150 CHAPTER 7 Security for Mobile Ad Hoc Networks into two classes: passive and active attacks. Although attacks can be launched at different layers of the protocol stack, we discuss mainly the attacks that can be launched at the network layer. The attacker while performing a passive attack does not disturb the functions of the rout- ing protocol. He eavesdrops on the routing traf- fic to extract worthwhile information about the topology of the network, etc. On the other hand, in an active attack, the attacking node has to invest some of its energy to launch this attack. In active attacks, malicious nodes can disturb the correct functionality of the routing protocol by modifying routing information, by redirect- ing network traffic, or launching denial-of-service attacks (DoS) by altering control message fields or by forwarding routing messages with falsified values. · · · · · · · manifold compared with a wired environment. Malicious nodes can meaningfully alter, dis- card, forge, inject and replay control and data traffic, generate floods of spurious messages, and, in general, avoid complying with the employed protocols. Besides, wireless channels allow message eavesdropping. Vulnerability of nodes: Nodes can move about and do not reside in physically protected places, and hence can easily fall under the attacker's control. So, measures are needed to make the nodes tamper resistant. Absence of central authority: Interception of any attack is complicated, because every node can monitor only a small set of neighbors. Moreover, classical security solutions based on certification authorities and online servers are not easily applicable. Selfish nodes: Detection of selfish activities is tricky. Nodes may refuse participation to pre- serve power or avoid congestion. System failures: Communication failures like fading, loss of packets, blocking, and conges- tion are common. Therefore, malicious fail- ures will be more difficult to distinguish. Limited computational capability: Complex cryptographic algorithms cannot be imple- mented due to limited computational capa- bility. Also these algorithms require large calculation that introduces nonnegligible delay. DoS attacks (fake packets, control signal) can be easily launched against nodes having small resources. Limited power: The overhead imposed on the limited battery power of a device by a secu- rity solution must not be too much to ren- der it inapplicable. Thus, security mechanisms should be energy-efficient. Large network: An ad hoc network may consist of hundreds or even thousands of nodes. Secu- rity mechanisms should be scalable to handle such a large network. 7.4.1. Passive Attacks Some types of passive attacks are release of message content and traffic analysis. A mali- cious node in MANET executes a passive attack, without actively initiating malicious actions. In traffic analysis, the malicious node attempts to learn important information from the system by monitoring and listening on the communication between nodes within the MANET. For instance, if the malicious node observes that the connec- tion to a certain node is requested more fre- quently than to other nodes, the passive attacker would be able to recognize that this node is cru- cial for special functions within the MANET, like for example routing. The attacker may then switch its role from passive to active, and attempt to launch an active attack so as to put the cru- cial node out of operation. It could do so, for example, by performing a DoS attack, to collapse parts of or even the complete MANET. On the other hand, it may pass on the information to an accomplice, which launches the attack. At other times, a passive attacker might attempt to eavesdrop on traffic between nodes communicating in a MANET to extract informa- tion. For instance, the enemy could try to launch such an attack to spy on secret information flow- ing in a MANET deployed in a battlefield. 7.4. SECURITY ATTACKS Security attacks that can be launched against mobile ad hoc networks are generally divided