42
Vol. 1, No. 3, December 2009
MOSAODV: Solution to Secure AODV against
Blackhole Attack
N. H. Mistry1, D. C. Jinwala2 and M. A. Zaveri3
1
Computer/IT Engineering Department, Shri S’ad Vidya Mandal Institute of Technology,
Bharuch 392-001, Gujarat, India
misnit_22@yahoo.com
2,3
Computer Engineering Department, Sardar Vallabh National Institute of Technology ,
Surat 395-007, Gujarat, India
2 3
dcj@coed.svnit.ac.in, mazaveri@coed.svnit.ac.in
Abstract: Mobile ad hoc network (popularly known as
MANET) showing promising applications have now gained
significant importance in research as well as in practice, due to
their autonomous and self-maintaining nature. Unlike other
types of networks, MANETs are usually deployed without a
centralized control unit. Hence, mutual cooperation amongst
the participating entities forms the basis for determining the
routes to the destination. This aspect along with the fact that
MANET nodes are often constrained in power, storage and
computational resources, make MANETs vulnerable to various
communications security related attacks. Therefore, the direct
application of the conventional routing algorithms is infeasible
here. Numerous attempts can be found in the literature that
concentrates on improving the security of the routing protocols
for MANETS. However, according to our analysis, none of them
is complete by itself. In this paper, therefore, we focus on
improving the Secure Adhoc On demand Distance Vector
(AODV) routing protocol to safeguard it against a Denial of
Service attack viz. the Blackhole attack. The proposed
modifications to AODV are implemented and tested using
Network Simulator (NS-2.33). The performance analysis carried
out shows improvement in Packet Delivery Ratio of AODV in
presence of Blackhole attack, with marginal rise in average end-
to-end delay and normalized routing overhead.
Keywords: MANET, Blackhole attack, Security, Routing
Protocols, AODV.
1. Introduction
The desire to be connected anytime, anywhere, anyhow has
led to the development of wireless networks, with a focus on
pervasive and ubiquitous computing. MANETs are no
exception [1].
Therefore, traditional wired routing techniques are
infeasible here [2]. Due to the open medium, dynamically
changing network topology, cooperative algorithms, lack of
centralized monitoring and management, and lack of a clear
line of defense; MANETS are more vulnerable to attacks
than wired networks [3]. Amongst various attacks that the
MANETs are susceptible to, a few are eavesdropping by the
adversary, spoofing on the control and data packets
transacted, malicious modification or alteration of the
packet content and several Denial-of-service (DoS) attacks.
In addition, in the absence of any centralized mechanism
to support the network operations, the participating nodes in
a MANET rely largely on cooperative algorithms
establishing the network routes. Hence, the routing protocol
obviously becomes susceptible to the nodes with malicious
intent. We focus on analyzing the security of the Adhoc On-
(IJCNS) International Journal of Computer and Network Security,
Demand Distance Vector (AODV) that is one of the many
available reactive routing protocols for MANETs
AODV is a reactive routing protocol for adhoc and mobile
networks. As all other routing protocols of MANETs,
AODV uses two phases, viz., Route Discovery and Route
Maintenance. Various control messages used by AODV are
Route Request (RREQ), Route Reply (RREP) and Route
Error (RERR). The header information of this control
messages can be seen in detail in [6]. Every node in an
Adhoc network maintains a routing table, which contains
information about the route to a particular destination.
Route Discovery Phase is initiated by broadcasting RREQ
message. After broadcasting RREQ the source node waits
for the RREP message. If a route is not received within
NET_TRAVERSAL_TIME milliseconds, the node may try
again to discover a route by broadcasting another RREQ, up
to a maximum of RREQ_RETRIES times at the maximum
TTL (Time to Live) value [6]. ReveiveRREP(Packet p) is
one of the crucial function of AODV. The pseudocode can
be seen in figure 1.
At Source Node: AODV
1 ReceiveRREP (Packet P){
2
3
if(p has an entry in Route Table) {
select Dest_Seq_No from routing table
4 if(P.Dest_Seq_No > Dest_Seq_No){
5 update entry of P in routing table
6 unicast data packets to the route
specified in RREP
7 }
8
9
else {
discard RREP
10 }
11 }
13
14
else {
if(P.Dest_Seq_No >= Src_Seq_No) {
15
16 }
Make entry of P in routing table
17 else {
18
19 }
discard this RREP
20
21}
}
Figure 1. RecvReply Pseudocode
The nodes participating in the communication can be
classified as either source node, intermediate node or
destination node. Working of a node varies as it plays one of
these roles. Source node, once send a RREQ waits for first
RREP to come, the figure hence explains only the part at
source node after it receives a RREP message. When
destination node or intermediate node that has fresh enough
route to the destination receives the RREQ message it
generates an RREP message and updates its routing table
with accumulated hop count and the sequence number of the
destination node. Freshness of a route is decided by the
magnitude of sequence number. Sequence number is a 32-
bit integer. The larger the sequence number, the fresher is
the route considered [4]. In Route Maintenance, if a node
 (IJCNS) International Journal of Computer and Network Security, 43
finds a link break or failure then it sends RERR message to
all the nodes that uses the route.
In this paper, therefore, we propose an algorithm to
counter Blackhole attack against Secure AODV routing
protocol [5] in MANETs. As our results and analysis
described in section 5, the proposed modification to Secure
AODV is indeed effective in preventing the Blackhole
attacks with marginal performance penalty.
The rest of the paper is organized as follows: In Section 2,
we describe working of AODV routing protocol, the
Blackhole attack and then survey of the related work in the
area. In section 3, we discuss our solution MOSAODV
(MOdified Secure AODV) algorithm. In section 4, we
discuss the methodology of evaluating the MOSAODV and
will discuss the metrics used to compare the algorithm
relative to the existing traditional AODV. In Section 5, we
describe the simulation results and analyze the same. Finally
we conclude in Section 6.
2. Theoretical Background and Related Work
Blackhole attack is one of the active DoS attacks possible in
MANETs. In blackhole attack a malicious node sends a
forged RREP packet to a source node that initiates the route
discovery in order to pretend to be a destination node itself
or a node immediate neighbor of the destination. So, source
node will forward all of its data packets to the malicious
node; which were intended for the destination. The
malicious node will never forward these data packets to the
destination and therefore, source and destination nodes
became unable to communicate with each other [7].
Figure 2 illustrates blackhole attack in MANETs. In the
figure node S wants to communicate with node D. It can be
seen in the figure that S starts broadcasting RREQ, which is
received by nodes N1, N2, N3 and M (malicious node).
Node N1 and N3 again forwarded the RREQ to node D.
Assuming RREQ from node N1 reaches first to D, so it
generates RREP and replied back to N1. Then it receives
same RREQ from node N3 and hence is dropped (ignored)
by D. Node M being malicious also generates RREP and
sends it to node S. So, now node S will ignore the genuine
RREP from N1 (Destination Sequence Number in RREP
from M is higher). Node S will now starts sending data
packets to node M. Node M being malicious absorb all data
packets.
Figure 2. Blackhole Attack in MANET
First, we shall explore how a malicious node succeeds in
injecting blackhole attack to a MANET using AODV as its
routing protocol. Security of AODV is compromised as it
accepts the received RREP having fresher route. The
malicious node always sends RREP as soon as it receives
RREQ without performing standard AODV operations
keeping Destination Sequence number very high. As AODV
Vol. 1, No. 3, December 2009
considers RREP having higher value of destination sequence
number to be fresher, the RREP sent by malicious node is
treated fresh. Thus, malicious node succeeds in injecting
blackhole attack.
According to the solution in [8] the requesting node without
sending the DATA packets to the reply node at once, it has
to wait till other replies with next hop details from the other
neighboring nodes for a predetermined time value. After the
timeout value, it first checks in CRRT table whether there is
any repeated next hop node. If any repeated next hop node is
present in the reply paths it assumes the paths are correct or
the chance of malicious paths is limited. The solution adds a
delay and the process of finding repeated next hop is an
extra addition to overhead.
In [9], DPRAODV check to find whether the
RREP_seq_no is higher than the threshold value. The
threshold value is dynamically updated at every time
interval. As the value of RREP_seq_no is found to be higher
than the threshold value, the node is suspected to be
malicious and it adds the node to the black list. As the node
detected an anomaly, it sends a new control packet, ALARM
to its neighbors. The ALARM packet has the black list node
as a parameter so that, the neighboring nodes know that
RREP packet from the node is to be discarded. Further, if
any node receives the RREP packet, it looks over the list, if
the reply is from the blacklisted node; no processing is done
for the same. In DPRAODV, one can imagine overhead of
updating threshold value at every time interval. Along with
this, generation of ALARM packet will considerably
increase Routing Overhead.
In [10], the protocol requires the intermediate nodes to
send RREP message with next hop information. When the
source node get this information it will send a RREQ to the
next hop to verify that the node has a route to the
intermediate node that sends back the RREP packet, and
that it has a route to the destination. When the next hop
receives Further Request, it sends Further Reply which
includes check result to source node. Based on information
in Further Reply, the source node judges the validity of the
route.
In [11], source node verifies the authenticity of node that
initiates RREP by finding more than one route to the
destination. When source node receives RREPs, if routes to
destination shared hops, source node can recognize the safe
route to destination.All solutions discussed [9] [10] [11],
puts some overhead on either/both intermediate and
destination nodes in one or other way. Keeping in mind, the
limitations of mobile nodes in MANETs (battery life,
processing power, storage) we need to device an algorithm
or protocol that satisfies the following criterions:
• The algorithm should put minimum routing overhead and
end-to-end delay.
• It should put minimum efforts on either intermediate or
destination node. Otherwise, sometimes intermediate
nodes tend to act selfishly.
• The selection procedure (of a fresh route) must be
computationally simple.
44 (IJCNS) International Journal of Computer and Network Security,
Vol. 1, No. 3, December 2009

3. Modified Secure AODV (MOSAODV) packets is from S to D via node N1. MOSAODV is very
simple and the algorithm will fail only if there exists a
Though there are many solutions available to deal with
single route to the destination and that route is
blackhole attack. All of them are incomplete in one or other
compromised.
way. As discussed in section 2 d, there is still scope for a
Our solution adds a table of size 6 byte ( Table 1), a variable
solution that takes care of all the points discussed there. Mali_Node of size 2 bytes and a timer variable of size 10
Our solution is designed such that it does not modify bytes. The overall memory consumption is 20 Bytes more
working of either intermediate nodes or of destination. In than that of AODV. This is worthy for the rise in Packet
addition to normal AODV MOSAODV have a new table deliver Ratio (PDR). The time overhead in MOSAODV is
Cmg_RREP_TAB, a timer MOS_WAIT_TIME and a MOS_WAIT_TIME which is a constant value in terms of
variable Mali_node. The structure of the table can be seen in milliseconds (1500 ms) and time required to execute
table 1. Pre_ReceiveRREP() is also in terms of milliseconds. So
Table 1: Fields in Cmg_RREP_Tab Table again that is acceptable.
Size in
Field Name Value
Bytes
2
Node Id from where RREP
Node Id
arrived

Destination Sequence 4
Value of destination sequence
Number (Destination
number in the RREP.
Seq. No.)
Unlike AODV, source node in MOSAODV does not
accept every first RREP but calls Pre_ReceiveRREP(Packet
p) which stores all the RREPs in the newly created
(Cmg_RREP_Tab) table till MOS_WAIT_TIME. Then it
analyses all the stored RREPs from Cmg_RREP_Tab table,
Figure 4 .
and discards the RREP having exceptionally high
(a) MOSAODV at T1 > T0 : Saving RREPs in cmg_RREP_Tab
destination sequence number. The node that sent this RREP (b) Entries in Cmg_RREP_Tab at time T0+MOS_WAIT_TIME
is suspected to be the malicious node. MOSAODV (c) MOSAODV at T2 > = T0 + MOS_WAIT_TIME
maintains the identity of the malicious node as Mali_node
so that in future it can discard any RREPs from that node. 4. Simulation Results
Now since malicious node is identified the routing table for For the simulations, we use NS-2 (v-2.33) network
that node is not maintained and also control messages from simulator. NS-2 provides faithful implementations of the
the malicious node will not be forwarded in the network. different network protocols. At the physical and data link
Cmg_RREP_Tab is flushed once an RREP is chosen from it. layer, we used the IEEE 802.11 algorithm. The channel
Our solution; after detecting the malicious node acts as used is Wireless Channel with Two Ray Ground radio
normal AODV by accepting the RREP with higher propagation model. At the network layer, we used the
destination sequence number. The pseudocode of routing algorithms AODV and MYSAODV. Finally UDP is
MOSAODV is given in figure 1. Line number 14 shows that used at the transport layer. All the data packets are CBR
after selecting one RREP, MOSAODV calls (continuous bit rate) packets. The details of CBR packets
ReceiveRREP(Packet p) method of AODV. can be seen in table 3.
The connection pattern is generated using cbrgen and the
At Source Node: MOSAODV
1 Pre_ReceiveRREP (Packet P){
2 t0 = get(current time value)
mobility model is generated by setdest. Setdest generates the
3 settimer(to + MOS_WAIT_TIME)
4 till timer expires Store P.Dest_Seq_No and P.NODE_ID in
random positions of the nodes in the network and mobility
Cmg_RREP_Tab table
5 after timer expires
in the network. The terrain area is 800m X 800m with
6 while (Cmg_RREP_Tab is not empty) {
7 Select Dest_Seq_No from table number of nodes varying from minimum 10 to maximum 80
8 if (Dest_Seq_No >>>= Src_Seq_No){
9 Mali_Node=Node_Id with chosen maximum speed up to from 10 m/s to 70 m/s
10 discard entry from table
11 } and pause time varying from 1s to 5s. The simulation
12 }
13 select Packet q for Node_Id having parameters are summarized in table 2.
highest value of Dest_Seq_No
14 ReceiveRREP(Packet q) Each data point represents an average of ten runs. The
15 }
same connection pattern and mobility model is used in
Figure3. Pseudocode of MOSAODV simulations to maintain the uniformity across the protocols.
Figure 4 explains working of MOSAODV. It is assumed Table2: Simulation Parameters Table 3: Details of CBR
that RREP from M is received at time t0. Figure 4(a) show
that unlike traditional AODV, MOSAODV rather than
dropping the second RREP coming from N1to S is saved in
Cmg_RREP_Tab table. Figure 4(b) shows the entries in the
Cmg_RREP_Tab table of S. figure 4(c) shows a scenario at
T1= T0 + MOS_WAIT_TIME, MOSAODV node S picks
RREP from node N1 to be used. And now, the flow of data
 (IJCNS) International Journal of Computer and Network Security, 45
To analyze the performance of MYSAODV, various
contexts are created by varying the number of nodes, nodes
mobility and nodes pause time. The metrics used to evaluate
the performance of these contexts are given below.
Packet Delivery Ratio: The ratio between the number of
packets originated by the “application layer” CBR sources
and the number of packets received by the CBR sink at the
final destination. Average End-to-End Delay: This is the
average delay between the sending of the data packet by the
CBR source and its receipt at the corresponding CBR
receiver. This includes all the delays caused during route
acquisition, buffering and processing at intermediate nodes,
retransmission delays at the MAC layer, etc. It is measured
in milliseconds. Normalized routing overhead: This is the
ratio of number of control packets to data transmissions in a
simulation. A transmission is one node either sending or
forwarding a packet. Either way, the routing load per unit
data successfully delivered to the destination [8].
To evaluate the packet delivery ratio, End-to-End Delay and
Normalized Routing Overhead; simulation is done with
nodes with the source node transmitting maximum 1000
packets to the destination node. Figure 5 shows the graphs
when network size (number of nodes) is varying. It can be
seen from the figure5 (a), that PDR of AODV drops by
81.812 % in presence of blackhole attack. The same
increases by 81.811 % when MOSAODV is used in
presence of blackhole attack. At the same time, figure5 (b)
and figure5 (c) shows that the rise in End-to-End delay and
Normalized Routing overhead is 13.28 % and 15.05%
respectively. Figure 6 shows the graphs when mobility of
nodes is varying. It can be seen from the figure 6 (a), that
PDR of AODV drops by 70.867 % in presence of blackhole
attack. The same increases by 70.877 % when MOSAODV
is used in presence of the attack. At the same time, figure 6
(b) and figure6 (c) shows that the rise in End-to-End delay
and Normalized Routing overhead is 6.28 % and 7.81 %
respectively. Figure 7 shows the graphs when pause time of
Vol. 1, No. 3, December 2009
nodes is varying. It can be seen from the figure 7(a), that
PDR of AODV drops by 92.84 % in presence of blackhole
attack. The same is gained back when MOSAODV is used
in presence of the attack. At the same time, figure 7 (b)
shows a drop by 0.55 % in End-to-End Delay. Figure 7 (c)
shows that the rise in Normalized Routing overhead is 7.71
%. This is acceptable.
5. Conclusion
The algorithm presented in this paper provides protection
against blackhole attack in MANET. Inclusion of
MOS_WAIT_TIME variable and Cmg_RREP_Tab table,
helps us to suspect malicious node. From the experimental
results, it shows that the solution achieves a very good rise
in PDR with acceptable rise in End-to-End delay and
Normalized Routing Overhead. Neither intermediate nodes
nor the destination node need to do anything extra. As
compared to the various solutions; we had seen in the paper
the algorithm is simple to implement. Though the algorithm
is implemented and simulated with AODV routing
algorithm, we believe that the solution can also be used by
other routing algorithms as well.
References
[1] Anil Kumar Verma, “Design And Development Of A
Routing Protocol For Mobile Ad Hoc Networks (Manets)”,
A Thesis Of Doctor Of Philosophy In Computer Science
And Engineering, Thapar Universtiy Patiala .
[2] Ebrahim Mohamad, Louis Dargin;” Routing Protocols
Security In Ad Hoc Networks”. A Thesis Oakland
University School of Computer Science and Engineering.
[3] Yian Huang, Wenke Lee; “A Cooperative Intrusion Detection
system for Ad Hoc Networks”. In Proceedings of the 1st
ACM Workshop Security of Ad Hoc and Sensor Networks,
Fairfax, Virginia, pp135-147, 2003.
[4] N.H.Mistry, D.C.Jinwals, M.A.Zaveri;” Prevention of
Blackhole Attack in MANETs”. In Proceedings of EPWIE-
2009, Gujarat, India, pp 89-94, July 2009.
[5] M.G.Zapata; “Secure On Demand Distance Vector (SAODV)
Routing”. INTERNET-DRAFT draft-guerrero-manet-saodv-
06.txt, Sep. 2006
[6] C. Perkins, “(RFC) request for Comments-3561”,
Category:Experimental, Network, Working Group, July
2003.
[7] Satoshi kurosawal, Hidehisa, Nakayama, Nei Kato, Abbas
Jamalipour and Yoshiaki Nemoto. “Detecting Blackhole
Attack on AODV-based Mobile Ad Hoc Networks by
Dynamic Learning Method”, International Journal of
Network Security, Vol.5, No.3, pp.338–346, Nov. 2007.
[8] Latha Tamilselvan, V Sankaranarayanan, “Prevention of
Blackhole Attack in MANET”. In Proceedings of The 2nd
International Conference on Wireless Broadband and Ultra
Wideband Communications (AusWireless 2007), pp. 21-21,
Aug. 2007.
[9] Payal N. Raj, Prashant B. Swadas. “DPRAODV: A
Dyanamic Learning System Against Blackhole Attack In
Aodv Based Manet”, International Journal of Computer
Science Issues, Vol. 2,pp 54-59,2009.
[10] H. Deng, W. Li, and D. P. Agrawal, “Routing security in ad
hoc networks”, IEEE Communications Magazine, vol. 40,
no. 10, pp. 70-75, Oct. 2002.
[11] M. A. Shurman, S. M. Yoo, and S. Park, “Black hole attack
in wireless ad hoc networks”, in ACM 42nd Southeast
Conference (ACMSE’04), pp 96-97, Apr. 2004.