BlackHole Attack Prevention in AODV-Based MANET
Ume-Hani Syed1, Dr.Arif Iqbal Umar2, Fahad Khurshid3
123Department of Information Technology
123Hazara University, Mansehra, Pakistan
, ,
Abstract: Ad hoc On-demand Distance Vector (AODV) is a reactive wireless ad hoc routing protocol. An effective routing protocol as it has minimum overhead of control messages management as well as efficient and fast reaction in response of these control messages. On the other hand, AODV also has various security limitations and exposed to different internal and external attacks. Black Hole attack is an internal attack, a malicious node presenting itself to be legitimate in that network hence intercepts all the traffic which was routed to the destination. In order to avoid and detect Black Hole attack, intense studies have been made to make AODV safe but there are still several security concerns that need to be tackled. In this paper a method is proposed to enhance the route discovery process in AODV-enabled Mobile Ad hoc Networks (MANETs). Proposed method attempts to improve AODV route discovery process against Black Hole attack by secure entry in Routing Table and tries to provide better performance than various methods proposed before.
Keywords: AODV, Route Discovery, Sequence number, TTL, Black hole Attack.
Introduction
Mobile adhoc network (MANET) has several mobile nodes connected together regardless of any central access point. It has limited computing power, bandwidth, nodes battery and distance etc. MANET has an edge over conventional wired network as easy to deploy anytime anywhere. It has several mobile nodes depending upon the type of application. Mobile nodes are free to move and join, as of mobility the topology is dynamic in nature.
MANET uses different routing protocols for route establishment. It uses proactive and reactive protocols. In proactive routing protocols it periodically exchanges routing information with mobiles nodes. Unlike proactive routing protocols, reactive protocols exchange route information only when needed. Some of the protocols are hybrid in nature as they have the best of both [25].
AODV is reactive routing protocol for MANET; it uses sequence numbers for route freshness. AODV is a loop free, supports bulk of mobile hosts and self starting. AODV uses sequence numbers for the freshness of route. There are many possible attacks in AODV based MANET some of them are internal and some of them are external. Internal attacks are hard to detect Black hole attack is one of them. In Black Hole attack malicious node enters the network and claims that it has the shortest path to the destination hence intercepts all of the data. It exploits one of the best features of AODV that is the shortest path to the destination in a very sophisticated way. It is hard to prevent Black hole attack by any single solution. In this paper a mechanism is proposed to prevent Black Hole attack which improves AODV route discovery mechanism. An additional table i.e rrep_table is used to store more than one RREP’s as in [19]. To prevent Black Hole attack we have introduced an algorithm which ignores RREP from black hole node and selects one of legitimate RREP from rrep_table and store it into routing table. This will result a secure and legitimate route establishment between the nodes in AODV based MANET.
The rest of paper is ordered as follows. Section-II presents background information about AODV routing protocol, related terminologies, awareness of problem, and how the black hole attack is performed on AODV. Section-III reviews the several solutions to black hole attacks. In section-IV proposed solution against black hole attack is presented. Section-V shows the robustness of proposed solution. Finally section-VI concludes the paper.
Background
A. Ad hoc on-demand Distance Vector
TheAd hoc On Demand Distance Vector is a routing protocol and it is designed for ad hoc networks. It has the capability of multi-cast and uni-cast routing. AODV establishes and maintains the routes between mobile nodes when it is demanded.
1) Route Discovery Process: AODV establishes routes via broadcasting a RREQ. If a source node needs to establish a route towards destination and it does not have route before, then the source node broadcasts a RREQ in AODV network. Intermediate nodes get the control packet and build the route in routing table back to the source node after freshen the information. RREQ also contains the broadcast ID, IP address of source node, present sequence number of destination node and Time-To-Live value. TTL field in RREQ message allows control over how long the RREQ is propagated for every retry[19]. Primarily Route Requests are sent with small TTL value to bound their dissemination. If Route Reply is not received within small traversal time(TTL), then try larger time for RREQ traversal in network. A RREP may send by a node after receiving RREQ if:
a) it has a route towards destination with sequence number equal to or greater than the sequence number in received RREQ, or
b) it is the destination node.
In above case, node uni-casts a RREP backward to source node. If not then RREQ is broadcasted further. AODV nodes maintain the broadcast ID and IP address of source node's RREQ. A RREQ is discarded and do not forwarded if it is processed before.
Figure. 1. Route discovery process in AODV[19]
Source node starts forwarding data packets to the destination when it receives RREP. Source node do update its Routing Table used for destination if:
a) it receives a RREP later with small hop count but same sequence number, or
b) a RREP having greater sequence number.
Source node accepts the RREP with highest sequence number if multiple RREPs are received.
2) Role of Sequence Numbers: Incrementing sequence numbers of participating nodes contribute to keep the information fresh and route is established through those nodes which have highest sequence number. When a node starts a route discovery process or responds to RREQ control packet, destination node renews its sequence number.
B. BlackHole Attack
A kind of denial of service attack. It occurs when a malicious node sends a RREP with a very high sequence number after receiving RREQ. Intermediate nodes in Black Hole attack environment will consider it freshest route and send information via malicious node.
C. Understanding of Problem
Issue arises when a malicious node enters into the network and acts as black hole node. It can disrupts the network activity and degrade its performance. The black hole node gets the RREQ and immediately sends a RREP with exponentially high sequence number state that it has freshest and shortest route towards destination. Source node may receive this RREP before other RREPs. It may also receive this RREP after other RREPs but before legitimate RREP. Source node establishes the route through black hole node and start data transmission. Black hole node drops all the data packets instead of sending to destination node. As a result, Black hole nodes become the reason of failure in the routing protocols.
Literature Review
In this section, previously published techniques and their limitations are discussed related to Black Hole attack in AODV MANET. There have been many works done against Black Hole attack in AODV-enabled MANETs.
Example of work done by R. Yerneni and Anil Sarje in [1], proposed an additional control packet MREQ(Modified Request) carries random number after RREP. Random number does not upgrade at any node but malicious node replies another highest random number and detected. In this scheme, each time random number generation consumes memory and time. In case of suspicion, double times wait for RREP, then again send MREQ and wait for MREP, find duplicate random number then establish path.
K. Lakshmi et al. in [23], sources node maintains an additional Request-Reply (RR) Table stores all incoming RREPs with Dest.Seq.no. and nodeID for specified time. Unusual highest Seq.No.'s are considered as malicious node MID. From remaining choose one as legitimate route. Proposed solution fails when remaining entries also contain any malicious node. Also incoming RREP's waiting time limit is not defined.
L. Himral et al. in [11] proposed the algorithm by modifying the work of [23]. Waiting time steps are eliminated for incoming RREP packets at source node so no time limit is defined in proposed algorithm for RREP storage in Route-Reply Table.
In [3], R. Dr. S. Tamilarasan Modified the work of [23] and [11] in their proposed algorithm by carrying same approach but adding time limit for RREP storage. Idea fails when remaining entries also contain any malicious node.
Vishnu K and A.J. Paul in [21], selects Back Bone Nodes (BBN) those have powerful battery and range. New entering nodes request to nearest BBN for assigning the unique IP addresses for themselves. Not assigned IP addresses are saved as Restricted IP (RIP) at BBN. If RREP from destination received by source node and also from RIP then dummy packet is sent to monitor the performance of that packet. Loss of dummy packet shows the IP address of replying node is suspected. Much processing overhead by selection of BBN, assigning IP address to each node, separating RIP, propagation and monitoring of dummy packets, then Black/gray hole detection process.
In [5] Rajesh et al. proposed Opinion AODV(OAODV) algorithm. OREQ packet is sent after RREP received with the RREP source ID. After receiving OREP source node, the ratio of Request Weight to Reply Weight is calculated for each other. If more replies forwarded than request then Black hole attack is detected. This scheme also failed if legitimate nearest nodes may send more and instant replies.
In [12] J. Sen et al. proposed algorithm and introduced two concepts: DRI table has two fields, information on routing packet 'through' and 'from' the node. “Cross check” checks the reliability of Next Hop Node(NHN) and Intermediate Node(IN) with the help of DRI fields. Here cross checking for node reliability causes processing delay. Maintaining DRI table at each node is considerable bandwidth loss in MANET.
Herminder and Shweta in [13], adopts a feedback method to avoid transmission through black hole nodes. The packets coming at the immediate previous nodes to black-nodes are propagated back to the sender. Sender follows an another safer route toward destination. But packets propagate back to sender from malicious nodes, it consumes time and increases processing overhead.
M. Raza and S. Irfan in [18] proposed FRIMM (Forced Routing Information Modification Model). Network is constructed as centralized network using server, Access Points(AP) and nodes. Nodes cannot communicate directly with server without AP. If AP does not get response from node requesting for server then there is a black hole node. AP scan the network and detect communication between legal and black hole node and also fetches the malicious node's MAC address and throw to server. Server attacks malicious node by DoS jamming and divert the affected node’s traffic towards AP. This approach also has limitations as it is costly approach and wastage of hardware resources. Extra burden on access point causes communication delay between server and access point.
Ms. Nidhi et. al in [8] proposed two solutions to make network safe from black hole attack. First solution guarantees to locate a secure route towards the destination node but the data packet will never be sent if no shared hops or nodes between the routes. other solution gives a reliable and fast action to find malicious replies but two additional table maintenance for stale Seq.nos. is additional overhead.
By Kitisak O et al. in [14], modified ETX(Expected Transmission count) named Secure ETX(SETX) proposed to counter Black hole attack. Scheme does not stop cooperative black hole attacks.
Ms. Sonali and Mrs. S. R. Chaudhary in [16] proposed a novel mechanism as an improvement in TWOACK scheme i.e. E-TWOACK. It senses the suspicious node by using detection system and reduces the misbehavior detection overhead while the detection efficiency gets increased. But a safe link is considered as suspicious because acknowledgement packets can also be dropped due to traffic congestion.
In [17], Po-Chun et. al proposed BDSR (Baited-Black-hole DSR) avoids and senses the black hole attack depend on assembling protection design of proactive and reactive in MANET. Proactive detection must execute at initial stage of each routing, it is extra processing overhead if there is large infrastructure and no malicious node present in the network. In proposed approach of Latha T et al. in [30], store RREPs in Route Reply Table (CRRT) and check for any repeated next hop node in reply path. Select that path if yes. Otherwise select random route. But in case of random selection of route from CRRT, here are pretty high chances to route data packet through black hole node.
As in related work of [6,10,22,25 and 29], store all incoming RREPs in a table. Additional check is implemented to find exponentially high RREP sequence number that is considered as Black hole node. Alarm packets are generated to all participating nodes and add Black hole nodes in malicious list at each node and eliminated from any routing process. In these approaches, generation of ALARM packet to each node consumes memory. Routing Table lookup and updating the Routing Table slightly increase the routing overhead.
In [2,4,9 and 26], Trust models/Trust values is another approach used for selection of secure route. Trust level of participant nodes in AODV is measured by using duplicate trust value control messages. Trust value increments by 1 if duplicate control message is received from neighboring node and decreases by 1 if duplicate control message is not received in Time-To-Live(TTL). Drawback of Trust models is handling overhead of duplicate control message if large infrastructure. Trusted table maintenance at each node is memory consumption. Waiting and analyzing for highest trust value for establishing route from source to destination. Collecting trust values, monitoring and maintaining between upper bound and lower bound causes delay and overhead.
Intrusion detection techniques in [15,20 and 24]are also used for black hole attack solution. Audit data collection at each node and detects intrusion on the basis of audit data. But audit data collection at each node causes bandwidth consumption and has additional management overhead.
Related work of [7,27 and 28], uses additional control packets sent for route verification from source to destination after RREP control packet is received. If Seq.No. of RREP is greater than and equals to Seq.No. of additional RREP packet then there exists black hole node. Generation and handling of these control packets cause bandwidth consumption and causes extra processing overhead.