An Approach to defend against Wormhole attack in Ad Hoc Network using Digital Signature Joby Thattil
Jul 31, 2015
An Approach to defend against Wormhole attack in Ad Hoc Network using Digital Signature
Joby Thattil
Overview
AbstractIntroductionProblem definitionLiterature surveyComparisonProposed SystemApplicationsLimitationsFuture WorkConclusionReferences
Abstract
A mobile ad-hoc network (MANET) is a self-configuring infrastructureless network
of mobile devices connected by wireless links. A severe attack in ad hoc networks
that is particularly challenging to defend against is the wormhole attack. In this
attack, the attacker records the packets (bits) at one location and tunnels them in
another location in same network or in different networks. Verification of Digital
Signature by both the sending node and receiving node would help to prevent the
wormhole attack in ad hoc networks, which is going to present in this paper.
Introduction
Ad Hoc Network
Wormhole Attack
Types of Wormhole attack
Ad Hoc Network
• De-centralized type of wireless network
• Infrastructureless network
Wormhole Attack
• Two malicious nodes, tunnel.
• A node is misled to believe it is within transmission range.
Types of Wormhole attack
Packet Encapsulation
Out of Band
High Power Transmission
Example
S
DC
X
YB E
Good node Malicious node
U V WZ
Problem Definition
Ad hoc Networks are vulnerable to attacks because of their structure less property.
Due to this dynamic topology they are prone to wormhole attacks.
Detection and prevention against these attack is a primary need in mobile Ad Hoc networks.
Literature Survey
Packet Leashes “Wormhole Attack in Wireless Networks”
by Y. C Hu, A. Perrig and D. Johnson
LiteWorp “LiteWorp: Detection and isolation of the wormhole in static mulihop
wireless network”
by I. Khalil, S. Bagchi, N.B. shroft
Directional Antennas“Using Directional Antennas to Prevent Wormhole Attacks”
by L. Hu and D. Evans
ComparisonMethod Requirements Advantages LimitationsPacket leashes, geographical
GPS coordinates ofeverynode; Looselysynchronizedclocks
Robust,straightforwardsolution; nodes can detect tunneling across obstacles otherwise impenetrable by radio
Inherits general limitations of GPS technology
Packet leashes,temporal
Tightlysynchronizedclocks
Do not require broadcast authentication.
Required timesynchronization levelnot currentlyachievable in tosensor networks. Modifying of the expiration time of a packet can restrict its use.
LiteWorp None No Specialized hardware
Applicable only tostaticstationary networks;
Directionalantennas
Directionalantennas on allNodes orseveral nodes withboth GPS anddirectionalantennas
Increases the capacityand connectivity of ad hoc networks
Good solutions fornetworks relying ondirectional antennas,but not directlyapplicable to otherNetworks . Requires specialized hardware
Proposed System
Digital Signature
At Source
If (send any packet P)
Add node information of visiting node in route column of packet header
If (any malicious node in route)
Add malicious node information.
Broadcast packet P (data with embedded digital signature of source) by using AODV and DSR routing protocol
Call AODV (), DSR ().
If (Received acknowledgment)
If destination send positive acknowledgement, then create path between source to destination.
If (Any intermediate or destination node inform about malicious node)
Then add the malicious node information in malicious node column which is in the header and again rebroadcast
Route request (RREQ)
At Intermediate Node
If (Received a packet P)
If (‘I’ is not a destination)
Verify the digital signature of previous node
If (legal signature and has matching digests between the digital signature and the hashed data)
Then add its signature in signature column of packet header and broadcast it to next node using AODV and DSR routing protocol.
Call function AODV 0, DSR 0;
If (signature of previous node is identical or absence of signature of any previous node)
Drop request packet and inform to all nodes about the malicious node
At Destination
If (received a packet P)
Verify the digital signature of previous node.
If (signature is legal in signature column of packet header and digests match)
Then, reply to source through same path through which it received a route request.
Establish a path for data transfer.
Else,
Drop the packet and discard the route request.
Application
Military communication devices or police communication devices.
Bank communications across secure networks.
Limitations
Overheads in networking protocols.
Open security issues during transmission.
Time lag during digital signature processing.
Future work
Reducing routing overhead by Efficient Flooding (Selective Flooding)Only a subset of nodes (dominating nodes)
forwards a Route Query flood packet
Time-slotting the time lag between nodes. Adding a security tag based on the time slot to increase security during transmission.
Electronic digital signature are used at nodes to reduce time delay.
Conclusion
In order to protect Ad Hoc networks from wormhole attack we used the scheme called digital signature.
The new methods proposed will help in reducing overheads and time delay considerably when compared to the existing systems.
References
[1] Y. C Hu, A. Perrig and D. Johnson, "Wormhole Attack in Wireless Networks," IEEE JSAC, vol. 24, no. 2, Feb. 2006.
[2] I. Khalil, S. Bagchi, N.B. shroft, "LiteWorp: Detection and isolation of the wormhole in static mulihop wireless network. Journal," Acm: The international Journal of Computer and Telecommunications Networking Archive, Vol. 51, Issue 13,September 2007.
[3] L. Hu and D. Evans, "Using Directional Antennas to Prevent Wormhole Attacks," in Proc. Network and Distributed System Symposium (NDSS), San Diego, USA, Feb 2004.
[4] M. Jain, H. Kandwa1, "A Survey on Complex Wormhole Attack in Wireless Ad-Hoc Network," in Advances in Computing, Control & Telecommunication Technologies, pp. 555-558, 2009.