INFORMATION PAPER International Journal of Recent Trends in Engineering, Vol. 1, No. 2, May 2009
A Graph-Theoretic Algorithm for Detection of Multiple Wormhole Attacks in Mobile Ad Hoc Networks Revathi Venkataraman1, M. Pushpalatha1, T. Rama Rao2 and Rishav Khemka1 1
Department of Computer Science and Engineering, SRM University, Chennai, India Email:
[email protected],
[email protected],
[email protected] 2 Department of Telecommunication Engineering, SRM University, Chennai, India
Abstract— The lack of any centralized infrastructure in mobile ad hoc networks (MANET) is one of the greatest security concerns in the deployment of wireless networks. MANET functions properly only if the participating nodes cooperate in routing without any malicious intention. However, some of the nodes may be malicious in their behavior by initially attracting a large amount of traffic and later on launching active security attacks like denial of services. Due to the dynamic topology and unreliable wireless links, ad hoc networks are prone to many security attacks. This paper addresses few related works concerned with wormhole attacks. A graph theoretic approach based on adjacency matrix of a network is proposed which easily detects the presence of wormholes in mobile ad hoc network. This approach is advantageous since it does not increase the computation complexity in a mobile node which is resourceconstrained.
collaborate with each other and indulge in this attack. They establish a single long range wireless link or out-ofband communication between themselves as shown in Fig 1. A and B are two different areas which are out of the wireless communication link. Due to the wormhole link between the two nodes X and Y, the nodes a, b & m will be one-hop neighbors to c, d & e respectively. The attacker at one end records the incoming traffic and tunnels them to the other end. If routing control messages like RREQ are tunneled, this will lead to distorted routing tables in the network. If a fast transmission path exists between the two ends of the wormhole, they may tunnel the data faster than the normal mode of wireless multihop communication. Thus, they attract more traffic from their neighbors. This is termed as rushing attack [6]. These wormholes by themselves are harmless. But, in many circumstances they act as the first stage attackers wherein they indulge themselves in denial-of-service attacks in their second stage. This can compromise the security of the entire network. In the absence of security mechanisms, the existing routing protocols may not be able to find a legitimate path to forward their data resulting in isolation of a single or a set of mobile nodes. Lots of centralized and distributed approaches used for wormhole detection are discussed in [6].
Index Terms—Wormholes, DOS attacks, adjacency matrix, common neighbors.
I. INTRODUCTION Ad hoc networks are simple peer-to-peer networks, self-organized with no fixed infrastructure. This leads to new vulnerabilities which are not known in wired networks [1, 2]. The wireless links and dynamic topology definitely gives flexibility in installation. But at the same time, security is a major concern in these networks. The wireless channels are vulnerable to various security attacks [1, 2]. Some of the ad hoc nodes may be victimized in the network by malicious nodes and may indulge in various denial-of-service attacks [1, 2]. The lack of security frameworks in these networks are one of the major concerns in their large scale deployments. Our proposal is an initiative towards developing a foolproof security model [3, 4, 5] which can detect and prevent a good subset of security attacks possible in an ad hoc environment. This paper elaborates the wormhole attack mechanisms and surveys the existing algorithms for detection of wormholes in any network.
Fig. 1 Wormhole Attack representation
Hence, a reliable and efficient defense mechanism is required to detect the wormholes in an ad hoc network. Section 2 briefs about the existing works and algorithms on detection of wormhole attacks. Section 3 describes the graph theoretic approach of detecting a wormhole in a network. Section 4 concludes by pointing to future work.
Wormhole attacks are one of the greatest threats to ad hoc routing protocols. Two non co-operating nodes 220 © 2009 ACADEMY PUBLISHER
INFORMATION PAPER International Journal of Recent Trends in Engineering, Vol. 1, No. 2, May 2009 II.
III. PROPOSED WORMHOLE DETECTION MECHANISM
EXISTING DEFENSE MECHANISMS
The proposed wormhole detection mechanism is more suited for proactive protocols which maintain updated route tables. The wormhole detection process is done by the following steps.
A decentralized wormhole detection approach based on distance estimation, called packet leashes was proposed in [7]. It consists of geographical and temporal leashes which are based on adding location and timing information to the packets respectively. For implementing geographical leashes, location information is required. This can be done using Global Positioning System (GPS), but they have their own limitations in an in-door environment. Furthermore, equipping every mobile node with a GPS receiver may be expensive in certain environment. Temporal leashes require highly synchronized clocks wherein the difference should be of the order of nanoseconds. This might be a limitation while using contention based medium access control protocol. Authentication and Integrity of these packet leashes is another security concern in an ad hoc environment. Some of the limitations are overcome in the TIK protocol which uses TESLA with Instant key disclosure. The TESLA condition is checked to ensure whether the full MAC is received before the TESLA key used for computation is released [8].
1.
2.
3.
Yet another distance bound technique uses an authenticated protocol namely Mutual Authenticated Distance bounding (MAD) [9]. This technique used symmetric key cryptographic mechanisms for authentication. Even though it does not require any localization information and tight synchronization, it needs specialized hardware devices and efficient MAC schemes for fast transmission and reception with minimum delay.
4.
Construct an adjacency matrix from the route table. This is a symmetric n x n binary matrix X where n is the total number of nodes in the ad hoc network. Xij = 1 if there is a direct path of length one from i to j. 0 otherwise. Compute X2 = X x X where x is an ordinary matrix multiplication in the ring of integers. The value of off-diagonal entries in X2 gives the number of nodes that are common neighbors to both ith and jth nodes [15]. If all non-zero entries are examined in X, go to step 5. For every unexamined non-zero entry in X, if the corresponding value in X2 is zero, the ith and jth nodes are showing themselves as neighbors, but they do not have any common neighbors. Both of them may be possible adversary nodes involved in wormhole attack. For these entries do step 4. Let the neighbors of i and j be denoted as set of nodes N and M respectively. The sum of adjacent nodes in common neighbors is represented by Eq(1.1), where Ta is the adjacency threshold and it is a design parameter based on the population of nodes in an ad hoc network. N
∑∑
The use of directional antennas to prevent wormhole attacks was discussed in [10]. All the nodes should have same direction and orientation which limits the practical implementation of this technique. Also a valid verifier should exist between the neighboring nodes and multiple wormhole attacks cannot be detected. Few centralized approaches like Multi-dimensional scaling (MDS) [11] are presented which may be useful in a managed ad hoc network. But, they also require localization information and have practical limitations in a sparsely populated ad hoc network. Another centralized statistical approach was discussed in [12]. This technique may not be appropriate for a decentralized ad hoc network and they cannot locate which nodes are affected by wormholes. Statistical approaches like the use of guard nodes are discussed in [13]. The authors assume the presence of few guard nodes uniformly distributed throughout the network. These guard nodes are capable of transmitting with higher power. The efficiency of this technique solely depends on the credibility of uncompromised guard nodes. In an ad hoc network with lots of security threats, this situation seems to be unrealizable.
(Xij > Ta)
(1)
i =1 j =1
a)
5.
If the inequality in Eq (1.1) is satisfied, it can be assumed that the threshold for adjacency for common neighbors is satisfied. Due to sparsely populated nodes in ad hoc network, i and j do not have common neighbors. Go to step 3. b) If the inequality in Eq(1.1) is not satisfied, the two nodes i and j are malicious nodes indulging in wormhole attack. Report them and go to step 3. Terminate the wormhole detection algorithm and inform the rest of neighboring nodes about the possible wormhole attacks. The neighboring nodes will accept the findings based on the trust relationship they have with the detection node which has run the algorithm.
As discussed in [14], the probability of an arbitrarily chosen neighbor of i to be a common neighbor of i and j is given by pc. The number of common neighbors is denoted by Kc. For a known neighbor set, Kc follows a binomial distribution in (2). 221
© 2009 ACADEMY PUBLISHER
M
INFORMATION PAPER International Journal of Recent Trends in Engineering, Vol. 1, No. 2, May 2009
⎛i ⎞ ⎝ j⎠
P(Kc=j | Ko = i) = Bi,pc (j) = ⎜⎜ ⎟⎟ pjc(1-pc)i-j
(2)
[4]
In an ad hoc network with densely populated nodes, many nodes will have common neighbors. Hence, any node can run the wormhole detection algorithm and communicate its findings to its neighboring nodes.
[5]
CONCLUSIONS
This paper discusses some of the existing defense mechanisms in wormhole detection and also proposes a new algorithm for detecting multiple wormholes in an ad hoc network. If symmetric links are assumed, the upper triangle of the matrix is sufficient to store all the neighborhood information. The adjacency matrix requires n(n-1)/2 bits of storage. Alternatively, a linear array can be used to represent the set of neighbors of each node in an ad hoc network. Choosing the necessary data structures for neighbor listing and performance analysis of the algorithm is our future work. The mechanism will be accordingly modified to suite reactive protocols also.
[6]
[7]
[8]
[9]
[10] ACKNOWLEDGMENT
[11]
The authors wish to acknowledge the support of the SRM University, Chennai, India to carry out this work.
[12]
REFERENCES
[1] Yang Xiao, Xuemen Shen, and Ding-Zhu Du, Wireless Network Security, Springer series on Signals and Communication Technology, 2007. [2] Imrich Chlamtac, Marco Conti, Jennifer J.-N.Liu, Mobile ad hoc networking, inperatives and challenges. Ad Hoc Networks 1 (2003) pages 13-64, Elseiver publications. 2003. [3] Revathi Venkataraman, M.Pushpalatha, “Security in Ad hoc Networks: An extension of Dynamic Source Routing in Mobile Ad hoc Networks. Proc. of the 10th IEEE
[13]
[14]
[15]
222 © 2009 ACADEMY PUBLISHER
International Conference on Communication Systems, Singapore, 2006. Revathi Venkataraman, M.Pushpalatha, Rishav Khemka, T Rama Rao, “Prevention of Flooding Attacks in Mobile Ad hoc Networks”, To be published in Proceedings of International Conference on Advances in Computing, Communication and Control, Mumbai, January 2009. M. Pushpalatha, Revathi Venkataraman, Rishav Khemka, T Rama Rao, “Fault Tolerant and Dynamic File Sharing Ability in Mobile Ad hoc Networks”, To be published in Proceedings of International Conference on Advances in Computing, Communication and Control, Mumbai, January 2009. Levente Buttyan and Jean-Pierre Hubaux, “Security and Cooperation in Wireless Networks,” Cambridge University Press, Draft Ver.1.3, 2007. Y. C. Hu, A. Perrig, and D. Johnson, “Packet leashes: a defense against wormhole attacks in wireless networks,” in INFOCOM, 2003. Yih-Chun Hu, Adrian Perrig and David B. Johnson, “Wormhole Attacks in Wireless Networks,” IEEE Journal on Selected Areas In Communications, Vol. 24, No. 2, February 2006. S. Capkun, L. Buttyn, and J. P. Hubaux, “SECTOR: Secure tracking of node encounters in multi-hop wireless networks,” in 1st ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), October 2003. L. Hu and D. Evans, “Using directional antennas to prevent wormhole attacks,” in Network and Distributed System Security Symposium (NDSS), 2004. W. Wang and B. Bhargava. Visualization of wormholes in sensor networks. In Proceedings of the ACM Workshop on Wireless Security (WiSe), Philadelphia, PA, USA, 2004. L. Buttyan, L. Dora, and I.Vajda. Statistical wormhole detection in sensor networks. In Proceedings of the European Workshop on Security and Privacy in Ad Hoc and SensorNetworks (ESAS), Springer, Visegrad, Hungary, 2005. R. Poovendran and L. Lazos, “A graph theoretic framework for preventing the wormhole attack in wireless ad hoc networks,” ACM Journal of Wireless Networks (WINET), 2005. Christian Bettstetter, Michael Gyarmati and Udo Schilcher, “An Inhomogeneous Spatial Node Distribution and its Stochastic Properties,” in Proc. ACM/IEEE Intern. Symp. On Modelling, Analysis, and Simulation of Wireless and Mobile Systems, Greece, Oct 2007. Narsingh Deo, “Graph Theory with Applications to Engineering and Computer Science”, Prentice-Hall, 1994.
