(IJCSIS) International Journal of Computer Science and Information Security,Vol. 08, No.2, 2010
The idea here is to wait the arrival of the RREP packet frommore than one node, until the identification of a safe route. Inthe second solution, each packet in the network must have aunique sequence number; and the following packet must havea sequence number greater than the one of the current packet.Each node records the sequence number of the packet anduses it to check if the received packet is sent by the same nodeor not. C. Tseng et al  propose a solution based on thespecification of intrusion detection to detect attacks on AODV, their approach is to model the behavior of AODV by amachine of finite-state (finite state machine) to detectviolations of the protocol specification.In this article we present an approach for defending AODVprotocol against Black Hole attacks. Our main first idea is toinclude the source route in the header of the RREQ controlpackets. In addition to that, any intermediate node records thesequence number of the destination. Thus, if the packet iscompromised, the destination node can easily retrieve theaddress of the attacker. On the other hand, each nodeforwarding a RREQ packet records the addresses of itssuccessors in a local table. Thus, it can check if the sender of the RREP received packet is legitimate or not.The remainder of the paper is organized as follows:Section 2 presents briefly the AODV protocol. Attacks againstAODV are described in Section 3. We especially detail theBalck hole attack in this section. Our approach is described indetails in section 4. Section 5 presents simulation results.Finally, section 6 concludes the paper.II.
AODV (Ad-hoc On-demand Distance Vector)  is aloop-free routing protocol for ad-hoc networks. It is designedto be self-starting in an environment of mobile nodes,withstanding a variety of network behaviors such as nodemobility, link failures and packet losses.At each node, AODV maintains a routing table. Therouting table entry for a destination contains three essentialfields: a next hop node, a sequence number and a hop count.All packets destined to the destination are sent to the next hopnode. The sequence number acts as a form of time-stamping,and is a measure of the freshness of a route. The hop countrepresents the current distance to the destination node.In AODV, nodes discover routes in request-responsecycles. A node requests a route to a destination bybroadcasting an RREQ message to all its neighbors. When anode receives an RREQ message but does not have a route tothe requested destination, it in turn broadcasts the RREQmessage. Also, it remembers a
to the requestingnode which can be used to forward subsequent responses tothis RREQ. This process repeats until the RREQ reaches anode that has a valid route to the destination. This node(which can be the destination itself) responds with an RREPmessage. This RREP is unicast along the reverse-routes of theintermediate nodes until it reaches the original requestingnode. Thus, at the end of this request-response cycle a
route is established between the requesting nodeand the destination. When a node loses connectivity to its nexthop, the node invalidates its route by sending an RERR to allnodes that potentially received its RREP. On receipt of thethree AODV messages: RREQ, RREP and RERR, the nodesupdate the next hop, sequence number and the hop counts of their routes in such a way as to satisfy the partial orderconstraint mentioned above.III.
Attacks against AODV can be classified in two classes:-
: In a passive attack, the attacker does notdisturb the routing process but only attempts to discovervaluable information by listening to the routing traffic. Themajor advantage for the attacker in passive attacks is that in awireless environment the attack is usually impossible todetect. This also makes defending against such attacksdifficult. Furthermore, routing information can revealrelationships between nodes or disclose their IP addresses. If aroute to a particular node is requested more often than to othernodes, the attacker might expect that the node is important forthe functioning of the network, and disabling it could bring theentire network down.-
: These attacks involve actions performed byadversaries, for instance the replication, modification anddeletion of exchanged data. The goal may be to attract packetsdestined to other nodes to the attacker for analysis or just todisable the network. A major difference in comparison withpassive attacks is that an active attack can sometimes bedetected.The following is a list of some types of active attacks thatcan usually be easily performed against AODV protocol.
: In the black hole attack , a malicious nodeuses the routing protocol to advertise itself as having theshortest path to the node whose packets it wants to intercept.
Black hole attack against RREQ packets:
As it was saidbefore (section 2),
the sequence number of a packet acts as aform of time-stamping, and is a measure of the freshness of aroute. Indeed, the node having the higher sequence number toreach a given destination node D, will be considered as theone having the shorter route to D. So, on receipt of the RREQpacket, the attacker will simply set the sequence number to thehigher possible value. In this case, this malicious device willbe able to insert itself between the communicating nodes, andwill be able to do anything with the packets passing betweenthem.
Black hole attack against RREP packets:
Similarly, onreceipt of a RREP from the legitimate destination node D, themalicious node M will set the sequence number of this packetto the higher possible value. Consequently, all theintermediate nodes between M and the source node, willforward the message of the malicious node.
: In the wormhole attack , an attacker recordspackets (or bits) at one location in the network, tunnels themto another location, and retransmits them there into thenetwork. The wormhole attack is possible even if the attackerhas not compromised any hosts and even if all communicationprovides authenticity and confidentiality. The wormholeattack can form a serious threat in wireless networks,