Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
17Activity
0 of .
Results for:
No results containing your search query
P. 1
Defending AODV Routing Protocol Against the Black Hole Attack

Defending AODV Routing Protocol Against the Black Hole Attack

Ratings: (0)|Views: 843 |Likes:
Published by ijcsis
In this paper we propose a simple method to detect Black hole attacks in the Ad hoc On Demand Vector (AODV) routing protocol. Even if many previous works focused on authentication and cryptography techniques, nevertheless these techniques suffer from some weaknesses. In fact, this kind of solution is just a first line of defense, which should be completed by an intrusion detection system as a second line. The second line which is proposed here consists of including the source route in the header of the control packets (RREQ). In addition to that, any intermediate node records the sequence number of the destination. Thus, if the packet is compromised, the destination node can easily retrieve the address of the attacker. To secure RREP packets, any intermediate node records the addresses of the nodes to which it forwards RREQ. Thus, any node receiving RREP can check if the sender is legitimate or not. Simulation results show the robustness of our protocol and that it allows delivering a high ratio of data and consumes less route establishment delay.
In this paper we propose a simple method to detect Black hole attacks in the Ad hoc On Demand Vector (AODV) routing protocol. Even if many previous works focused on authentication and cryptography techniques, nevertheless these techniques suffer from some weaknesses. In fact, this kind of solution is just a first line of defense, which should be completed by an intrusion detection system as a second line. The second line which is proposed here consists of including the source route in the header of the control packets (RREQ). In addition to that, any intermediate node records the sequence number of the destination. Thus, if the packet is compromised, the destination node can easily retrieve the address of the attacker. To secure RREP packets, any intermediate node records the addresses of the nodes to which it forwards RREQ. Thus, any node receiving RREP can check if the sender is legitimate or not. Simulation results show the robustness of our protocol and that it allows delivering a high ratio of data and consumes less route establishment delay.

More info:

Published by: ijcsis on Jun 12, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

11/02/2012

pdf

text

original

 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 08, No.2, 2010
 Abstract
—In this paper we propose a simple method todetect Black hole attacks in the Ad hoc On DemandVector (AODV) routing protocol. Even if many previousworks focused on authentication and cryptographytechniques, nevertheless these techniques suffer from someweaknesses. In fact, this kind of solution is just a first lineof defense, which should be completed by an intrusiondetection system as a second line.The second line which is proposed here consists of including the source route in the header of the controlpackets (RREQ). In addition to that, any intermediatenode records the sequence number of the destination.Thus, if the packet is compromised, the destination nodecan easily retrieve the address of the attacker. To secureRREP packets, any intermediate node records theaddresses of the nodes to which it
forwards
RREQ. Thus,any node receiving RREP can check if the sender islegitimate or not. Simulation results show the robustness of our protocol and that it allows delivering a high ratio of data and consumes less route establishment delay.
 Keywords-component; AODV routing protocol; Black holeattacks; Intrusion detection; Reactive routing protocols;Wireless ad hoc networks.
I.
 
I
NTRODUCTION
 Wireless networks are inherently susceptible to securityproblems. The intrusion on the transmission medium is easierthan for wired networks and it is possible to conduct denial of service attacks by scrambling the used frequency bands. Thead hoc context increases the number of potential securityvulnerabilities. Because by definition without infrastructure,ad hoc networks can not benefit from the security servicesoffered by dedicated equipment: firewalls, authenticationservers, etc... The security services must be distributed,cooperative and consistent with the available bandwidth.Routing also poses specific problems: each node in thenetwork can serve as a relay and is able to capture or diverttraffic in transit. The work presented here is in this context.We address here the problem of securing the AODV routingprotocol against the Black Hole attack.During routing in a mobile ad hoc network (MANET), if no control is done on the origin and integrity of the routingmessage of the network, a malicious node can easily causedisturbances. This will be even easier than wireless ad hocnetworks have no physical barrier to protect themselves andall elements can potentially participate in the routingmechanism. If a malicious node has the ability to compromisea valid network node, it can at the discovery process respondto route initiator node with a
route reply
message byannouncing a minimal cost path, to the target node. Thetransmitter node will then update its routing table with thewrong information. The data packet of the transmitter nodewill be relayed to the target node by the malicious node thatcan simply ignore them. This attack is called a “black hole”.The packets are picked up and absorbed by the maliciousnode. This is an example of attack that may occur in a wirelessad hoc network routing protocol.The first approach of securing the AODV protocol hasbeen made by Zapata with his Secured AODV (SAODV) [1].In a second publication [2] the protocol is presented in greaterdetail. SAODV which is based on public key cryptographyextends the AODV message format to include securityparameter for security the routing messages.Adaptive Secure AODV (A-SAODV) [3] is a prototypeimplementation of SAODV, based on the AODV-UUimplementation by Uppsala University. Unlike AODV-UU,A-SAODV is a multithreaded application: cryptographicoperations are performed by a dedicated thread to avoidblocking the processing of other messages.SecAODV [4] is a secure routing protocol, itsimplementation is similar to that of Boostrapping SecurityAssociations for Routing in Mobile Ad hoc Networks (BSAR)[5] and Secure Bootstrapping and Routing in an IPv6-based adhoc network (SBRP) [6] for DSR. SecAODV is a distributedalgorithm designed for MANETs under IPv6, it did notrequire a trust relationship established between pairs of nodes,or synchronization between nodes, or shared key or othersecure association between nodes.M. Al-Shurman et al. [7] propose two solutions to the Black Hole attack. In the first solution the transmitter is required toauthenticate the node that sent the route reply packet (RREP).
Defending AODV Routing ProtocolAgainst the Black Hole Attack 
Fatima Ameza,
 
Department of computer sciences,
 
University of Bejaia, 06000Algeria.
 
Nassima Assam,Department of computer sciences,
 
University of Bejaia, 06000Algeria.
 
Rachid Beghdad
 
Department of computer sciences,University of Bejaia, 06000Algeria.
 
112http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 08, No.2, 2010
The idea here is to wait the arrival of the RREP packet frommore than one node, until the identification of a safe route. Inthe second solution, each packet in the network must have aunique sequence number; and the following packet must havea sequence number greater than the one of the current packet.Each node records the sequence number of the packet anduses it to check if the received packet is sent by the same nodeor not. C. Tseng et al [8] propose a solution based on thespecification of intrusion detection to detect attacks on AODV[9], their approach is to model the behavior of AODV by amachine of finite-state (finite state machine) to detectviolations of the protocol specification.In this article we present an approach for defending AODVprotocol against Black Hole attacks. Our main first idea is toinclude the source route in the header of the RREQ controlpackets. In addition to that, any intermediate node records thesequence number of the destination. Thus, if the packet iscompromised, the destination node can easily retrieve theaddress of the attacker. On the other hand, each nodeforwarding a RREQ packet records the addresses of itssuccessors in a local table. Thus, it can check if the sender of the RREP received packet is legitimate or not.The remainder of the paper is organized as follows:Section 2 presents briefly the AODV protocol. Attacks againstAODV are described in Section 3. We especially detail theBalck hole attack in this section. Our approach is described indetails in section 4. Section 5 presents simulation results.Finally, section 6 concludes the paper.II.
 
T
HE
A
ODV
P
ROTOCOL
 AODV (Ad-hoc On-demand Distance Vector) [10] is aloop-free routing protocol for ad-hoc networks. It is designedto be self-starting in an environment of mobile nodes,withstanding a variety of network behaviors such as nodemobility, link failures and packet losses.At each node, AODV maintains a routing table. Therouting table entry for a destination contains three essentialfields: a next hop node, a sequence number and a hop count.All packets destined to the destination are sent to the next hopnode. The sequence number acts as a form of time-stamping,and is a measure of the freshness of a route. The hop countrepresents the current distance to the destination node.In AODV, nodes discover routes in request-responsecycles. A node requests a route to a destination bybroadcasting an RREQ message to all its neighbors. When anode receives an RREQ message but does not have a route tothe requested destination, it in turn broadcasts the RREQmessage. Also, it remembers a
reverse-route
to the requestingnode which can be used to forward subsequent responses tothis RREQ. This process repeats until the RREQ reaches anode that has a valid route to the destination. This node(which can be the destination itself) responds with an RREPmessage. This RREP is unicast along the reverse-routes of theintermediate nodes until it reaches the original requestingnode. Thus, at the end of this request-response cycle a
bidirectional
route is established between the requesting nodeand the destination. When a node loses connectivity to its nexthop, the node invalidates its route by sending an RERR to allnodes that potentially received its RREP. On receipt of thethree AODV messages: RREQ, RREP and RERR, the nodesupdate the next hop, sequence number and the hop counts of their routes in such a way as to satisfy the partial orderconstraint mentioned above.III.
 
A
TTACKS
A
GAINST
A
ODV
 Attacks against AODV can be classified in two classes[11]:-
Passive attacks
: In a passive attack, the attacker does notdisturb the routing process but only attempts to discovervaluable information by listening to the routing traffic. Themajor advantage for the attacker in passive attacks is that in awireless environment the attack is usually impossible todetect. This also makes defending against such attacksdifficult. Furthermore, routing information can revealrelationships between nodes or disclose their IP addresses. If aroute to a particular node is requested more often than to othernodes, the attacker might expect that the node is important forthe functioning of the network, and disabling it could bring theentire network down.-
 Active attacks
: These attacks involve actions performed byadversaries, for instance the replication, modification anddeletion of exchanged data. The goal may be to attract packetsdestined to other nodes to the attacker for analysis or just todisable the network. A major difference in comparison withpassive attacks is that an active attack can sometimes bedetected.The following is a list of some types of active attacks thatcan usually be easily performed against AODV protocol.
 Black hole
: In the black hole attack [12], a malicious nodeuses the routing protocol to advertise itself as having theshortest path to the node whose packets it wants to intercept.
 Black hole attack against RREQ packets:
As it was saidbefore (section 2),
 
the sequence number of a packet acts as aform of time-stamping, and is a measure of the freshness of aroute. Indeed, the node having the higher sequence number toreach a given destination node D, will be considered as theone having the shorter route to D. So, on receipt of the RREQpacket, the attacker will simply set the sequence number to thehigher possible value. In this case, this malicious device willbe able to insert itself between the communicating nodes, andwill be able to do anything with the packets passing betweenthem.
 Black hole attack against RREP packets:
Similarly, onreceipt of a RREP from the legitimate destination node D, themalicious node M will set the sequence number of this packetto the higher possible value. Consequently, all theintermediate nodes between M and the source node, willforward the message of the malicious node.
Wormhole
: In the wormhole attack [13], an attacker recordspackets (or bits) at one location in the network, tunnels themto another location, and retransmits them there into thenetwork. The wormhole attack is possible even if the attackerhas not compromised any hosts and even if all communicationprovides authenticity and confidentiality. The wormholeattack can form a serious threat in wireless networks,
113http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 08, No.2, 2010
especially against many ad hoc network routing protocols andlocation-based wireless security systems.
 Rushing attack
: This kind of attack [13] is a malicious attack that is targeted against on-demand routing protocols that useduplicate suppression at each node, like AODV. An attackerdisseminates RREQs quickly throughout the network,suppressing any later legitimate RREQs when nodes dropthem due to the duplicate suppression. Thus the protocol cannot set up a route to the desirable destination.
Spoofing
: By masquerading as another node, a malicious nodecan launch many attacks in a network. This is commonlyknown as spoofing [14]. Spoofing occurs when a nodemisrepresents its identity in the network, such as by alteringits MAC or IP address in outgoing packets. Spoofingcombined with packet modification is really a dangerousattack.
 Routing table overflow
: In a routing table overflow attack theattacker attempts to create routes to nonexistent nodes [15].The goal is to create enough routes to prevent new routes frombeing created or to overwhelm the protocol implementation.Proactive routing algorithms attempt to discover routinginformation even before it is needed while a reactivealgorithm creates a route only once it is needed. This propertyappears to make proactive algorithms more vulnerable to tableoverflow attacks. An attacker can simply send excessive routeadvertisements to the routers in a network.Reactive protocols, on the other hand, do not collectrouting data in advance. For example in AODV, two or moremalicious nodes would need to cooperate to create false dataefficiently. The other node requests routes and the other onereplies with forged addresses.IV.
 
O
UR
A
PPROACH
 We called our approach AODV-SABH (AODV SecuredAgainst Black Hole attack). This is why our approach leadsto secure both the RREQ and the RREP packets.
Securing RREQ packets:
To secure RREQ packets wepropose to add two fields in the RREQ packet. The first fieldwill be used to include the list of the addresses of all theintermediate nodes between the source and the destination, inorder to detect the address of the attacker. On the other hand,each node will use the second field to record the sequencenumber of the destination node that it knows. On receipt of theRREQ packet, the destination node D compares its ownsequence number (SN_D) to the one of the received packet. If the sequence number of the received packet is greater thanSN_D then the packet will be rejected, D will use the firstadded field in the packet to find the intruder, and it will alertthe other nodes.For example, the following graph (figure 1) represents anetwork where the node A requests a route to node D. It sendsa RREQ packet having a sequence number equal to 30. Onreceipt of this packet, the malicious node M will set thesequence number to 1000. On receipt of the packet of node A,node B will set the sequence number to 60. Finally, thedestination node D will focus on the message of M thinkingthat this node has the freshness route to the source node A. Dwill then send a RREP message to A via the node M.
Fig. 1.
 
Example of Black hole attack on RREQ packets.
By using AODV-SABH the node D will detect that node M ismalicious, it will reject its packet and will send a RREPpacket to the source node A via the legitimate node B (seefigure 2). In fact, SN_D is really equal to 60, but the sequencenumber of the packet of M is equal to 1000 (!)
Fig. 2.
 
Using AODV-SABH to detect the malicious node.
Securing RREP packets:
To secure RREP packets, everynode will record the addresses of all nodes to whom it willforward the RREQ packet in a local table. To do that, everynode receiving RREQ packet during the route discoveryprocess must sends its address to the sender. So, when a nodereceives a RREP packet it can check if the address of thesender belongs or not to its local table. If the address of thesender of RREP does not match any address recorded in itslocal table, then the receiving node concludes that the senderis a malicious node. So, it will reject the packet, and will alertthe other nodes.V.
 
S
IMULATIONS
 
 A. Simulation parameters
For our simulations we used the Network Simulator 2 (ns-2). Our simulations consist of 20 nodes evolving in a region of (950 m
×
950 m) during 100 seconds. Transmission range isset to 250 meters. Random waypoint movement model is usedand maximum movement speed is 12m/s.Packets among the nodes are transmitted with constant bitrate (CBR) of one packet per second, and the size of eachpacket is 512 bytes.In these simulations we used the following evaluationmetrics:
 Packet delivery ratio (PDR)
: The percentage of data packetsdelivered to destination with respect to the number of packetssent. This metric shows the reliability of data packet delivery.
RREQ<A, D, 30>RREQ<M, D,
 
1000>RREQ<M, D,1000>RRE<B D 60>
A
M
DB
RREPRREQ<A, D, 30>RREQ<A, M, D,1000>RREQ<A, B, D, 60>RREQ<A, B, D, 60>
 
A
M
DB
RREP
114http://sites.google.com/site/ijcsis/ISSN 1947-5500

Activity (17)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
ank316 liked this
Sunil Kumar liked this
Neeraj Garg liked this
Novarun Deb liked this
Srishti Shaw liked this
Rashmi Kujur liked this
Wincal Shi liked this
zeda88 liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->