Ad-hoc On-Demand Distance Vector Protocol and Black Hole Attack Detection Presented By : Rajkumar Singh Guide : Dr. Santosh Biswas Dept. Of Computer Science Indian Institute of Technology, Guwahati
Mobile Ad-hoc Network● A Mobile ad-hoc network is a collection ofwireless nodes that can dynamically be setup anywhere and anytime without having thepreexisting network infrastructure.●It is an autonomous system in which mobilehosts connected by wireless links are free tomove randomly. Here the node sometime actas host and also some time act as Router.●Very Useful in Household, Industry, Studyand Military purposes.
Ad-hoc On-Demand Distance Vector Protocol● AODV Routing protocol is one of the more commonlyused routing algorithm in ad-hoc networks, and this isbased on the principle of discovering routes onrequirement. Means AODV is both On-demand andTable driven protocol.●AODV is a reactive algorithm that has somecapabilities as low processing, memory overhead, lownetwork utilization.●When a path needed then source node first check inits routing table and if not found then it send RouteRequest (RREQ).
AODV Contd.. ● Source node broadcasts a RREQ packet. RREQ packet having fields. ● Either intermediate node having Fresh enough route to the destination or destination node itself will send Route Reply (RREP) packet. RREP packet having fields.●Node uni-casts RREP to itsneighbouring node from which ithas received the RREQ packet Fig. 1: Route Discovery
Attacks in Ad-hoc Network●Attacks can be classified into passive andactive attack.●Active attacks can be further divided intoexternal attacks and internal attacks. Some of the Active attacks are : ● Black Hole ● Denial of Service ● Routing table overflow ● Impersonation ● Energy Consumption ● Information Disclosure
Black Hole Attack in AODV● As shown in Fig. 1 any intermediate node havingfresh enough route to destination node can reply toRoute request(RREQ) sent by source node.●Hence taking advantage of this a malicious node senda RREP packet to source node claiming that i amhaving a route to destination node. But in reality thatmalicious node is not having any route to destinationnode. Means Malicious node send a RREP havingfalse information.● Source node after receiving this send the datathrough this malicious node and this node drops thedata. Hence such nodes can crash the network.● Some times a chain of black nodes perform thisattack cooperatively, known as cooperative black holeattack. Attacks are shown below.
Black Hole Attack (Contd..)Fig. 2: Black Hole attack Fig. 3: Cooperative black hole attack● Some time in AODV if in RREP the next hopinformation is also asked than malicious node providenext malicious node as next hop, so when confirmed withthe next hop then next malicious node replies that i amhaving route to the destination node but actually theydont have any information of routes to destination. Thiscase is shown in Fig. 3.
Black Hole Attack Detection● Many solutions are proposed for black hole attackdetection or removal.●The approach that i am discussing is based on thebackbone network discussed by Rubin et. Al.● We maintain a backbone network which operates at alevel above the ad-hoc network. In this algorithm thisidea is used to monitor the traffic flow.●In this Algorithm nodes are divided in three parts: 1. Regular Node (RN): low power and lowtransmission range, not trustworthy. 2. Back Bone Node (BN): Have high transmissionrange and form a core that monitors the nodes 3. Backbone core node (BCN) : Similar power asBN, these nodes can be elevated to BN nodes forincreasing connectivity and coverage of the network
Black-hole attack Detection(Contd..)This algorithm is having mainly two parts.1. Core Formation and maintenance2. Detection of Black/malicious nodes.1. Core Formation and maintenance: Core formationprogresses incrementally. During this BCN nodeperform some tasks those are(i) Detect RN in its neighbourhood, if found broadcast“invitation” message.(ii) On receiving Join request from RN, check if it isreachable in specified number of hops, if yes add inassociated node list else in unassociated list.(iii)if no other request go to next grid.
Core Formation (Contd..)(iv) If BCN detects any BN in its vicinity then this nodesends a coordination message to BN and waits forreply.(v) BCN on receiving reply to coordination message, itexecutes action which is specified in the reply.Action of a Regular node:(i) Every Regular node first check if it is associated withsome BCN or BN, if yes then terminate its actions.(ii) On receiving invitation message send a join request,and after getting reply for its join request from BN orBCN send “accept” to BN or BCN.
Black Node DetectionThe key idea is that source node, after every block ofdata packets, asks the backbone network to performend-to-end check with the destination, whether thepackets have reached it. If destination did not receive ablock of data packets, then backbone network initiatesthe detection of the chain of malicious nodes.Let Suppose here :S : Source node,D: Destination node,N1:Backbone node, to which S is associatedN2:Backbone node, to which D is associatedV : Regular NodeNr: is the node which send RREP to S (For the RREQfor S to D route)
Black Node Detection(Contd..)Actions of S: (i) Divide the data into k equal parts letsay Data[1..k].(ii) Send a prelude message to D with shared key k.(iii) Sends the data to D and after that send a messagecheck having Nr, to N1.(iv) if an “ok” is received from N1 the continue datasending.(v) if a “not ok” is received from N1 then sets a timer formalicious removal. If before timeout receive the“removed ok” from N1 then go to (ii), else terminate.D on receiving prelude from D. Wait for data packetand after receiving data send a postulate message toN1 and S stating the number of packets received fromS.
Black Node DetectionAction of N1: (i) On receiving prelude from S, sendsmonitor message to all neighbours of S asking them tomonitor data sent by S.(ii) on receiving “check” from S sends query to allneighbours of S and waits for result message.(iii) on receiving result message set the the its maxcounter value. If it receive “D malicious” then repeat thesteps, and if not receive any message from D thensends message to D and terminate.● In same way N2 also send monitor message toneighbours of D to record the number of packetsreceived by D and then set its counter accordingly.● Regular node on receiving monitor check if S is itsneighbour then start counting the number of packets Sto D. And also on receiving query message send resultmessage to the source of query message.
Black Node Detection(Contd..)Once the BN say N1 finds that ack message notreceived until a predefined timeout. Then Black holeremoval process get initiated by N1. The actions ofdifferent node are as follows:Actions by N1: Broadcast find_chain message on thebackbone network. The message contains the id ofnode Nr( node sending RREP to S).Action of a BN Nb:(i) On receiving the find_chainmessage, checks if node Nr belongs to its associatedlist. If not, no further action.(ii) Initialize a list (black_node_chain) to contain nodeNr.(iii) Instruct all neighbours of Nr to vote for the nextnode to which Nr is forwarding packets originating fromS and Destined to D.(iv) On receiving node ids from the neighbours of Nr,find the node to which Nr is sending the packet.
Black Node Detection(Contd..)(v) if no node is getting packet from Nr in itsneighbourhood, means Nr is dropping all the packets.Hence Nr is malicious node, black hole processterminates, then this node is black listed and abroadcast message is sent across the network to alertall other nodes about the node as malicious.(vi) Append the elected/found node to black_holechain. If that node is in association list of this Nb the goto step (iii), replacing Nr with the elected node.(vii) Broadcast a find)chain message over backbonenetwork containing id of the elected node as themalicious node. Also Broadcast the Black_hole_chainformed till now over the network so that other BN canappend malicious nodes to the list
Black Node Detection(Contd..)Action of BCN/RN: Regular node or Backbone corenode on receiving instruction from a BN node to findthe next node to which malicious node Nr is forwardingthe packets, check if Nr is a neighbour of this node. Ifyes, turn on promiscuous mode and listen packets fromnode N, which has S as source node and D asdestination node. Infer the next node to which thesepackets are going and send a message containingnode id to the BN.In this way all the black nodes are detected and everynode is having list of such malicious nodes so if theyget any RREP from such malicious node then they justdrop it. And Hence can avoid the Attack.
Conclusion● Here I have presented AODV details andDetection of Black hole Attack.●Using this Algorithm the Simple black holeattack, Cooperative black hole attack can beremoved, and also to some extent Gray holeattack can also be removed.●This algorithm takes O(md) number of hopsto detect black nodes. Where m is thenumber of malicious nodes and d is thediameter of the network.
References1. RFC standard-3561, http://www.ietf.org/rfc/rfc3561.txt2. Izhak Ruhin,Arash Behzad, Runlie Zhang, Iluiyu Luo,Eric Caballero : TBONE:A Mobile-Backbone Protocol for Ad Hoc Wireless Networks.3. H. Deng, W. Li, and D. P. Agrawal. Routing security in wireless ad hoc network.IEEE Communications Magzine, pages 70 - 75, 2002.4. S. Ramaswamy, H. Fu, M. Sreekantaradhya, J. Dixon, and K. Nygard. Prevention of cooperative black hole attack in wireless ad hoc networks. InProceedings of 2003 International Conference on Wireless Networks (ICWN03),pages 570575. Las Vegas, Nevada, USA, 2003.5. P.Agarwal, R.K Ghosh, S.K Das, Cooperative Black and Gray Hole Attacks inMobile Ad Hoc Networks6. I. Rubin, A. Behzad, R. Zhang, H. Luo, and E. Caballero. Tbone: A mobileBackbone protocol for ad hoc wireless networks. In Proceedings of IEEEAerospace Conference, volume 6, pages 2727 2740, 2002.7. Y. C. Hu, A. Perrig, and D. B. Johnson, Ariadne: A secure on-demandRouting protocol for ad hoc networks, in Eighth Annual International Conference on Mobile Computing and Networking (Mobi-Com 2002), pp. 12-23, Sept. 2002.