In the near future, a pervasive computing environment can be expected based on the recent progresses and advances in computing and communication technologies. Next generation of mobile communication will include both popular infrastructured wireless networks and novel infrastructureless mobile ad-hoc networks(MANETs). A MANET is a collection of wireless nodes that can dynamically form a network to exchange information without using any pre-existing fixed network infrastructure. Wireless ad-hoc networks are increasingly being used in the battlefield, emergency search, rescue missions. The special features of MANET bring great opportunities together with severe challenges. Challenges in mobile ad hoc networks describes the concept, features, status and fundamental problems of ad hoc networking. Special attention is paid on network layer routing strategy and intrusion detection in MANETs.
Our future living environments are likely to be based upon information resources provided by the connections of various communication networks for users. New small devices like Personal Digital Assistants (PDAs), mobile phones, and laptops enhance the information processing and accessing capabilities with mobility. To cater the needs of such devices, modern technologies should adopt new model of pervasive computing including new architectures, standards, devices, services, tools and protocols.
Mobile computing is the one of the most important technology supporting pervasive computing. Advances in both hardware and software techniques have enabled the spread of mobile hosts and wireless networking to masses. Generally, there are two modes in which wireless mobile nodes can communicate:
- Infrastructured: In this mode, all the communication among the mobile nodes goes through a base station. A Base station is also known as access point. These base stations are connected to the fixed infrastructure or wired networks.
- Infrastructureless: This mode of communication is known as a mobile ad hoc network
2. Related Background
2.1 MANET Concept
A mobile ad hoc network is a collection of wireless nodes that can dynamically be set up anywhere and anytime without using any pre-existing network infrastructure. It is an autonomous system in which mobile hosts connected by wireless links are free to move randomly. In MANET, nodes act both as host and routers. The traffic types in ad hoc networks are quite different from those in an infrastructured wireless network, including:
1 Peer-to-Peer: Communication between two nodes, which are within one hop.
2 Remote-to-Remote: Communication between two nodes beyond a single hop but which maintain a stable route between them. This may be the result of several nodes staying within communication range of each other in a single area or possibly moving as a group. The traffic is similar to standard network traffic.
3 Dynamic Traffic: This occurs when nodes are dynamic and moving around. Routes must be reconstructed. This results in a poor connectivity and network activity in short bursts.
2.2 MANET Features
MANET has the following features:
1 Autonomous terminal: In MANET, each mobile host is autonomous node, which may function as both a host and a router. In other words, besides the basic processing ability as a host, the mobile nodes can also perform switching functions as a router. So usually endpoints and switches are indistinguishable in MANET.
2 Distributed operation: Since there is no background network for the central control of the network operations, the control and management of the network is distributed among the terminals. The nodes involved in a MANET should collaborate amongst themselves and each node acts as a relay as needed, to implement functions e.g. security and routing.
3 Multi-hop routing: Basic types of ad hoc routing algorithms can be single-hop and multi-hop. Single-hop MANET is simpler than multihop in terms of structure and implementation, with the cost of lesser functionality and applicability. When delivering data packets from a source to its destination out of the direct wireless transmission range, the packets should be forwarded via one or more intermediate nodes.
4 Dynamic network topology: Since the nodes are mobile, the network topology may change rapidly and unpredictably and the connectivity among the terminals may vary with time. MANET should adapt to the traffic and propagation conditions as well as the mobility patterns of the mobile network nodes. The mobile nodes in the network dynamically establish routing among themselves as they move about, forming their own network on the fly. Moreover, a user in the MANET may not only operate within the ad hoc network, but may require access to a public fixed network.
5 Fluctuating link capacity: The nature of high bit-error rates of wireless connection might be more profound in a MANET. One end-to-end path can be shared by several sessions. The channel over which the terminals communicate is subject to noise, fading, and interference, and has less bandwidth than a wired network. In some scenarios, the path between any pair of users can traverse multiple wireless links and the link themselves can be heterogeneous. One effect of the relatively low to moderate capacities is that congestion is typically the norm rather than the exception i.e. aggregate application demand will likely approach or exceed network capacity frequently.
6 Energy-constrained operation: Some or all of the nodes in a MANET may rely on batteries or other means for their energy. Such devices need optimized algorithms and mechanisms that implement the computing and communicating functions.
7 Limited physical security: MANETs are generally more prone to physical security threats than are fixed cable networks. The increased possibility of eavesdropping, spoofing and denial-of-service attacks should be carefully considered.
3. Challenges In MANETs
The special features of MANET bring this technology great opportunity together with severe challenges. These include:
3.1 Routing in MANETs
The main function of the network layer is routing packets from the source machine to the destination machine. The routing algorithm is that part of the network layer software responsible for deciding which output line as incoming packet should be transmitted on. The algorithms that choose the routes and the data structures that they use are a major area of network layer design.
What makes routing algorithm a challenging task in the ad hoc network when there are lots of algorithms available for the wired network?
The reason is the changing topology of the ad hoc networks. All the rules of wired network i.e. fixed topologies, fixed and known neighbors are automatically becomes out of scope. With an ad hoc network, the topology may be changing all the time; so valid routes can change spontaneously without any warning.
The following are the desirable properties of MANET routing protocol:
1 Distributed operation: Since there is no central point like wired network, each and every node in the MANET performs routing.
2 Loop freedom: Though, if not incorporated in the routing protocol, the TTL value could be used to prevent packet from roaming in the network for arbitrarily long periods of time. But, still this property is desirable for efficient use of resources and better overall performance.
3 Demand-based operation: Instead of assuming an uniform traffic distribution within the network and maintaining routing information between all nodes at all times, routing algorithm should adapt to the traffic pattern on a demand or need basis. It should be done in such a way so that it could utilize mobile nodes energy and network bandwidth more efficiently at the cost of increased route discovery delay.
4 Proactive operation: This is the opposite of demand-based operation. It certain contexts, the additional latency demand-based operation are unacceptable. If bandwidth and energy resources permit, proactive operation is desirable in these contexts.
5 Security: Without some form of network-level or link layer security, a MANET routing protocol is vulnerable to many forms of attack. It may be relatively simple to snoop network traffic, manipulate packet headers and redirect routing messages, within a wireless network without appropriate security provisions.
6 Sleep period operation: As a result of energy conservation, or some other need to be inactive, nodes of a MANET may stop transmitting and/or receiving for arbitrary time periods. A routing protocol should be able to accommodate such sleep periods without overly adverse consequences.
7 Unidirectional link support: Bi-directional links are typically assumed in the design of routing algorithms, and many algorithms are incapable of functioning properly over unidirectional links. But, unidirectional links can and do occur in wireless networks.
Example: Ad hoc On-demand Distance Vector Routing
Ad hoc On-demand Distance Vector (AODV) Routing:
AODV is the routing algorithm specially designed for ad hoc networks. It is the distant relative of the Bellman-Ford distance vector algorithm but adapted to work in a mobile environment. It takes into account the limited bandwidth and low battery life of the mobile nodes found in the ad hoc environment. It provides loop-free routes. Another very important characteristic is that it is an on-demand algorithm, that is, it determines a route to some destination only when somebody wants to send a packet to that destination.
To find a path to the destination, the source broadcasts a route request packet. The neighbors in turn broadcast the packet to their neighbors till it reaches an intermediate node that has a recent route information about the destination or till it reaches the destination (Figure 2). A node discards a route request packet that it has already seen. The route request packet uses sequence numbers to ensure that the routes are loop free and to make sure that if the intermediate nodes reply to route requests, they reply with the latest information only.
When a node forwards a route request packet to its neighbors, it also records in its tables the node from which the first copy of the request came. This information is used to construct the reverse path for the route reply packet. AODV uses only symmetric links because the route reply packet follows the reverse path of route request packet. As the route reply packet traverses back to the source (Figure 3), the nodes along the path enter the forward route into their tables.
If the source moves then it can reinitiate route discovery to the destination. If one of the intermediate nodes move then the moved nodes neighbor realizes the link failure and sends a link failure notification to its upstream neighbors and so on till it reaches the source upon which the source can reinitiate route discovery if needed.
3.2 Intrusion detection
Intrusion detection has become very important within the realm of network security especially in the case wireless ad hoc networks. Intrusion detection is defined as the method to identify any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. It is the techniques that attempt to detect intrusion into a computer or network by observing the actions, security logs, or audit data.
Following are the some primary assumptions that has to be made when working on intrusion detection:
1 User and program activities are observable, that is the information regarding the usage of a system by a user or program must be recordable and analyzable.
2 Normal and intrusive behavior must have distinct characteristics.
In order to detect an intrusion attack, one needs to make use of a model of intrusion. That is, we need to know what an Intrusion Detection System (IDS) should look out for. There are two types of models employed in current IDS:
1 Anomaly Detection: The first model bases its detection upon the profile of a users normal behavior. It analyzes the users current session and compares them to the profile representing the users normal behavior. It raises alarm if significant deviation is found during the comparison of audit data and users profile. This type of detection system is well suited to detect known or previously not encountered attacks.
2 Misuse Detection: It bases its detection upon comparison of users session or commands with the rule base of techniques used by the attackers previously. This model looks for known attacks in the users behavior. A typical misuse detection system takes in audit data for analysis and compares the data to large database of known attack signatures.
Most of the IDS take either a network-based or host based approach based on the source of audit data.
1 Network-based IDS (NIDS): An IDS is network based when it looks for these patterns in network traffic. It listens on the network and capture and examine individual packet flowing through a network. They are able to look at the payload within a packet, to see which particular host application is being accessed, and to raise alerts when attacker tries to exploit a bug in such code. NIDS are host independent but can also be a software package installed on dedicated workstation. Side effect of NIDS is that its active scanning can slow down the network considerable.
2 Host-based IDS (HIDS): A Host-based IDS is concerned with what is happening on each individual host. They are able to detect actions such as repeated failed access attempts or changes to critical system files. It normally operates by accessing log files or monitoring real-time system usage.
Why the existing IDS cannot be used in the ad hoc network?
The vast difference between the two networks makes it very difficult to apply intrusion detection techniques developed for a fixed wired network to an ad hoc wireless network. The most important difference is perhaps that the ad hoc network does not have a fixed infrastructure and todays network-based IDSs, which rely on real-time traffic analysis, can no longer function well in this new environment. Therefore, at any one time, the only available audit trace will be limited to communication activities taking place within the radio range, and the intrusion detection algorithms must be made to work on this partial and localized information.
Further, there may not be a clear separation between normalcy and anomaly in wireless ad hoc network. A node that sends out false routing information could be the one that has been compromised, or merely the one that is temporarily out of sync due to physical movement. ID may find it increasing difficult to distinguish false alarms from real intrusion.
The following are the desirable features of Intrusion Detection System for MANET:
- The IDS should not introduce a new weakness in the MANET. That is, the IDS itself should not make a node any weaker than it already is.
- An IDS should run continuously and remain transparent to the system and users.
- The IDS should use as little system resources as possible to detect and prevent intrusions. IDSs that require excessive communication among nodes or run complex algorithms are not desirable.
- It must be fault-tolerant in the sense that it must be able to recover from system crashes, hopefully recover to the previous state, and resume the operations before the crash.
- Apart from detecting and responding to intrusions, an IDS should also monitor itself and detect if it has been compromised by an attacker.
- An IDS should have a proper response. In other words, an IDS should not only detect but also respond to detected intrusions, preferably without human intervention.
- Accuracy of the IDS is another major factor in MANETs. Fewer false positives and false negatives are desired.
- It should interoperate with other intrusion detection systems to collaboratively detect intrusions.
This report describes the background information of MANETs, which includes concepts, features and status. Thereafter, it covers the two main challenges of MANETs i.e. Routing and Intrusion detection in detail. Various issues concerning different aspects of ad hoc wireless networks are discussed. MANET is one of the most important and essential technologies in current times. MANETs can be exploited in a wide area of applications, from military, emergency rescue, law enforcement, commercial, to local and personal contexts. It has already gained critical mass among researchers in academia as well as in industry. Moreover, there is also a flurry of activity in the standards bodies in this area. Many routing protocols designed for ad hoc networks have been proposed as Internet Draft and RFC of IETF. However, MANET as a technology can only become successful and popular if the challenges related to routing and intrusion detection, as described in this report, are adequately addressed.