Documente Academic
Documente Profesional
Documente Cultură
Abstract- A wireless ad-hoc network is a temporarily set examples of control traffic are routing, monitoring liveness
network by wireless mobile computers (or nodes) moving arbitrary of a node, topology discovery, and distributed location
in the place that have no fixed network infrastructure. The need determination. A particularly severe control attack on the
for cooperation among nodes to relay each other’s packets in the
adhoc network exposes them to a wide range of security attacks. routing functionality of wireless networks, called the
Adhoc wireless network is unprotected to the attacks of malicious wormhole attack [1][2][3], has been introduced in the
nodes ,out of all the attack cause by the malicious nodes, the most context of ad hoc networks. During the attack, a malicious
devastating attack is known as the wormhole attack, in which two node captures packets from one location in the network, and
T
or more malicious colluding nodes create a higher level virtual ―tunnels‖ them to another malicious node at a distant point,
tunnel in the network, which transport packets at one location in which replays them locally. The tunnel can be established
the network Where the adversary records transmitted packets at
through a single long range wireless link or even through a
one location, and retransmit them into the network .Even if all
communication provides authenticity and confidentiality, the wired link between the two colluding attackers [13]-[14].
wormhole attack is possible. This paper provides a survey on Due to the broadcast nature of the radio channel, the attacker
wormhole attack and its counter measures in ad-hoc wireless can create a wormhole even for packets not addressed to
network. itself. This tunnel makes the tunneled packet arrive either
Wormhole attack.
1. INTRODUCTION
ES
Keywords: Ad Hoc Networks, comprised nodes attacks, earlier or with number of hops lesser compared to the
packets transmitted over normal multihop routes. This
creates the illusion that the two end points of the tunnel are
very close to each other. A wormhole tunnel can actually be
A network is ad-hoc because it does not rely on a useful if used for forwarding all the packets, it puts the
preexisting infrastructure such as routers in wired networks attacker in powerful position compared to other nodes in the
or access points in managed (infrastructure) wireless network, which the attacker could use in a manner that could
network. An ad-hoc network is self-organizing and adaptive compromise the security of the network. However, in its
networks formed on-the-fly, devices can leave and join the malicious incarnation, it can be used by the two malicious
network during its lifetime. This network has the features of end points of the tunnel to pass routing traffic to attract
shared broadcast radio channel, insecure operating routes through them. The malicious end points can then
A
environment, absence of infrastructure, lack of central launch a variety of attacks against the data traffic.
authority, lack of association, limited resource availability Ad-hoc network are more prone to the security attack as
dynamically changing network topology, resource constrains compared to wired network or infra structure based wireless
and lack of clear line of defense, make them vulnerable to a network because of distributive nature. These networks are
wide range of security attacks. Attacks on the adhoc network vulnerable to the wormhole attack launched through the
can be classified into two broad categories, namely, passive compromised nodes (node that perform internal attacks).
and active attack. A passive attack does not disrupt the In wormhole attack the two remote regions are directly
IJ
operation of the network; the adversary snoops the data connected through nodes (malicious) that appear to be
exchanged in the network without altering it whereas the neighbor but are actually distant from one another. Such
active attack attempts to alter or destroy the data being wormhole attack results in the false route. If the source node
exchanged in the network. chooses this fake route, malicious nodes have the option of
These attacks could involve eavesdropping, message delivering the packet or dropping them. So the wormhole
tampering, or identity spoofing. Many attacks are targeted at attack is one of the most severe threats to ad-hoc networks,
the data traffic by dropping all data packets (blackhole as it can do harm to both sender and receiver.
attack), selectively dropping data packets (grayhole attack), In general, adhoc routing protocols fall into two
and performing statistical analysis on the data packets to categories: proactive routing protocols that rely on periodic
obtain critical information, such as the location of primary transmission of routing updates, and on demand routing
entities in the network. For an attacker to be able to launch protocols that search for routes only when necessary. A
damaging data attacks, one option is to have a large number wormhole attack is equally dangerous for both proactive and
of powerful adversary nodes distributed over the network on-demand protocols.
and possessing cryptographic keys. Alternately, the attacker In this paper, we explain the attack modes and point to the
can achieve such attacks by having a few powerful adversary impact of this attack and its threats. From an attacker‘s
nodes that need not authenticate themselves to the network perspective, we analyze each of the attack‘s modes‘ benefits
(i.e., external nodes). The attacker can achieve this by and suitable conditions and think how to improve the
targeting specific control traffic in the network. Typical
wormhole attack by introducing the cryptographic technique while in reality it is seven hops long. Any routing protocol
[4] from administrative perspective. that uses the metric of shortest path to choose the best route
The remainder of this paper is organized as follows. is vulnerable to this mode of wormhole attack.
Section 2 introduces the wormhole attack modes, impact on
2.2 Wormhole using Out-of-Band Channel
the ad hoc networks applications and routing threats in
This mode for wormhole attack involves the use of an out of
section 3, we discuss the solutions that have been proposed
band channel. This attack is launched by having an out of
in the literature as a countermeasure for this attack.
band high-bandwidth channel between the malicious nodes.
Finally, conclusion and future directions are given in section
4.
X Z
S
P
U V W
Q R
Y
A
T
Wireless Link
Malicious Node D E B
Good node C
towards the destination. By this method, the chance of of traffic analysis or encryption compromise.
malicious node to be in the routes established between the
source and the destination increases even without the 3. DEFENSES
participation of a colluding node.
A wide variety of wormhole attack mitigation techniques
2.4Wormhole using Packet Relay
have been proposed for specific kinds of networks: sensor
Another mode of the wormhole attack is by using packet networks, static networks, or networks where nodes use
directional antennas. In this section, we describe and discuss
relay. In this mode a malicious node relays packets between
two distant nodes to convince them that they are neighbours. such techniques, commenting on their usability and the
This mode can be launched by even one malicious node. It possibility of their use in general adhoc network. Hu and
vans propose a solution to wormhole attacks for adhoc
involves the cooperation by a greater number of malicious
nodes, which serves to expand the neighbour list of a victim networks in which all nodes are equipped with directional
node to several hops. It is carried out by an intruder node X antennas. In this technique nodes use specific ‗sectors‘ of
located within transmission range of legitimate nodes A and their antennas to communicate with each other. Each couple
B, where A and B are not themselves within transmission of nodes has to examine the direction of received signals
from its neighbor. Hence, the neighbors relation is set only if
range of each other. Intruder node X merely tunnels control
traffic between A and B (and vice versa), without the the directions of both pairs match. This extra bit of
modification presumed by the routing protocol e.g. without information makes wormhole discovery and introduces
substantial inconsistencies in the network, and can easily be
stating its address as the source in the packets header so that
T
X is virtually invisible. Node X can afterwards drop tunneled detected.
packets or break this link at will. An extraneous A -B link Wang and Bhargava introduce an approach in which
network visualization is used for discovery of wormhole
can be artificially created by an intruder node X by
wormholing control messages between A and B. attacks in stationary sensor networks [8]. In their approach,
each sensor estimates the distance to its neighbors using the
2.5 Wormhole using Protocol Deviations received signal strength. All sensors send this distance
ES
During the route request forwarding, the nodes typically
back off for a random amount of time before forwarding.
This is motivated by the fact that the request forwarding is
information to the central controller, which calculates the
network‘s physical topology based on individual sensor
distance measurements. With no wormholes present, the
network topology should be more or less flat, while a
done by broadcasting and hence, reducing MAC layer wormhole would be seen as a ‗string‘ pulling different ends
collisions is important. A malicious node can create a of the network together.
wormhole by simply not complying with the protocol and Lazos et al proposed a ‗graph-theoretical‘ approach to
broadcasting without backing off. The purpose is to let the wormhole attack prevention based on the use of Location-
request packet it forwards arrive first at the destination and Aware ‗Guard‘ Nodes (LAGNs). Lazos uses ‗local broadcast
sit is therefore included in the path to the destination keys‘[28] - keys valid only between one-hop neighbours - to
[13].The advantage of this mode is that the control packet defy wormhole attackers: a message encrypted with a local
arrive faster. The challenge for this mode is that there is a key at one end of the network can not be decrypted at
A
possibility of collision to occur between transmissions of another end. Lazos proposes to use hashed messages from
malicious nodes. LAGNs to detect wormholes during the key establishment
[27]. A node can detect certain inconsistencies in messages
B. Wormhole Attack Threats
from different LAGNs if a wormhole is present. Without a
wormhole, a node should not be able to hear two LAGNs
We can consider wormhole attack as a two phase process
that are far from each other, and should not be able to hear
launched by one or several malicious nodes. In the first
the same message from one guard twice.
IJ
phase, the two malicious end points of the tunnel may use it
Khalil et al propose a protocol for wormhole attack
to pass routing traffic to attract routes through them. In the
discovery in static networks they call LiteWorp[9]. In
second phase, wormhole nodes could exploit the data in
LiteWorp, once deployed, nodes obtain full two-hop routing
variety of ways. They can disrupt the data flow by
information from their neighbours. While in a standard ad
selectively dropping or modifying data packets, generating
hoc routing protocol nodes usually keep track of their
unnecessary routing activities by turning off the wormhole
neighbours are, in LiteWorp they also know who the
link periodically, etc.The attacker can also simply record the
neighbours‘ neighbours are,- they can take advantage of two-
traffic for later analysis. Using wormholes an attacker can
hop, rather than one-hop, neighbour information. This
also break any protocol that directly or indirectly relies on
information can be exploited to detect wormhole attacks.
geographic proximity. It should be noted that wormholes are
Also, nodes observe their neighbours‘ behavior to determine
dangerous by themselves, even if attackers are diligently
whether data packets are being properly forwarder by the
forwarding all packets without any disruptions, on some
neighbour.
level, providing a communication service to the network.
Song et al proposes a wormhole discovery mechanism
With wormhole in place, affected network nodes do not have
based on statistical analysis of multipath routing [16]. Song
a true picture of the network, which may disrupt the
observes that a link created by a wormhole is very attractive
localization-based schemes, and hence lead to the wrong
in routing sense, and will be selected and requested with
decisions, etc. Wormhole can also be used to simply
unnaturally high frequency as it only uses routing data
aggregate a large number of network packets for the purpose
already available to a node.
T
replies without layer Network‖2010.
CPU modifications [2] Matthew Tan Creti,Matthew Beaman,Saurabh Bagchi,Zhiyuan
involvement Li,Yung-Hsiang Lu, ― Multigrade Security Monitoring for Ad-hoc
5 Directional Directional Good solutions for Wireless Networks‖ ,2009IEEE.
Antennas antennas on all networks relying [3] Bhargava, B.de Oliveira, R. Yu Zhang Idika, ― Addressing
nodes or on directional Collaborative Attacks and Defense in Ad Hoc Wireless Networks‖
several nodes with antennas, but not 29th IEEE International Conference on Distributed Computing
both GPS and directly Systems, 2009
6 Network
visualization
directional
antennas
Centralized
controller
ES
applicable to other
networks
Seems promising;
Works best on
[4]
[5]
Shang-Ming Jen, Chi-sung Laith & Wen-Chung Kuo,, ―
[11] Maheshwari, R.; Gao, J.; Das, S.R. ― Detecting Wormhole Attacks in
protocols;
Wireless Networks Using Connectivity Information‖. In IEEE
10. MGM Light weight local For necessary INFOCOM, Anchorage, AK, USA, 2007; pp. 107–115.
monitoring condition, the [12] Y.-C. Hu, A. Perrig, D. B. Johnson, ― Wormhole Attacks in Wireless
heavy weight RV Networks,‖ Selected Areas of Communications, IEEE Journal on, vol.
protocol is 24, numb. 2, pp. 370- 380, 2006.
triggered. it is [13] Khalil, I.; Bagchi, S.; Shroff, N.B. ― LITEWORP: A Lightweight
more resource Countermeasure for the Wormhole Attack sin Multihop Wireless
efficient and Networks‖. In IEEE DSN’05, Yokohama, Japan, June 28-July 1, 2005;
powerful pp. 1–10.
Table 1.Summary of various defense mechanisms for Wormhole attack [14] Qian. L.; Song, N.; Li, X. ―Detecting and Locating Wormhole Attacks
in Wireless Ad Hoc Networks through Statistical Analysis of Multi-
path‖. In IEEE WCNC 2005, New Orleans, LA, USA, March 13-17,
These factors allow for easy integration of this method into pp. 2106–2111,2005.
intrusion detection systems only to routing protocols that are [15] Lazos,L.;Poovendran,R ―
SeRLo;Secure Range-independent
both on-demand and multipath. Localization for wireless Sensor Networks‖..In ACM WiSE‘04,New
York,NY,USA,October2004;pp.73-100.