Black Hole Attacks On Mobile Ad Hoc Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Security is a major threat and essential requirement for mobile Ad Hoc network. Mobile ad hoc network is a collection of two or more device or node with wireless communication and networking capability that communicate with each other without the aid of any centralized administrator also the wireless node that can dynamically form a network to exchange information without using any existing fixed network infrastructure. There are so many types of attacks that can be done on MANET and can be easily done than in wired network like Black Hole attack, Identity Based attacks. An attacker may similarly create a routing black hole, in which all packets are dropped by sending spoiled routing packets, the attacker could cause all packets for some destination to be routed to itself and could then discard them, or the attacker could cause the route at all node in an area of the network to point to point "into" that area when in fact the destination is outside area. Black attack is one sort of routing disturbing attacks and can bring huge harm to the network. As a result, an efficient algorithm to detect black attack is important a new method that is to be proposed in this paper based on authentication mechanism

1. Introduction

Wireless networks can be classified into infrastructure based networks and infrastructure less networks. A mobile ad hoc network (MANET) is a collection of mobile devices that can communicate with each other without the use of predefined infrastructure or centralized administration. In addition to freedom of mobility, a MANET can be constructed quickly at low cost, as it does not rely on existing network infrastructure. Due to this flexibility, a MANET is attractive for application such as disaster relief, Emergency response network, vehicle network, sensor network, enterprise network, community network, military service, home network, robot network, and so on. Unlike the conventional network, a MANET is characterized by having a dynamic, continuously changing network topology due to mobility of node [1].

Another characteristic of a MANET is its resource constraints, that is, limited bandwidth and limited battery power. This characteristic makes routing in a MANET an even more challenging task. Therefore, early work in MANET research focused on providing routing service with minimum cost in terms of bandwidth and battery power. Currently, various efficient routing protocols or set of operation have been proposed. These protocols can be classified into two classes: reactive routing protocols and proactive routing protocols. In reactive routing protocols, such as the Ad Hoc on Demand Distance Vector (AODV) protocol [2], every node in the network obtains a route to a destination on a demand fashion. In proactive routing protocols, such as the Optimized Link State Routing (OLSR) protocol [2], every node in the network has one or more routes to any possible destination in its routing table at any given time. Thus operation in MANETs introduces some new security problem in addition to the ones already present in fixed networks. According to the criterion that whether attackers disrupt the operation of routing protocol or not, attack in MANETs can be divided into two categories: passive attacks and active attacks [3], [4], [5].In a passive attack, the attacker does not disrupt the operation of a routing protocol but only attempts to monitor valuable information by listening to the routing traffic. In an active attack, however, these attacks involve actions performed by adversaries, modification and deletion of exchanged data to attract packets destined to other nodes to the attacker for analysis or just to disable the network. Some special types of active attacks that can usually be easily performed against MANETs are listed as follows:

Black hole attack [6] attracts all the packets towards it by altering the routing information and then drops those packets. Gray hole attack is a specialized version of a black hole attack, where the malicious node selectively drops packets. The detailed description is provided in section 2.

Routing loop attack [7], where a malicious node modifies the route header during the route discovery phase, so that the intermediate node waste their resources in routing the packets in a loop fashion.

Flooding attacks [8] causes the intermediate nodes to burn their resources in processing the incoming flooded-falsified routing information and in some cases blows out the routing table due to overflow.

Spoofing attack [9], the hacker modifies the source address of the packet he or she is sending so that they appear to be coming from someone else. This may be an attempt to bypass your firewall rules.

Rushing attack [10] arises due to the route suppression technique adopted in routing protocols such as Ad Hoc on Demand Vector Routing Protocol (AODV), where the malicious node disseminates the ROUET REQUEST quickly throughout the network before the legitimate ROUET REQUEST is forwarded.

Detour attack [6] accounts for the packets to be routed along the suboptimal path to prevent one set of nodes from reaching another. In gratuitous attack, an attacker modifies the route information to appear long, so that it is not routed through the attacker.

Blackmail attack [11] incurs due to lack of authenticity and it grants provision for any node to corrupt other node's legitimate information.

These are mechanisms that helps prevent, detect, and respond to security attacks. There are four major goals that need to be addressed in order to maintain a reliable and secure ad-hoc network environment. They are mainly [12]:

Confidentiality: Protection of any information from being exposed to unintended entities. In MANETs, this is more difficult to achieve because intermediates nodes (that act as routers) receive the packets for other recipients, so they can easily eavesdrop the information being routed.

Availability: It secure that the services of the system are available at all times and are not denied to authorized user.

Authentication: Assurance that an entity of concern or the origin of a communication is what it claims to be or from. Without which an attacker would impersonate a node, thus gaining unauthorized access to resource and sensitive information and interfering with operation of other nodes.

Integrity: Message being transmitted is never altered.

Assurance: It is required to guarantee that the security measures have been properly implemented and they function as intended

Non-repudiation: Ensures that sending and receiving parties can never deny ever sending or receiving the message.

2. Black Hole Attack

2.1 AODV Routing Protocol

AODV [13] is an on-demand routing protocol in MANETs. Route discovery is not started until it is required (on-demand). The protocol operates in two mechanisms: route discovery and route maintenance. Route discovery is used when the packet sender has no route available in its RT (Routing Table).It broadcasts a Route Request packet into the network. A node receives a fresh Route Request will check its RT to see whether it has a route to the requested destination. It replies if there is one otherwise, the Route Request is forwarded. Before forwarding, it keeps a reverse path to the source node in its RT. The RT records the route information of the next hop, the distance and the current highest sequence number it has seen. Route maintenance starts when changes in the network topology invalidate a cached route. It is used to notify the source node or to trigger a new route discovery.

2.2 Weakness of AODV

It is possible to exploit a number of weaknesses in AODV to interrupt the communication between nodes. We list some weaknesses of AODV as follow [14]:

Rush attack with RREQ: The purpose of this rush attack is to oppress a valid RREQ (Route Request) sent by a real originator.

False message propagation with RREQ: The goal of this attack is to reroute traffic through the malicious node, and then throw it away.

False reply with RREP: This attack intercepts a request with an answer, hopefully before it reaches the final destination.

False message propagation with RREP: In this attack, the malicious node reroutes traffic by using false RREP (Route Reply) packets. Again, the purpose is to create a black hole and discard traffic.

2.3 Black Hole Attack

When a source node wants to send data packets to a destination node. If there has no route available in its RT, it will initiate the routing discovery process [15], [16]. We assume node B to be a malicious node (See Figure 1). Using the routing AODV protocol, node B claims that it has the routing to the destination node whenever it receives RREQ packets, and send the response to source node at once. The destination node may also give reply. If the reply from a normal destination node reaches the source node of RREQ first, everything works good; but the reply from node B could reach the source node first, if node B is nearer to the source node. Moreover, node B does not need to check its RT when sending a false message; its response is more likely to reach the source node firstly. This make the source node thinks that the routing discovery process is completed, avoids all other reply messages, and starts to send data packets. The fake routing has been created. As a result, all the packets through node B are easily consumed or lost. Node B could be said to form a black hole in the network, and we call it as the black hole attack [15], [17], [18].

















a) Network flooding of RREQ Figure 1 Black Hole Attack b) Propagation of RREQ Message

3. Authentication Mechanism

In this section, we propose an authentication mechanism for identity black hole node, which could be potentially exploited by malicious nodes. To address the above problem, without assuming the existence of any authentication infrastructure [18], which is usually not practical in MANETs An authentication mechanism is constructed based on the concept of the hash function, MAC, PRF [17],[19] as below. The source node checks RREP messages to determine the data packet to pass with our authentication proposed in this paper.

3.1 Hypotheses and Definitions

In our scheme, there are the basic hypotheses and definitions of this work: And it is assumed that each node in MANETs holds the following items [16], [20]:

The plain text M: the original message sent by a destination node is the RREP message.

The cipher text C: which is the output of M encrypted by the cryptosystem.

The sharing secret key Ki [21]: this is unrevealed to all outsiders. Each node gets its Ki by choosing a message divided into blocks wi and recursively applying PRF (Pseudo Random Function) the output value of hash function depends only secret key K and the input message (Denoted by S(.)) on wi, which recursively is obtained by the following formulation, where √3 results in a non repeating period.

S (wi) = wi*√3*K (1)

Each node holds the symmetric cryptosystem, i.e.,

M=Dki (Eki (M)) (2)

Where Eki and Dki are the encryption and decryption functions, respectively.

MAC: which is defined by MAC (Ki, M).

Time synchronization: time synchronization is imposed in the network therefore each mobile node is able to synchronize the same time.

Each node holds a collision-free hash function S, such as SHA/MD5.

3.2 Authentication Mechanism

Step 1: A node gets the sharing secret key ki.

Step 2: According to the system synchronization mechanism, node generates a time stamp Ts.

Step 3: By applying M, Ts, and ki, node uses the one way hash function (OWHF) S(.) to generate MAC for this message, i.e.,

MACM =S (Ki, Ts, M) =S (Ki, Ts, RREP) (3)

Step 4: By applying the global symmetric cryptosystem, node gets the encrypted packet P, and then transmits the packet, i.e.,

P= Eki (Ts, M, MACM) = Eki (Ts, RREP, S (Ki, Ts, RREP)) (4)

For each intermediate node, if a packet is received, it only ahead the packet to the next node.

For the destination node, if a packet is received, it scrutinizes the following four conditions.

By applying the global symmetric cryptosystem, source node firstly gets the decrypted message, i.e.,

Dki (Eki (Ts, M, MACM)) = Dki (Eki (Ts, RREP, S (Ki, Ts, RREP))) (5)

MACM = S(Ki, Ts, M) = S(ki, Ts, RREP)

Ts is in a reasonable time delay range.

The decrypted Ts is the similar as the one in the packet without encryption.

If the four above mentioned scrutinizes are all satisfied, this packet is regarded as a valid packet and this routing is also regarded as a security routing from the source node to the destination node. Then the source node begins to send data packets. Otherwise, the source node executes the following three steps:

Step 1: It deserts the packet because the key is disclosed before it receives the packet and might be potentially faked. In addition, a packet with an invalid MAC is deserted.

Step 2: It initiates another a routing discovery process.

Step 3: It sends out an alert message to separate the malicious node in network.

4. Results and Analysis

We use, QualNet 5.0.1, a network simulation too to simulate wireless and wired packet mode communication network. It provides an exhaustive environment for designing network protocol, creating and visualizing scenarios under user specific condition and analysing their performance. We add the function of our method to ADOV to detect the black hole attack. The simulation parameters are given in table 1.

Table1. Simulation Parameter




QualNet 5.0.1

MAC layer protocol


Examined routing protocol


Application traffic type


Simulation duration


Maximum speed


Maximum segment size

512 byte

Mobility model

Random way point

Node placement

Random ,uniform

Simulation area

1500X1500 m2

Transmission range


Number of mobile nodes


Data rate

2 Mbps

Propagation mode

Free space

Figure.2 represents the affect of black hole attack in AODV on network throughput; the throughput decrease suddenly. It also clearly indicates (show in Figure.2) that the throughput of AODV with black hole is almost equal to throughput of AODV without black hole attack with induction of proposed method in route discovery process of AODV. However, end to end delay increase in AODV inserted with the proposed method in comparison to the original AODV (show in Figure 2). It is due to the fact that, now, every route discovery process of AODV has an overhead of the proposed method irrespective of presence or absence of a black hole. Surprisingly the end to end delay in AODV with black hole attack is low. It is due to the fact that route discovery process is shortened because of black hole; the black hole reply instantly with a forged route to the destination. The systems accept it and the source node sends the data packets which are actually never forwarded the destination, i.e., data transmission time is also shorten. Hence, the end to end delay is low because of the combined effect of (false or forged) shortening in time of route discovery and data transmission irrespective of safe data transmission.

Figure2. Impact of black hole on network throughput and throughput with proposed method under black hole attack

5. Conclusions and Future works

In this paper, we have studied the routing security issues of MANETs, described the black hole attack that can be mounted against a MANET and proposed feasible solution for it on the top of AODV protocol to discard the black hole attack, and also prevented the network form further malicious behaviour. An authentication method eliminates the need for a PKI or other forms of authentication infrastructure, which are usually not practical in MANETs. The future work includes extending this solution to other variants of black hole attack and how to handle unlimited message authentication by switching one way hash function in wireless ad hoc networks.