Professional Documents
Culture Documents
On
Securing MANET against Wormhole Attack
using Neighbor Node Analysis
MASTER OF TECHNOLOGY
(Computer Science and Engineering)
Submitted by Supervised By
Department of CSE, NGFCET, Palwal Department of CSE, NGFCET, Palwal
Submitted to
Https://ThesisScientist.com
Abstract
MANETs have unique characteristics like dynamic topology, wireless radio medium, limited
resources and lack of centralized administration; as a result, they are vulnerable to different types
of attacks in different layers of protocol stack. Each node in a MANET is capable of acting as a
router. The necessity for a secure MANET networks is powerfully tied to the security and
privacy features. The characteristics of MANETs like infrastructure less network with dynamic
topology pose a number of challenges to security design. There is an increasing threat of attacks
in MANET. Wormhole attack is one of the security attacks on mobile ad hoc networks in which
a pair of colluding nodes make a tunnel using a high speed network. This thesis focuses on
providing a solution for secure transmission through the network and proposes a neighbor node
analysis approach to identify wormhole attack and removes wormhole link in MANET. The
proposed work is simulated using Qualnet 7.0 and is analyzed using certain parameters such as
throughput, loss rate, delay rate.
Keywords
Wormhole Attack, AODV, Routing, Network Security, MANET
Https://ThesisScientist.com
CHAPTER 1
INTRODUCTION
1 Introduction:
The higher demand of wireless communication and wireless devices have tends to research on
self-organizing, self-healing networks beyond the interference of some centralized or pre-
established infrastructure/authority. The networks not present of any centralized or pre-
established structure are known as Ad hoc networks. Ad hoc Networks are the class of wireless
networks that are uses multiple hop radio relay. Mobile Ad-hoc Network (MANET) is a
combination of wireless mobile nodes and connected other in dynamic way. Nodes make a
temporary/short-term network without any fixed infrastructure where nodes are fully free to
move arbitrarily.
Https://ThesisScientist.com
random topology. The routers free to move randomly and organize themselves at random. a
network operates in a separate fashion, or may be link to the higher level of Internet. Minimal
configuration and fast deployment make ad hoc networks flexible for emergency situations like
natural or human prompted disaster areas, military conflicts, and emergency medical situations.
[3]
Https://ThesisScientist.com
been made to secure MANETs. We can find some examples in literature where various routing
attacks are examined and their proposals are made to detect these individual attacks. However,
our views in this thesis is that most of the work distinguish previously in the literature has
focused on detecting and preventing a single attack; but very few have suggested a generalize
approach that can secure against a wide variety of attacks. We consider that security is a major
service for MANETs, where there is no central administration or control to monitor and identify
attacks or activities that compromise network security. We also note the lack of research on
mechanisms with the capability to detect and prevent a range of possible attacks in MANETs.
Therefore in our opinion, further research is needed on mechanisms that can protect MANETs
against a wide variety of attacks effectively. This is especially true for reactive routing protocols
since they are more widely used.
Https://ThesisScientist.com
1.3 MANETs Paradigm:
1.3.1 Background& Standards
In 1997 the IETF produce the Mobile Ad hoc Networking Working Group [14] and since then
considerable effort has been put in by the research community for similarity on this arrive
paradigm. The aim of this working group is to similarity the routing protocol by considering their
suitable functionality in MANETs environment. They established two standard track routing
protocol particular as reactive MANET protocols and proactive MANET protocols. One of the
main considerations for the similarity of routing protocols is their performance matter such as
loop freedom, demand based operations, distributed operation and proactive operations [15].
Take into consideration the configuration matter of MANETs, IETF recently figure another
working group called Ad Hoc Networks Auto configuration (auto conf) [16]. The main purpose
of this working group is to describe the matter in addressing model for ad hoc networks that is
how the nodes in ad hoc network constract their address both locally and globally when they
connect to other networks. The auto configure working group has addition in a form of internet
draft [17], where they propose and describe a model for constract IP addresses in ad hoc
networks. The research society perspective on this multi hop ad hoc networking technology has
chang as the technology has developed in the last two line. In [18] they define the term pure
MANETs referring to an ad hoc network with no infrastructure help as compared to one with
bounded infrastructure support.
Https://ThesisScientist.com
simply request for advanced routes and advanced links are established Ad-Hoc network can be
considered in to stable Ad-Hoc network (SANET) and Mobile Ad-Hoc network (MANET).
Mobile Ad-Hoc network topology is dynamic that can change speedily because the nodes move
freely and can organize themselves in any case. This property of the nodes makes the mobile Ad-
Hoc networks insecure from the point of view of scalability and topology.
Https://ThesisScientist.com
2) Distributed operation
3) Multi-hop routing
4) Dynamic network topology
5) Fluctuating link capacity
6) Light-weight terminals
Autonomous Terminal: In MANET, every mobile terminal is an autonomous node,
which may function as both a host and a router. In other words, beside the basic
processing capability as a host, the mobile nodes can also act switching functions as a
router. So usually endpoints and switches are identic in MANET.
Distributed Operation: Since there is no background network for the central authority. of
the network operations, the control and management of the network is allocation among
the terminals. The nodes winding in a MANET should co-operate amongst themselves
and each node action as a relay as needed to implement functions like security and
routing.
Multi-hop Routing: Basic types of Ad hoc routing algorithms can be single-hop and
multi-hop, depend on different link layer attributes and routing protocols. Single-hop
MANET is simple than multi-hop in terms of structure and implementation, with the
lower cost of functionality and applicability. When delivering data packets from a source
to its destination out of the traditional wireless transmission area, the packets should be
forwarded by one or more middle nodes.
Dynamic Network Topology: Since the nodes are mobile, the network topology may
change fastly and unpredictably and the connectivity among the terminals may alter with
time. MANET should accept to the traffic and propagation case as well as the mobility
designs of the mobile network nodes. The mobile nodes in the network dynamically
stablished routing among themselves as they shift about, forming their own network on
the fly. also, a user in the MANET may not only operate within the Ad hoc network, but
may require access to a public static network (e.g. Internet).
Fluctuating Link Capacity: The nature of high bit-error rates of wireless connection
might be more deep in a MANET. One end-to-end path can be shared by several
sessions. The channel over which the terminals communicate is subjected to noise, dying,
Https://ThesisScientist.com
and interference, and has less bandwidth than a wired network. In some scenarios, the
path between any pair of users can Travers many wireless links and the link themselves
can be heterogeneous.
Light Weight Terminals: In many cases, the MANET nodes are mobile devices with low
CPU processing capability, small memory size, and lower power storage. Such devices
involve optimized algorithms and mechanisms that implement the joint up and
communicating functions.
Types of Mobile Ad-Hoc Network:
1. Vehicular Ad-Hoc Networks (VANETs)
2. Intelligent Vehicular Ad-Hoc Networks ( InVANETs)
3. Internet Based Mobile Ad-Hoc Networks (iMANETs
Https://ThesisScientist.com
1.4 Applications of MANETs:
Ad hoc networks are fitted for use in situations where an infrastructure is unaccessible or to
deploy one is not total effective [39]. The following are selected of the important applications.
Business Applications: many possible uses of mobile Ad hoc networks is in any
business environments, where the need for Gray Hole computing might be most
important outside the office environment than inside, such as in a business meeting
outside the office to brief clients on a given work. Work has been going on to introduce
the fundamental aim of game theory and its applications in telecommunications. Game
theory originated from economics and has been applied in various fields. Game theory
contract with multi-person decision making, in which each decision maker tries to
maximize his speciality. The concert of the users is necessary to the operation of Ad hoc
networks; therefore, game theory give a good basis to analyse the networks. People
playing multi-player games usually do so over the Internet, uses a remote host. This
model is call the client-server model. In the class of multiple users, each user just
connected to a common server, and the server forwards the packets to connected users.
Military Applications: Military applications have motivated recent research on Ad hoc
networks. The capability to quickly set up a network among military units in hostile
territory without any infrastructure help can provide friendly forces with a considerable
tactical advantage on the battlefield. For instance, each soldier can transfer a mobile
device that represents one of the mobile nodes in an Ad hoc network connected all
soldiers, tanks, and other vehicles as shown in Fig 3.3. Recently advances in robotics
have also motivated the plan of automated battlefields in which unmanned fighting
vehicles are send into battle. Supporting military applications requires self-maintained
mechanisms that provide robust and reliable communication in dynamic battle condition.
Emergency Operations: other promising application field for Ad hoc networks is
emergency services, including search and rescue and disaster recovery operations. for
example of search and rescue, consider airline that attached to small wireless devices to
Https://ThesisScientist.com
the life jackets under each seats. Guess that the plane has mechanical problem and has to
made an emergency landing in the water.
Https://ThesisScientist.com
Dynamic Topology: The topology in an Ad hoc network may changed frequently due to
the mobility of nodes. As nodes change in and out of range of each other, some links
break while new connection between nodes are created. As a result of these stocks,
MANETs are level to numerous types of faults including the following.
Transmission Errors: The unaccuracy of the wireless medium and the unpredictability
of the environment may guide to transmitted packets being garbled and thus received
packet fault.
Node Failures: Nodes may fail at any time due to kind of types of dangerous conditions
in the environment. They may also leave out of the network either voluntarily or when
their energy supply is depleted.
Link Failures: Node failures as well as changing environmental conditions (e.g.,
increased levels of EMI) may aim links between nodes to break. Connection failures
creator the source node to realize new routes through other links.
Route Breakages: When the network topology changes due to node/link failures and/or
node/connection additions to the network, routes become out-of-date and thus inaccurate.
Depending upon the network transport protocol, packets forwarded through stale routes
may either ultimately be bead be delayed.
Congested Nodes or Links: Due to the topology of the network and the nature of the
routing protocol, certain nodes or connection may become over utilized, i.e., congested.
This will guide to either big delays or packet loss.
Https://ThesisScientist.com
1.6 MANETs Routing Protocols
Mobile Ad-Hoc Network is the fast growing technology from the past 20 years. The gain in their
fashion is because of the ease of arrangement, infrastructure low and their dynamic nature.
MANETs created a new set of demands to be effected and to provide efficient better end-to-end
communication. MANETs works on TCP/IP structure to giving the means of communication
between communicating work stations. Work stations are mobile and they have fixed resources,
therefore the old-fashioned TCP/IP model requires to be refurbished or modified, in order to
compensate the MANETs mobility give reliable functionality. Therefore the key research area
for the researchers is routing in another network. Routing protocols in MANETs are a
challenging and adorable tasks, researchers are giving tremendous amount of attention to this key
place.
Https://ThesisScientist.com
Fig.1.2 MANETs Routing Protocols
A. Reactive Protocols:
Reactive protocols also called as on demand driven reactive protocols. The fact they are called
reactive protocols is, they dont initiate route discovery by themselves, until they are requested,
when a source node request to search a route. These protocols setup routes when demanded [3,
4]. When a node needs to conversation with another node in the network, and the source node
does not have a route to the node it wants to contact with, reactive routing protocols will
establish a route for the source to destination node. usually reactive protocols
Dont find route until demanded
When tries to find the destination on demand, it uses flowing technique to propagate
the query.
Do not consume bandwidth for sending information.
They consume bandwidth only, when the node start transmitting the data to the
destination node.
1. Ad-Hoc On Demand Distance Vector Protocol (AODV):
AODV is define in RFC 3561 [5]. Its reactive protocol, when a node wishes to start transfer
with another node in the network to which it has no route; AODV will provide topology
information for the node. AODV uses control messages to search a route to the destination node
in the network. That are three types of control messages in AODV which are discussed .
Https://ThesisScientist.com
Route Request Message (RREQ):
Source node that needs to concert with another node in the network transfer RREQ message.
AODV floods RREQ message, using expanding ring technique. There is a time to live (TTL)
value in every RREQ message, the value of TTL states the number of hops the RREQ should be
transferred.
Route Reply Message (RREP):
A node having a requested identity or another intermediate node that has a route to the requested
node creates a route reply RREP message back to the originator node.
Route Error Message (RERR):
Each node in the network kept monitoring the link status to its neighbors nodes during active
routes. When the node detects a connection crack in an active route, (RERR) message is
generated by the node in order to notify other nodes that the connection is down.
Route Discovery Mechanism in AODV
When a node A wants to initiate transmission with any node G as shown in the Fig. 2.4 , it
will creats a route request message (RREQ). This message is propagated through a fixed flood to
other nodes. This control message is forwarded to the neighbors, and those node forward the
control message to their neighbouring nodes. This process of finding destination node goes on
until it search a node that has a fresh enough route to the destination or destination node is placed
itself. Once the destination node is located or an intermediate node with enough new routes is
located, they allocate control message route reply message (RREP) to the source node. When
RREP reaches the source node, a route is established between the source node A and
destination node G. Once the route is stablished between A and G, node A and G can
concern with each other. Fig.1.3 depicts the exchange of control messages between source node
and destination node.
Https://ThesisScientist.com
Fig.1.3 AODV Route Discovery
When there connection is down or a link between destinations is broken that causes one or more
than one links unavailable from the source node or neighbours nodes, the RERR message is send
to the source node. When RREQ message is broadcasted for locating the destination node i.e.
from the node A to the neighbors nodes, at node E the link is broken between E and G,
so a route error RERR message is created at node E and transmitted to the source node
informing the source node a route fault, where A is source node and G is the destination
node. The scheme is shown as fig 1.4..
Https://ThesisScientist.com
B. Dynamic Source Routing Protocol:
Dynamic source routing protocol compress as DSR is also a reactive protocol. DSR use to update
its route caches by finding fresh routes. It updates its cache with fresh route discovered or when
there exist a direct route between source and destination node. When a node needs to transmit
data, it design a route for the transmission and then starts transmitting data through the described
route. There are two processes for route discovery and maintenance which are defined below.
Route Discovery Process:
When a source node need to start data transmission with any node in the network, it checks its
routing cache. The cache route is not available to the destination in its cache or a route is
expired, it broadcast RREQ. When the destination is placed or any intermediate node that has
new enough route to the destination node, RREP is generated [15]. When the source node get the
RREP it updates its caches and the traffic is routed through the route.
Route Maintenance Process: the transferring of data started, it is the responsibility of the node
that is transfer data to confirm the next hop received the data along with source route. The node
creates a route wrong message, if it does not receive another confirmation to the originator node.
The originator node again performs fresh route discovery process.
1.6.2 Proactive Protocols:
Proactive routing protocols work as the another way around as compared to reactive routing
protocols. That protocols constantly maintain the updated topology of the network. Each node in
the network knows around the other node in advance, in other words the whole network is called
to all the nodes making that network. All the routing facts is usually keep in tables [6]. Whenever
there is a change in the network topology, that tables are updated accordance to the change. The
nodes exchange topology information with each other; they can have route information any time
when they require [6].
1. Optimized Link State Routing Protocol (OLSR):
The Optimized link State Routing (OLSR) protocol is defined in RFC3626 [7]. OLSR is
proactive routing protocol that is also known as table driven protocol by the information that it
updates its routing tables. OLSR has also three types of control messages which are defined.
Hello: This control message is transmitted for sensing the neighbor and for Multiple Point
Distribution Relays (MPR) calculation.
Https://ThesisScientist.com
Topology Control (TC): These are link state signaling that is performed by OLSR. MPRs are
used to optimize theses messaging.
Multiple Interface Declaration (MID ): MID messages contains the list of all IP addresses used
by any node in the network. All the nodes running OLSR transmit these messages on more than
one interface.
OLSR Working Multi Point Relaying (MPR)
OLSR discuss the network topology information by flowing the packets throughout the network.
The flood is done in such way that each node that receive the packets retransmits the received
packets. These packets contain a sequence number so as to prevent loops. The receiver nodes
register this sequence number making assure that the packet is retransmitted once. The basic
concept of MPR is to decrease the duplication or loops of retransmissions of the packets.
Only MPR nodes are broadcast route packets. The nodes within the network kept a list of MPR
nodes. MPR nodes are selected with in the local area of the source node. The selection of MPR is
depend on HELLO message sent between the neighbor nodes. The selection of MPR is such that,
a path exist to each of its 2 hop neighbors through MPR node. Routes are established, once it is
complete the source node that wants to initiate transmission can start sending data.
Https://ThesisScientist.com
harm services in the network through denial of service attacks, and that a network without
desired services is as poor as having no network.
1.8.2 Integrity:
Integrity confirms that data packets are unaltered during transition from source to destination i.e.
unapproved user could not manipulate data through insertion, substitution, deletion or forging
data. To keep integrity, data is usually signed by the source and the receiver proves the digital
signature to be sure of integrity of the data. Such mechanism will incur extra overhead for nodes
in MANETs with controlled processing abilities and also because nodes relay data for other
nodes, so integrity cheeks wants to carried out at every hop. In [20] Gavidia et.al realize the cost
of guaranteeing data integrity mechanism for MANETs and proposed a answer based on
probabilistic integrity checks and traffic analysis. They prove that probablistic verification is an
effective technique to restrict the amount of corrupted content and their spread i.e. ensures data
reliability in MANETs.
1.8.3 Authentication:
Authentication is a process that allows node to confirm the identity of the other nodes with it is
communicating. Two types of verification are entity and data authentication [36]. Entity
verification ensures that other communicating parties are who they claim to be and data
authentication is concentrated on providing a guarantee as to the origin of the data.
Https://ThesisScientist.com
1.9 Flaws in MANETS:
MANETs are very adaptable for the nodes i.e. nodes can freely join and leave the network. There
is no main body that keeps watching on the nodes arriving and leaving the network. All these
weaknesses of MANETs make it susceptible to attacks and these are discussed bellow.
Https://ThesisScientist.com
1.9.3 No Central Management:
MANET is a self-configurable network, which contains of Mobile nodes where the
communication among these mobile nodes is done lacking a central control. Each and every
node act as router and can forward and receive packets [12]. MANET works without any
preexistent infrastructure. This lack of centralized management tips MANET more weak to
attacks. Detecting attacks and monitoring the traffic in extremely dynamic and for large scale
Ad-Hoc network is very complex due to no central management. When there is a central entity
taking carefulness of the network by applying proper security, authentication which node can
joint and which cant. The node connect which each other on the basis of blind mutual trust on
every other, a central entity can succeed this by applying a filter on the nodes to find out the
suspicious one, and let the other nodes know which node is doubtful.
1.9.4 Problem of Scalability:
In old-style networks, where the network is built and each machine is associated to the other
machine with help of wire. The network topology and the scale of the network, while designing
it is defined and it do not change much through its life. In other words we can say that the
scalability of the network is definite in the beginning phase of the designing of the network. The
case is fairly opposite in MANETs because the nodes are mobile and due to their mobility in
MANETs, the scale of the MANETs is varying. It is too hard to know and predict the numbers of
nodes in the MANETs in the future. The nodes are free to travel in and out of the Ad-Hoc
network which makes the Ad-Hoc network very much ascendable and shrinkable. Keeping this
property of the MANET, the protocols and all the services that a MANET affords must be
flexible to such changes.
Https://ThesisScientist.com
Chapter 2
LITERATURE REVIEW
2.1 Background
2.1.1 MANETs and Wormhole Attacks
A MANET is a network structure lacking a centralized infrastructure, making it vulnerable to
some types of attacks such as wormhole attacks. Wormhole attacks goal to attack a breakable
MANET by using two or more nasty nodes to fool a source node, which is trying to send the
data. Naturally, the malicious node uses a fake route which presents itself as the direct route to
the destination node [3]. Frequently, two nodes are involved: one is used to record the data and
the extra is used to forward the data back into the original network [4]. Contrary to mischievous
attacks, it was advised [8] that if a wormhole attack is not used for malicious means (for
instance, the case where it is produced by security personnel to test a network), the performance
of the network can be enhanced. An example of a wormhole link is depicted in Figure. 2.1 [9]:
Https://ThesisScientist.com
In Figure. 2.1, nodes X and Y are colluding nodes which form a wormhole connection. These
two nodes are part of the MANET and have the skill to communicate with each other as well as
other normal, behaving nodes such as b or c. However, unlike behaving nodes, X and Y have a
advanced transmission power which gives them the skill to attract to themselves, allowing
malicious acts to take place.
2.1.2 AODV Protocol
AODV [10] is a routing protocol which has been planned to wait for requests before attempting
to catch the most optimal route for use by one node (source) to send messages to another node
(destination). The most best route is determined by the distance or the number of hops between
nodes. The AODV procedure works as follows:
1. A source node is mandatory to signify the need to send packets to a particular destination
node.
2. The source node broadcasts a route request packet (RREQ) to all neighbouring nodes.
3. The middle nodes continues broadcasting the RREQ to other neighbouring nodes until the
destination node is found.
4. When foundation, the destination node broadcasts a route reply packet (RREP) back to the
source node using different routes found by the RREQ broadcast.
5. When the source receives the RREP messages, it selects the route with the lowest hop count to
forward the data packets to the destination node.
Https://ThesisScientist.com
`one-to-many' message transmission. For example, later a source node receives a RREP from
changed destination nodes of interest, it sends the data all together to all the targeted destination
nodes. In this thesis, firstly unicast transmission is used. Since MANETs are open wireless
networks which are vulnerable to attacks, we will want methods to protect messages and data
packets which are passed over the network. The Diffe-Hellman (DH) algorithm [13] is ideal for
use in AODV since it each permits two nodes in the same network that are not alert of any
predefined or called parameters of other to securely exchange secret keys in an unconfident
network environment. We will be consuming the Advanced Encryption Standard [14] in CBC
mode as the security protocol used to deliver additional security of these secret keys.
Https://ThesisScientist.com
nonstop trust counter is incremented. Similarly, if the integrity checks flop or the forwarding
node does not transmit the packet at all, its corresponding direct trust size is decremented. This
derived trust is then used to inspiration the routing decisions, which in turn leader a node to
avoid communication through the wormholes.
For detection and prevention of attack in MANET an well-organized multipath algorithm was
proposed by Waseem Ahad and Manju Sharma [10]. This algorithm will casually generate a
number in between 0 to maximum number of nodes and kind the node with same number as
transmitter node as wormhole attack is complete by transmitter and receiver so have to decide
the transmitter and receiver. Then create the route from selected transmitting node to any
destination node with specified average route distance. After this it will send packet giving to
selected destination and start timer to count hops and delay. By repeating the whole method up to
this point will be required as to store ways and their hops and delay. Now for detection of
malicious node, if the hop count for a particular direction decreases abruptly for average hop
count then at least one node in the route must be attacker. Algorithm will check the interruption
of all previous routes which involve any on node of the suspicious path. The node not encounter
previously should be malicious.
An end-to-end detection of wormhole attack (EDWA) in wireless ad hoc networks is planned by
Xia Wang and Johnny Wong [8]. Authors first presented the wormhole detection which is
created on the smallest hop count estimation in the middle of source and destination. If the hop
count of a received shortest route is much lesser than the estimated value an alert of wormhole
attack is higher at the source node. Then the source node will start a wormhole finding procedure
to identify the two end points of the wormhole. Lastly, a legitimate route is selected for data
communication.
In [15], Khalil et al. suggested a protocol (so-called LiteWorp) to discover and avoid wormhole
attacks in a static network. LiteWorp works by instructing each node involved to find 2-hop
routing information from their immediate neighbours. The suggested technique is an extension of
their original protocol in which each node only saves 1-hop routing information. According to
the authors, analyzing the routing info on routes which are 2-hops away will help wormhole
detection. In addition, nodes will also monitor their private neighbour nodes and possibly
become guard nodes for a pair of nodes which are all-out 2-hops apart. Guard nodes are designed
Https://ThesisScientist.com
to monitor neighbouring nodes activity to aid wormhole detection. However, the LiteWorp idea
was only designed for static networks and is impractical for a mobile network such as MANETs.
In [4], Hu et. al packet leashing introduces a way to prevent wormhole attacks. Their idea of
using packet leashes consists of information in a commuting packet that detects and prevents
abnormal transmission. In doing so, some timings are inserted in the packet
when it is forwarded by the sending node to a receiving node (not necessarily from source to
destination). Next, the receiver compares its own timings with the sender's timings resulting in a
calculated latency between the two nodes. The authors pointed out a limitation to this technique
since it is possible that two malicious nodes collude together to break their scheme while still
being within an acceptable distance. They state that a network which includes node positioning
analysis will overcome such vulnerability. Unfortunately, this solution suggests that only a
network with such topology will be able to prevent this detrimental attack.
In [16], a scheme called TrueLink was proposed to prevent wormhole attacks. True Link also
uses a timing based solution to the wormhole problem. Two nodes which are seemingly
neighbours exchange nonces or values which are used only once. This method is monitored
under strict timing restrictions (similar to those used in [4]) so that it is impossible for colluding
malicious nodes to replicate it since the packets routed through the wormhole will be more time
consuming than those forwarded normally. After the exchange of nonces, the two apparent
neighbours send messages to each other authenticating that the nonces were from the respective
nodes. If any intrusion is discovered, there will be a mismatch in messages and the system will
detect the malicious activity. This scheme suffers various limitations. First, unexpected delays
caused by legitimate events such as signal interference may increase the timings past accepted
ranges, thereby causing a drop of genuine packets. Second, it is assumed that an authenticating
mechanism (which may not exist) is already in place. Third, if the security mechanism is not
available, this method will be benign and ineffective to detect malicious attacks on the packets
being forwarded within the network.
In [5], Mamatha et al. proposed an AODV-based scheme for preventing wormhole attacks in
MANETs in which the hash identifier of the original packet is inserted in the data as it gets
forwarded from node to node. The procedure of their scheme is outlined as follows.
1. The system gets the hash (treated as a marker) and includes it in the data frame of the packet.
Https://ThesisScientist.com
2. The packet is then divided into sub-packets with a predetermined size and sent to the
destination node.
3. The intermediate nodes read the data frame to get the destination of the packets and then
continue forwarding to the next neighbouring node based on the AODV protocol.
4. Once the sub-packets are received by the destination, they are reconstructed to form the
original packet and the hash value is calculated.
5. The receiver will continue to extract the hash value stored in the data frame of the packet and
then checks if these values match. If that is the case, the receiver will reply with an
acknowledgement (ACK) frame containing an ACK field to confirm safe receipt of the packet.
However, if there is no match, the ACK frame will contain a Confidentiality Lost field which
will be forwarded to the sender informing it that the hash value was changed. If the
acknowledgement frame is not received by the sender within the allotted time, then the packets
are assumed to be lost. Few limitations of this method are as follows. This method does not
address other major effects of wormhole attacks. For instance, falsified nodes cannot be
prevented from recording the packet chunks. Indeed, packet chunks can be copied or recorded
without modifying the packet itself, thus the hash value will not change. Additionally, if packet
chunks are recorded, they can possibly be reconstructed by malicious nodes. Thus, it is possible
for a wormhole attack to record packets while remaining undetected.
In [17], Singh and Vaisla introduced an approach to detect wormhole attacks, where time is
considered as a key parameter. In their scheme, during the RREQ broadcast phase of route
discovery, each node will save a TREQ (time of request) which will record the time it takes for
the current node to forward a RREQ to its neighbour node. Once the RREQ reaches the
destination, a RREP is sent by the destination node to the sender and a TREP (time of reply) is
recorded at each node as the algorithm retraces its steps back to the sender. Finally, a RTT
(round trip time) of each successive intermediate node is calculated as the difference between the
TREP and the TREQ (RTT = TREP - TREQ). The RTT is calculated at each node to check if the
value is higher or lower than other RTT values calculated along the route. If no attack is
detected, the value of the RTT will be similar for all nodes. However, if the value of the RTT at a
certain node is higher than that of other successive nodes, then a wormhole attack may have
occured at that specific node. The method assumes that the RTT between two colluding attacking
Https://ThesisScientist.com
nodes will be significantly higher than two good nodes. However, calculating only the RTT may
not be sufficient to detect wormhole attacks.
In [9], a method is proposed that does not use timings or delays as a factor in detecting wormhole
attacks in wireless networks. Each node has a disk which its surrounding neighbors may
populate. The method exploits the long range wormholes by using unit disk graphs (UDGs) as an
unit radius disk in the network plane that models the range in which a node can communicate
using an omni-directional antenna. Since long-range links will be more than a unit radius, this
will indicate the presence of a wormhole link in the network. Although their proposed scheme
was shown to effectively detect wormholes in wireless networks, the case when nodes are mobile
was not treated.
In [18], Choi et al. proposed a method which is based on the DSR routing protocol to detect
wormholes in MANETs. Their method consists of a neighbor node monitoring
technique and a wormhole route detection method controlled by means of a timer (so-called
wormhole prevention timer). This scheme does not rely on any speci_c hardware for node
location or time synchronization. However, the assumptions that nodes will continue to monitor
active transmission at the link layer even though some of these nodes may not be intended
receivers is not realistic.
In [19], Hayajneh et al. proposed a technique called DeWorm which utilizes discrepancies in
routing between neighbours of nodes that are along a route of a selected path between the source
and destination nodes. DeWorm takes advantage of the fact that a wormhole link attempts to
attract a large amount of traffic to itself. Moreover, the routes through the wormhole link are
shorter than that of legitimate nodes within the network. Each node along the route, after being
selected during the route discovery phase, will initiate the DeWorm algorithm which relies on
the acquisition of different routes to a target node. This route discovery phase involves nodes
which are 1-hop neighbours of the current node performing the scheme. Additional information
has been added to each packet in order to carry necessary information used by the method.
Therefore, this method su_ers from a large overhead. Due to this large overhead, the
computation used to analyze the necessary information will increase, thereby increasing the
amount of energy consumed. Since the method is not energy efficient, this protocol is not quite
suitable for mobile networks for which the target is energy conservation.
Https://ThesisScientist.com
In an attempt to improve DeWorm, Dhurandher et al. [20] proposed a scheme (so-called E2SIW)
which is based on the AODV protocol. It is designed to be energy efficient and can mitigate
wormhole attacks in MANETs. Their method uses the location coordinates of nodes within the
MANET in order to detect the presence of wormholes. The authors discussed that wormhole
links will be low in hop counts. The hop count needs to be low in order to attract a large amount
of traffic to the wormhole nodes. By using GPS to examine the connectivity information for all
neighbouring nodes of a given node, the method is able to detect exactly how far the nodes are
from each other. Moreover, as the RREQ is being broadcasted, each hop is analyzed by their
respective nodes. Information about nodes which are two hops away are tested and temporary
routes are analyzed as well. Thus, this technique continually monitors the actual position of
nodes as well as the temporary routes during the route discovery phase. By detecting anomalies
within the network throughout and each hop of the discovery process, the method continuously
builds a route which avoids the wormhole link. However, the authors have not disclosed the
overhead for such a scheme since a lot of information is analyzed throughout each step of the
route discovery process.
2.3 Attacks:
There are two mainly protocols are used in MANET networks, Link layer protocol are used to
provide connectivity between different mobile nodes in order to ensure one-hop connectivity by
using multihop wireless channels. On the other hand if we like to extend connectivity to different
multiple hops then MANET network uses network layer protocols. In the coordination process
distributed protocols typically assume that all mobile nodes are cooperating with respect to
communication but actually this assumption is not possible in hostile mobile networks
environment because cooperation is not enforced in MANET. The question arises why? The
reason is because of malicious attackers violating protocol specification in order to disrupt
network operations.
2.3.1 Network Layer operation
There are two main network-layer operations in MANET.
1. Ad hoc routing
2. Data packet forwarding
Https://ThesisScientist.com
They interact with each other and delivering packets from source to destination. The main
function of the ad hoc routing protocols is to provide routing among nodes; they exchange
routing messages between different mobile nodes in order to maintain routing information at
each node. According to the routing states, the second network layer operation data packets are
used to forward data by intermediate next node which is an established route to the destination
node. These both operations are vulnerable to malicious attacks, and which will lead to various
types of malfunction in network layer.
2.3.2 Network Layer Attack
Due to this reason network-layer generally fall into two categories attacks:
1. Routing attacks
2. Packet forwarding attacks
There are different categories of routing attacks that does not follow routing protocol
specification. There are different routing protocols in MANET so therefore different attack
behaviors related to different routing protocols. Some of them are discuss below:
1. According to the context of DSR [1] MANET routing protocol there are following different
attacks which are given below [6]:
An attacker modifies source routing list with respect to RREQ or RREP packets.
Switching order of different nodes in the routing list.
Deleting entries from the list.
Appending new node entries into the list.
2. According to the context of AODV [2] MANET routing protocol there are also different
attacks which are given below [7]:
An attacker advertise route with wrong distance metric with respect to actual distance to
the destination.
Advertise wrong routing updates with a large sequence number with respect to actual
sequence number.
An attacker invalidates all routing updates from other nodes.
3. According to the context of TORA routing protocol, there are also different attacking
methods:
Https://ThesisScientist.com
Attackers construct routing paths by interfering with the protocols' mechanisms, e.g.
routes can be forced to use attacking nodes to go through them.
Attackers can also exhaust network resources by maliciously act of injecting, modifying
and dropping data packets.
In order to divert traffic attackers attack on the routing protocols and divert traffic towards
certain destinations under their control, and then they cause problematic situation in the network
along a route which is not optimal or even nonexistent. The attackers can also create routing
loops in the network, due to this way it creates network congestion in certain areas. There are
also some other attacks like multiple colluding attacks which may cause to prevent source in
order not to find route to the destination and also partition the network in the worst.
2.3.3 Active Attacks
There are also some different active attacks which are really difficult to locate or identify
because these attacks are more sophisticated and they are considered as subtle routing attacks
some of them are given below [8]:
Attacker may further subvert existing nodes in the network.
They can also fabricate their identity
They can also impersonate other legitimate node
Attackers in pair nodes may create a wormhole [9]
They also creates shortcut in normal flows between each other
The attackers target the route maintenance process and advertise operational link is
broken [6]
According to context of routing attacks there are also some other kind of attacks like attacker
launch attacks against packet forwarding operations as well due to this way it will not only
disrupt the routing protocol it also poison the routing states at every node. For example, the
attacker established route and drop packets, or also modify the content of the packets, or
duplicate the packets. Another type of packet forwarding attack is denial-of-service (DoS) attack
through network-layer packet blasting, in this type of attack attacker inserts large amount of junk
packets in network. Due to this action significant portion of the network resources are wasted,
and introduce severe wireless channel contention and network congestion in the network.
Https://ThesisScientist.com
There are identified vulnerabilities of the link-layer protocols, especially in the IEEE standard
802.11 MAC protocols [3], for mobile ad hoc network. Its true that 802.11 WEP is vulnerable to
different types of cryptography attacks by misusing the cryptographic primitives [10]. The IEEE
802.11 protocol is vulnerable to many DoS attacks due to this way it targeting reservation
schemes and channel contention. The attacker exploits binary exponential back off scheme in
order to deny access to the wireless channel from its local neighbors [11, 17].
Https://ThesisScientist.com
concerned the main task of the attacker is to introduce some non-cooperative or selfish nodes
that can be used to inject false packets due to this wayload on the network increases and it will
become a cause of consuming network bandwidth.
Https://ThesisScientist.com
Fig. 2.6 an example of route modification attack
D. Attacks using Impersonation: In this type of attacks where attacker is used to violates
authenticity and confidentiality of a network. In this attack an attacker (i.e. malicious node) uses
to impersonate the address of other user node in order to change the network topology. This type
of attack can be described in the Figure 2.7 given below:
Https://ThesisScientist.com
E. Attacks using Fabrication: In this type of attacks, where an attacker as a malicious
node try to inject wrong messages or fake routing packets in order to disrupt the routing process.
The fabrication attacks are very much difficult to detect in the mobile ad hoc network. Attacks
using fabrication process are discussed very well in [20] and [21]. In Figure 2.8 where
fabrication attacks is explained by an example. In the example where the source node S wants to
send data towards the destination node X, so therefore at start it sends broadcast message and
request for route towards the destination node X. An attacker as a malicious node M try to
pretends and modify route and returns route reply to the node (S). Furthermore, an attackers
nodes use to fabricate RERR requests and advertise a link break nodes in a mobile ad hoc
network by using AODV or DSR routing protocols.
Https://ThesisScientist.com
Fig. 2.9 Wormhole attack example
B. Black hole attack: This kind of attack is described very well in detail in [21]. In this
type of attack, node is used to advertise a zero metric to all destinations, which become
cause to all nodes around it in order to route data packets towards it. The AODV protocol
is vulnerable to such kind of attack because of having network centric property, where
each node of the network has to shares their routing tables among each other.
In the above example where there are two malicious nodes M1 and M2 which link through a
private connection. In this type of attack every packet which an attacker receive from network 1
forward to other network where another malicious node exist, simple speaking these two nodes
use to exchange network information and fabricate traffic among each other. The traffic between
the two nodes passes through wormhole among each other. Due to this way it will become the
cause of disrupts routing protocols and violating normal flow of routing packets. These types of
attacks are very difficult to detect in a network, and become the cause of severe damages to the
nodes. These types of attacks can be prevented by using mechanism packet leashes [15], which
are used to authenticate nodes among each other by timing information process.
Https://ThesisScientist.com
Chapter 3
Methodologies and Technical Background
In this chapter, we describe the methods that we proposed to address wormhole attacks in
MANETs as follows: (1) we analyze two different single wormhole scenarios and its effects on
MANETs by injecting two colluding malicious nodes which drop data packets; (2) we introduce
our E-HSAM method to enhance the HSAM scheme. The enhancements are twofold (a)
performing for the _rst time a simulation study of the HSAM protocol, (b) introducing a more
efficient approach to securing the routes in the route selection phase of the HSAM protocol; (3)
we design AODV-WADR-TDES as a complement to AODV-WADRAES in order to test the
performance difference when using two different cryptographic algorithms with the same
AODV-WADR scheme. This study is valuable because there exists modern day technology, such
as many smart cards, which do not necessarily support AES [21]; (4) we combine the techniques
and strengths of both E-HSAM and AODV-WADR-AES to design our novel scheme (so-called
TSMI). TSMI is able to ward of collaborative wormhole attacks effectively while maintaining
the performance of both E-HSAM and AODV-WADRAES.
Https://ThesisScientist.com
Figure 3.2: Single Wormhole Attack Method 2
Algorithm 1 HSAM
Require: AODV Protocol
1: Route (R) is obtained through the regular AODV protocol
2: RREQ sent out by source (S) and S records the current time (t)
3: if S receives RREP from destination (D) within NetTT then
4: S records the receive time duration (t) and hop count found in RREP
5: else
6: S selects the next best route available from RREPs
7: end if
8: S divides the data packet into sub-packets of 48 byte chunks each
9: for each packet chunk to send do
10: Construct the data frame with source address, destination address and hash code
11: Increment the counter cpkt
12: Send packet to nearest node and record the send time in RTT start
13: Packet reaches D and the hash is computed and compared to the hash in the frame
14: if there is a match (in hash values) then
15: D prepares ACK frame with ACK field and sends it to S
16: else
17: D prepares ACK frame with CONFIDENTIALITY LOST field and sends it to S
18: end if
19: if frame contains the ACK field then
20: S records the receive time in RTT end and calculates the RTT as RTT start RTT end
21: if RTT is equal or less than 20ms then
Https://ThesisScientist.com
22: Route is valid and S prepares to send the next chunk
23: else
24: Packet is assumed to be lost and S increments the counter cmiss
25: end if
26: else
27: S blacklists and discards R, then selects next route R from line 1
28: end if
29: end for
30: S calculates the ratio cmiss/cpkt to obtain the Limit of Tolerance value
31: if ratio is less than or equal to 0.2 (20%) then
32: R is not discarded from the routing table and the route is deemed acceptable and
secure
33: else
34: R is compromised, S blacklists R and selects next R from line 1
35: end if
All single operations in the HSAM algorithm are approximately O(1). The need to send all the
sub-packets to the destination node costs approximately O(n) where n is the number of packets to
be sent. Therefore, the complexity of this algorithm is approximately O(n) + O(1) or O(n).
Https://ThesisScientist.com
The reasoning behind this comes from our treatment of the size of data packets. In order to
obtain a reliable Limit of
Tolerance, there is a need to obtain a sufficient number of cpkt and cmiss. For smaller data
packet sizes, the packet should be split accordingly in order to gather enough cpkt and cmiss to
provide a reliable ratio (rather than just a few cpkt and cmiss). The next difference is how routes
will be avoided by the method. Instead of using a self-developed method to avoid the route
containing malicious nodes, E-HSAM method utilizes a mechanism similar to that used by
AODV for the sending of a RERR packet back to the sender. This mechanism will discard the
suspicious route and automatically increment the routing table sequence number, then choose the
next route. This slight modification to the RERR mechanism effectively avoids the route in
question when data the integrity is compromised and the next available route is to be used.
Algorithm 2 describes the E-HSAM algorithm pseudocode:
Require: AODV Protocol
1: Route (R) is obtained through the regular AODV protocol
2: RREQ sent out by source (S) and S records the current time (t)
3: if S receives RREP from destination (D) within NetTT then
4: S records the receive time duration (t) and hop count found in RREP
5: else
6: S selects the next best route available from RREPs
7: end if
8: S creates mock packets of 48 bytes each
9: S divides the data packet into sub-packets of 48 byte chunks each
10: for each packet chunk to send do
11: Construct the data frame with source address, destination address and hash code
12: Increment the counter cpkt
13: Send packet to nearest node and record the send time in RTTstart
14: Packet reaches D and the hash is computed and compared to the hash in the frame
15: if there is a match (in hash values) then
16: D prepares ACK frame with ACK field and sends it to S
17: else
18: D prepares ACK frame with CONFIDENTIALITY LOST field and sends it to S
Https://ThesisScientist.com
19: end if
20: if frame contains the ACK field then
21: S records the receive time in RTTend and calculates the RTT as RTTstart - RTTend
22: if RTT is equal or less than 20ms then
23: Route is valid and S prepares to send the next chunk
24: else
25: Packet is assumed to be lost and S increments the counter cmiss
26: end if
27: else
28: S blacklists and discards R, broken links are incremented, S selects the
next R from the routing table and restarts the mock packets process
(i.e. repeat line 8)
29: end if
30: end for
31: S calculates the ratio cmiss/cpkt to obtain the Limit of Tolerance value
E-HSAM addresses collaborative attacks which exist in the original HSAM. By sending mock
packet chunks, if an attacker tries to copy the packets, the original data is not revealed since the
mock chunks do not contain any information which could be useful to the involved malicious
nodes. Additionally, the packets are protected from tampering attacks since hash markers are
utilized to identify changes to the mock chunks as well as the actual data. All single operations in
the E-HSAM algorithm are approximately O(1). The need to send all the sub-packets to the
Https://ThesisScientist.com
destination node costs approximately O(n) where n is the number of packets to be sent.
Therefore, the complexity of this algorithm is approximately O(n) + O(1) or O(n).
Https://ThesisScientist.com
2. It will be difficult for S, which is more than 3-hops away from the destination, to know which
node in the route is malicious since S will only keep the information about the next hop node
(which is one main features of AODV) AODV-WADR-AES begins with small additions to the
normal operations of the AODV protocol as follows. A source node that is in need of a route to
send its packets to a
destination node will broadcast a RREQ and will record the time which the request was made.
When the source node receives a RREP, it will record the receipt time of the RREP packet. The
two recorded times are used to calculate the actual traversal time (ATT) which will be used
compared against the net traversal time (NetTT) to determine whether the algorithm will be
launched or not. Indeed, if ATT is greater than NetTT, AODV-WADRAES will be ignored and
the normal AODV operations will commence. If ATT is less than NetTT and the hop count is not
3, AODV will operate normally. If ATT is less than NetTT and the hop count is 3, AODV-
WADR-AES will be launched. The next step is to check if the ATT is greater than the maximum
traversal time (MTT). If ATT is less than MTT, the source node will consider that the route is
safe and the normal AODV operations will continue. If ATT is greater than MTT, there is a
greater chance that a wormhole may exist in the network (since the network will experience an
increase in latency between nodes).
Once a wormhole is suspected, a shared secret key is created between the source and destination
nodes. The DH method is used to determine this key. The DH algorithm is ideal for use in
AODV since it allows two nodes which are not aware of any predefined or known parameters of
each other to securely exchange secret keys in an insecure network environment [13].
The source node will _rst send a message to the destination node, stating that DH key exchange
is needed and records the send time. Once a reply is received from the destination node, the
source node will record the receipt time and compare it to the send time. If ATT of the message
is greater than NetTT, a wormhole attack is suspected and the source will delete the route from
its routing table. Additionally, the source will update its blacklist with the next hop node. If ATT
of the message is less than NetTT, the DH key exchange will commence.
Once the DH key is created, the source node will then send an encrypted message to the
destination node and record the time. The destination node will decrypt message, add its unique
ID number associated with itself to it, re-encrypt message and send it back to the source node.
The source node will then record the time of receipt and calculate the actual traversal time of
Https://ThesisScientist.com
receiving a message reply from the destination, i.e. ATT WADR. If ATT WADR is greater than
MTT, a wormhole attack is suspected and the source node will delete the route from its routing
table and will update its blacklist table with the next hop node of the route. If ATT WADR is less
than MTT, the source node will consider that the route is safe and AODV will be performed
normally.
Algorithm 4 describes the pseudo code of the AODV-WADR-AES algorithm.
Algorithm 4 AODV-WADR-AES
Require: AODV Protocol
1: RREQ sent out by source (S) to destination (D) and S records the current time (t)
2: S checks the hop count when RREP is received and records the time (t') of receipt
3: if S receives an RREP within NetTT then
4: if hop count is equal to 3 then
5: S calculates ATT (t' - t)
6: if ATT is higher than MTT then
7: S sends message to D to begin DH key exchange and records time
8: S receives reply from D and records the time
9: if ATT is less than NetTT then
10: DH key exchange commences and secret key created
11: S sends AES encrypted message (message) containing the secret key to
D and records the time
12: D decrypts message, adds its unique ID number to message, re-encrypts
it and sends it back to S
13: if S receives message then
14: S records receiving time and calculates ATT WADR
15: if ATT WADR within MTT then
16: Route is considered safe and the normal AODV operations commence
17: else
18: A wormhole is suspected, S deletes the route R from its routing table and updates its blacklist
with the next hop node of the suspect route
19: end if
20: else
Https://ThesisScientist.com
21: A wormhole is suspected, S deletes R from its routing table and updates its blacklist with the
next hop node of the suspect route
22: end if
23: else
24: A wormhole is suspected, S deletes R from its routing table and updates its blacklist
(blacklist wa) with the next hop node of the suspect route
25: end if
26: else
27: Route is considered safe and normal AODV operations commence
28: end if
29: end if
30: Normal AODV operations commence
31: else
32: Normal AODV operations commence
33: end if
30
All single operations are approximately O(1). The need to forwarding messages and packets to
the destination node costs approximately O(n) where n is the total number of control packets as
well as AODV-WADR-AES messages. Therefore, the complexity of this algorithm can be
measured to approximately O(n) + O(1) or O(n).
3.2.2.2 AODV-WADR-TDES Scheme
AES encryption is widely accepted as the next generation encryption technique [23]. However,
technologies such as smart cards, which can be considered as eMANET nodes, are incompatible
with AES implementations [21]. In light of this incompatibility, a different encryption technique
called the Triple Data Encryption Standard (TDES) is recommended by [24, 25]. As a
complement to the AODV-WADR-AES scheme, we introduce AODVWADR- TDES. The
methods found in AODV-WADR-TDES are similar to AODV-WADRAES. However, the
cryptographic algorithm of choice is TDES. By implementing longer variable key sizes to DES,
three different possible key combinations, the pseudo-randomness of the algorithm increases,
Thereby increasing its security potential. The AODV-WADR-TDES protocol follows similar
steps as the AODV-WADR-AES protocol. However, some differences occur in the manner the
Https://ThesisScientist.com
data packets are delivered, as well as the cryptographic scheme used. In the AODV-WADR-AES
scheme, data packets are sent throughout the network after the constructed route has been
deemed safe to be used. In the AODV-WADR-TDES, a hash algorithm is invoked that
determines a hash value to be included with the data packets and to be used with TDES (in lieu
of AES as cryptographic algorithm) to strengthen the integrity and confidentiality of the data
packets.
3.2.3 A Novel Timed and Secured Monitoring Implementation
Against Wormhole Attacks
With E-HSAM, we have successfully improved the HSAM scheme in order to address some
potential security holes. With AODV-WADR-AES, we have overcome the limitation of dealing
with routes where the source node is only 3-hops away from the destination node. However,
AODV-WADR-AES does not protect the data packets during data transmission. In light of these
shortcomings, we propose a new method called A Timed and Secure Monitoring Implementation
against Wormhole Attacks in MANETs (so-called TSMI) those benefits from the features of
both E-HSAM and AODV-WADR-AES to address some of their weaknesses. In TSMI, E-
HSAM will be monitoring all routes which are not 3-hops between the source and destination
nodes and AODV-WADR-AES will be handling all 3-hop routes. A hash value is also added to
each data packet in AODV-WADR-AES in order to increase the integrity of the data
transmission. Moreover, in TSMI, a blacklist is also introduced in order to quickly sort out
malicious nodes that are caught by either technique (E-HSAM or AODV-WADR-AES). The
TSMI algorithm is described as follows.
Algorithm 5 TSMI
Require: AODV Protocol
1: RREQ sent out by source (S) to destination (D) and S records the current time (t)
2: if S receives an RREP then
3: S checks the hop count and records the time (t') the RREP was received
4: if hop count is 3 then
5: S calculates ATT (t' - t)
6: if ATT is higher than MTT then
7: AODV-WADR-AES algorithm will commence
8: else
Https://ThesisScientist.com
9: Regular AODV operations will commence and the hash value will be included
in the data packet
10: end if
11: else
12: E-HSAM algorithm will commence
13: end if
14: else
15: E-HSAM algorithm will commence
16: end if
The complexity of E-HSAM is approximately O(n) and AODV-WADR-AES is approximately
O(n). In TSMI, a target route will either be 3-hops or a different hop count. Moreover, the
procedures of E-HSAM is independent of AODV-WADR-AES. Therefore, the complexity is
based on the number of hops of the route. However, since both schemes have the same
complexity, the complexity of TSMI is approximately O(n).
Conclusion
Https://ThesisScientist.com
In this thesis, we have: (1) enhanced HSAM with E-HSAM which improves the security of
HSAM as well as its performance; (2) implemented AODV-WADR-TDES as a complement to
AODV-WADR-AES in order to observe the performance differences within MANETs; (3)
designed a novel scheme TSMI which implements the features of E-HSAM and AODVWADR-
AES in order to create a highly secure method which prevents collaborative wormhole attacks in
MANETs. Addressing the potential security weaknesses of HSAM leads to the design of E-
HSAM. By replacing the actual data packets with mock packet chunks, E-HSAM can safely
analyze the routes without worrying about data chunks being copied. Moreover, we are able to
increase the efficiency of the HSAM and make the algorithm adaptable to collaborative
wormhole attacks. Further, we also compared E-HSAM-AES with E-HSAM and HSAM. By
analyzing the idea of AODV-WADR-AES, we are able to discover the strengths and weaknesses
of the encryption methodology used therein. Moreover, we compared the effectiveness of
AODV-WADR-AES against AODV-WADR-TDES which uses the TDES algorithm instead of
AES. Although AODV-WADR-AES yields impressive results, it is only effective if the route
chosen is 3-hops between the source and destination nodes. Moreover, the implementation of
AODV-WADR-AES may not be able to outperform AODV-WADR- TDES in a hardware
environment since TDES performs much better in hardware devices. Combining the features of
E-HSAM and AODV-WADR-AES, allowed us to design a new scheme called TSMI. TSMI is
able to address the potential weaknesses of E-HSAM and AODV-WADR-AES. The results for
TSMI demonstrate its effectiveness in preventing collaborative wormhole attacks. However,
there are limitations to our scheme where the effectiveness begins to decline after 60m/s. Our
method is useful and applicable to MANETs because it is improbable for mobile nodes to move
at 60m/s. Moreover, the trade-off between performance and security outweigh these limitations.
We have a few ideas which pertain to the future work of research in the area of MANETs and
collaborative wormhole attacks. Firstly, in our implementation of AODV-WADR-AES, we
chose to use Cipher Block Chaining (CBC) as our main mode of operation. There are other
modes which are also applicable for use. Such modes include the Cipher Feedback (CFB),
Counter (CTR) and Output Feedback (OFB) modes. However, we do emphasize that ECB
Https://ThesisScientist.com
should not be used because of its simplicity and the use of the same key to encrypt individual
blocks of plaintext.
Future Work
We consider future research works focused on using real time attacks which is needed to
ascertain greater degree of detection of specific vulnerabilities in both Mobile and ad hoc Sensor
networks. Based on the attack classifications in various levels described in this work, it becomes
imperative to identify a representative set of attacks that can consecutively be used in raw attack
generations to evaluate IDS is a more systematic manner. However based on our simulations and
for more accurate representation of data set, there is need to further incorporate error correction
algorithms used to investigate the degree of anomalies and implement this into Riverbed
Modeler. Also we intend to explore more possibilities for detection of sophisticated attacks by
incorporating a cryptographic security scheme using trust certificates and extend the results as
well to other wireless protocols. This would serve as a baseline action for further research
problems in Intrusion detection systems.
Https://ThesisScientist.com
REFERENCES
[1] Achint Gupta, Priyanka V J, Saurabh Upadhyay, Analysis of wormhole Attack in AODV
based MANET Using Opnet Simulator, International Journal of Computing, Communications
and Networking Vol. 1, October 2012.
[2] Jatin D. Parmar, Ashish D. Patel, Rutvij H. Jhaveri1, Bhavin I. Shah, MANET Routing
Protocols and Wormhole Attack against AODV, IJCSNS International Journal of Computer
Science and Network Security, Vol. 10, No.4, April 2010.
[3] Reshmi Maulik, Nabendu Chaki, A Study on Wormhole Attacks in MANET, International
Journal of Computer Information Systems and Industrial Management Applications ISSN 2150-
7988 Vol. 3, pp. 271-279, 2011.
[4] K. Sivakumar, Dr. G. Selvaraj, Analysis of Worm Hole Attack In MANET And Avoidance
Using Robust Secure Routing Method, International Journal of Advanced Research in
Computer Science and Software Engineering Vol. 3, No. 1, January 2013.
[5] Yashpalsinh Gohil, Sumegha Sakhreliya, Sumitra Menaria, A Review on Detection and
Prevention of Wormhole Attcaks in MANET, International Journal of Scientific and Research
Publications, Vol. 3, No. 2, February 2013.
[6] Abari Bhattacharya, Himadri Nath Saha, A Study of Secure Routing in MANET various
attacks and their countermeasures, IEMCON organized in collaboration with IEEE in January
2011.
[7] Susheel Kumar, Vishal Pahal, Sachin Garg, Wormhole Attack in Mobile Ad Hoc Networks:
A Review, IRACST, Vol. 2, April 2012.
[8] Xia Wang, Johnny Wong, An End-to-end Detection of Wormhole Attack in Wireless Ad
hoc Networks,
Https://ThesisScientist.com
31st Annual International Computer Software and Applications Conference IEEE, 2007.
[9] Pallavi Sharma, Prof. Aditya Trivedi, An Approach to Defend Against Wormhole Attack in
Ad Hoc Network Using Digital Signature, IEEE, 2011.
[10] Waseem Ahad, Manju Sharma, Efficient Multipath Algorithm in MANETs to Prevent
Wormhole Attack, CT International Journal of Information &Communication Technology Vol.
1, No. 1, 2013.
[11] P. Anitha, M. Sivaganesh, Detection And Prevention Of Wormhole Attacks In Manets
Using Path Tracing, International Journal of Communications Networking System, Vol. 01, No.
02, December 2012.
[12] Shalini Jain, Dr.Satbir Jain, Detection and prevention of wormhole attack in mobile adhoc
networks , International Journal of Computer Theory and Engineering, Vol. 2, No. 1 February,
2010.
[13] I. Woungang, S. Dhurandher, and V. Koo, \Comparison of two security protocols for
preventing packet dropping and message tampering attacks on aodv-based mobile ad hoc
networks," in submission to the IEEE 4th International Workshop on Mobility Management in
the Networks of the Future World (MobiWorld 2012), Anaheim, California, USA. December 3-
7, 2012.
[14] Y. Wang and M. Hu, \Timing evaluation of the known cryptographic algorithms," in
International Conference on Computational Intelligence and Security (CIS 2009), Beijing, China,
vol. 2, pp. 233 {237, December 11-14, 2009.
[15] I. Khalil, S. Bagchi, and N. Shroff, \Liteworp: a lightweight countermeasure for the
wormhole attack in multihop wireless networks," in International Conference on Dependable
Systems and Networks (DSN 2005), West Lafayette, Indiana, USA, pp. 612 { 621, June 28 - July
1, 2005.
[16] J. Eriksson, S. V. Krishnamurthy, and M. Faloutsos, \Truelink: A practical countermeasure
to the wormhole attack in wireless networks," in International Conference on Network Protocols
(ICNP 2008), Orlando, Florida, USA, pp. 75{84, October 19-22, 2006.
Https://ThesisScientist.com
[17] A. Singh and K. Vaisla, \A mechanism for detecting wormhole attacks on wireless ad hoc
network," International Journal of Computer Science and Network Security, vol. 2, pp. 27{31,
September 2010.
[18] S. Choi, D. young Kim, D.-H. Lee, and J.-I. Jung, \Wap: Wormhole attack prevention
algorithm in mobile ad hoc networks," in Proceedings of IEEE International Conference on
Sensor Networks, Ubiquitous and Trustworthy Computing (SUTC 2008), Taichung, Taiwan, pp.
343 {348, June 11-13, 2008.
[19] T. Hayajneh, P. Krishnamurthy, and D. Tipper, \Deworm: A simple protocol to detect
wormhole attacks in wireless ad hoc networks," in Proceedings of the 3rd International
Conference on Network and System Security (NSS 2009), Gold Coast, Queensland, Australia,
pp. 73{80, October 19-21, 2009.
[20] S. K. Dhurandher, I. Woungang, A. Gupta, and B. K. Bhargava, \E2siw: An energy efficient
scheme immune to wormhole attacks in wireless ad hoc networks," in International Conference
on Advanced Information Networking and Applications Workshops, Fukuoka, Japan, pp.
472{477, March 26-29, 2012. 62
[21] H. O. Alanazi, B. B. Zaidan, A. A. Zaidan, H. A. Jalab, M. Shabbir, and Y. Al-Nabhani,
\New comparative study between des, 3des and aes within nine factors," Computer Research
Repository, vol. abs/1003.4085, 2010.
[22] O. Gonzalez, M. Howarth, and G. Pavlou, \Detection of packet forwarding misbehavior in
mobile ad-hoc networks," in Proceedings of the 5th international conference on Wired/Wireless
Internet Communications (WWIC 2007), Coimbra, Portugal, pp. 302{ 314, May 23-25, 2007.
[23] B. Preneel, \Aes and nessie: Cryptographic algorithms for the 21st century," Eurocacs 2002
Keynote. Budapest, Hungary. March 24-28, 2002
[24] U. N. I. of Standards and T. S. P. (SP), \Recommendation for the triple data algorithm,"
Tech. Rep. FIPS SP 800-67, US Department of Commerce / National Bureau of Standards,
Spring_eld, Virginia. May 2004.
[25] S. Lucks and R. Weis, \How to make des-based smartcards for the 21-st century:
Cryptographic techniques for advanced security requirements," in Proceedings of the 4th
working conference on smart card research and advanced applications on Smart card research
and advanced applications, Bristol, United Kingdom, pp. 93{114, September 20-22, 2000.
Https://ThesisScientist.com
Https://ThesisScientist.com