COLLUSION BW HOLE ATTACK

- In this world of technology, it is important to provide security and to find the loopholes present in the network. There are two types of networks – wired network and wireless network. Wireless network is more vulnerable to attacks as compared to the wired networks as a number of nodes are never fixed in wireless network. Any node can come and join the network as well as any node can leave the network. This paper includes conclusions of some Denial of Service attacks and their effect on the MANETs, How they attack and which methodology they adopt. This paper mainly focuses on proposing a new attack which can cause severe harm to the network. This attack inhibits the strategy of two main attacks –BlackHole and Wormhole attack. This attack actually works in collaboration with some internal nodes which will work for a malicious node and will help that node in causing disruption to the network. In particular, this paper describes all the weak areas of a network that can be targeted by this new attack.


INTRODUCTION
As already mentioned, this paper proposes a new attack, a type of a Denial of Service attack which can not only slow down the network but can also result in defaming as it is hard to find outthe actual intruder in the network. The name of this attack is Collusion BW Hole Attack .As in MANET, the communication starts when there is a node that has a data or a message packet that is to be sent to some other node. For the transmission of this packet the source node will choose a path which is both secure and less time consuming. For selection of this path the source node will look for the routing tables of other nodes and will find a suitable path to transmit the packet. Here, in Collusion BW attack, the intruder will take advantage of this demand of source node to hack the network and will eventually steal or drop the data. The intruder node will work with two or more internal nodes, who will form a tunnel and simultaneously send that data to the intruder node rather than sending it to the desired node. The whole methodology and strategy of this new proposed attack is described further in the paper. This paper includes only the description of this attack, the methodology that can be used by these intruding nodes and the weaknesses of a network that can be targeted by this attack.

MANET
Mobile Ad Hoc Network is a cluster of mobile nodeswhich can communicate with one another without a specified and predefined topology or central administration. MANETs are dynamic in nature, which means any node which wants to communicate can join the network and similarly any node can leave the network after the completion of its work at any time. It provides flexibility asthere is an absence of centralized system and it follows a decentralized system which means there are no server and client. Thus, it offers a peer-to-peer network in which any node can act as a host and as a router at the same time. [1] It is very easy to form a MANET network at cheap prices as it does not follow the predefined and centralized infrastructure, this property is the reason why MANET is widely used and becoming popular nowadays. But due to its flexible and dynamic nature, it is becoming vulnerable to many severe attacks. These attacks are mainly intended to steal the information that is transferred among communicating parties.[2, 3] As in MANET no restriction is applied on the nodes, any node can join the network, this can lead to severe consequences like eavesdropping, stealing of information, denial of services, response delay etc. As compared to wired network A MANET is more prone to attacks due to the following factors: • The Nodes have limited energy due to whichsecurity solutions that are complex cannot be used in MANET. • Transmission of data packets and routing is done using wireless medium.Wireless medium being a shared network and generally unreliable and makes eavesdropping more likely. Even if we make the channel reliable, the communication might be unreliable due to the broadcasting nature of the MANETs. •MANET does not have any central management point or node, which makes it hard to ensure that all the nodes that are taking part in the network are benign. • Routing is very challenging because the network topology of network keeps on changing and the mobility of nodes plays a very important role in the network. [4][5][6]

AODV
An Ad hoc On-Demand Distance Vector routing protocol is tailored particularly for the mobile nodes, where the time span for the establishment of new network and the termination of previous one is not fixed. Thus, this protocol seeks to provide less processing time, memory consumption and network utilization as well as fast adaption to dynamic forming links. It works on destination sequence numbers and gives loop freedom [9] [13][14][15]

Security Flaws in AODV
AODV is vulnerable to routing attacks due to lack of security features; some more secure protocols are generally designedto provide the authentication,confidentiality, integrity and non-repudiation.AODV can easily be compromised by a malicious node to disrupt its routing. The misbehaviour of an inside attacking node is discussed in. The actions that are performed by the inside attackers to disrupt the routing in AODV are 1) It may modify or forge the RREQ or RREP packets. 2) To work as a legitimate node it may spoof either the destination IP or the source IP and thus is able to receive or drop data packets.
3) To degrade the performance of the network and to increase the routing delayit may generates a fake RERR packet, 4) The attacker may send fake RREPs of highest sequence numbers (like Blackhole attack) to cause a DoS attack. 5) To deplete the node batteries, it may create the routing loops and launch sleep deprivation or resource consumption attacks. 6) To disrupt the normal routing behaviour it replays old routing messages or make a tunnel/wormhole. [7][8][9][10][11][12][13]

COLLUSION BW HOLE ATTACK
When an RREQ( Route request packet) is sent from a source node to other nodes in the network for the transmission of the package then the malicious node MN1 in the network may send Route Reply (RREP) with higher sequence number. As we know that the higher sequence number is replaced by the lower sequence number and allows the source node or other node to transmit the packet with the node with higher sequence number. Here the source node transmit the packet from the malicious node and the malicious node MN1 again send route request (RREQ) for the transmission of packet then again a malicious node MN2 send route reply with higher sequence number and the packet is again transmitted through the malicious node MN2. When a packet is transmitted to second malicious node MN2 in the network it tunnels the packet to the other malicious node MN3. When the packet is tunneled to the malicious node MN3 then usually broadcast of RREQ occurs but here in this attack case uni-cast occurs and the packet is dropped. This attack satisfies the vulnerability present in AODV so this attack is not possible to detect easily which are. 1) To modify or forge RREQ or RREP packets. 2) Source IP address or Spoof destination pose as the legitimate network node and thus drops or receive the data packets.
3) Make a tunnel/wormhole or replay old routing messagesto disrupt the normal routing behaviour. In AODV there is black hole and worm hole attack. In worm hole attack the attacking node capture the packet from one location and transmits that to the other node which is located at distant. A wormhole attack can be exploited very easily by attacker without compromising with the legitimate node and without having the knowledge of that. Whereas in black hole attack, when the source node attempts to send some data packets to a destination node, and starts the routing discovery process thena malicious node, MN1 shows that it has the route for the destination node every time it receives RREQ packets. Then it sends the response to source node at once. If the reply from a normal node for example (N1,N2,...,N14) etc. reaches the source node of the RREQ first, everything works well but when the packet is received by MN1 node then it makes the source node think that the routing discovery process is completed and ignores all other reply messages, and starts to send data packets. A forged routing has been created. As a result of which all the packets through MN1 are simply lost or consumed and never received by its desired destination. Collusion BW Hole Attack is different from these attack because in this attack the packets are dropped once received by the malicious node where as in Collusion BW Hole Attack there is no packet drop by first malicious node and in worm hole attack after tunnelling the broadcast of packet occur while in Colliding Collusion BW hole attack uni cast occur and the packet is dropped by the malicious node but at the same time the RREP and RREQ route request and reply of the neighbour legitimate node are managed such a way that the dropped packet node(malicious node) can never be identified.

Symptoms of Attack
Hence we can make a conclusion that our attack Collusion BW Hole Attack is valid only when: Case 1: The Malicious Node MN1 receives the packet from the source node by sending the higher sequence number of route reply RREP of the route request RREQ sent by the source node (Malicious Activity). Case 2: After tunnelling when the malicious node MN3 receive the packet there must occur a unicast instead of broadcast and the packet is dropped after the tunnelling. It means here is forge that MN1 is going to drop the packet but from MN1 to MN3 they keep transmitting the packets among them self resulting in Spoofing of the destination and IP address to work as legitimate node.