Single-Adversary Relaying Attack Defense Mechanism in Wireless Ad Hoc Networks

There have been many security protocols to provide authenticity and confidentiality in wireless ad hoc networks. However, they fail to defend networks against relaying attack in which attacker nodes simply broadcast received packets without compromising any legitimate nodes. Wormhole attack is a representative example of relaying attack, in which a pair of attacker nodes relay received packets to each other and selectively drop them. The wormhole attack is known to ruin routing and communication of a network considerably, however, is not very straightforward to be accomplished due to the pairwise nature. In this paper, we introduce two new types of relaying attack, called teleport and filtering attacks that require a single attacker node only for accomplishment. We describe their accomplishment conditions and impacts on the network performance in a formal manner. We then propose a countermeasure framework against these attacks called Single-Adversary Relaying Attack defense Mechanism (SARAM), which is composed of a bandwidth-efficient neighbor discovery customized for multi-hop environments and neighbor list management combined into an on-demand ad hoc routing protocol. SARAM does not require any special hardware such as location-aware equipments and tight synchronized clocks, thus is cost-efficient as well. We show via ns-2 simulation that the new relaying attacks deteriorate the network performance significantly and SARAM is effective and efficient in defending a network against these attacks.     

Wormhole Attack Detection System for IoT Network: A Hybrid Approach

Many errors in data communication cause security attacks in Internet of Things (IoT). Routing errors at network layer are prominent errors in IoT which degrade the quality of data communication. Many attacks like sinkhole attack, blackhole attack, selective forwarding attack and wormhole attack enter the network through the network layer of the IoT. This paper has an emphasis on the detection of a wormhole attack because it is one of the most uncompromising attacks at the network layer of IoT protocol stack. The wormhole attack is the most disruptive attack out of all the other attacks mentioned above. The wormhole attack inserts information on incorrect routes in the network; it also alters the network information by causing a failure of location-dependent protocols thus defeating the purpose of routing algorithms. This paper covers the design and implementation of an innovative intrusion detection system for the IoT that detects a wormhole attack and the attacker nodes. The presence of a wormhole attack is identified using location information of any node and its neighbor with the help of Received Signal Strength Indicator (RSSI) values and the hop-count. The proposed system is energy efficient hence it is beneficial for a resource-constrained environment of IoT. It also provides precise true-positive (TPR) and false-positive detection rate (FPR).

     

Wormhole attacks in wireless networks

As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a general mechanism, called packet leashes, for detecting and, thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. We also discuss topology-based wormhole detection, and show that it is impossible for these approaches to detect some wormhole topologies.     

Energy-efficient neighbor discovery protocol for mobile wireless sensor networks

Low energy consumption is a critical design requirement for most wireless sensor network (WSN) applications. Due to minimal transmission power levels, time-varying environmental factors and mobility of nodes, network neighborhood changes frequently. In these conditions, the most critical issue for energy is to minimize the transactions and time consumed for neighbor discovery operations. In this paper, we present an energy-efficient neighbor discovery protocol targeted at synchronized low duty-cycle medium access control (MAC) schemes such as IEEE 802.15.4 and S-MAC. The protocol effectively reduces the need for costly network scans by proactively distributing node schedule information in MAC protocol beacons and by using this information for establishing new communication links. Energy consumption is further reduced by optimizing the beacon transmission rate. The protocol is validated by performance analysis and experimental measurements with physical WSN prototypes. Experimental results show that the protocol can reduce node energy consumption up to 80% at 1–3 m/s node mobility.     

A ranging based scheme for detecting the wormhole attack in wireless sensor networks

Wireless sensor networks have been widely used in general and military scenarios. And this leads to a need for more security. Wireless sensor network are easy vulnerable to attack and compromise. Wormhole attack is a harmful against routing protocol which can drop data randomly or disturbing routing path. In this paper, we proposed a novel method to detect the wormhole attack based on statistical analysis. In the proposed method, a sensor can detect the fake neighbors which are caused by wormhole through the neighbor discovery process, and then a k-means clustering based method is used to detect wormhole attack according to the neighbor information. That is, by using this proposed method, we can detect the wormhole only by the neighbor information without any special requirement. We did some experiments to evaluate the performance of this method, and the experimental results show that our method can achieve satisfying results.     

SenLeash：一种无线传感器网络虫洞攻击约束防御机制

针对邻居发现或路由发现阶段可能受到虫洞攻击的问题,提出了一种约束防御机制SenLeash,通过限制消息传输的距离来防御虫洞攻击。SenLeash依赖2个因子：每个节点到初始基站的距离和一个精选的接收距离阈值。基于接收信号强度RSSI,提出了一种nRSSI测量方法,在网络初始化阶段用来测量每个节点到初始基站的距离。基于每个节点的接收概率和MAC层的最大重传次数,对接收距离阈值的选择方法进行了研究。实验结果表明,SenLeash可有效减少由虫洞攻击导致的虚假邻居节点个数和无效回复消息个数。     

Trust-aware secure routing protocol for wireless sensor networks

A trust-aware secure routing protocol (TSRP) for wireless sensor networks is proposed in this paper to defend against varieties of attacks. First, each node calculates the comprehensive trust values of its neighbors based on direct trust value, indirect trust value, volatilization factor, and residual energy to defend against black hole, selective forwarding, wormhole, hello flood, and sinkhole attacks. Second, any source node that needs to send data forwards a routing request packet to its neighbors in multi-path mode, and this continues until the sink at the end is reached. Finally, the sink finds the optimal path based on the path's comprehensive trust values, transmission distance, and hop count by analyzing the received packets. Simulation results show that TSRP has lower network latency, smaller packet loss rate, and lower average network energy consumption than ad hoc on-demand distance vector routing and trust based secure routing protocol.     

On providing wormhole‐attack‐resistant localization using conflicting sets

Wormhole attack is a severe attack that can be easily mounted on a wide range of wireless networks without compromising any cryptographic entity or network node. In the wormhole attack, an attacker sniffs packets at one point in the network and tunnels them through the wormhole link to another point. Such kind of attack can deteriorate the localization procedure in wireless sensor networks. In this paper, we first analyze the impacts of the wormhole attack on the localization procedure. Then, we propose a secure localization scheme against the wormhole attacks called SLAW including three phases: wormhole attack detection, neighboring locators differentiation, and secure localization. The main idea of the SLAW is to build a so‐called conflicting set for each locator based on the abnormalities during the message exchanges, which can be used to differentiate the dubious locators to achieve secure localization. We first consider the simplified system model in which there is no packet loss and all the nodes have the same transmission range. We further consider the general system model where the packet loss exists and different types of nodes have different transmission radii. We conduct the simulations to illustrate the effectiveness of the proposed secure localization scheme and compare it with the existing schemes under different network parameters. Copyright © 2014 John Wiley & Sons, Ltd.     

Agent‐based secure routing for underwater acoustic sensor networks

The underwater networks have severe security implications and are vulnerable to various types of attacks such as selective forwarding, wormhole, and sinkhole. Neighbor discovery, a fundamental requirement for routing is vulnerable to wormhole attack, which enables false neighbor acceptance, thereby degrading the routing performance. The proposed agent‐based secured routing scheme enhances the quality of service by discovering the wormhole resilient secure neighbors and route the information through the secure path. This scheme uses 4 agencies, namely, security, routing, underwater gateway, and vehicle, which are embedded with static and mobile agents. (1) Agents in security agency of a node discover secured neighbors by using the direction of arrival estimation and authentication, (2) agents in routing agency of a node establish secured routes from source to surface gateway, (3) agents in Underwater Gateway Agency communicate with Autonomous Underwater Vehicles (AUVs) and underwater nodes for key distribution, and (4) vehicle traversing agency in AUV coordinates with Underwater Gateway Agency for changing AUVs traversal to cover the isolated network area. The proposed scheme depicts the improved performance compared to basic neighbor discovery and channel aware routing protocol in terms of failure detection, energy consumption, and overheads.     

Access control in wireless sensor networks

Nodes in a sensor network may be lost due to power exhaustion or malicious attacks. To extend the lifetime of the sensor network, new node deployment is necessary. In military scenarios, adversaries may directly deploy malicious nodes or manipulate existing nodes to introduce malicious “new” nodes through many kinds of attacks. To prevent malicious nodes from joining the sensor network, access control is required in the design of sensor network protocols. In this paper, we propose an access control protocol based on Elliptic Curve Cryptography (ECC) for sensor networks. Our access control protocol accomplishes node authentication and key establishment for new nodes. Different from conventional authentication methods based on the node identity, our access control protocol includes both the node identity and the node bootstrapping time into the authentication procedure. Hence our access control protocol cannot only identify the identity of each node but also differentiate between old nodes and new nodes. In addition, each new node can establish shared keys with its neighbors during the node authentication procedure. Compared with conventional sensor network security solutions, our access control protocol can defend against most well-recognized attacks in sensor networks, and achieve better computation and communication performance due to the more efficient algorithms based on ECC than those based on RSA.     

MobiWorp: Mitigation of the wormhole attack in mobile multihop wireless networks

In multihop wireless systems, the need for cooperation among nodes to relay each other’s packets exposes them to a wide range of security attacks. A particularly devastating attack is the wormhole attack, where a malicious node records control traffic at one location and tunnels it to a colluding node, possibly far away, which replays it locally. This can have an adverse effect on route establishment by preventing nodes from discovering legitimate routes that are more than two hops away. Previous works on tolerating wormhole attacks have focused only on detection and used specialized hardware, such as directional antennas or extremely accurate clocks. More recent work has addressed the problem of locally isolating the malicious nodes. However, all of this work has been done in the context of static networks due to the difficulty of secure neighbor discovery with mobile nodes. The existing work on secure neighbor discovery has limitations in accuracy, resource requirements, and applicability to ad hoc and sensor networks. In this paper, we present a countermeasure for the wormhole attack, called MobiWorp, which alleviates these drawbacks and efficiently mitigates the wormhole attack in mobile networks. MobiWorp uses a secure central authority (CA) for global tracking of node positions. Local monitoring is used to detect and isolate malicious nodes locally. Additionally, when sufficient suspicion builds up at the CA, it enforces a global isolation of the malicious node from the whole network. The effect of MobiWorp on the data traffic and the fidelity of detection is brought out through extensive simulation using ns-2. The results show that as time progresses, the data packet drop ratio goes to zero with MobiWorp due the capability of MobiWorp to detect, diagnose and isolate malicious nodes. With an appropriate choice of design parameters, MobiWorp is shown to completely eliminate framing of a legitimate node by malicious nodes, at the cost of a slight increase in the drop ratio. The results also show that increasing mobility of the nodes degrades the performance of MobiWorp.     

移动Ad hoc网络按需路由协议中的虫洞问题研究

由于移动Ad hoc网络具有动态变化的特性以及自组织和多跳性的特点,更容易遭受多种恶意攻击。其中虫洞攻击就是最严重的一种攻击。本文详细剖析了虫洞问题,在总结已有解决方案的基础上提出了一种简洁的解决方案。此方案利用路由发现过程中中间结点计算的MAC值以及邻居维护机制提供的认证信息一起能够很好的抵抗虫洞攻击,提高了路由协议的安全性。     

Simulation Based Comparative Study of Routing Protocols Under Wormhole Attack in Manet

A Mobile Ad hoc network (manet) has emerged as an autonomous, multi-hop, wireless and temporary type of network which works within the constraints like bandwidth, power and energy. Manet can be observed as an open type of network where nodes become a part of any network at any time that’s why it is susceptible to different types of attacks. Wormhole attack is most threatening security attack in ad hoc network where an attacker node receives packet at one location and replay them at other location which is remotely located far. In this paper, we study and compare the performance of AODV, DSR and ZRP under the impact of multiple wormhole attacker nodes. Diverse scenarios are characterized as like average of 50 runs and mobility. By statistical placement of multiple wormhole nodes across the network, we evaluate the performance in terms of throughput, packet delivery ratio, packet loss, average end to end delay and jitter. Finally based on the simulation we investigated the most affected routing protocol in terms of network metrics.     

Distributed detection of replica node attacks with group deployment knowledge in wireless sensor networks

Several protocols have been proposed to mitigate the threat against wireless sensor networks due to an attacker finding vulnerable nodes, compromising them, and using these nodes to eavesdrop or undermine the operation of the network. A more dangerous threat that has received less attention, however, is that of replica node attacks, in which the attacker compromises a node, extracts its keying materials, and produces a large number of replicas to be spread throughout the network. Such attack enables the attacker to leverage the compromise of a single node to create widespread effects on the network. To defend against these attacks, we propose distributed detection schemes to identify and revoke replicas. Our schemes are based on the assumption that nodes are deployed in groups, which is realistic for many deployment scenarios. By taking advantage of group deployment knowledge, the proposed schemes perform replica detection in a distributed, efficient, and secure manner. Through analysis and simulation experiments, we show that our schemes achieve effective and robust replica detection capability with substantially lower communication, computational, and storage overheads than prior work in the literature.     

Practical and secure localization and key distribution for wireless sensor networks

In many applications of wireless sensor networks, sensor nodes are manually deployed in hostile environments where an attacker can disrupt the localization service and tamper with legitimate in-network communication. In this article, we introduce Secure Walking GPS, a practical and cost effective secure localization and key distribution solution for real, manual deployments of WSNs. Using the location information provided by the GPS and inertial guidance modules on a special master node, Secure Walking GPS achieves accurate node localization and location-based key distribution at the same time. We evaluate our localization solution in real deployments of MicaZ. Our experiments show that 100% of the deployed nodes localize (i.e., have a location position) and that the average localization errors are within 1–2 m, due mainly to the limitations of the existing commercial GPS devices. Our further analysis and simulation results indicate that the Secure Walking GPS scheme makes a deployed WSN resistant to the Dolev-Yao, the wormhole, and the GPS-denial attacks, the scheme is practical for large-scale deployments with resource-constrained sensor nodes and has good localization and key distribution performance.     

Detection of Wormhole Attack and Secure Path Selection in Wireless Sensor Network

In Wireless Sensor Network (WSN), securable data transmission is one of the most challenges. During the transmission between the source and a destination node, routing information of the particular path may be misbehaved by the particular nodes which are known as wormhole nodes/attackers. The paths which include the wormhole nodes are known as wormhole attacked paths. For improving security in WSN, these wormhole attacked paths should be identified. To achieve this, wormhole attack detection method and optimal or secure path selection are presented in this paper. Initially, ‘K’ paths or multiple paths are generated between source and destination using Ad-hoc On demand Multipath Distance Vector (AOMDV) routing protocol. Then, the source node identifies the wormhole attacked path by verifying the Detection Packet (DP) and Feedback Packet (FP) from the destination. After detecting the wormhole attacked paths, the source node selects the optimal path among the attacker free paths using Particle Swarm Optimization (PSO) algorithm. Simulation results show that the performance of the proposed approach improves energy efficiency and network lifetime of the network.

     

移动Ad Hoc网络安全按需路由协议

Ad Hoc网络的安全性问题越来越引起人们的关注,如何确保Ad Hoc网络路由协议的安全成为Ad Hoc研究的一项关键技术。提出一种适用于移动Ad Hoc网络的安全按需源路由协议,利用移动节点之间的会话密钥和基于散列函数的消息鉴别码HMAC一起来验证路由发现和路由应答的有效性。提出的邻居节点维护机制通过把MAC地址和每个节点的ID绑定来防御各种复杂的攻击如虫洞攻击。NS-2仿真表明该协议能有效地探测和阻止针对Ad Hoc网络的大部分攻击。     

Intelligent Internal Stealthy Attack and its Countermeasure for Multicast Routing Protocol in MANET

Multicast communication of mobile ad hoc networks is vulnerable to internal attacks due to its routing structure and high scalability of its participants. Though existing intrusion detection systems (IDSs) act smartly to defend against attack strategies, adversaries also accordingly update their attacking plans intelligently so as to intervene in successful defending schemes. In our work, we present a novel indirect internal stealthy attack on a tree‐based multicast routing protocol. Such an indirect stealthy attack intelligently makes neighbor nodes drop their routing‐layer unicast control packets instead of processing or forwarding them. The adversary targets the collision avoidance mechanism of the Medium Access Control (MAC) protocol to indirectly affect the routing layer process. Simulation results show the success of this attacking strategy over the existing “stealthy attack in wireless ad hoc networks: detection and countermeasure (SADEC)” detection system. We design a cross‐layer automata‐based stealthy attack on multicast routing protocols (SAMRP) attacker detection system to identify and isolate the proposed attacker. NS‐2 simulation and analytical results show the efficient performance, against an indirect internal stealthy attack, of SAMRP over the existing SADEC and BLM attacker detection systems.     

A Novel Robust Routing Scheme Against Rushing Attacks in Wireless Ad Hoc Networks

Standard on-demand routing protocols in wireless ad hoc networks were not originally designed to deal with security threats. Because of that, malicious users have been finding ways to attack networks. Rushing attacks represent one of such possibilities. In these attacks, malicious nodes forward the Route Request (RREQ) packets, asking for a route, to the destination node quicker than the legitimate nodes do. This is possible because the legitimate nodes only forward the first received RREQ packet for a given route discovery. Besides, the attackers can tamper with either the Medium Access Control or routing protocols to get faster processing. As a result, the path through the malicious nodes is chosen, which renders throughput degradation. We propose here a novel, robust routing scheme to defend ad hoc networks against rushing attacks. Our scheme utilizes the “neighbor map mechanism” to establish robust paths as far as rushing attacks are concerned. The proposed scheme also improves path recovery delay by using, whenever it is possible, route maintenance rather than route discovery. Yet, it is energy efficient. The simulation results show that our proposal is indeed viable.     

Direct trust-based security scheme for RREQ flooding attack in mobile ad hoc networks

The routing algorithms in MANETs exhibit distributed and cooperative behaviour which makes them easy target for denial of service (DoS) attacks. RREQ flooding attack is a flooding-type DoS attack in context to Ad hoc On Demand Distance Vector (AODV) routing protocol, where the attacker broadcasts massive amount of bogus Route Request (RREQ) packets to set up the route with the non-existent or existent destination in the network. This paper presents direct trust-based security scheme to detect and mitigate the impact of RREQ flooding attack on the network, in which, every node evaluates the trust degree value of its neighbours through analysing the frequency of RREQ packets originated by them over a short period of time. Taking the node’s trust degree value as the input, the proposed scheme is smoothly extended for suppressing the surplus RREQ and bogus RREQ flooding packets at one-hop neighbours during the route discovery process. This scheme distinguishes itself from existing techniques by not directly blocking the service of a normal node due to increased amount of RREQ packets in some unusual conditions. The results obtained throughout the simulation experiments clearly show the feasibility and effectiveness of the proposed defensive scheme.