Defending AODV Routing Protocol Against the Black Hole Attack

Shared by: ijcsis

Stats

views:: 269
posted:: 6/11/2010
language:: English
pages:: 6

Public Domain

Document Sample

(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 08, No.2, 2010

Defending AODV Routing Protocol
Against the Black Hole Attack
Fatima Ameza, Nassima Assam, Rachid Beghdad
Department of computer sciences, Department of computer sciences, Department of computer sciences,
University of Bejaia, 06000 University of Bejaia, 06000 University of Bejaia, 06000
Algeria. Algeria. Algeria.

We address here the problem of securing the AODV routing
Abstract—In this paper we propose a simple method to protocol against the Black Hole attack.
detect Black hole attacks in the Ad hoc On Demand During routing in a mobile ad hoc network (MANET), if
Vector (AODV) routing protocol. Even if many previous no control is done on the origin and integrity of the routing
works focused on authentication and cryptography message of the network, a malicious node can easily cause
techniques, nevertheless these techniques suffer from some disturbances. This will be even easier than wireless ad hoc
weaknesses. In fact, this kind of solution is just a first line networks have no physical barrier to protect themselves and
of defense, which should be completed by an intrusion all elements can potentially participate in the routing
detection system as a second line. mechanism. If a malicious node has the ability to compromise
The second line which is proposed here consists of a valid network node, it can at the discovery process respond
including the source route in the header of the control to route initiator node with a route reply message by
packets (RREQ). In addition to that, any intermediate announcing a minimal cost path, to the target node. The
node records the sequence number of the destination. transmitter node will then update its routing table with the
Thus, if the packet is compromised, the destination node wrong information. The data packet of the transmitter node
can easily retrieve the address of the attacker. To secure will be relayed to the target node by the malicious node that
RREP packets, any intermediate node records the can simply ignore them. This attack is called a “black hole”.
addresses of the nodes to which it forwards RREQ. Thus, The packets are picked up and absorbed by the malicious
any node receiving RREP can check if the sender is node. This is an example of attack that may occur in a wireless
legitimate or not. Simulation results show the robustness of ad hoc network routing protocol.
our protocol and that it allows delivering a high ratio of The first approach of securing the AODV protocol has
data and consumes less route establishment delay. been made by Zapata with his Secured AODV (SAODV) [1].
In a second publication [2] the protocol is presented in greater
Keywords-component; AODV routing protocol; Black hole detail. SAODV which is based on public key cryptography
attacks; Intrusion detection; Reactive routing protocols; extends the AODV message format to include security
Wireless ad hoc networks. parameter for security the routing messages.
Adaptive Secure AODV (A-SAODV) [3] is a prototype
I. INTRODUCTION implementation of SAODV, based on the AODV-UU
Wireless networks are inherently susceptible to security implementation by Uppsala University. Unlike AODV-UU,
problems. The intrusion on the transmission medium is easier A-SAODV is a multithreaded application: cryptographic
than for wired networks and it is possible to conduct denial of operations are performed by a dedicated thread to avoid
service attacks by scrambling the used frequency bands. The blocking the processing of other messages.
ad hoc context increases the number of potential security SecAODV [4] is a secure routing protocol, its
vulnerabilities. Because by definition without infrastructure, implementation is similar to that of Boostrapping Security
ad hoc networks can not benefit from the security services Associations for Routing in Mobile Ad hoc Networks (BSAR)
offered by dedicated equipment: firewalls, authentication [5] and Secure Bootstrapping and Routing in an IPv6-based ad
servers, etc... The security services must be distributed, hoc network (SBRP) [6] for DSR. SecAODV is a distributed
cooperative and consistent with the available bandwidth. algorithm designed for MANETs under IPv6, it did not
Routing also poses specific problems: each node in the require a trust relationship established between pairs of nodes,
network can serve as a relay and is able to capture or divert or synchronization between nodes, or shared key or other
traffic in transit. The work presented here is in this context. secure association between nodes.
M. Al-Shurman et al. [7] propose two solutions to the Black
Hole attack. In the first solution the transmitter is required to
authenticate the node that sent the route reply packet (RREP).

112 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 08, No.2, 2010

The idea here is to wait the arrival of the RREP packet from hop, the node invalidates its route by sending an RERR to all
more than one node, until the identification of a safe route. In nodes that potentially received its RREP. On receipt of the
the second solution, each packet in the network must have a three AODV messages: RREQ, RREP and RERR, the nodes
unique sequence number; and the following packet must have update the next hop, sequence number and the hop counts of
a sequence number greater than the one of the current packet. their routes in such a way as to satisfy the partial order
Each node records the sequence number of the packet and constraint mentioned above.
uses it to check if the received packet is sent by the same node
or not. III. ATTACKS AGAINST AODV
C. Tseng et al [8] propose a solution based on the Attacks against AODV can be classified in two classes
specification of intrusion detection to detect attacks on AODV [11]:
[9], their approach is to model the behavior of AODV by a
machine of finite-state (finite state machine) to detect - Passive attacks: In a passive attack, the attacker does not
violations of the protocol specification. disturb the routing process but only attempts to discover
In this article we present an approach for defending AODV valuable information by listening to the routing traffic. The
protocol against Black Hole attacks. Our main first idea is to major advantage for the attacker in passive attacks is that in a
include the source route in the header of the RREQ control wireless environment the attack is usually impossible to
packets. In addition to that, any intermediate node records the detect. This also makes defending against such attacks
sequence number of the destination. Thus, if the packet is difficult. Furthermore, routing information can reveal
compromised, the destination node can easily retrieve the relationships between nodes or disclose their IP addresses. If a
address of the attacker. On the other hand, each node route to a particular node is requested more often than to other
forwarding a RREQ packet records the addresses of its nodes, the attacker might expect that the node is important for
successors in a local table. Thus, it can check if the sender of the functioning of the network, and disabling it could bring the
the RREP received packet is legitimate or not. entire network down.
- Active attacks: These attacks involve actions performed by
The remainder of the paper is organized as follows:
adversaries, for instance the replication, modification and
Section 2 presents briefly the AODV protocol. Attacks against
deletion of exchanged data. The goal may be to attract packets
AODV are described in Section 3. We especially detail the
destined to other nodes to the attacker for analysis or just to
Balck hole attack in this section. Our approach is described in
disable the network. A major difference in comparison with
details in section 4. Section 5 presents simulation results.
passive attacks is that an active attack can sometimes be
Finally, section 6 concludes the paper.
detected.
II. THE AODV PROTOCOL The following is a list of some types of active attacks that
AODV (Ad-hoc On-demand Distance Vector) [10] is a can usually be easily performed against AODV protocol.
loop-free routing protocol for ad-hoc networks. It is designed Black hole: In the black hole attack [12], a malicious node
to be self-starting in an environment of mobile nodes, uses the routing protocol to advertise itself as having the
withstanding a variety of network behaviors such as node shortest path to the node whose packets it wants to intercept.
mobility, link failures and packet losses. Black hole attack against RREQ packets: As it was said
At each node, AODV maintains a routing table. The before (section 2), the sequence number of a packet acts as a
routing table entry for a destination contains three essential form of time-stamping, and is a measure of the freshness of a
fields: a next hop node, a sequence number and a hop count. route. Indeed, the node having the higher sequence number to
All packets destined to the destination are sent to the next hop reach a given destination node D, will be considered as the
node. The sequence number acts as a form of time-stamping, one having the shorter route to D. So, on receipt of the RREQ
and is a measure of the freshness of a route. The hop count packet, the attacker will simply set the sequence number to the
represents the current distance to the destination node. higher possible value. In this case, this malicious device will
In AODV, nodes discover routes in request-response be able to insert itself between the communicating nodes, and
cycles. A node requests a route to a destination by will be able to do anything with the packets passing between
broadcasting an RREQ message to all its neighbors. When a them.
node receives an RREQ message but does not have a route to Black hole attack against RREP packets: Similarly, on
the requested destination, it in turn broadcasts the RREQ receipt of a RREP from the legitimate destination node D, the
message. Also, it remembers a reverse-route to the requesting malicious node M will set the sequence number of this packet
node which can be used to forward subsequent responses to to the higher possible value. Consequently, all the
this RREQ. This process repeats until the RREQ reaches a intermediate nodes between M and the source node, will
node that has a valid route to the destination. This node forward the message of the malicious node.
(which can be the destination itself) responds with an RREP Wormhole: In the wormhole attack [13], an attacker records
message. This RREP is unicast along the reverse-routes of the packets (or bits) at one location in the network, tunnels them
intermediate nodes until it reaches the original requesting to another location, and retransmits them there into the
node. Thus, at the end of this request-response cycle a network. The wormhole attack is possible even if the attacker
bidirectional route is established between the requesting node has not compromised any hosts and even if all communication
and the destination. When a node loses connectivity to its next provides authenticity and confidentiality. The wormhole
attack can form a serious threat in wireless networks,

113 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 08, No.2, 2010

especially against many ad hoc network routing protocols and
location-based wireless security systems.
Rushing attack: This kind of attack [13] is a malicious attack RREQ<B, D, 60>
that is targeted against on-demand routing protocols that use B
duplicate suppression at each node, like AODV. An attacker
disseminates RREQs quickly throughout the network, A D RREQ<M, D, 1000>
suppressing any later legitimate RREQs when nodes drop RREQ<A, D, 30> RREP
them due to the duplicate suppression. Thus the protocol can M
not set up a route to the desirable destination. RREQ<M, D, 1000>
Spoofing: By masquerading as another node, a malicious node
can launch many attacks in a network. This is commonly Fig. 1. Example of Black hole attack on RREQ packets.
known as spoofing [14]. Spoofing occurs when a node
misrepresents its identity in the network, such as by altering By using AODV-SABH the node D will detect that node M is
its MAC or IP address in outgoing packets. Spoofing malicious, it will reject its packet and will send a RREP
combined with packet modification is really a dangerous packet to the source node A via the legitimate node B (see
attack. figure 2). In fact, SN_D is really equal to 60, but the sequence
Routing table overflow: In a routing table overflow attack the number of the packet of M is equal to 1000 (!)
attacker attempts to create routes to nonexistent nodes [15].
The goal is to create enough routes to prevent new routes from
being created or to overwhelm the protocol implementation. RREQ<A, B, D, 60>
Proactive routing algorithms attempt to discover routing B RREP
information even before it is needed while a reactive
algorithm creates a route only once it is needed. This property D RREQ<A, B, D, 60>
A
appears to make proactive algorithms more vulnerable to table
overflow attacks. An attacker can simply send excessive route RREQ<A, D, 30>
M
advertisements to the routers in a network.
Reactive protocols, on the other hand, do not collect RREQ<A, M, D, 1000>
routing data in advance. For example in AODV, two or more
malicious nodes would need to cooperate to create false data Fig. 2. Using AODV-SABH to detect the malicious node.
efficiently. The other node requests routes and the other one
replies with forged addresses. Securing RREP packets: To secure RREP packets, every
node will record the addresses of all nodes to whom it will
IV. OUR APPROACH forward the RREQ packet in a local table. To do that, every
node receiving RREQ packet during the route discovery
We called our approach AODV-SABH (AODV Secured process must sends its address to the sender. So, when a node
Against Black Hole attack). This is why our approach leads receives a RREP packet it can check if the address of the
to secure both the RREQ and the RREP packets. sender belongs or not to its local table. If the address of the
Securing RREQ packets: To secure RREQ packets we sender of RREP does not match any address recorded in its
propose to add two fields in the RREQ packet. The first field local table, then the receiving node concludes that the sender
will be used to include the list of the addresses of all the is a malicious node. So, it will reject the packet, and will alert
intermediate nodes between the source and the destination, in the other nodes.
order to detect the address of the attacker. On the other hand,
each node will use the second field to record the sequence V. SIMULATIONS
number of the destination node that it knows. On receipt of the
RREQ packet, the destination node D compares its own A. Simulation parameters
sequence number (SN_D) to the one of the received packet. If For our simulations we used the Network Simulator 2 (ns-
the sequence number of the received packet is greater than 2). Our simulations consist of 20 nodes evolving in a region of
SN_D then the packet will be rejected, D will use the first (950 m × 950 m) during 100 seconds. Transmission range is
added field in the packet to find the intruder, and it will alert set to 250 meters. Random waypoint movement model is used
the other nodes. and maximum movement speed is 12m/s.
For example, the following graph (figure 1) represents a Packets among the nodes are transmitted with constant bit
network where the node A requests a route to node D. It sends rate (CBR) of one packet per second, and the size of each
a RREQ packet having a sequence number equal to 30. On packet is 512 bytes.
receipt of this packet, the malicious node M will set the In these simulations we used the following evaluation
sequence number to 1000. On receipt of the packet of node A, metrics:
node B will set the sequence number to 60. Finally, the Packet delivery ratio (PDR): The percentage of data packets
destination node D will focus on the message of M thinking delivered to destination with respect to the number of packets
that this node has the freshness route to the source node A. D sent. This metric shows the reliability of data packet delivery.
will then send a RREP message to A via the node M.

114 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 08, No.2, 2010

Control traffic: This metric informs us about the amount of
control packets generated by the protocol for the research, the
establishment and the maintenance of routes.
Route establishment delay (RED): This parameter shows us
the time needed for the creation of a route by a source node, it
is computed in milliseconds.

B. Simulation results
AODV under attack
All the results described here are mean values of 50
experiments. Firstly, the aim of our simulation is to study the
effect of the black hole attack on both the AODV and AODV-
SABH protocols. This is why; by varying the number of
source nodes from 10 to 15, this first experiment aims to show
the impact of this parameter on the PDR. The following graph
illustrates the results. Fig. 4. The impact of the nodes mobility on the PDR.

According to figure 4, we can conclude that AODV-SABH
outperforms AODV under attack in term of PDR while
varying the movement speed of nodes. Even if AODV-SABH
detects attackers and rejects compromised control packets; it
behaves like a safe AODV (it performs the same PDR values
as those of AODV). In this case, the PDR decreases lightly
(from 99% to 98%) when the speed increases. In fact, when
the speed increases, links between nodes may break and the
source nodes must re-run the discovery route process to
AODV under attack
establish new routes. In this case, there will be more control
packets transmitted and less data packets.
The PDR of AODV which is subject to an attack decreases
when the movement speed of nodes increases. This is justified
by the fact that when the mobility of nodes increases the
network topology changes frequently, and hence the links are
Fig. 3. The impact of the number of source nodes on the PDR. broken, forcing source nodes to re-run the route discovery
process. Consequently, the attacker can easily exploit these
According to figure 3, we can conclude that AODV-SABH
new phases of route discovery to insert itself between
outperforms AODV protocol in term of PDR. This is mainly
legitimate nodes and do anything with the received packets.
due to the fact that our protocol detects the attacker and allows
In the next experiment we want to compute the cost of
the source nodes to avoid it. By avoiding the attacker, our
route discovery, while using 5 source nodes, by computing the
protocol finds shortest paths, and so, delivers more packets.
number of control packets needed to establish a route. To do
On the other hand, the PDR decreases in the case of AODV
this, we computed the number of control packets
that is subject to an attack. This is due to the fact that the
(RREQ/RREP) according to the movement speed of nodes
number of correctly received packet is very less then the
and the number of malicious nodes (from 1 to 9) in the
number of transmitted packets. Indeed, with the increase of
network.
the source nodes, the probability of intrusion increases, and
the malicious node absorbs all the data packets passing
through it.
In the following experiment we will look for the impact of
the nodes mobility on the PDR, in case of AODV and AODV-
SABH. We will vary the movement speed of nodes from 8 to
12 m/s and we will use 5 source nodes.

AODV under attack

Fig. 5. The impact of the nodes mobility on the number of control packets
(RREQ/RREP).

115 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 08, No.2, 2010

According to figure 5, the number of control packets increases
whatever is the used protocol. The attacked AODV (green
graph) performs the less number of control packets
(RREQ/RREP). In fact, in the absence of any countermeasure
against the attacker, all the source nodes believe that their
established routes are correct, and do not re-run the route

AODV under attack
discovery process.
If there is no attack against AODV (red graph) we observe
that the number of control packets grows with the growing of
the movement speed of nodes. As said previously, this is due
to the fact that links between nodes may break and the nodes
must re-run the discovery route process to establish new
routes.
AODV-SABH performs the higher number of control packets.
Indeed, whenever the attacker is detected, this protocol re-runs Fig. 7. The impact of the number of nodes on the route establishment
delay.
the discovery route process, and rejects any compromised
RREQ or RREP packets. On the other hand, there are 5 source Figure 7 shows that AODV-SABH behaves like AODV
nodes, so there are more control packets to manage. In (without attack). Indeed, the two protocols reach the same
addition to that, the nodes are moving, so, the risk of broken RED values while varying the number of nodes. When the
links increases, and then the source nodes must restart the number of nodes increases, the nodes are more close to each
route discovery process. other, and less is the delay of route establishment.
In case of the attacked AODV (without any countermeasure),
the delay is constant even if the number of nodes increases.
This is mainly due to the fact that the whole network is
compromised and source nodes do not request new routes.

VI. CONCLUSION
An efficient and simple approach for defending the AODV
protocol against Black Hole attacks is proposed. Our main
contribution consists of including the source route in the
header of the control messages. Indeed, each intermediate
node receiving a RREQ packet adds its own address to the
message. After that, it sends it to its successors. In addition to
that, any node must include in such a packet the sequence
number of the destination. Thus, when the destination node
Fig. 6. The impact of the number of malicious nodes on the number of receives the RREQ packet, it checks if its sequence number is
control packets (RREQ/RREP). less than the one included in the packet. If it is, it will
According to figure 6, the number of control packets conclude to an attack and can find the address of the intruder
decreases when the number of malicious nodes increases in by consulting the list of addresses in the RREQ packet. On the
case of AODV-SABH. This can be explained by the fact that other hand, to secure RREP packets, every node sending
our protocol detects the intruders and does not transmit any RREQ must record the addresses of its receptors in a local
RREP packet if the received RREQ is compromised. We can table. So, when it receives a RREP packet it can check if the
also conclude that if 6 nodes among the 20 composing the address of the sender is included or not in this table. Any
network are malicious, they can compromise the whole compromised packets will be rejected and the detecting node
network and our protocol is not efficient in this case. In this alerts the other nodes in the network. In this case, source
case the source nodes believe that their established routes are nodes must request new routes to reach the destination.
correct and do not request new routes. As future work we will focus on securing AODV against
Finally, the following experiment will show the impact of the other known attacks. We will also focus on resolving the
number of nodes on the RED. problem of multiple attacks against AODV. After that we will
implement robust software to detect and counter any intruder.

REFERENCES
[1] M. G. Zapata, “Secure ad-hoc on-demand distance vector (saodv) rout-
ing,”ftp://manet.itd.nrl.navy.mil/pub/manet/2001-10.mail,October 2001.
[2] M. G. Zapata and N. Asokan, “Securing ad-hoc routing protocols,” in
Proceedings of the 2002 ACM Workshop on Wireless Security, pp. 1–10, Sept
2002.
[3] Davide Cerri and Alessandro Ghioni, “Securing AODV: The A-SAODV
Secure Routing Prototype”, IEEE Communications Magazine, Vol. 42(2), pp.
120-125, 2008.

116 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 08, No.2, 2010
[4] A.J. Michaele, I.Karygiannis,T Anand and al. “Secure Routing and Rachid Beghdad, received his computer science engineer degree in 1991
intrusion Detection in Ad Hoc Networks”, in the Proceedings of the 3rd from the ENITA school of engineers, Algiers, Algeria. He received his Master
International Conference on pervasive computing and computer science degree from Clermont-Ferrand University, France, in 1994.
communications(Percom 2005), Kauai Island, Hawaii. 2005. He earned his Ph.D. computer science degree from Toulouse University,
[5] V.R.G.Bobba, L.Eschenauer and W.Arbaugh. Bootstarpping Security France, in 1997. He obtained his Habilitation from the University of
Association for Routing in Mobile Ad HocNetworks, in the Proceedings of Constantine, 2010.
GlobeCom’2003, pp. 1511-1515, 2003. He is a reviewer for some journals, such as the Advances in Engineering
[6] J.R.Jiang, Y.C.Tseng and J.H.Lee. Secure Bootstrapping and routing in an Software journal, Elsevier, UK, the Computer Communications journal,
IPv6-based Ad Hoc Network, ICCP Workshop on Wirless Security and Elsevier, UK, the WESEAS transactions on computer journal, Greece, and the
Privacy, pp.375-390, 2003. IJCSSE journal, UK. He was also a reviewer for the CCCT’04, CCCT’05,
[7] M. Al-Shurman and al., “Black Hole Attack in Mobile Ad hoc Networks”, CCCT’09, and CCCT’10 International Conferences, USA.
in the Proceedings of ACMSE'04, pp. 96-97, 2004. His main current interest is in the area of computer communication systems
[8] C. Tseng.”A Specification-based Intrusion Detection System for AODV”, including intrusion detection methods, wireless sensor networks, unicast and
in the Proceeding of the lst ACM Workshop Security of Ad Hoc and Sensor multicast routing protocols, real-time protocols, and wireless LAN protocols.
Networks Fairfax, pp. 125-134, 2003.
[9] E.M.Beldin Adg-Royer, C.E.Perkins and S.Das. “Ad hoc on demand
distance vector (aodv) Routing”, IETF Internet draft, draft-ietf-manet-aodv-
12.txt, 2002.
[10] Madanlal Musuvathi, David Y. W. Park, Andy Chou, Dawson R. Engler,
David L. Dill: “CMC: A Pragmatic Approach to Model Checking Real Code”.
In the Proceedings of OSDI’ 2002, pp. 75-88, 2002.
[11] Qifeng Lu , ” Vulnerability of Wireless Routing Protocols “, internal
report, University of Massachusetts Amherst, Dec 15, 2002.
[12] Feiyi Wang, Brian Vetter and Shyhtsun Wu. Secure Routing Protocols:
Theory and Practice. North Carolina State University, May 1997.
[13] Y.-C. Hu, A. Perrig, and D. B. Johnson. Ariadne: A secure on-demand
routing protocol for ad hoc networks. In Proceedings of the 8th ACM
International Conference on Mobile Computing and Networking. (MobiCom),
pp. 21-38, 2002.
[14] K. Sanzgiri, B. Dahill, B. N. Levine, C. Shields, and E. M. Belding-
Royer. A secure routing protocol for ad hoc networks. In Proceedings of the
10th IEEE InternationalConference on Network Protocols (ICNP), pp. 78-87,
2002.
[15] www.tcm.hut.fi/Opinnot/Tik-110.501/2000/papers/lundberg.ps

AUTHORS PROFILE
Fatima Ameza obtained Master degree in computer sciences from the
University of Bejaia in 2009. She is currently a PhD student in the RESYD
doctoral school of Bejaia university. His research topic focuses on securing
wireless networks.
Nassima Assam obtained Master degree in computer sciences from the
University of Bejaia in 2009.

117 http://sites.google.com/site/ijcsis/
ISSN 1947-5500