a new approach to prevent black hole attack in aodv
TRANSCRIPT
8/7/2019 A New Approach to Prevent Black Hole Attack in AODV
http://slidepdf.com/reader/full/a-new-approach-to-prevent-black-hole-attack-in-aodv 1/6
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 1, 2011
A New Approach to Prevent Black Hole Attack in
AODV
M. R. Khalili Shoja
Department of Electrical
Engineering, Amirkabir University
of Technology, Tehran, Iran
Hasan Taheri
Department of Electrical
Engineering, Amirkabir University
of Technology, Tehran, Iran
Shahin Vakilinia
Department of Electrical
Engineering, Sharif University
of Technology, Tehran, Iran
Abstract— Ad-hoc networks are a collection of mobile hosts thatcommunicate with each other without any infrastructure. These
networks are vulnerable against many types of attacks includingblack hole. In this paper, we analyze the effect of this attack onthe performance of ad-hoc networks using AODV as a routingprotocol. Furthermore, we propose an approach based on hashchain to prevent this type of attack. Simulation results using
OPNET simulator depicts that packet delivery ratio, in thepresence of attacker nodes, reduces remarkably. On the otherhand, applying proposed approach can reduce the effect of blackhole attacks.
Keywords:AODV;black hole;hash chain;OPNET
I. INTRODUCTION
Ad-hoc networks are characterized by dynamic topology,self-configuration, self-organization, restricted power,temporary network and lack of infrastructure. Characteristics of these networks lead to using them in disaster recoveryoperation, smart buildings and military battlefields [1].
Routing protocol in ad-hoc networks are classified into twomain categories, proactive and reactive [3]. In proactive routingprotocols, routing information of nodes is exchanged,periodically, such as DSDV [4]. In on-demand routingprotocols, nodes exchange routing information when neededsuch as, AODV [2] and DSR [5]. Furthermore, some ad-hocrouting protocols are a combination of above categories.
Although trusted environment has been assumed in mostresearch on ad-hoc routing protocols, many usages of ad-hocnetwork run in untrusted situations. So, most ad-hoc routingprotocols are vulnerable to diverse types of attacks that one of which is black hole attack. In this attack, a malicious node usesthe routing protocol to advertise itself as having the shortest or
freshest path to the node whose packets it wants to intercept. Ina flooding based protocol, the attacker listens to requests forroutes. When the attacker receives a request for a route to thetarget node, the attacker creates a reply consisting of anextremely short or fresh route [6]. The rest of this paper isorganized as follows: In section 2, AODV routing protocol isdescribed. In section 3, we describe classification of attacks inMANET. Network layer attack is described in section 4.Section 5 summarizes related works and detailed description of
proposed solution is discussed in section 6. In section 7,simulation results are analyzed.
II. AODV ROUTING PROTOCOL
AODV is used to find a route between source and
destination as needed and this routing protocol uses threesignificant type of messages, route request (RREQ), route
reply (RREP) and route error (RERR). Field information of these messages, such as source sequence number, destination
sequence number, hop count and etc is explained in detail in
[2]. Each node has a routing table, which contains information
about the route to the specific destination. When source node
wants to communicate with a destination and there is not any
route between them in its routing table, at first step sourcenode broadcasts RREQ. So, RREQ is received by intermediate
nodes that they are in the transmission range of sender. These
nodes broadcast RREQ until RREQ is received by destination
or an intermediate node that has fresh enough route to the
destination. Then it sends RREP unicastly toward the source.
Hence, a route among source and destination is made. A freshenough route is a valid route entry that its destination sequence
number is at least as great as destination sequence number in
RREQ. The source sequence number is used to determine
freshness about route to the source. In addition, destination
sequence number is used to determine freshness of a route tothe destination. When intermediate nodes receive RREQ, with
consideration of source sequence number and hop count, make
or update a reverse route entry in its routing table for that
source. Furthermore, when intermediate nodes receive RREP,
with consideration of destination sequence number and hop
count, make or update a forward route entry in its routing tablefor that destination.
III. CLASSIFICATION OF ATTACKS IN MANET
The attacks in MANET can be classified into twocategories, called passive attacks and active attacks. Passiveattacks are done to steal information of network such as,eavesdropping attacks and traffic analysis attacks. Indeed,passive attackers get data exchanged in the network withoutdisrupting the operation of a network and modification of exchanged data. On the other hand, in active attacks,replication, modification and deletion of exchanged data is
24 http://sites.google.com/site/ijcsis/ISSN 1947-5500
8/7/2019 A New Approach to Prevent Black Hole Attack in AODV
http://slidepdf.com/reader/full/a-new-approach-to-prevent-black-hole-attack-in-aodv 2/6
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 1, 2011
done by attackers. The attacks in ad-hoc networks can also beclassified into two categories, called external attacks andinternal attacks. Internal attacks are done by authorized node inthe network, whereas external attacks are executed by nodesthat they are not authorized to participate in the network options. Another classification of attacks is related to protocolstacks, for instance, network layer attacks.
IV. NETWORK LAYER ATTACKS IN MANET
Some network layer attacks are described in below:
A. Wormhole attack
In this attack, an attacker records a packet, at one location
in the network, tunnels the packet to another location andreplays it there [21].
B. Byzantine attack
In this attack, malicious nodes individually or cooperativelycarry out attacks such as creating routing loops and forwardingpackets through non-optimal paths.
C. Rushing attack
Rushing attacker forwards packets quickly by skipping
some of the routing processes. So, in on-demand routing
protocol such as AODV, the route between source anddestination include rushing nodes.
D. Resource consumption attack
In this attack, an attacker attempts to consume battery life
of other nodes.
E. Location disclosure attack
In this attack, information relating to structure of network
is revealed by attacker nodes.
F. Black hole attack
In black hole attack, malicious nodes falsely claim a fresh
route to the destination to absorb transmitted data from source
to that destination and drop them instead of forwarding.
Black hole attack in AODV protocol can be classified into
two categories: black hole attack caused by RREP and black
hole attack caused by RREQ.
1) Black hole attack caused by RREQ
With sending fake RREQ messages an attacker can form black
hole attack as follows:
a) Set the originator IP address in RREQ to the
originating node’s IP address.
b) Set the destination IP address in RREQ to thedestination node’s IP address.
c) Set the source IP address of IP header to its own IP
address.
d) Set the destination IP address of IP header to
broadcast address.
e) Choose high sequence number and low hop count
and put them in related fields in RREQ.
Figure 1. Operation at intermediate nodes when receive RREQ
So, false information about source node is inserted to the
routing table of nodes that get fake RREQ. Hence, if these
nodes want to send data to the source, at first step they send itto the malicious node.
2) Black hole attack caused by RREP
With sending fake RREP messages an attacker can form black hole attack. After receiving RREQ from source node, a
malicious node can generate black hole attack by sending
RREP as follow:a) Set the originator IP address in RREP to the
originating node’s IP address.
b) Set the destination IP address in RREP to the
destination node’s IP address.
c) Set the source IP address of IP header to its own IP
address.
d) Set the destination IP address of IP header to the IP
address of node that RREQ has been received from it.
Is the sender of
RREQ in blacklist?
Is it equal to
criterion?
Is it bigger thanhash order of
criterion?
Is it destination?
Get RREQ
Drop the packet
Calculate the hash order in
hash_RREQ.
Yes
No
Accept the packet
Yes
Calculate the hash of hash_RREQ
specific times
No
No
Yes
Drop the packet and set the name of
sender node in blacklist.
Accept the packet and change
the criterion to the value of hash_RREQ
No
Yes
Calculate hash of hash_RREQand set this value in hash_RREQ
and rebroadcast RREQ.
Send RREP
25 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
8/7/2019 A New Approach to Prevent Black Hole Attack in AODV
http://slidepdf.com/reader/full/a-new-approach-to-prevent-black-hole-attack-in-aodv 3/6
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 1, 2011TABLE I. SIMULATION PARAMETERS
e) Choose high number for sequence number and low
number for hop count.
So, data from source reach to malicious node and it dropsthem.
V. RELATED WORKS
There are basically two approaches to secure MANET:
1.securing ad-hoc routing and 2.Intrusion detection [7].
A. Securing routing
Ariadne [8] has proposed ad-hoc routing protocol that
provides security in MANET and relies on efficient symmetric
cryptography. This protocol is based on the basic operation of
the DSR protocol. In [9], a secure routing protocol based on
DSDV has been proposed. Hash chains have been used to
authenticate hop counts and sequence numbers. ARAN [10]uses cryptographic public-key certificates in order to achieve
the security goals. The goal of SAR [11] is to characterize and
explicitly represent the trust values and trust relationshipsassociated with ad-hoc nodes and use these values to make
routing decisions. Secure AODV (SAODV) [12] is a security
extension of AODV protocol, based on public key
cryptography. Hash chains are used in this protocol to
authenticate the hop count. Adaptive SAODV (A-SAODV)
[13] has proposed a mechanism based on SAODV for
improving the performance of SAODV. In [14] a bit of
modification has been applied to A-SAODV for increasing itsperformance. TRP [20] employs hash chain algorithm to
generate a token, which is appended to the data packets to
identify the authenticity of the routing packets and to choosecorrect route for data packets. TRP provides significant
reduction in energy consumption and routing packet delay by
using hash algorithm.
B. Intrusion detection system
[15] introduces a method that requires each intermediate node
to send back the next hop information inside RREP message.This method uses further request message and further reply
Figure 2. Network topology
message to verify the validity of the route. Zhang and Lee [16]
propose a distributed and cooperative intrusion detection
model based on statistical anomaly detection techniques. In[17], the intermediate node requests its next hop to send a
confirmation message to the source. After receiving both route
reply and confirmation message, the source determines thevalidity of path according to its policy. In [18], Huang et al use
both specification-based and statistical-based approaches.
They construct an Extended Finite State Automation (EFSA)
according to the specification of AODV routing protocol and
model normal state and detect attacks with anomaly detection
and specification-based detection. An approach based on
dynamic training method in which the training data is updated
at regular time intervals has been proposed in [19].
VI. PROPOSED WORK
As we will discuss, AODV is weak against black hole
attack. In this paper we propose mechanism to prevent black
hole attack based on hash chain. Black hole attack is based on
modification of sequence number and hop count. In this
method, when an intermediate node receives RREQ or RREP,
check an extra field, which will be explained later, to verify
sequence number and hop count. If this node authenticates
validity of this field, it can accept control messages and fill its
routing table accordingly. We add one field named
hash_RREQ to RREQ and similarly, one field called
hash_RREP to RREP. We assume that only destination can
send RREP, although, intermediate nodes can have enough
fresh routes to the destination. It means that destination onlyflag in RREQ must be set. When source node wants to send
data to destination, it must use AODV protocol to find a route
to the destination. So this node sends new RREQ as below:
Normal RREQ Hash-RREQ
Normal RREQ is RREQ in AODV and hash_RREQ field is
a new field that we add to existing protocol. Source node
Simulation parameters Value
Number of nodes 46
Network size 600*600(m)
Simulation duration 600(sec)
Transmit power(w) .0001
Packet Reception-power Threshold(dBm) -95
Hash function SHA-1
Source node Mobile-node-1
Destination node Mobile-node-4
Packet Inter-Arrival Time(sec) Uniform(.1,.11)
Packet size(bits) Exponential(1024)
26 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
8/7/2019 A New Approach to Prevent Black Hole Attack in AODV
http://slidepdf.com/reader/full/a-new-approach-to-prevent-black-hole-attack-in-aodv 4/6
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 1, 2011
should fill this field and intermediate nodes should verify the
authenticity and change this field as will be explained. Source
node chooses a random number as a seed. After that this node
calculates hash of the seed a specific number of times as
below:
( ).( )
a i b jh seed
− +(1)
Where ( )r
h x means calculation of hash of x, r times (or
order of hash is r) and a is the number that should be higher
than maximum sequence number during the working of
network, b is the maximum hop count between two furthest
nodes plus one in the network, i is the value of sequence
number and j is the hop count (patently j for source node is 0).
We assume that before sending the RREQ with source node,
all nodes in the network know the value:
( 1). ( )a b
h seed +
(2)
We called this value criterion. Therefore, source node
generates the hash of the seed using the formula (1) and places
it in the hash_RREQ field; for example, for first RREQ that is
sent by source node, i=1 and j=0 . When this packet, RREQ,arrives to next hop, at the first step, this node checks the
validity of hash value by knowing the formula (2). It means
that the receiver node computes hash of hash_RREQ for y
times, where y is the difference between order of hash in
hash_RREQ and order of hash in criterion. If it is equal to
criterion, Eq. (2), so intermediate node accepts this packet and
inserts appropriate entry in relation with source node in its
routing table. On the other hand, receiver node, after
validating of hash_RREQ, changes its criterion to the value of
hash_RREQ. Now this node should change the hash_RREQ in
accordance with 1. It means that this node calculates hash of
the hash_RREQ and places it in hash_RREQ.
Similarly, destination node does as above but calculates
hash chain in accordance with its own seed. Destination node
places the value of hash in hash_RREP. New RREP is shown
below:
Normal RREP Hash-RREP
Other things and operation are exactly similar to RREQ.
Thus, malicious nodes cannot increase sequence number and
decrease hop count. Because if they want do this, they should
calculate hash in lower order and obviously this is impossible,
for instance, with having h_20 it is impossible to calculate
h_19. Consequently, malicious nodes can only increase hop
count or decrease sequence number. As a result, wronginformation about sequence number and hop count cannot be
placed in routing tables. Besides, each node has a blacklist and
when a node receive RREQ or RREP from malicious node that
hash_RREQ or hash_RREP field is not valid, puts the name of
the sender in its own blacklist. Furthermore all packets from
nodes in blacklist won’t be accepted and must be discarded.
Operation at intermediate nodes, when receive RREQ, is
Figure 3. PDR in presence of one malicious node
Figure 4. PDR in presence of two malicious nodes
depicted in Fig. 1. Furthermore, operation at intermediate
nodes, on receiving RREP, is exactly the same as Fig. 1.
VII. SIMULATION RESULTS
For the simulation, we use OPNET 14.0.A [22] as a simulator.
Our network topology is indicated in Fig. 2. TABLE I contains
parameters that we choose for simulation. For evaluating the
performance of the network, we consider the followingmetrics:
Packet Delivery Ratio: The ratio of the data delivered to the
destination to the data sent out by the source.
Various mobilities of nodes have been considered to measure
the performance of network in presence of malicious nodes as
attackers. Fig. 3 demonstrates the results in presence of only
one malicious node. In this scenario mobile-node-5 is the
attacker. In Fig. 4, mobile-node-5 and mobile-node-20 act as
malicious nodes. Mobile-node-5, mobile-node-20 and mobile
node-10 are malicious nodes in another scenario and results of
this section are presented in Fig. 5. In another scenario mobile-
node-5, mobile-node20, mobile-node-10 and mobile-node-11
send fake messages to construct a black hole attack. Related
results are illustrated in Fig. 6. Fig. 7, Fig. 8 and Fig. 9 show
the variation of PDR when the number of malicious nodes in
the network is varied from 1 to 4 in the mobility of 10m/s,
30m/s, 50m/s respectively. As it is shown by these figures, the
proposed mechanism improves PDR nodes, in other words,
this approach protects MANETs against black hole attack.
27 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
8/7/2019 A New Approach to Prevent Black Hole Attack in AODV
http://slidepdf.com/reader/full/a-new-approach-to-prevent-black-hole-attack-in-aodv 5/6
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 1, 2011
Figure 5. PDR in presence of three malicious nodes
Figure 6. PDR in presence of four malicious nodes
Figure 7. Analysis of PDR vs. different number of attacker in
10m/s
Figure 8. Analysis of PDR vs. different number of attacker in
30m/s
Figure 9. Analysis of PDR vs. different number of attacker in
50m/s
VIII. REFERENCES
[1] E. Çayırcı, C.Rong, “Security in Wireless Ad Hoc and Sensor
Networks,” vol. I. New York: Wiley 2009, pp. 10.
[2] C. E. Perkins, E. M. B. Royer and S. R. Das, “Ad-hoc On-Demand
Distance Vector (AODV) Routing,” Mobile Ad-hoc NetworkingWorking Group, Internet Draft, draft-ietf-manetaodv- 00.txt, Feb. 2003.
[3] E. M. Royer and C-K Toh, “A Review of Current Routing Protocols forAd-Hoc Mobile Wireless Networks,” IEEE Person. Commun., Vol. 6,
no. 2, Apr. 1999.
[4] C. E. Perkins and P. Bhagwat, “Highly Dynamic Destination-SequencedDistance-Vector Routing (DSDV) for Mobile Computers,” Proceedings
of the SIGCOMM ’94 Conference on Communications Architectures,Protocols and Applications, pp 234–244, Aug.1994.
[5] D. B. Johnson, D. A. Maltz, “Dynamic Source Routing in Ad Hoc
Wireless Networks”, Mobile Computing, edited by Tomasz Imielinskiand Hank Korth, Chapter 5, pp 153- 181, Kluwer Academic Publishers,
1996.
[6] M. Ilyas, “The Handbook of Ad hoc wireless Networks,” CRC Press,
2003.
[7]
Stamouli, “Real-time Intrusion Detection for Ad hoc Networks”Master’s thesis, University of Dublin, Sep. 2003.
[8] Y.-C. Hu, A. Perrig, D. B. Johnson, “Ariadne: A Secure On-Demand
Routing Protocol for Ad hoc Networks,” Proc. 8th ACM Int’l. Conf.Mobile Computing and Networking (Mobicom’02), Atlanta, Georgia,
Sep. 2002, pp. 12-23.
[9] Y.-C. Hu, D. B. Johnson, A. Perrig, “SEAD: Secure Efficient DistanceVector Routing for Mobile Wireless Ad hoc Networks,” Proc. 4th IEEE
Workshop on Mobile Computing Systems and Applications, Callicoon,NY, Jun. 2002, pp. 3-13.
[10] K. Sanzgiri, B. Dahill, B. Levine, C. Shields, and E. Belding-Royer, A
Secure Routing Protocol for Ad Hoc Networks. Proc. of IEEEInternational Conference on Network Protocols (ICNP), pp. 78-87, 2002.
[11] S. Yi, P. Naldurg, R. Kravets, “Security-Aware Ad hoc Routing for
Wireless Networks,” Proc. 2nd ACM Symp. Mobile Ad hoc Networkingand Computing (Mobihoc’01), Long Beach, CA, Oct. 2001, pp. 299-
302.[12] M. Zapata, “Secure Ad Hoc On-Demand Distance Vector (SAODV),”
Internet draft, draft-guerrero-manet-saodv-01.txt, 2002.
[13] D. Cerri, A. Ghioni, “SecuringAODV: The A-SAODV Secure RoutingPrototype,” IEEE Communication Magazine, Feb. 2008, pp 120-125.
[14] K. Mishra, B. D. Sahoo, “A Modified Adaptive-Saodv Prototype For
Performance Enhancement In Manet,” International Journal Of Computer Applications In Engineering, Technology And Sciences (Ij-
Ca-Ets), Apr. 2009 – Sep. 2009, pp 443-447.
28 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
8/7/2019 A New Approach to Prevent Black Hole Attack in AODV
http://slidepdf.com/reader/full/a-new-approach-to-prevent-black-hole-attack-in-aodv 6/6
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 1, 2011[15] H. Deng, W. Li, and D. P. Agrawal, “Routing security in ad hoc
networks,” IEEE Communications Magazine, vol. 40, no. 10, pp. 70-75,Oct. 2002
[16] Y. Zhang and W. Lee, "Intrusion detection in wireless ad – hoc
networks," 6th annual international Mobile computing and networkingConference Proceedings, 2000.
[17] S. Lee, B. Han, and M. Shin, “Robust routing in wireless ad hoc
networks,” in ICPP Workshops, pp. 73, 2002.
[18] Y. A. Huang and W. Lee, “Attack analysis and detection for ad hoc
routing protocols,” in The 7th International Symposium on RecentAdvances in Intrusion Detection (RAID’04), pp. 125-145, French
Riviera, Sept. 2004.
[19] S. Kurosawa, H. Nakayama, N. Kat, A. Jamalipour, and YoshiakiNemoto, “Detecting Blackhole Attack on AODV-based Mobile Ad Hoc
Networks by Dynamic Learning Method”, International Journal of
Network Security, Vol.5, No.3, pp 338-346, Nov. 2007 .
[20] L. Li , C. Chigan, “Token Routing: A Power Efficient Method forSecuring AODV Routing Protocol,” Proceedings of the 2006 IEEE
International Conference on Networking, Sensing and Control, 2006.ICNSC '06, (Apr. 2006) pp 29- 34.
[21] Y. C. Hu, A. Perring, D. B. Johnson, “Wormhole Attacks in Wireless
Networks,” Ieee Journal On Selected Areas In Communications, Vol.24, No. 2, Feb. 2006.
[22]
http://www.opnet.com
29 http://sites.google.com/site/ijcsis/
ISSN 1947-5500