Wormhole attacks in wireless networks

As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a general mechanism, called packet leashes, for detecting and, thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. We also discuss topology-based wormhole detection, and show that it is impossible for these approaches to detect some wormhole topologies.     

SeRWA: A secure routing protocol against wormhole attacks in sensor networks

A wormhole attack is particularly harmful against routing in sensor networks where an attacker receives packets at one location in the network, tunnels and then replays them at another remote location in the network. A wormhole attack can be easily launched by an attacker without compromising any sensor nodes. Since most of the routing protocols do not have mechanisms to defend the network against wormhole attacks, the route request can be tunneled to the target area by the attacker through wormholes. Thus, the sensor nodes in the target area build the route through the attacker. Later, the attacker can tamper the data, messages, or selectively forward data messages to disrupt the functions of the sensor network. Researchers have used some special hardware such as the directional antenna and the precise synchronized clock to defend the sensor network against wormhole attacks during the neighbor discovery process. In this paper, we propose a Secure Routing protocol against wormhole attacks in sensor networks (SeRWA). SeRWA protocol avoids using any special hardware such as the directional antenna and the precise synchronized clock to detect a wormhole. Moreover, it provides a real secure route against the wormhole attack. Simulation results show that SeRWA protocol only has very small false positives for wormhole detection during the neighbor discovery process (less than 10%). The average energy usage at each node for SeRWA protocol during the neighbor discovery and route discovery is below 25 mJ, which is much lower than the available energy (15 kJ) at each node. The cost analysis shows that SeRWA protocol only needs small memory usage at each node (below 14 kB if each node has 20 neighbors), which is suitable for the sensor network.     

On providing wormhole‐attack‐resistant localization using conflicting sets

Wormhole attack is a severe attack that can be easily mounted on a wide range of wireless networks without compromising any cryptographic entity or network node. In the wormhole attack, an attacker sniffs packets at one point in the network and tunnels them through the wormhole link to another point. Such kind of attack can deteriorate the localization procedure in wireless sensor networks. In this paper, we first analyze the impacts of the wormhole attack on the localization procedure. Then, we propose a secure localization scheme against the wormhole attacks called SLAW including three phases: wormhole attack detection, neighboring locators differentiation, and secure localization. The main idea of the SLAW is to build a so‐called conflicting set for each locator based on the abnormalities during the message exchanges, which can be used to differentiate the dubious locators to achieve secure localization. We first consider the simplified system model in which there is no packet loss and all the nodes have the same transmission range. We further consider the general system model where the packet loss exists and different types of nodes have different transmission radii. We conduct the simulations to illustrate the effectiveness of the proposed secure localization scheme and compare it with the existing schemes under different network parameters. Copyright © 2014 John Wiley & Sons, Ltd.     

Wormhole Attack Detection System for IoT Network: A Hybrid Approach

Many errors in data communication cause security attacks in Internet of Things (IoT). Routing errors at network layer are prominent errors in IoT which degrade the quality of data communication. Many attacks like sinkhole attack, blackhole attack, selective forwarding attack and wormhole attack enter the network through the network layer of the IoT. This paper has an emphasis on the detection of a wormhole attack because it is one of the most uncompromising attacks at the network layer of IoT protocol stack. The wormhole attack is the most disruptive attack out of all the other attacks mentioned above. The wormhole attack inserts information on incorrect routes in the network; it also alters the network information by causing a failure of location-dependent protocols thus defeating the purpose of routing algorithms. This paper covers the design and implementation of an innovative intrusion detection system for the IoT that detects a wormhole attack and the attacker nodes. The presence of a wormhole attack is identified using location information of any node and its neighbor with the help of Received Signal Strength Indicator (RSSI) values and the hop-count. The proposed system is energy efficient hence it is beneficial for a resource-constrained environment of IoT. It also provides precise true-positive (TPR) and false-positive detection rate (FPR).

     

Single-Adversary Relaying Attack Defense Mechanism in Wireless Ad Hoc Networks

There have been many security protocols to provide authenticity and confidentiality in wireless ad hoc networks. However, they fail to defend networks against relaying attack in which attacker nodes simply broadcast received packets without compromising any legitimate nodes. Wormhole attack is a representative example of relaying attack, in which a pair of attacker nodes relay received packets to each other and selectively drop them. The wormhole attack is known to ruin routing and communication of a network considerably, however, is not very straightforward to be accomplished due to the pairwise nature. In this paper, we introduce two new types of relaying attack, called teleport and filtering attacks that require a single attacker node only for accomplishment. We describe their accomplishment conditions and impacts on the network performance in a formal manner. We then propose a countermeasure framework against these attacks called Single-Adversary Relaying Attack defense Mechanism (SARAM), which is composed of a bandwidth-efficient neighbor discovery customized for multi-hop environments and neighbor list management combined into an on-demand ad hoc routing protocol. SARAM does not require any special hardware such as location-aware equipments and tight synchronized clocks, thus is cost-efficient as well. We show via ns-2 simulation that the new relaying attacks deteriorate the network performance significantly and SARAM is effective and efficient in defending a network against these attacks.     

Topological comparison‐based wormhole detection for MANET

Wormhole attack is considered one of the most threatening security attacks for mobile ad hoc networks. In a wormhole attack, a tunnel is setup in advance between two colluders. The colluders record packets at one location and forward them through the tunnel to another location in the network. Depending on whether or not the colluders are participating in the network functions, the wormhole attack can be further divided into two categories: traditional wormhole attack and Byzantine wormhole attack. Existing researches focusing on detecting traditional wormhole attacks can be classified into three categories: one‐hop delay‐based approach, topological analysis‐based or special hardware/middleware‐based approaches. Unfortunately, they all have their own limitations. Most of the researches detecting Byzantine wormhole attack are not addressing the Byzantine wormhole attack directly. Instead, they focus on observing the consequence after a Byzantine wormhole attack, like packet dropping or modification. In this paper, we propose to detect both traditional and Byzantine wormhole attacks by detecting some topological anomalies introduced by wormhole tunnels. Simulation results show that our scheme can achieve both high wormhole attack detection rate and accuracy. Our scheme is also simple to implement. Copyright © 2012 John Wiley & Sons, Ltd.     

Secured Self Organizing Network Architecture in Wireless Personal Networks

Secured self organizing network is an approach to computer network architecture that seeks to address the technical issues in heterogeneous networks that may lack continuous network connectivity. In delay tolerant network packets storage exists when there is any link breakage between the nodes in the network so delay is tolerable in this type of network during the data transmission. But this delay is not tolerable in wireless network for voice packet transmission. This evokes the use of wireless networks. In a network, different wireless network topologies are interoperating with each other so the communication across the network is called overlay network. This network is vulnerable to attacks due to mobile behaviour of nodes and frequent changes in topologies of the network. The attacks are wormhole attack and blackhole attack is analysed in this paper. They are critical threats to normal operation in wireless networks which results in the degradation of the network performance. The proposed recovery algorithm for wormhole and the isolation of blackhole will increase the performance of the network. The performance metrics such as throughput, packet delivery ratio, end–end delay and routing overhead of the network are evaluated.

     

Detecting and avoiding wormhole attacks in wireless ad hoc networks [security in mobile ad hoc]

A particularly severe attack on routing protocols in ad hoc networks is the so-called worm- hole attack in which two or more colluding attackers record packets at one location, and tunnel them to another location for replay at that remote location. When this attack targets specifically routing control packets, the nodes that are close to the attackers are shielded from any alternative routes with more than one or two hops to the remote location. All routes are thus directed to the wormhole established by the attackers. In the optimized link state routing protocol, if a wormhole attack is launched during the propagation of link state packets, the wrong link information percolates throughout the network, leading to routing disruption. In this article we devise an efficient method to detect and avoid wormhole attacks in the OLSR protocOLSR protocolol. This method first attempts to pinpoint links that may potentially be part of a wormhole tunnel. Then a proper wormhole detection mechanism is applied to suspicious links by means of an exchange of encrypted probing packets between the two supposed neighbors (endpoints of the wormhole). The proposed solution exhibits several advantages, among which are its nonreliance on any time synchronization or location information, and its high detection rate under various scenarios.     

Biologically inspired artificial intrusion detection system for detecting wormhole attack in MANET

A mobile ad hoc network (MANET) does not have traffic concentration points such as gateway or access points which perform behaviour monitoring of individual nodes. Therefore, maintaining the network function for the normal nodes when other nodes do not forward and route properly is a big challenge. One of the significant attacks in ad hoc network is wormhole attack. In this wormhole attack, the adversary disrupts ad hoc routing protocols using higher bandwidth and lower-latency links. Wormhole attack is more hidden in character and tougher to detect. So, it is necessary to use mechanisms to avoid attacking nodes which can disclose communication among unauthorized nodes in ad hoc networks. Mechanisms to detect and punish such attacking nodes are the only solution to solve this problem. Those mechanisms are known as intrusion detection systems (IDS). In this paper, the suggested biological based artificial intrusion detection system (BAIDS) include hybrid negative selection algorithm (HNSA) detectors in the local and broad detection subsection to detect anomalies in ad hoc network. In addition to that, response will be issued to take action over the misbehaving nodes. These detectors employed in BAIDS are capable of discriminating well behaving nodes from attacking nodes with a good level of accuracy in a MANET environment. The performance of BAIDS in detecting wormhole attacks in the background of DSR, AODV and DSDV routing protocols is also evaluated using Qualnet v 5.2 network simulator. Detection rate, false alarm rate, packet delivery ratio, routing overhead are used as metrics to compare the performance of HNSA and the BAIDS technique.     

A graph theoretic framework for preventing the wormhole attack in wireless ad hoc networks

Wireless ad hoc networks are envisioned to be randomly deployed in versatile and potentially hostile environments. Hence, providing secure and uninterrupted communication between the un-tethered network nodes becomes a critical problem. In this paper, we investigate the wormhole attack in wireless ad hoc networks, an attack that can disrupt vital network functions such as routing. In the wormhole attack, the adversary establishes a low-latency unidirectional or bi-directional link, such as a wired or long-range wireless link, between two points in the network that are not within communication range of each other. The attacker then records one or more messages at one end of the link, tunnels them via the link to the other end, and replays them into the network in a timely manner. The wormhole attack is easily implemented and particularly challenging to detect, since it does not require breach of the authenticity and confidentiality of communication, or the compromise of any host. We present a graph theoretic framework for modeling wormhole links and derive the necessary and sufficient conditions for detecting and defending against wormhole attacks. Based on our framework, we show that any candidate solution preventing wormholes should construct a communication graph that is a subgraph of the geometric graph defined by the radio range of the network nodes. Making use of our framework, we propose a cryptographic mechanism based on local broadcast keys in order to prevent wormholes. Our solution does not need time synchronization or time measurement, requires only a small fraction of the nodes to know their location, and is decentralized. Hence, it is suitable for networks with the most stringent constraints such as sensor networks. Finally, we believe our work is the first to provide an analytical evaluation in terms of probabilities of the extent to which a method prevents wormholes. Radha Poovendran received the Ph.D. degree in electrical engineering from the University of Maryland, College Park, in 1999. He has been an Assistant Professor in the Electrical Engineering Department, University of Washington, Seattle, since September 2000. His research interests are in the areas of applied cryptography for multiuser environment, wireless networking, and applications of information theory to security. Dr. Poovendran is a recipient of the Faculty Early Career Award from the National Science Foundation (2001), Young Investigator Award from the Army Research Office (2002), Young Investigator Award from the Office of Naval Research (2004), and the 2005 Presidential Early Career Award for Scientists and Engineers, for his research contributions in the areas of wired and wireless multiuser security. Loukas Lazos received the B.S. and M.S. degrees from the Electrical Engineering Department, National Technical University of Athens, Athens, Greece, in 2000 and 2002, respectively. He is currently working towards the Ph.D. degree in the Electrical Engineering Department, University of Washington, Seattle. His current research interests focus on cross-layer designs for energy-efficient key management protocols for wireless ad-hoc networks, as well as secure localization systems for sensor networks.     

A time stamp-based algorithm to improve security and performance of mobile ad hoc network

Mobile ad hoc network is open medium and infrastructure-less network. Mobile ad hoc network is susceptible to various security attacks such as, black hole attack, gray hole attack, bad mouthing attack, sybil attack and worm hole attack due to open medium, infrastructure-less features and lack of in-built security. In black hole attack and gray hole attack, attacker falsely sends route reply and dropped data packets received from source node. Due to these attacks, performance of mobile ad hoc network decreases. This paper proposes a time stamp-based algorithm which is an enhanced version of existing IDSNAODV algorithm. Proposed algorithm modifies existing palling process to validate identity of observer nodes using a time stamp-based approach. Based on defined set of rules and recorded activities report, source node decides the nature of target node. The performance of proposed algorithm is evaluated using the network simulator. The proposed algorithm shows improved performance for packet delivery ratio, throughput and routing overhead as compared to existing algorithm.

     

Detection of Wormhole Attack and Secure Path Selection in Wireless Sensor Network

In Wireless Sensor Network (WSN), securable data transmission is one of the most challenges. During the transmission between the source and a destination node, routing information of the particular path may be misbehaved by the particular nodes which are known as wormhole nodes/attackers. The paths which include the wormhole nodes are known as wormhole attacked paths. For improving security in WSN, these wormhole attacked paths should be identified. To achieve this, wormhole attack detection method and optimal or secure path selection are presented in this paper. Initially, ‘K’ paths or multiple paths are generated between source and destination using Ad-hoc On demand Multipath Distance Vector (AOMDV) routing protocol. Then, the source node identifies the wormhole attacked path by verifying the Detection Packet (DP) and Feedback Packet (FP) from the destination. After detecting the wormhole attacked paths, the source node selects the optimal path among the attacker free paths using Particle Swarm Optimization (PSO) algorithm. Simulation results show that the performance of the proposed approach improves energy efficiency and network lifetime of the network.

     

The Impact of Deployment Pattern and Routing Scheme on the Lifetime in Multi-Sink Wireless Sensor Network

Extensive use of sensor and actuator networks in many real-life applications introduced several new performance metrics at the node and network level. Since wireless sensor nodes have significant battery constraints, therefore, energy efficiency, as well as network lifetime, are among the most significant performance metrics to measure the effectiveness of given network architecture. This work investigates the performance of an event-based data delivery model using a multipath routing scheme for a wireless sensor network with multiple sink nodes. This routing algorithm follows a sink initiated route discovery process with the location information of the source nodes already known to the sink nodes. It also considers communication link costs before making decisions for packet forwarding. Carried out simulation compares the network performance of a wireless sensor network with a single sink, dual sink, and multi sink networking approaches. Based on a series of simulation experiments, the lifetime aware multipath routing approach is found appropriate for increasing the lifetime of sensor nodes significantly when compared to other similar routing schemes. However, energy-efficient packet forwarding is a major concern of this work; other network performance metrics like delay, average packet latency, and packet delivery ratio are also taken into the account.

     

Trust Based Detection and Elimination of Packet Drop Attack in the Mobile Ad-Hoc Networks

The mobile ad hoc network (MANET) is communication network of a mobile node without any prior infrastructure of communication. The network does not have any static support; it dynamically creates the network as per requirement by using available mobile nodes. This network has a challenging security problem. The security issue mainly contains a denial of service attacks like packet drop attack, black-hole attack, gray-hole attack, etc. The mobile ad-hoc network is an open environment so the working is based on mutual trust between mobile nodes. The MANETs are vulnerable to packet drop attack in which packets travel through the different node. The network while communicating, the node drops the packet, but it is not attracting the neighboring nodes to drop the packets. This proposed algorithm works with existing routing protocol. The concept of trusted list is used for secure communication path. The trusted list along with trust values show how many times node was participated in the communication. It differentiates between altruism and selfishness in MANET with the help of energy level of mobile components. The trust and energy models are used for security and for the differentiation between altruism and selfishness respectively.     

Invincible AODV to detect black hole and gray hole attacks in mobile ad hoc networks

Today's communication world is majorly driven by mobile nodes that demand wireless systems for their data relay. One such network is mobile ad hoc network, which is a purely wireless network with which communication is feasible instantly without any aid of preexisting infrastructure; due to this magnificent feature, it has a wide variety of applications. Mobile ad hoc network hinges on cooperative nature of the mobile nodes for relaying data. But at the same time, nodes relaying data for others may compromise, leading to various security attacks. Two main security attacks that drastically bring down the performance of mobile ad hoc network are black hole and gray hole attacks. In this paper, we propose 2 versions of invincible Ad hoc On‐Demand Distance Vector protocol to detect black hole and gray hole nodes that have bypassed preventive mechanism during route discovery process. First is the basic version, which is based on node‐to‐node frame check sequence tracking mechanism, and second is the enhanced version, which is based on signed frame check sequence tracking mechanism. They create a deterrent environment addressing all kinds of black and gray hole attacks. They also provide reliable data transmission to all the nonmalicious nodes in the network by using end‐to‐end authentication mechanism. Simulation results show better performance in packet delivery ratio when compared with other contemporary solutions while addressing all kinds of black and gray hole attacks. It shows significant improvement in end‐to‐end delay and normalized routing load over Ad hoc On‐Demand Distance Vector under black hole or gray hole attacks and also shows better throughput and packet delivery ratio than the existing solution.     

MobiWorp: Mitigation of the wormhole attack in mobile multihop wireless networks

In multihop wireless systems, the need for cooperation among nodes to relay each other’s packets exposes them to a wide range of security attacks. A particularly devastating attack is the wormhole attack, where a malicious node records control traffic at one location and tunnels it to a colluding node, possibly far away, which replays it locally. This can have an adverse effect on route establishment by preventing nodes from discovering legitimate routes that are more than two hops away. Previous works on tolerating wormhole attacks have focused only on detection and used specialized hardware, such as directional antennas or extremely accurate clocks. More recent work has addressed the problem of locally isolating the malicious nodes. However, all of this work has been done in the context of static networks due to the difficulty of secure neighbor discovery with mobile nodes. The existing work on secure neighbor discovery has limitations in accuracy, resource requirements, and applicability to ad hoc and sensor networks. In this paper, we present a countermeasure for the wormhole attack, called MobiWorp, which alleviates these drawbacks and efficiently mitigates the wormhole attack in mobile networks. MobiWorp uses a secure central authority (CA) for global tracking of node positions. Local monitoring is used to detect and isolate malicious nodes locally. Additionally, when sufficient suspicion builds up at the CA, it enforces a global isolation of the malicious node from the whole network. The effect of MobiWorp on the data traffic and the fidelity of detection is brought out through extensive simulation using ns-2. The results show that as time progresses, the data packet drop ratio goes to zero with MobiWorp due the capability of MobiWorp to detect, diagnose and isolate malicious nodes. With an appropriate choice of design parameters, MobiWorp is shown to completely eliminate framing of a legitimate node by malicious nodes, at the cost of a slight increase in the drop ratio. The results also show that increasing mobility of the nodes degrades the performance of MobiWorp.     

Honeypot Based Black-Hole Attack Confirmation in a MANET

Many solutions are proposed to identify or prevent the attacks in a Mobile Ad hoc Network. However, sometimes these systems detect false attacks. This could lead to loss of resources in a mobile ad hoc network and cause a downgrade in quality of service. Hence mobile ad hoc networks need a system to confirm the attack before taking further actions. In our work presented in this paper, we propose an attack confirm system for a malicious attacker, called the Black-hole attacker. We present our Black-hole attack Confirmation System, which identifies and confirms the black-hole attack in a mobile ad hoc network using honeypot. The honeypot intelligently identifies all the possible types of black-hole attack using the Black-hole Attack tree, and confirms the attack using the Attack History Database. Together, the Black-hole Attack tree, and Attack History Database aid the honeypot in reducing the false alarms in the mobile ad hoc network. We have simulated the proposed system in several mobile ad hoc network environments of varying sizes of nodes and applications. On several occasions the results have demonstrated that the proposed system is efficient in confirming the black-hole attack and saving the resources and minimizing the path re-establishment.     

FPN‐SAODV: using fuzzy petri nets for securing AODV routing protocol in mobile Ad hoc network

In this paper, we use fuzzy Petri nets (FPNs) to propose a secure routing protocol in mobile ad hoc network. The proposed method is based on secure ad hoc on‐demand distance vector (SAODV), which is named FPN‐SAODV. In FPN‐SAODV routing protocol, for each packet delivery or firing each transition, a type of bidirectional node‐to‐node fuzzy security verification is conducted that can be carried out with five security threshold levels. This inference uses four fuzzy variables that have been selected to well represent the malicious behaviors of some public attacks in mobile ad hoc network. Furthermore, a through route security verification has been used for selecting the most secure route among each candidate path through source node to destination. Both of these verifications utilize FPN inherent features for their operation. For evaluation purpose, we used the metrics such as packet delivery ratio, end‐to‐end delay, average security level of the nodes, and percentage of true/false detector nodes. These metrics have been used for investigating the inner operation of FPN‐SAODV as determining the proper level of security threshold level in node‐to‐node security verification module. Also, these are used for comparison of FPN‐SAODV performance versus the original AODV. Copyright © 2015 John Wiley & Sons, Ltd.     

SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks

An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vector approaches, they have generally assumed a trusted environment. In this paper, we design and evaluate the Secure Efficient Ad hoc Distance vector routing protocol (SEAD), a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol. In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. SEAD performs well over the range of scenarios we tested, and is robust against multiple uncoordinated attackers creating incorrect routing state in any other node, even in spite of any active attackers or compromised nodes in the network.     

Analysis of area-congestion-based DDoS attacks in ad hoc networks

Increased instances of distributed denial of service (DDoS) attacks on the Internet have raised questions on whether and how ad hoc networks are vulnerable to such attacks. This paper studies the special properties of such attacks in ad hoc networks. We examine two types of area-congestion-based DDoS attacks – remote and local attacks – and present in-depth analysis on various factors and attack constraints that an attacker may use and face. We find that (1) there are two types of congestion – self congestion and cross congestion – that need to be carefully monitored; (2) the normal traffic itself causes significant packet loss in addition to the attack impacts in both remote and local attacks; (3) the number of flooding nodes has major impacts on remote attacks while, the load of normal traffic and the position of flooding nodes are critical to local attacks; and (4) given the same number of flooding nodes and attack loads, a remote DDoS attack can cause more damage to the network than a local DDoS attack.