Prevention of Blackhole Attack in MANET

Latha Tamilselvan
BSA Crescent Engineering College,
Vandalur, Chennai, Tamilnadu, India,
Ph.: 91 44 2275 1375, Fax: 91 44 4211 4282,
Email: latatamil@hotmail.com
Abstract
An ad hoc network is a collection of mobile nodes
that dynamically form a temporary network. It operates
without the use of existing infrastructure. One of the
principal routing protocols used in Ad-Hoc networks is
AODV (Ad-Hoc On demand Distance Vector) protocol.
The security of the AODV protocol is compromised by
a particular type of attack called Black Hole attack
[1]. In this attack a malicious node advertises itself as
having the shortest path to the node whose packets it
wants to intercept. To reduce the probability it is
proposed to wait and check the replies from all the
neighboring nodes to find a safe route. Computer
simulation using GLOMOSIM shows that our protocol
provides better performance than the conventional
AODV in the presence of Black holes with minimal
additional delay and Overhead.

Dr. V Sankaranarayanan
BSA Crescent Engineering College,
Vandalur, Chennai, Tamilnadu, India,
Ph.: 91 44 2275 1375,
Email: sankarammu@yahoo.com
does the function of routing and relaying messages for
other mobile nodes [1].
Most important networking operations include
routing and network management [2]. Routing
protocols can be divided into proactive, reactive and
hybrid protocols, depending on the routing topology.
Proactive protocols are typically table-driven.
Examples of this type include DSDV, WRP. Reactive
or source-initiated on-demand protocols, in contrary,
do not periodically update the routing information. It is
propagated to the nodes only when necessary. Example
of this type includes DSR, AODV and ABR. Hybrid
protocols make use of both reactive and proactive
approaches. Example of this type includes TORA,
ZRP. Security is a major concern in all forms of
communication networks, but ad hoc networks face the
greatest challenge due to their inherent nature. As a
result, there exist a slew of attacks that can be
performed on an Ad hoc network. [1][4].

Keywords

1.1. AODV Routing Protocols

Ad hoc Networks, Routing Protocols, AODV, Black

Hole Attack.

1.1.1. The AODV protocol:

1.

Introduction

Wireless network is the network of mobile computer

nodes or stations that are not physically wired. The
main advantage of this is communicating with rest of
the world while being mobile. The disadvantage is their
limited bandwidth, memory, processing capabilities
and open medium [1]. Two basic system models are
Fixed backbone wireless system and Wireless Mobile
Ad hoc Network (MANET).
An ad hoc network is a collection of nodes that do
not rely on a predefined infrastructure to keep the
network connected. So the functioning of Ad-hoc
networks is dependent on the trust and co-operation
between nodes. Nodes help each other in conveying
information about the topology of the network and
share the responsibility of managing the network.
Hence in addition to acting as hosts, each mobile node

The 2nd International Conference on Wireless

Broadband and Ultra Wideband Communications (AusWireless 2007)
0-7695-2842-2/07 $25.00 2007

The Ad Hoc On-Demand Distance Vector (AODV)

routing protocol is an adaptation of the DSDV protocol
for dynamic link conditions [3][7]. Every node in an
Ad-hoc network maintains a routing table, which
contains information about the route to a particular
destination. Whenever a packet is to be sent by a node,
it first checks with its routing table to determine
whether a route to the destination is already available.
If so, it uses that route to send the packets to the
destination. If a route is not available or the previously
entered route is inactivated, then the node initiates a
route discovery process. A RREQ (Route REQuest)
packet is broadcasted by the node. Every node that
receives the RREQ packet first checks if it is the
destination for that packet and if so, it sends back an
RREP (Route Reply) packet. If it is not the destination,
then it checks with its routing table to determine if it
has got a route to the destination. If not, it relays the
RREQ packet by broadcasting it to its neighbors. If its

routing table does contain an entry to the destination,

then the next step is the comparison of the Destination
Sequence number in its routing table to that present in
the RREQ packet. This Destination Sequence number
is the sequence number of the last sent packet from the
destination to the source. If the destination sequence
number present in the routing table is lesser than or
equal to the one contained in the RREQ packet, then
the node relays the request further to its neighbors. If
the number in the routing table is higher than the
number in the packet, it denotes that the route is a
fresh route and packets can be sent through this route.
This intermediate node then sends a RREP packet to
the node through which it received the RREQ packet.
The RREP packet gets relayed back to the source
through the reverse route. The source node then
updates its routing table and sends its packet through
this route. During the operation, if any node identifies a
link failure it sends a RERR (Route ERRor) packet to
all other nodes that uses this link for their
communication to other nodes. This is illustrated in
figure 1.
Since AODV has no security mechanisms,
malicious nodes can perform many attacks just by not
behaving according to the AODV rules. A malicious
node M can carry out many attacks against AODV.
This paper provides routing security to the AODV
routing protocol by eliminating the threat of Black
Hole attacks.
B
E
A

In the following illustrated figure 2, imagine a

malicious node M. When node A broadcasts a
RREQ packet, nodes B Dand M receive it. Node
M, being a malicious node, does not check up with its
routing table for the requested route to node E.
Hence, it immediately sends back a RREP packet,
claiming a route to the destination. Node A receives
the RREP from M ahead of the RREP from B and
D.
B
E
A

RREQ

Data

RREP

M - Malicious

Figure 2. Black hole Attack in AODV

Node A assumes that the route through M is the
shortest route and sends any packet to the destination
through it. When the node A sends data to M, it
absorbs all the data and thus behaves like a Black
hole. Researchers have proposed solutions to identify
a single black hole node [1]. However in that solution
nexthop also behaves as a malicious node they can not
identify it.

3. Solution: Solution to Blackhole AttackSAODV

D
RREQ

F
Data

RREP
Figure 1. Propagation of RREQ & RREP from
A to E

2. Black hole attack

A Black Hole attack [1], [5] is a kind of denial of
service attack where a malicious node can attract all
packets by falsely claiming a fresh route to the
destination and then absorb them without forwarding
them to the destination.

The 2nd International Conference on Wireless

Broadband and Ultra Wideband Communications (AusWireless 2007)
0-7695-2842-2/07 $25.00 2007

We propose a solution that is an enhancement of the

basic AODV routing protocol, which will be able to
avoid
black holes. To reduce the probability it is
proposed to wait and check the replies from all the
neighboring nodes to find a safe route.
According to this proposed solution the requesting
node without sending the DATA packets to the reply
node at once, it has to wait till other replies with next
hop details from the other neighboring nodes. After
receiving the first request it sets timer in the
TimerExpiredTable, for collecting the further
requests from different nodes. It will store the
sequence number, and the time at which the packet
arrives, in a Collect Route Reply Table (CRRT). The
time for which every node will wait is proportional to
its distance from the source. It calculates the timeout
value based on arriving time of the first route request.

After the timeout value, it first checks in CRRT

whether there is any repeated next hop node. If any
repeated next hop node is present in the reply paths it
assumes the paths are correct or the chance of
malicious paths is limited.

M
RREQ
RREP

4
Data

The algorithm for the proposed solution is as follows:

Notations:
IN: Intermediate Node RT: Routing Table
NH: Next Hop
CRRT: Collect Route Reply Table
SN: Transmit (RREQ) broadcast
IN: Receive (RREQ)
While (destination)
{receive(RREQ)source
if (INaddr ==RREQ.destaddr)
{
send (RREP)source
else if (INaddr is present in RREQaddr)
discard (RREQ)
else
check (any route to destination) in RT
then send (RREP)source
}

M - Malicious

Figure 3. Solution to Black hole

SN: receive (RREP)

{
get(current time value)
set (timer value) // Proportional to the
distance from the source
time = current time value+ timer value
while ( current time value <= time)
{
store (seq.no,arrival time) CRRT
Increment the entry in CRRT
}

Then it chooses any one of the paths with the

repeated node to transmit the DATA packets. If there is
no repetition select random route from CRRT.Here
again the chance of malicious route selected is reduced.
The proposed solution is illustrated in figure 3.

3.1. Working principle of SAODV

In the above figure 3, S wants to transmit to D. So
it first transmits the route request to all the neighboring
nodes. Here node 1, node M and node 2 receive this
request. The malicious node M has no intention to
transmit the DATA packets to the destination node D
but it wants to intercept/collect the DATA from the
source node S. So it immediately replies to the request
as (M 4). Instead of transmitting the DATA packets
immediately through M, S has to wait for the reply
from the other nodes. After some time it will receive
the reply from node 1 as (1 3), and node 2 as (2 3).
According to this proposed solution it first check the
path that contains repeated next hop node to the
destination. If there is no repeated node select random
path and transmits the data through that path. The
routing table from S to D is given in table 1.
Source
S
S

Intermediate node Destination

M4
D
13
D
23
Table 1. Routing Details

The 2nd International Conference on Wireless

Broadband and Ultra Wideband Communications (AusWireless 2007)
0-7695-2842-2/07 $25.00 2007

}
}
Check (repeated NH)
{
select repeated NH(RREP) CRRT
Route_Data (secure route)
}
else
select random (RREP) CRRT
Route_Data
Figure 4. Algorithm to Prevent Black hole Attack

3.2. Handling the timer expiration event

The timer expiration event is triggered if the timer
that is set for collecting the route replies for a particular
route discovery is expired.

3.3. Handling the route reply packet

After broadcasting the route request, the source
node waits for reply some amount of time, before
retransmitting the request again. Till that time, the data

packets that are to be transmitted are stored in a buffer.

Source starts collecting the request until the timer
expires .Then check the replies to find out any repeated
next hop. If it is, select any one of the repeated next
hop paths, otherwise select randomly from the
collected route replies and use that route to transmit the
data. Since in AODV the source used the first route it
receives to transmit data, the attacker tries to send its
reply first. Hence in SAODV, by randomizing the
reply, route containing the attacker is greatly reduced
and will not be used by the source for transmitting data.

3.4. Route Maintenance

After selecting the route between the source and the
destination and during data transmission, if any node
participating in the route moves, then the node that
tries to send data will detect a link break. Then it tries
to salvage the packet, that is, it searches in its cache to
find an alternate route to reach the destination. If there
is any route, then it will send data through that new
route.
Otherwise, it creates a Route Error packet and
sends it to the source node to indicate the failure of the
link. When forwarding the route error packet, the
intermediate nodes remove the cache entries
corresponding to the node, which moved and then
forward the packet. On receiving the error packet, the
source node also removes the entries corresponding to
the node and tries to find another route to the
destination in its cache.

4. Simulation Results

4.2. Simulation profile

The simulation profile is illustrated in the table 2.
Property

Value

Nodes

25

Simulation Time

5M

Mobility

Random way point model speed

30 m/s pause time Node
mobility varied between 10 S to
90 S
300 items, Data pay loads 512
Bytes. Interdeparture time of 1S.

Load
Coverage Area

800 m by 800 m

Table 2. Simulation Profile

4.3. Comparison with basic AODV

To evaluate the packet delivery ratio, simulation is
done with 25 nodes with the source node transmitting
300 packets to the destination node. Each packet is of
512 bytes and is transmitted with an interval of 1
second. As it can be seen from the figure5, with
SAODV the packet delivery ratio is more compared to
AODV. Node mobility indicates the mobility speed of
nodes. When the node mobility is very less the packet
delivery ratio is very high.
When the node mobility is increased the packet
delivery ratio is slightly decreased. The packet
delivery ratio increases by using SAODV compared to
AODV till 70m/s node mobility.

4.1. Metrics

Packet Delivery Comparison

The simulation is done using GloMoSim(Global

Mobile Simulator) [8] [9], to analyze the performance
of the network by varying the nodes mobility. The
metrics used to evaluate the performance are given
below.
Packet Delivery Ratio: The ratio between the
number of packets originated by the application layer
CBR sources and the number of packets received by
the CBR sink at the final destination.
Average End-to-End Delay: This is the average
delay between the sending of the data packet by the
CBR source and its receipt at the corresponding CBR
receiver. This includes all the delays caused during
route acquisition, buffering and processing at
intermediate nodes, retransmission delays at the MAC
layer, etc. It is measured in milliseconds.
Routing Overhead: This is the ratio of number of
control packet generated to the data packets
transmitted.

The 2nd International Conference on Wireless

Broadband and Ultra Wideband Communications (AusWireless 2007)
0-7695-2842-2/07 $25.00 2007

Packet Delivery (%)

120
105
90
75
60
0

10

20

30

40

50

60

70

80

Node Mobility Meters/Sec

AODV

SAODV

Figure 5. Packet Delivery (%)

Figure-6 shows the packet delivery ratio in the
presence of Malicious node. Consider Source 1 sends
packet to Destination 5. Here assume 2 is the malicious
node. In AODV the packet delivery ratio is reduced to
30%. But in SAODV the packet delivery ratio is
around 90 to 100%. From this figure 6 it is clear that

even when the malicious node is near the source

SAODV give a good result.

Packet Delivery (%)

120

Average End-to-End
Delay (Sec.)

Packet Delivery Comparison

Source 1; Destination 5; Malicious 2

End-to-End Delay

100
80
60
40
20

0.6
0.54
0.48
0.42
0.36
0.3
0.24
0.18
0.12
0.06
0
0

10

20

40

50

60

70

80

Node Mobility meters/Sec

0

10

20

30

40

50

60

70

80

AODV

Node Mobility Meters/Sec

Figure 6. Packet Delivery (%) in presence of

malicious node near the source node
Figure-7 shows the packet delivery ratio in the
presence of malicious node away from the source.
Consider Source 1 sends packet to Destination 5. Here
assume 9 is the malicious node. In AODV the packet
delivery ratio is increased to around 80%.
Packet Delivery Comparison
Source 1; Destination 5; Malicious 9

120

SAODV

Figure 8. End to End delay

AODV

100
80

From the figure-9 &10 it can be observed that, when

SAODV protocol is used there is only slight increase in
the average end-to-end delay, compared to AODV.
End-to-End Delay
Source 1; Destination 5; Malicious 2

0.1
Average End-to-End
Delay (Sec.)

SAODV

Packet Delivery (%)

30

0.08
0.06
0.04
0.02
0

60

10

20

30

40

50

60

70

80

Node M obility meters/Sec

40

SAODV

20
0
0

10

20

30

40

50

60

70

80

AODV

Figure 9. End-to-End delay in presence of

malicious node near the source node

Node Mobility Meters/Sec

AODV

Figure 7. Packet Delivery (%) in presence of

malicious node away from source node
This is because before the reply from the malicious
reaches the source, nearby node to the source transmits
the reply. Again in SAODV the packet delivery ratio is
around 90 to 100%.
From the figures 6 & 7 it is clear that even when the
malicious node is near / far from the source SAODV
give a good result compared to AODV.
From the figure-8 it can be observed that, when
SAODV protocol is used there is increase in the
average end-to-end delay, compared to AODV. This is
due to the additional waiting time in each node before
sending the reply.

The 2nd International Conference on Wireless

Broadband and Ultra Wideband Communications (AusWireless 2007)
0-7695-2842-2/07 $25.00 2007

End-to-End Delay
Source 1; Destination 5; Malicious 9

0.1
Average End-to-End
Delay (Sec.)

SAODV

0.08
0.06
0.04
0.02
0
0

10

20

30

40

50

60

70

80

Node M obility meters/Sec

SAODV

AODV

Figure 10. End to End delay in presence of

malicious node away from source node

This is due to the immediate reply from the

malicious node i.e. the nature of malicious node here is
it wont check its routing table. Hence this SAODV
delay is less compared to SAODV delay in figure 8.
Figure-11 shows the routing overhead. To evaluate
the routing overhead, simulation is done with 25 nodes
and 8 CBR applications. The number of transaction
indicates number of flows initiated during a particular
duration of time from same or different sources to same
or different destinations within the considered network.

Routing Overhead

Routing Overhead

[4] Lidong zhou, Zygmunt J. Haas, Securing Ad Hoc

Networks,
IEEE
network,
special
issue,
November/December 1999.
[5] Yi-Chun Hu, Adrian Perrig, A Survey of Secure
Wireless Ad Hoc Routing, IEEE Security and Privacy
May/June 2004.
[6] Yih-Chun, Adrian Perrig, David B. Johnson, Ariadne: A
secure On-Demand Routing Protocol for Ad Hoc Networks,
2002.
[7] Charles E. Perkins, Elizabeth M. Belding-Royer, Samir R.
Das, Mobile Ad Hoc Networking Working Group, Internet
Draft, 17 February 2003.

0.4
0.35
0.3
0.25

[8] Jorge Nuevo, A Comprehensible GloMoSim Tutorial

INRS - Universite du Quebec. nuevo@inrstelecom.uquebec.ca. March 4, 2004. Abstract
ww.sm.luth.se/csee/courses/smd/161_wireless/glomoman.pdf

0.2
0.15
0.1
0.05
0
0

Numbe r of Transactions
SAODV

AODV

Figure 11. Routing overhead

As it can be seen from the figure11, with SAODV
the routing overhead is slightly more compared to
AODV. This is due to the additional process involved
to avoid the selection of malicious node.

5. Conclusion and future work

In this paper the routing security issues of
MANETs, are discussed. One type of attack, the black
hole, which can easily be deployed against the
MANET is described and a feasible solution for it in
the AODV protocol is proposed.
The solution is simulated using the Global Mobile
Simulator and is found to achieve the required security
with minimal delay & overhead.

6. References
[1] Hongmei Deng, Wei Li, and Dharma P. Agarwal,
Routing Security in Wireless Ad Hoc Networks, University
of Cincinnati, IEEE Communications magazine, October
2002..
[2] V. Karpijoki, Security in Ad Hoc Networks, Seminar
on Net Work Security, HUT TML 2000.
[3] C.E. Perkins, S.R. Das, and E. Royer, Ad-Hoc on
Demand Distance Vector (AODV), March 2000,
http://www.ietf.org/internet-drafts/draft-ietf-manet-aodv05.txt

The 2nd International Conference on Wireless

Broadband and Ultra Wideband Communications (AusWireless 2007)
0-7695-2842-2/07 $25.00 2007

[9] Tony Larsson, Nicklas Hedman, Routing Protocols in

Wireless Ad-hoc Networks- A Simulation Study, Masters
thesis in computer science and engineering, Lulia University
of Technology, Stockholm, 1998.
[10] Bing Wu, Jianmin Chen, Jie Wu, Mihaela Cardei A
Survey on Attacks and Countermeasures in Mobile Ad Hoc
Networks, WIRELESS/MOBILE NETWORK SECURITY,
2006 Springer.
[11] C.Siva Ram Murthy and B.S.Manoj, Ad hoc Wireless
NetworksArchitectures and Protocols, Pearson Education,
2007.