A SURVEY OF SECURITY SOLUTIONS TO BLACK HOLE ATTACK AND CHALLENGES IN MANETS

ABSTRACT

Mobile Adhoc Networks (MANET) have a wide range of valuable and critical applications like military operations (formations of soldiers, tanks, planes), civil (e.g., audio and video conferencing, sport event), telematics applications (traffic), disaster situations (e.g., emergency and rescue operations, national crises, earthquakes, fires, floods), and integration with cellular systems. Apart from data transmission nodes in MANETs too perform routing functions. However due to their inbuilt characteristics of open network architecture, shared wireless medium, stringent resource constraints, and highly dynamic network topology, MANETs are vulnerable to various kinds of security attacks. This paper discusses a wide variety of security issues prevailing in MANETS. Further, security being vital to the acceptance and use of MANET s for many applications, we have made a detailed classification of security attacks in MANETs, focused on black hole attack and discussed on different security solutions available to handle them including the challenges faced .

1. INTRODUCTION

A mobile ad hoc network is a self - organizing system of mobile nodes that communicate with each other via wireless links with no infrastructure or centralized administration such as base stations or access points. Nodes in a MANET operate both as hosts as well as routers to forward packets to each other. Two nodes can communicate if they are within each other’s transmission range; otherwise, intermediate nodes can serve as relays (routers) if they are out of range (multihop routing). These networks have several salient features: rapid deployment, robustness, flexibility, inherent mobility support, highly dynamic network topology (device mobility, changing properties of the wireless channel, that is, fading, multipath propagation, and partitioning and merging of ad hoc networks are possible), the limited battery power of mobile devices, limited capacity, asymmetric/unidirectional links, Limited physical security(eavesdropping, spoofing, and denial-of-service attacks). MANETSs are envisioned to support advanced applications such as military operations(formations of soldiers, tanks, planes), civil applications(e.g., audio and video conferencing, sport events, telematics applications(traffic)), disaster situations(e.g., emergency and rescue operations, national crises, earthquakes, fires, floods), and integration with cellular systems. However due to their inbuilt characteristics of open network architecture, shared wireless medium, stringent resource constraints, and highly dynamic network topology, MANET is vulnerable to various kinds of attacks like black hole attack, rushing attack, neighbour attack and wormhole attack.

Black hole attack in MANETS is a serious security problem to be solved. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In flooding based protocol, if the malicious reply reaches the requesting node before the reply from the actual node, a forged route has been created. This malicious node then can choose whether to drop the packets to perform a denial-of-service attack or to use its place on the route as the first step in a man-in-the-middle attack.

2. SECURITY ISSUES IN MANET

MANET work without a centralized administration where node communicates with each other on the base of mutual trust. This characteristic makes MANET more vulnerable to be exploited by an attacker from inside the network. Wireless links also makes the MANET more susceptible to attacks which make it easier for the attacker to go inside the network and get access to the ongoing communication. Mobile nodes present within the range of wireless link can overhear and even participate in the network.

2.1 Flaws in MANETS MANETs are very flexible for the nodes i.e. nodes can freely join and leave the network. There is no main body that keeps watching on the nodes entering and leaving the network. All these weaknesses of MANETs make it vulnerable to attacks. This is because of the following factors:

2.1.1 Non secure boundaries: MANET is vulnerable to different kind of attacks due to no clear secure boundary. The nature of MANET, nodes have the freedom to join and leave inside the network. Node can join a network automatically if the network is in the radio range of the node, thus it can communicate with other nodes in the network. There is no protection against attacks like firewalls or access control, which may result the vulnerability of MANET to attacks.

2.1.2 Compromised Node: Due to this autonomous factor for mobile nodes it is very difficult for the nodes to prevent malicious activity it is communicating with. Ad-hoc network mobility makes it easier for a compromised node to change its position so frequently making it more difficult and troublesome to track the malicious activity. It can be seen that these threats from compromised nodes inside the network is more dangerous than attacking threats from outside the network.

2.1.3 No Central Management: MANET works without any preexisting infrastructure. This lack of centralized management leads MANET more vulnerable to attacks. Detecting attacks and monitoring the traffic in highly dynamic and for large scale ad hoc network is very difficult due to no central management.

2.1.4 Problem of Scalability: Scalability of the network is defined in the beginning phase of the designing of the network. This is quite opposite in MANETs because the nodes are mobile and due to their mobility in MANETs, the scale of the MANETs is changing. It is too hard to know and predict the numbers of nodes in the MANETs in the future. The nodes are free to move in and out of the ad hoc network which makes the ad hoc network very much scalable and shrinkable. Keeping this property of the MANET, the protocols and all the services that a MANET provides must be adaptable to such changes.

3. SECURITY ATTACKS

3.1 Classification of attacks

The attacks can be categorized on the basis of the source of the attacks i.e. Internal or External, and on the behavior of the attack i.e. Passive or Active attack.

External attacks, in which the attacker aims to cause congestion, propagate fake routing information or disturb nodes from providing services.

Internal attacks, in which the adversary wants to gain the normal access to the network and participate the network activities, either by some malicious impersonation to get the access to the network as a new node, or by directly compromising a current node and using it as a basis to conduct its malicious behaviors.

In passive attacks, the attackers typically involve eavesdropping of data, thus disclose the information of the location and move patterns of mobile nodes. This kind of attack is very difficult to detect, because the attacker seldom exhibits abnormal activities.

Active attacks, on the other hand, involve actions performed by intruder. The target of the attack can be either data traffic or routing traffic. The intruders may insert large volume of extraneous data packets into networks. They can also intentionally drop, corrupt and delay data packets passing through it.

In the following, we discuss the main attack types that emerge in the mobile ad hoc networks.3.2 Flooding AttackIt aims to exhaust the network resources, such as bandwidth and to consume a node’s resources, such as computational and battery power or to disrupt the routing operation to cause severe degradation in network performance. This kind of attack can be achieved either by using RREQ or Data flooding.

3.3 Wormhole AttackIn this attack, a pair of colluding attackers record packets at one location and replay them at another location using a private high speed network.

3.4 Rushing AttackWhen source nodes flood the network with route discovery packets in order to find routes to the destinations, each intermediate node processes only the first non-duplicate packet and discards any duplicate packets that arrive at a later time. Rushing attackers, by skipping some of the routing processes, can quickly forward these packets and be able to gain access to the forwarding group.

3.5 Neighbour AttackUpon receiving a packet, an intermediate node records its ID in the packet before forwarding the packet to the next node. However, if an attacker simply forwards the packet without recording its ID in the packet, it makes two nodes that are not within the communication range of each other believe that they are neighbors (i.e., one-hop away from each other), resulting in a disrupted route.

3.6 Jellyfish AttackThe attacker first needs to intrude into the forwarding group and then it delays data packets unnecessarily for some amount of time before forwarding them. This results in significantly high end-to-end delay and delay jitter, and thus degrades the performance of real-time applications.

3.7 Replay AttackIn a replay attack, a node records another node’s valid control messages and resends them later.This causes other nodes to record their routing table with stale routes.

3.8 Colluding Misrelay AttackIn this attack, multiple attackers work in collusion to modify or drop routing packets to disruptrouting operation in a MANET.

4. LITERATURE SURVEY

4.1 Black Hole AttackIn MANET, a source node wants to send data packets to destination node, and initiates the routing discovery process. We assume node B to be a malicious node (See Fig.1.). Using routing protocol, B claims that it has the routing to the destination node whenever it receives RREQ packets, and sends the response to source node at once. The destination node may also give a reply. If the reply from a normal destination node reaches the source node of the RREQ first, everything works well; but the reply from B could reach the source node first, if B is nearer to the source node. Moreover, B does not need to check its Route Table(RT) when sending a false message; its response is more likely to reach the source node firstly. This makes the source node thinks that the routing discovery process is completed, ignores all other reply messages, and begins to send data packets. The forged routing has been created. As a result, all the packets through B are simply consumed or lost. B could be said to form a black hole in the network, and we call this the black hole Attack (See Fig.1.).

(a) Network flooding of RREQ (b) Propagation of RREP Message

Figure 1. Black Hole Attack

A

S

DC

B

F

E

G

A

S

DC

B

F

E

G

4.2 Cooperative Black Hole Attack

when multiple black hole nodes are acting in coordination with each other, we call this attack as the cooperative black hole attack. In this Fig.2. the first black hole node H1 refers to one of its teammates H2 as the next hop. According to the proposed methods [6], the source node S sends a further request message to ask H2 if it has a routing to node H1 and a routing to destination node D. Because H2 is cooperating with H1, its further reply is “yes” to answer both the questions. So source node S starts passing the date packets. Unfortunately, in reality, the packets are abstracted by node H1 and the security of the network is compromised [9].

(a) Network flooding of RREQ (b) Propagation of RREP Message

Figure 2. Cooperative Black Hole Attack

4.3 Solutions to Black Hole Attack

Mohammad Al-Shurman, Seong-Moo Yoo and Seungjin Park[1] proposed two different approaches to solve the black hole attack. In the first solution, the sender node needs to verify the authenticity of the node that initiates the RREP packet by utilizing the network redundancy. Since any packet can be arrived to the destination through many redundant paths, the idea of this solution is to wait for the RREP packet to arrive from more than two nodes. During this time the sender node will buffer its packets until a safe route is identified. Once a safe route has identified, these buffered packets will be transmitted. When a RREP arrives to the source, it will extract the full paths to the destinations and wait for another RREP. Two or more of these nodes must have some shared hops (in ad hoc networks, the redundant paths in most of the time have some shared hops or nodes). From these shared hops the source node can recognize the safe

A

S

DC

E

GH1 H

2

B

A

S

DC

E

GH1 H

2

B

route to the destination. If no shared nodes appear to be in these redundant routes, the sender will wait for another RREP until a route with shared nodes identified or routing timer expired. This solution can guarantee to find a safe route to the destination, but the main drawback is the time delay. Many RREP packets have to be received and processed by the source. In addition, if there are no shared nodes or hops between the routes, the packets will never been sent. In the second solution, every node needs to have two additional small-sized tables; one to keep last-packet-sequence-numbers for the last packet sent to every node and the other to keep last-packet-sequence-numbers for the last packet received from every node. These tables are updated when any packet arrived or transmitted. The sender broadcasts the RREQ packet to its neighbors. Once this RREQ reach the destination, it will initiate a RREP to the source, and this RREP will contain the last-packet-sequence-numbers received from this source. When an intermediate node has a route to the destination and receives this RREQ, it will reply to the sender with a RREP contains the last-packet-sequence-numbers received from the source by this intermediate node. This solution provides a fast and reliable way to identify the suspicious reply. No overhead will be added to the channel because the sequence number itself is included in every packet in the base protocol.

Kanika Lakhani ,Himani bathla, Rajesh Yadav[2] proposed watchdog mechanism to detect the black hole nodes in a MANET. This method first detects a black hole attack and then gives a new route bypassing this node. In this mechanism, each node maintains two additional tables, one is called pending packet table and another one is called node rating table. In pending packet table, each node keeps track of the packets, it sent. It contains a unique packet ID, the address of the next hop to which the packet was forwarded, address of the destination node, and an expiry time (Time-to-live of packet). In node rating table, each node keeps rating of nodes, which are adjacent to it. This table contains the node address (Address of next hop node), a counter of dropped packets observed at this node and a counter of successfully forwarded packets by this node. The fourth field of the node rating table is calculated by the ratio of dropped packets and successfully forwarded packets, if this ratio is greater than a given threshold value then this node misbehave value will be 1(means it is considered as a misbehaving node), otherwise it is considered as a legitimate node. An expired packet in the pending packet table causes the packet drops counter to increment for the next hop associated with the pending packet table entry. Each node listens to packet that are within its communication range, and only to packets belonging to its domain. Then it verifies each packet and prevent forged packet. If it observes a data packet in its pending packet table, then it removes this data packet from pending packet table after authenticating the packet. If it observes a data packet that exits in its pending packet table with source address different from the forwarding node address, then it increments the packet forwarding value in node rating table. To decide whether a node is misbehaving or act as a legitimate one, depend on the selection of threshold value. After detecting a misbehaving node, a node will try to do local repair for all routes passing through this misbehaving node. If local repair process fails, then it will not send any RERR packet upstream in the network. This process tries to prevent a misbehaving node from dropping packets, and also prevent blackmailing of legitimate nodes. To avoid constructing routes, which traverse misbehaving nodes, nodes drop all RREP messages coming from nodes currently marked as misbehaving. To stop misbehaving node to act actively in a network, the entire packet originating from this node has been dropped as a form of punishment.

Songbai Lu, Longxuan Li, Kwok-Yan Lam and Lingyan Jia[3] proposed and implemented a secure routing protocol SAODV (Secure Ad Hoc On-demand Distance Vector). SAODV’s basic working principle is very similar to AODV, and also is divided into route discovery phase and route maintenance phase. The biggest difference between them is the routing discovery process, SAODV increases the process of directly verifying the destination node by using the exchange of random numbers. As BAODV(Bad Ad Hoc On-demand Distance Vector Routing suffering black hole attack), in route discovery phase, when the source node in MANET receives a RREP, S will deposit the RREP in its routing table, and immediately sends a verification packet SRREQ to the destination node D along the opposite direction route of RREP received. The content of each SRREQ contains a random number (records as x) generated by the source node S. When receives two SRREQ or more from different routing paths, the destination node D firstly deposits them to local routing table, and compares the content of SRREQ whether contains a same random number, then deals with the following steps:

(i) If it receives two SRREQ or more, whose content contains a same random number (x), along the different routing paths, the destination node D respectively sends verification confirm packet SRREP to the source node immediately along corresponding opposite direction path of SRREQ, the content of each SRREP contains a random number (records as y) generated by the destination node D. When D receives SRREQ, which contains the same random number, along a new different path, D will send a SRREP containing random number y to S along corresponding opposite direction path.

(ii) If the content of SRREQ contains different random numbers, S needs to continue to wait, until at least two SRREQ’s content contains a same random number, and then deals with according to step(i).

When the source node S receives two SRREP or more, which contains a random number, along different paths. And then S compares SRREP’s content. If the content contains a same random number, it is proved to find two or more credible and efficient routing. The source node S sendsapplication layer data to destination node D along the fastest route, at the same time S broadcasts a warning message to the whole network to isolate the middle nodes who send RREP in the front of the two fastest credible routing. So SAODV can effectively prevent the black hole attack of the malicious node E in network, securely achieves the routing discovery process. If the content of SRREP contains different random numbers, S needs continue to wait, until at least two SRREP, whose content contains a same random number, come from different paths.

Payal N. Raj, Prashant B. Swadas[4] proposed DPRAODV (detection, prevention and reactive AODV) to prevent security of black hole by informing other nodes in the network. It uses normal AODV in which a node receives the Route reply (RREP) packet which first checks the value of sequence number in its routing table. The RREP is accepted if its sequence is higher than that in the routing table. It also check whether the sequence number is higher than the threshold value, if it is higher than threshold value than it is considered as the malicious node. The value of the threshold value is dynamically updated in the time interval. The threshold value is the average of the difference of destination sequence number in each time slot between the sequence number in the routing table and the RREP packet. The node that is detected as the anomaly is black listed

and ALARM packet is sent so that the RREP packet from that malicious node is discarded. The routing table for that node is not updated nor is the packet forwarded to others. This solution increases the average end to end delay and normalized routing overhead.

N.H. Mistry, D.C. Jinwala and M.A. Zaveri[5] focused on improving the Secure Ad hoc On demand Distance Vector (AODV) routing protocol(MOSAODV) to safeguard it against the Blackhole attack. Unlike AODV, source node in MOSAODV does not accept every first RREP but calls Pre_ReceiveRREP (Packet p) which stores all the RREPs in the newly created (Cmg_RREP_Tab) table till MOS_WAIT_TIME. Then it analyses all the stored RREPs from Cmg_RREP_Tab table, and discards the RREP having exceptionally high destination sequence number. The node that sent this RREP is suspected to be the malicious node. MOSAODV maintains the identity of the malicious node as Mali node so that in future it can discard any RREPs from that node. Now since malicious node is identified the routing table for that node is not maintained and also control messages from the malicious node will not be forwarded in the network. Cmg_RREP_Tab is flushed once an RREP is chosen from it. Our solution; after detecting the malicious node acts as normal AODV by accepting the RREP with higher destination sequence number.

Hongmei Deng, Wei Li, and Dharma P. Agrawal[6] proposed a solution for single black hole node detection. In the proposed method, the protocol requires each intermediate node to send RREP message with next hop information. When the source node get this information it will send a RREQ to the next hop to verify that the node has a route to the intermediate node that sends back the RREP packet, and that it has a route to the destination. When the next hop receives Further Request, it sends Further Reply which includes check result to source node. Based on information in Further Reply, the source node judges the validity of the route.

Latha Tamilselvan, V. Sankaranarayanan[7] proposed a solution for the single black hole attack. According to this proposed solution the requesting node without sending the DATA packets to the reply node at once, it has to wait till other replies with next hop details from the other neighboring nodes. After receiving the first request it sets timer in the ‘TimerExpiredTable’, for collecting the further requests from different nodes. It will store the ‘sequence number’, and the time at which the packet arrives, in a ‘Collect Route Reply Table’ (CRRT). The time for which every node will wait is proportional to its distance from the source. It calculates the ‘timeout’ value based on arriving time of the first route request. Then it chooses any one of the paths with the repeated node to transmit the DATA packets. If there is no repetition select random route from CRRT. Here again the chance of malicious route selected is reduced.

Mehdi Medadian, M.H. Yektaie and A.M Rahmani[8] proposed an approach to combat the Black hole attack by using negotiation with neighbors who claim to have a route to destination. In this approach any node uses number rules to inference about honesty of reply’s sender. Activities of a node in a network show its honesty. To participate in data transfer process, a node must demonstrate its honesty. Early of simulation, all nodes are able to transfer data; therefore they have enough time to show its truth. If a node is the first receiver of a RREP packet, it forwards packets to source and initiates judgment process on about replier. The judgment process is base on opinion of network’s nodes about replier. The activities of a node are logged by its neighbors.

These neighbors are requested to send their opinion about a node. When a node collects all opinions of neighbors, it decides if the replier is a malicious node. The decision is base on number rules.

The following rules used to judge about honesty of a node in network. This judgment is base on node’s activity in network.

Rule 1: If a node delivers many data packets to destinations, it is assumed as an honest node.

Rule 2: If a node receives many packets but don’t send same data packets, it’s possible that the current node is a misbehavior node.

Rule 3: When the Rule 2 is correct about a node, if the current node has sent number RREP packets; therefore surely the current node is misbehavior.

Rule 4: When the Rule 2 is correct about a node, if the current node has not sent any RREP packets; therefore the current node is a failed node.

Latha Tamilselvan and Dr.V Sankaranarayanan[9] proposed a solution with the enhancement of the AODV protocol which avoids multiple black holes in the group. This approach is to make use of a ‘Fidelity Table’ wherein every participating node will be assigned a fidelity level that acts as a measure of reliability of that node. In case the level of any node drops to 0, it is considered to be a malicious node, termed as a ‘Black hole’ and is eliminated. The fidelity level of each RREP is checked and if two are having same level then one is selected having highest level. The responses are collected in the response table. A valid route is selected from among the received responses based on the following methodology. A fidelity table is maintained that will hold the fidelity levels of the participating nodes. The basic idea is to select the node with a high fidelity level. Initially the fidelity levels of the responded node and its next hop are looked for. If the average of their levels is found to be above the specified threshold, then the node is considered to be reliable. On the receipt of multiple responses, the one with the highest fidelity level is chosen. In case, two or more nodes seemed to have the same fidelity levels, then the one with the minimum hop count is chosen. When the fidelity level of a node drops to 0, it implies it has not forwarded the data packets faithfully and hence a Black hole. The detection of a Black hole has to be intimated to the other participating nodes in the network. This is accomplished by sending alarm packets.

CONCLUSION

The security issues in MANETs which include decentralized administration, non secure boundaries and the problems on scalability makes them go weaker in its security aspects. Ad-hoc network mobility makes it even easier for a compromised node to change its position so frequently making it more difficult and troublesome to track the malicious activity. This paper summarizes the attacks and their classifications in Mobile Adhoc Networks and also an attempt has made to explore the security solutions widely used to mitigate black hole attacks in particular. The security issues and the vulnerabilities of the MANETs are also briefly discussed. This survey will hopefully motivate future researchers to come up with smarter and more robust security mechanisms and make them to be in vigilant against the attacks and its prevention measures even at the earlier stage.

REFERENCES

[1] Mohammad AL-Shurman, Seon-Moo Yoo and Seungiin Park, “Black Hole Attack in Mobile Ad Hoc Networks”, ACMSE’04, pp: 96-97, April 2-3,2004, Huntsville, AL, USA.

[2] Kanika Lakhani, Himani bathla and Rajesh Yadav, “A Simulation Model to Secure the Routing Protocol AODV against Black-Hole Attack in MANET”, IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.5, pp: 40-45, May 2010.

[3] Songbai Lu, Longxuan Li, Kwok-Yan Lam and Lingyan Jia, “SAODV: A MANET Routing Protocol that can Withstand Black Hole Attack”, International Conference on Computational Intelligence and Security, pp: 421-425, 2009.

[4] Payal N. Raj and Prashant B. Swadas,”DPRAODV: A dynamic learning system against black hole attack in AODV based Manet”, International Journal of Computer Science Issues (IJCSI), Vol. 2, Issue 3, pp: 54-59, 2009.

[5] N.H. Mistry, D.C. Jinwala and M.A. Zaveri, “MOSAODV: Solution to Secure AODV against Black hole Attack”, International Journal of Computer and Network Security(IJCNS),Vol. 1, No. 3, pp: 42-45, December 2009.

[6] H. Deng, W. Li, and D.P. Agrawal, “Routing security in ad hoc networks”, IEEE Communications Magazine, vol. 40, No. 10, pp. 70-75, Oct. 2002.

[7] Latha Tamilselvan, V Sankaranarayanan, “Prevention of Blackhole Attack in MANET”, In Proceedings of The 2nd International Conference on Wireless Broadband and Ultra Wideband Communications (AusWireless 2007), Aug. 2007.

[8] Mehdi Medadian, M.H. Yektaie and A.M Rahmani, “Combat with Black Hole Attack in AODV routing protocol in MANET”, Internet, 2009. AH-ICI 2009. First Asian Himalayas International Conference, pp: 1-5, 3-5 Nov. 2009.

[9] Latha Tamilselvan and Dr.V Sankaranarayanan , “Prevention of Co-operative Black Hole Attack in MANET”, JOURNAL OF NETWORKS, VOL. 3, NO. 5, pp: 13-20, MAY 2008.