A New Approach to Prevent Black Hole Attack in AODV

8/7/2019 A New Approach to Prevent Black Hole Attack in AODV

http://slidepdf.com/reader/full/a-new-approach-to-prevent-black-hole-attack-in-aodv 1/6

(IJCSIS) International Journal of Computer Science and Information Security,

Vol. 9, No. 1, 2011

A New Approach to Prevent Black Hole Attack in

AODV

M. R. Khalili Shoja

Department of Electrical

Engineering, Amirkabir University

of Technology, Tehran, Iran

[email protected]

Hasan Taheri


Engineering, Amirkabir University


[email protected]

Shahin Vakilinia


Engineering, Sharif University


[email protected]

Abstract— Ad-hoc networks are a collection of mobile hosts thatcommunicate with each other without any infrastructure. These

networks are vulnerable against many types of attacks includingblack hole. In this paper, we analyze the effect of this attack onthe performance of ad-hoc networks using AODV as a routingprotocol. Furthermore, we propose an approach based on hashchain to prevent this type of attack. Simulation results using

OPNET simulator depicts that packet delivery ratio, in thepresence of attacker nodes, reduces remarkably. On the otherhand, applying proposed approach can reduce the effect of blackhole attacks.

Keywords:AODV;black hole;hash chain;OPNET

I. INTRODUCTION

Ad-hoc networks are characterized by dynamic topology,self-configuration, self-organization, restricted power,temporary network and lack of infrastructure. Characteristics of these networks lead to using them in disaster recoveryoperation, smart buildings and military battlefields [1].

Routing protocol in ad-hoc networks are classified into twomain categories, proactive and reactive [3]. In proactive routingprotocols, routing information of nodes is exchanged,periodically, such as DSDV [4]. In on-demand routingprotocols, nodes exchange routing information when neededsuch as, AODV [2] and DSR [5]. Furthermore, some ad-hocrouting protocols are a combination of above categories.

Although trusted environment has been assumed in mostresearch on ad-hoc routing protocols, many usages of ad-hocnetwork run in untrusted situations. So, most ad-hoc routingprotocols are vulnerable to diverse types of attacks that one of which is black hole attack. In this attack, a malicious node usesthe routing protocol to advertise itself as having the shortest or

freshest path to the node whose packets it wants to intercept. Ina flooding based protocol, the attacker listens to requests forroutes. When the attacker receives a request for a route to thetarget node, the attacker creates a reply consisting of anextremely short or fresh route [6]. The rest of this paper isorganized as follows: In section 2, AODV routing protocol isdescribed. In section 3, we describe classification of attacks inMANET. Network layer attack is described in section 4.Section 5 summarizes related works and detailed description of

proposed solution is discussed in section 6. In section 7,simulation results are analyzed.

II. AODV ROUTING PROTOCOL

AODV is used to find a route between source and

destination as needed and this routing protocol uses threesignificant type of messages, route request (RREQ), route

reply (RREP) and route error (RERR). Field information of these messages, such as source sequence number, destination

sequence number, hop count and etc is explained in detail in

[2]. Each node has a routing table, which contains information

about the route to the specific destination. When source node

wants to communicate with a destination and there is not any

route between them in its routing table, at first step sourcenode broadcasts RREQ. So, RREQ is received by intermediate

nodes that they are in the transmission range of sender. These

nodes broadcast RREQ until RREQ is received by destination

or an intermediate node that has fresh enough route to the

destination. Then it sends RREP unicastly toward the source.

Hence, a route among source and destination is made. A freshenough route is a valid route entry that its destination sequence

number is at least as great as destination sequence number in

RREQ. The source sequence number is used to determine

freshness about route to the source. In addition, destination

sequence number is used to determine freshness of a route tothe destination. When intermediate nodes receive RREQ, with

consideration of source sequence number and hop count, make

or update a reverse route entry in its routing table for that

source. Furthermore, when intermediate nodes receive RREP,

with consideration of destination sequence number and hop

count, make or update a forward route entry in its routing tablefor that destination.

III. CLASSIFICATION OF ATTACKS IN MANET

The attacks in MANET can be classified into twocategories, called passive attacks and active attacks. Passiveattacks are done to steal information of network such as,eavesdropping attacks and traffic analysis attacks. Indeed,passive attackers get data exchanged in the network withoutdisrupting the operation of a network and modification of exchanged data. On the other hand, in active attacks,replication, modification and deletion of exchanged data is

24 http://sites.google.com/site/ijcsis/ISSN 1947-5500




Vol. 9, No. 1, 2011

done by attackers. The attacks in ad-hoc networks can also beclassified into two categories, called external attacks andinternal attacks. Internal attacks are done by authorized node inthe network, whereas external attacks are executed by nodesthat they are not authorized to participate in the network options. Another classification of attacks is related to protocolstacks, for instance, network layer attacks.

IV. NETWORK LAYER ATTACKS IN MANET

Some network layer attacks are described in below:

A. Wormhole attack

In this attack, an attacker records a packet, at one location

in the network, tunnels the packet to another location andreplays it there [21].

B. Byzantine attack

In this attack, malicious nodes individually or cooperativelycarry out attacks such as creating routing loops and forwardingpackets through non-optimal paths.

C. Rushing attack

Rushing attacker forwards packets quickly by skipping

some of the routing processes. So, in on-demand routing

protocol such as AODV, the route between source anddestination include rushing nodes.

D. Resource consumption attack

In this attack, an attacker attempts to consume battery life

of other nodes.

E. Location disclosure attack

In this attack, information relating to structure of network

is revealed by attacker nodes.

F. Black hole attack

In black hole attack, malicious nodes falsely claim a fresh

route to the destination to absorb transmitted data from source

to that destination and drop them instead of forwarding.

Black hole attack in AODV protocol can be classified into

two categories: black hole attack caused by RREP and black

hole attack caused by RREQ.

1) Black hole attack caused by RREQ

With sending fake RREQ messages an attacker can form black

hole attack as follows:

a) Set the originator IP address in RREQ to the

originating node’s IP address.

b) Set the destination IP address in RREQ to thedestination node’s IP address.

c) Set the source IP address of IP header to its own IP

address.

d) Set the destination IP address of IP header to

broadcast address.

e) Choose high sequence number and low hop count

and put them in related fields in RREQ.

Figure 1. Operation at intermediate nodes when receive RREQ

So, false information about source node is inserted to the

routing table of nodes that get fake RREQ. Hence, if these

nodes want to send data to the source, at first step they send itto the malicious node.

2) Black hole attack caused by RREP

With sending fake RREP messages an attacker can form black hole attack. After receiving RREQ from source node, a

malicious node can generate black hole attack by sending

RREP as follow:a) Set the originator IP address in RREP to the

originating node’s IP address.

b) Set the destination IP address in RREP to the

destination node’s IP address.

c) Set the source IP address of IP header to its own IP

address.

d) Set the destination IP address of IP header to the IP

address of node that RREQ has been received from it.

Is the sender of

RREQ in blacklist?

Is it equal to

criterion?

Is it bigger thanhash order of

criterion?

Is it destination?

Get RREQ

Drop the packet

Calculate the hash order in

hash_RREQ.

Yes

No

Accept the packet

Yes

Calculate the hash of hash_RREQ

specific times

No

No

Yes

Drop the packet and set the name of

sender node in blacklist.

Accept the packet and change

the criterion to the value of hash_RREQ

No

Yes

Calculate hash of hash_RREQand set this value in hash_RREQ

and rebroadcast RREQ.

Send RREP

25 http://sites.google.com/site/ijcsis/

ISSN 1947-5500




Vol. 9, No. 1, 2011TABLE I. SIMULATION PARAMETERS

e) Choose high number for sequence number and low

number for hop count.

So, data from source reach to malicious node and it dropsthem.

V. RELATED WORKS

There are basically two approaches to secure MANET:

1.securing ad-hoc routing and 2.Intrusion detection [7].

A. Securing routing

Ariadne [8] has proposed ad-hoc routing protocol that

provides security in MANET and relies on efficient symmetric

cryptography. This protocol is based on the basic operation of

the DSR protocol. In [9], a secure routing protocol based on

DSDV has been proposed. Hash chains have been used to

authenticate hop counts and sequence numbers. ARAN [10]uses cryptographic public-key certificates in order to achieve

the security goals. The goal of SAR [11] is to characterize and

explicitly represent the trust values and trust relationshipsassociated with ad-hoc nodes and use these values to make

routing decisions. Secure AODV (SAODV) [12] is a security

extension of AODV protocol, based on public key

cryptography. Hash chains are used in this protocol to

authenticate the hop count. Adaptive SAODV (A-SAODV)

[13] has proposed a mechanism based on SAODV for

improving the performance of SAODV. In [14] a bit of

modification has been applied to A-SAODV for increasing itsperformance. TRP [20] employs hash chain algorithm to

generate a token, which is appended to the data packets to

identify the authenticity of the routing packets and to choosecorrect route for data packets. TRP provides significant

reduction in energy consumption and routing packet delay by

using hash algorithm.

B. Intrusion detection system

[15] introduces a method that requires each intermediate node

to send back the next hop information inside RREP message.This method uses further request message and further reply

Figure 2. Network topology

message to verify the validity of the route. Zhang and Lee [16]

propose a distributed and cooperative intrusion detection

model based on statistical anomaly detection techniques. In[17], the intermediate node requests its next hop to send a

confirmation message to the source. After receiving both route

reply and confirmation message, the source determines thevalidity of path according to its policy. In [18], Huang et al use

both specification-based and statistical-based approaches.

They construct an Extended Finite State Automation (EFSA)

according to the specification of AODV routing protocol and

model normal state and detect attacks with anomaly detection

and specification-based detection. An approach based on

dynamic training method in which the training data is updated

at regular time intervals has been proposed in [19].

VI. PROPOSED WORK

As we will discuss, AODV is weak against black hole

attack. In this paper we propose mechanism to prevent black

hole attack based on hash chain. Black hole attack is based on

modification of sequence number and hop count. In this

method, when an intermediate node receives RREQ or RREP,

check an extra field, which will be explained later, to verify

sequence number and hop count. If this node authenticates

validity of this field, it can accept control messages and fill its

routing table accordingly. We add one field named

hash_RREQ to RREQ and similarly, one field called

hash_RREP to RREP. We assume that only destination can

send RREP, although, intermediate nodes can have enough

fresh routes to the destination. It means that destination onlyflag in RREQ must be set. When source node wants to send

data to destination, it must use AODV protocol to find a route

to the destination. So this node sends new RREQ as below:

Normal RREQ Hash-RREQ

Normal RREQ is RREQ in AODV and hash_RREQ field is

a new field that we add to existing protocol. Source node

Simulation parameters Value

Number of nodes 46

Network size 600*600(m)

Simulation duration 600(sec)

Transmit power(w) .0001

Packet Reception-power Threshold(dBm) -95

Hash function SHA-1

Source node Mobile-node-1

Destination node Mobile-node-4

Packet Inter-Arrival Time(sec) Uniform(.1,.11)

Packet size(bits) Exponential(1024)


ISSN 1947-5500




Vol. 9, No. 1, 2011

should fill this field and intermediate nodes should verify the

authenticity and change this field as will be explained. Source

node chooses a random number as a seed. After that this node

calculates hash of the seed a specific number of times as

below:

( ).( )

a i b jh seed

− +(1)

Where ( )r

h x means calculation of hash of x, r times (or

order of hash is r) and a is the number that should be higher

than maximum sequence number during the working of

network, b is the maximum hop count between two furthest

nodes plus one in the network, i is the value of sequence

number and j is the hop count (patently j for source node is 0).

We assume that before sending the RREQ with source node,

all nodes in the network know the value:

( 1). ( )a b

h seed +

(2)

We called this value criterion. Therefore, source node

generates the hash of the seed using the formula (1) and places

it in the hash_RREQ field; for example, for first RREQ that is

sent by source node, i=1 and j=0 . When this packet, RREQ,arrives to next hop, at the first step, this node checks the

validity of hash value by knowing the formula (2). It means

that the receiver node computes hash of hash_RREQ for y

times, where y is the difference between order of hash in

hash_RREQ and order of hash in criterion. If it is equal to

criterion, Eq. (2), so intermediate node accepts this packet and

inserts appropriate entry in relation with source node in its

routing table. On the other hand, receiver node, after

validating of hash_RREQ, changes its criterion to the value of

hash_RREQ. Now this node should change the hash_RREQ in

accordance with 1. It means that this node calculates hash of

the hash_RREQ and places it in hash_RREQ.

Similarly, destination node does as above but calculates

hash chain in accordance with its own seed. Destination node

places the value of hash in hash_RREP. New RREP is shown

below:

Normal RREP Hash-RREP

Other things and operation are exactly similar to RREQ.

Thus, malicious nodes cannot increase sequence number and

decrease hop count. Because if they want do this, they should

calculate hash in lower order and obviously this is impossible,

for instance, with having h_20 it is impossible to calculate

h_19. Consequently, malicious nodes can only increase hop

count or decrease sequence number. As a result, wronginformation about sequence number and hop count cannot be

placed in routing tables. Besides, each node has a blacklist and

when a node receive RREQ or RREP from malicious node that

hash_RREQ or hash_RREP field is not valid, puts the name of

the sender in its own blacklist. Furthermore all packets from

nodes in blacklist won’t be accepted and must be discarded.

Operation at intermediate nodes, when receive RREQ, is

Figure 3. PDR in presence of one malicious node

Figure 4. PDR in presence of two malicious nodes

depicted in Fig. 1. Furthermore, operation at intermediate

nodes, on receiving RREP, is exactly the same as Fig. 1.

VII. SIMULATION RESULTS

For the simulation, we use OPNET 14.0.A [22] as a simulator.

Our network topology is indicated in Fig. 2. TABLE I contains

parameters that we choose for simulation. For evaluating the

performance of the network, we consider the followingmetrics:

Packet Delivery Ratio: The ratio of the data delivered to the

destination to the data sent out by the source.

Various mobilities of nodes have been considered to measure

the performance of network in presence of malicious nodes as

attackers. Fig. 3 demonstrates the results in presence of only

one malicious node. In this scenario mobile-node-5 is the

attacker. In Fig. 4, mobile-node-5 and mobile-node-20 act as

malicious nodes. Mobile-node-5, mobile-node-20 and mobile

node-10 are malicious nodes in another scenario and results of

this section are presented in Fig. 5. In another scenario mobile-

node-5, mobile-node20, mobile-node-10 and mobile-node-11

send fake messages to construct a black hole attack. Related

results are illustrated in Fig. 6. Fig. 7, Fig. 8 and Fig. 9 show

the variation of PDR when the number of malicious nodes in

the network is varied from 1 to 4 in the mobility of 10m/s,

30m/s, 50m/s respectively. As it is shown by these figures, the

proposed mechanism improves PDR nodes, in other words,

this approach protects MANETs against black hole attack.


ISSN 1947-5500




Vol. 9, No. 1, 2011

Figure 5. PDR in presence of three malicious nodes

Figure 6. PDR in presence of four malicious nodes

Figure 7. Analysis of PDR vs. different number of attacker in

10m/s


30m/s


50m/s

VIII. REFERENCES

[1] E. Çayırcı, C.Rong, “Security in Wireless Ad Hoc and Sensor

Networks,” vol. I. New York: Wiley 2009, pp. 10.

[2] C. E. Perkins, E. M. B. Royer and S. R. Das, “Ad-hoc On-Demand

Distance Vector (AODV) Routing,” Mobile Ad-hoc NetworkingWorking Group, Internet Draft, draft-ietf-manetaodv- 00.txt, Feb. 2003.

[3] E. M. Royer and C-K Toh, “A Review of Current Routing Protocols forAd-Hoc Mobile Wireless Networks,” IEEE Person. Commun., Vol. 6,

no. 2, Apr. 1999.

[4] C. E. Perkins and P. Bhagwat, “Highly Dynamic Destination-SequencedDistance-Vector Routing (DSDV) for Mobile Computers,” Proceedings

of the SIGCOMM ’94 Conference on Communications Architectures,Protocols and Applications, pp 234–244, Aug.1994.

[5] D. B. Johnson, D. A. Maltz, “Dynamic Source Routing in Ad Hoc

Wireless Networks”, Mobile Computing, edited by Tomasz Imielinskiand Hank Korth, Chapter 5, pp 153- 181, Kluwer Academic Publishers,

1996.

[6] M. Ilyas, “The Handbook of Ad hoc wireless Networks,” CRC Press,

2003.

[7]

Stamouli, “Real-time Intrusion Detection for Ad hoc Networks”Master’s thesis, University of Dublin, Sep. 2003.

[8] Y.-C. Hu, A. Perrig, D. B. Johnson, “Ariadne: A Secure On-Demand

Routing Protocol for Ad hoc Networks,” Proc. 8th ACM Int’l. Conf.Mobile Computing and Networking (Mobicom’02), Atlanta, Georgia,

Sep. 2002, pp. 12-23.

[9] Y.-C. Hu, D. B. Johnson, A. Perrig, “SEAD: Secure Efficient DistanceVector Routing for Mobile Wireless Ad hoc Networks,” Proc. 4th IEEE

Workshop on Mobile Computing Systems and Applications, Callicoon,NY, Jun. 2002, pp. 3-13.

[10] K. Sanzgiri, B. Dahill, B. Levine, C. Shields, and E. Belding-Royer, A

Secure Routing Protocol for Ad Hoc Networks. Proc. of IEEEInternational Conference on Network Protocols (ICNP), pp. 78-87, 2002.

[11] S. Yi, P. Naldurg, R. Kravets, “Security-Aware Ad hoc Routing for

Wireless Networks,” Proc. 2nd ACM Symp. Mobile Ad hoc Networkingand Computing (Mobihoc’01), Long Beach, CA, Oct. 2001, pp. 299-

302.[12] M. Zapata, “Secure Ad Hoc On-Demand Distance Vector (SAODV),”

Internet draft, draft-guerrero-manet-saodv-01.txt, 2002.

[13] D. Cerri, A. Ghioni, “SecuringAODV: The A-SAODV Secure RoutingPrototype,” IEEE Communication Magazine, Feb. 2008, pp 120-125.

[14] K. Mishra, B. D. Sahoo, “A Modified Adaptive-Saodv Prototype For

Performance Enhancement In Manet,” International Journal Of Computer Applications In Engineering, Technology And Sciences (Ij-

Ca-Ets), Apr. 2009 – Sep. 2009, pp 443-447.


ISSN 1947-5500




Vol. 9, No. 1, 2011[15] H. Deng, W. Li, and D. P. Agrawal, “Routing security in ad hoc

networks,” IEEE Communications Magazine, vol. 40, no. 10, pp. 70-75,Oct. 2002

[16] Y. Zhang and W. Lee, "Intrusion detection in wireless ad – hoc

networks," 6th annual international Mobile computing and networkingConference Proceedings, 2000.

[17] S. Lee, B. Han, and M. Shin, “Robust routing in wireless ad hoc

networks,” in ICPP Workshops, pp. 73, 2002.

[18] Y. A. Huang and W. Lee, “Attack analysis and detection for ad hoc

routing protocols,” in The 7th International Symposium on RecentAdvances in Intrusion Detection (RAID’04), pp. 125-145, French

Riviera, Sept. 2004.

[19] S. Kurosawa, H. Nakayama, N. Kat, A. Jamalipour, and YoshiakiNemoto, “Detecting Blackhole Attack on AODV-based Mobile Ad Hoc

Networks by Dynamic Learning Method”, International Journal of

Network Security, Vol.5, No.3, pp 338-346, Nov. 2007 .

[20] L. Li , C. Chigan, “Token Routing: A Power Efficient Method forSecuring AODV Routing Protocol,” Proceedings of the 2006 IEEE

International Conference on Networking, Sensing and Control, 2006.ICNSC '06, (Apr. 2006) pp 29- 34.

[21] Y. C. Hu, A. Perring, D. B. Johnson, “Wormhole Attacks in Wireless

Networks,” Ieee Journal On Selected Areas In Communications, Vol.24, No. 2, Feb. 2006.

[22]

http://www.opnet.com


ISSN 1947-5500

A New Approach to Prevent Black Hole Attack in AODV

Documents

Transcript of A New Approach to Prevent Black Hole Attack in AODV