deworm - 2009 Third International Conference on Network and...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
DeWorm: A Simple Protocol to Detect Wormhole Attacks in Wireless Ad hoc Networks Thaier Hayajneh University of Pittsburgh Pittsburgh, PA, USA Email: hayajneh@sis.pitt.edu Prashant Krishnamurthy University of Pittsburgh Pittsburgh, PA, USA Email: prashant@sis.pitt.edu David Tipper University of Pittsburgh Pittsburgh, PA, USA Email: dtipper@sis.pitt.edu Abstract —The wormhole attack is considered to be a serious security attack in multihop ad hoc and sensor networks. We propose “DeWorm”, a simple protocol to effectively detect wormhole attacks without the need for special hardware and/or strict location or synchronization requirements. DeWorm makes use of discrepancies in routing information between neighbors to detect wormholes. A simulation based analysis of DeWorm for a variety of scenarios shows that the proposed protocol can detect wormhole attacks with a high detection rate, a low false positive rate and low overhead. Further, in comparison to other wormhole detection protocols, the proposed protocol is simple, localized, and capable of detecting a variety of types of wormhole attacks including physical layer wormholes. I. INTRODUCTION Mobile ad hoc and sensor networks are comprised of nodes that must cooperate to dynamically establish routes using wireless links. Routes may involve multiple hops with each node acting as a router. Since ad hoc and sensor networks typically work in an open untrusted environment with little physical security, they are subject to a number of unique security attacks. One attack in ad hoc and sensor networks that has received a great deal of recent attention is the wormhole attack [1]–[3]. In a wormhole attack, an adversary will capture packets at one point in the network and tunnel them to a distant location where they are replayed, typically without modiFcation. This results in extraneous links controlled by an adversary. ±or example an attacker can construct a physical layer wormhole attack by placing two transceivers M 1 and M 2 in the network as shown in ±ig.1. The transceivers M 1 and M 2 , though physically apart, are connected through a high speed wired or long range high speed wireless link called the wormhole link . Legitimate network nodes consider the wormhole link as a short path from one side of the network to the other side. ±or example, nodes B , 6 , 7 , 14 , and 23 in ±ig.1 will assume that nodes C , 8 , 9 , and 10 are one-hop neighbors due to the wormhole. Consequently, the wormhole will attract a large amount of trafFc between various source and destination nodes in the network. Once trafFc is routed through the wormhole, the attacker can selectively drop data packets or cause intermittent disconnections that will lead to denial-of-service. Cryptographic techniques (e.g., encryption/authentication) do not detect the wormhole attack as the transceivers simply relay the encrypted or authenticated packets.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 8

deworm - 2009 Third International Conference on Network and...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online