BLACK HOLE ATTACKS IN AD HOC NETWORKS USING TRUST VALUE EVALUATION SCHEME full report
Active In SP
Joined: Apr 2010
06-06-2010, 11:34 PM
BLACK HOLE ATTACKS IN AD HOC NETWORKS USING TRUST VALUE EVALUATION SCHEME.docx (Size: 72.63 KB / Downloads: 211)
RESOLVING BLACK HOLE ATTACKS IN AD HOC NETWORKS USING TRUST VALUE EVALUATION SCHEME BASED MODIFIED AODV
Dr. Periasamy 1 A. Menaka Pushpa 2
1Prof. and Head of the Department of CSE, Dr.Sivanthi Aditanar College of Engg.,Tamilnadu, India
2 Lecturer in CSE Department, Dr. Sivanthi Aditanar College of Engg.Tamilnadu, India
Ad hoc networks are primarily meant for use in military,emergency and rescue scenarios, where in spite of onexistinginfrastructure, decentralized, fast deployment, a network can be established. Nodes assist each other by passing data and control packets from source todestination, often beyond the wireless range of the original sender using multi hop technique. However this cooperation between nodes and rely on intermediate nodes for passing the packets to desired destination makes ad hoc network vulnerable to different types of security attacks like malicious / selfish node attacks. TheBlack Hole problem is one of the Denial of Serviceattacks that occur in mobile ad hoc networks (MANET).DoS is the one of the crucial active attack in ad hocnetworks. The active attack is at stake as in commercial or military environments. As this paper describe the activity of Black Hole node in AODV i.e.) mainly used reactive routing protocol in MANET. This paper alsogives the overview of existing solution for black holeproblem and proposes a novel approach to identify black hole node in ad hoc networks. This solution purely based on Trust Based Secured (TBS) architecture without any malicious node's activity in MANET. It also provides an error free, secured route to two different peers.
Index terms: DoS, MANET, AODV, Black Hole Problem,TBS Architecture
A wireless ad hoc network consists of a collection ofpeer mobile nodes that are capable of communication with each other without help from a fixed infrastructure. Nodes within each other's radio range communicate directly via wireless links, while those that are far apart use other nodes as relays. The nature of wireless networks makes this network very vulnerable to an adversary's malicious attacks. At first these types of attacks ranges from passive eavesdropping to active interfering. Attacks on a wireless ad hoc network can come from all directions and target at any node. Damages can leak secret information, message contamination and node impersonation. All these means that a wireless ad hoc network will not have a clear line of defense and every node must be prepared to face the fake advertised malicious node interaction. Second, mobile nodes are autonomous units that are capable of roaming independently. So that the nodes have inadequate physical protection are receptive to being captured, compromised and hijacked. Third, decision making in MANET is decentralized, so that connection establishment and connection management, control and packet transformation performed in cooperative participation of all nodes. The lack of centralized authority means that the network is vulnerability for new types of attacks designed to break the co-operative algorithm.
Black hole attack is the main puzzle in the security of ad hoc network. The existing solutions that were proposed by Dong and Yoo are completely not satisfied to solve this problem. A novel secured modified AODV routing protocol scheme is proposed to combat the attack in AODV routing protocol.
This paper describes, modified AODV routing protocol in the light of trust evaluation concepts. In particularly, we employ specification based techniques to monitor the AODV routing protocol, a widely adopted ad hoc source initiated routing protocol. AODV is a reactive and stateless routing protocol that establishes routes only as desired by the source node. AODV is vulnerable to various kinds of wireless attacks. The normal operation of AODV damaged by the presence of black hole node in existing settled network. It sends the fake adversary information packets may be RREQ or RREP to all of its neighbor nodes. Malicious node easily disrupts the functioning of the routing protocol and makes at least part of the network to crash.
This research is mainly concentrates in the advantages of using the trust values of every node. By computing trust levels from the inherent knowledge present in the network, the trustworthiness of the route can be computed. So that we can easily identified the misbehaving nodes.
The remainder of this paper is organized as follows: this paper is focused on introducing a trust model suitable for application to ad hoc networks. In section 2, we discuss the black hole attack in AODV routing protocol. Section 3 describes some relevant previous solutions for black hole attacks. In section 4, we illustrate the trust model in detail. In section 5, we describes our proposed modified secured AODV routing protocol and rest of the paper consist of an results in section 6 and conclusion in section 7.
2. BLACK HOLE ATTACK AGAINST AODV
The Ad Hoc On Demand Distance Vector (AODV)
algorithm enables dynamic, self starting, multi hop routing between participating mobile nodes wishing to establish and maintain an Ad Hoc network. AODV establishes routes only as desired by source node using route request (RREQ) and route reply (RREP) messages. When a source node wants to send packets to a destination node but cannot find a route in its routing table, it broadcasts RREQ messages to its neighbors. Its neighbors then rebroadcast the RREQ message to their neighbors, if they do not have a fresh enough route to the destination node. This process continues until the RREQ messages reach the destination node or an intermediate node with fresh sequence number updates its reverse route to the source node. When source or intermediate node receives a RREP message either from the destination or the intermediate node, it updates its routing table to the destination node. After selecting and establishing a route, it is aintained by route maintenance procedure until either the destination becomes inaccessible along every path from the source or the route is no longer desired. Normal behavior of AODV routing protocol described in Figure. (a), 1(b).
A Black Hole has two properties; first the node exploits the ad hoc routing protocol, such as AODV to advertise itself as having a valid route to a destination node, even though the route is spurious, with the intention of intercepting packets. Second, the nodes consume the intercepted packets. In flooding based protocol, if the malicious reply reaches the source node before the reply (RREP) from the actual node, a forged route has been created. The disrupted AODV routing protocol with Black Hole node activity explained in Figure. 2. Black Hole attacks in AODV protocol routing level can be classified into two categories; RREQ Black Hole attack and RREP Black hole attack. In this way, the malicious node can easily misroute a lot of traffic itself and could cause an attack to the network with very little effort on its part.
3. EXISTING METHODS TO SOLVE
BLACK HOLE ATTACK
Figure. Normal AODV Route Establishment
The first proposed solution introduced by Deng with two additional control packets excluding RREQ, RREP in AODV routing protocol. The fake RREP originated by Black hole node followed by source initiated RREQ identified by further checkup the route by the source node in different direction. For this route further checkup, the modified AODV require additional two control packets, such as urtherReq, FurtherRep between the source node and the next immediate neighbor node of the Black hole node. The next immediate node is mentioned by Black hole ode at the time of passing RREP to the source. (The source node gets the actual information from this next hop node through the CheckResult field in urthetRep packet by making different route to the next hop node.) Source node makes different route to the nexthop node and gets the actual information through the CheckResult field that is in FurtherRep. Packet. The disadvantages of this solution are, this is not working in the case of multiple, co-ordinate black hole nodes. This is overhead processing method. It takes more time to establish a route between two different nodes in the ad hoc networks.
Figure. 1 fb): Normal AODV Route Establishment
The second solution proposed by Yoo and Park on the year 2004 as two different solutions. They are as follows; ? Redundant Route Method ? Exploits Packet Sequence No Method Both of them have its, own advantages and disadvantages. In the first method, redundant route discovery method the source node needs atleast three different route to the same destination. After broadcast RREQ by the source, it just wait until receives more than one RREP from different nodes for the same destination. Then the sender node checks the Authenticity of every node those who are responding RREQ. Source extracts the full path to destination for each RREP, if two or more of these nodes must have some shared hops, then the source can recognize the safe route to the destination. If no shared nodes appear in these redundant routes, the sender will wait for another RREP until a route with shared nodes identified or route time expired.
Surely, this method takes long time to makes the connection between source and destination. Because of the time taken for waiting many RREP by source and also the time delay needed for processing these received RREP by source. Another one main point is, if no such shared hops exists, then the packets will never been sent even in possible cases.
In the second one, Exploits the sequence no scheme, the packet sequence no plays a vital role to make the safe route from source to destination. This method requires two more tables for every node in the networks. First table consists of the sequence no of last packet sent to every node in the network. Second table consists of the sequence no of received packets from every sender in the network. During RREP, the intermediate or destination node must include the sequence no of last received packet from the same source. Once the source receives this RREP, it will extract the last sequence no and then compare its value from the first table of the source. If it matches then the transmission will be take place. Else this replied node is malicious and send alarm to entire network. Last packet sequence number for received and transmitted tables are updated during each packet transmission and arrival.
This method is the fast and reliable way to identify suspicious reply and node. But the main drawback of this method is, how long we should maintain these two table's sequence numbers?. Extra storage space is needed for maintaining the sequence no similar to route cache in DSR routing protocol.
At last, sequence no is not only enough to identify malicious node in ad hoc networks. For example, consider the following situation, in this case this method is not completely trusted. If the alicious node already exists in the network then previously it may be received some packets from the source or its neighbors. Still the source or its neighbors does not know about its misbehaving activities. Once again the source wants to make a connection to some destination, then it will broadcasts RREQ message to its neighbors. If the malicious node receives RREQ message, then it can start to send fake advertised RREP message to source. Already the malicious node has the sequence no of last received packets from the same source, it can send the fake RREP with this sequence no to the source. After receiving the RREP, the source extracts this packet and checks the specified sequence no from its first routing table. Obviously, that sequence no is there. Then the malicious node accepts by the source node as a normal node, then automatically establish connection through this node. As a result the passing packets through this route is lost or interpreted. So that the sequence no is only enough factor to suspect malicious node.
4. TRUST MODEL
Our trust model is an adaptation of the trust model by Marsh configured for use in ad hoc networks. Marsh's model computes situational trust in agents based upon the general trust in the trustor and in the importance and utility of the situation in which an agent finds itself. General trust is basically the trust that one entity assigns another entity based upon all situations. Utility is consider similar to knowledge so that an agent can weigh up the costs and benefits that a particular situation holds.Importance caters for the significance of a particular situation to the trustor based upon time. In order to reduce the number of variables in our model, we merge the utility and importance of the situation into a single variable called weight, which in turn increases or decreases with time.
4.1. Trust Derivation
We compute the trust in our model based upon the information that one node can gather about the other nodes in passive mode. I.e. without requiring any special interrogation packets. Vital information regarding other nodes can be gathered by analyzing the received, forwarded and overheard packets if appropriate taps are applied at different protocol layers. Possible events that can be recorded in passive mode are the measure and accuracy of:
? Frames received ? Data packets forwarded ? Control packets forwarded ? Data packets received ? Control packets received ? Streams established ? Data forwarded ? Data received
The information from these events is classified into one or more trust categories. Trust categories signify the specific aspect of trust that is relevant to a particular relationship and are used to compute trust in another node in specific situations.
4.2. Trust Computation
Trust computation involves an assignment of weights to the events that were monitored and quantified. The assignment is totally dependent on the type of application demanding the trust level and varies with state and time. All nodes dynamically assign these weights based upon their own criteria. These weights have a continuous range from 0 to +1 representing the significance of a particular event from unimportant to most important. We define this trust T value, in node y (suspected node), by node x (NextHop node), as Tx(y) value is given by the following equation:
Tx(y) = _ [ Wx(i) x Tx(i) ]
i = 1
where Wx(i) is the weight of the ith trust category
and Tx(i) is the situational trust of x in the ith trust
category. The total number of trust categories n is dependent on the protocol and scenario to which the trust model is being applied.
5. PROPOSED SOLUTION TO BLACK
The Packets sequence number is not only enough to identify the misbehaving node and makes the safe route between nodes in the ad hoc networks. In Yoo's method, the middle misbehavior node can't be clearly determined. Because some malicious nodes previously have the last packet received sequence number from the valid source node. The sequence no is not updated in this case. For this flaw, in most of the situations the malicious node may be accepts as a normal node by the initiator of the desired route.
For avoid this problem, we use the trust model techniques with some condition to identify the black hole node in ad hoc network. Regarding this node trust value evaluation purpose, we introduce two new control messages with the implementation of AODV routing protocol. These messages are, Trust Request (TrustReq.) and Trust Response (TrustRes.). Finally, we can establish a safe route between any sources to destination without any malicious activities. This method is only pplicable when it is needed i.e.) suspected situations in the network, because of its high processing time and memory space.
5.1. Steps involved in Modified AODV routing
1) Source broadcast RREQ message to its neighbors for
establish the connection to desired
2) The node, which has the shortest path to
destination or fresh (latest) sequence no than
RREQ message, sends RREP with its NextHop
node detail to source.
3) Source sent TrustReq message to NextHop node
through different route.
4) NextHop node returns TrustRes packet to source.
5) Source checks the Trust value information about the suspected node and also checks the time when this information is last updated.
6) Source always takes latest updated TrustRes packet's information.
7) If trust value Tx(y) is in acceptable level, then source immediately establish a connection to that intermediate node or suspected node.
8) Otherwise, we concluded the intermediate node or
suspected node is malicious node for the past few seconds
or hours. (Latest information).
9) And also the system also sends warning alarm to entire
ad hoc networks like this suspected or
intermediate node is a black hole node.
Figure. 2(a): Broadcast of RRFJQ & RREP
Sill IM >
Figure. 2(b): Broadcast of TrustReq & TruslRep
The diagrammatic representation of this modified AODV routing protocol is in Figure. 2(a), Figure. 2(b).. The advantage of this method is the latest information always used for further checkup purpose. The trust value information is always valuable than sequence number. So this method is so accuracy than the previous techniques. It can easily identify the middle misbehavior node.
6. SIMULATION RESULT
Simulation of this modified protocol performed using the famous simulator NS-2. This bellow graph gives the comparison results between normal AODV protocol with and without black hole attack and modified protocol with black hole attack. We evaluate normal AODV working performance with the presence of single Black Hole node. This modified AODV protocol gives the accepted performance and also it sends alarm message to every node in the network if the malicious node was identified.
We have presented here, a novel approach against the Black hole attack on the AODV routing protocol. This modified AODV routing protocol establishes a safe route between any pair of nodes in the ad hoc networks and also we are effectively determined Black hole node in the networks. Instead of cryptographic system, our proposed method based on trust value system to make the trustworthiness connection. This security agent or malicious node detection system uses at right time to isolate the Black hole node from the normal behavior node. The trust value information passed by additional newly identified messages TrustReq, TrustRep from one node to another. This trust value level information is evaluated by source node and then starts to make the connection to the desired destination. This trust information gives the complete behavior of the suspected node during the past times. This method is higher level of accuracy than the other proposed solution. Black hole attacks for AODV routing protocol are used to test and analyze the efficiency of our security scheme. Simulation results show that Black hole attacks have great impact on network performance. Our security scheme can efficiently detect and block the attacks to make network performance recover to normal level quickly. The research about the attack and security scheme for AODV routing protocol is meaningful to ad hoc network security and application in future.
 Asad amir and Chris McDonald, "Establishing Trust in
Pure Ad Hoc Networks", Australian Computer Society, 2004.
 Mohit Virendra, Chandrasekaran and Padhayaya, "Quantifying Trust in Mobile Ad Hoc Networks".
 J.Hass, Papadimitratos, "Secure Routing for Mobile Distance Vector (SAODV) Routing". IETF Internet Draft,
draft-guerrero- manet-saodv-00.txt, August
Ad Hoc Networks", Proceeding of the SCS 2001
Communication Networks & Distributed System Modeling conference, 2002.
 Zhang, Lee, "Intrusion Detection in wireless Ad hoc Networks" , Mobicon 2000.
 Mohd Al Shurman and Yoo, Park, "Black Hole Attack in Mobile Ad hoc Networks", ACMSE 2004.
 Sanjay Ramaswamy and Fu, Dixson, "Prevention of Cooperative Black Hole Attack in Wireless Ad Hoc Networks".
 M.Royer and Perkin, "An implementation study of the
AODV Routing Protocol".
 M.Royer and Perkin, "Ad hoc On Demand Distance Vector
Routing", Internet Draft, Nov 2002.
 Zhou, J.Haas, "Securing Ad Hoc Networks", IEEE Network Magazine , vol.13, Nov/Dec. 1999.
 Manel Guerrero Zapata. "Secure Ad hoc On- Demand
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Active In SP
Joined: Jun 2010
09-10-2010, 09:27 AM
BLACK HOLE.doc (Size: 898.5 KB / Downloads: 100)
Simulated view of a black hole in front of the Large Magellanic Cloud. The ratio between the black hole Schwarzschild radius and the observer distance to it is 1:9. Of note is the gravitational lensing effect known as an Einstein ring, which produces a set of two fairly bright and large but highly distorted images of the Cloud as compared to its actual angular size.
A black hole, according to the general theory of relativity, is a region of space from which nothing, including light, can escape. It is the result of the deformation of spacetime caused by a very compact mass. Around a black hole there is an undetectable surface which marks the point of no return, called an event horizon. It is called "black" because it absorbs all the light that hits it, reflecting nothing, just like a perfect black body in thermodynamics. Under the theory of quantum mechanics, black holes possess a temperature and emit Hawking radiation, but for black holes of stellar mass or larger this temperature is much lower than that of the cosmic background radiation.
Despite its invisible interior, a black hole can be observed through its interaction with other matter. A black hole can be inferred by tracking the movement of a group of stars that orbit a region in space. Alternatively, when gas falls into a stellar black hole from a companion star, the gas spirals inward, heating to very high temperatures and emitting large amounts of radiation that can be detected from earthbound and Earth-orbiting telescopes.
Astronomers have identified numerous stellar black hole candidates, and have also found evidence of supermassive black holes at the center of galaxies. In 1998, astronomers found compelling evidence that a supermassive black hole of more than 2 million solar masses is located near the Sagittarius A* region in the center of the Milky Way galaxy, and more recent results using additional data find evidence that the supermassive black hole is more than 4 million solar masses.