Detection and prevention of wormhole attack in mobile adhoc networks
- 1. International Journal of Computer Theory and Engineering, Vol. 2, No. 1 February, 2010
1793-8201
Detection and prevention of wormhole attack in
mobile adhoc networks
the route development. Similarly each node, which acts like
a mobile router, has absolute control over the data that
passes through it. In essence, the membership of any ad-hoc
network indisputably calls for sustained benevolent
Abstract—Wireless networks are suspectible to many attacks, behaviour by all participating nodes. In real life, such an
including an attack known as the wormhole attack. The
altruistic attitude is more than often extremely difficult to
Shalini Jain, Dr.Satbir Jain
wormhole attack is very powerful, and preventing the attack realise and so we often find malicious nodes also present in
has proven to be very difficult. A strategic placement of the the same network. Some of these are alien nodes, which
wormhole can result in a significant breakdown in
enter the network during its establishment or operation phase,
communication across a wireless network. In such attacks two
or more malicious colluding nodes create a higher-level virtual while others may originate indigenously by compromising an
tunnel in the network, which is employed to transport packets existing benevolent node. These malicious nodes can carry
between the tunnel endpoints. These tunnels emulate shorter out both Passive and Active attacks against the network.
links in the network and so act as benefit to unsuspecting In passive attacks a malicious node only eavesdrop upon
network nodes which by default seek shorter routes. This paper
packet contents, while in active attacks it may imitate, drop
present a novel trust-based scheme for identifying and isolating
nodes that create a wormhole in the network without engaging or modify legitimate packets [14]. The severity of such
any cryptographic means. With the help of extensive attacks increases multifold especially when these are
simulations, we demonstrate that our scheme functions performed in collusion. A typical example of such a
effectively in the presence of malicious colluding nodes and cooperative attack is a wormhole in which a malicious node
does not impose any unnecessary conditions upon the network
tunnels the packets from one end of the network to another.
establishment and operation phase.
The tunnel essentially emulates a shorter route through the
Index Terms—Ad hoc networks, computer network security, network and so naive nodes prefer to use it rather than
computer networks, tunneling, wireless LAN, wormhole, alternate longer routes. The advantage gained by the
packetleash. colluding nodes is obvious as they are now for all intents
and purposes, in charge of a high usage route through the
I. INTRODUCTION network. The consequences of such a wormhole on the
An ad-hoc network is built, operated, and maintained by its network can be catastrophic, and in worst-case scenarios,
constituent wireless nodes. These nodes generally have a may lead to a vertex cut in the network.
limited transmission range and so each node seeks the In this project, we apply a similar trust based scheme to
assistance of its neighbouring nodes in forwarding packets . the Dynamic Source Routing (DSR) protocol to detect and
In order, to establish routes between nodes, which are farther evade wormhole attacks in a pure ad-hoc network. Each
than a single hop, specially configured routing protocol are node in the network autonomously executes the trust model
engaged. The unique feature of these protocols is their and maintains its own evaluation regarding other nodes in
ability to trace routes in spite of a dynamic topology. The the network.
nodes in an ad-hoc network generally have limited battery This paper is divided into total of six sections. Section 1
power and so active routing protocols endeavor to save upon consists of introduction, Problem statement and problem
this, by discovering routes only when they are essentially definition. Section 2 describes the basics of Routing and
required. In contrast, proactive routing protocols vulnerability found in today’s Adhoc networks. Section 3 is
continuously establish and maintain routes, so as to avoid the security issues in wireless Adhoc networks followed by
the latency that occurs during new route discoveries. Both previous work done on wormhole attack in next section.
types of routing protocols require persistent cooperative Section- 5 is about DSR and its working. Section 6
behaviour, with intermediate nodes primarily contributing to consists of approach and methodology for detecting and
evading wormhole. Section 7 depicts design and
implementation and section 8 gives simulation results of our
Manuscript received September 20, 2009.
Shalini Jain is Lecturer with the Maharaja Surajmal Institute of proposed trust based model. Section 9 concludes with the
Technology, Affilated with Idraprashta University, New Delhi, India conclusion and future work.
(phone:+91-9873099411; fax: 91-11-25528116; e-mail:
shallu.jainr@gmail.com). A. Problem Statement
Dr. Satbir Jain is an Asst .Prof with Delhi University (Netaji Subash
Institute Of Technology,) in Computer Science Department, New Delhi,
The increasing popularity and usage of wireless
India. (e-mail:Jain_Satbir@yahoo.com). technology is creating a need for more secure wireless
78
- 2. International Journal of Computer Theory and Engineering, Vol. 2, No. 1 February, 2010
1793-8201
networks. Wireless networks are particularly vulnerable to a information about its surroundings such as temperature,
Powerful attack known as the wormhole attack [10] [1]. This sound or movement. The Mica mote has little room for
paper disscuses a new trust based that prevents wormhole security measures to protect itself from a wormhole attack.
attacks on a wireless network. A few existing Protocols Current network protocols are also vulnerable to wormhole
detect wormhole attacks but they require highly specialized attacks. So its very necessary to find out an useful scheme
equipment not found on most wireless devices. This project for detection and evasion of wormhole. This paper will
aims to develop a defense against Wormhole attacks that introduce a trust based model for same purpose.
does not require as a significant amount of specialized
equipment. II. ROUTING
B. Problem Definition The knowledge of routing protocols of MANETs is
important to understand the security problems in MANETs.
Ad-hoc or spontaneous wireless networks are threatened
The routing procols used in MANETs are di-
by a powerful attack known as the wormhole attack. A
erent from routing protocols of traditional wired world
wormhole attack [10] [1] can be set up with relative ease, but
because of frequent route updates, mobility and limited
preventing one is difficult. To set up a wormhole attack, an
transmission range. The performance criteria of nodes in
attacker places two or more transceivers at different locations
MANETs are different than that of wired networks.
on a wireless network as shown in figure1 as follows.
Routing protocols in Mobile Adhoc Networks are majorly
of two categories: Proactive Protocols and Reactive
Protocols
Reactive Routing protocols are based on corresponding
routes between two nodes , when it is required. This is
different from traditional Proactive Routing Protocols in
which nodes periodically sends messages to each other in
order to maintain routes.
Dynamic Source Routing(DSR) uses source routing to
deliver packets from one node in the network to some other
node. The source node adds the full path to the destination
in terms of intermediate nodes in every packet . This
Figure1 Set-up of a wormhole. information is used by intermediate node to determine
whether to accept the packet and to whom to forward it.
Node A can reach node C within a shorter time with the DSR operates on two mechanisms: Route Discovery and
help of a wormhole[16]. Route Maintainance.
This establishes a wormhole or tunnel through which data Route Discovery is used when the sender does not know
can transfer faster than it could on the original network. the path upto the destination. In this mechanism, the sender
After setting up a wormhole, an attacker can disrupt routing broadcasts a ROUTE REQUEST message which contains
to direct packets through the wormhole using a technique Source Address, Destination Address , Identier. Each
known as selective forwarding[10] depicted in Figure 2. intermediate node adds its address in ROUTE REQUEST
message and rebroadcast it, unless it has not rebroadcasted
earlier. With this controlled broadcast, the ROUTE
REQUEST will ultimately reaches the destination. The
destination then sends a unicast ROUTE REPLY message in
reverse direction whose information is obtained from list of
intermediate nodes in ROUTE REQUEST message. When
the ROUTE REPLY packet reaches the source, it records the
route contained in it and saves in its cache for the specic
Figure2 Selective Forwarding. destination. For better performance, intermediate nodes also
records this route information from the two route messages.
Lower right portion of network relies on wormhole link to All nodes overhearing these packet adds meaningfull route
route information. Disconnecting wormhole link results in entries in their caches.
breakdown of the network[16]. Finally, Route Maintainance Mechanism is used to notify
A strategic placement of the wormhole can result in a souce and potentially trigger new route discovery events
significant Breakdown in communication across a wireless when changes in the network topology invalidates a cached
network. Wireless networking is a young technology and route.
thus, many wireless network devices have not been designed
to defend against wormhole attacks. For example, a sensor III. SECURITY IN AD HOC NETWORKS
network device called the Mica mote has the ability to sense Due to the issues such as shared physical medium, lack of
79
- 3. International Journal of Computer Theory and Engineering, Vol. 2, No. 1 February, 2010
1793-8201
central management, limited resources and highly dynamic Spoofing attack: Spoofing attacks are also called
topology, ad hoc networks are much more vulnerable to impersonation attack. The adversary pretends to have the
security attacks [4]. Hence it is very necessary to find identity of another node in the network, thus receiving
security solutions. In the following sections we first address messages directed to the node it fakes. One of these attacks
attacks in ad hoc networks, and list several typical special is man-in-the-middle attack. In this attack, attackers place
attacks. their own node between two other nodes communicating
we can classify the attacks into two brief categories, with each other and forward the communication.
namely passive and active attacks. A passive attack attempts Denial of service attack: In this type of attack, the
to learn or make use of information from the system but does attacker attempts to prevent the authorized users from
not affect system resources. An active attack attempts to alter accessing the services. Due to the disadvantage of ad hoc
system resources or affect their operation.Active attacks can networks, it is much easier to launch Dos attacks. For
be further classified into two types according to the location example, an adversary could disrupt the on-going
of attackers, namely internal and external active attacks. transmissions on the wireless channel by employing jamming
According to the layer attacked they can be classified into signals on the physical and MAC layers.
network layer attacks, transport layer attacks, Application 5) Others
layer attacks, and multi-Layer attacks. Unlike above addressed attacks, in a device tampering
1) Network layer attacks attack, devices such as PDA could get stolen or damaged
Attacks which could occur in network layer of the easily. The adversary could then get useful data from the
network protocol stack are:- stolen devices and communication on behalf of the owner.
Wormhole attack: In this attack, an adversary receives
packets at one point in the network, tunnels them to another IV. BACKGROUND WORK
point in the network, and then replays them into the network Hu and Evans developed a protocol using directional
from that point [10].This tunnel between two adversaries are antennas to prevent wormhole attacks[6]. Directional
called wormhole. It can be established through a single antennas are able to detect the angle of arrival of a signal . In
long-range wireless link or a wired link between the two this protocol, two nodes communicate knowing that one
adversaries. Hence it is simple for the adversary to make the node should be receiving messages from one angle and the
tunneled packet arrive sooner than other packets transmitted other should be receiving it at the opposite angle (i.e. one
over a normal multi-hop route. from west and the other at east). This protocol fails only if
Black hole attack: In this attack, a malicious node the attacker strategically placed wormholes residing between
attempts to suggest false path to the destination. An two directional antennas.
adversary could prevent the source from finding path to Another localization scheme known as the coordinate
destination, or forward all messages through a certain node system involves the work done by Nagpal, Shrobe and
[10] [1]. Bachrach at Massachusetts Institute of Technology (MIT). It
Routing attacks: In this attack, an adversary attempts to uses a subset of GPS nodes to provide nodes without GPS a
disrupt the operation of the network. The attacks can be sense of relative location . This is achieved using two
further classified into several types, namely routing table algorithms:The gradient which measures a GPS node’s hop
overflow attack, routing table poisoning attack, packet count from a point in a network, and multilateration, which
replication attack, route cache poisoning, and rushing attack. determines the way GPS nodes spread information of its
In a routing table overflow attack, an adversary attempts to location to nodes without GPS. Hop counts tell how far a
cause an overflow in routing table by adverting routes to node is from a particular source. A flaw in using this scheme
non-existent nodes, while in routing table positining attack is that wormholes can disrupt hop counts within a network .
the adversary sends false routing updates or modifies the Therefore, any system following this scheme is rendered
actual routing updates to result jam in networks. defenseless under wormhole attacks.
2) Transport layer attacks Rouba El Kaissi et.al[21]obstacles impede the
Transport layer attacks is generally session hijacking. In successful deployment of sensor networks. In addition to the
this type of attack, an adversary obtains the control of a limited resources issue, security is a major concern
session between two parties. In most cases the authentication especially for applications such as home security monitoring,
process is executed when a session begins, hence an military, and battle field applications. This paper presents a
adversary could take the role of one party in the whole defense mechanism against wormhole attacks in wireless
session. sensor networks. Specifically, a simple routing tree protocol
3) Application layer attacks is proposed
In this type of attack, an adversary analyzes the Y. C. Hu et.al.[18] have considered packet leashes –
vulnerability. Dozens of attacks aiming at application layer geographic and temporal. In geographic leashes, node
exist, such as script attack, virus, and worm. location information is used to bound the distance a packet
4) Multi-Layer attacks can traverse. Since wormhole attacks can affect localization,
Attacks, which could occur in any layer of the network the location information must be obtained via an out-of-band
protocol stack, fall into this class. mechanism such as GPS. Further, the “legal” distance a
80
- 4. International Journal of Computer Theory and Engineering, Vol. 2, No. 1 February, 2010
1793-8201
packet can traverse is not always easy to determine. In are sent using a point to-point specialized link between the
temporal leashes, extremely accurate globally synchronized colluding nodes. In this thesis, we only discuss solutions to
clocks are used to bound the propagation time of packets the first type of wormhole, which in our opinion has greater
that could be hard to obtain particularly in low-cost sensor applicability to pure ad-hoc networks. In an ad-hoc network
hardware. Even when available, such timing analysis may executing the DSR protocol, each packet contains the
not be able to detect cut-through or physical layer wormhole complete list of nodes that it has to traverse in order to reach
attacks. the destination. This feature, although excludes intermediate
In S. Capkun et.al.[19], an authenticated distance nodes form making any routing decisions, can still be
bounding technique called MAD is used. The approach is exploited to create a wormhole. Such wormholes can be
similar to packet leashes at a high level, but does not require created in a number of topological scenarios.
location information or clock synchronization. But it still However, all such settings are primarily derived from
suffers from other limitations of the packet leashes technique. scenarios where the colluding nodes (M1,M2) are not the
In the Echo protocol [20], ultrasound is used to bound the immediate neighbours of the source (S) and destination (D)
distance for a secure location verification. Use of ultrasound nodes.Wormhole creation in such a scenario is generally
instead of RF signals as before helps in relaxing the timing accomplished using the following steps:
requirements; but needs an additional hardware. In a recent Sustained Routes between Colluding Nodes M1 and M2
work [4], authors have focused on practical methods of periodically establish and maintain routes to each other in
detecting wormholes. This technique uses timing constraints the network at all times. This route serves as a higher layer
and authentication to verify whether a node is a true neighbor. tunnel for all other nodes whose traffic is routed through M1
The authors develop a protocol that can be implemented in and M2.
802.11 capable hardware with minor modifications. Still it Fallacious Response to Source Node Route Requests
remains unclear how realistic such timing analysis could whenever a ROUTE REQUEST packet from S is received by
be in low-cost sensor hardware. M1, it immediately sends a ROUTE REPLY packet so as to
In this paper, the performance of multi-path routing under portray minimal delay. M1 also makes the ROUTE REPLY
wormhole attack is studied in detail by Ning Song et.al[22]. packet (S-1-M1-M2-D) as short as possible, indicating D as
They showed that multi-path routing is vulnerable to an immediate neighbour of M2. Such ROUTE REPLY
wormhole attacks. A simple scheme based on statistical packets, have a high probability of being selected by S as
analysis (called SAM) is proposed to detect such attacks and they have minimal hop-count and latency.
to identify malicious nodes. Comparing to the previous Route Development till the Destination NodeM1 informs
approaches (for example, using packet leash), no special M2 to initiate a route discovery to D through a pre agreed
requirements (such as time synchronization or GPS) are upon higher layer protocol and also performs the same. In
needed in the proposed scheme. Simulation results the mean time, all data packets from S to D are buffered for a
demonstrate that SAM successfully detects wormhole attacks certain interval at M1. While waiting for a route to D, if M1
and locates the malicious nodes in networks with different receives a ROUTE REPLY packet from D to S, it verifies
topologies and with different node transmission range. whether it can reach D through M2. If yes, it creates a new
working source route option from M2 to D (S-M1-M2-5-D)
V. WORMHOLE ATTACK IN DSR for the buffered packets, encapsulates and sends them to M2,
In any ad-hoc network, a wormhole can be created through else it waits for the ROUTE REPLY packet to be received in
the following three ways: response to the ROUTE REQUEST packet that was initiated
Tunneling of packets above the network layer by itself and M2.
Upon receipt of these ROUTE REPLY packets, M1 traces
Long-range tunnel using high power transmitters an optimal route to D through M2. However, if during this
Tunnel creation via external wired infrastructure waiting period, the buffer interval expires or an overflow
occurs, M1 sends a ROUTE ERROR packet to S for the last
In the first type of wormhole, all packets which are
received data packet.
received by a malicious node are duly modified,
encapsulated in a higher layer protocol and dispatched to the
colluding node using the services of the network nodes.
These encapsulated packets traverse the network in the
regular manner until they reach the collaborating node The
recipient malicious node, extracts the original packet, makes
the requisite modifications and sends them to the intended
destination.
In the second and third type of wormholes, the packets are
modified and encapsulated in a similar manner. However,
instead of being dispatched through the network nodes, they
81
- 5. International Journal of Computer Theory and Engineering, Vol. 2, No. 1 February, 2010
1793-8201
decremented. We represent the direct trust in a node y by
node x as Txy and is given by the following equation:
Txy = PP . PA (1)
Where PP e [0, 1], represents the situational trust category
Packet Precision, which essentially indicates the existence or
absence of a wormhole through node y [14]. PA represents
the situational trust category Packet Acknowledgements that
preserves a count of the number of packets that have been
forwarded by a node. The category PP and PA are employed
in combination to protect the DSR protocol against
wormhole attacks and for identifying selfish node behaviour
respectively. Any benevolent node not able to forward a data
packet, due to radio interference, hardware faults, software
bugs or environmental conditions, is classified as selfish.
Figure3 Wormhole attack in DSR However, in case no other alternate trusted nodes are
available, these selfish nodes will be engaged into the
Deception through Gratuitous Route Replies As an
routing process.
alternate mechanism, if M1 overhears any ongoing
However, any node incorrectly forwarding a data packet,
communication between S and D (S-1-2-3-4-5-D). It may
by not ensuring its integrity, will be classified as malicious
initiate a new route discovery to D and also request the same
and not included in any subsequent data connections.
through M2. Upon receipt of a route from M1 to D via M2,
it can create a new Gratuitous ROUTE REPLY packet B. Wormhole Detection
(S-1-M1-M2-D) and send it to S. Based upon the same During wormhole detection, each node in the network
criterion for route selections may classify the newly received measures the accuracy and sincerity of its immediate
route as optimal and discard the one that was already in use. neighbouring nodes. The detection process works in the
following manner:
VI. APPROACH AND METHODOLOGY 1 Each node, before transmission of a data packet, buffers
Main goal is to design a protocol that not only prevents the DSR Source Route header. After transmitting the
wormhole attacks but also Avoids using strict clock packet, the node places its wireless interface into the
synchronization, limits the need for specialized equipment, promiscuous mode for the Trust Update Interval (TUI).
ensures information confidentiality,provides high The TUI fundamentally represents the time a sending
performance, low power consumption and minimal memory node must wait after transmitting a packet until the time
storage. it overhears the retransmission by its neighbour. This
interval is critically related to the mobility and traffic of
A. Trust Model the network and needs to be set accordingly. If this
We detect and evade wormholes in the network using an interval is made too small it may result in ignoring of the
effort-return based trust model. The trust model uses the retransmissions, similarly a large value may induce
inherent features of the Dynamic Source Routing (DSR) errors due to nodes moving out of range.
protocol to derive and compute respective trust levels in 2 If during the TUI, the node is able to overhear its
other nodes. For correct execution of the model, the immediate node retransmit the same packet, the sending
following conditions must be met by all participating nodes: node increases the situational trust category PA for that
1 All nodes support promiscuous mode operation. neighbour. It then verifies whether the retransmitted
packet’s DSR Source Route header is the same as the
2 Node transceivers are omnidirectional and that they can
one that was buffered earlier. If this integrity check
receive and transmit in all directions
passes, the situational trust category PP is not set,
3 The transmission and reception ranges of the indicating an absence of a wormhole. However, if the
transceivers are comparable. retransmitting node modifies the DSR Source Route
header, the detecting node sets PP to true.
Each node executing the trust model, measures the
accuracy and sincerity of the immediate neighbouring nodes 3 In case no retransmission is heard and a timeout occurs
by monitoring their participation in the packet forwarding when the TUI has exceeded, the situational trust
mechanism. The sending node verifies the different fields in category PA for that neighbour is reduced and the DSR
the forwarded IP packet for requisite modifications through a Source Route buffer is cleared. With the passage of time,
sequence of integrity checks. If the integrity checks succeed, the number of inter-node interactions also increase,
it confirms that the node has acted in a benevolent manner increasing each node’s knowledge of the behaviour of
other nodes.
and so its direct trust counter is incremented. Similarly, if the
integrity checks fail or the forwarding node does not transmit Any forwarding node, which had earlier detected
the packet at all, its corresponding direct trust measure is wormhole creation by any of its immediate neighbour, drops
82
- 6. International Journal of Computer Theory and Engineering, Vol. 2, No. 1 February, 2010
1793-8201
all packets that were destined to go through that neighbour value in an environment with many malicious nodes. If a
and generates a corresponding ROUTE ERROR packet. This route contain known nodes, the trust value of these nodes is
packet informs the source and all intermediate nodes use to base the assignment of initial trust value.
regarding the unavailability of the route through the
wormhole. Consequently, the wormhole is circumvented in
subsequent data connections.
C. Wormhole Evasion
In DSR, before initiating a new route discovery, the cache
is first scanned for a working route to the destination[8]. In
the event of unavailability of a route from the cache, the
ROUTE REQUEST packet is propagated. When the search
is made for a route in the cache, the Dijkstra algorithm is
executed, which returns the shortest path in terms of number
of hops. In the LINK CACHE scheme the default cost of
each link is one, which signifies uniform spread of the
inter-node trust levels. We replace this cost with the actual Figure4 Design diagram of modified DSR protocol
trust level of a node to which this particular link is directed.
Now, each time a new route is required, a modified variant of Initial Trust Value Estimation due to the importance of
the search algorithm is executed, which finds routes with the initial trust value, we need to determine optimal initial trust
maximum trust level. However, before cost assignment to any value to assign it to nodes when they are first time
link, each node first checks the wormhole status of the link encountered.
end node. If it has been classified as a wormhole, the cost of Trust Updater Module Trust updater module is
that link is set to infinity. This method ensures that implements the function for updating trust. The trust value
wormholes nodes are avoided in all future data connections. depends on a given node experience in a given situation. A
function for updating trust value depends upon some
VII. DESIGN & IMPLEMENTATION parameters.
1 Previous trust value
Here we introduce the trust value mechanism by
incorporating trust formation and trust updating as solution 2 Number of positive and negative experiences in past
to the vulnerability of the DSR protocol.
3 The experience value.
1 For each node in the network, a trust value will be
stored that express the trust for these nodes. This trust Route Selector Module The route selector module is
value will be adjusted based on experiences that a node responsible to evaluate routes based upon trust value of the
has with other its neighbour nodes. nodes in this route,and select a route on base of this
evaluation.The routes are evaluated and the route with
2 When a packet received data packets or
acknowledgements the trust value for this node will be highest rating is then selected. that means the best route is
updated.node that is encountered for first time will has considered which have the highest trust rating which means
an initial trust value assigned based on some trust that has lowest number of malicious nodes.we can conclude
formatting strategy. that a node which has malicious node is not good because its
always results in packet dropping.
3 If the requested acknowledgement was not received, the
There are two scenarios for route selection.when the route
trust value for this node should be decreased.
ratings are calculated, all routing scenarios must not take the
4 The selection of best route will be based on some destination of the packet in account, because the destination
scenarios that use the trust values of the nodes on the might be identifies as malicious node and therefore it has a
route.In figure:4 we illustrate the design diagram of low trust value.
Trusted DSR This is necessary because the traffic is generated randomly
for the simulations, and therefore malicious node may be
A. Modified DSR Protocol Design also destination of the packets. All routing scenarios return
Trust Formatter Module:When new mobile nodes maximum rating if route have only two nodes. Because it
encounter in the network Trust formatter component mean that destination is neighbor. If maximum rating is
implements methods to assign trust values to these nodes. An returned, the route is used without examining further routes.
initial trust value will be assigned to the new nodes when This is actually performance improvement compare to
first route is discovered because all nodes on the route will existing DSR protocol. Where all routes to a destination are
be unknown.The value of this parameter is quite important examined even though the destination is neighbor node.
because it determines how close the node is to achieve Route Selection Scenario 1 The first scenario will return
maximal trust. It would be best to assign a low value trust the average trust value of all nodes in a route. Actually, this
83
- 7. International Journal of Computer Theory and Engineering, Vol. 2, No. 1 February, 2010
1793-8201
scenario presents the issue that route containing nodes with TABLEIII. SIMULATION PARAMETERS
very low trust values might still be rated high as illustrated in Examined Protocol DSR
table 1. Simulation time 900 seconds
Route Selection Scenario 2 The second scenario evaluates
Simulation area 1000 x 1000 m
the nodes based on the average value of past experiences.
Number of nodes 25
Only 5 past experiences are remembered for this scenario to
calculate the average value of experiences. I n this scenario Transmission range 250 m
nodes with a high trust value that suddenly start to drop Movement model Random way point
packages will be identified faster than by using trust value. Propagation Model Two-ray Ground Reflection
In table 2 initial values for a node was (0.5). After three Maximum speed 20 m/s
positive and two negative experience value, the average of
Pause time 10 seconds
the experiences is (0.2) where the trust value of node is
Traffic type CBR (UDP)
(0.32). However, routing scenario 2 require more
computations compared to scenario.1 because it uses Maximum Connections 10
experiences not only the trust values. Payload size 512 bytes
Packet rate 4 pkt/sec
TABLEI. ROUTE SELECTION SCENARIO 1
Malicious nodes 2
Route Trust Values
Number of wormholes 1
Node 1 Node2 Node3 Node4
B. Metrics
1 0.3 0.8 0.5 0.2 0.45
Performance of the proposed scheme is evaluated based on
2 1 1 -1 1 0.75
the metrics such as Throughput, Packet Loss By malicious
Trust Manager ModuleThe Trust manager module stores node.
trust information about all known nodes during run time, and
it offers method to query for information about stored trust C. Simulation Outcomes
values.
By using Trust Based Model Packet Dropping is reduced
by 15% without using any cryptography mechanism.
VIII. SIMULATION AND RESULTS
Throughput is increased up to 7-8% When trust based model
To evaluate the effectiveness of the proposed scheme, we is used in adhoc networks at the place of standard DSR
simulated the scheme in NS-2. Higher throughput is achieved using the trust based
A. Simulation Set-up DSR protocol.This is due to the fact that the trust level of
any node not capable of sustaining the required traffic flow
The simulation parameters are listed in Table 3. We
is automatically downgraded when it dumps the packets and
implement the random way point movement model for the
some other node having a higher trust level is selected for the
simulation, in which a node starts at a random position,
routing process. This feature helps to reduce traffic
waits for the pause time, and then moves to another random
congestion onto trustworthy nodes by transferring the
position with a velocity chosen between 0 m/s and the
traffic load onto other available nodes in the
maximum simulation speed. All benign nodes execute the
neighbourhood ensuring a best-effort delivery for the
trust model for the duration of the simulation. The TUI value
generated traffic.
is set to 5 seconds, which has been found optimal in prior
In case of detection of a wormhole by an intermediate
experiments for networks where the nodes have a maximum
node, all data packets leading towards the tunnel are dropped
speed of up to 20 m/s with a transmission range of 250
and a corresponding ROUTE ERROR packet is generated.
meters.
The generation of these packets augments with the speed of
The performance metrics are obtained through ensemble
the network as the colluding nodes are constantly varying
averaging by simulations, network with a different mobility
their positions in the network.
and connection pattern.
This primarily leads to an increase in the packet overhead
TABLEII. ROUTE SELECTION SCENARIO 2 when the trust based DSR protocol is used. The probability
of detection of wormholes significantly increases with speed.
Experiance Experiance Trust Value Avg Of This
# Value Experiances At higher speeds the number of interactions with the
1 1 0.55 1 nodes creating the wormhole increase considerably. This
2 1 0.60 1
helps to spread trust information in the network at a
appreciably higher rate. Up to 60% of the nodes executing
3 1 0.64 1
the trust based DSR protocol were able to correctly identify
4 -1 0.47 0.5
at least one end of the wormhole. However, with increased
5 -1 0.32 0.2 mobility, the probability of detection of at least one
colluding node by all network nodes becomes almost 100%.
84
- 8. International Journal of Computer Theory and Engineering, Vol. 2, No. 1 February, 2010
1793-8201
Similarly, the detection probability for benevolent behaviour
also follows a similar trend under increasing speeds.
Figure5 packet dropped by malicious nodes vs percentage of malicious
nodes
Figure8 All Packet Dropped By Maliciuous node-0
IX. CONCLUSION
A wormhole is one of prominent attack that is formed by
malicious colluding nodes. The detection and evasion of
such wormholes in an ad-hoc network is still considered a
challenging task. In order to protect from wormholes, current
security-based solutions propose the establishment of ad-hoc
networks in a controlled manner, often requiring specialised
node hardware to facilitate deployment of cryptographic
Figure6 X-GRAPH Packet loss VS Time
mechanisms. In this paper, we have deviated from the
A number of nodes, whose behaviour pattern could not be customary approach of using cryptography and instead
analysed, were primarily those who were not part of any data employ a trust-based scheme to detect and evade wormholes.
connection during the simulation. The standard DSR In our scheme, we derive trust levels in neighbouring nodes
protocol, does not take into account the trust levels of the based upon their sincerity in execution of the routing
nodes and so we see that a number of packets were tunnelled protocol. This derived trust is then used to influence the
through the wormhole. routing decisions, which in turn guide a node to avoid
In contrast, each node using the trust based routing communication through the wormholes. Through extensive
scheme takes into account the behaviour of the next node testing, we have established that the trust model can
before forwarding a packet and so the total number of effectively locate dependable routes through the network in
tunnelled packets drops appreciably. It can also be observed the presence of a wormhole in the network. The routes
that at varying speeds, there are still some packets which are established in this manner may not be the shortest in terms
routed through the wormhole. The justification for such an of number of hops,but they definitely contain nodes which
occurrence is that the wormhole detection mechanism is have been found more trustworthy than the others. By using
based upon a minimal threshold (presently set to consecutive Trust Based Model Packet Dropping is reduced by 15%
modification of two DSR source route headers) before it without using any cryptography mechanism and throughput
stops the data communication through the wormhole. This is increased up to 7-8%.
permits a small number of data packets to permeate the Future work related to this topic will focus on additional
wormhole. security enhancements for routing protocols of mobile ad
hoc networks.
REFERENCES
[1] Y. C. Hu, A. Perrig, and D. B. Johnson, “Packet leashes: A defense
against wormhole attacks in wireless networks,” in Proceedings of the
Twenty-Second Annual Joint Conference of the IEEE Computer and
Communications Societies, vol. 3, pp. 1976-1986,2003.
[2] S. Capkun, L. Buttyan, and J. Hubaux, “SECTOR: Secure tracking of
node encounters in multihop wireless networks,” in Proceedings of the
ACM Workshop on Security of AdHoc and Sensor Networks, pp. 2132,
2003.
[3] E. W. Dijkstra, “A note on two problems in connection with graphs,”
Numerische Mathematik, vol. 1,pp. 269-271, 1959.
[4] C. Hu, A. Perrig, and D. B. Johnson, “Ariadne:A secure on-demand
routing protocol for ad hoc networks,” in Proceedings of the Eighth
Figure7 Throughput versus percentage of malicious nodes Annual International Conference on Mobile Computing and Networking
(MobiCom), pp. 12-23, 2002.
85
- 9. International Journal of Computer Theory and Engineering, Vol. 2, No. 1 February, 2010
1793-8201
[5] C. Hu and D. B. Johnson, “Caching strategies in on-demand routing
protocols for wireless ad hoc networks,” in Proceedings of the 6th
Annual International Conference on Mobile Computing and Networking
(MobiCom), pp. 231-242, 2000
[6] L. Hu and D. Evans, “Using directional antennas to prevent wormhole
attacks,” in Proceedings of the Network and Distributed System
Security Symposium.
[7] A. Josang, “The right type of trust for distributed systems,” in
Proceedings of the ACM New Security Paradigms Workshop, pp.
119–131, 1996.
[8] D. B. Johnson, D. A. Maltz, and Y. Hu, “The dynamic source routing
protocol for mobile ad hoc networks (DSR),” IETF MANET, Internet
Draft (workin progress), 2003.
[9] NS, The Network Simulator, http://www.isi.edu/nsnam/ns/, 1989.
[10] A. Perrig, Y. C. Hu, and D. B. Johnson, Wormhole Protection in
Wireless Ad Hoc Networks, Technical Report TR01-384, Department
of Computer Science, Rice University, 2001.
[11] M. Royer and C. K. Toh, “A review of current routing protocols for ad
hoc mobile wireless networks,” IEEE Personal Communications
Magazine, vol. 6, no. 2, pp. 46–55, 1999.
[12] W. Wang and B. Bhargava, “Visualization of wormholes in sensor
networks,” in Proceedings of the ACM Workshop on Wireless Security
(WiSe), pp. 51–60,2004.
[13] H. Yuen and R. D. Yates, “Inter-relationships of performance metrics
and system parameters in mobile ad hoc networks,” in Proceedings of
the IEEE MILCOM, vol. 1, pp. 519–524, 2002.
[14] A. A. Pirzada and C. McDonald, “Kerberos assisted authentication in
mobile ad-hoc networks, in Proceedings of the 27th Australasian
Computer Science Conference (ACSC), 2004.
[15] Master Thesis Group Key Agreement for Ad Hoc Networks by Lijun
Liao Date: 06 July 2005 Supervisor: M.Sc. Mark Manulis.
[16] A Thesis in TCC 402 Presented to The Faculty of the School of
Engineering and Applied Science University of Virginia by Jackson
Kwok March 23, 2004.
[17] TrueLink: A Practical Countermeasure to the Wormhole Attack in
Wireless Networks Jakob Eriksson, Srikanth V. Krishnamurthy,
Michalis Faloutsos University of California, Riverside.
[18] Y. C. Hu, A. Perrig, and D. Johnson, “Packet leashes: a defense against
wormhole attacks in wireless networks,” in INFOCOM, 2003.
[19] S. Capkun, L. Buttyn, and J. P. Hubaux, “SECTOR: Secure tracking of
node encounters in multi-hop wireless networks,” in 1st ACM
Workshop on Security of Ad Hoc and Sensor Networks (SASN),
October 2003.
[20] N. Sastry, U. Shankar, and D. Wagner, “Secure verification of location
claims,” in ACM Workshop on Wireless Security (WiSe 2003),
September 2003.
[21] Rouba El Kaissi, Ayman Kayssi, Ali Chehab and Zaher Dawy,”Dawsen:
a defense mechanism against wormhole attacks in wireless sensor
networks“, IN Second International Conference on Innovations in
Information Technology (IIT’05).
86