International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 2, Issue 4, July August 2013 ISSN 2278-6856

An Implementation and Performance Evaluation of Passive DoS Attack on AODV Routing Protocol in Mobile Ad hoc Networks
E.Suresh Babu1, C.Nagaraju2, MHM Krishna Prasad3
1

Associate Professor& Research Scholar, PACE Institute of Technology & Sciences Ongole. 2 Associate Professor YSR College of Engineering of YV University, Kadapa. 3 Associate Professor JNTU College of Engineering, Kakinada

Abstract: Recently Persuasive computing had led to

development of Mobile Ad Hoc Network (MANET) is a infrastructure less networks that can be formed dynamic, in which each mobile node can act as a router. MANET has no clear line of security, because of open medium, so, it is accessible to both legitimate network users and malicious attackers. In the presence of faulty nodes, one of the main challenges issue in MANET is to design the robust security solution that can protect MANET from various routing attacks. It is essential that the impact of such attacks is wellunderstood before wireless ad hoc networks are used in mission-critical applications. This paper gives hazard analysis, as our experiments measure the effects of attacks that exploit routing vulnerabilities. Our contributions in this paper are twofold. First, we introduce a general model that can be used to drop the packets that characterize a malicious attack and then we apply this model to specific DoS attack scenarios. Second, we present the outcome of a simulation and evaluation study of these DoS attack scenarios in the context of different network nodes using the AODV routing protocol

quickly through intermediate nodes, which the packet must traverse from a source to the destination. Malicious routing attacks can target the routing discovery or maintenance phase by not following the specifications of the routing protocols. There are also attacks that target some particular routing protocols, such as DSR [3] or AODV [2].

2. OVERVIEW PROTOCOL

OF

AODV

ROUTING

Keywords: AODV, Ad hoc Networks, Dos Attack

1. INTRODUCTION:
In [3] a MANET, a collection of mobile hosts with wireless network interfaces form a temporary network without the aid of any fixed infrastructure or centralized administration. A MANET is an autonomous system of mobile nodes. The system may operate in isolation, or may have gateways and interface with a fixed network. Its nodes are equipped with wireless transmitters/receivers using antennas which may be omni-directional (broadcast), highly-directional (point-to-point), or some combination thereof. At a given time, the system can be viewed as a random graph due to the movement of the nodes, their transmitter/receiver coverage patterns, the transmission power levels, and the co-channel interference levels. The network topology may change with time as the nodes move or adjust their transmission and reception parameters. Thus, a MANET has several salient characteristics described in [10] such as dynamic topologies, resource constraints, limited physical security, and no infrastructure. There are a wide variety of attacks that target the weakness of MANET. For example, routing messages are an essential component of mobile network communications, as each packet needs to be passed Volume 2, Issue 4 July August 2013

In[2] EM. Belding-Royer Charles E. Perkins presented an description of the ad hoc on-demand distance-vector (AODV) routing protocol, which is anon-demand routing protocol; all routes are discovered only when needed, and are maintained only as long as they are being used. Routes are discovered through a route discovery cycle, whereby the network nodes are queried in search of a route to the destination node. When a node with a route to the destination is discovered, that route is reported back to the source node that requested the route. AODV was designed to meet the following goals: Minimal control overhead, Minimal processing overhead, Multi-hop path routing capability, Dynamic topology maintenance, Loop prevention.Because resources are scarce in mobile ad hoc networks, AODV attempts to minimize control overhead by eliminating periodic routing updates and utilizing only on-demand messaging. To minimize processing overhead, AODV messages are simple and require little computation. In an ad hoc network, sources and destinations may be out of direct communication range with each other due to the limited transmission range of the wireless medium. Hence, AODV provides nodes with the ability to discover multi-hop paths to destinations and to maintain these paths even when the network topology is continually changing. Routing loops are stringently guarded against; they are expensive in any network, but they are particularly detrimental in a wireless network where signaling capacity and node processing power are limited. AODV utilizes per node sequence numbers to prevent routing loops. The following sections describe the features of AODV that allow it to discover and maintain loop free routes. 2.1 Route Discovery When a source node has data packets to send to some destination, it checks its routing table to determine Page 124

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 2, Issue 4, July August 2013 ISSN 2278-6856
whether it already has a route to that destination. If so, it can then utilize that route to transmit the data packets. Otherwise, the node must perform a route discovery procedure to determine a route to the destination. To initiate route discovery, the source node creates a ROUTE REQUEST (RREQ) packet. In that packet the node places the IP address of the destination, the last known sequence number for the destination, its own IP address, its current sequence number, and a hop count that is initialized to zero. If there is no last known sequence number for the destination, it sets this value to zero. The source then broadcasts the RREQ to its neighbors. When a neighboring node, or any other more distant node, receives the RREQ, it first increments the hop count value in the RREQ and creates a reverse route entry in its routing table for both the source node and the node from which it received the request as shown in Fig-1(b). In this way, if the node later receives a RREP to forward to the source, it will know a path to the source along which it can forward the RREP. After creating this entry, the node then determines its response to the request. The node can send a reply to the request if it either is the destination, or has a current route to the destination. A current route is an unexpired route entry for the destination whose sequence number is at least as great as that contained in the RREQ. In other words, dseqn>= dseqRREQ. If this condition holds, the node creates a Route Reply (RREP) for the destination node. Otherwise, if the node does not have a current route to the destination; it simply rebroadcasts the RREQ to its neighbors. Fig.2 illustrates the flooding of a RREQ, originating at the source node S, through the network. In this example, we assume nodes C and D have routes to the destination D. A node creates a RREP by placing the IP address of the destination node, as well as its record of the destinations sequence number, into the RREP. It also includes the source node IP address and it distance, in hops, to the destination. The node then unicasts the RREP to the next hop towards the source node. In Fig-3, both nodes C and D have routes to the destination D that meet the reply criteria. Hence, both nodes generate a RREP. then unicasts the RREP to its next hop towards the source node. This hop-by-hop forwarding continues until the RREP reaches the source. Once the source receives a RREP, it can begin using that path for data packet transmission.

Fig.-2 RREQ Broadcast In the event that the source receives multiple RREPs along different paths, it selects the route with the greatest destination sequence number and the smallest hop count for communication with the destination. Route discovery operations often require processing and communications capacity at every node in the ad hoc network. For this reason, we often describe the discovery operation as flooding even though the RREQs are only locally broadcast messages. Since the messages are changed at each hop by AODV processing, we could not use any system-wide broadcast or multicast address. Nevertheless, it is of great importance to use careful broadcast techniques to minimize any spurious retransmission of RREQ packets.

Fig.3 RREP Propagation. 2.2 Route Maintenance In an ad hoc network, links are likely to break due to the mobility of the nodes and the ephemeral nature of the wireless channel. Hence, there must be a mechanism in place to repair routes when links within active routes break. An active route is defined to be a route that has recently been utilized for the transmission of data packets. When such a link break occurs, the node upstream of the break (i.e., the node closer to the source node), invalidates in its routing table all destinations that become unreachable due to the loss of the link. It then creates a ROUTE ERROR (RERR) message, in which it lists each of these lost destinations. The node sends the RERR upstream towards the source node. If there are multiple previous hops (so-called precursors) that were utilizing this link, the node broadcasts the RERR; otherwise, it is Page 125

Fig.1 (a)-Reverse Path Formation

Fig.1 (b) Forward Path Formation

When the next hop receives the RREP, it first increments the hop count value in the RREP and then creates a forward route entry to both the destination node and the node from which it received the reply as shown in fig1(b). This ensures that all nodes along the path will know the route to the destination in the event that the source selects this route for data packet transmission. The node Volume 2, Issue 4 July August 2013

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 2, Issue 4, July August 2013 ISSN 2278-6856
unicast. In Fig.4, the link between nodes B and C on the path from S to D is broken. Node B invalidates its route table entries for both nodes C and D, creates a RERR message listing these nodes, and sends the RERR upstream towards the source.When a node receives a RERR, it first checks whether the node that sent the RERR is its next hop to any of the destinations listed in the RERR. If the sending node is the next hop to any of these destinations, the node invalidates these routes in its route table and then propagates the RERR back towards the source. The RERR continues to be forwarded in this manner until it is received by the source. Once the source receives the RERR, it can re-initiate route discovery if it still requires the route. Security in ad hoc networks has been the focus of attention in recent times [17, 19, 18, 20]. However, Passive DoS attacks have not been addressed. In [18], Zhang and Lee point out the various attacks that are possible at different layers of the protocol stack. They do discuss possible solutions to a few of these attacks but the discussion is mainly focused on intrusion detection in ad hoc networks. In [19] a methodology for providing a secure routing is discussed. The authors suggest that in order to ensure that a particular flow does not hog the channel; flows that have received the least time-share of the capacity within a predetermined time window should be given a priority. Wireless Networks have many security vulnerabilities and can easily fall prey to numerous attacks; security is likely to play a crucial role in the deployment of ad hoc routing protocols. Wireless networks are inherently less secure than wired networks due to the properties of both the wireless transmission medium and the portability of the mobile nodes. Wireless channels are by nature broadcast media, and so anyone within communication range of a transmitting node will be able to receive the transmission. Further, because ad hoc networks are collaborative and generally more open in participation, it is more difficult to prevent malicious nodes from joining the network and interfering with on-going data transmissions. Also, due to the portability of the wireless nodes, the nodes can be easily stolen and then compromised. Because of these characteristics, security in ad hoc networks is extremely challenging. Many ad hoc networking protocols are susceptible to a number of attacks due to their reliance on the network members during route discovery. In many ad hoc routing protocols, when a source node issues a route request and receives a route reply in return, the source may have no immediate way of verifying the actual existence of the claimed path. Further, because ad hoc networking protocols contain mutable fields in the control packets, the message can very easily be modified by malicious nodes. In this paper we present some interesting DoS attacks in the wireless environment and suggest possible solutions. Our description is brief as exhaustive listing of such attacks; we consider various traffic patterns that an intelligent attacker(s) might generate in order to cause denial of service. Denials of Service (DoS) attacks are common place in the Internet. Guarding against DoS attacks is a critical component of any security system. While DoS has been studied extensively for the wire-line networks, there is lack of research for preventing such attacks in mobile ad hoc networks. Due to deployment in tactical battlefield missions these networks are susceptible to attacks of malicious intruders. These intruders might attempt to disrupt/degrade the functioning of the whole network or may harm a specific node. Traditional DoS attacks involve overwhelming a particular host. However, in mobile ad hoc networks, mobility, limited bandwidth, routing functionalities associated with each node, etc, present many new opportunities for launching a DoS. We Page 126

Fig.4. Link break Notification (RERR).

3. AODV PROTOCOL DETAILS

AODV specifies the three message types: Route Request (RREQ), Route Reply (RREP), Route Error (RERR).The functions of the RREQ, RREP, and RERR messages are described in [39]. AODV also allows for the inclusion of message extensions. The general format of extensions to AODV messages is described in [4]. In particular, a Hello message extension has been defined that allows a node to indicate its Hello Interval, or the periodicity at which it expects to broadcast Hello messages. Each AODV node maintains a route table in which it stores routing information for the other nodes in the network. Each entry in the route table includes the destinations IP address, its current sequence number, the hop count to the destination, the next hop towards the destination, and a lifetime value. The lifetime is assigned when a route is first entered into the route table, based on the information contained in the RREQ, RREP, or Hello message for the destination node. Each time a node uses a route to a destination in the route table (whether it is a neighboring node or some more distant destination), the lifetime value for that destination is updated. The reception of a Hello message from a neighboring node also updates the lifetime of that neighbors route table entry. These actions for updating the lifetime value effectively delay the expiration time for any routes that are in active use (i.e., active routes).

4. DENIAL OF SERVICE ATTACKS FOR EXISTING AODV ROUTING PROTOCOL:

Volume 2, Issue 4 July August 2013

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 2, Issue 4, July August 2013 ISSN 2278-6856
point out that these attacks might be at the routing layer or at the MAC layer. The former would result in a disruption of routing functionalities while the latter could potentially disrupt channel access and may cause wastage of resources in terms of bandwidth and power. simulations we have considered that the default transmitter radio range is 250 m. For this same reason, we have included a model of the IP protocol, which implements addressing and forwarding for Layer 3. Ad hoc routing, in these experiments, is performed by a model of the AODV protocol. By default, our AODV model uses no local repair and no HELLO messages; A mobile ad hoc network consisting of 50,150,100,200 nodes in a simulation area of 750m750m is simulated. These Simulations are run by considering DoS Attacks on AODV routing protocol. In order to get realistic performance, the results are averaged for a number of scenarios. We tried to measure the protocols performance on a particular terrain area of 750m x 750m from real life scenario at a speed of 10m/s. The simulation time was taken to be of 150 seconds for FTP traffic type with a packet size of 512 Byte. 5.1 MISBEHAVING NODES The ns-2 simulator was modified to enable particular node(s) to be configured as malicious. The configuration also takes in a time parameter that specifies the time from which that node starts behaving maliciously. Beginning from that time, the node drops all the packets (noncontrol packets) that are received at that node till the end of the simulation. Each network is designed to contain 5 malicious nodes reflecting misbehavior of 25% of the nodes. The number and placement of the malicious nodes ensures that they will be located along active paths in the network. To determine the effectiveness of our approach, the percentage of misbehaving nodes was varied from 0% to 25% in 4% increments.

Fig.5. Dos Attack in AODV Protocol But In this paper we focus on DoS attacks in wireless ad hoc networks. More specifically, we investigate attacks at the routing layer. For instance, In AODV, a malicious node that receives a RREQ could return a RREP to the source node with a destination sequence number that is far greater than that in the RREQ to ensure that it is on the selected path. In this an attacker may damage the other nodes just by dropping the Packets. This can cause a severe degradation of network performance in terms of the achieved throughput and latency. In wireless networks, DoS attacks are difficult to prevent and protect against. Attacks at the routing layer could consist of the following: a) The malicious node participates in a route but simply drops a certain number of the data packets. This causes the quality of the connections to deteriorate and further ramifications on the performance if TCP is the transport layer protocol that is used. b) The malicious node transmits falsified route updates. The effects could lead to frequent route failures thereby deteriorating performance. c) The malicious node could potentially replay stale updates. This might again lead to false routes and degradation in performance. d) Reduce the TTL (time-to-live) field in the IP header so that the packet never reaches the destination. Notice that all of the above could lead to congestion due to data that is either retransmitted or transmitted on erroneous routes only to be dropped at a later time.

6. PERFORMANCE EVALUATION
In this paper, we apply simulation technology to assess the impact that different attacks can produce on specific metrics of network performance. First, we consider the effect of an attack scenario on the networks packet delivery ratio (PDR), that is the ratio of the number of packets received to the number of packets sent. Second, we consider also the effect on the networks average endto-end delay (E2ED) defined, for all the packets that arrive at their final destinations, as the positive difference between the time of packet reception and the time of transmission. Third, we consider Routing Load (RL) which is ratio of the routing packets generated to the data packets delivered at the destination. Sometime it also renamed as throughput. The attack scenarios we study in this project do not exploit characteristics of the constructs of wireless ad hoc networking protocols (i.e., packets or radio frames) or their handshake sequences. We demonstrate that these attacks can be effective because the protocols adaptation mechanisms respond to changes in the availability of the radio links in the network. Our results shows in Table-1& Table-2 that the extent to which the performance of a wireless network or a service degrades on DoS depends on many factors such as Page 127

5. SIMULATION FRAMEWORK
Our experimental exploration in attacks on wireless networks aims for a good measure of realism. In order maximize the relevance of our simulation study, we have chosen to assign each network node the model of a complete protocol stack, which is implemented in the NS2[12, 13, 14]. Communication between network nodes is achieved via the Propagation Model, which in our simulations is represented by the Two-Ray Ground Model. Layers 1 and 2, roughly speaking PHY and MAC, conform to the specifications of the IEEE 802.11b standard and use 11 Mb/s. unless otherwise stated; in our Volume 2, Issue 4 July August 2013

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 2, Issue 4, July August 2013 ISSN 2278-6856
location of malicious nodes, their traffic patterns, fairness provided in the network resources. Table-1: Performance Metrics for Original AODV Routing Protocol Packet delivery ratio is the important index to evaluate overall performance of networks, which is selected to evaluate the percentage of delivered packets that are affected by the attack. One of the first points we observed with DoS attack is that, for a fixed packet length, the estimated PDF changes very little compared normal AODV Routing there is significant statistical difference between the PDF curves, by 65%. This performance shown in the graph confirms this result. Fig.8 illustrates the throughput curve under DOS packet attack. The DoS packet attack has a major impact in the network and this is obvious by the very low delivery ratio that is achieved when the normal AODV is under attack.

Table-2: Performance Metrics for AODVRouting Protocol with DoS Attacks

Fig 8 Throughput with varying number of Nodes with AODV Vs AODV with DoS attack 6.1 PERFORMANCE ANALYSIS Fig-6 also shows the behavior of E2ED with increasing values of the attack. we must point out that the results for E2ED are somewhat different across other Normal AODV scenarios, the E2ED tends to increase, When attacked nodes spend the majority of time powered down, they are most often unavailable to forward packets and generate little network traffic.

7. CONCLUSION AND FUTURE WORK

Ad Hoc networks require high-level security routing protocols, without which attacks will occur easily and even make the system paralyzed. This project also provides a wide-ranging overview of AODV, which is among the leading contenders for routing protocol deployment within ad hoc networks. We have described the protocol messages and procedures for route discovery and maintenance. We have also formalized a general DoS attack model on wireless networks in which they actively seek to disrupt the operation of the running network. Finally, we have shown the weaknesses that can be exploited to launch DoS attacks in wireless ad hoc environment. In our studies so far we assumed that a malicious node could only drop the packets. We performed simulation of the AODV protocol. Our study results indicate that AODV may be considered as one of the best routing protocol for providing secure routing using DNA cryptography algorithm because there will be less Routing Overhead comparing to DSR protocol, In the presented work, the DoS Attacks are dealt with; it would be interesting to note the behavior of a routing protocol capable of handling both DoS Attacks at MAC Layer as well as Routing Layer using DNA cryptography.

Fig 6: End-To-End Delay with Varying No of Nodes with AODV Vs AODV with DoS attack The immediate consequence is that in this artificially constructed topology node density is high enough for other nodes to pick up the role of forwarding. Since the load offered to the network is smaller, however, packets tend to experience less delay.

8. REFERENCE
[1] Elizabeth M. Belding-Royer, Charles E. Perkins Evolution and future directions of the ad hoc ondemand distance-vector routing protocol-Elsevier 2003 [2] D. B. Johnson, D. A. Maltz, Y. Hu, and J. G. Jetcheva. The dynamic source routing protocol for Page 128

Fig-7 Packet Delivery Fraction with varying number of Nodes with AODV Vs AODV with DoS attack Volume 2, Issue 4 July August 2013

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 2, Issue 4, July August 2013 ISSN 2278-6856
mobile ad hoc networks (DSR). Internet draft, February 2002. draft-ietf-manet-dsr-08.txt. [3] C. E. Perkins. Ad Hoc Networking. Addison-Wesley Professional, first edition, 2000. [4] T. Narten, E. Nordmark, W. Simpson, Neighbor Discovery for IP Version 6 (IPv6), Request for Comments 2461, December 1998. [5] S. R. Medidi, M. Medidi, and S. Gavini. Detecting packet-dropping faults in mobile ad-hoc networks. [6] In Proceedings of The Thirty-Seventh Asilomar Conference on Signals, Systems & Computers, pages 17081712, November 2003. [7] S. Medidi, M. Medidi, S. Gavini, and R. Griswold. Detecting packet mishandling in manets. In Security and Management, pages 159162, 2004. [8] R. Griswold and S. Medidi. Malicious node detection in ad-hoc wireless networks. In Proceedings of SPIE AeroSense, Digital Wireless Communications V, April 2003. [9] R. Griswold. Malicious node detection in ad hoc wireless networks. Masters thesis, Washington State University, Pullman, 2003. [10] Anil Kumar Verma Design And Development Of A Routing Protocol For Mobile Ad Hoc Networks (MANETS) in 2007 [11] E.M. Belding-Royer, Hierarchical routing in ad hoc mobile networks, Wireless Communications and Mobile Computing 2 (5) (2002) 515532. [12] University of Southern California Information Sciences Institute (USC/ISI). The network simulator - ns-2. Computer software. Available from http://www.isi.edu/nsnam/ns/ [13] WPI. NS by Example. Online. Accessed from http://nile.wpi.edu/NS/. [14] M. Greis. Tutorial for the Network Simulator ns. Online. Accessed from http://www.isi.edu/nsnam/ns/tutorial/. [15] Denial of Service Attacks at the MAC Layer in Wireless Ad Hoc Networks by Vikram Gupta+, Srikanth Krishnamurthy, and Michalis Faloutsos in 2010 [16] Manikandan, and R. Manimegalai S.P.SURVEY ON MOBILE AD HOC NETWORK ATTACKS AND MITIGATION USING ROUTING PROTOCOLS American Journal of Applied Sciences, 2012, 9 (11), 1796-1801 [17] L. Zhou and Z. Haas. Securing ad hoc networks. IEEE Network, 13(6):24--30, November / December 1999. [18] Y. Zhang and W. Lee, "Intrusion detection in wireless ad hoc networks," ACM MOBICOM, 2000. [19] P.Papadimitratos and Z.J. Haas, "Secure Routing for Mobile Ad Hoc Networks," SCS Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002), San Antonio, TX, January 27-31, 2002. [20] Jean-Pierre Hubaux, LeventeButtyan, SrdjanCapkun, The Quest for Security in Mobile Ad Hoc Networks, In Proceedings of the ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC), Long Beach, CA, USA, October 2001. ABOUT THE AUTHORS Mr. E. Suresh Babu received his B.Tech degree in Computer Science from RGM College of Engineering, Nandyal, M.Tech degree in Computer Science from V.T.University Belgaum and pursuing PhD in Computer Science & Engineering from J.N.T.University Kakinada. Currently, he is working as an Associate Professor in the Department of CSE in PACE Institute of Technology & Sciences, Ongole He has got 10 years of teaching experience. He has published 3 research papers in various International Journal and 5 research papers in various National and International Conferences. He has attended 10 seminars and workshops. His areas of interests are wireless communication and MANETs. Dr. C. Naga Raju received his B.Tech degree in Computer Science from J.N.T.University Anantapur, M.Tech degree in Computer Science from J.N.T.University Hyderabad and PhD in digital Image processing from J.N.T.University Hyderabad. Currently, he is working as a Associate professor in YSR College of Engineering of YV University, Poddutur. He has got 16 years of teaching experience. He has published thirty Five research papers in various National and International Journals and about twenty eight research papers in various National and International Conferences. He has attended twenty seminars and workshops. He is member of various professional societies like IEEE, ISTE and CSI. Dr. MHM. Krishna Prasad received his B.Tech from CBIT Hyderabad, M.Tech degree in Computer Science from J.N.T. University Hyderabad and PhD in Computer Science & Engineering from J.N.T. University Hyderabad. Currently, he is working as a Associate professor in the Dept of Information Technology JNTUK University College of Engineering Vizianagaram. . He has got 19+ years of teaching experience. He has published Twenty research papers in various National and International Journals and various research papers in National and International Conferences. He has attended twenty seminars and workshops. He is member of various professional societies like IEEE, ISTE and CSI.

Volume 2, Issue 4 July August 2013

Page 129