9-IJAEST-Volume-No-2-Issue-No-2-Approaches-towards-Mitigating-Wormhole-Attack-in-Wireless-Ad-hoc-Net by ISERP ISERP

Ms. N.S.Raote* et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 171 - 174

Approaches towards Mitigating Wormhole Attack in Wireless Ad-hoc Network

examples of control traffic are routing, monitoring liveness of a node, topology discovery, and distributed location determination. A particularly severe control attack on the routing functionality of wireless networks, called the wormhole attack [1][2][3], has been introduced in the context of ad hoc networks. During the attack, a malicious node captures packets from one location in the network, and ―t unnels‖ them to another malicious node at a distant point, which replays them locally. The tunnel can be established through a single long range wireless link or even through a wired link between the two colluding attackers [13]-[14]. Due to the broadcast nature of the radio channel, the attacker can create a wormhole even for packets not addressed to itself. This tunnel makes the tunneled packet arrive either earlier or with number of hops lesser compared to the packets transmitted over normal multihop routes. This creates the illusion that the two end points of the tunnel are very close to each other. A wormhole tunnel can actually be useful if used for forwarding all the packets, it puts the attacker in powerful position compared to other nodes in the network, which the attacker could use in a manner that could compromise the security of the network. However, in its malicious incarnation, it can be used by the two malicious end points of the tunnel to pass routing traffic to attract routes through them. The malicious end points can then launch a variety of attacks against the data traffic. Ad-hoc network are more prone to the security attack as compared to wired network or infra structure based wireless network because of distributive nature. These networks are vulnerable to the wormhole attack launched through the compromised nodes (node that perform internal attacks). In wormhole attack the two remote regions are directly connected through nodes (malicious) that appear to be neighbor but are actually distant from one another. Such wormhole attack results in the false route. If the source node chooses this fake route, malicious nodes have the option of delivering the packet or dropping them. So the wormhole attack is one of the most severe threats to ad-hoc networks, as it can do harm to both sender and receiver. In general, adhoc routing protocols fall into two categories: proactive routing protocols that rely on periodic transmission of routing updates, and on demand routing protocols that search for routes only when necessary. A wormhole attack is equally dangerous for both proactive and on-demand protocols. In this paper, we explain the attack modes and point to the impact of this attack and its threats. From an attacker‘s perspective, we analyze each of the attack‘s modes‘ benefits and suitable conditions and think how to improve the

Abstract- A wireless ad-hoc network is a temporarily set network by wireless mobile computers (or nodes) moving arbitrary in the place that have no fixed network infrastructure. The need for cooperation among nodes to relay each other’s packets in the adhoc network exposes them to a wide range of security attacks. Adhoc wireless network is unprotected to the attacks of malicious nodes ,out of all the attack cause by the malicious nodes, the most devastating attack is known as the wormhole attack, in which two or more malicious colluding nodes create a higher level virtual tunnel in the network, which transport packets at one location in the network Where the adversary records transmitted packets at one location, and retransmit them into the network .Even if all communication provides authenticity and confidentiality, the wormhole attack is possible. This paper provides a survey on wormhole attack and its counter measures in ad-hoc wireless network.

Mr.K.N.Hande

Assistant Professor Department of Computer Science & Engineering G.H.Raisoni College of Engineering, Nagpur, India kapilhande@gmail.com

Ms. N.S.Raote

M.E. IV Semester [Wireless Communication & Computing] Department of Computer Science & Engineering G.H.Raisoni College of Engineering, Nagpur, India n.raote@yahoo.com

Keywords: Ad Hoc Networks, comprised nodes attacks, Wormhole attack. 1. INTRODUCTION

IJ A

A network is ad-hoc because it does not rely on a preexisting infrastructure such as routers in wired networks or access points in managed (infrastructure) wireless network. An ad-hoc network is self-organizing and adaptive networks formed on-the-fly, devices can leave and join the network during its lifetime. This network has the features of shared broadcast radio channel, insecure operating environment, absence of infrastructure, lack of central authority, lack of association, limited resource availability dynamically changing network topology, resource constrains and lack of clear line of defense, make them vulnerable to a wide range of security attacks. Attacks on the adhoc network can be classified into two broad categories, namely, passive and active attack. A passive attack does not disrupt the operation of the network; the adversary snoops the data exchanged in the network without altering it whereas the active attack attempts to alter or destroy the data being exchanged in the network. These attacks could involve eavesdropping, message tampering, or identity spoofing. Many attacks are targeted at the data traffic by dropping all data packets (blackhole attack), selectively dropping data packets (grayhole attack), and performing statistical analysis on the data packets to obtain critical information, such as the location of primary entities in the network. For an attacker to be able to launch damaging data attacks, one option is to have a large number of powerful adversary nodes distributed over the network and possessing cryptographic keys. Alternately, the attacker can achieve such attacks by having a few powerful adversary nodes that need not authenticate themselves to the network (i.e., external nodes). The attacker can achieve this by targeting specific control traffic in the network. Typical

ISSN: 2230-7818

Page 171

Ms. N.S.Raote* et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 171 - 174

wormhole attack by introducing the cryptographic technique [4] from administrative perspective. The remainder of this paper is organized as follows. Section 2 introduces the wormhole attack modes, impact on the ad hoc networks applications and routing threats in section 3, we discuss the solutions that have been proposed in the literature as a countermeasure for this attack. Finally, conclusion and future directions are given in section 4.

while in reality it is seven hops long. Any routing protocol that uses the metric of shortest path to choose the best route is vulnerable to this mode of wormhole attack. 2.2 Wormhole using Out-of-Band Channel This mode for wormhole attack involves the use of an out of band channel. This attack is launched by having an out of band high-bandwidth channel between the malicious nodes. Z

S P

R Y

Wireless Link

Malicious Node

Good node

This mode of attack needs specialized hardware capability. Consider Figure 3 [13] in which node A sends a RREQ to node B, and nodes X and Y are malicious nodes having an out-of-band channel between them. Node X tunnels the RREQ to Y, which is a legitimate neighbour of B. Node Y broadcasts the packet to its neighbours, including B. B gets two RREQsâ&#x20AC;&#x201D;A-X-Y-B and A-C-D-E-F-B. The first route is both shorter and faster than the second, and is thus chosen by B.

2. WORMHOLE ATTACK

In this section we explain the wormhole attack modes [9].Based on the techniques used for launching the wormhole attack the wormhole attack modes are classified as follows. A. Wormhole Attack Modes Wormhole attacks can be launched using several modes, among these modes, we mention:

IJ A

When the source node broadcast the RREQ packet, a malicious node which is at one part of the network receives the RREQ packet. It tunnels that packet to a second colluding party which is at a distant location near the destination, it then rebroadcasts the RREQ. The neighbours of the second colluding party receive the RREQ and drop any further legitimate requests that may arrive later on legitimate multihop paths. The result is that the routes between the source and the destination go through the two colluding nodes that will be said to have formed a wormhole between them. This prevents nodes from discovering legitimate paths that are more than two hops away. In [6] the authors have given example, consider Figure 2 in which nodes A is source node and B is the destination node, both try to discover the shortest path between them, in the presence of the two malicious nodes X and Y. Node A broadcasts a RREQ, X gets the RREQ and encapsulates it in a packet destined to Y through the path that exists between X and Y (U-V-W-Z). Node Y demarshalls the packet, and rebroadcasts it again, which reaches B. Note that due to the packet encapsulation, the hop count does not increase during the traversal through U-V-W-Z. Concurrently, the RREQ travels from A to B through C-D-E. Node B now has two routes, the first is four hops long (A-C-D-E-B), and the second is apparently three hops long (A-X-Y-B). Node B will choose the second route since it appears to be the shortest

ISSN: 2230-7818

Fig. 2 Wormhole through packet encapsulation

Fig.1 wormhole attack

2.1 Wormhole using Encapsulation

C D

Good Node

B Malicious Node

Out-of-band channel Figure 3. Wormhole through out-of-band channel

2.3Wormhole with High Power Transmission This is another method which involves the use of high power transmission. In this mode, when a malicious node gets a RREQ, it broadcasts the request at a high power level; this capability is not available to other nodes in the network. Any node that hears the high-power broadcast rebroadcasts it

Page 172

Ms. N.S.Raote* et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 171 - 174

2.4Wormhole using Packet Relay Another mode of the wormhole attack is by using packet relay. In this mode a malicious node relays packets between two distant nodes to convince them that they are neighbours. This mode can be launched by even one malicious node. It involves the cooperation by a greater number of malicious nodes, which serves to expand the neighbour list of a victim node to several hops. It is carried out by an intruder node X located within transmission range of legitimate nodes A and B, where A and B are not themselves within transmission range of each other. Intruder node X merely tunnels control traffic between A and B (and vice versa), without the modification presumed by the routing protocol e.g. without stating its address as the source in the packets header so that X is virtually invisible. Node X can afterwards drop tunneled packets or break this link at will. An extraneous A -B link can be artificially created by an intruder node X by wormholing control messages between A and B.

3. DEFENSES A wide variety of wormhole attack mitigation techniques have been proposed for specific kinds of networks: sensor networks, static networks, or networks where nodes use directional antennas. In this section, we describe and discuss such techniques, commenting on their usability and the possibility of their use in general adhoc network. Hu and vans propose a solution to wormhole attacks for adhoc networks in which all nodes are equipped with directional antennas. In this technique nodes use specific ‗sectors‘ of their antennas to communicate with each other. Each couple of nodes has to examine the direction of received signals from its neighbor. Hence, the neighbors relation is set only if the directions of both pairs match. This extra bit of information makes wormhole discovery and introduces substantial inconsistencies in the network, and can easily be detected. Wang and Bhargava introduce an approach in which network visualization is used for discovery of wormhole attacks in stationary sensor networks [8]. In their approach, each sensor estimates the distance to its neighbors using the received signal strength. All sensors send this distance information to the central controller, which calculates the network‘s physical topology based on individual sensor distance measurements. With no wormholes present, the network topology should be more or less flat, while a wormhole would be seen as a ‗string‘ pulling different ends of the network together. Lazos et al proposed a ‗graph-theoretical‘ approach to wormhole attack prevention based on the use of LocationAware ‗Guard‘ Nodes (LAGNs). Lazos uses ‗local broadcast keys‘[28] - keys valid only between one-hop neighbours - to defy wormhole attackers: a message encrypted with a local key at one end of the network can not be decrypted at another end. Lazos proposes to use hashed messages from LAGNs to detect wormholes during the key establishment [27]. A node can detect certain inconsistencies in messages from different LAGNs if a wormhole is present. Without a wormhole, a node should not be able to hear two LAGNs that are far from each other, and should not be able to hear the same message from one guard twice. Khalil et al propose a protocol for wormhole attack discovery in static networks they call LiteWorp[9]. In LiteWorp, once deployed, nodes obtain full two-hop routing information from their neighbours. While in a standard ad hoc routing protocol nodes usually keep track of their neighbours are, in LiteWorp they also know who the neighbours‘ neighbours are,- they can take advantage of twohop, rather than one-hop, neighbour information. This information can be exploited to detect wormhole attacks. Also, nodes observe their neighbours‘ behavior to determine whether data packets are being properly forwarder by the neighbour. Song et al proposes a wormhole discovery mechanism based on statistical analysis of multipath routing [16]. Song observes that a link created by a wormhole is very attractive in routing sense, and will be selected and requested with unnaturally high frequency as it only uses routing data already available to a node.

2.5 Wormhole using Protocol Deviations

of traffic analysis or encryption compromise.

towards the destination. By this method, the chance of malicious node to be in the routes established between the source and the destination increases even without the participation of a colluding node.

IJ A

During the route request forwarding, the nodes typically back off for a random amount of time before forwarding. This is motivated by the fact that the request forwarding is done by broadcasting and hence, reducing MAC layer collisions is important. A malicious node can create a wormhole by simply not complying with the protocol and broadcasting without backing off. The purpose is to let the request packet it forwards arrive first at the destination and sit is therefore included in the path to the destination [13].The advantage of this mode is that the control packet arrive faster. The challenge for this mode is that there is a possibility of collision to occur between transmissions of malicious nodes. B. Wormhole Attack Threats

We can consider wormhole attack as a two phase process launched by one or several malicious nodes. In the first phase, the two malicious end points of the tunnel may use it to pass routing traffic to attract routes through them. In the second phase, wormhole nodes could exploit the data in variety of ways. They can disrupt the data flow by selectively dropping or modifying data packets, generating unnecessary routing activities by turning off the wormhole link periodically, etc.The attacker can also simply record the traffic for later analysis. Using wormholes an attacker can also break any protocol that directly or indirectly relies on geographic proximity. It should be noted that wormholes are dangerous by themselves, even if attackers are diligently forwarding all packets without any disruptions, on some level, providing a communication service to the network. With wormhole in place, affected network nodes do not have a true picture of the network, which may disrupt the localization-based schemes, and hence lead to the wrong decisions, etc. Wormhole can also be used to simply aggregate a large number of network packets for the purpose

ISSN: 2230-7818

Page 173

Ms. N.S.Raote* et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 171 - 174 Sr. No .

Wormhole discovery and recovery methods Method

Requirement

Commentary

Packet leashes, geographical

GPS coordinates of every node; Loosely synchronized clocks (ms)

Packet leashes, temporal

Tightly synchronized clocks (ns)

Packet leashes, end-to-end

Time of flight

GPS coordinates; Loosely synchronized clocks (ms) Hardware enabling one-bit message and immediate replies without CPU involvement Directional antennas on all nodes or several nodes with both GPS and directional antennas

Robust, straightforward solution; inherits general limitations of GPS technology Impractical; required time synchronization level not currently achievable in to sensor networks Inherits limitations of GPS technology

Network visualization Not readily applicable to mobile networks.

Centralized controller

Localization

Location-aware ‗guard‘ Nodes

LiteWorp

none

Statistical analysis

[1] Mariane A. Azer,Sherif M. El-Kassas, ―An Innovative Approach for the [2] [3]

[4]

Seems promising; Works best on dense networks; Mobility not studied; Varied terrains not studied Good solution for sensor networks

[5]

Applicable only to static stationary networks; Impractical

[8]

no requirements

Works only with multi-path ondemand protocols; 10. MGM Light weight local For necessary monitoring condition, the heavy weight RV protocol is triggered. it is more resource efficient and powerful Table 1.Summary of various defense mechanisms for Wormhole attack

These factors allow for easy integration of this method into intrusion detection systems only to routing protocols that are both on-demand and multipath.

ISSN: 2230-7818

REFERENCES Wormhole Attack Detection and Prevention in Wireless Ad-hoc Network‖2010. Matthew Tan Creti,Matthew Beaman,Saurabh Bagchi,Zhiyuan Li,Yung-Hsiang Lu, ― Multigrade Security Monitoring for Ad-hoc Wireless Networks‖ ,2009IEEE. Bhargava, B.de Oliveira, R. Yu Zhang Idika, ― Addressing Collaborative Attacks and Defense in Ad Hoc Wireless Networks‖ 29th IEEE International Conference on Distributed Computing Systems, 2009 Shang-Ming Jen, Chi-sung Laith & Wen-Chung Kuo,, ― A Hop Count scheme for avoiding wormhole attack in MANET‖, Journal on Open access sensors,2009. Khabbazian, M.;Mercier,H.;Bhargava, V.K., ― Severity Analysis and countermeasures for the Wormhole Attack in Wireless Ad Hoc Networks‖. IEEE Trans. Wireless Commun.2009, 8,736-745. Marianne Azer, Sherif Ei-Kassas Magdy El-Soudani, ― A Full image of the Wormhole Attack towards introducing Complex wormhole attacks in wireless Ad-hoc networks‖, in (IJCSIS) International Journal of Computer Science and Information Security, Vol. 1, No. 1, May 2009. F.Nait-Abdesselam,B.Bensaou,and T. Taleb, ― Detecting and avoiding Wormhole attacks in Wireless Ad-hoc Networks‖, in IEEE Communication Magazine.vol.46,April 2008,pp.127-133. G. Lee, D. k. Kim, J. Seo, ― An Approach to Mitigate Wormhole Attack in Wireless Ad Hoc Networks,” IEEE International Conference on Information Security and Assurance, pp. 220-225, 2008. Naït-Abdesselam, F.; Bensaou, B.; Yoo, J., ― Detecting and Avoiding Wormhole Attacks in Optimized Link State Routing Protocol‖. In IEEE WCNC, Hong Kong, 2007; pp. 3119–3124. Ren, K.; Lou, W.; Zeng, K.,Moran, P.J. ― On Broadcast Authentication in Wireless Sensor Networks‖. IEEE Trans. Wireless Commun. 2007, 6, 11–23 Maheshwari, R.; Gao, J.; Das, S.R. ― Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information‖. In IEEE INFOCOM, Anchorage, AK, USA, 2007; pp. 107–115. Y.-C. Hu, A. Perrig, D. B. Johnson, ― Wormhole Attacks in Wireless Networks,‖ Selected Areas of Communications, IEEE Journal on, vol. 24, numb. 2, pp. 370- 380, 2006. Khalil, I.; Bagchi, S.; Shroff, N.B. ― LITEWORP: A Lightweight Countermeasure for the Wormhole Attack sin Multihop Wireless Networks‖. In IEEE DSN’05, Yokohama, Japan, June 28-July 1, 2005; pp. 1–10. Qian. L.; Song, N.; Li, X. ― Detecting and Locating Wormhole Attacks in Wireless Ad Hoc Networks through Statistical Analysis of Multipath‖. In IEEE WCNC 2005, New Orleans, LA, USA, March 13-17, pp. 2106–2111,2005. Lazos,L.;Poovendran,R ― SeRLo;Secure Range-independent Localization for wireless Sensor Networks‖..In ACM WiSE‘04,New York,NY,USA,October2004;pp.73-100.

Good solutions for networks relying on directional antennas, but not directly applicable to other networks

IJ A

Directional Antennas

Impractical; likely to require MAClayer modifications

In this paper we introduced the wormhole attack, describes its different modes in details. We also discussed the threats that this attack presents briefly, and overviewed the effort done in the literature to combat this attack. In this type of attacks many modes have been suggested to be used in conjunction to benefit from the advantages of each to compensate for other modes disadvantages. Ethically, this type of wormhole analysis is important to account for possible new dangers and variations of this attack. Furthermore, it can help in putting some constraints on the network topology to design a robust network for such attacks, and in the design of new and more powerful attack countermeasure.

4. CONCLUSION

[6]

[7]

[9] [10] [11] [12] [13]

[14]

[15]

Page 174