z-black hole attacks in ad hoc networks using trust value evaluation scheme
TRANSCRIPT
8/3/2019 Z-black Hole Attacks in Ad Hoc Networks Using Trust Value Evaluation Scheme
http://slidepdf.com/reader/full/z-black-hole-attacks-in-ad-hoc-networks-using-trust-value-evaluation-scheme 1/6
RESOLVING BLACK HOLE ATTACKS IN AD HOC NETWORKS USING TRUST
VALUE EVALUATION SCHEME BASED MODIFIED AODV
ROUTING PROTOCOL
Dr. Periasamy 1 A. Menaka Pushpa 2
1Prof. and Head of the Department of CSE, Dr.Sivanthi Aditanar College of Engg.,Tamilnadu, India
2Lecturer in CSE Department, Dr. Sivanthi Aditanar College of Engg.Tamilnadu, India
ABSTRACT
Ad hoc networks are primarily meant for use in
military,emergency and rescue scenarios, where in spite of
onexistinginfrastructure, decentralized, fast deployment, a
network can be established. Nodes assist each other by passingdata and control packets from source todestination, often beyond
the wireless range of the original sender using multi hop
technique. However this cooperation between nodes and rely on
intermediate nodes for passing the packets to desired destination
makes ad hoc network vulnerable to different types of security
attacks like malicious / selfish node attacks. TheBlack Hole
problem is one of the Denial of Serviceattacks that occur in mobile
ad hoc networks (MANET).DoS is the one of the crucial active
attack in ad hocnetworks. The active attack is at stake as in
commercial or military environments. As this paper describe the
activity of Black Hole node in AODV i.e.) mainly used reactive
routing protocol in MANET. This paper alsogives the overview of
existing solution for black holeproblem and proposes a novel
approach to identify black hole node in ad hoc networks. Thissolution purely based on Trust Based Secured (TBS) architecture
without any malicious node's activity in MANET. It also provides
an error free, secured route to two different peers.
Index terms: DoS, MANET, AODV, Black Hole Problem,TBS
Architecture
1. INTRODUCTION
A wireless ad hoc network consists of a collection
ofpeer mobile nodes that are capable of communication with each
other without help from a fixed infrastructure. Nodes within each
other's radio range communicate directly via wireless links, while
those that are far apart use other nodes as relays. The nature of
wireless networks makes this network very vulnerable to an
adversary's malicious attacks. At first these types of attacks ranges
from passive eavesdropping to active interfering. Attacks on a
wireless ad hoc network can come from all directions and target at
any node. Damages can leak secret information, message
contamination and node impersonation. All these means that a
wireless ad hoc network will not have a clear line of defense and
every node must be prepared to face the fake advertised malicious
node interaction. Second, mobile nodes are autonomous units that
are capable of roaming independently. So that the nodes have
inadequate physical protection are receptive to being captured,
compromised and hijacked. Third, decision making in MANET isdecentralized, so that connection establishment and connection
management, control and packet transformation performed in
cooperative participation of all nodes. The lack of centralized
authority means that the network is vulnerability for new types of
attacks designed to break the co-operative algorithm.
Black hole attack is the main puzzle in the security of ad hoc
network. The existing solutions that were proposed by Dong and
Yoo are completely not satisfied to solve this problem. A novel
secured modified AODV routing protocol scheme is proposed to
combat the attack in AODV routing protocol.
This paper describes, modified AODV routing protocol in the
light of trust evaluation concepts. In particularly, we employ
specification based techniques to monitor the AODV routing
protocol, a widely adopted ad hoc source initiated routing
protocol. AODV is a reactive and stateless routing protocol that
establishes routes only as desired by the source node. AODV is
vulnerable to various kinds of wireless attacks. The normal
operation of AODV damaged by the presence of black hole node
in existing settled network. It sends the fake adversary
information packets may be RREQ or RREP to all of its neighbor
nodes. Malicious node easily disrupts the functioning of therouting protocol and makes at least part of the network to crash.
This research is mainly concentrates in the advantages of using
the trust values of every node. By computing trust levels from the
inherent knowledge present in the network, the trustworthiness of
the route can be computed. So that we can easily identified the
misbehaving nodes.
The remainder of this paper is organized as follows: this paper is
focused on introducing a trust model suitable for application to ad
hoc networks. In section 2, we discuss the black hole attack in
AODV routing protocol. Section 3 describes some relevant
previous solutions for black hole attacks. In section 4, we
illustrate the trust model in detail. In section 5, we describes our
proposed modified secured AODV routing protocol and rest of
the paper consist of an results in section 6 and conclusion insection 7.
2. BLACK HOLE ATTACK AGAINST AODV
The Ad Hoc On Demand Distance Vector (AODV)
algorithm enables dynamic, self starting, multi hop routing
between participating mobile nodes wishing to establish and
maintain an Ad Hoc network. AODV establishes routes only as
desired by source node using route request (RREQ) and route
reply (RREP) messages. When a source node wants to send
packets to a destination node but cannot find a route in its routing
table, it broadcasts RREQ messages to its neighbors. Its neighbors
then rebroadcast the RREQ message to their neighbors, if they donot have a fresh enough route to the destination node. This
8/3/2019 Z-black Hole Attacks in Ad Hoc Networks Using Trust Value Evaluation Scheme
http://slidepdf.com/reader/full/z-black-hole-attacks-in-ad-hoc-networks-using-trust-value-evaluation-scheme 2/6
process continues until the RREQ messages reach the destination
node or an intermediate node with fresh sequence number updates
its reverse route to the source node. When source or intermediate
node receives a RREP message either from the destination or the
intermediate node, it updates its routing table to the destination
node. After selecting and establishing a route, it is aintained by
route maintenance procedure until either the destination becomes
inaccessible along every path from the source or the route is nolonger desired. Normal behavior of AODV routing protocol
described in Figure. (a), 1(b).
A Black Hole has two properties; first the node exploits the ad hoc
routing protocol, such as AODV to advertise itself as having a
valid route to a destination node, even though the route is spurious,
with the intention of intercepting packets. Second, the nodes
consume the intercepted packets. In flooding based protocol, if the
malicious reply reaches the source node before the reply (RREP)
from the actual node, a forged route has been created. The
disrupted AODV routing protocol with Black Hole node activity
explained in Figure. 2. Black Hole attacks in AODV protocol
routing level can be classified into two categories; RREQ Black
Hole attack and RREP Black hole attack. In this way, the
malicious node can easily misroute a lot of traffic itself and could
cause an attack to the network with very little effort on its part.
3. EXISTING METHODS TO SOLVE
BLACK HOLE ATTACK
The first proposed solution introduced by Deng with two
additional control packets excluding RREQ, RREP in AODV
routing protocol. The fake RREP originated by Black hole node
followed by source initiated RREQ identified by further checkup
the route by the source node in different direction. For this route
further checkup, the modified AODV require additional two
control packets, such as urtherReq, FurtherRep between the
source node and the next immediate neighbor node of the Black
hole node. The next immediate node is mentioned by Black hole
ode at the time of passing RREP to the source. (The source node
gets the actual information from this next hop node through the
CheckResult field in urthetRep packet by making different route
to the next hop node.) Source node makes different route to the
nexthop node and gets the actual information through the
CheckResult field that is in FurtherRep. Packet. The
disadvantages of this solution are, this is not working in the case of
multiple, co-ordinate black hole nodes. This is overhead
processing method. It takes more time to establish a route between
two different nodes in the ad hoc networks.
Figure. Normal AODV Route Establishment
I
• D
8/3/2019 Z-black Hole Attacks in Ad Hoc Networks Using Trust Value Evaluation Scheme
http://slidepdf.com/reader/full/z-black-hole-attacks-in-ad-hoc-networks-using-trust-value-evaluation-scheme 3/6
Figure. 1 fb): Normal AODV Route Establishment
The second solution proposed by Yoo and Park on the year 2004
as two different solutions. They are as follows; ? Redundant
Route Method ? Exploits Packet Sequence No Method Both of
them have its, own advantages and disadvantages. In the first
method, redundant route discovery method the source node needs
atleast three different route to the same destination. After
broadcast RREQ by the source, it just wait until receives more
than one RREP from different nodes for the same destination.
Then the sender node checks the Authenticity of every node those
who are responding RREQ. Source extracts the full path to
destination for each RREP, if two or more of these nodes must
have some shared hops, then the source can recognize the safe
route to the destination. If no shared nodes appear in theseredundant routes, the sender will wait for another RREP until a
route with shared nodes identified or route time expired.
Surely, this method takes long time to makes the connection
between source and destination. Because of the time taken for
waiting many RREP by source and also the time delay needed for
processing these received RREP by source. Another one main
point is, if no such shared hops exists, then the packets will never
been sent even in possible cases.
In the second one, Exploits the sequence no scheme, the packet
sequence no plays a vital role to make the safe route from source
to destination. This method requires two more tables for every
node in the networks. First table consists of the sequence no of
last packet sent to every node in the network. Second tableconsists of the sequence no of received packets from every sender
in the network. During RREP, the intermediate or destination
node must include the sequence no of last received packet from
the same source. Once the source receives this RREP, it will
extract the last sequence no and then compare its value from the
first table of the source. If it matches then the transmission will be
take place. Else this replied node is malicious and send alarm to
entire network. Last packet sequence number for received and
transmitted tables are updated during each packet transmission
and arrival.
This method is the fast and reliable way to identify suspicious
reply and node. But the main drawback of this method is, how
long we should maintain these two table's sequence numbers?.Extra storage space is needed for maintaining the sequence no
similar to route cache in DSR routing protocol.
At last, sequence no is not only enough to identify malicious node
in ad hoc networks. For example, consider the following
situation, in this case this method is not completely trusted. If the
alicious node already exists in the network then previously it may
be received some packets from the source or its neighbors. Still
the source or its neighbors does not know about its misbehaving
activities. Once again the source wants to make a connection to
some destination, then it will broadcasts RREQ message to its
neighbors. If the malicious node receives RREQ message, then it
can start to send fake advertised RREP message to source.
Already the malicious node has the sequence no of last received
packets from the same source, it can send the fake RREP with thissequence no to the source. After receiving the RREP, the source
extracts this packet and checks the specified sequence no from its
first routing table. Obviously, that sequence no is there. Then the
malicious node accepts by the source node as a normal node, then
automatically establish connection through this node. As a result
the passing packets through this route is lost or interpreted. So
that the sequence no is only enough factor to suspect malicious
node.
4. TRUST MODEL
Our trust model is an adaptation of the trust model by Marsh
configured for use in ad hoc networks. Marsh's model computes
situational trust in agents based upon the general trust in the
trustor and in the importance and utility of the situation in which
an agent finds itself. General trust is basically the trust that one
entity assigns another entity based upon all situations. Utility is
consider similar to knowledge so that an agent can weigh up the
costs and benefits that a particular situation
holds.Importance caters for the significance of a particular
situation to the trustor based upon time. In order to reduce the
number of variables in our model, we merge the utility and
importance of the situation into a single variable called weight,
which in turn increases or decreases with time.
4.1. Trust Derivation
We compute the trust in our model based upon the information
that one node can gather about the other nodes in passive mode.
I.e. without requiring any special interrogation packets. Vital
information regarding other nodes can be gathered by
analyzing the received, forwarded and overheard packets if
appropriate taps are applied at different protocol layers. Possible
events that can be recorded in passive mode are the measure and
accuracy of:
? Frames received ? Data
packets forwarded ? Control
packets forwarded ? Data
packets received ? Controlpackets received ? Streams
established ? Data forwarded ?
Data received
The information from these events is classified into one or more
trust categories. Trust categories signify the specific aspect of
trust that is relevant to a particular relationship and are used to
compute trust in another node in specific situations.
4.2. Trust Computation
Trust computation involves an assignment of weights to the
events that were monitored and quantified. The assignment istotally dependent on the type of application demanding the trust
level and varies with state and time. All nodes dynamically assign
these weights based upon their own criteria. These weights have a
continuous range from 0 to +1 representing the significance of a
particular event from unimportant to most important. We define
this trust T value, in node y (suspected node), by node x (NextHop
node), as Tx(y) value is given by the following equation:
Tx(y) = _ [ Wx(i) x Tx(i) ]
i = 1
where Wx(i) is the weight of the ith trust category
to x
and Tx(i) is the situational trust of x in the ith trust
a
8/3/2019 Z-black Hole Attacks in Ad Hoc Networks Using Trust Value Evaluation Scheme
http://slidepdf.com/reader/full/z-black-hole-attacks-in-ad-hoc-networks-using-trust-value-evaluation-scheme 4/6
category. The total number of trust categories n is dependent on
the protocol and scenario to which the trust model is being
applied.
5. PROPOSED SOLUTION TO BLACK
HOLE ATTACK
The Packets sequence number is not only enough to identify the
misbehaving node and makes the safe route between nodes in the
ad hoc networks. In Yoo's method, the middle misbehavior node
can't be clearly determined. Because some malicious nodes
previously have the last packet received sequence number from
the valid source node. The sequence no is not updated in this case.
For this flaw, in most of the situations the malicious node may be
accepts as a normal node by the initiator of the desired route.
For avoid this problem, we use the trust model techniques with
some condition to identify the black hole node in ad hoc network.
Regarding this node trust value evaluation purpose, we introduce
two new control messages with the implementation of AODV
routing protocol. These messages are, Trust Request (TrustReq.)
and Trust Response (TrustRes.). Finally, we can establish a safe
route between any sources to destination without any malicious
activities. This method is only pplicable when it is needed i.e.)
suspected situations in the network, because of its high
processing time and memory space.
5.1. Steps involved in Modified AODV routingprotocol:
1) Source broadcast RREQ message to its neighbors for
establish the connection to desired
destination.
2) The node, which has the shortest path to
destination or fresh (latest) sequence no than
RREQ message, sends RREP with its NextHop
node detail to source.
3) Source sent TrustReq message to NextHop node
through different route.
4) NextHop node returns TrustRes packet to
source.
5) Source checks the Trust value information about the suspected
node and also checks the time when this information is last
updated.
6) Source always takes latest updated TrustRes packet's
information.
7) If trust value Tx(y) is in acceptable level, then source
immediately establish a connection to that intermediate node or
suspected node.
8) Otherwise, we concluded the intermediate node or
suspected node is malicious node for the past few seconds
or hours. (Latest information).9) And also the system also sends warning alarm to entire
ad hoc networks like this suspected or
intermediate node is a black hole node.
8/3/2019 Z-black Hole Attacks in Ad Hoc Networks Using Trust Value Evaluation Scheme
http://slidepdf.com/reader/full/z-black-hole-attacks-in-ad-hoc-networks-using-trust-value-evaluation-scheme 5/6
MI-MI
BH D
Figure. 2(a): Broadcast of RRFJQ & RREP
oSill IM>
A TmsiRep
" TnistR«i
^H-HH
BH D
Figure. 2(b): Broadcast of TrustReq & TruslRep
The diagrammatic representation of this modified AODV routing
protocol is in Figure. 2(a), Figure. 2(b).. The advantage of this
method is the latest information always used for further checkup
purpose. The trust value information is always valuable than
sequence number. So this method is so accuracy than the previous
techniques. It can easily identify the middle misbehavior node.
6. SIMULATION RESULT
Simulation of this modified protocol performed using the famous
simulator NS-2. This bellow graph gives the comparison results
between normal AODV protocol with and without black holeattack and modified protocol with black hole attack. We evaluate
normal AODV working performance with the presence of single
Black Hole node. This modified AODV protocol gives the
accepted performance and also it sends alarm message to every
node in the network if the malicious node was identified.
7. CONCLUSION
We have presented here, a novel approach against the Black hole
attack on the AODV routing protocol. This modified AODV
routing protocol establishes a safe route between any pair of
nodes in the ad hoc networks and also we are effectively
determined Black hole node in the networks. Instead of
cryptographic system, our proposed method based on trust value
system to make the trustworthiness connection. This security
agent or malicious node detection system uses at right time toisolate the Black hole node from the normal behavior node. The
trust value information passed by additional newly identified
messages TrustReq, TrustRep from one node to another. This
trust value level information is evaluated by source node and then
starts to make the connection to the desired destination. This trust
information gives the complete behavior of the suspected node
during the past times. This method is higher level of accuracy
than the other proposed solution. Black hole attacks for AODV
routing protocol are used to test and analyze the efficiency of our
security scheme. Simulation results show that Black hole attacks
have great impact on network performance. Our security scheme
can efficiently detect and block the attacks to make network
performance recover to normal level quickly. The research about
the attack and security scheme for AODV routing protocol is
meaningful to ad hoc network security and application in future.
REFERENCES
[1] Asad amir and Chris McDonald, "Establishing Trust in
Pure Ad Hoc Networks", Australian Computer Society,
2004.
[2] Mohit Virendra, Chandrasekaran and Padhayaya,"Quantifying Trust in Mobile Ad Hoc Networks".
[3] J.Hass, Papadimitratos, "Secure Routing for Mobile Distance Vector (SAODV) Routing". IETF Internet Draft,
draft-guerrero- manet-saodv-00.txt, AugustAd Hoc Networks", Proceeding of the SCS 2001Communication Networks & Distributed SystemModeling conference, 2002.
[4] Zhang, Lee, "Intrusion Detection in wireless Ad hocNetworks" , Mobicon 2000.
[5] Mohd Al Shurman and Yoo, Park, "Black Hole Attack inMobile Ad hoc Networks", ACMSE 2004.
[6] Sanjay Ramaswamy and Fu, Dixson, "Prevention of Cooperative Black Hole Attack in Wireless Ad HocNetworks".
[7] M.Royer and Perkin, "An implementation study of the
IM
8/3/2019 Z-black Hole Attacks in Ad Hoc Networks Using Trust Value Evaluation Scheme
http://slidepdf.com/reader/full/z-black-hole-attacks-in-ad-hoc-networks-using-trust-value-evaluation-scheme 6/6
AODV Routing Protocol".
[8] M.Royer and Perkin, "Ad hoc On Demand Distance VectorRouting", Internet Draft, Nov 2002.
[9] Zhou, J.Haas, "Securing Ad Hoc Networks", IEEE Network Magazine , vol.13, Nov/Dec. 1999.
[10] Manel Guerrero Zapata. "Secure Ad hoc On- Demand