SlideShare une entreprise Scribd logo

AODV protocol

Raj Sikarwar
Raj Sikarwar

AODV Protocol, Detailed Discussion of Black Hole attack and A method to cure Black Hole Attack in the network.

Formation
1  sur  27
Télécharger pour lire hors ligne
CS 399: Seminar Term Paper Ad-hoc On-Demand Distance Vector Protocol and Black Hole Attack in AODV By: Rajkumar Singh∗ (09010138) email s.rajkumar[*]iitg.ernet.in Under the guidance of: Professor Santosh Biswas Department of Computer Science and Engineering Indian Institute of Technology, Guwahati 10th April 2012 1
Abstract Mobile ad-hoc networks(MANETs) are extensively useful many civilian applica- tions as well as in Military purposes. One of the very basic and important application of MANETs is Blue-tooth send the files from one mobile node to another mobile node using blue-tooth like mobile phones use this a lot. Ad-hoc networks are having a lot use suppose in IIT guwahati A group of students have a meeting and in the room there is only one LAN Port and every member in the meeting require the internet connection, then one of the best and not expensive solution is create an Ad-hoc network and all the member can join it, like this there are many uses of adhoc networks. Mobile ad-hoc networks allow the construction of flexible and adaptive networks with no fixed/static infrastructure. The dynamic topology of mobile ad-hoc networks (MANETs) allows nodes to join and leave the ad-hoc network at any point of time. Due to this generic characteristic of Mobile ad-hoc networks it is having lots of vulnerability for security attacks. In this term paper first i will discuss Ad-hoc on-demand distance vector pro- tocol in detail and after that a few vulnerabilities in brief after that a attack which is performed by a group of malicious nodes known as Black hole attack. I will discuss the technique to identify the multiple black holes cooperating to each other and a solution to avoid this attack. In short the main focus will be on How AODV routing protocol works and detecting the black hole attack(Nodes which are contributing to attack) and removing the attack so that can have a secure efficient routing from one node to an- other. I will discuss how the malicious nodes that are responsible for BlackHole attack can be Detected and thus avoid the black-hole attack. Keywords: AODV (Ad-hoc on-demand Distance vector protocol), Black hole, Routing, Ad-hock Networks. 1 Introduction Ad-hoc networks have a large number of important applications. Ad-hoc networks are hav- ing extensive use in daily life as we can connect any mobile node to the network and can perform required tasks like Mobile Phone and Laptop can be connected to Ad-hoc network and can access the Internet without having the fixed infrastructure. Military also use adhoc networks for their many of the applications. Sometimes military uses adhoc networks to connect to soldiers in battlefield or military units connect to each other or sometimes for creating sensory arrays with thousands of sensors. Ad-hoc networks provides the facility of creating a networks in the situations where creating infrastructure seems impossible or creating infrastructure is very expensive means it is impossible to have a network with fixed infrastructure every where, so on such places Ad-hoc networks are highly useful. Without having the fixed infrastructure we can solve the purpose of network by using Ad-hoc net- works.Unlike a networks with fixed/static infrastructure, mobile nodes in adhoc networks do not communicate via access points (fixed structures). Here each node acts as a host at the time of requesting or providing information from or to some other nodes in the network, and act as router when discovering and maintaining routes for other nodes in the network. Means Every node in the adhoc network can act as a Router node or the host node. 2
There are many routing protocols exist out of those main three routing protocols are as follows. • Destination-Sequenced Distance Vector routing (DSDV). • Dynamic Source Routing (DSR). • Ad-hoc on Demand Distance Vector Protocol (AODV). Details of each protocol are described briefly as follows. Mainly i will discuss Ad-hoc on- demand distance vector protocol in section 2. As Ad-hoc networks can be used for Military purposes or can also be used for some other Common secure purposes like online Transaction so main requirement is to make it secure or attack free so that Malicious node can not enter this Network and can not be able access the secure information. As in AODV Protocol sequence numbers and hop counts can be modified so using these options a malicious node can crash the whole network. By Changing TTL a malicious node can choke the whole network. Or using some other attacks like black hole attack whole secure information can be obtained at the time of transfer from one node to another node. Due to the generic nature of AODV protocol a malicious node can spoof its identity and by doing so malicious node can get the secure information and do whatever that node want using the information. Either can dump the whole packets that malicious node obtained or can forward them depending on the behaviour of malicious node.I discussed such attacks in the section 3 in this Term paper. Also i have discussed the detection of such malicious nodes and removal/avoidance of such attacks so that AODV can be more secure. Some people have already fixed some of the security issues of AODV protocol. 2 Different Routing Protocol 2.1 DSDV Details (Destination-Sequenced Distance vector)DSDV protocol is a table driven protocol. Means in DSDV protocol every mobile node maintains a routing table with entries for each and every possible destination node, and required number of hopes to reach those destinations, means if there are n nodes in a network then routing tables corresponding to each node will have almost n − 1 entries. Every Routing table is updated periodically for each and every change in the network (like a new node joins or leaves etc.) to maintain consistency. This updation of Routing tables require frequent route update broadcasts But the problem with this protocol is the size of table as the network increases so is the routing table size in the ratio of O(n*n) that makes it inefficient As network size increases, table size will also increases hence any operation (like update, searching) will be very inefficient. Hence This Protocol is good for networks having less number of nodes. 3
2.2 DSR Details Dynamic Source Routing(DSR) is on demand routing protocol and it maintains a route cache, which leads to memory overhead. DSR protocol is similar to AODV protocol in terms that it is also the on-demand routing protocol like AODV protocol, means it requests for route to a particular node when it is having the need of that route. But DSR does not rely on the path information from the intermediate nodes, DSR has a higher overhead as each packet carries the complete route and it does not support multicast. As each packet contains the whole route information, this increases its overhead. Hence for small information there will be lot more overhead hence it is inefficient in terms of packet overhead. 2.3 AODV Details 2.3.1 Introduction to AODV As the name itself suggests that Ad-hoc on demand Distance vector(AODV) protocol is an on demand routing protocol. Means whenever there is something to route to a particular node then only it request for the route to that particular node. The Ad-hoc On-demand Distance Vector (AODV) algorithm enables dynamic, self-starting, multihop routing be- tween participating mobile nodes wishing to establish and maintain an ad hoc network. AODV allows mobile nodes to obtain routes quickly for new destinations, and does not re- quire nodes to maintain routes to destinations that are not in active communication means there is no need to maintain the table for all the destinations, in this protocol the infor- mation of the nodes are stored that are active parts of the communication. AODV allows mobile nodes to respond to link breakages and changes in network topology in a timely manner. The operation of AODV is loop-free, and avoiding the Bellman Ford ”Counting to infinity” problem offers quick convergence when the ad hoc network topology changes (typically, when a node moves in the network). When line break, AODV causes the affected set of nodes to be notified so that they are able to invalidate the routes using the lost link. Means if a node or a group of nodes leave the network then all the remaining nodes in the network are informed that such nodes are no more in the network so that every node can update their table if it having the route information through those nodes. Means all remaining nodes can invalidate the routes having the nodes who left the network. The highly Distinguishing feature of Ad-hoc on-demand distance vector protocol is its use of a destination of sequence number for each route entry means here in this protocol for each route entry a Destination sequence number is used. The destination sequence number is created by the destination to be included along with any route information it sends to re- questing nodes means destination node itself sends a sequence number to a requesting node along with some other fields in the packet. Using destination sequence numbers ensures loop freedom. Means sequence numbers are used to avoid looping problem, Suppose there is no concept of Destination sequence number in AODV then when a node get a packet that was broadcast-ed by the same node will again be broadcast-ed by the same node and this process will go on for almost all nodes until packet’s hop count become zero, but when se- quence number concept is there then the packet received by a node which was broadcast-ed by the same node will be dropped, hence no situation of looping can not arise. Given the choice between two routes to a destination, a requesting node is required to select the one 4
with largest sequence number, means Requesting node will choose the route having largest sequence number out of received packet’s sequence numbers. Choosing greatest sequence number’s route ensures the freshness of the route. 2.3.2 Overview of AODV There are three types of messages are defined in Ad-hoc on-demand distance vector protocol are Route Requests (RREQs), Route Replies (RREPs), and Route Errors(RERRs). These message types are received via UDP(User Datagram Protocol), and normal IP header pro- cessing applies. So, for instance, the requesting node is expected to use its IP address as the Originator IP address for the messages, means in the RREQ packet there is a field for origi- nator IP address (IP address of the node who has generated this RREQ packet or requesting for Route). For broadcast messages, the IP limited broadcast address (255.255.255.255) is used in the destination address field all 1’s are put. This means that such messages are not blindly forwarded. However, Some messages in AODV like Route Request are supposed to forward to the whole ad-hoc network. The range of dissemination of such RREQs is indicated by the TTL or the HopCount in the IP header, when Hop count is a downward counter, means when HopCount becomes zero then that packet is not forwarded further or in other way that packet is dropped. To avoid the Looping in the network due to the broad- cast of RREQ messages sequence number’s are used, as shown in packet structure there is one field for sequence number. As long as the endpoints of a communication connection have a valid routes to each other means if starting node has the information of the route to destination node in its routing table then that path is followed for Routing from source node to destination node, Means in that case AODV has no role to play. But when there is requirement of route from source to a new destination and no information of route exist in the source node’s routing table then AODV comes into account. The Source node broadcast a RREQ to find a route to the destination. A route can be determined when the RREQ reaches either the destination node itself or some intermediate node having the information of ”fresh enough” route to the desired destination node. As the freshness of the route is ensured by the destination sequence number, this is a field in the packet. As in the routing table Destination sequence number is also stored along with the route information to know the freshnesh of the route. A fresh enough route is valid route entry for the destination whose associated sequence number is at least as great as that contained in RREQ packet means the sequence number in the routing entry corresponding to route to Destination node should be grater or equal to the destination sequence number that is contained in the RREQ packet. The route is made available by uni-casting a RREP back to the origina- tor/generator of the request, so that the RREP can be unicast from the destination along a path to the originator, or likewise from any intermediate node that is able to satisfy the request. RREP message is send to the node from which that node has received the RREQ packet. Nodes in the ad-hoc network monitor the link status of the next hops in active routes. When a link break in an active route is detected, a RERR message is used to notify other nodes that particular link went down so that node can invalidate the routes that are having that particular link. The RERR messages indicates those destinations(possibly sub- nets which are no longer reachable by way of the lost/broken link. In order to enable this error/link down reporting mechanism, each node keeps a ”precursor list”(it is implemented 5
using either the link list or the array) containing the IP address for each of its neighbours that are likely to use it as a next hop towards each destination means in the precursor list the IP’s of the neighbourhood nodes to a particular nodes are stored. The information in the precursor list is most easily acquired during the processing for generation of a RREP message, which by destination has to be sent to a node in a precursor list. If the RREP has a nonzero prefix length, then the originator of the RREQ which solicited or sent the RREP information is included among the precursors for the subnet route. AODV is also table driven routing protocol means it deals with route table management but this routing table does not store all the possible routes to all destination like DSDV protocol . Routing table information must be kept even for short lived (Routes that Van- ishes after a little time) time routes, such as are created to temporarily store reverse paths towards nodes originating RREQs. If a node found some new path then that also has to be entered into the routing whether that route won’t last for very long time. AODV uses the following fields with each route table entry : • Destination IP Address. • Destination sequence number. • Other State and routing flags (e.g.: valid, repairable, being repaired). • Valid Destination Sequence Number flag. • Network Interface. • Next Hop. • List of Precursors.(its kind of group of neighbouring nodes) • Hop Count (number of hops needed to reach destination) • Lifetime (Expiry or Deletion time of the route). This states that Route may be valid at-most this much time. With the help of Sequence number we can avoid routing loops and also can invalidate rout- ing entries in some scenarios like when a link is down or deactivated. Managing the sequence number is the crucial job to avoiding routing loops, even when link break and node is no longer reachable to supply its own information about its sequence number. A destination becomes unreachable when a link breaks or is deactivated. When these conditions occur, the route is invalidated by operations involving the sequence number and marking the route table entry state as invalid. The AODV protocol is quite efficient with respect to network, using this protocol we can deal with thousands of nodes in the adhoc network means The AODV routing protocol is designed for mobile networks with populations of tens of thousands of mobile nodes. AODV can handle low, moderate, and relatively high mobility rates, as well as a variety of data traffic levels means AODV can solve our purpose of routing for a variety of data traffic and at varying mobility rates. AODV is designed for use in networks where the nodes can all trust each other means AODV will work flawlessly if there is none of the 6
node is malicious in the whole ad-hoc network. AODV has been designed to reduce the dissemination of control traffic and eliminate overhead on data traffic like in case DSR and DSDV, in order to improve scalability and performance. Means AODV is the efficient Protocol with respect to network performance but in security aspect AODV is not Secure, I will address the security issues of the AODV protocol in coming sections in this document. 2.3.3 AODV Message Formats There are three mainly used messages AODV protocol those are RREQs(Route Requests), RREPs(Route Reply’s), RERRs(Route Errors). I have described structure of each of the messages with its containing fields. The exact structure of RREQ is as follows. Figure 1: RREQ Message format The details of the fields are as follows. 7
Type: 1 Byte long. Type = 1 for RREQ R: Repair Flag, Reserved for Multicast G: Gratuitous RREP flag; it indicates whether a gratuitous RREP should be Uni-cast to the node specified in the destination IP Address field D: Destination only flag; indicates only the destination may respond to this RREQ. U: Unknown Sequence number; It indicates the destination sequence number is unknown Reserved: Reserved for future expansion. Sent as 0; ignored on reception Hop Count: The number of hops from the originator IP Address to the node handling the request. RREQ ID: A sequence number uniquely identifying the particular RREQ when taken in Conjunction with the originating node’s IP address. Destination IP Address: The IP address of the destination for which a route is desired. Destination Sequence Number: The latest sequence number us received in the past by the originator for any route towards the destination. Originator IP Address: The IP address of the node which originated the Route Request. Originator Sequence Number: The current sequence number to be used in the route entry pointing towards the originator of the route request. Route Reply (RREP) Message Format RREP is used to replying a node from which the node has received the RREQ about the valid route information to the destination node (as in RREQ’s Destiation field). The RREP Packet’s structure with all the details about its fields is shown below. Figure 2: RREP Message Format Message containing following fields. 8
Type: Type = 2 for RREP. R: Repair flag reserved for multicast. A: Acknowledgement required. Reserved: Reserved for future expansion. Prefix Size: If nonzero, the 5-bit Prefix Size specifies that the indicated next hop may be used for any nodes with the same routing prefix (as defined by the Prefix Size) as the requested destination. Hop Count: The number of hops from the Originator IP Address to the Destination IP Address. For Multicast route requests this indicates the number of hops to the multi-cast tree member sending the RREP. Destination IP Address: The IP address of the destination for which a route is supplied Destination Sequence Number: The destination sequence number associated to the route. Originator IP Address: The IP address of the node which originated the RREQ for which the route is supplied. Lifetime: The time in the milliseconds for which nodes receiving the RREP consider the route to be valid *The Prefix Size allows a subnet router to supply a route for every host in the subnet defined by the routing prefix, which is determined by the IP address of the subnet router and the Prefix Size. In order to make use of this feature, the subnet router has to guarantee reach-ability to all the hosts sharing the indicated subnet prefix. When the prefix size is nonzero, any routing information (and precursor data) MUST be kept with respect to the subnet route, not the individual destination IP address on that subnet. The ’A’ bit is used when the link over which the RREP message is sent may be unreliable or unidirectional. When the RREP message contains the ’A’ bit set, the receiver of the RREP is expected to return a RREP-ACK message. Route Error (RERR) Message Format When some link terminates or deactivate than all the node supposed to know about that link termination. So to tell all the nodes about the Link termination, RREPs are sent to every node in the ad-hoc network so that every node can invalidate their route entries which are having routes through that terminated or deactivated link. Route Error(RERR) Message structure is shown below with full details about its containing fields. 9
Figure 3: RERR Message Format Message containing following fields. Type: Type = 3 for RERR Message. N: No Delete flag; Set when a node has performed a local repair a link, and upstream nodes should not delete the route. Reserved: Reserved for future expansion. DestCount: The number of unreachable destinations included in the message. Unreachable Dest. IP Address: The IP address of the destination that has become unreachable due to a link break. Unreachable Destination Seq No. The sequence number in the route table entry for the destination listed in the previous unreachable destination IP Address Field. Ad-hoc on demand distance vector protocol (AODV) is source initiated on-demand routing protocol. Every mobile node maintains a routing table that maintains the next hop node information for a route to the destination node. When a source node wants to route a packet to some destination node then first it will check for the path information to that corresponding destination node. If the information about the path is there in the routing table then source node route the packet to the corresponding path and some boundary cases may come in picture for that there are some special treatments. But if the source node does not find any information about the path to the destination means there does not exist any fresh enough path to the destination node then it stars a route discovery by broadcasting the Route Request(RREQ) packet/message to its neighbourhood nodes, which is further propagated until it reaches to an intermediate node which is having a fresh enough route to the destination node specified in the RREQ packet, or the destination node itself. Every intermediate node that has received RREQ message will make an entry in its routing table for the node that has forwarded the packet and also for the source node. The destination node or the intermediate node having the fresh enough route to the destination send, uni- casts Route Response or Route Reply (RREP) to its neighbourhood node from which it has received the RREQ. An intermediate node makes an entry for the neighbourhood node from which it has received RREP, then forwards the RREP in reverse direction. At the 10
time of receiving the RREP, source node will make an entry for the destination node and also for its neighbourhood node from which it received the RREP. And then source node starts routing the data packets to the destination node through the neighbourhood node that first responded with an RREP. Here is the example of AODV routing at a bunch of nodes. Figure 4: Source to Dest Routing using AODV In the above network topology node ”Source” want to route the packet to node ”Dest”. For that node ”Source” checks for fresh enough path from Source to Dest in its Routing table. Node ”Source” could not find any entry for path to node ”Dest” so node ”source” have to discover the route starting from itself to node ”Dest”. For that node Source sends RREQ to its neighbour nodes having certain fields as discussed in AODV Message format. In the given topology source will send RREQ to its Neighbours. Intermediate nodes not having any information about the path from the node ”Source” to node ”Dest” forward the RREQ message to its neighbourhood nodes. This forwarding may cause looping so to avoid looping we use sequence number in the RREQ message. Every node rejects the message that is having sequence number less than its sequence number. And Also Hop count and TTL helps in avoiding the looping. In the given topology node N7 gets the RREQ message 11
from Source but node N7 does not have any information about the fresh enough route to Dest. So it forward the RREQ Message to its neighbours. And Then Dest receive the RREQ message (requesting the path to Dest). As Dest itself is the final node so it will send an RREP to the node from which it received the RREQ i.e node ”Dest” will send the RREP message to node N7 and then node N7 will forward back to the node from which it has received the RREQ for the path to node ”Dest”. Here node N7 will send RREP message to the Source node. All the RREPs are send as uni-cast If Node ”Source” already received the information about the path or received some other RREP then Source will discard this RREP. But if Source do not get any RREP till now then source will accept the RREP from Node N7. And after that they will start sending the data. And Source will discard every RREP about the route to Dest. Hence in the above topology RREP from the N2 to Source is Discarded. There may be some other possibilities as well. Here looping is avoided using sequence number and TTL. To ensure the Freshness of the route we use sequence number. 3 Vulnerabilities in AODV Ad-hoc on-demand distance vector protocol is very efficient as a network service but it is having lots of vulnerabilities means this protocol can easily be attacked. AODV is not so secure. AODV is designed for an ideal network means for a network having no malicious node. For a network having no malicious nodes AODV protocol is the most efficient one. But we all know that nothing is ideal means there are some unsocial nodes everywhere. Some greedy nodes are also there in the node that attack on the network to solve there purpose. In AODV what we can do during the RREQ messages or RREP messages is as follows. Possible types of attacks. • Sequence numbers can be modified. • Hop Counts can be modified. (main attack is Looping in the network). • modification of source routes( Black hole attack, wrong information about path). Tunnelling. • Spoofing. • Fabrication of Error messages (Error message that Destination is not reachable so don’t send anything and greedy node capture the media). • Fabrication of Source routes (Cache Poisoning). As we have seen there are many types of attack possible in this AODV protocol. But these attacks can be avoided by taking a little bit of care. Black Hole attack is the serious one. As in this attack the malicious node get whole of the data that source is sending and after that it dump the data. So in this paper i will discuss the Black hole attack detection and removal of this attack. 12
3.1 The Black Hole Attack IN AODV Protocol AODV is an important on-demand routing protocol that creates routes only when desired by the source node. When a node requires a route to a destination,(if it is not there in the routing table) it initiates a route discovery process within the network. It broadcasts a route request (RREQ) packet to its neighbours, which then forward the request to their neighbours, and so on, until either the destination or an intermediate node with a fresh enough route to the destination is located. In this process the intermediate node can reply to the RREQ packet only if it has a fresh enough route to the destination. Once the RREQ reaches to destination or to a intermediate node having a fresh enough route to destination node, then the destination node or the intermediate node respond by uni casting a route reply(RREP) to the node from which it has received the RREQ packet. After selecting and establishing a route, it is maintained by a route maintenance procedure until either the destination becomes inaccessible along every path from the source or the route is no longer desires. According to the original AODV protocol, any intermediate node may reply to the RREQ by sending a RREP if it is having a fresh enough route to the Destination. This destination route is checked by the Destination sequence number that is contained in RREQ packet/message. This technique is used to decrease the routing delay but it makes the system vulnerable to a malicious node. A malicious node easily can disrupt the correct functioning of the routing protocol and makes at least part of the network crash. a single black hole node does not harm much but a group of black hole nodes can bring the whole network down. As any intermediate node having fresh enough route can respond to the RREQ. A ma- licious node respond quickly just after receiving the RREQ message from the source node. Malicious node is not having any fresh enough route to destination but still it send RREP stating that i have fresh enough route to the destination as soon as possible. Malicious node doesn’t even search for destination sequence number in its routing table because malicious node try to send RREP message as soon as possible so that source node will drop all the other original/real RREPs. And source node After receiving the RREP from the malicious node update its routing table with the information of the malicious node and also reject all other RREPs from other nodes. And after that Source node start sending data through the malicious node because source node is having the route that goes by that malicious node. And malicious node after receiving the data drop it or can use the secure information. Thus a group of malicious nodes can bring down the hole network. An Example is given below and the whole process is explained. 13
Figure 5: Black Hole attack In the above given figure node N1 is the source node and this node wants to route the data to node N6, Means N6 is the destination node. And in the topology node N4 is the malicious node. Let us suppose node N1 does not have the fresh enough route to the destination node N6. So N1 have to discover the route to N6 for that node N1 will send a RREQ packet. Suppose IP of node N1 is ”10.11.11.12” and Destination node (N6)’s IP is ”10.11.12.24” then node N1 will send a RREQ packet that look like as follows. Figure 6: RREQ packet from Source node 14
This RREQ packet is broadcast and nodes will receive this packet and search for the Desti- nation sequence number in their respective routing tables. if they find destination sequence number or the destination IP in the routing table then that node will send an RREP to the source node otherwise forward the RREQ packet to its neighbourhood nodes. Here in this topology there is one malicious node that will respond to RREQ just after receiving RREQ packet. Because malicious node will send a fake information so it has no need to search it routing table. Hence the malicious node will send RREP packet as soon as possible after receiving the RREQ from the Source node or may be some intermediate node. Before re- ceiving the RREP packet sent by Malicious node if source node receives some other RREP packet then it will work as usual but if the source node N1 receives the RREP sent by Malicious node N4. Then it rejects all other RREPs from other nodes until this route is desirable. Malicious node is as near to the source node better are the chances of attack because RREP generated by malicious node will reach first. In this way source node will believe that it is the route to destination that i require. But in reality there is no path from N4 to N6 in the given network. Node N4 sends a spoofed RREP packet. Let IP of Node N4 is ”10.11.11.19”.RREP packet that is sent by Node N4 is shown below. Figure 7: RREP packet from node N4 As malicious node is nearer to source node so this RREP is supposed to reach first to the Source node. And this will force source node to think that Route Discovery is complete and thus source node will reject all other RREPs that it might have received from other nodes. And after that node N1 will start sending the data through malicious node N4 and N4 will drop that data. Other option is that as Node N4 got the whole data, it can perform everything that is possible with that data, i mean to say is that the data send by source node to destination node is not secure anymore, a third party is having the data. Node N4 can also drop the data, Hence data is lost. So a group of malicious nodes can crash the whole network. Node N4 has succeeded in attracting the source node to send the data through N4. After this node N4 can perform any type of attack out of the following. • Eavesdropping messages, • Selectively dropping data, 15
• Manipulating data, or • Launching Denial of Service (DoS) attack. In the above case a a group of malicious node node spoofs the routing path information single handed means one node from the group focus on one part of the network, i mean to say all the malicious nodes in the group attack exclusively, hence this is comparatively easy to detect using next hop information in the RREPs. but some time a group of cooperative malicious nodes perform the attack in the adhoc network. In this case a group of malicious nodes spoof the routing information by cooperation between them and this attack is not detected by algorithm discussed in [3]. The Figure shown below will discuss everything about the attack. Figure 8: RREQs Broadcasts in The Ad-hoc Network In the above shown figure The RREQ requests are broadcast to the adhoc networks. RREQ flooding in networks is shown in the network. In the next figure shown below i have shown the propagation of RREP from malicious node as well as from the other normal nodes. As Malicious node is nearer to the source node hence source node will get RREP sent by malicious node and if after receiving the RREP if source node wants to confirm the next hop then in RREP packet next hop is node M2 hence source node will check M2. 16
Figure 9: Route Reply(RREPs) Propagation in the network The attack shown in the above diagram is the example of Cooperative Black hole attack in which a group of malicious nodes such that all nodes are cooperative in nature. This attack is not easily detectable like simple black hole attack . Sometimes in modified AODV RREP should also supply the next hop information if the RREP is generated by some intermediate node so that the source node can cross check the route information with the next hop provided in Received RREP. Hence by cooperation malicious nodes able to spoof the route information, thus perform the black hole attack. A special case of the black hole attack is called Gray hole attack in which some of the packets are dropped and some of the packets are forwarded, as sum packets are forwarded so its little hard to detect that whether that node is malicious node or normal node and also the source node will keep on sending the data as some of the data is received by the destination. But Gray hole attack is harder to detect. 4 Detection of Black Hole Attack Many tried to Detect black hole nodes in a network and also try to resolve the black hole attack. Some of the approaches are as follows. Deng et. al. [3] have proposed an algorithm to avoid black hole attacks in ad hoc networks. According to their algorithm, any node on receiving a RREP packet (which is the reply to the route request in AODV) from a node, cross checks with the next hop on the route to the destination means the node that is sending an RREP should also send the information about its next hop if exist (because in case of Destination node itself will not be able to find a next hop on the same route in that case it sends that i am destination node) The cross checking is done only for intermediate nodes, because malicious node can not spoof that i am destination, what an intermediate node can spoof is that it can only send a message that i am having a route to the required destination. If the next hop either does not have 17
a link to the node that sent the RREP or does not have a route to the destination then the node that sent the RREP is considered as malicious. This technique does not work when the malicious nodes cooperate with each other. Means a group of malicious nodes such that all are very cooperative nodes then in that case one malicious node will send RREP and in Next hop field it will send other malicious node which is cooperative and hence by cooperating they can spoof the routing path and thus black hole attack can be incurred in the network. Hence this suggested algorithm will not work, when there is a group of cooperating black hole nodes. An algorithm presented in [4] claims to prevent the cooperative black hole attacks in ad- hoc network by modifying AODV protocol by introducing Data Routing Information (DRI) Table and Cross Checking. It is a computation intensive algorithm and takes O(n2 ) time, whenever a node decides to send packets to another node. Moreover, in case when the network in not under the attack (which will be the usual case) means no malicious node is there in the whole adhoc network, in this case the algo- rithm takes more time to complete. This algorithm is mainly based on a trust-relationship between the nodes in the adhoc network. But this algorithm discussed in [4] fails in de- tecting Gray hole attack. Gray hole attack is the variant of Black hole attack. In Gray hole attack instead of dropping all the packets like in black hole attack it drops some of the packets and forwards some of the packets. The algorithm that i about to describe here is presented in [5] by P.agarwal et. al in which first they created a back bone of the network. The details the algorithm are as follows. This Algorithm also detects Gray hole attack. The main idea behind the algorithm described in [5] is to devise a mechanism for monitoring all the nodes in the network in terms of the traffic being forwarded through them. in this algorithm we are assuming that the nodes are in promiscuous mode (means the nodes can listen to the traffic through their neighbourhood node) so that they can listen to the traffic through there respective neighbours. However, it will not be good option to allow all the nodes in the adhoc network to monitor all the other nodes, because doing so increases the chances of black hole attacks considerably (because malicious node will be able to spoof the traffic management). Hence, In this algorithm, some of the nodes which are powerful in terms of computing power and radio range are chosen, and making them trustworthy means those chosen nodes can be trusted. Such chosen nodes are referred as strong nodes, and those chosen nodes will maintain a BackBone Network [6] which operates at a level above the ad hoc network of regular nodes. Rubin et. al. [6] proposed the use of backbone networks in scalable routing. This idea of back bone network is adapted in this algorithm of detecting malicious nodes and avoiding black hole attack, using backbone at one level up for monitoring traffic for other nodes in the ad hoc network, detecting the presence the presence of black or Gray holes and preventing these malicious nodes from interfering with the routing. In this algorithm all the nodes in the adhoc network are divided into Three parts/categories and these three categories are as follows. 1. RN: These are the low power, low transmission range nodes whose information is not trustworthy Means such nodes can be Malicious nodes. 2. BN: These are the Backbone nodes which have a higher power, transmission range 18
compared to a RN. These nodes form a core that monitors the network nodes(means BN nodes monitor the traffic flow for other nodes in the given ad-hoc network). 3. BCN: These are Backbone Capable nodes with similar capabilities like BN nodes, means these nodes are having the almost same strength as BN nodes. BCN nodes does not form core, but these nodes can be used to become BN nodes or forming the core for increasing both the connectivity and coverage of the network. BCN nodes can be included in the core nodes. The Algorithm to detect malicious nodes and removing black hole attack mainly consists of two parts. • Core/Back-Bone Network Formation and Maintenance, • Detection of Black/malicious Nodes. 4.1 Core/Back-Bone Formation and Maintenance The core/Back-Bone formation progresses incrementally means core is formed by a group of nodes joining the core one by one in a incremental fashion. That is a new node enters into the adhoc network during the core formation and maintenance stage. Suppose there is a BackBone Core Node NBC is there then what task/checks it will perform during the core/backbone formation are described below. Actions by BackBone Core Node (BCN) NBC Step 1: First of all NBC detects RN nodes in its neighbourhood/vicinity. If somehow it found any of such node then broadcasts ”Invitation” message or the message to send a joining request to these RN nodes in its neighbourhood and waits to receive a join request from a RN node. Step 2: NBC on receiving a joining request from a RN node, let say NR . Then NBC checks if NR is reachable in a predefined hop limit from NBC itself, if NR is reachable in those specified hop limits then it adds NR to the list of its associated nodes, else NR in the list of its unassociated nodes. As NBC maintains two lists one for associated nodes and another for unassociated nodes in its neighbourhood. Step 3: If NBC does not receive any other join request within a predefined timeout (a down counter for timeout timer becomes zero), then NBC checks for BN(BackBone Nodes) nodes in the its neighbourhood, if not a single BN node is found in its neighbourhood, then NBC checks for node in its associated list. If the associated list is empty then move to adjacent grid location and repeats from step 1. Step 4: If somehow NBC detects a BN node in its neighbourhood or vicinity, then NBC sends a coordination message to those BN nodes or to the single BN node and waits for reply from that BN node until a time timeout. The coordination message is handled by a separate coordination protocol executed by BN nodes discussed in [6]. 19
Step 5: NBC on receiving reply from the BN node to the coordination message that it had sent before to that BN node, and then NBC executes the required actions as specified in the reply that it has received from the BN node. The action will be like whether NBC should promote itself to a BN node or move to a new grid location for promotion NBC also performs some other respective tasks. Coordination protocol description in detail can be found in [5]. Actions by a regular node N: We can uniformly view the actions of a new node entering for the first time in the adhoc network whether its type is BCN or RN, but that will look little clumsy.Hence to keep the description simple, the actions by different nodes are presented separately so that actions by different types of nodes can be easily understood. Step 1 N Checks if this node is already associated with some BN or BCN node. If this node is already associated to BN or BCN node, then terminates its actions. Step 2 N on receiving an invitation message from BN or BCN node then it sends a join request message to that BN or BCN node from which it had received the Invitation request, and wait for reply from that node. Step 3 N on receiving a reply from corresponding node to its join request that it had sent to either BN or BCN node, N sends accept message(that i am joining you) to the node with lowest id(in case a it receives more than on Join Request from BN or BCN nodes then it chooses the node with lowest id to reply) among those which sent join Acknowledgement(ACKs) to it. After than it just discard the any subsequent join Invitation request. 4.2 Detection of Black Node With the help of a backbone network that we have discussed in previous section in this paper, we propose a algorithm to detect black/malicious nodes which requires O(mdBN ) number of hops to detect the chain of malicious nodes, where m( n) is the number of malicious nodes in the chain of cooperative malicious nodes or the black nodes, and dBN is the diameter of the backbone network that we have formed using the BN and some of the BNC nodes(dBN will be significantly less than the diameter let say DN etwork of the actual ad-hoc network ). Moreover, the describe algorithm takes significantly less time if there is no attack in network means unnecessarily the computation will not be there. The main idea in this described algorithm is that after every block of data packets, Source node asks the backbone network to perform an end-to-end check with the destination node to confirm the delivery of data packets, means source node want to check that destination node has received the transferred data or not. If the destination did not receive a block of data packets, or the destination node becomes aware of some kind of attack in between the communication, then the destination node would inform the backbone network about the attack in communication or non receipt of data packets. After getting this information either of attack or the non receipt of the data packets the backbone network initiates the procedure of detection of the chain of malicious nodes that are cooperating together or 20
the exclusive malicious nodes which are somehow dumping the packets. In our detection techniques One important assumption we have made is that there are not many malicious nodes in the network means if let say m is the number of malicious nodes and n is the total number of nodes in the network than m n. However, the assumption that we have made is a reasonable assumption, because in any network if there are too many malicious nodes, then they can overpower the network and for that we can apply some other technique. So, in this algorithm mainly focus is on the situations where there are not too many malicious nodes in the network. To be more precise, the number of malicious nodes in the network is less than the number of non-malicious neighbours of the node to be monitored. Because if not so malicious node will overpower the whole network. Figure 10: Control Messages for detection of malicious nodes in the above shown figure the description of the symbols are as follows. 1. S is the source node which wishes to communicate with a destination node D. S D 2. S and D are associated respectively with the backbone node Nb and Nb . 3. S and D share a secret key, K. 4. The RREQ from source node S for discovering the route to Destination node D was replied by a RREP message from an intermediate node Nrrep with the shortest route to Source node S. In this checking of Black/ malicious nodes by Back-Bone network Five different types of nodes are involved and those five type of nodes are as follows. 21
1. S: It is the source Node, which initiated sending of data packets to destination node. 2. D: It is destination Node, to which data packets are being sent by Source node. S 3. Nb : It is a back bone node to which source node S is associated. S 4. Nb : It is back bone node to which Destination node D is associated. 5. V: It is a regular node of the ad-hoc network. Now each of the node what they will do, i mean what will be the each node’s actions? Actions of all the five types of nodes as described above in detection of Malicious nodes are as follows. Actions of Source Node S: Step 1: Node S Divides the set of data packets that have to be sent in k equal parts of some size(Last part may not be of the same size), Data[1..k], initializes a running variable i to 1. S Step 2: Source node S Sends a prelude = EK (Ri ), ni , Nb message to D over the backbone, where Ri is the randome nonce, ni is the number of packets to be sent in the current block that is about to sent, and EK () is the encryption function with the shared key S K. This Prelude messages that is sent over backbone network is received by Nb , Nb D and as well as D. Step 3: Source node S Starts transmitting packets from the block Data[i] to D. Source node start sending the data blocks out of those k blocks. S Step 4: Source node Sends a message check = Ri , S, D, Nrrep to Nb . So that Backbone node starts checking the end -to end connection between destination. S Step 5: If Source node received an OK from Nb then it increments the running variable i and repeats from step 2 to send data packets from the next block of data. Means destination is getting data then source keep on sending the data. S Step 6: If Source node received a Not OK from Nb , it means that either destination node detected some attack in the network or the destination has not received the data sent by source node(it means some malicious node is dumping the data), then source node sets a timer for removal of malicious node. If Source node S Received a Removed OK S from Nb before the timer timeouts then it executes the steps starting from step 2 to resume the sending of data to destination node. But if either timer timeout before receiving the ”Remove OK” Message or not received the ”Remove OK” message then Source node once again wait for ”Remove OK” message and if then also not receive any message then it terminates Data Sending. Actions of Destination Node D: Step 1: Destination node on receiving prelude message from Source node S extracts Ri , S ni and Nb , and then sets a timer for the receipt of the current data sample. Waits for the data packets from source node S. Here as we know Source and Destination 22
share a secret key K, Hence D can decrypt the encrypted prelude message using that shared key K. Step 2: While the receipt timer has not timeout, Destination node D on receiving a data packet Destination updates the count (dataCnt) of data packets received. Step 3: After the receipt timer timeout, Destination node sends a message known as pos- tulate containing fields are as follows. S S postlude = {Ri , dataCnt, Nb , D, S} to Nb message to S, where dataCnt is the number of packets that destination node has received from Source node S. S Actions of Nb : S Step 1: Node Nb on receiving a prelude message from source node S, sends monitor mes- sage to all neighbours of source nod S asking them to monitor the data that is sent by source node S . S Step 2: Node Nb Initializes a counter ”max = 0” to count the maximum number of data S packets that are transmitted from source node S, and sets the timer for Nb s actions to terminate. S Step 3: Node Nb On receiving check from source node S sends query for check to all neighbours of Source node S and waits for result messages from the Neighbours of Source node S. S Step 4: Node Nb on receiving a result from a neighbour of Source node S perform the following actions: 1. if the value of counter max is less than the number of packets reported in a result message from the neighbours of Source node S, then updates max to the number that is reported by the result messages. 2. if the value of counter max equals to dataCnt from postlude message then sets D a timer for receiving Acknowledgement(ACK) from Nb and then it wait for further messages either from S or Node Nb D. S 3. If node Node Nb receives D malicious before expiry of timer, then it sends ”OK” to source node S and go to step 1. 4. If the timer expires before receiving the ”D malicious” or not received D malicious S then node Node Nb broadcasts S malicious message to backbone and go to step 5. S Step 5: Terminate Nb s actions. D Actions of Nb : D Step 1: Node Nb on receiving prelude , message from node S, sends monitor message to all the neighbours of Destination node D. D Step 2: Node Nb initializes timer and sets a counter max to 0, where counter max will be updated to the estimated number of packets received by Destination node D. 23
Step 3: If the timer timeouts or an Acknowledgement(ACK) is received from Destination D D, then Node Nb does the following: D 1. Node Nb sends query message to all the neighbours of Destination node D; D 2. Node Nb on receiving a result message from a neighbour of Destination, if value of max is less than the value of number of packets reported in result message D than node Nb updates counter max to the number of packets reported in result message; 3. if max == dataCnt (dataCnt extracted from postlude message sent by Destina- S tion node D) then sends Acknowledgement(ACK) to Nb and goes back to step 1. Step 4: Broadcasts D malicious to backbone and terminates its actions. Actions by a regular node RN: Step 1: Regular bide in receiving monitor message , extract the source IP, destination IP and node-id of the sender. Step 2: If this Regular node is a neighbour of either S or destination node D, then starts counting the number of packets from source node S to destination node D. Step 3: RN on receiving query message, sends the result message to the node from which it got the query message. 4.2.1 Black Hole Removal Process S Once a BN node (Here say Nb in this case) could not receive Acknowledgement(ACK) message until a specified timer timeouts, Then the black hole removal process(Here we can say Gray hole removal process as well because our algorithm is able to remove the Gray S holes as well) gets initiated by Nb . The actions of different nodes for the Black hole removal process is specified below. S Actions by Nb : Step 1: Broadcast find-chain message on the backbone network to find the chain of coop- erative black or malicious nodes. The message contains the id of node Nrrep (it is the node which is sending route reply message to source node S), the victim node or the source node S and the destination node (D). Actions by any backbone node Nb : Step 1: Node Nb On receiving the findc hainmessage, checksif thenodeNrrep (node that send the RREP message to source node S) belongs to the association list of this BN node (as already described BN nodes maintain two list named as Associated node list and Unassociated). If not belongs to Associated node list, then no further action is required.a 24
Step 2: Node Nb Initialize a list (called BlackHole-Chain) to contain node Nrrep . If a BlackHole-Chain is also received with the broadcast, use that instead of initializing a new list. Step 3: Instruct all the neighbours of node Nrrep to vote for the next node to which Nrrep is forwarding(if this node is forwarding some of the packets) packets originating from Source node S and destined to Destination node D. Step 4: On receiving nodei d sf romneighboursof Nrrep , elect the next node to which Nrrep is forwarding the packets based on reported reference counts. Step 5: If the elected node for next node to Nrrep is a null node, it means that the in- termediate node Nrrep is itself dropping all the packets(this is the case of mutual malicious node black hole ). In this case, the black hole removal terminates, and a broadcast message is sent across the network to alert all other nodes about the nodes in BlackHole-chain to be considered as malicious, hence all the nodes will black list that particular node here in this case is Nrrep . Step 6: Also Append the elected node to the list (Black-Hole Chain) So that without checking can say that particular node is malicious one. If that elected node is in the association list of this Nb , then go to step 3, it replaces node Nrrep with the elected node. But in this case the elected node is a valid node. because it is in the associated node list. Step 7: Node Nb Broadcast a find chain message over the backbone network, containing the id’s of the malicious nodes. And it also broadcasts the BlackHole-Chain formed till the time over the whole network so that other backbone network nodes can also append malicious nodes to the their respective list so that in future if they received RREP from any of the node in the BlackHole-Chain then they can just ignore that message. Actions by a regular/BCN node: Step 1: On receiving instructions from a backbone network node to find the next node to which a malicious node M is forwarding some of the packets, then regular node will check if M is a neighbour of this node. If M is one of its neighbour, then turn on to promiscuous mode and listen to packets from node M , which has Source node S as source and D as destination. And then infer the next node whom node M is forwarding the packets, regular node will send an message to BN containing the node-id of that node to which packet is forward by malicious node M. Thus Black hole attack can be removed. 5 Conclusion In this Report i have discussed about Ad-hoc on-demand distance vector protocol, Black Hole attack , Detection of Malicious nodes and Removal of Black hole attack. As i have 25
described that black hole attack can be removed by forming the Back bone network of the Trusted nodes in the network. This Back bone network will monitor the traffic flow for other nodes in the network and by executing some of the specific checks as described in above specified algorithm on traffic for each node we can detect the malicious node or the chain of malicious nodes. And By this detecting them we can black list those IPs of the malicious node, means if the source node receive any RREP from the blacklisted IP list then that RREP should be dropped, Hence This will lead to removal of Black hole attack, a secure routing can take place. Some other techniques may also be possible for removing black hole attacks. In this Report the algorithm that i have discussed will be able to remove the black hole attack from the network. 6 References 1. RFC standard-3561, http://www.ietf.org/rfc/rfc3561.txt 2. Izhak Ruhin,Arash Behzad, Runlie Zhang, Iluiyu Luo,Eric Caballero : TBONE: A Mobile-Backbone Protocol for Ad Hoc Wireless Networks. 3. H. Deng, W. Li, and D. P. Agrawal. Routing security in wireless ad hoc network. IEEE Communications Magzine, pages 70 - 75, 2002. 4. S. Ramaswamy, H. Fu, M. Sreekantaradhya, J. Dixon, and K. Nygard. Prevention of cooperative black hole attack in wireless ad hoc networks. In Proceedings of 2003 International Conference on Wireless Networks (ICWN03), pages 570575. Las Vegas, Nevada, USA, 2003. 5. P.Agarwal, R.K Ghosh, S.K Das, Cooperative Black and Gray Hole Attacks in Mobile Ad Hoc Networks 6. I. Rubin, A. Behzad, R. Zhang, H. Luo, and E. Caballero. Tbone: A mobile-backbone protocol for ad hoc wireless networks. In Proceedings of IEEE Aerospace Conference, volume 6, pages 2727 2740, 2002. 7. Y. C. Hu, A. Perrig, and D. B. Johnson, Ariadne: A secure on-demand routing protocol for ad hoc networks, in Eighth Annual International Confer- ence on Mobile Computing and Networking (Mobi-Com 2002), pp. 12-23, Sept. 2002. 8. Y. C. Hu and A. Perrig, A survey of secure wireless ad hoc routing, IEEE Security Privacy Magazine, vol. 2, no. 3, pp. 28-39, May/June 2004. 9. S. Lee, B. Han, and M. Shin, Robust routing in wireless ad hoc networks, in ICPP Workshops, pp.73, 2002. 10. Y. A. Huang and W. Lee, Attack analysis and de-tection for ad hoc routing protocols, in The 7th In-ternational Symposium on Recent Advances in Intru-sion Detection (RAID04), pp. 125-145, French Riv-iera, Sept. 2004. 26
11. Charles E. Perkins, Elizabeth M. Royer and Samir R. Das. Ad hoc On-Demand Distance Vector (AODV) Routing. Internet Draft, work in progress, IETF Mobile Ad Hoc Networking Working Group, July 2000. 12. F. Stajano and R. Anderson, The Resurrecting Ducking: Security Issues for Ad-Hoc Wireless Networks, Security Protocols, 7th Intl. Wksp. Proc., LNCS, 1999. 13. Hongmei Deng, Wei Li, and Dharma P. Agrawal. Routing Security in wireless adhoc networks. 14. L. Venkatraman and D. P. Agrawal, Strategies for Enhancing Routing Security in Protocols for Mobile Ad Hoc Networks, J. Parallel Distrib. Comp., 2002 27

Recommandé

AODV protocol
AODV protocolAODV protocol
AODV protocolShanka Mahakumbura
 
Power Aware Routing in Adhoc Networks
Power Aware Routing in Adhoc NetworksPower Aware Routing in Adhoc Networks
Power Aware Routing in Adhoc NetworksPradeep Kumar TS
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocolVarsha Anandani
 
Icmp
IcmpIcmp
IcmpAbhishek Kesharwani
 
Switching Concepts presentation
Switching Concepts presentationSwitching Concepts presentation
Switching Concepts presentationzameer Abbas
 
Wsn routing protocol
Wsn routing protocolWsn routing protocol
Wsn routing protocolSuganthiN2
 
Simulation & comparison of aodv & dsr protocol
Simulation & comparison of aodv & dsr protocolSimulation & comparison of aodv & dsr protocol
Simulation & comparison of aodv & dsr protocolPrafull Johri
 
Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)ArunChokkalingam
 

Recommandé

AODV protocol
AODV protocolAODV protocol
AODV protocolShanka Mahakumbura
 
Power Aware Routing in Adhoc Networks
Power Aware Routing in Adhoc NetworksPower Aware Routing in Adhoc Networks
Power Aware Routing in Adhoc NetworksPradeep Kumar TS
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocolVarsha Anandani
 
Icmp
IcmpIcmp
IcmpAbhishek Kesharwani
 
Switching Concepts presentation
Switching Concepts presentationSwitching Concepts presentation
Switching Concepts presentationzameer Abbas
 
Wsn routing protocol
Wsn routing protocolWsn routing protocol
Wsn routing protocolSuganthiN2
 
Simulation & comparison of aodv & dsr protocol
Simulation & comparison of aodv & dsr protocolSimulation & comparison of aodv & dsr protocol
Simulation & comparison of aodv & dsr protocolPrafull Johri
 
Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)ArunChokkalingam
 
Routing protocols in ad hoc network
Routing protocols in ad hoc networkRouting protocols in ad hoc network
Routing protocols in ad hoc networkNIIS Institute of Business Management, Bhubaneswar
 
Basics of Computer Network Device
Basics of Computer Network DeviceBasics of Computer Network Device
Basics of Computer Network DeviceRubal Sagwal
 
C6 Réseaux : Introduction au routage
C6 Réseaux : Introduction au routageC6 Réseaux : Introduction au routage
C6 Réseaux : Introduction au routagePRONETIS
 
Static Routing
Static RoutingStatic Routing
Static RoutingKishore Kumar
 
Ch 19 Network-layer protocols Section 1
Ch 19 Network-layer protocols Section 1Ch 19 Network-layer protocols Section 1
Ch 19 Network-layer protocols Section 1Hossam El-Deen Osama
 
WDM principles
WDM principlesWDM principles
WDM principlesAnuradha Udunuwara
 
Mobile Ad hoc Networks
Mobile Ad hoc NetworksMobile Ad hoc Networks
Mobile Ad hoc NetworksJagdeep Singh
 
Cours3 ospf-eigrp
Cours3 ospf-eigrpCours3 ospf-eigrp
Cours3 ospf-eigrpBadr Guennoun
 
The mac layer
The mac layerThe mac layer
The mac layeraazamk
 
Routing Protocols
Routing ProtocolsRouting Protocols
Routing ProtocolsNetProtocol Xpert
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRPKishore Kumar
 
Ch 20 UNICAST ROUTING SECTION 2
Ch 20 UNICAST ROUTING SECTION 2Ch 20 UNICAST ROUTING SECTION 2
Ch 20 UNICAST ROUTING SECTION 2Hossam El-Deen Osama
 
Switching Techniques
Switching TechniquesSwitching Techniques
Switching Techniquestameemyousaf
 
Router
RouterRouter
RouterThen Murugeshwari
 
1 introduction-to-computer-networking
1 introduction-to-computer-networking1 introduction-to-computer-networking
1 introduction-to-computer-networkingRozitarmizi Mohammad
 
Mobile IP
Mobile IPMobile IP
Mobile IPMukesh Chinta
 
Routing in Mobile Ad hoc Networks
Routing in Mobile Ad hoc NetworksRouting in Mobile Ad hoc Networks
Routing in Mobile Ad hoc NetworksSayed Chhattan Shah
 
MANET VS VANET
MANET VS VANETMANET VS VANET
MANET VS VANETMAHESHWARAND5
 
Le protocole rip
Le protocole rip Le protocole rip
Le protocole rip عبدالجبار العسلي
 
WDM Basics
WDM BasicsWDM Basics
WDM BasicsTarig Elamin
 
Security in Manet Using Fl-Saodv
Security in Manet Using Fl-SaodvSecurity in Manet Using Fl-Saodv
Security in Manet Using Fl-Saodvjournal ijrtem
 
Aodv
AodvAodv
AodvAkshita Sharma
 

Contenu connexe

Tendances

Basics of Computer Network Device
Basics of Computer Network DeviceBasics of Computer Network Device
Basics of Computer Network DeviceRubal Sagwal
 
C6 Réseaux : Introduction au routage
C6 Réseaux : Introduction au routageC6 Réseaux : Introduction au routage
C6 Réseaux : Introduction au routagePRONETIS
 
Ch 19 Network-layer protocols Section 1
Ch 19 Network-layer protocols Section 1Ch 19 Network-layer protocols Section 1
Ch 19 Network-layer protocols Section 1Hossam El-Deen Osama
 
Mobile Ad hoc Networks
Mobile Ad hoc NetworksMobile Ad hoc Networks
Mobile Ad hoc NetworksJagdeep Singh
 
The mac layer
The mac layerThe mac layer
The mac layeraazamk
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRPKishore Kumar
 
Switching Techniques
Switching TechniquesSwitching Techniques
Switching Techniquestameemyousaf
 
1 introduction-to-computer-networking
1 introduction-to-computer-networking1 introduction-to-computer-networking
1 introduction-to-computer-networkingRozitarmizi Mohammad
 
Routing in Mobile Ad hoc Networks
Routing in Mobile Ad hoc NetworksRouting in Mobile Ad hoc Networks
Routing in Mobile Ad hoc NetworksSayed Chhattan Shah
 

Tendances (20)

Routing protocols in ad hoc network
Routing protocols in ad hoc networkRouting protocols in ad hoc network
Routing protocols in ad hoc network
 
Basics of Computer Network Device
Basics of Computer Network DeviceBasics of Computer Network Device
Basics of Computer Network Device
 
C6 Réseaux : Introduction au routage
C6 Réseaux : Introduction au routageC6 Réseaux : Introduction au routage
C6 Réseaux : Introduction au routage
 
Static Routing
Static RoutingStatic Routing
Static Routing
 
Ch 19 Network-layer protocols Section 1
Ch 19 Network-layer protocols Section 1Ch 19 Network-layer protocols Section 1
Ch 19 Network-layer protocols Section 1
 
WDM principles
WDM principlesWDM principles
WDM principles
 
Mobile Ad hoc Networks
Mobile Ad hoc NetworksMobile Ad hoc Networks
Mobile Ad hoc Networks
 
Cours3 ospf-eigrp
Cours3 ospf-eigrpCours3 ospf-eigrp
Cours3 ospf-eigrp
 
The mac layer
The mac layerThe mac layer
The mac layer
 
Routing Protocols
Routing ProtocolsRouting Protocols
Routing Protocols
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRP
 
Ch 20 UNICAST ROUTING SECTION 2
Ch 20 UNICAST ROUTING SECTION 2Ch 20 UNICAST ROUTING SECTION 2
Ch 20 UNICAST ROUTING SECTION 2
 
Switching Techniques
Switching TechniquesSwitching Techniques
Switching Techniques
 
Router
RouterRouter
Router
 
1 introduction-to-computer-networking
1 introduction-to-computer-networking1 introduction-to-computer-networking
1 introduction-to-computer-networking
 
Mobile IP
Mobile IPMobile IP
Mobile IP
 
Routing in Mobile Ad hoc Networks
Routing in Mobile Ad hoc NetworksRouting in Mobile Ad hoc Networks
Routing in Mobile Ad hoc Networks
 
MANET VS VANET
MANET VS VANETMANET VS VANET
MANET VS VANET
 
Le protocole rip
Le protocole rip Le protocole rip
Le protocole rip
 
WDM Basics
WDM BasicsWDM Basics
WDM Basics
 

Similaire à AODV protocol

Security in Manet Using Fl-Saodv
Security in Manet Using Fl-SaodvSecurity in Manet Using Fl-Saodv
Security in Manet Using Fl-Saodvjournal ijrtem
 
Black-Hole and Wormhole Attack in Routing Protocol AODV in MANET
Black-Hole and Wormhole Attack in Routing Protocol AODV in MANETBlack-Hole and Wormhole Attack in Routing Protocol AODV in MANET
Black-Hole and Wormhole Attack in Routing Protocol AODV in MANETIJCSEA Journal
 
Ijarcet vol-2-issue-3-933-937
Ijarcet vol-2-issue-3-933-937Ijarcet vol-2-issue-3-933-937
Ijarcet vol-2-issue-3-933-937Editor IJARCET
 
Analysis of Random Based Mobility Model using TCP Traffic for AODV and DSDV M...
Analysis of Random Based Mobility Model using TCP Traffic for AODV and DSDV M...Analysis of Random Based Mobility Model using TCP Traffic for AODV and DSDV M...
Analysis of Random Based Mobility Model using TCP Traffic for AODV and DSDV M...ijsrd.com
 
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORK
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORKCOMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORK
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORKpijans
 
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORK
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORKCOMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORK
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORKpijans
 
Black hole Attack Avoidance Protocol for wireless Ad-Hoc networks
Black hole Attack Avoidance Protocol for wireless Ad-Hoc networksBlack hole Attack Avoidance Protocol for wireless Ad-Hoc networks
Black hole Attack Avoidance Protocol for wireless Ad-Hoc networksijsrd.com
 
Mobile Adhoc Network (MANET) Routing Protocols Analytical Study
Mobile Adhoc Network (MANET) Routing Protocols Analytical StudyMobile Adhoc Network (MANET) Routing Protocols Analytical Study
Mobile Adhoc Network (MANET) Routing Protocols Analytical StudyIOSR Journals
 
Security issues performance in ad hoc oddv
Security issues performance in ad hoc oddvSecurity issues performance in ad hoc oddv
Security issues performance in ad hoc oddvEditor Jacotech
 
Performance study of adhoc routing protocols for cbr traffic
Performance study of adhoc routing protocols for cbr trafficPerformance study of adhoc routing protocols for cbr traffic
Performance study of adhoc routing protocols for cbr trafficeSAT Journals
 
Security threats in manets a review
Security threats in manets a reviewSecurity threats in manets a review
Security threats in manets a reviewijitjournal
 
Review on security issues of AODV routing protocol for MANETs
Review on security issues of AODV routing protocol for MANETsReview on security issues of AODV routing protocol for MANETs
Review on security issues of AODV routing protocol for MANETsIOSR Journals
 
Migrating packet dropping in mobile ad hoc network based on modified ack-base...
Migrating packet dropping in mobile ad hoc network based on modified ack-base...Migrating packet dropping in mobile ad hoc network based on modified ack-base...
Migrating packet dropping in mobile ad hoc network based on modified ack-base...Alexander Decker
 
Black Hole Detection in AODV Using Hexagonal Encryption in Manet’s
Black Hole Detection in AODV Using Hexagonal Encryption in Manet’sBlack Hole Detection in AODV Using Hexagonal Encryption in Manet’s
Black Hole Detection in AODV Using Hexagonal Encryption in Manet’sIJMER
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 

Similaire à AODV protocol (20)

Security in Manet Using Fl-Saodv
Security in Manet Using Fl-SaodvSecurity in Manet Using Fl-Saodv
Security in Manet Using Fl-Saodv
 
Aodv
AodvAodv
Aodv
 
Hu3114871491
Hu3114871491Hu3114871491
Hu3114871491
 
Black-Hole and Wormhole Attack in Routing Protocol AODV in MANET
Black-Hole and Wormhole Attack in Routing Protocol AODV in MANETBlack-Hole and Wormhole Attack in Routing Protocol AODV in MANET
Black-Hole and Wormhole Attack in Routing Protocol AODV in MANET
 
Ijarcet vol-2-issue-3-933-937
Ijarcet vol-2-issue-3-933-937Ijarcet vol-2-issue-3-933-937
Ijarcet vol-2-issue-3-933-937
 
Analysis of Random Based Mobility Model using TCP Traffic for AODV and DSDV M...
Analysis of Random Based Mobility Model using TCP Traffic for AODV and DSDV M...Analysis of Random Based Mobility Model using TCP Traffic for AODV and DSDV M...
Analysis of Random Based Mobility Model using TCP Traffic for AODV and DSDV M...
 
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORK
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORKCOMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORK
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORK
 
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORK
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORKCOMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORK
COMPARING THREE PROTOCOLS OF DODV, DSR, DSDV FOR VANET NETWORK
 
Black hole Attack Avoidance Protocol for wireless Ad-Hoc networks
Black hole Attack Avoidance Protocol for wireless Ad-Hoc networksBlack hole Attack Avoidance Protocol for wireless Ad-Hoc networks
Black hole Attack Avoidance Protocol for wireless Ad-Hoc networks
 
E42043640
E42043640E42043640
E42043640
 
Mobile Adhoc Network (MANET) Routing Protocols Analytical Study
Mobile Adhoc Network (MANET) Routing Protocols Analytical StudyMobile Adhoc Network (MANET) Routing Protocols Analytical Study
Mobile Adhoc Network (MANET) Routing Protocols Analytical Study
 
Security issues performance in ad hoc oddv
Security issues performance in ad hoc oddvSecurity issues performance in ad hoc oddv
Security issues performance in ad hoc oddv
 
Performance study of adhoc routing protocols for cbr traffic
Performance study of adhoc routing protocols for cbr trafficPerformance study of adhoc routing protocols for cbr traffic
Performance study of adhoc routing protocols for cbr traffic
 
525 529
525 529525 529
525 529
 
Security threats in manets a review
Security threats in manets a reviewSecurity threats in manets a review
Security threats in manets a review
 
Review on security issues of AODV routing protocol for MANETs
Review on security issues of AODV routing protocol for MANETsReview on security issues of AODV routing protocol for MANETs
Review on security issues of AODV routing protocol for MANETs
 
Migrating packet dropping in mobile ad hoc network based on modified ack-base...
Migrating packet dropping in mobile ad hoc network based on modified ack-base...Migrating packet dropping in mobile ad hoc network based on modified ack-base...
Migrating packet dropping in mobile ad hoc network based on modified ack-base...
 
Black Hole Detection in AODV Using Hexagonal Encryption in Manet’s
Black Hole Detection in AODV Using Hexagonal Encryption in Manet’sBlack Hole Detection in AODV Using Hexagonal Encryption in Manet’s
Black Hole Detection in AODV Using Hexagonal Encryption in Manet’s
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Dt36717722
Dt36717722Dt36717722
Dt36717722
 

Plus de Raj Sikarwar

Rabindranath tagore Biography
Rabindranath tagore BiographyRabindranath tagore Biography
Rabindranath tagore BiographyRaj Sikarwar
 
Hidden Surface Removal using Z-buffer
Hidden Surface Removal using Z-bufferHidden Surface Removal using Z-buffer
Hidden Surface Removal using Z-bufferRaj Sikarwar
 
Overlapping community Detection Using Bayesian NMF
Overlapping community Detection Using Bayesian NMFOverlapping community Detection Using Bayesian NMF
Overlapping community Detection Using Bayesian NMFRaj Sikarwar
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different ScenariosRaj Sikarwar
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different ScenariosRaj Sikarwar
 
AODV protocol and Black Hole attack
AODV protocol and Black Hole attackAODV protocol and Black Hole attack
AODV protocol and Black Hole attackRaj Sikarwar
 
Least squares support Vector Machine Classifier
Least squares support Vector Machine ClassifierLeast squares support Vector Machine Classifier
Least squares support Vector Machine ClassifierRaj Sikarwar
 

Plus de Raj Sikarwar (7)

Rabindranath tagore Biography
Rabindranath tagore BiographyRabindranath tagore Biography
Rabindranath tagore Biography
 
Hidden Surface Removal using Z-buffer
Hidden Surface Removal using Z-bufferHidden Surface Removal using Z-buffer
Hidden Surface Removal using Z-buffer
 
Overlapping community Detection Using Bayesian NMF
Overlapping community Detection Using Bayesian NMFOverlapping community Detection Using Bayesian NMF
Overlapping community Detection Using Bayesian NMF
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
 
AODV protocol and Black Hole attack
AODV protocol and Black Hole attackAODV protocol and Black Hole attack
AODV protocol and Black Hole attack
 
Least squares support Vector Machine Classifier
Least squares support Vector Machine ClassifierLeast squares support Vector Machine Classifier
Least squares support Vector Machine Classifier
 

Dernier

SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 

Dernier (20)

SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 

AODV protocol

  • 1. CS 399: Seminar Term Paper Ad-hoc On-Demand Distance Vector Protocol and Black Hole Attack in AODV By: Rajkumar Singh∗ (09010138) email s.rajkumar[*]iitg.ernet.in Under the guidance of: Professor Santosh Biswas Department of Computer Science and Engineering Indian Institute of Technology, Guwahati 10th April 2012 1
  • 2. Abstract Mobile ad-hoc networks(MANETs) are extensively useful many civilian applica- tions as well as in Military purposes. One of the very basic and important application of MANETs is Blue-tooth send the files from one mobile node to another mobile node using blue-tooth like mobile phones use this a lot. Ad-hoc networks are having a lot use suppose in IIT guwahati A group of students have a meeting and in the room there is only one LAN Port and every member in the meeting require the internet connection, then one of the best and not expensive solution is create an Ad-hoc network and all the member can join it, like this there are many uses of adhoc networks. Mobile ad-hoc networks allow the construction of flexible and adaptive networks with no fixed/static infrastructure. The dynamic topology of mobile ad-hoc networks (MANETs) allows nodes to join and leave the ad-hoc network at any point of time. Due to this generic characteristic of Mobile ad-hoc networks it is having lots of vulnerability for security attacks. In this term paper first i will discuss Ad-hoc on-demand distance vector pro- tocol in detail and after that a few vulnerabilities in brief after that a attack which is performed by a group of malicious nodes known as Black hole attack. I will discuss the technique to identify the multiple black holes cooperating to each other and a solution to avoid this attack. In short the main focus will be on How AODV routing protocol works and detecting the black hole attack(Nodes which are contributing to attack) and removing the attack so that can have a secure efficient routing from one node to an- other. I will discuss how the malicious nodes that are responsible for BlackHole attack can be Detected and thus avoid the black-hole attack. Keywords: AODV (Ad-hoc on-demand Distance vector protocol), Black hole, Routing, Ad-hock Networks. 1 Introduction Ad-hoc networks have a large number of important applications. Ad-hoc networks are hav- ing extensive use in daily life as we can connect any mobile node to the network and can perform required tasks like Mobile Phone and Laptop can be connected to Ad-hoc network and can access the Internet without having the fixed infrastructure. Military also use adhoc networks for their many of the applications. Sometimes military uses adhoc networks to connect to soldiers in battlefield or military units connect to each other or sometimes for creating sensory arrays with thousands of sensors. Ad-hoc networks provides the facility of creating a networks in the situations where creating infrastructure seems impossible or creating infrastructure is very expensive means it is impossible to have a network with fixed infrastructure every where, so on such places Ad-hoc networks are highly useful. Without having the fixed infrastructure we can solve the purpose of network by using Ad-hoc net- works.Unlike a networks with fixed/static infrastructure, mobile nodes in adhoc networks do not communicate via access points (fixed structures). Here each node acts as a host at the time of requesting or providing information from or to some other nodes in the network, and act as router when discovering and maintaining routes for other nodes in the network. Means Every node in the adhoc network can act as a Router node or the host node. 2
  • 3. There are many routing protocols exist out of those main three routing protocols are as follows. • Destination-Sequenced Distance Vector routing (DSDV). • Dynamic Source Routing (DSR). • Ad-hoc on Demand Distance Vector Protocol (AODV). Details of each protocol are described briefly as follows. Mainly i will discuss Ad-hoc on- demand distance vector protocol in section 2. As Ad-hoc networks can be used for Military purposes or can also be used for some other Common secure purposes like online Transaction so main requirement is to make it secure or attack free so that Malicious node can not enter this Network and can not be able access the secure information. As in AODV Protocol sequence numbers and hop counts can be modified so using these options a malicious node can crash the whole network. By Changing TTL a malicious node can choke the whole network. Or using some other attacks like black hole attack whole secure information can be obtained at the time of transfer from one node to another node. Due to the generic nature of AODV protocol a malicious node can spoof its identity and by doing so malicious node can get the secure information and do whatever that node want using the information. Either can dump the whole packets that malicious node obtained or can forward them depending on the behaviour of malicious node.I discussed such attacks in the section 3 in this Term paper. Also i have discussed the detection of such malicious nodes and removal/avoidance of such attacks so that AODV can be more secure. Some people have already fixed some of the security issues of AODV protocol. 2 Different Routing Protocol 2.1 DSDV Details (Destination-Sequenced Distance vector)DSDV protocol is a table driven protocol. Means in DSDV protocol every mobile node maintains a routing table with entries for each and every possible destination node, and required number of hopes to reach those destinations, means if there are n nodes in a network then routing tables corresponding to each node will have almost n − 1 entries. Every Routing table is updated periodically for each and every change in the network (like a new node joins or leaves etc.) to maintain consistency. This updation of Routing tables require frequent route update broadcasts But the problem with this protocol is the size of table as the network increases so is the routing table size in the ratio of O(n*n) that makes it inefficient As network size increases, table size will also increases hence any operation (like update, searching) will be very inefficient. Hence This Protocol is good for networks having less number of nodes. 3
  • 4. 2.2 DSR Details Dynamic Source Routing(DSR) is on demand routing protocol and it maintains a route cache, which leads to memory overhead. DSR protocol is similar to AODV protocol in terms that it is also the on-demand routing protocol like AODV protocol, means it requests for route to a particular node when it is having the need of that route. But DSR does not rely on the path information from the intermediate nodes, DSR has a higher overhead as each packet carries the complete route and it does not support multicast. As each packet contains the whole route information, this increases its overhead. Hence for small information there will be lot more overhead hence it is inefficient in terms of packet overhead. 2.3 AODV Details 2.3.1 Introduction to AODV As the name itself suggests that Ad-hoc on demand Distance vector(AODV) protocol is an on demand routing protocol. Means whenever there is something to route to a particular node then only it request for the route to that particular node. The Ad-hoc On-demand Distance Vector (AODV) algorithm enables dynamic, self-starting, multihop routing be- tween participating mobile nodes wishing to establish and maintain an ad hoc network. AODV allows mobile nodes to obtain routes quickly for new destinations, and does not re- quire nodes to maintain routes to destinations that are not in active communication means there is no need to maintain the table for all the destinations, in this protocol the infor- mation of the nodes are stored that are active parts of the communication. AODV allows mobile nodes to respond to link breakages and changes in network topology in a timely manner. The operation of AODV is loop-free, and avoiding the Bellman Ford ”Counting to infinity” problem offers quick convergence when the ad hoc network topology changes (typically, when a node moves in the network). When line break, AODV causes the affected set of nodes to be notified so that they are able to invalidate the routes using the lost link. Means if a node or a group of nodes leave the network then all the remaining nodes in the network are informed that such nodes are no more in the network so that every node can update their table if it having the route information through those nodes. Means all remaining nodes can invalidate the routes having the nodes who left the network. The highly Distinguishing feature of Ad-hoc on-demand distance vector protocol is its use of a destination of sequence number for each route entry means here in this protocol for each route entry a Destination sequence number is used. The destination sequence number is created by the destination to be included along with any route information it sends to re- questing nodes means destination node itself sends a sequence number to a requesting node along with some other fields in the packet. Using destination sequence numbers ensures loop freedom. Means sequence numbers are used to avoid looping problem, Suppose there is no concept of Destination sequence number in AODV then when a node get a packet that was broadcast-ed by the same node will again be broadcast-ed by the same node and this process will go on for almost all nodes until packet’s hop count become zero, but when se- quence number concept is there then the packet received by a node which was broadcast-ed by the same node will be dropped, hence no situation of looping can not arise. Given the choice between two routes to a destination, a requesting node is required to select the one 4
  • 5. with largest sequence number, means Requesting node will choose the route having largest sequence number out of received packet’s sequence numbers. Choosing greatest sequence number’s route ensures the freshness of the route. 2.3.2 Overview of AODV There are three types of messages are defined in Ad-hoc on-demand distance vector protocol are Route Requests (RREQs), Route Replies (RREPs), and Route Errors(RERRs). These message types are received via UDP(User Datagram Protocol), and normal IP header pro- cessing applies. So, for instance, the requesting node is expected to use its IP address as the Originator IP address for the messages, means in the RREQ packet there is a field for origi- nator IP address (IP address of the node who has generated this RREQ packet or requesting for Route). For broadcast messages, the IP limited broadcast address (255.255.255.255) is used in the destination address field all 1’s are put. This means that such messages are not blindly forwarded. However, Some messages in AODV like Route Request are supposed to forward to the whole ad-hoc network. The range of dissemination of such RREQs is indicated by the TTL or the HopCount in the IP header, when Hop count is a downward counter, means when HopCount becomes zero then that packet is not forwarded further or in other way that packet is dropped. To avoid the Looping in the network due to the broad- cast of RREQ messages sequence number’s are used, as shown in packet structure there is one field for sequence number. As long as the endpoints of a communication connection have a valid routes to each other means if starting node has the information of the route to destination node in its routing table then that path is followed for Routing from source node to destination node, Means in that case AODV has no role to play. But when there is requirement of route from source to a new destination and no information of route exist in the source node’s routing table then AODV comes into account. The Source node broadcast a RREQ to find a route to the destination. A route can be determined when the RREQ reaches either the destination node itself or some intermediate node having the information of ”fresh enough” route to the desired destination node. As the freshness of the route is ensured by the destination sequence number, this is a field in the packet. As in the routing table Destination sequence number is also stored along with the route information to know the freshnesh of the route. A fresh enough route is valid route entry for the destination whose associated sequence number is at least as great as that contained in RREQ packet means the sequence number in the routing entry corresponding to route to Destination node should be grater or equal to the destination sequence number that is contained in the RREQ packet. The route is made available by uni-casting a RREP back to the origina- tor/generator of the request, so that the RREP can be unicast from the destination along a path to the originator, or likewise from any intermediate node that is able to satisfy the request. RREP message is send to the node from which that node has received the RREQ packet. Nodes in the ad-hoc network monitor the link status of the next hops in active routes. When a link break in an active route is detected, a RERR message is used to notify other nodes that particular link went down so that node can invalidate the routes that are having that particular link. The RERR messages indicates those destinations(possibly sub- nets which are no longer reachable by way of the lost/broken link. In order to enable this error/link down reporting mechanism, each node keeps a ”precursor list”(it is implemented 5
  • 6. using either the link list or the array) containing the IP address for each of its neighbours that are likely to use it as a next hop towards each destination means in the precursor list the IP’s of the neighbourhood nodes to a particular nodes are stored. The information in the precursor list is most easily acquired during the processing for generation of a RREP message, which by destination has to be sent to a node in a precursor list. If the RREP has a nonzero prefix length, then the originator of the RREQ which solicited or sent the RREP information is included among the precursors for the subnet route. AODV is also table driven routing protocol means it deals with route table management but this routing table does not store all the possible routes to all destination like DSDV protocol . Routing table information must be kept even for short lived (Routes that Van- ishes after a little time) time routes, such as are created to temporarily store reverse paths towards nodes originating RREQs. If a node found some new path then that also has to be entered into the routing whether that route won’t last for very long time. AODV uses the following fields with each route table entry : • Destination IP Address. • Destination sequence number. • Other State and routing flags (e.g.: valid, repairable, being repaired). • Valid Destination Sequence Number flag. • Network Interface. • Next Hop. • List of Precursors.(its kind of group of neighbouring nodes) • Hop Count (number of hops needed to reach destination) • Lifetime (Expiry or Deletion time of the route). This states that Route may be valid at-most this much time. With the help of Sequence number we can avoid routing loops and also can invalidate rout- ing entries in some scenarios like when a link is down or deactivated. Managing the sequence number is the crucial job to avoiding routing loops, even when link break and node is no longer reachable to supply its own information about its sequence number. A destination becomes unreachable when a link breaks or is deactivated. When these conditions occur, the route is invalidated by operations involving the sequence number and marking the route table entry state as invalid. The AODV protocol is quite efficient with respect to network, using this protocol we can deal with thousands of nodes in the adhoc network means The AODV routing protocol is designed for mobile networks with populations of tens of thousands of mobile nodes. AODV can handle low, moderate, and relatively high mobility rates, as well as a variety of data traffic levels means AODV can solve our purpose of routing for a variety of data traffic and at varying mobility rates. AODV is designed for use in networks where the nodes can all trust each other means AODV will work flawlessly if there is none of the 6
  • 7. node is malicious in the whole ad-hoc network. AODV has been designed to reduce the dissemination of control traffic and eliminate overhead on data traffic like in case DSR and DSDV, in order to improve scalability and performance. Means AODV is the efficient Protocol with respect to network performance but in security aspect AODV is not Secure, I will address the security issues of the AODV protocol in coming sections in this document. 2.3.3 AODV Message Formats There are three mainly used messages AODV protocol those are RREQs(Route Requests), RREPs(Route Reply’s), RERRs(Route Errors). I have described structure of each of the messages with its containing fields. The exact structure of RREQ is as follows. Figure 1: RREQ Message format The details of the fields are as follows. 7
  • 8. Type: 1 Byte long. Type = 1 for RREQ R: Repair Flag, Reserved for Multicast G: Gratuitous RREP flag; it indicates whether a gratuitous RREP should be Uni-cast to the node specified in the destination IP Address field D: Destination only flag; indicates only the destination may respond to this RREQ. U: Unknown Sequence number; It indicates the destination sequence number is unknown Reserved: Reserved for future expansion. Sent as 0; ignored on reception Hop Count: The number of hops from the originator IP Address to the node handling the request. RREQ ID: A sequence number uniquely identifying the particular RREQ when taken in Conjunction with the originating node’s IP address. Destination IP Address: The IP address of the destination for which a route is desired. Destination Sequence Number: The latest sequence number us received in the past by the originator for any route towards the destination. Originator IP Address: The IP address of the node which originated the Route Request. Originator Sequence Number: The current sequence number to be used in the route entry pointing towards the originator of the route request. Route Reply (RREP) Message Format RREP is used to replying a node from which the node has received the RREQ about the valid route information to the destination node (as in RREQ’s Destiation field). The RREP Packet’s structure with all the details about its fields is shown below. Figure 2: RREP Message Format Message containing following fields. 8
  • 9. Type: Type = 2 for RREP. R: Repair flag reserved for multicast. A: Acknowledgement required. Reserved: Reserved for future expansion. Prefix Size: If nonzero, the 5-bit Prefix Size specifies that the indicated next hop may be used for any nodes with the same routing prefix (as defined by the Prefix Size) as the requested destination. Hop Count: The number of hops from the Originator IP Address to the Destination IP Address. For Multicast route requests this indicates the number of hops to the multi-cast tree member sending the RREP. Destination IP Address: The IP address of the destination for which a route is supplied Destination Sequence Number: The destination sequence number associated to the route. Originator IP Address: The IP address of the node which originated the RREQ for which the route is supplied. Lifetime: The time in the milliseconds for which nodes receiving the RREP consider the route to be valid *The Prefix Size allows a subnet router to supply a route for every host in the subnet defined by the routing prefix, which is determined by the IP address of the subnet router and the Prefix Size. In order to make use of this feature, the subnet router has to guarantee reach-ability to all the hosts sharing the indicated subnet prefix. When the prefix size is nonzero, any routing information (and precursor data) MUST be kept with respect to the subnet route, not the individual destination IP address on that subnet. The ’A’ bit is used when the link over which the RREP message is sent may be unreliable or unidirectional. When the RREP message contains the ’A’ bit set, the receiver of the RREP is expected to return a RREP-ACK message. Route Error (RERR) Message Format When some link terminates or deactivate than all the node supposed to know about that link termination. So to tell all the nodes about the Link termination, RREPs are sent to every node in the ad-hoc network so that every node can invalidate their route entries which are having routes through that terminated or deactivated link. Route Error(RERR) Message structure is shown below with full details about its containing fields. 9
  • 10. Figure 3: RERR Message Format Message containing following fields. Type: Type = 3 for RERR Message. N: No Delete flag; Set when a node has performed a local repair a link, and upstream nodes should not delete the route. Reserved: Reserved for future expansion. DestCount: The number of unreachable destinations included in the message. Unreachable Dest. IP Address: The IP address of the destination that has become unreachable due to a link break. Unreachable Destination Seq No. The sequence number in the route table entry for the destination listed in the previous unreachable destination IP Address Field. Ad-hoc on demand distance vector protocol (AODV) is source initiated on-demand routing protocol. Every mobile node maintains a routing table that maintains the next hop node information for a route to the destination node. When a source node wants to route a packet to some destination node then first it will check for the path information to that corresponding destination node. If the information about the path is there in the routing table then source node route the packet to the corresponding path and some boundary cases may come in picture for that there are some special treatments. But if the source node does not find any information about the path to the destination means there does not exist any fresh enough path to the destination node then it stars a route discovery by broadcasting the Route Request(RREQ) packet/message to its neighbourhood nodes, which is further propagated until it reaches to an intermediate node which is having a fresh enough route to the destination node specified in the RREQ packet, or the destination node itself. Every intermediate node that has received RREQ message will make an entry in its routing table for the node that has forwarded the packet and also for the source node. The destination node or the intermediate node having the fresh enough route to the destination send, uni- casts Route Response or Route Reply (RREP) to its neighbourhood node from which it has received the RREQ. An intermediate node makes an entry for the neighbourhood node from which it has received RREP, then forwards the RREP in reverse direction. At the 10
  • 11. time of receiving the RREP, source node will make an entry for the destination node and also for its neighbourhood node from which it received the RREP. And then source node starts routing the data packets to the destination node through the neighbourhood node that first responded with an RREP. Here is the example of AODV routing at a bunch of nodes. Figure 4: Source to Dest Routing using AODV In the above network topology node ”Source” want to route the packet to node ”Dest”. For that node ”Source” checks for fresh enough path from Source to Dest in its Routing table. Node ”Source” could not find any entry for path to node ”Dest” so node ”source” have to discover the route starting from itself to node ”Dest”. For that node Source sends RREQ to its neighbour nodes having certain fields as discussed in AODV Message format. In the given topology source will send RREQ to its Neighbours. Intermediate nodes not having any information about the path from the node ”Source” to node ”Dest” forward the RREQ message to its neighbourhood nodes. This forwarding may cause looping so to avoid looping we use sequence number in the RREQ message. Every node rejects the message that is having sequence number less than its sequence number. And Also Hop count and TTL helps in avoiding the looping. In the given topology node N7 gets the RREQ message 11
  • 12. from Source but node N7 does not have any information about the fresh enough route to Dest. So it forward the RREQ Message to its neighbours. And Then Dest receive the RREQ message (requesting the path to Dest). As Dest itself is the final node so it will send an RREP to the node from which it received the RREQ i.e node ”Dest” will send the RREP message to node N7 and then node N7 will forward back to the node from which it has received the RREQ for the path to node ”Dest”. Here node N7 will send RREP message to the Source node. All the RREPs are send as uni-cast If Node ”Source” already received the information about the path or received some other RREP then Source will discard this RREP. But if Source do not get any RREP till now then source will accept the RREP from Node N7. And after that they will start sending the data. And Source will discard every RREP about the route to Dest. Hence in the above topology RREP from the N2 to Source is Discarded. There may be some other possibilities as well. Here looping is avoided using sequence number and TTL. To ensure the Freshness of the route we use sequence number. 3 Vulnerabilities in AODV Ad-hoc on-demand distance vector protocol is very efficient as a network service but it is having lots of vulnerabilities means this protocol can easily be attacked. AODV is not so secure. AODV is designed for an ideal network means for a network having no malicious node. For a network having no malicious nodes AODV protocol is the most efficient one. But we all know that nothing is ideal means there are some unsocial nodes everywhere. Some greedy nodes are also there in the node that attack on the network to solve there purpose. In AODV what we can do during the RREQ messages or RREP messages is as follows. Possible types of attacks. • Sequence numbers can be modified. • Hop Counts can be modified. (main attack is Looping in the network). • modification of source routes( Black hole attack, wrong information about path). Tunnelling. • Spoofing. • Fabrication of Error messages (Error message that Destination is not reachable so don’t send anything and greedy node capture the media). • Fabrication of Source routes (Cache Poisoning). As we have seen there are many types of attack possible in this AODV protocol. But these attacks can be avoided by taking a little bit of care. Black Hole attack is the serious one. As in this attack the malicious node get whole of the data that source is sending and after that it dump the data. So in this paper i will discuss the Black hole attack detection and removal of this attack. 12
  • 13. 3.1 The Black Hole Attack IN AODV Protocol AODV is an important on-demand routing protocol that creates routes only when desired by the source node. When a node requires a route to a destination,(if it is not there in the routing table) it initiates a route discovery process within the network. It broadcasts a route request (RREQ) packet to its neighbours, which then forward the request to their neighbours, and so on, until either the destination or an intermediate node with a fresh enough route to the destination is located. In this process the intermediate node can reply to the RREQ packet only if it has a fresh enough route to the destination. Once the RREQ reaches to destination or to a intermediate node having a fresh enough route to destination node, then the destination node or the intermediate node respond by uni casting a route reply(RREP) to the node from which it has received the RREQ packet. After selecting and establishing a route, it is maintained by a route maintenance procedure until either the destination becomes inaccessible along every path from the source or the route is no longer desires. According to the original AODV protocol, any intermediate node may reply to the RREQ by sending a RREP if it is having a fresh enough route to the Destination. This destination route is checked by the Destination sequence number that is contained in RREQ packet/message. This technique is used to decrease the routing delay but it makes the system vulnerable to a malicious node. A malicious node easily can disrupt the correct functioning of the routing protocol and makes at least part of the network crash. a single black hole node does not harm much but a group of black hole nodes can bring the whole network down. As any intermediate node having fresh enough route can respond to the RREQ. A ma- licious node respond quickly just after receiving the RREQ message from the source node. Malicious node is not having any fresh enough route to destination but still it send RREP stating that i have fresh enough route to the destination as soon as possible. Malicious node doesn’t even search for destination sequence number in its routing table because malicious node try to send RREP message as soon as possible so that source node will drop all the other original/real RREPs. And source node After receiving the RREP from the malicious node update its routing table with the information of the malicious node and also reject all other RREPs from other nodes. And after that Source node start sending data through the malicious node because source node is having the route that goes by that malicious node. And malicious node after receiving the data drop it or can use the secure information. Thus a group of malicious nodes can bring down the hole network. An Example is given below and the whole process is explained. 13
  • 14. Figure 5: Black Hole attack In the above given figure node N1 is the source node and this node wants to route the data to node N6, Means N6 is the destination node. And in the topology node N4 is the malicious node. Let us suppose node N1 does not have the fresh enough route to the destination node N6. So N1 have to discover the route to N6 for that node N1 will send a RREQ packet. Suppose IP of node N1 is ”10.11.11.12” and Destination node (N6)’s IP is ”10.11.12.24” then node N1 will send a RREQ packet that look like as follows. Figure 6: RREQ packet from Source node 14
  • 15. This RREQ packet is broadcast and nodes will receive this packet and search for the Desti- nation sequence number in their respective routing tables. if they find destination sequence number or the destination IP in the routing table then that node will send an RREP to the source node otherwise forward the RREQ packet to its neighbourhood nodes. Here in this topology there is one malicious node that will respond to RREQ just after receiving RREQ packet. Because malicious node will send a fake information so it has no need to search it routing table. Hence the malicious node will send RREP packet as soon as possible after receiving the RREQ from the Source node or may be some intermediate node. Before re- ceiving the RREP packet sent by Malicious node if source node receives some other RREP packet then it will work as usual but if the source node N1 receives the RREP sent by Malicious node N4. Then it rejects all other RREPs from other nodes until this route is desirable. Malicious node is as near to the source node better are the chances of attack because RREP generated by malicious node will reach first. In this way source node will believe that it is the route to destination that i require. But in reality there is no path from N4 to N6 in the given network. Node N4 sends a spoofed RREP packet. Let IP of Node N4 is ”10.11.11.19”.RREP packet that is sent by Node N4 is shown below. Figure 7: RREP packet from node N4 As malicious node is nearer to source node so this RREP is supposed to reach first to the Source node. And this will force source node to think that Route Discovery is complete and thus source node will reject all other RREPs that it might have received from other nodes. And after that node N1 will start sending the data through malicious node N4 and N4 will drop that data. Other option is that as Node N4 got the whole data, it can perform everything that is possible with that data, i mean to say is that the data send by source node to destination node is not secure anymore, a third party is having the data. Node N4 can also drop the data, Hence data is lost. So a group of malicious nodes can crash the whole network. Node N4 has succeeded in attracting the source node to send the data through N4. After this node N4 can perform any type of attack out of the following. • Eavesdropping messages, • Selectively dropping data, 15
  • 16. • Manipulating data, or • Launching Denial of Service (DoS) attack. In the above case a a group of malicious node node spoofs the routing path information single handed means one node from the group focus on one part of the network, i mean to say all the malicious nodes in the group attack exclusively, hence this is comparatively easy to detect using next hop information in the RREPs. but some time a group of cooperative malicious nodes perform the attack in the adhoc network. In this case a group of malicious nodes spoof the routing information by cooperation between them and this attack is not detected by algorithm discussed in [3]. The Figure shown below will discuss everything about the attack. Figure 8: RREQs Broadcasts in The Ad-hoc Network In the above shown figure The RREQ requests are broadcast to the adhoc networks. RREQ flooding in networks is shown in the network. In the next figure shown below i have shown the propagation of RREP from malicious node as well as from the other normal nodes. As Malicious node is nearer to the source node hence source node will get RREP sent by malicious node and if after receiving the RREP if source node wants to confirm the next hop then in RREP packet next hop is node M2 hence source node will check M2. 16
  • 17. Figure 9: Route Reply(RREPs) Propagation in the network The attack shown in the above diagram is the example of Cooperative Black hole attack in which a group of malicious nodes such that all nodes are cooperative in nature. This attack is not easily detectable like simple black hole attack . Sometimes in modified AODV RREP should also supply the next hop information if the RREP is generated by some intermediate node so that the source node can cross check the route information with the next hop provided in Received RREP. Hence by cooperation malicious nodes able to spoof the route information, thus perform the black hole attack. A special case of the black hole attack is called Gray hole attack in which some of the packets are dropped and some of the packets are forwarded, as sum packets are forwarded so its little hard to detect that whether that node is malicious node or normal node and also the source node will keep on sending the data as some of the data is received by the destination. But Gray hole attack is harder to detect. 4 Detection of Black Hole Attack Many tried to Detect black hole nodes in a network and also try to resolve the black hole attack. Some of the approaches are as follows. Deng et. al. [3] have proposed an algorithm to avoid black hole attacks in ad hoc networks. According to their algorithm, any node on receiving a RREP packet (which is the reply to the route request in AODV) from a node, cross checks with the next hop on the route to the destination means the node that is sending an RREP should also send the information about its next hop if exist (because in case of Destination node itself will not be able to find a next hop on the same route in that case it sends that i am destination node) The cross checking is done only for intermediate nodes, because malicious node can not spoof that i am destination, what an intermediate node can spoof is that it can only send a message that i am having a route to the required destination. If the next hop either does not have 17
  • 18. a link to the node that sent the RREP or does not have a route to the destination then the node that sent the RREP is considered as malicious. This technique does not work when the malicious nodes cooperate with each other. Means a group of malicious nodes such that all are very cooperative nodes then in that case one malicious node will send RREP and in Next hop field it will send other malicious node which is cooperative and hence by cooperating they can spoof the routing path and thus black hole attack can be incurred in the network. Hence this suggested algorithm will not work, when there is a group of cooperating black hole nodes. An algorithm presented in [4] claims to prevent the cooperative black hole attacks in ad- hoc network by modifying AODV protocol by introducing Data Routing Information (DRI) Table and Cross Checking. It is a computation intensive algorithm and takes O(n2 ) time, whenever a node decides to send packets to another node. Moreover, in case when the network in not under the attack (which will be the usual case) means no malicious node is there in the whole adhoc network, in this case the algo- rithm takes more time to complete. This algorithm is mainly based on a trust-relationship between the nodes in the adhoc network. But this algorithm discussed in [4] fails in de- tecting Gray hole attack. Gray hole attack is the variant of Black hole attack. In Gray hole attack instead of dropping all the packets like in black hole attack it drops some of the packets and forwards some of the packets. The algorithm that i about to describe here is presented in [5] by P.agarwal et. al in which first they created a back bone of the network. The details the algorithm are as follows. This Algorithm also detects Gray hole attack. The main idea behind the algorithm described in [5] is to devise a mechanism for monitoring all the nodes in the network in terms of the traffic being forwarded through them. in this algorithm we are assuming that the nodes are in promiscuous mode (means the nodes can listen to the traffic through their neighbourhood node) so that they can listen to the traffic through there respective neighbours. However, it will not be good option to allow all the nodes in the adhoc network to monitor all the other nodes, because doing so increases the chances of black hole attacks considerably (because malicious node will be able to spoof the traffic management). Hence, In this algorithm, some of the nodes which are powerful in terms of computing power and radio range are chosen, and making them trustworthy means those chosen nodes can be trusted. Such chosen nodes are referred as strong nodes, and those chosen nodes will maintain a BackBone Network [6] which operates at a level above the ad hoc network of regular nodes. Rubin et. al. [6] proposed the use of backbone networks in scalable routing. This idea of back bone network is adapted in this algorithm of detecting malicious nodes and avoiding black hole attack, using backbone at one level up for monitoring traffic for other nodes in the ad hoc network, detecting the presence the presence of black or Gray holes and preventing these malicious nodes from interfering with the routing. In this algorithm all the nodes in the adhoc network are divided into Three parts/categories and these three categories are as follows. 1. RN: These are the low power, low transmission range nodes whose information is not trustworthy Means such nodes can be Malicious nodes. 2. BN: These are the Backbone nodes which have a higher power, transmission range 18
  • 19. compared to a RN. These nodes form a core that monitors the network nodes(means BN nodes monitor the traffic flow for other nodes in the given ad-hoc network). 3. BCN: These are Backbone Capable nodes with similar capabilities like BN nodes, means these nodes are having the almost same strength as BN nodes. BCN nodes does not form core, but these nodes can be used to become BN nodes or forming the core for increasing both the connectivity and coverage of the network. BCN nodes can be included in the core nodes. The Algorithm to detect malicious nodes and removing black hole attack mainly consists of two parts. • Core/Back-Bone Network Formation and Maintenance, • Detection of Black/malicious Nodes. 4.1 Core/Back-Bone Formation and Maintenance The core/Back-Bone formation progresses incrementally means core is formed by a group of nodes joining the core one by one in a incremental fashion. That is a new node enters into the adhoc network during the core formation and maintenance stage. Suppose there is a BackBone Core Node NBC is there then what task/checks it will perform during the core/backbone formation are described below. Actions by BackBone Core Node (BCN) NBC Step 1: First of all NBC detects RN nodes in its neighbourhood/vicinity. If somehow it found any of such node then broadcasts ”Invitation” message or the message to send a joining request to these RN nodes in its neighbourhood and waits to receive a join request from a RN node. Step 2: NBC on receiving a joining request from a RN node, let say NR . Then NBC checks if NR is reachable in a predefined hop limit from NBC itself, if NR is reachable in those specified hop limits then it adds NR to the list of its associated nodes, else NR in the list of its unassociated nodes. As NBC maintains two lists one for associated nodes and another for unassociated nodes in its neighbourhood. Step 3: If NBC does not receive any other join request within a predefined timeout (a down counter for timeout timer becomes zero), then NBC checks for BN(BackBone Nodes) nodes in the its neighbourhood, if not a single BN node is found in its neighbourhood, then NBC checks for node in its associated list. If the associated list is empty then move to adjacent grid location and repeats from step 1. Step 4: If somehow NBC detects a BN node in its neighbourhood or vicinity, then NBC sends a coordination message to those BN nodes or to the single BN node and waits for reply from that BN node until a time timeout. The coordination message is handled by a separate coordination protocol executed by BN nodes discussed in [6]. 19
  • 20. Step 5: NBC on receiving reply from the BN node to the coordination message that it had sent before to that BN node, and then NBC executes the required actions as specified in the reply that it has received from the BN node. The action will be like whether NBC should promote itself to a BN node or move to a new grid location for promotion NBC also performs some other respective tasks. Coordination protocol description in detail can be found in [5]. Actions by a regular node N: We can uniformly view the actions of a new node entering for the first time in the adhoc network whether its type is BCN or RN, but that will look little clumsy.Hence to keep the description simple, the actions by different nodes are presented separately so that actions by different types of nodes can be easily understood. Step 1 N Checks if this node is already associated with some BN or BCN node. If this node is already associated to BN or BCN node, then terminates its actions. Step 2 N on receiving an invitation message from BN or BCN node then it sends a join request message to that BN or BCN node from which it had received the Invitation request, and wait for reply from that node. Step 3 N on receiving a reply from corresponding node to its join request that it had sent to either BN or BCN node, N sends accept message(that i am joining you) to the node with lowest id(in case a it receives more than on Join Request from BN or BCN nodes then it chooses the node with lowest id to reply) among those which sent join Acknowledgement(ACKs) to it. After than it just discard the any subsequent join Invitation request. 4.2 Detection of Black Node With the help of a backbone network that we have discussed in previous section in this paper, we propose a algorithm to detect black/malicious nodes which requires O(mdBN ) number of hops to detect the chain of malicious nodes, where m( n) is the number of malicious nodes in the chain of cooperative malicious nodes or the black nodes, and dBN is the diameter of the backbone network that we have formed using the BN and some of the BNC nodes(dBN will be significantly less than the diameter let say DN etwork of the actual ad-hoc network ). Moreover, the describe algorithm takes significantly less time if there is no attack in network means unnecessarily the computation will not be there. The main idea in this described algorithm is that after every block of data packets, Source node asks the backbone network to perform an end-to-end check with the destination node to confirm the delivery of data packets, means source node want to check that destination node has received the transferred data or not. If the destination did not receive a block of data packets, or the destination node becomes aware of some kind of attack in between the communication, then the destination node would inform the backbone network about the attack in communication or non receipt of data packets. After getting this information either of attack or the non receipt of the data packets the backbone network initiates the procedure of detection of the chain of malicious nodes that are cooperating together or 20
  • 21. the exclusive malicious nodes which are somehow dumping the packets. In our detection techniques One important assumption we have made is that there are not many malicious nodes in the network means if let say m is the number of malicious nodes and n is the total number of nodes in the network than m n. However, the assumption that we have made is a reasonable assumption, because in any network if there are too many malicious nodes, then they can overpower the network and for that we can apply some other technique. So, in this algorithm mainly focus is on the situations where there are not too many malicious nodes in the network. To be more precise, the number of malicious nodes in the network is less than the number of non-malicious neighbours of the node to be monitored. Because if not so malicious node will overpower the whole network. Figure 10: Control Messages for detection of malicious nodes in the above shown figure the description of the symbols are as follows. 1. S is the source node which wishes to communicate with a destination node D. S D 2. S and D are associated respectively with the backbone node Nb and Nb . 3. S and D share a secret key, K. 4. The RREQ from source node S for discovering the route to Destination node D was replied by a RREP message from an intermediate node Nrrep with the shortest route to Source node S. In this checking of Black/ malicious nodes by Back-Bone network Five different types of nodes are involved and those five type of nodes are as follows. 21
  • 22. 1. S: It is the source Node, which initiated sending of data packets to destination node. 2. D: It is destination Node, to which data packets are being sent by Source node. S 3. Nb : It is a back bone node to which source node S is associated. S 4. Nb : It is back bone node to which Destination node D is associated. 5. V: It is a regular node of the ad-hoc network. Now each of the node what they will do, i mean what will be the each node’s actions? Actions of all the five types of nodes as described above in detection of Malicious nodes are as follows. Actions of Source Node S: Step 1: Node S Divides the set of data packets that have to be sent in k equal parts of some size(Last part may not be of the same size), Data[1..k], initializes a running variable i to 1. S Step 2: Source node S Sends a prelude = EK (Ri ), ni , Nb message to D over the backbone, where Ri is the randome nonce, ni is the number of packets to be sent in the current block that is about to sent, and EK () is the encryption function with the shared key S K. This Prelude messages that is sent over backbone network is received by Nb , Nb D and as well as D. Step 3: Source node S Starts transmitting packets from the block Data[i] to D. Source node start sending the data blocks out of those k blocks. S Step 4: Source node Sends a message check = Ri , S, D, Nrrep to Nb . So that Backbone node starts checking the end -to end connection between destination. S Step 5: If Source node received an OK from Nb then it increments the running variable i and repeats from step 2 to send data packets from the next block of data. Means destination is getting data then source keep on sending the data. S Step 6: If Source node received a Not OK from Nb , it means that either destination node detected some attack in the network or the destination has not received the data sent by source node(it means some malicious node is dumping the data), then source node sets a timer for removal of malicious node. If Source node S Received a Removed OK S from Nb before the timer timeouts then it executes the steps starting from step 2 to resume the sending of data to destination node. But if either timer timeout before receiving the ”Remove OK” Message or not received the ”Remove OK” message then Source node once again wait for ”Remove OK” message and if then also not receive any message then it terminates Data Sending. Actions of Destination Node D: Step 1: Destination node on receiving prelude message from Source node S extracts Ri , S ni and Nb , and then sets a timer for the receipt of the current data sample. Waits for the data packets from source node S. Here as we know Source and Destination 22
  • 23. share a secret key K, Hence D can decrypt the encrypted prelude message using that shared key K. Step 2: While the receipt timer has not timeout, Destination node D on receiving a data packet Destination updates the count (dataCnt) of data packets received. Step 3: After the receipt timer timeout, Destination node sends a message known as pos- tulate containing fields are as follows. S S postlude = {Ri , dataCnt, Nb , D, S} to Nb message to S, where dataCnt is the number of packets that destination node has received from Source node S. S Actions of Nb : S Step 1: Node Nb on receiving a prelude message from source node S, sends monitor mes- sage to all neighbours of source nod S asking them to monitor the data that is sent by source node S . S Step 2: Node Nb Initializes a counter ”max = 0” to count the maximum number of data S packets that are transmitted from source node S, and sets the timer for Nb s actions to terminate. S Step 3: Node Nb On receiving check from source node S sends query for check to all neighbours of Source node S and waits for result messages from the Neighbours of Source node S. S Step 4: Node Nb on receiving a result from a neighbour of Source node S perform the following actions: 1. if the value of counter max is less than the number of packets reported in a result message from the neighbours of Source node S, then updates max to the number that is reported by the result messages. 2. if the value of counter max equals to dataCnt from postlude message then sets D a timer for receiving Acknowledgement(ACK) from Nb and then it wait for further messages either from S or Node Nb D. S 3. If node Node Nb receives D malicious before expiry of timer, then it sends ”OK” to source node S and go to step 1. 4. If the timer expires before receiving the ”D malicious” or not received D malicious S then node Node Nb broadcasts S malicious message to backbone and go to step 5. S Step 5: Terminate Nb s actions. D Actions of Nb : D Step 1: Node Nb on receiving prelude , message from node S, sends monitor message to all the neighbours of Destination node D. D Step 2: Node Nb initializes timer and sets a counter max to 0, where counter max will be updated to the estimated number of packets received by Destination node D. 23
  • 24. Step 3: If the timer timeouts or an Acknowledgement(ACK) is received from Destination D D, then Node Nb does the following: D 1. Node Nb sends query message to all the neighbours of Destination node D; D 2. Node Nb on receiving a result message from a neighbour of Destination, if value of max is less than the value of number of packets reported in result message D than node Nb updates counter max to the number of packets reported in result message; 3. if max == dataCnt (dataCnt extracted from postlude message sent by Destina- S tion node D) then sends Acknowledgement(ACK) to Nb and goes back to step 1. Step 4: Broadcasts D malicious to backbone and terminates its actions. Actions by a regular node RN: Step 1: Regular bide in receiving monitor message , extract the source IP, destination IP and node-id of the sender. Step 2: If this Regular node is a neighbour of either S or destination node D, then starts counting the number of packets from source node S to destination node D. Step 3: RN on receiving query message, sends the result message to the node from which it got the query message. 4.2.1 Black Hole Removal Process S Once a BN node (Here say Nb in this case) could not receive Acknowledgement(ACK) message until a specified timer timeouts, Then the black hole removal process(Here we can say Gray hole removal process as well because our algorithm is able to remove the Gray S holes as well) gets initiated by Nb . The actions of different nodes for the Black hole removal process is specified below. S Actions by Nb : Step 1: Broadcast find-chain message on the backbone network to find the chain of coop- erative black or malicious nodes. The message contains the id of node Nrrep (it is the node which is sending route reply message to source node S), the victim node or the source node S and the destination node (D). Actions by any backbone node Nb : Step 1: Node Nb On receiving the findc hainmessage, checksif thenodeNrrep (node that send the RREP message to source node S) belongs to the association list of this BN node (as already described BN nodes maintain two list named as Associated node list and Unassociated). If not belongs to Associated node list, then no further action is required.a 24
  • 25. Step 2: Node Nb Initialize a list (called BlackHole-Chain) to contain node Nrrep . If a BlackHole-Chain is also received with the broadcast, use that instead of initializing a new list. Step 3: Instruct all the neighbours of node Nrrep to vote for the next node to which Nrrep is forwarding(if this node is forwarding some of the packets) packets originating from Source node S and destined to Destination node D. Step 4: On receiving nodei d sf romneighboursof Nrrep , elect the next node to which Nrrep is forwarding the packets based on reported reference counts. Step 5: If the elected node for next node to Nrrep is a null node, it means that the in- termediate node Nrrep is itself dropping all the packets(this is the case of mutual malicious node black hole ). In this case, the black hole removal terminates, and a broadcast message is sent across the network to alert all other nodes about the nodes in BlackHole-chain to be considered as malicious, hence all the nodes will black list that particular node here in this case is Nrrep . Step 6: Also Append the elected node to the list (Black-Hole Chain) So that without checking can say that particular node is malicious one. If that elected node is in the association list of this Nb , then go to step 3, it replaces node Nrrep with the elected node. But in this case the elected node is a valid node. because it is in the associated node list. Step 7: Node Nb Broadcast a find chain message over the backbone network, containing the id’s of the malicious nodes. And it also broadcasts the BlackHole-Chain formed till the time over the whole network so that other backbone network nodes can also append malicious nodes to the their respective list so that in future if they received RREP from any of the node in the BlackHole-Chain then they can just ignore that message. Actions by a regular/BCN node: Step 1: On receiving instructions from a backbone network node to find the next node to which a malicious node M is forwarding some of the packets, then regular node will check if M is a neighbour of this node. If M is one of its neighbour, then turn on to promiscuous mode and listen to packets from node M , which has Source node S as source and D as destination. And then infer the next node whom node M is forwarding the packets, regular node will send an message to BN containing the node-id of that node to which packet is forward by malicious node M. Thus Black hole attack can be removed. 5 Conclusion In this Report i have discussed about Ad-hoc on-demand distance vector protocol, Black Hole attack , Detection of Malicious nodes and Removal of Black hole attack. As i have 25
  • 26. described that black hole attack can be removed by forming the Back bone network of the Trusted nodes in the network. This Back bone network will monitor the traffic flow for other nodes in the network and by executing some of the specific checks as described in above specified algorithm on traffic for each node we can detect the malicious node or the chain of malicious nodes. And By this detecting them we can black list those IPs of the malicious node, means if the source node receive any RREP from the blacklisted IP list then that RREP should be dropped, Hence This will lead to removal of Black hole attack, a secure routing can take place. Some other techniques may also be possible for removing black hole attacks. In this Report the algorithm that i have discussed will be able to remove the black hole attack from the network. 6 References 1. RFC standard-3561, http://www.ietf.org/rfc/rfc3561.txt 2. Izhak Ruhin,Arash Behzad, Runlie Zhang, Iluiyu Luo,Eric Caballero : TBONE: A Mobile-Backbone Protocol for Ad Hoc Wireless Networks. 3. H. Deng, W. Li, and D. P. Agrawal. Routing security in wireless ad hoc network. IEEE Communications Magzine, pages 70 - 75, 2002. 4. S. Ramaswamy, H. Fu, M. Sreekantaradhya, J. Dixon, and K. Nygard. Prevention of cooperative black hole attack in wireless ad hoc networks. In Proceedings of 2003 International Conference on Wireless Networks (ICWN03), pages 570575. Las Vegas, Nevada, USA, 2003. 5. P.Agarwal, R.K Ghosh, S.K Das, Cooperative Black and Gray Hole Attacks in Mobile Ad Hoc Networks 6. I. Rubin, A. Behzad, R. Zhang, H. Luo, and E. Caballero. Tbone: A mobile-backbone protocol for ad hoc wireless networks. In Proceedings of IEEE Aerospace Conference, volume 6, pages 2727 2740, 2002. 7. Y. C. Hu, A. Perrig, and D. B. Johnson, Ariadne: A secure on-demand routing protocol for ad hoc networks, in Eighth Annual International Confer- ence on Mobile Computing and Networking (Mobi-Com 2002), pp. 12-23, Sept. 2002. 8. Y. C. Hu and A. Perrig, A survey of secure wireless ad hoc routing, IEEE Security Privacy Magazine, vol. 2, no. 3, pp. 28-39, May/June 2004. 9. S. Lee, B. Han, and M. Shin, Robust routing in wireless ad hoc networks, in ICPP Workshops, pp.73, 2002. 10. Y. A. Huang and W. Lee, Attack analysis and de-tection for ad hoc routing protocols, in The 7th In-ternational Symposium on Recent Advances in Intru-sion Detection (RAID04), pp. 125-145, French Riv-iera, Sept. 2004. 26
  • 27. 11. Charles E. Perkins, Elizabeth M. Royer and Samir R. Das. Ad hoc On-Demand Distance Vector (AODV) Routing. Internet Draft, work in progress, IETF Mobile Ad Hoc Networking Working Group, July 2000. 12. F. Stajano and R. Anderson, The Resurrecting Ducking: Security Issues for Ad-Hoc Wireless Networks, Security Protocols, 7th Intl. Wksp. Proc., LNCS, 1999. 13. Hongmei Deng, Wei Li, and Dharma P. Agrawal. Routing Security in wireless adhoc networks. 14. L. Venkatraman and D. P. Agrawal, Strategies for Enhancing Routing Security in Protocols for Mobile Ad Hoc Networks, J. Parallel Distrib. Comp., 2002 27