An Approach to Defend Against Wormhole Attack in Ad Hoc Networks Using Digital Signature Jo

An Approach to defend against Wormhole attack in Ad Hoc Network using Digital Signature

Joby Thattil

Overview

AbstractIntroductionProblem definitionLiterature surveyComparisonProposed SystemApplicationsLimitationsFuture WorkConclusionReferences

Abstract

A mobile ad-hoc network (MANET) is a self-configuring infrastructureless network

of mobile devices connected by wireless links. A severe attack in ad hoc networks

that is particularly challenging to defend against is the wormhole attack. In this

attack, the attacker records the packets (bits) at one location and tunnels them in

another location in same network or in different networks. Verification of Digital

Signature by both the sending node and receiving node would help to prevent the

wormhole attack in ad hoc networks, which is going to present in this paper.

Introduction

Ad Hoc Network

Wormhole Attack

Types of Wormhole attack

Ad Hoc Network

• De-centralized type of wireless network

• Infrastructureless network

Wormhole Attack

• Two malicious nodes, tunnel.

• A node is misled to believe it is within transmission range.

Types of Wormhole attack

Packet Encapsulation

Out of Band

High Power Transmission

Example

S

DC

X

YB E

Good node Malicious node

U V WZ

Problem Definition

Ad hoc Networks are vulnerable to attacks because of their structure less property.

Due to this dynamic topology they are prone to wormhole attacks.

Detection and prevention against these attack is a primary need in mobile Ad Hoc networks.

Literature Survey

Packet Leashes “Wormhole Attack in Wireless Networks”

by Y. C Hu, A. Perrig and D. Johnson

LiteWorp “LiteWorp: Detection and isolation of the wormhole in static mulihop

wireless network”

by I. Khalil, S. Bagchi, N.B. shroft

Directional Antennas“Using Directional Antennas to Prevent Wormhole Attacks”

by L. Hu and D. Evans

ComparisonMethod Requirements Advantages LimitationsPacket leashes, geographical

GPS coordinates ofeverynode; Looselysynchronizedclocks

Robust,straightforwardsolution; nodes can detect tunneling across obstacles otherwise impenetrable by radio

Inherits general limitations of GPS technology

Packet leashes,temporal

Tightlysynchronizedclocks

Do not require broadcast authentication.

Required timesynchronization levelnot currentlyachievable in tosensor networks. Modifying of the expiration time of a packet can restrict its use.

LiteWorp None No Specialized hardware

Applicable only tostaticstationary networks;

Directionalantennas

Directionalantennas on allNodes orseveral nodes withboth GPS anddirectionalantennas

Increases the capacityand connectivity of ad hoc networks

Good solutions fornetworks relying ondirectional antennas,but not directlyapplicable to otherNetworks . Requires specialized hardware

Proposed System

Digital Signature

At Source

If (send any packet P)

Add node information of visiting node in route column of packet header

If (any malicious node in route)

Add malicious node information.

Broadcast packet P (data with embedded digital signature of source) by using AODV and DSR routing protocol

Call AODV (), DSR ().

If (Received acknowledgment)

If destination send positive acknowledgement, then create path between source to destination.

If (Any intermediate or destination node inform about malicious node)

Then add the malicious node information in malicious node column which is in the header and again rebroadcast

Route request (RREQ)

At Intermediate Node

If (Received a packet P)

If (‘I’ is not a destination)

Verify the digital signature of previous node

If (legal signature and has matching digests between the digital signature and the hashed data)

Then add its signature in signature column of packet header and broadcast it to next node using AODV and DSR routing protocol.

Call function AODV 0, DSR 0;

If (signature of previous node is identical or absence of signature of any previous node)

Drop request packet and inform to all nodes about the malicious node

At Destination

If (received a packet P)

Verify the digital signature of previous node.

If (signature is legal in signature column of packet header and digests match)

Then, reply to source through same path through which it received a route request.

Establish a path for data transfer.

Else,

Drop the packet and discard the route request.

Application

Military communication devices or police communication devices.

Bank communications across secure networks.

Limitations

Overheads in networking protocols.

Open security issues during transmission.

Time lag during digital signature processing.

Future work

Reducing routing overhead by Efficient Flooding (Selective Flooding)Only a subset of nodes (dominating nodes)

forwards a Route Query flood packet

Time-slotting the time lag between nodes. Adding a security tag based on the time slot to increase security during transmission.

Electronic digital signature are used at nodes to reduce time delay.

Conclusion

In order to protect Ad Hoc networks from wormhole attack we used the scheme called digital signature.

The new methods proposed will help in reducing overheads and time delay considerably when compared to the existing systems.

References

[1] Y. C Hu, A. Perrig and D. Johnson, "Wormhole Attack in Wireless Networks," IEEE JSAC, vol. 24, no. 2, Feb. 2006.

[2] I. Khalil, S. Bagchi, N.B. shroft, "LiteWorp: Detection and isolation of the wormhole in static mulihop wireless network. Journal," Acm: The international Journal of Computer and Telecommunications Networking Archive, Vol. 51, Issue 13,September 2007.

[3] L. Hu and D. Evans, "Using Directional Antennas to Prevent Wormhole Attacks," in Proc. Network and Distributed System Symposium (NDSS), San Diego, USA, Feb 2004.

[4] M. Jain, H. Kandwa1, "A Survey on Complex Wormhole Attack in Wireless Ad-Hoc Network," in Advances in Computing, Control & Telecommunication Technologies, pp. 555-558, 2009.