Professional Documents
Culture Documents
$EVWUDFW² $ PRELOH DG KRF QHWZRUN 0$1(7 LV D FROOHFWLRQ are essential for the flexibility of MANETs, they introduce
RI DXWRQRPRXV QRGHV WKDW FRPPXQLFDWH ZLWK HDFK RWKHU E\ specific security concerns that are absent or less severe in
IRUPLQJ D PXOWLKRS UDGLR QHWZRUN DQG PDLQWDLQLQJ wired networks. MANETs are vulnerable to various types of
FRQQHFWLRQV LQ D GHFHQWUDOL]HG PDQQHU 6HFXULW\ UHPDLQV D attacks. These include passive eavesdropping, active
PDMRU FKDOOHQJH IRU WKHVH QHWZRUNV GXH WR WKHLU IHDWXUHV RI
RSHQ PHGLXP G\QDPLFDOO\ FKDQJLQJ WRSRORJLHV UHOLDQFH RQ
interfering, impersonation, and denial-of service. Intrusion
FRRSHUDWLYH DOJRULWKPV DEVHQFH RI FHQWUDOL]HG PRQLWRULQJ prevention measures such as strong authentication and
SRLQWV DQG ODFN RI FOHDU OLQHV RI GHIHQFH $G KRF RQGHPDQG redundant transmission can be used to improve the security
GLVWDQFH YHFWRU URXWLQJ $2'9 LV D YHU\ SRSXODU URXWLQJ of an ad hoc network. However, these techniques can
DOJRULWKP WKH\ HQDEOHV G\QDPLF VHOIVWDUWLQJ PXOWL KRS address only a subset of the threats. Moreover, they are
URXWLQJ EHWZHHQ SDUWLFLSDWLQJ PRELOH QRGHV ZLVKLQJ WR costly to implement. The dynamic nature of ad hoc
HVWDEOLVK DQG PDLQWDLQ DQ $G +RF QHWZRUN $Q LQWHUPHGLDWH networks requires that prevention techniques should be
QRGH ZKLFK WDNHV SDUW LQ SDFNHWV IRUZDUGLQJ PD\ EHKDYH complemented by detecting techniques, which monitor
PDOLFLRXVO\DQGGURSSDFNHWVZKLFKJRHVWKURXJKLWLQVWHDGRI security status of the network and identify malicious
IRUZDUGLQJWKHPWRWKHIROORZLQJQRGHZKHUHDPDOLFLRXVQRGH
IDOVHO\ DGYHUWLVHV JRRG SDWKV WR D GHVWLQDWLRQ QRGH GXULQJ WKH
behavior.
URXWH GLVFRYHU\ SURFHVV VXFK EHKDYLRU LV FDOOHG EODFNKROH One of the most critical problems in MANETs is
DWWDFN 7KLV DWWDFN EHFRPHV PRUH VHYHU ZKHQ D JURXS RI the security vulnerabilities of the routing protocols. A set of
PDOLFLRXV QRGHV FRRSHUDWH WR HDFK RWKHU +RZHYHU LW LV nodes in a MANET may be compromised in such a way that
YXOQHUDEOHWRWKHZHOONQRZQFRRSHUDWLYHEODFNKROHDWWDFN,Q it may not be possible to detect their malicious behavior
WKLV SDSHU D 'HWHFWLQJ PHFKDQLVP LV SUHVHQWHG DJDLQVW D easily. Such nodes can generate new routing messages to
FRRUGLQDWHG DWWDFN E\ FRRSHUDWLYH EODFNKROH QRGHV LQ D advertise non-existent links, provide incorrect link state
0$1(7SOXVDPHWKRGWRVHFXUHWKHKLVWRU\UHFRUGVRISDFNHW information, and flood other nodes with routing traffic, thus
GHOLYHU\ LQIRUPDWLRQ DW HDFK FRQWDFW VR WKDW RWKHU QRGHV FDQ inflicting Byzantine failure in the network one of the most
GHWHFW LQVLGHU DWWDFNV JUD\KROH DWWDFN E\ DQDO\]LQJ WKHVH
SDFNHW GHOLYHU\ UHFRUGV DQG DYRLG WKH EODFNKROH DQG WKH
widely used.
FRRSHUDWLYH EODFNKROH DWWDFNV E\ XVLQJ &RRSHUDWLYH 6HFXULW\ Routing protocols in MANETs is the DGKRF RQ
$JHQWV GHPDQGGLVWDQFHYHFWRU(AODV) routing protocol [1]. It is a
source initiated on-demand routing protocol. However,
AODV is vulnerable to the well-known blackhole attack. In
.H\ZRUGV &RRSHUDWLYH %ODFNKROH $WWDFN 0$1(7 $2'9 [2], the authors have assumed that the blackhole nodes in a
&RRSHUDWLYH6HFXULW\$JHQWV'DWD5RXWLQJ,QIRUPDWLRQ MANET do not work as a group and have proposed a
solution to identify a single blackhole. However, their
I. INTRODUCTION proposed method cannot be applied to identify a cooperative
A MANET is a collection of wireless hosts that can blackhole attack involving multiple malicious nodes.
be rapidly deployed as a multi-hop packet radio network In this paper, a mechanism is proposed to identify
without the aid of any established infrastructure or cooperative blackhole nodes cooperating as a group in an ad
centralized administrator. Such networks can be used to hoc network. The proposed technique works with slightly
enable next generation battlefield applications, including modified AODV protocol and makes use of the GDWDURXWLQJ
situation awareness systems for maneuvering war fighters, LQIRUPDWLRQ WDEOH in addition to the cached and current
and remotely deployed unmanned micro-sensor networks. routing table.
MANETs have some special characteristic features such as Recent work proposed in [3], [4] rely on the
unreliable wireless media (links) used for communication introduction of a trusted examiner called ferry node, which
between hosts, constantly changing network topologies and moves around in the network and validates the packet
memberships, limited bandwidth, battery, lifetime, and delivery probability to determine the presence of the
computation power of nodes etc. While these characteristics blackhole attack. In this paper, without relying on a third-
party ferry node, we introduce a scheme that generates the
978-1-4673-4805-8/12/$31.00 2012
c IEEE 549
un-forgeable packet delivery records in each contact and %&RRSHUDWLYH%ODFNKROH$WWDFN
exploits the history of the packet delivery records to perform In the case of multiple malicious nodes that work
blackhole attack Detecting. In particular, when two nodes together with cooperatively, the effect will be more. This
encounter each other, they will record the number of packets type of attack is known as cooperative blackhole attack [7].
exchanged between them, and generate the secure records Two phases:
for each other with their private keys. In our scheme, when a 1) First phase: The malicious node exploits the ad hoc
node reveals its history packet records to its neighboring routing protocol such as AODV [8] to advertise
nodes, these nodes perform check and analyse the records to itself as having a valid route to a destination node,
decide the sanity of this node. with the intention of intercepting packets, even
Various attacks against wireless ad hoc networks though the route is spurious.
can be conducted. They are qualified passive ones, if they 2) Second phase: The attacker node drops the
are limited to the listening of the network traffic to take intercepted packets without forwarding them.
note, or active if the traffic is modified by the intruder. There is a more subtle form of this attack when an
Security attacks can be internal when the malicious node attacker node suppresses or modifies packets
belongs to the network, or external if not. Deny of service originating from some nodes, while leaving the
attacks are easy to carry out, and difficult to detect. Their data packets from other nodes unaffected.
principle is the violation and the non-respect of the network This makes it difficult for other nodes to detect the
protocol specification and their finality is the disturbance of malicious node. In this work, a defense mechanism has been
the correct network operation. The no relaying of the traffic proposed against a cooperative blackhole attack that relies
(of control or data) by an intermediate node constitutes a on AODV routing protocol.
behavioral deviation, whose consequence is the violation of In the standard AODV protocol when the source
the objective for which the network is deployed. Such node 6wants to communicate with the destination node ',
malicious behavior is called the blackhole attack [5]. In this the source node 6 broadcasts the 5RXWH5HTXHVW (RREQ)
work we explained a solution that checks good forwarding packet. Each neighboring active node updates its routing
of the traffic by an intermediate node and the Cooperative table with an entry for the source node 6, and checks if it is
Security Agents are used to detect and isolate the the destination node or whether it has the current route to
Cooperative Blackhole Attack. the destination node [9].
Vulnerability of MANET is explained in If an intermediate node does not have the current
section II. In section III impacts of cooperative blackhole route to the destination node, it updates the RREQ packet by
attacks are explained. Architecture and workflow of increasing the hop count, and floods the network with the
Cooperative Security Agents are described in section IV. RREQ to the destination node 'until it reaches node 'or
Implementation details are shown in section V. any other intermediate node that has the current route to '
The destination node ' or any intermediate node
that has the current route to ', initiates a 5RXWH5HSO\
(RREP) in the reverse direction. Node 6 starts sending data
II. VULNERABILITY OF MANET packets to the neighboring node that responded first, and
discards the other responses. This works fine when the
$%ODFNKROH$WWDFN
network has no malicious nodes. However, the security
A malicious node that incorrectly sends the RREP threat arising out of the situation where multiple blackhole
(route reply) that it has a latest route with minimum hop nodes act in coordination has not been addressed.
count to destination and then it drops all the receiving
packets, this is called as blackhole attack.
They drop the packets by sending false route reply
messages to the route request. To perform blackhole attack, III. IMPACT OF COOPERATIVE BLACKHOLE ATTACK
malicious node waits for RREQ messages from neighboring
$ 5HVRXUFH&RQVXPSWLRQ$WWDFN
nodes. When the malicious node receives an RREQ
In this attack, an attacker tries to consume or waste
message, immediately sends a false RREP message with a
away resources of other nodes present in the network. The
high sequence number and minimum hop count without
resources that are targeted are battery power, bandwidth,
checking its routing table to make an entry in the routing
and computational power, which are only limitedly
table of the source node, before other nodes replies to
available in ad hoc wireless networks [10].
absorb transmitted data from source to that destination and
Different form:
drop them instead of forwarding. Blackhole attack in AODV
1) Unnecessary requests for routes,
protocol [6] can be performed in 2 ways:
2) Very frequent generation of beacon packets,
1) Blackhole attack caused by RREP.
3) Forwarding of stale packets to nodes.
2) Blackhole attack caused by RREQ.
'DWD5RXWLQJ,QIRUPDWLRQ
The mechanism modifies the AODV protocol by ARCHITECTURE:
introducing data routing information (DRI) table. In the In this architecture of cooperative security agents
proposed scheme, two bits of additional information are sent we pass DRI and SRT-RRT table as an input to Cooperative
by the nodes that respond to the RREQ message of a source Security Agents. Based on these inputs the CSAs use cross
node during route discovery process. checking and detection flow mechanisms for detecting
Each node maintains an additional data routing cooperative blackhole attack, once it is detected that can be
information (DRI) table. avoided by passing alert notification in the MANET.
(QWULHVLQ'5,WDEOHDUH
x Bit 1- ‘true’
x Bit 0- ‘false’.
‘From’- The information on routing data packet IURPthe
node.
‘Through’- The information on routing data packet
through the node.
5HFRUGRI3DFNHWGHOLYHU\
This is a method to secure the history records of
packet delivery information at each contact so that other
nodes can detect insider attacks by analyzing these packet
delivery records.
We use node $ and node % as an example to
illustrate how this recording process is carried out in our
scheme. Figure 1. Architecture of Cooperative Security Agents
Node % generates the packet record for node $ as
follows:
& $OHUWFOXVWHULQJDQGWKUHVKROGFRPSXWDWLRQDQG
FRPSDULVRQ
This component is used to identify the level of
spacious node ID delivered from intrusion Detecting
component. There are three levels of alerts illustrated in
table 3. They are serious, moderate, and slight alerts.
Levels:
1) Serious: Drop node ID & sends an alert
notification to other CSAs.
2) Moderate: Threshold check is used to make a
decision ofon whether to drop the node ID & send
an alert notification to other CSAs or not.
3) Slight: Do not care
' 7KUHVKROG&KHFNLQJ
7KUHVKROG= ȝ +Ȝ ×ı
ȝ- Mean with respect to detected moderate alerts from
different sources during a period of time Figure 2. The workflow of the Cooperative Security Agent
ı-The standard deviation
Ȝ- Dynamically determined by the network manager. One of the MANET’s regions suffers from DoS
attack, then Cooperative Security Agent sends alert message
' ,QWUXVLRQ UHVSRQVH DQG EORFNLQJ-Two modules in this to other Cooperative Security Agent. Cooperative Security
component: Agent could gather the same type of attack sent from other
1) Communication Modules- It is used to send an Cooperative Security Agent. Then it makes a judgment to
alert notification to other IDSs, if the level of determine the trustworthiness of this alert message by
alert about the node ID is either serious or majority vote method. Thus, the proposed system keeps the
moderate level but over threshold. MANET from single point of failure.
2) Block Model - Then block module is triggered
to block or drop this bad Node ID (Blackhole).
V. IMPLEMENTATION
( &RRSHUDWLYH RSHUDWLRQ This component is used to
receive alert messages delivered from other Security The proposed scheme will be implemented by
Agents. After receiving these alerts, the cooperative agent using ns(Network Simulator). We have considered the
makes a judgment by executing majority vote and the simulation parameters as shown in table I.
formula is described as
Then Security Agent accepts this alert message and
regards this type of packet as a bad mode ID. If the value of
the majority vote is larger than 0.5, then the cooperative
SNAPSHOTS:
$0$1(7ZLWKRXW%ODFNKROH$WWDFN &'HWHFWLRQRI&RRSHUDWLYH%ODFNKROH$WWDFN
In figure 3 we have considered node 0 as source Cooperative Security Agents detect this
and node 6 as destination. Hence the path between source cooperative blackhole attack and send notification to all
and destination is 0-1-2-6. other nodes for avoiding this attack. Then the path can be
changed as 0-4-5-6 as shows in figure 5.