19-07-2012, 01:09 PM
Performance analysis of ad-hoc networks under black hole attacks
Performance analysis of ad-hoc networks under.pdf (Size: 131.48 KB / Downloads: 34)
Abstract
A wireless ad-hoc network is a temporary network
set up by wireless nodes usually moving randomly and com-
municating without a network infrastructure. Due to security
vulnerabilities of the routing protocols, however, wireless ad-hoc
networks may be unprotected against attacks by the malicious
nodes. In this study we inverstigated the effects of Black Hole
attacks on the network performance. We simulated black hole
attacks in Network Simulator 2 (ns-2) and measured the packet
loss in the network with and without a black hole. We also
proposed a simple solution against black hole attacks. Our
solution improved the network performance in the presence of a
black hole by about 19%.
I. INTRODUCTION
Wireless ad-hoc networks are composed of autonomous
nodes that are self- managed without any infrastructure. They
usually have a dynamic topology such that nodes can easily
join or leave the network at any time and they move around
freely which gives them the name Mobile Ad hoc NETworks
or MANETs. They have many potential applications, especially
in military and rescue operations such as connecting
soldiers in the battleeld or establishing a temporary network
in place of one which collapsed after a disaster like an
earthquake.
In these networks, besides acting as a host, each node also
acts as a router and forwards packets to the correct node
in the network once a route is established. To support this
connectivity nodes use routing protocols such as AODV (Adhoc
On-Demand Distance Vector) or DSR (Dynamic Source
Routing).
Wireless ad-hoc networks are usually susceptible to different
security threats and black hole attack is one of these. In this
type of attack, a malicious node which absorbs and drops
all data packets makes use of the vulnerabilities of the on
demand route discovery protocols, such as AODV. In the route
discovery process of AODV protocol, intermediate nodes are
responsible to nd a fresh path to the destination, sending
discovery packets to the neighbor nodes. Malicious nodes
abuse this process and they immediately respond to the source
node with false information as though they have a fresh enough
path to the destination. Therefore source node sends its data
packets via this malicious node assuming it is a true path.
Black hole behavior may also be due to a damaged node
dropping packets unintentionally. In any case, the end result
of the presence of a black hole in the network is lost packets.
In our study, we simulated black hole attacks in wireless
ad-hoc networks and evaluated their effects on the network
performance. We made our simulations using ns-2 (Network
Simulator version 2). Having implemented a new routing
protocol which simulates the black hole behavior in ns-2, we
performed tests on different topologies to compare the network
performance with and without black holes in the network. As
expected, the throughput in the network deteriorated considerably
in the presence of a black hole.
We also proposed a solution based on ignoring the rst
established route to reduce the adverse effects of the black hole
node in an ad-hoc network using AODV as a routing protocol.
We implemented the solution also in ns-2 and evaluated the
results as we did for the black hole implementation. We
presented the improvement due to our proposed solution in
the proceeding sections.
The paper is organized as follows: section 2 describes the
AODV protocol and black hole attacks are described in section
3. Network simulation results are presented in section 4 and
the proposed solution is described in section 5 followed by
conclusions in section 6.
II. AODV ROUTING PROTOCOL
Ad-hoc On-Demand Distance Vector (AODV) [1] is an
on demand routing protocol which is used to nd a route
between the source and destination node as needed. It uses
control messages such as Route Request (RREQ), and Route
Reply (RREP) for establishing a path from the source to the
destination. Header information of these control messages are
also explained in [1]. When the source node wants to make a
connection with the destination node, it broadcasts an RREQ
message. This RREQ message is propagated from the source,
and received by neighbors (intermediate nodes) of the source
node. The intermediate nodes broadcast the RREQ message
to their neighbors. This process goes on until the packet is
received by destination node or an intermediate node that has a
fresh enough route entry for the destination in its routing table.
Fresh enough means that the intermediate node has a valid
route to the destination established earlier than a time period
set as a threshold. Use of a reply from an intermediate node
rather than the destination reduces the route establishment time
and also the control trafc in the network. This, however, leads
to vulnerabilities as explained earlier.
Sequence numbers are also used in the RREP messages
and they serve as time stamps and allow nodes to compare
how fresh their information on the other node is. When a
node sends any type of routing control message, RREQ,
RREP, RERR etc., it increases its own sequence number.
Higher sequence number is assumed to be more accurate
information and whichever node sends the highest sequence
number, its information is considered most up to date and route
is established over this node by the other nodes.
III. BLACK HOLE ATTACKS
In an ad-hoc network that uses the AODV protocol, a
black hole node pretends to have a fresh enough route to
all destinations requested by all the nodes and absorbs the
network trafc. When a source node broadcasts the RREQ
message for any destination, the black hole node immediately
responds with an RREP message that includes the highest
sequence number and this message is perceived as if it is
coming from the destination or from a node which has a fresh
enough route to the destination. The source assumes that the
destination is behind the black hole and discards the other
RREP packets coming from other nodes. The source then starts
to send out its data packets to the black hole trusting that these
packets will reach the destination.
Vulnerabilities of ad-hoc networks against black hole attacks
are studied by different authors. Deng et.al. [2] addresses
the black hole problem and proposes a solution based on
modication of the AODV protocol. The authors propose to
check the route through the next hop in the agreed upon path.
This solution means that next hop information shall be added
to the standard AODV header. Similar approach is adopted in
[3] where the nodes are asked to send their neighborhood sets
once the route is established. In [4] two solutions are proposed
for detecting the black hole attack in ad-hoc networks. First
solution involves sending a ping packet to the destination
to check the established route. If the acknowledgement does
not arrive from the destination, presence of a black hole is
deduced. The other approach proposed is based on keeping
track of sequence numbers as black holes usually temper
with these sending packets with unusually high sequence
numbers. A survey of intrusion detection methods against
various attacks, including black hole attacks, are given in [6].
IV. NETWORK SIMULATIONS
To investigate the effects of black holes we simulated the
wireless ad-hoc network scenarios with and without a black
hole node present in the network. To be able to do that we introduced
a new protocol, which we called "BlackholeAODV",
into the ns-2. Nodes which are marked as black holes adopted
this protocol and behaved exactly like black holes as described
above.
To test this protocol we used two simulations of a small
network with 7 nodes. In the rst scenario we did not use any
black hole nodes and in the second scenario we added a black
hole node to the simulation. We then compared the results of
the simulations.
We used UDP protocol in both simulations and attached
CBR (Constant Bit Rate) application that generates constant
packets through the UDP connection. CBR packet size is chosen
to be 512 bytes, and data rate is set to 1 Mbyte. Duration
of the scenarios is 20 seconds and the CBR connections started
at time equals to 1.0 seconds and continued until the end of
the simulation in a 500 x 500 meter at space. We manually
dened appropriate positions of the nodes to show the data
ow and also introduce a movement only to Node 1 to show
the changes of the data ow in the network. A black hole
node is included in the network for the second simulation. We
observed that the protocol is functioning as it should hence it
could be applied to larger networks.
We used 20 nodes in the actual test networks and UDP
connections are established between even and odd numbered
nodes. In this setup the even numbered nodes are the sending
nodes and odd numbered nodes are the receiving nodes. For
example Node 0 is transmitting to Node 1, Node 2 to Node
3, Node 4 to Node 5 etc. Node 18 and Node 19 are used as
black holes during the simulations as needed. Thus, we could
count the sent and received packets between any two nodes.
We could also count the number of packets dropped at each
node including the black hole nodes.
In all the 100 scenarios we tested, the same nodes are acting
as a source and sending to the same destination but in each scenario,
every single node is placed at different coordinates and
exhibits different movements. Node positions and movements
are randomly generated. For each scenario nodes move from
a random starting point to a random destination with a speed
that is randomly chosen in a 750 x 750 meter at space. Total
simulation time is set to 500 seconds and the CBR connections
started at the rst second of the scenario and lasts for 450
seconds. We allowed 50 seconds for the buffers to be emptied
after the transmission ends. In our scenarios CBR parameters
are set to have packet sizes of 512 bytes, and data rates of 10
kbits/sec..
For each scenario we performed two simulations. In the rst
one every node is working in cooperation with each other to
keep the network in communication. The packet loss in an
ad-hoc network without any malicious nodes is presented in
Table I.