Posted at 10.01.2018
The major security requirements of MANETs are secure linking, secure routing and secure data transmitting or secure data packet forwarding.
Both proactive and reactive methods are needed.
The disadvantages of the mobile design, like: limited cpu, recollection and power supply, may let MANETs face more security chanllegnes, which include both
active and passive attacks, the problems of active topology, routing standard protocol and mobile environment, specially the packets absent, data changed
and node failures will make users lose trust of computer, almost all of the secure routing protocols were created with certain known disorders at heart. When an
unknown assault is experienced, these protocols may collapse, but attaining higher security usually requires more computation on each mobile node.
2. Explain -TESLA and compare it with TESLA?
TESLA means Time Efficient Stream Loss-tolerant Authentication, -TESLA is a micro version of TESLA, or we can contemplate it as an adoption of
TESLA for WSNs. Althugh TESLA and -TESLA are multicast stream authenticaiton protocols, both have different ways in key discloure and authentication.
" -TESLA is used in authentication of communication broadcasts from Base Train station(BS), from nodes (through BS), and to authenticate route revise broadcasts.
BS works as the key distribution center. " ( EXTRACTED FROM Chapter 3, Course slides. ) This implies -TESLA allows the receivers broadcast authenticated data
due to node to node key arrangement. Receiver do not show an integral with other receivers. But TESLA sender uses digital signature for the intial packet authenticaiton
and broadcasts it over the complete WSN, the receiver knows the key disclosing agenda, when the key is disclosed, receiver will check its correctness and
authenticates the buffered packets.
3. Accumulate information about the main element Management protocols in MANETs. And explain
In MANETs, Key management is actually considered as the base for each cryptographic system, it's a combination of cryptographic algorithms and
on-demand powerful routing protocols, because the networking security oftentimes reliant on proper key management, the tranditional centralized
approach in key management does not work out here, therefore, several methods are usually applied in the key management system in MANETs, such as:
Secret Posting Methods, Distributed CA Method, Error-code centered methods and Byzantine Resilient Method. Even so, Kilometres system still encounters the countless Challenges
like: Strong topology and environment, Lack of trust, Node failures, Bounded computational and functional power, Connection problems and Node
autonomity, etc because you do not know if any one entity is dishonest, that entity may be revealed.
4. Explain SEAD, SAR and SPAAR routing protocols in additional information.
SEAD is a secure desk- driven routing protocol predicated on the existing DSDV(Destination-Sequenced Distance-Vector) routing process. It uses
a one-way-hash function and asymmetric cryptography operations. Although SEAD defends against various kinds DoS ( Denial-of-Service disorders),
it cannot prevent the wormhole attack. In order to avoid long time running routing loops and also to defend against the replay strike, SEAD uses destination numbers to
to ensure that the information originates from the correct node. Authentication is also used in SEAD. Each node runs on the specific traditional element
from its one-way hash string in each routing update that it delivers about itself. The source must be authenticated using some kind of broadcast authentication
mechanism, such as: TESLA. In addition to the hash functions used, SEAD doesn't use average settling time for mailing triggered updates. This disadvantage
makes SEAD face the chanellege of clock synchronization in order to operate properly.
SAR stands for Security-Aware RANDOM Routing, which applied for on-demand secure routing protocols. Whenever a packet is directed, it need be allocated a trust
value and certain security capabilities, like: time stamp, series number, authentication, integrity, SAR presents a negociable metrics to find secure
routes that are inserted into RREQ packets. And this packet can be prepared or forwarded only when the node can provide the mandatory security. The problem
of SAR is you don't know whether or not the value assigned holds true and the invisible node attack cannot detected and cured in SAR.
SPAAR (Secure Position Aided Random Routing) is a position established system and uses the location information to raise the security and performance.
All nodes in SPAAR are required to know their own locations, for eaxmple, Global positioning system tells you where you are. SPAAR is also designed to provide
authentication, non-repudiation, confidentiality and integrity for the security environment.
5. Explain Secure Note Transmission Protocol ( SMT) in MANETs.
The major job of SMT (Secure Note Transmission) protocol is to secure the info transmission or data forwarding on already learned routes no matter
whether or not these routes have destructive nodes. SMT protocol does not package with route finding. It only demands a secure romance between your source
and destination by allowing one node know the public key of the other node. No cryptographic operation is needed between the nodes because the
communication is usually done above the node disjoint paths, every little bit of communication is authenticated and verified through a Message Authentication Code.
The destination doesnt need all the pieces of a message to comprehend it. It could reconstruct the message when enough items have been received.
This implies that even if there are harmful nodes in a few paths that drop the message or if there are unavailable routes, the subject matter can still be received.
If the destination didnt receive enough items to create the message, the source will distribute the remaining bits over a different group of paths.
Otherwise the source continues with the next message transmitting.
6. Give numberical illustrations for EL Gamal-TC (4, 6) and RSA-TC(4, 6). An investigate whether
Elliptic Curve Crypto(ECC) could be used for TC?
Elliptic Curve Crypto(ECC) could be utilized for TC, I got this notion from this article " ECC Structured Threshold Cryptography
for Secure Data Forwarding and Secure Key Exchange in MANET "compiled by Levent Ertaul and Weimin Lu, 2005,
The two authors say in this way:". . . We incorporate Elliptic Curve Cryptography and Threshold Cryptosystem to securely
deliver text messages in n shares. So long as the destination receives at least k stocks, it can restore the original subject matter.
We explore seven ECC mechanisms, El-Gamal, Massey-Omura, Diffie-Hellman, Menezes-Vanstone, Koyama-Maurer
-Okamoto-Vanstone, Ertaul, and Demytko. For secure data forwarding, we consider both splitting plaintext before
encryption, and splitting ciphertext after encryption. Also we suggest to exchange keys between a pair of mobile nodes
using Elliptic Curve Cryptography Diffie-Hellman. We does performance contrast of ECC and RSA showing ECC
is better than RSA. "
7. Hacking approach and counter-top Measures
Please find the use and the mandatory counter actions to avoid ramifications of the below commands. This
commands belong to a catergory called Discovering Wireless Networks.
Actually inSSIDer is a replacement for NetStumbler, it is a free Wi-Fi network scanning device for Windows Vista and or windows 7, it can check your WLAN
and surrounding sites to troubleshoot rivalling access items, it works with interior Wi-Fi radio, Wi-Fi network information, such as: SSID, Macintosh,
Access point vendor, data rate, signal power, security, etc. Graph transmission strength as time passes, is can also show how Wifi systems overlap and an
open source code service because the Apache Certificate, Version 2. 0, it can also support Gps unit and export to Netstumbler(*. ns1) data files, due to open source
service, the intruders might take features of it to harm your individual information. The best way to avoid inssider demand is to provide it no authorization to
access WLAN. I consider IEEE802. 1x and IEEE802. 11i protocols should be employed, and the specific mechanisms, like: WEP, TKIP, CCMP, MIC,
Counter-MOde-CBC-MAC Mode, WPA and WPA2 should be received involved.
b. Visit following site: http://renderlab. net/projects/WPA-tables
And give me the simple desription of this site.
After visiting this website, a Chapel of Wi-fi WPA-PSK Rainbow Tables displays, this site is to provide a bit more insight into the methodology
and logic behind concieving and building the CoWF WPA-PSK Rainbow Furniture, actually they are really lookup desks. From my viewpoint, this website
tries showing you the result of the task that is performed at renderlab, this task is testing how much prospects the security password will be cracked. On
WPA-tables, WPA-PSK was vulnerable to brute force episode, cryptographists use the tools like Aircrack and coWPAtty to use good thing about this weakness
and provided a way to test keys against dictionaries. They found that in reality the cracking process is very slow. Each passphrase is hashed
4096 times with SHA-1 and 256 bits of the result is the causing hash. That is then compared to the hash produced in the initial key exchange. A lot
of computing power is required because of this. In the event the SSID and the SSID size is seeded into the passphrase hash, the passphrase of 'password' will be hashed
differently on the network with the SSID of 'linksys' than it probably will on the network with the SSID of 'default'. For the Conflict driving, attacking a series of access
points to hook up to a server behind it, each one's security was better than the prior. In addition they found the application of the Time-Memory trade-off
is specifically useful in security password cracking and cryptography. Preventing it from harm? They think it's impossible to make a lookup table for all
possible keys. Because the seeding of the algorithm with the SSID and SSID span, they need to compute all possible tips against all possible SSID's,
the limlited storage space doesn't permit them to do computation. Instead they quickly check WPA-PSK networks against known british words
and known passwords quickly, while still going out of the option open up for brute forcing all of those other keyspace. Selecting the most effecient dictionary and SSID's
computed became the focus. Size was also a problem. Even if they want to break the security password, they still do not need the main element size beyond the safe-keeping capacity
of most users. They list some typically common passwords from Websters dictionary and compute them by sorting all passphrases in the number 8 parts and 64 bits, both
max and min passphrases are removed. The effect shows 52% of SSID are at Wigle database of 5 million gain access to points and at the top 1000 lists. This means
at least 2. 7 million access points are known. This renderlab job found a way to speed up WPA-PSK breaking, but it generally does not mean that it has been broken.
Those experts also use coWPAtty and other similar tools to test the other dumb passphrases. The test final result shows the minimum amount number of character types for a
WPA-PSK passphrase is 8 and the utmost is 63. In reality, hardly any users actually use more than about 20 people, generally, people choose known
words and phrases, apt to be in a dictionary. So, to get decent protection from WPA-PSK, you need to use a very long, very arbitrary, alphanumeric string
longer than 20 characters, or even to protect yourself further, particularly up against the WPA-PSK hashtables, you need to use a SSID not on the top 1000 list because
this will pressure the attacker to compute thier own list, alternatively than use one of the CoWF furniture.