Topological comparison-based wormhole detection for MANET

Abstract

Wormhole attack is considered one of the most threatening security attacks for mobile ad hoc networks. In a wormhole attack, a tunnel is setup in advance between two colluders. The colluders record packets at one location and forward them through the tunnel to another location in the network. Depending on whether or not the colluders are participating in the network functions, the wormhole attack can be further divided into two categories: traditional wormhole attack and Byzantine wormhole attack. Existing researches focusing on detecting traditional wormhole attacks can be classified into three categories: one-hop delay-based approach, topological analysis-based or special hardware/middleware-based approaches. Unfortunately, they all have their own limitations. Most of the researches detecting Byzantine wormhole attack are not addressing the Byzantine wormhole attack directly. Instead, they focus on observing the consequence after a Byzantine wormhole attack, like packet dropping or modification. In this paper, we propose to detect both traditional and Byzantine wormhole attacks by detecting some topological anomalies introduced by wormhole tunnels. Simulation results show that our scheme can achieve both high wormhole attack detection rate and accuracy. Our scheme is also simple to implement.