Wormhole Attack Detection in Mobile Adhoc Networks

International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org

Volume 5, Issue 10, October 2016
ISSN 2319 - 4847
Wormhole Attack Detection in Mobile Adhoc

Networks
1
Nisha Devi, 2Suman Deswal
DCRUST, Murthal , Sonepat , India Dept.of Computer Sci.& Engg.

M.tech Student
2
Assistant Professor Dept. of Computer Sci. & Engg

DCRUST, Murthal, Sonepat , India
ABSTRACT
Due to the nature of wireless transmission medium, Mobile Ad-Hoc Networks (MANET) have more number of security issues
compared to wired networks. Among all the security issues, wormhole attack is observed to be a very serious security threat
over MANET and it is type of a network layer attack. In this attack, two selfish nodes which are geographically very far away
from each other form a tunnel between each other to hide their actual location in the network and try to believe that they are
true neighbors in the network and therefore make communication through the wormhole tunnel. Consequently, the two selfish
nodes will completely interrupt the communication channel.
The aim of this research work is to develop a new model for wormhole detection is developed which is based on localization
technique with polynomial encryption technique. The AODV protocol is used to analyze the performance of proposed method to
detect wormhole attacks. It is compared with the existing technique on the basis of number of dead nodes, alive nodes and
throughput. The proposed model achieves better results as compared to the existing technique.
Keywords: Mobile ad-hoc network, localization, wormhole attack.

1. INTRODUCTION
With development of new technologies in the field of wireless communication network, especially in wireless ad-hoc
networks, mobile ad-hoc networks (MANET) have become a powerful research area nowadays. MANET is widely used
in many areas like as militarily monitoring, heath care, conference room, disaster relief, battle field communication and
it is also useful where infrastructure of a network deployment is either difficult or costly [1].
Usually, MANET's are a new paradigm of wireless communication for mobile nodes [2]. The use of wireless medium
and collaborative nature of the network protocols make such network vulnerable to various types of attacks [3]. In most
wireless networks, an attacker can easily send fake packets or impersonating another sender. An attacker can also
simply eavesdrop on communication channel, record packets, and replay the packets that potentially changed. Due to
the wireless communications in MANETs and among the various attacks in wireless networks, a wormhole is one of
serious and specific attacks, that attacker does not require to exploit nodes in the network, and it can be done via the
route foundation method [4].
Many existing protocols attempt to solve the problem of discovering a nodes location within its environment. With
regard to the procedure used for estimating location, it is divided into two classifications: range-based and range-free.
Range-free localization solutions are being pursued as a cost-effective alternative to more expensive range-based
approaches.
Node mobility in ad-hoc networks are changing frequently causing changes of the network topology [5] [6].
MANET has various challenges, that includes
a) Limited Bandwidth: The bandwidth for wireless networks is generally low than that of wired networks in mobile
ad-hoc. Due to this throughput of a network is also decrease.
b) Dynamic topology: Nodes are free to move arbitrarily in any direction due to this topology of the network also
changes continuously.
c) Energy constrained operation: Nodes are portable devices in the network and which are dependents on batteries.
Page 34

ISSN 2319 - 4847
Fig.1 types of routing protocol [8]

d) Security: Number of possible attack in wireless is more in the comparison of wired network. So more security
required in wireless network as compare to wired network.
e) Quality of Service (QoS): It is difficult to provide constant QoS for distinct multimedia services in often changing
environment [7].
Types of routing protocolFig. 1 shows the categorization routing protocols.
Various types of routing protocol are [8] [9]
a) Proactive Routing Protocols: This protocol is also known as table driven routing protocols. In this routing
protocol every node maintaining a routing table of each node which contains detail about the network topology
even without requiring it. Example: DSDV [10], OLSR [11] etc.
b) Reactive Routing Protocols: This protocol is also known as on demand routing protocol. In this routing protocol
route is discovered however it is necessary. Example DSR [12], AODV [13].
c) Hybrid Routing Protocol: While most of the time protocols suggested for MANET are either proactive or reactive
protocols. This is a combination of both proactive and reactive protocols ZRP [15].
Types of attack
A large number of potential attacks exist against MANET routing. These attacks contain link spoofing, man-in-themiddle attack, identity spoofing, replay attack, routing table overflow attack, wormhole attack, Sybil attack, black-hole
attack, etc. [16]. The main purpose of these types of attacks is to interrupt routing decisions, and to undermine of the
communications in order to obtain sensitive information. In fact, MANET's attacks can be divided into two major types,
passive attack and active attack.
Passive attack
Passive attack is eavesdropping of interchange data done by the attacker without any changing in the data. Thus, this
attack does not interrupt the functions of the network. So, this attack changes the confidentiality and examines the data
that collect by eavesdropping.
Active attack
In this attack the attacker attempts to change the data that have exchanged in the network. Hence, this disturbs the
operation of network. Active attacks can be divided into two categories as in [17]: In-band and Out-of-band. In-band
attacks are most powerful attack
Various active attacks are
Black hole Attack
In this attack, a malicious node sends fake routing information of nodes, claiming that it has a best route and causes
other nodes to transfer data packets through the malicious node. A malicious node drops all packets that it receives
instead of forwarding those packets. An attacker listen the requests in a flooding based protocol.
Wormhole Attack
In a wormhole attack, an attacker receives packets at one node in the network, tunnels them to another node in the
network, and then replays them into the network. Routing can be damage when routing control message are tunneled.
This tunnel between two attacker nodes is known as a wormhole. Wormholes nodes are hard to detect because the path
Page 35

ISSN 2319 - 4847
that is used to pass on information or data is usually not part of the actual network. Wormholes are dangerous because
they can do harm without even knowing the network.
Rushing attack
Two attacker nodes use the tunnel strategy to form a wormhole. If a fast transmission path lives between the two ends
of the wormhole, the tunneled packets can travel faster than those through a normal multi-hop route.
Sinkhole
In this attack, a compromised node tries to attract the data towards itself from all neighboring nodes. So, basically, the
node eavesdrops on all the data packets that are being communicated between its neighboring nodes.
Flooding
Malicious nodes can also introduce false packets into the network, or create trace packets which loop around due to
false routing information table, effectively using up the bandwidth and processing resources along the way during
transmission. This has basically major effects on ad hoc networks, since the nodes of these usually possess only less
number of resources in terms of battery and power.
In our present model, a major contribution is made to the wormhole problem in MANETs; a new model is suggest to
tackle wormhole attack based on range-free strategy and a simulation is conducted to validate the effectiveness of
proposed model.
2. RELATED WORK
Stoleru et al. [18] localization technique is used for detection of wormhole attack in MANET. A mobile secure
neighbor discovery (MSND) which permits neighbors to confirm that they are speaking directly with each other is
presented. A wormhole can be detected due to the fact that the path traveled by a ranging signal differs from expected
values when a wormhole is present.
Y. Hu et al. [19] presented that packet leaches, rely on the geographic location, distance between nodes is measured
and is used for detecting wormhole attack. Geographic and temporal leashes are presented where Global Positioning
system (GPS) and in coordinates of strict clock synchronization all nodes are required. This requirement may not be
handled by all mobile devices in the network and so it is not a practical solution.
L. Hu et al. [20] proposed for Secure Tracking of Node Encounters in Multi-Hop Wireless Networks. It uses Mutual
Authentication with Distance-bounding (MAD) protocol with directional antenna and hardware that ensures fast
sending of one-bit challenge messages without CPU involvement is used. Handling of specialized hardware like
directional antenna may be too complex structure to be executed for hand held devices in the network.
Phuong Van Tran et al. [21] said that Transmission time based mechanism (TTM) used to detect wormhole
attack.TTM detects wormhole attacks during route setup method by computing transmission time between every two
successive nodes along the established path. Wormhole is recognize base on the factor that transmission time between
two fake neighbors generated by wormhole is generally higher than that between two real neighbors which are within
radio range of each other.
H. Vu et al. [22] WORMEROS is the framework for protecting against wormhole attack which contains two phase:
one is suspicious and another one is conformation. The first phase concern inexpensive techniques and use local
information that is obtainable during the normal operation. Advance techniques in the second phase are changed only
when wormhole attack is suspected. If there is no existence of malicious node in the network after executing suspicious
phase technique then there is no necessity to waste consumption and communication resources by applying
conformation technique for detection.
Lui K.S et al. [23] proposed that The Delay per Hop Indicator (DelPHI) can detect both hidden and exposed wormhole
attacks. In DelPHI, attempts are made to find every accessible disjoint route between a sender and a receiver. Then, the
delay time and length of every route are determined and the average delay time per hop along each route is also
calculated. These values are used to identify wormhole.
Qian et al. [24] Proposed scheme (SAM) for detecting and locating wormhole attacks is that no security architecture,
systems is used. Statistical analysis is the tool to detect routing anomaly as far as sufficient detail of routes from multipath routing is available.
I. Khalil et al. [25] Liteworp also provides a protection mechanism against wormhole attack; it uses local monitoring
of traffic and secure two hop neighbor discovery by using guard node for wormhole detection.
Page 36

ISSN 2319 - 4847
3. PROPOSED ALGORITHM
A general overview of the proposed model is described in Fig 2. The model consists of four main steps:
1. Localization Process.
2. Route Establishment.
3. Message authentication approach
4. Wormhole Detection.
Localization Process
Localization is the process of determining the physical coordinates of a sensor node or the spatial relationships among
objects. The Localization process
a. Generate random nodes.
b. Choose anchor nodes randomly.
c. Localize all nodes.
d. Allot a trust value for all of anchors neighbors.
Route Establishment
Route establishment consists of following steps:
1): Source nodes send RREQ to all its neighbors.
2): Intermediate nodes forward RREQ until match destination address otherwise repeat until destination not found.
3): Destination node uni-cast RREP.
4): RREP Contains: hop_count, Neighbor_list(Dest) "Destination's neighbor node list".
5): For examine wormhole detection go to STEP 4.
6): Route from source to destination established.
7): Source node stores Neighbor list(Dest) and hop_count.
Message Authentication Approach
The Message Authentication approach follows the following procedure:
a. Adopt polynomials for message authentication.
b. Messages are authenticated and verified via evaluating polynomials.
c. Independent and random factors are involved to perturb polynomial shares that are preloaded to individual nodes.
Fig 2: Proposed Model for Wormhole Detection
Page 37

ISSN 2319 - 4847
Wormhole Detection
Wormhole Detection is performed as follows:
a. Check whether Node location within anchor communication Range.
b. If yes, wormhole may exist.
c. Check Neighbour_list(Dest), check message authentication.
d. If yes, wormhole exists.
e. Send Announce to all nodes.
f. Any node has wormhole id within Routing_Table, it removes it.
g. Re-initiate route establishment process in STEP 2, to find new route to destination node.
4. RESULTS AND DISCUSSION

The simulation has been performed using MATLAB. MATLAB is a high-performance language for technical
computing. It integrates computation, visualization, and programming environment. Furthermore, MATLAB is a
modern programming language environment: it has sophisticated data structures, contains built-in editing and
debugging tools, and supports object-oriented programming.
Simulation Parameters
In simulations it is assumed that physical layer has a fixed communication range pattern, i.e. two nodes can directly
communicate with each other successfully only if they are in each other communication range. Ten nodes are randomly
deployed within an area of 10 x 15 meters as shown in Fig. 3. A fraction of these nodes was randomly selected to
wormhole misbehave. Simulations are implemented with one sink node and one intruder node. In this sink node is
represented by red color and intruder node is represented by black color. These are randomly placed in this area. This
assumption ensures that our results are representative of a long multi-hop path from source to destination; also, it
permits potential failures at various distances from the source. Each experiment was repeated for 100 random network
topologies. A brief summary of the basic simulation parameters shows nodes distribution as listed in Table 4.1.
Fig 3: Node distribution

Table 4.1: Simulation Environment
Parameter
Value
Simulation Area
10x 15 (m)
Number of nodes
10
Number of wormhole nodes
Communication Range
250 m
Routing Protocol
Modified
AODV
Node Speed
10 m/s
Page 38

ISSN 2319 - 4847
Analysis
The analysis is done by combining and comparing the results of wormhole attack in AODV protocol with and without
using polynomial encryption technique.
Fig. 4 shows the number of dead node in AODV protocol with and without using polynomial encryption technique. The
number of dead nodes increases as rounds increases and at the end almost all the nodes become dead nodes. But using
polynomial technique fewer nodes are dead in comparison to without using polynomial technique with the respect of
round. This is because when the wormhole attack occurs, the nodes lose their energy in communication and thus they
become dead nodes.
Fig. 4: Number of Dead Nodes

The combining graph shown by fig.5 is opposite of the graph for dead node. In dead node graph, initially number of
dead nodes was less but here the number of alive nodes is more. But as the round increases, number of alive nodes
decreases and at the end no node remains alive. Hence, it can be concluded that when the wormhole attack takes place
then the number of alive node decreases. But using polynomial technique more nodes are alive in comparison of
without using polynomial technique with the respect of round.
Fig.5: Number of Alive Nodes

The fig.6 shows energy comparison of nodes with and without using polynomial technique. Initially, nodes have high
energy but as the number of rounds increases energy decreases. At the end, almost all nodes energy becomes zero
because of wormhole attack. And there remains no communication between nodes due to low energy of a node.
Page 39

ISSN 2319 - 4847
Fig.6: Analysis of Energy of a Node

After 2000 rounds all nodes have lost their energy as shown by fig. 6. But using polynomial technique nodes energy
remains for longer time as comparison to without using polynomial technique.
Fig. 7 shows the overall throughput that is measured by considering all factors such as numbers of the alive nodes,
numbers of dead nodes, energy, etc. It basically represents the loss of packets with time including all factors.
Throughput and overall throughput is also improved by using polynomial technique as shown in the Fig..
Fig.7 Overall Throughput
5. Conclusion
The nature of wireless ad hoc and sensor networks make them very attractive to attackers. One of the most popular and
serious attacks in wireless ad hoc networks is wormhole attack. This paper proposed a new model for wormhole
detection based on localization technique and polynomial encryption. The AODV protocol is used to analyze the
performance of proposed method to detect wormhole attacks. It is compared with the existing technique on the basis of
number of dead nodes, alive nodes and throughput. The proposed model achieves better results as compared to the
existing technique.
Future Scope
The work can be improved in future under following aspects:
The proposed method is defined specifically for polynomial technique used for authentication purpose. In future
some other authentication technique can be used.
The presented work is defined by using AODV protocol in future some other protocol can be used.
Page 40

ISSN 2319 - 4847
REFERENCES
[1]. L. Zhou and Z. J. Haas, Securing ad hoc networks, IEEE Netw., vol. 13, no. 6, pp. 24 30, 1999.
[2]. E. Royer and C. Toh, A review of current routing protocols for ad hoc mobile wireless networks, Pers. Commun.
IEEE, no. April, pp. 4655, 1999.
[3]. S. Yi, P. Naldurg, and R. Kravets, Security-aware ad hoc routing for wireless networks, Symp. Mob. ad hoc
Netw. , 2001.
[4]. V. Krpijoki, Security in ad hoc networks, Semin. Netw. Secur., pp. 116, 2000.
[5]. Y. Hu, A. Perrig, and D. Johnson, Packet leashes: a defense against wormhole attacks in wireless networks,
INFOCOM 2003. Twenty- , vol. 00, no. C, 2003.
[6]. Y. Zhang, W. Liu, W. Lou, and Y. Fang, Mask: Anonymous ondemand routing in mobile ad hoc networks,
Wirel. Commun. , vol. 5, no. 9, pp. 23762385, 2006.
[7]. Devi, Nisha, and Suman Deswal. "A REVIEW: WORMHOLE ATTACK DETECTION IN MANET."
[8]. Singh, Kamini, Gyan Singh, and Arpit Agrawal. "A Trust based Approach for Detecting and Preventing
Wormhole Attack in MANET." International Journal of Computer Applications 94.20 (2014).
[9]. K. El Defrawy and G. Tsudik, ALARM: anonymous location-aided routing in suspicious MANETs, Mob.
Comput. IEEE Trans. , pp. 1 14, 2011.
[10]. G. He, Destination-sequenced distance vector (DSDV) protocol, Netw. Lab. Helsinki Univ. , 2002.
[11]. P. Jacquet, P. Muhlethaler, T. Clausen, A. Laouiti, A. Qayyum, and L. Viennot, Optimized link state routing
protocol for ad hoc networks, IEEE INMIC 2001 IEEE Int. MULTI Top. Conf. 2001, Proc. Technol. 21ST
CENTURY, vol. 1, pp. 6268, 2001.
[12]. D. Johnson and D. Maltz, Dynamic source routing in ad hoc wireless networks, Mob. Comput., 1996.
[13]. C. Perkins and E. Royer, Ad-hoc on-demand distance vector routing, WMCSA99. Second IEEE Work.,
1999.
[14]. Kumar Pankaj, and Suman Deswal. "Performance Comparison of Standardized Ad-Hoc Routing Protocols
AODV, DSDV and DSR Using NCTUns Simulator." International Journal of Advanced Research in Computer
Science 2.4 (2011).
[15]. Beijar, Nicklas. "Zone routing protocol (ZRP)." Networking Laboratory, Helsinki University of Technology,
Finland (2002): 1-12.
[16]. H. Deng, W. Li, and D. Agrawal, Routing security in wireless ad hoc networks,
Commun. Mag. IEEE, no. October, pp. 7075, 2002.
[17]. R. Siwach and V. Kaul, A Study of Manet and Wormhole Attack in Mobile Adhoc
Network, J. Comput. Sci. Mob. Comput. , vol. 2, no. June, pp. 413420, 2013.
[18]. D. Johnson and D. Maltz, Dynamic source routing in ad hoc wireless networks, Mob. Comput., 1996.
[19]. R. Sivakumar, P. Sinha, and V. Bharghavan, CEDAR: A core-extraction distributed ad-hoc routing algorithm,
IEEE J. Sel. Areas Commun., vol. 17, no. 8, pp. 14541465, 1999.
[20]. N. Beijar, Zone Routing Protocol ( ZRP ), Networking Laboratory, Helsinki University of Technology, Finland,
pp. 112, 2002.
[21]. Kumar, Rakesh, et al. "Modified route-maintenance in AODV Routing protocol using static nodes in realistic
mobility model." (2011).
[22]. P. Suman and A. Suman, An Enhanced TCP Corruption Control Mechanism For
Wireless Network, HCTL Open Int. J. Technol. , vol. 1, no. January, pp. 2740, 2013.
[23]. B. Wu, J. Chen, J. Wu, and M. Cardei, A Survey on Attacks and Countermeasures in Mobile Ad Hoc Networks,
Wirel. Netw. Secur., pp. 103135, 2007.
[24]. H. Deng, W. Li, and D. Agrawal, Routing security in wireless ad hoc networks,
Commun. Mag. IEEE, no. October, pp. 7075, 2002.
[25]. Dwivedi, Shivangi, and Priyanka Tripathi. "An Efficient Approach for Detection of Wormhole Attack in Mobile
Ad-hoc Network." International Journal of Computer Applications 104.7 (2014).
Page 41

Wormhole Attack Detection in Mobile Adhoc Networks

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Wormhole Attack Detection in Mobile Adhoc Networks

Enviado por

Direitos autorais:

Formatos disponíveis

International Journal of Application or Innovation in Engineering & Management (IJAIEM)

Web Site: www.ijaiem.org Email: editor@ijaiem.org

ISSN 2319 - 4847