Distributed approach to mitigate wormhole attack in wireless sensor ...

Download PDF
3 downloads 8628 Views 300KB Size Report
Comment
#1MSc Student, Faculty of Computer Science and Information Systems, University ... #3 BSc Student, Faculty of Electrical Engineering, Sajad University, ...
Distributed Approach to Mitigate Wormhole Attack in Wireless Sensor Networks Ali Modirkhazeni #1, Saeedeh Aghamahmoodi#2, Arsalan Modirkhazeni#3, Naghmeh Niknejad#4 #1

MSc Student, Faculty of Computer Science and Information Systems, University Technology Malaysia 81310 UTM Skudai, Johor Darultakzim, Malaysia, [email protected] #2 MSc Student, Electrical and Computer Engineering Department, Shahid Beheshti University, Tehran, Iran, [email protected] #3 BSc Student, Faculty of Electrical Engineering, Sajad University, Mashhad, Iran, [email protected] #4 MSc Student, Faculty Computer Science and Information Systems, University Technology Malaysia 81310 UTM Skudai, Johor Darultakzim, Malaysia, [email protected]

Abstract- Wireless sensor network is a growing technology which is offering solution to variety of application areas such as health care, military and industry. These kinds of networks usually apply number of devices known as sensor devices. These sensors which are limited are distributed over the environment and communicate through the wireless media. As sensor devices are limited the network exposed to variety of attacks. Conventional security mechanisms are not suitable for WSNs as they are usually heavy and nodes are limited. One of the most severe attacks to detect and defend in wireless sensor network is wormhole attack which data will be forwarded from one part of the network to the other part trough the wormhole tunnel. In this paper we focused on wormhole attack and proposed distributed network discovery approach to mitigate its effect. According to the simulation our approach can mitigated almost 100% of wormhole attack overload in the environment where 54% of nodes are affected with the wormhole. I. INTRODUCTION Wireless Sensor Network (WSN) is usually consisting of huge number of limited sensor devices which are communicated over the wireless media. There are a lot of its applications in military, health and industry. Many of WSN applications such as military and healthcare are critical and required certain level of security. Therefore it is necessary to provide wireless sensor network not only with the acceptable reliability of services but also adequate level of security. As sensor devices are restricted, security in WSNs is a challenging task and the networks exposed to various kinds of attacks and conventional defenses against these attacks are not suitable. One of the most severe attacks to detect and defend in wireless sensor network is wormhole attack which, a malicious attacker receives packets from one location of network, forwards them through the tunnel (wormhole) and releases them into another location. [1-5]. In this paper we focused on the wormhole attack in WSNs, presented selected countermeasures and then we proposed network discovery approach which needs no additional tools or accurate time synchronization. According to the simulation

proposed approach acted efficiently and mitigated almost 100% of wormhole attack overload in the environment where 54% of nodes are affected with the wormhole. The rest of the paper is organized as follow: Section II discusses about sensor device architecture. In Section III we talk about wormhole attack in more depth and reviews previous findings in this regard presented in Section IV. Our neighbor discovery approach will be presented in Section V. Section VI presents simulation and results respectively. And finally Section VII concludes the paper. II. SENSOR DEVICE ARCHITECTURE Verdonel et al. describe the sensor node device as the simplest tool in the wireless sensor networks and considers the five elements for sensor device which are shown in Fig1. According to their works, sensor node device has the Microcontroller which manages all tasks. It also equipped with the memory which is used to store environmental sensed data. The radio transceiver is used to transmit data. Additionally it has the sensor to sense environment. And finally the power source, the battery, which is used to provide required power for the other elements.

Fig 1. Sensor Node Architecture [7]

As sensor device consist of limited components, it could not be used for complex tasks and processes. Therefore any

- 122 -

mechanisms including security approaches, should meet these restrictions in order to be viable in sensor networks. III. WORMHOLE ATTACK IN WIRELESS SENSOR NETWORK One of the most severe attacks to detect and defend in wireless sensor network is wormhole attack [1-5]. In this attack, a malicious attacker receives packets from one location of network, forwards them through the tunnel (wormhole) and releases them into another location. The illustration of wormhole attack in wireless sensor networks is shown in Fig2.

using protocol deviation. In this case attack can be lunched as some nodes back off during the forwarding of route request and attacker only needs to forward route request packet without backing off. In another classification which was done by Graaf et al. in [10] wormhole attack were categorized into active and passive attacks. In the active wormhole attack the endpoints of wormhole tunnel are two sensor nodes which are belonged to the network. As a matter of fact in this case the tunnel’s endpoints are part of WSN. In the passive attack, the endpoints of the wormhole tunnel are not belonging to the network. In this case of wormhole the tunnel usually made by repeater that simply get the message and forward it. Wang et al. also classified wormhole attack into closed, half open and open attacks. [11]. This classification is base on the meaning of the term “close” and “open” where the former is referring to “start from and include” and the latter is referring to “start from and not include”. There are some classifications of wormhole attack in wireless sensor network. These classifications differ from each other as they made base on different criteria.

Fig 2. Illustration of Wormhole Attack

Wormhole attack can be classified base on different criteria and researchers came up with different classifications. As a result of work in [8] wormhole attack had been classified base on the techniques which is used to attack lunching into five classifications which are shown in the Fig 3.

Fig 3. Wormhole Attack Classification by Khalil et al.

In the first category, wormhole using encapsulation, attacker capsulate the routing information and send it through the other nodes to its cooperator. In this kind of wormhole attack at least two attackers are needed and as tunnel made via usual nodes in the network, there is no need to any additional tools. Wormhole attack using out of band channel is another category in this classification which attacker use long range wireless or wired link directly to its cooperator. In the wormhole with high power scenario once malicious attacker receives a route request message, it broadcasts it with high power signal which is not available to the usual nodes in the network and by doing so it will establish tunnel, through itself, from source to destination. Wormhole using packet relay will be done as attacker convinces two nodes (usually far from each other) that they are neighbor by relaying packets. Finally as some protocols such as ARAN [9] uses the path which has less packet delivery delay wormhole attack can be lunched

IV. WORMHOLE ATTACK COUNTERMEASURES IN WIRELESS SENSOR NETWORK This section will present countermeasures in order to detect, defend or mitigate the effect of wormhole attack in wireless sensor networks. In general the common method in order to detect wormhole attack in wireless sensor network is to use neighbor discovery techniques. Sometimes this will be achieved through applying special equipments such as antenna [12]. Other approaches may use accurate time synchronization in order to detect whether packets are received from the authorized neighbors or not [13-14]. Additionally protocols may estimate the distance of the sender through the signal straight and verify whether data comes from the node within the range of communication or not [15]. Some other approaches in this regards apply centralized mechanisms which uses statistical analysis and methods to detect wormhole attack [16]. These approaches will detect wormhole existence due to specific changes in certain statistical pattern. The rest of this section will review selected approaches regarding to wormhole attack detection and mitigation in wireless sensor network. Lee, Kim and Seo in [17] proposed a method to mitigate wormhole attack in wireless ad hoc networks. Basic idea of this approach is to check whether forwarded packet is from authorized neighbor. Therefore they proposed each node gathers information about its first and second hop neighbors. They use pair wise key management scheme in their approach [18]. The proposed approach begins to work by broadcasting the announcement message to network. Every node broadcasts this message which contains Time To Live (TTL) equal to two, announcer identity and encrypted identity of announcer.

- 123 -

When announce message receives to the first-hop neighbor, TTL will be checked, it TTL equals to two, then first-hop neighbor stores sender identity and its encrypted identity. Then decrease value of TTL and forward it to second-hop neighbors. It also sends ACK to announcer which contains its identity, encrypted identity and diffe-hellman key exchange algorithm. After forwarded message reaches to second-hop neighbor, it will check TTL. If TTL is equal to one, then it store announcer’s identity and encrypted one and send ACK to announcer. When ACK receives to announcer, it saves sender’s identity and encrypted identity then it generates session key using diffe-hellman parameter and responds the sender by sending response message which contains other differ-hellman parameter and nonce and secret key. It is notable that nonce and secret key are encrypted with the session key which is made by differ-hellman algorithm. When response reaches to the neighbors, first they generate session key using other differ-hellman parameter which is in response message. Second they store secret key of announcer and nonce after decrypt it using session key. And finally they send confirmation message to announcer. This message contains incremented value of nonce by one and secret key of the sender which is encrypted by computed session key. Once announcer receives confirmation message, it verifies it and add the neighbor to its neighbor list. The neighbor list contains ID1 and ID2 topples in which the former is related to the firsthop neighbor and the later is related to second-hop neighbor. It is noticeable that in this method every node attaches its identity accompany with the message authentication code (MAC) of its identity to the packet as it forwards received packet. This MAC computed by keyed hash function such as HMAC [19]. When announcer receives a packet, it first checks the forwarder ID is in its list. If it can find equivalent ID in the neighbor list, second, it computes MAC of identity using secret key corresponding to that ID. If the value of computed hash will be equal to stored hash in the packet, announcer will accept the packet; otherwise packet would be directed to announcer by wormhole. Alzer, El-Kassas and El-Soudani in [20] proposed method for wormhole attack detection and prevention base on social science theory of diffusion of innovations which has been introduced in [21]. The mentioned theory is deal with cultural and social behavior concerning how innovations to be selected or ignored by society members. Diffusion of innovations applies five stages with innovation decision process and these five stages are knowledge, persuasion, decision, implementation and confirmation. Therefore set of actors will be defined by theory of diffusion of innovations which play role in the process. These actors are: Innovators, early adopters, early majority, late majority and laggards. Base on theory of diffusion of innovations, they proposed decentralized schemed for intrusion detection. Their approach uses Network Monitor elements which monitors parameters such as transmission power, the back off and total number of packets which will be used further to detect wormhole attack.

They presented five phases approach for intrusion detection and prevention. These phases are: Normal Network Routing, Wormhole Parameter Measurement, Actor’s Network Formation, Route Selection using Penalties and intrusion detection. Normal network routing as the first phase applies Ad Hoc on Demand Distance Vector (AODV) routing protocol such as [22] in which path will be selected according to the minimum number of hops. In the second phase, wormhole parameter measurement, some parameter such as speed of packet arrival, power of node transmission and actual location of source and destination will be examined. Actor’s network formation phase will deal with construction of Innovators, early adopters (EA), early majority (EM), late majority (LM) and laggards (LD) which are defined actors in theory of diffusion of innovations. Next phase is route selection using penalties. In this phase the process of path election is differ from the original AODV routing. After foundation of the actors the penalties will be given to some node base on the actor. After a node, say X, receives signaling packet from the other node, say N, it checks whether N belongs to its address table, if not it assigns a penalty to N regarding of the N’s actor involved for forwarding signaling packets. Then X select the node M with minimum number of hops and add corresponding penalty to it and after that compares M and N and select the best for transmission the packets. The last phase removes the malicious node from the network. In this phase threshold of the early adopter of certain node will be checked. If it exceeds the threshold value T the message will be broadcast to the network to remove that node(s) and treat it like a malicious nodes. Qian et al. propose simple scheme named SMR to detect wormhole attack in wireless ad hoc and sensor networks. SMR which operates on the multipath routing protocols uses statistical approach to detect this attack. The main idea of SMR is to find dramatic change in certain statistics which obtained by routing protocol [23]. Their schemes tries to, first, perform statistical analysis of the network. If the analysis result is similar to certain pattern they will, second, test the path to confirm the wormhole attack. SMR does so by sending probe packet and waiting for acknowledgement. And finally if the attack is conformed, they report it to make the network isolate. They assume that environment is bidirectional and wormhole attack has strong attack on the network and that is mean attacker can connect more than one hop. It is also assumed that attacker cannot modify and fabricate the packets. SMR uses some measurements; let R be the set of all obtained routes, L be the set of all distinctive links in R, li be the i-th link in L, ni be the times that li appears in R, n be a random variable representing number of times that a link appears in R, N total number of non-distinctive links in R and finally Pi be the relative frequency that li appears in R. As wormhole attack makes tunnel between two attackers, and attackers are attractive to routes discovery packets, it is expected that the equation (1) measurements help to detect wormhole attack.

- 124 -

 =

 

where  = ∑ 

(1)

The maximum relative frequency can be computed using equation (2).   = max( )

(2)

The values of nmax, imax can be found in equations (3).

 = max(  ) and  =    ( )

(3)

ɸ and n2nd are also computing as they have been showed in equations (4) and (5).

2 =

∅=

max ( ) i ≠ imax 

 − 2 

(4)

(5)

Base on their claim, it is expected that the value of P max and ɸ will be much higher under wormhole attack. SMR will find suspicious nodes as it has the highest P i. In order to wormhole attack confirmation, first destination sends the prove packets to source using the suspicious route, the source identify the probe packet and then sends ACKs through the same route to destination and finally base on the percentage of arrived ACKs, destination will verify the existence of wormhole attack. In other attempt for wormhole attack detection in wireless sensor networks, Graaf et al. presented a distributed intrusion detection system which monitors the data exchanges in the network [10]. They assume network has additional intrusion detection (ID) nodes which monitor the communication and does not have the limitations of ordinary nodes. The wormhole attack will be identified through these ID nodes. Additionally they assume that the arrangement of ID nodes should be in the way that every sensor node and its valid neighbor are monitored with at least one ID. In the other words a sensor say s with its neighbor say n, is fully-monitored by an ID say x, if both s and n are in the communication range of x. The proposed method detects wormhole attack if there will be no ID which fully monitors two endpoints of communication. Base on the work which had done by Rasheed and Mahapatra in [24], the novel scheme proposed to defend the wormhole attack in wireless sensor network. Their approach is base on mobile sink (MS) and multiple radio channels. The proposed method applies polynomial key pool pair wise key distribution scheme which introduced in [25]. The proposed method needs to have radio transmission system for every element in the network. In this approach, every node including MS, tunes its radio channel to pre-selected common channel called network discovery channel at the beginning. Then MS sends beacon messages the nodes while it traverses over the network. Then nodes use polynomial key management scheme and establish

the pair wise key with MS. Then MS assigns channel fi to every node which has a pair wise key ki and sends an encrypted message containing assigned frequency fi to the node has corresponding key ki. This frequency will be used in order to transmit data. The wormhole can be detected if MS receives a data from node containing unknown pair wise key or thorough the invalid data transmission channel. As a result of work in [16], two statistical approaches were proposed to detect wormhole attack in wireless sensor networks. This approach neither requires any additional hardware such as antenna or GPS nor accurate time synchronization. But it assumed that nodes can build their neighbor list and send it to the base. And after neighbor lists from all nodes be sent to the base, base runs the algorithm and detect whether there is wormhole or not. First scheme called Neighbor Number Test (NNT). This test is based on the idea of increasing the number of neighbor after lunching wormhole. In order to explain how NNT works consider Fig 4. In this figure the thick circle shows the communication range for a valid node in the network. As it can be seen in the Figure 2-10, the actual neighbors of node A are N 1, N2 and N3 while after lunching wormhole the neighbors will be N 1, N2, N3, W1, W2, W3, W4 and W5.

Fig 4. Illustration of the sensor network [16]

In order NNT to work, first base computes the expected histogram of neighbors using hypothetical distribution of number of neighbors. Second it gathers neighbor list updates from the nodes and constructs real neighbor histogram. And then it compare these two histogram using X2 test [26]. If the value of computed X2 is larger than specific threshold then wormhole is detected. In order to compute x2 value, first consider that sensor node with communication range r, are uniformly distributed over sphere area T and the probability of two nodes being neighbor is shown in equation (6). =

2.  

(6)

And the probability of a node that have exactly K neighbors is computed in Eq. (7).  () =   .  . (1 − )− 

(7)

Where (N+1) is total number of nodes. Let us split set of {1, 2, 3, … } to {B1, B2, … , Bm} such that for each k ϵ Bi the expression e(i) which defined below in Eq. (8), will be larger than 5.

- 125 -

() = ( + 1)  ()

(8)



And then the X2 value can be computed as defined in equation (9). 2 =  ∀

() − ()

()

(9)

Another proposed approach called All Distance Test (ADT). The idea of ADT is very simple; it express that the distance of the neighbors become short after wormhole attack be lunched. In other words wormhole distorts the deployment of length of the shortest route among all pairs of nodes. In this method, like NNT, base estimates the histogram related the neighbor distances in network and then collects real information about the neighbor distances. After that it runs X 2 test and indicate whether wormhole exists in the network or not. V. PROPOSED NEIGHBOR DISCOVERY APPROACH Base on the discussions in previous section, in order to mitigate effect of wormhole attack in wireless sensor network, a distributed neighbor discovery approach has been proposed. There are some criteria to determine whether wormhole attack is performing in the network or not. For example some methods use statistical approach. They find dramatic changes in the certain statistical patterns and then decide on existence of wormhole in the network. Longer propagation can be another symptom of wormhole existence. Additionally we can determine the existence of wormhole in the network by checking the parameters such as bigger transmission range than that of normal condition, and previous node is not a neighbor as well. The proposed method is based on the fact that mentioned wormhole data comes from unauthorized and illegal neighbors. In order to illustrate the idea of the proposed neighbor discovery technique, consider Fig. 5 presented at below. This figure illustrates of network with 12 nodes. Consider tow nodes ‘A’ and ‘B’. The actual neighbors of node ‘A’ are ‘A1’ and ‘A2’ and the real neighbor of node ‘B’ are ‘B1’ and ‘B2’. This means that node ‘A’ receives information only form nodes ‘A1’ and ‘A2’ and nodes ‘B1’ and ‘B2’ only send data to node ‘B’. As it is shown in the Figure 4-2, node ‘A’ is connected to node ‘B’ through the wormhole. Therefore node ‘A’ can also receive data from node ‘B’ and vice versa.

Fig 5. Illustration of Network Affected with Wormhole

The problem of wormhole attack will be solved if the receiving node can determine whether arrival data comes from actual neighbor or not. Therefore in order to mitigate the effect of passive wormhole attack which attacker is not belong to the network and does not use the sensor devices to receive and forward the data through the wormhole tunnel, neighbor discovery protocol has been proposed. A. System Assumptions It has been assumed that each two neighbor nodes have the secret share key which has been shared after deployment of network and cannot be captured by attacker as it needs more time to capture. It is also assumed that attacker cannot lunch wormhole attack before certain time T n which illustrates the time to complete neighbor discovery. Additionally attacker could not change or modify transmitted data and uses its own devices and cannot use network nodes to lunch attack. After certain amount of time (which is not considerable) attacker can lunch wormhole attack and it can also lunch selective forwarding attack which data randomly forwarded by attacker after message was forwarded to other tunnel endpoint. B. Definition The proposed method starts to work as every node, say ‘A’, sends HELLO message to the all of on hop neighbors. This message is encrypted with secret shared key between each two neighbors, say KAB which is the shared secret key between two nodes ‘A’ and ‘B’. It contains the ID of sender, a random number as nonce and message digest. The message digest is computed using hash algorithms such as SHA1 and MD5. We use MD5 algorithm in order to generate hash values as it is recommended in the literatures [27-28] which claimed MD5 is suitable to be used in wireless sensor network. When a neighbor, say ‘B’, receives a HELLO message, it will decrypt the message using a shared key between itself and the sender of the message. After that it computes the hash of ‘Sender ID’ concatenation of ‘Nonce’. If result is equal to what is in the message, the HELLO message is authenticated and from an authorized neighbor. Once HELLO message is authenticated, RESPONSE message will be sent back. RESPONSE message contains the identity of sender (a node which sends a RESPONSE message), ‘Nonce’ under the simple function F and message digest of ‘Sender ID’ concatenation of ‘F(Nonce)’. It is considerable that F is a simple function such as F(n) = n + 1 and message is encrypted via shared key among the sender and receiver. After RESPONSE message has been received to the destination, it will be decrypted via shared key between two neighbors. After RESPONSE message was decrypted, node ‘A’ verifies node ‘B’ through the authentication steps. First it checks weather hash value of ‘IDB‘ and ‘F(Nonce)’ is equal to the hash value in the RESPONSE message or not. Secondly it check for the value of ‘F(Nonce)’. If these two tests are successfully achieved the neighbor is authenticated, otherwise it is fake neighbor and RESPONSE message will be deleted. When a neighbor is authenticated through the verification of RESPONSE message as it mentioned, its information saved into the destination

- 126 -

node, node ‘A’ in our example, and constructs data structure called neighbor list NA ( NI illustrates the neighbor list of node ‘I’). We assume as neighbor list of each node constructed, it will keep safely in node. The constructed neighbor list will be used in order to make sure message is received from the authorized neighbor. For our research this list only contains the identity of the neighbors. It also can integrate with key materials as needed.

mitigates overload of wormhole attack. The mitigation percentage has been shown in the Fig 7.

VI. SIMULATION AND RESULT In order to evaluate the effectiveness of our approach, OMNET++ was applied. Deployment of the network was achieved by randomly distribution of 50 nodes over the areas of 476×303 meter square which made hierarchal network in which data will be sent to base through the parent. These numbers of nodes are selected to cover up previous researches parameters [29] and [16], although we have seen variety of parameter values proposed by researchers in the literature. Table 1 shows the network parameter which are used in our simulation.

Fig 7. Mitigation Percentage of Wormhole Attack

Fig 7 shows the percentage related to overload mitigation of passive wormhole attack through the enhanced protocol. As it depicted in mentioned figure, almost 100% of wormhole overload will be mitigated shortly after lunching of wormhole attack in the network where 54% of nodes are affected with the wormhole.

TABLE 1

VII. CONCLUSION AND FUTURE WORKS

NETWORK PARAMETER FOR SIMULATION

Network Parameter

Value

Number of nodes Communication Range of Nodes Extent of territories Average percentage of affected nodes with wormhole Number of Iteration

50 50 m 476×303 54 1000

The intent of research is to mitigate the effect of wormhole attack in the wireless sensor network. Therefore we proposed neighbor discovery approach to mitigate the wormhole effect in the mentioned network and in order to evaluate our approach we set up the simulation using C++ and OMNEP++. In this section we present the results of the simulation. We measured total number of sends and receives in the original and enhanced network under the wormhole attack where 54% of nodes are affected with the wormhole. The result is presented in Fig 6.

In this paper, we discussed about wireless sensor network, its applications and the most widely used element of it, sensor device. Additionally security issues in WSNs were presented. Then we focused on the wormhole attack in these kinds of networks and presented selected countermeasures. Afterward we generalized previous countermeasures, analyzed them and selected the better one. And then base on the presented results we proposed network discovery approach base on distributed scheme which needs no additional tools or accurate time synchronization. According to the simulation proposed approach acted efficiently and mitigated almost 100% of wormhole attack overload in the environment where 54% of nodes are affected with the wormhole. In the future we plan to integrate our approach with the secure routing protocols in wireless sensor networks. REFERENCES [1]

[2]

[3]

Fig 6. Total Number of Sends and Receives of Original and Enhanced Network under Wormhole Attack

[4]

As it can be seen in the Fig 6, there is tremendous increase in number of sends and receives of original network under wormhole attack. This is happened as attackers rebroadcast every packet it gains. Unlike original network, enhanced one

[5]

[6]

- 127 -

Detecting Wormhole Attacks in Wireless Sensor Networks with Statistical Analysis. Zhao, Zhibin, et al. s.l. : IEEE, 2010. WASE International Conference on Information Engineering. pp. 251 - 254.An Approach towards Detection of Wormhole Attack in Sensor Networks. Prasannajit B, Venkatesh, et al. 2010. WASE International Conference on Information Engineering. pp. 283 - 389. Secure Routing in Wireless Sensor Network: Attacks and Countermeasures. Karlof, Chris and Wanger, David. 2003, IEEE, pp. 113-127. Security of Wireless Sensor Networks. Rehana, Jinat. 2009. Seminar on Internetworking. Sensor Network Security: A Survey. Chen, Xiangqian, et al. 2009, IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 11, pp. 52-73. Verdonel, Roberto, et al. Wireless Sensor and Actuator Networks. 2008.

[7]

[8] [9]

[10] [11]

[12]

[13]

[14]

[15]

[16]

[17]

[18] [19]

[20] [21]

[22]

[23]

[24]

[25] [26]

LITEWORP: A lightweight countermeasure for wormhole attack in multihop wireless networks. Khalil, Issa, Bagchi, Saurabh and Shroff, Ness B. s.l. : IEEE, 2005. International conference on depandable systems and networks. pp. 1 - 10. A secure routing protocol for ad hoc networks. Sanzgiri, Kimaya, et al. 2002. 10th IEEE International Conference on . pp. 78 - 87 . Graaf, Rennie de, et al. Distributed Detection of Wormhole Attacks in Wireless Sensor Networks. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. s.l. : Springer, 2010, pp. 208-223. Defending against wormhole attacks in mobile ad hoc networks. Wang, Weichao, et al. 2006, Wireless Communications & Mobile Computing. Using Directional Antennas to Prevent Wormhole Attacks. Hu, Lingxuan and Evans, David. 2004. Network and Distributed System Security Symposium (NDSS). Secure and resilient clock synchronization in wireless sensor networks. Sun, Kun, Ning, Peng and Wang, Cliff. 2006, IEEE Journal on Selected Areas in Communications, pp. 395 - 408 . Secure neighbor discovery in wireless networks: formal investigation of possibility. Poturalski, Marcin, Papadimitratos, Panos and Hubaux, Jean-Pierre. New York : ACM, 2008. 2008 ACM symposium on Information, computer and communications security . Secure neighborhood discovery: a fundamental element for mobile ad hoc networking. Papadimitratos, P., et al. 2008, IEEE Communications Magazine, pp. 132 - 139 . Butty´an, Levente, D´ora, L´aszl´o and Vajda, Istv´an. Statistical Wormhole Detection in Sensor Networks. Authenticated Queries in Sensor Networks, Lecture Notes in Computer Science. s.l. : Springer, 2005, pp. 128 - 141. An approach to mitigate wormhole attack in wireless ad hoc network. Lee, Gunhee, Kim, Dong-kyoo and Seo, Jungtaek. 2008. International conference on information security and assurance. pp. 220 - 225. Cha, Woosuck, Wang, Gicheol and Cho, Gihwan. A Pair-Wise Key Agreement Scheme in Ad Hoc Networks . Lecture Notes in Computer Science. s.l. : Springer, 2004. Krawczyk, H., Bellare, M. and Canetti, R. HMAC: Keyed-Hashing for Message Authentication, RFC 2014. 1997. An innovative approach for wormhole attack detection and prevention in wireless sensor networks. Azer, Marianne A., El-Kassas, Sherif M. and El-Soudani, Magdy S. s.l. : IEEE , 2010. International conference on Networking, Sensing and Control (ICNSC). pp. 366 - 371. Rogers, Everett M. Diffusion of Innovations. s.l. : Free Press, 1996. Ad-hoc on-demand distance vector routing. Perkins, Charles E. and Royer, Elizabeth M. 1999. Second IEEE workshop on Mobile Computing Systems and Applications. pp. 90 - 100. Detection of wormhole attack in multipath routed wireless ad hoc networks; statistical analysis approach. Qian, Lijun, Song, Ning and Li, Xiangfanf. s.l. : Journal of Network and Computer Applications, 2007, Vol. 30. Mobile Sink Using Multiple Channels to Defend Against Wormhole Attacks in Wireless Sensor Networks. Rasheed, Amar and Mahapatra, Rabi. Scottsdale, AZ : IEEE Explorer, 2009. 2009 IEEE 28th International Performance Computing and Communications Conference (IPCCC) . pp. 216 - 222. Establishing pairwise keys in distributed sensor networks. Liu, Donggang and Ning, Peng. 2003. 10th ACM conference on Computer and communications security . pp. 52 - 61. Bronshtein, Ilja, et al. Handbook of Mathematics. s.l. : Springer, 2007. Investigation of feasible cryptographic algorithms for wireless sensor network. Choi, Kyung Jun and Song, Jong-In. 2006. Advanced Communication Technology, 2006. ICACT 2006. pp. 1379-1381.

[27]

[28]

[29]

[30]

[31]

[32]

[33] [34]

[35] [36] [37] [38] [39]

[40]

[41]

[42]

[43]

[44]

[45]

- 128 -

Cho, Young-Geun, Kang, Jeonil and Nyang, DaeHun. Proactive Code Verification Protocol in Wireless Sensor Network. Lecture Notes in Computer Science. s.l. : Springer, 2007, pp. 1085–1096. A Secure althernate path routing in sensor netwroks. Lee, Suk-Bok and Choi, Yoon-Hwa. 2006, ScienceDirect computer communication, pp. 153-165. Rosenberg, Aravind Iyer, Sunil S. Kulkarni, Vivek Mhatre, Catherine P. A Taxonomy-based Approach to Design of Large-scale Sensor network. s.l. : Springer, 2008. Zia, Tanveer and Zomaya, Albert Y. Security Issues and Countermeasures in Wireless Sensor Networks. Algorithms and protocols for wireless sensor networks. s.l. : John Wiley & Sons, Inc., 2009. Sabbah, Eric and Kang, Kyoung-Don. Security in Wireless Sensor Networks. Guide to Wireless Sensor Networks. s.l. : Springer, 2009, pp. 491-512. A Survey of Security Issues in Wireless Sensor Networks. Wang, Yong, Attebury, Garhan and Ramamurthy, Byrav. 2006, IEEE Communications Surveys and Tutorials. Kizza, J.M. A Guide to Computer Network Security. s.l. : Springer, 2009. On Communication Security inWireless Ad-Hoc Sensor Networks. Slijepcevic, Sasha, et al. 2002. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. pp. 139 - 144 . SeRWA: A secure routing protocol against wormhole attack. Madria, Senjay and Yin, Jian. 2009, Ad Hoc Networks 7, pp. 1051-1063. The Research on Certainty-Based Secure Routing Protocol in Wireless Sensor Networks. Lan, Yoa, et al. 2006. pp. 1-5. Daemen, Joan and Rijmen, Vincent. AES Proposal: Rijndael. s.l. : submitted to NIST as a candidate for the AES, 1998. New Block Encryption Algorithm MISTY. Matsui, Mitsuru. s.l. : Springer, 1997. Fast Software Encryption Workshop. pp. 54-68. Fast authenticated key establishment protocols for self-organizing sensor networks. Huang, Q., et al. s.l. : ACM Press, 2003. 2nd ACM international conference on Wireless sensor networks and applications. pp. 141-150. A Key-Management Scheme for Distributed Sensor Network. Eschenauer, Laurent and Gligor, Virgil D. Washington : s.n., 2002. The 9th ACM conference on computer and communication security. pp. 4147. Theory and application of cryptographic techniques. Blom, R. Berlin : Springer, 1985. Eurocrypt 84 workshop on advances in cryptology. pp. 335–338. A graph theoretic framework for preventing the wormhole attack in wireless ad hoc networks . Poovendran, Radha and Lazos, Loukas. 2007, Wireless Networks, pp. 27-59. Analysis of Public-Key Cryptography for Wireless Sensor Networks Security. Amin, F., Jahangir, A. H. and Rasifard, H. s.l. : World Academy of Science, 2008, World Academy of Science, Engineering and Technology 41, pp. 529 - 534. Sabbah, Eric and Kang, Kyoung-Don. Security in Wireless Sensor Networks. Guide to Wireless Sensor Networks. s.l. : Springer, 2009, pp. 491-512. Wireless Sensor Network Security: A Survey. Paul Walters, John, et al. 2006, Security in Distributed, Grid, and Pervasive Computing.