REVIEW PAPER International J. of Recent Trends in Engineering and Technology, Vol. 3, No.

2, May 2010

Impact of Blackhole Attack in MANET

Abstract-MANETs are highly vulnerable to attacks due to their characteristics such as the lack of infrastructure and wireless communication. Considerable improvements have been made towards providing ad hoc network security and existent solutions apply cryptography, intrusion detection systems or reputation systems. However, these conventional defense lines are inefficient to put all attacks and intrusions off. Our approach is to study the behavior of AODV routing protocol in presence of Blackhole attacks, one of the major denial-of-service attacks in MANET. In this paper, we focus on the impact of blackhole attack implemented by malicious nodes (MNs) on AODV routing protocol as an extension of our previous work. The Simulation study shows that the claim of our previous work stands true that AODV protocol fails completely in presence of blackhole attack. Index Terms: Blackhole attacks, DoS Attacks, MANET, Security in MANET etc.

resource constraints and dynamic topology changes. The security issue in MANET for group communication [6] is even more challenging because of the involvement of multiple senders & multiple receivers. Simulation based study have already been done for the mesh based routing protocols [7] [8]. A. DoS attacks in MANET DoS attacks are hard to detect and easy to implement by an attacker as no hardware is required to do so. These are considered to be the most vulnerable category of attacks for network layer, hence requires more attention. Entire network may fail in presence of such an attack. Most common types of Denial-of-service (DoS) attacks are categorized by the researchers [3] [5] [7] [10] [13] discussed here in brief. Rushing Attack In an on demand routing protocols, whenever source nodes flood the network with the Route Request packets in order to discover the new routes to the destination, each intermediate forwarding node processes the first Route Request Packet from a particular node to suppress the duplicate forwarding. A rushing attacker by skipping some of the routing or MAC layer process can quickly forward these packets. As a result it gains the access of valid routes for further data transmission. All most all the on-demand routing protocols are prone to the rushing attacks [3]. Black hole Attack-In black hole attack [10], an attacker first introduce itself in the forwarding group (e.g., by implementing rushing attack), or by any other means and then instead of forwarding the data packet to the proper destination, it simply drops all the packets it receive resulting a poor packet delivery ratio. Wormhole Attack-In this type of attack [13], after gaining access to the forwarding groups, an attacker simply forwards all the control packets received to a particular node. A tunnel is formed in the network where packet reaching one end of the tunnel broadcasted to the other end. Neighbor Attack- An intermediate node records its ID in the packet before forwarding it to the next node. In this type of attack, an attacker simply forwards the packet without recording its ID in the packet. This makes two nodes that are not within the communication range of each other believe that they are neighbors (i.e., one hop away of each other), resulting in a disrupted route. Jellyfish Attack- After gaining the access of the forwarding group, the attacker in this case, delayed the 183

I.

INTRODUCTION

Wireless Ad hoc networks are composed of autonomous nodes that are self-managed without any infrastructure. Ad hoc networks are suitable for areas where it is not possible to set up a fixed infrastructure. The absence of any central coordinator or base station makes routing a complex process. Hence besides acting as a host, each node also acts as a router to discover a path and forward packets to the correct node in the network. Because of its inherent characteristics, mobile ad hoc networks are vulnerable to attacks. All the proposed unicast and multicast routing protocols [1] [2] [3] [4] are vulnerable to the denial-ofservice attacks [5], one of the major attack possible in MANET that can be implemented easily even without using any external hardware device. Simulations are made using NS-2 (Network Simulator version 2) simulation program that consists of the collection of all network protocols to simulate many of the existing network topologies. To simulate Black Hole attacks, a new Black Hole protocol is added into the NS-2 [8] module. Tests were performed on wireless networks to compare the network performance with and without Black Holes in the network. As expected, the throughput in the network deteriorated considerably in presence of a Black Hole attack. II. ATTACKS IN MOBILE AD HOC NETWORKS Security [5] is the primary challenge to ad hoc wireless networks because of its infrastructure less features,
2010 ACEEE DOI: 01.IJRTET.03.02.537

REVIEW PAPER International J. of Recent Trends in Engineering and Technology, Vol. 3, No. 2, May 2010

packet forwarding process for a certain period of time, resulting in a high end-to-end delay [5]. In this paper we are considering Black Hole Attack, which is easy to implement and can be implemented without the requirement of an external hardware. Black hole attack affects the whole network once implemented. B. AODV and DSR There are two major differences between AODV [15] and DSR [16]; DSR uses route cache while AODV uses source routing. But both the routing protocol is ondemand and best route is chosen by both of them using minimum hop-count. By route cache, the source maintains the path information it gets during the route discovery. Through a single RREQ packet, a source node will learn the routes to each intermediate node along the route to the destination node. The intermediate nodes can also learn the routing information on this route by caching learned routing information. In DSR, the source node gets multiple paths to reach each destination and best path will be decided based on minimum hop-count. Again the aggressive use of route cache will allow DSR to find a current existing path without any new route discovery or choose an alternate path to the destination in the presence of route failure or link breakage due to mobility. This will save large route discovery overhead and effectively reduce the time delays. This route cache works fine with low traffic load and lower mobility; however it will face some problems when the routes in its cache become expired due to host mobility. Under these conditions, the source node will continue to use these expired routes without any notice Furthermore, the expired routes information could also be learned by other nodes and cause pollution to their route caches as a result throughput sacrifices. On the other hand, AODV uses timer based routing table entry to keep the route information fresh. Again duplicate-suppression method [12] is used by both the routing protocols while forwarding the packet to avoid congestion and misuse of the valuable band-width of ad hoc network. The goal our simulation is to analyze how the routing misbehavior changes the performance of ad hoc routing protocol. Since both of them share similar on-demand characteristics, we would also like to compare their routing performance to see if there is difference showed by them. C. Black hole Attacking Model Wireless Ad hoc networks are composed of autonomous nodes that are self- managed without any infrastructure. Besides acting as a host, each node also acts as a node to discover a path and forward packets to the correct node in the network. The AODV protocol is vulnerable to the well-known black hole attack. An attacker first introduce itself in the forwarding group (e.g., by implementing rushing attack), and then instead of forwarding the data packet to the proper destination, it 184
2010 ACEEE DOI: 01.IJRTET.03.02.537

simply drops all of data packets it receive resulting a poor packet delivery ratio [10]. In blackhole attack, the malicious node waits for the neighbors to initiate a RREQ packet. As the node receives the RREQ packet, it will immediately send a false RREP packet with a modified higher sequence number. So, that the source node assumes that node is having the fresh route towards the destination. The source node ignores the RREP packet received from other nodes and begins to send the data packets over malicious node. A malicious node takes all the routes towards itself. It does not allow forwarding any packet anywhere. This attack is called a blackhole as it swallows all objects; data packets [7] [10]. Black hole attack affects the whole network once implemented. A black hole is a node that always responds positively with a RREP message to every RREQ, even though it does not really have a valid route to the destination node. When the data packets routed by the source node reach the Black Hole node, it drops the packets rather than forwarding them to the destination node.

Figure 1. Blackhole attacking model.

In figure 1, source node S wants to send data packets to a destination node D in the network. Node M is a malicious node which acts as a blackhole. The attacker replies with false reply RREP having higher modified sequence number. So, data communication initiates from S towards M instead of D. III. REVIEW WORK Blackhole attack is one of the active DoS attacks possible in MANETs so has got lots of attention by the researchers. Research focus mainly given to securing existing routing protocols, developing new secure routing protocols, and intrusion detection techniques. In [17], and [18] new protocols are designed. Awerbuch et al. [17] developed a secure new on-demand routing protocol. It includes link weights which are considered during route discovery. The weights are calculated from the packet delivery fraction of each link. A link not delivering a fraction of packets above a certain threshold is considered malicious, and therefore the link weight is increased such that the link is chosen with smaller probability in the next route discovery phase. The approach detects a black hole as soon as the impact occurs, not when the black hole is constructed. In [18] a secure routing protocol based on the Dynamic Source Routing (DSR) protocol is presented. The authenticity of Route Requests is verified using message authentication

REVIEW PAPER International J. of Recent Trends in Engineering and Technology, Vol. 3, No. 2, May 2010

codes (MAC). Furthermore, the authors present three techniques for authenticating data in Route Requests and Route Replies, where a broadcast authentication protocol for authenticating routing messages called TESLA ([19], [20]), digital signatures or MACs are used. Additionally, the authors propose per-hop hashing to verify that no node present in the node list of the Route Request is removed by an attacker. Finally, similar to [17] routes are chosen with regard to their prior performance in packet delivery. The work focuses on on-demand protocols. Therefore, their approach is not applicable to proactive protocols. IV. SIMULATION OF BLACKHOLE ATTACK In the paper, simulation of Black Hole attack in wireless Ad hoc networks and its damage in the network is attempted. Simulations are made using NS-2 [8] simulation program that consists of the collection of all network protocols to simulate many of the existing network topologies. We made a successful attempt to simulate Black hole attack by generating a fake RREP with very high value sequence number. Source floods RREQ packet when it needs to send information to the destination. After receiving such a RREQ, the malicious node acts as a destination node and immediately replies with the RREP packet to the source even when it does not have a valid route to the destination. For RREP attacker node sends its own ip-address as a destination address and set a high value sequence number to have the effect of fresh enough route to select by the source. After gaining access of the forwarding path, the compromised node drops all the data packets. In our simulation, we set the value of sequence number of RREP packet sent by the malicious node is 4294967295, a reasonably high 32-bit unsigned integer value and hop count is set to 1 [4]. The false RREP message of the Black Hole Attack is shown in figure 2. Thus, a new Black_Holeaodv protocol is added into the NS-2 as a result. Figure 3 shows the part of the code of packet reception routines of Black_Holeaodv routing protocol to drop all the data packets.
SendReply (rq->rq_src, 1, rq->rq_dst, 4294967295, MY_ROUTE_TIMEOUT, Rq->rq_timestamp); // IP Destination // Hop Count // Dest IP Address //Max Dest Seq Num // Lifetime // timestamp

A. Assumptions We consider most of the network links are bidirectional & network remains connected when unidirectional links are ignored. Also, we consider all the nodes have the same transmission range. B. Simulation Scenario For the simulation of blackhole attack, nodes were set to use 802.11 radios with 2 Mbps bandwidth and 250 meters nominal range. The simulated time was 100 seconds. 10 nodes were randomly placed within 800 X 800 meter area and the malicious node was placed in the center of the coordinates. TCP connections were established between nodes. The CBR (Constant Bit Rate) application is used to generate constant packets through the TCP connections. Duration of the scenario was 10 seconds. The CBR connections started at the first second of the scenario and lasts till 10th second of the scenario. Packet Size for CBR used: 1000 byte. The simulation scenario has been repeated 20 times each for 0 and single malicious nodes for AODV and we also made a comparison of two very popular routing protocol AODV and DSR. DSR used route cache for the routes of same destination, while AODV every time uses route discovery process. C. Simulation Results As in our case link breakage due to mobility is negligible, figure 5 shows that DSR out performs AODV where we are averaging out the packet delivery ratio for the same source-destination pair. As the same sourcedestination pair is used, performance of DSR improved due to the use of route cache. We have also measured the network performance for AODV routing protocol in presence of blackhole attack. In figure 4 simulation results showed that the entire network fails in presence of blackhole attack as no connection is made from source to destination. As a result, no data packets were received by the destination node. Since there was a compromised node, even if other valid routes were available, the path containing malicious node only got selected because of high value sequence number of the RREP message send by the malicious node. After gaining access to the data forwarding path, malicious node dropped the entire data packets. We have considered blackhole attack to model the impact of routing misbehavior on network layer performance as a significant extension of our previous work [14]. V. CONCLUSION In this paper, as an extension of our previous work we have studied the routing security issues of MANET while simulate the black hole attack mounted against AODV routing protocol. According to the simulation result, the malicious node that disobey the standard, degrades the performance of the well-behaved nodes drastically, even the entire network may collapse, supports the claim made 185

Figure 2. False RREP message of Blackhole attack. if ( (u_int32_t)ih->saddr() == index) forward((Black_Holeaodv_rt_entry*) 0, p, NO_DELAY); else drop(p, DROP_RTR_ROUTE_LOOP); Figure 3. Code for packet reception routines of black_holeaodv.cc to drop all the data packets.

2010 ACEEE DOI: 01.IJRTET.03.02.537

REVIEW PAPER International J. of Recent Trends in Engineering and Technology, Vol. 3, No. 2, May 2010

in our previous work. As future work, we intend to propose a solution to identify multiple Blackhole nodes in MANET and blacklist them. Also discover the secure path from source to destination despite of multiple attackers. We also plan to extend our work by implementing grey hole attack, a hard-to-detect variety of blackhole attack and other Denial-of-Service attacks for some of the very popular on-demand unicast and multicast and even secure routing protocols and compares them and also planning to implement and evaluate our proposed solution mechanism for the same

[5]

[6]

[7]

[8] [9]

[10]

[11]
Figure 4. AODV packets receive Graph in presence of Black Hole Attack.

[12] [13]

[14]

[15]

http://www.ietf.org/proceedings/00dec/ID/draft-ietf-manetmaodv-00.txt H. Yang, H Y. Luo, F Ye, S W. Lu and L Zhang Security in mobile ad hoc networks: Challenges and solutions Proceedings of IEEE Wireless Communications, Pages 3847, 2004. Hoang Lan Nguyen and Uyen Trang Nguyen Study of Different Types of Attacks on Multicast in Mobile Ad Hoc Networks, Proceedings of the International Conference of Networking, International Conference on Systems and International Conference on Mobile Communication and Learning Technologies. Tamilselvan, L. Sankaranarayanan, V. Prevention of Blackhole Attack in MANET, Proceedings of the 2nd International Conference on Wireless Broadband and Ultra Wideband Communications, 2007. (AusWireless 2007). The network simulator ns2, http://www.isi.edu/nsnam/ns/. David B. Johnson, David A. Maltz and Yih-Chun Hu, The Dynamic Source Routing Protocol for Mobile Ad hoc Network, IETF draft, July 2004. Available: http://tools.ietf.org/html/draft-ietf-manet-dsr-10 Mohammad Al-Shurman, Seong-Moo Yoo and Seungjin Park, Black hole Attack in MANET, Proceedings of 42nd Annual Southeast Regional Conference C. E. Perkins and E. M. Royer, Ad hoc on-demand Distance Vector (AODV) routing, IETF draft, July 2003. Available: http://www.ietf.org/rfc/rfc3561.txt The Network Simulator NS-2 Documentation http://www.isi.edu/nsnam/ns/ns-documentation.html J. Eriksson, S. Krishnamurthy, and M. Faloutsos, Truelink: A practical countermeasure to the wormhole attack in wireless networks, in Proc. of ICNP06. IEEE, 2006. M. Dasgupta, S. Choudhury and N. Chaki, Secure Hypercube based team multicast routing protocol (SHTMRP), Proceedings of First IEEE International Advanced Computing Conference (IACC09), March 2009. C. Perkings, E. Royer, Ad Hoc On-Demand Distance Vector Routing, 2nd IEEE Wksp. Mobile Comp. Sys and Apps, 1999.

Figure 5. AODV and DSR packet delivery Graph without Black Hole Attack.

[16] D. B. Johnson, D. A. Maltz and Yih-Chun Hu available at: http://tools.ietf.org/html/draft-ietf-manet-dsr-10. [17] B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens, An On-Demand Secure Routing Protocol Resilient to Byzantine Failures, Proceedings of the 3rd ACM Workshop on Wireless Security, 2002. [18] Y. Hu, A. Perrig, and D. Johnson, Ariadne: A Secure OnDemand Routing Protocol for Ad Hoc Networks, Proceedings of the 8th ACM International Conference on Mobile Computing and Networking, 2002. [19] A. Perrig, R. Canetti, D. Song, and J. Tygar, Efficient and Secure Source Authentication for Multicast, In Network and Distributed System Security Symposium, pp. 3546, February 2001. [20] J. T. A. Perrig, R. Canetti and D. Song, Efficient Authentication and Signing of Multicast Streams over Lossy Channels, In IEEE Symposium on Security and Privacy, pp. 5673, May 2000.

REFERENCES
[1] R. Manoharan and P.Thambidurai Hypercube Based Team Multicast Routing Protocol for Mobile Ad hoc Networks Proceedings of 9th International Conference on Information Technology (ICIT06). [2] Y Yi, M. Gerla, and K. Obraczka Scalable Team Multicast Team in wireless networks exploiting coordinated motion, Ad hoc Networks Journal, pp. 171184, Aug 2003. [3] Y. C. Hu, A. Perrig and D. B. Johnson Rushing Attacks and Defense in Wireless Ad Hoc Networks Routing Protocol Proceedings of ACM WiSe2003, Sep, 2003. [4] C. E. Perkins and E. M. Royer, Multicast ad hoc ondemand Distance Vector (MAODV) routing, IETF draft, July 2001.Available:

186
2010 ACEEE DOI: 01.IJRTET.03.02.537