JOURNAL OF COMPUTING, VOLUME 4, ISSUE 7, JULY 2012, ISSN (Online) 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.

ORG

20

Performance Analysis of MANET under Wormhole Attack

Rajib Das, Bipul Syam Purkayastha
Abstract Now a days most of the people are going wireless, reducing the vulnerability of wireless networks is becoming a top priority. Wireless networks are susceptible to many attacks. We study routing misbehavior in MANETs (Mobile Ad Hoc Networks) in this paper. In general, routing protocols for MANETs are designed based on the assumption that all participating nodes are fully cooperative. However, due to the open structure and scarcely available battery-based energy, node misbehaviors may exist. One such routing misbehavior is that some selfish nodes will participate in the route discovery and maintenance processes but refuse to forward data packets. The scope of this paper is to study the effects of Wormhole attack in MANET using two protocols DSR and WDSR. Comparative analysis of Wormhole attack for both protocols is taken into account. The impact of Wormhole attack on the performance of MANET is evaluated by finding out which protocol is more vulnerable to the attack and how much is the impact of the attack on both protocols. The measurements were taken in the light of throughput, end-to-end delay and network load. Analytical and simulation results are presented to evaluate the performance of the proposed scheme. Index Terms Mobile Ad Hoc Networks (MANETs), routing misbehavior, Wormhole, WDSR, DSR.

1 INTRODUCTION
mobile ad hoc network (MANET) consists of a collection of wireless mobile nodes that are capable of communicating with each other without the use of any centralized administration or network infrastructure. The routing protocols in an ad hoc network should be able to cope well with dynamically changing topology, and nodes should exchange information on the topology of the network in order to establish routes. This brings about the issue of security in an ad hoc network. Using the wireless links in MANETs, any security gained because of the difficulty of tapping into a wired network is lost since the topology of MANETs is highly dynamic and traditional routing protocols can no longer be used. Due to the dynamic network topology, different packets exchanged between the same two nodes may go through different routes, among which there may be attackers waiting. It is also difficult to authenticate each node of a MANET unlike in a wired network, because of the absence of online servers [1]. Common security attacks include replay attack, denial of Service (DoS), modification, masked, routing table overflow, impersonation, energy consumption, and so on [2]. Some secure routing protocols have been proposed to protect routing messages and prevent attackers from either modifying these messages or injecting harmful routing messages into the network [4][5][8][11]. A simulation-based analysis of security exposures in MANETs was carried out by Michiardi and Molva [6] where it was assumed that a node may misbehave under the above security attacks. Three types of

routing misbehaviour have been classified and simulated within the dynamic routing protocol (DSR) [3]. Their simulation results showed that network operation and maintenance can be easily exposed and network performance can be severely affected. In the rest of the paper, Section 2 presents related works on the detection of wormhole attacks. Section 3 briefly describes DSR routing protocols. In section 4, we describe the wormhole attack in routing protocols. Section 5 explains proposed scheme. Simulation & results are presented in section 6 and finally conclusion is given in section 7.

2 RELATED WORK

For detection of wormhole attack various techniques have been suggested. One of the technique is packet leashing [7][16] i.e., in each of the packet ,packet leashing is inserted and on its basis expiration time of packet is determined.Another technique is geographical leash, in which the position of the sender and its sending time is used to determine the distance between them. Directional antennas [10] is another technique for wormhole detection in which nodes use specific sectors to communicate with each other.So a neighbour communicating with the other node has some prior knowledge of its location. For detection of [13] wormhole attack an approach is used in the delay tolerant network for exploiting forbidden topology.At the time of detecting wormhole link in this ap proach,during short period of time the transmission Rajib Das is with the Dept. of Computer Science, Assam University, Silrange of the node is reduced.Exchange of encrypted char, Pin 788011, India. packets is used for [15] wormhole link detection among Bipul Syam Purkayastha is with the Dept. of Computer Science, Assam the neighbours,this technique uses 4-way handshaking University, Silchar, Pin 788011, India. message exchanging among two suspended neighbours 2012 Journal of Computing Press, NY, USA, ISSN 2151-9617 and verifies the neighbours.In wireless sensor nethttp://sites.google.com/site/journalofcomputing/

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 7, JULY 2012, ISSN (Online) 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

21

works,the anti -jamming techniques have been proposed [18] as an application of wormhole.After analysing all these techniques a novel wormhole detection technique is presented which authenticates the intermediate nodes as well as provides a secure path to destination. A defence mechanism is also provided by Liteworp [19] against wormhole attack; it uses secure two hop neighbor discovery and local monitoring of traffic by using guard node. It has additional features that provide techniques for isolation of malicious node from the network. But in Liteworp, there are some restrictions, it requires extremely accurate clock, without any delay in network apart from propagation delay and also it requires exact measurement of angle of reception. For defending against worm-hole attack containing two phase: One suspicious and the other confirmation, Womeros [20] is the framework. The first phase utilizes the information available during the normal operation of wireless nodes by applying inexpensive techniques. In the second phase advance techniques are adapted only when wormhole attack is suspected. After application of suspicious phase technique if there is no malicious node present in the network then there is no need for wasting consumption and communication resources by applying conformation technique.

edgment. If, after a limited number of local retransmissions of the packet, a node in the route is unable to make this confirmation, it returns a ROUTE ERROR to the original source of the packet, identifying the link from itself to the next node as broken. The sender then removes this broken link from its Route Cache; for subsequent packets to this destination, the sender may use any other route to that destination in its Cache, or it may attempt a new Route Discovery for that target if necessary. In the following figure 1, a source node 1 sends a special route request packet to all neighboring nodes, and it propagates through the network. Upon receiving the RREQ, the destination node 6 sends a special route reply packet to the originating node announcing the newly discovered route.

Fig. 1: Dynamic Source Routing

3 DSR ROUTING PROTOCOL

DSR is an entirely on-demand ad hoc network routing 4 WORMHOLE ATTACK protocol composed of two parts: Route Discovery and In wormhole attack, for secret transmission of packets Route Maintenance. In DSR, when a node has a packet to between two nodes, a tunnel is created between two send to some destination and does not currently have a nodes. In a wormhole attack [5][12][14], an attacker route to that destination in its Route Cache [3], the node transmits or tunnels the packets that it receives at any initiates Route Discovery to find a route; this node is point in the network to another point in the network and known as the initiator of the Route Discovery, and the also replays them to the network from that point. For the destination of the packet is known as the Discoverys tar- attacker, it is very simple to make the tunneled packet get. The initiator transmits a ROUTE REQUEST packet as arrive sooner than the other packets transmitted over a a local broadcast, specifying the target and a unique iden- normal multihop route for tunneled distances that are tifier from the initiator. Each node receiving the ROUTE longer than the normal wireless transmission range of a REQUEST, if it has recently seen this request identifier single hop, for example through use of a single long range from the initiator, discards the REQUEST. Otherwise, it directional wireless link or through a direct wired link to appends its own node address to a list in the REQUEST a colluding attacker. Also, before an entire packet for and rebroadcasts the REQUEST. When the ROUTE RE- transmission is received by the attacker before beginning QUEST reaches its target node, the target sends a ROUTE to tunnel the bits of the packet, it can forward each bit REPLY back to the initiator of the REQUEST, including a over the wormhole directly for minimizing the delay copy of the accumulated list of addresses from the RE- caused by the wormhole attack. If the attacker performs QUEST. When the REPLY reaches the initiator of the RE- this tunneling honestly and reliably, no harm is done; the QUEST, it caches the new route in its Route Cache. Route attacker actually provides a useful service in connecting Maintenance is the mechanism by which a node sending a the network more efficiently. However, relative to all othpacket along a specified route to some destination detects er nodes in the network, the attacker is in a very powerful if that route has broken, for example because two nodes position in the network because of the wormhole and in it have moved too far apart. DSR is based on source there is a possibility that the attacker can misuse this posirouting: when sending a packet, the originator lists in the tion in a variety of ways; even if there is authenticity and header of the packet the complete sequence of nodes confidentiality in the network communication the attackthrough which the packet is to be forwarded. Each node er can still perform attacks even if it does not have the along the route forwards the packet to the next hop indi- cryptographic keys. In many ad hoc network routing procated in the packets header, and attempts to confirm that tocols wormhole attack is very dangerous, in which the the packet was received by that next node; a node may nodes that hear a packet transmission directly from some confirm this by means of a link-layer acknowledgment, node consider themselves to be in range of (and thus a passive acknowledgment, or network-layer of Computing Press, NY, USA, ISSN 2151-9617 2012 Journal acknowl- neighbor of) that node [17]. For example, when used
http://sites.google.com/site/journalofcomputing/

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 7, JULY 2012, ISSN (Online) 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

22

against an on-demand routing protocol such as DSR or AODV, a powerful application of the wormhole attack can be mounted by tunneling each ROUTE REQUEST packet directly to the destination target node of the REQUEST. When the destination node's neighbors hear this REQUEST packet, they broadcast the copy of that REQUEST following the normal routing protocol and then the ROUTE REQUEST packets that it receives from the same Route Directory; it discards them without even processing. This attack thus prevents discovery of any new routes other than the wormhole and also this attack can even prevent routes more than two hops long from being discovered if the attacker is near the initiator of the Route Discovery. For exploiting the wormhole the attacker can discard the packets rather then forwarding them all or can selectively discard or modify certain data packets, also it can create a permanent Denial-of-Service attack (no other route to the destination can be discovered as long as the attacker maintains the wormhole for ROUTE REQUEST packets).

vertise itself regarding the information that it has shortest route to the destination with the intention of dropping the packets or intercepting packets in the routing protocols like DSR, AODV. Intercepted packets are then consumed by the node: this is the second characteristics. For the simulation of the Wormhole attack, our research works on the misbehaving nodes simulation on the DSR protocol and prevention of it. Next paragraph shows our research model for the same: MANET DSR routing protocol has two main functions such as data forwarding function and routing function. The routing function is regarding the discovery of routes and maintenance of the route while the forwarding function is concerned with the packet transmission from source to destination through the established route. Presence of the misbehaving nodes affects both the data forwarding and routing functions of the MANET routing algorithm. Misbehaving nodes redirect the MANET network into the malfunction, because such node does not allow performing the data forwarding and routing functions properly. There are many kinds of misbehaving nodes present in the MANET networks, in our research we are considering two kinds of misbehaving nodes such as selfish nodes and malicious nodes along with the parameters which may govern the attack severity which we are considering: 1) Time, such as start time and stop time. 2) Degree, misbehaviour probability. 3) Target, victims nodes. A. Algorithm used Here we assume that all the nodes in a network are communicating with one another via encrypted message using secret key. Step 1: Send the Route Request Packet i.e. RRP. Step 2: Add the node information i.e. node id in Route Request table. Step 3: Set hop_count = 1 Step 4: If any malicious node is found in the network, add the information of the malicious node. Step 5: Broadcast the RRP by using modified DSR protocol, here it is WDSR. Step 6: Call WDSR protocol. Step 7: If Route Reply ack is received check the secret key of all nodes which used Route Reply. Step 8: If all the secret keys are valid, establish a path for data transfer. Step 9: If any malicious node is present as intermediate or destination node, then add the information in routing table and again rebroadcast the Route Request. Step 10: If there is any intermediate node present and received the RRP while broadcasting, add node id in routing table and increment the hop count by 1. Step 11: Again verify the secret key of the previous node. If it is valid, then add its secret key to the secret key column. Step 12: If the key of two previous nodes is identical, discard the packet RRP and inform the neighbours about the presence of malicious node.

Fig. 2: 6 nodes with wormhole link In figure 2, the wormhole link exists between the two malicious nodes 3 and 5. When node 1 wants to send data to node 6, it will broadcast a RREQ packet to all its neighbors. The malicious node 3 on receiving this RREQ will immediately forward to the malicious node 5 through the tunnel. The node 5 forwards the RREQ packet to the destination 6 and to node 4, the node 4 will now discard the RREQ packet arriving from the normal multihop route. This prevents nodes from discovering legitimate paths that are more than two hops away. The two colluding malicious nodes thus give a false illusion that the route through them is the shortest, even though they may be many hops away. Thus the route through the malicious nodes is selected and the data packets are forwarded through 3 and 5 as shown in figure 2.

5 WORMHOLE ATTACK WITH DSR: PROPOSED APPROACH

Research methodologies for the work are related to the analysis of the misbehaving nodes which are responsible for the black hole attacks in the MANET. Mainly in the Wormhole attack, traffics for the network are redirected to the mobile node in the network which does not exist in the network. Thus in this case the network traffic is disappeared into one of the special mobile node; such node is called as Wormhole node. The Wormhole attack has misbehaving node adtwo characteristics: first one, the2012 Journal of Computing Press, NY, USA, ISSN 2151-9617
http://sites.google.com/site/journalofcomputing/

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 7, JULY 2012, ISSN (Online) 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

23

Step 13: If received a packet RRP at destination, select a path for RREP. Step 14: If the average hop count is greater than the root which have less hop count, there may be a tunnel between the malicious node, then add its secret key to the secret key coulumn of the routing table and send the RREP message to the source using the same path which was created in step 13 and establish a path for the same. After implementing the above algorithm we maintain the Routing table like Fig 3: Jitter for proposed approach RREQ SQN# Node Id Secret Key Hop Count

Table 1: Routing table format

6 SIMULATION ENVIRONMENT AND IMPLEMENTATION

According to our aims and objectives, for the investigation of the wormhole attack over the DSR protocol, we first need to select the appropriate simulation tool which will satisfy all the related objectives and results. For proposed approach we carried out our simulations studies over the existing DSR protocol for the investigation of wormhole attack. We used the ns-allinone-2.29 version of NS2. In order to show the simulation of the Wormhole attacks, we have to use the modified DSR protocol i.e. WDSR which is used to simulate different types of misbehaving nodes such as malicious, selfish (type 1 and type 2). From the simulation results, we aim to find out the detection of the Wormhole attack or misbehaving nodes from the network and on the detection of it prevention mechanism for it. For the simulation we have to consider the following network scenario: Random waypoint Model (which is default with NS2) Number nodes: 30 Routing protocol: DSR & WDSR Traffic type: CBR Data payload: 512 bytes Rate: 2 packets/ sec Simulation time: 600 s Table 2: Simulation Parameter Before running the simulation script, the modified DSR is replaced with the existing DSR protocol which is by default with the NS2. Network Model:

Fig 4: Throughput for proposed approach

Fig 5: Delay for proposed system Following are overall scenario for this proposed approach Average End to end delay: 0.0012 Average Throughput: 375 packets/ TTL Average Jitter: 0.00015 Sec Now in the following section, we are computing the graphs for the existing DSR without having the mechanism of Wormhole detection and prevention.

A. Performance Analysis In this section we will present the three performance metrics for the proposed approach such as throughput, delay, jitter etc. Following are the graphs for the network with the DSR protocol which is having the functionality of detecting and preventing the wormhole attack. of Computing Press, NY, USA, ISSN 2151-9617 for Existing DSR 2012 Journal Fig 6: Jitter
http://sites.google.com/site/journalofcomputing/

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 7, JULY 2012, ISSN (Online) 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

24

WDSR Existing DSR

No. of nodes 30 30

Throughput 375 packets/TTL 380 packets/TTL

Delay 0.0012 Sec 0.0011 sec

Jitter 0.00015 Sec 0.00026 Sec

Table 3: Tables of Reading Thus, on the basis of our conducted results for both existing and proposed DSR algorithm, we claim that our modified DSR provide the security while maintaining the performance level and overall system lifetime. As shown in the above table, throughput, delay and jitter performances for the existing DSR and modified DSR i.e. WDSR are showing slight difference. As the number of nodes and network sizes grows this performance crosses the same equal performance for both existing DSR and modified DSR systems. Thus our approach showing security enhancement while maintaining network performance.

Fig 7: Throughput for Existing DSR

7 CONCLUSION AND FUTURE WORK

Presence of the attacks in the network or misbehaving nodes in the network is one of the major security issues for the MANET which is also affecting the performance of the routing protocols. In this paper we simulated the Wormhole nodes and misbehaving nodes and found the ways to detect and prevent it. The routing protocols which we used here is the dynamic source routing protocol (DSR), which is modified in order to show the impact of the misbehaving nodes in the network. From the simulations results, we find how selfish nodes or malicious nodes comes into the routing and forwarding mechanism and when they are found in any routing path, proposed DSR detects such nodes, avoides the routes in which that nodes are presents, i.e. the routes containing the misbehaving nodes, and then the routes are simply dropped and not added into the routing table of the DSR so that in future that routes are not used in any communication. The simulated results correctly find out such routes and nodes and fire the message of Wormhole attack detection mechanism. For the future work of this research work, we will consider all the other routing protocols in the MANET such as AODV, DSDV etc and then on the basis of these mechanism performance comparisons will be done between all such nodes in terms of throughput, delay, jitter etc.

Fig 8: Delay for Existing DSR Following are overall scenario for the this proposed approach Average End to end delay: 0.0011 sec Average Throughput: 380 packets/TTL Average Jitter: 0.00026 Sec Thus finally we are preparing their comparisons in following graph 0.0016
0.0014

0.0012 0.001 0.0008

0.0006 Delay

Jitter

0.0004 0.0002
0 Existing DSR Wormhole-DSR

Fig 9: Performance comparison Graph (Delay & Jitter)

REFERENCES
Priyanka Goyal, Sahil Batra and Ajit Singh. A Literature Review of Security Attack in Mobile Ad-hoc Networks, International Journal of Computer Applications (0975 8887), Volume 9 No.12, November 2010 [2] J. Broch, D. A. Maltz, D. B. Johnson, Y. Hu, and J. Jetcheva. A performance comparison of multi-hop wireless ad hoc network routing protocols, In MobiCom 98: Proceedings of the 4th annual ACM/IEEE international conference on Mobile computing and networking, pages 8597, New York, NY, USA, 1998. ACM. 2012 Journal of Computing [3] H. Deng, W. 2151-9617 Comparison graphs (throughput)Press, NY, USA, ISSN Li, and D. P. Agrawal. Routing security wireless http://sites.google.com/site/journalofcomputing/ [1]

Fig 10: Performance

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 7, JULY 2012, ISSN (Online) 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

25

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17] [18]

[19]

[20]

Rajib Das received his MCA degree from IGNOU, New Delhi, ad hoc networks, IEEE Communications Magazine, 2(1), 2002. M.Phil. degree from Annamalai University, Chidambaram, T.N. and D. B. Johnson. Routing in ad hoc networks of mobile hosts, In pursuing Ph.D from Assam University, Silchar in the field of Ad Hoc IEEE Workshop on Mobile Computing Systems and Applica- Network. His research interests are Mobile Computing and Image tions, pages 158 163, December 1994. Processing. He is a member of IEEE Computer Society, ACM and H. Li and M. Singhal, A secure routing protocol for wireless IACSIT. ad hoc networks, In HICSS06 Proceedings of the 39th Annual Bipul Syam Purkayastha received his B.Sc. degree from NEHU, Hawaii International Conference on System Sciences, page Shillong, in 1982. He received his M.Sc., M. Phil. and Ph.D. degrees 225.1, Washington, DC, USA, 2006. IEEE Computer Society. from NEHU, Shillong in 1985, 1987 and 1997 respectively. He is P. Michiardi and R. Molva. Simulation-based analysis of secu- currently working as a Professor in the Department of Computer rity exposures in mobile ad hoc networks, In Proceedings of Science, Assam University, Silchar. His research interests include soft computing, combinatorial optimization and Computer Network. European Wireless Conference, 2002. He has published lots of paper in National & International journals. Y.-C. Hu, A. Perrig, and D.B. Johnson, "Wormhole Attacks In Wireless Networks," IEEE J. Selected Areas In Comm., Vol. 24, No. 2, Feb. 2006, Pp. 370380. C. E. Perkins and E. M. Royer, Ad hoc on-demand distance vector routing, In IEEE WMCSA99, pages 90100, New Orleans, 1999. B.Prasannajit, B.; Venkatesh; S. Anupama, K. Vindhykumari, S. Subhashini, and G. Vinitha, "An Approach Towards Detection of Wormhole Attack in Sensor Networks," Integrated Intelligent Computing (ICIIC), 2010 First International Conference on , vol., no., pp.283-289, 5-7 Aug. 2010. Hu and D. Evans. Using Directional Antennas to Prevent Wormhole Attacks. Network and Distributed System Security Symposium, San Diego, 5-6 February 2004. M.Alam and K. Chan, "RTT-TC: A topological comparison based method to detect wormhole attacks in MANET," Communication Technology (ICCT), 2010 12th IEEE International Conference on, vol., no., pp.991-994, Nov. 2010. G. Wei, X. Wang, and Y. Mao, "Detecting Wormhole Attacks Using Probabilistic Routing and Redundancy Transmission," Multimedia Information Networking and Security (MINES), 2010 International Conference on , pp.496-500, Nov. 2010. Yanzhi Ren; Mooi Choo Chuah; Jie Yang; Yingying Chen. Detecting Wormhole Attacks in Delay-Tolerant Networks [Security and Privacy in Emerging Wireless Networks]. IEEE Journal on Wireless Communications. 2010 , Page(S): 36 42. E. Anita, V.Vasudevan, A. Ashwini, "A certificate-based scheme to defend against worm hole attacks in multicast routing protocols for MANETs," Communication Control and Computing Technologies (ICCCCT), 2010 IEEE International Conference on , vol., no., pp.407-412, Oct. 2010. Nait-Abdesselam, F. Detecting and Avoiding Wormhole Attacks In Wireless Ad Hoc Networks. IEEE Communications Magazine, Publication Year: 2008, Page(S): 127 133. Yih-Chun Hu, Adrian Perrig, David B. Johnson, Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks, September 2002. L. Lazos, R. Poovendran, C. Meadows, P. Syverson, L. W. Chang, Preventing Wormhole Attacks on Wireless Ad Hoc Networks: A Graph Theoretic Approach, University of Washington, 2003. Cagalj, M.; Capkun, S.; Hubaux, J.-P. Wormhole-Based Antijamming Techniques in Sensor Networks. IEEE Transactions on Mobile Computing. Publication Year: 2007 , Page(S): 100 114. I. Khalil, S. Bagchi, N.B. shroff, LiteWorp: Detection and isolation of the wormhole in static mulihop wireless network, ACM: The international Journal of Computer and Telecommunications Networking Archive, Vol. 51, Issue 13, September 2007. H. Vu, A. Kulkarni, N. Mittal, WOMEROS: A new framework for defending against wormhole attacks on wireless ad hoc networks, in WASA 2008, LNCS 5258, pp. 491-502, 2008. 2012 Journal of Computing Press, NY, USA, ISSN 2151-9617 http://sites.google.com/site/journalofcomputing/