been
considered in detail. So far we have discussed the architecture, characteristics,
applications, security challenges and attacks in the MAC layer and network
layer of Wireless Mesh Networks. In our next seminar we’ll seek to cover the
solutions to the vulnerabilities that Wireless Mesh Networks are prone to.

0.13 Reference
Book- Security in wireless Mesh Networks-Yang Zhang,Jun Zheng,Honglin Hu
Websites-www.wikipedia.com,www.ieee.org,www.google.com