Authentication based DSR Protocol to Prevent Black Hole Attacks in MANET

Preliminary Dissertation Report

ABSTRACT
Mobile Ad hoc NETWORK (MANET) is a self configuring network of mobile nodes connected by wireless links and considered as network without infrastructure. Routing protocol plays a crucial role for effective communication between mobile nodes and operates on the basic assumption that nodes are fully cooperative. Research in wireless indicates that the wireless MANET presents a larger security problem than conventional wired and wireless networks. There are many routing attacks caused due to lack of security. The routing attack that will be addressed is the black hole attack. The Black hole attack is that where a malicious node advertises itself as it is having the optimal route to the destination. Here we present a certificate based authentication mechanism to counter the effect of black hole attack. The proposed solution is that the nodes authenticate each other by issuing security certificate in digital form to all the other nodes in the network. The proposed method is to be adapted on DSR and a performance analysis will be done .This method is capable of detecting and removing black hole nodes in the MANET.

Keywords: MANET, routing protocols, DSR, digital certificates ,blackhole attack.

VI

CONTENTS
1. Introduction 1.1 Black Hole Attack 2. Literature Review 2.1 Challenges 3. 4. Existing System Proposed Work Bibliography 1 3 4 6 7 10 13

VII

LIST OF FIGURES

1.1 1.2 3.1 3.2 4.1 4.2

Mobile Adhoc Network Black Hole Attack Route Discovery Process Route Maintenance Process Certificate Chain Model Certified route from Source to Destination

1 3 8 9 11 11

VIII

1.INTRODUCTION
MANET provides a possibility of creating a network in situations where creating the infrastructure would be impossible or prohibitively expensive. Unlike a network with fixed infrastructure, mobile nodes in ad hoc networks do not communicate through the fixed structures. An ad hoc network is self-organizing and adaptive. Networks are formed on-thefly, devices can leave and join the network during its lifetime, devices can be mobile within the network, the network as a whole may be mobile and the network can be deformed on-thefly. Wireless devices communicate directly with devices inside their radio range in a peer-topeer nature. If they wish to communicate with a device outside their range, they can use an intermediate device or devices within their radio range to relay or forward communications. Each mobile node acts as a host when requesting/providing information from/to other nodes in the network, and acts as router when discovering and maintaining routes for other nodes in the network.

Figure 1.1 Mobile Adhoc Network Routing in mobile ad hoc networks faces additional problems and challenges when compared to routing in traditional wired networks with fixed infrastructure.The routing protocols for adhoc networks are Proactive routing protocol and Reactive routing protocol. The proactive routing protocols are Table driven. A routing table is maintained by each node in the

network. The table contains the routing entries for all the possible nodes in the MANET. These protocols allow every node to have a clear and consistent view of the network topology by propagating periodic updates .Therefore, all nodes are able to make immediate decisions regarding the forwarding of a specific packet. On the other hand, the use of periodic routing messages has the effect of having a constant amount of signaling traffic in the network, totally independent of the actual data traffic and the topology changes. The reactive routing protocols are on demand routing protocols. The routes are propagated only on demand. The data packets transmitted while a route discovery is in process are buffered and are sent when the path is established. Dynamic Source Routing (DSR) and AODV are on demand routing protocols. DSDV is a table driven routing protocol. These are the commonly used protocols in MANETs. The security issues of MANETs are more challenging in a multicasting environment with multiple senders and receivers. The problem of routing in such environments is aggravated by limiting factors such as rapidly changing topologies, high power consumption, low bandwidth and high error rates.Thus, security in network layer plays an important role in the security of the entire network. Malicious and selfish nodes are the ones that fabricate attacks against physical, link, network, and application-layer functionality.There are different kinds of attacks by malicious nodes that can harm a network and make it unreliable for communication. These attacks can be classified as active and passive attacks . A passive attack is one in which the formation is snooped by an intruder without disrupting the network activity. An active attack interrupts the normal operation of a network by modifying the packets in the network.
Security Issues for MANETs Vulnerabilities of operating systems and upper layer applications that belong to user programs such as databases, browsers or client-server applications are not considered as a security issue for ad-hoc networks. General attack types are the threats against the routing layer of the ad-hoc networks; such as physical, MAC and network layer which is the most important function of wireless ad-hoc network for the routing mechanism, orienting the packets after a route discovery process. Other vulnerabilities are application security, network security, database security which are studied in different works which are not explained in detail here.

Attacks to the wireless ad-hoc network in the networking layer usually have two purposes: not forwarding packets or adding and changing some parameters of routing messages; such as sequence number and IP addresses. These will be detailed in the subsequent sections. Using one of the key mechanisms such as cryptography or authentication, or both in a network, serves as a preventive approach and can be employed against attackers. However, these mechanisms protect the network against attacks that come from outside, malicious insiders which use one of the critical keys can also threaten the security. For instance, in a battle field where ad-hoc networks are used, even if keys are protected by temper proof hardware that are used in the vehicles in the network, it is difficult to say that these vehicles exhibit the same behavior if the enemy captures them. On the other hand, a node may undeliberately misbehave as if it is damaged. A node with a failed battery which is unable to perform network operations may be perceived as an attack. Another malicious behavior of the nodes is selfishness. Selfish nodes refrain from consuming its resources; such as battery, by not participating innetwork operations. Therefore; failed and selfish nodes also affect the network performance as they do not correctly process network packets, such as in routing mechanism. We should, therefore ensure that everything is correctly working in the network to support overall security and know how an insider is able to attack the wireless ad-hoc network. Wireless ad-hoc networks should be protected with an intrusion detection system that can understand the possible actions of attackers and can produce a solution against these attacks. 2.7.1. Attack Types 2.7.1.1. Passive Eavesdropping An attacker can listen to any wireless network to know what is going on in the network. It first listens to control messages to infer the network topology to understand how nodes are located or are communicating with another. Therefore, it can gather intelligent information about the network before attacking. It may also listen to the information that is transmitted using encryption although it should be confidential belonging to upper layer applications.

Eavesdropping is also a threat to location privacy [6]. An unauthorized node can notice a wireless network that exists within a geographical area, just by detecting radio signals. To combat this, traffic engineering techniques have been developed. Selective Existence (Selfish Nodes) This malicious node which is also known as selfish node and which is not participating in the network operations, use the network for its advantage to enhance performance and save its own resources such as power. To achieve that, selfish node puts forth its existence whenever personal cost is involved. Therefore these selfish node behaviors are known as selective existence attacks. [7]. For instance, selfish nodes do not even send any HELLO messages and drop all packets even if they are sent to itself, as long as it does not start the transmission. When a selfish node wants to start a connection with another node, it performs a route discovery and then sends the necessary packets. When the node no longer needs to use the network, it returns to the silent mode After a while, neighboring nodes invalidate their own route entries to this node and selfish node becomes invisible on the network. Actually, dropping packets may be divided into two categories according to the aims of the attacking node. Attacker may want to drop the packets of only the other nodes that it will attack later. To do that it must look at the packet to see whether it comes from this node. If attacker looks at the content of all packets aggregating from the network, it spends CPU resource and naturally battery life. This is not desirable behavior for selfish nodes because it spends battery life. Therefore attackers are not interested in the content of the packets if its aim is not to consume its own resources. First category of dropping packets cannot be evaluated as a selfish node behavior. Thus selectively dropping messages is not a selfish node behavior mentioned in [8]. Selective existence is kind of a passive attack, nodes just do not participate in the network operations and they do not change the content of packets.

1.1 Black Hole Attack

General attack types are the threats against Physical, MAC, and network layer which are the most important layers that function for the routing mechanism of the ad hoc network. Attacks in the network layer have generally two purposes: not forwarding the packets or adding and changing some parameters of routing messages ;such as sequence number and hop count. A black hole attack is one in which a malicious node advertises itself as having the shortest path to a destination in a network. This can cause Denial of Service (DoS) by dropping the received packets. In black hole attack, the malicious node waits for the neighbors to initiate a RREQ packet. As the node receives the RREQ packet, it will immediately send a false RREP packet with a modified higher sequence number. So, that the source node assumes that node is having the fresh route towards the destination. The source node ignores the RREP packet received from other nodes and begins to send the data packets over malicious node. A malicious node takes all the routes towards itself. It does not allow forwarding any packet anywhere. This attack is called a black hole as it swallows all objects and data packets

Figure 1.2 Black Hole Attack

Impersonation Due to lack of authentication in ad-hoc networks, only MAC or IP addresses

uniquely identify hosts. These addresses are not adequate to authenticate the sender node. Therefore non-repudiation is not provided for ad-hoc network protocols. MAC and IP spoofing are the simplest methods to pretend as another node or hide in the network. Malicious nodes achieve impersonation only by changing the source IP address in the control message. Another reason for impersonation is to persuade nodes to change their routing tables pretending to be a friendly node, such as attacks against routing table. One of the interesting impersonations is Man-in-the-middle attack [7]. Malicious node performs this attack by combining spoofing and dropping attacks. Physically, it must be placed as the only node within the range for destination, in the middle of the route or victim node must be prevented from receiving any other route information to the destination. Malicious node may also change the routing tables of the victim node to redirect its packets, using attacks against the routing table. At this point, malicious node waits for an RREQ message to the destination node from source node. When source node sends an RREQ message, malicious node drops the RREQ and replays a spoofed RREP message to source node as if it is coming from the destination node. At the same time, malicious node sends a RREQ message to the destination node and

2.LITERATURE REVIEW
Many researchers have addressed the black hole attack problem in MANET. Most of the solutions proposed and implemented were based on AODV and DSDV protocol. Latha Tamilselvan, Dr. V Sankaranarayanan[2] proposed a solution with the enhancement of the AODV protocol which avoids multiple black holes in the group. A technique is given to identify multiple black holes cooperating with each other and discover the safe route by avoiding the attacks. It was assumed in the solution that nodes are already authenticated and therefore can participate in the communication. It uses Fidelity table where

every node that is participating is given a fidelity level that will Provide reliability to that node. Any node having 0 value is considered as malicious node and is eliminated. E.A Mary Anita et al [3] proposed a solution implemented on the top of ODMRP protocol. The authors proposed a certificate based authentication mechanism to counter the effect of black hole attack. Nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. Jiwen CAI, Ping YI, Jialin CHEN, Zhiyang WANG, Ning LIU [4] proposed an adaptive approach to detect black and gray hole attacks in ad hoc network based on a cross layer design. In network layer, a path-based method to overhear the next hops action. This scheme does not send out extra control packets and saves the system resources of the detecting node. In MAC layer, a collision rate reporting system is established to estimate dynamic detecting threshold so as to lower the false positive rate under high network overload. They choose DSR protocol to test algorithm and ns-2 as simulation tool.

Wei Gong1,2, Zhiyang You1,2, Danning Chen2, Xibin Zhao2, Ming Gu2, Kwok-Yan Lam2 [5] proposed use of trust vector model based routing protocols. Each node would evaluate its own trust vector parameters about neighbors through monitoring neighbors pattern of traffic in network. At the same time, trust dynamics is included in term of robustness. Then the performance of the proposed mechanism by modifying Dynamic Source Routing (DSR) so that each node has a dynamic changing trust vector for its neighbors behaviors. N. Bhalaji1, Dr. A. Shanmugam2[6] proposed an improvement of the Association based Route selection to be applied to the DSR protocol in order to enhance its routing security.The purpose of applying the association based route selection to the DSR protocol is to fortify the existing implementation by selecting the best and securest route in the network. In contrast to the current route selection in the DSR which involves selection of the shortest route to the destination node, our proposed protocol choose the most reliable and secure route to the destination based on the trust values of all nodes. For each node in the network, a trust value will be stored that represent the value of the trustiness to each of its neighbor nodes

K.Selvavinayaki K.K.Shyam Shankar Dr.E.Karthikeyan [7] proposed solution that the nodes authenticate each other by issuing security certificate in digital form to all the other nodes in the network. The proposed method is to be adapted on DSR protocol and needs to be simulated and analyzed for different performance parameters .This method is capable of detecting and removing black hole nodes in the MANET.

2.1Challenges
As discussed in the previous sections, most of the proposed solutions are built on a number of assumptions which are either hard to realize in a hostile and energy constrained environment like MANETs or not always available due to the network deployment constraints [8]. Due to these reasons, many challenges have to be carefully considered in order to design a robust solution to cope with the packet dropping attack. First, the attackers behaviors are tailored to the specific routing protocol, making it impossible to build a general model for characterizing the attacker. Most of the solutions are firstly given on AODV protocol and then to DSR and DSDV protocol . Many other protocols have to be worked on. Secondly, how to use this model to achieve a high level resistance against these attacks while maintaining network performance. Also as known that the Trust Based Model needs to be implemented on grey hole and cooperative gray hole attacks Recently, most of the proposed solutions are focused on adding new components to the original protocol to assess the deviation of the neighboring nodes and monitor their behaviors. However the use of these additional components might remove an important performance optimization. Certificate based authentication mechanism is used to counter the effect of black hole attack. Nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. It is implemented on On Demand Multicast Routing Protocol (ODMRP). This proposed mechanism can also be applied for securing the network from

other routing attacks by changing the security parameters in accordance with the nature of the attacks. It can also be applied on other routing protocols to provide certificate based authentication to them.

3.EXISTING SYSTEM
The Dynamic Source Routing protocol (DSR) is a simple and efficient routing protocol designed specifically for use in multihop wireless ad hoc networks of mobile nodes. The protocol is composed of the two mechanisms of Route Discovery and Route Maintenance, which work together to allow nodes to discover and maintain source routes to arbitrary destinations in the ad hoc network. All aspects of the protocol operate entirely on-demand, allowing the routing packet overhead of DSR to scale automatically to only that needed to react to changes in the routes currently in use. Route Discovery To perform route discovery, the source node broadcasts a route request packet with a recorded source route listing only itself. Each node that hears the route request forwards the request (if appropriate), adding its own address to the recorded source route in the packet. The route request packet propagates hop-by-hop outward from the source node until either the destination node is found or until another node is found that can supply a route to the target. Nodes forward route requests if they are not the destination node and they are not already listed as a hop in the route. In addition, each node maintains a cache of recently received route requests and does not propagate any copies of a route request packet after the first. Further, when a node receives a route request for which it has a route in its cache, it does not propagate the route request, but instead returns a route reply to the source node. The route

reply contains the full concatenation of the recorded route from the source, and the cached route leading to the destination. Naturally, if a route request packet reaches the destination node, the destination node returns a route reply packet to the source node with the full source to destination path listed.

Figure 3.1 Route Discovery Process Route Maintenance is the mechanism by which node S is able to detect, while using a source route to D, if the network topology has changed such that it can no longer use its route to D. In response to a single Route Discovery (as well as through routing information from other packets overheard), a node may learn and cache multiple routes to any destination. This allows the reaction to routing changes to be much more rapid. For example, in the situation illustrated in Figure , node A has originated a packet for E using a source route through intermediate nodes B, C and D. In this case, node A is responsible for receipt of the packet at B, node B is responsible for receipt at C, node C is responsible for receipt at D, and node D is responsible for receipt finally at the destination E.If the packet is retransmitted by some hop the maximum number of times and no receipt confirmation is received, this node returns a ROUTE ERROR message to the original sender of the packet. For example, in Figure 3, if C is unable to deliver the packet to the next hop D, then C returns a ROUTE ERROR to A, stating that the link from C to D is currently broken. For sending such a retransmission or other packets to this same destination E, If A has in its Route Cache another route to E (for example, from additional ROUTE Replys from its earlier Route Discovery, or from having overheard sufficient routing information from other packets), it can send the packet using the new route immediately.

Figure 3.2 Route Maintenance Process

The existing routing protocols are optimized to perform the routing process without considering the security problem.. Black hole attack is one of the routing attacks in which, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. There is a certificate based authentication mechanism to counter the effect of black hole attack. Nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme is implemented in two phases: certification phase and authentication phase following the route establishment process of On Demand Multicast Routing Protocol (ODMRP) [3] .

4.PROPOSED WORK
Most of the papers have addressed the black hole problem on the protocol such as AODV. The security enhanced DSR scheme, which is implemented on the top of the route discovery process in DSR with reference to [7]. The algorithm will be a modified version of the DSR in that the nodes authenticate each other by issuing security certificates in digital form to all the other nodes in the network to detect and prevent the black hole nodes in the MANET. The two basic concepts that will be used :

Digital Signature Security Scheme

The digital signature is a security Certificate which is a self organized and PKI authenticated by a chain of nodes without the use of a trusted third party. A certificate is a binding between a node, its public key and the security parameters. Every node participating in certificate chaining must be able to authenticate its neighbors, create and issue certificate for neighbors and maintain the set of certificates it has issued. SC-DSR (Security Certified DSR) is an extension of DSR where the route discovery phase is extended and messages are signed to guarantee their authentication.For example if node B is within the radio range of node A, node A issues a certificate to B. SC( A B) = { ID_B,,key B, ET,Sv, } KeyA The certificate contains the identity of node B, the public key of B, the time of issue of the certificate, the time of its expiry and the security level of the node, signed by the public key of A. ID may be the IP Address of the B node.

Figure 4.1 Certificate Chain model

Authentication
To overcome this black hole attack, source node does not initiate the data transfer process immediately after the routes are established. Instead it waits for the authenticated reply from the destination. The destination node sends authenticated messages appended with certificates taken from the corresponding nodes repository. The authenticated RREP packet from the destination would be of the form [Source id, next hop id, final destination id, SCC]

Figure 4.2 Certified Route from Source to Destination The RREP cert packet from C would be [C, A, SCC (B C)] When this packet reaches node B, It checks its routing cache to see if SCC (B->C) is there. It checks where C is a malicious node or not by checking the SCC(security certificate chain) issued list . All intermediate nodes perform the same procedure until the final destination A is reached. When node A receives the packet, it checks the whole certificate chain. If there is no problem with the certificate chain, node A trusts the route and starts sending data packets through this.

Proposed Solution
Public Key Infrastructure (PKI) is one of the most effective tools for providing security for dynamic networks.. The proposed scheme uses the route discovery scheme of DSR to

issue security certificates. Since there is no fixed infrastructure, nodes carry out all required tasks for security solutions including routing and authentication in a self organized manner. The main Advantage of modifying the DSR protocol with this algorithm is to prevent black hole attacks that may show an improved performance. The memory overhead can be reduced, since the certificate can be added to the routing information already available in the Routing cache of the DSR. Since routing cache can be refreshed frequently the possibilities of increased memory overhead may be minimized. Along with working on DSR protocol ,the same scheme can be used with little modifications on other protocols as well such as AODV,AOMDV and an analysis can be done to see best performance . For simulating black hole attack we have chosen NS-2 (Network Simulator-2) for efficiently simulating the attack and to provide clear understand for it. We can draw various topologies, graphs, protocol stacks, nodes and could be able to visualize the packet drop scenario. Network simulator is suitable for measuring any network protocol, performance and vulnerability of any protocol.

NETWORK SIMULATOR (NS) AND OUR CONTRIBUTION In this work, we have tried to evaluate the effects of the Black Hole attacks in the wireless Ad-hoc Networks. To achieve this we have simulated the wireless adhoc network scenarios which includes Black Hole node using NS Network Simulator [14] program. To simulate the Black Hole node in a wireless ad-hoc network we have implemented a new protocol that drops data packets after attracting them to itself. In this chapter we present NS and our contribution to this software. 4.1. NS Network Simulator NS is an event driven network simulator program, developed at the University of California Berkley, which includes many network objects such as protocols, applications and traffic source behavior. The NS is a part of software of the VINT project [15] that is supported by DARPA since 1995. Figure 13 - NS-2 schema

At the simulation layer NS uses OTcl (Object oriented Tool Command Language) programming language to interpret user simulation scripts. OTcl language is in fact an object oriented extension of the Tcl Language. The Tcl language is fully compatible with the C++ programming language. At the top layer, NS is an interpreter of Tcl scripts of the users, they work together with C++ codes. In Chapter 5 the usage of the Tcl Language will be explained in detail. an OTcl script written by a user is interpreted by NS. While OTcl script is being interpreted, NS creates two main analysis reports simultaneously. One of them is NAM (Network Animator) object that shows the visual animation of the simulation. The other is the trace object that consists of the behavior of all objects in the simulation. Both of them are created as a file by NS. Former is .nam file used by NAM software that comes along with NS. Latter is a .tr file that includes all simulation traces in the text format. NS project is normally distributed along with various packages (ns, nam, tcl, otcl etc.) named as all-in-one package, but they can also be found and downloaded separately. In this study we have used version 2.29 of ns all-in-one package and installed the package in the Windows environment using Cygwin. After version 2, NS is commonly using a NS-2 and in our thesis we shell refer to it as NS-2. We have written the .tcl files in text editor and analyzed the results of the .tr file using cat, awk, wc and grep commands of Unix Operating System. The implementation phase of the Black hole behavior to the AODV protocol is written using C++.

BIBLIOGRAPHY
[1] UMANG SINGH , SECURE ROUTING PROTOCOLS IN MOBILE ADHOC NETWORKS-A SURVEY AND TAXANOMY International Journal of Reviews in Computing 30th September 2011. Vol. 7 [2] Tamilselvan, L. Sankaranarayanan, V. Prevention of Blackhole Attack in MANET,JournalOfNetworks ,Vol.3,No.5,May2008 [3] E. A. Mary Anita and V. Vasudevan, Black Hole attack Prevention in multicast routing Protocols For MANETs Using Certificate Chaining, IJCA, Vol.1, No.12, pp. 2229,2010 [4] Jiwen CAI, Ping YI, Jialin CHEN, Zhiyang WANG, Ning LIU , An Adaptive Approach to Detecting Black and Gray Hole Attacks in Ad Hoc Network . 2010 24th IEEE International Conference on Advanced Information Networking and Applications

[5] Wei Gong1,2, Zhiyang You1,2, Danning Chen2, Xibin Zhao2, Ming Gu2, Kwok-Yan Lam2,Trust Based Malicious Nodes Detection in MANET . 978-1-4244-4589-9/09/$25.00 2009 IEEE [6] N. Bhalaji1, Dr. A. Shanmugam2 , Defense Strategy Using Trust Based Model to Mitigate Active Attacks in DSR Based MANET . JOURNAL OF ADVANCES IN INFORMATION TECHNOLOGY, VOL. 2, NO. 2, MAY 2011 [7] K.Selvavinayaki K.K.Shyam Shankar Dr.E.Karthikeyan , Security Enhanced DSR Protocol to Prevent Black Hole Attacks in MANETs . International Journal of Computer Applications (0975 8887) Volume 7 No.11, October 2010 [8] Soufiene Djahel, Farid Nat-abdesselam, and Zonghua Zhang , Mitigating Packet Dropping Problem in Mobile Ad Hoc Networks: Proposals and Challenges . IEEE COMMUNICATIONS SURVEYS & TUTORIALS, ACCEPTED FOR PUBLICATION. [9] Routing Protocols to Enhance Security in MANETS Rakesh Vanaparthi, Pragati.G Global Journal of Computer Science and Technology Volume 11 Issue 13 Version 1.0 August 2011 [10] K.P.Manikandan,Dr.R.Satyaprasad,Dr.K.Rajasekhararao A Survey on Attacks and Defense Metrics of Routing Mechanism in Mobile Ad hoc Networks International Journal of Advanced Computer Science and Applications, Vol. 2, No.3, March 2011 http://ijacsa.thesai.org/ [11] Santhosh Krishna B.V, Mrs.Vallikannu A.L [12] Detecting Malicious Nodes For Secure Routing in MANETS Using Reputation Based Mechanism International Journal of Scientific & Engineering Research, Volume 1, Issue 3, December-2010