- Email: [email protected]
Ensuring survivability against Black Hole Attacks in MANETS for preserving energy efficiency
Accepted Manuscript Title: Ensuring Survivability against Black Hole Attacks in MANETS for Preserving Energy Efficiency Authors: Yaser M. Khamayseh, Shadi A. Aljawarneh, Alaa Ebrahim Asaad PII: DOI: Reference:
S2210-5379(17)30024-0 http://dx.doi.org/doi:10.1016/j.suscom.2017.07.001 SUSCOM 175
To appear in: Received date: Revised date: Accepted date:
6-2-2017 5-6-2017 7-7-2017
Please cite this article as: Yaser M.Khamayseh, Shadi A.Aljawarneh, Alaa Ebrahim Asaad, Ensuring Survivability against Black Hole Attacks in MANETS for Preserving Energy Efficiency, Sustainable Computing: Informatics and Systemshttp://dx.doi.org/10.1016/j.suscom.2017.07.001 This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.
Ensuring Survivability against Black Hole Attacks in MANETS for Preserving Energy Efficiency Yaser M. Khamayseh, Shadi A. Aljawarneh, Alaa Ebrahim Asaad Faculty of Computer and Information Technology Jordan University of Science and Technology Irbid, 22110, Jordan [email protected], [email protected], [email protected]
Highlights
This work proposes a novel and efficient detection mechanism. The proposed mechanism requires a minimal change to the routing protocol and a minimal overhead to the network. In the proposed algorithm, the source node employs other nodes in the network (called observer node) to detect if the transmission of data packets to next hop is carried. In case of error, the observer node sends an error message (namely, OERR) to the source node. Upon receiving an OERR, The source node marks the observed intermediate node as a black hole. The performance of the proposed scheme is evaluated using simulation. The obtained results indicate the superiority of the proposed scheme. For example, the proposed algorithm enhances the delivery ratio in dense networks by 45.6% and in by 41% in sparse networks. Moreover, it enhances the dropped packet in dense networks by 75%, and by 63% in sparse networks.
Abstract: Due to its scarce energy sources, and the open nature of transmissions in wireless environments, the wide spread of MANETs is challenged by many factors. Energy efficiency and security issues are considered of the utmost factors, security threats are represented by many attacks, one of which is the vicious Black Hole Attack. In Black Hole Attack, malicious nodes try to engage in as many active connections as possible to jeopardize the scarce network resources. To engage in a connection, during the route discover process, the malicious node sends a prompt route reply message to the source node to acknowledge it has an active route to the destination node, and when it receives the data packets it will simply drop it. Black holes jeopardize the network performance in terms of packet delivery ratio and number of dropped packets. Detecting and neutralizing black hole node is an important task to utilize the network resources efficiently. Network devices spend more than 80% of its available power on communication rather than on processing. Designing an energy-efficient detection scheme is vital to prolong the network lifetime as it reduces the amount of traffic transmitted in the network. The proposed mechanism requires a minimal change to the routing protocol and a minimal overhead to the network. The proposed scheme benefits from the open transmission nature of wireless devices (i.e. minimizing energy consumption) and tries to build a cooperative environment to monitor and observe the behaviour of on-going transmission. In the proposed algorithm, the source node utilizes other nodes in the network (called observer node) to detect if the transmission of data packets to next hop is carried. In case of error, the observer node sends an error message (namely, OERR) to the source node. Upon receiving a repetitive OERR messages, the source node marks the observed intermediate node as a black hole. The performance of the proposed scheme is evaluated using simulation. The obtained results indicate the superiority of the proposed scheme. For example, the proposed algorithm enhances the delivery ratio in dense networks by 45.6% and in by 41% in sparse networks. Moreover, it enhances the dropped packet in dense networks by 75%, and by 63% in sparse networks.
Keywords: MANET; black hole attack; observer; simulation; energy efficiency.
1
Introduction
Wireless networks are widely spread and used for their convenience, and affordability. Nodes can move freely without the need for extensive infrastructure or cables [1]. Saying that, there are two main components of wireless networks: (1) a wireless router (or access point), and (2) some wireless clients [2]. Wireless networks have several advantages, including: convenience, mobility, easy setup, expandability, and low cost [3]. There are several types of wireless networks such as Wireless Wide Area Network (WWAN), Wireless Local Area Network (WLAN), Wireless Personal Area Network (WPAN), and Mobile Ad hoc Networks (MANET) [1][4]. Generally, MANETs are characterized by the following characteristics: Dynamic topology, multi-hop routing, no centralized point, (power, memory)-Light-weight terminals, shared physical medium, high user density, high degree of users’ mobility, scalable, nodes are free to move in and out of the network, and limited security [5][34]-[36].
1
MANET is a network that consists of wireless devices that communicate with each other when needed. Each node operates in three different modes: sensing, computation and communication. In one hand, communication mode consumes most of the battery energy; on the other hand, sensing mode consumes the least of the battery energy. The amount of energy consumed in the communication mode depends mainly on the range of transmission (i.e., distance) which grows exponentially with the signal propagation. Transmission and reception of data in wireless nodes is executed by the radio module. The energy is consumed to serve communication between nodes. In the first order model, the energy consumed to send k-bit message for a distance d between any two nodes (ETX) is calculated as:
E TX (k , d ) k ( Eelec Eamp d n ) Where, Eamp is the energy consumed by the amplifier circuit to send one bit to an area of radius d = 1 meter. The value of Eamp depends on the distance between the source and the destination nodes. There are 2 possible cases: 1.
distance d < d0 between any two nodes, the energy consumed is:
E TX (k , d ) k ( Eelec fs d 2 ) 2.
distance d ≥ d0 between any two nodes, the energy consumed is:
E TX (k , d ) k ( Eelec mf d 4 ) On the other hand, the energy consumed to receive a k-bit message (ERX) is:
ERX (k ) k Eelec Where d0 is a threshold distance that depends on environment conditions, ϵfs is free space model, and ϵmp is multipath model. To save energy, both the transmit module (Transmit Electronics and Tx Amplifier) and the receiver module (Receive Electronics) are activated only if there is data to be sent or received, otherwise they go to low-power sleep mode. Hence, it is essential for the design of any protocol for MANETs to consider the energy limitations. Motivated by these observations, the design of the proposed scheme focuses on the following aspects: Increasing the sensing operations for nodes (observation task) Limit the transmission range MANET has no infrastructure and clients moves freely. Nodes mobility leads to frequent and dynamic changes in the network topology. MANET’s characteristics impose several security attacks, such as Black hole attack [2][5]. In Black Hole Attack, malicious nodes try to engage in as many active connections as possible to jeopardize the scarce network resources. To engage in a connection, upon receiving a route request (RREQ) message, the malicious node sends a prompt route reply (RREP) message with high sequence number to the source node to acknowledge it has an active route to the destination node. Once, the source node receives the malicious node’s RREP message, it will eliminate all RREPs coming from non-malicious nodes. The source node will forward its data packet to the destination through the malicious node. Once the malicious node receives these packets, it will simply drop them [4]. This work proposes a mechanism to solve this problem without depending on the behavior of internal nodes when choosing the malicious node to avoid any potential errors. A detecting and neutralizing black hole node is an important task to utilize the network resources efficiently. This work proposes a novel and efficient detection mechanism. The proposed mechanism requires a minimal change to the routing protocol and a minimal overhead to the network. In the proposed algorithm, the source node employs other nodes in the network (called observer node) to detect if the transmission of data packets to next hop is carried. In case of error, the observer node sends an error message (namely, OERR) to the source node. Upon receiving an OERR, The source node marks the observed intermediate node as a black hole. This paper consists of four more sections: Section 2 presents the literature review. It gives the theoretical framework and related studies on the topic. Section 3 describes the methodology of the study and the proposed algorithm. Section 4 presents and discusses the obtained simulation results. Finally, the paper is concluded in Section 5.
2
Literature Review
Routing protocols are a set of procedures to find an efficient path to send packet from the source to the destination. Efficient path concept is not constant; it relies on the network’s need [6]. The efficiency can be measured by using some various metrics such as the fastest replay, number of hops count (maximum/minimum), and security. The
2
characteristic of MANET requires a new demand to be achieved, and that is the high performance in communication between nodes in the network. MANET routing protocols are categorized into [6][7]: Proactive protocols (DSDV, OLSR, OSPF, FSR, FSLS, TBRPF). Reactive protocols (AODV, DSR). Hybrid protocols (ZRP).
Black Hole Attack In AODV protocol, there are two types of attacks: Internal and External attacks. In internal attacks, the malicious node is part of the network, and advertises itself as a part of the path to the destination. This kind of attacks is hard to detect and can easily deteriorate the network’s scarce resources [8] [9]. A Blake Hole attack depends on its malicious node. This node joins the MANET network and receives the RREQ message, as any other node in the network, but it always changes its routing table with delusive sequence number for any destination and makes it the biggest one. They, nevertheless, put the less hop count to the destination [9]. They send fast RREP with highest sequence and less hop count to the destination; that is why the source transmits the data packet to the malicious node and it drops or re-forward data packet to an unknown node [3][8]. The malicious node in internal black hole attack is located between the source and the destination. It attempts to be part of the data routes; and it is part of the network nodes [9][10]. This kind of attacks is hard to detect and can easily deteriorate the network’s scarce resources [3][7]. In external black hole attacks [9], the malicious node stands outside the route between the source and the destination; it selects one of its neighbours, closes to the source node, and sends spurious RREP packet with less hop count and maximum sequence number [10].
3
Related Works
The authors in [11] improved the original Ad hoc On Demand Distance Vector (AODV) routing protocol to avoid the cooperative black hole attacks, by gathering the RREP massages in a table. They assume that all nodes in the network are trusted, and every node sends its trusted level of carrying the destination with the RREP massage; if the trusted level equals to zero, then this node is malicious. Gathering the RREP packet in table needs storage and increases the delay in the network. The work in [12] enhanced the original Ad hoc On Demand Distance Vector (AODV) routing protocol to add extra level of security in MANET, using two steps: the first one is collecting all RREP massages that come to the source node in table with the time they come on it; and the second is removing the RREP message that has higher destination sequence number and it is faster, then they use the next path to send the data. If the link breakage does not need to restart this operation, it just uses another path in the stored table. When the intermediate node sends RREP, it sends the path with it. This approach enhances the AODV performance. Mistry et al. improved the security; however, the delay is increased as the source node needs to wait for RREP packets before sending data over the selected path. In [13], the proposed ABM method implemented with two tables: RQ and SN tables, in addition to IDS scheme to solve the Black Hole attack. It stores all malicious nodes in Black table. The RQ table stores all RREP from the neighbor IDS node. The SN table stores the node that is not trusted by the neighbours, and this node does not forward the RREQ message to its neighbor, and it sends RREP message to the source. It has the doubtful value that if increased, it becomes larger than the threshold, then it is a malicious and it sends to all neighbours to block it from the network. This method decreases the packet loose to 128%, and it increases the delay in comparison to the original AODV. The authors in [14] updated the node structure by adding trust table to every node in the network and field to the RREP message. This field gives indication about the trust of the node, and how to send the RREP massage. If trust field value equals 1 or 2, then the source trusts the next hop; otherwise, the source sends packet on another RREP. The node sends the RREP message, assignee the trust field to zero if it is the intermediate nod to the destination, but if it is the destination then the value is two, the previous hop can make it 1 to insert any node in trusted table, then it needs to send the behavior analysis to the neighbor by broadcast it. This way increases the throughput and data ratio in the network. In this algorithm the delay and the over head have increased. The work in [15] prevented the black hole by adding to table one of the malicious, which is rrep_table, and the second for saving the RREP message. Furthermore, they have identified the rt_upd value to control the updating on the routing table. When the source receives the RREP massage, the routing table updates with high performance of malicious node, and the rt_upd changes to true. The source will use the second RREP message to send the data. This method is named ERDA, it is simple and solves the false route entry, but it does not solve the Black Hole efficiently. Waiting time period that the source node spends in the route discovery phase makes a latency time in this phase.
3
The authors in [16] used the sequence number in the RREP message. They receive the RREP message by using the preprocessing function that is called Pre_Process_RREP. This process also involves Compare_PKts to compare the two sequence number in RREP message. If the difference between them is not too large, then the source will use the RREP, which contains the largest one. Otherwise, if the difference is very large, then the largest one is a malicious node and pushing it to the malicious list. This method is simple but does not work when the malicious nodes cooperate with each other. In Watchdog’s approach [17], every node in the network listens to the entire packets sent by the neighbours, and stores data in two tables, which is the pending packet table and the node rating table. In this case, the data packet do not get lost; the intermediate node can make repairing to any node when found the malicious has dropped the data. There is a threshold used to determine the number of data packet transmits from every neighbor node; depending on this threshold, the node judgment is made to determine whether the neighbor is malicious node or not. [18] proposed an Encrypted Verification Method (EVM) that is used to find the Black Hole attack. The source sends encrypted insurance message when it receives the RREP message from the dubious node to ensure that the node is trusted. This method decreases the overhead in the network, and ensures that the sequence number is not hacking from the malicious node. Based on the DRI table, the source decides the reliability of IN, and this is done by checking its DRI table. If IN is reliable, then data is sent through it; otherwise, the source asks its neighbours about it to determine if IN is a black hole or not. The work in [19] enhanced the original AODV protocol and proposed ISDAODV protocol. The ISDAODV protocol checks the minimum path and maximum destination sequence number in the RREP message. It discards the first RREP from the black hole node, and takes the second RREP packet. The work in [20] prevented the black hole using the sequence number. All nodes have a Route Reply Table (RRT), the source node save all RREP packet, receives and saves the node sending this RREP in the RRT; the order depends on receiving time, which is first come first saved. Then the source checks the sequence number of first one on RRT with the sequence number in the source node. If the sequence number in the first node in RRT is more enormous than the sequence in the source node, then this is malicious and dropped from the RRT. Then, the source will send the packet to use the path with highest sequence number in RRT, whose order depends on the sequence number of the destination. Although they increase the data ratio, they depend on the behavior of the node when they use the high sequence number to define the malicious node. In [21], the authors propose a solution to solve black hole attack problem by adding two bits to the route replay packet (RREP), in order to determine whether the intermediate node (IN) is reliable or not. The first bit gives indication about an IN routed information from the source; the second bit is used to check whether the source send data through the IN, and stores the two bits in Data Routing Information (DRI) table in each node. [22] trusts the node by calculating credit value in AODV phases. The source as usual sends RREQ message to find the active route to the destination (next hop); the credit value assigned from the node initiates the RREP message as calculated by the equation below, the source then checks the credit before sending the packet. Every node forwards the packet to decrease credit by one. When the destination receives the packet, it sends credit acknowledgment to the source; this credit is not the same credit that is received with the packet; every node that forwards the CACK will increase the credit by two. Source checks the credit that is appending with the acknowledgment to define the trust of the next hop, if the credit is equal to zero, then it is malicious and pushes it to black list. This method is getting a high throughput in ratio 40% when compared with the original AODV protocol, and does not use more bandwidth than the original AODV, but it increases the overhead on the network. [23] proposed a simple approach to prevent the Black Hole attack. That is done by using a Timer Expired Table to collect all RREP messages that comes from the neighbor nodes. The source node compares all RREP, receives and defines which one is malicious node, and the path that is to be used to send the data to the destination. This method improves the efficient of AODV work, but it imposes high delay. [24] have tried to find the malicious node in the route discovery phase, not after sending the data packet. They calculated the peak value which contains the sequence number in the routing table, number of RREP messages during the time interval and the sequence number coming from the RREP message. And they have highlighted that in cases where the RREP sequence number is larger than the Peak value then this node is malicious. The source node pushes all malicious nodes in list and sends it with the RREQ message to its entire neighbor to update its malicious table. This method is not implemented yet, but it also suggests solution for a single black hole by using the sequence number. The authors in [25] assume that there is a symmetric key between any two node connections in the network. The TTSAODV protocol, this protocol is a modification of AODV protocol, has two levels of security that is in the discovery phase and in sending the data phase. In this case, discovery of Black Hole occurs when the source detects the path; otherwise, when sending the data packet. In [26], the authors present a Real Time Monitoring method to find malicious node by using two counters, this counter is Fcount and Rcount generated by the neighbor’s node of the node which initiate the RREP message. When any node generates the RREP message, then its node pushes it in suspected list. The neighbor listens to suspect node if they send a packet then the neighbor will increase the Rcount. If the neighbor forwards the packet to suspect node, the neighbor increases the Fcount.
4
Source node sends the packet using the path after RREP is received in order to discover whether this node is malicious or not. The neighbor node checks the two counters, when the Fcount equal threshold and the Rcount is zero, then this suspect node is malicious node and they will block it from the network. Real Time Monitoring method solves only the single black hole, and increases the delay and overhead. The work in [27] examined many scenarios of reaching the threshold of sequence number. The source checks this threshold before accepting the RREP message from the neighbor, and the destination checks it before dealing with the RREQ message. The node which sends the RREP message that is larger than the threshold is blocks from the network because it is a malicious node. The destination checks the threshold before putting the destination sequence number. As in [6], researchers depend on the sequence number to determine whether the node is a black hole or not. In [28], the authors build two tables suspect and black list tables in the structure of each node in the network. The suspect table saves all nodes that send RREP message to the source, and how many times the path failure has occurred. The source knows that it is path failure when the data that is sent to the destination has not received the acknowledgment message, which contain one bit getting 0 or 1. If the destination receives the data packet, the value of the acknowledgment will be one; or, otherwise, it is zero. The black list table saves all malicious nodes. The source decides whether this is malicious or not by using the number of failure in the suspect table. If the number of failure overrides the threshold, then it is malicious. This method enhances the delivery ratio and decreases the dropped packet, but they increase the delay. The work in [32] proposed E2EACK algorithm to detect both black hole and slander attacks in MANETs using ACKnowledgment packets. The ACK packets are cyphered using Message Authentication Code (MAC) to preserve its integrity. The authors in [33] proposed IBFWA algorithm that combines both Bloom filter and watchdog algorithm. However, both [32] and [33] techniques, while achieving reasonable performance in detecting black holes, they require extra work for encrypting the sent messages [32], or an external Certificate Authority (CA) to key generation. Some researchers tried to solve the black hole attack, using the behavior of the internal node. However, a node may behave as a malicious node by chance, but it is not malicious. In this case, eliminate these nodes from the network is unfair. Other method defines some values to measure the trustiness of the next hop node. But this method may have some of shortcomings, including: making high overhead on the network, increasing the end to end delay, or working on just one malicious node. On the other hand, some of such methods solve the black hole when having one malicious node only. The proposed method in the present study tries to solve the black hole attack in the case of having many malicious nodes, without depending on the behavior of the nod to prevent any mistakes that may happen when finding the malicious node.
4
Proposed Methodology
The main idea of the proposed scheme is to build a cooperative environment utilizing the open transmission nature of wireless networks to detect black holes. For each route request, the source node saves the first two route replies coming from the destination. The function of the first path is usually to transmit the data packet; while the second path is used as an observer to check whether the nodes in the first RREP send the data packets to the next hop until they reach the destination. When the source node receives a RREP, it will transmit the data packets to the next hop. Simultaneously, it will send a new control packet, called Route Observer message (ROBS), to the first node in the second RREP that is saved before checking the next hop in the first RREP; if it sends the data packets or not, the node checks another node, namely, Observer. When the observer node receives ROBS message from the source node, it checks the next hop node of the source, whether it is in the neighbours list or not. If it is a neighbor, the observer will check the list of nodes that sent the data packets to the next hop in the first RREP. This will return to be true if the node sent data packets; otherwise, it will return false. If the next hop node sent the data packets to a next hop found by the observer, it would send an ROBS to a new observer. The previous observer would search for a new observer where the new next hop that receives the data packets must be a neighbor of the new observer. Then, the new observer will check the next hop, for whether it sent the data or not. This process will be repeated until verifying whether the data is delivered to the destination or not. In this process, if the observer discovers a node that does not send the data packets to the next hop, it will generate a Route Error Observer (REOS) message and will send it back to the source to check if this node is a black hole node or not. When the source receives REOS, it will check if it receives a RERR from next hop node or not. If it receives an RERR before (not a black hole), it will try to recover the problem (AODV algorithm – link failure). If it does not receive any RERR, it will save this node as a black hole and sends RREQ to discover a new route to destination. When any node tries to send data, or receive a RREP from a node, it will check first if this node is in the black hole list or not. If the node is a black hole, then the node will ignore any information received from this node.
5
The Proposed Algorithm In the proposed algorithm, the researcher updates the AODV data structures and also adds three new lists. The first one is to save the two RREPs (AodvobsInfo), the second one is for all neighbours, and the third one is for the black hole nodes. Moreover, a global list is to save all nodes that transmit data packets. The proposed algorithm is depicted in Figure 1. The algorithm is divided into 2 sides: source node side that runs on the source node, and observation node side that runs on the observation node. The source node side requires 4 steps as follows: First, the source node waits until it receives the first two RREP and stores them. Second, it is using the first RREP to send Data packet as usual in the original AODV protocol and the second RREP to send the ROBS control packet. Third, the source will check if the eternal node is a malicious or not through checking the RERR received from it. Finally, this mechanism is repeated until the destination node received the Data packet. For the observation node side, when the node receives the ROBS packet they check if the target nod is in its Neighbour List (NL). If not, it will send “not found” in NL to the source; otherwise, it will check whether this nod transmits the data packet or not. If the data is transmitted, new ROBS packet will be sent (i.e., generate new observation node); if data is not transmitted, REOS will be sent to the source.
5
Results & Discussions
The purpose of this study is to prevent or limit Black Hole attacks against MANETs, and to ensure the survivability of MANET nodes against the black holes. To evaluate the performance of the proposed scheme, several simulation experiments were conducted for different scenarios using Qualnet. OBSA examines sparse networks in many scenarios (20 nodes, 30 nodes, and 40 nodes). The nodes speed range is 0-10 meter per second, using Random Waypoint mobility model [29][30][31]. The bandwidth is 2MB/s and nodes are distributed randomly in a rectangular area 1000*1000m. Simulation time is set to 800 seconds. The dense networks tested using 75 nodes, 100 nodes and 125 nodes under the same environment of sparse network. Table 1 lists simulation parameters. Several scenarios are examined. The first one is sparse network under high mobility (average pause time = 0 seconds) and low mobility (average pause time = 10 seconds). The second scenario is dense network with high mobility (average pause time = 0) and low mobility (average pause time = 10 seconds). All scenarios were applied under three Black holes, except the dense networks which were applied under six black holes as well. All these scenarios were applied in three Black holes, as listed in Table 2: The performance of OBSA was compared against the performance of three state of the art schemes for all possible scenarios. Original AODV, MI-AODV, and suspect protocol. The Scenarios under six Black holes are demonstrated below in Table 3. The Suspect-based protocol, MI-AODV protocol, and OBSA are analysed using four matrices: Overhead, End to End Delay, Delivery Ratio and Dropped packet. The obtained simulation results for all schemes are listed next for the following performance metrics: packet delivery ratio, dropped packet ratio, overhead, and end to end delay. The results are presented for 2 scenarios: 3 clack holes and 6 black holes.
1. Three Black Hole Scenario Delivery ratio is the ratio between the numbers of received packets over numbers of sent packets; it gives indication about the performance of the network. In the AODV protocol with three Black holes, the delivery ratio is low when compared with the three modified AODV protocols. In Figure 2, the PDR in four protocols are presented in sparse network with low mobility. The MI-algo is presented in blue line, the Suspect protocol is in yellow line, Black hole protocol is in black line, and the protocol (OBSA) is in pink line. In original AODV protocol with three Black holes, the PDR decreases when the number of node increases. That is because the probability of Black hole catching RREQ packets increases. Furthermore, the number of neighbours surrounded by black hole node increases, and thus, the communication between them increases, giving the Black hole nodes more chance to cheat more nodes. Figure 2 shows a growth of PDR in OBSA, which is because that neighbours who work as observer is nearer than the large number of neighbor nodes. This gives them more chance to find the node and to observe it in its routing table. The delivery ratio improvement in the three protocols is calculated using the following equation. PDRImprovment = (PDRUpdated– PDROriginal)/( PDRUpdated) …….1 The PDR improvement in Suspect protocol is 12%. In MI-algo, it reaches 20.9%, however, in the proposed OBSA the improvement is up to 41.1%. The PDR results for dense network and low mobility scenario are presented in Figure 3.
6
In Figure 3, the delivery ratio decreases when the number of node increases. This is because the chance of Black hole node to catch more RREQ packet increases. The OBSA depends on the neighbor of observer node; so that, when the number of node in the network increases, then the number of neighbor beside the observer node will increase. Thus, the chance to observe the node that sends the data packet will grow, as shown in Figure 19 when the PDR in OBSA is seen increasing with node increase. The Packet delivery ratio improvement in Suspect scheme is -16%, which indicate that the algorithm is not efficient in large dense network with three Black holes. MI-algo improves the PDR by 7.5%, and this improvement makes it better than Suspect scheme but not efficient enough. In OBSA, the improvement reaches 41.6%, and that makes the proposed scheme better than the two algorithms in dense network with three Black holes. Results for sparse networks with high mobility are shown in Figure 4. In Figure 4, the decrease in PDR in original AODV with Black hole appears when the number of nodes increases. There appears to have the ability to communicate with more nodes and catch more RREG packet, hence, drop more data packets. In case of increasing node numbers, the high mobility decreases the PDR because of the frequent changes in the neighbour nodes positions, hence, the observer cannot catch the node that is needed to observe it all the time. Suspect algorithm improves the PDR by 16.5%, MI-algo improves the PDR by 24.9 is better than Suspect algorithm. OBSA improves the packet delivery ratio by 41%. In Figure 5, the delivery ratio is depicted for dense network with high mobility . Figure 5 shows that OBSA achieves higher PDR in comparison with the other three protocols. The high mobility affected the result because of the high node movement. Nevertheless, the OBSA is still better than the three protocols. The improvement of the proposed scheme proves that OBSA is still more efficient than MI and Suspect algorithms. The PDR improvement in OBSA is 45.6% but in MI-algo is -21% and in Suspect algorithm is 8.6%, respectively. The two algorithms are not at their best rate in three Black holes with high mobility. Figure 6 shows the dropped packets ratio in sparse network with high mobility; the Black hole protocol dropped the data packet, so when the number of nodes increased, the ability to catch more RREQ packet increased, hence, the number of dropped packet increases. In OBSA, the DPR decreased because of the ability of this algorithm to catch more Black hole nodes, and it would increase with the increase in the number of nodes. The proposed method decreases the number of dropped packet when it observes the nodes that has data packets, and finds the Black hole nodes then resends the data in new secure route. The improvement in dropped ratio in Suspect method is 17.4%, in MI-algo the improvement increases to become 29.6%, and in the proposed method OBSA reaches 60.5%. Figure 7 shows the dropped packet in dense network with high mobility. The OBSA decreased the drooped packet ratio significantly in comparison to the other protocols. That is because the data packet almost received to the destination, and because the observer works in dense network. The observer node is surrounded by a large number of nodes which makes it work efficiently. The proposed method improved the dropped packet ratio at 76.5%, and this is very good result compared with the other two methods. The other two methods didn’t improve the drooped packet ratio. Figure 8 shows the dropped ratio in sparse network with low mobility. The two protocols enhance the dropped packet ratio by decreasing it to a low level. But in OBSA the enhancement increases when the number of nodes increases. The proposed schemes enhanced the improvement of DPR to reach 63%, MI-algo enhanced it to be 24% and Suspect algorithms also enhanced it to reach 11%. In Figure 9, the dense network with low mobility results are shown. The proposed method decreased the dropped packet because it has been noticed that the delivery packet increases when the number of nodes
7
increases. Other methods also decreased the dropped packet. The improvement increases in the proposed OBSA to reach 75.72%, in MI-algo and Suspect algorithm it did not improve the dropped packet ratio. Figure 10 shows the overhead in sparse network and high mobility through comparing the four protocols. OBSA is the proposed method, MI-algo and Suspect algorithm enhanced the overhead. In Figure 10, the proposed method achieved lower overhead that the other 3 protocols. OBSA enhanced the overhead because the data packet received increased significantly as the number of nodes increased. When the node finds the forwarded node in its neighbor, they check whether they sent the data packet or not; and when the number of nodes increases, then the chance to be the forwarded node in its neighbour increases. OBSA improves the overhead to become 63.64%, MI-algo also improves the overhead at 28.31% and Suspect scheme overhead improvement is at 11.17%. In Figure 11, the overhead shows in dense network and high mobility. In dense network the proposed method outperforms the other techniques. The overhead increases when the number of nodes increases. In Figure 11, the growth of overhead in the four methods is viewed. The improvement increases in the three methods, as follows: OBSA improvement = 92.3%, MI-algo improvement = 38.53%, and Suspect algorithm improvement = 6.53%. Figure 12 depicts the overhead in sparse network and low mobility. The improvement increases in the three methods, as follows: OBSA improvement = 61.68%, MI-algo improvement = 32.16%, and Suspect algorithm improvement = 20.77%. Low mobility and dense network overhead results are shown in Figure 13. OBSA improves the overhead by 95.25%, and MI-algo by 30.58%, in Suspect algorithm, the improvement in overhead is 14.5%. End to end delay is crucial factor in the network as it represents the time needed to transmit the data packet from the source to the destination node. The end to end delay results are depicted in Figures 14 to 17. Figure 14 shows the end to end delay in sparse network with high mobility. The delay in MI-algo and Suspect algorithm is better than in the proposed method. The improvement in end to end delay is as follows: OBSA improvement = 19.13%, MI-algo improvement = -32.74%, and Suspect algorithm improvement= -29.59%. Figure 15 shows the end to end delay in dense network with high mobility. it shows that the proposed method outperforms the three protocols significantly because the proposed OBSA work more efficiently in dense network, the observer node surrounded with large number of neighbours make observe method performs well. The improvement in end to end delay is as follows: OBSA improvement = -33.01%, MI-algo improvement = -75.02%, and Suspect algorithm improvement= -29.373%. Figure 16 depicts the end to end delay in sparse network and low mobility. The improvement increases in the three methods as follows: OBSA improvement = -35.52%, MI-algo improvement = -17.12%, and Suspect algorithm improvement= -69.2%. All of the three algorithms improve the end delay considerably; these protocols got less end delay than the original AODV protocol. However, the Suspect algorithm achieves the best delay results because of its low delivery ratio. Figure 17 below presents the end to end delay in dense network and low mobility. The OBSA got the highest improvement because of the highest number in delivery ratio and less end to end delay. The proposed scheme delay is less than the other three protocols; saying that, the three methods outperform the original AODV protocol. The improvement increases in the three methods as follows: OBSA improvement = -32.63%, MI-algo improvement = -18.4%, and Suspect algorithm improvement= -31.15%.
8
2. Six Black Holes The same setting were used to evaluate the performance of the four algorithms in case of six Black holes, however, the dense network scenarios were only examined under both low and high mobility. Figure 18 shows the PDR results for high mobility scenario. OBSA outperforms the other protocols because the neighbours who can work as observer is high. It gives them more chance to find the node that needs to observe in their routing tables. The improvement increases in the three methods as follows: OBSA improvement = 60.73%, MI-algo improvement = 40.1%, and Suspect algorithm improvement= 47.93%. Figure 19 shows the PDR results for low mobility scenario. The improvement increases in the three methods as follows: OBSA improvement = 59.44%, MI-algo improvement = 38.99%, Suspect algorithm improvement= 45.46%. The OBSA depends on the number of possible observer nodes; that is when the number of nodes in the network increases, then the number of neighbor beside the observer node increases. Hence, the chance to observe the forwarder node that sends the data packet increases. Figure 20 shows the dropped packet results in dense network with high mobility. The OBSA decreased the dropped packet ratio significantly because of having high delivery ratio. The improvement increases in the three methods as follows: OBSA improvement = 89.65 %, MI-algo improvement = 39.15%, Suspect algorithm improvement= 53.96%. Figure 21 shows the dropped packet in dense network with low mobility. Dropped packets results show that the proposed algorithm has the highest improvement. The improvement increases in the three methods as follows: OBSA improvement = 92.4 %, MI-algo improvement = 40.16%, and Suspect algorithm improvement= 52.69%. For overhead results, OBSA enhanced the overhead because the received data packet increases as the number of nodes increased. Figure 22 presents the overhead results in dense network with high mobility. The improvement increases in the three methods as follows: OBSA improvement = 86.92%, MI-algo improvement = 10.71%, and Suspect algorithm improvement = 15.66%. Figure 23 presents the overhead results in sparse network and low mobility. The OBSA outperforms the other protocols because the high delivery ratio in the proposed method (89.65 %). The improvement increases in the three methods as follows: OBSA improvement = 85.9%, MI-algo improvement = 16.21%, and Suspect algorithm improvement = 20.11%. Figure 24 presents the End to End Delay results in dense network with high mobility. OBSA got higher improvement than other protocols. The high mobility and dense network make it possible for the destination to be near to the source node. The improvement increases in the three methods as follows: OBSA improvement = -2.91% (less than the original), MI-algo improvement = -20.57%, and Suspect algorithm improvement = -37.9% Figure 25 presents the End to End Delay results in dense network and high mobility. The delay in the proposed method is less than in other protocols. In this scenario the OBSA got higher performance in all matrices. The improvement increases in the three methods as follows: OBSA improvement = 17.89% (less than the original), MI-algo improvement = -23.9%, and Suspect algorithm improvement = -32.83%. The MI-algo and Suspect algorithm didn’t improve the delay in this scenario.
9
6
Conclusions & Future Work
This study aimed at introducing a method to detect malicious nodes, prevent or limit Black Hole attacks against mobile ad hoc network MANETs, and ensure the survivability of MANET nodes against the black holes. The proposed algorithm is able to detect and prevent the black hole according. A Black Hole attack is a serious security problem that faces MANET. The study has described the nature of black hole attack against a MANET. It is an attack where a malicious node pretends to be a destination node by sending false RREP to a source node which initiates route discovery, and denies data traffic from the source node. The proposed algorithm, namely OBSA, is divided into 2 parts: source node side and observation node side. While many state of the art solutions were proposed to monitor nodes’ behaviours, this algorithm is designed to create a collaborative environment for monitoring and observing transmissions. New messages are needed to be created to implement the proposed solution such as Route Observer (ROBS) and Route Error Observer (REOS) messages. The performance of the proposed scheme was evaluated using simulation. Several scenarios were tested using Qualnet Simulation package. The results were obtained for 2 main scenarios: 3 black holes and 6 black holes. For the 3 black holes’ environment, the simulation examined low and high mobility for both sparse and dense networks. On the other hand, for the 6 holes environment, the simulation examined low and high mobility for dense networks only. Results of the study highlight the superiority of the proposed scheme over some state of the art schemes in terms of packet delivery ratio, dropped packet ratio, and overhead. For example, the proposed algorithm enhances the delivery ratio in dense networks by 45.6% and in sparse networks by 41%. Moreover, it enhances the dropped packet in dense networks by 75%, and in sparse networks by 63%. The proposed scheme introduces some overhead that in fact did affect the performance of the network in particular, packets’ delay, in case of sparse networks. Hence, there is a need to modify the proposed scheme to minimize the packets’ delay without compromising the detection rate of black hole nodes. Moreover, the future modification should consider other types and variations of malicious attacks in MANETs. One possible modification is to use H-MAC technique to ensure message confidentiality. The H-Mac can use the source address, destination address, and message sequence number to encrypt the messages. Furthermore, we propose to use nodes’ energy level in calculating the best transmission and observation paths to further minimize the energy consumptions.
References [1] Camp T., Boleng J., & Davies V., Survey of Mobility Models, Wireless Communication & Mobile Computing (WCMC). Special issue on Mobile Ad Hoc Networking:Research, Trends and Applications, vol. 2, no. 5, pp. 483502, 2002. [2] Singh G., Bindra H., & Sangal A., Performance Analysis of DSR, AODV Routing Protocols based on Wormhole Attack in Mobile Ad-hoc Network, International Journal of Computer Applications (0975 – 8887) , July 2011, Volume 26– No.5, 2011. [3] Irshad U., & Ur Rehman S., Analysis of Black Hole attack on MANETs Using different MANET routing protocols, Master thesis, School of Computing, Blekinge Institute of Technology, Sweden, 2010. [4] McMahon, R., Introduction to Networking. McGraw-Hill Higher Education, 2004. [5] Tseng C., Distributed intrusion detection models for mobile ad hoc networks. Ph.D. thesis, University Of California Davis, 2006. [6] Shrivastava A., Shanmogavel A., Mistry A., Chander N., Patlolla P., & Yadlapalli V., Overview of Routing Protocols in MANET’s and Enhancements in Reactive Protocols." Department of Computer Science Lamar University, Technical report, 2005.
10
[7] Jaspal K., Kulkarni M., & Gupta D., Effect of Black Hole Attack on MANET Routing Protocols, IJ Computer Network and Information Security, 5, pp: 64-72, 2013. [8] Al-Shurman M., Seong-Moo Y., & Seungjin P., Black hole attack in mobile ad hoc networks, Proceedings of the 42nd annual Southeast regional conference. ACM, 2004. [9] Mohebi A., & Simon S., A Survey on Detecting Black-hole Methods in Mobile Ad Hoc Networks, International Journal of Innovative Ideas (IJII) , ISSN: 2232-1942 Vol. 13 No. 2 April – June, 2013. [10] Anu B., Bansal M., & Singh J., Performance analysis of MANET under blackhole attack. NETCOM'09. First International Conference on Networks and Communications. IEEE, 2009. [11] Latha T., & Sankaranarayanan V., Prevention of co-operative black hole attack networks 15, pp: 13-20, 2008.
in MANET, Journal of
[12] Mistry N.., Jinwala D., & Mukesh M., Improving AODV Protocol against Blackhole Attacks, Proceedings of the International MultiConference of Engineers and Computer Scientists. Vol. 2, Hong Kong, 17-19 March, 2010. [13] Su M., Prevention of Selective Black Hole Attacks on Mobile Ad Hoc Networks Through Intrusion Detection Systems, IEEE Computer Communications, vol. 34 issue 1, doi:10.1016/j.comcom.2010.08.007, January, pp. 107117, 2011. [14] Khamayseh Y., Bader A., Mardini W., and BaniYasein M., A New Protocol for Detecting Black Hole Nodes in Ad Hoc Networks, International Journal of Communication Networks and Information Security, Vol. 3, No. 1, April 2011, pp. 36- 4,7, 2011. [15] Kamarularifin A., Ahmad Z., & Manan J., Mitigation of Black Hole Attacks for AODV Routing Protocol, Society of Digital Information and Wireless Communications, Vol. 1, No 2, 2011, pp. 336- 343, 2011. [16] Mandhata S., & Patro S., A Counter Measure to Black Hole Attack on AODV- Based Mobile Ad-Hoc Networks, International Journal of Computer & Communication Technology (IJCCT), Volume 2, Issue 6, pp. 37- 42, 2011. [17] Bhosle A., Thosar T., & Mehatre S., Black-Hole and Wormhole Attack in Routing Protocol AODV in MANET, International Journal of Computer Science, Engineering and Applications (IJCSEA) Vol.2, No.1, February 2012DOI:10.5121/ijcsea.2012.2105 45, 2012. [18] Ahmed F., Yoon S., & Oh H., An Efficient Black Hole Detection Method using an Encrypted Verification Message in Mobile Ad Hoc Networks, International Journal of Security and Its Applications Vol. 6, No. 2, 2012. [19] Ranjeet S., & Tamhankar S., Performance Analysis And Minimization Of Black Hole Attack In MANET. International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue4, JulyAugust 2012, pp.1430-1437, 2012. [20] Pooja Jaiswal & Kumar R., Prevention of Blackhole attack in MANET, IRACST, October 2012. [21] Das R., Purkayastha B., & Das P., Security Measures for Black Hole Attack in MANET: An Approach, International Journal of Engineering Science and Technology (IJEST), Vol. 3 No. 4 Apr 2011, pp. 2832-2838, ISSN: 0975-5462, 2011. [22] Saetang W., & Charoenpanyasak S., CAODV Free Blackhole Attack in Ad Hoc Networks, International Conference on Computer Networks and Communication Systems, IPCSIT vol.35, pp. 63- 68, 2012. [23] Sharma M., Khare S., Dixit N. & Agrawal S., Security in Routing Protocol to Avoid Threat of Black Hole Attack in MANET,VSRD-IJEECE,Vol. 2 (6), pages 385-390, 2012. [24] Jhaveri R., Patel S., & Jinwala D., ANovel Approach for Gray Hole and BlackHole Attacks in Mobile Adhoc Networks, Second International Conference on Advanced Computing & Communication Technologies, 2012. [25] Umaparvathi M., & Varughese D., Two Tier Secure AODV against Black Hole Attack in MANETs, European Journal of Scientific Research ISSN 1450-216X Vol.72 No.3 (2012), pp. 369-382, 2012.
11
[26] Kshirsagar, D.; & Patil, A., Blackhole attack detection and prevention by real time monitoring, in Computing, Communications and Networking Technologies (ICCCNT),2013 Fourth International Conference on , vol., no., pp.1-5, 4-6 July 2013. [27] Tan S., & Kim K., Secure route discovery for preventing Blackhole attacks on AODV-based MANET, IEEE, 2013 [28] Bani-Yassein M., Khamayseh Y., & Nawafleh B., Improved AODV Protocol to Detect and Avoid Black Hole Nodes in MANETs, The Sixth International Conference on Future Computational Technologies and Applications, ISBN: 978-1-61208-339-1, 2014. [29] Divecha B., Abraham A., Grosan G., & Sanyal S., Impact of Node Mobility on MANET Routing Protocols Models, Journal of Digital Information Management, 4(1), pages 19-23, 2007. [30] Jerome H., Filali F., & Bonnet C., Mobility models for vehicular ad hoc networks: a survey and taxonomy, Communications Surveys & Tutorials, IEEE 14, pp: 19-41, 2009. [31] Guolong L., Noubir G., & Rajaraman R., Mobility models for ad hoc network simulation, INFOCOM 2004. Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies. Vol. 1. IEEE, 2004. [32] Heydari, V. & Yoo, SM., E2EACK: an end-to-end acknowledgment-based scheme against collusion black hole and slander attacks in MANETs, Wireless Networks (2016) 22: 2259. doi:10.1007/s11276-015-1098-6 [33] Vijaya Kumar Kollati & Somasundaram K., IBFWA: Integrated Bloom Filter in Watchdog Algorithm for hybrid black hole attack detection in MANET, Information Security Journal: A Global Perspective Vol. 26 , Iss. 1,2017. DOI: http://dx.doi.org/10.1080/19393555.2016.1274805. [34] Aljawarneh, Shadi, Monther Aldwairi, and Muneer Bani Yasin. "Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model." Journal of Computational Science (2017). [35] Aljawarneh, Shadi, Muneer Bani Yassein and Weam Telafeh. "A resource-efficient encryption algorithm for multimedia big data." Multimedia Tools and Applications (2017): 1-22. [36] Aljawarneh, Shadi A., Raja A. Moftah, and Abdelsalam M. Maatuk. "Investigations of automatic methods for detecting the polymorphic worms signatures." Future Generation Computer Systems 60 (2016): 67-77.
12
SOURCE NODE SIDE Step 1: While (Number of route replies < 2) Store the RREP into observer table Step 2: When the source have two RREP 1- Send data packets using the first RREP to the destination 2- Send ROBS control packet to the node from the second RREP (observer) Step 3: //Check if the target node is a black hole or not If(REOS = TRUE & target node not send RERR) The target node is a black hole Send a new RREQ Else If(REOS = TRUE & target node send RERR) Send a new RREQ Step 4: This process will be repeated until the data delivered to destination Figure 1.a: The proposed algorithm (Source node side) OBSERVATION NODE SIDE Step 1: While (Number of NL > 0) { If(target_node is in NL list) If(target_node sent data packets) Send a new ROBS to a new observer Else Send REOS } Return not found in NL Figure 1.b: The proposed algorithm (Observer node side)
Packet Delivery Ratio (%)
3 Black Hole/10 Pause
Black hole MI-Alg SuspectAlg
number of nodes
Figure 2: Delivery ratio Three Black Hole, 10 Pause, Sparse Network
13
3 Black Hole/10 Pause
Black hole
Packet Delivery Ratio (%)
MI-Alg SuspectAlg
number of nodes Figure 3: Delivery ratio, Three Black Hole, 10 Pause, dense network
Packet Delivery Ratio (%)
3 Black Hole/0 Pause
Black hole MI-Alg SuspectAlg
number of nodes
Figure 4: Delivery ratio, Three Black Hole, 0 Pause, Sparse Network
Packet Delivery Ratio (%)
3 Black Hole/0 Pause
Black hole MI-Alg SuspectAlg
number of nodes
14
Figure 5: Delivery ratio, Three Black hole, 0 Pause, Dense Network
Figure 6: Dropped Packet Ratio, Three Black Holes, 0 Paused, Sparse Network
Figure 7: Dropped Packet ratio, Three Black Hole, 0 Pause, Dense Network
15
Figure 8: Dropped Packet ratio, Three Black Hole, 0 Pause, Sparse Network
Figure 9: Dropped Packet ratio, Three Black Hole, 10 Pause, Dense Network
16
Figure 10: Overhead, Three Black hole, 0 Pause, Sparse Network
Figure 11: Overhead, Three Black Holes, 0 Pauses, Dense Network
Figure 12: Overhead, Three Black Holes, 10 Pauses, Sparse Network
17
Figure 13: Overhead, Three Black Holes, 10 Pause, Dense Network
Figure 14: End to End Delay, Three Black Holes, 0 Pause, Sparse Network
18
Figure 15: End to End Delay, Three Black Holes, 0 Pause, Dense Network
Figure 16: End to End Delay, Three Black Holes, 10 Pause, Sparse Network
Figure 17: End to End Delay, Three Black Holes, 10 Pause, Dense Network
19
Figure 18: Delivery ratio, Six Black Hole, 0 Pause
Figure 19: Delivery ratio, Six Black Hole, 10 Pause
Figure 20: Delivery ratio, Six Black Hole, 0 Pause
20
Figure 21: Delivery ratio, Six Black Hole, 10 Pause
Figure 22: Overhead, Six Black Hole, 0 Pause
Figure 23: Overhead, Six Black Holes, 10 Pause
21
Figure 24: End to End Delay, Six Black Holes, 0 Pause
Figure 25: End to End Delay, Six Black Holes, 10 Pause
22
Table 1: Simulation parameters Parameter
Value
Simulator
Qualnet 5.2
Simulation time
800 second
Simulation area
1000m × 1000m
Number of nodes
20, 30, 40, 75,100, and 125
Mobility model
Random waypoint
Minimum speed
0 meter/second
Maximum speed
10 meter/second
Pause time
0 , 10
MAC protocol
IEEE 802.11
Data packet size
512 byte
Radio range
250m
Bandwidth
2 Mb/s
Table 2: Scenarios under three black holes Number of Scenarios
Scenarios Description
1
Sparse Network with Low Mobility
2
Sparse Network with High Mobility
3
Dense Network with Low Mobility
4
Dense Network with High Mobility
Table 3: Scenarios under six black holes Number of Scenarios
Scenarios Description
1
Dense Network with Low Mobility
2
Dense Network with High Mobility
23
S2210-5379(17)30024-0 http://dx.doi.org/doi:10.1016/j.suscom.2017.07.001 SUSCOM 175
To appear in: Received date: Revised date: Accepted date:
6-2-2017 5-6-2017 7-7-2017
Please cite this article as: Yaser M.Khamayseh, Shadi A.Aljawarneh, Alaa Ebrahim Asaad, Ensuring Survivability against Black Hole Attacks in MANETS for Preserving Energy Efficiency, Sustainable Computing: Informatics and Systemshttp://dx.doi.org/10.1016/j.suscom.2017.07.001 This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.
Ensuring Survivability against Black Hole Attacks in MANETS for Preserving Energy Efficiency Yaser M. Khamayseh, Shadi A. Aljawarneh, Alaa Ebrahim Asaad Faculty of Computer and Information Technology Jordan University of Science and Technology Irbid, 22110, Jordan [email protected], [email protected], [email protected]
Highlights
This work proposes a novel and efficient detection mechanism. The proposed mechanism requires a minimal change to the routing protocol and a minimal overhead to the network. In the proposed algorithm, the source node employs other nodes in the network (called observer node) to detect if the transmission of data packets to next hop is carried. In case of error, the observer node sends an error message (namely, OERR) to the source node. Upon receiving an OERR, The source node marks the observed intermediate node as a black hole. The performance of the proposed scheme is evaluated using simulation. The obtained results indicate the superiority of the proposed scheme. For example, the proposed algorithm enhances the delivery ratio in dense networks by 45.6% and in by 41% in sparse networks. Moreover, it enhances the dropped packet in dense networks by 75%, and by 63% in sparse networks.
Abstract: Due to its scarce energy sources, and the open nature of transmissions in wireless environments, the wide spread of MANETs is challenged by many factors. Energy efficiency and security issues are considered of the utmost factors, security threats are represented by many attacks, one of which is the vicious Black Hole Attack. In Black Hole Attack, malicious nodes try to engage in as many active connections as possible to jeopardize the scarce network resources. To engage in a connection, during the route discover process, the malicious node sends a prompt route reply message to the source node to acknowledge it has an active route to the destination node, and when it receives the data packets it will simply drop it. Black holes jeopardize the network performance in terms of packet delivery ratio and number of dropped packets. Detecting and neutralizing black hole node is an important task to utilize the network resources efficiently. Network devices spend more than 80% of its available power on communication rather than on processing. Designing an energy-efficient detection scheme is vital to prolong the network lifetime as it reduces the amount of traffic transmitted in the network. The proposed mechanism requires a minimal change to the routing protocol and a minimal overhead to the network. The proposed scheme benefits from the open transmission nature of wireless devices (i.e. minimizing energy consumption) and tries to build a cooperative environment to monitor and observe the behaviour of on-going transmission. In the proposed algorithm, the source node utilizes other nodes in the network (called observer node) to detect if the transmission of data packets to next hop is carried. In case of error, the observer node sends an error message (namely, OERR) to the source node. Upon receiving a repetitive OERR messages, the source node marks the observed intermediate node as a black hole. The performance of the proposed scheme is evaluated using simulation. The obtained results indicate the superiority of the proposed scheme. For example, the proposed algorithm enhances the delivery ratio in dense networks by 45.6% and in by 41% in sparse networks. Moreover, it enhances the dropped packet in dense networks by 75%, and by 63% in sparse networks.
Keywords: MANET; black hole attack; observer; simulation; energy efficiency.
1
Introduction
Wireless networks are widely spread and used for their convenience, and affordability. Nodes can move freely without the need for extensive infrastructure or cables [1]. Saying that, there are two main components of wireless networks: (1) a wireless router (or access point), and (2) some wireless clients [2]. Wireless networks have several advantages, including: convenience, mobility, easy setup, expandability, and low cost [3]. There are several types of wireless networks such as Wireless Wide Area Network (WWAN), Wireless Local Area Network (WLAN), Wireless Personal Area Network (WPAN), and Mobile Ad hoc Networks (MANET) [1][4]. Generally, MANETs are characterized by the following characteristics: Dynamic topology, multi-hop routing, no centralized point, (power, memory)-Light-weight terminals, shared physical medium, high user density, high degree of users’ mobility, scalable, nodes are free to move in and out of the network, and limited security [5][34]-[36].
1
MANET is a network that consists of wireless devices that communicate with each other when needed. Each node operates in three different modes: sensing, computation and communication. In one hand, communication mode consumes most of the battery energy; on the other hand, sensing mode consumes the least of the battery energy. The amount of energy consumed in the communication mode depends mainly on the range of transmission (i.e., distance) which grows exponentially with the signal propagation. Transmission and reception of data in wireless nodes is executed by the radio module. The energy is consumed to serve communication between nodes. In the first order model, the energy consumed to send k-bit message for a distance d between any two nodes (ETX) is calculated as:
E TX (k , d ) k ( Eelec Eamp d n ) Where, Eamp is the energy consumed by the amplifier circuit to send one bit to an area of radius d = 1 meter. The value of Eamp depends on the distance between the source and the destination nodes. There are 2 possible cases: 1.
distance d < d0 between any two nodes, the energy consumed is:
E TX (k , d ) k ( Eelec fs d 2 ) 2.
distance d ≥ d0 between any two nodes, the energy consumed is:
E TX (k , d ) k ( Eelec mf d 4 ) On the other hand, the energy consumed to receive a k-bit message (ERX) is:
ERX (k ) k Eelec Where d0 is a threshold distance that depends on environment conditions, ϵfs is free space model, and ϵmp is multipath model. To save energy, both the transmit module (Transmit Electronics and Tx Amplifier) and the receiver module (Receive Electronics) are activated only if there is data to be sent or received, otherwise they go to low-power sleep mode. Hence, it is essential for the design of any protocol for MANETs to consider the energy limitations. Motivated by these observations, the design of the proposed scheme focuses on the following aspects: Increasing the sensing operations for nodes (observation task) Limit the transmission range MANET has no infrastructure and clients moves freely. Nodes mobility leads to frequent and dynamic changes in the network topology. MANET’s characteristics impose several security attacks, such as Black hole attack [2][5]. In Black Hole Attack, malicious nodes try to engage in as many active connections as possible to jeopardize the scarce network resources. To engage in a connection, upon receiving a route request (RREQ) message, the malicious node sends a prompt route reply (RREP) message with high sequence number to the source node to acknowledge it has an active route to the destination node. Once, the source node receives the malicious node’s RREP message, it will eliminate all RREPs coming from non-malicious nodes. The source node will forward its data packet to the destination through the malicious node. Once the malicious node receives these packets, it will simply drop them [4]. This work proposes a mechanism to solve this problem without depending on the behavior of internal nodes when choosing the malicious node to avoid any potential errors. A detecting and neutralizing black hole node is an important task to utilize the network resources efficiently. This work proposes a novel and efficient detection mechanism. The proposed mechanism requires a minimal change to the routing protocol and a minimal overhead to the network. In the proposed algorithm, the source node employs other nodes in the network (called observer node) to detect if the transmission of data packets to next hop is carried. In case of error, the observer node sends an error message (namely, OERR) to the source node. Upon receiving an OERR, The source node marks the observed intermediate node as a black hole. This paper consists of four more sections: Section 2 presents the literature review. It gives the theoretical framework and related studies on the topic. Section 3 describes the methodology of the study and the proposed algorithm. Section 4 presents and discusses the obtained simulation results. Finally, the paper is concluded in Section 5.
2
Literature Review
Routing protocols are a set of procedures to find an efficient path to send packet from the source to the destination. Efficient path concept is not constant; it relies on the network’s need [6]. The efficiency can be measured by using some various metrics such as the fastest replay, number of hops count (maximum/minimum), and security. The
2
characteristic of MANET requires a new demand to be achieved, and that is the high performance in communication between nodes in the network. MANET routing protocols are categorized into [6][7]: Proactive protocols (DSDV, OLSR, OSPF, FSR, FSLS, TBRPF). Reactive protocols (AODV, DSR). Hybrid protocols (ZRP).
Black Hole Attack In AODV protocol, there are two types of attacks: Internal and External attacks. In internal attacks, the malicious node is part of the network, and advertises itself as a part of the path to the destination. This kind of attacks is hard to detect and can easily deteriorate the network’s scarce resources [8] [9]. A Blake Hole attack depends on its malicious node. This node joins the MANET network and receives the RREQ message, as any other node in the network, but it always changes its routing table with delusive sequence number for any destination and makes it the biggest one. They, nevertheless, put the less hop count to the destination [9]. They send fast RREP with highest sequence and less hop count to the destination; that is why the source transmits the data packet to the malicious node and it drops or re-forward data packet to an unknown node [3][8]. The malicious node in internal black hole attack is located between the source and the destination. It attempts to be part of the data routes; and it is part of the network nodes [9][10]. This kind of attacks is hard to detect and can easily deteriorate the network’s scarce resources [3][7]. In external black hole attacks [9], the malicious node stands outside the route between the source and the destination; it selects one of its neighbours, closes to the source node, and sends spurious RREP packet with less hop count and maximum sequence number [10].
3
Related Works
The authors in [11] improved the original Ad hoc On Demand Distance Vector (AODV) routing protocol to avoid the cooperative black hole attacks, by gathering the RREP massages in a table. They assume that all nodes in the network are trusted, and every node sends its trusted level of carrying the destination with the RREP massage; if the trusted level equals to zero, then this node is malicious. Gathering the RREP packet in table needs storage and increases the delay in the network. The work in [12] enhanced the original Ad hoc On Demand Distance Vector (AODV) routing protocol to add extra level of security in MANET, using two steps: the first one is collecting all RREP massages that come to the source node in table with the time they come on it; and the second is removing the RREP message that has higher destination sequence number and it is faster, then they use the next path to send the data. If the link breakage does not need to restart this operation, it just uses another path in the stored table. When the intermediate node sends RREP, it sends the path with it. This approach enhances the AODV performance. Mistry et al. improved the security; however, the delay is increased as the source node needs to wait for RREP packets before sending data over the selected path. In [13], the proposed ABM method implemented with two tables: RQ and SN tables, in addition to IDS scheme to solve the Black Hole attack. It stores all malicious nodes in Black table. The RQ table stores all RREP from the neighbor IDS node. The SN table stores the node that is not trusted by the neighbours, and this node does not forward the RREQ message to its neighbor, and it sends RREP message to the source. It has the doubtful value that if increased, it becomes larger than the threshold, then it is a malicious and it sends to all neighbours to block it from the network. This method decreases the packet loose to 128%, and it increases the delay in comparison to the original AODV. The authors in [14] updated the node structure by adding trust table to every node in the network and field to the RREP message. This field gives indication about the trust of the node, and how to send the RREP massage. If trust field value equals 1 or 2, then the source trusts the next hop; otherwise, the source sends packet on another RREP. The node sends the RREP message, assignee the trust field to zero if it is the intermediate nod to the destination, but if it is the destination then the value is two, the previous hop can make it 1 to insert any node in trusted table, then it needs to send the behavior analysis to the neighbor by broadcast it. This way increases the throughput and data ratio in the network. In this algorithm the delay and the over head have increased. The work in [15] prevented the black hole by adding to table one of the malicious, which is rrep_table, and the second for saving the RREP message. Furthermore, they have identified the rt_upd value to control the updating on the routing table. When the source receives the RREP massage, the routing table updates with high performance of malicious node, and the rt_upd changes to true. The source will use the second RREP message to send the data. This method is named ERDA, it is simple and solves the false route entry, but it does not solve the Black Hole efficiently. Waiting time period that the source node spends in the route discovery phase makes a latency time in this phase.
3
The authors in [16] used the sequence number in the RREP message. They receive the RREP message by using the preprocessing function that is called Pre_Process_RREP. This process also involves Compare_PKts to compare the two sequence number in RREP message. If the difference between them is not too large, then the source will use the RREP, which contains the largest one. Otherwise, if the difference is very large, then the largest one is a malicious node and pushing it to the malicious list. This method is simple but does not work when the malicious nodes cooperate with each other. In Watchdog’s approach [17], every node in the network listens to the entire packets sent by the neighbours, and stores data in two tables, which is the pending packet table and the node rating table. In this case, the data packet do not get lost; the intermediate node can make repairing to any node when found the malicious has dropped the data. There is a threshold used to determine the number of data packet transmits from every neighbor node; depending on this threshold, the node judgment is made to determine whether the neighbor is malicious node or not. [18] proposed an Encrypted Verification Method (EVM) that is used to find the Black Hole attack. The source sends encrypted insurance message when it receives the RREP message from the dubious node to ensure that the node is trusted. This method decreases the overhead in the network, and ensures that the sequence number is not hacking from the malicious node. Based on the DRI table, the source decides the reliability of IN, and this is done by checking its DRI table. If IN is reliable, then data is sent through it; otherwise, the source asks its neighbours about it to determine if IN is a black hole or not. The work in [19] enhanced the original AODV protocol and proposed ISDAODV protocol. The ISDAODV protocol checks the minimum path and maximum destination sequence number in the RREP message. It discards the first RREP from the black hole node, and takes the second RREP packet. The work in [20] prevented the black hole using the sequence number. All nodes have a Route Reply Table (RRT), the source node save all RREP packet, receives and saves the node sending this RREP in the RRT; the order depends on receiving time, which is first come first saved. Then the source checks the sequence number of first one on RRT with the sequence number in the source node. If the sequence number in the first node in RRT is more enormous than the sequence in the source node, then this is malicious and dropped from the RRT. Then, the source will send the packet to use the path with highest sequence number in RRT, whose order depends on the sequence number of the destination. Although they increase the data ratio, they depend on the behavior of the node when they use the high sequence number to define the malicious node. In [21], the authors propose a solution to solve black hole attack problem by adding two bits to the route replay packet (RREP), in order to determine whether the intermediate node (IN) is reliable or not. The first bit gives indication about an IN routed information from the source; the second bit is used to check whether the source send data through the IN, and stores the two bits in Data Routing Information (DRI) table in each node. [22] trusts the node by calculating credit value in AODV phases. The source as usual sends RREQ message to find the active route to the destination (next hop); the credit value assigned from the node initiates the RREP message as calculated by the equation below, the source then checks the credit before sending the packet. Every node forwards the packet to decrease credit by one. When the destination receives the packet, it sends credit acknowledgment to the source; this credit is not the same credit that is received with the packet; every node that forwards the CACK will increase the credit by two. Source checks the credit that is appending with the acknowledgment to define the trust of the next hop, if the credit is equal to zero, then it is malicious and pushes it to black list. This method is getting a high throughput in ratio 40% when compared with the original AODV protocol, and does not use more bandwidth than the original AODV, but it increases the overhead on the network. [23] proposed a simple approach to prevent the Black Hole attack. That is done by using a Timer Expired Table to collect all RREP messages that comes from the neighbor nodes. The source node compares all RREP, receives and defines which one is malicious node, and the path that is to be used to send the data to the destination. This method improves the efficient of AODV work, but it imposes high delay. [24] have tried to find the malicious node in the route discovery phase, not after sending the data packet. They calculated the peak value which contains the sequence number in the routing table, number of RREP messages during the time interval and the sequence number coming from the RREP message. And they have highlighted that in cases where the RREP sequence number is larger than the Peak value then this node is malicious. The source node pushes all malicious nodes in list and sends it with the RREQ message to its entire neighbor to update its malicious table. This method is not implemented yet, but it also suggests solution for a single black hole by using the sequence number. The authors in [25] assume that there is a symmetric key between any two node connections in the network. The TTSAODV protocol, this protocol is a modification of AODV protocol, has two levels of security that is in the discovery phase and in sending the data phase. In this case, discovery of Black Hole occurs when the source detects the path; otherwise, when sending the data packet. In [26], the authors present a Real Time Monitoring method to find malicious node by using two counters, this counter is Fcount and Rcount generated by the neighbor’s node of the node which initiate the RREP message. When any node generates the RREP message, then its node pushes it in suspected list. The neighbor listens to suspect node if they send a packet then the neighbor will increase the Rcount. If the neighbor forwards the packet to suspect node, the neighbor increases the Fcount.
4
Source node sends the packet using the path after RREP is received in order to discover whether this node is malicious or not. The neighbor node checks the two counters, when the Fcount equal threshold and the Rcount is zero, then this suspect node is malicious node and they will block it from the network. Real Time Monitoring method solves only the single black hole, and increases the delay and overhead. The work in [27] examined many scenarios of reaching the threshold of sequence number. The source checks this threshold before accepting the RREP message from the neighbor, and the destination checks it before dealing with the RREQ message. The node which sends the RREP message that is larger than the threshold is blocks from the network because it is a malicious node. The destination checks the threshold before putting the destination sequence number. As in [6], researchers depend on the sequence number to determine whether the node is a black hole or not. In [28], the authors build two tables suspect and black list tables in the structure of each node in the network. The suspect table saves all nodes that send RREP message to the source, and how many times the path failure has occurred. The source knows that it is path failure when the data that is sent to the destination has not received the acknowledgment message, which contain one bit getting 0 or 1. If the destination receives the data packet, the value of the acknowledgment will be one; or, otherwise, it is zero. The black list table saves all malicious nodes. The source decides whether this is malicious or not by using the number of failure in the suspect table. If the number of failure overrides the threshold, then it is malicious. This method enhances the delivery ratio and decreases the dropped packet, but they increase the delay. The work in [32] proposed E2EACK algorithm to detect both black hole and slander attacks in MANETs using ACKnowledgment packets. The ACK packets are cyphered using Message Authentication Code (MAC) to preserve its integrity. The authors in [33] proposed IBFWA algorithm that combines both Bloom filter and watchdog algorithm. However, both [32] and [33] techniques, while achieving reasonable performance in detecting black holes, they require extra work for encrypting the sent messages [32], or an external Certificate Authority (CA) to key generation. Some researchers tried to solve the black hole attack, using the behavior of the internal node. However, a node may behave as a malicious node by chance, but it is not malicious. In this case, eliminate these nodes from the network is unfair. Other method defines some values to measure the trustiness of the next hop node. But this method may have some of shortcomings, including: making high overhead on the network, increasing the end to end delay, or working on just one malicious node. On the other hand, some of such methods solve the black hole when having one malicious node only. The proposed method in the present study tries to solve the black hole attack in the case of having many malicious nodes, without depending on the behavior of the nod to prevent any mistakes that may happen when finding the malicious node.
4
Proposed Methodology
The main idea of the proposed scheme is to build a cooperative environment utilizing the open transmission nature of wireless networks to detect black holes. For each route request, the source node saves the first two route replies coming from the destination. The function of the first path is usually to transmit the data packet; while the second path is used as an observer to check whether the nodes in the first RREP send the data packets to the next hop until they reach the destination. When the source node receives a RREP, it will transmit the data packets to the next hop. Simultaneously, it will send a new control packet, called Route Observer message (ROBS), to the first node in the second RREP that is saved before checking the next hop in the first RREP; if it sends the data packets or not, the node checks another node, namely, Observer. When the observer node receives ROBS message from the source node, it checks the next hop node of the source, whether it is in the neighbours list or not. If it is a neighbor, the observer will check the list of nodes that sent the data packets to the next hop in the first RREP. This will return to be true if the node sent data packets; otherwise, it will return false. If the next hop node sent the data packets to a next hop found by the observer, it would send an ROBS to a new observer. The previous observer would search for a new observer where the new next hop that receives the data packets must be a neighbor of the new observer. Then, the new observer will check the next hop, for whether it sent the data or not. This process will be repeated until verifying whether the data is delivered to the destination or not. In this process, if the observer discovers a node that does not send the data packets to the next hop, it will generate a Route Error Observer (REOS) message and will send it back to the source to check if this node is a black hole node or not. When the source receives REOS, it will check if it receives a RERR from next hop node or not. If it receives an RERR before (not a black hole), it will try to recover the problem (AODV algorithm – link failure). If it does not receive any RERR, it will save this node as a black hole and sends RREQ to discover a new route to destination. When any node tries to send data, or receive a RREP from a node, it will check first if this node is in the black hole list or not. If the node is a black hole, then the node will ignore any information received from this node.
5
The Proposed Algorithm In the proposed algorithm, the researcher updates the AODV data structures and also adds three new lists. The first one is to save the two RREPs (AodvobsInfo), the second one is for all neighbours, and the third one is for the black hole nodes. Moreover, a global list is to save all nodes that transmit data packets. The proposed algorithm is depicted in Figure 1. The algorithm is divided into 2 sides: source node side that runs on the source node, and observation node side that runs on the observation node. The source node side requires 4 steps as follows: First, the source node waits until it receives the first two RREP and stores them. Second, it is using the first RREP to send Data packet as usual in the original AODV protocol and the second RREP to send the ROBS control packet. Third, the source will check if the eternal node is a malicious or not through checking the RERR received from it. Finally, this mechanism is repeated until the destination node received the Data packet. For the observation node side, when the node receives the ROBS packet they check if the target nod is in its Neighbour List (NL). If not, it will send “not found” in NL to the source; otherwise, it will check whether this nod transmits the data packet or not. If the data is transmitted, new ROBS packet will be sent (i.e., generate new observation node); if data is not transmitted, REOS will be sent to the source.
5
Results & Discussions
The purpose of this study is to prevent or limit Black Hole attacks against MANETs, and to ensure the survivability of MANET nodes against the black holes. To evaluate the performance of the proposed scheme, several simulation experiments were conducted for different scenarios using Qualnet. OBSA examines sparse networks in many scenarios (20 nodes, 30 nodes, and 40 nodes). The nodes speed range is 0-10 meter per second, using Random Waypoint mobility model [29][30][31]. The bandwidth is 2MB/s and nodes are distributed randomly in a rectangular area 1000*1000m. Simulation time is set to 800 seconds. The dense networks tested using 75 nodes, 100 nodes and 125 nodes under the same environment of sparse network. Table 1 lists simulation parameters. Several scenarios are examined. The first one is sparse network under high mobility (average pause time = 0 seconds) and low mobility (average pause time = 10 seconds). The second scenario is dense network with high mobility (average pause time = 0) and low mobility (average pause time = 10 seconds). All scenarios were applied under three Black holes, except the dense networks which were applied under six black holes as well. All these scenarios were applied in three Black holes, as listed in Table 2: The performance of OBSA was compared against the performance of three state of the art schemes for all possible scenarios. Original AODV, MI-AODV, and suspect protocol. The Scenarios under six Black holes are demonstrated below in Table 3. The Suspect-based protocol, MI-AODV protocol, and OBSA are analysed using four matrices: Overhead, End to End Delay, Delivery Ratio and Dropped packet. The obtained simulation results for all schemes are listed next for the following performance metrics: packet delivery ratio, dropped packet ratio, overhead, and end to end delay. The results are presented for 2 scenarios: 3 clack holes and 6 black holes.
1. Three Black Hole Scenario Delivery ratio is the ratio between the numbers of received packets over numbers of sent packets; it gives indication about the performance of the network. In the AODV protocol with three Black holes, the delivery ratio is low when compared with the three modified AODV protocols. In Figure 2, the PDR in four protocols are presented in sparse network with low mobility. The MI-algo is presented in blue line, the Suspect protocol is in yellow line, Black hole protocol is in black line, and the protocol (OBSA) is in pink line. In original AODV protocol with three Black holes, the PDR decreases when the number of node increases. That is because the probability of Black hole catching RREQ packets increases. Furthermore, the number of neighbours surrounded by black hole node increases, and thus, the communication between them increases, giving the Black hole nodes more chance to cheat more nodes. Figure 2 shows a growth of PDR in OBSA, which is because that neighbours who work as observer is nearer than the large number of neighbor nodes. This gives them more chance to find the node and to observe it in its routing table. The delivery ratio improvement in the three protocols is calculated using the following equation. PDRImprovment = (PDRUpdated– PDROriginal)/( PDRUpdated) …….1 The PDR improvement in Suspect protocol is 12%. In MI-algo, it reaches 20.9%, however, in the proposed OBSA the improvement is up to 41.1%. The PDR results for dense network and low mobility scenario are presented in Figure 3.
6
In Figure 3, the delivery ratio decreases when the number of node increases. This is because the chance of Black hole node to catch more RREQ packet increases. The OBSA depends on the neighbor of observer node; so that, when the number of node in the network increases, then the number of neighbor beside the observer node will increase. Thus, the chance to observe the node that sends the data packet will grow, as shown in Figure 19 when the PDR in OBSA is seen increasing with node increase. The Packet delivery ratio improvement in Suspect scheme is -16%, which indicate that the algorithm is not efficient in large dense network with three Black holes. MI-algo improves the PDR by 7.5%, and this improvement makes it better than Suspect scheme but not efficient enough. In OBSA, the improvement reaches 41.6%, and that makes the proposed scheme better than the two algorithms in dense network with three Black holes. Results for sparse networks with high mobility are shown in Figure 4. In Figure 4, the decrease in PDR in original AODV with Black hole appears when the number of nodes increases. There appears to have the ability to communicate with more nodes and catch more RREG packet, hence, drop more data packets. In case of increasing node numbers, the high mobility decreases the PDR because of the frequent changes in the neighbour nodes positions, hence, the observer cannot catch the node that is needed to observe it all the time. Suspect algorithm improves the PDR by 16.5%, MI-algo improves the PDR by 24.9 is better than Suspect algorithm. OBSA improves the packet delivery ratio by 41%. In Figure 5, the delivery ratio is depicted for dense network with high mobility . Figure 5 shows that OBSA achieves higher PDR in comparison with the other three protocols. The high mobility affected the result because of the high node movement. Nevertheless, the OBSA is still better than the three protocols. The improvement of the proposed scheme proves that OBSA is still more efficient than MI and Suspect algorithms. The PDR improvement in OBSA is 45.6% but in MI-algo is -21% and in Suspect algorithm is 8.6%, respectively. The two algorithms are not at their best rate in three Black holes with high mobility. Figure 6 shows the dropped packets ratio in sparse network with high mobility; the Black hole protocol dropped the data packet, so when the number of nodes increased, the ability to catch more RREQ packet increased, hence, the number of dropped packet increases. In OBSA, the DPR decreased because of the ability of this algorithm to catch more Black hole nodes, and it would increase with the increase in the number of nodes. The proposed method decreases the number of dropped packet when it observes the nodes that has data packets, and finds the Black hole nodes then resends the data in new secure route. The improvement in dropped ratio in Suspect method is 17.4%, in MI-algo the improvement increases to become 29.6%, and in the proposed method OBSA reaches 60.5%. Figure 7 shows the dropped packet in dense network with high mobility. The OBSA decreased the drooped packet ratio significantly in comparison to the other protocols. That is because the data packet almost received to the destination, and because the observer works in dense network. The observer node is surrounded by a large number of nodes which makes it work efficiently. The proposed method improved the dropped packet ratio at 76.5%, and this is very good result compared with the other two methods. The other two methods didn’t improve the drooped packet ratio. Figure 8 shows the dropped ratio in sparse network with low mobility. The two protocols enhance the dropped packet ratio by decreasing it to a low level. But in OBSA the enhancement increases when the number of nodes increases. The proposed schemes enhanced the improvement of DPR to reach 63%, MI-algo enhanced it to be 24% and Suspect algorithms also enhanced it to reach 11%. In Figure 9, the dense network with low mobility results are shown. The proposed method decreased the dropped packet because it has been noticed that the delivery packet increases when the number of nodes
7
increases. Other methods also decreased the dropped packet. The improvement increases in the proposed OBSA to reach 75.72%, in MI-algo and Suspect algorithm it did not improve the dropped packet ratio. Figure 10 shows the overhead in sparse network and high mobility through comparing the four protocols. OBSA is the proposed method, MI-algo and Suspect algorithm enhanced the overhead. In Figure 10, the proposed method achieved lower overhead that the other 3 protocols. OBSA enhanced the overhead because the data packet received increased significantly as the number of nodes increased. When the node finds the forwarded node in its neighbor, they check whether they sent the data packet or not; and when the number of nodes increases, then the chance to be the forwarded node in its neighbour increases. OBSA improves the overhead to become 63.64%, MI-algo also improves the overhead at 28.31% and Suspect scheme overhead improvement is at 11.17%. In Figure 11, the overhead shows in dense network and high mobility. In dense network the proposed method outperforms the other techniques. The overhead increases when the number of nodes increases. In Figure 11, the growth of overhead in the four methods is viewed. The improvement increases in the three methods, as follows: OBSA improvement = 92.3%, MI-algo improvement = 38.53%, and Suspect algorithm improvement = 6.53%. Figure 12 depicts the overhead in sparse network and low mobility. The improvement increases in the three methods, as follows: OBSA improvement = 61.68%, MI-algo improvement = 32.16%, and Suspect algorithm improvement = 20.77%. Low mobility and dense network overhead results are shown in Figure 13. OBSA improves the overhead by 95.25%, and MI-algo by 30.58%, in Suspect algorithm, the improvement in overhead is 14.5%. End to end delay is crucial factor in the network as it represents the time needed to transmit the data packet from the source to the destination node. The end to end delay results are depicted in Figures 14 to 17. Figure 14 shows the end to end delay in sparse network with high mobility. The delay in MI-algo and Suspect algorithm is better than in the proposed method. The improvement in end to end delay is as follows: OBSA improvement = 19.13%, MI-algo improvement = -32.74%, and Suspect algorithm improvement= -29.59%. Figure 15 shows the end to end delay in dense network with high mobility. it shows that the proposed method outperforms the three protocols significantly because the proposed OBSA work more efficiently in dense network, the observer node surrounded with large number of neighbours make observe method performs well. The improvement in end to end delay is as follows: OBSA improvement = -33.01%, MI-algo improvement = -75.02%, and Suspect algorithm improvement= -29.373%. Figure 16 depicts the end to end delay in sparse network and low mobility. The improvement increases in the three methods as follows: OBSA improvement = -35.52%, MI-algo improvement = -17.12%, and Suspect algorithm improvement= -69.2%. All of the three algorithms improve the end delay considerably; these protocols got less end delay than the original AODV protocol. However, the Suspect algorithm achieves the best delay results because of its low delivery ratio. Figure 17 below presents the end to end delay in dense network and low mobility. The OBSA got the highest improvement because of the highest number in delivery ratio and less end to end delay. The proposed scheme delay is less than the other three protocols; saying that, the three methods outperform the original AODV protocol. The improvement increases in the three methods as follows: OBSA improvement = -32.63%, MI-algo improvement = -18.4%, and Suspect algorithm improvement= -31.15%.
8
2. Six Black Holes The same setting were used to evaluate the performance of the four algorithms in case of six Black holes, however, the dense network scenarios were only examined under both low and high mobility. Figure 18 shows the PDR results for high mobility scenario. OBSA outperforms the other protocols because the neighbours who can work as observer is high. It gives them more chance to find the node that needs to observe in their routing tables. The improvement increases in the three methods as follows: OBSA improvement = 60.73%, MI-algo improvement = 40.1%, and Suspect algorithm improvement= 47.93%. Figure 19 shows the PDR results for low mobility scenario. The improvement increases in the three methods as follows: OBSA improvement = 59.44%, MI-algo improvement = 38.99%, Suspect algorithm improvement= 45.46%. The OBSA depends on the number of possible observer nodes; that is when the number of nodes in the network increases, then the number of neighbor beside the observer node increases. Hence, the chance to observe the forwarder node that sends the data packet increases. Figure 20 shows the dropped packet results in dense network with high mobility. The OBSA decreased the dropped packet ratio significantly because of having high delivery ratio. The improvement increases in the three methods as follows: OBSA improvement = 89.65 %, MI-algo improvement = 39.15%, Suspect algorithm improvement= 53.96%. Figure 21 shows the dropped packet in dense network with low mobility. Dropped packets results show that the proposed algorithm has the highest improvement. The improvement increases in the three methods as follows: OBSA improvement = 92.4 %, MI-algo improvement = 40.16%, and Suspect algorithm improvement= 52.69%. For overhead results, OBSA enhanced the overhead because the received data packet increases as the number of nodes increased. Figure 22 presents the overhead results in dense network with high mobility. The improvement increases in the three methods as follows: OBSA improvement = 86.92%, MI-algo improvement = 10.71%, and Suspect algorithm improvement = 15.66%. Figure 23 presents the overhead results in sparse network and low mobility. The OBSA outperforms the other protocols because the high delivery ratio in the proposed method (89.65 %). The improvement increases in the three methods as follows: OBSA improvement = 85.9%, MI-algo improvement = 16.21%, and Suspect algorithm improvement = 20.11%. Figure 24 presents the End to End Delay results in dense network with high mobility. OBSA got higher improvement than other protocols. The high mobility and dense network make it possible for the destination to be near to the source node. The improvement increases in the three methods as follows: OBSA improvement = -2.91% (less than the original), MI-algo improvement = -20.57%, and Suspect algorithm improvement = -37.9% Figure 25 presents the End to End Delay results in dense network and high mobility. The delay in the proposed method is less than in other protocols. In this scenario the OBSA got higher performance in all matrices. The improvement increases in the three methods as follows: OBSA improvement = 17.89% (less than the original), MI-algo improvement = -23.9%, and Suspect algorithm improvement = -32.83%. The MI-algo and Suspect algorithm didn’t improve the delay in this scenario.
9
6
Conclusions & Future Work
This study aimed at introducing a method to detect malicious nodes, prevent or limit Black Hole attacks against mobile ad hoc network MANETs, and ensure the survivability of MANET nodes against the black holes. The proposed algorithm is able to detect and prevent the black hole according. A Black Hole attack is a serious security problem that faces MANET. The study has described the nature of black hole attack against a MANET. It is an attack where a malicious node pretends to be a destination node by sending false RREP to a source node which initiates route discovery, and denies data traffic from the source node. The proposed algorithm, namely OBSA, is divided into 2 parts: source node side and observation node side. While many state of the art solutions were proposed to monitor nodes’ behaviours, this algorithm is designed to create a collaborative environment for monitoring and observing transmissions. New messages are needed to be created to implement the proposed solution such as Route Observer (ROBS) and Route Error Observer (REOS) messages. The performance of the proposed scheme was evaluated using simulation. Several scenarios were tested using Qualnet Simulation package. The results were obtained for 2 main scenarios: 3 black holes and 6 black holes. For the 3 black holes’ environment, the simulation examined low and high mobility for both sparse and dense networks. On the other hand, for the 6 holes environment, the simulation examined low and high mobility for dense networks only. Results of the study highlight the superiority of the proposed scheme over some state of the art schemes in terms of packet delivery ratio, dropped packet ratio, and overhead. For example, the proposed algorithm enhances the delivery ratio in dense networks by 45.6% and in sparse networks by 41%. Moreover, it enhances the dropped packet in dense networks by 75%, and in sparse networks by 63%. The proposed scheme introduces some overhead that in fact did affect the performance of the network in particular, packets’ delay, in case of sparse networks. Hence, there is a need to modify the proposed scheme to minimize the packets’ delay without compromising the detection rate of black hole nodes. Moreover, the future modification should consider other types and variations of malicious attacks in MANETs. One possible modification is to use H-MAC technique to ensure message confidentiality. The H-Mac can use the source address, destination address, and message sequence number to encrypt the messages. Furthermore, we propose to use nodes’ energy level in calculating the best transmission and observation paths to further minimize the energy consumptions.
References [1] Camp T., Boleng J., & Davies V., Survey of Mobility Models, Wireless Communication & Mobile Computing (WCMC). Special issue on Mobile Ad Hoc Networking:Research, Trends and Applications, vol. 2, no. 5, pp. 483502, 2002. [2] Singh G., Bindra H., & Sangal A., Performance Analysis of DSR, AODV Routing Protocols based on Wormhole Attack in Mobile Ad-hoc Network, International Journal of Computer Applications (0975 – 8887) , July 2011, Volume 26– No.5, 2011. [3] Irshad U., & Ur Rehman S., Analysis of Black Hole attack on MANETs Using different MANET routing protocols, Master thesis, School of Computing, Blekinge Institute of Technology, Sweden, 2010. [4] McMahon, R., Introduction to Networking. McGraw-Hill Higher Education, 2004. [5] Tseng C., Distributed intrusion detection models for mobile ad hoc networks. Ph.D. thesis, University Of California Davis, 2006. [6] Shrivastava A., Shanmogavel A., Mistry A., Chander N., Patlolla P., & Yadlapalli V., Overview of Routing Protocols in MANET’s and Enhancements in Reactive Protocols." Department of Computer Science Lamar University, Technical report, 2005.
10
[7] Jaspal K., Kulkarni M., & Gupta D., Effect of Black Hole Attack on MANET Routing Protocols, IJ Computer Network and Information Security, 5, pp: 64-72, 2013. [8] Al-Shurman M., Seong-Moo Y., & Seungjin P., Black hole attack in mobile ad hoc networks, Proceedings of the 42nd annual Southeast regional conference. ACM, 2004. [9] Mohebi A., & Simon S., A Survey on Detecting Black-hole Methods in Mobile Ad Hoc Networks, International Journal of Innovative Ideas (IJII) , ISSN: 2232-1942 Vol. 13 No. 2 April – June, 2013. [10] Anu B., Bansal M., & Singh J., Performance analysis of MANET under blackhole attack. NETCOM'09. First International Conference on Networks and Communications. IEEE, 2009. [11] Latha T., & Sankaranarayanan V., Prevention of co-operative black hole attack networks 15, pp: 13-20, 2008.
in MANET, Journal of
[12] Mistry N.., Jinwala D., & Mukesh M., Improving AODV Protocol against Blackhole Attacks, Proceedings of the International MultiConference of Engineers and Computer Scientists. Vol. 2, Hong Kong, 17-19 March, 2010. [13] Su M., Prevention of Selective Black Hole Attacks on Mobile Ad Hoc Networks Through Intrusion Detection Systems, IEEE Computer Communications, vol. 34 issue 1, doi:10.1016/j.comcom.2010.08.007, January, pp. 107117, 2011. [14] Khamayseh Y., Bader A., Mardini W., and BaniYasein M., A New Protocol for Detecting Black Hole Nodes in Ad Hoc Networks, International Journal of Communication Networks and Information Security, Vol. 3, No. 1, April 2011, pp. 36- 4,7, 2011. [15] Kamarularifin A., Ahmad Z., & Manan J., Mitigation of Black Hole Attacks for AODV Routing Protocol, Society of Digital Information and Wireless Communications, Vol. 1, No 2, 2011, pp. 336- 343, 2011. [16] Mandhata S., & Patro S., A Counter Measure to Black Hole Attack on AODV- Based Mobile Ad-Hoc Networks, International Journal of Computer & Communication Technology (IJCCT), Volume 2, Issue 6, pp. 37- 42, 2011. [17] Bhosle A., Thosar T., & Mehatre S., Black-Hole and Wormhole Attack in Routing Protocol AODV in MANET, International Journal of Computer Science, Engineering and Applications (IJCSEA) Vol.2, No.1, February 2012DOI:10.5121/ijcsea.2012.2105 45, 2012. [18] Ahmed F., Yoon S., & Oh H., An Efficient Black Hole Detection Method using an Encrypted Verification Message in Mobile Ad Hoc Networks, International Journal of Security and Its Applications Vol. 6, No. 2, 2012. [19] Ranjeet S., & Tamhankar S., Performance Analysis And Minimization Of Black Hole Attack In MANET. International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue4, JulyAugust 2012, pp.1430-1437, 2012. [20] Pooja Jaiswal & Kumar R., Prevention of Blackhole attack in MANET, IRACST, October 2012. [21] Das R., Purkayastha B., & Das P., Security Measures for Black Hole Attack in MANET: An Approach, International Journal of Engineering Science and Technology (IJEST), Vol. 3 No. 4 Apr 2011, pp. 2832-2838, ISSN: 0975-5462, 2011. [22] Saetang W., & Charoenpanyasak S., CAODV Free Blackhole Attack in Ad Hoc Networks, International Conference on Computer Networks and Communication Systems, IPCSIT vol.35, pp. 63- 68, 2012. [23] Sharma M., Khare S., Dixit N. & Agrawal S., Security in Routing Protocol to Avoid Threat of Black Hole Attack in MANET,VSRD-IJEECE,Vol. 2 (6), pages 385-390, 2012. [24] Jhaveri R., Patel S., & Jinwala D., ANovel Approach for Gray Hole and BlackHole Attacks in Mobile Adhoc Networks, Second International Conference on Advanced Computing & Communication Technologies, 2012. [25] Umaparvathi M., & Varughese D., Two Tier Secure AODV against Black Hole Attack in MANETs, European Journal of Scientific Research ISSN 1450-216X Vol.72 No.3 (2012), pp. 369-382, 2012.
11
[26] Kshirsagar, D.; & Patil, A., Blackhole attack detection and prevention by real time monitoring, in Computing, Communications and Networking Technologies (ICCCNT),2013 Fourth International Conference on , vol., no., pp.1-5, 4-6 July 2013. [27] Tan S., & Kim K., Secure route discovery for preventing Blackhole attacks on AODV-based MANET, IEEE, 2013 [28] Bani-Yassein M., Khamayseh Y., & Nawafleh B., Improved AODV Protocol to Detect and Avoid Black Hole Nodes in MANETs, The Sixth International Conference on Future Computational Technologies and Applications, ISBN: 978-1-61208-339-1, 2014. [29] Divecha B., Abraham A., Grosan G., & Sanyal S., Impact of Node Mobility on MANET Routing Protocols Models, Journal of Digital Information Management, 4(1), pages 19-23, 2007. [30] Jerome H., Filali F., & Bonnet C., Mobility models for vehicular ad hoc networks: a survey and taxonomy, Communications Surveys & Tutorials, IEEE 14, pp: 19-41, 2009. [31] Guolong L., Noubir G., & Rajaraman R., Mobility models for ad hoc network simulation, INFOCOM 2004. Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies. Vol. 1. IEEE, 2004. [32] Heydari, V. & Yoo, SM., E2EACK: an end-to-end acknowledgment-based scheme against collusion black hole and slander attacks in MANETs, Wireless Networks (2016) 22: 2259. doi:10.1007/s11276-015-1098-6 [33] Vijaya Kumar Kollati & Somasundaram K., IBFWA: Integrated Bloom Filter in Watchdog Algorithm for hybrid black hole attack detection in MANET, Information Security Journal: A Global Perspective Vol. 26 , Iss. 1,2017. DOI: http://dx.doi.org/10.1080/19393555.2016.1274805. [34] Aljawarneh, Shadi, Monther Aldwairi, and Muneer Bani Yasin. "Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model." Journal of Computational Science (2017). [35] Aljawarneh, Shadi, Muneer Bani Yassein and Weam Telafeh. "A resource-efficient encryption algorithm for multimedia big data." Multimedia Tools and Applications (2017): 1-22. [36] Aljawarneh, Shadi A., Raja A. Moftah, and Abdelsalam M. Maatuk. "Investigations of automatic methods for detecting the polymorphic worms signatures." Future Generation Computer Systems 60 (2016): 67-77.
12
SOURCE NODE SIDE Step 1: While (Number of route replies < 2) Store the RREP into observer table Step 2: When the source have two RREP 1- Send data packets using the first RREP to the destination 2- Send ROBS control packet to the node from the second RREP (observer) Step 3: //Check if the target node is a black hole or not If(REOS = TRUE & target node not send RERR) The target node is a black hole Send a new RREQ Else If(REOS = TRUE & target node send RERR) Send a new RREQ Step 4: This process will be repeated until the data delivered to destination Figure 1.a: The proposed algorithm (Source node side) OBSERVATION NODE SIDE Step 1: While (Number of NL > 0) { If(target_node is in NL list) If(target_node sent data packets) Send a new ROBS to a new observer Else Send REOS } Return not found in NL Figure 1.b: The proposed algorithm (Observer node side)
Packet Delivery Ratio (%)
3 Black Hole/10 Pause
Black hole MI-Alg SuspectAlg
number of nodes
Figure 2: Delivery ratio Three Black Hole, 10 Pause, Sparse Network
13
3 Black Hole/10 Pause
Black hole
Packet Delivery Ratio (%)
MI-Alg SuspectAlg
number of nodes Figure 3: Delivery ratio, Three Black Hole, 10 Pause, dense network
Packet Delivery Ratio (%)
3 Black Hole/0 Pause
Black hole MI-Alg SuspectAlg
number of nodes
Figure 4: Delivery ratio, Three Black Hole, 0 Pause, Sparse Network
Packet Delivery Ratio (%)
3 Black Hole/0 Pause
Black hole MI-Alg SuspectAlg
number of nodes
14
Figure 5: Delivery ratio, Three Black hole, 0 Pause, Dense Network
Figure 6: Dropped Packet Ratio, Three Black Holes, 0 Paused, Sparse Network
Figure 7: Dropped Packet ratio, Three Black Hole, 0 Pause, Dense Network
15
Figure 8: Dropped Packet ratio, Three Black Hole, 0 Pause, Sparse Network
Figure 9: Dropped Packet ratio, Three Black Hole, 10 Pause, Dense Network
16
Figure 10: Overhead, Three Black hole, 0 Pause, Sparse Network
Figure 11: Overhead, Three Black Holes, 0 Pauses, Dense Network
Figure 12: Overhead, Three Black Holes, 10 Pauses, Sparse Network
17
Figure 13: Overhead, Three Black Holes, 10 Pause, Dense Network
Figure 14: End to End Delay, Three Black Holes, 0 Pause, Sparse Network
18
Figure 15: End to End Delay, Three Black Holes, 0 Pause, Dense Network
Figure 16: End to End Delay, Three Black Holes, 10 Pause, Sparse Network
Figure 17: End to End Delay, Three Black Holes, 10 Pause, Dense Network
19
Figure 18: Delivery ratio, Six Black Hole, 0 Pause
Figure 19: Delivery ratio, Six Black Hole, 10 Pause
Figure 20: Delivery ratio, Six Black Hole, 0 Pause
20
Figure 21: Delivery ratio, Six Black Hole, 10 Pause
Figure 22: Overhead, Six Black Hole, 0 Pause
Figure 23: Overhead, Six Black Holes, 10 Pause
21
Figure 24: End to End Delay, Six Black Holes, 0 Pause
Figure 25: End to End Delay, Six Black Holes, 10 Pause
22
Table 1: Simulation parameters Parameter
Value
Simulator
Qualnet 5.2
Simulation time
800 second
Simulation area
1000m × 1000m
Number of nodes
20, 30, 40, 75,100, and 125
Mobility model
Random waypoint
Minimum speed
0 meter/second
Maximum speed
10 meter/second
Pause time
0 , 10
MAC protocol
IEEE 802.11
Data packet size
512 byte
Radio range
250m
Bandwidth
2 Mb/s
Table 2: Scenarios under three black holes Number of Scenarios
Scenarios Description
1
Sparse Network with Low Mobility
2
Sparse Network with High Mobility
3
Dense Network with Low Mobility
4
Dense Network with High Mobility
Table 3: Scenarios under six black holes Number of Scenarios
Scenarios Description
1
Dense Network with Low Mobility
2
Dense Network with High Mobility
23