Detecting wormhole and Byzantine attacks in mobile ad hoc networks

Abstract

The recent advancements in the wireless technology and their wide-spread utilization have made tremendous enhancements in productivity in the corporate and industrial sectors. However, these recent progresses have also introduced new security vulnerabilities. Since the wireless shared medium is completely exposed to outsiders, it is susceptible to attacks that could target any of the OSI layers in the network stack. For example, jamming of the physical layer, disruption of the medium access control (MAC) layer coordination packets, attacks against the routing infrastructure, targeted attacks on the transport protocol, or even attacks intended to disrupt specific applications. Unfortunately, the effects of applying the security techniques used in wired networks, such as access control and authentication, to wireless and mobile networks have been unsatisfactory due the unique features of such networks. As a result, achieving security goals for mobile ad hoc networks (MANET) has gained significant attention in recent years. Many critical applications of MANET, such as emergency rescue operations, military tactical communication, and business operations like mining and oil drilling platforms, require a friendly and cooperative environment.The aim of this study is to design detection mechanisms for traditional wormhole and Byzantine wormhole attacks by using the topological comparison and round trip time (RTT) measurements. The first step for detecting traditional wormhole attack is that an initiator of the detection process populates its one-hop neighbor list, and also calculates the average round trip time (RTTavg). Meanwhile, a list of suspected neighbors is generated on the basis of RTTavg and RTT. Then, topological information is exchanged between the initiator and all the suspected neighbors to detect the presence of a wormhole link.In this thesis, we also focus on detecting Byzantine wormhole attack in MANET. In the case of detecting such attacks, the initiator creates its one hop neighbor list and calculates the average RTTavg. The initiator also generates a suspected list of its three hop neighbors. In the next phase, the initiator exchanges topological information with all the one hop neighbors to detect the presence of any Byzantine wormhole tunnel. One of the major concerns for the topological comparison based approach is to give the initially suspected nodes a second chance to prove their reliability by exchanging topological information.We have implemented the detection algorithms in ad hoc on demand distance vector (AODV) and optimized link state routing (OLSR) routing protocols. Then, performance evaluation of the proposed detection mechanisms is conducted. We also compared our proposed detection methods with some of the existing detection methods by simulation. The results show that our schemes can achieve better detection performance.