z-black hole attacks in ad hoc networks using trust value evaluation scheme

8/3/2019 Z-black Hole Attacks in Ad Hoc Networks Using Trust Value Evaluation Scheme

http://slidepdf.com/reader/full/z-black-hole-attacks-in-ad-hoc-networks-using-trust-value-evaluation-scheme 1/6

RESOLVING BLACK HOLE ATTACKS IN AD HOC NETWORKS USING TRUST

VALUE EVALUATION SCHEME BASED MODIFIED AODV

ROUTING PROTOCOL

Dr. Periasamy 1 A. Menaka Pushpa 2

1Prof. and Head of the Department of CSE, Dr.Sivanthi Aditanar College of Engg.,Tamilnadu, India

2Lecturer in CSE Department, Dr. Sivanthi Aditanar College of Engg.Tamilnadu, India

ABSTRACT

Ad hoc networks are primarily meant for use in

military,emergency and rescue scenarios, where in spite of

onexistinginfrastructure, decentralized, fast deployment, a

network can be established. Nodes assist each other by passingdata and control packets from source todestination, often beyond

the wireless range of the original sender using multi hop

technique. However this cooperation between nodes and rely on

intermediate nodes for passing the packets to desired destination

makes ad hoc network vulnerable to different types of security

attacks like malicious / selfish node attacks. TheBlack Hole

problem is one of the Denial of Serviceattacks that occur in mobile

ad hoc networks (MANET).DoS is the one of the crucial active

attack in ad hocnetworks. The active attack is at stake as in

commercial or military environments. As this paper describe the

activity of Black Hole node in AODV i.e.) mainly used reactive

routing protocol in MANET. This paper alsogives the overview of

existing solution for black holeproblem and proposes a novel

approach to identify black hole node in ad hoc networks. Thissolution purely based on Trust Based Secured (TBS) architecture

without any malicious node's activity in MANET. It also provides

an error free, secured route to two different peers.

Index terms: DoS, MANET, AODV, Black Hole Problem,TBS

Architecture

1. INTRODUCTION

A wireless ad hoc network consists of a collection

ofpeer mobile nodes that are capable of communication with each

other without help from a fixed infrastructure. Nodes within each

other's radio range communicate directly via wireless links, while

those that are far apart use other nodes as relays. The nature of

wireless networks makes this network very vulnerable to an

adversary's malicious attacks. At first these types of attacks ranges

from passive eavesdropping to active interfering. Attacks on a

wireless ad hoc network can come from all directions and target at

any node. Damages can leak secret information, message

contamination and node impersonation. All these means that a

wireless ad hoc network will not have a clear line of defense and

every node must be prepared to face the fake advertised malicious

node interaction. Second, mobile nodes are autonomous units that

are capable of roaming independently. So that the nodes have

inadequate physical protection are receptive to being captured,

compromised and hijacked. Third, decision making in MANET isdecentralized, so that connection establishment and connection

management, control and packet transformation performed in

cooperative participation of all nodes. The lack of centralized

authority means that the network is vulnerability for new types of

attacks designed to break the co-operative algorithm.

Black hole attack is the main puzzle in the security of ad hoc

network. The existing solutions that were proposed by Dong and

Yoo are completely not satisfied to solve this problem. A novel

secured modified AODV routing protocol scheme is proposed to

combat the attack in AODV routing protocol.

This paper describes, modified AODV routing protocol in the

light of trust evaluation concepts. In particularly, we employ

specification based techniques to monitor the AODV routing

protocol, a widely adopted ad hoc source initiated routing

protocol. AODV is a reactive and stateless routing protocol that

establishes routes only as desired by the source node. AODV is

vulnerable to various kinds of wireless attacks. The normal

operation of AODV damaged by the presence of black hole node

in existing settled network. It sends the fake adversary

information packets may be RREQ or RREP to all of its neighbor

nodes. Malicious node easily disrupts the functioning of therouting protocol and makes at least part of the network to crash.

This research is mainly concentrates in the advantages of using

the trust values of every node. By computing trust levels from the

inherent knowledge present in the network, the trustworthiness of

the route can be computed. So that we can easily identified the

misbehaving nodes.

The remainder of this paper is organized as follows: this paper is

focused on introducing a trust model suitable for application to ad

hoc networks. In section 2, we discuss the black hole attack in

AODV routing protocol. Section 3 describes some relevant

previous solutions for black hole attacks. In section 4, we

illustrate the trust model in detail. In section 5, we describes our

proposed modified secured AODV routing protocol and rest of

the paper consist of an results in section 6 and conclusion insection 7.

2. BLACK HOLE ATTACK AGAINST AODV

The Ad Hoc On Demand Distance Vector (AODV)

algorithm enables dynamic, self starting, multi hop routing

between participating mobile nodes wishing to establish and

maintain an Ad Hoc network. AODV establishes routes only as

desired by source node using route request (RREQ) and route

reply (RREP) messages. When a source node wants to send

packets to a destination node but cannot find a route in its routing

table, it broadcasts RREQ messages to its neighbors. Its neighbors

then rebroadcast the RREQ message to their neighbors, if they donot have a fresh enough route to the destination node. This



process continues until the RREQ messages reach the destination

node or an intermediate node with fresh sequence number updates

its reverse route to the source node. When source or intermediate

node receives a RREP message either from the destination or the

intermediate node, it updates its routing table to the destination

node. After selecting and establishing a route, it is aintained by

route maintenance procedure until either the destination becomes

inaccessible along every path from the source or the route is nolonger desired. Normal behavior of AODV routing protocol

described in Figure. (a), 1(b).

A Black Hole has two properties; first the node exploits the ad hoc

routing protocol, such as AODV to advertise itself as having a

valid route to a destination node, even though the route is spurious,

with the intention of intercepting packets. Second, the nodes

consume the intercepted packets. In flooding based protocol, if the

malicious reply reaches the source node before the reply (RREP)

from the actual node, a forged route has been created. The

disrupted AODV routing protocol with Black Hole node activity

explained in Figure. 2. Black Hole attacks in AODV protocol

routing level can be classified into two categories; RREQ Black

Hole attack and RREP Black hole attack. In this way, the

malicious node can easily misroute a lot of traffic itself and could

cause an attack to the network with very little effort on its part.

3. EXISTING METHODS TO SOLVE

BLACK HOLE ATTACK

The first proposed solution introduced by Deng with two

additional control packets excluding RREQ, RREP in AODV

routing protocol. The fake RREP originated by Black hole node

followed by source initiated RREQ identified by further checkup

the route by the source node in different direction. For this route

further checkup, the modified AODV require additional two

control packets, such as urtherReq, FurtherRep between the

source node and the next immediate neighbor node of the Black

hole node. The next immediate node is mentioned by Black hole

ode at the time of passing RREP to the source. (The source node

gets the actual information from this next hop node through the

CheckResult field in urthetRep packet by making different route

to the next hop node.) Source node makes different route to the

nexthop node and gets the actual information through the

CheckResult field that is in FurtherRep. Packet. The

disadvantages of this solution are, this is not working in the case of

multiple, co-ordinate black hole nodes. This is overhead

processing method. It takes more time to establish a route between

two different nodes in the ad hoc networks.

Figure. Normal AODV Route Establishment

I

• D



Figure. 1 fb): Normal AODV Route Establishment

The second solution proposed by Yoo and Park on the year 2004

as two different solutions. They are as follows; ? Redundant

Route Method ? Exploits Packet Sequence No Method Both of

them have its, own advantages and disadvantages. In the first

method, redundant route discovery method the source node needs

atleast three different route to the same destination. After

broadcast RREQ by the source, it just wait until receives more

than one RREP from different nodes for the same destination.

Then the sender node checks the Authenticity of every node those

who are responding RREQ. Source extracts the full path to

destination for each RREP, if two or more of these nodes must

have some shared hops, then the source can recognize the safe

route to the destination. If no shared nodes appear in theseredundant routes, the sender will wait for another RREP until a

route with shared nodes identified or route time expired.

Surely, this method takes long time to makes the connection

between source and destination. Because of the time taken for

waiting many RREP by source and also the time delay needed for

processing these received RREP by source. Another one main

point is, if no such shared hops exists, then the packets will never

been sent even in possible cases.

In the second one, Exploits the sequence no scheme, the packet

sequence no plays a vital role to make the safe route from source

to destination. This method requires two more tables for every

node in the networks. First table consists of the sequence no of

last packet sent to every node in the network. Second tableconsists of the sequence no of received packets from every sender

in the network. During RREP, the intermediate or destination

node must include the sequence no of last received packet from

the same source. Once the source receives this RREP, it will

extract the last sequence no and then compare its value from the

first table of the source. If it matches then the transmission will be

take place. Else this replied node is malicious and send alarm to

entire network. Last packet sequence number for received and

transmitted tables are updated during each packet transmission

and arrival.

This method is the fast and reliable way to identify suspicious

reply and node. But the main drawback of this method is, how

long we should maintain these two table's sequence numbers?.Extra storage space is needed for maintaining the sequence no

similar to route cache in DSR routing protocol.

At last, sequence no is not only enough to identify malicious node

in ad hoc networks. For example, consider the following

situation, in this case this method is not completely trusted. If the

alicious node already exists in the network then previously it may

be received some packets from the source or its neighbors. Still

the source or its neighbors does not know about its misbehaving

activities. Once again the source wants to make a connection to

some destination, then it will broadcasts RREQ message to its

neighbors. If the malicious node receives RREQ message, then it

can start to send fake advertised RREP message to source.

Already the malicious node has the sequence no of last received

packets from the same source, it can send the fake RREP with thissequence no to the source. After receiving the RREP, the source

extracts this packet and checks the specified sequence no from its

first routing table. Obviously, that sequence no is there. Then the

malicious node accepts by the source node as a normal node, then

automatically establish connection through this node. As a result

the passing packets through this route is lost or interpreted. So

that the sequence no is only enough factor to suspect malicious

node.

4. TRUST MODEL

Our trust model is an adaptation of the trust model by Marsh

configured for use in ad hoc networks. Marsh's model computes

situational trust in agents based upon the general trust in the

trustor and in the importance and utility of the situation in which

an agent finds itself. General trust is basically the trust that one

entity assigns another entity based upon all situations. Utility is

consider similar to knowledge so that an agent can weigh up the

costs and benefits that a particular situation

holds.Importance caters for the significance of a particular

situation to the trustor based upon time. In order to reduce the

number of variables in our model, we merge the utility and

importance of the situation into a single variable called weight,

which in turn increases or decreases with time.

4.1. Trust Derivation

We compute the trust in our model based upon the information

that one node can gather about the other nodes in passive mode.

I.e. without requiring any special interrogation packets. Vital

information regarding other nodes can be gathered by

analyzing the received, forwarded and overheard packets if

appropriate taps are applied at different protocol layers. Possible

events that can be recorded in passive mode are the measure and

accuracy of:

? Frames received ? Data

packets forwarded ? Control

packets forwarded ? Data

packets received ? Controlpackets received ? Streams

established ? Data forwarded ?

Data received

The information from these events is classified into one or more

trust categories. Trust categories signify the specific aspect of

trust that is relevant to a particular relationship and are used to

compute trust in another node in specific situations.

4.2. Trust Computation

Trust computation involves an assignment of weights to the

events that were monitored and quantified. The assignment istotally dependent on the type of application demanding the trust

level and varies with state and time. All nodes dynamically assign

these weights based upon their own criteria. These weights have a

continuous range from 0 to +1 representing the significance of a

particular event from unimportant to most important. We define

this trust T value, in node y (suspected node), by node x (NextHop

node), as Tx(y) value is given by the following equation:

Tx(y) = _ [ Wx(i) x Tx(i) ]

i = 1

where Wx(i) is the weight of the ith trust category

to x

and Tx(i) is the situational trust of x in the ith trust

a



category. The total number of trust categories n is dependent on

the protocol and scenario to which the trust model is being

applied.

5. PROPOSED SOLUTION TO BLACK

HOLE ATTACK

The Packets sequence number is not only enough to identify the

misbehaving node and makes the safe route between nodes in the

ad hoc networks. In Yoo's method, the middle misbehavior node

can't be clearly determined. Because some malicious nodes

previously have the last packet received sequence number from

the valid source node. The sequence no is not updated in this case.

For this flaw, in most of the situations the malicious node may be

accepts as a normal node by the initiator of the desired route.

For avoid this problem, we use the trust model techniques with

some condition to identify the black hole node in ad hoc network.

Regarding this node trust value evaluation purpose, we introduce

two new control messages with the implementation of AODV

routing protocol. These messages are, Trust Request (TrustReq.)

and Trust Response (TrustRes.). Finally, we can establish a safe

route between any sources to destination without any malicious

activities. This method is only pplicable when it is needed i.e.)

suspected situations in the network, because of its high

processing time and memory space.

5.1. Steps involved in Modified AODV routingprotocol:

1) Source broadcast RREQ message to its neighbors for

establish the connection to desired

destination.

2) The node, which has the shortest path to

destination or fresh (latest) sequence no than

RREQ message, sends RREP with its NextHop

node detail to source.

3) Source sent TrustReq message to NextHop node

through different route.

4) NextHop node returns TrustRes packet to

source.

5) Source checks the Trust value information about the suspected

node and also checks the time when this information is last

updated.

6) Source always takes latest updated TrustRes packet's

information.

7) If trust value Tx(y) is in acceptable level, then source

immediately establish a connection to that intermediate node or

suspected node.

8) Otherwise, we concluded the intermediate node or

suspected node is malicious node for the past few seconds

or hours. (Latest information).9) And also the system also sends warning alarm to entire

ad hoc networks like this suspected or

intermediate node is a black hole node.



MI-MI

BH D

Figure. 2(a): Broadcast of RRFJQ & RREP

oSill IM>

A TmsiRep

" TnistR«i

^H-HH

BH D

Figure. 2(b): Broadcast of TrustReq & TruslRep

The diagrammatic representation of this modified AODV routing

protocol is in Figure. 2(a), Figure. 2(b).. The advantage of this

method is the latest information always used for further checkup

purpose. The trust value information is always valuable than

sequence number. So this method is so accuracy than the previous

techniques. It can easily identify the middle misbehavior node.

6. SIMULATION RESULT

Simulation of this modified protocol performed using the famous

simulator NS-2. This bellow graph gives the comparison results

between normal AODV protocol with and without black holeattack and modified protocol with black hole attack. We evaluate

normal AODV working performance with the presence of single

Black Hole node. This modified AODV protocol gives the

accepted performance and also it sends alarm message to every

node in the network if the malicious node was identified.

7. CONCLUSION

We have presented here, a novel approach against the Black hole

attack on the AODV routing protocol. This modified AODV

routing protocol establishes a safe route between any pair of

nodes in the ad hoc networks and also we are effectively

determined Black hole node in the networks. Instead of

cryptographic system, our proposed method based on trust value

system to make the trustworthiness connection. This security

agent or malicious node detection system uses at right time toisolate the Black hole node from the normal behavior node. The

trust value information passed by additional newly identified

messages TrustReq, TrustRep from one node to another. This

trust value level information is evaluated by source node and then

starts to make the connection to the desired destination. This trust

information gives the complete behavior of the suspected node

during the past times. This method is higher level of accuracy

than the other proposed solution. Black hole attacks for AODV

routing protocol are used to test and analyze the efficiency of our

security scheme. Simulation results show that Black hole attacks

have great impact on network performance. Our security scheme

can efficiently detect and block the attacks to make network

performance recover to normal level quickly. The research about

the attack and security scheme for AODV routing protocol is

meaningful to ad hoc network security and application in future.

REFERENCES

[1] Asad amir and Chris McDonald, "Establishing Trust in

Pure Ad Hoc Networks", Australian Computer Society,

2004.

[2] Mohit Virendra, Chandrasekaran and Padhayaya,"Quantifying Trust in Mobile Ad Hoc Networks".

[3] J.Hass, Papadimitratos, "Secure Routing for Mobile Distance Vector (SAODV) Routing". IETF Internet Draft,

draft-guerrero- manet-saodv-00.txt, AugustAd Hoc Networks", Proceeding of the SCS 2001Communication Networks & Distributed SystemModeling conference, 2002.

[4] Zhang, Lee, "Intrusion Detection in wireless Ad hocNetworks" , Mobicon 2000.

[5] Mohd Al Shurman and Yoo, Park, "Black Hole Attack inMobile Ad hoc Networks", ACMSE 2004.

[6] Sanjay Ramaswamy and Fu, Dixson, "Prevention of Cooperative Black Hole Attack in Wireless Ad HocNetworks".

[7] M.Royer and Perkin, "An implementation study of the

IM



AODV Routing Protocol".

[8] M.Royer and Perkin, "Ad hoc On Demand Distance VectorRouting", Internet Draft, Nov 2002.

[9] Zhou, J.Haas, "Securing Ad Hoc Networks", IEEE Network Magazine , vol.13, Nov/Dec. 1999.

[10] Manel Guerrero Zapata. "Secure Ad hoc On- Demand

z-black hole attacks in ad hoc networks using trust value evaluation scheme

Documents