Escolar Documentos
Profissional Documentos
Cultura Documentos
Abstract— Ad hoc routing protocols are good enough for nodes have the capability to tunnel the data traffic from one
routing but provide next to no protection from security threats. colluding party to the other in a single hop. This operation
The intrusion threat that we are considering in this paper is (tunneling) is accomplished by either using an out-of-band
known as a wormhole attack. In this attack, there are two signal, frame relay or encapsulation [1]. When a route is
colluding parties, which exist on either side of the network. By
being discovered between source and destination, these
displaying a shorter route between two distant nodes, they are
able to attract the network traffic towards them. The idea of nodes tunnel the request packets and then routed locally.
smaller hop count seems good but is a real security threat
when the wormhole creating nodes have malicious intents, as
they can monitor all the data in the network. The detection
that we wish to propose requires a modification in the AODV
protocol, in terms of allowing nodes to maintain a buffer of
duplicated RREQ. This helps to find the different routes
available, all originating from the same source. We have
devised two methodologies called Backtracking and Sharing
Buffer, to help in the Reverse Wormhole Detection (RWD).
Our proposed idea works best in the case where all nodes in
the network initially have an empty routing table, i.e. no node
poses a route to a specific node. Hence, during the time of route
discovery, we expect the Destination to receive at least one
RREQ. At each intermediate node of the route, we try to find
an alternate route to its 2 hop upstream neighbor. For Fig. 1. Wormhole attack (colluding parties – M1 and M2)
analyzing the distance, we define a leniency parameter which is
analyzed based upon the percentage detection and number of Owing to this capability, of the N number of routes
false positives on NS-2. obtained between the source and destination, the route
passing through the colluding parties will be the shortest;
Keywords- Wormhole, tunneling, AODV, MANET, pseudo- hence it would be the final chosen path. This method is used
sender, pseudo-destination, backtracking, leniency parameter, to attract the network traffic over many source and
sharing buffer. destinations. This type of intrusion can lead to two types of
attacks, namely – black hole and gray hole. In black hole
I. INTRODUCTION attack, all the data packets passing through the colluding
In the modern day scenario, wireless mobile ad-hoc nodes are discarded, hence severely affecting the data-rate.
network (MANET) devices, have observed a rise in Gray hole attack is the other kind, where selective data
popularity. Several standard protocols have been made for packets are dropped. In relation to Fig.1, we observe a
these networks [6,7,8,9]. Since in a wireless mode of source node S and destination node D. During the process of
communication, data packets are distributed over a route discovery, a number of routes are determined of which
transmission range, these protocols are based on relaying the shortest is S-1-2-3-4-D. The nodes M1 and M2 have
data packets from source to destination. The possibility of a acted as closed wormholes, and relayed the packets from 2
malicious node in the network that wishes to sniff the data to 3. Thus they will be a security threat to the network, by
packets have been looked over. In such networks intrusion monitoring each node that is in the network.
by a malicious third party is easy, as the signals travel in an
open medium and are available for interception.
In this paper, we address the problems of wormholes in
MANETs. Two malicious nodes exist on either side of the
network and are separated by a number of hops. These
values. This method is vulnerable to attack, as the attacker
can easily take the guise of the sender.
Khalil et al. suggest two wormhole detection and
response methods such as LiteWorp for static ad hoc
network and MobiWorp for mobile ad hoc network [12, 13].
They collect information about neighbors that exist in two
hops distance, and some nodes, which can overhear both the
Fig. 2. (a) Short wormhole (b) Long wormhole forwarder and the next node of it. Monitoring nodes check
whether both two packets transmitted by them are the same
We now define two types of wormholes [16]. Short
or not. The MobiWorp requires a CA to verify the truth of
wormhole (a) is the one, where only one malicious node is
node‟s location information. Moreover, in the MobiWorp,
taking part in the tunneling. On the other hand, a Long
each node should acquire an authentication message from
wormhole is the one in which two or more than two
the authority in order to transmit a message whenever it is
colluding nodes act as attackers.
mobile. Evans et al. [5], the concept of authentication has
The paper falls under the category of IDS. The method
been applied. Each node shares a secret key with every other
that we are proposing is a slight modification of the default
node. During the tme of route discovery, the direction from
AODV protocol, in which each node poses some memory to
which response is coming is matched, to ensure that an
store the superfluous RREQ.
attacker is not replying. Sun et al. [14], again the concept of
The rest of the paper has been organized as follows.
timing has been implemented. It says, each node after
Section 2 contains the related works linked to the chosen
sending teh RREQ, waits till it overhears the neighbor
topic (IDS), done in the past. Section 3 is the proposed idea,
broadcasting the RREQ. If not, this is a case os a closed
and Section 4 is the analysis using simulations. The paper
wormhole.
has been concluded in Section 5 and future work has been
Luis et al. [15], has proposed a wormhole preventing
outlined in the same.
method called WIM-DSR. It states that the network checks
whether the nodes involved in he source route are being
II. RELATED WORKS strongly witnessed. This is approach has been implemented
in DSR.
As we discussed in a wormhole attack, malicious nodes
should mislead other nodes in a network by abusing cost
effectiveness of routing protocols. Thus most researches that III. PROPOSED METHODOLOGY
have been done so far used temporal and geographical
measures to identify falsified information. A. Reverse Wormhole Detection
Some researches like Hu et al. [4] have applied the Our proposal is based on a particular default aspect of
concept of geographical and temporal leashes. For AODV protocol. The protocol says, during the path
geographical leashes, each node calculates the distance discovery each node broadcasts the source IP address and
between the neighbor and itself. This is accomplished by the broadcast ID to its neighbors. The neighbors check their
using accurate location information and loose time routing tables to find if they have a direct route to the
synchronization. The distance is calculated by noting the destination. During the propagation of RREQ, a reverse
„send‟ and „receive‟ timestamp, and the velocity. If the route entry is simultaneously set up. The use of this entry is
calculated distance is greater than the threshold, then we can to back track RREP to the source, once the destination has
say a wormhole exists. The use of temporal leashes is been reached. In the mean time if a node obtains any
implemented by the usage of highly synchronized time superfluous RREQ, having the same broadcast ID, the
clocks. The time taken to transit a data packet is calculated packet is silently discarded. This is where we propose a
and measured with a pr-defined value. If the time exceeds modification to AODV.
then a wormhole is said to exist. Besides discarding the RREQ, each node has to maintain
Song et al. [10], has given the concept of frequency them as records in their buffer. The significance of these
matching. It has been stated that the malicious nodes work RREQ comes from the fact that each request asks the
at a higher frequency than the good nodes. The proposal is processing node to make a reverse route entry signifying –
to identify those nodes which work at a different frequency. source node‟s IP address, number of hops to the source and
Chiu et al. [11], implements a delay analysis approach. the IP address of the node from where RREQ was received.
It calculates mean delay per hop of every possible route. To The modification is necessary to have multiple options of
do so, sender initiates a detection packet, and receiver routing paths, for the same RREQ generated by the source.
responds to every received detection packet. After collecting
all response, sender computes mean delay per hop of each Comment: Our proposed idea works best in the case where
route. After arranging the delays, the algorithm finds all nodes in the network have an empty routing table, and
whether there is a large difference between two adjacent i.e. no node poses a route to a specific node. Hence, during
the time of route discovery, we expect the Destination to
have received at least one RREQ.
Our algorithm starts from the destination, or the
node which had last received a RREQ for a path between
source S and destination D. It utilize the informative RREQ
and finds the number of hops to the 2 hop distant node
(P2S,D) on the route from source to destination (upstream).
This is done by replying to each RREQ with RREP, and
propagating it, till the required node is arrived at. If this
distance is greater than a pre-set leniency parameter (λ), we
can consider a wormhole to exist.