WARP: A wormhole-avoidance routing protocol by anomaly detection in mobile ad hoc networks
Introduction
In all possible methods of attacks in Mobile Ad hoc Networks (MANETs), the wormhole attack is one of the most threatening and hazardous attacks. A wormhole attack is usually performed by two or more malicious nodes in conspiracy. Two malicious nodes at different locations send received routing messages to each other via a secrete channel. In this way, although the two malicious nodes are located far from each other, they appear to be within one-hop communication range. Therefore, the route passing through the malicious nodes is very likely to be shorter than any other regular one. Wormhole nodes can easily grab the route from the source node to the destination node, and then sniff, drop, or selective-drop data packets passed by. Wormhole nodes can successfully execute such attacks without compromising any computer, and are unavoidable, even though some MANETs provide authenticity and confidentiality protection.
In a wormhole attack, malicious node m1 first captures a routing message from a neighboring node, and then sends the message to another malicious node, m2, by means of a secret tunnel, m2 then broadcasts or propagates the message received. In this way, a tunnel-like channel is formed between the two malicious nodes. Even though the tunnel has a very long distance, other normal nodes may mistakenly think that there is only a distance of a one-hop count. The tunnel-like channel can be realized by two methods (Khalil et al., 2005): packets encapsulated channel and out-of-band channel, as shown in Fig. 1(a) and (b), respectively.
Packets encapsulated channel is also called in-band channel, where a malicious node puts a captured routing message in a data packet payload, and uses normal nodes to transmit the data packet to another malicious node. The malicious node receiving the data packet draws the routing message out of the packet payload and further broadcasts or propagates it. In this way, the hop count is reduced to increase the chance of grabbing a route, and as no field information is changed, neither Secure AODV (SAODV) (Zapata and Asokan, 2002), which can protect routing messages, nor Authenticated Routing for Ad hoc Networks (ARAN) (Sanzgiri et al., 2002), which can authenticate each neighbor, have any way of defending against attacks from a encapsulated channel. As shown in Fig. 1(a), a path is built in advance between the two malicious nodes, m1 and m2, and s is the source node and d is the destination node. When s broadcasts a Route Request (RREQ), it would be received by malicious node m1, and then m1 encapsulates the RREQ into the payload of a data packet, and transmits it using the pre-built path between m1 and m2. After receiving the data packet, m2 would extract the original RREQ and broadcast it till it reaches the destination node. As the path passing through the malicious nodes saves 4 hop counts on the surface and thus is shorter than the other two paths, node d would finally choose the path to respond a Route Reply (RREP). In this way, the malicious nodes would deprive the route of passing data packets. The method of an out-of-band channel differs from encapsulating packet mainly in the type of tunnel-like channel. A special channel may be a connection by a wired network between the two malicious nodes, or a private channel between the two ends using a high-powered transmission to send signals over a long distance, as shown in Fig. 1(b).
This paper proposes a secure routing protocol to defend against wormhole attacks based on the Ad hoc On-demand Distance Vector (AODV) routing protocol (Perkins et al., 2004), which is named WARP (Wormhole-Avoidance Routing Protocol). WARP considers link-disjoint multipaths during path discovery in order to choose a safer path to avoid wormhole nodes. Since wormhole nodes have great abilities to grab the routes from the source nodes to the destination nodes, after a certain time of executing wormhole attacks, the wormhole nodes would be rejected by their neighboring nodes, thereby preventing them from transmitting routing messages, and hence, they are quarantined by the whole MANET. Some normal nodes may be located at key positions of connectivity within the network, and thus, may be quarantined due to considerable acquisition of routing paths; however, they would not be in key positions for long as the MANET topology is constantly changing. In addition, in the design of WARP, when a node is quarantined by its neighbors, and then has no abnormal behaviors for a certain period, it would be recovered from the quarantine.
The remainder of this paper is organized as follows. Section 2 provides a brief review on previous works against wormhole attacks and the AODV routing protocol. Section 3 describes the details of the proposed routing algorithm – WARP, in detection and defense against wormhole nodes. Section 4 offers discussion on the properties of WARP. Section 5 is the outcome and analysis of ns2 simulation. Section 6 offers conclusions.
Section snippets
Related works
Since the proposed WARP is based on AODV, in addition to reviewing previous research on defending wormhole attacks, the AODV is also briefly described.
The proposed wormhole-avoidance routing protocol
This paper proposes a routing protocol named WARP (Wormhole-Avoidance Routing Protocol), which is based on AODV and can efficiently quarantine wormhole nodes. According to a multi-path routing algorithm, WARP takes link-disjoint multiple paths into consideration during path discovery; however, it eventually chooses only one path to transmit data packets. Some preliminaries of the proposed protocol are given in Section 3.1, and the details are formally described in Section 3.2.
Properties of WARP protocol
The ability of WARP to provide avoidance of wormhole attacks is first illustrated, and then other merits are addressed in this section. Fig. 14 shows the key concept of WARP. Initially, the neighboring nodes of the two wormhole nodes w1 and w2, say a and b, respectively, will regularly forward RREQs, RREPs, and RREP_DECs to the two nodes, increasing the anomaly values of w1 (or w2) in node a's (or node b's) routing table, as shown in Fig. 14(a). Once the anomaly value of w1 saved in node a
Experimental results and comparison with other studies
This section will first show experimental results on the performance of WARP, and then offer a comparison of WARP with other related protocols.
Conclusions
This paper proposes a routing protocol called WARP (Wormhole-Avoidance Routing Protocol), which is based on AODV, to defend against wormhole attacks in MANETs. During the stage of path discovery, WARP considers multiple link-disjoint paths in order to avoid possible wormhole nodes, but in the end, still uses only one path to transmit data packets. Based on the characteristic that wormhole nodes can grab most data transmission paths in a MANET, WARP enables the neighbors of a wormhole node to
Acknowledgments
This work was partially supported by the National Science Council with contracts NSC 97-2221-E-130-014 and 98-2221-E-130-007.
Ming-Yang Su received his B.S. degree from the Department of Computer Science and Information Engineering of Tunghai University, Taiwan in 1989, and received his M.S. and Ph.D. degrees from the same department of the National Central University and National Taiwan University in 1991 and 1997, respectively. He is an IEEE member, and currently an associate professor of the Department of Computer Science and Information Engineering at the Ming Chuan University, Taoyuan, Taiwan. His research
References (22)
- Marianne A. Azer, Sherif M. El-Kassas, Abdel Wahab F, Magdy S. El-Soundani. Intrusion detection for wormhole attacks in...
- Hon Sun Chiu, King-Shan Lui. DelPHI: wormhole detection mechanism for ad hoc wireless networks. In the proceedings of...
- et al.
Optimized link state routing protocol (OLSR)
(October 2003) - Gorlatova MA, Peter C. Mason, Maoyu Wang, Louise Lamont, Ramiro Liscano. Detecting wormhole attacks in mobile ad hoc...
- Hu YC, Perrig A, Davic B. Johnson. Ariadne: a secure on-demand routing protocol for ad hoc networks. In the proceedings...
- et al.
Wormhole attacks in wireless networks
IEEE Journal on Selected Areas in Communication
(2006) - Johnson DB, Maltz DA, Hu YC. The dynamic source routing protocol for mobile ad-hoc network (DSR), IETF internet draft...
- Issa Khalil, Saurabh Bagchi, Ness B. Shroff. LITEWORP: a Lightweight countermeasure for the wormhole attack in multihop...
- Issa Khalil, Saurabh Bagchi, and Ness B. Shroff. MOBIWORP: mitigation of the wormhole attack in mobile multihop...
- Lazos L, Poovendran R, Meadows C, Syverson P, Chang LW. Preventing wormhole attacks on wireless ad hoc networks: a...
Cited by (78)
Data collection for attack detection and security measurement in Mobile Ad Hoc Networks: A survey
2018, Journal of Network and Computer ApplicationsA detection and prevention system against collaborative attacks in Mobile Ad hoc Networks
2017, Future Generation Computer SystemsCitation Excerpt :proposed a decentralized approach that measured some parameters on the basis of which some penalty was added to the paths containing wormhole nodes to avoid communication through them. Su [14] proposed WARP (Wormhole Avoidance Routing Protocol) that selected single path from multiple paths on the basis of the first hop field. Azer [7] proposed another approach that worked on the principle that wormhole nodes get involved in routing in repeated ways for different sources and destinations.
DAIWN: Detection and Isolation of Wormhole Nodes in Wireless Ad Hoc Networks
2023, Research SquareAn Approach to Detect Wormhole Attack in Mobile Ad Hoc Networks Using Direct Trust Based Detection Approach
2023, International Journal of Intelligent Systems and Applications in EngineeringLiterature review on network security in Wireless Mobile Ad-hoc Network for IoT applications: network attacks and detection mechanisms
2022, International Journal of Intelligent Unmanned Systems
Ming-Yang Su received his B.S. degree from the Department of Computer Science and Information Engineering of Tunghai University, Taiwan in 1989, and received his M.S. and Ph.D. degrees from the same department of the National Central University and National Taiwan University in 1991 and 1997, respectively. He is an IEEE member, and currently an associate professor of the Department of Computer Science and Information Engineering at the Ming Chuan University, Taoyuan, Taiwan. His research interests include network security, intrusion detection/prevention, Malware detection, wireless Ad hoc network, and wireless sensor networks.