Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Abstract Mobile ad hoc networks (MANETs) are a set of mobile nodes which are self-configuring and connected by wireless links automatically as per the defined routing protocol. Security is an essential requirement in mobile ad hoc network (MANETs). Compared to wired networks, MANETs are more vulnerable to security attacks due to the lack of a trusted centralized authority and limited resources. Attacks on ad-hoc networks can be classified as passive and active attacks, depending on whether the normal operation of the network is disrupted or not. These mobile nodes communicate with each other without any infrastructure, furthermore, all of the transmission links are established through wireless medium. In this paper we address the problem of packet forwarding misbehavior and propose a mechanism to detect and remove the black and gray hole attacks. Keywords black hole, gray hole, MANET, active attack, passive attack.
I. INTRODUCTION This Mobile Ad-hoc Networks (MANETs) differ from existing networks by the fact that they depend on no fixed infrastructure. Nodes forming the network perform all functionality of the network with each node performs the functionality of both host and router.
MANETs are vulnerable to attacks by selfish or malicious nodes, such as packet dropping (black-hole) attacks and selective forwarding (gray-hole) attacks. Another characteristic of a MANET is, limited bandwidth, limited battery power. This characteristic makes routing in a MANET an even more difficult task. Currently, several efficient routing protocols have been proposed. These protocols can be classified into two categories: reactive routing protocols and proactive routing protocols. In reactive routing protocols, such as the Ad hoc On Demand Distance Vector (AODV) protocol [1], nodes find routes only when required. In proactive routing protocols, such as the Optimized Link State Routing (OLSR) protocol [2], nodes obtain routes by periodic exchange of topology information. Gray hole attack [3] may occur due to a malicious node which is deliberately mischievous, as well as a damaged node interface we simulated the Gray hole attack node which is intentionally misbehaving, as well as a damaged node interface we simulated the Gray hole attack. We made our simulations using Network Simulator version 2 (NS-2) [4] simulation programs that consists of the collection of all network protocols to simulate many of the accessible network topologies. II. PROTOCOLS COMMONLY USED FOR MANETS There are many number of routing protocols that are proposed in MANET. The most commonly used protocols are: A. AODV (Ad Hoc On-Demand Distance Vector Routing) Ad hoc On-Demand Distance Vector (AODV) Routing is a routing protocol for MANETs and other wireless ad-hoc networks. It is a reactive routing protocol, meaning that is to establish a route to a destination only on demand. AODV is capable of both unicast and multicast routing. Route Requests (RREQs), Route Replies (RREPs), and Route Errors (RERRs) are the message types distinct by AODV. These message types are received through UDP, and normal IP header processing applies. B. DSR (Dynamic Source Routing) The Dynamic Source Routing (DSR) [5] protocol is an on demand routing protocol that is based on the concept of source routing. The DSR is a simple and efficient routing protocol
A MANET is referred to as an infrastructure less network because the mobile nodes in the network dynamically set up paths among themselves to send out packets temporarily. Due to multi-hop routing and open working environment,
B.Revathi et.al.
205
www.ijcsmr.org
The Dynamic MANET On-demand (DYMO) routing protocol enables reactive, multihop, unicast routing between participating DYMO routers. The basic operations of the DYMO protocol are route discovery and route maintenance. III. CLASSIFICATION OF ATTACKS The attacks can be categorized on the basis of the source of the attacks i.e. Internal or External, and on the behaviour of the attack i.e. Passive or Active attack. This classification is important because the attacker can develop the network either as internal, external or/ as well as active or passive attack against the network. A. External and Internal Attack External attacks, in which the attacker aims to cause congestion, spread false routing information or disturb nodes from providing services.External attacks are attacks launched by challengers who are not initially official to participate in the network operations. These attacks usually aim to cause network congestion, deny access to specific network function or to interrupt the whole network operations. External attackers are mainly outside the networks who want to get access to the network, once they get access to the network they start sending fake packets, denial of service in order to interrupt the performance of the whole network. This attack is same, like the attacks that are made against wired network. These attacks can be barred by implementing security measures such as firewall, where the access of unauthorized person to the network can be mitigated. In internal attack the attacker wants to have usual access to the network as well as contribute in the normal activities of the network. Internal attack is more strict attacks then external attacks. Internal attacks, in which the challenger wants to gain the normal access to the network and contribute the network activities, either by some malicious impersonation to get the access to the network as a new node, or by directly compromising a existing node and using it as a basis to conduct its malicious behaviors.Internal nodes might misbehave to save their limited resources, such as the battery powers, the processing capabilities, and the communication bandwidth. Attacks that are caused by the misbehaving internal nodes are hard to detect because to distinguish between normal network failures and misbehaviour activities in the ad hoc networks is not an easy task.
B. Active and Passive Attack In active attack the attacker disrupt the performance of the network, steal important information and try to destroy the data during the exchange in the network. Active attacks can be an internal or an external attack. The active attacks are meant to destroy the performance of the network in such case the active attack act as an internal node in the network. Being an active part of the network it is easy for the node to make use of and takeover any internal node to use it to introduce false packets injection or denial of service. This attack brings the 18 attacker in strong position where attacker can modify, make and replays the massages. Attackers in passive attacks do not interrupt the normal operations of the network. In Passive attack, it listens to the network in order to know and understand how they are located in the network, how the nodes are communicating with each other. Before the attacker start an attack against the network, the attacker has enough information about the network that it can easily capture and introduce attack in the network.
IV. NETWORK LAYER THREATS A. Black hole Attack MANETs face various securities threats i.e. attack that are passed out against them to interrupt the normal performance of the networks. Black hole attack is one of the security threat in which the traffic is redirect to such a node that actually does not exist in the network. In these attacks, black hole attack is that kind of attack which occurs in Mobile Ad-Hoc networks (MANET). In black hole attack, a malicious node uses its
B.Revathi et.al.
206
www.ijcsmr.org
involves the cooperation between two attacking nodes [14]. One attacker captures routing traffic at one point of the network and turns it to another point in the network that shares a private high speed communication link between the attackers, and then selectively injects tunnel traffic back into the network. The two colluding attacker can potentially deform the topology and establish routes under the control over the wormhole link.
1 2 3 A
Fig.4.2 Warm Hole Attack
D. Location Disclosure Attack: In this attack, the privacy necessities of an ad hoc network are compromised. Through the use of traffic analysis techniques or with simpler probing and monitoring approaches an attacker is able to discover the place of a node, and the configuration of the network. E. Gray hole Attack In this kind of attack the attacker misleads the network by approving to forward the packets in the network. As soon as it receive the packets from the neighbouring node, the attacker falls the packets. This is a type of active attack. In the beginning the attacker nodes behaves usually and reply true RREP messages to the nodes that started RREQ messages. When it receives the packets it starts falling the packets and launch Denial of Service (DoS) attack. The malicious activities of gray hole attack is different in different ways. It drops packets while forwarding them in the network. In some other gray hole attacks the attacker node behaves maliciously for the time until the packets are dropped and then switch to their normal behavior [8]. Due this behavior its very tricky for the network to figure out such kind of attack. Gray hole attack is also termed as node misbehaving attack [9]. V. PROPERTIES OF BLACKHOLE, GREYHOLE AND WORMHOLE ATTACKS First, the Black hole node exploits the ad hoc routing protocol, such as AODV, to promote itself as having a valid route to a destination node, even though the route is fake, with the intention of intercepting packets. Second, the packets are consumed by the Black hole node. Third, the Black hole nodes can conduct synchronized attacks. Grey hole is a node that can switch from behaving acceptably to behaving like a black hole. Wormhole attacks depend on a node misrepresenting its
B. Impersonation Attack: The attacker nodes impersonates a right node and joins the network untraceable, sends false routing information, masked as some other trusted node. C. Wormhole Attack: In the wormhole attacks, a compromised node in the ad hoc networks colludes with external attacker to create a shortcut in the network. By creating this shortcut, they could trap the source node to win in the route discovery process and later starts the interception attacks. Packets from these two colluding attackers are usually transmitted using wired connection to create the best route from source to the destination node. In addition, if the wormhole nodes constantly maintain the false routes, they could permanently reject other routes from being established. As a result, the intermediate nodes reside along that denied routes are unable to contribute in the network operations. The wormhole attack
B.Revathi et.al.
207
www.ijcsmr.org
CONCLUSION In this paper, a study on the work that attempt to detect black or gray hole or cooperative black and gray hole attack has been done. Each node can locally maintain its own table of black listed nodes whenever it tries to send data to any destination node and it can also aware the network about the black listed nodes which are of great importance in networking. The survey revised about various type of protocols commonly used for MANETs.(eg. AODV, DSR, DYMO) and briefly summarized about the classification of attacks, Network layer threats and its properties of black hole, gray hole attack, worm hole attacks. Finally the paper explained the countermeasures of Warm hole attacks, gray hole attack and black hole attack.
REFERENCES
[1] [1] C. Perkins, E. Belding-Royer, and S. Das, Ad Hoc Ondemand Distance Vector (AODV) Routing, IETF RFC 3561, July 2003. Th. Clausen et al., Optimized Link State Routing Protocol, IETF Internet P. Misra,. Routing Protocols for Ad Hoc Mobile Wireless Networks,http://www.cse.wustl.edu/~jain/cis78899/adhoc_ro uting/index.html, 14 May 2006. H. Goto, Y. Hasegawa, and M . Tanaka, Efficient Schedu lin g Focusing on the Duality of MPL Representatives, Proc. IEEE Symp. Computational Intelligence in Scheduling (SCIS 07), IEEE Press, Dec. 2007, pp. 57-64, doi:10.1109/SCIS.2007.357670. J.Yoon, M. Liu, B.Noble Random Waypoint Considered Harmful IEEE INFOCOM, 2003. [6] K. Biswas and Md. Liaqat Ali, Security threats in Mobile AdHoc Network, Master Thesis, Blekinge Institute of Technology Sweden, 22nd March 2007 G. A. Pegueno and J. R. Rivera, Extension to MAC 802.11 for performance Improvement in MANET, Karlstads University, Sweden, December 2006 S.Marti, T.J.Giuli, K.Lai, M.Baker, Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks. Zhu, C. Lee, M.J.Saadawi, T., RTT-Based Optimal Waiting time for Best Route Selection in Ad-Hoc Routing Protocols, IEEE Military Communications Conference, Vol. 2, pp. 1054-1059, Oct, 2003. L. Hu and D. Evans, Department of Computer Science , University of Virginia Charlottesville, Using Directional Antennas to Prevent Wormhole Attacks, VA IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.7, July 2008. K. Win, Department of Engineering Physics, Mandalay Technological University, Pathein Gyi, Mandalay, Analysis of Detecting Wormhole Attack in Wireless Networks, World Academy of Science, Engineering and Technology 48 2008 W. Wang and B. Bhargava., Visualization of wormholes in sensor networks, Proceedings of the 2004 ACM workshop on Wireless Security, pp. 51-60, 2004. E. Mohammed and L. Dargin,Oakland University School of Computer Science and Engineering CSE 681 Information Security, Routing Protocols Security in Ad Hoc Networks. Y.C.Hu, A.Perrig, and D.B.Johnson, Packet Leashes: A Defense Against Wormhole Attacks in Wireless Ad hoc Networks, Proceedings of 22nd Annual Joint Conf. IEEE Computer and Communications Societies (Infocom03), San Francisco, CA, vol.3, pp.1976-1986, April 2003.
[2] [3]
[4]
[5]
[7]
[8] [9]
N1 S BH N2 D
[10]
[11]
N1 S BH
Fig.6.2 Destination Response
D N2
[13]
[14]
B.Revathi et.al.
208
www.ijcsmr.org