ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

A Countermeasure for Black HoleAttack in Mobile WiMAX Networks

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

Abstract - Mobile WiMAX has drawn muchattention due to its benefits.Nevertheless, security is a challengeand has to be ensured. The attacker maymake use of parts of unencryptedmanagement messages and acquireinformation about the type of traffic,nodes involved, timing and so on. Thiswork discusses about the attacksprevalent in mobile WiMAX and aprediction mechanism to foreknow theprevalence of Black hole attack, anattack in the network layer. Thismechanism eliminates the vindictivenodes and provides better results interms of Packet Delivery Ratio (PDR),Throughput, Control and Total overheads.

Index Terms - Black hole attack, Confidence Level(CL), WiMAX.

I. INTRODUCTION

The WiMAX (WorldwideInteroperability for MicrowaveAccess) is a broadband wirelessaccess system which is based on IEEE802.16 wireless MAN air interfacestandard, developed and promoted bythe WiMAX Forum [1].

The role of the WiMAX Forum is todefine profiles using the broadrange of 802.16 available options toaddress certification ofimplementations and to defineadditional mechanisms for networkingsuch as user-network mutualauthentication, integration withother kinds of wireless accesstechnologies (WiFi/802.11, 2G/3G/4Gcellular) and transfer of securityand quality of service stateinformation during handovers.

Manuscript receivedDeva Priya. M, Assistant Professor, Department of CSE, SriKrishna College of Technology, Coimbatore, Tami Nadu,India.(e-mail: mail2devapriya@gmail.com )Dr. Valarmathi M. L., Associate Professor, Department ofCSE, Government College of Technology, Coimbatore, TamiNadu, India. (e-mail:ml_valarmathi@rediffmail.com)Aishwarya. S, PG Scholar, Department of CSE, Sri KrishnaCollege of Technology, Coimbatore, Tami Nadu, India. (e-mail: vaish_hi2001@yahoo.com)Jaya Bharathi. K, PG Scholar, Department of CSE, SriKrishna College of Technology, Coimbatore, Tami Nadu,

India. (e-mail: jayabharathi@outlook.com)

WiMAX offers high throughput,great coverage, flexible Quality ofService (QoS) support and extensivesecurity. In an ideal condition,WiMAX offers a bit rate of upto 75Mbps [2], within the range of 50 kmand for mobile stations with amaximum data rate of upto 70 Mbpscompared to 802.11a with 54 Mbpsupto several hundred meters, EDGE(Enhanced Data Rates for GlobalEvolution) with 384 kbps to a fewkms, or CDMA2000 (Code-DivisionMultiple Access 2000) with 2 Mbpsfor a few kms.

WiMAX is a Fixed Wireless Access(FWA) network suitable for broadbandservices on areas without adequatecable infrastructure. This system isbased on the Orthogonal FrequencyDivision Multiplexing (OFDM) andrealizes broadband data transmissionby using a radio-frequency range of2-11 GHz and 10-66 GHz. An importantfeature of an OFDM system is thepossibility of successfulcommunication even under non-line-

M. Deva Priya, Dr. M.L.Valarmathi, S. Aishwarya, K. Jaya Bharathi

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

of-sight (NLOS) propagationcondition. WiMAX uses adaptivemodulation which is dependent on theSignal-to-Noise ratio (SNR).

Originally line-of-sighttransmission was supported in the 10G Hz to 66 G Hz range. Twoamendments were published. The firstamendment, the IEEE 802.16c standarddefines profiles of typicalimplementations. The secondamendment, the IEEE 802.16a standard[3] consists of controlenhancements, introduction of meshmode and support of additionalfrequencies. Together they addedtransmission in the 2 G Hz to 11 GHz range, non-line-of-sight, andlicensed or unlicensed service.

A major update was published in2004 as the IEEE 802.16d standard.It is a consolidation and animprovement of the IEEE 802.16standard and the amendments 802.16cand 802.16a. An amendment to IEEE802.16d has been drafted as the IEEE802.16e. It defines additionalmechanisms to support mobilesubscribers at vehicular speed anddata authentication.

IEEE 802.16 Working Group hasembarked on the development of a newamendment of the IEEE 802.16standard (i.e., IEEE 802.16m) as anadvanced air interface to meet therequirements of the InternationalTelecommunication Union – Radiocommunication / International MobileTelecommunications (ITUR/IMT) -advanced for fourth-generation (4G)

systems as well as the next-generation mobile network operators.The IEEE 802.16m is suitable forboth green-field and mixeddeployments with legacy mobilestations (MSs) and Base Stations(BSs).The backward compatibilityfeature allows smooth upgrades andan evolution path for the existingdeployments. It enables roaming andseamless connectivity across IMT-advanced and IMT-2000 systemsthrough the use of appropriateinterworking functions. In addition,the IEEE 802.16m system utilizesmultihop relay architectures forimproved coverage and performance.

A. Modes of operation

The IEEE 802.16 standard supportsPMP (Point-To-Multipoint) and Mesh-mode topologies. The IEEE 802.16standard published in 2002 definedthe air interface for fixed PMPbroadband wireless access networks.PMP mode comprises of a BS (Basestation) that communicates withdifferent SSs (Subscriber Stations).Each BS broadcasts to a group ofSSs. In Mesh mode, SSs directlyestablish a link between each other,where one of the communicating SSacts as a host.

B. Features of WiMAX

WiMAX is a wireless broadbandsolution that offers a rich set offeatures with a lot of flexibilityin terms of deployment and services.Some of the salient features thatdeserve emphasizing are:

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

Types of Service - WiMAX canprovide two forms of wirelessservice. i.e, Non-line-of-sightand Line-of-sight.

OFDM-based physical layer. Very high peak data rates - The

peak PHY data rate can be ashigh as 74Mbps when operatingusing a 20MHz wide spectrum.Using a 10MHz spectrumoperating using TDD scheme witha 3:1 downlink-to-uplink ratio,the peak PHY data rate is about25Mbps and 6.7Mbps for thedownlink and the uplink,respectively.

Scalable bandwidth and datarate support - A WiMAX systemmay use 128, 512, or 1,048-bitFFTs based on whether thechannel bandwidth is 1.25MHz,5MHz, or 10MHz, respectively.

Adaptive Modulation and Coding(AMC)

Link-layer retransmissions -Automatic RetransmissionRequests (ARQ) at the linklayer for connections thatrequire enhanced reliability.

Support for TDD and FDD. Flexible and dynamic per user

resource allocation. Support for advanced antenna

techniques - beam forming,space-time coding, and spatialmultiplexing.

Quality-of-service support -support a variety ofapplications, including voiceand multimedia services andoffers support for Constant BitRate, Variable Bit Rate, Real-Time and Non-Real-Time trafficflows, in addition to best-effort data traffic to a largenumber of users, with multipleconnections per terminal, eachwith its own QoS requirement.

Robust security - IncorporatesAdvanced Encryption Standard(AES) and a robust privacy andkey-management protocol areavailable. Includes ExtensibleAuthentication Protocol (EAP),Cipher-based MessageAuthentication Code (CMAC) andHashed Message AuthenticationCode (HMAC) based controlmessage protection schemes.

Support for mobility. IP - based architecture. Access - Supports the service

in the remote rural areas. Versatility - support different

services like Voice over IP andespecially Triple play.

Connectivity - Connections indifferent medium available inthe market called subscriberunits like, cell phone, Netbooks, iPods, etc and isaccessible in a multiple waysby using Wi-Fi access point,Ethernet ports also supportWiMAX connectivity, whiletelephone jacks are aconvenient way to access thisWiMAX service.

C. IEEE 802.16 e – Mobile WiMAX

There are two main classes ofWiMAX systems called fixed WiMAX andmobile WiMAX.

Fixed WiMAX is targeted forproviding fixed and nomadicservices, while mobile WiMAXprovides portable and (simple andfull) mobile connectivity. MobileWiMAX offers a wireless solution tolink fixed and mobile broadbandnetworks through a broadband radioaccess technology and an advancedarchitecture defined by the standard[5][6].

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

In the IEEE 802.16e standard,three basic types of handovers arespecified for portability andsimple/full mobility of users: HardHandover (HHO), Macro DiversityHandover (MDHO), and Fast BaseStation Switching (FBSS). HHO ismandatory in WiMAX systems.

Other two types of handover areoptional. IEEE 802.16e usesExtensible Authentication Protocol(EAP) as an authentication procedureand key management for link layersecurity as well as an RSA-basedauthentication procedure. Due to theflexibility and ability to interactwith Authentication, Authorizing andAccounting (AAA) infrastructures, itis very likely that EAP will becomethe de facto authentication methodfor 802.16e access control [4].

In fact, all OFDM-based, mobilebroadband access technologies thathave been developed exploit,enhance, and expand fundamentalconcepts that were originallyutilized in mobile WiMAX.

D. IEEE 802.16 j – Multi-hop relay basedWiMAX

The new task group IEEE 802.16j-2009 standard [1] of IEEE 802.16 airinterface for broadband wirelessaccess was officially established inMarch 2006. In order to support themobile multi-hop relayspecification, mesh mode is removedfrom the IEEE 802.16 -2009 standard.The mobile stations communicate witha base station through anintermediate relay station. Multi-

hop relay station is an optionaldeployment that may be used toprovide additional coverage. TheRelay Station may be fixed or may bemobile. The relay station may act asa Base Station and has its ownphysical cell identifier.

E. WiMAX MAC Layer

MAC layer of WiMAX consists of 3sub-layers: Convergence Sublayer,Common part Sublayer and PrivacySublayer. The Convergence Sublayerwas introduced to support betterinterface with existing protocols ofupper layers such as IP, ETHERNET,ATM and potential futuretechnologies. Currently it canoperate with the IP and ETHERNETprotocols.

F. Security Services

The ultimate goals of thesecurity solutions for WiMAX is toprovide security services, such asauthentication, confidentiality,integrity, authentication,nonrepudiation, anonymity andavailability to mobile WiMAX users.There is no single mechanism thatwill provide all the securityservices in WIMAXs. The commonsecurity services are describedbelow.

Availability - Availability isconcerned with the(unauthorized) upholding ofresources. Availability ensuresthe survivability of networkservices despite variousattacks.

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

Confidentiality - Confidentialityensures that certaininformation is only readable oraccessible by the authorizedparty. Transmission ofsensitive information such asmilitary information requiresconfidentiality.

Integrity - Integrity guaranteesthat the authorized parties areonly allowed to modify theinformation or messages. Italso ensures that a messagebeing transmitted is nevercorrupted.

Authentication - Authenticationensures that the access andsupply of data is done only bythe authorized parties. It isconcerned with assuring that acommunication is authentic.

Non repudiation - Non repudiationprevents either sender orreceiver from denying atransmitted message. Thus, whena message is sent, the receivercan prove that the message wasin fact sent by the allegedsender. On the other hand,after sending a message, thesender can prove that themessage was received by thealleged receiver.

Scalability - Scalability is notdirectly related to securitybut it is a very importantissue that has a great impacton security services. Securitymechanisms should be scalableto handle the network.

II. ATTACKS IN WiMAX

This section lists some of theattacks seen in mobile WiMAX due to

the lack of encryption of managementmessages.

A. Bandwidth spoofing

In bandwidth spoofing, theattacker grabs the availablebandwidth, by sending unnecessary BWrequest messages to BS [7]. To solvethis problem, the radio resourcemanagement in the BS should checkthe Local Policy Function (LPF) andthen allocate bandwidth only if theMS is necessarily provisioned. Thisnew recommendation is based on QoSmodel suggested by the WiMAX forum[5].

An SS obtains channel resourcesusing Bandwidth Request messages.Bandwidth requests are included intounauthenticated frames and hence canbe forged by an attacker. Theattacker can send false aggregaterequests pretending to be some otherstation and requesting very limitedchannel resources and the BS willupdate the schedule and communicateit with through UL-MAP and DL-MAP[8],[9].

B. Unencrypted management messages

IEEE 802.16-2004 does not provideany data authenticity for managementmessages [10],[11]. The completemanagement communication between MSand BS is unencrypted. If anadversary listens to the traffic, hecan collect information about bothinstances. Mobile WiMAX includessome unauthenticated messages [12].Their forgery can interruptcommunication. Adversary can alsolisten to important network

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

information from these unencryptedframes. Some important managementframes lack the authentication oftheir origin.

IEEE 802.16e-2005 and IEEE802.16-2009 provide integrityprotection for certain unicastmanagement messages by appending aunique digest to protect againstmalicious replay or modificationattacks. This digest is not added toIEEE 802.16 multicast and initialnetwork entry management messages.

For symmetric traffic encryption,the multicast and broadcast servicein IEEE 802.16e shares keyingmaterial with all group members. Thegroup members can forge messages oreven distribute their own traffickeying material, thus controllingthe multicast and broadcast contents[10],[12]. In addition, [10] discussabout various messages that are notencrypted, leading to attacks.

As with all wireless systems,digest integrity protection cannotbe applied to management messagessent to multiple recipients (i.e.,multicast transmissions), andinitial network entry managementmessages cannot leverage integrityprotection because nodes must firstbe authenticated to create theunique digest. Management messagesare susceptible to eavesdroppingattacks as they are sent in theclear to facilitate networkoperations. Furthermore, informationsent between a BS and SS beforesecurity associations have beennegotiated, is insecure and

unauthenticated. An attacker maymisuse RNG-REQ message, changingsome fields randomly and send it toBS in large number to waste theresources of the network [13].

During handover, when a MSperforms initial network entry [14],it negotiates communicationparameters and settings with the BS,a lot of information is exchangedlike security negotiationparameters, configuration settings,mobility parameters, power settings,vendor information, MS'scapabilities, etc. Since themanagement messages are unencrypted,an attacker can access them bylistening to the channel. IEEE802.16m supports full encryption andauthentication for managementmessages, but it has not beenintegrated into many vendorsolutions. Critical threats areeavesdropping of managementmessages, BS or MS masquerading,management message modification andDoS attack.

The spoofed message may containfalse message about the securitycapabilities of the legitimate SS.For instance, the attacker maydegrade a MS, by informing the BSthat the SS supports low securitycapabilities or has no securitycapabilities. In this situation, ifthe BS supports this kind of SS, thecommunication between the SS withthe serving BS will not beencrypted. As a result, theattackers can wiretap and tamper allthe information transmitted.

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

Eavesdropping of managementmessages is a critical threat forusers and a major threat to asystem. For example, an attackercould use this vulnerability toverify the presence of a victim atits location before committing anoffence. Additionally, it might beused by a competitor to map thenetwork. The masquerading threat ofthe BS or SSs is enabled whenauthentication weaknesses arepresent.

C. Encryption in WiMAX

Most of the management messagesdefined in IEEE 802.16e areintegrity protected. This is done bya Hash based Message AuthenticationCode (HMAC) or alternatively by aCipher based Message AuthenticationCode (CMAC). However, some messagesare not authenticated. Thisintroduces some vulnerability. Acouple of management messages aresent over broadcast managementconnection. In WiMAX securityarchitecture, since there is nocommon key which can be used as theauthentication of broadcastedmanagement messages, theauthentication of these messages isdifficult. Furthermore, a common keywould not completely protect theintegrity of the message as MSssharing the key can be generated byunauthenticated BS.

WiMAX MAC layer encrypts onlydata messages not managementmessages. It checks the SAassociated with the currentconnection and acquires the

initialization vector (IV). The MPDUplaintext payload is encrypted byemploying the generated MPDU IV andthe authenticated TEKs. To indicatethat the payload in the MPDU isencrypted, it sets EncryptionControl (EC) field of the MAC headerto 1.Here, 2 bit encryption keysequence is used to indicate whichTEK is used. Finally it updates theCRC field in accordance with changesin both the payload and MAC header[17].

A lot of security concernsshould be provided, so future workis needed in this area to secure thecommunication and countermeasure thesecurity threats/attacks [16].

D. Message Flooding

The attacker floods either the BSor SS with messages such that theoverall performance of the networkfalls. An attacker constantly sendsmessages in order to keep thedestination of the messages busyprocessing or rejecting them [18]. Adistributed flooding DoS attack is ahuge challenge for all the wirelessbroadband networks, as this attackcan bring down an entire network orconsume the network bandwidth to agreat extent.

E. Rogue Base Station

A rogue BS confuses the MSs ofthe network by acting like alegitimate BS. Mesh routers or APsare compromised by the attackersusing sniffers. In IEEE 802.16, theBS is compromised by reprogramming adevice with the hardware address of

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

another legitimate device. Thehardware address can be obtained byintercepting the management messagesof IEEE 802.1 using sniffers. WMNand IEEE 802.11 nodes use Proberequest frames to discover awireless network and the AP respondwith Probe response frame. Theclients select the AP that providesthe strongest signal to it. Identitytheft and Rogues BS are specifictechniques of masquerading.

The attacker can spoof a flood ofprobe request frames, thusincreasing the number of nodessearching for wireless network andoverload the AP or wireless meshrouter. The attacker can spoof thede-authentication message on behalfof the target node to stop it fromusing the network resources. Thesame vulnerability exists in IEEE802.16, where the adversaryeavesdrop the authentication messagebetween the node and the BS, andthen replays this message many timesto the BS, creating DoS for thetarget node [19],[20].

F. DOS (Denial of Service)

If a SS sends a lot of falseauthorization requests to a BS, theBS will use all its resources tocalculate whether the certificate isright [22]. WiMAX uses mutualauthentication to protect fromforgery attacks, but theauthorization process is stillvulnerable because there is no wayto ensure integrity of messages[21].Anyone with a properly placedradio receiver can catch an

authorization message, modify andretransmit it. DoS attacks takeplace as authentication operationstrigger the execution of longprocedures. A MS can be flooded witha high number of messages toauthenticate. Due to lowcomputational resources, the MS willnot be able to handle a large amountof invalid messages, rendering theDoS attack successful [15].

G. Man-in-the-middle vulnerabilities

The attacker intercepts messagesduring communication establishmentor a public key exchange and thenretransmits them, tampering theinformation contained in themessages, so that the two originalparties still appear to becommunicating with each other. In aman-in-the-middle attacks, theintruder uses a program that appearsto be the (Access Point) AP to SSand appears to be the SS to AP [23].

The attacker intrudes into thecommunication between the endpointson a network to inject falseinformation and intercept the datatransferred between them [24]. Aman-in-the-middle attack issuccessful, when the attackerimpersonates each endpoint to thesatisfaction of the other.

Although WiMAX can prevent MITMattack through rogue BS by usingPKMv2, it is still vulnerable toMITM attack. This possibility is dueto the vulnerabilities in initialnetwork entry procedure. It is knownthat WiMAX standard does not provide

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

any security mechanism for the SSBCnegotiation parameters.

H. Replay attack

In the mesh mode, 802.16 is alsovulnerable to a replay attack inwhich an attacker maliciouslyresends valid frames that theattacker has intercepted in themiddle of forwarding (relaying)process [25].

I. Water Torture attack

In wireless world some threatsare generic; IEEE 802.16 is not anexception. A classic threat arisesfrom the water torture attack, inwhich an attacker sends a series offrames to drain the receiver’sbattery. In addition, attacker witha properly positioned RF receivercan intercept messages sent throughwireless, and thus a confidentialitymechanism in the design is required[26].

J. Scrambling attack

Scrambling is a sort of jamming,but for short intervals of time andtargeted to specific frames or partsof frames. Scramblers canselectively scramble control ormanagement information with the aimof affecting the normal operation ofthe network. The problem is ofgreater amplitude for time sensitivemessages, which are not delaytolerant, such as the channelmeasurement report requests orresponses [27]. Present securitymechanisms do not address well inIEEE 802.16a Mesh modes network,which leads to new security threats,

such as the trustworthiness of thenext hop mesh node. Introducingmobility in IEEE 802.16e standardmakes the attacker’s lifecomfortable. As the physicallocation of the attacker is not anissue, management messages are morevulnerable than in IEEE 802.11.Therefore, it is necessary tomaintain a secure connectivity whilea mobile SS shifts between BSs.

III. NETWORK LAYER VULNERABILITIES

The network layer DoS attacks inWMN can be

Black hole attack - The attackercreates forged packets toimpersonate a valid mesh nodeand subsequently drops packets.The attracting packets involveadvertising low-cost orquickest routes [30].

Grey hole attack - The maliciousnode selectively forwards thepackets to the destination node[33].

Wormhole attack - The attackerforwards packets through a highquality out-of-band link andreplays those packets atanother location in the network[28].

Flooding attack - The attackertransmits a flood of packetstoward a target node in orderto congest the network anddegrade its performance [29],[31].

In the sections that follow,Black hole attack is discussed indetail with a solution to overcomeit. A scenario in which a Routing

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

REQuest (RREQ) is broadcast andRouting REsPonses (RREPs) arecollected is simulated using ns-2.The malicious nodes are found andeliminated in the initial phase,thus enforcing a secured path fromthe source to the destination.

A. Black hole attacks

In Black hole attack, a maliciousnode sends fake routing informationusing its routing protocol, andadvertises itself as having theshortest path to the destination,even though the route is spurious,with the intention of interceptingpackets. This hostile nodeadvertises its availability of freshroutes irrespective of checking itsrouting table. In this way theattacker will always reply to theRREQ, intercept data packets andretain them. The malicious nodeabsorbs all the traffic going towardthe target node [32]. Everything ismade possible as the managementinformation is unencrypted.

When the route is established,the malicious node either drops thepackets or forwards them to unknownaddress. A Black hole attack is akind of denial-of-service attack,where a malicious node attracts allpackets by falsely claiming anoptimum route to the destination andabsorbing them without forwardingthem to the destination. However,the attacker runs the risk thatneighbouring nodes will monitor andexpose the on-going attacks. Thereis a more subtle form of theseattacks, when an attacker

selectively forwards packets. Anattacker suppresses or modifiespackets originating from some nodes,while leaving the data from theother nodes unaffected, which limitsthe suspicion of its wrongdoing.

Once the attack has been injected,its impact in the networkcommunication and the runningapplications must be evaluated. Thisimpact may, for instance, may leadto the failure of a particularapplication, degrade networkcommunications, isolate nodes orcreate routing loops. This workconcentrates on route discoveryinformation alone (Fig. 1).

Fig. 1: Black hole attack

In Fig. 1, Node 1 is the sourcenode and node 4 is the destinationnode. Node 3 is a malicious nodewhich replies makes a false responsestating that it has the shortestroute to the destination node.Therefore Node 1 erroneously startssending data packets to Node 3. Amalicious node probably drops orconsumes the packets. Thissuspicious node can be regarded as aBlack hole. As a result, Node 3misroutes the packets easily and thenetwork operation is hindered.

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

B. Confidence Level (CL) based Solution forBlack hole attacks

The source node broadcasts theRREQ and then waits for ‘t’ seconds.If a node is a Black hole, it willnot forward the packet to othernodes. Instead it will drop/ modifythe packet. A normal node, on theother hand will forward the packetand receive an acknowledgement. Inother words, the CONFIDENCE_LEVEL ofa node is increased if the node isinvolved in forwarding the data. Thealgorithm is given in Fig. 2.

The number of acknowledgementsreceived by a node in a particulartime interval is theCONFIDENCE_LEVEL of that node. Itshould be kept in store, so as toidentify the malicious node. In caseof a vindictive node, the number ofacknowledgements received will bezero.

If more than one route has thesame TOTAL_CONFIDENCE_LEVEL, thenthe path with the highestAVERAGE_CONFIDENCE_LEVEL is chosenfor the next transmission. The basicidea is to select the next hop nodewith the highest CONFIDENCE_LEVEL.

For a node,

(1

)

i.e the number of acknowledgements received in the time period 1 ≤ i ≤ t.

For a path with ‘n’ nodes,

(2)

of ‘n’ nodes along the path.

In case, two or more paths havethe same CONFIDENCE_LEVELs, then theone with the minimum HOP_ COUNT ischosen.

(3)

Equation (3) gives theAVERAGE_CONFIDENCE_LEVEL of a path.The value varies with the HOP_COUNT.The path which involves less numberof hops may contribute a higheraverage value and involve less time.

In case the CONFIDENCE_LEVEL ofany node drops to 0, it isconsidered to be a malicious node,termed as a ‘Black hole’ and it iseliminated and all the nodes areintimated.

Initially, the source takes theinitiative of finding the number ofhops to each node. This ismaintained in the routing table andis updated dynamically after eachtransmission.

One important factor that has tobe considered here is that, amalicious node will send RREPimmediately before any otherlegitimate node. In such a case, thetime taken for response will be veryless. The source may rely on thisnode and forward packets throughthis node. This can be overcome bysetting a THRESHOLD_TIME, beforewhich no responses will be accepted.

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

(4)

‘∆t’ is based on the minimumnumber of hops required to reach thedestination from the source.

initialize( ) // Initializationbeginfor each intermediate node ‘i’ Set CONFIDENCE_LEVEL [i] = 0 Set HOP_COUNT [i] = 0end forend

begin // Algorithm Black_hole( )initialize ( )Source sends RREQ to all the neighbors and waits for RREP.Find the minimum HOP_COUNT mandatoryto reach the destination from theformer transmission. Find ‘∆t’.for each intermediate node ‘i’ for time ‘t’ if (‘i’ sends a RREP before ‘∆t’) Drop node ‘i’ and declare it to be malicious. end if Find the HOP_COUNT[i] for each path. if ‘i’ receives an acknowledgement along a path Update the CONFIDENCE_LEVEL[i] end ifend for

Source gets the RREPs.for each intermediate node ‘i’ if (CONFIDENCE_LEVEL [i] = = 0) Drop node ‘i’ and declare itto be malicious.

end ifend for

for each node ‘i’ on the path Next hop node = Node withMaximum Confidence level. Find the Total and AverageCONFIDENCE_LEVELs.

Choose the path with thehighest average CONFIDENCE_LEVEL. if (more than one path isavailable with the same value) Choose the path with theleast HOP_COUNT. end if end forSend packets along the chosen path.End

Fig. 2: Confidence Level basedprediction algorithm for Black Hole

attacks

IV. PERFORMANCE ANALYSIS

This section describes theparameters (Table. I) andperformance metrics used in oursimulations.

Table I: Simulation parameters

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

In case of Black hole attacks,the Confidence Level basedprediction mechanism yields betterresults when compared to theattacked scenario. The followinggraphs show the performance ofConfidence Level based mechanism(Fig.3 to Fig.6).

The Confidence Level basedmechanism yields a better PDR andThroughput when compared to anattacked network. The solution doesnot degrade the performance.

Similarly, the Control and Totaloverheads are less when compared toa network with Black hole attacks.

Fig. 3: Packet Delivery Ratio forBlack Hole attack

Fig. 4: Control Overhead for

Black Hole attack

Fig. 5: Total Overhead for Black

Hole attack

Fig. 6: Throughput for Black Hole

attack

V. CONCLUSION

Parameter ValueNumber of nodes 50Packet size 1000Data rate 100 MbpsTraffic Type CBRMobility model Random way-pointQueuing policy Drop TailSimulation Duration

250 ms

Queue Length 50Start time 20 msStop time 100 msModulation Scheme OFDM_QPSK

Frame Duration 0.020 ms

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

This work mainly focused on theBlack hole in mobile WiMAX. It isobvious that the predictionmechanism yields better results whenpaths without malicious nodes areselected for transmission. Thisprediction method can be employed inmulticasting protocols with somemodifications.

REFERENCES[1] “IEEE standard for local and

metropolitan area networks: Part 16:Air Interface for Broadband WirelessAccess Systems,” IEEE Std 802.16-2009, pp. 1 - 2080, 2009.

[2] “WiMAX Forum, WiMAX System EvaluationMethodology V2.1,” pp. 230, 2008.

[3] “LAN MAN Standards Committee of theIEEE Computer Society and the IEEEMicrowave Theory and TechniquesSociety. Local and metropolitan areanetworks - Part 16: Air interface forfixed broadband wireless accesssystems - amendment 2: Medium accesscontrol modifications and additionalphysical layer specifications for 2-11GHz,” IEEE Standard 802.16a-2003,2003.

[4] “IEEE C802.16m-07/029, MobilitySensitive Master Key Derivation andFast Re-authentication for 802.16m,”2007.

[5] Eklund, C. , Marks, R.B. ,  Stanwood,K.L. , Wang, S., “IEEE Standard802.16: A Technical Overview of theWireless MAN Air Interface forBroadband Wireless Access,” IEEECommunications Magazine, Vol. 40, No. 6,pp. 98 - 107, 2002.

[6] “IEEE P802.16Rev2/D2, DRAFT Standardfor Local and metropolitan areanetworks,” Part 16: Air Interface forBroadband Wireless Access Systems, pp.2094, 2007.

[7] Huang, J., Huang, C-T.,” Secure MutualAuthentication Protocols for MobileMulti-hop Relay WiMAX Networks againstRogue Base/Relay Stations,” InProceedings of IEEE International Conference onCommunications, 2011.

[8] Maccari, L., Paoli, M., Fantacci, R.,“Security analysis of IEEE 802.16,” InProceedings of International Conference onCommunications proceedings, 2007.

[9] Adhikary, K., Kumar, R., Kumar, A.,“Securing Bandwidth Request Messagesin WiMAX,” International Journal of ComputerApplications, Vol. 33, No. 3, pp. 1-5,2011.

[10] Naseer, S., Younus, M., Ahmed, A.,“Vulnerabilities Exposing IEEE 802.16eNetworks To DoS Attacks:A Survey,” InProceedings of Ninth IEEE ACIS InternationalConference on Software Engineering, ArtificialIntelligence, Networking, and Parallel/DistributedComputing, pp. 344 - 349, 2008.

[11] Deininger, A., Kiyomoto, S.,Kurihara, J., Tanaka, T., “SecurityVulnerabilities and Solutions inMobile WiMAX,” International Journal ofComputer Science and Network Security, Vol.7, No. 11, 2007.

[12] Bakthavathsalu, K. , Sampalli,S. ,  Qiang Ye, “Management FrameAttacks in WiMAX Networks: Analysisand Prevention,” In Proceedings of SeventhInternational Conference On Wireless And OpticalCommunications Networks (WOCN), pp. 1 -7,2010.

[13] Shojaee, M. , Movahhedinia,N. ,  Ladani, B.T., “ Traffic Analysisfor WiMAX Network under DDoS Attack,”In Proceedings of Second Pacific-Asia Conferenceon Circuits, Communications and System (PACCS),Vol. 1, pp. 279 - 283, 2010.

[14] Chee, J., Ming Teo, “ImprovingSecurity in the IEEE 802.16Standards,” In Proceedings of InternationalConference on Information Technology: NewGenerations (ITNG), pp. 408 - 412, 2011.

[15] Maru, S., Brown, T.X., “Denial ofService Vulnerabilities In the 802.16Protocol,” In Proceedings of The FourthInternational Wireless Internet Conference (WICON2008), pp. 1 - 9, 2008.

[16] Kahya-Abbaci, N., Ghoualmi, N., “ANew Classification Based on IEEE802.16 for Wireless Access,” Journal ofData Processing, Vol. 2, No. 1, pp. 32 -38, 2012.

[17] Nirwan Ansari, “WiMAX Security:Privacy Key Management,” In Proceedingsof Sendai International Workshop on NetworkSecurity and Wireless Communications, 2007.

[18] Parish, D. J., Aparicio-Navarro, F.J., “Misbehaviour metrics in WiMAXnetworks under attack,” PGNeT, 2010.

[19] Barbeau, M., Robert, J.M., “Rogue-Base Station Detection in WiMAX/802.16Wireless Access Networks,” Annals ofTelecommunications, Vol. 61, No. 11-12,pp.1300-1313, 2006.

[20] Shon, T., Choi, W., “An Analysis ofMobile WiMAX Security: Vulnerabilitiesand Solutions,” In proceeding of First

ISSN: 2278 – 1323International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 2, Issue 3, March 2013

International Conference on Network-BasedInformation Systems, 2007.

[21] Qayyum, J., Lal, M., Khan, F., Imad,M., “Survey & Assessment of WiMAX, itssecurity threats and their solutions,”International Journsal of Video & Image Processingand Network Security , Vol. 11, No. 3, pp.36-47, 2011.

[22] Liu, F., Lu, L., “A WPKI-basedSecurity Mechanism for IEEE 802.16e,”In Proceedings of International Conference onWireless Communications, Networking and MobileComputing, pp. 1 - 4, 2006. 

[23] Han, T., Zhang, N., Liu, K., Tang,B., Liu, Y., “Analysis of Mobile WiMAXSecurity: Vulnerabilities andSolutions,” In Proceedings of 5th IEEEInternational Conference on Mobile Ad Hoc andSensor Systems, pp. 828 - 833, 2008.

[24] Khan, A.S., Fisal, N., Hussain, S.,“Man-in-the-Middle Attack and PossibleSolutions on WiMAX 802.16j,” InProceedings of International Conference on Recentand Emerging Advance Technologies inEngineering, 2009.

[25] Bogdanoski, M., Latkoski, P.,Risteski, A., Popovski, B., “IEEE802.16 Security Issues: A Survey,” InProceedings of 16th Telecommunication ForumTELFOR 2008, 2008.

[26] Hasan, J., “Security Issues of IEEE802.16 (WiMAX),” In Proceedings of 4thAustralian Information Security ManagementConference, 2006.

[27] Jung, J., Jeung, J., Lim, J.,“Control Channel Hopping for Avoidanceof Scrambling Attacks in IEEE 802.16Systems,” In Proceedings of MilitaryCommunications Conference, pp. 1225 -1230, 2011.

[28] Santhanam, L., Nandiraju,D.,  Nandiraju, N., Agrawal, D.P.,“Active cache based defense againstDoS attacks in Wireless Mesh Network,”In Proceedings of the 2nd IEEE InternationalSymposium on Wireless Pervasive Computing(ISWPC 2007), 2007.

[29] Nait-Abdesselam, F., “Detecting andavoiding wormhole attacks in wirelessad hoc networks,” IEEE CommunicationMagazine, Vol. 46, No. 4, pp. 127-133,2008.

[30] Ramaswamy, S., Fu, H.,Sreekantaradhya, M., Dixon, J.,Nygard, K., “Prevention of CooperativeBlack Hole Attack in Wireless Ad HocNetworks,” In Proceedings of InternationalConference on Wireless Networks, pp. 1 - 7,2003.

[31] Khan, S., Loo, K-K., Naeem, T., Khan,M.A., “Denial of Service Attacks andChallenges in Broadband Wireless

Networks,” International Journal of ComputerScience and Network Security, Vol. 8, No. 7,pp. 1 - 6, 2008.

[32] Deng, H., Li, W., Agrawal, D.P.,“Routing Security in Wireless ad hocNetworks,” IEEE Communication Magazine,Vol. 40, No. 10, pp.70-75, 2002.

[33] Abel, V.S., “Survey of Attacks onMobile Adhoc Wireless Networks,”International Journal on Computer Science andEngineering, Vol. 3, No. 2, pp. 826 -829, 2011.