(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 1, 2011
A New Approach to Prevent Black Hole Attack inAODV
M. R. Khalili ShojaDepartment of ElectricalEngineering, Amirkabir Universityof Technology, Tehran, Iranm.khalili@aut.ac.irHasan TaheriDepartment of ElectricalEngineering, Amirkabir Universityof Technology, Tehran, Iranhtaheri@aut.ac.irShahin VakiliniaDepartment of ElectricalEngineering, Sharif Universityof Technology, Tehran, Iranvakilinia@ee.sharif.edu
Abstract
— Ad-hoc networks are a collection of mobile hosts thatcommunicate with each other without any infrastructure. Thesenetworks are vulnerable against many types of attacks includingblack hole. In this paper, we analyze the effect of this attack onthe performance of ad-hoc networks using AODV as a routingprotocol. Furthermore, we propose an approach based on hashchain to prevent this type of attack. Simulation results usingOPNET simulator depicts that packet delivery ratio, in thepresence of attacker nodes, reduces remarkably. On the otherhand, applying proposed approach can reduce the effect of blackhole attacks.
Keywords:AODV;black hole;hash chain;OPNET
I.
I
NTRODUCTION
Ad-hoc networks are characterized by dynamic topology,self-configuration, self-organization, restricted power,temporary network and lack of infrastructure. Characteristics of these networks lead to using them in disaster recoveryoperation, smart buildings and military battlefields [1].Routing protocol in ad-hoc networks are classified into twomain categories, proactive and reactive [3]. In proactive routingprotocols, routing information of nodes is exchanged,periodically, such as DSDV [4]. In on-demand routingprotocols, nodes exchange routing information when neededsuch as, AODV [2] and DSR [5]. Furthermore, some ad-hocrouting protocols are a combination of above categories.Although trusted environment has been assumed in mostresearch on ad-hoc routing protocols, many usages of ad-hocnetwork run in untrusted situations. So, most ad-hoc routingprotocols are vulnerable to diverse types of attacks that one of which is black hole attack. In this attack, a malicious node usesthe routing protocol to advertise itself as having the shortest orfreshest path to the node whose packets it wants to intercept. Ina flooding based protocol, the attacker listens to requests forroutes. When the attacker receives a request for a route to thetarget node, the attacker creates a reply consisting of anextremely short or fresh route [6]. The rest of this paper isorganized as follows: In section 2, AODV routing protocol isdescribed. In section 3, we describe classification of attacks inMANET. Network layer attack is described in section 4.Section 5 summarizes related works and detailed description of proposed solution is discussed in section 6. In section 7,simulation results are analyzed.II.
AODV
ROUTING PROTOCOL
AODV is used to find a route between source anddestination as needed and this routing protocol uses threesignificant type of messages, route request (RREQ), routereply (RREP) and route error (RERR). Field information of these messages, such as source sequence number, destinationsequence number, hop count and etc is explained in detail in[2]. Each node has a routing table, which contains informationabout the route to the specific destination. When source nodewants to communicate with a destination and there is not anyroute between them in its routing table, at first step sourcenode broadcasts RREQ. So, RREQ is received by intermediatenodes that they are in the transmission range of sender. Thesenodes broadcast RREQ until RREQ is received by destinationor an intermediate node that has fresh enough route to thedestination. Then it sends RREP unicastly toward the source.Hence, a route among source and destination is made. A freshenough route is a valid route entry that its destination sequencenumber is at least as great as destination sequence number inRREQ. The source sequence number is used to determinefreshness about route to the source. In addition, destinationsequence number is used to determine freshness of a route tothe destination. When intermediate nodes receive RREQ, withconsideration of source sequence number and hop count, makeor update a reverse route entry in its routing table for thatsource. Furthermore, when intermediate nodes receive RREP,with consideration of destination sequence number and hopcount, make or update a forward route entry in its routing tablefor that destination.III.
C
LASSIFICATION OF ATTACKS IN
MANETThe attacks in MANET can be classified into twocategories, called passive attacks and active attacks. Passiveattacks are done to steal information of network such as,eavesdropping attacks and traffic analysis attacks. Indeed,passive attackers get data exchanged in the network withoutdisrupting the operation of a network and modification of exchanged data. On the other hand, in active attacks,replication, modification and deletion of exchanged data is
24 http://sites.google.com/site/ijcsis/ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 1, 2011
done by attackers. The attacks in ad-hoc networks can also beclassified into two categories, called external attacks andinternal attacks. Internal attacks are done by authorized node inthe network, whereas external attacks are executed by nodesthat they are not authorized to participate in the network options. Another classification of attacks is related to protocolstacks, for instance, network layer attacks.IV.
N
ETWORK LAYER ATTACKS IN
MANET
Some network layer attacks are described in below: A.
Wormhole attack
In this attack, an attacker records a packet, at one locationin the network, tunnels the packet to another location andreplays it there [21].
B.
Byzantine attack
In this attack, malicious nodes individually or cooperativelycarry out attacks such as creating routing loops and forwardingpackets through non-optimal paths.
C.
Rushing attack
Rushing attacker forwards packets quickly by skippingsome of the routing processes. So, in on-demand routingprotocol such as AODV, the route between source anddestination include rushing nodes.
D.
Resource consumption attack
In this attack, an attacker attempts to consume battery lifeof other nodes.
E.
Location disclosure attack
In this attack, information relating to structure of network is revealed by attacker nodes.
F.
Black hole attack
In black hole attack, malicious nodes falsely claim a freshroute to the destination to absorb transmitted data from sourceto that destination and drop them instead of forwarding.Black hole attack in AODV protocol can be classified intotwo categories: black hole attack caused by RREP and black hole attack caused by RREQ.
1)
Black hole attack caused by RREQ
With sending fake RREQ messages an attacker can form black hole attack as follows:
a)
Set the originator IP address in RREQ to theoriginating node’s IP address.b)
Set the destination IP address in RREQ to thedestination node’s IP address.c)
Set the source IP address of IP header to its own IPaddress.d)
Set the destination IP address of IP header tobroadcast address.e)
Choose high sequence number and low hop count and put them in related fields in RREQ.
Figure 1. Operation at intermediate nodes when receive RREQ
So, false information about source node is inserted to therouting table of nodes that get fake RREQ. Hence, if thesenodes want to send data to the source, at first step they send itto the malicious node.
2)
Black hole attack caused by RREP
With sending fake RREP messages an attacker can form black hole attack. After receiving RREQ from source node, amalicious node can generate black hole attack by sendingRREP as follow:
a)
Set the originator IP address in RREP to theoriginating node’s IP address.b)
Set the destination IP address in RREP to thedestination node’s IP address.c)
Set the source IP address of IP header to its own IPaddress.d)
Set the destination IP address of IP header to the IPaddress of node that RREQ has been received from it.
Is the sender of RREQ in blacklist?Is it equal tocriterion?Is it bigger thanhash order of criterion?Is it destination?Get RREQDrop the packetCalculate the hash order inhash_RREQ.
YesNo
Accept the packetYesCalculate the hash of hash_RREQspecific timesNoNoYesDrop the packet and set the name of sender node in blacklist.Accept the packet and changethe criterion to the value of hash_RREQNoYesCalculate hash of hash_RREQand set this value in hash_RREQand rebroadcast RREQ.Send RREP
25 http://sites.google.com/site/ijcsis/ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 1, 2011
TABLE I.
SIMULATION PARAMETERS
e)
Choose high number for sequence number and lownumber for hop count.So, data from source reach to malicious node and it dropsthem.
V.
R
ELATED WORKS
There are basically two approaches to secure MANET:1.securing ad-hoc routing and 2.Intrusion detection [7].
A.
Securing routing
Ariadne [8] has proposed ad-hoc routing protocol thatprovides security in MANET and relies on efficient symmetriccryptography. This protocol is based on the basic operation of the DSR protocol. In [9], a secure routing protocol based onDSDV has been proposed. Hash chains have been used toauthenticate hop counts and sequence numbers. ARAN [10]uses cryptographic public-key certificates in order to achievethe security goals. The goal of SAR [11] is to characterize andexplicitly represent the trust values and trust relationshipsassociated with ad-hoc nodes and use these values to makerouting decisions. Secure AODV (SAODV) [12] is a securityextension of AODV protocol, based on public keycryptography. Hash chains are used in this protocol toauthenticate the hop count. Adaptive SAODV (A-SAODV)[13] has proposed a mechanism based on SAODV forimproving the performance of SAODV. In [14] a bit of modification has been applied to A-SAODV for increasing itsperformance. TRP [20] employs hash chain algorithm togenerate a token, which is appended to the data packets toidentify the authenticity of the routing packets and to choosecorrect route for data packets. TRP provides significantreduction in energy consumption and routing packet delay byusing hash algorithm.
B.
Intrusion detection system
[15] introduces a method that requires each intermediate nodeto send back the next hop information inside RREP message.This method uses further request message and further reply
Figure 2. Network topology
message to verify the validity of the route. Zhang and Lee [16]propose a distributed and cooperative intrusion detectionmodel based on statistical anomaly detection techniques. In[17], the intermediate node requests its next hop to send aconfirmation message to the source. After receiving both routereply and confirmation message, the source determines thevalidity of path according to its policy. In [18], Huang et al useboth specification-based and statistical-based approaches.They construct an Extended Finite State Automation (EFSA)according to the specification of AODV routing protocol andmodel normal state and detect attacks with anomaly detectionand specification-based detection. An approach based ondynamic training method in which the training data is updatedat regular time intervals has been proposed in [19].VI.
P
ROPOSED WORK
As we will discuss, AODV is weak against black holeattack. In this paper we propose mechanism to prevent black hole attack based on hash chain. Black hole attack is based onmodification of sequence number and hop count. In thismethod, when an intermediate node receives RREQ or RREP,check an extra field, which will be explained later, to verifysequence number and hop count. If this node authenticatesvalidity of this field, it can accept control messages and fill itsrouting table accordingly. We add one field namedhash_RREQ to RREQ and similarly, one field calledhash_RREP to RREP. We assume that only destination cansend RREP, although, intermediate nodes can have enoughfresh routes to the destination. It means that destination onlyflag in RREQ must be set. When source node wants to senddata to destination, it must use AODV protocol to find a routeto the destination. So this node sends new RREQ as below:Normal RREQ Hash-RREQNormal RREQ is RREQ in AODV and hash_RREQ field isa new field that we add to existing protocol. Source node
Simulation parameters Value
Number of nodes 46Network size 600*600(m)Simulation duration 600(sec)Transmit power(w) .0001Packet Reception-power Threshold(dBm) -95Hash function SHA-1Source node Mobile-node-1Destination node Mobile-node-4Packet Inter-Arrival Time(sec) Uniform(.1,.11)Packet size(bits) Exponential(1024)
26 http://sites.google.com/site/ijcsis/ISSN 1947-5500
Search History:
Result 00 of 00
00 results for result for
p.
A New Approach to Prevent Black Hole Attack in AODV
Ad-hoc networks are a collection of mobile hosts that communicate with each other without any infrastructure. These networks are vulnerable against many types of attacks including black hole. In this paper, we analyze the effect of…
(More)
1.2K
Reads
10
Readcasts
2
Embed Views
Recommended
More From This User
Notes
Load more
