Manet Report For LR

AN APPROACH TO DETECT WORMHOLE
ATTACK IN AODV BASED MANET

A thesis submitted toward partial fulfillment
of the requirements for the degree of
Master in Multimedia Development

Course affiliated to Faculty of Engineering & Technology
Jadavpur University
Submitted by
Mekhala Chattopadhyay
ROLL NO: M4MMD14-22
Under the guidance of

Mrs. Saswati Mukherjee
Jadavpur University
School of Education Technology
Master in Multimedia Development course affiliated to
Faculty of Engineering and Technology

Jadavpur University
Kolkata-700032
India
2014

Jadavpur University
Kolkata, India
_________________________________________________________________
CERTIFICATE OF RECOMMENDATION
This is to certify that the thesis entitled AN APPROACH TO DETECT WORMHOLE ATTACK IN
AODV BASED MANET is a bonafide work carried out by MEKHALA CHATTOPADHYAY
under our supervision and guidance for partial fulfillment of the requirement for Post
Graduate Degree of Master in Multimedia Development during the academic session 20132014.
------------------------------------THESIS ADVISOR
Mrs. Saswati Mukherjee
Assistant Professor
School of Education Technology,
Jadavpur university,
Kolkata-700 032
------------------------------------DIRECTOR
School of Education Technology,
Jadavpur University,
Kolkata-700 032
------------------------------------DEAN
Faculty Council of Interdisciplinary Studies, Law and Management
Jadavpur University,
Kolkata-700 032

Jadavpur University
Kolkata, India
CERTIFICATE OF APPROVAL **
This foregoing thesis is here by approved as a credible study of an engineering subject carried
out and presented in a manner satisfactorily to warranty its acceptance as a prerequisite to the
degree for which it has been submitted. It is understood that by this approval the undersigned do
not endorse or approve any statement made or opinion expressed or conclusion drawn therein but
approve the thesis only for purpose for which it has been submitted.
-----------------------------------------------
Committee of final examination
-----------------------------------------------
for evaluation of Thesis

-----------------------------------------------
-----------------------------------------------
** Only in case the thesis is approved.
School of Education Technology,Jadavpur university,Kolkata-32
DECLARATION OF ORIGINALITY AND COMPLIANCE OF ACADEMIC ETHICS
I hereby declare that this thesis contains literature survey and original research work by the
undersigned candidate, as part of her Master in Multimedia Development (MMD) studies
during academic session 2013-2014.
All information in this document has been obtained and presented in accordance with
academic rules and ethical conduct.
I also declare that, as required by this rules and conduct, I have fully cited and referred all
material and results that are not original to this work.
NAME
: MEKHALA CHATTOPADHYAY
ROLL NUMBER : M4MMD14-22
THESIS TITLE
: AN APPROACH TO DETECT WORMHOLE

ATTACK IN AODV BASED MANET
SIGNATURE:
DATE:
AKNOWLEDGEMENTS
I feel extremely glad in presenting this thesis at School of Education Technology, Jadavpur
University, Kolkata, in the partial fulfillment of the requirements for the Master in Multimedia
development.
I deem a pleasure to acknowledge my deep sense of gratitude to Mrs. Saswati Mukherjee, who
directed and guided me with her timely advice and constant support, which eased the task of
completing this dissertation.
I would also like to express my grateful thanks to Prof. Samar Bhattacharya, Director of School
of Education Technology, for his support, encouragement and timely advices. I am really
indebted to Dr. Matangini Chattapadhyay, Dr. Ranjan Parekh, Mr. Arunashis Achariya and Mr.
Joydeep Mukherjee for their continuous support during the entire course of the project. Their
advice and support was inspirational and motivational.
I would also like to take this opportunity to pay my thanks to all of my classmates of Master in
Multimedia Development and M.Tech IT (Courseware Engineering) department. I do wish to
thank all of our departmental support staffs and all of those who were associated with research
contributed in some form or the others.
Finally, I must say that no height is ever achieved without some sacrifice made some end and it
is here I owe my special debt to my parents.
Date:
Place:
------------------------------------Mekhala Chattopadhyay
Exam Roll No: M4MMD14-22
Master in Multimedia Development
School of Education Technology
Jadavpur University
Kolkata- 32
Executive Summary
The present work proposes an algorithm to detect Wormhole attack and identify malicious nodes
in Mobile Adhoc Network (MANET). Detection of wormhole attack is based on the calculation
of Round Trip Time for each node. This technique detects wormhole attack during the route set
up procedure. RTT of each node is calculated as the time between a RREQ (request) packet is
sent and the corresponding RREP (response) packet received. Therefore mechanism does not
need any special hardware or synchronized clocks, it only considers its local clock to calculate
the RTT. If the RTT values between successive nodes are almost similar, there will be no
wormhole and the path established by the routing algorithm is used for sending and receiving
packets. Otherwise a wormhole is suspected if the RTT value between two nodes is greater than
or equal to the threshold value.
A large number of routing protocols for MANETs have been proposed to enable quick and
efficient network creation and restructuring. In this work Ad-hoc On Demand Distance Vector
(AODV) routing protocol is used. It is a On-demand reactive routing protocol that creates a path
between source and destination only when required. Wormhole attack is normally launched in
AODV during the route discovery phase.
Table of Contents
Page No
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.1 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.3 Assumptions and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.4 Background Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.4.1. Wormhole attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.4.2. AODV routing protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.5 Literature Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.6 Organization of the thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2. Concept and Problem Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3. Design and Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
4. Experiments, Results and Interpretations . . . . . . . . . . . . . . . . . . . . . . . . 23
5. Conclusion & Future scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
8. Appendix - I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
List of Figures
Figure name
Page No
Fig1. Example of Wormhole attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Fig2. Wormhole attack in AODV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Fig3. Flowchart for calculation of RTT . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Fig4. Screenshot of Node deployment in Java. . . . . . . . . . . . . . . . . . . . . 22
Fig5. Screenshot of RTT value calculation and
Wormhole node detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Fig6. Screenshot of Number of coming packet and
Number of drop packet in wormhole attack. . . . . . . . . . . . . . . . . . . 24
Fig7. Screenshot of AODV routing with reverse path . . . . . . . . . . . . . . . . 25
Fig8. Relation between number of nodes and round trip time . . . . . . . . 26
Fig9. Relation between number of malicious node and packet
delivery ratio. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction :
Mobile ad hoc network (MANET) is an autonomous system of mobile nodes connected by
wireless links. Each node operates not only as an end system, but also as a router to forward
packets. The nodes are free to move about and organize themselves into a network. These nodes
change position frequently. As MANETs provide mobile nodes with reliable routing services in
the absence of a network infrastructure, it is applied to several popular wireless technologies
including cellular phone services, disaster relief, emergency services, battlefield scenarios, and
other applications.
One of the most popular and serious attacks in wireless ad hoc networks is wormhole attack. In
the wormhole attack, an attacker tunnels messages received in one part of the network over a low
latency link and replays them in a different part.
A wormhole attack is usually performed by two or more malicious nodes in conspiracy. Two
malicious nodes at different locations send received routing messages to each other via a secrete
channel. In this way, although the two malicious nodes are located far from each other, they
appear to be within one-hop communication range. Therefore, the route passing through the
malicious nodes is very likely to be shorter than any other regular one.
The performance of network and reliability is compromised by attacks on ad hoc network routing
protocols. AODV is a very famous on-demand routing protocol in MANET. Network parameters
like hop count, throughput, end to end delay, packet delivery ratio are adversely affected by
wormhole attack launched in AODV based MANET.
1.1 Problem Statement:

An Approach to Detect Wormhole Attack in AODV based Mobile Ad Hoc Network.
1.2 Objectives:
The objectives of the present work are stated below:
Securing Mobile Ad Hoc networks by calculating round trip time between two neighbor
nodes.
Detection of wormhole attack in the network.
Analysis of Packet Delivery Ratio under wormhole attack using AODV protocol in
MANET
10
1.3 Assumptions and Scope:

The following conditions are assumed to be hold for effectiveness of the proposed algorithm.
i) Application-specific detection mechanisms deployed in ad hoc network that enable nodes to
observe each others behavior.
.
ii) This work focuses on static ad hoc network, where the nodes do not change their location
considerably after its deployment.
iii) The network is assumed to be homogeneous. All nodes are uniquely identified.
.
iv) AODV routing protocol is used here to detect wormhole attack.
Scope of the present work is only to detect wormhole attack present in AODV based mobile ad
hoc network.
1.4 Background Concept:

Wireless Ad Hoc Networks have many attractive features including automatic self-configuration
and self-maintenance, quick and inexpensive deployment, and the lack of the need for fixed
network infrastructures or centralized administration. These features lead to important
applications that cannot be performed by traditional wired networks. The importance of Wireless
Ad Hoc Networks is increasing rapidly with advances in technology that result in smaller,
cheaper, and power-efficient devices. However, beside the advantages also Wireless Ad Hoc
Networks have many security challenges because of their lack of fixed infrastructure, topology
changing unpredictably, and broadcast nature of wireless communication. There are many kinds
of attacks focusing on vulnerabilities in routing protocols for Wireless Ad Hoc Networks. One of
the most popular & serious attacks in mobile adhoc network (MANET) is wormhole attack.
1.4.1. Wormhole attack:

Wormhole refers to an attack on MANET routing protocols in which colluding nodes create an
illusion that two remote regions of a MANET are directly connected through nodes that appear
to be neighbors but are actually distant from one another .A wormhole attack is a particularly
severe attack on MANET routing where two attackers, connected by a high-speed off-channel
link, are strategically placed at different ends of a network. Consider Figure 1 in which node A
sends RREQ to node B, and nodes X and Y are malicious nodes having an out-of-band channel
between them. Node X tunnels the RREQ to Y, which is legitimate neighbor of B. B gets two
RREQ A-X-Y-B and A-C-D-E-F-B. The first route is shorter and faster then the second, and
11
chosen by B. Since the transmission between two nodes has rely on relay nodes, many routing
protocols have been proposed for ad hoc network. In a wormhole attack, attackers tunnel
packets to another area of the network bypassing normal routes as shown in Figure 1. The
resulting route through the wormhole may have lower hop count than normal routes. Attackers
using wormhole can easily manipulate the routing priority in MANET to perform eavesdropping,
packet modification or perform a DOS attack.
R
Out-of-band channel
N
A
Q
Fig1 Example of Wormhole attack
Wormhole attacks can be launched using several modes
1) Wormhole using encapsulation: In this mode a malicious node at one part of the network
and hears the RREQ packet. It tunnels it to a second colluding party at a distant location near the
destination. The second party then rebroadcasts the RREQ. The neighbors of the second
colluding party receive the RREQ and drop any further legitimate requests that may arrive later
on legitimate multihop paths. The result is that the routes between the source and the destination
go through the two colluding nodes that will be said to have formed a wormhole between them.
This prevents nodes from discovering legitimate paths that are more than two hops away. This
mode of the wormhole attack is easy to launch since the two ends of the wormhole do not need
to have any cryptographic information, nor do they need any special capabilities, such as a high
speed wire line link or a high power source.
2) Wormhole Out-of-Band Channel: The second mode for this attack is the use of an out of
band channel. This channel can be achieved, for example, by using a long range directional
12
wireless link or a direct wired link. This mode of attack is more difficult to launch than the
previous one since it needs specialized hardware capability.
3) Wormhole with High Power Transmission: Another method is the use of high power
transmission. In this mode, when a single malicious node gets a RREQ, it broadcasts the request
at a high power level, a capability which is not available to other nodes in the network. Any node
that hears the high-power broadcast rebroadcasts it towards the destination. By this method, the
malicious node increases its chance to be in the routes established between the source and the
destination even without the participation of a colluding node.
4) Wormhole using Packet Relay: Wormhole using Packet Relay is another mode of the
wormhole attack in which a malicious node relays packets between two distant nodes to
convince them that they are neighbors. It can be launched by even one malicious node.
Cooperation by a greater number of malicious nodes serves to expand the neighbor list of a
victim node to several hops.
1.4.2. AODV routing protocol:

Ad-hoc On Demand Distance Vector (AODV) is a reactive protocol that reacts on demand. It is
probably the most well-known protocol in MANET. The demand on available bandwidth is
significantly less than other proactive protocols as AODV does not require global periodic
advertisements. It enables multi-hop, self-starting and dynamic routing in MANETs. In networks
with large number of mobile nodes AODV is very efficient as it relies on dynamically
establishing route table entries at intermediate nodes. AODV never produces loops as there
cannot be any loop in the routing table of any node because of the concept of sequence number
counter borrowed from DSDV. Sequence numbers serve as time stamps and allow nodes to
compare how fresh information they have for other nodes in the network. The main advantage of
AODV is its least congested route instead of the shortest path.
Characteristics of AODV:
1. Unicast, Broadcast, and Multicast communication.
2. On-demand route establishment with small delay.
3. Multicast trees connecting group members maintained for lifetime of multicast group.
4. Link breakages in active routes efficiently repaired.
5. All routes are loop-free through use of sequence numbers.
6. Use of Sequence numbers to track accuracy of information.
7. Only keeps track of next hop for a route instead of the entire route.
13
1.5 Literature survey:

Packet leash [1] is a mechanism for detecting and thus defending against wormhole attacks. A
leash is any information on that is added to a packet designed to restrict the packets maximum
allowed transmission distance. The mechanism proposes two types of leashes for this purpose:
Geographic and Temporal. In Geographic Leashes, each node knows its precise position and all
nodes have a loosely synchronized clock. Each node, before sending a packet, appends its
current position and transmission time to it. The receiving node, on receipt of the packet,
computes the distance to the sender and the time it took the packet to traverse the path. The
receiver can use this distance anytime information to deduce whether the received packet passed
through wormhole or not. In Temporal Leashes, the sender appends the sending time to the
packet and the receiving node computes a travelling distance of that packet assuming
propagation at the speed of the light and using the difference between packet sending time and
packet receiving time. This solution requires a fine grained synchronization among all nodes.
In one approach, directional antennas are used to prevent wormhole attacks [2]. The authors
develop a cooperative protocol where nodes share directional information to prevent wormhole
endpoints from masquerading as false neighbors that needs to be certified free from wormhole
attack. However, use of directional antennas limits use of such protocols. Each node shares a secret
key with every other node and maintains an updated list of its neighbors. To discover its neighbors, a
node, called the announcer, uses its directional antenna to broadcast a HELLO message in every
direction. Each node that hears the HELLO message sends its identity and an encrypted message,
containing the identity of the announcer and a random challenge nonce, back to the announcer.
Before the announcer adds the responder to its neighbor list, it verifies the message
authentication using the shared key, and that it heard the message in the opposite directional
antenna to that reported by the neighbor. This approach is suitable for secure dynamic neighbor
detection. However, it only partially mitigates the wormhole problem. Specifically, it only
prevents the kind of wormhole attacks in which malicious nodes try to deceive two nodes into
believing that they are neighbors.
The Delay per Hop Indicator (DelPHI) [3] can detect both hidden and exposed wormhole
attacks. In DelPHI, attempts are made to find every available disjoint route between a sender and
a receiver. Then, the delay time and length of each route are calculated and the average delay
time per hop along each route is computed. These values are used to identify wormhole. The
route containing a wormhole link will have a greater Delay per Hop (DPH) value.
Statistics based methods [4] usually obtain normal statistics from theoretical analysis and detect
wormhole attack by identifying the difference between the current situation and the statistics.
They always assume that there is no wormhole attack at the initial stage of network
establishment.
Transmission time based mechanism (TTM) used [5] to detect wormhole attack.TTM detects
wormhole attacks during route setup procedure by computing transmission time between every
two successive nodes along the established path. Wormhole is identified base on the fact that
14
transmission time between two fake neighbors created by wormhole is considerably higher than
that between two real neighbors which are within radio range of each other. TTM has good
performance, little overhead and no special hardware is required. This technique tries to detect
wormhole during route setup procedure by calculating the transmission time between each two
successive nodes along the established route. A wormhole will be identified based on the fact
that transmission time between two wormhole nodes is considerably higher than that between
two legitimate successive nodes.
In order to avoid the problem of using special hardware a Round Trip Time (RTT) mechanism
[6] is proposed .The RTT is the time that extends from the Route Request (RREQ) message
sending time of a node A to Route Reply (RREP) message receiving time from a node B. A will
calculate the RTT between A and all its neighbors. Because the RTT between two fake neighbors
is higher than between two real neighbors, node A can identify both the fake and real neighbors.
In this mechanism, each node calculates the RTT between itself and all its neighbors. This
mechanism does not require any special hardware and it is easy to implement; however it cannot
detect exposed attacks because fake neighbors are created in exposed attacks.
Sun Choietal [7] have developed a Wormhole Attack Prevention (WAP) method without using
specialized hardware.WAP not only detects fake route but also adopts preventive measures
against action wormhole nodes from reappearing during the route discovery phase.
The mechanism developed in [10] called RTT-TC is based on the topological comparison and
round trip time measurements (RTT-TC). In this method, a wormhole attack is suspected using
RTT measurements and genuine neighbors are excluded from the suspected list using topological
comparison. In this method, a Neighbor List includes two segments: Trusted (TRST) and
Suspected (SUS). Two nodes suspect a wormhole tunnel between them if the RTT between them
is more than 3 times of their current RTT avg. If there is a wormhole tunnel, those two nodes
Node ID is inserted to their respective SUS lists. Wormhole detection method is triggered when a
source node finds non empty SUS list. A node sends request packets to all nodes in the SUS part
of its Neighbor List. In response, the recipients reply back with its TRST list to the source, which
is later compared with the TRST list of the source to detect whether a link is attacked by the
wormhole. This method has higher detection rate and does not need any clock synchronization
but has high message overhead.
In [13], wormholes are detected by considering the fact that wormhole attacks consists of
relatively longer packet latency than the normal wireless propagation latency on a single hop.
Since the route through wormhole seems to be shorter, many other multi-hop routes are also
channeled to the wormhole leading to longer queuing delays in wormhole. The links with delays
are considered to be suspicious links, since the delay may also occur due to congestion and intranodal processing. The AODV protocol has been followed as the basis for routing.
The authors proposed a dynamic security evaluation model [15] to decide the proper values of
threshold and updating the time of sharing the secret key. They focused on the inside attack
where the malicious nodes participate in the system and have the knowledge of the security
setting. Under this attack, malicious nodes could compromise threshold nodes, and then crack the
security and the trust of the network. Two attack models were described: attack stream and attack
15
intensity. The attack stream is a process to count how many attacks happened to the entire
system during T time, whereas the attack intensity is the rate of how many nodes that an attacker
cracks successfully in T time. The authors assume that the attack process can be approximated by
the Poisson process. This method could assist an administrator to measure the dynamic security
in MANETs in time.
A new mechanism called Packet Travel Time (PTT) introduces [16] to detect wormhole attack .
This mechanism allows each device to monitor its neighbours behaviour. Therefore, this
mechanism can detect both hidden and exposed wormhole attacks, and can locate the wormhole
in AODV and DSR protocol. Here each node calculates the value of RTT between itself and the
destination and sends it back to the source. This can be improved by using high mobility in the
network.
The paper [17] proposes a security solution for manets using a pre-existing routing protocol, ad
hoc on-demand vector routing (aodv), using password security for each routing node and
timeliness to update routing table. Aodv and saodv (secure aodv) are simulated and the
performance of both the protocols are evaluated for varying number of nodes and malicious
nodes. The performance of saodv was stable whereas that of aodv was found to be degrading
sharply with intrusion of some malicious nodes in the network . One of the most efficient routing
protocols into which security measures can be included is Ad hoc On-demand Distance Vector
Routing. It is observed that complete belief of the network on nodes can lead to many routing
attacks. To avoid this, security measures are added to AODV to make it Secure AODV (hence
forth called SAODV). In SAODV, each node checks the security of its neighbors before
forwarding route requests. It will not forward route request packets to insecure neighbors (or
malicious nodes). This measure, clearly, ensures that malicious nodes will not participate in the
data transfer from the source to the destination.
A new algorithm called Neighbor-Probe-Acknowledge (NPA) [20] is proposed to detect

wormhole attacks on a real wireless mesh network testbed rather than using standard deviation of
RTT. NPA does not need time synchronization or extra hardware support. Also it achieves
higher detection rate and lower false alarm rate than the methods using RTT under different
background traffic load conditions. The future work will done on dynamic adjustment of
algorithm parameters and routing algorithm that is resilient to wormhole attack.
16
1.6 Organization of the Thesis:

This dissertation is based on the detection of Wormhole attack over the AODV based mobile ad
hoc network.
The Organization of the dissertation is as follows:
Section 1 introduces the thesis work and it includes introduction, problem statement, objective
of the thesis, assumptions and scope, background concepts and literature survey. Lastly it gives
the idea about how the whole thesis work is organized.
Section 2 describes the overall concept sand the analysis of the problem.
Section 3 deals with design and solution. It also presents the algorithm which is designed to
detect wormhole attack.
Section 4 explains the implementation details and also describes the results of several
simulations performed and the observations from the results obtained.
Section 5 concludes the present work. It also shows how the future work can be conducted on
this topic.
Section 6 contains the references of this present work.
Finally, Appendix I contains the sample code written in JAVA.
17
2. Concepts and Problem Analysis:

The present work detect wormhole attack efficiently in MANET by calculating round trip time of
each node and AODV routing protocol is used for this purpose.
AODV uses the hop count to determine the shortest path. A malicious node can set the false hop
counts. Also, it can set false value of route sequence numbers. An attacker can tunnel a request
packet RREQ directly to the destination node without increasing the hop-count value. Thus it
prevents any other routes from being discovered. It may badly disrupt communication as AODV
would be unable to find routes longer than one or two hops. It is easy for the attacker to make the
tunneled packet arrive with better metric than a normal multi-hop route for tunneled distances
longer than the typical transmission range of a single hop. Wormhole attack is normally launched
in AODV during the route discovery phase by creating the illusion of one hop neighbors by
wormhole peers. Route Request (RREQ) packets are routed through these wormhole tunnels to
reach the destination at a faster rate (low hop count) compared to usual normal path. As per
AODV protocol, the destination node discards all the later RREQ packets received and selects
the false wormhole tunnel infected route to send the Route Reply (RREP).This results in
inclusion of wormhole tunnel in the data flow route leading to a successful launch of wormhole
attack in AODV data transfer phase.
RREP
X
Wormhole link
D
Wireless link
RREQ
Fig2. Wormhole attack in AODV
18
Wormhole attack commonly involves two remote malicious nodes shown as X and Y in the
above figure. X and Y both are connected via a wormhole link and they target to attack the
source node S. During path discovery process, S broadcasts RREQ to a destination node D.
Thus, A and C, neighbors of S, receive RREQ and forward RREQ to their neighbors. Now the
malicious node X that receives RREQ forwarded by A. It records and tunnels the RREQ via the
high-speed wormhole link to its partner Y. Malicious node Y forwards RREQ to its neighbor B.
Finally, B forwards it to destination D. Thus, RREQ is forwarded via S-A-X-Y-B-D. On the
other hand, other RREQ packet is also forwarded through the path S-C-E-F-G-D. However, as X
and Y are connected via a high speed bus, RREQ from S-A-X-Y-B-D reaches fist to D.
Therefore, destination D ignores the RREQ that reaches later and chooses D-B-A-S to unicast an
RREP packet to the source node S. As a result, S chooses S-A-B-D route to send data that indeed
passes through X and Y malicious nodes that are very well placed compared to other nodes in the
network. Thus, a wormhole attack is not that difficult to set up, but still can be immensely
harmful for a MANET.
19
3. Design and Solution:

The proposed detection mechanism is only based on the RTT of route request and reply message
and the neighbor numbers of the suspected nodes. This mechanism does not need any special
hardware or synchronized clocks because it only considers its local clock to calculate the RTT.
This proposed work consists of three phases. The first phase is to construct neighbor list for each
node and the second phase is to find the route between sources to destination node and the last
phase is to find the location of wormhole link.
Each node sends the route request (RREQ) message to the neighbor node and save the time .The
intermediate node also forwards the RREQ message and saves its sending time. When the RREQ
message reaches the destination node, it sends route reply message (RREP) with the reserved
path. When the intermediate node receives the RREP message, it saves the time of receiving of
RREP. Then RTT is calculated by finding those time differences. Every node save the time they
forward RREQ and the time they receive RREP from the destination to calculate the RTT.
If there is no attack, the values of them are nearly the same. If the RTT value is higher than other
successive nodes, it can be suspected as wormhole attack between this link.
20
Algorithm:
A. Network deployment phase
Step 1: Deploy ad hoc nodes randomly to form a network.
Step 2: Neighbor list of each node is generated.
B. Malicious node detection
Step 1: Use local clock to calculate Round Trip Time.
To calculate RTT, every node will have two time stamps values which store
Forwarding time of the request from source to destination (RREQ) i.e the Route request.
Receiving time of the reply to source back i.e. Route reply (RREP).
Then find RTT of each node by calculate the differences between those two stored times i.e
RTT = trep treq.
Step 2: Compute per hop distance value using RTT values.
Step 3: Every node in a path computes per hop distance with its neighbor and compares it with
the prior per hop distance.
Step 4: Calculate maximum and minimum values of RTT.
Step 5: If (RTT max < 2 RTT min)
No wormhole attack Presents in the network
Else if (RTT>=threshold value)
Wormhole attack detect between the following nodes.
21
Start
Calculate treq and trep
Calculate RTT
RTT = treq - trep
Calculate RTTmax and RTTmin
Yes
If(RTTmax<
2 RTTmin )
No
No Wormhole attack
If (RTT>= threshold value)
Wormhole attack
End
Fig 3 Flowchart for detection of wormhole attack
22
Start
Send request packet
No
Reached the neighbour
Yes
Check its destination
Yes
No
Destination path is available
No
Can forward to other nodes
No
Drop the packet
Send route error
End
Flowchart of implementing AODV protocol
Send route reply
23
4. Experiments, Results and Interpretations:

The performance of the proposed mechanism is evaluated using JAVA. In this experiment, the
network includes 31 nodes deployed randomly in a 1000 600 meters field and the
transmission range is defined 100 meters as a default network. User defined network can be
formed by different number of nodes taken as input.
During the simulation, each node starts its journey from a random spot to a random chosen
destination. Once the destination is reached, the node takes a rest period of time in second and
another random destination is chosen after that pause time. This process repeats throughout the
simulation, causing continuous changes in the topology of the underlying network. Different
network scenario for different number of nodes and pause times are generated.
Network with wormhole attack: In this simulation wormhole attack is detected after
completing the following steps
Fig5 Screenshot of Node deployment in Java
24
The following figures are of the screenshot of simulation of node deployment, RTT calculation
and wormhole detection. Here the red nodes are indicating wormhole node.
Fig6 Screenshot of RTT calculation and Wormhole attack detection
25
Fig7 Screenshot of Number of coming packet and number of drop packet in wormhole
attack
26
AODV routing protocol is used in this mechanism. The source node broadcasts an RREQ
message to its neighbors, which then forward the request to their neighbors, and so on.
Additional copies of the same RREQ received later are discarded. Once the RREQ reaches the
destination or an intermediate node with a route, the respective node responds by unicasting an
RREP message back to the neighbor from which it first received the RREQ, which relays the
RREP backward via the precursor nodes to the source node.
Here in this simulation the pink line indicates the RREP forwarding through reverse path.
Fig8 Screenshot of AODV routing with reverse path
27
The following graph represents the wormhole attack detection in Manet. In the following graph
x-axis represents number of nodes and y-axis represents the calculated values of round trip time.
Wormhole attack detection

10
9
Round Trip Time
8
7
6
5
Wormhole attack
Without Wormhole attack
3
2
1
0
1
9 11 13 15 17 19 21 23 25 27 29 31
No. of nodes
Fig9. Relation between number of nodes and round trip time
The graph shows two situations - with wormhole attack and without wormhole attack. In case of
without wormhole attacks the RTT values are nearly same but in case of wormhole attack there
is a large difference between RTT values. The RTT values are fluctuating largely in case of
wormhole attack. The wormhole attack situation is indicated in the graph by the blue line and
without attack situation is indicated by the red line in the graph.
28
The following graph represents the relationship between Packet Delivery Ratio (PDR) and the
number of malicious node presents in AODV routing protocol. X axis represents the number of
malicious node and the Y axis represents Packet delivery ratio.
AODV
Packet delivery ratio
1
0.8
0.6
0.4
AODV
0.2
0
1
Number of malicious node
Fig10 Relation between number of malicious node and packet delivery ratio
Packet delivery ratio (PDR) is the number of data packets received by the destination to the
number of data packets sent by source. The number of data packet received by each node is
decreasing with the increase of the number of malicious node present in the network as malicious
nodes are mainly responsible for packet dropping. So packet delivery ratio is also decreasing.
The graph depicts that PDR has decreased with increasing number of malicious nodes.PDR
evaluates the ability of the protocol to deliver data packets to the destination in presence of
malicious nodes. It is clear from the graph that PDR of AODV is heavily affected by presence of
malicious nodes.
29
5. Conclusion and Future work

Wormhole attacks in MANET significantly degrade network performance and threat to network
security. In order to protect from wormholes, current security-based solutions propose the
establishment of ad-hoc networks in a controlled manner, often requiring specialized node
hardware to facilitate deployment of cryptographic mechanisms. The approach detects the
wormhole attack in mobile ad hoc networks using AODV routing protocol by calculating &
comparing the Round Trip Time between every two successive nodes during route setup
protocol. The considerations are the RTT between two successive nodes and in normal case all of
the RTT between two successive nodes are nearly the same. The algorithm is simple. This
method does not require any specialized hardware or synchronized clocks, but pinpoints the
location of wormhole. The algorithm is implemented on a small network using JAVA. The
simulation results confirms the proposed solution which successfully detects wormhole nodes.
In future, node mobility and dynamic adjustment of algorithm parameters can be incorporated to
improvise the proposed mechanism.
30
References
[1] Y. C. Hu, A. Perrig, and D. Johnson, Packet leashes: a defense against wormhole attacks in
wireless networks, IEEEINFOCOM, 2003.
[2] L. Qian, N. Song, and X.-F. Li, Detecting and locating wormhole attacks in wireless ad hoc
networks through statistical analysis of multipath,in IEEE WCNC, 2005.
[3] R. Misra, C. R. Manda, "Performance Comparison of AODV/DSR On-Demand Routing
Protocols for Ad Hoc Networks in Constrained Situation", IEEE ICPWC 2005.
[4] N. Song, L. Qian, and X. Li. "Wormhole Attacks Detection in Wireless Ad Hoc Networks: A
Statistical Analysis Approach", ipdps, p. 289a, 19th IEEE International Parallel and Distributed
Processing Symposium (IPDPS'05) -Workshop 17, 2005
[5] Tran Van Phuong, Ngo Trong Canh, Young-Koo Lee, Sungyoung Lee, Heejo Lee,
Transmission Time-based Mechanism to Detect wormhole Attacks ,2007 IEEE Asia-Pacific
Services Computing Conference.
[6] S. Kurosawa, H. Nakayama, N. Kato, A. Jamalipour, and Y. Nemoto,Detecting blackhole
attack on AODV-based mobile ad hoc networks by dynamic learning method, International
Journal of Network Security,vol. 5, no. 3, pp. 338346, November 2007.
[7] Sun Choi, Doo-Young Kim, Do-Hyeon Lee and Jae-D Jung (2008), 'WAP: Wormhole Attack
Prevention Algorithm in Mobile Ad hoc Networks', In Proc. of IEEE International Conference
on Sensor Networks, Ubiquitous and Trustworthy Computing, pp.343-348.
[8] M. Khabbazian, H. Mercier, V. K. Bhargava, Severity Analysis and Countermeasures for
the Wormhole Attack in Wireless Ad Hoc Networks in IEEE Transactions on Wireless
Communications, Vol. 8,No. 2, Feb. 2009.
[9] Suresh Kumar, R.K. Rathy and Diwakar Pandey,Traffic Pattern Based Performance
Comparison of Two Reactive Routing Protocols for Ad-hoc Networks using NS2, 2ndIEEE
International Conference on Computer Science and Information Technology, 2009.
[10] Mohammad Rafiqul Alam and King Sun Chan, RTT-TC: A Topological Comparison
Based Method to Detect Wormhole Attacks in MANET, 12th IEEE International Conference on
Communication Technology, 2010, p. 991-994.
[11] Keer & Suryavanshi,To Prevent Wormhole Attacks Using Wireless Protocol in MANET,
International journal on computer and communication technology [2010, IEEE].
31
[12] Kumar, S.; Sengupta, J, AODV and OLSR routing protocols for Wireless Ad-hoc and
Mesh Networks, International Conference of computer and Communication Technology
(ICCCT),2010, IEEE.
[13] Rutvij H. Jhaveri, Ashish D. Patel,Jatin D. Parmar,Bhavin I. Shah,MANET Routing
Protocols and Wormhole Attack against AODV, IJCSNS International Journal of Computer
Science and Network Security, VOL.10 No.4, April 2010.
[14] Asma Tuteja, Rajneesh Gujral, Sunil Thalia, Comparative Performance Analysis of
DSDV, AODV and DSR Routing Protocols in MANET using NS2 , 2010 International
Conference on Advances in Computer Engineering.
[15] M. Haibing and Z. Changlun, Security evaluation model for threshold cryptography
applications in MANET, IEEEXplore, pp. V4.209-V4.213, 2010
[16] AdelSaeedAlshamrani, PTT: Packet Travel Time Algorithm in Mobile Ad Hoc
Networks, 2011 Workshops of International Conference on Advanced Information Networking
and Applications.
[17] A.Vani, D.SreenivasaRao, A Simple Algorithm for Detection and Removal of Wormhole
Attacks for Secure Routing In Ad Hoc Wireless Networks, International Journal on Computer
Science and Engineering (IJCSE), 2011, Vol. 3 No. 6, pp. 2377-2384, June 2011.
[18] Reshmi Maulik and Nabendu Chaki,A Study on Wormhole Attacks in MANET,
International Journal of Computer Information Systems and Industrial Management
Applications, ISSN 2150-7988 Volume 3 (2011) pp. 271-279.
[19] S Kumar, V Pahal, S Garg, Wormhole attack in Mobile Ad Hoc Networks: A Review An
International Journal on Engineering Science and Technology, Vol.2, No. 2, pp 265-269, April
2012
[20] Jie Zhou, Jiannong Cao, Jun Zhang, Chisheng Zhang and Yao Yu, Analysis and
Countermeasure for Wormhole Attacks in Wireless Mesh Networks on a Real Testbed, 2012
26th IEEE International Conference on Advanced Information Networking and Applications.
32
Appendix-1
Routing.java
importjava.util.*;
importjavax.swing.*;
import java.io.*;
import java.awt.*;
public class Routing
{
int source;
int destination;
int node1;
int node2;
inthop_count=0;
intRREQ_packet[]=new int[4];
intrreq_id=1001;
intmessage_rq[][]=new int[0][];
intRoute_through_node[][];
int queue[];
inti,front, rear, root;
int visited[][];
intreverse_path[][];
introotlist[]=new int[10];
int list=0;
GraphDrawingDemo g=new GraphDrawingDemo();
intno_of_node;
String str2=" ";
public Routing(intsrc,intdest,intno_of_nodes)
{
source=src;
destination=dest;
RREQ_packet[0]=source;
//source id
RREQ_packet[1]=destination; //destination id
RREQ_packet[2]=hop_count; //hop count
RREQ_packet[3]=rreq_id; //RREQ ID
no_of_nodes=no_of_node;
}
public void Send_RREQ_RREP_packet(int matrix[][],intno_of_nodes,Node N[])
{
33
System.out.println("\n\nROUTE ESTABLISHMENT PHASE::::::::::AODV ROUTING::::::\n\n");

visited=new int [no_of_nodes][];
for(int i=0;i<no_of_nodes;i++)
{
visited[i]=new int[no_of_nodes];
}
reverse_path=new int[no_of_nodes][];
{
reverse_path[i]=new int[no_of_nodes];
}
Route_through_node=new int[no_of_nodes][];
{
Route_through_node[i]=new int[no_of_nodes];
}
for (int i = 0; i <no_of_nodes; i++)

{
for (int j = 0; j <no_of_nodes; j++)
{
visited[i][j] = 0;
reverse_path[i][j]=0;
Route_through_node[i][j]=0;
}
}
queue=new int [50];
front = rear = 0;
visited[source][source] = 1;
queue[rear++] = source;
message_rq=new int[no_of_nodes][];
{
34
message_rq[i]=new int[4];
}
for(int k=0;k<4;k++)
{
message_rq[source][k]=RREQ_packet[k];
}
System.out.println("\nSENDING RREQ FROM SOURCE TO DESTINATION::::::::::\n");
while(front != rear)//matrix[source][destination]!=1)
{
root =queue[front];
if(matrix[root][destination]==1 )
{
if(N[destination].Rtt_val>= 9)
{
visited[root][destination] = 1;
visited[destination][root]=2;
waitNSeconds(60/60);
System.out.println("\n-->RREQ is forwarded from Node"+root+" to Node "+destination);
if(message_rq[destination][3]!=1001)
{
{
message_rq[destination][k]=RREQ_packet[k];
}
reverse_path[destination][root]=3;
message_rq[destination][2]=message_rq[root][2]+1;
System.out.println("\n//RREQ is accepted by Node "+destination+" coming from Node "+root);
System.out.println("\n Hop count of of RREQ packet in node"+j+"=="+message_rq[j][2]);
}
else
{
System.out.println("\n//*RREQ is discarded by Node "+destination+" coming from Node "+root+"due to
same RREQ id")
}
35
else
{
System.out.println("\n//Node "+root+" does not send RREQ to Node "+destination+");
}
else
{
for(int j=0;j<no_of_nodes;j++)
{
if(matrix[root][j]==1 && visited[root][j]!=1 &&visited[root][j]!=2 && matrix[root][destination]!=1)
{
if(N[j].Rtt_val>=9)
{
visited[root][j] = 1;
visited[j][root]=2;
waitNSeconds(60/60);
System.out.println("\n-->RREQ is forwarded from Node"+root+" to Node "+j);
if(message_rq[j][3]!=1001) // &&message_rq[j][2]<=message_rq[root][2]+1 )
{
{
message_rq[j][k]=RREQ_packet[k];
}
queue[rear++] = j;
reverse_path[j][root]=3
message_rq[j][2]=message_rq[root][2]+1;
System.out.println("\n//RREQ is accepted by Node "+j+" coming from Node "+root);
}
else
System.out.println("\n//*RREQ is discarded by Node "+j+" coming from Node "+root+"due to same
RREQ id");
}
front++;
}
}
String str="";
for (int i = 0; i <no_of_nodes; i++)
{
for (int j = 0; j <no_of_nodes; j++)
{
str += reverse_path[i][j] + " ";
}
36
}
System.out.println("\n\nRREP "+destination+" WILL FORWARD THROUGH THIS REVERSE
PATH:::::::::\n");
int temp;
String str1="";
temp=destination;
str1+=temp+"";
str2+=temp+"";
while(temp !=source)
{
{
if(reverse_path[temp][i]==3)
{
str1+="------->"+i+"";
str2+=">-------"+i+";
Route_through_node[temp][i]=4;
Route_through_node[i][temp]=4;
temp=i;
}
}
}
public static void wait1second()
{
long now = System.currentTimeMillis();
long then = now + 500;
while (System.currentTimeMillis() < then)
{
}
}
public static void waitNSeconds(int number)
{
int i;
for (i = 0; i < number; i++)
{
wait1second();
}
}
}//end Routing class
37
MainFile.java
importjava.util.*;
importjava.util.Random;
importjava.lang.*;
importjavax.swing.*;
import java.io.*;;
importjava.io.File;
class Node extends RttDemo
{
intNode_id;
doubleRtt_val;
int neighbor;
Node(intidd)
{
Node_id=idd;
}
}
public class MainFile extends RttDemo
{
public static void main(String args[])throws IOException
{
System.out.println(" WORMHOLE ATTACK DETECTION AND AODV ROUTING IN
MOBILE AD HOC NETWORK");
String nodes;
intno_of_nodes=0;
int choice;
Node N[]=new Node[no_of_nodes];
int matrix[][]=new int[no_of_nodes][];
doublertt[][]=new double[no_of_nodes][];
N=new Node[no_of_nodes];
{
N[i]=new Node(i);
}
38
rtt=new double[no_of_nodes][];
{
rtt[i]=new double[no_of_nodes];
}
if(choice==1)
{
nodes=JOptionPane.showInputDialog("Enter the Number of Nodes in Manet:");
no_of_nodes=Integer.parseInt(nodes);
InputStreamReaderisr=new InputStreamReader(System.in);
BufferedReaderbr=new BufferedReader(isr);
String s1=new String();
N=new Node[no_of_nodes];
{
N[i]=new Node(i);
}
rtt=new double[no_of_nodes][];
{
rtt[i]=new double[no_of_nodes];
}
}
public int distance(int a,int b,int a1,int b1)
{
double dis;
dis=Math.sqrt(Math.abs((((a-a1)*(a-a1))+((b-b1)*(b-b1)))));
return (int)dis;
}
Random r=new Random();
39
intval;
System.out.println("\nNEIGHBOR LIST:::::::::::\n");
longlStartTime = new Date().getTime();
inttotal_msg=0;
{
intno_of_neighbor=0;
{
if(matrix[i][j]==1)
{
System.out.println(i+" has neighbor node "+j);
no_of_neighbor++;
intmsg=r.nextInt(11)+3;
N[i].Send_message_to_Neighbour(i,j,msg);
total_msg=total_msg+msg;
}
}
N[i].neighbor=no_of_neighbor;
System.out.println(i+" HAS "+no_of_neighbor+" NEIGHBOR");
System.out.println(i+" HAS "+N[i].neighbor+" NEIGHBOR");
}
System.out.println("\nTotalmsg="+total_msg);
System.out.println("\n");
longlEndTime = new Date().getTime(); //end time
System.out.println("\n Round trip time:::"+ (lEndTime - lStartTime));
{
40
{
if(matrix[i][j]==1)
{
N[i].Reading_msg_to_Update_Rtt(i,j,rtt);
}
}
}
System.out.println("\n Time to update round trip :::"+ (lEndTime1 - lStartTime));
System.out.println("\n RTT VALUES::::::(Rtt[i][j] means rtt value of node j respect to node i):::");
{
{
if(matrix[i][j]==1)
{
System.out.println("Rtt["+i+"]["+j+"]"+rtt[i][j]);
}
}
}
System.out.println("\n\n RTT values of each node in Manet:::::::::::\n\n");
int count;
intno_of_neighbr;
double weight=0;
double sum=0;
{
{
if(matrix[i][j]==1)
{
for(int k=0;k<no_of_nodes;k++)
{
if(matrix[j][k]==1)
{
41
weight=weight+rtt[k][j];
}
}
sum=(weight/N[j].neighbor)*rtt[j][i];
}
N[i].Rtt_val=N[i].Rtt_val+sum;
sum=0;
weight=0;
System.out.println("Rtt["+i+"]["+j+"]"+rtt[i][j]);
}
N[i].Rtt_val=N[i].Rtt_val/N[i].neighbor;
DecimalFormatdf = new DecimalFormat("#.####");
System.out.println("Final RTT value "+i+ "=" + df.format(N[i].Rtt_val));
}
long lEndTime2 = new Date().getTime();
System.out.println("\n Time for RTT evaluation phase :::"+ (lEndTime2 - lStartTime));
public static void wait1second()

{
long now = System.currentTimeMillis();
long then = now + 20;
}
public static void waitNSeconds(int number)
{
int i;
for (i = 0; i < number; i++)
{
wait1second();
}
}
}//End of MainFile class
42

Manet Report For LR

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manet Report For LR

Uploaded by

Copyright:

Available Formats

AN APPROACH TO DETECT WORMHOLE

ATTACK IN AODV BASED MANET

Master in Multimedia Development

Under the guidance of

Faculty of Engineering and Technology

Master in Multimedia Development course affiliated to

Master in Multimedia Development course affiliated to

Committee of final examination

for evaluation of Thesis

** Only in case the thesis is approved.

School of Education Technology,Jadavpur university,Kolkata-32

DECLARATION OF ORIGINALITY AND COMPLIANCE OF ACADEMIC ETHICS

ROLL NUMBER : M4MMD14-22

: AN APPROACH TO DETECT WORMHOLE

School of Education Technology,Jadavpur university,Kolkata-32

School of Education Technology,Jadavpur university,Kolkata-32

School of Education Technology,Jadavpur university,Kolkata-32

School of Education Technology,Jadavpur university,Kolkata-32

Fig1. Example of Wormhole attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

School of Education Technology,Jadavpur university,Kolkata-32

1.1 Problem Statement:

School of Education Technology,Jadavpur university,Kolkata-32

1.3 Assumptions and Scope:

1.4 Background Concept:

1.4.1. Wormhole attack:

School of Education Technology,Jadavpur university,Kolkata-32

Fig1 Example of Wormhole attack

Wormhole attacks can be launched using several modes

School of Education Technology,Jadavpur university,Kolkata-32

1.4.2. AODV routing protocol:

School of Education Technology,Jadavpur university,Kolkata-32

1.5 Literature survey:

School of Education Technology,Jadavpur university,Kolkata-32

A new algorithm called Neighbor-Probe-Acknowledge (NPA) [20] is proposed to detect

School of Education Technology,Jadavpur university,Kolkata-32

1.6 Organization of the Thesis:

School of Education Technology,Jadavpur university,Kolkata-32

2. Concepts and Problem Analysis:

Fig2. Wormhole attack in AODV

School of Education Technology,Jadavpur university,Kolkata-32

School of Education Technology,Jadavpur university,Kolkata-32

3. Design and Solution:

School of Education Technology,Jadavpur university,Kolkata-32

School of Education Technology,Jadavpur university,Kolkata-32

Calculate treq and trep

Calculate RTTmax and RTTmin

If (RTT>= threshold value)

School of Education Technology,Jadavpur university,Kolkata-32

Send request packet

Destination path is available

Drop the packet

Send route error

Flowchart of implementing AODV protocol

School of Education Technology,Jadavpur university,Kolkata-32

Send route reply

4. Experiments, Results and Interpretations:

Fig5 Screenshot of Node deployment in Java

School of Education Technology,Jadavpur university,Kolkata-32

Fig6 Screenshot of RTT calculation and Wormhole attack detection

School of Education Technology,Jadavpur university,Kolkata-32

School of Education Technology,Jadavpur university,Kolkata-32

Fig8 Screenshot of AODV routing with reverse path

School of Education Technology,Jadavpur university,Kolkata-32