International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) ISSN 0976 – 6464(Print) ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April, 2013, pp. 93-102 © IAEME: www.iaeme.com/ijecet.asp Journal Impact Factor (2013): 5.8896 (Calculated by GISI) www.jifactor.com IJECET ©IAEME A COMPARATIVE STUDY OF BLACK HOLE ATTACK IN MANET Neha Kaushik Student PDM College of Engineering for Women, B’Garh Ajay Dureja Assistant Professor PDM College of Engineering for Women, B’Garh ABSTRACT A mobile ad-hoc network is an infrastructure less network which consists of a number of mobile nodes that dynamically form a temporary network for the transmission of data from source to destination. Most of the routing protocols rely on the cooperation among the nodes for secure transmission due to lack of centralized administration. Thus the security of MANET is an important concern for all the times. There is no general algorithm for security of principle routing protocols like AODV against commonly known attacks like black hole attack, wormhole attack, rushing attack, etc. In this paper, we survey the different network layer attacks of MANET and compare the existing solutions to combat the single or cooperative black hole attack. Keywords: MANET, Black Hole Attack, Worm Hole Attack, Rushing Attack. 1. INTRODUCTION A mobile ad-hoc network is categorized under infrastructure less network where a number of mobile nodes communicate with each other without any fixed infrastructure between them. Furthermore, all the transmission links are established through wireless medium [1]. The functioning of MANET depends upon the trust and cooperation between the nodes. Each node can individually act as a router or a host for transmitting data packets to other nodes which are not in the range of direct transmission. 93 International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME MANET is one of the recent active fields and has received marvelous attention because of its self-configuration and self-maintenance capabilities [2]. MANET is widely used in military purpose, disaster area, personal area network, etc. Ad hoc network offer great flexibility, higher throughput, lower operating cost and better coverage because of collection of independent nodes [3]. The designing of routing protocols for Ad hoc network is a challenging task and secure ones are even more so. So far, researchers in ad- hoc networking have generally studied the routing problem in a non-adversarial network setting, assuming a trusted environment relatively little research has been done in a more realistic setting in which an adversary may attempt to disrupt the communication [4]. The routing protocols are divided into two main types-Proactive protocols and Reactive protocols. The proactive protocols are Table-Driven protocols in which each node maintains an up-to-date routing information about every other node in a routing table and routes are quickly established without any delay [3]. The reactive protocols, on the other hand, are the on-demand protocols in which the nodes establish the route whenever desired. In this paper, we discuss three main attacks at network layer of MANET namely Black hole attack, Rushing attack and Wormhole attack and compare the existing solutions for the prevention and detection of Black Hole attack. 2. ROUTING PROTOCOLS The routing protocols of MANET are broadly divided into two categoriesProactive (Table-Driven) routing protocols and Reactive (On-Demand) routing protocols. A third category is a combination of above two routing protocols namely Hybrid routing protocols. 2.1 Proactive Routing Protocols In proactive or table-driven routing protocols, the mobile nodes periodically broadcast their routing information to the neighbors. Each node needs to maintain its routing table which not only records the adjacent nodes and reachable nodes but also the number of hops. In other words, all the nodes have to evaluate their neighborhood as long as the network topology has changed [1]. The examples of proactive protocols are DSDV, OSPF, OLSR, etc. 2.2 Reactive Routing Protocols In case of reactive or on-demand routing protocols, the mobile nodes set up a route when they desire to transmit the data packets. The reactive routing protocols overcome the problem of increased overhead as in case of proactive protocols [3]. AODV and DSR are two main types of reactive routing protocols. 2.3 Hybrid Routing Protocols These types of protocols are the combination of proactive and reactive protocols to overcome the defects of both the protocols. Most of hybrid routing protocols are designed as a hierarchical or layered network framework [1]. ZRP and TORA come under the hybrid routing protocols. 94 International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME 3. TYPES OF ATTACKS Mobile Ad hoc Networks are vulnerable to various types of attacks not from outside the network but also within the network itself [5]. There are two major types of attacks in MANET- internal attacks and external attacks. 3.1 Internal Attacks These types of attacks have a direct impact on the nodes working in a network. Internal attacks may broadcast wrong type of information to other nodes. These types of attacks are more difficult to be handled as compared to external attacks as internal attacks are initiated by the authorized nodes in the networks, and might come from both compromised and misbehaving nodes [5]. Internal nodes are identified as compromised nodes if the external attackers hijacked the authorized internal nodes and are then using them to launch attacks against the ad hoc networks. On the other hand, nodes will be classified as misbehaving if they are authorized to access the system resources, but fail to use these resources in a way they should be [6]. 3.2 External Attacks External attacks are attacks launched by adversaries who are not initially authorized to participate in the network operations. These attacks usually aim to cause network congestion, denying access to specific network function or to disrupt the whole network operations. Bogus packets injection, denial of service, and impersonation are some of the attacks that are usually initiated by the external attackers [6]. External attacks prevent the network from normal communication and producing additional overhead to the network [5]. External attacks can be further classified into two types- Active attacks and Passive attacks. 3.2.1 Active Attacks Active attacks are severe attacks on the network that prevent message flow between the nodes. Active attacks actively alter the data with the intention to obstruct the operation of the targeted networks [6]. Active attacks may be internal or external. Active external attacks can be carried out by outside sources that do not belong to the network. Internal attacks are from malicious nodes which are part of the network, internal attacks are more severe and hard to detect than external attacks [5]. 3.2.2 Passive Attacks These are the susceptible attacks of MANET. A passive attack does not alter the data transmitted within the network. But it includes the unauthorized “listening” to the network traffic or accumulates data from it. Passive attacker does not disrupt the operation of a routing protocol but attempts to discover the important information from routed traffic. Detection of such type of attacks is difficult since the operation of network itself doesn’t get affected. In order to overcome this type of attacks powerful encryption algorithms are used to encrypt the data being transmitted [5]. 95 International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME 4. NETWORK LAYER ATTACKS IN MANET The security of the ad hoc networks greatly depends on the secure routing protocol, transmission technology and communication mechanisms used by the participating nodes [2]. The network layer protocols enable the MANET nodes to be connected with another through hop-by-hop. Every individual node takes route decision to forward the packet, so it is very easy for malicious node to attack on such network [5]. Thus, security in network layer plays an important role in the security of the whole network. A number of attacks on network layer have been identified and studied during research. Our primary concern is on three main types of attacks on network layer security namely Wormhole Attack, Rushing Attack and Black Hole Attack. 4.1 Wormhole Attack In wormhole attack, malicious node receives data packet at one point in the network and tunnels them to another malicious node. The tunnel existing between two malicious nodes is referred to as a wormhole. Wormhole attacks pose severe threats to routing protocols. Attackers use wormholes in the network to make their nodes appear more attractive so that more data is routed through their nodes. When the wormhole attacks are used by attacker in routing protocol such as DSR and AODV, the attack could prevent the discovery of any other route other than wormhole [5]. Thus a clear defense mechanism must be introduced in the routing protocols to discover valid routes from source to destination. For example in figure 1, the nodes 1 and 2 are the malicious nodes which form a wormhole link or tunnel in the network when the source node ‘S’ broadcasts RREQ packet to find a suitable route to destination ‘D.’ B D S C 2 A 1 Wireless link Wormhole link RREQ RREP Wormhole RREQ Fig. 1: WORMHOLE ATTACK 96 International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME 4.2 Rushing Attack These attacks are mainly on the reactive routing protocols. These attacks subvert the route discovery process. When compromised node receives a route request packet from the source node, it floods the packet quickly throughout the network before other nodes, who also receives the same route request packet can react to original request [5]. Rushing attack is a modified form of black hole attack in which a node turns malicious after gaining the trust of other nodes; hence prevents itself from being detected easily [7]. The example for rushing attack is shown in figure 2. Here the malicious node ‘C’ represents the rushing attack node, where ‘S’ and ‘D’ refers to source and destination nodes. The rushing attack of compromised node ‘C’ quickly broadcasts the route request messages to ensure that the RREQ message from it reaches earlier than those from other nodes. This result in when neighboring node of ‘D’ i.e. ‘B’ and ‘E’ when receive the actual route request from source, they simply discard the request. So in the presence of such attacks ‘S’ fails to discover any suitable route or safe route without the involvement of external attacker [5]. B A S D C F RREQ E Wireless link Rushed RREQ Fig. 2: RUSHING ATTACK 4.3 Black Hole Attack A black hole attack is an active denial of service attack in which a malicious node can attract all packets by falsely claiming a fresh route to the destination and then absorb them without forwarding them to the destination [8]. A black hole can work as a single node as well as in a group. Since a black hole node does not have to check its routing table, it is the first to respond to the RREQ in most cases [3]. Figure 3 below shows a black hole node ‘X’ which gives a false RREP to the source of having a fresh route to the destination. The source, then, routes all the data towards the black hole node and the node absorbs all the data in it. Thus, the data packets get lost and never reach the destination. 97 International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME X D S C A B RREQ RREP False RREP Fig. 3: BLACK HOLE ATTACK Black hole attack is an active attack in case of AODV protocol. Since, AODV has no security mechanisms, a malicious node can perform many attacks just by behaving according to AODV rules [9]. 5. RELATED WORKS A lot of research has been done to combat the black hole attack in MANET. Given below are different solutions for detecting and preventing the black hole attack. The comparison of these schemes is shown in table 2. 5.1 Detecting Black-hole Attack in Mobile Ad hoc Network Bo Sun et al. used AODV as their routing protocol. To defend against black hole attack they devised a neighborhood based method to detect whether there exists any black hole attack and a routing recovery protocol to set up a correct path. In this scheme, not only a lower detection time and higher throughput are acquired, but the accurate detection probability is also achieved [10]. No. of Nodes Simulation Time Throughput 30 to 50 800 sec Increases by 15% False Positive Probability Less than 1.7% 5.2 Prevention of Cooperative Black Hole Attack in Wireless Ad hoc Networks Sanjay Ramaswamy et al. used data routing information (DRI) table and cross checking method to identify the cooperative black hole nodes and utilized modified AODV routing protocol to achieve this methodology. The experiment result shows that this solution performs better than other solutions [11]. 98 International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME Node# Data Routing Information From Through Table1: Data Routing Table 5.3 Black Hole Attack in Mobile Ad hoc Networks Mohammad Al-Shurman et al. provided two possible solutions to prevent black hole attacks in MANET. The computer simulation shows that the second solution can verify 75% to 98% of the route to the destination as compared to original AODV routing protocol [12]. Solution 1 No. of Nodes 50 Simulation Time 900 sec Routes Verified 60% Solution 2 50 900 sec 75% 5.4 Detecting Black Hole Attack on AODV Based MANET by Dynamic Learning Method S. Kurosawa et al. proposed a detection scheme using dynamic training method in which needs to be updated at regular time intervals. The simulation results shows the effectiveness of the scheme compared with the conventional scheme [13]. No. of Nodes Simulation Time Average Detection Rate 30 10000 sec Increases by 8% Average False Positive Rate Decreases by 6% 5.5 Prevention of Cooperative Black Hole Attack in MANET L. Tamilselvan et al. proposed a solution based on enhancement of the original AODV routing protocol. The concept used is setting the timer in the TimerExpiredTable for collecting the RREP packet from other nodes after receiving the first reply. It will store the packet’s sequence number and the receiving time pf the packet in a Collect Route Reply Table (CRRT), looking for the timeout value based on the arrival time of the first RREP, judging the route belong to valid or not based on the above threshold value. The simulations were taken using global mobile simulator (GloMoSim) which shows that packet delivery ratio is increased with minimal delay and overhead. The end-to-end delay might be raised when the suspicious node is far from the source node [9]. No. of Nodes Simulation Time 25 300 sec Packet Delivery Ratio Increases by 90% 99 End-to-End Delay Slight increase International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME 5.6 Improving AODV Protocol against Black Hole Attacks [14] Nital Mistry et al. proposed modifications to the AODV protocol and justify the solution with appropriate implementation. The analysis shows significant improvement in Packet Delivery Ratio (PDR) of AODV in presence of black hole attacks with marginal rise in average end to end delay [14]. No. of Nodes Simulation Time 25 300 sec Packet Delivery Ratio Increases by 90% End-to-End Delay Slight increase 5.7 Two Tier Secure AODV against Black Hole Attacks in MANETs M. Umaparvathi et al. proposed a secure routing protocol TTSAODV which is an extension of AODV that can be used to protect the route discovery mechanism against black hole node. The simulation results show the better performance of the protocol than conventional protocol in terms of PDR and throughput [15]. No. of Nodes Simulation Time 50 500 sec Packet Delivery Ratio increases Throughput Better avg. throughput 5.8 Proposing a Method to Detect Black Hole Attacks in AODV Protocol M. Medadian et al. proposed a method to combat cooperative black hole attack by waiting and checking the replies from all the neighboring nodes to find a safe route. The simulation results show that the proposed protocol provides better security and performance in terms of PDR [16]. No. of Nodes Simulation Time 30 to 50 _ Packet Delivery Ratio increases End-to-End Delay decreases 5.9 Prevention of Black Hole Attack in MANET Pooja Jaiswal et al. proposed a solution to prevent the black hole attack with the help of destination sequence number sent by the replying node. If there is a large difference between the sequence number of source node and intermediate node then that node is malicious. The simulation results show better performance in terms of PDR and end to end delay [3]. No. of Nodes Simulation Time 30 to 70 1000 sec Packet Delivery Ratio increases 100 End-to-End Delay decreases International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME 6. SUMMARY Mobile ad hoc networks have gained attention due to its self- configuration capabilities. Due to various difficulties in designing of routing protocol, the security of MANET has always been an important concern. In this paper we have discussed Black Hole Attack which is an active attack in Table 2: COMPARISON OF VARIOUS BLACK HOLE ATTACK DETECTION SOLUTIONS Papers Routing Protocol Tool Used Detection Type Publication Year Results Defects Resource 5th European conference in mobile communication Detecting black hole Attack in MANET AODV NS-2 Single Detection 2003 The chances that Failed to detect a single attacker is attacker in codetected is 93% operation Prevention of coOperative black hole Attack in wireless ad-hoc networks AODV No simulation Cooperative Detection 2003 Secure routing against black hole attack Black hole attack in MANETs AODV NS-2 Single Detection 2004 Verify 75% to 98% of the routes Detecting black hole On AODV based MANET by dynamic Learning method AODV Single Detection 2007 shows effectiveness in detecting black hole attack Prevention of coOperative black hole Attack in MANET AODV GloMoSim Cooperative Detection 2007 increased packet delivery ratio Increased delay and minimal overhead 2nd International conference on wireless broadBand, Ultra Wideband communication Improving AODV Protocol against Black Hole attacks AODV NS-2 Single Detection 2010 PDR is improved by approx. 80% Rise in end to end delay International Multiconference of Engineers & Comp. Scientist Two Tier Secure AODV against Black Hole Attack in MANET AODV NS-2 Cooperative Detection 2012 Proposing a method To detect black hole Attacks in AODV protocol AODV Prevention of Black Hole Attack in MANET AODV NS-2 GloMoSim Cooperative Detection NS-2 Single Detection Delay is increased Attackers can listen to the channel and update the table __ International conference on wireless network ACMSE International journal of Network Security better performance Minimal in terms of PDR increase in cost, and throughput overhead, delay European Journal of Scientific Research 2012 Provides better security and PDR than conventional AODV European Journal of Scientific Research 2012 Decreased PDR and end to end delay Additional delay & overhead ___ International Journal of Comp. Networks & Wireless Comm. AODV protocol. The researchers have proposed many detection and prevention techniques for black hole attack whether single or cooperative. Thus, the state-of-art of these existing solutions are discussed and compared based on various parameters like PDR, throughput, end-to-end delay, routing overhead, etc. the problem for black hole attack is still an active field of research and researchers are working to combat this attack. 101 International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME 7. REFERENCES [1] F.H. Tseng, Li-Der Chou, H.C. Chou, Human-centric Computing and Information Sciences 2011, “A survey of Black Hole Attacks in wireless mobile ad-hoc networks”. [2] Ujjwal Agarwal, K.P Yadav, Upendra Tiwari, International Journal of Research in Science and Technology, 2012, vol. no. 1, issue no. IV, Jan-Mar, “Security Threats in Mobile Ad hoc Networks”. [3] Pooja Jaiswal, Rakesh Kumar, International Journal of Computer Networks and Wireless Communications (IJCNWC), ISSN: 2250-3501Vol.2, No5, October 2012, “Prevention of Black Hole Attack in MANET”. [4] Yih-Chun, Adrian Perrig, David B. Johnson, “Ariadne: A secure On-Demand Routing Protocol for Ad Hoc Networks”, sparrow.ece.cmu.edu/~adrian/projects/securerouting/ariadne.pdf, 2002. [5] Gagandeep, Aashima, Pawan Kumar, International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-1, Issue-5, June 2012, “Analysis of Different Security Attacks in MANETs on Protocol Stack A-Review”. [6] S. A. Razak, S. M. Furnell, P. J. Brooke, “Attacks against Mobile Ad Hoc Networks Routing Protocols”. [7] Sweta Jain, Jyoti Singhai, Meenu Chawla, International journal of Ad hoc, Sensor & Ubiquitous Computing Vol. 2, No. 3, 2011, “A Review Paper on Cooperative Blackhole and Grayhole Attacks in MANETs”. [8] S.K. Chamoli, S. Kumar, D.S. Rana, International Journal of Computer Technology & Applications, Vol. 3 (4), 2012, “Performance of AODV against Black Hole Attacks in MANETs”. [9] L. Tamilselvan, V. Sankaranarayanan: "Prevention of Black Hole Attack in MANET", the 2nd international conference on wireless, Broadband and Ultra Wideband Communications (January 2007). [10] Sun B, Guan Y, Chen J, Pooch UW (2003) “Detecting Black-hole Attack in Mobile Ad Hoc Networks”, Paper presented at the 5th European Personal Mobile Communications Conference, Glasgow, U.K., 22-25 April 2003. [11] S. Ramaswamy, H. Fu, M. Sreekantaradhya, J. Dixon, and K. Nygard, “Prevention of Cooperative Black Hole Attack in Wireless Ad Hoc Networks”, 2003 International Conference on Wireless Networks (ICWN’03), Las Vegas, Nevada, USA. [12] M. AI-Shurrnan et al: "Black Hole Attack in Mobile Ad Hoc Network", ACMSE' 04, (April 2004). [13] S. Kurosawa, H. Nakayama, and N. Kato, “Detecting black hole attack on AODV based mobile ad-hoc networks by dynamic learning method, ”International Journal of Network Security”, pp. 338–346, 2007. [14] Mistry N, Jinwala DC, IAENG, Zaveri M (2010) “Improving AODV Protocol Against Blackhole Attacks”, Paper presented at the International MultiConference of Engineers and Computer Scientists, Hong Kong, 17-19 March, 2010. [15] M. Umaparvathi, D.K. Varughese, European Journal of Scientific Research, Vol. 72 No. 3 (2012),”Two Tier Secure AODV against Black Hole Attack in MANETs”. [16] M. Medadian, K. Fardad, European Journal of Scientific Research, Vol. 69 No. 1 (2012), “Proposing a Method to Detect Black Hole Attacks in AODV Routing Protocol”. [17] M. Ahmed, S. Yousef and Sattar J Aboud, “Bidirectional Search Routing Protocol For Mobile Ad Hoc Networks” International journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 1, 2013, pp. 229 - 243, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375. 102