Detecting and Locating Wormhole Attacks in Wireless Ad Hoc Networks

[attachment=17328]
Abstract:
Wireless communications offer organizations and users many benefits, such as portability, flexibility, increased productivity, and lower installation costs. Wireless technologies cover a broad range of differing capabilities oriented toward different uses and needs. Wireless local area network (WLAN) devices. Ad hoc networks, such as those enabled by Bluetooth, allow data synchronization with network systems and application sharing between devices.


Introduction to Wormhole attack:
In a wormhole attack, an attacker receives packets at one point in the network,
“tunnels” them to another point in the network, and then replays them into the network from that point. For tunneled distances longer than the normal wireless transmission range of a single hop, it is simple for the attacker to make the tunneled packet arrive with better metric than a normal multihop route, for example, through use of a single long-range directional wireless page link or through a direct wired page link to a colluding attacker. It is also possible for the attacker to forward each bit over the wormhole directly, without waiting for an entire packet to be received before beginning to tunnel the bits of the packet, in order to minimize delay introduced by the wormhole. Due to the nature of wireless transmission, the attacker can create a wormhole even for packets not addressed to it self, since it can overhear them in wireless transmission and tunnel them to the colluding attacker at the opposite end of the wormhole. If the attacker performs this tunneling honestly and reliably, no harm is done; the attacker actually provides a useful service in connecting the network more efficiently. However, the wormhole puts the attacker in a very powerful position relative to other nodes in the network, and the attacker could exploit this position in a variety of ways. The attack can also still be performed even if the network communication provides confidentiality and authenticity, and even if the attacker has no cryptographic keys. Furthermore, the attacker is invisible at higher layers; unlike a malicious node in a routing protocol, which can often easily be named, the presence of the wormhole and the two colluding attackers at either endpoint of the wormhole are not visible in the route. The wormhole attack is particularly dangerous against many ad hoc network routing protocols in which the nodes that hear a packet transmission directly from some node consider themselves to be in range of (and, thus a neighbor of) that node.



Geographical Leashes:
To construct a geographical leash, in general, each node must know its own location, and all nodes must have loosely synchronized clocks. When sending a packet, the sending node includes in the packet its own location Ps and the time at which it sent the packet ts; when receiving a packet , the receiving node compares these values to its own location Pr , and the time at which it received the packet tr . If the clocks of the sender and receiver are synchronized to within ±Δ, and v is an upper bound on the velocity of any node, then the receiver can compute an upper bound on the distance between the sender and itself dsr.


TIK (TESLA with instant) Protocol description: Our TIK protocol implements temporal leashes and provides efficient instant authentication for broadcast communication in wireless networks. TIK stands for TESLA with instant key disclosure, and is an extension of the TESLA broadcast authentication protocol [9]. The intuition behind TIK is that the packet transmission time can be significantly longer than the time synchronization error. In these cases, the receiver can verify the TESLA security condition (that the corresponding key has not yet been disclosed) as it receives the packet (explained below); this fact allows the sender to disclose the key in the same packet, thus motivating the protocol name “TESLA with instant key disclosure.”