The Security Requirements And Challenges Of Manets Information Technology Essay

The major security requirements of MANETs are secure linking, secure routing and secure data transmission or secure data packet forwarding.

Both proactive and reactive approaches are needed.

The disadvantages of the mobile design, like: limited cpu, memory and battery, may let MANETs face more security chanllegnes, which include both

active and passive attacks, the problems of dynamic topology, routing protocol and mobile environment, specially the packets missing, data changed

and node failures will make users lose trust of it, most of the secure routing protocols are designed with certain known attacks in mind. When an

unknown attack is encountered, these protocols may collapse, but achieving higher security usually requires more computation on each mobile node.

2. Explain ¿½-TESLA and compare it with TESLA?

TESLA means Time Efficient Stream Loss-tolerant Authentication, ¿½-TESLA is a micro version of TESLA, or we can consider it as an adoption of

TESLA for WSNs. Althugh TESLA and ¿½-TESLA are multicast stream authenticaiton protocols, both have different ways in key discloure and authentication.

” ¿½-TESLA is used in authentication of message broadcasts from Base Station(BS), from nodes (through BS), and also to authenticate route update broadcasts.

BS works as the key distribution center.” ( Taken From Chapter 3, Course slides.) This means ¿½-TESLA allows the receivers broadcast authenticated data

due to node to node key agreement. Receiver do not share a key with other receivers. But TESLA sender uses digital signature for the intial packet authenticaiton

and broadcasts it over the whole WSN, the receiver knows the key disclosing schedule, when the key is disclosed, receiver will check its correctness and

authenticates the buffered packets.

3. Gather information about the key Management protocols in MANETs. And explain

it briefly.

In MANETs, Key management is actually considered as the base for every cryptographic system, it’s a combination of cryptographic algorithms and

on-demand dynamic routing protocols, because the networking security in many cases dependent on proper key management, the tranditional centralized

approach in key management does not work out here, therefore, several methods are usually applied in the key management system in MANETs, such as:

Secret Sharing Methods, Distributed CA Method, Error-code based methods and Byzantine Resilient Method. Even so, KM system still faces the many Challenges

like: Dynamic topology and environment, Lack of trust, Node failures, Bounded computational and operational power, Connectivity problems and Node

autonomity, etc because you don’t know if any one entity is dishonest, that entity may be exposed.

4. Explain SEAD, SAR and SPAAR routing protocols in more details.

SEAD is a secure table- driven routing protocol based on the existing DSDV(Destination-Sequenced Distance-Vector) routing protocol. It uses

a one-way-hash function and asymmetric cryptography operations. Although SEAD defends against several types of DoS ( Denial-of-Service attacks),

it cannot prevent the wormhole attack.To avoid long time running routing loops and to defend against the replay attack, SEAD uses destination numbers to

Read also  Geopolitics Of Cyberspace National Security Implications Information Technology Essay

to ensure that the information originates from the correct node. Authentication is also used in SEAD. Each node uses a specific authentic element

from its one-way hash chain in each routing update that it sends about itself. The source must be authenticated using some kind of broadcast authentication

mechanism, such as: TESLA. Apart from the hash functions used, SEAD doesn’t use average settling time for sending triggered updates.This disadvantage

makes SEAD face the chanellege of clock synchronization in order to function properly.

SAR stands for Security-Aware Ad Hoc Routing, which applied for on-demand secure routing protocols. When a packet is sent, it need be assigned a trust

value and certain security attributes, like: time stamp, sequence number, authentication, integrity, SAR introduces a negociable metrics to discover secure

routes that are embedded into RREQ packets. And this packet can be processed or forwarded only if the node can provide the required security. The problem

of SAR is you don’t know whether or not the value assigned is true and the invisible node attack can not detected and treated in SAR.

SPAAR (Secure Position Aided Ad hoc Routing) is a position based system and uses the location information to increase the security and performance.

All nodes in SPAAR are required to know their own locations, for eaxmple, GPS system tells you where you are. SPAAR is also designed to provide

authentication, non-repudiation, confidentiality and integrity for the security environment.

5. Explain Secure Message Transmission Protocol ( SMT) in MANETs.

The major job of SMT (Secure Message Transmission) protocol is to secure the data transmission or data forwarding on already discovered routes no matter

whether or not these routes have malicious nodes. SMT protocol does not deal with route discovery. It only demands a secure relationship between the source

and destination by allowing one node know the public key of the other node. No cryptographic operation is needed between the nodes because the

communication is usually done over the node disjoint paths, every piece of message is authenticated and verified through a Message Authentication Code.

The destination doesn¿½t need all the pieces of a message to understand it. It can reconstruct the message when enough pieces have been received.

This implies that even if there are malicious nodes in a few paths that drop the message or if there are unavailable routes, the message can still be received.

If the destination didn¿½t receive enough pieces to construct the message, the source will send out the remaining pieces over a different set of paths.

Otherwise the source continues with the next message transmission.

6. Give numberical examples for EL Gamal-TC (4,6) and RSA-TC(4,6). An investigate whether

Read also  Human Factors And Managing Risk Information Technology Essay

Elliptic Curve Crypto(ECC) could be used for TC?

Elliptic Curve Crypto(ECC) could be used for TC, I got this idea from the article ” ECC Based Threshold Cryptography

for Secure Data Forwarding and Secure Key Exchange in MANET “written by Levent Ertaul and Weimin Lu, 2005,

The two authors say in this way:” … We combine Elliptic Curve Cryptography and Threshold Cryptosystem to securely

deliver messages in n shares. As long as the destination receives at least k shares, it can recover the original message.

We explore seven ECC mechanisms, El-Gamal, Massey-Omura, Diffie-Hellman, Menezes-Vanstone, Koyama-Maurer

-Okamoto-Vanstone, Ertaul, and Demytko. For secure data forwarding, we consider both splitting plaintext before

encryption, and splitting ciphertext after encryption. Also we suggest to exchange keys between a pair of mobile nodes

using Elliptic Curve Cryptography Diffie-Hellman. We did performance comparison of ECC and RSA to show ECC

is more efficient than RSA.”

7. Hacking technique and counter Measures

Please find the usage and the required counter measures to avoid effects of the below commands. This

commands fall into a catergory called Discovering Wireless Networks.

a. INSSIDER

Actually inSSIDer is a replacement for NetStumbler, it is a free Wi-Fi network scanner for Windows Vista and windows XP, it can inspect your WLAN

and surrounding networks to troubleshoot competing access points, it works with internal Wi-Fi radio, Wi-Fi network information, such as: SSID, MAC,

Access point vendor, data rate, signal strength, security, etc. Graph signal strength over time, is also can show how Wifi networks overlap and provides an

open source code service since the Apache License, Version 2.0, it also can support GPS and export to Netstumbler(*.ns1) files, because of the open source

service, the intruders may take advantages of it to attack your personal information. The best way to avoid inssider command is to give it no permission to

access WLAN. I consider IEEE802.1x and IEEE802.11i protocols should be applied, and the specific mechanisms, like: WEP, TKIP, CCMP, MIC,

Counter-MOde-CBC-MAC Mode, WPA and WPA2 should be got involved.

b. Visit following web site: http://renderlab.net/projects/WPA-tables

And give me the brief desription of this site.

After visiting this website, a Church of Wifi WPA-PSK Rainbow Tables displays, this page is to give a little more insight into the methodology

and logic behind concieving and building the CoWF WPA-PSK Rainbow Tables, actually they are lookup tables. From my point of view, this website

tries to show you the result of the project that is done at renderlab, this project is testing how much possibilities the password will be cracked. On

WPA-tables, WPA-PSK was vulnerable to brute force attack, cryptographists use the tools like Aircrack and coWPAtty to take advantage of this weakness

and provided a way to test keys against dictionaries. They found that in fact the cracking process is very slow . Each passphrase is hashed

Read also  Fragment Allocation In Distributed Database Design

4096 times with SHA-1 and 256 bits of the output is the resulting hash. This is then compared to the hash generated in the initial key exchange. A lot

of computing power is required for this. If the SSID and the SSID length is seeded into the passphrase hash, the passphrase of ‘password’ will be hashed

differently on a network with the SSID of ‘linksys’ than it will on a network with the SSID of ‘default’. For the War driving, attacking a series of access

points to connect to a server behind it, each one’s security was stronger than the previous. They also found the application of the Time-Memory trade-off

is particularly useful in password cracking and cryptography. How to prevent it from attack? They think it’s impossible to create a lookup table for all

possible keys. Because the seeding of the algorithm with the SSID and SSID length, they have to compute all possible keys against all possible SSID’s,

the limlited storage space doesn’t allow them to do calculation. Instead they quickly check WPA-PSK networks against known english words

and known passwords quickly, while still leaving the option open for brute forcing the rest of the keyspace. Selecting the most effecient dictionary and SSID’s

computed became the focus.Size was also a concern. Even if they want to break the password, they still do not want the key size beyond the storage capacity

of most users. They list some common passwords from Websters dictionary and compute them by sorting all passphrases in the range 8 bits and 64 bits, both

max and min passphrases are taken off. The result shows 52% of SSID are at Wigle database of 5 million access points and on the top 1000 lists. This means

at least 2.7 million access points are known. This renderlab project found a way to speed up WPA-PSK cracking, but it does not mean that it has been broken.

Those experts also use coWPAtty and other similar tools to test the other dumb passphrases. The test result shows the minimum number of characters for a

WPA-PSK passphrase is 8 and the maximum is 63. In reality, very few users actually use more than about 20 characters, in most cases, people choose known

words and phrases, likely to be in a dictionary. So, to get decent protection from WPA-PSK, you should use a very long, very random, alphanumeric string

longer than 20 characters, or to protect yourself further, particularly against the WPA-PSK hashtables, you should use a SSID not on the top 1000 list because

this will force the attacker to compute thier own list, rather than use one of the CoWF tables.

Order Now

Order Now

Type of Paper
Subject
Deadline
Number of Pages
(275 words)