Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
2Activity
0 of .
Results for:
No results containing your search query
P. 1
ISOR: Intelligent Secure On-Demand Routing Protocol

ISOR: Intelligent Secure On-Demand Routing Protocol

Ratings: (0)|Views: 73 |Likes:
Published by ijcsis
MANETs are highly vulnerable to attacks due to their inherent characteristics of the lack of infrastructure and complexity of wireless communication. Considerable improvements have been made towards providing ad hoc network security and existent solutions apply cryptography, intrusion detection systems or reputation systems. However, these conventional defense lines are inefficient to put all attacks and intrusions off. Our approach is to study the behavior of the AODV routing protocol in the presence of blackhole attacks, one of the major Denial-of Service attacks. In the first phase of this research, we provide the detailed simulation methodology of black hole attacks, and detail out the steps of creating a new routing protocol named as Intelligent Secure On-Demand Routing protocol (ISOR) using NS-2. In ISOR, an intelligent prevention scheme has been presented where every node will behave intelligently to prevent black hole attacks. Simulation studies show that compared to the original ad hoc on-demand distance vector (AODV) routing scheme, our proposed solution can verify 75% to 98% of the routes to the destination depending on the pause times at minimum delay in the networks.
MANETs are highly vulnerable to attacks due to their inherent characteristics of the lack of infrastructure and complexity of wireless communication. Considerable improvements have been made towards providing ad hoc network security and existent solutions apply cryptography, intrusion detection systems or reputation systems. However, these conventional defense lines are inefficient to put all attacks and intrusions off. Our approach is to study the behavior of the AODV routing protocol in the presence of blackhole attacks, one of the major Denial-of Service attacks. In the first phase of this research, we provide the detailed simulation methodology of black hole attacks, and detail out the steps of creating a new routing protocol named as Intelligent Secure On-Demand Routing protocol (ISOR) using NS-2. In ISOR, an intelligent prevention scheme has been presented where every node will behave intelligently to prevent black hole attacks. Simulation studies show that compared to the original ad hoc on-demand distance vector (AODV) routing scheme, our proposed solution can verify 75% to 98% of the routes to the destination depending on the pause times at minimum delay in the networks.

More info:

Published by: ijcsis on Aug 12, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

08/20/2010

pdf

text

original

 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 4, July 2010
ISOR: Intelligent Secure On-Demand RoutingProtocol
1
Moitreyee Dasgupta,
2
Gaurav Sandhu
 1
Department of Computer Science and Engg., JSSAcademy of Technical Education, Noida, New Delhi,
2
Department of Computer Science and Engg.GTBIT, New Delhi, India.email:
1
helloruna@yahoo.com,
2
gauravgtbit@yahoo.in
3Usha Banerjee
3
Department of Computer Science & Engg.College of Engineering Roorkee, Roorkee, India.email:
3
ushaban@gmail.com
 Abstract
— MANETs are highly vulnerable to attacks due to theirinherent characteristics of the lack of infrastructure andcomplexity of wireless communication. Considerableimprovements have been made towards providing ad hocnetwork security and existent solutions apply cryptography,intrusion detection systems or reputation systems.
 
However,these conventional defense lines are inefficient to put all attacksand intrusions off. Our approach is to study the behavior of theAODV routing protocol in the presence of blackhole attacks, oneof the major Denial-of Service attacks. In the first phase of thisresearch, we provide the detailed simulation methodology of black hole attacks, and detail out the steps of creating a newrouting protocol named as Intelligent Secure On-DemandRouting protocol (ISOR) using NS-2. In ISOR, an intelligentprevention scheme has been presented where every node willbehave intelligently to prevent black hole attacks. Simulationstudies show that compared to the original ad hoc on-demanddistance vector (AODV) routing scheme, our proposed solutioncan verify 75% to 98% of the routes to the destination dependingon the pause times at minimum delay in the networks.
 Keywords- Blackhole attacks, DoS Attacks, MANET, Securityin MANET routing protocol 
I.
 
I
NTRODUCTION
Wireless Ad hoc networks are composed of autonomous nodesthat are self- managed without any infrastructure. Ad hocnetworks have a dynamic topology such that nodes can easily join or leave the network at any time. They have manypotential applications, especially, in military and rescue areassuch as connecting soldiers on the battlefield or establishing anew network in place of a network which collapsed after adisaster like an earthquake. Ad hoc networks are suitable forareas where it is not possible to set up a fixed infrastructure.The absence of any central coordinator or base station makesthe routing process a complex one as compared to cellularnetworks. Hence the responsibilities of a routing protocol,include exchanging route information, finding a feasible pathto a destination based upon criteria such as hop length,minimum power requirement and life time of wireless link,gathering information about path breaks, mending the brokenpaths and utilizing minimum bandwidth. Besides acting as ahost, each node also acts as a node to discover a path andforward packets to the correct node in the network. All theproposed routing protocols [1] [2] [3] [4] [9] [11] [12] [14] arevulnerable to the denial-of –service attacks [5] [6]. Gainingaccess of the valid routes causes rushing attack [3]. Anattacker can attract traffic towards certain destinations in thenodes under its control and cause the packet to be forwardedalong a route that is non optimal or even non-existent. A pairof attacker nodes may create a wormhole [13] and shortcuttheir flows between each-other. Even being a part of theforwarding path, malicious nodes may selectively drop someor all the data packets [7]. A malicious node can correctlyparticipate in route discovery phase but it may fail to correctlyforward data packets. The security solution should also ensurethat each node indeed forwards the packet according to itsrouting table. The black hole can be implemented in thenetwork layer as well as in the MAC layer and as a result theentire network will be compromised. In this paper we proposean intelligent black hole attack prevention scheme to ensurereliable routing and data forwarding. In this scheme everynode will behave in an intelligent manner and detect thecorrupted node. Once detected, the node will be blacklisted fora definite period of time.Simulations have been done using NS-2 (Network Simulatorversion 2) [7]. A new protocol has been added to the existingfunctionalities of NS-2 and black hole attacks have beensimulated using this new protocol. After having implementedthe new routing protocol which simulates a black hole, testswere performed on wireless networks to compare the network performance with and without black holes in the network. Asexpected, the throughput in the network deterioratedconsiderably in the presence of a black hole. Later in thepaper, we have implemented our proposed solution toeliminate the effects of black hole and the results obtainedwere evaluated.The rest of the paper is organized as follows. In section 2 weanalyze various modes of attacks in ad hoc mobile networks.Section 3 presents a brief review of existing work. In section 4we present a network attacking model based on black holeattack for AODV. The simulation of a black hole attack [7]and the proposed protocol ISOR is presented in section 5. Insection 6 we analyze and discuss the results of simulation of the proposed ISOR protocol. In this section we also putforward a comparative study between the normal AODV
114http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 4, July 2010
protocol and our proposed ISOR protocol. In this section wepresent a solution model for some countermeasures againstblack hole attacks. This section also deals with theperformance evaluation of our routing protocol and acomparison with the existing AODV routing protocol.II.
 
DIFFERENT TYPES OF DOS ATTACKS
 Security [5] is the primary challenge to ad hoc wirelessnetworks because of its infrastructure-less features, resourceconstraints and dynamic topology changes. The security issuein MANET for group communication [7] is even morechallenging because of the involvement of multiple sendersand multiple receivers. DoS attacks [6] are hard to detect andeasy to implement by an attacker as no hardware is required todo so. These are considered to be the most vulnerable categoryof attacks for network layer thus needs more attention. Theentire network may fail in the presence of such an attack.Some common types of DoS attacks [10] [12] [13] [3] arediscussed briefly:
 
Blackhole Attacks
- An attacker can drop receivedrouting messages, instead of relaying them as the protocolrequires, in order to reduce the quantity of routinginformation available to other nodes. This is called
blackhole attack 
by Hu et al., and is a “passive” andsimple way to perform a Denial of Service. The attack canbe done selectively (drop routing packets for a specifieddestination, a packet every
n
packets, a packet every
seconds, or a randomly selected portion of the packets) orin bulk (drop all packets), and may have the effect of making the destination node unreachable or downgradecommunication in the network.
 
Wormhole Attacks
-The
wormhole attack 
[10] [13] isquite severe, and consists in recording traffic from oneregion of the network and replaying it in a differentregion. It is carried out by an intruder node
 X 
locatedwithin transmission range of legitimate nodes
 A
and
 B
,where
 A
and
 B
are not themselves within transmissionrange of each other. Intruder node
 X 
merely tunnelscontrol traffic between
 A
and
 B
(and vice versa), withoutthe modification presumed by the routing protocol – e.g.without stating its address as the source in the packetsheader – so that
 X 
is virtually invisible. This results in anextraneous inexistent
 A
-
 B
link which in fact is controlledby
 X 
.
 X 
can afterwards drop tunneled packets or break thislink at will. Two intruder nodes
 X 
and
 X 
′, connected by a
wireless or wired private medium, can also collude tocreate a longer (and more harmful) wormhole.
 
Jellyfish Attacks –
In this attack, the attacker obeys allthe routing protocol specifications but, delays the packetforwarding process for a certain period of time, resultingin a high end-to-end delay. This attack is difficult todetect as packet drop in this case is negligible.
 
Rushing Attacks
- An offensive that can be carried outagainst on-demand routing protocols is the
rushing attack 
.Typically, on-demand routing protocols state that nodesmust forward only the first received Route Request fromeach route discovery; all further received route requestsare ignored. This is done in order to reduce cluttering. Theattack consists, for the adversary, in quickly forwardingits Route Request messages when a route discovery isinitiated. If the Route Requests that first reach the target’sneighbors are those of the attacker, then any discoveredroute includes the attacker.
 
Neighborhood Attacks
- An intermediate node records itsID in the packet before forwarding it to the next node. Inthis type of attack, an attacker simply forwards the packetwithout recording its ID in the packet. This makes twonodes that are not within the communication range of each other believe that they are neighbors (i.e., one hopaway of each other), resulting in a disrupted route.III.
 
REVIEW WORK
 Blackhole attack is one of the most active DoS attackspossible in MANETs. Research on black hole attacks hasgained sufficient momentum. Research focuses mainly onsecuring existing routing protocols, developing new securerouting protocols, and intrusion detection techniques.In [15] and [16] new protocols have been designed.Awerbuch et al. [15] developed a secure new on-demandrouting protocol. It includes link weights which are consideredduring route discovery. The weights are calculated from thepacket delivery fraction of each link. A link not delivering afraction of packets above a certain threshold is consideredmalicious, and therefore the link weight is increased such thatthe link is chosen with smaller probability in the next routediscovery phase. The approach detects a black hole as soon asthe impact occurs, not when the black hole is constructed. In[16] a secure routing protocol based on the Dynamic SourceRouting (DSR) protocol is presented. The authenticity of RouteRequests is verified using message authentication codes(MAC). Furthermore, the authors present three techniques forauthenticating data in Route Requests and Route Replies,where a broadcast authentication protocol for authenticatingrouting messages called TESLA ([17], [18]), digital signaturesor MACs are used. Additionally, the authors propose per-hophashing to verify that no node present in the node list of theRoute Request is removed by an attacker. Finally, similar to thework done in [15] routes are chosen with regard to their priorperformance in packet delivery. The work focuses onauthentication of messages for on-demand protocols.Therefore, their approach is not applicable for pure ad hocnetworks.IV.
 
BLACK
-
HOLE ATTACKING MODEL
 Wireless Ad hoc networks are composed of autonomous nodesthat are self- managed without any infrastructure. Besidesacting as a host, each node also acts as a node to discover apath and forward packets to the correct node in the network.The AODV protocol is vulnerable to the well-known black hole attack. An attacker first introduces itself in the forwardinggroup (e.g., by implementing rushing attack), and then instead
This work is part of a WOS-A DST project (ref. no. SR/WOS-A/ET 20/2008, Department of Science & Technology, Government of India)
 
115http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 4, July 2010
of forwarding the data packet to the proper destination, itsimply drops all of data packets it receive resulting a poorpacket delivery ratio [10].In blackhole attack, the malicious node waits for the neighborsto initiate a RREQ packet. As soon as the malicious nodereceives the RREQ packet, it will immediately send a falseRREP packet with a modified higher sequence number. Thus,the source node assumes that the node has a fresh routetowards the destination. The source node ignores the RREPpacket received from other nodes and begins to send the datapackets to the malicious node. A malicious node takes all theroutes towards itself. It does not allow forwarding any packetanywhere. This attack is called a blackhole as it swallows allobjects and data packets [15].A black hole is a node that always responds positively witha RREP message to every RREQ, even though it does notreally have a valid route to the destination node. When the datapackets routed by the source node reach the black hole node, itdrops the packets rather than forwarding them to thedestination node. The attacker may drop all data packets, or itmay selectively drops the data packets. Discarding all datapackets make the entire networks fail while selective droppingwill degrade the network performance drastically.
Figure 1: Blackhole attacking model
In figure 1, source node S wants to send data packets to adestination node D in the network. Node M is a maliciousnode which acts as a blackhole. The attacker replies with falsereply RREP having higher modified sequence number. So,data communication initiates from S towards M instead of D.V.
 
ISOR
:
INTELLIGENT SECURE ON DEMAND ROUTINGPROTOCOL
 Sources broadcasts RREQ to the network for on-demand routediscovery. On receiving the RREQ packet the malicious nodeimmediately replies back with RREP packet with highestvalue of destination sequence number, ignoring the value in itsrouting table. Simultaneously, the destination node too replieswith a RREP packet. After receiving the first RREP, thesource does not choose that path, rather it adds that packet to abuffer linked list. The packet is also added to the suspiciouslinked list if its destination sequence number has a very largevalue. This process repeats itself a number of times to studythe behavior of the suspicious nodes. The variableRREQ_COUNT has been used for this purpose. A decentsimulation outcome has been obtained by setting the value of the variable equal to 10. There is a second count variableassociated with each entry in the suspicious linked list whichcounts the number of times a highly acceptable (with largersequence number) packet is send by a node. If the value of thiscount variable attains a value of RREQ_COUNT, it impliesthat a node is sending a RREP packet with a higher valueddestination sequence number thus behaving in an ill manner.So, all the entries which follow the above pattern in thesuspicious linked list are added to the black hole linked list.The suspicious node linked list gets destroyed once the nodesfrom the list get into the black hole linked list or after a decentamount of time. A black_final variable whose value is set to50 is used which will destroy blackhole linked list when theRREQ packets count reaches to 50.As the malicious node sends an RREP message withoutchecking the tables, it is assumed that it is more likely for thefirst RREP message to arrive to the source. To nullify theattack, additional lists for suspicious nodes and Black Holenodes were created and algorithms were applied to theselinked lists to find the malicious node. These algorithms areexplained in the next section.The implementation requires two linked lists:SUSPICIOUS_NODE LINKED LIST andBLACKHOLE_NODE LINKED LIST. The discussion of themechanism to counter Black Hole attack begins with thedescription of the two linked lists.
 
SUSPICIOUS_NODE LINKED LIST: It is a linked list of the nodes which send the first RREP message, designed atrequesting node. It contains the first RREP sending node’saddress, their destination sequence number with a countof how many times first RREP packets were sent by thisnode.
 
BLACKHOLE_NODE LINKED LIST: It is a linked listwhich is created from the suspicious node linked list atthe requesting node. It contains the RREP sending nodesaddress only. This list provides
 
V.1
 
A
LGORITHM FOR ADDITION OF AN ENTRY INTO SUSPICIOUSNODE LINKED LIST
  //A
LGO FOR SUSPICIOUS LINKED LIST
 // 
 
SNLLAssuming n1 is the node from where the first RREP has beenreceived by the source;nsaddr 0;dst_seq 0; cnt 0; // global initialization;
do {
nsaddr address of n1;dst_seq destination sequence of RREP received from n1;If dst_seq
4294967290 then {If (
SNLL
nsaddr
nsaddr) then
116http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->