Protocols Under Black Hole Attack Environment Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Abstract: - Due to the massive existing vulnerabilities in mobile ad-hoc networks, they may be insecure against attacks by the malicious nodes. In this paper we have analyzed the effects of Blackhole attack on mobile ad hoc routing protocols. Mainly two protocols AODV and Improved AODV have been considered. Simulation has been performed on the basis of performance parameters and effect has been analyzed after adding Black-hole nodes in the network. Finally the results have been computed and compared to stumble on which protocol is least affected by these attacks.

Key-words: - MANETs, Routing Protocols, Black-hole attacks, AODV, Improved AODV.

1 Introduction

A Mobile Ad hoc Network (MANET) as shown in figure 1 is an independent system of mobile routers attached by wireless links. The routers move freely and organize themselves randomly. The network topology may change rapidly and spontaneously. Such a network may operate in an individual fashion or may be connected to the Internet. Multi hop, mobility, large network size combined with device heterogeneity, bandwidth and battery power constrain make the design of passable routing protocols a major challenge.

In recent years, a lot of routing protocols have been proposed for MANETs, out of whom two major protocols AODV and Improved AODV have been discussed in this paper.

Fig.1. A Mobile Ad-Hoc Network with 4 nodes

2 MANET Characteristics

* Autonomous and infrastructure less

MANET is a self-organized network, independent of any established infrastructure and centralized network administration. Each node acts as a router and operates in distributed manner.

* Multi-hop routing

Since there exists no dedicated router, so every node also acts as a router and aids in forwarding packets to the intended destination. Hence, information sharing among mobile nodes is made available.

* Dynamic network topology

Since MANET nodes move randomly in the network, the topology of MANET changes frequently, leading to regular route changes, network partitions, and possibly packet losses.

* Variation on link and node capabilities

Every participating node in an ad hoc network is equipped with different type of radio devices having varying transmission and receiving capabilities. They all operate on multiple frequency bands. Asymmetric links may be formed due to this heterogeneity in the radio capabilities.

* Energy-constrained operation

The processing power of node is restricted because the batteries carried by portable mobile devices have limited power supply.

* Network scalability

A wide range of MANET applications may involve bulky networks with plenty of nodes especially that can be found in strategic networks. Scalability is crucial to the flourishing operation of MANET.

3 MANET Applications

There are many applications of MANET:

* Military Networks

The latest digital military fields demand strong and consistent communication in different forms. Mostly devices are deployed in moving military vehicles, tanks, trucks etc which can share information randomly among them.

* Sensor Networks

One more application of MANETs is the Sensor Networks. It is a network which consists of a large number of devices or nodes called sensors, which sense a particular incoming signal and transmit it to appropriate destination node.

* Automotive Applications

Automotive networks are extensively discussed currently. Vehicles should be enabled to communicate on the road with each other and with traffic lights forming ad-hoc networks of diverse sizes. This network will provide drivers with information about the road conditions, traffic congestions and accident-ahead warnings which help in optimizing the traffic flow.

* Emergency services

Ad hoc networks are broadly being used in rescue operations for disaster relief efforts during floods, earthquakes, etc.

4 Routing Protocols

MANET routing protocols are categorized into three main categories as shown in figure 2:

* Table driven/ Proactive

* Source initiated (demand driven) / Reactive

* Hybrid

Fig. 2. Classification of MANET Routing Protocols

4.1 Table Driven Routing Protocols

Table driven also known as proactive protocols maintain reliable and up to date routing information between all the nodes in an ad hoc network. In this each node builds its own routing table which can be used to find out a path to a destination and routing information is stored. Whenever there is any variation in the network topology, updation has to be made in the entire network [5]. Some of the main table driven protocols are:

Optimized Link State Routing protocol (OLSR)

Destination sequenced Distance vector routing (DSDV)

Wireless routing protocol (WRP)

Fish eye State Routing protocol (FSR)

Cluster Gateway switch routing protocol (CGSR)

4.2 Source Initiated Routing Protocols

In On-demand or Reactive routing protocols routes are formed as and when required. When a node desires to send data to any other node, it first initiates route discovery process to discover the path to that destination node. This path remains applicable till the destination is accessible or the route is not required. Different types of on demand driven protocols have been developed such as:

Ad hoc On Demand Distance Vector (AODV)

Dynamic Source routing protocol (DSR)

Temporally ordered routing algorithm (TORA)

Associativity Based routing (ABR)

4.3 Hybrid Routing Protocols

This type of routing protocols combines the features of both the previous categories. Nodes belonging to a particular geographical region are considered to be in same zone and are proactive in nature. Whereas the communication between nodes located in different zones is done reactively. The different types of Hybrid routing protocols are:

Zone routing protocol (ZRP)

Zone-based hierarchical link state (ZHLS)

Distributed dynamic routing (DDR)

5 AODV Routing Protocol

Ad Hoc on-Demand Distance Vector (AODV) routing protocol is a reactive protocol.

Route Discovery

Route discovery process is initiated whenever a node needs to send data packet to the destination and there is no valid route available in its routing table. The source node then broadcasts a route request (RREQ) packet to all its neighbor nodes, which then forward the request to their neighbor nodes and the process repeats as shown in figure 3. Each node is assigned a sequence no. and a broadcast ID which is incremented each time the node issues a RREQ packet. The broadcast ID together with the node�s IP address, exclusively identifies a RREQ [3] which is unique in nature.

The initiator node includes in the RREQ the following:

- Its own sequence number.

- The broadcast ID.

- The most recent sequence number the initiator has for the destination.

Upon receiving RREQ by a node which is either destination node or an intermediate node with a fresh route to destination, it replies by unicasting a route reply (RREP) message to the source node. As the RREP is routed back along the reverse path, intermediate nodes along this path set up forward path entries to the destination in their routing tables. When the RREP reaches source node, a route from source to destination node is established. Figure 3 indicates the path of the RREP from the destination node to the source node [9].

Fig. 3 Propagation of Route Request packet & Route Reply packet.

Route Maintenance

Once a route is established between source and destination, it needs maintenance usually at the source end. When any link break or failure is detected, it is declared as invalid and a route error (RERR) message is flooded to all the nodes in the network. These nodes in turn broadcast the RERR to their ancestor nodes and further until the affected source node is reached. The source node may then decide to either stop sending data or restart the route discovery process for that particular destination by sending out a fresh RREQ message to its neighbor nodes.

6 IAODV Routing Protocol

A hybrid routing protocol called improved AODV (IAODV) integrates two features: Multipath and Path accumulation as explained below [20].

Multipath: Multipath AODV reduces the route discovery frequency as compared to single path AODV. It finds multiple paths between a source and a destination in a route discovery process. Single path AODV initiates a new route discovery when it detects one path failure to the destination. In contrast Multipath AODV initiates a new route discovery when all these paths fail or are obsolete. Multipath AODV minimizes the number of common links between a source and a destination. A path with more common nodes has a higher probability to create common links.

Path accumulation: Path accumulation feature as shown in figure 4(a) enables us to append all discovered paths between source and destination nodes to the control messages. Hence, at any intermediate node the route request (RREQ) packet contains a list of all nodes traversed. Each node receiving these control messages updates its routing table. It adds paths to each node contained in these messages.

Fig. 4(a) Path accumulation

6.1 Types of IAODV operations

Route discovery

Route discovery as shown in figure 4(b) includes a route request message (RREQ) and route reply message (RREP). Suppose Node 2 wants to communicate with Node 9. Each node forwarding the RREQ creates a reverse route to 2 used when sending back the RREP. When sending back the RREP, nodes on the reverse route create routes to node 9.

Fig. 4(b) Route discovery

Route maintenance

It includes a Route Error message (RERR). Route maintenance is a process of responding to topology updation which can happen after a route has been initially created. To maintain these paths, the nodes continuously examine the active links and update the valid timeout field of entries in its routing table during data transfer. If a node receives a data packet for a destination it does not have a valid route for, it must reply with a RERR message. When creating the RERR message, the node makes a list containing the address and sequence number of the unapproachable node. Then the node updates all the entries in routing table.

The key purpose is to notify about all the additional routes being created during discovery phase that are no longer available. The node then sends a list in the RERR packet which is broadcasted in the network. This distribution process is illustrated in figure 4(c). The link between nodes 6 and 9 breaks, and node 6 generates an RERR. Only nodes having a route table entry for node 9 propagate the RERR message further.

Fig. 4(c) Route maintenance

7 Security issues in MANETs

There are basically two kinds of attacks that can affect MANETs: Passive and Active. A Passive Attack does not disturb the operation of the protocol, but tries to determine important information by listening to traffic [16]. Passive attacks basically involve obtaining critical routing information by sniffing about the network. Such attacks are usually complex to detect and hence, shielding against such attacks is thorny. Even if it is not possible to make out the exact location of a node, one may be able to discover information about the network topology. An Active Attack injects random packets and tries to interrupt the operation of protocol in order to limit the accessibility or catch the attention of packets destined to other nodes. The basic aim is to pull all packets towards the attacker for analysis or to obstruct the network communication. Such attacks can be detected and the nodes can be identified.

Passive attacks can be debarred using various encryption mechanisms. Only active attacks can be accepted out at routing level. These can either be inner outer. Inner attacks can be passive and active. Passive attacks are unauthorized disruption of the routing packets and active attack is from outside sources to degrade or damage message flow within the network nodes [17]. A secure MANET environment should provide confidentially, integrity, authenticity, availability and non-repudiation. Apart from the attacks prevailing in MANETs, there are a variety of threats which are divided into two categories: threats to network mechanism and threats to security mechanism [18]. The following are few attacks based on routing mechanism [19]:

Black Hole

The black hole attack is briefly introduced in [20]. In the attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept.

Worm Hole

In a wormhole attack, two malicious collaborating nodes which are connected through a private network, can record packets at one location in the network and tunnel them to another location through the private network and retransmits them into the network [2].

8 Blackhole attack

A malicious node always utilize some routing protocol to publish itself as having the shortest path to the node whose packets it wants to seize [1]. Once this node is able to add itself between the communicating nodes, it can do anything with the packets passing between them. It can then choose to drop the packets thereby creating Denial of Service attacks. Security in mobile ad-hoc network is the most vital concern for basic functionality of a network [6]. Accessibility of network services, confidentiality and integrity of data can be achieved by assuring that security issues have been met. MANETs suffer from security attacks because they possess open medium, rapidly changing topology, lack of central administration and non-robust defense mechanism. These factors lead to various security threats in mobile ad hoc networks [2].

Blackhole Attacks are classified into two categories:

Single Blackhole Attack: In this only one node acts as malicious node within a zone. It is also known as Blackhole Attack with single malicious node [22].

Collaborative Blackhole Attack: In this multiple nodes in a group act as malicious node. It is also known as Blackhole Attack with multiple malicious nodes [23].

The work done in earlier years based on security issues i.e. attacks (particularly Blackhole) on MANETs is mainly based on reactive routing protocols like Ad-Hoc on Demand Distance Vector (AODV) [11]. Blackhole attack is studied under the AODV routing protocol and its effects are analyzed by stating how these attacks disrupt the performance of MANET. Very little attention has been given to the fact to study the impact of Blackhole attack on MANETs using reactive, proactive and hybrid protocols and to compare the vulnerability of these protocols against the attacks [7]. The goal of this work is to study the effects of Blackhole attacks on reactive routing protocols i.e. Ad-Hoc on Demand Distance Vector (AODV) and Improved Ad-Hoc on Demand Distance Vector (IAODV).

8.1 Black hole attack on AODV protocol

AODV treats Route Reply (RREP) messages with higher value of destination sequence number as fresher. The malicious node will always send RREP with highest possible value of destination sequence number [4]. Such RREP message, when received by source node is treated afresh, too. The fallout is that there is a high probability of a malicious node attempting to orchestrate the Blackhole attacks in AODV [10, 14]. As an example, consider the following scenario shown in figure 6.

Fig. 6 Malicious node in AODV network

We illustrate a typical scenario of the protocol packet exchanges, depicting the generation and traversal of RREQ and RREP control messages. The node S is assumed to be the source node desiring to communicate with node D. Thus, as per the explanation earlier, node S would generate the RREQ control message and broadcast it. The broadcasted RREQ control message is expected to be received by the nodes N1, N2 and N3. Assuming that the node N3 has a route to node D in its route table, the node N3 would generate a RREP control message and update its routing table with the accumulated hop count and the destination sequence number of the destination node [8, 12].

Node M being malicious node, would generate a false RREP control message and send it to node N3 with a very high destination sequence number, that subsequently would be sent to the node S. In Route Maintenance phase, if a node finds a link break or failure, then it sends RERR message to all the nodes that uses the route [9, 13].

Blackhole attack in AODV protocol can be performed in two ways: Blackhole attack caused by RREP and by RREQ [21] are discussed in table1.

Table1: Two ways of Blackhole attack

Caused by RREQ

9 Simulation Environment

We have implemented Blackhole attack in an ns2 simulator [15]. CBR (Constant Bit Rate) application has been implemented. The problem is investigated by means of collecting data, experiments and simulation which gives some results, these results are analyzed and decisions are made on their basis. The simulator which is used for simulation is ns2. It is a discrete event simulator targeted at networking research. It provides a substantial support for simulation of TCP, routing, and multicast protocols over wired and wireless (local and satellite) networks. Using ns2, we can implement your new protocol and compare its performance to TCP. This allows testing ideas before trying real-world experiments. In order to setup the simulation network in ns2, language called Tcl is used. It requires two languages C++ and Tcl. C++ are used for detailed protocol simulations, byte manipulation, packet processing, routing protocol implementation. Tcl is used to write simulation code and quickly exploring a number of scenarios. To evaluate the performance of a protocol for an ad-hoc network, it is necessary to test the protocol under realistic conditions, especially including the movement of the mobile nodes. Simulation requires setting up traffic and mobility model for performance evaluation. Table 2 shows the parameters that have been used in performing simulation.

Table 2: Simulation Parameters


9.1 Performance Analysis

Protocols can be compared by evaluating various performance metrics as shown below:

* Packet Delivery Ratio- It is calculated by dividing the number of packet received by destination through the number packet originated from source.

PDF = (Pr/Ps)

where Pr is total Packet received and Ps is the total Packet sent.

* Average end-to end delay- It is defined as the time taken for a data packet to be transmitted across an MANET from source to destination.

D = (Tr �Ts)

where Tr is receive Time and Ts is sent Time.

* Throughput- It can also be defined as the total amount of data a receiver actually receives from sender divided by the time taken by the receiver to obtain the last packet.

9.2 Experimental Setup

The simulation scenario and parameters used for performing the detailed analysis of Blackhole attacks on MANET routing protocols is mentioned below. This section describes the how the performance parameters have been evaluated to simulate the routing protocols. Following files have been used for simulation.

* Input to Simulator:-

o Scenario File � Movement of nodes.

o Traffic pattern file.

o Simulation TCL file

* Output File from Simulator:

o Trace file

o Network Animator file

* Output from Trace Analyzer:

o xgr file

Generation of Movement File:

Traffic Pattern File:

ns cbrgen.tcl [-type cbr|tcp] [-nn nodes] [-seed seed] [-mc connections] [-rate rate]

Generation of Scenario File:

To generate the traffic movement file, following is example command.

./setdest -n <num_of_nodes> -p <pause_time> -s <maxspeed> -t <simtime> -x <maxx> -y <maxy> > < scenario file>

Here n � no. of nodes, p � pause time, s � speed, t - simulation time, and x, y � grid size.

9.3 NAM

NAM stands for Network Animator. It contains data for network topology. It starts with the command 'nam <nam-file>' where '<nam-file>' is the name of a nam trace file. At linux terminal command to run NAM is ./nam.

Fig. 7 Network Scenario for 50 nodes

After performing simulation as per network scenario shown in the figure 7, trace files are generated. Trace file contains following information:

o Send/Receive Packet

o Time

o Traffic Pattern

o Size of Packet

o Source Node

o Destination Node etc.

9.4 Analysis using Trace Analyzer

Awk script trace analyzer is used to analyze trace output from simulation. When files are analyzed using this trace analyzer an output xgr file is created which results in the generation of graphs.

10 Results

Using outputs from awk script following graphs and results are generated.

Packet Delivery Ratio v/s pause time

Simulation results of figure 7(a) show that under blackhole attack packet delivery ratio of IAODV is more as compared to AODV.

Fig. 8(a): Impact of Blackhole Attack on Packet Delivery Ratio.

End To End Delay v/s pause time

Simulation results in figure 7(b) show that IAODV has less end to end delay than AODV routing protocol.

Fig. 8(b): Impact of Blackhole Attack on the Average End-to-End Delay

Throughput v/s Pause time

Simulation results in figure 7(c) show that IAODV has a high throughput as compared to AODV routing protocol.

Fig. 8(c): Impact of Blackhole Attack on the Network Throughput

Simulation results in figure 8 shows the average values for each parameter discussed above. It has been observed from the simulation scripts that IAODV has a more packet delivery ratio, less average end to end delay and fewer throughputs as compared to AODV routing protocol. The comparison chart in table 3 shows that Blackhole attacks have least impact on IAODV routing protocol.

Table 3: Effect of Blackhole attack on performance of routing protocols



In this paper, we have analyzed the Blackhole attack with respect to different performance parameters such as end-to-end delay, throughput and packet delivery ratio. We have analyzed the vulnerability of two protocols AODV and Improved AODV under varying pause time. This study was conducted to evaluate the effect of Blackhole attacks on the performance of these protocols. The Simulation results show that IAODV performs better than AODV. The throughput of AODV is effected by twice as compare of IAODV. Also the effect on IAODV by the malicious node is less as compare to AODV. Based on our research and analysis of simulation result we draw the conclusion that IAODV is more vulnerable to Blackhole attack than AODV. But still the detection of Blackhole attacks in ad hoc networks is considered as a challenging task.

Future scope

Simulation can be performed using other existing parameters. This work contains simulation based on random mobility model only. Other mobility models can also be studied and behavior of protocols can be analyzed. Such networks are open to both the external and internal attacks due to lack of any centralized security system. Blackhole attacks are needed to be analyzed on other existing MANET routing protocols such as DSDV, ZRP, DSR etc. Also attacks other than Blackhole such as Wormhole, passive and active attacks shall be considered. They can be classified on the basis of how much they affect the performance of an ad hoc network. The early detection of Blackhole attacks as well as the exclusion policy for such actions shall be carried out for advance research.