Mitigating Denial of Service Attacks in OLSR

Protocol Using Fictitious Nodes

Abstract:

With the main focus of research in routing protocols for Mobile Ad-Hoc Networks (MANET)
geared towards routing efficiency, the resulting protocols tend to be vulnerable to various attacks. Over
the years, emphasis has also been placed on improving the security of these networks. Different solutions
have been proposed for different types of attacks, however, these solutions often compromise routing
efficiency or network overload. One major DOS attack against the Optimized Link State Routing protocol
(OLSR) known as the node isolation attack occurs when topological knowledge of the network is
exploited by an attacker who is able to isolate the victim from the rest of the network and subsequently
deny communication services to the victim. In this paper, we suggest a novel solution to defend the OLSR
protocol from node isolation attack by employing the same tactics used by the attack itself. Through
extensive experimentation, we demonstrate that 1) the proposed protection prevents more than 95 percent
of attacks, and 2) the overhead required drastically decreases as the network size increases until it is non-
discernable. Last, we suggest that this type of solution can be extended to other similar DOS attacks on
OLSR.

Keyword: Distributed denial-of-service (DDoS), Denial Contradictions with Fictitious Node Mechanism
(DCFM), Optimized Link State Routing protocol (OLSR)

1. Introduction Mobile software deals with the characteristics

and requirements of mobile applications. It is
Mobile computing is human computer
taking a computer and all necessary files and
interaction by which a computer is expected to
software out into the field. It is being able to use
be transported during normal usage. Mobile
a computing device even when being mobile and
computing involves mobile communication,
therefore changing location. Portability is one
mobile hardware, and mobile software.
aspect of mobile computing. It is the ability to
Communication issues include ad hoc and
use computing capability without a pre-defined
infrastructure networks as well as
location and/or connection to a network to
communication properties, protocols, data
publish and/or subscribe to information.
formats and concrete technologies. Hardware
includes mobile devices or device components.
 2. Distributed attack
A distributed denial-of-service (DDoS) attack
occurs when multiple systems flood the
bandwidth or resources of a targeted system,
usually one or more web servers. Such an attack
is often the result of multiple compromised
systems (for example a botnet) flooding the
targeted system with traffic. A botnet is a
network of zombie computers programmed to
receive commands without the owners'
knowledge. When a server is overloaded with
connections, new connections can no longer be
accepted. The major advantages to an attacker of
using a distributed denial-of-service attack are
that multiple machines can generate more attack
traffic than one machine, multiple attack
machines are harder to turn off than one attack
machine, and that the behavior of each attack
machine can be stealthier, making it harder to
track and shut down. These attacker advantages
cause challenges for defense mechanisms. For
example, merely purchasing more incoming
bandwidth than the current volume of the attack
might not help, because the attacker might be
able to simply add more attack machines. This
after all will end up completely crashing a
website for periods of time.
Malware can carry DDoS attack mechanisms;
one of the better-known examples of this was
MyDoom. Its DoS mechanism was triggered on
a specific date and time. This type of DDoS
involved hard coding the target IP address prior
to release of the malware and no further
interaction was necessary to launch the attack.
A system may also be compromised with a
Trojan, allowing the attacker to download a
zombie agent, or the Trojan may contain one.
Attackers can also break into systems using
automated tools that exploit flaws in programs
that listen for connections from remote hosts.
This scenario primarily concerns systems acting
as servers on the web. It utilizes a layered
structure where the attacker uses a client
program to connect to handlers, which are
compromised systems that issue commands to
the zombie agents, which in turn facilitate the
DDoS attack. Agents are compromised via the
handlers by the attacker, using automated
routines to exploit vulnerabilities in programs
that accept remote connections running on the
targeted remote hosts. Each handler can control
up to a thousand agents. In some cases a
machine may become part of a DDoS attack
with the owner's consent, for example, in
Operation Payback, organized by the group
Anonymous. These attacks can use different
types of internet packets such as: TCP, UDP,
ICMP etc.
Simple attacks such as SYN floods may appear
with a wide range of source IP addresses, giving
the appearance of a well distributed DoS. These
flood attacks do not require completion of the
TCP three way handshakes and attempt to
exhaust the destination SYN queue or the server
bandwidth. Because the source IP addresses can
be trivially spoofed, an attack could come from a any cast and load balancer techniques used to
limited set of sources, or may even originate implement most of the thirteen nominal
from a single host. Stack enhancements such as individual root servers as globally distributed
syn cookies may be effective mitigation against clusters of servers in multiple data centers.
SYN queue flooding, however complete
bandwidth exhaustion may require involvement.

If an attacker mounts an attack from a single

host it would be classified as a DoS attack. In
fact, any attack against availability would be
classed as a denial-of-service attack. On the
other hand, if an attacker uses many systems to
simultaneously launch attacks against a remote
host, this would be classified as a DDoS attack.

3. DDOS

Distributed denial-of-service attacks on root

name servers are Internet events in which
distributed denial-of-service attacks target one or Fig 1.1 DDOS ATTACK
more of the thirteen Domain Name System root
In particular, the caching and redundancy
name server clusters. The root name servers are
features of DNS mean that it would require a
critical infrastructure components of the
sustained outage of all the major root servers for
Internet, mapping domain names to IP addresses
many days before any serious problems were
and other resource record (RR) data. Attacks
created for most Internet users, and even then
against the root name servers could, in theory,
there are still numerous ways in which ISPs
impact operation of the entire global Domain
could set their systems up during that period to
Name System, and thus all Internet services that
mitigate even a total loss of all root servers for
use the global DNS, rather than just specific
an extended period of time: for example by
websites. However, in practice, the root name
installing their own copies of the global DNS
server infrastructure is highly resilient and
root zone data on name servers within their
distributed, using both the inherent features of
network, and redirecting traffic to the root server
DNS (result caching, retries, and multiple
IP addresses to those servers. Nevertheless,
servers for the same zone with fallback if one or
DDoS attacks on the root zone are taken
more fail), and, in recent years, a combination of
seriously as a risk by the operators of the root
name servers, and they continue to upgrade the Advantages:
capacity and DDoS mitigation capabilities of
 DCFM successfully prevents the attack,
their infrastructure to resist any future attacks.
specifically in the realistic scenario in
An effective attack against DNS might involve which all nodes in the network are
targeting top-level domain servers (such as those mobile.
servicing the .com domain) instead of root name
 it was discovered that as node
servers. Alternatively, a man-in-the-middle
population increases in density and size,
attack or DNS poisoning attack could be used,
the closer DCFM overhead is to OLSR.
though they would be more difficult to carry out.
 OLSR functions best in dense large
4. Proposed Work:
networks, DCFM can function without
Our solution called Denial real additional cost.
Contradictions with Fictitious Node Mechanism
5. Implementation
(DCFM) relies on the internal knowledge
acquired by each node during routine routing, Node Creation
and augmentation of virtual (fictitious) nodes. This module is developed to node
Moreover, DCFM utilizes the same techniques creation and more than 50 nodes placed
used by the attack in order to prevent it. The particular distance. Mobile nodes placed
overhead of the additional virtual nodes intermediate area. Each node knows its location
diminishes as network size increases, which is relative to the sink. The access point has to
consistent with general claim that OLSR receive transmit packets then send acknowledge
functions best on large networks. to transmitter.

DCFM is unique in that all the

Zone Partition
information used to protect the MANET stems
It features a dynamic and unpredictable
from the victim’s internal knowledge, without
routing path, which consists of a number of
the need to rely on a trusted third party. In
dynamically determined intermediate relay
addition, the same technique used for the attack
nodes. It uses the hierarchical zone partition and
is exploited in order to provide protection. By
randomly chooses a node in the partitioned zone
learning local topology and advertising fictitious
in each step as an intermediate relay node (i.e.,
nodes, a node is able to deduce suspect nodes
data forwarder), thus dynamically generating an
and refrain from nominating them as a sole
unpredictable routing path for a message. Such
MPR, thus, sidestepping the essential element of
zone partitioning consecutively splits the
the attack
smallest zone in an alternating horizontal and mechanism through data encryption and
vertical manner. decryption technique.
6. Conclusion
Data Routing
DCFM is unique in that all the information used
After the hierarchical zone partition
to protect the MANET stems from the victim’s
process, the source and destination claimed to
internal knowledge, without the need to rely on a
be in different zones. The source node sends the
trusted third party. In addition, the same
data to destination through the intermediate
technique used for the attack is exploited in
relay nodes. The user data gram protocol is used
order to provide protection. By learning local
to transfer the data routing from one relay node
topology and advertising fictitious nodes, a node
to next relay node.
is able to deduce suspect nodes and refrain from
nominating them as a sole MPR, thus, side-
OLSR Working Process
stepping the essential element of the attack.
The main objective of the OLSR
Simulation shows that DCFM successfully
Protocol is to provide a security to the MANET
prevents the attack, specifically in the realistic
by means of trust extended authentication
scenario in which all nodes in the network are
mechanism. The proposed setup a temporary
mobile. In addition, it was discovered that as
destination TD and informs to all mobile nodes
node population increases in density and size,
in the network, so that the attacker concentrates
the closer DCFM overhead is to OLSR. Given
only on TD to hack the data. By means of
that OLSR functions best in dense large
diverting the attacker’s concentration the data
networks, DCFM can function without real
from source is delivered to original destination
additional cost.
in secure manner.
7. Reference
Key Server Management
[1] C. E. Perkins and P. Bhagwat, “Highly
The extended technique or proposed
dynamic destinationsequenced distance-vector
technique of this project is key server
routing (dsdv) for mobile computers,” in Proc.
management. In this mechanism doesn’t suitable
Conf. Commun. Archit., Protocols Appl., 1994,
for heavier traffic condition since OLSR is a
pp. 234–244.
light weight trusting mechanism. So in order to
overcome this issue key server management [2] P. Jacquet, P. Muhlethaler, T. Clausen, A.
technique is proposed. Through KSM (key Laouiti, A. Qayyum, and L. Viennot,
server management) technique provides a more “Optimized link state routing protocol for ad hoc
authentication and secure transmission than new
networks,” in Proc. IEEE Int. Multi Topic Conf.
Technol., 2001, pp. 62–68.

[3] T. Clausen and P. Jacquet, “RFC 3626-

Optimized Link State Routing Protocol
(OLSR),” p. 75, 2003. [Online]. Available:
http:// www.ietf.org/rfc/rfc3626.txt

[4] D. Johnson, Y. Hu, and D. Maltz, “Rfc:

4728,” Dynamic Source Routing Protocol (DSR)
Mobile Ad Hoc Netw. IPV4, 2007. [Online].
Available: http://tools.ietf.org/html/rfc4728

[5] C. Perkins and E. Royer “Ad-hoc on-demand

distance vector routing,” in Proc. 2nd IEEE
Workshop Mobile Comput. Syst. Appl., Feb.
1999, pp. 90–100.

[6] E. Gerhards-Padilla, N. Aschenbruck, P.

Martini, M. Jahnke, and J. Tolle, “Detecting
black hole attacks in tactical manets using
topology graphs,” in Proc. 32nd IEEE Conf.
Local Comput. Netw., Oct. 2007, pp. 1043–
1052.

[8] C. Adjih, T. Clausen, P. Jacquet, A. Laouiti,

P. Muhlethaler, and D. Raffo, “Securing the olsr
protocol,” in Proc. Med-Hoc-Net, 2003, pp. 25–
27.