Prevention Of Black Hole Attack In Mobile Computer Science Essay

Published Date: 02 Nov 2017

Ei Ei Khin#1, Thandar Phyu#2

1Faculty of Information and Communication Technology, University of Technology (Yatanarpon Cyber City)

Pyin Oo Lwin, Myanmar

[email protected]

2Department of Advanced Science and Technology, Ministry of Science and Technology

Nay Pyi Taw, Myanmar

[email protected]

Abstract— A mobile ad-hoc network is an autonomous network that consists of mobile nodes which communicate with each other with wireless channel. Due to its dynamic nature and mobility of nodes, MANETs are more vulnerable to security attack than conventional wired and wireless networks. Ad hoc On-demand Distance Vector routing (AODV) is a widely adopted and very popular network routing protocol for MANET. However, it is vulnerable to the well-known black hole attack, where a malicious node falsely advertises the freshest and shortest path to a destination node during the route discovery process. In this paper, a defence mechanism is presented against black hole attack. The proposed system adds two new tables to AODV protocol. One is Route Reply (RREP) Record Table (RRT) to store RREP from neighbour’s node. Another is Node Information Table (NIT) to mark the malicious nodes and the successful connection of the neighbour nodes. This method removes black hole node and chooses a reliable node by using these two tables. When the black hole node is detected, the system is automatically sending out the Alarm message to all neighbouring nodes.

Keywords— MANETs, AODV, Black Hole, RRT, NIT

Introduction

Mobile Ad-Hoc Networks (MANETs) are autonomous and decentralized wireless systems. MANETs consist of mobile nodes that are free in moving in and out in the network. Nodes are the system or devices. These nodes can act as host/router or both at the same time. They can form arbitrary topologies depending on their connectivity with each other in the network. These nodes have the ability to configure themselves and because of their self configuration ability, they can be deployed urgently without the need of any infrastructure. Routing protocols is one of the challenging and interesting research areas. Many routing protocols have been developed for MANETS, i.e. AODV, OLSR (Optimized Link State Routing), DSR (Dynamic Source Routing) etc.

Security in Mobile Ad-Hoc Network is the most important concern for the basic functionality of network. MANETs have some special characteristic features like open medium, changing its topology dynamically, lack of central monitoring and management, cooperative algorithms, no clear defence mechanism and so on. So, MANETs are vulnerable to various types of attacks. These include passive eavesdropping, active interfering, impersonation, and denial-of service. Intrusion prevention measures such as strong authentication and redundant transmission can be used to improve the security of an ad hoc network. However, these techniques can address only a subset of the threats. Moreover, they are costly to implement. The dynamic nature of ad hoc networks requires that prevention techniques should be complemented by detection techniques, which monitor security status of the network and identify malicious behaviour.

One of the most critical problems in MANETs is the security vulnerabilities of the routing protocols. However, due to security vulnerabilities of the routing protocols, wireless ad-hoc networks are unprotected to attacks of the malicious nodes. One of these attacks is the Black Hole Attack against network integrity absorbing all data packets in the network. Since the data packets do not reach to the destination node on account of this attack, data loss will occur. In this paper, we present a technique to identify black hole attack and a solution to discover a safe route avoiding black hole attack. The proposed technique works with slightly modified AODV protocol and makes use of trustful node table.

Related Work

There indeed have been numerous attempts published in the literature that aim at countering the black hole attacks. Various research papers were reviewed in this regard.

Latha Tamilselvan, Dr. V Sankaranarayanan [5] proposed a solution with the modification of the AODV protocol, which avoids multiple black holes in the group. It uses Fidelity table where every node that is participating is given a fidelity level that will provide reliability to that node. Any node having 0 values is considered as malicious node and is eliminated from the network. The main drawback of this solution is processing delay in the network.

The proposed architecture AODVR [6] has introduced several modules such as Packet Classifier, Extractor, Blacklist Tester, RREP sequence number Tester, Threshold Tester and

ALARM broadcaster. As the packet arrives in the system, Packet Classifier classifies it to be RREQ, RREP secure, RERR, ALARM and HELLO packet. AODVR modifies the content and format of RREP and includes a new type of packet ALARM. Extractor extracts required contents of all types of packets other than HELLO. However, the procedure of formulating the threshold is a bit overwhelming, hence it results network delay. Formulations of correct threshold range keep black holes from intrude; while a wrong formulation may restrict an authentic node thereby disgrace it to be a black hole.

Herminder Singh et.al., [3] have discussed the AODV protocol suffering from black hole attack and proposed a feedback solution which comparatively decreases the amount of packet loss in the network. The black holes by examining the no of sent packets at that node which will always be equal to zero for most of the cases. After the malicious black nodes have been detected, we can adopt a feedback method to avoid the reacceptance of incoming packets at these black holes. The packets coming at the immediate previous nodes to black nodes are propagated back to the sender and the sender follows an alternative safer route to the destination. However, it cannot detect black hole nodes when they worked as a group.

The proposed solution in [8] modifies the behavior of AODV to include a mechanism for checking the sequence number of the received RREP. As the source node receives the RREP it compares the sequence number of the received RREP to a threshold value. The replying node is suspected to be a black hole if its sequence number is greater than the threshold value. The threshold is the computed average of the difference between the destination sequence number in the routing table and the destination sequence number in the RREP within certain periods of time. Their solution increases the average end to end delay and normalized routing overhead.

Overview Of AODV Routing Protocol

The Ad Hoc On-Demand Distance Vector (AODV) routing protocol is a reactive protocol for ad hoc and mobile networks that maintains routes only between nodes which need to communicate. The AODV routing protocol is an adaptation of the DSDV (Destination-Sequenced Distance Vector) protocol for dynamic link conditions [1][2][9].

3.1 Route Discovery Process

Whenever a packet is to be sent by a node, it first checks with its routing table to determine whether a route to the destination is already available. If so, it uses that route to send the packets to the destination. If a route is not available or the previously entered route is inactivated, then the node initiates a route discovery process. A RREQ (Route Request) packet is broadcasted by the node.

Every node that receives the RREQ packet first checks if it is the destination for that packet and if so, it sends back an RREP (Route Reply) packet. If it is not the destination, then it checks with its routing table to determine if it has got a route to the destination. If not, it relays the RREQ packet by broadcasting it to its neighbors. If its routing table does contain an entry to the destination, then the next step is the comparison of the ‘Destination Sequence’ number in its routing table to that present in the RREQ packet.

This Destination Sequence number is the sequence number of the last sent packet from the destination to the source. If the destination sequence number present in the routing table is lesser than or equal to the one contained in the RREQ packet, then the node relays the request further to its neighbors. If the number in the routing table is higher than the number in the packet, it denotes that the route is a ‘fresh route’ and packets can be sent through this route. This intermediate node then sends a RREP packet to the node through which it received the RREQ packet. The RREP packet gets relayed back to the source through the reverse route. The source node then updates its routing table and sends its packet through this route.

3.2 Route Maintenance Process

During the operation, if any node identifies a link failure it sends a RERR (Route Error) packet to all other nodes that uses this link for their communication to other nodes.

Since AODV has no security mechanisms, malicious nodes can perform many attacks just by not behaving according to the AODV rules. A malicious node can carry out many attacks against AODV.

Black Hole Attack

Black hole attack [4][7] is a kind of Denial of Service (DoS) attacks where a malicious node can attract all packets by falsely claiming a fresh route to the destination and then absorb them without forwarding them to the destination.

As an example, consider the following scenario in Figure 1. In this figure, node ‘S’ is the source node and ‘D’ is the destination node. When the source node ‘S’ wishes to transmit a data packet to the destination node ‘D’, it first broadcasts the RREQ packet with destination sequence number 10 to the neighboring nodes. So, the neighboring node ‘C’, ‘E’ and ‘F’ receive it. When the neighboring nodes check up with its routing tables, they send back RREP packet with their destination sequence numbers to the source node ‘S’. The node ‘S’ receives the RREP from ‘F’ ahead of the RREP from ‘C’ and ‘E’. When the source node ‘S’ compare its sequence number with the sequence number of ‘F’, the sequence number is high. So, the node ‘S’ assumes that the route through ‘F’ is the freshest route and sends any packet to the destination through it. This is a typical scenario of the AODV protocol packet exchanges.

Figure 1. Packet exchanges of AODV without black hole attack

However, consider the scenario that the malicious node participates in this network in Figure 2. ‘M’ is assumed malicious node. When the source node ‘S’ wishes to transmit a data packet to the destination node ‘D’, it first broadcasts the RREQ packet to the neighboring nodes. So, the neighboring node ‘C’, ‘E’ and the malicious node ‘M’ receive it. Since the node M is a malicious node, it does not check up with its routing table for the requested route to node ‘D’. Hence, it immediately sends back a RREP packet with highest sequence number, claiming a route to the destination. The node ‘S’ receives the RREP from ‘M’ ahead of the RREP from ‘C’ and ‘E’. The node ‘S’ assumes that the route through ‘M’ is the freshest route and sends any packet to the destination through it. However, the node ‘M’ absorbs all the data and thus behaves like a ‘Black hole’.

Figure 2. Packet exchanges of AODV with black hole attack

5. The Proposed Algorithm

In this section, the mechanism for defending black hole attack in AODV is presented. The algorithm tries to modify the process of source node by introducing two new tables into existing AODV protocol. These tables are RREP Record Table (RRT) and Node Information Table (NIT). RRT table stores all RREP record from neighbors’ node as shown in Table 1 and NIT table stores the malicious node and the successful connection of the neighbor node as shown in Table 2. The modify version of source node process is proceeding with the process of intermediate node and destination node.

Table 1. RREP record table (RRT)

Node ID

DN ID

DN Seq_no

M

D

20

F

D

13

C

D

11

E

D

12

Table 2. Node information table (NIT)

Node ID

Successful Path

Malicious Node

C

1

0

M

0

1

D

1

0

E

0

0

5.1 Parameters

SN - Source Node

DN - Destination Node

IN - Intermediate Node

MN - Malicious Node

RT - Routing Table in AODV

DSN - Destination Sequence Number

RREQ – Route Request Packet

PRREP – Route Reply Packet

NID - Node ID

MNID - Malicious Node ID

5.2 Algorithm

Step 1: SN broadcasts RREQ to neighbors.

Step 2: Store (RREP: DSN, NID) into RRT when SN receives RREP message from IN.

Step 3: Retrieve the first RREP message from RRT.

Step 4:

If (DSN in RREP is much higher than DSN in RT) then,

Assume IN is MN

Discard entry from RRT and store this NID as MNID

Send Alarm message to neighbor nodes

 

Else If (DSN in RREP is higher than DSN in RT)

Check IN whether Black Hole node in NIT

If (IN is listed as a malicious node in NIT) then,

Discard this entry from RRT

Else If (IN is listed as successful connection node in NIT) then,

Assume IN is reliable node

Else (NIT does not have a successful connection to IN or IN is not a malicious node)

Store this IN to temporary

If (There are two or more DSN values in temporary)

Choose IN that has the smallest difference DSN between the DSNs in temp and DSN in RREQ.  

Step 5: Repeat Step 3 to 4 until intermediate node is not a reliable node.

Step 6: Make entry of IN’s RREP packet in RT and store this IN into node ID in NIT.

Step 7: Send data packet through this node.

Step 8: If SN receive acknowledgment from DN, add this information to successful path.

5.3 Working Principle of Algorithm

Initializing and Storing Node Information

The source node starts broadcasting RREQ message to all neighbors. In the original AODV protocol, by default, the source node accepts the first fresh enough RREP message coming to it. Generally, malicious node with high destination sequence number sends the route reply first during black hole attacks. As compared, in our approach, we keep all the RREP destination sequence number with respective node ID in RRT and compare how much differences of reply sequence number of each neighboring node.

5.3.2 Identifying and Removing Malicious Node

Compare the first arrival of destination sequence number of neighbor node with the destination sequence number of source node. If the value of the difference between them is high enough, this node might be the malicious node the algorithm immediately removes that entry from the RRT. Then, this malicious node ID is stored in NIT and send alarm message to all neighbors. This is how malicious node is identified and removed.

Moreover, if there is not much difference between them, the algorithm checks that intermediate node is recorded as a black hole node in NIT. If it is listed in NIT, this intermediate node is black hole node. However, if the intermediate node is recorded as a successful path node in NIT, this intermediate node is a reliable node and selects it as a trusted node. However, if there is no entry of successful path node or malicious node in NIT, this intermediate node may be trusted node or black hole node. For such case, the algorithm stores this node information in temporary location or further comparison.

Then, the next route reply information from RRT is retrieved and compares them back. If there are two or more DSN values in temporary, the algorithm chooses IN as a trusted node which has the smallest difference value of the DSNs in temporary and DSN in RREQ.

5.3.3 Storing the Information of Intermediate Node

After selecting the intermediate node as a trusted node, the node is stored with RREP packet in routing table of AODV. Then the actual data packet is sent to the destination node through trusted node. When source node receives acknowledge from destination node, this trusted node is added to successful path information in NIT.

In addition, as the proposed solution maintains the identity of the malicious node with malicious node ID, so that in future, it can discard whenever any control messages coming from that node. Now since malicious node is identified, the routing table for that node is not maintained any more. And also, the control messages from the malicious node, too, are not forwarded in the network.

6. Conclusion and Future Work

In this paper, a simple approach for defending the AODV protocol against Black Hole attack is proposed. The proposed solution can be applied to identify and remove black hole node and to discover a secured route form source to destination in the MANET. In this system, we store all RREP from neighbors’ node to RRT to detect malicious node. Moreover, we store the intermediate node to temporary if the data for this intermediate node does not have in NIT because we don’t know that the intermediate node is malicious node or not. So, this method has processing time delay than normal AODV protocol.

As future work, we intend to develop simulations using NS-2 to analyze the performance of the proposed solution based on the security parameters like packet delivery ratio (PDR) and throughput and so on.

Acknowledgments

My Sincere thanks to my supervisor Dr. Thandar Phyu, for providing me an opportunity to do my research work. I express my thanks to my Institution namely University of Technology (Yatanarpon Cyber City) for providing me with a good environment and facilities like Internet, books, computers and all that as my source to complete this research work. My heart-felt thanks to my family, friends and colleagues who have helped me for the completion of this work.