INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)

ISSN 0976 6464(Print) ISSN 0976 6472(Online) Volume 4, Issue 2, March April, 2013, pp. 93-102 IAEME: www.iaeme.com/ijecet.asp Journal Impact Factor (2013): 5.8896 (Calculated by GISI) www.jifactor.com

International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print), ISSN 0976 6472(Online) Volume 4, Issue 2, March April (2013), IAEME

IJECET
IAEME

A COMPARATIVE STUDY OF BLACK HOLE ATTACK IN MANET

Neha Kaushik Student PDM College of Engineering for Women, BGarh Ajay Dureja Assistant Professor PDM College of Engineering for Women, BGarh

ABSTRACT A mobile ad-hoc network is an infrastructure less network which consists of a number of mobile nodes that dynamically form a temporary network for the transmission of data from source to destination. Most of the routing protocols rely on the cooperation among the nodes for secure transmission due to lack of centralized administration. Thus the security of MANET is an important concern for all the times. There is no general algorithm for security of principle routing protocols like AODV against commonly known attacks like black hole attack, wormhole attack, rushing attack, etc. In this paper, we survey the different network layer attacks of MANET and compare the existing solutions to combat the single or cooperative black hole attack. Keywords: MANET, Black Hole Attack, Worm Hole Attack, Rushing Attack. 1. INTRODUCTION A mobile ad-hoc network is categorized under infrastructure less network where a number of mobile nodes communicate with each other without any fixed infrastructure between them. Furthermore, all the transmission links are established through wireless medium [1]. The functioning of MANET depends upon the trust and cooperation between the nodes. Each node can individually act as a router or a host for transmitting data packets to other nodes which are not in the range of direct transmission.

93

International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print), ISSN 0976 6472(Online) Volume 4, Issue 2, March April (2013), IAEME

MANET is one of the recent active fields and has received marvelous attention because of its self-configuration and self-maintenance capabilities [2]. MANET is widely used in military purpose, disaster area, personal area network, etc. Ad hoc network offer great flexibility, higher throughput, lower operating cost and better coverage because of collection of independent nodes [3]. The designing of routing protocols for Ad hoc network is a challenging task and secure ones are even more so. So far, researchers in ad- hoc networking have generally studied the routing problem in a non-adversarial network setting, assuming a trusted environment relatively little research has been done in a more realistic setting in which an adversary may attempt to disrupt the communication [4]. The routing protocols are divided into two main types-Proactive protocols and Reactive protocols. The proactive protocols are Table-Driven protocols in which each node maintains an up-to-date routing information about every other node in a routing table and routes are quickly established without any delay [3]. The reactive protocols, on the other hand, are the on-demand protocols in which the nodes establish the route whenever desired. In this paper, we discuss three main attacks at network layer of MANET namely Black hole attack, Rushing attack and Wormhole attack and compare the existing solutions for the prevention and detection of Black Hole attack. 2. ROUTING PROTOCOLS The routing protocols of MANET are broadly divided into two categoriesProactive (Table-Driven) routing protocols and Reactive (On-Demand) routing protocols. A third category is a combination of above two routing protocols namely Hybrid routing protocols. 2.1 Proactive Routing Protocols In proactive or table-driven routing protocols, the mobile nodes periodically broadcast their routing information to the neighbors. Each node needs to maintain its routing table which not only records the adjacent nodes and reachable nodes but also the number of hops. In other words, all the nodes have to evaluate their neighborhood as long as the network topology has changed [1]. The examples of proactive protocols are DSDV, OSPF, OLSR, etc. 2.2 Reactive Routing Protocols In case of reactive or on-demand routing protocols, the mobile nodes set up a route when they desire to transmit the data packets. The reactive routing protocols overcome the problem of increased overhead as in case of proactive protocols [3]. AODV and DSR are two main types of reactive routing protocols. 2.3 Hybrid Routing Protocols These types of protocols are the combination of proactive and reactive protocols to overcome the defects of both the protocols. Most of hybrid routing protocols are designed as a hierarchical or layered network framework [1]. ZRP and TORA come under the hybrid routing protocols.
94

International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print), ISSN 0976 6472(Online) Volume 4, Issue 2, March April (2013), IAEME

3. TYPES OF ATTACKS Mobile Ad hoc Networks are vulnerable to various types of attacks not from outside the network but also within the network itself [5]. There are two major types of attacks in MANET- internal attacks and external attacks. 3.1 Internal Attacks These types of attacks have a direct impact on the nodes working in a network. Internal attacks may broadcast wrong type of information to other nodes. These types of attacks are more difficult to be handled as compared to external attacks as internal attacks are initiated by the authorized nodes in the networks, and might come from both compromised and misbehaving nodes [5]. Internal nodes are identified as compromised nodes if the external attackers hijacked the authorized internal nodes and are then using them to launch attacks against the ad hoc networks. On the other hand, nodes will be classified as misbehaving if they are authorized to access the system resources, but fail to use these resources in a way they should be [6]. 3.2 External Attacks External attacks are attacks launched by adversaries who are not initially authorized to participate in the network operations. These attacks usually aim to cause network congestion, denying access to specific network function or to disrupt the whole network operations. Bogus packets injection, denial of service, and impersonation are some of the attacks that are usually initiated by the external attackers [6]. External attacks prevent the network from normal communication and producing additional overhead to the network [5]. External attacks can be further classified into two types- Active attacks and Passive attacks. 3.2.1 Active Attacks Active attacks are severe attacks on the network that prevent message flow between the nodes. Active attacks actively alter the data with the intention to obstruct the operation of the targeted networks [6]. Active attacks may be internal or external. Active external attacks can be carried out by outside sources that do not belong to the network. Internal attacks are from malicious nodes which are part of the network, internal attacks are more severe and hard to detect than external attacks [5]. 3.2.2 Passive Attacks These are the susceptible attacks of MANET. A passive attack does not alter the data transmitted within the network. But it includes the unauthorized listening to the network traffic or accumulates data from it. Passive attacker does not disrupt the operation of a routing protocol but attempts to discover the important information from routed traffic. Detection of such type of attacks is difficult since the operation of network itself doesnt get affected. In order to overcome this type of attacks powerful encryption algorithms are used to encrypt the data being transmitted [5].
95

International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print), ISSN 0976 6472(Online) Volume 4, Issue 2, March April (2013), IAEME

4. NETWORK LAYER ATTACKS IN MANET The security of the ad hoc networks greatly depends on the secure routing protocol, transmission technology and communication mechanisms used by the participating nodes [2]. The network layer protocols enable the MANET nodes to be connected with another through hop-by-hop. Every individual node takes route decision to forward the packet, so it is very easy for malicious node to attack on such network [5]. Thus, security in network layer plays an important role in the security of the whole network. A number of attacks on network layer have been identified and studied during research. Our primary concern is on three main types of attacks on network layer security namely Wormhole Attack, Rushing Attack and Black Hole Attack. 4.1 Wormhole Attack In wormhole attack, malicious node receives data packet at one point in the network and tunnels them to another malicious node. The tunnel existing between two malicious nodes is referred to as a wormhole. Wormhole attacks pose severe threats to routing protocols. Attackers use wormholes in the network to make their nodes appear more attractive so that more data is routed through their nodes. When the wormhole attacks are used by attacker in routing protocol such as DSR and AODV, the attack could prevent the discovery of any other route other than wormhole [5]. Thus a clear defense mechanism must be introduced in the routing protocols to discover valid routes from source to destination. For example in figure 1, the nodes 1 and 2 are the malicious nodes which form a wormhole link or tunnel in the network when the source node S broadcasts RREQ packet to find a suitable route to destination D.
B D S C

2 A 1

Wireless link

Wormhole link

RREQ RREP

Wormhole RREQ Fig. 1: WORMHOLE ATTACK

96

International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print), ISSN 0976 6472(Online) Volume 4, Issue 2, March April (2013), IAEME

4.2 Rushing Attack These attacks are mainly on the reactive routing protocols. These attacks subvert the route discovery process. When compromised node receives a route request packet from the source node, it floods the packet quickly throughout the network before other nodes, who also receives the same route request packet can react to original request [5]. Rushing attack is a modified form of black hole attack in which a node turns malicious after gaining the trust of other nodes; hence prevents itself from being detected easily [7]. The example for rushing attack is shown in figure 2. Here the malicious node C represents the rushing attack node, where S and D refers to source and destination nodes. The rushing attack of compromised node C quickly broadcasts the route request messages to ensure that the RREQ message from it reaches earlier than those from other nodes. This result in when neighboring node of D i.e. B and E when receive the actual route request from source, they simply discard the request. So in the presence of such attacks S fails to discover any suitable route or safe route without the involvement of external attacker [5].

RREQ

Wireless link

Rushed RREQ

Fig. 2: RUSHING ATTACK

4.3 Black Hole Attack A black hole attack is an active denial of service attack in which a malicious node can attract all packets by falsely claiming a fresh route to the destination and then absorb them without forwarding them to the destination [8]. A black hole can work as a single node as well as in a group. Since a black hole node does not have to check its routing table, it is the first to respond to the RREQ in most cases [3]. Figure 3 below shows a black hole node X which gives a false RREP to the source of having a fresh route to the destination. The source, then, routes all the data towards the black hole node and the node absorbs all the data in it. Thus, the data packets get lost and never reach the destination.

97

International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print), ISSN 0976 6472(Online) Volume 4, Issue 2, March April (2013), IAEME

D S C

A B

RREQ

RREP

False RREP

Fig. 3: BLACK HOLE ATTACK Black hole attack is an active attack in case of AODV protocol. Since, AODV has no security mechanisms, a malicious node can perform many attacks just by behaving according to AODV rules [9]. 5. RELATED WORKS A lot of research has been done to combat the black hole attack in MANET. Given below are different solutions for detecting and preventing the black hole attack. The comparison of these schemes is shown in table 2. 5.1 Detecting Black-hole Attack in Mobile Ad hoc Network Bo Sun et al. used AODV as their routing protocol. To defend against black hole attack they devised a neighborhood based method to detect whether there exists any black hole attack and a routing recovery protocol to set up a correct path. In this scheme, not only a lower detection time and higher throughput are acquired, but the accurate detection probability is also achieved [10].
No. of Nodes 30 to 50 Simulation Time 800 sec Throughput False Positive Probability Less than 1.7%

Increases by 15%

5.2 Prevention of Cooperative Black Hole Attack in Wireless Ad hoc Networks Sanjay Ramaswamy et al. used data routing information (DRI) table and cross checking method to identify the cooperative black hole nodes and utilized modified AODV routing protocol to achieve this methodology. The experiment result shows that this solution performs better than other solutions [11].
98

International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print), ISSN 0976 6472(Online) Volume 4, Issue 2, March April (2013), IAEME

Node#

Data Routing Information From Through

Table1: Data Routing Table 5.3 Black Hole Attack in Mobile Ad hoc Networks Mohammad Al-Shurman et al. provided two possible solutions to prevent black hole attacks in MANET. The computer simulation shows that the second solution can verify 75% to 98% of the route to the destination as compared to original AODV routing protocol [12].

Solution 1 Solution 2

No. of Nodes 50 50

Simulation Time 900 sec 900 sec

Routes Verified 60% 75%

5.4 Detecting Black Hole Attack on AODV Based MANET by Dynamic Learning Method S. Kurosawa et al. proposed a detection scheme using dynamic training method in which needs to be updated at regular time intervals. The simulation results shows the effectiveness of the scheme compared with the conventional scheme [13].
No. of Nodes Simulation Time Average Detection Rate Increases by 8% Average False Positive Rate Decreases by 6%

30

10000 sec

5.5 Prevention of Cooperative Black Hole Attack in MANET L. Tamilselvan et al. proposed a solution based on enhancement of the original AODV routing protocol. The concept used is setting the timer in the TimerExpiredTable for collecting the RREP packet from other nodes after receiving the first reply. It will store the packets sequence number and the receiving time pf the packet in a Collect Route Reply Table (CRRT), looking for the timeout value based on the arrival time of the first RREP, judging the route belong to valid or not based on the above threshold value. The simulations were taken using global mobile simulator (GloMoSim) which shows that packet delivery ratio is increased with minimal delay and overhead. The end-to-end delay might be raised when the suspicious node is far from the source node [9].
No. of Nodes 25 Simulation Time 300 sec Packet Delivery Ratio Increases by 90% End-to-End Delay Slight increase

99

International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print), ISSN 0976 6472(Online) Volume 4, Issue 2, March April (2013), IAEME

5.6 Improving AODV Protocol against Black Hole Attacks [14] Nital Mistry et al. proposed modifications to the AODV protocol and justify the solution with appropriate implementation. The analysis shows significant improvement in Packet Delivery Ratio (PDR) of AODV in presence of black hole attacks with marginal rise in average end to end delay [14].
No. of Nodes 25 Simulation Time 300 sec Packet Delivery Ratio Increases by 90% End-to-End Delay Slight increase

5.7 Two Tier Secure AODV against Black Hole Attacks in MANETs M. Umaparvathi et al. proposed a secure routing protocol TTSAODV which is an extension of AODV that can be used to protect the route discovery mechanism against black hole node. The simulation results show the better performance of the protocol than conventional protocol in terms of PDR and throughput [15].
No. of Nodes 50 Simulation Time 500 sec Packet Delivery Ratio increases Throughput

Better avg. throughput

5.8 Proposing a Method to Detect Black Hole Attacks in AODV Protocol M. Medadian et al. proposed a method to combat cooperative black hole attack by waiting and checking the replies from all the neighboring nodes to find a safe route. The simulation results show that the proposed protocol provides better security and performance in terms of PDR [16].
No. of Nodes 30 to 50 Simulation Time _ Packet Delivery Ratio increases End-to-End Delay decreases

5.9 Prevention of Black Hole Attack in MANET Pooja Jaiswal et al. proposed a solution to prevent the black hole attack with the help of destination sequence number sent by the replying node. If there is a large difference between the sequence number of source node and intermediate node then that node is malicious. The simulation results show better performance in terms of PDR and end to end delay [3].
No. of Nodes 30 to 70 Simulation Time 1000 sec Packet Delivery Ratio increases End-to-End Delay decreases

100

International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print), ISSN 0976 6472(Online) Volume 4, Issue 2, March April (2013), IAEME

6. SUMMARY Mobile ad hoc networks have gained attention due to its self- configuration capabilities. Due to various difficulties in designing of routing protocol, the security of MANET has always been an important concern. In this paper we have discussed Black Hole Attack which is an active attack in Table 2: COMPARISON OF VARIOUS BLACK HOLE ATTACK DETECTION SOLUTIONS
Papers Routing Protocol Tool Used Detection Type Publication Year Results Defects Resource

Detecting black hole Attack in MANET

AODV

NS-2

Single Detection

2003

The chances that Failed to detect a single attacker is attacker in codetected is 93% operation

5th European conference in mobile communication International conference on wireless network

Prevention of coOperative black hole Attack in wireless ad-hoc networks Black hole attack in MANETs

AODV

No simulation

Cooperative Detection

2003

Secure routing against black hole attack

Delay is increased

AODV

NS-2

Single Detection

2004

Verify 75% to 98% of the routes

Attackers can listen to the channel and update the table __

ACMSE

Detecting black hole On AODV based MANET by dynamic Learning method Prevention of coOperative black hole Attack in MANET

AODV

NS-2

Single Detection

2007

shows effectiveness in detecting black hole attack

International journal of Network Security 2nd International conference on wireless broadBand, Ultra Wideband communication International Multiconference of Engineers & Comp. Scientist European Journal of Scientific Research European Journal of Scientific Research International Journal of Comp. Networks & Wireless Comm.

AODV

GloMoSim

Cooperative Detection

2007

increased packet delivery ratio

Increased delay and minimal overhead

Improving AODV Protocol against Black Hole attacks

AODV

NS-2

Single Detection

2010

PDR is improved by approx. 80%

Rise in end to end delay

Two Tier Secure AODV against Black Hole Attack in MANET Proposing a method To detect black hole Attacks in AODV protocol Prevention of Black Hole Attack in MANET

AODV

NS-2

Cooperative Detection

2012

better performance Minimal in terms of PDR increase in cost, and throughput overhead, delay

AODV

GloMoSim Cooperative Detection

2012

Provides better security and PDR than conventional AODV Decreased PDR and end to end delay

Additional delay & overhead

AODV

NS-2

Single Detection

2012

___

AODV protocol. The researchers have proposed many detection and prevention techniques for black hole attack whether single or cooperative. Thus, the state-of-art of these existing solutions are discussed and compared based on various parameters like PDR, throughput, end-to-end delay, routing overhead, etc. the problem for black hole attack is still an active field of research and researchers are working to combat this attack.

101

International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print), ISSN 0976 6472(Online) Volume 4, Issue 2, March April (2013), IAEME

7. REFERENCES [1] F.H. Tseng, Li-Der Chou, H.C. Chou, Human-centric Computing and Information Sciences 2011, A survey of Black Hole Attacks in wireless mobile ad-hoc networks. [2] Ujjwal Agarwal, K.P Yadav, Upendra Tiwari, International Journal of Research in Science and Technology, 2012, vol. no. 1, issue no. IV, Jan-Mar, Security Threats in Mobile Ad hoc Networks. [3] Pooja Jaiswal, Rakesh Kumar, International Journal of Computer Networks and Wireless Communications (IJCNWC), ISSN: 2250-3501Vol.2, No5, October 2012, Prevention of Black Hole Attack in MANET. [4] Yih-Chun, Adrian Perrig, David B. Johnson, Ariadne: A secure On-Demand Routing Protocol for Ad Hoc Networks, sparrow.ece.cmu.edu/~adrian/projects/securerouting/ariadne.pdf, 2002. [5] Gagandeep, Aashima, Pawan Kumar, International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249 8958, Volume-1, Issue-5, June 2012, Analysis of Different Security Attacks in MANETs on Protocol Stack A-Review. [6] S. A. Razak, S. M. Furnell, P. J. Brooke, Attacks against Mobile Ad Hoc Networks Routing Protocols. [7] Sweta Jain, Jyoti Singhai, Meenu Chawla, International journal of Ad hoc, Sensor & Ubiquitous Computing Vol. 2, No. 3, 2011, A Review Paper on Cooperative Blackhole and Grayhole Attacks in MANETs. [8] S.K. Chamoli, S. Kumar, D.S. Rana, International Journal of Computer Technology & Applications, Vol. 3 (4), 2012, Performance of AODV against Black Hole Attacks in MANETs. [9] L. Tamilselvan, V. Sankaranarayanan: "Prevention of Black Hole Attack in MANET", the 2nd international conference on wireless, Broadband and Ultra Wideband Communications (January 2007). [10] Sun B, Guan Y, Chen J, Pooch UW (2003) Detecting Black-hole Attack in Mobile Ad Hoc Networks, Paper presented at the 5th European Personal Mobile Communications Conference, Glasgow, U.K., 22-25 April 2003. [11] S. Ramaswamy, H. Fu, M. Sreekantaradhya, J. Dixon, and K. Nygard, Prevention of Cooperative Black Hole Attack in Wireless Ad Hoc Networks, 2003 International Conference on Wireless Networks (ICWN03), Las Vegas, Nevada, USA. [12] M. AI-Shurrnan et al: "Black Hole Attack in Mobile Ad Hoc Network", ACMSE' 04, (April 2004). [13] S. Kurosawa, H. Nakayama, and N. Kato, Detecting black hole attack on AODV based mobile ad-hoc networks by dynamic learning method, International Journal of Network Security, pp. 338346, 2007. [14] Mistry N, Jinwala DC, IAENG, Zaveri M (2010) Improving AODV Protocol Against Blackhole Attacks, Paper presented at the International MultiConference of Engineers and Computer Scientists, Hong Kong, 17-19 March, 2010. [15] M. Umaparvathi, D.K. Varughese, European Journal of Scientific Research, Vol. 72 No. 3 (2012),Two Tier Secure AODV against Black Hole Attack in MANETs. [16] M. Medadian, K. Fardad, European Journal of Scientific Research, Vol. 69 No. 1 (2012), Proposing a Method to Detect Black Hole Attacks in AODV Routing Protocol. [17] M. Ahmed, S. Yousef and Sattar J Aboud, Bidirectional Search Routing Protocol For Mobile Ad Hoc Networks International journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 1, 2013, pp. 229 - 243, ISSN Print: 0976 6367, ISSN Online: 0976 6375.

102