The Security Requirements And Challenges Of Manets Information Technology Essay

The Security Requirements And Challenges Of Manets Information Technology EssayThe major protective cover requirements of MANETs argon secure linking, secure routing and secure selective information transmission or secure data packet forwarding.Both proactive and reactive approaches are needed.The disadvantages of the prompt design, similar limited cpu, memory and battery, may let MANETs face more security chanllegnes, which include bothactive and passive attacks, the problems of dynamic topology, routing protocol and peregrine environment, specially the packets missing, data changedand node failures leave make users lose trust of it, more or less of the secure routing protocols are intentional with certain known attacks in arcminuted. When an secret attack is en tax returned, these protocols may collapse, but achieving higher security usually requires more computation on each mobile node.2. Explain -TESLA and compare it with TESLA?TESLA means term Efficient Stream Loss-tole rant Authentication, -TESLA is a micro version of TESLA, or we can consider it as an adoption ofTESLA for WSNs. Althugh TESLA and -TESLA are multicast stream authenticaiton protocols, both have several(predicate) way of lifes in detectstone discloure and authentication. -TESLA is apply in authentication of communicate broadcasts from Base Station(BS), from nodes (through BS), and alike to authenticate route update broadcasts.BS works as the key distribution center. ( Taken From Chapter 3, Course slides.) This means -TESLA allows the pass receivers broadcast authenticated datadue to node to node key agreement. Receiver do not share a key with another(prenominal) receivers. But TESLA sender uses digital signature for the intial packet authenticaitonand broadcasts it over the whole WSN, the receiver knows the key disclosing schedule, when the key is disclosed, receiver will check its correctness andauthenticates the buffered packets.3. Gather information about the key Manageme nt protocols in MANETs. And explainit briefly.In MANETs, Key management is truly considered as the base for every cryptographic strategy, its a combination of cryptographic algorithms andon-demand dynamic routing protocols, because the networking security in many cases dependent on proper key management, the tranditional modifyapproach in key management does not work out here, therefore, several methods are usually applied in the key management system in MANETs, such asSecret Sharing Methods, Distributed CA Method, Error-code based methods and Byzantine Resilient Method. Even so, KM system still faces the many Challengeslike Dynamic topology and environment, Lack of trust, Node failures, Bounded computational and operational power, Connectivity problems and Nodeautonomity, etc because you dont know if any one entity is dishonest, that entity may be exposed.4. Explain SEAD, SAR and SPAAR routing protocols in more details.SEAD is a secure table- driven routing protocol based on the existing DSDV(Destination-Sequenced Distance-Vector) routing protocol. It usesa one-way-hash function and asymmetric cryptography operations. Although SEAD defends against several types of DoS ( Denial-of-Service attacks),it cannot disallow the wormhole attack.To avoid long clipping running routing loops and to defend against the replay attack, SEAD uses destination numbers toto ensure that the information originates from the correct node. Authentication is also used in SEAD. Each node uses a specific authentic elementfrom its one-way hash chain in each routing update that it sends about itself. The extension essential be authenticated using some kind of broadcast authenticationmechanism, such as TESLA. Apart from the hash functions used, SEAD doesnt use average settling time for sending triggered updates.This disadvantagemakes SEAD face the chanellege of clock synchronization in order to function properly.SAR stands for Security-Aware Ad Hoc Routing, which applied for on-deman d secure routing protocols. When a packet is sent, it need be assigned a trust honor and certain security attributes, like time stamp, sequence number, authentication, integrity, SAR introduces a negociable metrics to discover secureroutes that are plant into RREQ packets. And this packet can be processed or forwarded only if the node can provide the required security. The problemof SAR is you dont know whether or not the value assigned is true and the invisible node attack can not detected and treated in SAR.SPAAR (Secure Position Aided Ad hoc Routing) is a speckle based system and uses the location information to increase the security and performance.All nodes in SPAAR are required to know their own locations, for eaxmple, GPS system tells you where you are. SPAAR is also designed to provideauthentication, non-repudiation, confidentiality and integrity for the security environment.5. Explain Secure Message Transmission Protocol ( SMT) in MANETs.The major job of SMT (Secure Messa ge Transmission) protocol is to secure the data transmission or data forwarding on already discovered routes no matterwhether or not these routes have malicious nodes. SMT protocol does not deal with route discovery. It only demands a secure relationship between the sourceand destination by allowing one node know the public key of the other node. No cryptographic operation is needed between the nodes because thecommunication is usually done over the node disjoint paths, every piece of message is authenticated and verified through a Message Authentication Code.The destination doesnt need all the pieces of a message to understand it. It can retrace the message when enough pieces have been received.This implies that even if there are malicious nodes in a few paths that drop the message or if there are unavailable routes, the message can still be received.If the destination didnt receive enough pieces to construct the message, the source will send out the remain pieces over a differen t set of paths.Otherwise the source continues with the next message transmission.6. Give numberical examples for EL Gamal-TC (4,6) and RSA-TC(4,6). An investigate whetherElliptic Curve Crypto(ECC) could be used for TC?Elliptic Curve Crypto(ECC) could be used for TC, I got this idea from the article ECC Based verge Cryptographyfor Secure Data packaging and Secure Key Exchange in MANET written by Levent Ertaul and Weimin Lu, 2005,The two authors say in this way We combine Elliptic Curve Cryptography and Threshold Cryptosystem to securelydeliver messages in n shares. As long as the destination receives at to the lowest degree k shares, it can recover the original message.We research seven ECC mechanisms, El-Gamal, Massey-Omura, Diffie-Hellman, Menezes-Vanstone, Koyama-Maurer-Okamoto-Vanstone, Ertaul, and Demytko. For secure data forwarding, we consider both splitting plaintext beforeencryption, and splitting ciphertext after encryption. Also we suggest to exchange keys between a p air of mobile nodesusing Elliptic Curve Cryptography Diffie-Hellman. We did performance comparison of ECC and RSA to show ECCis more efficient than RSA.7. Hacking technique and counter MeasuresPlease find the usage and the required counter measures to avoid effects of the below commands. Thiscommands fall into a catergory called Discovering Wireless Networks.a. INSSIDERActually inSSIDer is a replacement for NetStumbler, it is a free Wi-Fi network scanner for Windows Vista and windows XP, it can inspect your WLANand surrounding networks to troubleshoot competing access points, it works with internal Wi-Fi radio, Wi-Fi network information, such as SSID, MAC, rag point vendor, data rate, signal strength, security, etc. Graph signal strength over time, is also can show how Wifi networks overlap and provides anopen source code service since the Apache License, Version 2.0, it also can support GPS and export to Netstumbler(*.ns1) files, because of the open sourceservice, the intruders may take advantages of it to attack your personal information. The best way to avoid inssider command is to give it no permission toaccess WLAN. I consider IEEE802.1x and IEEE802.11i protocols should be applied, and the specific mechanisms, like WEP, TKIP, CCMP, MIC,Counter-MOde-CBC-MAC Mode, WPA and WPA2 should be got involved.b. Visit following meshing site http//renderlab.net/projects/WPA-tablesAnd give me the brief desription of this site.After visiting this website, a Church of Wifi WPA-PSK Rainbow Tables displays, this page is to give a little more insight into the methodological analysisand logic behind concieving and building the CoWF WPA-PSK Rainbow Tables, actually they are hunting tables. From my point of view, this websitetries to show you the result of the project that is done at renderlab, this project is examing how often possibilities the password will be cracked. OnWPA-tables, WPA-PSK was vulnerable to brute force attack, cryptographists use the tools like Aircrack and coWPAtty to take advantage of this weaknessand provided a way to test keys against dictionaries. They found that in fact the cracking process is very slow . Each passphrase is hashed4096 times with SHA-1 and 256 bits of the output is the resulting hash. This is then compared to the hash generated in the initial key exchange. A lotof computing power is required for this. If the SSID and the SSID length is seeded into the passphrase hash, the passphrase of password will be hasheddifferently on a network with the SSID of linksys than it will on a network with the SSID of default. For the War driving, attacking a series of accesspoints to connect to a server behind it, each ones security was stronger than the previous. They also found the application of the Time-Memory trade-offis particularly useful in password cracking and cryptography. How to prevent it from attack? They think its impossible to create a lookup table for allpossible keys. Because the seeding of the algorithm with the SSID and SSID length, they have to compute all possible keys against all possible SSIDs,the limlited storage space doesnt allow them to do calculation. rather they quickly check WPA-PSK networks against known english wordsand known passwords quickly, while still leaving the option open for brute forcing the rest of the keyspace. Selecting the most effecient lexicon and SSIDscomputed became the focus.Size was also a concern. Even if they want to break the password, they still do not want the key size beyond the storage capacityof most users. They list some common passwords from Websters dictionary and compute them by sorting all passphrases in the range 8 bits and 64 bits, bothmax and min passphrases are taken off. The result shows 52% of SSID are at Wigle database of 5 million access points and on the top 1000 lists. This meansat least 2.7 million access points are known. This renderlab project found a way to speed up WPA-PSK cracking, but it does not mean that it has been br oken.Those experts also use coWPAtty and other similar tools to test the other dumb passphrases. The test result shows the minimum number of characters for aWPA-PSK passphrase is 8 and the maximum is 63. In reality, very few users actually use more than about 20 characters, in most cases, people choose knownwords and phrases, likely to be in a dictionary. So, to pee-pee decent protection from WPA-PSK, you should use a very long, very random, alphanumeric stringlonger than 20 characters, or to protect yourself further, particularly against the WPA-PSK hashtables, you should use a SSID not on the top 1000 list becausethis will force the attacker to compute thier own list, rather than use one of the CoWF tables.