116
Copyright © 2011-15. Vandana Publications. All Rights Reserved.
Volume-5, Issue-2, April-2015
International Journal of Engineering and Management Research
Page Number: 116-120
A Comparitive Learning on Wormhole Attack and Black Hole Attack
PRABAKARAN.M1, SAVITHA DEVI.M2
1,2
PG & Research Department of Computer Science, INDIA
ABSTRACT
Network is the open platform where the people share and communicate with each other. Also, the open source will create a majority of problems. Whenever the data or the information’s are need to be transferred from one place to another (i.e) from source to destination it has to be protected by any algorithm in the name of security. Otherwise the data will be hacked by any attackers’ namely active attacks or by passive attacks. Wormhole attacks can destabilize or disable wireless sensor networks. In a typical wormhole attack, the attacker receives packets at one point in the network, forwards them through a wired or wireless link with less latency than the network links, and relays them to another point in the network. At that time hacker may easily enter and do misuse inside the network. Also, the Black hole attacks occur when an adversary captures and re-programs a set of nodes in the network to block/drop the packets they receive/generate instead of forwarding them towards the base station. As a result any information that enters the black hole region is captured. Black hole attacks are easy to constitute, and they are capable of undermining network effectiveness by partitioning the network, such that important event information do not reach the base stations. In this paper we have analyzed the warm hole attack and the black hole attack and their comparative study of the attacks.
Keywords— Attacks, Wireless Sensor Networks,
Wormhole Attacks and Black Hole Attacks, Security.
I.
INTRODUCTION
Network is a group of linked together or it is a group of interconnected computers and peripherals that is capable of sharing the data through the software and hardware by wired or wireless communication channels to facilitate communication and resource-sharing among a wide range of users. Networks are commonly categorized based on their characteristics. The data transfer may be wired network or wireless network for sharing. A wired network connects the devices to the Internet or other network using cables. The most
common wired networks use cables connected to Ethernet ports on the network router on one end and to a computer or other device on the cable's opposite end. And in networking terminology, the wireless is the term used to describe any computer network where there is no physical wired connection between sender and receiver, but rather the network is connected by radio waves and/or microwaves to maintain communications. Wired and Wireless networks are designed in such a way to transfer the data in an efficient manner from source to destination. Here the security plays a vital role in transferring the data. During the transmission the information may be hacked by attackers in many ways. An attacker means to destroy or damaged or alter the computer files, documents, system hardware and software and operating system files and to make unauthorized use of the system users. The attackers may be classified into two categories.
117
Copyright © 2011-15. Vandana Publications. All Rights Reserved.
stream and it can be four categories. There areMasquerade, Replay, and Modification of messages and Denial of service attacks. During an active attack it will introduce a data into the system as well as change data within the system. Passive attacks are in the nature of monitoring of transmissions. A passive attack is a network attack in which a system is monitored and sometimes scanned for opened ports and vulnerabilities. The goal of the opponent is to information that being transmitted. In Masquerade Attack stakes place when one entity pretends to be a different entity. A Masquerade attack usually includes one of the other forms of active attack. Next attack is Replay Attacks. It involves the passive capture of a data unit and its subsequent retransmissions to produce an unauthorized effect. Comparing all the attacks the major attack is Denial of service. It prevents the normal use or management of communications facilities. This attacks may have a specific target in attacking at the initial stage of transmission. Next classification is Passive Attacks. Where it has majorly two attacks to affect the normal transmission. They are Release of message contents and Traffic analysis. In Release of message contents-telephone conversation an e-mail message and a transferred file may contain sensitive or confidential information. It like to prevent an opponent from learning the transmissions. Traffic analysis is subtler, that the contents of messages or other information traffic. Even it captured the message, couldn’t extract the information from the message. The common technique for masking contents in encryption. In the encryption still be able to observe the patterns of these messages. The communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful of the communication that taking place Passive attacks are very difficult to detect alternation of the data. The message traffic is sent and received in a normal and the sender and receiver is that a third party has read the messages for the traffic pattern. It’s to prevent the success of attacks, usually means for encryption. That they emphasis with passive attacks is prevent than detection.
II.
2.1
RELATED WORKS
A wormhole is a hypothetica
Warm Hole Attack
that would fundamentally be a shortcut through space time. A wormhole is much like a tunnel with two ends, each in separate points in space time. A network that tunnel information to another network, that gets the data from one network replicate into another network through tunnel that particular network may confused due to action. In wormhole attacks, attackers create a low-latency link between two points in the network. This can be achieved by either compromising two or more sensor nodes of the network or adding a new set of malicious nodes to the network.
Fig:2WarmHole Attack
Wormhole attacks as a node, in a route are shorter than the original within the network. This can be confused for the routing mechanisms on the knowledge distance between nodes. It has one or more malicious nodes and a tunnel. That the attack node captured the packets from one location and transmits to other located node distributed locally. A wormhole attack can easily launched by the attacker having the network or cryptographic mechanisms. In a wormhole attack, the major problem is an attacker receives packets at one point in the network, “tunnels” them to another point in the network, and then replays them into the network from that point. For tunneled distances longer than the normal wireless transmission range of a single hop, it is simple for the attacker to make the tunneled packet arrive with better metric than a normal multi hop route. It is also possible for the attacker to forward each bit over the wormhole directly, without waiting for an entire packet to be received before beginning to tunnel the bits of the packet, in order to minimize delay introduced by the wormhole. Many wireless networking mechanisms require that the nodes be aware of their neighborhood. Every node broadcasts a neighbor discovery request. Each node that hears the request responds with a neighbor discovery reply. Messages carry node to identifiers and neighboring nodes discover each node’s Id in the networks. It transfers packets received from the network at one end of the wormhole to the other end via the out-of-band connection, the packets there into the network. The two types of warm hole attacks are Centralized mechanisms and Decentralized mechanisms.
118
Copyright © 2011-15. Vandana Publications. All Rights Reserved.
Centralized Mechanisms can be used in sensornetworks, where the base station play the role of the central entity. The central entity tries to detect inconsistencies of the data. The received data of a model for the entire network is constructed. In Decentralized mechanisms each node constructs a model of its own neighborhood data using locally collected data and each node tries to detect inconsistencies on its own data. It has no need for the central entity.
2.2 Wormhole Detection
Each node has reports its believed neighbors to the base station. The base station remodels of the connectivity graph. A wormhole always increases the number of edges in the connectivity graph. This increase may change the properties of the connectivity graph in a detectable way. Detection can be based on statistical hypothesis testing methods. A wormhole that creates many new edges may increase the number of neighbors of the affected nodes. A wormhole is usually a shortcut that decreases the length of the shortest paths in the network. The nodes not only reports for the lists of neighbors, but they also estimate their distances to their neighbor’s connectivity information. Estimated distances are input to a multi-dimensional scaling (MDS) algorithm. For the MDS algorithm tries to determine the possible position of each node in such a way that the constraints induced by the connectivity and the distance estimation for the data. There are two types of the Leashes are used in worm hole. One is Geographical Leashes where each node has equipped with a receiver. When sending a packet, at the node put its position into the header. At the node verifies the sender is really within a communication range. And another one is Temporal Leashes. The nodes are very tightly and synchronized. When sending a packet, at the node put it’s a timestamp in a header. When the receiving node estimates for the distance of the sender based time and speed of data. To avoidance the wormhole attack the detection is made through the wormhole nodes and it is done by the basis of the control messages. This procedure is carried out for and the shortest delay as well as hop count information will be selected wormhole detection. A new protocol called Multi-path Hop-count Analysis (MHA) is introduced based on hop-count analysis to avoid wormhole attack. It is assumed that too low or too high hop-count is not healthy for the network. The novelty of the hop-count analysis in detecting wormholes is however questionable. The main disadvantages
III.
BLACK HOLE ATTACK
is a silent and severe type of attack since it simply copies the packet at one location and replays them at different location or within the same network. So, in wormhole attack, there are two neighbor malicious nodes. They copy the packet at one location and replay the same packets without any changes in the content at different location or within the same network.
Black holes refer to places in the network where incoming or outgoin "dropped"), without informing the source that the data did not reach its intended recipient. When examining the invisible, and can only be detected by monitoring the lost traffic. The most common form of black hole is simply an or an address to which no host has been assigned. The intruders utilize the loophole to carry out their malicious behaviors because the route discovery process is necessary and inevitable.
Fig: 4 Black Hole Attack
It sends fake or false routing information to the source node that it has fresh routing path from source to destination. In on-demand routing protocol, if a source node S starts to send route request (RREQ) packets to initiate the transmission. At that time, S sends route request packets to its neighbors. They are forwarding the packets to their neighbors. In this way the route request packets are sent up to the destination. In black hole attack, the attacker captures the route request packets and sends route reply (RREP) packets back to the source node S that it has the fresh route from S to destination D. Source node S discards the other route reply packets that are coming from other route. After getting the route reply from attacker node, S decides to send the further data along that path. But the data is transmitted only to the attacker node. And attacker node will decide whether the data may be forwarded or to be discarded.
IV.
PREVENTION OF BLACK
HOLE ATTACK
119
Copyright © 2011-15. Vandana Publications. All Rights Reserved.
is difficult for the attacker to generate the secret key, sinceit should be shared among the nodes. There are some conditions that make the algorithm as efficient: After receiving the route requests from many paths, the destination will reply back to the source with the message that contains a session key through the path based on the selection criteria. The session key will be used for encrypting/decrypting the original data .The session key is sent to the source by encrypting the session key along with security association number, query identifier, query sequence number, IP addresses of source and destination, route reply using the shared secret key of source and destination
In routing mechanism of ad hoc networks three layers namely physical, MAC and network layers plays a major role. As MANETs are more vulnerable to various attacks, all these three layers suffer from such attacks and cause routing disorders. The variety of attacks in the network layer differs such as not forwarding the packets or adding and modifying some parameter of routing messages; such as sequence number and hop count. The most basic attack executed by the nodes in the network layer is that an adversary can stop forwarding the data packets. The consequence caused by this is that, whenever the adversary is selected as an intermediate node in the selected route, it denies the communication to take place. Most of the times the black hole attack is launched by the adversaries, whenever AODV is used as the data forwarding protocol. Consider a malicious node which keeps waiting for its neighbors to initiate a RREQ packet. As then node receives the RREQ packet, it will immediately send a false RREP packet with a modified higher sequence number. So, that the source node assumes that node is having the fresh route towards the destination. The source node ignores the RREP packet received from other nodes and begins to send the data packets over malicious node. A malicious node takes all the routes towards itself. It does not allow forwarding any packet anywhere. This attack is called a black hole as it allows all the data packets [7] [8].
Table : 1 Warm hole attack and Black hole attack effects
Single black hole attack has a problem on one malicious node utilizes the routing protocol to claim itself of being the shortest path to the destination node, but drops the routing packets but does not forward packets to its neighbors. A single black hole attack is easily happened in the mobile ad hoc networks [10]. But in Collaborative black hole attack some malicious nodes collaborate together in order to be guile the normal into their fabricated routing information, moreover, hide from the existing detection scheme. As a result, several cooperative detection schemes are proposed for preventing the collaborative black hole attacks [11].
V.
CONCLUSION
Security is a fundamental module of every network design. When planning, building, and operating a network, the importance is a strong security. In the past, hackers were highly skilled programmers who understood the details of computer communications and how to exploit vulnerabilities. Today almost anyone can become a hacker by downloading tools from the Internet. And also when the data are transferred from source to destination the attackers may be active or passive, which can’t be identified by the sender. The attackers’ motive is to hack the data with or without any reason. So, security plays a strong bone to transfer the data to its right destination. Most prisoners’ are warm hole and black hole. To overcome the attacks multilevel security is essential, the level of security may be in the form of encryption algorithm, router security, route identification, and finally decryption algorithms. The identification of preventive algorithms may be our future work.
VI.
ACKNOWLEDGEMENT
120
Copyright © 2011-15. Vandana Publications. All Rights Reserved.
REFERENCES
[1] Mohammad Matin e-book edite 51-0676-0, Published: July 18, 2012.
[2] DharaBuch and Devesh, “Prevention of wormhole attack in wireless sensor network” on International Journal of Network Security and its Applications (IJBSA), vol.3, Sep 2011.
[3] TeerawatIssariyakul, Ekram Hossain edited the e-book, “Introduction to Network Simulator NS2, 2010.
[4] Security and cooperation in wireless networks.
[5] Wormhole attacks in wireless networks Authored by Yih-Chun Hu, Member, IEEE, Adrian Perrig, Member,
IEEE, and David B. Johnson, Member, IEEE.[6]
Shang-Ming Jen, Chi-Sung Laih, Wen-Chung Kuo. “A
Hop-Count Analysis Scheme for Avoiding Wormhole Attacks in MANET”, 9 (6), pp. 5022-5039, 2009.
[6] DharaBuch, DeveshJinwala, “Detection of WormholeAttacks in Wireless Sensor Networks”, IEEE Conference on Advances in Recent Technologies in Communication and Computing, pp 7-14, 2011.
[7] Dokurer, Semih.”Simulation of Black hole attack in wireless Ad-hoc networks”. Master's thesis, AtılımUniversity, September 2006.
[8] Payal N. Raj, Prashant B. Swadas. “DPRAODV: A Dynamic Learning System AgainstBlackhole Attack in AODV BasedMANET”, IJCSI International Journal of Computer Science Issues, 2:54-59, 2009.
[9] LathaTamilselvan, Dr. V Sankaranarayanan “Prevention of Co-operative Black Hole Attack in MANET” JOURNAL OF NETWORKS, VOL. 3, NO. 5, MAY 2008.
[10] Deng H, Li W, Agrawal DP (2002) Routing Security in Wireless Ad-hoc Networks. IEEE Communications
Magazine40(10):70–75. doi: 10.1109/MCOM.2002.1039859.
