Abstract — As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a new, general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. I.

As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack against ad hoc routing protocols that is particularly challenging to defend against. We show how an attacker can use the wormhole attack to cripple a range of ad hoc network routing protocols. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them to another location, and retransmits them there into the network. Most existing ad hoc network routing protocols, without some mechanism to defend them against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication.

Abstract — As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. We also discuss topology-based wormhole detection, and show that it is impossible for these approaches to detect some wormhole topologies. Index Terms — Ad hoc networks, computer network security, computer networks, tunneling, wireless LAN, wormhole, packet

In ad hoc networks, malicious nodes can carry wormhole attacks to fabricate a false scenario on neighbor relations among mobile nodes. The attacks threaten the safety of ad hoc routing protocols and some security enhancements. We propose a classification of the attacks according to the format of the wormholes. It establishes a basis on which the detection capability of the approaches can be identified. The analysis shows that previous approaches focus on the prevention of wormholes between neighbors that trust each other. As a more generic approach, we present an end-to-end mechanism that can detect wormholes on a multi-hop route. Only trust between the source and the destination is assumed. The mechanism uses geographic information to detect anomalies in neighbor relations and node movements. To reduce the computation and storage overhead, we present a scheme, Cell-based Open Tunnel Avoidance(COTA), to manage the information. COTA achieves a constant space for every node on the path and the computation overhead increases linearly to the number of detection packets. We prove that the savings do not deteriorate the detection capability. The schemes to control communication overhead are studied. We show by simulations and experiments on real devices that the proposed mechanism can be combined with existent routing protocols to defend against wormhole attacks.

Abstract not found

Due to recent large-scale deployments of delay and losssensitive applications, there are increasingly stringent demands on the monitoring of service level agreement metrics. Although many end-to-end monitoring methods have been proposed, they are mainly based on active probing and thus inject measurement traffic into the network. In this paper, we propose a new scheme for monitoring service level agreement metrics, in particular, delay distribution. Our scheme is passive and therefore will not cause perturbation to real traffic. Using realistic delay and traffic demands, we show that our scheme achieves high accuracy and can detect burst events that will be missed by probing based methods. 1.

{chonho and jxs} @ cs.umb.edu This paper proposes and evaluates a decentralized self-healing mechanism that detects and recovers from wormhole attacks in wireless multi-hop sensor networks. Upon detecting a wormhole attack, the proposed mechanism, called SWAT, identifies the locations of malicious nodes (or wormhole nodes), isolates them from the network and recovers the routing structure distorted by them. SWAT is the first mechanism that performs both wormhole node isolation and routing structure recovery against wormhole attacks. Unlike many other wormhole detection mechanisms, SWAT does not require any extra networking facilities (e.g., timing analysis and localization facilities) as well as special hardware (e.g., GPS). Instead, it uses network connectivity information only in a decentralized manner. Simulation results show that SWAT yields 100 % wormhole attack detection, 0% false detection, 100 % wormhole node isolation and 0 % false isolation in dense networks. The results also show that SWAT outperforms multi-path routing mechanisms in terms of control overhead and power consumption and outperforms