International Journal of Computational Intelligence and Information Security, February 2012 Vol. 3, No.

Analysis of Route comparison with or without Wormhole Attack

Pushpendra Niranjan, Manish Srivastava, and Angad Singh LNCT (RGPV), Bhopal, M.P., India LNCT (RGPV), Bhopal, M.P., India LNCT (RGPV), Bhopal, M.P., India pusp18jan@gmail.com maneeshsreevastava@gmail.com angada2007@gmail.com

Abstract
A Mobile Ad hoc Network (MANET) [1] is a collection of self configurable mobile node connected through wireless links. In MANET nodes which are within the range of each other can connect directly where as nodes which are not in the vicinity of each other rely on the intermediate node for communication In Mobile Ad hoc Networks (MANET) much of the research has been done focusing on the efficiency of the network. There are quite a number of routing protocols that are excellent in terms of efficiency. But the security requirements of these protocols changed the situation and a more detailed research is currently underway to develop secure ad hoc routing protocols. MANETs are extremely vulnerable to attacks due to their dynamically changing topology, absence of conventional security infrastructures and open medium of communication, which, unlike their wired counterparts, cannot be secured. In this paper we specifically considering Tunneling attack [8] which do not require exploiting any nodes in the network and can interfere with the route establishment process. Instead of detecting suspicious routes as in previous methods, we implement a new method which detects the attacker nodes and works without modification of protocol, using a hop-count and time delay analysis from the viewpoint of users without any special environment assumptions. The proposed work is simulated using OPNET [6] and results showing the advantages of proposed work. Keywords: Ad-hoc Network, Hop-count Analysis, Tunneling Attack, MAC, Sensor Networks.

1. Introduction
A Mobile Ad hoc Network (MANET) is a collection of self configurable mobile node connected through wireless links. A MANET is also known as a mobile mesh networks that consists of wireless mobile nodes that dynamically self organized connected by wireless links. Vehicular ad hoc networks and Sensor ad hoc networks are the varieties of MANETs. See in Figure1.1 (a) & (b).

Figure: 1.1(a) Sensor Ad hoc Network (MANET)

45

International Journal of Computational Intelligence and Information Security, February 2012 Vol. 3, No. 2

Figure: 1.1(b) Vehicular Ad hoc Network (MANET)

In MANET nodes which are within the range of each other can connect directly where as nodes which are not in the vicinity of each other rely on the intermediate node for communication. Some special characteristics of MANET like dynamic topology, fast deployment, robustness make this technology an interesting research area. Each node in MANET can work as a sender, receiver as well as router. Communication in the network depends upon the trust on each other. Communication can work properly if each node co-operate for data transmission. The following algorithm depicts the communication in any ad hoc network: attack, attackers tunnel packets to another area of the network bypassing normal routes as shown in Figure 1.2. In practice, attackers can use high power antennas or a wired link, or other methods. The resulting route through the wormhole may have a better metric, i.e., a lower hop-count than normal routes. With this leverage, attackers using wormholes can easily manipulate the routing priority in MANET to perform eavesdropping, packet modification or perform a DoS (Denial of Service) attack, and so on. The entire routing system in MANET can even be brought down using the wormhole attack. Its severity and influence has been analyzed in [9]. 1. Sender node sends the signal to the neighbouring nodes within the vicinity. 2. Neighbouring nodes communicate with the sender node 3. Sender node sends the message to the destination node. 4. If destination node is within the vicinity then message received by the destination node else an intermediate node receives the message. 5. Restart the process of forwarding the message from step no 1 till the destination node is reached. In a wormhole

Figure: 1 The wormhole attack in MANET

Most previous works protecting against wormhole attack use methodologies assuming the viewpoint of administrator, trying to identify the wormhole, and then defend against it.

1.1 Problem statement

In wireless network many types of attacks can be initiated but most of them are relative easy to detect because of their property of dramatically altering the network statistics but one different type of attack we consider in this thesis. it is very important when considering security issues of network, is wormhole attack, which is difficult to detect & can harm by directing important data to unauthorized nodes. During the route discovery process, a 46

International Journal of Computational Intelligence and Information Security, February 2012 Vol. 3, No. 2

wormhole can relay route request and response messages between distant nodes, creating the appearance of shorter routes to destinations. Since the wormhole can be anywhere along a route, a source will have to detect its existence somewhere along the route when a node sets up the route (on-demand).

1.2 Goal
The goal of this paper is to evaluate the effectiveness and efficiency of secure routing protocols in MANET using case study with existing attack patterns in ad hoc environment based on the literature study and wormhole attack is always a problem for detection efficiently with non hardware approach. In this thesis we try to implement a technique which can efficiently detect this attack.

1.3 Purpose
In this paper we specifically considering Wormhole attack which does not require exploiting any nodes in the network and can interfere with the route establishment process. Instead of detecting suspicious routes as in previous methods, we implement a new method which detects the attacker nodes and works without modification of protocol, using a hop-count and time delay analysis from the viewpoint of users without any special environment assumptions.

1.4 Scope
MANETs Infrastructure less topologies, communication medium and with no central administration presents a host of research areas like authentication, availability, secure routing, intrusion-detection, etc. The research approaches in MANET security can be categorized into four principal categories. Key management models Secure routing protocols Instruction detection systems Trust based models This paper work focuses on secure routing protocols. The work is basically organized to evaluate secure routing protocols. Researchers developing secure routing protocols can use the result of this work as a reference to select a particular protocol, given a certain evaluated scenario.Wireless networks are currently very insecure and thus, they are easy targets for attackers. Major users of wireless systems, such as the military, government, emergency response teams and businesses can fall prey to these threats. Ideally, all wireless networks would be protected from wormhole attacks. Existing wireless security protocols have been able to block some but not all wormhole attacks. In these protocols, there are compromises between performance and security. This thesis provides an overview of the available protocols and offers an alternative solution which can reduce the risk of a wormhole attack.

2. Literature Survey
In this section, we review related works in the literature which discuss proposed wormhole attack defenses.

2.1 Graph Theoretic Approach

Lazos et al. [11] proposed a graph theoretic model to characterize the wormhole attack and ascertain the necessary and sufficient conditions for any candidate solution to prevent wormholes. They used a Local Broadcast Key (LBK) based method to set up a secure ad-hoc network against wormhole attacks. In other words, there are two kinds of nodes in their network: guards and regular nodes. Guards access the location information through GPS or some other localization method like SeRLoc [12] and continuously broadcast location data. Regular nodes must calculate their location relative to the guards beacons, thus they can distinguish abnormal transmission due to beacon retransmission by the wormhole attackers. All transmissions between node pairs have to be encrypted by the local broadcast key of the sending end and decrypted at the receiving end. As a result, the time delay accumulates per node traveled. In addition, special localization equipment has to be applied to guard nodes for detecting positions.

2.2 Packet Leashes

In [9], Hu et al. introduced a packet leashes method to restrict the time that packets can be transferred. They propose the TIK protocol based on TESLA [13] and use temporal leashes to determine the wormhole attack by transmission time. Consequently, TIK requires precisely synchronized time among the nodes. In addition, TIK combines hash tree authentication to ensure the time information in the control packet 47

International Journal of Computational Intelligence and Information Security, February 2012 Vol. 3, No. 2

is not modified. Therefore, the receiver can confirm if the packet transmission distance satisfies the restriction that sender has claimed. The TIK packet is transmitted by S as: SR:<HMAC,K i (M),M,T,K i > Where: HMAC K i (M): HMAC for verifying the content; M: Plaintext; T: Values needed for authentications; K i : The key for time interval T i-1 ~ T i . Before the sender sends a packet P, it estimates an upper bound t r on the arrival time of the HMAC at the receiver. Then it picks a key K i which will not expire before the receiver gets the packets HMAC, i.e., T i > t r + , where is the synchronized error between sender and receiver. Next, the sender computes the HMAC K i (M) with K i and attaches the HMAC to the packet. The sender then discloses the key K i after the key has expired. After the receiver obtains the HMAC, it first checks if the key is expired. If the sender has not sent the corresponding key K i , the key is available. The receiver later uses the hash tree root m and the hash tree value T to verify the K i at the end of the packet authentication, then it uses the authenticated K i to verify the HMAC value in the packet. If all these verifications are correct, the packet is accepted as authenticated. However, the assumptions of TIK are impractical. It depends on precisely synchronized time between all nodes and assumes the packet sending and receiving delays are negligible. The wormhole is discovered because it passes packets more slowly than normal routes. Furthermore, knowledge of the positions of all nodes may be a prerequisite for correctly estimating transmission times. (1)

2.3 Other Protocols and Mechanisms

In [10], Wang et al. designed MDS-VOW, a topology visualization system, to visualize the network topology of a sensor network and detect wormholes. In [14], L. Qian . presented the SAM protocol which analyzes the frequency of nodes used, and flags overuse as abnormal. In [12], Y.C.Hu used the information of connectivity to find wormhole. In [13], L. Hu and D. Evans. Used link information for wormhole detection based on the OLSR protocol. There are other works that focus on defending against wormhole attacks in MANET, such as DelPHI in [15] and LITEWORP in [11], and so on. However, most of these mechanisms require some special assumptions and supporting hardware, and some of them are based on specific protocols.

3. Proposed Work
We have performed the simulation of the proposed scheme in Opnet Network Modeler 14.0 to prove practical efficiency of the scheme; the physical parameter considerations are same as taken in mathematical modeling. The steps of modeling in FSM (Finite State Machine) of Proposed Algorithm are as follows: Step1. Randomly Generate a Number in between 0 to maximum number of nodes. Step2. Make the Node with same number as transmitter node. Step3. Generate the Route from selected transmitting node to any destination node with specified average route length. Step4. Send packet According to selected destination and start timer to count hops and delay. Step5. Repeat the process and store routes and their hops and delay. Step6. Now if the hop count for a particular route decreases abruptly for average hop count then at least one node in the route must be attacker. Step7. Now check the delay of all previous routes which involve any on node of the suspicious route. Now the node not encounter previously should be malicious let there are N such nodes. Step8. In N == 1 then it is the attacker else wait for future sequences which shows deviation and involve only one of N nodes. Step9. These nodes are black listed by the nodes hence they are not involved in future routes. Step10. Whole process (from step1 to step9) is repeated until we didnt get the specified goal (goal can be). 1. To get complete list of malicious nodes. 2. To run for specified time. 3. To run for specific number of packets etc. 48

International Journal of Computational Intelligence and Information Security, February 2012 Vol. 3, No. 2

4. Simulation Results
For the simulation we have created node models, process models, & packet models, we also used some predefined node models from library. The details of models with their technical parameters are as follows Total Nodes = 18 Packet size = 1024 bits constant Packet inter arrival time = 1sec. constant Data Rate = 11 Mbps. Area = 10 square Km. Destination Address = Random. Modulation = BPSK Antenna = Omni Directional

Figure: 4.1 Part of Complete Process Model showing only entering process & decision making branches for sender or receiver.

Figure: 4.2 Node distributions

Figure: 4.3 internal architecture of node

49

International Journal of Computational Intelligence and Information Security, February 2012 Vol. 3, No. 2

Figure: 4.4 RF Transmitter Properties

Figure: 4.5 RF Receiving Properties

Figure: 4.6 Node distribution without wormhole attack

Figure: 4.7Average Hop count per route in scenario 1 without wormhole attack

50

International Journal of Computational Intelligence and Information Security, February 2012 Vol. 3, No. 2

Figure :4.8Average Hop count per route comparison.

Attack reduces the average hop count by 20% (shown in blue) from normal condition (shown in red) which shows the selection of attaching node in route, the proposed algorithm significantly regains the hop counts by avoiding the attacker (shown in green)

Figure: 4.9 Average delays per route comparison.

Attack reduces the average delay by 75% (shown in blue) from normal condition (shown in red) which shows the shorting of route by attacking route, the proposed algorithm have much better delay which presents the elimination of attacker (shown in green)

5. Conclusion
Our method provides good performance for detecting tunneling attacks it detects 75 percent of attackers within five minutes, In addition, since we only select part of the searched routes for multi-path transmission, the probability that attacks can occupy the route are further reduced. In another scenario, attackers may maliciously modify other nodes instead of itself in the gray list. Thus the nodes that have been modified would be reported as modifiers and be blocked by the source node. To counter this, some ID-based cryptographic methods [16] such as digital signatures can be adopted to prevent this.

6. Future Work
There could be some attackers difficult to detect. For example, attackers may add fake nodes to an intermediate list so the route has a longer distance. However, it is quite hard for attackers to correctly estimate the expected hops of a particular communication pair since they do not know their relative position in future we can try to overcome these problems.

References
[1] P. Michiardi and R. Molva, CORE: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks, In Proc. 6th IFIP Commun. and Multimedia Security Conf., Sept. 2002 . [2] S. Marti et al., "Mitigating Routing Misbehavior in Mobile Ad Hoc Networks," Proc. 6th Ann. ACM Int'l Conf. Mobile Computing and Networking, ACM Press, 2000, pp. 255 265. [3] S. Buchegger and J.-Y. Le Boudec, "Performance Analysis of the CONFIDANT Protocol ", in Proc. 3rd ACM Intl. Symp., on Mobile Ad Hoc Networking and Computing, Jun 2002.

51

International Journal of Computational Intelligence and Information Security, February 2012 Vol. 3, No. 2

[4] P.G. Argyroudis and D. OMahony, Secure Routing for mobile ad hoc networks, IEEE Communications Surveys & Tutorials, third quarter 2005, Vol. 7, no3, 2005 258 Authorized licensed use limited to: University of Allahabad. Downloaded on July 30,2010 at 16:19:57 UTC from IEEE Xplore. Restrictions apply. [5] R. Mavropodi, P. Kotzanikolaou, and C. Douligeris, Performance Analysis of Secure Multipath Routing Protocols for Mobile Ad Hoc Networks, WWIC 2005, LNCS 3510, pp. 269278, 2005. [6] Papadimitratos, P.; Haas, Z.J. Secure Routing for Mobile Ad Hoc Networks. In SCS CNDS, San Antonio, TX, USA, January 2002. [7] Sanzgiri, K.; Dahill, B.; Levine, B.N.; Shields, C.; Belding-Royer, E.M.A. A Secure Routing Protocol for Ad Hoc Networks. In Proceedings of 2002 IEEE International Conference on Network Protocols (ICNP), Paris, France, November 2002. [8] Hu, Y.C.; Perrig, A.; Johnson, D.B. Wormhole Attacks in Wireless Networks. IEEE J. Sel. Area Comm. 2006, 24, 370380. [9] Khabbazian, M.; Mercier, H.; Bhargava, V.K. Severity Analysis and Countermeasure for the Wormhole Attack in Wireless Ad Hoc Networks. IEEE Trans. Wireless Commun. 2009, 8, 736745. [10] Wang, W.; Bhargava, B. Visualization of Wormholes in Sensor Networks. In Proceedings of the 2004 ACM workshop on Wireless Security (WiSe), ACM WiSE04, Philadelphia, PA, USA, October 2004; pp. 5160. [11] I. Khalil, S. Bagchi, and N. B. Shroff. LITEWORP: A lightweight countermeasure for the wormhole attack in multihop wireless networks. In Dependable Systems and Networks (DSN), pages 612621, Jun 2005. [12] Y.-C. Hu, A. Perrig, D. B. Johnson, WormholeAttacks in Wireless Networks, Selected Areas of Communications, IEEE Journal on, vol. 24, numb. 2,pp. 370- 380, 2006. [13] L. Hu and D. Evans, Using directional antennas to prevent wormhole attacks, in Proceedings of the Network and Distributed System Security Symposium [14]. N. Song, L. Qian, X. Li, Wormhole Attack Detection in Wireless Ad Hoc Networks: a Statistical Analysis Approach, Parallel and Distributed Processing Symposium, 2005, Proceedings of, 19th IEEE International IPDPS05, 04-08 April 2005, pp. [15] D. A. Maltz and D. B. Johnson and Y. Hu. The dynamic source routing protocol (DSR) for mobile ad hoc. [16] A. A. Pirzada and C. McDonald, Kerberos assisted authentication in mobile ad-hoc networks, in Proceedings of the 27th Australasian Computer Science Conference (ACSC), 2004.

52