This action might not be possible to undo. Are you sure you want to continue?
Mobile Adhoc Networks (MANET) have a wide range of valuable and critical applications like military operations (formations of soldiers, tanks, planes), civil (e.g., audio and video conferencing, sport event), telematics applications (traffic), disaster situations (e.g., emergency and rescue operations, national crises, earthquakes, fires, floods), and integration with cellular systems. Apart from data transmission nodes in MANETs too perform routing functions. However due to their inbuilt characteristics of open network architecture, shared wireless medium, stringent resource constraints, and highly dynamic network topology, MANETs are vulnerable to various kinds of security attacks. This paper discusses a wide variety of security issues prevailing in MANETS. Further, security being vital to the acceptance and use of MANET s for many applications, we have made a detailed classification of security attacks in MANETs, focused on black hole attack and discussed on different security solutions available to handle them including the challenges faced .
A mobile ad hoc network is a self - organizing system of mobile nodes that communicate with each other via wireless links with no infrastructure or centralized administration such as base stations or access points. Nodes in a MANET operate both as hosts as well as routers to forward packets to each other. Two nodes can communicate if they are within each other’s transmission range; otherwise, intermediate nodes can serve as relays (routers) if they are out of range (multihop routing). These networks have several salient features: rapid deployment, robustness, ﬂexibility, inherent mobility support, highly dynamic network topology (device mobility, changing properties of the wireless channel, that is, fading, multipath propagation, and partitioning and merging of ad hoc networks are possible), the limited battery power of mobile devices, limited capacity, asymmetric/unidirectional links, Limited physical security(eavesdropping, spoofing, and denial-of-service attacks). MANETSs are envisioned to support advanced applications such as military operations(formations of soldiers, tanks, planes), civil applications(e.g., audio and video conferencing, sport events, telematics applications(traffic)), disaster situations(e.g., emergency and rescue operations, national crises, earthquakes, fires, floods), and integration with cellular systems. However due to their inbuilt characteristics of open network architecture, shared wireless medium, stringent resource constraints, and highly dynamic network topology, MANET is vulnerable to various kinds of attacks like black hole attack, rushing attack, neighbour attack and wormhole attack. Black hole attack in MANETS is a serious security problem to be solved. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In flooding based protocol, if the malicious reply reaches the requesting node before the reply from the actual node, a forged route has been created. This malicious node then can choose whether to drop the packets to perform a denial-of-service attack or to use its place on the route as the first step in a man-in-the-middle attack.
1.4 Problem of Scalability: Scalability of the network is defined in the beginning phase of the designing of the network. Wireless links also makes the MANET more susceptible to attacks which make it easier for the attacker to go inside the network and get access to the ongoing communication.2. thus it can communicate with other nodes in the network. There is no main body that keeps watching on the nodes entering and leaving the network. . 2. 2.1. It is too hard to know and predict the numbers of nodes in the MANETs in the future. The nodes are free to move in and out of the ad hoc network which makes the ad hoc network very much scalable and shrinkable.e.1 Classification of attacks The attacks can be categorized on the basis of the source of the attacks i. nodes can freely join and leave the network. This is quite opposite in MANETs because the nodes are mobile and due to their mobility in MANETs. Internal or External. This is because of the following factors: 2. Mobile nodes present within the range of wireless link can overhear and even participate in the network. Passive or Active attack. Ad-hoc network mobility makes it easier for a compromised node to change its position so frequently making it more difficult and troublesome to track the malicious activity. 3. The nature of MANET. It can be seen that these threats from compromised nodes inside the network is more dangerous than attacking threats from outside the network. and on the behavior of the attack i.2 Compromised Node: Due to this autonomous factor for mobile nodes it is very difficult for the nodes to prevent malicious activity it is communicating with. All these weaknesses of MANETs make it vulnerable to attacks. the scale of the MANETs is changing. 2. the protocols and all the services that a MANET provides must be adaptable to such changes. nodes have the freedom to join and leave inside the network.1. 2.1.e. This characteristic makes MANET more vulnerable to be exploited by an attacker from inside the network. Node can join a network automatically if the network is in the radio range of the node.3 No Central Management: MANET works without any preexisting infrastructure. This lack of centralized management leads MANET more vulnerable to attacks.1 Flaws in MANETS MANETs are very flexible for the nodes i. which may result the vulnerability of MANET to attacks.e. There is no protection against attacks like firewalls or access control. Keeping this property of the MANET. Detecting attacks and monitoring the traffic in highly dynamic and for large scale ad hoc network is very difficult due to no central management.1 Non secure boundaries: MANET is vulnerable to different kind of attacks due to no clear secure boundary. SECURITY ATTACKS 3. SECURITY ISSUES IN MANET MANET work without a centralized administration where node communicates with each other on the base of mutual trust.
3. Active attacks. or by directly compromising a current node and using it as a basis to conduct its malicious behaviors. This kind of attack is very difficult to detect. each intermediate node processes only the ﬁrst non-duplicate packet and discards any duplicate packets that arrive at a later time. the attackers typically involve eavesdropping of data. 3. They can also intentionally drop. either by some malicious impersonation to get the access to the network as a new node. This results in signiﬁcantly high end-to-end delay and delay jitter.• External attacks. In passive attacks.2 Flooding Attack It aims to exhaust the network resources.. However. by skipping some of the routing processes. This kind of attack can be achieved either by using RREQ or Data flooding. we discuss the main attack types that emerge in the mobile ad hoc networks. propagate fake routing information or disturb nodes from providing services. such as bandwidth and to consume a node’s resources. can quickly forward these packets and be able to gain access to the forwarding group. resulting in a disrupted route. 3.6 Jellyfish Attack The attacker ﬁrst needs to intrude into the forwarding group and then it delays data packets unnecessarily for some amount of time before forwarding them. and thus degrades the performance of real-time applications. 3. one-hop away from each other). on the other hand.4 Rushing Attack When source nodes ﬂood the network with route discovery packets in order to ﬁnd routes to the destinations. . involve actions performed by intruder. The target of the attack can be either data traffic or routing traffic.3 Wormhole Attack In this attack. Internal attacks. thus disclose the information of the location and move patterns of mobile nodes. such as computational and battery power or to disrupt the routing operation to cause severe degradation in network performance. it makes two nodes that are not within the communication range of each other believe that they are neighbors (i. in which the adversary wants to gain the normal access to the network and participate the network activities. if an attacker simply forwards the packet without recording its ID in the packet.e. a pair of colluding attackers record packets at one location and replay them at another location using a private high speed network. corrupt and delay data packets passing through it. • • • In the following. Rushing attackers. in which the attacker aims to cause congestion. 3. an intermediate node records its ID in the packet before forwarding the packet to the next node. The intruders may insert large volume of extraneous data packets into networks. because the attacker seldom exhibits abnormal activities.5 Neighbour Attack Upon receiving a packet.
). B could be said to form a black hole in the network.). 4.7 Replay Attack In a replay attack. and we call this the black hole Attack (See Fig. all the packets through B are simply consumed or lost. We assume node B to be a malicious node (See Fig. a source node wants to send data packets to destination node. B does not need to check its Route Table(RT) when sending a false message. and initiates the routing discovery process.1. The forged routing has been created.1. The destination node may also give a reply. LITERATURE SURVEY 4. and sends the response to source node at once.8 Colluding Misrelay Attack In this attack. a node records another node’s valid control messages and resends them later. B claims that it has the routing to the destination node whenever it receives RREQ packets.1 Black Hole Attack In MANET. C A C A D D G S F S F G B E B E (a) Network flooding of RREQ (b) Propagation of RREP Message Figure 1. its response is more likely to reach the source node firstly. This causes other nodes to record their routing table with stale routes. everything works well.3. This makes the source node thinks that the routing discovery process is completed. ignores all other reply messages. As a result. Moreover. and begins to send data packets. Black Hole Attack . multiple attackers work in collusion to modify or drop routing packets to disrupt routing operation in a MANET. If the reply from a normal destination node reaches the source node of the RREQ first. Using routing protocol. 3. if B is nearer to the source node. but the reply from B could reach the source node first.
3 Solutions to Black Hole Attack Mohammad Al-Shurman. the first black hole node H1 refers to one of its teammates H2 as the next hop. During this time the sender node will buffer its packets until a safe route is identified. Seong-Moo Yoo and Seungjin Park proposed two different approaches to solve the black hole attack. When a RREP arrives to the source. we call this attack as the cooperative black hole attack. these buffered packets will be transmitted.2 Cooperative Black Hole Attack when multiple black hole nodes are acting in coordination with each other. the sender node needs to verify the authenticity of the node that initiates the RREP packet by utilizing the network redundancy. the source node S sends a further request message to ask H2 if it has a routing to node H1 and a routing to destination node D. Since any packet can be arrived to the destination through many redundant paths. the packets are abstracted by node H1 and the security of the network is compromised . So source node S starts passing the date packets. In the first solution. its further reply is “yes” to answer both the questions. Unfortunately.2. Cooperative Black Hole Attack 4. the idea of this solution is to wait for the RREP packet to arrive from more than two nodes. Once a safe route has identified. Two or more of these nodes must have some shared hops (in ad hoc networks. From these shared hops the source node can recognize the safe . According to the proposed methods . C A H 1 D A H 1 C D H 2 G S H 2 G S B E B E (a) Network flooding of RREQ (b) Propagation of RREP Message Figure 2. the redundant paths in most of the time have some shared hops or nodes). In this Fig. in reality.4. it will extract the full paths to the destinations and wait for another RREP. Because H2 is cooperating with H1.
route to the destination. In addition. Then it verifies each packet and prevent forged packet. otherwise it is considered as a legitimate node. If it observes a data packet that exits in its pending packet table with source address different from the forwarding node address. If it observes a data packet in its pending packet table. In node rating table. and also prevent blackmailing of legitimate nodes. then it increments the packet forwarding value in node rating table. To decide whether a node is misbehaving or act as a legitimate one. The fourth field of the node rating table is calculated by the ratio of dropped packets and successfully forwarded packets. each node keeps rating of nodes. If no shared nodes appear to be in these redundant routes. then it will not send any RERR packet upstream in the network. and only to packets belonging to its domain. then it removes this data packet from pending packet table after authenticating the packet. it will reply to the sender with a RREP contains the last-packet-sequence-numbers received from the source by this intermediate node. An expired packet in the pending packet table causes the packet drops counter to increment for the next hop associated with the pending packet table entry. These tables are updated when any packet arrived or transmitted. and this RREP will contain the last-packet-sequence-numbers received from this source. This method first detects a black hole attack and then gives a new route bypassing this node. each node keeps track of the packets. which traverse misbehaving nodes. it will initiate a RREP to the source. the sender will wait for another RREP until a route with shared nodes identified or routing timer expired. In this mechanism. if this ratio is greater than a given threshold value then this node misbehave value will be 1(means it is considered as a misbehaving node). No overhead will be added to the channel because the sequence number itself is included in every packet in the base protocol. When an intermediate node has a route to the destination and receives this RREQ. which are adjacent to it. if there are no shared nodes or hops between the routes. address of the destination node. In the second solution. a node will try to do local repair for all routes passing through this misbehaving node. Once this RREQ reach the destination. but the main drawback is the time delay.Himani bathla. the address of the next hop to which the packet was forwarded. Rajesh Yadav proposed watchdog mechanism to detect the black hole nodes in a MANET. nodes drop all RREP messages coming from nodes currently marked as misbehaving. Each node listens to packet that are within its communication range. This solution provides a fast and reliable way to identify the suspicious reply. depend on the selection of threshold value. the packets will never been sent. To stop misbehaving node to act actively in a network. After detecting a misbehaving node. one is called pending packet table and another one is called node rating table. If local repair process fails. In pending packet table. Many RREP packets have to be received and processed by the source. The sender broadcasts the RREQ packet to its neighbors. every node needs to have two additional small-sized tables. Kanika Lakhani . it sent. a counter of dropped packets observed at this node and a counter of successfully forwarded packets by this node. This solution can guarantee to find a safe route to the destination. and an expiry time (Time-to-live of packet). This process tries to prevent a misbehaving node from dropping packets. It contains a unique packet ID. To avoid constructing routes. one to keep last-packetsequence-numbers for the last packet sent to every node and the other to keep last-packetsequence-numbers for the last packet received from every node. This table contains the node address (Address of next hop node). . the entire packet originating from this node has been dropped as a form of punishment. each node maintains two additional tables.
whose content contains a same random number (x). and also is divided into route discovery phase and route maintenance phase. The node that is detected as the anomaly is black listed . Raj. which contains the same random number. D will send a SRREP containing random number y to S along corresponding opposite direction path. As BAODV(Bad Ad Hoc On-demand Distance Vector Routing suffering black hole attack). securely achieves the routing discovery process. Prashant B. at the same time S broadcasts a warning message to the whole network to isolate the middle nodes who send RREP in the front of the two fastest credible routing.Songbai Lu. it is proved to find two or more credible and efficient routing. along a new different path. Kwok-Yan Lam and Lingyan Jia proposed and implemented a secure routing protocol SAODV (Secure Ad Hoc On-demand Distance Vector). The source node S sends application layer data to destination node D along the fastest route. come from different paths. SAODV increases the process of directly verifying the destination node by using the exchange of random numbers. Swadas proposed DPRAODV (detection. The value of the threshold value is dynamically updated in the time interval. The RREP is accepted if its sequence is higher than that in the routing table. until at least two SRREQ’s content contains a same random number. which contains a random number. The content of each SRREQ contains a random number (records as x) generated by the source node S. S needs continue to wait. When D receives SRREQ. Longxuan Li. and compares the content of SRREQ whether contains a same random number. (ii) When the source node S receives two SRREP or more. If the content of SRREP contains different random numbers. when the source node in MANET receives a RREP. S will deposit the RREP in its routing table. prevention and reactive AODV) to prevent security of black hole by informing other nodes in the network. SAODV’s basic working principle is very similar to AODV. If the content of SRREQ contains different random numbers. It also check whether the sequence number is higher than the threshold value. S needs to continue to wait. It uses normal AODV in which a node receives the Route reply (RREP) packet which first checks the value of sequence number in its routing table. whose content contains a same random number. Payal N. and immediately sends a verification packet SRREQ to the destination node D along the opposite direction route of RREP received. until at least two SRREP. So SAODV can effectively prevent the black hole attack of the malicious node E in network. the destination node D firstly deposits them to local routing table. then deals with the following steps: (i) If it receives two SRREQ or more. the destination node D respectively sends verification confirm packet SRREP to the source node immediately along corresponding opposite direction path of SRREQ. If the content contains a same random number. along different paths. and then deals with according to step(i). And then S compares SRREP’s content. if it is higher than threshold value than it is considered as the malicious node. in route discovery phase. the content of each SRREP contains a random number (records as y) generated by the destination node D. The biggest difference between them is the routing discovery process. The threshold value is the average of the difference of destination sequence number in each time slot between the sequence number in the routing table and the RREP packet. When receives two SRREQ or more from different routing paths. along the different routing paths.
N. a node must demonstrate its honesty. and that it has a route to the destination. In the proposed method. If there is no repetition select random route from CRRT. and Dharma P.A. Sankaranarayanan proposed a solution for the single black hole attack. and the time at which the packet arrives. Our solution. Based on information in Further Reply. Mehdi Medadian. therefore they have enough time to show its truth. and discards the RREP having exceptionally high destination sequence number. after detecting the malicious node acts as normal AODV by accepting the RREP with higher destination sequence number. the protocol requires each intermediate node to send RREP message with next hop information. Latha Tamilselvan. for collecting the further requests from different nodes. Hongmei Deng. Then it analyses all the stored RREPs from Cmg_RREP_Tab table. the source node judges the validity of the route. If a node is the first receiver of a RREP packet. Yektaie and A. source node in MOSAODV does not accept every first RREP but calls Pre_ReceiveRREP (Packet p) which stores all the RREPs in the newly created (Cmg_RREP_Tab) table till MOS_WAIT_TIME. Wei Li. Cmg_RREP_Tab is flushed once an RREP is chosen from it. Here again the chance of malicious route selected is reduced. Jinwala and M. The node that sent this RREP is suspected to be the malicious node. It will store the ‘sequence number’.C. Early of simulation. According to this proposed solution the requesting node without sending the DATA packets to the reply node at once. To participate in data transfer process. all nodes are able to transfer data. M. MOSAODV maintains the identity of the malicious node as Mali node so that in future it can discard any RREPs from that node. Activities of a node in a network show its honesty. The time for which every node will wait is proportional to its distance from the source. When the next hop receives Further Request. Then it chooses any one of the paths with the repeated node to transmit the DATA packets. in a ‘Collect Route Reply Table’ (CRRT). It calculates the ‘timeout’ value based on arriving time of the first route request. D.H.M Rahmani proposed an approach to combat the Black hole attack by using negotiation with neighbors who claim to have a route to destination. V. The judgment process is base on opinion of network’s nodes about replier.and ALARM packet is sent so that the RREP packet from that malicious node is discarded. The activities of a node are logged by its neighbors. . Zaveri focused on improving the Secure Ad hoc On demand Distance Vector (AODV) routing protocol(MOSAODV) to safeguard it against the Blackhole attack. Unlike AODV. After receiving the first request it sets timer in the ‘TimerExpiredTable’. When the source node get this information it will send a RREQ to the next hop to verify that the node has a route to the intermediate node that sends back the RREP packet. it has to wait till other replies with next hop details from the other neighboring nodes. it sends Further Reply which includes check result to source node. This solution increases the average end to end delay and normalized routing overhead. Mistry.H. Now since malicious node is identified the routing table for that node is not maintained and also control messages from the malicious node will not be forwarded in the network. In this approach any node uses number rules to inference about honesty of reply’s sender. it forwards packets to source and initiates judgment process on about replier. Agrawal proposed a solution for single black hole node detection. The routing table for that node is not updated nor is the packet forwarded to others.
the one with the highest fidelity level is chosen. it decides if the replier is a malicious node. it’s possible that the current node is a misbehavior node. The security issues and the vulnerabilities of the MANETs are also briefly discussed. . This paper summarizes the attacks and their classifications in Mobile Adhoc Networks and also an attempt has made to explore the security solutions widely used to mitigate black hole attacks in particular. A fidelity table is maintained that will hold the fidelity levels of the participating nodes. On the receipt of multiple responses. Rule 1: If a node delivers many data packets to destinations. Rule 3: When the Rule 2 is correct about a node. Rule 4: When the Rule 2 is correct about a node. Latha Tamilselvan and Dr. The responses are collected in the response table. Rule 2: If a node receives many packets but don’t send same data packets. When the fidelity level of a node drops to 0. two or more nodes seemed to have the same fidelity levels. This is accomplished by sending alarm packets. therefore surely the current node is misbehavior. CONCLUSION The security issues in MANETs which include decentralized administration. it implies it has not forwarded the data packets faithfully and hence a Black hole. if the current node has sent number RREP packets. In case. In case the level of any node drops to 0. if the current node has not sent any RREP packets. non secure boundaries and the problems on scalability makes them go weaker in its security aspects.V Sankaranarayanan proposed a solution with the enhancement of the AODV protocol which avoids multiple black holes in the group. then the one with the minimum hop count is chosen. The following rules used to judge about honesty of a node in network. The fidelity level of each RREP is checked and if two are having same level then one is selected having highest level. The decision is base on number rules. Initially the fidelity levels of the responded node and its next hop are looked for. This judgment is base on node’s activity in network. This approach is to make use of a ‘Fidelity Table’ wherein every participating node will be assigned a fidelity level that acts as a measure of reliability of that node. If the average of their levels is found to be above the specified threshold. it is assumed as an honest node. The basic idea is to select the node with a high fidelity level. therefore the current node is a failed node. A valid route is selected from among the received responses based on the following methodology. This survey will hopefully motivate future researchers to come up with smarter and more robust security mechanisms and make them to be in vigilant against the attacks and its prevention measures even at the earlier stage. When a node collects all opinions of neighbors. The detection of a Black hole has to be intimated to the other participating nodes in the network.These neighbors are requested to send their opinion about a node. it is considered to be a malicious node. termed as a ‘Black hole’ and is eliminated. Adhoc network mobility makes it even easier for a compromised node to change its position so frequently making it more difficult and troublesome to track the malicious activity. then the node is considered to be reliable.
USA. Seon-Moo Yoo and Seungiin Park.P. 2009. 70-75. Raj and Prashant B. pp: 96-97.5. Huntsville.  N. vol.  Kanika Lakhani.H. International Conference on Computational Intelligence and Security. pp: 1-5.A. No. M.V Sankaranarayanan . International Journal of Computer and Network Security(IJCNS).Vol.”DPRAODV: A dynamic learning system against black hole attack in AODV based Manet”. pp: 13-20. IEEE Communications Magazine. Issue 3. 2007. 3. JOURNAL OF NETWORKS. No.C. Vol. 40. 5. Oct. pp: 54-59. VOL. Mistry. W. ACMSE’04.M Rahmani. “MOSAODV: Solution to Secure AODV against Black hole Attack”. International Journal of Computer Science Issues (IJCSI). 2009. 2009. Internet. AL.  Songbai Lu. “Prevention of Co-operative Black Hole Attack in MANET”. “Black Hole Attack in Mobile Ad Hoc Networks”. Agrawal. . “SAODV: A MANET Routing Protocol that can Withstand Black Hole Attack”. pp: 42-45.  Latha Tamilselvan. 10. pp: 40-45. 2002. and D. First Asian Himalayas International Conference.2004. December 2009. NO. Jinwala and M. Kwok-Yan Lam and Lingyan Jia. 3. pp. VOL. Aug. Swadas. IJCSNS International Journal of Computer Science and Network Security. April 2-3. 2009. “Prevention of Blackhole Attack in MANET”.10 No. Li. “A Simulation Model to Secure the Routing Protocol AODV against Black-Hole Attack in MANET”. Zaveri. Himani bathla and Rajesh Yadav. pp: 421-425. Longxuan Li.REFERENCES  Mohammad AL-Shurman. Deng. Yektaie and A. In Proceedings of The 2nd International Conference on Wireless Broadband and Ultra Wideband Communications (AusWireless 2007). May 2010. “Combat with Black Hole Attack in AODV routing protocol in MANET”. 1. MAY 2008.  H. 2.  Mehdi Medadian. “Routing security in ad hoc networks”.  Latha Tamilselvan and Dr. AH-ICI 2009.H. V Sankaranarayanan. D. 3-5 Nov.  Payal N.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.