Vikash file full_final
-
Upload
rahul-ranjan -
Category
Engineering
-
view
439 -
download
6
Transcript of Vikash file full_final
1.1 INTRODUCTION
~ 1 ~
CHAPTER 1
INTRODUCTION
1.1 INTRODUCTION
A computer network or data network is a telecommunication network that allows
computers to exchange data. In computer networks, networked computing devices
pass data to each other along data connections. The connections (network links)
between nodes are established using either cable media or wireless media. The best-
known computer network is the Internet. Network computer devices that originate,
route and terminate the data are called network nodes. Nodes can include hosts such
as servers and personal computers, as well as networking hardware. Two devices are
said to be networked when a device is able to exchange information with another
device. Computer networks support applications such as World Wide Web, shared use
of application and storage servers, printers, and fax machines, and use of email and
instant messaging applications. Computer networks differ in the physica l media used
to transmit their signals, the communications protocols to organize network traffic,
the network’s size, topology and organizational intent.
Fig. 1.1 Computer Network
1.2 WIRED NETWORK
~ 2 ~
Today, computer networks are the core of modern communication. Computer
networks, and the technologies that make communication between networked
computers possible ,continue to drive computer hardware, software, and peripherals
industries. The expansion of related industries is mirrored by growth in the numbers
and types of people using networks, from the researcher to the home user.The
network can be of different types depending on the topologies used, geographical
scale, and organizational scope. But the networks can be broadly classified into two
categories. They are
1.2 Wired Network
1.3 Wireless Network
1.2 WIRED NETWORK
A wired network connects devices to the network or other network using cables. The
most common wired networks use cables connected to Ethernet ports on the network
on one end and to a computer or other device on the opposite end. Wired networks
provide users with plenty of security and the ability to move lots of data very quickly.
A widely adopted family of communication media used in local area network (LAN)
technology is collectively known as Ethernet. The media and protocol standards that
enable communication between networked devices over Ethernet are defined by IEEE
802.3. Ethernet transmit data over both copper and fiber cables. Wired networks are
typically faster than wireless, and they can be very affordable. However the cost of
Ethernet cable can add up- the more computers on your network and the farther apart
they are, the more expensive your network will be. The most common wired networks
are formed using Ethernet. Ethernet is a physical and data link layer technology for
local area networks (LANs). When first widely deployed in 1980’s, Ethernet
supported a maximum data rate of 10 megabits per second. Later fast Ethernet
standards increased this maximum data rate to 100 Mbps. Gigabit Ethernet further
extended this to a data rate of 1000 Mbps. Ethernet follows a simple set of rules that
govern its basic operation. The basic terms used with Ethernet technology are:
Medium: Ethernet devices attach to a common medium that provides a path
along which the electronic signals will travel. This medium has been coaxial
copper cable, but today it is more a twisted pair or fiber optic cabling.
1.3 WIRELESS NETWORK
~ 3 ~
Segment: This refers to a single shared medium as an Ethernet segment.
Node: Devices that attach to that segment are stations or nodes.
Frame: The nodes communicate in short messages called frames, which are
variably sized chunks of information.
The Ethernet protocol specifies a set of rules for constructing frames. Each frame
must include a destination address and a source address, which identify the recipient
and the sender of the message. The address uniquely identifies the node. No two
Ethernet devices ever have the same address. One interesting thing about Ethernet
addressing is the implementation of a broadcast address. A frame with a destination
address equal to the broadcast address is intended for every node on the network, and
every node will receive and process this type of frame.
The Ethernet standards comprise several wiring and signaling variants of the OSI
physical layer in use with Ethernet. The original 10BASE5 Ethernet used coaxial
cable as a shared medium. The Ethernet standard has grown to encompass new
technologies as computer networking has matured, but the mechanics of operation for
every Ethernet network today originate from Metcalfe’s original design. The original
Ethernet described communication over a single cable shared by all devices on the
network. Once a device is attached to this cable, it had the ability to communicate
with any other device attached. This allows the network to expand to accommodate
new devices without requiring any modification to those already on the network. In
addition to computers, Ethernet is now used to interconnect appliances and
other personal devices. It is used in industrial applications and is quickly replacing
legacy data transmission systems in the world's telecommunications networks.
1.3 WIRELESS NETWORK
Wireless Networking is a technology in which two or more computers communicate
with each other using standard network protocols but without using cables. The
transmission takes place with the help of radio waves at physical level. It is also
known as Wi-Fi or WLAN. In this type of network, devices can easily two using radio
frequency. The IEEE standard for wireless network is 802.11.
A) INFRASTRUCTURE NETWORKS
~ 4 ~
Convenience offered by Wireless Networks
Mobility: This is one of the obvious advantages of the wireless networks.
Mobile users can connect to the existing networks while roaming freely.
Simplicity: We can translate simplicity into rapid development. It is easy to
install a wireless infrastructure, compared to a wired network.
Flexibility: Wireless network coverage area can reach where wire cannot go.
It is very useful for moving vehicles or for the places where running cable is
not possible.
There are two types of Wireless Operating modes:
A) Infrastructure Mode
B) Ad-hoc Mode or Infrastructure less Mode
A) Infrastructure Networks
In infrastructure based network, communication takes place only between the wireless
nodes and the access points. There is no direct communication between the wireless
nodes. The access point is used to control the medium access as well as it acts as a
bridge between wireless and wired networks. In this network, fixed base stations are
used. When the node goes out of the range of base station another base station come
into range. The example of infrastructure based network is cellular networks. It is
centralized system which is controlled by the controller like router. The main problem
in this system is that if the controller fails, whole system will crash.
Fig. 1.2 Infrastructure Network
1.4 MANET
~ 5 ~
B) Infrastructure less Networks
The infrastructure less network does not need any infrastructure to work. In this
network each node can communicate directly with other nodes. No access point is
required for controlling medium access. In this network, all the nodes need to act as
routers and all nodes are capable of movement and can be connected dynamically in
an arbitrary manner [6]
1.4 MANET
MANET stands for Mobile Ad hoc Network. It is a robust infrastructure less wireless
network. It can be formed either by mobile nodes or by both fixed and mobile nodes.
Nodes are randomly connected with each other and forming arbitrary topology. They
can act as both routers and hosts. They have ability to self-configure makes this
technology suitable for provisioning communication to, for example, disaster-hit areas
where there is no communication infrastructure or in emergency search and rescue
operations where a network connection is urgently required. In MANET routing
protocols for both static and dynamic topology are used. An ad hoc network is a
wireless network describe by the nonexistence of a centralized and fixed
infrastructure. The absence of an infrastructure in ad hoc networks poses great
challenges in the functionality of these networks. Therefore, we refer to a wireless ad
hoc network with mobile nodes as a Mobile Ad Hoc Network. In a MANET, mobile
nodes have the capability to accept and route traffic from their intermediate nodes
towards the destination i.e., they can act as both routers and hosts. More frequent
connection tearing and re-associations place an energy constraint on the mobile nodes.
As MANETs are illustrated by limited bandwidth and node mobility, there is a
demand to take into account, the energy efficiency of the nodes, topological changes
and unreliable communication in the design. Moreover more importance has to be
given to the routing protocols used for the communication between the nodes as it is
the one of the important thing which has a huge impact on the performance of the
mobilead-hocnetwork.
1.4.1 TYPES OF MOBILE AD-HOC NETWORK
~ 6 ~
Table 1.1 Characteristics of Mobile Ad-hoc Network
Mobile Ad-hoc Network Characteristics
Autonomous and infrastructure less
Multi-hop routing
Dynamic network topology
Device heterogeneity
Energy constrained operation
Bandwidth constrained variable capacity links
Limited physical security
Network scalability
Self-creation, self-organization and self-administration
1.4.2 Types Of Mobile Ad-Hoc Network
Vehicular ad-hoc networks (VANET) are used for communication among vehicles
and between vehicles and roadside equipment. Intelligent vehicular ad-hoc networks
are a kind of artificial intelligence that helps vehicles to behave in intelligent manners
during vehicle-to-vehicle collisions, accidents etc. internet based Mobile Ad-hoc
Networks (iMANET) are ad-hoc networks that link mobile nodes and fixed internet-
gateway nodes.
Table 1.2 Mobile Ad-hoc Network Types
Technology
Bitrate Frequency Range(meters) Power
consumption
IEEE
802.11b
1,2,5.5 and 11
Mbit/s
2.4 GHz 25-100indoor
100-500
outdoor
30 mW
IEEE
802.11g
Up to 54 Mbit/s 2.4 GHz 25-50 indoor 79 mW
IEEE
802.11a
6,9,12,24,36,49
and 54 Mbit/s
5 GHz 10-40 indoor 40mW,250
mW
IEEE
802.15.1
1 Mbit/s 2.4 GHz 10-100 1mW
1.4.2 APPLICATIONS OF MOBILE AD-HOC NETWORK
~ 7 ~
IEEE
802.15.3
110-480 Mbit/s 3-10 GHz 10 100mW,
250mW
IEEE
802.15.4
20, 40 or 250
Kbit/s
868 MHz,915
MHz or 2.4 GHz
10-100 1 mW
HiperLAN2 Up to 54 Mbit/s 5 GHz 30-150 200mW
or 1W
IrDA Up to 4 Mbit/s Infrared(850nm) 10 Distance
based
Home RF 1 Mbit/s (v 1.0)
10Mbit/s(v 2.0)
2.4 GHz 50 100 mW
IEEE
802.16
IEEE
802.16a
IEEE
802.16e
(Broadband
Wireless)
32-134 Mbit/s
Up to 75 Mbit/s
Up to 15 Mbit/s
10-66 GHz
<11 GHz
<6 GHz
2-5 km
7-10 km
2-5 km
Complex
power control
1.4.4 Applications of Mobile Ad-hoc Network
There is no clear picture of what these networks will be used for. The suggestion
varies from document sharing at conference to infrastructure enhancement and
military applications. In areas where no infrastructure is available, an ad-hoc network
could be used by a group of wireless mobile hosts. Other examples include business
associates wishing to share files or a class of students needs to interact during a
lecture. If each mobile host wishing to communicate is equipped with a wireless local
area network interface, the group of mobile hosts can form an ad-hoc network. Access
to internet and access to the resources in the network such as printer, will probably be
supported.
TABLE 1.4.5 MOBILE AD-HOC NETWORK APPLICATIONS
~ 8 ~
Table 1.3 Mobile Ad-hoc Network Applications
Application Possible Scenarios
Tactical networks Military communication
Automated battlefield
Emergency services Search and rescue operation
Disaster recovery
Policing and fire fighting
Supporting doctors and nurses in
the hospital
Commercial and civilian environment E-commerce
Dynamic database access, mobile
offices
Vehicular services: taxi cab
network, road or accident guidance
Sports stadium, trade fair, shopping
malls
Home and enterprise networking Home/office wireless networking
Conference, meeting rooms
Personal area networks
Network at construction site
Education Universities and campus setting
Virtual class rooms
Ad-hoc communication during
meetings or lectures
Entertainment Multi user games
Wireless P2P networking
Outdoor internet access
Robotic pets
Theme parks
1.5 ROUTING PROTOCOLS FOR MANET
~ 9 ~
Sensor networks Home appliances
Body area network
Data tracking of environment
conditions
Coverage extension Extending cellular network access
Linking up with the internet,
intranet etc.
1.5 ROUTING PROTOCOLS FOR MANET
Routing protocol specifies the rules which govern the communication between
numbers of nodes for exchange of information. It helps to find the shortest route from
source to destination. There are mainly two types of routing protocol. These are as
following:
Table Driven routing protocol (Proactive)
On-demand Routing Protocol (Reactive)
Hybrid Routing Protocol
1.5.1 Table Driven Routing Protocol
Table Driven protocol contains fresh list of the routes from source to destination. In
this type of protocol, one node contains more than one table for each node in the
network. All the nodes are updated regularly. If the topology frequently changes, then
updated information propagates to every node of the network and update table.
Because every node has information about network topology, Table Driven Routing
Protocols present several problems like periodically updating the network topology
increases bandwidth overhead, periodically updating route tables keeps the nodes
awake and quickly exhaust their batteries.
1.5.1.1 Destination Sequenced Distance Vector (DSDV)
Destination Sequenced Distance Vector is a loop free routing protocol in which the
shortest-path calculation is based on the Bellman-Ford algorithm. Data packets are
transmitted between the nodes using routing tables stored at each node. Each routing
1.5.1.1 DESTINATION SEQUENCED DISTANCE VECTOR (DSDV)
~ 10 ~
table contains all the possible destinations from a node to any other node in the
network and also the number of hops to each destination. The protocol has three main
attributes: to avoid loops, to resolve the count to infinity problem, and to reduce high
routing overhead. Each node issues a sequence number that is attached to every new
routing-table update message and uses two different types of routing-table updates to
minimize the number of control messages disseminated in the network. Each node
keeps statistical data concerning the average settling time of a message that the node
receives from any neighbouring node. The data is used to reduce the number of
rebroadcasts of possible routing entries that may arrive at a node from different paths
but with the same sequence number. DSDV takes into account only bidirectional links
between nodes.
DSDV routing-table construction starts with the condition that every node in the
network periodically exchange control messages with its neighbours to set up multi
hop paths to any other node in the network, in accordance with the Bellman-Form
algorithm. Each individual route to every destination is tagged with a destination
sequence number, which is issued by the destination node. Any route to a destination
with a higher destination sequence number replaces the same route with a smaller
destination sequence number in the node’s routing table, regardless of the number of
hops to this destination. Every node immediately advertises any significant change in
its routing table, such as a link failure to its neighbouring node(s), but waits for a
certain amount of time to advertise other changes. This time, has called the “settling
time”, is calculated by maintaining, for every destination, a running, weighted average
of the most recent updates of the routes. By implementing this advertising scheme,
DSDV tries to minimize the number of route updates transmitted by a node. Thus,
when a node receives a route update for a destination from one of its neighbouring
nodes, and a few seconds later, it receives a second update from a different
neighbouring node for the same destination with the same destination sequence
number, but a lower number of hops, the node does not immediately broadcast the
change in its routing table. This is highly possible in a MANET, in which the network
topology changes very dynamically. If this kind of policy were not in place, the node
would have to advertise two route updates within a short period, causing its
neighbouring nodes to broadcast new route updates to its neighbouring nodes. For this
purpose, each node maintains a table with the destination address, the last settling
1.5.1.2 OPTIMIZED LINK STATE ROUTING (OLSR)
~ 11 ~
time and the average settling time of this address. The node uses the information in
this table to check the stability of the route to a destination.
DSDV does not provide security mechanism to address security vulnerabilities
observed in MANETs. DSDV is vulnerable to any malicious node that disseminates
false routing updates due to periodic exchange of routing-update massages. Thus, an
attack to replace the destination sequence number in a route-update packet may have a
severe impact on the performance of the network. DSDV has certain advantages that
cannot be overlooked. First, the simplicity of the protocol is very similar to the classic
Distance Vector, with only small modifications to avoid loops, with the use of
destination sequence numbers. DSDV also presents low latency, as every node always
has a route to any destination in the network. However, DSDV does not scale well in
networks with high mobility, as the broken links create a “storm” of route updates.
This situation may severely degrade network performance, in which the available
bandwidth is limited. Another disadvantage of DSDV is that it does not support a
sleeping mode, as every node in the network must periodically broadcast changes or
full updates of its routing table. Those frequent and periodic route updates in the
network will also result in high-energy consumption. Also DSDV does not support
multicasting routing.
1.5.1.2 Optimized Link State Routing (OLSR)
Optimized Link State Routing is based on the link state algorithm and has been
modified and optimized to efficiently operate MANET routing. The main concept of
the protocol is to adapt the changes of the network without creating control messages
overhead due to the protocol flooding nature. Thus, the designers of OSLR decided to
have only a subset of the nodes, named Multipoint Relays (MPRs), in the network
responsible for broadcasting control messages and generating link state information.
A second optimization is that every MPR may choose to broadcast link state
information only between itself and the nodes that have selected it as an MPR.
Optimized Link State Routing is also designed to combine two separate sets of
functions. The core set of functions consists of all the protocol functions in play whe n
the protocol operates in a pure MANET, running OLSR as the Layer 3 protocol. A
second set of functions provides the additional necessary functions when a node has
more than one network’s devices and participates in more than one routing domain.
1.5.1.2 OPTIMIZED LINK STATE ROUTING (OLSR)
~ 12 ~
In OSLR, only multipoint relays (MPR) are designated for link state updates and
packet forwarding. In a typical flooding-based approach, a node broadcasts a message
either if it is the originator or if it has not received this message before. Thus, the
number of messages transmitted in the network is almost as large as the number of the
nodes in the network. Figure 1.9aa shows a typical flooding scenario. Figure 1.9b
shows the flooding in the entire network when using MPRs.
Fig: 1.3a Pure Flooding & 1.3b MPR Flooding
It is clear that the number of broadcasted messages can be greatly reduced by the
MPRs’ implementation. The set that consists of the nodes that are multipoint Relays is
called MPR set. Each node N in the network selects an MPR set that processes and
forwards every link state packet that node N originates. The neighbouring nodes of N
that are not in the MPR set process this packet, but do not further broadcast it. A node
N also maintains a subset of neighbours, named MPR selectors, which is the set of the
neighbours that have selected N as one of their MPRs. Each node may have one or
more MPRs. A condition for the selection of an MPR node is the assurance of
bidirectional links between it and its selectors. Each node in a network maintains a
routing table that enables a source node to send data packets to a destination node.
Four different types of information are used for the construction, calculation and
maintenance of routing information. Every node in the network obtains all the
information necessary for the construction of its routing table with a periodic
transmission of messages. The node, upon receiving this information, updates and
recalculates its routing table. When a link breaks or if the network topology changes
1.5.1.3 COMPARISON OF PROACTIVE ROUTING PROTOCOLS BASED ON
QUALITATIVE METRICS
~ 13 ~
due to a change in a node position in the network, no messages other than those
defined above are required for the update of the routing table.
OLSR does not provide security mechanism to ensure that nodes do not intentionally
provide false routing information. OLSR designers assume that there are already
additional security mechanisms in place at the lower layers of the network. However,
any persistent attack to any of the MPRs will result in flooding false link state
information to other nodes. The main advantages of OLSR are low latency and high
data delivery ratio because each node in the network maintains an up-to-date routing
table with all the destinations in the network. Thus, no additional connection se t-up
time is required for a node to send data packets to another node in the network. This
proactive nature of OLSR makes it a very attractive solution in networks where low
latency and high data delivery ratio are the main concerns. However, the main
disadvantage of this protocol comes from its proactive nature and the flooding
mechanism, despite the use of the MPRs. OLSR may introduce high routing
overhead, consuming a large portion of the available bandwidth. OLSR does not
support multicasting routing.
1.5.1.3 Comparison of Proactive Routing Protocols Based on Qualitative Metrics
All the above proactive protocols are loop-free. OSLR, as a modification of the link
state algorithm, does not introduce any loops into the routing process, except for
oscillations when the link costs depend on the amount of traffic carried by the link. In
the MANET scheme, however, link cost depends on the number of hops from a
source to a destination, thus avoiding oscillations. DSDV solves the pathologies that
the Distance Vector algorithm introduces, by the use of destination sequence
numbers. DSDV does not suffer from any kind of loops in the network. The proactive
behaviour of these protocols is guaranteed by the periodic exchange of control
messages. At any given time, every node has at least one route to any possible
destination in the network. We say “possible destination” because the physical
existence of a node in the network does not necessarily mean that the node is active or
that a route to the node exists, because the node may be out of the transmitting range
of all other nodes in the network.
1.5.1.3 COMPARISON OF PROACTIVE ROUTING PROTOCOLS BASED ON
QUALITATIVE METRICS
~ 14 ~
None of the above protocols addresses the security vulnerabilities that are obvious in
wireless networks. The proper function of these protocols is based on an assumption
that all the nodes exist and operate in a secure environment where link-and physical-
Layer security mechanisms are in place. DSDV is more secure than OLSR, as OLSR
functionality is based on the proper behaviour of the MPRs. DSDV do not support
unidirectional links. However, in wireless communication, unidirectional links will
exist and should be supported to take advantage of any possible paths from a source
node to a destination node. In MANETs, especially, there is no such “luxury” as
ignoring any possible paths, as routing protocols should take advantage of any link to
calculate routes in the network. OLSR designers take into account these limitations of
the wireless network and support both bidirectional and unidirectional links. As for
the “sleep mode” operation, only OLSR considers some extensions in its current
existing design to support such an operation. In a wireless ad-hoc network, in which
nodes depend mainly on batteries for their energy source, the sleep mode is a serious
attribute that should be supported by any routing protocol. Multicasting is not
considered by any of the above protocols. In real situations in tactical
communications, data will be destined to a group of nodes, rather than to an
individual node. Unicasting will decrease the bandwidth available for user data when
the same message has to be delivered to multiple nodes. We have also added three
additional metrics, to point out the differences in the design and implementation of the
three protocols. The way that all the above protocols calculate their routes from a
source node to a destination node follows the shortest distance approach, which
computes the smallest number of hops between the source and the destination.
Table 1.4 Comparison of Proactive Protocols
Qualitative Metrics DSDV OLSR
Loop Free Yes Yes
Proactive Behaviour Yes Yes
Security No No
Support for
Unidirectional
No Yes
1.5.2 ON-DEMAND ROUTING PROTOCOL
~ 15 ~
Links
Sleep mode No Yes
Multicasting No No
Routing Flat Flat
Nodes with special tasks No Yes
Routing Metric Shortest Distance Shortest Distance
1.5.2 On-demand Routing Protocol
It is a lazy approach in which a node does not contain the information of the all the
nodes and maintains table only on demand. To find the path, route discovery process
is follow. Reactive routing protocols are bandwidth efficient. In this, routes are built
as and when they are required. This is achieved by sending route requests across the
network. But it offers high latency when finding routes and also there is a possibility
of network clog when flooding is excessive.
There are many types of protocol are available in MANET. The efficiency of a routing
protocol is determined by its battery power consumption of a participating node and
routing of traffic into the network. Ad hoc routing protocols includes:
1.5.2.1 Ad-hoc On-demand Distance Vector Protocol
AODV is an on-demand routing protocol used in ad hoc networks. This protocol is
like any other on-demand routing protocol which facilitates a smooth adaptation to
changes in the link conditions. In case when a link fails, messages are sent only to the
affected nodes. With this information, it enables the affected nodes invalidate all the
routes through the failed link. AODV has low memory overhead, builds unicast routes
from source to the destination and network utilization is less. There is least routing
traffic in the network since routes are built on demand. When two nodes are in an ad
hoc network wish to establish a connection between each other, it will enable them
build multi hop routes between the mobile nodes involved. AODV needs to keep track
of the following information for each route table entry:
Destination IP Address: IP address for the destination node.
Destination Sequence Number: Sequence number for this destination.
1.5.2.1 AD-HOC ON-DEMAND DISTANCE VECTOR PROTOCOL
~ 16 ~
Hop Count: Number of hops to the destination.
Next Hop: The neighbor, which has been designated to forward packets to the
destination for this route entry.
Lifetime: The time for which the route is considered valid.
Active neighbor list: Neighbor nodes that are actively using this route entry.
Request buffer: Makes sure that a request is only processed once.
It is loop free protocol which uses Destination Sequence Numbers (DSN) to avoid
counting to infinity. This one is the distinguishing feature of this protocol. Requesting
nodes in a network send Destination Sequence Numbers (DSNs) together with all
routing information to the destination. It selects the optimal route based on the
sequence number.
AODV defines three messages: Route Requests (RREQs), Route Errors (RERRs) and
Route Replies (RREPs). These messages are used to discover and maintain routes
across the network from source to destination by use of UDP packets. Whenever there
is need to create a new route to the destination, the node which is requesting
broadcasts Route Requests. A Route is determined when this message reaches the
next hop node (intermediate node with routing information to the destina tion) or the
destination itself and the RREP has reached the originator of the request. Routes from
the originator of the RREQ to all the nodes that receive this message are cached in
these nodes. When a link failure occurs, Route Errors (RERRs) message is generated
[21].
Fig 1.4 AODV Route Discovery Process
1.5.2.1 AD-HOC ON-DEMAND DISTANCE VECTOR PROTOCOL
~ 17 ~
Fig. 1.5 Best path with minimum Hop Count
Nodes N1 broadcasts RREQ packets to its neighbor nodes and update its table. Then
these nodes further forwards packets to its neighbor until the destination find outs and
fresh route find out. Each node maintains its sequence number and broadcast ID. For
every RREQ the node initiates broadcast ID which is incremented and together with
the node's IP address uniquely identifies an RREQ. At last that route will be the final
route that has the minimum hop count from source to destination. AODV uses mainly
two mechanisms to avoid high routing overhead caused by its flooding nature. The
first mechanism involves a binary exponential back off to minimize congestion in the
network. The second one involves an expanding ring search technique in which the
originator node starts broadcasting a RREQ message and the TTL value is set to a
minimum default value. If the originator node does not receive a RREP message
within a certain time interval, it exponentially increments the time interval and
increases the diameter of the searching ring. The maximum value for the ring
diameter is set by default to 35, which is, for AODV, the maximum value of the
network diameter. The two main advantages of AODV are its reactive nature, which
reduces the routing overhead in the network and the use of destination sequence
numbers that address routing loops and the “count to infinity” problem. However,
control message overhead can be introduced when every intermediate node originates
1.5.2.1 AD-HOC ON-DEMAND DISTANCE VECTOR PROTOCOL
~ 18 ~
a RREP message, to satisfy a route discovery request if it has a valid route to the
destination, causing a RREP messages “storm”. Another disadvantage of AODV is
that the propagation of periodic HELLO messages from a node, to maintain
connectivity with its neighbouring nodes, will lead to bandwidth consumption. In
conclusion, the simple design, the low routing overhead and the ring searching
technique make AODV an attractive solution for networks in which the available
bandwidth is limited and nodes can form organized groups. Security weaknesses can
be addressed by either modifying the protocol with the proposed security extensions,
or by applying security mechanisms at the lower layers.
The advantage with AODV compared to classical routing protocols like distance
vector and link-state is that AODV has greatly reduced the number of routing
messages in the network. AODV achieves this by using a reactive approach. This is
probably necessary in an ad-hoc network to get reasonably performance when the
topology is changing often. AODV is also routing in the more traditional sense
compared to for instance source routing based proposals like DSR. The advantage
with a more traditional routing protocol in an ad-hoc network is that connections from
the ad-hoc network to a wired network like the Internet is most likely easier. The
sequence numbers that AODV uses represents the freshness of a route and is
increased when something happens in the surrounding area. The sequence prevents
loops from being formed, but can however also be the cause for new problems. What
happens for instance when the sequence numbers no longer are synchronized in the
network. This can happen when the network becomes partitioned, or the sequence
numbers wrap around. AODV only support one route for each destination. It should
however be fairly easy to modify AODV, so that it supports several routes per
destination. Instead of requesting a new route when an old route becomes invalid, the
next stored route to that destination could be tried. The probability for that route to
still be valid should be rather high. Although the Triggered Route Replies are
reduced in number by only sending the Triggered Route Replies to affected senders,
they need to traverse the whole way from the failure to the senders. This distance can
be quite high in numbers of hops. AODV sends one Triggered RREP for every active
neighbor in the active neighbor list for all entries that have been affected of a link
failure. This can mean that each active neighbor can receive several triggered RREPs
informing about the same link failure, but for different destinations, if a large fraction
of the network traffic is routed through the same node and this node goes down. An
1.5.2.2 DYNAMIC SOURCE ROUTING - DSR
~ 19 ~
aggregated solution would be more appropriate here. AODV uses hello messages at
the IP- level. This means that AODV does not need support from the link layer to
work properly. It is however questionable if this kind of protocol can operate with
good performance without support from the link layer. The hello messages add a
significant overhead to the protocol. AODV does not support unidirectional links.
When a node receives a RREQ, it will setup a reverse route to the source by using the
node that forwarded the RREQ as next hop. This means that the route reply, in most
cases is unicasted back the same way as the route request used. Unidirectional link
support would make it possible to utilize all links and not only the bi-directional
links. It is however questionable if unidirectional links are desirable in a real
environment. The acknowledgements in the MAC protocol IEEE 802.11 would for
instance not work with unidirectional links.
1.5.2.2 Dynamic Source Routing - DSR
Dynamic Source Routing belongs to the class of reactive protocols and allows nodes
to dynamically discover a route across multiple network hops to any destination.
Source routing means that each packet in its header carries the complete ordered list
of nodes through which the packet must pass. DSR uses no periodic routing messages
(e.g. no router advertisements), thereby reducing network bandwidth overhead,
conserving battery power and avoiding large routing updates throughout the ad-hoc
network. Instead DSR relies on support from the MAC layer (the MAC layer should
inform the routing protocol about link failures). The two basic modes of operation in
DSR are route discovery and route maintenance. Route discovery is the mechanism
whereby a node X wishing to send a packet to Y, obtains the source route to Y. Node
X requests a route by broadcasting a Route Request (RREQ) packet. Every node
receiving this RREQ searches through its route cache for a route to the requested
destination. DSR stores all known routes in its route cache. If no route is found, it
forwards the RREQ further and adds its own address to the recorded hop sequence.
This request propagates through the network until either the destination or a node with
a route to the destination is reached. When this happen a Route Reply (RREP) is
unicasted back to the originator. This RREP packet contains the sequence of network
hops through which it may reach the target. In Route Discovery, a node first sends a
RREQ with the maximum propagation limit (hop limit) set to zero, prohibiting its
neighbors from rebroadcasting it. At the cost of a single broadcast packet, this
1.5.2.2 DYNAMIC SOURCE ROUTING - DSR
~ 20 ~
mechanism allows a node to query the route caches of all its neighbors. Nodes can
also operate their network interface in promiscuous mode, disabling the interface
address filtering and causing the network protocol to receive all packets that the
interface overhears. These packets are scanned for useful source routes or route error
messages and then discarded. The route back to the originator can be retrieved in
several ways. The simplest way is to reverse the hop record in the packet. However
this assumes symmetrical links. To deal with this, DSR checks the route cache of the
replying node. If a route is found, it is used instead. Another way is to piggyback the
reply on a RREQ targeted at the originator. This means that DSR can compute correct
routes in the presence of asymmetric (unidirectional) links. Once a route is found, it is
stored in the cache with a time stamp and the route maintenance phase begins. Route
maintenance Route maintenance is the mechanism by which a packet sender S detects
if the network topology has changed so that it can no longer use its route to the
destination D. This might happen because a host listed in a source route, move out of
wireless transmission range or is turned off making the route unusable. A failed link is
detected by either actively monitoring acknowledgements or passively by running in
promiscuous mode, overhearing that a packet is forwarded by a neighboring node.
When route maintenance detects a problem with a route in use, a route error packet is
sent back to the source node. When this error packet is received, the hop in error is
removed from this hosts route cache, and all routes that contain this hop are truncated
at this point. DSR uses the key advantage of source routing. Intermediate nodes do not
need to maintain up-to-date routing information in order to route the packets they
forward. There is also no need for periodic routing advertisement messages, which
will lead to reduce network bandwidth overhead, particularly during periods when
little or no significant host movement is taking place. Battery power is also conserved
on the mobile hosts, both by not sending the advertisements and by not needing to
receive them; a host could go down to sleep instead. This protocol has the advantage
of learning routes by scanning for information in packets that are received. However,
each packet carries a slight overhead containing the source route of the packet. This
overhead grows when the packet has to go through more hops to reach the destination.
So the packets sent will be slightly bigger, because of the overhead. Running the
interfaces in promiscuous mode is a serious security issue. Since the address filtering
of the interface is turned off and all packets are scanned for information. A potential
intruder could listen to all packets and scan them for useful information such as
1.5.2.3 Comparison of Reactive Routing Protocols Based on Qualitative Metrics
~ 21 ~
passwords and credit card numbers. Applications have to provide the security by
encrypting their data packets before transmission. The routing protocols are prime
targets for impersonation attacks and must therefore also be encrypted. One way to
achieve this is to use IP-sec. DSR also has support for unidirectional links by the use
of piggybacking the source route a new request. This can increase the performance in
scenarios where we have a lot of unidirectional links. We must however have a MAC
protocol that also supports this.
1.5.2.3 Comparison of Reactive Routing Protocols Based on
Qualitative Metrics
All the above reactive protocols are loop-free. None addresses security vulnerabilities
that exist in a wireless ad-hoc network. However, there are certain proposals for
providing secure routing at Layer 3 for all the above protocols. Although security is a
major concern in communications, we find that the proposed security mechanisms
will increase processing time, power consumption, and latency. Note that reactive
routing protocols already suffer from high latency in the network. Only DSR in its
current state, without any modification, can support both bidirectional and
unidirectional links. However, DSR will introduce high routing overhead as routing
information is stored at the data packets’ header. Thus, DSR will not scale well in
large networks if communicating nodes are located at opposite edges of the network.
None of the three protocols supports the “sleep mode,” another important factor for
power preservation, especially in battery-powered mobile nodes. AODV will
consume more power than DSR due to the exchange of periodic HELO messages.
Only AODV supports multicasting, another important attribute of a routing protocol.
None of these protocols depends on any kind of node with special or crucial tasks. All
nodes in the network have the same tasks and play the same role in the routing
process. This is important, because the lack of “critical” nodes guarantees the
inexistence of any single point of failure in the network.
Finally, given qualitative metrics and the attributes of the three protocols, we suggest
that AODV and DSR would be good candidates for the routing protocol in tactical
mobile ad-hoc wireless networks. Therefore, we choose both AODV and DSR for
further evaluation in our simulation.
1.5.3 HYBRID ROUTING PROTOCOLS
~ 22 ~
Table 1.5 Comparison of Reactive protocols.
Qualitative Metrics AODV DSR
Loop Free Yes Yes
Reactive Behaviour Yes Yes
Security No No
Support for
Unidirectional Links
No No
Sleep Mode No No
Multicasting Yes No
Routing scheme Flat Flat
Nodes with special tasks No No
Routing Metric Shortest Path Shortest Path
1.5.3 Hybrid Routing Protocols
Hybrid routing protocols are designed to combine the benefits of both proactive as
well as reactive routing protocols and aims at achieving best performance with least
degradation in the network. The hybrid routing protocols used for mobile ad-hoc
network are:
1.5.3.1 Zone Routing Protocol (ZRP)
Zone Routing Protocol is a distributed routing protocol that combines both a proactive
and a reactive scheme for route discovery and maintenance. The basic idea of the protocol is the creation of areas, or zones, where every node proactively maintains
one route or multiple routes to any destination inside the zone and reactively obtains routing information for any node outside of the zone. The zone diameter may be defined in advance, before nodes form the network, or it may be optimized by every
node, based on ZRP traffic measurements. The radius of a node’s zone plays a significant role in the proper behaviour of the protocol. If the network consists of a
large number of nodes with medium to low mobility or the demand for routes is high, a large value for the radius is preferable to avoid the frequent dissemination of routing requests and reply messages. On the other hand, if the network consists of a small
number of nodes with high mobility or the demand for routes is small, the radius value should also be small to avoid overhead of periodic routing update messages.
ZRP consists of two main protocols. The Intrazone Routing Protocol (IARP) is responsible for finding and maintaining valid routes in the internal zones between any source/destination pair at all times. Any proactive routing protocol that we studied in
the previous sections, such as DSDV, can be used as the ZRP IARP. The Interzone Routing Protocol (IERP) is responsible for finding any available route outside of the
1.5.3.1 ZONE ROUTING PROTOCOL (ZRP)
~ 23 ~
node’s internal zone. The scope behind this implementation is to reduce routing
overhead and delay and to respond better in the topological changes of the network.
ZRP is a loop-free protocol and provides support for unidirectional links, hierarchical
routing, and interconnection with other non-ZRP routing domains when every node’s
network interface is assigned a unique IP address. The route discovery process in ZRP
depends on the location of the destination node. If the destination node is located
inside the source node’s intra zone, the protocol acts like any other proactive protocol,
thus ensuring that there is always a route to any destination in the intra zone. When
the destination node is located outside of the source’s intra zone, the source node
initiates a route discovery process and the IERP is assigned to accomplish this task.
To avoid large-scaled dissemination of routing request messages ZRP employs a third
protocol, the Border cast Resolution Protocol (BRP) which is a sub- layer of the IERP
protocol. The BRP identifies the nodes that are located in the source node’s zone
perimeter and forwards the route request messages only to those peripheral nodes.
There is a possibility of collisions when multiple nodes transmit the RREP messages
back to the source. However, the border-casting scheme minimizes the propagation of
RREQ messages within a small region, except when the source/destination pair is
located at opposite edges of the network. When a peripheral node does not have a
route to the destination node, it originates a RREQ message and border-casts the
message to its peripheral nodes. That procedure continues until a route to the
destination is found. Route maintenance takes place when a node in an active route
detects a link failure in the route: the node employs a local reconfiguration of the path
by searching for an alternate route to the destination. If such a route exists, the node
originates an update message to inform all other nodes in the path and the source node
of a change in the path. The source node may continue sending data packets in the
new non-optimized route. If the source node wants to obtain a new optimal route, it
regenerates a RREQ message, as previously discussed. ZRP does not employ any
security mechanisms to ensure secure routing.
However, any security mechanisms that have been proposed for other routing
protocols can be applied to ZRP as well. Every node in the network can be in a
promiscuous mode, overhearing transmissions from its neighbours and gathering
statistical data on its neighbour’s behaviour. Again, in this case, there is a trade-off
between processing time, latency, and security. ZRP seems to employ the best
characteristics of both reactive and proactive protocols. It avoids flooding the network
1.5.3.2 GREEDY PERIMETER STATELESS ROUTING (GPSR)
~ 24 ~
with large-scaled Route Request messages, as reactive protocols do, and the periodic
exchange of HELLO messages in the proactive scheme. Thus, ZRP reduces routing
overhead in an inexpensive way. The only visible drawback of the protocol is,
perhaps, that its performance depends heavily on the zone radius. For tactical
communications, however, the zone radius can be set up in advance, before the
establishment of the network, as the data traffic, the estimated velocity of the nodes,
and the number of the nodes in the network is known prior.
1.5.3.2 Greedy Perimeter Stateless Routing (GPSR)
Greedy Perimeter Stateless Routing is a hybrid protocol whose functionality depends
on knowledge of the geographic location of the nodes in network. That knowledge
can be obtained by integrating a GPS device into the communication device or by
other available means. Every node in the network must know its own location and the
location of its neighbouring nodes. Thus, every node periodically broadcasts its
address and its location in x and y coordinates to all of its neighbouring nodes. Data-
packet forwarding decisions are based on the locations of both the source and the
destination node. An address-to-location look-up algorithm is implemented to map a
node address to its location. A periodic exchange of beacons, which encapsulate the
node address and location, is similar to the behaviour of proactive protocols. The
absence of any periodic route table information is closer to the philosophy of reactive
protocols. GPSR employs two algorithms to forward data packets from a source to a
destination node: the greedy forwarding algorithm and the perimeter forwarding,
algorithm. The objective of the protocol’s design is to minimize routing overhead and
increase the packet delivery ratio in a network, by effectively responding to network
topology changes without the dissemination of large scaled control messages. GPSR
makes use only of bidirectional links between a node and its neighbours and does not
support hierarchical routing. In most cases, GPSR uses greedy forwarding for data
packet delivery from a source or any intermediate node to the next node. The greedy
forwarding algorithm needs to know the locations of a node’s neighbours and the
location of the destination node. According to this algorithm, the next-hop decision is
based on the distance between the next node and the destination node.
1.5.3.2 GREEDY PERIMETER STATELESS ROUTING (GPSR)
~ 25 ~
Figure 1.6 Greedy Forwarding in GPSR
Each node forwards data packets to the next node that has the shortest distance to the
destination node amongst other nodes in the node’s “neighbourhood”. We define a
node’s “neighbourhood” as the nodes within transmission range of a node. Figure
1.12 shows greedy forwarding in GPSR. The curved dotted lines denote a node’s
transmission range.
However, greedy forwarding does not cover a case in which the distance between an
intermediate node and the destination is the lowest as compared to distances from the
intermediate node’s neighbours and the destination node. The shorter-distance
neighbour then uses greedy forwarding to forward the data packet to the destination.
However, there is always a possibility in mobile wireless networks that a destination
node will be unreachable by any other node in the network. In that case, the data
packet travels around the perimeter trying to find a path to the destination. If a path
does not exist, the perimeter-forwarding algorithm never allows the packet to travel
twice across the same link in the same direction. If a node “sees” that the only
possible way to forward a data packet is to use a previous link toward the same
direction, it drops the packet. This function ensures the loop-free behaviour of the
protocol. GPSR does not address any security vulnerabilities that exist in a mobile
wireless network. Any attack on the location-finding algorithm will have severe
consequences for the protocol’s performance because the proper behaviour of the
protocol is built on its knowledge of the location of destination nodes. GPSR presents
1.5.3.3 COMPARISON OF HYBRID PROTOCOLS BASED ON QUALITATIVE
METRICS
~ 26 ~
certain advantages over other protocols we have studied. First, it does not use any
type of control messages, such as route requests and error messages. Second, it does
not flood the network with any other type of control messages, except those between a
node and its neighbours, for location-finding purposes. Perhaps the only visible
drawback of GPSR is its dependence on “external” devices, such as GPS, that
increase the implementation cost. For tactical implementation, this cost may be
affordable. Any malfunction of the GPS device will degrade the protocol’s
performance and may lead to network crash.
1.5.3.3 Comparison of Hybrid Protocols Based on Qualitative Metrics
Both ZRP and GPSR are loop-free protocols. ZRP ensures loop- free “behaviour” by
employing loop-free protocols inside inter and intra-zones. On the other hand,
GPSR’s perimeter- forwarding algorithm never allows a packet to travel twice across
the same link toward the same direction. ZRP’s proactive behaviour is more obvious
than that of GPSR, in which nodes broadcast periodic beacons to their neighbours for
location-update purposes. ZRP seems to present higher routing overhead depending
on the zone radius. ZRP behaves like any other proactive protocol for the large value
of this radius. However, one can optimize the value of the zone radius to meet the
needs of the wireless network. If low latency is the main concern, reflecting lower
data rates, the zone radius value should be high at least a zone_radius >1. None of the
above protocols addresses the security vulnerabilities of wireless networks. A possible
solution is again monitoring the behaviour of the nodes in the network, or employing
security mechanisms at the link or physical Layers. GPSR seems to be more
vulnerable than ZRP, as GPRS functionality is built on accurate location
advertisements by the nodes in the network. Any malfunction of the GPS devices will
degrade the protocol’s performance. Only ZRP provides support for unidirectional
links, hierarchical routing, and interconnection with other non-ZRP routing domains.
These are important attributes for a routing protocol for MANETs as they provide the
means for extending an existing network with MANET technology, or
interconnecting a MANET with other mobile and fixed networks. As for the “sleep
mode” operation, none of these protocols directly supports such an operation. The
ZRP ‘‘sleep mode” depends on the routing protocols that operate in the intra and inter
zones. If OLSR is the routing protocol for the intra-zones, then ZRP can at least
partially support this mode. GPSR does not support multicasting. Routing decisions
1.6 SECURITY OF MOBILE ADHOC NETWORK
~ 27 ~
are solely based on the location of the destination node. On the other hand, ZRP
depends on the “underlying” routing protocols within the inter and intra-zones.
Table 1.6 Comparison of Hybrid Routing Protocols
Qualitative Metrics ZRP GPSR
Loop Free Yes Yes
Security No No
Support for Unidirectional
Links Yes Yes
Sleep Mode Partly No
Multicasting Partly No
Routing scheme Flat and hierarchical Flat
Nodes with special tasks No No
Routing Metric Shortest path Shortest path
1.6 SECURITY OF MOBILE ADHOC NETWORK
In a MANET, a collection of mobile hosts with wireless network interfaces form a
temporary network without the aid of any fixed infrastructure or centralized
administration. Without some form of network- level or link-layer security, a
MANET routing protocol is vulnerable to many forms of attack. It may be relatively
simple to snoop network traffic, replay transmissions, manipulate packet headers, and
redirect routing messages, within a wireless network without appropriate security
provisions. While these concerns exist within wired infrastructures and routing
protocols as well, maintaining the "physical" security of the transmission media is
harder in practice with MANETs. Sufficient security protection to prohibit disruption
of modification of protocol operation is desired. The success MANET strongly
depends on whether its security can be trusted. However, the characteristics of
MANET pose the challenges and opportunities in achieving the security goals. We
have a variety of attacks that target the weakness of MANET. For example, the
1.6.1 ATTACKS ON MOBILE AD-HOC NETWORK
~ 28 ~
routing messages are an essential component of mobile network communications.
There is possibility that the intermediate node (malicious node) attacks can target the
routing discovery or maintenance phase by not following the specifications of the
routing protocols. There are also some attacks that target some particular routing
protocols, such as DSR, or AODV. The attacks such as Black Hole attack, Gray hole
attack, Wormhole attack have been identified in various published papers. Currently
routing security is one of the hottest research areas in MANET.
A significant amount of research has been devoted to study security issues as well as
countermeasures to various attacks in MANET. However, I believe that there is still
much research work needed to be done in the area. The aim of the study is to detect
the multiple Black Hole nodes using AODV protocol in MANET. The black hole
node is responsible for dropping a number from packets after advertising itself as the
valid path to source node. The detection of the cooperative black hole nodes will
provide more security to MANET. The Route discovery and route maintenance
phases in the AODV protocol will be secured more.
1.6.1 Attacks on Mobile Ad-hoc Network
The attacks in mobile ad-hoc network are done in order to interrupt the
communication or to steal the information. The attacks in mobile ad hoc networks can
be broadly classified into two distinct categories viz. Active attacks and Passive
attacks. An active attack is that attack which any data or information is inserted into
the network so that information and operation may harm. It involves modification,
fabrication and disruption and affects the operation of the network. Example of active
attacks is impersonation, spoofing. A passive attack obtains data exchanged in the
network without disturbing the communications operation. The passive attacks are
difficult to detection. In its, operations are not affected. The operations supposed to
be accomplished by a malicious node ignored and attempting to recover valuable data
during listens to the channel. Some of the most common attacks on mobile ad-hoc
networks include:
1.6.1.1 Denial of Service Attack
A denial-of-service attack is characterized by an explicit attempt by attackers to
prevent legitimate users of a service from using that service. Examples include
1.6.1.1 DENIAL OF SERVICE ATTACK
~ 29 ~
Attempts to "flood" a network, thereby preventing legitimate network traffic.
Attempts to disrupt connections between two machines, thereby preventing access
to a service.
Attempts to prevent a particular individual from accessing a service.
Attempts to disrupt service to a specific system or person.
Denial-of-service attacks can essentially disable your computer or your
network. Denial-of-service attacks come in a variety of forms and aim at a variety of
services. There are three basic types of attack:
consumption of scarce, limited, or non-renewable resources
destruction or alteration of configuration information
physical destruction or alteration of network components
Denial-of-service attacks are most frequently executed against network connectivity.
The goal is to prevent hosts or networks from communicating on the network. An
intruder may also be able to consume all the available bandwidth on your network by
generating a large number of packets directed to your network. Typically, these
packets are ICMP ECHO packets, but in principle they may be anything. Further, the
intruder need not be operating from a single machine; he may be able to coordinate or
co-opt several machines on different networks to achieve the same effect. In addition
to network bandwidth, intruders may be able to consume other resources that your
systems need in order to operate. For example, in many systems, a limited number of
data structures are available to hold process information (process identifiers, process
table entries, process slots, etc.). An intruder may be able to consume these data
structures by writing a simple program or script that does nothing but repeatedly
create copies of itself. For example, consider the following Fig. 3. Assume a shortest
path exists from S to X and C and X cannot hear each other, that nodes B and C
cannot hear each other, and that M is a malicious node attempting a denial of service
attack. Suppose S wishes to communicate with X and that S has an unexpired route to
X in its route cache. S transmits a data packet toward X with the source route S --> A
--> B --> M --> C --> D --> X contained in the packet’s header. When M receives the
packet, it can alter the source route in the packet’s header, such as deleting D from the
source route. Consequently, when C receives the altered packet, it attempts to forward
the packet to X. Since X cannot hear C, the transmission is unsuccessful.
1.6.1.2 WORMHOLE ATTACK
~ 30 ~
Fig: 1.7 Denial of service attack
1.6.1.2 Wormhole Attack
It is a network layer attack. In wormhole attack, a malicious node receives packets at
one location in the network and tunnels them to another location in the network,.
Fig: 1.8 Wormhole attack
1.6.1.2 WORMHOLE ATTACK
~ 31 ~
where these packets are resent into the network. This tunnel between two colluding
attackers is referred to as a wormhole. It could be established through wired link
between two colluding attackers or through a single long-range wireless link. In this
form of attack the attacker may create a wormhole even for packets not addressed to
itself because of broadcast nature of the radio channel. For example in Fig. 1, X and Y
are two malicious nodes that encapsulate data packets and falsified the route lengths
Suppose node S wishes to form a route to D and initiates route discovery. When X
receives a route request from S, X encapsulates the route request and tunnels it to Y
through an existing data route, in this case {X --> A --> B --> C --> Y}. When Y
receives the encapsulated route request for D then it will show that it had only
travelled {S --> X --> Y --> D}. Neither X nor Y update the packet header. After
route discovery, the destination finds two routes from S of unequal length: one is of 4
and another is of 3. If Y tunnels the route reply back to X, S would falsely consider
the path to D via X is better than the path to D via A. Thus, tunnelling can prevent
honest intermediate nodes from correctly incrementing the metric used to measure
path lengths. Though no harm is done if the wormhole is used properly for efficient
relaying of packets, it puts the attacker in a powerful position compared to other
nodes in the network, which the attacker could use in a manner that could
compromise the security of the network. The wormhole attack is particularly
dangerous for many ad hoc network routing protocols in which the nodes that hear a
packet transmission directly from some node consider themselves to be in range of
(and thus a neighbour of) that node.
1.6.1.3 Byzantine Attack
In this attack, a compromised intermediate node or a set of compromised intermediate
nodes works in collusion and carries out attacks such as creating routing loops,
forwarding packets on non-optimal paths and selectively dropping packets which
results in disruption or degradation of the routing services. It is hard to detect
byzantine failures. The network would seem to be operating normally in the
viewpoint of the nodes, though it may actually be showing Byzantine behaviour.
1.6.1.4 BLACK HOLE ATTACK
~ 32 ~
1.6.1.4 Black hole Attack
.
Fig: 1.9 Black hole attack
In this attack, an attacker uses the routing protocol to advertise itself as having the
shortest path to the node whose packets it wants to intercept. An attacker listen the
requests for routes in a flooding based protocol. When the attacker receives a request
for a route to the destination node, it creates a reply consisting of an extremely short
route. If the malicious reply reaches the initiating node before the reply from the
actual node, a fake route gets created. Once the malicious device has been able to
insert itself between the communicating nodes, it is able to do anything with the
packets passing between them. It can drop the packets between them to perform a
denial-of-service attack, or alternatively use its place on the route as the first step in a
man-in-the-middle attack
For example, in Fig. 1.9, source node S wants to send data packets to destination node
D and initiates the route discovery process. We assume that node 2 is a malicious
node and it claims that it has route to the destination whenever it receives route
request packets, and immediately sends the response to node S. If the response from
the node 2 reaches first to node S then node S thinks that the route discovery is
complete, ignores all other reply messages and begins to send data packets to node 2.
As a result, all packets through the malicious node is consumed or lost.
1.7 BLACK HOLE PROBLEM IN AODV PROTOCOL
~ 33 ~
1.6.1.5 Gray-hole attack
This attack is also known as routing misbehavior attack. It leads to messages
dropping. It has two phases. In the first phase a valid route to destination is advertise
by nodes itself. In second phase, with a certain probability nodes drops intercepted
packets.
1.7 BLACK HOLE PROBLEM IN AODV PROTOCOL
AODV (Ad hoc On Demand Distance Vector) is an important on-demand routing
protocol that creates routes only when desired by the source node. When a node
requires a route to a destination, it broadcasts a route request (RREQ) packet to its
neighbors, which then forward the request to their neighbors, and so on, until either
the destination or an intermediate node with a “fresh enough” route to the destination
is located.
Fig. 1.10 Routing Discovery Process in AODV protocol
1.7 BLACK HOLE PROBLEM IN AODV PROTOCOL
~ 34 ~
In this process the intermediate node can reply to the RREQ (Route Request) packet
only if it has a fresh enough route to the destination. Once the RREQ (Route Request)
reaches the destination or an intermediate node with a fresh enough route, the
destination or intermediate node responds by unicasting a route reply (RREP) packet
back to the neighbor from which it first received the RREQ (Route Request). After
selecting and establishing a route, it is maintained by a route maintenance procedure
until either the destination becomes inaccessible along every path from the source or
the route is no longer desired. A RERR (Route Error) message is used to notify other
nodes that the loss of that link has occurred. A black hole problem means that a
malicious node utilizes the routing protocol to claim itself of being the shortest path
to the destination node, but drops the routing packets but does not forward packets
to its neighbors. Imagine a malicious node ‘M’.
Fig. 1.11 Black Hole Attack in AODV protocol
1.7 BLACK HOLE PROBLEM IN AODV PROTOCOL
~ 35 ~
When node ‘A’ broadcasts a RREQ packet, nodes ‘B’ ‘D’ and ‘M’ receive it. Node ‘M’,
being a malicious node, does not check up with its routing table for the requested
route to node ‘E’. Hence, it immediately sends back a RREP packet, claiming a route
to the destination. Node ‘A’ receives the RREP from ‘M’ ahead of the RREP from ‘B’
and ‘D’. Node ‘A’ assumes that the route through ‘M’ is the shortest route and sends
any packet to the destination through it. When the node ‘A’ sends data to ‘M’, it
absorbs all the data and thus behaves like a ‘Black hole’.
In AODV (Ad hoc On Demand Distance Vector), the sequence number is used to
determine the freshness of routing information contained in the message from the
originating node. When generating RREP (Route Request) message, a destination
node compares its current sequence number, and the sequence number in the RREQ
(Route Request) packet plus one, and then selects the larger one as RREPs (Route
Request) sequence number. Upon receiving a number of RREP (Route Request), the
source node selects the one with greatest sequence number in order to construct a
route. But, in the presence of black hole when a source node broadcasts the RREQ
(Route Request) message for any destination, the black hole node immediately
responds with an RREP (Route Request) message that includes the highest sequence
number and this message is perceived as if it is coming from the destination or from
a node which has a fresh enough route to the destination. The source then starts to
send out its packets to the black hole trusting that these packets will reach the
destination. Thus the black hole will attract all the packets from the source and
instead of forwarding those packets to the destination it will simply discard those.
Thus the packets attracted by the black hole node will not reach the destination.
1.8 CONCLUDING REMARKS
In this chapter, we described various aspects related to wired and wireless networks.
The routing protocols for MANET have been discussed to understand the working of
MANET. In the last section we describe the various security threats to MANET and it
is concluded that MANET networks are an easy target from security point of view and
a secure mechanism is required to protect the network from various attacks.
LITERATURE REVIEW
~ 36 ~
CHAPTER 2
LITERATURE REVIEW
Mohammad Al-Shurman et. al [2004], proposed two solutions to black hole attacks
prevalent in mobile ad-hoc network. The first solution is to find multiple paths to send
data from source to destination. The source sends ping packets along these different
routes with different packet Id’s and sequence number. The source checks the RREP’s
from different routes and try to find a secure route having a hop that is shared in more
than one route to the destination. This method ensures secure route to destination but
at the expense of the time delay caused due to waiting for another RREP from an
alternate route. The second method explores the possibility of using the sequence
number for identifying the fake replies from genuine replies. In this, two additional
tables are used to record sequence number of last sent packet and last received packet.
These tables are updated whenever a packet is sent or received and the destination
node sends RREP packet along with last packet sequence number. This solution
ensures faster delivery of packets. First solution is more secure but delay is large
while the second solution is quick in delivering the packets but a malicious node can
listen to the channel and can update its tables for the last sequence number.
Jeroen Hoebeke Et. Al [2005], discussed about application of mobile ad-hoc
networks and the challenges being faced while using them. In this paper, a complete
introduction has been given about the wireless networks. Moreover this paper
provides an insight into the potential applications of ad-hoc networks and discusses
the technological challenges being faced by network and protocol designers. Most
prominent of the challenges are routing, resource and service discovery and security.
Different attacks pertaining to security are deletion, fabrication, replication and
redirection of data packets. But despite challenges, mobile ad-hoc network opens a
new business opportunity for service providers.
Giovanni Vigna et. Al [2005], demonstrated an effective intrusion detection tool that
can be used to for detecting attacks in mobile ad-hoc network while using limited
LITERATURE REVIEW
~ 37 ~
amount of resources. The tool monitors network packets to detect attacks within its
range. This tool is based on State Transition Analysis Technique (STAT).
AODVSTAT sensors can be used in standalone mode to detect attacks in
neighborhood only or distributed mode, in which update messages are exchanged
between sensors to detect attacks in distributed manner. This scheme works well for
detecting both single hop as well as distributed attacks in mobile ad-hoc networks
while imposing a very small overhead on nodes.
Mehdi Medadian et. al [2009], proposed a novel approach for countering the black
hole attack. The approach is based on using negotiations with neighbors who claim to
have a route to destination. In this approach, any node uses a set of rules to decide the
honesty of the reply’s sender. During packet transferring, the activities of a node are
logged by its neighbors. These neighbors send their opinion about a node. When a
node receives replies from all neighbors, it is able to decide whether the replier is a
malicious node or a legitimate node. The opinion send by neighbors is based on the
number of packets sent to a particular node and number of packets forwarded by it.
The method yields better percentage of packets received in presence of cooperative
black hole attack.
Payal N. Raj and Prashant B. Swadas [2009], proposed DPRAODV (detection,
prevention and reactive AODV) to prevent the black hole attack by informing the
other nodes about the malicious node. As the value of RREP sequence number is
found to be higher than the threshold value, the node is suspected to be malicious and
it adds the node to the black list. As the node detected an anomaly, it sends a new
control packet, ALARM to its neighbors. The ALARM packet has the black list node
as a parameter so that, the neighboring nodes know that RREP packet from the node
is to be discarded. Further, if any node receives the RREP packet, it looks over the
list, if the reply is from the blacklisted node; no processing is done for the same. The
threshold value is the average of the difference of destination sequence number in
each time slot between the sequence number in the routing table and the RREP
packet. The purposed solution not only detects the black hole attack, but tries to
prevent it further, by updating threshold which reflects the real changing environment.
Other nodes are also updated about the malicious act by an ALARM packet, and they
react to it by isolating the malicious node from network.
LITERATURE REVIEW
~ 38 ~
Songbai Lu et. al [2009], proposed a method that is effective and secure against the
black hole attack in mobile ad-hoc network. This method is works on the basis of
direct verification of the destination node using random number exchange. In this
method, the source node sends verification packet SRREQ (Secure Route Request) to
destination node along opposite direction route of RREP (Route Reply) received
while the verification packet contains random number. This packet is forwarded using
different routing paths. At the destination end, upon receiving two or more SRREQ
(Secure Route Request) packets, their contents are checked. If content are same,
verification confirm packet SRREP (Secure Route Reply) is sent to source along
different routing paths. On the source end, upon receiving two or more SRREP
(Secure Route Reply) packets, their contents are checked for match. If they match, the
route is added to the routing table and warning message regarding malicious nodes, is
propagated throughout the network. This scheme can effectively prevent black hole
attack and also maintain a high routing efficiency.
Harris Simaremare and Riri Fitri Sari [2011], proposed two different approaches
viz. AODV-UI (based on reverse request method) and PHR-AODV (Path Hoping on
Reverse AODV) and subjected these approaches to various attacks faced by mobile
ad-hoc networks. These approaches aim at improving performance as well as security
and various metrics viz. packet delivery ratio, end to end delay and packet lost, are
used. AODV-UI method works like AODV but with an exception that if one route is
lost, route discovery process is not started. Rather the alternate route found earlier in
route discovery is selected. This enhances the performance as there is no need to
search for routes again and again. PHR-AODV method determines multipath for
sending data to destination and checks whether the path is broken or not. If broken,
path is deleted from the list and new path is selected. AODV-UI performs better in
terms of packets lost, end to end delay and packet delivery ratio. But in presence of
black hole nodes, PHR-AODV performs better.
Praveen Joshi [2011], discussed security concerns in routing protocols in MANET
(Mobile Ad hoc Network). In this paper, elaborate study has been done on the
various attacks encountered in mobile ad hoc network and the protocols used for this
type of network. The various routing protocols used can be broadly classified into
proactive and reactive routing protocols. The attacks associated with ad hoc routing
LITERATURE REVIEW
~ 39 ~
protocols can be dynamic topology of ad hoc networks, noise and signal interference
with wireless channel, and implicit trust relationships between neighbors.
Cryptography, authentication, digital signatures can be used to prevent malicious
attacks. Moreover intrusion detection systems and cooperation enforcement
mechanisms can be used for this purpose. This paper provides an insight into the
various attacks and the counter mechanisms employed against the malicious attacks.
Priyanka Goyal et. Al [2011], describes the elementary problems of ad hoc network
by providing its background. The most common challenges involved are limited
bandwidth, less computational and battery power and security. It presents an overview
of the routing protocols being used and their issues. Moreover desired security goals
such as availability, confidentiality, integrity, authorization etc. have been discussed.
The general trend is towards mesh architecture and improvements to be made to
capacity and bandwidth. Thus it ensures smaller, cheaper and more capable ad-hoc
networks.
Sunil Taneja et. al [2011], demonstrated the performance based comparison of the
two most widely used routing protocols, AODV (Ad hoc On Demand Distance
Vector) & DSR (Dynamic Source Routing), used in mobile ad-hoc networks. Both
these protocols have their own advantages. DSR (Dynamic Source Routing) does not
uses periodic routing messages like AODV (Ad hoc On Demand Distance Vector),
thereby reducing network bandwidth overhead. Moreover the routes are maintained
only between nodes that need to communicate. Thus route maintenance overhead is
reduced. AODV (Ad hoc On Demand Distance Vector) routing protocol favors least
congested route instead of the shortest route and supports both unicast and multicast
communication. Despite these benefits, AODV (Ad hoc On Demand Distance
Vector) is better performer when the medium is denser. Denser mediums are the
choice for a number of applications therefore AODV (Ad hoc On Demand Distance
Vector) is better choice and thus enjoys a preference than DSR (Dynamic Source
Routing) over mobile ad-hoc networks.
A.S. Bhandare et. al [2011], discussed two routing protocols namely AODV (Ad hoc
On Demand Distance Vector) & DSR (Dynamic Source Routing) and proposed a
method called Intrusion Detection using Anomaly Detection to provide security
LITERATURE REVIEW
~ 40 ~
against single and multiple black hole attacks in mobile ad-hoc network. This scheme
works on the principle of differentiating malicious nodes from reliable nodes by
monitoring and detecting anomaly activities of an intruder based on the normal
activities that are to be carried out. This scheme is based on the host based intrusion
detection as there is no central control over the device that monitors traffic flow. A set
of parameters viz. single hop count, maximum destination sequence number, life- long
route, destination IP (Internet Protocol) address and timestamp, are used to
differentiate a fake reply from a legitimate reply. This method is easy to deploy and
works on the principle of self-protection.
Jaydip Sen et. al [2011], proposed a novel method to defend mobile ad-hoc network
against cooperative black hole attack using AODV (Ad hoc On Demand Distance
Vector) routing protocol. The method used ensures reasonable throughput level in the
network. The proposed algorithm uses DRI (Data Routing Information) table and
cross checking mechanism to ensure security against black hole attack. The
experimental results show that the proposed scheme improves the packet delivery
ratio and can further be enhanced to defend mobile ad-hoc network against resource
consumption attack.
Pramod Kumar Singh et. al [2012], proposed a scheme that can be effective in
dealing with the malicious nodes which act as black holes in MANET (Mobile Ad hoc
Network). The proposed method uses promiscuous mode to detect malicious node and
propagates the information of malicious node to all other nodes in the network. The
source node floods a RREQ (Route Request) packet in the network and wa its for
RREP (Route Reply) packet to have a new route to the destination node. If the RREP
(Route Reply) is received from the intermediate node, the node receiving RREP
(Route Reply) packet, switches its promiscuous mode and sends a hello message to
destination. If the intermediate node forwards the message to destination, the node is
safe. Otherwise the node is a malicious one. This scheme does not require extra
processing power and database.
Humaira Ehsan et. al [2012], elaborated various kinds of attacks in MANET and
simulation of these attacks was done using ns-2 simulator. Various attacks namely
black hole attack, selfish node behavior, RREQ flooding and selective forwarding
LITERATURE REVIEW
~ 41 ~
attack are used draw major inferences about the impact of these attacks on the
network. If the attacker node is on the route between the source and the destination,
then the malicious node would have a major role in performance degradation.
Moreover, if the attacker node is in one part of the network, while the communication
between source and destination takes palace in another part of the network, then the
impact of the attacker node would be minimal.
Fidel Thachil and K C Shet [2012], proposed a method to detect and mitigate
malicious nodes from mobile ad-hoc network. The detection and mitigation of
malicious nodes from the network is based on trust factor being calculated by every
node for its neighboring nodes. This trust value is calculated by a ratio between the
number of packet received by the node and number of packets dropped by it. Each
node has a certain trust value. A threshold value is specified below which a node
would be considered malicious and as a result the node will be deleted from the
reliable routes and information regarding the malicious node is broadcasted
throughout the network. This method works far better than pure AODV (Ad hoc On
Demand Distance Vector) and ensures efficient packet delivery even in the presence
of malicious nodes.
Kundan Munjal et. al [2012], proposed a novel approach for detecting cooperative
black hole nodes in the network and propagating information regarding malicious
nodes throughout the network. For experimentation, three different scenarios are
tested. In first, no malicious node is present, so the route is considered reliable for
sending data. In second case, two cooperating malicious nodes are detected and
information regarding them is propagated throughout the network. In third case, on
finding a node to be reliable, information regarding its reliability is spread through the
network. The proposed network works well in all scenarios and achieves success
against black hole attack. Thus it ensures reliable route from source to destination.
But the algorithm requires improvements in end-to-end delay as well as routing
overhead.
Rutvij H. Jhaveri et. al [2012], proposed a novel approach of using intermediate
nodes to find and isolate malicious nodes based on the sequence number. In AODV,
the RREP packets are sent back to source node in reverse path through which RREQ
LITERATURE REVIEW
~ 42 ~
packet was received by destination node. If sequence number is higher in the table of
the node, packet is accepted otherwise discarded. But in the proposed method, apart
from checking the sequence number from RREP packet received, a PEAK value is
calculated by intermediate node using parameters viz. routing table sequence number,
RREP sequence number and number of replies during a time interval. Maximum
possible value of sequence number is the PEAK value and if a RREP packet received
has a sequence number higher than the PEAK value, the packet is labeled “don’t
consider” and forwarded along the reverse path. In this way, the malicious node is
detected as well as other nodes are informed about this node. So this node is not
considered while selecting a route to the destination.
Nidhi Sharma & Alok Sharma [2012], presented a couple of solutions that can be
used as a strategy against the black hole attack in MANET (Mobile Ad hoc Network).
First solution is to have multiple routes to destination and unicast ping packet to
destination using multiple routes (assigning different packet ID’s and sequence
number). Upon checking the replies received from different routes, decision is made
regarding the selection of a route for communication. In the second approach,
sequence number is used for the verification of legitimate node. Two extra tables are
maintained to record sequence number of the forwarded packets and sequence number
of the received packets. If there is a mismatch between sequence number of received
RREP (Route Reply) and the sequence number of the table, the route discovery
process is started while alarming the whole network about the node. The scheme does
not add overhead as sequence number itself is included in every packet in base
protocol.
Gundeep Singh Bindra et. al [2012], proposed a novel solution of maintaining an
Extended Data Routing Information (EDRI) table at each node, for detection of
cooperating black hole and gray hole nodes. This scheme also focuses on node’s
previous malicious instances and renew packet, further request & reply packets are
used apart from the RREQ & RREP packets. The EDRI table considers the gray
behavior of nodes and a counter is used to keep track of how many times a node has
been caught. This not only ensures safety against black hole nodes but also gray
behavior nodes. The only limitation is that only consecutive cooperating black hole
nodes can be identified using this scheme.
LITERATURE REVIEW
~ 43 ~
M. Jhansi et. al [2012], proposed a new method of detecting cooperative black hole
attack in MANET. This method uses extra bits of information to store the information
regarding the number of packets received by a node and the number of packets further
transferred by it. Two bits are used. 1st bit “first” stands for information on routing
data packet from the node while the second bit “through” stands for information on
routing data packet through the node. Moreover a cross check is done on the
intermediate node generating RREP (Route Reply) by making it to provide its next
hop node and its DRI (Data Routing Information) table. The DRI entry is checked by
source node and data is routed depending on a positive match. Otherwise FRq
(Further request) message is send to NHN (Next Hop Node) to check the reliability of
the intermediate node. This method can be applied to identify multiple black hole
nodes cooperating with each other and to discover secure paths from source to
destination.
Vaishali Mohite & Lata Ragha [2012], implemented a novel method to find a secure
route from source to destination by avoiding cooperative malicious nodes. This
method uses data routing information and two additional tables namely RRT
(Receiving Record Table) & SRT (Self Record Table). These additional tables hold
information regarding the node that sent the reply packet and the information about
the current node to be sent to the node that sent the packet respectively. These tables
are helpful in keeping the history of the packets sent/received at each node so as to
make detection of an inside attacker easier. This method proves out to be effective
against cooperative attacks.
Meenakshi Patel & Sanjay Sharma [2013], projected a novel automatic security
mechanism using SVM (Support Vector Machine) to defend against malicious attack
occurring in AODV (Ad hoc On Demand Distance Vector). This method uses three
metrics viz. Packet Delivery Rate (PDR), Packet Modification Rate (PMR) and
Packet Misroute Rate (PMISR), to decide the behavior of a node. The information
required by the metrics is gathered from all the nodes in the network. These metrics
are checked against a threshold, below which the node is considered malicious. The
projected scheme is simple and provides fast and quick response to suspicious or
compromised node.
LITERATURE REVIEW
~ 44 ~
Jaspal Kumar et. al [2013], analyzed the effect of black hole attack on the routing
protocols and have used AODV (Ad hoc On Demand Distance Vector) and Improved
AODV (Ad hoc On Demand Distance Vector) protocol. IAODV (Improved Ad hoc
On Demand Distance Vector) supports multipath where route discovery is necessary
only when all routes expire whereas in case of AODV (Ad hoc On Demand Distance
Vector), route discovery starts as RERR (Route Error) message is received from the
only route being used for transmission. IAODV (Improved Ad hoc On Demand
Distance Vector) falls into hybrid category of routing protocol whereas AODV (Ad
hoc On Demand Distance Vector) is a reactive routing protocol. Experimental results
show that IAODV (Improved Ad hoc On Demand Distance Vector) is less affected by
black hole attack than AODV (Ad hoc On Demand Distance Vector). Moreover
packet delivery ratio of IAODV (Improved Ad hoc On Demand Distance Vector) is
improved at an increased routing overhead which can be avoided considering that
tackling black hole attack in the network, is a challenging task.
Rutvij H. Jhaveri [2013], presented a method to avoid malicious nodes from
participating in the information exchange between two nodes and also reducing the
network load. This method works on R-AODV (Reverse AODV), which states that a ,
a PEAK value is calculated by intermediate node using parameters viz. routing table
sequence number, RREP sequence number and number of replies during a time
interval. Maximum possible value acceptable as a sequence number is the PEAK
value and if a RREP packet received has a sequence number higher than the PEAK
value, the packet is simply discarded. In this way, only genuine RREP are received at
the source. Thus it reduces the network traffic. This method increases the packet
delivery ratio with acceptable routing overhead.
Sisily Sibichen et. al [2013], demonstrated the use of authentication keys in providing
security in mobile adhoc networks. Moreover the proposed method makes use of the
spanning tree to allow the communication between member nodes of the network. In
this method, each of the node has its own certificate and this certificate is signed by
trusted third party. This certificate is the basis of all the communication between the
nodes as the receiving nodes checks this certificate for authenticity before forwarding
the received packet. Once the certificates are exchanged, the nodes start exchanging
secret keys which are used for the encryption and decryption of the messages. This
LITERATURE REVIEW
~ 45 ~
method not only makes the communication between nodes secure but also results in
increase in throughput and Packet Delivery Ratio (PDR).
Sanjay K. Dhurandher et. al [2013], analyzed the most common problem with
MANET viz. black hole attack and proposed a modified GAODV protocol to be used
as a countermeasure against black hole attack as well as gray hole attack. This
technique uses two extra packets namely check confirm and reply confirm, to find a
secure route from source to destination node. When reply from an intermediate node
is received, it is checked whether the sending node has an entry in black hole table. If
not, it sends confirm packet to destination. If intermediate node is a black hole, it
discards the packet. Upon receiving the confirm packet, the des tination sends reply
confirm packet to the source. If this confirm reply packet is received within a
stipulated time, the source starts sending packets to the destination or stores the
intermediate nodes in black hole table and rebroadcasts RREQ packets to find a route
to destination. This method shows promising results in detecting collaborative black
hole nodes. Also the proposed method offers 90% DDR (Data Delivery Ratio) for
dynamic topology and with 0.9 times end to end delay of conventional AODV.
CONCLUDING REMARKS
In this chapter various techniques defined in various papers have been discussed. The
techniques employed against the black hole attack are using Data Routing Information
(DRI) table, Intrusion Detection Systems, segregation based on the input from the
neighbors of a node. All the papers discussed have certain merits over each other and
there is a tradeoff between various metrics in each of the techniques defined in the
different papers discussed.
THEORETICAL DEVELOPMENT
~ 46 ~
CHAPTER 3
THEORETICAL DEVELOPMENT
3.1 PROBLEM FORMULATION
In MANET inside and outside attacks are possible, which degrade the performance of
the network. In Inside attacks, a node within the network become malicious node and
it launched attacks on network. In outside attacks, a malicious node which is outside
the network, it becomes the member of the networks and then launches attack on
network. Black hole attack is the most common active type of attack. When black
hole attack is triggered in the network, throughput of the network reduces and delay
increases at a steady rate. The black hole attack is even worse if the multiple black
hole nodes exist in the network.
A significant amount of research has been devoted to study security issues as well as
countermeasures to various attacks in MANET. However, there is still much research
work needed to be done in the area. The aim of the study is to detect the Black Hole
attack using AODV protocol in MANET. This thesis work focuses on finding a secure
route for communication by detecting and isolating all the malicious nodes in mobile
Ad hoc network. The detection of the cooperative black hole nodes will provide more
security and stability to MANET.
3.2 Objectives
Following are the various objectives of this research work
To study black hole attack in MANET and its consequences.
To implement a new scheme to detect malicious nodes in the network which are
responsible for triggering the black hole attack in the network.
Testing the new scheme against parameters like throughput and end-to-end delay.
THEORETICAL DEVELOPMENT
~ 47 ~
3.3 Methodology/Planning of work
Figure: 3.1 Methodology used
5.1 SIMULATION ENVIRONMENT
~ 48 ~
CHAPTER 4
SIMULATION ENVIRONMENT
4.1 SIMULATION ENVIRONMENT
Simulation is the execution of a system model in time that gives information about a
system being investigated. Events occur at discrete points of time. When the numbers
of such events are finite, we call it discrete event. A discrete event simulator consists
of a bunch of events and a central simulator object that executes these events in order.
The act of simulating something generally entails representing certain key
characteristics or behaviors of a selected physical or abstract system. The simulator
used in this thesis work to simulate the ad-hoc routing protocols is Network Simulator
2.
4.1.1 Network Simulator
Network Simulator is the result of an ongoing effort of research and development that
is administrated by researchers at Berkeley. It is a discrete event simulator targeted at
Fig.4.1 Network Simulator 2
4.1.1 NETWORK SIMULATOR
~ 49 ~
networking at networking research. NS-2 is an object-oriented, discrete event network
simulator developed at UC Berkeley. It is written in C++ and OTcl (Object-Oriented
Tcl) and primarily uses OTcl as command and configuration language. NS is basically
written in C++, with an OTcl interpreter as a frontend.
It supports a class hierarchy in C++, called Compiled hierarchy and a similar one
within the OTcl interpreter, called interpreter hierarchy. There is a one-one
correspondence between classes of these two hierarchies. The root of the hierarchy is
Class Tcl Object. Users create new simulator objects through interpreter that are
instantiated within the interpreter. The interpreted hierarchy is automatically
established through methods defined in the Tcl class. User instantiated objects are
mirrored through methods defined in class Tcl Object. The simulator can be viewed as
doing two different things. While on one hand, detailed simulations of protocols are
required, it is also required that the user is able to vary the parameters or
configurations and quickly explore the changing scenarios. For the first case, we need
a system programming language like C++ that efficiently handles bytes, packet
headers and implement algorithms efficiently. But for the second case, iteration time
is more important than the runtime of the part of the task. This is accomplished by a
scripting language like Tcl. A major component of NS besides network objects is
event scheduler. For example, a packet can be considered as an event with scheduled
time and pointer to an object that handles an event. All the network components that
need to spend some time handling packets use the event scheduler by issuing an event
for a packet. A switching component or timer use event scheduler. Simulation results
are usually got using files called Trace files. When the simulation is over, NS
produces one or more text based output files that contain simulation data as specified
in the input script.it can be viewed using a nice graphical tool called Network
Animator or NAM in short. NS is mainly used for simulating local and wide area
networks. It simulates a wide variety of IP networks. It implements network protocols
such as TCP and UDP, traffic source behavior such as FTP, CBR and VBR, Router
queue management mechanisms such as Drop tail and CBQ. The NS projects is now
part of the VINT project that develops tools for simulation results display, analysis
and converters that convert network topologies generated by well-known generators
to NS formats. The current version of network simulator does not support mobile
wireless environment.
4.1.1 NETWORK SIMULATOR
~ 50 ~
TABLE 4.1 Simulation Parameters
Parameter Value
Terrain Area 800 m x 800 m
Simulation Time 50 s
MAC Type 802.11
Application Traffic CBR
Routing Protocol AODV
Data Payload 512 Bytes/Packet
Pause Time 2.0 s
Number of Nodes 15
Number of Sources 1
No. of Adversaries 1 to 3
Number of nodes: This parameter in the above table is used to represent number of
nodes that are used for conducting the simulation.
Pause time: this parameter represents the time interval for which the nodes can be
paused in the network during simulation.
Traffic type: Network traffic can be of two types viz. Variable Bit Rate (VBR) and
Constant Bit Rate (CBR). The CBR traffic can suffer a maximum delay of T.
Simulation time : Simulation time is the duration of time for which the simulation is
carried out.
4.2 Quantitative Metrics
There are a number of quantitative metrics that can be used for evaluating the
performance of a routing protocol for mobile wireless ad-hoc networks. In this thesis,
we follow the general ideas described in RFC 2501, and we use four quantitative
metrics. The packet delivery ratio and average end-to-end delay are most important
for best-effort traffic. The other two qualitative metrics used in this thesis are and
throughput.
4.2 QUANTITATIVE METRICS
~ 51 ~
Packet Delivery Ratio
The packet delivery ratio is defined as the fraction of all the received data packets at
the destinations over the number of data packets sent by the sources. This is an
important metric in networks. If the application uses TCP as the layer 2 protocol, high
packet loss at the intermediate nodes will result in retransmissions by the sources that
will result in network congestion.
Packet Delivery Ratio = Total Data packets received ----------------------------------- Total Data packets sent
Average End-to-End Delay
End-to-end delay includes all possible delays in the network caused by route
discovery latency, retransmission by the intermediate nodes, processing delay,
queuing delay, and propagation delay. To average the end-to-end delay we add every
delay for each successful data packet delivery and divide that sum by the number of
successfully received data packets. This metric is important in delay sensitive
applications such as video and voice transmission.
Average End to End Delay = ∑ (Time received - Time sent) --------------------------------------
Total Data packets received
Overhead
Ad hoc networks are designed to be scalable. As the network grows, various routing
protocols perform differently. The amount of routing traffic increases as the network
grows. An important measure of the scalability of the protocol, and thus the network,
is its routing overhead. It is defined as the total number of routing packets transmitted
over the network, expressed in bits per second or packets per second. The causes of
routing overhead are network congestion and route error packets.
RESULTS AND DISCUSSION
~ 52 ~
CHAPTER 5
Results and Discussion
5.1 NETWORK DEPLOYMENT
The simulation for the proposed method has been carried using network animator and
the operating system used is Redhat Linux. The network animator shows the positions
of various nodes.
Fig. 5.1 Network deployment
5.1 NETWORK DEPLOYMENT
~ 53 ~
The figure shows 5.1 nodes in the network arranged randomly and having numbers
to identify from each other. The two nodes acting as source and destination are shown
in blue color. This animation has a start, stop, forward, and rewind, previous and next
button. Moreover there is a zoom button to zoom in and out to see the nodes of the
network. We can also adjust the speed of the animation according to our requirement.
The position of the node can be changed according to our requirement using the edit
button. Thus the network animator offers a set of buttons that can be used to control
the communication between the nodes in the network at any time.
Figure 5.2 and 5.3 and 5.4 shows the Source node broadcasting route request
(RREQ) packets to its neighboring nodes so that a route to destination could be found.
The neighboring nodes further broadcast this RREQ packets until it reaches the
intended node i.e. destination node. At a certain point, node 0 becomes the source
node whereas node 7 becomes the destination node and node 0 starts flooding the
network with RREQ packets.
Fig. 5.2 Source node sending RREQ packets
5.1 NETWORK DEPLOYMENT
~ 54 ~
Fig. 5.3 Neighboring nodes sending RREQ packets to adjacent nodes
Fig. 5.4 Flooding of route request packets in the network
5.1 NETWORK DEPLOYMENT
~ 55 ~
The green circles show that the RREQ packets are being forwarded to the other nodes
in the network. Figure 5.4 shows the neighboring nodes send the RREQ packets to
their adjacent nodes.
Fig 5.5 Malicious nodes replying with fake route reply packets
Figure 5.5 shows that the black hole nodes upon receiving the RREQ packets, start
sending the RREP (Route Reply) packets to the source which initiated the route
request. Now the point here is that the black hole nodes present in the network do not
bother about whether the node to which a route is being requested even exists. It
simply starts replying as soon as it receives the request packet with a higher sequence
number. While the legitimate nodes check of they have any route to the requested
node and only then reply. Thus during this whole procedure the black hole nodes are
easily isolated and the whole network can be warned about their existence. The figure
5.1 NETWORK DEPLOYMENT
~ 56 ~
shows malicious nodes in red color and they are sending fake RREP (Route Reply)
packets to the source while the other nodes simply discard the route request packet
received to find route to a non-existent node in the network.
Figure 5.6 shows that the source selects the route with the shortest path i.e. the route
through which the route reply was received the earliest. Now this route has a black
hole node and upon receiving data, it starts dumping all the packets thus resulting in
loss of packets and increase in end-to-end delay.
Fig. 5.6 Source node selects the shortest path to destination, via black hole node
5.2 SOLUTION IMPLEMENTATION
~ 57 ~
Fig. 5.7 Source node sending data packets to black hole node
5.2 SOLUTION IMPLEMENTATION
The solution for the black hole attack is implemented using a fake route request
packets being broadcasted in the network.
Fig. 5.8 Various nodes in the network
5.2 SOLUTION IMPLEMENTATION
~ 58 ~
Figure 5.9and 5.10 shows the fake route request packets being broadcast in the
network for the identification of the malicious black hole nodes. The network is
flooded with a request of route to a destination node which is non-existent in the
network and this broadcasting continues until it reaches every node in the network.
Fig. 5.9 Fake route request packets are flooding in the network
5.2 SOLUTION IMPLEMENTATION
~ 59 ~
Fig 5.10 Fake route request packet broadcasted in the network
5.2 SOLUTION IMPLEMENTATION
~ 60 ~
Figure 5.11 shows that upon receiving the route request packet, the black hole nodes
are the one which immediately reply with a route reply packet having minimum
number of hop counts and higher sequence number. Therefore making it a
considerable path for the transmission of data. But the catch here is that the
destination asked for in the route request packet does not even exists in the network,
then how some of the nodes are able to provide a route to the non-existent node.
Therefore these nodes which reply with a route reply packet are considered to be
malicious nodes.
Fig. 5.11 Fake RREP packets being propagated to source
5.2 SOLUTION IMPLEMENTATION
~ 61 ~
Fig. 5.12 Nodes being warned of the black hole nodes by alarm messages
Fig. 5.13 Isolation of black hole nodes
5.2 SOLUTION IMPLEMENTATION
~ 62 ~
Figure 5.13 shows the malicious nodes being isolated form the network and these
nodes will not be considered for data transmission or participate in any activity being
performed in the network.
Figure 5.14 shows the normal route discovery process initiated by the source node.
The source nodes sends route request packets to its neighboring nodes which further
broadcast these to their neighbors and continues until it reaches all the nodes in the
network or intermediate nodes which has a route to the requested destination.
Fig. 5.14 Source nodes start normal route discovery process
5.2 SOLUTION IMPLEMENTATION
~ 63 ~
Fig. 5.15 Nodes with route to destination reply with RREP packet
Fig. 5.16 Shortest path is selected to transmit data
Figure 5.16 shows that upon receiving the route request packet, all the immediate
nodes having route to the destination send route reply packet to the source which
initiated the route request. The source node upon receiving these route reply packets
calculates the hop count, sequence number and select the best path to the destination.
5.3 GRAPHS
~ 64 ~
5.3 GRAPHS
The graphs are used to represent the change in throughput and end-to-end delay using
the proposed method. Green line represents the change in case of the new scenario
and red color represents the conventional method. These two parameters are widely
used for verifying the validating the use of a particular method. Throughput can be
defied as the number of results produced per unit time whereas end-to-end delay may
be defined as the time taken between sending of a packet and it’s receiving on the
destination.
Fig. 5.17 change in end-to-end delay
X-axis = Simulation Time Y-axis = delay in time
Figure 5.17 shows the change in end-to-end delay after the deployment of the
proposed method. In the conventional method, the delay starts increasing when there
is presence of a black hole node in the network whereas in absence of black hole
5.3 GRAPHS
~ 65 ~
nodes, the delay is almost zero as all packets arrive at their destination in a timely
manner.
Fig. 5.18 change in throughput
X-axis = Simulation Time Y-axis = Number of packets received at destination
Figure 5.18 represents the change in throughput achieved using the proposed method.
As the delay in the network is at a minimum due to isolation of black hole nodes, the
throughput increases as more and more packets are delivered to their destinations.
Green line represents the throughput in the new scenario and red line represents the
throughput in conventional method.
5.3 GRAPHS
~ 66 ~
Figure 5.19 shows the increased packet delivery ratio achieved using the proposed
method. As packet loss is minimum so more hence the increased packet delivery ratio.
Fig: 5.19 change in Packet Delivery Ratio
X-axis = Simulation Time Y-axis = Packets delivered at destination per unit time
5.3 GRAPHS
~ 67 ~
Figure 5.20 shows the decrease in the packet loss using the proposed method. The
black hole nodes are isolated beforehand. Therefore the packet loss is at a minimum.
Fig: 5.20 change in Packet Loss
X-axis = Simulation Time
Y-axis = Packets lost
5.3 GRAPHS
~ 68 ~
Figure 5.21 shows the less overhead caused by using the new method. The new method uses an extra route discovery phase to isolate the black hole nodes. So this
mechanism results in some overhead but still it is very less compared to maintaining extra tables to store information about various nodes. Thus the overhead incurred by
an extra phase gets balanced by the space saved due to non-requirement of saving DRI table by each node
Fig: 5.21 change in Overhead
X-axis = Simulation Time
Y-axis=Overheadincurred
CONCLUSIONS AND FUTURE SCOPE
~ 69 ~
CHAPTER 6
CONCLUSIONS AND FUTURE SCOPE
In this thesis a new method is proposed for finding a secure route from source to
destination in case of mobile ad-hoc network using AODV routing protocol. The
testing scenario was created using network simulator to test the proposed method on
the basis of most common parameters viz. throughput and end-to-end delay. It is
investigated that the proposed method shows positive results as opposed to
conventional method used in AODV routing protocol. This work is a start in the
direction of rigorous evaluation of all the aspects of the routing in mobile ad-hoc
networks. The next stage could be the investigation of the proposed method using
other routing protocols and combining the proposed method with other methods like
using routing information tables, anomaly detection based on nodes behavior and
intrusion detection. A lot of work has to be done in order to make the usage of mobile
ad-hoc networks common a viable option. Ad hoc technology has now proved to be a
very useful tool for meeting the tactical battlefield communication requirements. The
industry is now embracing this technology, and in the recent years, several vendors
have provided handheld radios with MANET capability. Mobile ad-hoc networks will
continue to evolve and new target applications will probably emerge.
REFERENCES
~ 70 ~
REFERENCES
[1] M. Al-Shurman, S.-M. Yoo and S. park, “Black Hole Attack in Mobile Ad Hoc
Networks,” ACMSE, no. 04, pp. 96-97, 2004.
[2] J. Hoebeke, I. Moerman, P. Demester and B. Dhoedt, “An OverviewofMobile Ad
Hoc Network: Applications and Challenges,” no. 4, pp. 60-66, 2005.
[3] G. Vigna, S. Gwalani, K. Srinivasan, E. M. Belding-Royer and R. A. Kemmerer,
“An Intrusion Ddetection Tool for AODV-based Ad hoc Wireless Networks,” pp.
1-16, 2005.
[4] M. Medadian, M. Yektaie and A. Rahmani, “Combat with Black Hole Attack in
AODV Routing Protocol in Manet,” IEEE, 2009.
[5] P. N. Raj and P. B. Swadas, “PRAODV: A Dynamic Learning System against
Black Hole Attack in AODV based MANET,” IJCSI, vol. 2, pp. 54-59, 2009.
[6] H. Simaremare and R. F. Sari, “Performance Evaluation of AODV variants on
DDOS, Blackhole and Malicious Attacks,” International Journal of Computer
Science and Network Security, vol. 11, no. 6, pp. 277-287, 2011.
[7] V. Garg, M. K. Shukla, T. Choudhury and C. Gupta, “Advance Survey of Mobile
Ad-Hoc Network,” IJCST, vol. 2, no. 4, pp. 552-555, 2011.
[8] P. Joshi, “Security Isues in Routing Protocols in MANET's at Network Layer,”
Procedia Computer Science, no. 3, pp. 954-960, 2011.
[9] P. Goyal, V. Parmar and R. Rishi, “MANET-Vulnerabilities, Challenges, Attacks
and Applications,” International Journal of Computational Engineering and
Management, vol. 11, pp. 32-37, 2011.
[10] S. Taneja, D. A. Kush and A. Makkar, “End to End Delay Analysis of Prominent
on Demand Routiing Protocols,” IJSCT, vol. 2, no. 1, pp. 42-46, 2011.
[11] A. Bhandare and S. Patil, “Study of Protocols (AODV,DSR) of MANET and
Black Hole Attack in AODV,” ISOR Journal of Electronics and Communcation
Engineering, pp. 50-53, 2011.
[12] J. Sen, S. Koilakinda and A. Ukil, “A mechanism for Detection of Cooperative
REFERENCES
~ 71 ~
Black Hole Attack in Mobile Adhoc Network,” International conference on
Inteligent Systems, Modellingand Simulation, pp. 338-343, 2011.
[13] P. K. Singh and G. Sharma, “An Efficient Prevention of Black Hole Problem in
AODV Routing Protocol in MANET,” IEEE International conference on Trust,
Security andPrivacy in Computing and Communcation, pp. 902-906, 2012.
[14] F. Thachil and K. Shet, “A Trust Based Approach for AODV Protocol to mitigate
Black Hole Attack in MANET,” International conference on Computing
Sciences , pp. 281-285, 2012.
[15] K. Munjal, S. Verma and A. Bakshi, “Cooperative Black Hole Node Detection
by Modifying AODV,” International Journal of Management, IT and
Engineering, vol. 2, no. 8, pp. 484-501, 2012.
[16] N. Purohit, R. Sinha and K. Maurya, “Simulation Study of Black Hole and
JEllyfish Attack on MAnet using NS-3,” IEEE, pp. 1-5, 2011.
[17] N. Sharma and A. Sharma , “The Black Hole Node Attack in MANET,” IEEE
Second International conference on Advanced Computing and Communcation
Technologies, pp. 546-550, 2012.
[18] H. Ehsan and F. A. Khan, “Malicious AODV,” IEEE 11th International
conference on Trust, Security and Privacy in Computing and Communications,
no. 9, pp. 1181-1186, 2012.
[19] M. Jhansi, K. R. Devi and B. M. Chandra, “Effective Measure to Prevent
Cooperative Blackhole attack in Mobile adhoc Wireless Network,” International
Journal of Engineering Research and Applications, vol. 2, no. 4, pp. 204-209,
2012.
[20] H. L. Nguyen and U. T. Nguyen, “A Study of Different Types of Attacks in
Mobile Adhoc Network,” 25th IEEE Canadian Conference on Electrical and
Computer Engineering, no. 2, pp. 1-6, 2012.
[21] M. Patel and S. Sharma, “Detection of Malicious Attacks in MANET: a
Behavioural Approach,” IEEE International Advance Computing Conference, pp.
388-393, 2013.
[22] J. Kumar, M. Kulkarni and D. Gupta , “Effect of Black Hole Attack on MANET
Routing Protocols,” International Journal of Compuer Network and Information
Security, vol. 5, pp. 64-72, 2013.
REFERENCES
~ 72 ~
[23] R. H. Jhaveri, S. J. Patel and D. C. Jinwala, “A Novel Approach for Gray Hole
and Black Hole Attacks in Mobile Adhoc Nework,” IEEE 2nd International
conference on Advanced Computing and Communiaction Technologies, pp. 556-
560, 2012.
[24] G. S. Bindra, A. Kapoor, A. Narang and A. Agrawal, “Detection and Removal of
Cooperative Black Hole and Gray Hole Attacks in MANETs,” IEEE
International conference on System Engineering and Technology, no. 5, pp. 1-5,
2012.
[25] S. Lu, L. Li, K. Y. Lam and L. Jia, “SAODV- A MANET Routing Protocol that
can withstand Black Hole Attack,” IEEE, pp. 421-425, 2009.
[26] V. Mohite and L. Ragha, “Cooperatie Security Agents for MANET,” IEEE
World Congress on Information and Communication Technologies, pp. 549-554,
2012.
[27] R. H. Jhaveri, “MR_AODV: A Solution to mitigate Black Hole and Grayhole
Attacks in AODV baesd MANETs,” IEEE CPS 3rd International Conference on
Advanced Computing & Communication Technologies, pp. 254-260, 2013.
[28] S. K. Dhrandher, I. Woungang, R. Mathur and P. Khurana, “GAODV: A
Modified AODV against single and collaborative Black Hole attacks in
MANETs,” IEEE International conference on Advanced Information Networking
and Applications Workshops, pp. 357-362, 2013.
[29] S. Sibichen and S. Sreedhar, “An Efficient AODV Protocol and Encryption
Mechanism for Security Issues in Adhoc Networks,” IEEE International
conference on Microelectronics, Communication and Renewable Energy, pp. 1-6,
2013.
[30] W. Stallings, “Mobile networks,” in Data and Computer Communications, 7 ed.,
2004.
[31] “Ns,” USC University of Southern California, [Online]. Available:
http://www.isi.edu/nsnam/.
[32] “ns (simulator),” Wikipedia, [Online]. Available:
http://en.wikipedia.org/wiki/Ns_(simulator).
[33] E. M. Royer and C.-K. Toh, “A review of Current Routing Protocolsfor Ad hoc
Mobile Wireless Networks,” IEEE, no. 4, pp. 46-55, 1999.