Free Essay

Manet

In:

Submitted By muralikrish
Words 8182
Pages 33
Security Issues in MANET.pdf (Size: 182.57 KB / Downloads: 225)

Security Issues in MANETs
Presented By:
Abhishek Seth 04329001

Abstract
Mobile Ad hoc Networks (MANET) has become an ex¬citing and important technology in recent years because of the rapid proliferation of wireless devices. A mo¬bile adhoc network consists of mobile nodes that can move freely in an open environment. Communicating nodes in a Mobile Adhoc Network usually seek the help ofother intermediate nodes to establish communication channels. In such an environment, malicious interme¬diate nodes can be a threat to the security of conver¬sation between mobile nodes. The security experience from the Wired Network world is oflittle use in Wire¬less Mobile Ad hoc networks, due to some basic differ¬ences between the two Networks. Therefore, some novel solutions are required to make Mobile Adhoc Network secure.
1 Introduction
A Mobile Adhoc Network is a group of wireless mo¬bile computers in which nodes cooperate by forwarding packets for each other to allow them to communicate beyond direct wireless transmission range. Application such as military excercises, disaster relief, and mine site operation may benefit from adhoc networking, but secure and reliable communication is a necessary pre¬requisite for such applications.
MANETS are more vulnerable to attacks than wired networks due to open medium, dynamically changing network topology, cooperative algorithms, lack of cen-tralized monitoring and lack of clear line of defense. Security is a process that is as secure as its weakest link. So, in order to make MANETs secure, all its weak points are to be identified and solutions to make all those weak points safe, are to be considered. Some of the weak points and solutions to strengthen them are considered in this article. However the list is possibly incomplete, and some more weak points of MANETs are likely to be discovered in near future. So Security issues in MANETs will remain a potential research area in near future.
The rest of the paper is organized as follows. Section 2 will illustrate about MANETs. Section 4 will raise the problems of secuirity in MANETs. Further sections deals with some of the solutions to these problems. Fi-nally Section 10 concludes this article.
2 Mobile Adhoc Networks
2.1 Introduction
Mobile Adhoc Network (MANET) is a collection of in-dependent mobile nodes that can communicate to each other via radio waves. The mobile nodes that are in radio range of each other can directly communicate, whereas others needs the aid of intermediate nodes to route their packets. These networks are fully dis¬tributed, and can work at any place without the help of any infrastructure. This property makes these net¬works highly flexible and robost.
The characteristics of these networks are summarized as follows:
¢ Communication via wireless means.
¢ Nodes can perform the roles of both hosts and routers.
¢ No centralized controller and infrastructure.
¢ Intrinsic mutual trust.
¢ Dynamic network topology.
¢ Frequent routing updates.
2.2 Advantages and Applications
The following are the advantages of MANETs:
¢ They provide access to information and services regardless of geographic position.
¢ These networks can be set up at any place and time.
Some of the applications of MANETs are
¢ Military or police exercises.
¢ Disaster relief operations.
¢ Mine cite operations.
¢ Urgent Business meetings.
2.3 Disadvantages
Some of the disadvantages of MANETs are:
¢ Limited resources.
¢ Limited physical security.
¢ Intrinsic mutual trust vulnerable to attacks.
¢ Lack of authorization facilities.
¢ Volatile network topology makes it hard to detect malicious nodes.
¢ Security protocols for wired networks cannot work for ad hoc networks.
2.4 Routing
The knowledge of routing protocols of MANETs is important to understand the security problems in
MANETs. The routing procols used in MANETs are different from routing protocols of traditional wired world. Some of the reasons are listed below:
¢ Frequent Route updates.
¢ Mobility.
¢ Limited transmission range.
The performance criteria of nodes in MANETs are dif-ferent than that of wired networks. Some of the perfor-mance metrics of MANET routing protocols are listed below:
¢ Energy consumption.
¢ Route Stability despite mobility.
Routing protocols in Mobile Adhoc Networks are ma-jorly of two categories:
¢ Proactive Protocols
¢ Reactive Protocols
Reactive Routing protocols are based on finding routes between two nodes , when it is required. This is dif¬ferent from traditional Proactive Routing Protocols in which nodes periodically sends messages to each other in order to maintain routes. Only Reactive Protocols are considered in this article, as they are extensively studied and used in MANETs. Among many Reac¬tive Routing Protocols, only two of them are described below as they are mostly studied.
2.4.1 Dynamic Source Routing
Dynamic Source Routing (DSR) uses source routing to deliver packets from one node in the network to some other node. The source node adds the full path to the destination in terms of intermediate nodes in ev¬ery packet . This information is used by intermediate node to determine whether to accept the packet and to whom to forward it. DSR operates on two mech¬anisms: Route Discovery and Route Maintainance. Route Discovery is used when the sender does not know the path upto the destination. In this mecha¬nism, the sender broadcasts a ROUTE REQUEST message which contains Source Address, Destination Address , Identifier. Each intermediate node adds its address in ROUTE REQUEST message and rebroadcast it, unless it has not rebroadcasted earlier. With this controlled broadcast, the ROUTE REQUEST will ultimately reaches the destination. The destination then sends a unicast ROUTE REPLY message in reverse direction whose infor¬mation is obtained from list of intermediate nodes in ROUTE REQUEST message.
When the ROUTE REPLY packet reaches the source, it records the route contained in it and saves in its cache for the specific destination. For better performance, intermediate nodes also records this route information from the two route messages. All nodes overhearing these packet adds meaningfull route entries in their caches.
Finally, Route Maintainance Mechanism is used to no-tify souce and potentially trigger new route discovery events when changes in the network topology invali¬dates a cached route.
2.4.2 Adhoc On-demand Distance Vector Routing
Adhoc On demand Distance Vector rouing (AODV) is another on-demand protocol. It has similar mechanism of ROUTE REQUEST and ROUTE REPLY as that in DSR.
However, it does not rely on source routing, rather it makes use of routing tables at intermediate nodes. The nodes maintain routing table entries of all reachable nodes in the network. The entries in routing tables are of the form: < Destination, Next Hop, No. of hops, Sequence Number>. Sequence number is used to main¬tain freshness. The route table is used to route data packets destined for a particular node and to respond to ROUTE REQUEST. The advantage of AODV over DSR is that, a data packet does not need to contain whole route to the destination.
3 Security basics
Before proceeding further, the reader should have the knowledge of following terminologies of Network Secu-rity:
¢ Symmetric Key Cryptograpy.
¢ Public Key Cryptograpy.
¢ Authentication and Digital Signatures.
¢ Hash and Message Authentication Codes (MAC)
¢ Man-in-the-middle attack, Denial of Service At¬tack
4 Security Problems in MANETs
MANETs are much more vulnerable to attack than wired network. This is because of the following reasons
¢ Open Medium - Eavesdropping is more easier than in wired network.
¢ Dynamically Changing Network Topology - Mo¬bile Nodes comes and goes from the network, thereby allowing any malicious node to join the network without being detected.
¢ Cooperative Algorithms - The routing algorithm of MANETs requires mutual trust between nodes which violates the principles of Network Security.
¢ Lack of Centralized Monitoring - Absence of any centralized infrastructure prohibits any monitor¬ing agent in the system.
¢ Lack of Clear Line of Defense - The only use of I line of defense - attack prevention may not suffice. Experience of security research in wired world has taught us that we need to deploy layered security mechanisms because security is a process that is as secure as its weakest link . In addition to pre-vention, we need II line of defense - detection and response.
The possible security attacks in MANETs can be di¬vided into two categories:
¢ Route Logic Compromise: Incorrect routing control messages are injected into the network to damage routing logic.
¢ Traffic Distortion Attack: All attacks that pro-hibits data packets to transfer from the source to the destination, either selectively or collectively comes under the category of Traffic Distortion At-tack. This type of attack can snoop network traf¬fic, manipulate or corrupt packet header or con¬tents, block or reply transmissions for some mali¬cious purposes.
The list of some of the attacks in MANETs is as follows:
¢ Jamming.
¢ Snooping.
¢ Flood Storm attack.
¢ Packet Modifications and Dropping.
¢ Repeater attack.
¢ Identity Impersonation.
¢ BlackHole attack.
¢ Wormhole attack.
¢ Rushing attack.
All these attacks are discussed in further subsections:
4.1 Jamming
Accidentally or Intentionally, interference can happen with radio waves of MANETs, because WLANs use unlicensed radio frequencies (ISM band ). Other elec-tromagnetic devices operating in the infrared or 2.4 GHz radio frequency can overlap with WLAN traffic. If attacker has a powerfull transmitter, he/she can gen-erate a radio signal strong enough to overwhelm weaker signals, disrupting communications. This condition is called jamming. Jammers can be of two types:
¢ High power pulsed full band jammers.
¢ Low power partial-band jammers.
Jamming attacks can be mounted from a location re-mote from the targeted network. This makes this at¬tack extremely inevitable.
4.1.1 Countermeasures
The solution to jamming is to use Spread-Spectrum technology to transmit data. Spread - Spectrum con-sumer more bandwidth than do narrowband transmis-sion. It is designed to resist eavesdropping, interfer¬ence, and noise. Spreading codes are used to broaden the narrow band signal. The receiver uses the same spreading code used by the transmitter to narrow down the spread signal to its original form. The 802.11 Wire-less standard already uses these techniques to resist these attacks.
¢ Frequency-Hopping Spread Spectrum(FHSS): In this technique , a radio signal is sent over a num¬ber of channels. At a time only one channel is used, and the hopping sequence of using different channels is determined by a pseudo-random code sequence. Only receiver, who knows the code can narrow down the signal.
¢ Direct-Sequence Spread Spectrum(DSSS): Under these technique, each data bit in the signal is transmitted as 11 bit chipping sequence (if 11 bit chip code is used), which are converted into a waveform. The waveforms are then transmitted over a wide range of frequencies. The receiver un-spreads the chip to recover the original data.
Although MANETs uses spread -spectrum techniques to minimize jamming, still the problem is not solved completely because of the inherent characterisrtics of radio waves.
4.2 Snooping
Due to broadcast nature of radio signals from transmit-ter, it is possible to eavesdrop packets. Due to inherent trust between mobile nodes, they are allowed to look at the whole packet data. Two types of information can be obtained from snooping:
¢ Packet Payload data: The actual data that the packets are carrying can be eavesdrop if proper encryptions are not used. The resource constraint nature of mobile nodes generally prevent them from using strong encryptions.
¢ Routing information: The source and destina¬tion information from the packets may reveal the nature of communication & relationship between them. These destroys some privacy of their con¬versation.
4.3 Flood Storm Attack
This is a Denial of Service Attack. Malicious node deliberately floods the whole network with meaningless Route Request(RREQ) and Route Reply (RREP)messages. The purpose of doing so is two fold:
¢ Paralyze the network by destroying its routing logic.
¢ Exhaust the network bandwidth.
Such attacks are possible only because RREQ and RREP packets are not authenticated. Any body can forge such messages. The only solution for these at¬tacks is to authenticate route control messages.
4.4 Packet Modifications and Dropping
It is possbile for intermediate nodes to modify the packet content, if proper integrity checks are not main-tained. Also it is possible to change the header infor-mation including source and destination address. Any node can take the role of router, which is not the case in wired network, where dedicated machines are routers. The malicious intermediate nodes can also simply drops data or route packets. Some Variations of packet dropping based on frequency and selective-ness are given below:
¢ Selective dropping
¢ Constant dropping
¢ Periodic dropping
¢ Random dropping
4.5 Repeater attack
In this attack, a malicious node I simply replays pack¬ets of one of its neighbour A. This will result in other side neighbour (say one of them is B) assuming that the A is its neighbour, infact it is not. Two nodes are said to be neighbour if they are in transmission range of each other. Now the malicious node I can selec¬tively replay packets between A and B, while dropping other packets. This would cause a Denial of Service for the nodes A and B. This scenerio is difficult to de¬tect as nodes can assume that this periodic dropping is because of noisy channel. Such types of attacks can be detected by Secure Neighbour Detection Techniques discussed in further sections.
4.6 Identity impersonation
The attacker can achieve various malicious goals by impersonating another user. This is because of lack of any authentication scheme in MANETs. The IP ad¬dress and MAC based identity are easy to impersonate, if underlying communication channel is not secured.
4.7 BlackHole Attack
A black hole is a node that always responds positively with a RREP message to every RREQ, even though it does not really have a valid route to the destination node. Since a black hole does not have to check its routing table, it is the first to respond to the RREQ in most cases. When the data packets routed by the source node reach the black hole node, it drops the packets rather than forwarding them to the destina¬tion node. Such malicious node also advertises itself as having shortest path to requested node. The situation can become worse if the blackhole node declares itself as having shorter path to almost all nodes, causing the whole data traffic to end up on this node, and finally the blackhole drops all data packets. This would result in complete Denial of Service.
4.8 Wormhole attack
This attack is a generalized form of repeater attack. In this attack, an attacker records a packet, at one location in the network, tunnels the packet to another location in the network, and replays the packet from the second location. This requires the attacker to have just two nodes, connected by private tunnel. Tunneling of packet can be done either by using single long-range directional wireless link or through a direct wired link. If the distance between two end points of tunnel is greater than the radio coverage of nodes, the tunneling can always be faster than the normal multihop route between the end points of tunnel. This tunnel is refered to as wormhole. Various issues are:
¢ Either all or selected packets are tunneled.
¢ Apart from packets destined to this node, other packets obtained by eaves-dropping can also be tunneled.
The wormhole between two nodes can make some dis-tance nodes to believe that they are neighbours. Many exploits can be possible after this fraud. One pow-erfull exploit is to tunnel the RREQ packets from a node near the sender to some node near the destina¬tion. This prevents any routes other than through the wormhole from being discovered. This is because, tun¬neling of RREQ can always be done faster than the normal multihop trasnmission of RREQ. The attacker then exploit the wormhole by discarding, rather than forwarding data packets, thereby creaing a Permanent Denial of Service. No other route can be discovered as long as the wormhole is active and first come first select strategy is used for RREQ forwarding. This at¬tack is always possible if distance between the sender and receiver is greater than two hops. The thing that makes this attack very strong is that, this attack is possible even if all communication pro¬vides authenticity and confidentiality and even if at¬tacker has no keys.
4.8.1 Power of wormhole attack
Let A and B are far apart nodes, and believe that they are neighbours because of a wormhole between them. If best existing route from A to B is atleast 2N + 2 hops long, then any node C within N hops of A would be unable to communicate with B. This is because C would find a shortest path to B through A, with maximum hop count of N + 1( hop count between A and B is one because of wormhole). The other path from C to B would have a length of atleast N + 2 hop counts, which is less than the hop count of route selected through A, and hence rejected.
4.9 Rushing attack
In rushing attack, a malicious node wants a route to be established through it. For this purpose, a malicious
M node waits for route request RREQ of sources ei¬ther selectively or collectively . Whenever the RREQ arrives, the malicious node M rushes the request to the next intermediate node, in a hope to get a route through it. The probability of getting a route through M is higher, because of the property of all nodes to select the first RREQ and forward it, and discarding the duplicate RREQ.
If the RREQ forwarded by the attacker are the first to reach each neighbour of the target, then any route discovered by this Route Discovery will include a hop through the attacker. Note that even if secure routing is used, this attack is possible. The malicious node can achieve various malicious purposes, after a route is established through it. It includes eavesdropping (if proper encryptions not used),Packet Dropping ,and other possible attacks.
The Rushing attack acts as an effective denial-of-service attack against all currently proposed on-demand ad hoc network routing protocols, including secure routing protcols.
Some of the techniques that the attacker can use for rushing attack:
¢ Quickly forward the packet without following con-tention protocol. Contention protocols require to wait for some time before transmitting packets in order to prevent packet collisions.
¢ Keep the network interfaces of neighbour inter¬faces full by some DOS attack. This will lower the chances that the neighbours will forward RREQ packet first. One way of doing this, is to send them bogus authetication requests and keep them busy in verifying these requests.
¢ Attacker can employ a wormhole to rush the RREQ to the destination.
5 Ariadne - Secure routing pro-tocol
Ariadne is a secure On-Demand Routing Protocol for MANETs. It prevents an attacker to tamper with un-compromised routes and large number of types of DOS attacks. Ariadne can authenticate routing messages using either shared secrets between each pair of nodes, or shared secrets between communicating nodes com¬bined with broadcast authentication, or digital signa¬tures. Ariadne appreciates use of TESLA , an efficient broadcast authentication scheme. The next subsection introduces TESLA. 5.1 TESLA
TESLA is an asymmetric broadcast authentication protocol. It is different than the traditional asymmet¬ric protocol such as RSA. RSA operations are computa-tionally expensive and very costly if carried on resource constrained mobile nodes. Authentication is provided using MAC . MAC alone cannot be used for broadcast authentication because the receiver(s) (who know the secret key of MAC) also can forge message on behalf of sender. TESLA makes use of loose clock synchro¬nization and delayed key disclosure for achieving its purpose.
In brief, MAC function is a many to one function, that takes message M and secret key K as arguements and produces a number called MAC. This MAC is ap¬pended to the message being transmitted. Authentica¬tion is carried out at the receiver by recalculating MAC of the message, if secret key is known and compare it with the MAC appended in message. If both MAC are same, message is authenticated. MAC = F ( M , K )
The procedure of TESLA is given below:
¢ Sender computes one way key chain [K0, K1,Kn] as follows
Kn = Randomkey Kj_i = H [Kj ]
Here Ko to Kn are keys and H is the hash function.
¢ The order of publishing keys is: K1,K2...,Kn. This keys stream can be verified to come from sin¬gle source by calculating hash of the key Kj and comparing it with previously published key Kj_1.
¢ Before disclosing key Kj , sender sends its packet authenticated with MAC (Kj).
¢ The receiver, when receives packet, need to ver¬ify that its MAC key is not yet published. Loose time synchronization is required for this verifica¬tion. After some time when sender publishes its key, the receiver can authenticate previously re¬ceived data message.
¢ The sender has to publish its first key of the key chain, subsequently after which, it can be authen-ticated based on remaining keys of the key stream.
Thus, this mechanism provides broadcast authentica-tion, without employing any public key operations.
5.2 Route Discovery Mechanism
This subsection describes a secure route discovery mechanism that make use of TESLA authentication. In this mechanism, the source sends a RREQ packet for the destination, which contains following : . Each of these parameters are ex¬plained below:
¢ Initiator = Sender address
¢ target = Destination address
¢ id = Unique id for RREQ by sender
¢ time-interval = TESLA time interval at the pes-simistic expected arrival time of the REQ at the target.
¢ hash-chain = Initialized to MACKSD (initiator,target,id,time-interval), where KSD is the shared secret key between source and destination.
¢ node-list and MAC-list = Empty list.
Any intermediate node A when receives the RREQ checks for its validation and forwards the packet after doing following steps:
¢ Appending its own address, A, to the node-list.
¢ Replace hash-chain field with H[A, hash ” chain].
¢ Appending the MAC of entire RREQ, calculated by its TESLA key KA corresponding to time-interval to the MAC-list.
Finally the target node when receives the RREQ do the following, before replying with RREP.
¢ Check if TESLA keys are not disclosed yet.
¢ Verify the hash-chain equal to H [An, H [An_i, H [..., H [Ai, MACKSD (Initiator,target,id,time ” interval)]...]]].
After verification, the target returns a RREP to the initiator, containing two new field apart from RREQ fields: target-MAC is MAC on preceeding fields of RREP with key KDS , key-list is initialized to empty list. The RREP is returned to initiator along the route ob-tained by reversing the node-list. Each intermediate node appends its TESLA key to the key-list . Finally at the initiator, it checks for validity of TESLA keys in key-list of each intermediate node, verifies the target-
MAC.
The following reasoning shows that this protocol is se-cure
¢ Any malicious node cannot change node list, be-cause of hash-chain is updated at each node ap-propriately taking into account the new node.
¢ Nobody can forge RREQ message as it is ap¬pended by MAC, calculated by shared secret keys between sender and receiver.
¢ Intermediate nodes verifies themselves by append-ing disclosed TESLA keys in RREP, which guran-tees that they had added their entry in node-list.
¢ Initiator can safely believe that RREP comes from target, as the target appends the MAC of RREP containing node-list, calculated with secret key shared with initiator.
6 Prevention against Rushing Attack
This section will describe some set of techniques that can be combinely used to prevent Rushing Attacks. The assumption of securely distribute the public keys amoung various nodes, holds here. Each node is as¬sumed to have sufficient computational resources, to carry out public key operations. Following are the mechanisms used to prevent Rushing Attack.
6.1 Secure Neighbour Detection
The implicit neighbour detection techniques used by routing procols, based on periodic broadcast of hello messages by a node, allowing neighbours to detect it. However this simple mechanism can be attacked simply by replaying messages between nodes. Two nodes that are at two hop distance can be made to believe that they are neighbours, by simply replaying their mes¬sages by the middle node. Few technique of Rushing attack, as discussed in section 4, involves overhopping the RREQ. So correct neighbour detection is required to prevent such situations.
The secure neighbour detection requires to verify that the neighbour is in normal transmission range. A sim¬ple three way mutual authentication protocol that uses tight delay timing can be used. For instance, the first message includes sender identity, a nonce N1, signed by sender. The second message includes sender-id, receiver-id, nonces N1 and N2, signed by receiver. Fi¬nally, the third message includes sender-id, receiver-id, nonce N2. The tight delay timing ensures that the message has only gone through one MAC contention. Given the delay between sending the first message and receiving the second message be D, the neighbour is no farther than D/2 x C, where C is the speed of light. This is accurate if the receiver can quickly process the first message and respond with the second message. In this way an upper bound of delay D can be obtained. This makes the secure neighbour detection job com¬plete.
6.2 Secure Route Delegation
Each node wants to verify that all the secure Neighbour Detection steps were performed between all adjacent pair of nodes for the RREQ previously. Secure Route Delegation Mechanism ensures this by adding one more message in the third step of Secure Neighbour detec¬tion Protocol. This message is the delegation message contains addresses of two neighbours and addresses of ultimate source and destination of RREQ, all signed with first neighbour.
6.3 Randomized Message Forwarding
One final step in preventing rushing attack is to disal¬low intermediate nodes to forward first RREQ. Rather, a random selection technique can be used, in which a few number of RREQ are collected and a randomly selected RREQ is forwarded. Timesouts should be choosen appropriately, because small timeouts can pre¬vent other RREQ to arrive, whereas large timeouts may allow very longer routes to be selected, thus in¬creasing the end to end delay.
7 Prevention against Wormhole Attack
The problem of wormhole as described in subsection 4.8 can only be solved if two nodes can detect that they are actually in radio coverage of each other. Using Secure Neighbour Detection approach requires public key operations that are computationally expen¬sive. Also due to mobility, there may be cases, when at time of three way handshake the two nodes are neigh¬bours, and immediately after that instant, they moved far away.
One approach of restricing the maximum distance the packet is allowed to travel is to use leash. A leash is any information that is added to a packet to restrict the maximun travel distance. Two types of leashes can be used:
7.1 Geographical Leashes
Each node must know its geographical position and stores this in the packet and signs the packet. The receiving node simply checks the validity of packet and calculates the distance between the two nodes, by knowing its geographical position and position con¬tained in the received packet. If calculated distance exceeds some value, then wormhole attack is detected. Some sort of loose time synchronization is required to determine the variation of the actual distance wrt the calculated distance, if maximum moving speeds of nodes are considered.
The advantage of using geographical leashes is that an attacker can be caught if pretends to reside at multi¬ple locations. However, it has one disadvantage that, due to external disturbances, if the radio coverage area is decreased, then the two nodes which are in normal transmission range of each other can be attacked by wormhole, because they are no longer in transmission range due to external disturbances.
7.2 Temporal Leashes
A better approach of detecting wormholes is to use temporal leashes, which ensures that the packet has an upper bound on its lifetime. In this technique, the time of trasnmission of packet is appended in the packet. The use of Temporal leashes restricts the maximum travel distance of the packet, since the packet can travel atmost at the speed of light. It requires the network to have strong time syncronization with maximum time syncronization error A.
Let ts be the sender time of transmission of a packet and tr be the time at receiver when it receives the packet. The sender send in the packet, the expiration time te = ts + L/c + A. Here c is the speed of light, L is the maximum distance the packet is allowed to transmit. The receiver will only accept the packet if tr te.
This mechanism also require authentication of mes-sages contains expiration time-stamps. For this pur¬pose TESLA or its extention can be used, to prevent any forging of time-stamps.
8 Anonymous Routing
While data encryption can protect the content ex¬changed between nodes, routing information may re¬veal valuable informatin about end-users and their rela¬tionships. The location and relationship of the commu¬nicating entities may easily be determined from traffic and data analysis of packet. A protcol is discussed in this section which provides anonymous routing be¬tween source and destination.
One of the assumption of this protcol is that the nodes have sufficient computational resources. This proto¬col makes use of Public key based authentication and encrption techniques.
8.1 Secure Distributed Anonymous
Routing Protocol (SDAR)
During normal routing of data packets, the source and destination information is contained in the packet. which can be exploited by malicious intermediate or overhearing nodes. The SDAR protocol described in this subsection ensures anonymity of sender and re¬ceiver. In this protcol, a sender S discovers an anony¬mous path between itself and receiver, before trans¬mitting any data. The three phases of this protocol is described below:
8.1.1 Path Discovery Phase
In this phase, source S sends a path discovery message to all its neighbours which is destined for a receiver R. This message contains following components:
¢ TYPE , TRUST_REQ, TPK
¢ EPKR (IDR ,KS )
. EKS(IDS,PKS,TPK,TSK,SNSession_IDs, Sign(Ms))
Here TPK and TSK are temporary (public,private) key pair used for this session. KS is the session secret key used by S and IDR is the address of receiver, both are send in this packet by encrypting with PKR: the public key of R. The last part contains IDS: address of sender S, PKs'. the public key of S, SNsession.iDs'-random number used to identify this session, all these are encrypted with session key KS . The Sign part protects the integrity of message.
The information about sender and receiver are all en-crypted. Thus anonymity is maintained here.Only the receiver can decrypt the second part by its private key, obtain the session key and hence decrypt the last part. The intermediate node i process the packet as follows:
¢ Check if the message has already arrived , by look-ing at TPK, which acts as identifier of request. If yes, then discard the message, else process it fur-ther.
¢ Add the following information to the packet, all encrypted with TPK: ETPK{IP>i,Ki,SNSeSSion-iD,,Sign(MIDi) Here , IDJ: the address of node, i, KJ: the session key used by node i for this session, SNsession.ID,'-random number used to identify this session by node i, Sign(MIDi): Signature of whole message.
¢ Add (SNsession-iDi, Ki, PreviousNode) to inter¬nal table. This will be used to forward data pack¬ets for this route.
The receiver when receives this message, can iden-tify that this is destined to itself. However for anonymity purpose, forwards it to other nodes, and it enters into Path Recovery Phase
8.1.2 Path Recovery Phase
The receiver R, after obtaining the path discovery mes-sage do following steps in this process:
¢ Form the message
EKs {SNSession-IDi , K\, SNSession-ID^, ¦¦¦¦ ^ \ ¦
SNses sion-I DR ),SNses sion-IDs ¦
¢ Repeatedly encrypting the above message, each time encrypt it with key KJ and add
SNsession-iD,, starting from key Kx upto key
KN.
¢ Send the final constructed message to the first node in the reverse path.
In the reverse direction, each intermediate node i re-ceives this message, identifies that it belong to itself by SNsession.iDi, which is appended to this message. It then finds its key correnponding to this session-id, decrypts the message and forwards it to the next in¬termediate node in the reverse path. The remaining intermediate node follows similar steps. Each interme¬diate node therefore removing one layer of encryption. Finally the sender will receive the path recovery mes¬sage which is of the form that is prepared by the re¬ceiver in first step. It extracts the keys and session-ids of all intermediate nodes. This completes the route finding process in anonymous manner. No intermedi¬ate node and no other node knows of the full route that is evaluated. Even the sender and receiver dont know about this route. Only thing that sender and receiver knows is session-ids and keys of intermediate nodes.
8.1.3 Data Transfer Phase
In this phase, the sender S actually sends message to receiver R. Rather than filling source and destination address, it builds a layered encryption packet as fol¬lows.
¢ Make a packet of the form: EKS (Datas ),SNsess ion-IDR ¦
¢ Encrypt and append session-id repeatedly, by us¬ing session key and session-id of each intermediate node in the order of reverse path of intermediate node.
¢ Broadcast the message, to allow neighbour inter-mediate node to forward it.
Each intermediate identifies the packet which is meant to be forwarded by it by appended session-id, decrypts one encrytion layer and forwards the message to next intermediate node. Finaly the receiver decrypts the inner most layer and got the message.
So, data packet is transfered from source to destina¬tion and no other node including intermediate node has any information about their route as well as their iden¬tity. This protocol does not require the source node to gather and store information about the network topol¬ogy. The multicast mechanism and the layered encryp¬tion used in the protocol, ensure the anonymity of the sender and receiver nodes.
8.2 Characteristics
This protocol has following characteristics :
¢ Non-Source based Routing: The source does not require to have a global view of network topology and hence the knowledge of route to destination.
¢ Flexible and Reliable Route Selection: The route control messages described earlier cannot be modi-fied by malicious intermediate node, without being detected by source or destination.
¢ Resilience against Path Hijacking: Even if some malicious node becomes intermediate node, it can-not break the anonymity of route discovery.
8.3 Security Analysis
¢ Passive attack: Malicious nodes cannot find the sender, receiver and other intermediate node just by eavesdropping on path discovery messages.
¢ Active attack: Any modification of the path dis¬covery messages will be detected by receiver be¬cause of signatures appended, which preserves in¬tegrity of message.
¢ Denial of Service Attack: The protocol is inca¬pable of resisting DOS attack involing flooding the network with meaningless path discovery mes¬sages. It is because verification of these messages involves complex computations which is resource consuming. Also it consumes network bandwidth. In fact DOS attack is very difficult to resist in any protcol.
9 Intrusion Detection in MANETs
Intrusion Detection systems (IDS) serves as second line of defence, after first line of defense by prevention tech-niques.
The two major analytical techniques in intrusion de-tection are
¢ Misuse detection: It uses signature of known at-tacks, to identify those attacks
¢ Anomaly detection: It uses established normal profiles only to identify any unreasonable devia¬tion from them.
9.0.1 Architecture of an IDS agent
Figure 1 shows the architecture of an IDS agent that can be deployed on each mobile node. The various components are:
¢ Data Collection Module : It collects various secu¬rity related data from various audit data sources and preprocess them to the input format of detec¬tion engines.
¢ Detection Engine : It determines whether a partic-ular state of system is anomalous, based on prede-termined normal profile of network created during training process.
Local Aggregation and Correlation Engine (LACE): It aggregates and correlate various detection results and transfer them to GACE.
Global Aggregation and Correlation En-gine(GACE): Its function to aggregate detection results from a number of nodes and globally make decision about any malicious event.
Figure 1: IDS Agent
9.1 Routing anomalies in MANETs
This subsection will describe how Routing anomalies can be detected in MANETs. One important assump¬tion of intrusion detection is that normal and intrusive behaviours are distinguishable.
The following are the challenges in routing anomaly detection
¢ Due to arbitrary mobility, it is very difficult to es-tablish a mathematical model to characterize rout-ing disruption attack.
¢ Difficulty in distinguishing Routing control pack¬ets generated by attacker, and that by mobility induced error.
In this sub-section, a Markov Chain Based Anomaly Detection scheme is briefly described. The following steps are required:
9.1.1 Feature Selection
Features are the attributes of data that needs to be considered. Features associated with routing caches of mobile nodes are determined in order to characterize their normal changes. Two main features are used.
¢ PCR: % Change in number of routing entries in certain time periods.
¢ PCH: % Changes in sum of hops of all routing entries in a certain time periods.
9.1.2 Markov Chain Based Intrusion Detec¬tion
The idea of using this model is that the routing changes in mobile nodes can be considered as random pro¬cess with stationary transition probabilities of Markov Chain. This statement is valid for a particular class of network, whose normal traffic follows a regular pattern. Two step process of Intrusion Detection are following:
1. Markov Chain Model Construction
The Markov Chain Model Construction requires some amount of traning data representing normal traffic pattern of the network. During construction process, the training data is preprocessed for discretization, and divided into set of traces. Each trace has a continuous values of statistical feature that we want to consider. A virtual window of size W slides through this trace. At each position of window the transition of W ordered states (feature values) within the window to new state, which is the feature value just on the right of window, is recorded. This process, if repeated for large number of traces. This will build a comprehensive probability model for a particular network traffic. This model can be used to calculate the probability of a given W + 1 number of ordered feature values.
2. Classifier Construction
The Classifier of Markov Chain Model is constructed after training the model. The classifier determines how anomalous is a given trace of statistical feature values. Under operational condition, the traces from the rout¬ing caches are recorded and fed to the detection engine. The detection engine runs the classifier over this trace. It involves sliding a virtual window of length W , and find out the probabilities of every continuous W + 1 feature value of the trace. We get a set of probabil¬ities as (P0,P1,P2,...,Pk). The lesser is the value of these probabilities, the more anomalous are the events that these probabilities are representing. Now, either we can calculate the average probability and compare it with some threshold or we can analyze individual probabilities. The later approach of analyzing individ¬ual probabilities is better because calculating average probability can suppress some of the few exceptionally low probabilities.
Some of the approach to analyze these probabilities are: ¢ A common approach is to indiviually compare the probabilities with some threshold value. If some probability is less than a particular threshold, then raise an alert.
¢ The ratio of cumulative sum of probability with number of probabilities that are summed is com-pared with some threashold at each iteration of summation. Again if the ratio becomes less than some threshold at any stage, an alert is generated.
Selecting the threshold T determines a tradeoff. Higher value of T will increase the anomalous detection ratio, but may also increase the false alarm ratio. Lower value of T will decrease the false alarm ratio but it will also decrease detection ratio. A proper value of T can be determined empirically, with desired level of trade-off. There are some limitations of this model:
¢ Unexpected changes in statistical features are un-desirable, as they introduces noise in the probabil-ity model.
¢ Overhead of training data is significant.
9.2 Crossfeature analysis in MANETs
This is another technique of detecting anomaly in MANET network. The Cross feature analysis is a data mining method to capture the inter-feature correlation patterns in normal traffic. The basic idea of cross-feature analysis framework is to explore the correlation between one feature and all other features. Anomaly detection problem can be transformed into a set of classification sub-problems, where each sub-problems choose a different feature and find out its correlation with all other features.
The same basic assumption applies here that normal and abnormal events should be able to separate from each other based on their corresponding feature vec¬tors. The technique of cross feature can be applied in two steps as:
9.2.1 Training procedure
This phase involves training a classification model such that the model will be able to predict value of one fea-ture when given the values of all other features. Some of the examples of features are given in subsection 9.2.3. The model is trained from normal traffic feature values and hence will be able to differentiate normal and abnormal traffic. The model building process is repeated for every feature and upto LL sub-models are trained.
9.2.2 Testing procedure
This phase actually test the given set of feature val¬ues for its normality. The given set of feature values for a particular event is tested under this model. Each of the L sub-models is applied to the given set of fea¬ture values. In each turn the probability of one feature value, when given other feature value, is calculated. So we are left with L probabilities . These set of proba¬bilities can be treated in the same way as expained in previous subsection 9.1.2.
7L is the number of features under consideration
9.2.3 Feature Example
Some examples of features are given below:
¢ Route related features: velocity, route add count, route removal count, route find count, route repair count, total route change, average route length.
¢ Traffic related features: packet type, flow direc¬tion (sent,received,forwarded,dropped), statictical measures of timing.
9.3 Cooperative Approach
It is very hard to distinguish between intrusions and le-gitimate operations or conditions in MANET because of the dynamically chaning topology and volatile phys¬ical environment. However, by integrating the security related information from a wider area, the aggregation algorithm can reduce the false alarm ratio and improve the detection ratio. Two methods of aggregating are:
¢ Zone-based Aggregation: This approach divides the mobile nodes into zones based on geograph¬ical division. The gateway nodes are the nodes which have physical connections to different zones. The gateway nodes of each zone is responsible for aggregating and correlating the locally generated alerts inside the zone.
¢ Cluster based Aggregation: In this approach, nodes dynamically form cluster. A cluster is a group of nodes such that all nodes in that clus¬ter are at one hop distance from a particular node called cluster head. The cluster-head is the one who collect alerts from all other nodes of that clus¬ter. This allows the cluster-head to take a global decision about the events happening in the cluster.
10 Conclusion
The following colclusions are made based on the study of MANET attacks and solutions:
¢ The mobile nodes are considered to be resource constrained. If public key operations are used, care needs to be taken to limit the frequency of these operations to prevent DOS attacks.
¢ The two lines of defenses( Prevention and Detec¬tion) against MANET attacks is required. How¬ever, a proper balance between these two is neces¬sary to prevent much consumption of resources.
¢ Because of mobility it is very difficult for the at-tacker to keep a node victimized always.
¢ DOS attack is very difficult to resist in any protcol.
¢ Some solutions discussed in this article favours public key operations and some oppose it. This is because using public key encryptions in MANETs is taken as highly computational problem which is actually so. However, due to decrease in the cost of computational power in day by day technologies, MANETs will no longer believed to be resource constrained. But the problem of public key oper¬ations being expensive remain for the long time. This is because increase in computational power will also increase key sizes for appropriate level of security. This increase in key sizes will definitely increase the computational cost.
One solution to this problem is to use Elliptic curve cryptography, which is proved to be stronger than RSA for same length of key. For now, a bal¬ance between public key operations and symmetric key operations should used in deploying security solutions in MANETs.
¢ Anomaly detection approaches discussed in this article are prone to change in normal traffic profile. There is tremendous research scope in this area of finding or discovering data-mining technologies that can cope up with this problem.
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, 2003 Oct.
[7] P.S. Yi-an Huang; Wei Fan; Wenke Lee; Yu. Cross-feature analysis for detecting ad-hoc routing anomalies. pages 478 - 487. Distributed Comput¬ing Systems, 2003. Proceedings. 23rd International
Conference on , 19-22 May 2003, 2003.
[8] David B. Johnson Yih-Chun Hu, Adrian Perrig. Ariadne: A secure on-demand routing protocol for ad hoc networks. Proceedings of the 8th annual international conference on Mobile computing and networking, 2002 Sep.
[9] David B. Johnson Yih-Chun Hu, Adrian Perrig. Rushing attacks and defense in wireless ad hoc net-work routing protocols. Proceedings of the 2003 ACM workshop on Wireless security, 2003 Sep.
References
[1] Li Xu Larry Korba Azzedine Boukerche, Khalil El-Khatib. A novel solution for achieving anonymity in wireless ad hoc networks. Proceedings of the 1st ACM international workshop on Performance eval-uation of wireless ad hoc, sensor, and ubiquitous networks, 2004 Oct.
[2] Udo W. Pooch Bo Sun, Kui Wu. Alert aggregation in mobile ad hoc networks. pages 69 - 78. Pro¬ceedings of the 2003 ACM workshop on Wireless security, 2003 Sep.
[3] A.; Johnson D.B. Hu, Y.-C.; Perrig. Packet leashes: A defense against wormhole attacks in wireless networks. pages 1976 - 1986. INFOCOM 2003.
Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE , Volume: 3, 3 April 2003.
[4] Panos C. Lekkas Randall K. Nichols. Wireless Se-curity - Models, Threats and Solutions. Mc Graw
Hill, 2002.
[5] K.; Pooch U.W. Sun, B.; Wu. Routing anomaly de-tection in mobile ad hoc networks. pages 25-31. Computer Communications and Networks, 2003.
ICCCN 2003. Proceedings, 2003.
[6] Wenke Lee Yi-an Huang. A cooperative intrusion detection system for ad hoc networks. pages 69 - 78.

Reference: http://www.seminarprojects.com/Thread-security-issues-in-manet-full-report#ixzz1HP8673UW

Similar Documents

Premium Essay

Manet

...realism art movement. Realism is the study of representation of a scene that stays as true to life as possible. They abandoned the ideals of romanticism, where the aesthetic was warped to fit their embellished emotionalism of preconceived ideas. Thus the realists focused on depicting scenes with authenticity. Many images of the workhouse arouse due to the Industrial revolution at the time. Realism began in France in the 1850s and flourished when photography was born. Edouard Manet was a character full of antithesis. On one hand he was a rebellious socialist yet he was also a dignified bourgeois. During his lifetime he became famous for breaking away from the traditional academic way of painting and was once hailed “the first modern painter” (A World History of Art, Hugh Honour & John Fleming pg 677) Yet he was heavily influenced by the masters of the past and their inspiration can clearly be seen “Le Déjeuner sur l’Herbe” (http://www.ibiblio.org/wm/paint/auth/manet/dejeuner/manet.dejeuner-sur-herbe.jpg) Manet wanted to make a statement with this peice of work, even more so than his controversial painting Olympia. But He was also desperate to be accepted by the Parisian salon because it was uneasy to artistically survive without that sort of status. However his wishes were denied, instead a small scale exhibition for the refused artists was held in an annex, that later became known as the Salon des Refusés. Both the critics and the public were outraged by this peice. Unlike the previous...

Words: 744 - Pages: 3

Premium Essay

Richard Manet Research Paper

...It is said that Manet was one of the most controversial painters of his time and occupied a very privileged place in Impressionist art, he was a painter of modern life. Manet's paintings represented a modernist style, and depicted them as they were, unobtrusively. Manet was able to combine in an original way what he learned from the great painters of his time. This was one of the reasons that his works provoked rejection and criticism. I agree with Manet, I believe that an artist must have free expression in order to transmit their talents, abilities, creativity, and imagination to produce their masterpiece. I imagine that the true basis of modern art is the freedom of expression of the artist before any subject, without having to choose between...

Words: 414 - Pages: 2

Premium Essay

Manet

...Symmetric Encryption in MANET Amol Bhosle1, Yogadhar Pandey2 Department of Computer science & Engineering,SIRT Bhopal Abstract-- Mobile ad-hoc network is wireless network composed of different nodes communicate with each other without having to establish infrastructure. The security of such network is a major concern. To improve the security of such network, technique proposed here is securing routing protocol AODV through the use of Symmetric Encryption algorithm AES. This secures the data as well as preserves the confidentiality. Further future work to be carried as of node authentication using IP address and using the AODV routing protocol and digital signature scheme. Keywords-- Mobile ad-hoc, symmetric encryption algorithm, confidentiality, AODV, Digital signature, IP address The nodes involved in a MANET should collaborate amongst themselves and each node acts as a relay as needed, to implement functions e.g. security and routing. C] Multihop Routing: Basic types of ad hoc routing algorithms can be singlehop and multihop, based on different link layer attributes and routing protocols. Single-hop MANET is simpler than multihop in terms of structure and implementation, with the cost of lesser functionality and applicability. When delivering data packets from a source to its destination out of the direct wireless transmission range, the packets should be forwarded via one or more intermediate nodes D] Light –weight Terminal: In most cases, the MANET nodes are mobile devices...

Words: 2868 - Pages: 12

Premium Essay

Edouard Manet

...Edouard Manet – Roadmenders in the rule de Berne 1878 Edouard Manet has used white and also added it to most of the colours used in this piece making them pale and pastel-like, which has significantly impacted on portraying the flooding of sunlight outdoors. This pastel effect used suggests sunlight in the distance, and the use of blues creates the impression of misty light-filled shadows. The large amount of white and its layered application gives luminosity to the painting. The technique of dragging has been used allowing the ground and earlier dry colours to show through. Blues have been applied with thin brush strokes in an opaque fashion and uneven brush strokes of green mixed with a little white have been used to depict foliage. Manet’s loose, unfocused handling is significant in depicting an immediate sense of activity. This artwork combines both wet-in-wet and wet-over-dry work in order to create a soft daylight scene of light reflection from buildings and ground. Although most of the people toward the front left of the painting have been painted in mostly white and blurred, some have been painted in black, along with the horses in browns and carts in dark greyish black, which immediately make them predominately obvious. Along the left side of the sidewalk there is evidence of a rub down or scrape down as a thin transparent black layer is visible under the pile of stones. The mixed colours and brush technique used have a considerable impact on the well depicted buildings...

Words: 345 - Pages: 2

Premium Essay

Eduard Manet

...Historical context: Eduard Manet was a French painter who represented everyday scenes of people and city life. He was a leading artist in the transition from realism to impressionism, and he lived from 1832 to 1883. Interestingly, Manet’s career choice was a little different than his parents had hoped. Manet came from royalty with his father, Auguste Manet, a high-ranking judge, and his mother, Eugénie-Desirée Fournier, the daughter of a diplomat and the goddaughter of the Swedish crown prince. They had expected for their son to “choose a respectable career”, preferably in law. However that was not in the cards for Manet. Ironically, his art career is still being appreciated over a century later. Manet's uncle, Edmond Fournier, supported Manet is his early art interests, arranging frequent trips to the Louvre. Eventually, Manet and his parents were on the same page and they supported his calling for art. The artist’s use of color, space and composition: The lemon by Manet is a unique piece of art. Manet utilizes realism to capture the simplistic form of the fruit. However, this painting is nothing less than sophisticated demonstrating Manet’s true command of color and touch with his brush. The painting is encompassed by dull, dark colors with sporadic brightness. Manet uses different forms of yellow to capture the color, shape, and texture of the lemon. The sudden brightness in the painting can be seen as the natural reflection that the lemon and the plate give off. He...

Words: 471 - Pages: 2

Free Essay

Michel - Jean Bisquiat Art Analyze

...110: Test 1 Type your answers into this document. Place into the drop-box folder by Monday 6/29 12:00 Noon. IDENTIFICATION Please type your answers directly into each text box. Identify each image with: Artist Title Material Date Location Pablo Picasso Seated Bather ( La Baigneuse) Oil on Canvas, 64 ½ x 51 in. Early 1930 Paris Pablo Picasso Seated Bather ( La Baigneuse) Oil on Canvas, 64 ½ x 51 in. Early 1930 Paris 1 1 Cai Guo-Qiang Footprints of History Fireworks August 8th, 2008 Beijing Olympic Games, Birds Nest Cai Guo-Qiang Footprints of History Fireworks August 8th, 2008 Beijing Olympic Games, Birds Nest 2 2 . Edouard Manet Luncheon on the Grass Oil on canvas 7 ft. x 8 ft. 10 in. 1863 Musee d’ Orsay, Paris Edouard Manet Luncheon on the Grass Oil on canvas 7 ft. x 8 ft. 10 in. 1863 Musee d’ Orsay, Paris 3 3 Jean- Michel Basquiat Charles the First Acrylic and oil oilstick on canvas, three panels. Triptych. 6’6 x 5’ 2 1/4 1982 New York Jean- Michel Basquiat Charles the First Acrylic and oil oilstick on canvas, three panels. Triptych. 6’6 x 5’ 2 1/4 1982 New York 4 4 Shirin Neshat Rebellious Silence, from the series Women of Allah Gelatin silver print and ink, 11x14 in. 1994 New York and Brussels Shirin Neshat Rebellious Silence, from the series Women of Allah Gelatin silver print and ink, 11x14 in. 1994 New York and Brussels 5 5 Artist: Jean - Michel Basquiat ...

Words: 936 - Pages: 4

Free Essay

Arundel : Options Case

...Critical Research Paper “The Mocking of Crist” by Edouard Manet Natallia Kolas Oakton Community College (DP Campus) HUM 123 (6:30 class) 09/27/2011 Even before going to the Art Institute, I knew that I wanted to write about one of Manet’s paintings. I admire his passion to create beautiful art even if it meant going against “old school” standards and principles. “The Mocking of Crist ” really caught my eye because of artist’s unusual interpretation of a religious subject. I felt intrigued by the idea of a red bearded Crist looking bored and out of place. When it was first presented to the public, “The Mocking of Crist ” received tons of negative criticism for the artist’s painting techniques, his choice of lower-class people as models and, of course, his interpretation of Jesus Christ’s character. “The Mocking of Crist” was painted between 1864 and 1865 in France. It is a great example of the Realist movement in art. Manet’s original title for the painting was “Jesus Insulted by the Soldiers.” Clearly, Manet did not mean to represent the soldiers' behavior in the way that title implied. Recently, once again, its name was changed to “Jesus Mocked by Soldiers.” Some sources also refer to it as “Christ Scourged.” In the center, Christ, the brightest figure, is sitting in a chair surrounded by three other male figures, soldiers. This scene is also known as the mocking of the “king of the Jews” before the execution. In this painting, the...

Words: 1280 - Pages: 6

Free Essay

Impressionnist

...images without detail but with bold colors. There were many great impressionist artists. Artist of the impressionist period Edourard Manet was an artist in the years of 1832-1833. He was a founding father of Impressionism and was a crucial part of Salon des Refusés in 1863. Edourard Manet was an artistic influence to many impressionist artists. He claimed to not be himself as an Impressionist though. He said he would not be labeled as that and did not exhibit with the others. Many impressionists borrowed from his style also. Manet influenced development of Impressionism. Olympia which was created in 1863 was a famous painting that Manet created. His style in this period was characterized by loose brush strokes, simplification of details, and the suppression of transitional tones. Adopting the current style of realism initiated by Gustave Courbet, he painted The Absinthe Drinker and other contemporary subjects such as beggars, singers, Gypsies, people in cafes, and bullfights. After his early years, he rarely painted religious, mythological, or historical subjects such as his Christ Mocked, now in the Art Institute of Chicago, and Christ with Angels, in the Metropolitan Museum of Art, New York. The roughly painted style and photographic lighting in these works was seen as specifically modern, and as a challenge to the Renaissance works Manet copied or used as source material. His work is considered 'early modern', partially because of the black outlining of figures, which...

Words: 1245 - Pages: 5

Free Essay

Art and Culture

...The relationship between the artist and the audience is a crucial element to the success of the artwork in its historical era. Titian’s traditional Renaissance symbolism and style of painting made his work a masterpiece of his time. According to art critic Brand Hamlee Titian’s work met the “demands of an admiring public. As he was particularly famous for his portraits and mythological works” this created a positive relationship between “Venus of Urbino” and the intended Renaissance audience. The relationship between the artwork and the audience is also evident through the Renaissance symbolism throughout his artwork, Venus seductive glaze captured Renaissance viewers and the high quality of Venetian light and tone to perfection was a vital characteristic to the success of the artwork to its intended audience. In addition, using symbolism, which had significance to the Renaissance mythological style also strengthened the relationship between the artist and the artwork. The Spaniel represents a symbol of fidelity a strong theme in Renaissance art as well as the use of roses, myrtle tree and the Spaniel were traditionally associated with the goddess Venus. The Brush strokes and pale rosy and ochre colours luxuriously applied created the central tones of the Venus body is an essential symbol of Renaissance sensuality, beauty and desire that was praised by all audiences. Although the intended Renaissance audience understood the key symbolism, the relationship between the artwork...

Words: 449 - Pages: 2

Premium Essay

Claude Monet Research Paper

... In 1840 Paris, France; Claude Oscar Monet was born (Claudemonetgallery.org). Claude Monet was known for many paintings. However, he was most known for his work with impressionism and showing light. His works were very different from the time era’s style, realism. Claude Monet broke out from realism by creating and preserving impressionism. With this new idea, he was able to capture nature and light effects on nature. I found his works to draw my attention to them by their vivid colors, and what effects light has on a scenery. What is impressionism? Impressionism is a movement that a group of Paris artist created. “in 1862 Monet became a student of Charles Gleyre in Paris, where he met Pierre-Auguste Renoir, Frédéric Bazille, and Alfred Sisley. Together they shared new approaches to art, painting the effects of light en plein air with broken color and rapid brushstrokes, in what later came to be known as Impressionism.” (Claudemonetgallery.org). His main goal was to show light effects on nature and show how different colors can change a paintings mood. Claude would use vibrant colors, and cool colors. These cool and vibrant colors would contrast against each other. Other paintings he would use just cool colors, others would be vibrant. His works made me feels as if I was outside and weather sets a mood; for example if I was viewing one his paintings and the sun was setting, it would make me feel relaxed. Claude Monet’s work was not only enjoyable to the viewer...

Words: 488 - Pages: 2

Free Essay

Realism and Impressionism Movements

...Realism and Impressionism Movements Gloria Slezak ART 101- Art Appreciation Instructor Todd Leisek May 23, 2014 This essay will be about Realism and Impressionism movements. Both Realism and Impressionism movement was in the 19th century. The differences between these movements are that the Realism movement was in the mid-19th century and Impressionism was in the late 19th century. I will discuss two pieces of artwork that was done in these movements. One will be The Stone Breakers by Gustave Courbet and the other one is called Dance at Le Moulin de la Galette by Auguste Renoir. In this essay I will do my best to explain a little about how the characteristics and factors are reflected in these pieces of art. The Stone Breakers was a painting done by a French painter named Gustave Courbet. Gustave was well-known for his work of arts of still lives, self-portraits, females, common men workers, landscapes and many other common places. This painting was done in 1849 and is about hundred sixty-five years old. Addressed as the pioneer of the Realist movement Gustave set a unique artistic movement which caused a lot of disagreement among other artists. This movement demonstrated and signified the everyday life. Realism was exceptional and contentious in the sense that it broke away from the norm which was for centuries illustrating popular, religious figures, however Gustave ideologies were for artists to represent only what they can see or have lived. His painting was a work...

Words: 1248 - Pages: 5

Free Essay

Multicast Capacity in Manet with Infrastructure Support

...1 Multicast Capacity in MANET with Infrastructure Support Zhenzhi Qian, Xiaohua Tian, Xi Chen, Wentao Huang and Xinbing Wang Department of Electronic Engineering Shanghai Jiao Tong University, China Email: {199012315171, xtian, qfbzcx, yelohuang, xwang8}@sjtu.edu.cn ! Abstract—We study the multicast capacity under a network model featuring both node’s mobility and infrastructure support. Combinations between mobility and infrastructure, as well as multicast transmission and infrastructure, have already been showed effective ways to increase it. In this work, we jointly consider the impact of the above three factors on network capacity. We assume that m static base stations and n mobile users are placed in an ad hoc network. A general mobility model is adopted, such that each user moves within a bounded distance from its home-point with an arbitrary pattern. In addition, each mobile node serves as a source of multicast transmission, which results in a total number of n multicast transmissions. We focus on the situations in which base stations actually benefit the capacity improvement, and find that multicast capacity in a mobile hybrid network falls into several regimes. For each regime, reachable upper and lower bounds are derived. Our work contains theoretical analysis of multicast capacity in hybrid networks and provides guidelines for the design of real hybrid system combing cellular and ad hoc networks. 1 Index Terms—Wireless ad hoc network; multicast capacity; mobility;...

Words: 6686 - Pages: 27

Free Essay

Implementation and Evaluation of Wireless Mesh Networks on Manet Routing Protocols

...Evaluation of Wireless Mesh Networks on MANET Routing Protocols Shashi Bhushan1,Anil Saroliya2 ,Vijander Singh3 Research Scholar, Computer Science, Amity University, Jaipur, India 1 Assistant Professor, Computer Science, Amity University, Jaipur, India 2 Senior Lecturer, Computer Science, Amity University, Jaipur, India 3 Abstract—Wireless Mesh Network (WMN) is a kind of network which is made up of Mesh router and Mesh clients where Mesh router having lesser mobility and form the heart of WMNs. In this paper, Wireless Mesh Network over MANET implemented using routing protocols such as AODV, DSR. In this work NS-2.34 simulator is used for simulations. Various measurements and calculations were figure out in this work like throughput, Average end-end delay, PDR, NRL and Routing packets in Random way point mobility model. WMN have features such as self configuration, self healing and low cost of equipment. This work specifically aims to study the performance of routing protocols in a wireless mesh network, where static mesh routers and mobile clients participate together to implement networks functionality such as routing and packet forwarding in different mobility scenarios Keywords- Ad hoc Network, Routing Protocols, Wireless Mesh Network, Performance, Throughput, PDR, NRL and Routing packets in Random way point mobility model, Simulation on Network simulator NS-2, AODV,DSR , Routing Overhead. I. INTRODUCTION A Mobile Ad-hoc network (MANET) is an autonomous system of wireless...

Words: 4335 - Pages: 18

Premium Essay

Apa Template Paper

...meleste at semper manet sola. Ut lacreet dolore magna aliquam sic semper fi tyrannis erat volutpat. Wisi enim ad minim veniam. Dolore eu sata sfeugiat. Ipsum lorem vei illum sat dolor euis mod tincidunt vei auminiure dolor in esse. Ultaceet dolore magna si napi. Wisi e nim ad minim veniam, quis nos In a tsvulpate velt esse meleste at semper manet sola. UT lacreet dolore magna aliquam sic semp fi tyrannis erat volutpat. Wisi enim ad minim veniam. Dolore eu sata sfeugiat.  Ipsum lorem vei illum sat dolor euis mod tincidunt vei auminiure dolor in esse. Ulta ceet dolore magna si napi. Wisi e nim admin im veniam, quis nostrud. In atsvulpate velt esse meleste at semper manet sola. Ut lacreet dolore magna aliquam sic semper fi tyrannis erat volutpat. Wisi enim ad minim veniam. Dolore eu sata sfeugiat. Ipsum lorem vei illum sat dolor euis mod tincidunt vei auminiure dolor in esse. Ultaceet dolore magna si napi. Wisi e nim ad minim Level 1 Header Level 2 Header Ipsum lorem vei illum sat dolor euis mod tincidunt vei auminiure dolor in esse. Ulta ceet dolore magna si napi. Wisi e nim admin im veniam, quis nostrud. In atsvulpate velt esse meleste at semper manet sola. Ut lacreet dolore magna aliquam sic semper fi tyrannis erat volutpat. Wisi enim ad minim veniam. Dolore eu sata sfeugiat. Ipsum lorem vei illum sat dolor euis mod tincidunt vei auminiure dolor in esse. Ultaceet dolore magna si napi. Wisi e nim ad minim veniam, quis nos In a tsvulpate velt esse meleste at semper manet sola. UT lacreet...

Words: 1313 - Pages: 6

Premium Essay

Nt1310 Unit 1 Exercise 1

...III .IDS SYSTEM Nodes in MANETs assume that other nodes always cooperate with each other to relay data. This assumption leaves the attackers with the opportunities to achieve significant impact on the network with just one or two compromised nodes. To address this problem, the IDS should be added to enhance the security level of MANETs. If MANETs can detect the attackers as soon as they enter the network to completely eliminate the potential damages caused by compromised nodes at the first time. IDS is usually act as the second layer in MANETs. a.Watchdog The watchdog that aims to improve the throughput of network with the presence of malicious nodes [10]. Watchdog serves as IDS for MANETs. It is responsible for detecting malicious...

Words: 581 - Pages: 3