Ad-hoc On-Demand Distance Vector Protocol and Black

Hole Attack Detection

Presented By : Rajkumar Singh

Guide : Dr. Santosh Biswas

Dept. Of Computer ScienceIndian Institute of Technology, Guwahati

Mobile Ad-hoc Network● A Mobile ad-hoc network is a collection of wireless nodes that can dynamically be set up anywhere and anytime without having the preexisting network infrastructure.

● It is an autonomous system in which mobile hosts connected by wireless links are free to move randomly. Here the node sometime act as host and also some time act as Router.

● Very Useful in Household, Industry, Study and Military purposes.

Ad-hoc On-Demand Distance Vector Protocol

● AODV Routing protocol is one of the more commonly used routing algorithm in ad-hoc networks, and this is based on the principle of discovering routes on requirement. Means AODV is both On-demand and Table driven protocol.

●AODV is a reactive algorithm that has some capabilities as low processing, memory overhead, low network utilization.

●When a path needed then source node first check in its routing table and if not found then it send Route Request (RREQ).

AODV Contd..● Source node broadcasts a

RREQ packet. RREQ packet having fields.

● Either intermediate node having Fresh enough route to the destination or destination node itself will send Route Reply (RREP) packet. RREP packet having fields.

● Node uni-casts RREP to its neighbouring node from which it has received the RREQ packet

Fig. 1: Route Discovery

Attacks in Ad-hoc Network

● Attacks can be classified into passive and active attack.●Active attacks can be further divided into external attacks and internal attacks.Some of the Active attacks are :

● Black Hole● Denial of Service● Routing table overflow● Impersonation● Energy Consumption● Information Disclosure

Black Hole Attack in AODV● As shown in Fig. 1 any intermediate node having fresh enough route to destination node can reply to Route request(RREQ) sent by source node.●Hence taking advantage of this a malicious node send a RREP packet to source node claiming that i am having a route to destination node. But in reality that malicious node is not having any route to destination node. Means Malicious node send a RREP having false information.● Source node after receiving this send the data through this malicious node and this node drops the data. Hence such nodes can crash the network.● Some times a chain of black nodes perform this attack cooperatively, known as cooperative black hole attack. Attacks are shown below.

Black Hole Attack (Contd..)

Fig. 3: Cooperative black hole attackFig. 2: Black Hole attack

● Some time in AODV if in RREP the next hop information is also asked than malicious node provide next malicious node as next hop, so when confirmed with the next hop then next malicious node replies that i am having route to the destination node but actually they don't have any information of routes to destination. This case is shown in Fig. 3.

Black Hole Attack Detection● Many solutions are proposed for black hole attack detection or removal.●The approach that i am discussing is based on the backbone network discussed by Rubin et. Al.● We maintain a backbone network which operates at a level above the ad-hoc network. In this algorithm this idea is used to monitor the traffic flow.●In this Algorithm nodes are divided in three parts:1. Regular Node (RN): low power and low

transmission range, not trustworthy.2. Back Bone Node (BN): Have high transmission

range and form a core that monitors the nodes3. Backbone core node (BCN) : Similar power as

BN, these nodes can be elevated to BN nodes for increasing connectivity and coverage of the network

Black-hole attack Detection(Contd..)This algorithm is having mainly two parts. 1. Core Formation and maintenance2. Detection of Black/malicious nodes.

1. Core Formation and maintenance: Core formation progresses incrementally. During this BCN node perform some tasks those are

(i) Detect RN in its neighbourhood, if found broadcast “invitation” message.

(ii) On receiving Join request from RN, check if it is reachable in specified number of hops, if yes add in associated node list else in unassociated list.

(iii)if no other request go to next grid.

Core Formation (Contd..)

(iv) If BCN detects any BN in its vicinity then this node sends a coordination message to BN and waits for reply.

(v) BCN on receiving reply to coordination message, it executes action which is specified in the reply.

Action of a Regular node:(i) Every Regular node first check if it is associated with some BCN or BN, if yes then terminate its actions.

(ii) On receiving invitation message send a join request, and after getting reply for its join request from BN or BCN send “accept” to BN or BCN.

Black Node Detection

The key idea is that source node, after every block of data packets, asks the backbone network to perform end-to-end check with the destination, whether the packets have reached it. If destination did not receive a block of data packets, then backbone network initiates the detection of the chain of malicious nodes.

Let Suppose here :S : Source node,D: Destination node,N1:Backbone node, to which S is associatedN2:Backbone node, to which D is associatedV : Regular NodeNr: is the node which send RREP to S (For the RREQ for S to D route)

Black Node Detection(Contd..)Actions of S: (i) Divide the data into k equal parts let say Data[1..k].(ii) Send a prelude message to D with shared key k.(iii) Sends the data to D and after that send a message check having Nr, to N1.(iv) if an “ok” is received from N1 the continue data sending.(v) if a “not ok” is received from N1 then sets a timer for malicious removal. If before timeout receive the “removed ok” from N1 then go to (ii), else terminate.

D on receiving prelude from D. Wait for data packet and after receiving data send a postulate message to N1 and S stating the number of packets received from S.

Black Node DetectionAction of N1: (i) On receiving prelude from S, sends monitor message to all neighbours of S asking them to monitor data sent by S.(ii) on receiving “check” from S sends query to all neighbours of S and waits for result message.(iii) on receiving result message set the the its max counter value. If it receive “D malicious” then repeat the steps, and if not receive any message from D then sends message to D and terminate.● In same way N2 also send monitor message to neighbours of D to record the number of packets received by D and then set its counter accordingly.● Regular node on receiving monitor check if S is its neighbour then start counting the number of packets S to D. And also on receiving query message send result message to the source of query message.

Black Node Detection(Contd..)Once the BN say N1 finds that ack message not received until a predefined timeout. Then Black hole removal process get initiated by N1. The actions of different node are as follows:Actions by N1: Broadcast find_chain message on the backbone network. The message contains the id of node Nr( node sending RREP to S).Action of a BN Nb:(i) On receiving the find_chain message, checks if node Nr belongs to its associated list. If not, no further action.(ii) Initialize a list (black_node_chain) to contain node Nr.(iii) Instruct all neighbours of Nr to vote for the next node to which Nr is forwarding packets originating from S and Destined to D.(iv) On receiving node ids from the neighbours of Nr, find the node to which Nr is sending the packet.

Black Node Detection(Contd..)(v) if no node is getting packet from Nr in its neighbourhood, means Nr is dropping all the packets. Hence Nr is malicious node, black hole process terminates, then this node is black listed and a broadcast message is sent across the network to alert all other nodes about the node as malicious.

(vi) Append the elected/found node to black_hole chain. If that node is in association list of this Nb the go to step (iii), replacing Nr with the elected node.

(vii) Broadcast a find)chain message over backbone network containing id of the elected node as the malicious node. Also Broadcast the Black_hole_chain formed till now over the network so that other BN can append malicious nodes to the list

Black Node Detection(Contd..)

Action of BCN/RN: Regular node or Backbone core node on receiving instruction from a BN node to find the next node to which malicious node Nr is forwarding the packets, check if Nr is a neighbour of this node. If yes, turn on promiscuous mode and listen packets from node N, which has S as source node and D as destination node. Infer the next node to which these packets are going and send a message containing node id to the BN.

In this way all the black nodes are detected and every node is having list of such malicious nodes so if they get any RREP from such malicious node then they just drop it. And Hence can avoid the Attack.

Conclusion

● Here I have presented AODV details and Detection of Black hole Attack.●Using this Algorithm the Simple black hole attack, Cooperative black hole attack can be removed, and also to some extent Gray hole attack can also be removed.●This algorithm takes O(md) number of hops to detect black nodes. Where m is the number of malicious nodes and d is the diameter of the network.

References

1. RFC standard-3561, http://www.ietf.org/rfc/rfc3561.txt2. Izhak Ruhin,Arash Behzad, Runlie Zhang, Iluiyu Luo,Eric Caballero : TBONE:A Mobile-Backbone Protocol for Ad Hoc Wireless Networks.3. H. Deng, W. Li, and D. P. Agrawal. Routing security in wireless ad hoc network.IEEE Communications Magzine, pages 70 - 75, 2002.4. S. Ramaswamy, H. Fu, M. Sreekantaradhya, J. Dixon, and K. Nygard. Prevention of cooperative black hole attack in wireless ad hoc networks. In Proceedings of 2003 International Conference on Wireless Networks (ICWN03),pages 570575. Las Vegas, Nevada, USA, 2003.5. P.Agarwal, R.K Ghosh, S.K Das, Cooperative Black and Gray Hole Attacks inMobile Ad Hoc Networks6. I. Rubin, A. Behzad, R. Zhang, H. Luo, and E. Caballero. Tbone: A mobile Backbone protocol for ad hoc wireless networks. In Proceedings of IEEE Aerospace Conference, volume 6, pages 2727 2740, 2002.7. Y. C. Hu, A. Perrig, and D. B. Johnson, Ariadne: A secure on-demand Routing protocol for ad hoc networks, in Eighth Annual International Conference on Mobile Computing and Networking (Mobi-Com 2002), pp. 12-23, Sept. 2002.