Vikash file full_final

1.1 INTRODUCTION

~ 1 ~

CHAPTER 1

INTRODUCTION

1.1 INTRODUCTION

A computer network or data network is a telecommunication network that allows

computers to exchange data. In computer networks, networked computing devices

pass data to each other along data connections. The connections (network links)

between nodes are established using either cable media or wireless media. The best-

known computer network is the Internet. Network computer devices that originate,

route and terminate the data are called network nodes. Nodes can include hosts such

as servers and personal computers, as well as networking hardware. Two devices are

said to be networked when a device is able to exchange information with another

device. Computer networks support applications such as World Wide Web, shared use

of application and storage servers, printers, and fax machines, and use of email and

instant messaging applications. Computer networks differ in the physica l media used

to transmit their signals, the communications protocols to organize network traffic,

the network’s size, topology and organizational intent.

Fig. 1.1 Computer Network

1.2 WIRED NETWORK

~ 2 ~

Today, computer networks are the core of modern communication. Computer

networks, and the technologies that make communication between networked

computers possible ,continue to drive computer hardware, software, and peripherals

industries. The expansion of related industries is mirrored by growth in the numbers

and types of people using networks, from the researcher to the home user.The

network can be of different types depending on the topologies used, geographical

scale, and organizational scope. But the networks can be broadly classified into two

categories. They are

1.2 Wired Network

1.3 Wireless Network

1.2 WIRED NETWORK

A wired network connects devices to the network or other network using cables. The

most common wired networks use cables connected to Ethernet ports on the network

on one end and to a computer or other device on the opposite end. Wired networks

provide users with plenty of security and the ability to move lots of data very quickly.

A widely adopted family of communication media used in local area network (LAN)

technology is collectively known as Ethernet. The media and protocol standards that

enable communication between networked devices over Ethernet are defined by IEEE

802.3. Ethernet transmit data over both copper and fiber cables. Wired networks are

typically faster than wireless, and they can be very affordable. However the cost of

Ethernet cable can add up- the more computers on your network and the farther apart

they are, the more expensive your network will be. The most common wired networks

are formed using Ethernet. Ethernet is a physical and data link layer technology for

local area networks (LANs). When first widely deployed in 1980’s, Ethernet

supported a maximum data rate of 10 megabits per second. Later fast Ethernet

standards increased this maximum data rate to 100 Mbps. Gigabit Ethernet further

extended this to a data rate of 1000 Mbps. Ethernet follows a simple set of rules that

govern its basic operation. The basic terms used with Ethernet technology are:

Medium: Ethernet devices attach to a common medium that provides a path

along which the electronic signals will travel. This medium has been coaxial

copper cable, but today it is more a twisted pair or fiber optic cabling.

1.3 WIRELESS NETWORK

~ 3 ~

Segment: This refers to a single shared medium as an Ethernet segment.

Node: Devices that attach to that segment are stations or nodes.

Frame: The nodes communicate in short messages called frames, which are

variably sized chunks of information.

The Ethernet protocol specifies a set of rules for constructing frames. Each frame

must include a destination address and a source address, which identify the recipient

and the sender of the message. The address uniquely identifies the node. No two

Ethernet devices ever have the same address. One interesting thing about Ethernet

addressing is the implementation of a broadcast address. A frame with a destination

address equal to the broadcast address is intended for every node on the network, and

every node will receive and process this type of frame.

The Ethernet standards comprise several wiring and signaling variants of the OSI

physical layer in use with Ethernet. The original 10BASE5 Ethernet used coaxial

cable as a shared medium. The Ethernet standard has grown to encompass new

technologies as computer networking has matured, but the mechanics of operation for

every Ethernet network today originate from Metcalfe’s original design. The original

Ethernet described communication over a single cable shared by all devices on the

network. Once a device is attached to this cable, it had the ability to communicate

with any other device attached. This allows the network to expand to accommodate

new devices without requiring any modification to those already on the network. In

addition to computers, Ethernet is now used to interconnect appliances and

other personal devices. It is used in industrial applications and is quickly replacing

legacy data transmission systems in the world's telecommunications networks.

1.3 WIRELESS NETWORK

Wireless Networking is a technology in which two or more computers communicate

with each other using standard network protocols but without using cables. The

transmission takes place with the help of radio waves at physical level. It is also

known as Wi-Fi or WLAN. In this type of network, devices can easily two using radio

frequency. The IEEE standard for wireless network is 802.11.

A) INFRASTRUCTURE NETWORKS

~ 4 ~

Convenience offered by Wireless Networks

Mobility: This is one of the obvious advantages of the wireless networks.

Mobile users can connect to the existing networks while roaming freely.

Simplicity: We can translate simplicity into rapid development. It is easy to

install a wireless infrastructure, compared to a wired network.

Flexibility: Wireless network coverage area can reach where wire cannot go.

It is very useful for moving vehicles or for the places where running cable is

not possible.

There are two types of Wireless Operating modes:

A) Infrastructure Mode

B) Ad-hoc Mode or Infrastructure less Mode

A) Infrastructure Networks

In infrastructure based network, communication takes place only between the wireless

nodes and the access points. There is no direct communication between the wireless

nodes. The access point is used to control the medium access as well as it acts as a

bridge between wireless and wired networks. In this network, fixed base stations are

used. When the node goes out of the range of base station another base station come

into range. The example of infrastructure based network is cellular networks. It is

centralized system which is controlled by the controller like router. The main problem

in this system is that if the controller fails, whole system will crash.

Fig. 1.2 Infrastructure Network

1.4 MANET

~ 5 ~

B) Infrastructure less Networks

The infrastructure less network does not need any infrastructure to work. In this

network each node can communicate directly with other nodes. No access point is

required for controlling medium access. In this network, all the nodes need to act as

routers and all nodes are capable of movement and can be connected dynamically in

an arbitrary manner [6]

1.4 MANET

MANET stands for Mobile Ad hoc Network. It is a robust infrastructure less wireless

network. It can be formed either by mobile nodes or by both fixed and mobile nodes.

Nodes are randomly connected with each other and forming arbitrary topology. They

can act as both routers and hosts. They have ability to self-configure makes this

technology suitable for provisioning communication to, for example, disaster-hit areas

where there is no communication infrastructure or in emergency search and rescue

operations where a network connection is urgently required. In MANET routing

protocols for both static and dynamic topology are used. An ad hoc network is a

wireless network describe by the nonexistence of a centralized and fixed

infrastructure. The absence of an infrastructure in ad hoc networks poses great

challenges in the functionality of these networks. Therefore, we refer to a wireless ad

hoc network with mobile nodes as a Mobile Ad Hoc Network. In a MANET, mobile

nodes have the capability to accept and route traffic from their intermediate nodes

towards the destination i.e., they can act as both routers and hosts. More frequent

connection tearing and re-associations place an energy constraint on the mobile nodes.

As MANETs are illustrated by limited bandwidth and node mobility, there is a

demand to take into account, the energy efficiency of the nodes, topological changes

and unreliable communication in the design. Moreover more importance has to be

given to the routing protocols used for the communication between the nodes as it is

the one of the important thing which has a huge impact on the performance of the

mobilead-hocnetwork.

1.4.1 TYPES OF MOBILE AD-HOC NETWORK

~ 6 ~

Table 1.1 Characteristics of Mobile Ad-hoc Network

Mobile Ad-hoc Network Characteristics

Autonomous and infrastructure less

Multi-hop routing

Dynamic network topology

Device heterogeneity

Energy constrained operation

Bandwidth constrained variable capacity links

Limited physical security

Network scalability

Self-creation, self-organization and self-administration

1.4.2 Types Of Mobile Ad-Hoc Network

Vehicular ad-hoc networks (VANET) are used for communication among vehicles

and between vehicles and roadside equipment. Intelligent vehicular ad-hoc networks

are a kind of artificial intelligence that helps vehicles to behave in intelligent manners

during vehicle-to-vehicle collisions, accidents etc. internet based Mobile Ad-hoc

Networks (iMANET) are ad-hoc networks that link mobile nodes and fixed internet-

gateway nodes.

Table 1.2 Mobile Ad-hoc Network Types

Technology

Bitrate Frequency Range(meters) Power

consumption

IEEE

802.11b

1,2,5.5 and 11

Mbit/s

2.4 GHz 25-100indoor

100-500

outdoor

30 mW

IEEE

802.11g

Up to 54 Mbit/s 2.4 GHz 25-50 indoor 79 mW

IEEE

802.11a

6,9,12,24,36,49

and 54 Mbit/s

5 GHz 10-40 indoor 40mW,250

mW

IEEE

802.15.1

1 Mbit/s 2.4 GHz 10-100 1mW

1.4.2 APPLICATIONS OF MOBILE AD-HOC NETWORK

~ 7 ~

IEEE

802.15.3

110-480 Mbit/s 3-10 GHz 10 100mW,

250mW

IEEE

802.15.4

20, 40 or 250

Kbit/s

868 MHz,915

MHz or 2.4 GHz

10-100 1 mW

HiperLAN2 Up to 54 Mbit/s 5 GHz 30-150 200mW

or 1W

IrDA Up to 4 Mbit/s Infrared(850nm) 10 Distance

based

Home RF 1 Mbit/s (v 1.0)

10Mbit/s(v 2.0)

2.4 GHz 50 100 mW

IEEE

802.16

IEEE

802.16a

IEEE

802.16e

(Broadband

Wireless)

32-134 Mbit/s

Up to 75 Mbit/s

Up to 15 Mbit/s

10-66 GHz

<11 GHz

<6 GHz

2-5 km

7-10 km

2-5 km

Complex

power control

1.4.4 Applications of Mobile Ad-hoc Network

There is no clear picture of what these networks will be used for. The suggestion

varies from document sharing at conference to infrastructure enhancement and

military applications. In areas where no infrastructure is available, an ad-hoc network

could be used by a group of wireless mobile hosts. Other examples include business

associates wishing to share files or a class of students needs to interact during a

lecture. If each mobile host wishing to communicate is equipped with a wireless local

area network interface, the group of mobile hosts can form an ad-hoc network. Access

to internet and access to the resources in the network such as printer, will probably be

supported.

TABLE 1.4.5 MOBILE AD-HOC NETWORK APPLICATIONS

~ 8 ~

Table 1.3 Mobile Ad-hoc Network Applications

Application Possible Scenarios

Tactical networks Military communication

Automated battlefield

Emergency services Search and rescue operation

Disaster recovery

Policing and fire fighting

Supporting doctors and nurses in

the hospital

Commercial and civilian environment E-commerce

Dynamic database access, mobile

offices

Vehicular services: taxi cab

network, road or accident guidance

Sports stadium, trade fair, shopping

malls

Home and enterprise networking Home/office wireless networking

Conference, meeting rooms

Personal area networks

Network at construction site

Education Universities and campus setting

Virtual class rooms

Ad-hoc communication during

meetings or lectures

Entertainment Multi user games

Wireless P2P networking

Outdoor internet access

Robotic pets

Theme parks

1.5 ROUTING PROTOCOLS FOR MANET

~ 9 ~

Sensor networks Home appliances

Body area network

Data tracking of environment

conditions

Coverage extension Extending cellular network access

Linking up with the internet,

intranet etc.

1.5 ROUTING PROTOCOLS FOR MANET

Routing protocol specifies the rules which govern the communication between

numbers of nodes for exchange of information. It helps to find the shortest route from

source to destination. There are mainly two types of routing protocol. These are as

following:

Table Driven routing protocol (Proactive)

On-demand Routing Protocol (Reactive)

Hybrid Routing Protocol

1.5.1 Table Driven Routing Protocol

Table Driven protocol contains fresh list of the routes from source to destination. In

this type of protocol, one node contains more than one table for each node in the

network. All the nodes are updated regularly. If the topology frequently changes, then

updated information propagates to every node of the network and update table.

Because every node has information about network topology, Table Driven Routing

Protocols present several problems like periodically updating the network topology

increases bandwidth overhead, periodically updating route tables keeps the nodes

awake and quickly exhaust their batteries.

1.5.1.1 Destination Sequenced Distance Vector (DSDV)

Destination Sequenced Distance Vector is a loop free routing protocol in which the

shortest-path calculation is based on the Bellman-Ford algorithm. Data packets are

transmitted between the nodes using routing tables stored at each node. Each routing

1.5.1.1 DESTINATION SEQUENCED DISTANCE VECTOR (DSDV)

~ 10 ~

table contains all the possible destinations from a node to any other node in the

network and also the number of hops to each destination. The protocol has three main

attributes: to avoid loops, to resolve the count to infinity problem, and to reduce high

routing overhead. Each node issues a sequence number that is attached to every new

routing-table update message and uses two different types of routing-table updates to

minimize the number of control messages disseminated in the network. Each node

keeps statistical data concerning the average settling time of a message that the node

receives from any neighbouring node. The data is used to reduce the number of

rebroadcasts of possible routing entries that may arrive at a node from different paths

but with the same sequence number. DSDV takes into account only bidirectional links

between nodes.

DSDV routing-table construction starts with the condition that every node in the

network periodically exchange control messages with its neighbours to set up multi

hop paths to any other node in the network, in accordance with the Bellman-Form

algorithm. Each individual route to every destination is tagged with a destination

sequence number, which is issued by the destination node. Any route to a destination

with a higher destination sequence number replaces the same route with a smaller

destination sequence number in the node’s routing table, regardless of the number of

hops to this destination. Every node immediately advertises any significant change in

its routing table, such as a link failure to its neighbouring node(s), but waits for a

certain amount of time to advertise other changes. This time, has called the “settling

time”, is calculated by maintaining, for every destination, a running, weighted average

of the most recent updates of the routes. By implementing this advertising scheme,

DSDV tries to minimize the number of route updates transmitted by a node. Thus,

when a node receives a route update for a destination from one of its neighbouring

nodes, and a few seconds later, it receives a second update from a different

neighbouring node for the same destination with the same destination sequence

number, but a lower number of hops, the node does not immediately broadcast the

change in its routing table. This is highly possible in a MANET, in which the network

topology changes very dynamically. If this kind of policy were not in place, the node

would have to advertise two route updates within a short period, causing its

neighbouring nodes to broadcast new route updates to its neighbouring nodes. For this

purpose, each node maintains a table with the destination address, the last settling

1.5.1.2 OPTIMIZED LINK STATE ROUTING (OLSR)

~ 11 ~

time and the average settling time of this address. The node uses the information in

this table to check the stability of the route to a destination.

DSDV does not provide security mechanism to address security vulnerabilities

observed in MANETs. DSDV is vulnerable to any malicious node that disseminates

false routing updates due to periodic exchange of routing-update massages. Thus, an

attack to replace the destination sequence number in a route-update packet may have a

severe impact on the performance of the network. DSDV has certain advantages that

cannot be overlooked. First, the simplicity of the protocol is very similar to the classic

Distance Vector, with only small modifications to avoid loops, with the use of

destination sequence numbers. DSDV also presents low latency, as every node always

has a route to any destination in the network. However, DSDV does not scale well in

networks with high mobility, as the broken links create a “storm” of route updates.

This situation may severely degrade network performance, in which the available

bandwidth is limited. Another disadvantage of DSDV is that it does not support a

sleeping mode, as every node in the network must periodically broadcast changes or

full updates of its routing table. Those frequent and periodic route updates in the

network will also result in high-energy consumption. Also DSDV does not support

multicasting routing.

1.5.1.2 Optimized Link State Routing (OLSR)

Optimized Link State Routing is based on the link state algorithm and has been

modified and optimized to efficiently operate MANET routing. The main concept of

the protocol is to adapt the changes of the network without creating control messages

overhead due to the protocol flooding nature. Thus, the designers of OSLR decided to

have only a subset of the nodes, named Multipoint Relays (MPRs), in the network

responsible for broadcasting control messages and generating link state information.

A second optimization is that every MPR may choose to broadcast link state

information only between itself and the nodes that have selected it as an MPR.

Optimized Link State Routing is also designed to combine two separate sets of

functions. The core set of functions consists of all the protocol functions in play whe n

the protocol operates in a pure MANET, running OLSR as the Layer 3 protocol. A

second set of functions provides the additional necessary functions when a node has

more than one network’s devices and participates in more than one routing domain.

1.5.1.2 OPTIMIZED LINK STATE ROUTING (OLSR)

~ 12 ~

In OSLR, only multipoint relays (MPR) are designated for link state updates and

packet forwarding. In a typical flooding-based approach, a node broadcasts a message

either if it is the originator or if it has not received this message before. Thus, the

number of messages transmitted in the network is almost as large as the number of the

nodes in the network. Figure 1.9aa shows a typical flooding scenario. Figure 1.9b

shows the flooding in the entire network when using MPRs.

Fig: 1.3a Pure Flooding & 1.3b MPR Flooding

It is clear that the number of broadcasted messages can be greatly reduced by the

MPRs’ implementation. The set that consists of the nodes that are multipoint Relays is

called MPR set. Each node N in the network selects an MPR set that processes and

forwards every link state packet that node N originates. The neighbouring nodes of N

that are not in the MPR set process this packet, but do not further broadcast it. A node

N also maintains a subset of neighbours, named MPR selectors, which is the set of the

neighbours that have selected N as one of their MPRs. Each node may have one or

more MPRs. A condition for the selection of an MPR node is the assurance of

bidirectional links between it and its selectors. Each node in a network maintains a

routing table that enables a source node to send data packets to a destination node.

Four different types of information are used for the construction, calculation and

maintenance of routing information. Every node in the network obtains all the

information necessary for the construction of its routing table with a periodic

transmission of messages. The node, upon receiving this information, updates and

recalculates its routing table. When a link breaks or if the network topology changes

1.5.1.3 COMPARISON OF PROACTIVE ROUTING PROTOCOLS BASED ON

QUALITATIVE METRICS

~ 13 ~

due to a change in a node position in the network, no messages other than those

defined above are required for the update of the routing table.

OLSR does not provide security mechanism to ensure that nodes do not intentionally

provide false routing information. OLSR designers assume that there are already

additional security mechanisms in place at the lower layers of the network. However,

any persistent attack to any of the MPRs will result in flooding false link state

information to other nodes. The main advantages of OLSR are low latency and high

data delivery ratio because each node in the network maintains an up-to-date routing

table with all the destinations in the network. Thus, no additional connection se t-up

time is required for a node to send data packets to another node in the network. This

proactive nature of OLSR makes it a very attractive solution in networks where low

latency and high data delivery ratio are the main concerns. However, the main

disadvantage of this protocol comes from its proactive nature and the flooding

mechanism, despite the use of the MPRs. OLSR may introduce high routing

overhead, consuming a large portion of the available bandwidth. OLSR does not

support multicasting routing.

1.5.1.3 Comparison of Proactive Routing Protocols Based on Qualitative Metrics

All the above proactive protocols are loop-free. OSLR, as a modification of the link

state algorithm, does not introduce any loops into the routing process, except for

oscillations when the link costs depend on the amount of traffic carried by the link. In

the MANET scheme, however, link cost depends on the number of hops from a

source to a destination, thus avoiding oscillations. DSDV solves the pathologies that

the Distance Vector algorithm introduces, by the use of destination sequence

numbers. DSDV does not suffer from any kind of loops in the network. The proactive

behaviour of these protocols is guaranteed by the periodic exchange of control

messages. At any given time, every node has at least one route to any possible

destination in the network. We say “possible destination” because the physical

existence of a node in the network does not necessarily mean that the node is active or

that a route to the node exists, because the node may be out of the transmitting range

of all other nodes in the network.

1.5.1.3 COMPARISON OF PROACTIVE ROUTING PROTOCOLS BASED ON

QUALITATIVE METRICS

~ 14 ~

None of the above protocols addresses the security vulnerabilities that are obvious in

wireless networks. The proper function of these protocols is based on an assumption

that all the nodes exist and operate in a secure environment where link-and physical-

Layer security mechanisms are in place. DSDV is more secure than OLSR, as OLSR

functionality is based on the proper behaviour of the MPRs. DSDV do not support

unidirectional links. However, in wireless communication, unidirectional links will

exist and should be supported to take advantage of any possible paths from a source

node to a destination node. In MANETs, especially, there is no such “luxury” as

ignoring any possible paths, as routing protocols should take advantage of any link to

calculate routes in the network. OLSR designers take into account these limitations of

the wireless network and support both bidirectional and unidirectional links. As for

the “sleep mode” operation, only OLSR considers some extensions in its current

existing design to support such an operation. In a wireless ad-hoc network, in which

nodes depend mainly on batteries for their energy source, the sleep mode is a serious

attribute that should be supported by any routing protocol. Multicasting is not

considered by any of the above protocols. In real situations in tactical

communications, data will be destined to a group of nodes, rather than to an

individual node. Unicasting will decrease the bandwidth available for user data when

the same message has to be delivered to multiple nodes. We have also added three

additional metrics, to point out the differences in the design and implementation of the

three protocols. The way that all the above protocols calculate their routes from a

source node to a destination node follows the shortest distance approach, which

computes the smallest number of hops between the source and the destination.

Table 1.4 Comparison of Proactive Protocols

Qualitative Metrics DSDV OLSR

Loop Free Yes Yes

Proactive Behaviour Yes Yes

Security No No

Support for

Unidirectional

No Yes

1.5.2 ON-DEMAND ROUTING PROTOCOL

~ 15 ~

Links

Sleep mode No Yes

Multicasting No No

Routing Flat Flat

Nodes with special tasks No Yes

Routing Metric Shortest Distance Shortest Distance

1.5.2 On-demand Routing Protocol

It is a lazy approach in which a node does not contain the information of the all the

nodes and maintains table only on demand. To find the path, route discovery process

is follow. Reactive routing protocols are bandwidth efficient. In this, routes are built

as and when they are required. This is achieved by sending route requests across the

network. But it offers high latency when finding routes and also there is a possibility

of network clog when flooding is excessive.

There are many types of protocol are available in MANET. The efficiency of a routing

protocol is determined by its battery power consumption of a participating node and

routing of traffic into the network. Ad hoc routing protocols includes:

1.5.2.1 Ad-hoc On-demand Distance Vector Protocol

AODV is an on-demand routing protocol used in ad hoc networks. This protocol is

like any other on-demand routing protocol which facilitates a smooth adaptation to

changes in the link conditions. In case when a link fails, messages are sent only to the

affected nodes. With this information, it enables the affected nodes invalidate all the

routes through the failed link. AODV has low memory overhead, builds unicast routes

from source to the destination and network utilization is less. There is least routing

traffic in the network since routes are built on demand. When two nodes are in an ad

hoc network wish to establish a connection between each other, it will enable them

build multi hop routes between the mobile nodes involved. AODV needs to keep track

of the following information for each route table entry:

Destination IP Address: IP address for the destination node.

Destination Sequence Number: Sequence number for this destination.

1.5.2.1 AD-HOC ON-DEMAND DISTANCE VECTOR PROTOCOL

~ 16 ~

Hop Count: Number of hops to the destination.

Next Hop: The neighbor, which has been designated to forward packets to the

destination for this route entry.

Lifetime: The time for which the route is considered valid.

Active neighbor list: Neighbor nodes that are actively using this route entry.

Request buffer: Makes sure that a request is only processed once.

It is loop free protocol which uses Destination Sequence Numbers (DSN) to avoid

counting to infinity. This one is the distinguishing feature of this protocol. Requesting

nodes in a network send Destination Sequence Numbers (DSNs) together with all

routing information to the destination. It selects the optimal route based on the

sequence number.

AODV defines three messages: Route Requests (RREQs), Route Errors (RERRs) and

Route Replies (RREPs). These messages are used to discover and maintain routes

across the network from source to destination by use of UDP packets. Whenever there

is need to create a new route to the destination, the node which is requesting

broadcasts Route Requests. A Route is determined when this message reaches the

next hop node (intermediate node with routing information to the destina tion) or the

destination itself and the RREP has reached the originator of the request. Routes from

the originator of the RREQ to all the nodes that receive this message are cached in

these nodes. When a link failure occurs, Route Errors (RERRs) message is generated

[21].

Fig 1.4 AODV Route Discovery Process


~ 17 ~

Fig. 1.5 Best path with minimum Hop Count

Nodes N1 broadcasts RREQ packets to its neighbor nodes and update its table. Then

these nodes further forwards packets to its neighbor until the destination find outs and

fresh route find out. Each node maintains its sequence number and broadcast ID. For

every RREQ the node initiates broadcast ID which is incremented and together with

the node's IP address uniquely identifies an RREQ. At last that route will be the final

route that has the minimum hop count from source to destination. AODV uses mainly

two mechanisms to avoid high routing overhead caused by its flooding nature. The

first mechanism involves a binary exponential back off to minimize congestion in the

network. The second one involves an expanding ring search technique in which the

originator node starts broadcasting a RREQ message and the TTL value is set to a

minimum default value. If the originator node does not receive a RREP message

within a certain time interval, it exponentially increments the time interval and

increases the diameter of the searching ring. The maximum value for the ring

diameter is set by default to 35, which is, for AODV, the maximum value of the

network diameter. The two main advantages of AODV are its reactive nature, which

reduces the routing overhead in the network and the use of destination sequence

numbers that address routing loops and the “count to infinity” problem. However,

control message overhead can be introduced when every intermediate node originates


~ 18 ~

a RREP message, to satisfy a route discovery request if it has a valid route to the

destination, causing a RREP messages “storm”. Another disadvantage of AODV is

that the propagation of periodic HELLO messages from a node, to maintain

connectivity with its neighbouring nodes, will lead to bandwidth consumption. In

conclusion, the simple design, the low routing overhead and the ring searching

technique make AODV an attractive solution for networks in which the available

bandwidth is limited and nodes can form organized groups. Security weaknesses can

be addressed by either modifying the protocol with the proposed security extensions,

or by applying security mechanisms at the lower layers.

The advantage with AODV compared to classical routing protocols like distance

vector and link-state is that AODV has greatly reduced the number of routing

messages in the network. AODV achieves this by using a reactive approach. This is

probably necessary in an ad-hoc network to get reasonably performance when the

topology is changing often. AODV is also routing in the more traditional sense

compared to for instance source routing based proposals like DSR. The advantage

with a more traditional routing protocol in an ad-hoc network is that connections from

the ad-hoc network to a wired network like the Internet is most likely easier. The

sequence numbers that AODV uses represents the freshness of a route and is

increased when something happens in the surrounding area. The sequence prevents

loops from being formed, but can however also be the cause for new problems. What

happens for instance when the sequence numbers no longer are synchronized in the

network. This can happen when the network becomes partitioned, or the sequence

numbers wrap around. AODV only support one route for each destination. It should

however be fairly easy to modify AODV, so that it supports several routes per

destination. Instead of requesting a new route when an old route becomes invalid, the

next stored route to that destination could be tried. The probability for that route to

still be valid should be rather high. Although the Triggered Route Replies are

reduced in number by only sending the Triggered Route Replies to affected senders,

they need to traverse the whole way from the failure to the senders. This distance can

be quite high in numbers of hops. AODV sends one Triggered RREP for every active

neighbor in the active neighbor list for all entries that have been affected of a link

failure. This can mean that each active neighbor can receive several triggered RREPs

informing about the same link failure, but for different destinations, if a large fraction

of the network traffic is routed through the same node and this node goes down. An

1.5.2.2 DYNAMIC SOURCE ROUTING - DSR

~ 19 ~

aggregated solution would be more appropriate here. AODV uses hello messages at

the IP- level. This means that AODV does not need support from the link layer to

work properly. It is however questionable if this kind of protocol can operate with

good performance without support from the link layer. The hello messages add a

significant overhead to the protocol. AODV does not support unidirectional links.

When a node receives a RREQ, it will setup a reverse route to the source by using the

node that forwarded the RREQ as next hop. This means that the route reply, in most

cases is unicasted back the same way as the route request used. Unidirectional link

support would make it possible to utilize all links and not only the bi-directional

links. It is however questionable if unidirectional links are desirable in a real

environment. The acknowledgements in the MAC protocol IEEE 802.11 would for

instance not work with unidirectional links.

1.5.2.2 Dynamic Source Routing - DSR

Dynamic Source Routing belongs to the class of reactive protocols and allows nodes

to dynamically discover a route across multiple network hops to any destination.

Source routing means that each packet in its header carries the complete ordered list

of nodes through which the packet must pass. DSR uses no periodic routing messages

(e.g. no router advertisements), thereby reducing network bandwidth overhead,

conserving battery power and avoiding large routing updates throughout the ad-hoc

network. Instead DSR relies on support from the MAC layer (the MAC layer should

inform the routing protocol about link failures). The two basic modes of operation in

DSR are route discovery and route maintenance. Route discovery is the mechanism

whereby a node X wishing to send a packet to Y, obtains the source route to Y. Node

X requests a route by broadcasting a Route Request (RREQ) packet. Every node

receiving this RREQ searches through its route cache for a route to the requested

destination. DSR stores all known routes in its route cache. If no route is found, it

forwards the RREQ further and adds its own address to the recorded hop sequence.

This request propagates through the network until either the destination or a node with

a route to the destination is reached. When this happen a Route Reply (RREP) is

unicasted back to the originator. This RREP packet contains the sequence of network

hops through which it may reach the target. In Route Discovery, a node first sends a

RREQ with the maximum propagation limit (hop limit) set to zero, prohibiting its

neighbors from rebroadcasting it. At the cost of a single broadcast packet, this

1.5.2.2 DYNAMIC SOURCE ROUTING - DSR

~ 20 ~

mechanism allows a node to query the route caches of all its neighbors. Nodes can

also operate their network interface in promiscuous mode, disabling the interface

address filtering and causing the network protocol to receive all packets that the

interface overhears. These packets are scanned for useful source routes or route error

messages and then discarded. The route back to the originator can be retrieved in

several ways. The simplest way is to reverse the hop record in the packet. However

this assumes symmetrical links. To deal with this, DSR checks the route cache of the

replying node. If a route is found, it is used instead. Another way is to piggyback the

reply on a RREQ targeted at the originator. This means that DSR can compute correct

routes in the presence of asymmetric (unidirectional) links. Once a route is found, it is

stored in the cache with a time stamp and the route maintenance phase begins. Route

maintenance Route maintenance is the mechanism by which a packet sender S detects

if the network topology has changed so that it can no longer use its route to the

destination D. This might happen because a host listed in a source route, move out of

wireless transmission range or is turned off making the route unusable. A failed link is

detected by either actively monitoring acknowledgements or passively by running in

promiscuous mode, overhearing that a packet is forwarded by a neighboring node.

When route maintenance detects a problem with a route in use, a route error packet is

sent back to the source node. When this error packet is received, the hop in error is

removed from this hosts route cache, and all routes that contain this hop are truncated

at this point. DSR uses the key advantage of source routing. Intermediate nodes do not

need to maintain up-to-date routing information in order to route the packets they

forward. There is also no need for periodic routing advertisement messages, which

will lead to reduce network bandwidth overhead, particularly during periods when

little or no significant host movement is taking place. Battery power is also conserved

on the mobile hosts, both by not sending the advertisements and by not needing to

receive them; a host could go down to sleep instead. This protocol has the advantage

of learning routes by scanning for information in packets that are received. However,

each packet carries a slight overhead containing the source route of the packet. This

overhead grows when the packet has to go through more hops to reach the destination.

So the packets sent will be slightly bigger, because of the overhead. Running the

interfaces in promiscuous mode is a serious security issue. Since the address filtering

of the interface is turned off and all packets are scanned for information. A potential

intruder could listen to all packets and scan them for useful information such as

1.5.2.3 Comparison of Reactive Routing Protocols Based on Qualitative Metrics

~ 21 ~

passwords and credit card numbers. Applications have to provide the security by

encrypting their data packets before transmission. The routing protocols are prime

targets for impersonation attacks and must therefore also be encrypted. One way to

achieve this is to use IP-sec. DSR also has support for unidirectional links by the use

of piggybacking the source route a new request. This can increase the performance in

scenarios where we have a lot of unidirectional links. We must however have a MAC

protocol that also supports this.

1.5.2.3 Comparison of Reactive Routing Protocols Based on

Qualitative Metrics

All the above reactive protocols are loop-free. None addresses security vulnerabilities

that exist in a wireless ad-hoc network. However, there are certain proposals for

providing secure routing at Layer 3 for all the above protocols. Although security is a

major concern in communications, we find that the proposed security mechanisms

will increase processing time, power consumption, and latency. Note that reactive

routing protocols already suffer from high latency in the network. Only DSR in its

current state, without any modification, can support both bidirectional and

unidirectional links. However, DSR will introduce high routing overhead as routing

information is stored at the data packets’ header. Thus, DSR will not scale well in

large networks if communicating nodes are located at opposite edges of the network.

None of the three protocols supports the “sleep mode,” another important factor for

power preservation, especially in battery-powered mobile nodes. AODV will

consume more power than DSR due to the exchange of periodic HELO messages.

Only AODV supports multicasting, another important attribute of a routing protocol.

None of these protocols depends on any kind of node with special or crucial tasks. All

nodes in the network have the same tasks and play the same role in the routing

process. This is important, because the lack of “critical” nodes guarantees the

inexistence of any single point of failure in the network.

Finally, given qualitative metrics and the attributes of the three protocols, we suggest

that AODV and DSR would be good candidates for the routing protocol in tactical

mobile ad-hoc wireless networks. Therefore, we choose both AODV and DSR for

further evaluation in our simulation.

1.5.3 HYBRID ROUTING PROTOCOLS

~ 22 ~

Table 1.5 Comparison of Reactive protocols.

Qualitative Metrics AODV DSR

Loop Free Yes Yes

Reactive Behaviour Yes Yes

Security No No

Support for

Unidirectional Links

No No

Sleep Mode No No

Multicasting Yes No

Routing scheme Flat Flat

Nodes with special tasks No No

Routing Metric Shortest Path Shortest Path

1.5.3 Hybrid Routing Protocols

Hybrid routing protocols are designed to combine the benefits of both proactive as

well as reactive routing protocols and aims at achieving best performance with least

degradation in the network. The hybrid routing protocols used for mobile ad-hoc

network are:

1.5.3.1 Zone Routing Protocol (ZRP)

Zone Routing Protocol is a distributed routing protocol that combines both a proactive

and a reactive scheme for route discovery and maintenance. The basic idea of the protocol is the creation of areas, or zones, where every node proactively maintains

one route or multiple routes to any destination inside the zone and reactively obtains routing information for any node outside of the zone. The zone diameter may be defined in advance, before nodes form the network, or it may be optimized by every

node, based on ZRP traffic measurements. The radius of a node’s zone plays a significant role in the proper behaviour of the protocol. If the network consists of a

large number of nodes with medium to low mobility or the demand for routes is high, a large value for the radius is preferable to avoid the frequent dissemination of routing requests and reply messages. On the other hand, if the network consists of a small

number of nodes with high mobility or the demand for routes is small, the radius value should also be small to avoid overhead of periodic routing update messages.

ZRP consists of two main protocols. The Intrazone Routing Protocol (IARP) is responsible for finding and maintaining valid routes in the internal zones between any source/destination pair at all times. Any proactive routing protocol that we studied in

the previous sections, such as DSDV, can be used as the ZRP IARP. The Interzone Routing Protocol (IERP) is responsible for finding any available route outside of the

1.5.3.1 ZONE ROUTING PROTOCOL (ZRP)

~ 23 ~

node’s internal zone. The scope behind this implementation is to reduce routing

overhead and delay and to respond better in the topological changes of the network.

ZRP is a loop-free protocol and provides support for unidirectional links, hierarchical

routing, and interconnection with other non-ZRP routing domains when every node’s

network interface is assigned a unique IP address. The route discovery process in ZRP

depends on the location of the destination node. If the destination node is located

inside the source node’s intra zone, the protocol acts like any other proactive protocol,

thus ensuring that there is always a route to any destination in the intra zone. When

the destination node is located outside of the source’s intra zone, the source node

initiates a route discovery process and the IERP is assigned to accomplish this task.

To avoid large-scaled dissemination of routing request messages ZRP employs a third

protocol, the Border cast Resolution Protocol (BRP) which is a sub- layer of the IERP

protocol. The BRP identifies the nodes that are located in the source node’s zone

perimeter and forwards the route request messages only to those peripheral nodes.

There is a possibility of collisions when multiple nodes transmit the RREP messages

back to the source. However, the border-casting scheme minimizes the propagation of

RREQ messages within a small region, except when the source/destination pair is

located at opposite edges of the network. When a peripheral node does not have a

route to the destination node, it originates a RREQ message and border-casts the

message to its peripheral nodes. That procedure continues until a route to the

destination is found. Route maintenance takes place when a node in an active route

detects a link failure in the route: the node employs a local reconfiguration of the path

by searching for an alternate route to the destination. If such a route exists, the node

originates an update message to inform all other nodes in the path and the source node

of a change in the path. The source node may continue sending data packets in the

new non-optimized route. If the source node wants to obtain a new optimal route, it

regenerates a RREQ message, as previously discussed. ZRP does not employ any

security mechanisms to ensure secure routing.

However, any security mechanisms that have been proposed for other routing

protocols can be applied to ZRP as well. Every node in the network can be in a

promiscuous mode, overhearing transmissions from its neighbours and gathering

statistical data on its neighbour’s behaviour. Again, in this case, there is a trade-off

between processing time, latency, and security. ZRP seems to employ the best

characteristics of both reactive and proactive protocols. It avoids flooding the network

1.5.3.2 GREEDY PERIMETER STATELESS ROUTING (GPSR)

~ 24 ~

with large-scaled Route Request messages, as reactive protocols do, and the periodic

exchange of HELLO messages in the proactive scheme. Thus, ZRP reduces routing

overhead in an inexpensive way. The only visible drawback of the protocol is,

perhaps, that its performance depends heavily on the zone radius. For tactical

communications, however, the zone radius can be set up in advance, before the

establishment of the network, as the data traffic, the estimated velocity of the nodes,

and the number of the nodes in the network is known prior.

1.5.3.2 Greedy Perimeter Stateless Routing (GPSR)

Greedy Perimeter Stateless Routing is a hybrid protocol whose functionality depends

on knowledge of the geographic location of the nodes in network. That knowledge

can be obtained by integrating a GPS device into the communication device or by

other available means. Every node in the network must know its own location and the

location of its neighbouring nodes. Thus, every node periodically broadcasts its

address and its location in x and y coordinates to all of its neighbouring nodes. Data-

packet forwarding decisions are based on the locations of both the source and the

destination node. An address-to-location look-up algorithm is implemented to map a

node address to its location. A periodic exchange of beacons, which encapsulate the

node address and location, is similar to the behaviour of proactive protocols. The

absence of any periodic route table information is closer to the philosophy of reactive

protocols. GPSR employs two algorithms to forward data packets from a source to a

destination node: the greedy forwarding algorithm and the perimeter forwarding,

algorithm. The objective of the protocol’s design is to minimize routing overhead and

increase the packet delivery ratio in a network, by effectively responding to network

topology changes without the dissemination of large scaled control messages. GPSR

makes use only of bidirectional links between a node and its neighbours and does not

support hierarchical routing. In most cases, GPSR uses greedy forwarding for data

packet delivery from a source or any intermediate node to the next node. The greedy

forwarding algorithm needs to know the locations of a node’s neighbours and the

location of the destination node. According to this algorithm, the next-hop decision is

based on the distance between the next node and the destination node.

1.5.3.2 GREEDY PERIMETER STATELESS ROUTING (GPSR)

~ 25 ~

Figure 1.6 Greedy Forwarding in GPSR

Each node forwards data packets to the next node that has the shortest distance to the

destination node amongst other nodes in the node’s “neighbourhood”. We define a

node’s “neighbourhood” as the nodes within transmission range of a node. Figure

1.12 shows greedy forwarding in GPSR. The curved dotted lines denote a node’s

transmission range.

However, greedy forwarding does not cover a case in which the distance between an

intermediate node and the destination is the lowest as compared to distances from the

intermediate node’s neighbours and the destination node. The shorter-distance

neighbour then uses greedy forwarding to forward the data packet to the destination.

However, there is always a possibility in mobile wireless networks that a destination

node will be unreachable by any other node in the network. In that case, the data

packet travels around the perimeter trying to find a path to the destination. If a path

does not exist, the perimeter-forwarding algorithm never allows the packet to travel

twice across the same link in the same direction. If a node “sees” that the only

possible way to forward a data packet is to use a previous link toward the same

direction, it drops the packet. This function ensures the loop-free behaviour of the

protocol. GPSR does not address any security vulnerabilities that exist in a mobile

wireless network. Any attack on the location-finding algorithm will have severe

consequences for the protocol’s performance because the proper behaviour of the

protocol is built on its knowledge of the location of destination nodes. GPSR presents

1.5.3.3 COMPARISON OF HYBRID PROTOCOLS BASED ON QUALITATIVE

METRICS

~ 26 ~

certain advantages over other protocols we have studied. First, it does not use any

type of control messages, such as route requests and error messages. Second, it does

not flood the network with any other type of control messages, except those between a

node and its neighbours, for location-finding purposes. Perhaps the only visible

drawback of GPSR is its dependence on “external” devices, such as GPS, that

increase the implementation cost. For tactical implementation, this cost may be

affordable. Any malfunction of the GPS device will degrade the protocol’s

performance and may lead to network crash.

1.5.3.3 Comparison of Hybrid Protocols Based on Qualitative Metrics

Both ZRP and GPSR are loop-free protocols. ZRP ensures loop- free “behaviour” by

employing loop-free protocols inside inter and intra-zones. On the other hand,

GPSR’s perimeter- forwarding algorithm never allows a packet to travel twice across

the same link toward the same direction. ZRP’s proactive behaviour is more obvious

than that of GPSR, in which nodes broadcast periodic beacons to their neighbours for

location-update purposes. ZRP seems to present higher routing overhead depending

on the zone radius. ZRP behaves like any other proactive protocol for the large value

of this radius. However, one can optimize the value of the zone radius to meet the

needs of the wireless network. If low latency is the main concern, reflecting lower

data rates, the zone radius value should be high at least a zone_radius >1. None of the

above protocols addresses the security vulnerabilities of wireless networks. A possible

solution is again monitoring the behaviour of the nodes in the network, or employing

security mechanisms at the link or physical Layers. GPSR seems to be more

vulnerable than ZRP, as GPRS functionality is built on accurate location

advertisements by the nodes in the network. Any malfunction of the GPS devices will

degrade the protocol’s performance. Only ZRP provides support for unidirectional

links, hierarchical routing, and interconnection with other non-ZRP routing domains.

These are important attributes for a routing protocol for MANETs as they provide the

means for extending an existing network with MANET technology, or

interconnecting a MANET with other mobile and fixed networks. As for the “sleep

mode” operation, none of these protocols directly supports such an operation. The

ZRP ‘‘sleep mode” depends on the routing protocols that operate in the intra and inter

zones. If OLSR is the routing protocol for the intra-zones, then ZRP can at least

partially support this mode. GPSR does not support multicasting. Routing decisions

1.6 SECURITY OF MOBILE ADHOC NETWORK

~ 27 ~

are solely based on the location of the destination node. On the other hand, ZRP

depends on the “underlying” routing protocols within the inter and intra-zones.

Table 1.6 Comparison of Hybrid Routing Protocols

Qualitative Metrics ZRP GPSR

Loop Free Yes Yes

Security No No

Support for Unidirectional

Links Yes Yes

Sleep Mode Partly No

Multicasting Partly No

Routing scheme Flat and hierarchical Flat

Nodes with special tasks No No

Routing Metric Shortest path Shortest path

1.6 SECURITY OF MOBILE ADHOC NETWORK

In a MANET, a collection of mobile hosts with wireless network interfaces form a

temporary network without the aid of any fixed infrastructure or centralized

administration. Without some form of network- level or link-layer security, a

MANET routing protocol is vulnerable to many forms of attack. It may be relatively

simple to snoop network traffic, replay transmissions, manipulate packet headers, and

redirect routing messages, within a wireless network without appropriate security

provisions. While these concerns exist within wired infrastructures and routing

protocols as well, maintaining the "physical" security of the transmission media is

harder in practice with MANETs. Sufficient security protection to prohibit disruption

of modification of protocol operation is desired. The success MANET strongly

depends on whether its security can be trusted. However, the characteristics of

MANET pose the challenges and opportunities in achieving the security goals. We

have a variety of attacks that target the weakness of MANET. For example, the

1.6.1 ATTACKS ON MOBILE AD-HOC NETWORK

~ 28 ~

routing messages are an essential component of mobile network communications.

There is possibility that the intermediate node (malicious node) attacks can target the

routing discovery or maintenance phase by not following the specifications of the

routing protocols. There are also some attacks that target some particular routing

protocols, such as DSR, or AODV. The attacks such as Black Hole attack, Gray hole

attack, Wormhole attack have been identified in various published papers. Currently

routing security is one of the hottest research areas in MANET.

A significant amount of research has been devoted to study security issues as well as

countermeasures to various attacks in MANET. However, I believe that there is still

much research work needed to be done in the area. The aim of the study is to detect

the multiple Black Hole nodes using AODV protocol in MANET. The black hole

node is responsible for dropping a number from packets after advertising itself as the

valid path to source node. The detection of the cooperative black hole nodes will

provide more security to MANET. The Route discovery and route maintenance

phases in the AODV protocol will be secured more.

1.6.1 Attacks on Mobile Ad-hoc Network

The attacks in mobile ad-hoc network are done in order to interrupt the

communication or to steal the information. The attacks in mobile ad hoc networks can

be broadly classified into two distinct categories viz. Active attacks and Passive

attacks. An active attack is that attack which any data or information is inserted into

the network so that information and operation may harm. It involves modification,

fabrication and disruption and affects the operation of the network. Example of active

attacks is impersonation, spoofing. A passive attack obtains data exchanged in the

network without disturbing the communications operation. The passive attacks are

difficult to detection. In its, operations are not affected. The operations supposed to

be accomplished by a malicious node ignored and attempting to recover valuable data

during listens to the channel. Some of the most common attacks on mobile ad-hoc

networks include:

1.6.1.1 Denial of Service Attack

A denial-of-service attack is characterized by an explicit attempt by attackers to

prevent legitimate users of a service from using that service. Examples include

1.6.1.1 DENIAL OF SERVICE ATTACK

~ 29 ~

Attempts to "flood" a network, thereby preventing legitimate network traffic.

Attempts to disrupt connections between two machines, thereby preventing access

to a service.

Attempts to prevent a particular individual from accessing a service.

Attempts to disrupt service to a specific system or person.

Denial-of-service attacks can essentially disable your computer or your

network. Denial-of-service attacks come in a variety of forms and aim at a variety of

services. There are three basic types of attack:

consumption of scarce, limited, or non-renewable resources

destruction or alteration of configuration information

physical destruction or alteration of network components

Denial-of-service attacks are most frequently executed against network connectivity.

The goal is to prevent hosts or networks from communicating on the network. An

intruder may also be able to consume all the available bandwidth on your network by

generating a large number of packets directed to your network. Typically, these

packets are ICMP ECHO packets, but in principle they may be anything. Further, the

intruder need not be operating from a single machine; he may be able to coordinate or

co-opt several machines on different networks to achieve the same effect. In addition

to network bandwidth, intruders may be able to consume other resources that your

systems need in order to operate. For example, in many systems, a limited number of

data structures are available to hold process information (process identifiers, process

table entries, process slots, etc.). An intruder may be able to consume these data

structures by writing a simple program or script that does nothing but repeatedly

create copies of itself. For example, consider the following Fig. 3. Assume a shortest

path exists from S to X and C and X cannot hear each other, that nodes B and C

cannot hear each other, and that M is a malicious node attempting a denial of service

attack. Suppose S wishes to communicate with X and that S has an unexpired route to

X in its route cache. S transmits a data packet toward X with the source route S --> A

--> B --> M --> C --> D --> X contained in the packet’s header. When M receives the

packet, it can alter the source route in the packet’s header, such as deleting D from the

source route. Consequently, when C receives the altered packet, it attempts to forward

the packet to X. Since X cannot hear C, the transmission is unsuccessful.

1.6.1.2 WORMHOLE ATTACK

~ 30 ~

Fig: 1.7 Denial of service attack

1.6.1.2 Wormhole Attack

It is a network layer attack. In wormhole attack, a malicious node receives packets at

one location in the network and tunnels them to another location in the network,.

Fig: 1.8 Wormhole attack

1.6.1.2 WORMHOLE ATTACK

~ 31 ~

where these packets are resent into the network. This tunnel between two colluding

attackers is referred to as a wormhole. It could be established through wired link

between two colluding attackers or through a single long-range wireless link. In this

form of attack the attacker may create a wormhole even for packets not addressed to

itself because of broadcast nature of the radio channel. For example in Fig. 1, X and Y

are two malicious nodes that encapsulate data packets and falsified the route lengths

Suppose node S wishes to form a route to D and initiates route discovery. When X

receives a route request from S, X encapsulates the route request and tunnels it to Y

through an existing data route, in this case {X --> A --> B --> C --> Y}. When Y

receives the encapsulated route request for D then it will show that it had only

travelled {S --> X --> Y --> D}. Neither X nor Y update the packet header. After

route discovery, the destination finds two routes from S of unequal length: one is of 4

and another is of 3. If Y tunnels the route reply back to X, S would falsely consider

the path to D via X is better than the path to D via A. Thus, tunnelling can prevent

honest intermediate nodes from correctly incrementing the metric used to measure

path lengths. Though no harm is done if the wormhole is used properly for efficient

relaying of packets, it puts the attacker in a powerful position compared to other

nodes in the network, which the attacker could use in a manner that could

compromise the security of the network. The wormhole attack is particularly

dangerous for many ad hoc network routing protocols in which the nodes that hear a

packet transmission directly from some node consider themselves to be in range of

(and thus a neighbour of) that node.

1.6.1.3 Byzantine Attack

In this attack, a compromised intermediate node or a set of compromised intermediate

nodes works in collusion and carries out attacks such as creating routing loops,

forwarding packets on non-optimal paths and selectively dropping packets which

results in disruption or degradation of the routing services. It is hard to detect

byzantine failures. The network would seem to be operating normally in the

viewpoint of the nodes, though it may actually be showing Byzantine behaviour.

1.6.1.4 BLACK HOLE ATTACK

~ 32 ~

1.6.1.4 Black hole Attack

.

Fig: 1.9 Black hole attack

In this attack, an attacker uses the routing protocol to advertise itself as having the

shortest path to the node whose packets it wants to intercept. An attacker listen the

requests for routes in a flooding based protocol. When the attacker receives a request

for a route to the destination node, it creates a reply consisting of an extremely short

route. If the malicious reply reaches the initiating node before the reply from the

actual node, a fake route gets created. Once the malicious device has been able to

insert itself between the communicating nodes, it is able to do anything with the

packets passing between them. It can drop the packets between them to perform a

denial-of-service attack, or alternatively use its place on the route as the first step in a

man-in-the-middle attack

For example, in Fig. 1.9, source node S wants to send data packets to destination node

D and initiates the route discovery process. We assume that node 2 is a malicious

node and it claims that it has route to the destination whenever it receives route

request packets, and immediately sends the response to node S. If the response from

the node 2 reaches first to node S then node S thinks that the route discovery is

complete, ignores all other reply messages and begins to send data packets to node 2.

As a result, all packets through the malicious node is consumed or lost.

1.7 BLACK HOLE PROBLEM IN AODV PROTOCOL

~ 33 ~

1.6.1.5 Gray-hole attack

This attack is also known as routing misbehavior attack. It leads to messages

dropping. It has two phases. In the first phase a valid route to destination is advertise

by nodes itself. In second phase, with a certain probability nodes drops intercepted

packets.


AODV (Ad hoc On Demand Distance Vector) is an important on-demand routing

protocol that creates routes only when desired by the source node. When a node

requires a route to a destination, it broadcasts a route request (RREQ) packet to its

neighbors, which then forward the request to their neighbors, and so on, until either

the destination or an intermediate node with a “fresh enough” route to the destination

is located.

Fig. 1.10 Routing Discovery Process in AODV protocol


~ 34 ~

In this process the intermediate node can reply to the RREQ (Route Request) packet

only if it has a fresh enough route to the destination. Once the RREQ (Route Request)

reaches the destination or an intermediate node with a fresh enough route, the

destination or intermediate node responds by unicasting a route reply (RREP) packet

back to the neighbor from which it first received the RREQ (Route Request). After

selecting and establishing a route, it is maintained by a route maintenance procedure

until either the destination becomes inaccessible along every path from the source or

the route is no longer desired. A RERR (Route Error) message is used to notify other

nodes that the loss of that link has occurred. A black hole problem means that a

malicious node utilizes the routing protocol to claim itself of being the shortest path

to the destination node, but drops the routing packets but does not forward packets

to its neighbors. Imagine a malicious node ‘M’.

Fig. 1.11 Black Hole Attack in AODV protocol


~ 35 ~

When node ‘A’ broadcasts a RREQ packet, nodes ‘B’ ‘D’ and ‘M’ receive it. Node ‘M’,

being a malicious node, does not check up with its routing table for the requested

route to node ‘E’. Hence, it immediately sends back a RREP packet, claiming a route

to the destination. Node ‘A’ receives the RREP from ‘M’ ahead of the RREP from ‘B’

and ‘D’. Node ‘A’ assumes that the route through ‘M’ is the shortest route and sends

any packet to the destination through it. When the node ‘A’ sends data to ‘M’, it

absorbs all the data and thus behaves like a ‘Black hole’.

In AODV (Ad hoc On Demand Distance Vector), the sequence number is used to

determine the freshness of routing information contained in the message from the

originating node. When generating RREP (Route Request) message, a destination

node compares its current sequence number, and the sequence number in the RREQ

(Route Request) packet plus one, and then selects the larger one as RREPs (Route

Request) sequence number. Upon receiving a number of RREP (Route Request), the

source node selects the one with greatest sequence number in order to construct a

route. But, in the presence of black hole when a source node broadcasts the RREQ

(Route Request) message for any destination, the black hole node immediately

responds with an RREP (Route Request) message that includes the highest sequence

number and this message is perceived as if it is coming from the destination or from

a node which has a fresh enough route to the destination. The source then starts to

send out its packets to the black hole trusting that these packets will reach the

destination. Thus the black hole will attract all the packets from the source and

instead of forwarding those packets to the destination it will simply discard those.

Thus the packets attracted by the black hole node will not reach the destination.

1.8 CONCLUDING REMARKS

In this chapter, we described various aspects related to wired and wireless networks.

The routing protocols for MANET have been discussed to understand the working of

MANET. In the last section we describe the various security threats to MANET and it

is concluded that MANET networks are an easy target from security point of view and

a secure mechanism is required to protect the network from various attacks.

LITERATURE REVIEW

~ 36 ~

CHAPTER 2

LITERATURE REVIEW

Mohammad Al-Shurman et. al [2004], proposed two solutions to black hole attacks

prevalent in mobile ad-hoc network. The first solution is to find multiple paths to send

data from source to destination. The source sends ping packets along these different

routes with different packet Id’s and sequence number. The source checks the RREP’s

from different routes and try to find a secure route having a hop that is shared in more

than one route to the destination. This method ensures secure route to destination but

at the expense of the time delay caused due to waiting for another RREP from an

alternate route. The second method explores the possibility of using the sequence

number for identifying the fake replies from genuine replies. In this, two additional

tables are used to record sequence number of last sent packet and last received packet.

These tables are updated whenever a packet is sent or received and the destination

node sends RREP packet along with last packet sequence number. This solution

ensures faster delivery of packets. First solution is more secure but delay is large

while the second solution is quick in delivering the packets but a malicious node can

listen to the channel and can update its tables for the last sequence number.

Jeroen Hoebeke Et. Al [2005], discussed about application of mobile ad-hoc

networks and the challenges being faced while using them. In this paper, a complete

introduction has been given about the wireless networks. Moreover this paper

provides an insight into the potential applications of ad-hoc networks and discusses

the technological challenges being faced by network and protocol designers. Most

prominent of the challenges are routing, resource and service discovery and security.

Different attacks pertaining to security are deletion, fabrication, replication and

redirection of data packets. But despite challenges, mobile ad-hoc network opens a

new business opportunity for service providers.

Giovanni Vigna et. Al [2005], demonstrated an effective intrusion detection tool that

can be used to for detecting attacks in mobile ad-hoc network while using limited

LITERATURE REVIEW

~ 37 ~

amount of resources. The tool monitors network packets to detect attacks within its

range. This tool is based on State Transition Analysis Technique (STAT).

AODVSTAT sensors can be used in standalone mode to detect attacks in

neighborhood only or distributed mode, in which update messages are exchanged

between sensors to detect attacks in distributed manner. This scheme works well for

detecting both single hop as well as distributed attacks in mobile ad-hoc networks

while imposing a very small overhead on nodes.

Mehdi Medadian et. al [2009], proposed a novel approach for countering the black

hole attack. The approach is based on using negotiations with neighbors who claim to

have a route to destination. In this approach, any node uses a set of rules to decide the

honesty of the reply’s sender. During packet transferring, the activities of a node are

logged by its neighbors. These neighbors send their opinion about a node. When a

node receives replies from all neighbors, it is able to decide whether the replier is a

malicious node or a legitimate node. The opinion send by neighbors is based on the

number of packets sent to a particular node and number of packets forwarded by it.

The method yields better percentage of packets received in presence of cooperative

black hole attack.

Payal N. Raj and Prashant B. Swadas [2009], proposed DPRAODV (detection,

prevention and reactive AODV) to prevent the black hole attack by informing the

other nodes about the malicious node. As the value of RREP sequence number is

found to be higher than the threshold value, the node is suspected to be malicious and

it adds the node to the black list. As the node detected an anomaly, it sends a new

control packet, ALARM to its neighbors. The ALARM packet has the black list node

as a parameter so that, the neighboring nodes know that RREP packet from the node

is to be discarded. Further, if any node receives the RREP packet, it looks over the

list, if the reply is from the blacklisted node; no processing is done for the same. The

threshold value is the average of the difference of destination sequence number in

each time slot between the sequence number in the routing table and the RREP

packet. The purposed solution not only detects the black hole attack, but tries to

prevent it further, by updating threshold which reflects the real changing environment.

Other nodes are also updated about the malicious act by an ALARM packet, and they

react to it by isolating the malicious node from network.

LITERATURE REVIEW

~ 38 ~

Songbai Lu et. al [2009], proposed a method that is effective and secure against the

black hole attack in mobile ad-hoc network. This method is works on the basis of

direct verification of the destination node using random number exchange. In this

method, the source node sends verification packet SRREQ (Secure Route Request) to

destination node along opposite direction route of RREP (Route Reply) received

while the verification packet contains random number. This packet is forwarded using

different routing paths. At the destination end, upon receiving two or more SRREQ

(Secure Route Request) packets, their contents are checked. If content are same,

verification confirm packet SRREP (Secure Route Reply) is sent to source along

different routing paths. On the source end, upon receiving two or more SRREP

(Secure Route Reply) packets, their contents are checked for match. If they match, the

route is added to the routing table and warning message regarding malicious nodes, is

propagated throughout the network. This scheme can effectively prevent black hole

attack and also maintain a high routing efficiency.

Harris Simaremare and Riri Fitri Sari [2011], proposed two different approaches

viz. AODV-UI (based on reverse request method) and PHR-AODV (Path Hoping on

Reverse AODV) and subjected these approaches to various attacks faced by mobile

ad-hoc networks. These approaches aim at improving performance as well as security

and various metrics viz. packet delivery ratio, end to end delay and packet lost, are

used. AODV-UI method works like AODV but with an exception that if one route is

lost, route discovery process is not started. Rather the alternate route found earlier in

route discovery is selected. This enhances the performance as there is no need to

search for routes again and again. PHR-AODV method determines multipath for

sending data to destination and checks whether the path is broken or not. If broken,

path is deleted from the list and new path is selected. AODV-UI performs better in

terms of packets lost, end to end delay and packet delivery ratio. But in presence of

black hole nodes, PHR-AODV performs better.

Praveen Joshi [2011], discussed security concerns in routing protocols in MANET

(Mobile Ad hoc Network). In this paper, elaborate study has been done on the

various attacks encountered in mobile ad hoc network and the protocols used for this

type of network. The various routing protocols used can be broadly classified into

proactive and reactive routing protocols. The attacks associated with ad hoc routing

LITERATURE REVIEW

~ 39 ~

protocols can be dynamic topology of ad hoc networks, noise and signal interference

with wireless channel, and implicit trust relationships between neighbors.

Cryptography, authentication, digital signatures can be used to prevent malicious

attacks. Moreover intrusion detection systems and cooperation enforcement

mechanisms can be used for this purpose. This paper provides an insight into the

various attacks and the counter mechanisms employed against the malicious attacks.

Priyanka Goyal et. Al [2011], describes the elementary problems of ad hoc network

by providing its background. The most common challenges involved are limited

bandwidth, less computational and battery power and security. It presents an overview

of the routing protocols being used and their issues. Moreover desired security goals

such as availability, confidentiality, integrity, authorization etc. have been discussed.

The general trend is towards mesh architecture and improvements to be made to

capacity and bandwidth. Thus it ensures smaller, cheaper and more capable ad-hoc

networks.

Sunil Taneja et. al [2011], demonstrated the performance based comparison of the

two most widely used routing protocols, AODV (Ad hoc On Demand Distance

Vector) & DSR (Dynamic Source Routing), used in mobile ad-hoc networks. Both

these protocols have their own advantages. DSR (Dynamic Source Routing) does not

uses periodic routing messages like AODV (Ad hoc On Demand Distance Vector),

thereby reducing network bandwidth overhead. Moreover the routes are maintained

only between nodes that need to communicate. Thus route maintenance overhead is

reduced. AODV (Ad hoc On Demand Distance Vector) routing protocol favors least

congested route instead of the shortest route and supports both unicast and multicast

communication. Despite these benefits, AODV (Ad hoc On Demand Distance

Vector) is better performer when the medium is denser. Denser mediums are the

choice for a number of applications therefore AODV (Ad hoc On Demand Distance

Vector) is better choice and thus enjoys a preference than DSR (Dynamic Source

Routing) over mobile ad-hoc networks.

A.S. Bhandare et. al [2011], discussed two routing protocols namely AODV (Ad hoc

On Demand Distance Vector) & DSR (Dynamic Source Routing) and proposed a

method called Intrusion Detection using Anomaly Detection to provide security

LITERATURE REVIEW

~ 40 ~

against single and multiple black hole attacks in mobile ad-hoc network. This scheme

works on the principle of differentiating malicious nodes from reliable nodes by

monitoring and detecting anomaly activities of an intruder based on the normal

activities that are to be carried out. This scheme is based on the host based intrusion

detection as there is no central control over the device that monitors traffic flow. A set

of parameters viz. single hop count, maximum destination sequence number, life- long

route, destination IP (Internet Protocol) address and timestamp, are used to

differentiate a fake reply from a legitimate reply. This method is easy to deploy and

works on the principle of self-protection.

Jaydip Sen et. al [2011], proposed a novel method to defend mobile ad-hoc network

against cooperative black hole attack using AODV (Ad hoc On Demand Distance

Vector) routing protocol. The method used ensures reasonable throughput level in the

network. The proposed algorithm uses DRI (Data Routing Information) table and

cross checking mechanism to ensure security against black hole attack. The

experimental results show that the proposed scheme improves the packet delivery

ratio and can further be enhanced to defend mobile ad-hoc network against resource

consumption attack.

Pramod Kumar Singh et. al [2012], proposed a scheme that can be effective in

dealing with the malicious nodes which act as black holes in MANET (Mobile Ad hoc

Network). The proposed method uses promiscuous mode to detect malicious node and

propagates the information of malicious node to all other nodes in the network. The

source node floods a RREQ (Route Request) packet in the network and wa its for

RREP (Route Reply) packet to have a new route to the destination node. If the RREP

(Route Reply) is received from the intermediate node, the node receiving RREP

(Route Reply) packet, switches its promiscuous mode and sends a hello message to

destination. If the intermediate node forwards the message to destination, the node is

safe. Otherwise the node is a malicious one. This scheme does not require extra

processing power and database.

Humaira Ehsan et. al [2012], elaborated various kinds of attacks in MANET and

simulation of these attacks was done using ns-2 simulator. Various attacks namely

black hole attack, selfish node behavior, RREQ flooding and selective forwarding

LITERATURE REVIEW

~ 41 ~

attack are used draw major inferences about the impact of these attacks on the

network. If the attacker node is on the route between the source and the destination,

then the malicious node would have a major role in performance degradation.

Moreover, if the attacker node is in one part of the network, while the communication

between source and destination takes palace in another part of the network, then the

impact of the attacker node would be minimal.

Fidel Thachil and K C Shet [2012], proposed a method to detect and mitigate

malicious nodes from mobile ad-hoc network. The detection and mitigation of

malicious nodes from the network is based on trust factor being calculated by every

node for its neighboring nodes. This trust value is calculated by a ratio between the

number of packet received by the node and number of packets dropped by it. Each

node has a certain trust value. A threshold value is specified below which a node

would be considered malicious and as a result the node will be deleted from the

reliable routes and information regarding the malicious node is broadcasted

throughout the network. This method works far better than pure AODV (Ad hoc On

Demand Distance Vector) and ensures efficient packet delivery even in the presence

of malicious nodes.

Kundan Munjal et. al [2012], proposed a novel approach for detecting cooperative

black hole nodes in the network and propagating information regarding malicious

nodes throughout the network. For experimentation, three different scenarios are

tested. In first, no malicious node is present, so the route is considered reliable for

sending data. In second case, two cooperating malicious nodes are detected and

information regarding them is propagated throughout the network. In third case, on

finding a node to be reliable, information regarding its reliability is spread through the

network. The proposed network works well in all scenarios and achieves success

against black hole attack. Thus it ensures reliable route from source to destination.

But the algorithm requires improvements in end-to-end delay as well as routing

overhead.

Rutvij H. Jhaveri et. al [2012], proposed a novel approach of using intermediate

nodes to find and isolate malicious nodes based on the sequence number. In AODV,

the RREP packets are sent back to source node in reverse path through which RREQ

LITERATURE REVIEW

~ 42 ~

packet was received by destination node. If sequence number is higher in the table of

the node, packet is accepted otherwise discarded. But in the proposed method, apart

from checking the sequence number from RREP packet received, a PEAK value is

calculated by intermediate node using parameters viz. routing table sequence number,

RREP sequence number and number of replies during a time interval. Maximum

possible value of sequence number is the PEAK value and if a RREP packet received

has a sequence number higher than the PEAK value, the packet is labeled “don’t

consider” and forwarded along the reverse path. In this way, the malicious node is

detected as well as other nodes are informed about this node. So this node is not

considered while selecting a route to the destination.

Nidhi Sharma & Alok Sharma [2012], presented a couple of solutions that can be

used as a strategy against the black hole attack in MANET (Mobile Ad hoc Network).

First solution is to have multiple routes to destination and unicast ping packet to

destination using multiple routes (assigning different packet ID’s and sequence

number). Upon checking the replies received from different routes, decision is made

regarding the selection of a route for communication. In the second approach,

sequence number is used for the verification of legitimate node. Two extra tables are

maintained to record sequence number of the forwarded packets and sequence number

of the received packets. If there is a mismatch between sequence number of received

RREP (Route Reply) and the sequence number of the table, the route discovery

process is started while alarming the whole network about the node. The scheme does

not add overhead as sequence number itself is included in every packet in base

protocol.

Gundeep Singh Bindra et. al [2012], proposed a novel solution of maintaining an

Extended Data Routing Information (EDRI) table at each node, for detection of

cooperating black hole and gray hole nodes. This scheme also focuses on node’s

previous malicious instances and renew packet, further request & reply packets are

used apart from the RREQ & RREP packets. The EDRI table considers the gray

behavior of nodes and a counter is used to keep track of how many times a node has

been caught. This not only ensures safety against black hole nodes but also gray

behavior nodes. The only limitation is that only consecutive cooperating black hole

nodes can be identified using this scheme.

LITERATURE REVIEW

~ 43 ~

M. Jhansi et. al [2012], proposed a new method of detecting cooperative black hole

attack in MANET. This method uses extra bits of information to store the information

regarding the number of packets received by a node and the number of packets further

transferred by it. Two bits are used. 1st bit “first” stands for information on routing

data packet from the node while the second bit “through” stands for information on

routing data packet through the node. Moreover a cross check is done on the

intermediate node generating RREP (Route Reply) by making it to provide its next

hop node and its DRI (Data Routing Information) table. The DRI entry is checked by

source node and data is routed depending on a positive match. Otherwise FRq

(Further request) message is send to NHN (Next Hop Node) to check the reliability of

the intermediate node. This method can be applied to identify multiple black hole

nodes cooperating with each other and to discover secure paths from source to

destination.

Vaishali Mohite & Lata Ragha [2012], implemented a novel method to find a secure

route from source to destination by avoiding cooperative malicious nodes. This

method uses data routing information and two additional tables namely RRT

(Receiving Record Table) & SRT (Self Record Table). These additional tables hold

information regarding the node that sent the reply packet and the information about

the current node to be sent to the node that sent the packet respectively. These tables

are helpful in keeping the history of the packets sent/received at each node so as to

make detection of an inside attacker easier. This method proves out to be effective

against cooperative attacks.

Meenakshi Patel & Sanjay Sharma [2013], projected a novel automatic security

mechanism using SVM (Support Vector Machine) to defend against malicious attack

occurring in AODV (Ad hoc On Demand Distance Vector). This method uses three

metrics viz. Packet Delivery Rate (PDR), Packet Modification Rate (PMR) and

Packet Misroute Rate (PMISR), to decide the behavior of a node. The information

required by the metrics is gathered from all the nodes in the network. These metrics

are checked against a threshold, below which the node is considered malicious. The

projected scheme is simple and provides fast and quick response to suspicious or

compromised node.

LITERATURE REVIEW

~ 44 ~

Jaspal Kumar et. al [2013], analyzed the effect of black hole attack on the routing

protocols and have used AODV (Ad hoc On Demand Distance Vector) and Improved

AODV (Ad hoc On Demand Distance Vector) protocol. IAODV (Improved Ad hoc

On Demand Distance Vector) supports multipath where route discovery is necessary

only when all routes expire whereas in case of AODV (Ad hoc On Demand Distance

Vector), route discovery starts as RERR (Route Error) message is received from the

only route being used for transmission. IAODV (Improved Ad hoc On Demand

Distance Vector) falls into hybrid category of routing protocol whereas AODV (Ad

hoc On Demand Distance Vector) is a reactive routing protocol. Experimental results

show that IAODV (Improved Ad hoc On Demand Distance Vector) is less affected by

black hole attack than AODV (Ad hoc On Demand Distance Vector). Moreover

packet delivery ratio of IAODV (Improved Ad hoc On Demand Distance Vector) is

improved at an increased routing overhead which can be avoided considering that

tackling black hole attack in the network, is a challenging task.

Rutvij H. Jhaveri [2013], presented a method to avoid malicious nodes from

participating in the information exchange between two nodes and also reducing the

network load. This method works on R-AODV (Reverse AODV), which states that a ,

a PEAK value is calculated by intermediate node using parameters viz. routing table

sequence number, RREP sequence number and number of replies during a time

interval. Maximum possible value acceptable as a sequence number is the PEAK

value and if a RREP packet received has a sequence number higher than the PEAK

value, the packet is simply discarded. In this way, only genuine RREP are received at

the source. Thus it reduces the network traffic. This method increases the packet

delivery ratio with acceptable routing overhead.

Sisily Sibichen et. al [2013], demonstrated the use of authentication keys in providing

security in mobile adhoc networks. Moreover the proposed method makes use of the

spanning tree to allow the communication between member nodes of the network. In

this method, each of the node has its own certificate and this certificate is signed by

trusted third party. This certificate is the basis of all the communication between the

nodes as the receiving nodes checks this certificate for authenticity before forwarding

the received packet. Once the certificates are exchanged, the nodes start exchanging

secret keys which are used for the encryption and decryption of the messages. This

LITERATURE REVIEW

~ 45 ~

method not only makes the communication between nodes secure but also results in

increase in throughput and Packet Delivery Ratio (PDR).

Sanjay K. Dhurandher et. al [2013], analyzed the most common problem with

MANET viz. black hole attack and proposed a modified GAODV protocol to be used

as a countermeasure against black hole attack as well as gray hole attack. This

technique uses two extra packets namely check confirm and reply confirm, to find a

secure route from source to destination node. When reply from an intermediate node

is received, it is checked whether the sending node has an entry in black hole table. If

not, it sends confirm packet to destination. If intermediate node is a black hole, it

discards the packet. Upon receiving the confirm packet, the des tination sends reply

confirm packet to the source. If this confirm reply packet is received within a

stipulated time, the source starts sending packets to the destination or stores the

intermediate nodes in black hole table and rebroadcasts RREQ packets to find a route

to destination. This method shows promising results in detecting collaborative black

hole nodes. Also the proposed method offers 90% DDR (Data Delivery Ratio) for

dynamic topology and with 0.9 times end to end delay of conventional AODV.

CONCLUDING REMARKS

In this chapter various techniques defined in various papers have been discussed. The

techniques employed against the black hole attack are using Data Routing Information

(DRI) table, Intrusion Detection Systems, segregation based on the input from the

neighbors of a node. All the papers discussed have certain merits over each other and

there is a tradeoff between various metrics in each of the techniques defined in the

different papers discussed.

THEORETICAL DEVELOPMENT

~ 46 ~

CHAPTER 3


3.1 PROBLEM FORMULATION

In MANET inside and outside attacks are possible, which degrade the performance of

the network. In Inside attacks, a node within the network become malicious node and

it launched attacks on network. In outside attacks, a malicious node which is outside

the network, it becomes the member of the networks and then launches attack on

network. Black hole attack is the most common active type of attack. When black

hole attack is triggered in the network, throughput of the network reduces and delay

increases at a steady rate. The black hole attack is even worse if the multiple black

hole nodes exist in the network.

A significant amount of research has been devoted to study security issues as well as

countermeasures to various attacks in MANET. However, there is still much research

work needed to be done in the area. The aim of the study is to detect the Black Hole

attack using AODV protocol in MANET. This thesis work focuses on finding a secure

route for communication by detecting and isolating all the malicious nodes in mobile

Ad hoc network. The detection of the cooperative black hole nodes will provide more

security and stability to MANET.

3.2 Objectives

Following are the various objectives of this research work

To study black hole attack in MANET and its consequences.

To implement a new scheme to detect malicious nodes in the network which are

responsible for triggering the black hole attack in the network.

Testing the new scheme against parameters like throughput and end-to-end delay.


~ 47 ~

3.3 Methodology/Planning of work

Figure: 3.1 Methodology used

5.1 SIMULATION ENVIRONMENT

~ 48 ~

CHAPTER 4

SIMULATION ENVIRONMENT

4.1 SIMULATION ENVIRONMENT

Simulation is the execution of a system model in time that gives information about a

system being investigated. Events occur at discrete points of time. When the numbers

of such events are finite, we call it discrete event. A discrete event simulator consists

of a bunch of events and a central simulator object that executes these events in order.

The act of simulating something generally entails representing certain key

characteristics or behaviors of a selected physical or abstract system. The simulator

used in this thesis work to simulate the ad-hoc routing protocols is Network Simulator

2.

4.1.1 Network Simulator

Network Simulator is the result of an ongoing effort of research and development that

is administrated by researchers at Berkeley. It is a discrete event simulator targeted at

Fig.4.1 Network Simulator 2

4.1.1 NETWORK SIMULATOR

~ 49 ~

networking at networking research. NS-2 is an object-oriented, discrete event network

simulator developed at UC Berkeley. It is written in C++ and OTcl (Object-Oriented

Tcl) and primarily uses OTcl as command and configuration language. NS is basically

written in C++, with an OTcl interpreter as a frontend.

It supports a class hierarchy in C++, called Compiled hierarchy and a similar one

within the OTcl interpreter, called interpreter hierarchy. There is a one-one

correspondence between classes of these two hierarchies. The root of the hierarchy is

Class Tcl Object. Users create new simulator objects through interpreter that are

instantiated within the interpreter. The interpreted hierarchy is automatically

established through methods defined in the Tcl class. User instantiated objects are

mirrored through methods defined in class Tcl Object. The simulator can be viewed as

doing two different things. While on one hand, detailed simulations of protocols are

required, it is also required that the user is able to vary the parameters or

configurations and quickly explore the changing scenarios. For the first case, we need

a system programming language like C++ that efficiently handles bytes, packet

headers and implement algorithms efficiently. But for the second case, iteration time

is more important than the runtime of the part of the task. This is accomplished by a

scripting language like Tcl. A major component of NS besides network objects is

event scheduler. For example, a packet can be considered as an event with scheduled

time and pointer to an object that handles an event. All the network components that

need to spend some time handling packets use the event scheduler by issuing an event

for a packet. A switching component or timer use event scheduler. Simulation results

are usually got using files called Trace files. When the simulation is over, NS

produces one or more text based output files that contain simulation data as specified

in the input script.it can be viewed using a nice graphical tool called Network

Animator or NAM in short. NS is mainly used for simulating local and wide area

networks. It simulates a wide variety of IP networks. It implements network protocols

such as TCP and UDP, traffic source behavior such as FTP, CBR and VBR, Router

queue management mechanisms such as Drop tail and CBQ. The NS projects is now

part of the VINT project that develops tools for simulation results display, analysis

and converters that convert network topologies generated by well-known generators

to NS formats. The current version of network simulator does not support mobile

wireless environment.

4.1.1 NETWORK SIMULATOR

~ 50 ~

TABLE 4.1 Simulation Parameters

Parameter Value

Terrain Area 800 m x 800 m

Simulation Time 50 s

MAC Type 802.11

Application Traffic CBR

Routing Protocol AODV

Data Payload 512 Bytes/Packet

Pause Time 2.0 s

Number of Nodes 15

Number of Sources 1

No. of Adversaries 1 to 3

Number of nodes: This parameter in the above table is used to represent number of

nodes that are used for conducting the simulation.

Pause time: this parameter represents the time interval for which the nodes can be

paused in the network during simulation.

Traffic type: Network traffic can be of two types viz. Variable Bit Rate (VBR) and

Constant Bit Rate (CBR). The CBR traffic can suffer a maximum delay of T.

Simulation time : Simulation time is the duration of time for which the simulation is

carried out.

4.2 Quantitative Metrics

There are a number of quantitative metrics that can be used for evaluating the

performance of a routing protocol for mobile wireless ad-hoc networks. In this thesis,

we follow the general ideas described in RFC 2501, and we use four quantitative

metrics. The packet delivery ratio and average end-to-end delay are most important

for best-effort traffic. The other two qualitative metrics used in this thesis are and

throughput.

4.2 QUANTITATIVE METRICS

~ 51 ~

Packet Delivery Ratio

The packet delivery ratio is defined as the fraction of all the received data packets at

the destinations over the number of data packets sent by the sources. This is an

important metric in networks. If the application uses TCP as the layer 2 protocol, high

packet loss at the intermediate nodes will result in retransmissions by the sources that

will result in network congestion.

Packet Delivery Ratio = Total Data packets received ----------------------------------- Total Data packets sent

Average End-to-End Delay

End-to-end delay includes all possible delays in the network caused by route

discovery latency, retransmission by the intermediate nodes, processing delay,

queuing delay, and propagation delay. To average the end-to-end delay we add every

delay for each successful data packet delivery and divide that sum by the number of

successfully received data packets. This metric is important in delay sensitive

applications such as video and voice transmission.

Average End to End Delay = ∑ (Time received - Time sent) --------------------------------------

Total Data packets received

Overhead

Ad hoc networks are designed to be scalable. As the network grows, various routing

protocols perform differently. The amount of routing traffic increases as the network

grows. An important measure of the scalability of the protocol, and thus the network,

is its routing overhead. It is defined as the total number of routing packets transmitted

over the network, expressed in bits per second or packets per second. The causes of

routing overhead are network congestion and route error packets.

RESULTS AND DISCUSSION

~ 52 ~

CHAPTER 5

Results and Discussion

5.1 NETWORK DEPLOYMENT

The simulation for the proposed method has been carried using network animator and

the operating system used is Redhat Linux. The network animator shows the positions

of various nodes.

Fig. 5.1 Network deployment


~ 53 ~

The figure shows 5.1 nodes in the network arranged randomly and having numbers

to identify from each other. The two nodes acting as source and destination are shown

in blue color. This animation has a start, stop, forward, and rewind, previous and next

button. Moreover there is a zoom button to zoom in and out to see the nodes of the

network. We can also adjust the speed of the animation according to our requirement.

The position of the node can be changed according to our requirement using the edit

button. Thus the network animator offers a set of buttons that can be used to control

the communication between the nodes in the network at any time.

Figure 5.2 and 5.3 and 5.4 shows the Source node broadcasting route request

(RREQ) packets to its neighboring nodes so that a route to destination could be found.

The neighboring nodes further broadcast this RREQ packets until it reaches the

intended node i.e. destination node. At a certain point, node 0 becomes the source

node whereas node 7 becomes the destination node and node 0 starts flooding the

network with RREQ packets.

Fig. 5.2 Source node sending RREQ packets


~ 54 ~

Fig. 5.3 Neighboring nodes sending RREQ packets to adjacent nodes

Fig. 5.4 Flooding of route request packets in the network


~ 55 ~

The green circles show that the RREQ packets are being forwarded to the other nodes

in the network. Figure 5.4 shows the neighboring nodes send the RREQ packets to

their adjacent nodes.

Fig 5.5 Malicious nodes replying with fake route reply packets

Figure 5.5 shows that the black hole nodes upon receiving the RREQ packets, start

sending the RREP (Route Reply) packets to the source which initiated the route

request. Now the point here is that the black hole nodes present in the network do not

bother about whether the node to which a route is being requested even exists. It

simply starts replying as soon as it receives the request packet with a higher sequence

number. While the legitimate nodes check of they have any route to the requested

node and only then reply. Thus during this whole procedure the black hole nodes are

easily isolated and the whole network can be warned about their existence. The figure


~ 56 ~

shows malicious nodes in red color and they are sending fake RREP (Route Reply)

packets to the source while the other nodes simply discard the route request packet

received to find route to a non-existent node in the network.

Figure 5.6 shows that the source selects the route with the shortest path i.e. the route

through which the route reply was received the earliest. Now this route has a black

hole node and upon receiving data, it starts dumping all the packets thus resulting in

loss of packets and increase in end-to-end delay.

Fig. 5.6 Source node selects the shortest path to destination, via black hole node

5.2 SOLUTION IMPLEMENTATION

~ 57 ~

Fig. 5.7 Source node sending data packets to black hole node


The solution for the black hole attack is implemented using a fake route request

packets being broadcasted in the network.

Fig. 5.8 Various nodes in the network


~ 58 ~

Figure 5.9and 5.10 shows the fake route request packets being broadcast in the

network for the identification of the malicious black hole nodes. The network is

flooded with a request of route to a destination node which is non-existent in the

network and this broadcasting continues until it reaches every node in the network.

Fig. 5.9 Fake route request packets are flooding in the network


~ 59 ~

Fig 5.10 Fake route request packet broadcasted in the network


~ 60 ~

Figure 5.11 shows that upon receiving the route request packet, the black hole nodes

are the one which immediately reply with a route reply packet having minimum

number of hop counts and higher sequence number. Therefore making it a

considerable path for the transmission of data. But the catch here is that the

destination asked for in the route request packet does not even exists in the network,

then how some of the nodes are able to provide a route to the non-existent node.

Therefore these nodes which reply with a route reply packet are considered to be

malicious nodes.

Fig. 5.11 Fake RREP packets being propagated to source


~ 61 ~

Fig. 5.12 Nodes being warned of the black hole nodes by alarm messages

Fig. 5.13 Isolation of black hole nodes


~ 62 ~

Figure 5.13 shows the malicious nodes being isolated form the network and these

nodes will not be considered for data transmission or participate in any activity being

performed in the network.

Figure 5.14 shows the normal route discovery process initiated by the source node.

The source nodes sends route request packets to its neighboring nodes which further

broadcast these to their neighbors and continues until it reaches all the nodes in the

network or intermediate nodes which has a route to the requested destination.

Fig. 5.14 Source nodes start normal route discovery process


~ 63 ~

Fig. 5.15 Nodes with route to destination reply with RREP packet

Fig. 5.16 Shortest path is selected to transmit data

Figure 5.16 shows that upon receiving the route request packet, all the immediate

nodes having route to the destination send route reply packet to the source which

initiated the route request. The source node upon receiving these route reply packets

calculates the hop count, sequence number and select the best path to the destination.

5.3 GRAPHS

~ 64 ~

5.3 GRAPHS

The graphs are used to represent the change in throughput and end-to-end delay using

the proposed method. Green line represents the change in case of the new scenario

and red color represents the conventional method. These two parameters are widely

used for verifying the validating the use of a particular method. Throughput can be

defied as the number of results produced per unit time whereas end-to-end delay may

be defined as the time taken between sending of a packet and it’s receiving on the

destination.

Fig. 5.17 change in end-to-end delay

X-axis = Simulation Time Y-axis = delay in time

Figure 5.17 shows the change in end-to-end delay after the deployment of the

proposed method. In the conventional method, the delay starts increasing when there

is presence of a black hole node in the network whereas in absence of black hole

5.3 GRAPHS

~ 65 ~

nodes, the delay is almost zero as all packets arrive at their destination in a timely

manner.

Fig. 5.18 change in throughput

X-axis = Simulation Time Y-axis = Number of packets received at destination

Figure 5.18 represents the change in throughput achieved using the proposed method.

As the delay in the network is at a minimum due to isolation of black hole nodes, the

throughput increases as more and more packets are delivered to their destinations.

Green line represents the throughput in the new scenario and red line represents the

throughput in conventional method.

5.3 GRAPHS

~ 66 ~

Figure 5.19 shows the increased packet delivery ratio achieved using the proposed

method. As packet loss is minimum so more hence the increased packet delivery ratio.

Fig: 5.19 change in Packet Delivery Ratio

X-axis = Simulation Time Y-axis = Packets delivered at destination per unit time

5.3 GRAPHS

~ 67 ~

Figure 5.20 shows the decrease in the packet loss using the proposed method. The

black hole nodes are isolated beforehand. Therefore the packet loss is at a minimum.

Fig: 5.20 change in Packet Loss

X-axis = Simulation Time

Y-axis = Packets lost

5.3 GRAPHS

~ 68 ~

Figure 5.21 shows the less overhead caused by using the new method. The new method uses an extra route discovery phase to isolate the black hole nodes. So this

mechanism results in some overhead but still it is very less compared to maintaining extra tables to store information about various nodes. Thus the overhead incurred by

an extra phase gets balanced by the space saved due to non-requirement of saving DRI table by each node

Fig: 5.21 change in Overhead

X-axis = Simulation Time

Y-axis=Overheadincurred

CONCLUSIONS AND FUTURE SCOPE

~ 69 ~

CHAPTER 6

CONCLUSIONS AND FUTURE SCOPE

In this thesis a new method is proposed for finding a secure route from source to

destination in case of mobile ad-hoc network using AODV routing protocol. The

testing scenario was created using network simulator to test the proposed method on

the basis of most common parameters viz. throughput and end-to-end delay. It is

investigated that the proposed method shows positive results as opposed to

conventional method used in AODV routing protocol. This work is a start in the

direction of rigorous evaluation of all the aspects of the routing in mobile ad-hoc

networks. The next stage could be the investigation of the proposed method using

other routing protocols and combining the proposed method with other methods like

using routing information tables, anomaly detection based on nodes behavior and

intrusion detection. A lot of work has to be done in order to make the usage of mobile

ad-hoc networks common a viable option. Ad hoc technology has now proved to be a

very useful tool for meeting the tactical battlefield communication requirements. The

industry is now embracing this technology, and in the recent years, several vendors

have provided handheld radios with MANET capability. Mobile ad-hoc networks will

continue to evolve and new target applications will probably emerge.

REFERENCES

~ 70 ~

REFERENCES

[1] M. Al-Shurman, S.-M. Yoo and S. park, “Black Hole Attack in Mobile Ad Hoc

Networks,” ACMSE, no. 04, pp. 96-97, 2004.

[2] J. Hoebeke, I. Moerman, P. Demester and B. Dhoedt, “An OverviewofMobile Ad

Hoc Network: Applications and Challenges,” no. 4, pp. 60-66, 2005.

[3] G. Vigna, S. Gwalani, K. Srinivasan, E. M. Belding-Royer and R. A. Kemmerer,

“An Intrusion Ddetection Tool for AODV-based Ad hoc Wireless Networks,” pp.

1-16, 2005.

[4] M. Medadian, M. Yektaie and A. Rahmani, “Combat with Black Hole Attack in

AODV Routing Protocol in Manet,” IEEE, 2009.

[5] P. N. Raj and P. B. Swadas, “PRAODV: A Dynamic Learning System against

Black Hole Attack in AODV based MANET,” IJCSI, vol. 2, pp. 54-59, 2009.

[6] H. Simaremare and R. F. Sari, “Performance Evaluation of AODV variants on

DDOS, Blackhole and Malicious Attacks,” International Journal of Computer

Science and Network Security, vol. 11, no. 6, pp. 277-287, 2011.

[7] V. Garg, M. K. Shukla, T. Choudhury and C. Gupta, “Advance Survey of Mobile

Ad-Hoc Network,” IJCST, vol. 2, no. 4, pp. 552-555, 2011.

[8] P. Joshi, “Security Isues in Routing Protocols in MANET's at Network Layer,”

Procedia Computer Science, no. 3, pp. 954-960, 2011.

[9] P. Goyal, V. Parmar and R. Rishi, “MANET-Vulnerabilities, Challenges, Attacks

and Applications,” International Journal of Computational Engineering and

Management, vol. 11, pp. 32-37, 2011.

[10] S. Taneja, D. A. Kush and A. Makkar, “End to End Delay Analysis of Prominent

on Demand Routiing Protocols,” IJSCT, vol. 2, no. 1, pp. 42-46, 2011.

[11] A. Bhandare and S. Patil, “Study of Protocols (AODV,DSR) of MANET and

Black Hole Attack in AODV,” ISOR Journal of Electronics and Communcation

Engineering, pp. 50-53, 2011.

[12] J. Sen, S. Koilakinda and A. Ukil, “A mechanism for Detection of Cooperative

REFERENCES

~ 71 ~

Black Hole Attack in Mobile Adhoc Network,” International conference on

Inteligent Systems, Modellingand Simulation, pp. 338-343, 2011.

[13] P. K. Singh and G. Sharma, “An Efficient Prevention of Black Hole Problem in

AODV Routing Protocol in MANET,” IEEE International conference on Trust,

Security andPrivacy in Computing and Communcation, pp. 902-906, 2012.

[14] F. Thachil and K. Shet, “A Trust Based Approach for AODV Protocol to mitigate

Black Hole Attack in MANET,” International conference on Computing

Sciences , pp. 281-285, 2012.

[15] K. Munjal, S. Verma and A. Bakshi, “Cooperative Black Hole Node Detection

by Modifying AODV,” International Journal of Management, IT and

Engineering, vol. 2, no. 8, pp. 484-501, 2012.

[16] N. Purohit, R. Sinha and K. Maurya, “Simulation Study of Black Hole and

JEllyfish Attack on MAnet using NS-3,” IEEE, pp. 1-5, 2011.

[17] N. Sharma and A. Sharma , “The Black Hole Node Attack in MANET,” IEEE

Second International conference on Advanced Computing and Communcation

Technologies, pp. 546-550, 2012.

[18] H. Ehsan and F. A. Khan, “Malicious AODV,” IEEE 11th International

conference on Trust, Security and Privacy in Computing and Communications,

no. 9, pp. 1181-1186, 2012.

[19] M. Jhansi, K. R. Devi and B. M. Chandra, “Effective Measure to Prevent

Cooperative Blackhole attack in Mobile adhoc Wireless Network,” International

Journal of Engineering Research and Applications, vol. 2, no. 4, pp. 204-209,

2012.

[20] H. L. Nguyen and U. T. Nguyen, “A Study of Different Types of Attacks in

Mobile Adhoc Network,” 25th IEEE Canadian Conference on Electrical and

Computer Engineering, no. 2, pp. 1-6, 2012.

[21] M. Patel and S. Sharma, “Detection of Malicious Attacks in MANET: a

Behavioural Approach,” IEEE International Advance Computing Conference, pp.

388-393, 2013.

[22] J. Kumar, M. Kulkarni and D. Gupta , “Effect of Black Hole Attack on MANET

Routing Protocols,” International Journal of Compuer Network and Information

Security, vol. 5, pp. 64-72, 2013.

REFERENCES

~ 72 ~

[23] R. H. Jhaveri, S. J. Patel and D. C. Jinwala, “A Novel Approach for Gray Hole

and Black Hole Attacks in Mobile Adhoc Nework,” IEEE 2nd International

conference on Advanced Computing and Communiaction Technologies, pp. 556-

560, 2012.

[24] G. S. Bindra, A. Kapoor, A. Narang and A. Agrawal, “Detection and Removal of

Cooperative Black Hole and Gray Hole Attacks in MANETs,” IEEE

International conference on System Engineering and Technology, no. 5, pp. 1-5,

2012.

[25] S. Lu, L. Li, K. Y. Lam and L. Jia, “SAODV- A MANET Routing Protocol that

can withstand Black Hole Attack,” IEEE, pp. 421-425, 2009.

[26] V. Mohite and L. Ragha, “Cooperatie Security Agents for MANET,” IEEE

World Congress on Information and Communication Technologies, pp. 549-554,

2012.

[27] R. H. Jhaveri, “MR_AODV: A Solution to mitigate Black Hole and Grayhole

Attacks in AODV baesd MANETs,” IEEE CPS 3rd International Conference on

Advanced Computing & Communication Technologies, pp. 254-260, 2013.

[28] S. K. Dhrandher, I. Woungang, R. Mathur and P. Khurana, “GAODV: A

Modified AODV against single and collaborative Black Hole attacks in

MANETs,” IEEE International conference on Advanced Information Networking

and Applications Workshops, pp. 357-362, 2013.

[29] S. Sibichen and S. Sreedhar, “An Efficient AODV Protocol and Encryption

Mechanism for Security Issues in Adhoc Networks,” IEEE International

conference on Microelectronics, Communication and Renewable Energy, pp. 1-6,

2013.

[30] W. Stallings, “Mobile networks,” in Data and Computer Communications, 7 ed.,

2004.

[31] “Ns,” USC University of Southern California, [Online]. Available:

http://www.isi.edu/nsnam/.

[32] “ns (simulator),” Wikipedia, [Online]. Available:

http://en.wikipedia.org/wiki/Ns_(simulator).

[33] E. M. Royer and C.-K. Toh, “A review of Current Routing Protocolsfor Ad hoc

Mobile Wireless Networks,” IEEE, no. 4, pp. 46-55, 1999.

http://en.wikipedia.org/wiki/Ns_(simulator)

Vikash file full_final

Engineering

Transcript of Vikash file full_final