Page |1

Content: Introduction.  MANET- (Mobile ad-hoc area network).  Classification of Ad-Hoc Networks.  Design Issues and Constraints.  MANET Routing Protocol.  Dynamic Source Routing (DSR).  Proposed Scheme an Extension of DSR. o Route discovery. o Route maintenance. o Trust value.  AODV (Ad-hoc on-demand distance vector routing protocol). o AODV Massage Processes. o Control Messages in AODV.  Important differences DSR & AODV.  AODV Characteristics.  AODV Route Table.  Attack in AODV & DSR.  Active attacks.  Passive attacks.     Wormhole attack. Wormhole Attack Classification. Solutions of wormhole attack. AODV Performance.

 Sinkhole attack.  Black hole attacks.  Conclusion.  Reference.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

Page |2

Abstract:
An ad hoc network is a collection of mobile nodes that dynamically form a temporary network. It operates without the use of existing infrastructure. As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this section, we introduce the wormhole attack, a severe security attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location based wireless security systems. This section theoretically described performance of AODV and DSR routing protocols with and without wormhole attack. This would be a great help for the people conducting research on real world problems in MANET security.

Keywords: Ad hoc networks, AODV& DSR, security, Wormhole attack.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

Page |3

Introduction:
Mobile ad hoc network (MANET) is a group of mobile hosts without the required involvement of any offered infrastructure or centralized access point such as a base station. The MANET is built, operated, and maintained by its essential wireless nodes. These nodes generally have a limited transmission range. The applications of MANET range from an instant meeting to emergency operations due to their easy deployment. However, due to their inborn characteristics of dynamic topology and lack of centralized management security, MANET is vulnerable to various kinds of attacks. There are five major security goals that need to be addressed in order to maintain a reliable and secure ad-hoc network environment. They are mainly: Confidentiality: Protection of any information from being exposed to unintended entities. In ad hoc networks this is more difficult to achieve because intermediates nodes receive the packets for other recipients, so they can easily eavesdrop the information being routed. Availability: Services should be available whenever required. There should be an assurance of survivability despite a Denial of Service (DOS) attack. On physical and media access control layer attacker can use jamming techniques to interfere with communication on physical channel. On network layer the attacker can disrupt the routing protocol. On higher layers, the attacker could bring down high level services. Authentication: Assurance that an entity of concern or the origin of a communication is what it claims to be or from. Without which an attacker would impersonate a node, thus gaining unauthorized access to resource and sensitive information and interfering with operation of other nodes. Integrity: Message being transmitted is never altered. Non-repudiation: Ensures that sending and receiving parties can never deny ever sending or receiving the message. Most previous ad hoc networking research has focused on problems such as routing and communication, assuming a trusted environment. However, many applications run in untreated environments and require secure communication and routing. Applications that may require secure communications include emergency response operations, military or police networks, and safety-critical business operations such as oil drilling platforms or mining operations.Routing is the act of moving information from a source to a destination in an Ad hoc network. During this process, at least one intermediate node within the Ad-hoc network is encountered. The routing concept basically involves, two activities: firstly, determining optimal routing paths and secondly, transferring the information groups through an Ad hoc network. Routing protocols use several metrics to calculate the best path for routing the packets to its destination. These metrics are a standard measurement that could be number of hops, which is used by the routing algorithm to determine the optimal path for the packet to its destination. The routing protocol sets an upper limit to security in any packet network. If routing can be misdirected, the entire network can be paralyzed. The problem is enlarged by the fact that routing usually needs to rely on the trustworthiness of all the nodes that are participating in the routing process. It is hard to distinguish compromised nodes from nodes that are suffering from bad links. In wormhole attack an attacker records a packet or individual bits from a packet, at one location in the network, tunnels the packet (possibly selectively) to another location, and replays it there.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

Page |4

MANET- (Mobile ad-hoc area network):these networks dont have any base station or mobile switching centre. In this case, if the mobile nodes are within the range of each other, the routing is not necessary, because each node works as a router. y A system of mobile nodes connected with each other via wireless medium without infrastructure support. y The mobile nodes can move while communicating y No fixed base stations. y Nodes in a MANET operate both as hosts as well as routers to forward packets.

Classification of Ad-Hoc Networksy On the basis of the number of hopes: o Single hop ad-hoc networks o Multihop ad-hoc ne

Fig. 2.1 Single hop ad-hoc network

Fig. 2.2 Multihop ad-hoc network

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

Page |5

Design Issues and Constraints:y Infrastructure less y Dynamically changing network topologies y Variation in link and node capabilities y Energy constrained operation y Network security y Network scalability y Quality of services

MANET ROUTING PROTOCOLS:y To discover correct and efficient route establishment between a pair of nodes y MANET routing protocols are classified as:-

o Proactive routing protocols (Table driven) o Reactive routing protocols (On demand protocols) o Hybrid protocols

Dynamic Source Routing (DSR):y Based on the concept of source routing y Every generated data packet carries the rout information in its packet header. y When node S wants to send a packet to node D, but does not know a route to D, node S initiates a route discovery. y Source node S floods Route Request (RREQ) y Each node appends own identifier when forwarding RREQ y Destination node D reply via reverse path through which RREQ packet was transmitted.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

Page |6

Fig.3. Route discovery in DSR

Proposed Scheme: An Extension of DSR:We have divided our proposed extension of DSR works in three separate steps- route discovery, route maintenance, and trust value calculation. This section elaborates each of the steps separately in details

Route Discovery:When a source node S have a packet to send to the destination D, the source node first searches its route cache for a suitable route to the destination D. If no route from S to D exists in Ss route cache, S initiates route discovery, and broadcasts a Route Request message. The source node is referred to as the initiator or source and the destination node as the target. The description of each field of the Route Request message is explained in the Information Included in the Route Request Message.

Fields
Source Id Destination Id. Unique Request Id MAC Address List

Explanation
The address of the source. The address of the destination. A unique Id that can identify the message. A list of all addresses of intermediate nodes That the message passes before its destination.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

Page |7

ACK bit Trust estimate value. Time Security bit

Identify that message has received Identify node either malicious or friend. Estimate message receive and Reply initially set to 0 for route request and 1 for Packet forwarded.

The source node initially set the MAC address list of the Route Request packet to an empty list, set source Id, destination Id, unique request Id in the message accordingly. It also set security bit to 0 and then broadcasts the message. The packet is then received by nodes within the wireless transmission range of source. The source also keeps a copy of the packet in a buffer, referred to as the send buffer. In addition, source node time stamps the message to determine if it should be send again or drop from the buffer depending on the response from neighbouring nodes. When a node receives a Route Request message, it examines the destination Id to determine whether it is the intended destination of the message. If the node is not the intended destination, it searches its own route cache for a route to the target. If a route is found it is returned. If not, the nodes MAC address of this intermediate node is appended to the MAC address list, and the Route Request is broadcasted again by the intermediate node. If a node subsequently receives two Route Requests with the same request id and the secured bit 0, it is possible to specify that only the first should be handled and the subsequent are discarded

Fig.1. Route Discovery in Our Proposed Scheme However, if the node is the intended destination, it returns a Route Reply message to the source. This Route Reply message includes the accumulated route from the Route Request message. This entire process of route discovery is shown in Fig.1.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

Page |8

Route Maintenance:It is necessary to maintain the routes that are stored in the route cache since nodes move in and out of transmission range of other nodes and thereby creates some inconsistency in route cache. When a node receives a packet, it is responsible for confirming its previous node that the packet has reached. If a node transmits a packet and does not receive an acknowledgment it tries to retransmit a fixed number of times. If no acknowledgment is received after the Retransmissions, it returns a Route Error message to the source of the packet. In this message the link that was broken is included. The source removes the route from its route cache and tries to transmit using different route from its route cache. If no route is available in the route cache, a new Route Request is transmitted in order to establish a new route. At this stage the sender is ready to send the original data through the discovered route. Before sending the data, the sender again sends the previous Route Request with same Request Id but security bit set to 1 this time. It assigns security bit 1 for packet forwarding purpose. As it is DSR protocol, nodes do not forward the packet with same Request Id. Thats why when nodes find that security bit 1 it forwards the packet. The reason of sending duplicate Route Request Message is to verify the security of previously discovered route. As it is mobile ad-hoc network, different types of attack can be held Through the route maintenance our proposed scheme can detect and isolate following attacks from our network.

When a node receives the duplicate Route Request packet, they will check Request Id and the security bit. If the nodes find that they have already sent an ACK of this Route Request message and the security bit is 1, then it forward this packet to its neighbour node and did not send an ACK to its previous node.

Fig.2. Identification of Spoofing Attack

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

Page |9

If a spoofing attack as shown in Fig.2 occurs in any intermediate node of the routes. Then it will hide its real IP or MAC address and take the IP or MAC address of the attacked node. When this spoofing node receive the duplicate Route Request packet, it will send an ACK back to its previous node because it does not know that, before attacking original node has an ACK of this request already sent. When previous node previous nodes receive two ACK for the same Request Id from same MAC address, it identifies this node and assumes that it is spoofing attack. It then generates an error message and broadcast this error message to all of its neighbours and also sends the error message to the source node. In this way our proposed method detects and minimizes the spoofing attack. But if twice ACK are received from different MAC address for same Request Id, then it is difficult to identify whether this node is malicious or friend node. Moreover, due to mobility of nodes as shown in Fig. Any node in the discovered route can suddenly change its place and any new node capture this place with new MAC address. To minimize this type of problem we estimate trust value of the node to identify whether it is malicious or friend node as described in section 3.3.

Trust Value Estimation: Definition of Trust Definition of trust comes from Diego Gambetta who has gathered thoughts from diverse areas such as economics and biology. In his work (Diego Gambetta, 1998), he gives the following definition of trust: Trust (or, symmetrical distrust) is a particular level of subjective probability with which an agent assesses that another agent or group of agents will perform a particular action, both before he can monitor it and in a context in which it affects his own action

Fig. 3: Node Mobility in DSR

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 10

AODV-(Ad-hoc on-demand distance vector routing protocol):In November 2001 the MANET (Mobile Ad-hoc Networks) Working Group for routing of the IEFT community has published the first version of the AODV Routing Protocol (Ad hoc On Demand Distance Vector). AODV belongs to the class of Distance Vector Routing Protocols (DV). In a DV every node knows its neighbours and the costs to reach them. A node maintains its own routing table, storing all nodes in the network, the distance and the next hop to them. If a node is not reachable the distance to it is set to infinity. Every node sends its neighbours periodically its whole routing table. So they can check if there is a useful route to another node using this neighbour as next hop. When a link breaks a Count-To-Infinity could happen. AODV is an on demand routing protocol with small delay. That means that routes are only established when needed to reduce traffic overhead. AODV supports Unicast, Broadcast and Multicast without any further protocols. The Count-To-Infinity and loop problem is solved with sequence numbers and the registration of the costs. In AODV every hop has the constant cost of one. The routes age very quickly in order to accommodate the movement of the mobile nodes. Link breakages can locally be repaired very efficiently. To characterize the AODV with the five criteria used by Keshav AODV is distributed, hop-by-hop, deterministic, single path and state dependent. AODV uses IP in a special way. It treats an IP address just as an unique identifier. This can easily be done with setting the Subnet mask to 255.255.255.255 . But also aggregated networks are supported. They are implemented as subnets. Only one router in each of them is responsible to operate the AODV for the whole subnet and serves as a default gateway. It has to maintain a sequence number for the whole subnet and to forward every package. In AODV the routing table is expanded by a sequence number to every destination and by time to live for every entry. It is also expanded by routing flags, the interface, a list of precursors and for outdated routes the last hop count is stored.

AODV is a stateless protocol & AODV is a state-of-the-art routing protocol that adopts a purely reactive strategy: it sets up a route on-demand at the start of a communication session, and uses it till it breaks, after which a new route setup is initiated The AODV protocol is an on-demand routing protocol, which initiates a route discovery process only when desired by an originating node. The reactive routing protocols (e.g. AODV) create routes and maintain them only if these are needed. (Called On demand routing protocols) they usually use distance-vector routing algorithms. In AODV protocol, sequence number is used to determine the freshness of routing information On-demand routing protocols have two processes including Route Discovery and Route Maintenance.
OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 11

AODV MASSAGE PROCESS: 1. When a source node wants to connect to a destination node, first it checks in the existing route table, as to whether a fresh route to that destination is available or not. 2. If a fresh enough route is available, it uses the same. Otherwise the node initiates a Route Discovery by broadcasting a RREQ control message to all of its neighbours. 3. This RREQ message will further be forwarded (again broadcasted) by the intermediate nodes to their neighbours. This process will continue until the destination node or an intermediate node having a fresh route to the destination, receives this message 4. At this stage eventually, a RREP control message is generated. Thus, a source node after sending a RREQ waits for RREPs to be received.

A
2. a &b establish Reverse a & b rebroadcast RREQ S broadcasts an RREQ

1. S wants to send a packet to D Route

S
D S D

3. c & D establish Reverse Route c rebroadcasts RREQ D unicasts RREP

4. D establishes Reverse Route D establishes Reverse Route D establishes Reverse Route a reunicasts RREP

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 12

B B C S S D A A
5. S establishes Route

6. Unused reverse routes expire

C B

S
A

7. Link between a and D broken

a unicasts RERR

Control Messages in AODV:Route Request Message (RREQ), Route Reply Message (RREP), Route Error Message (RERR) and HELLO Messages are the control messages used for the discovery and breakage of route.

Important differences DSR & AODV:First, by feature of source routing, DSR has access to a significantly greater amount of routing information than AODV. Second, to make use of route caching aggressively, DSR replies to all requests reaching a destination from a single request cycle Third The current specification of DSR does not contain any explicit mechanism to expire musty routes in the cache, or prefer fresher routes when faced with multiple choices Fourth, the route deletion activity using RERR is also conservative in AODV.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 13

y Dynamic source routing (DSR) Source broadcasts RREQ through the network Intermediate nodes add its addr to RREQ and continue broadcasting until RREP received Full path chosen by source and put into each packet sent y Ad hoc on-demand distance vector (AOVD) Hop-by-hop routing Source sends RREQ to neighbors Each neighbor does so until reach the destination Destination node sends RREP follow the reverse path Source doesnt put whole path but only next hop addr in outgoing packets

AODV Characteristics:On demand (with small delay) Unicast / Multicast / Broadcast provided Loop free Quick aging Link breakages efficiently repaired Distributed Routing Hop-by-hop Deterministic Single path State-dependent

AODV Route Table:Destination IP Destination Sequence Number Hop Count to Destination (cost per hope = 1) Next Hop Lifetime Last Hop Count Routing Flags Interface (i.e. eth0, eth1) List of Precursors

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 14

Attack in AODV:Passive Attacks:A passive attack does not disrupt the normal operation of the network; the attacker snoops the data exchanged in the network without altering it. Here the requirement of confidentiality gets violated. Detection of passive attack is very difficult since the operation of the network itself doesnt get affected. One of the solutions to the problem is to use powerful encryption mechanism to encrypt the data being transmitted, thereby making it impossible for the attacker to get useful information from the data overhead.

Active Attacks:An active attack attempts to alter or destroy the data being exchanged in the network there by disrupting the normal functioning of the network. Active attacks can be internal or external. External attacks are carried out by nodes that do not belong to the network. Internal attacks are from compromised nodes that are part of the network. Since the attacker is already part of the network, internal attacks are more severe and hard to detect than external attacks. Active attacks, whether carried out by an external advisory or an internal compromised node involves actions such as impersonation, modification, fabrication and replication. y Several classes of insider attacks, including route disruption, route invasion, node isolation, and resource consumption. The active attacks disturb the operation. The attacks take place when routing the control information and data. In ad hoc wireless networks each node acts as host as well as router We further classify misuses of a routing protocol into two categories: atomic misuses and compound misuses. We then study compound misuses, especially those that can lead to more persistent and powerful impacts by repeating a single type of atomic misuses. The first dimension of our analysis scheme is a set of all possible atomic misuse actions.

We divide the atomic misuse actions into the following four categories:
y y y Drop (DR). The attacker simply drops the received routing message. Modify and Forward (MF). After receiving a routing message, the attacker Modifies one or several fields in the message and then forwards the message to its neighbour(s) (via unicast or broadcast).

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 15

Forge Reply (FR). The attacker sends a faked message in response to the received routing message. Forge Reply is mainly related to the misuse of RREP and RREPACK messages, which are in response to RREQ and RREP messages, respectively. Active Forge (AF). The attacker sends a faked routing message without being triggered by receipt of any routing message. The second dimension of our analysis scheme is a set of misuse goals that inside attackers may want to achieve. Typical misuse goals related to the routing layer below. Though we focus on these misuse goals in this other misuse goals can be identified and analyzed in a following way. Route Disruption (RD). Route disruption is to either break down an existing route or prevent a new route from being established. Route Invasion (RI). Route invasion attempts to add an attacking node into a route between two communicating nodes. Once an attacker reaches this goal, he/she may launch other attacks (outside of the routing layer) such as selectively dropping and/or sniffing the data packets. Node Isolation (NI). Node isolation is to prevent a given node from communicating with any other node in the network. It differs from route disruption in that route disruption is targeted at a route with two given endpoints, while node isolation is aimed at breaking all possible routes to or from a given node. Resource Consumption (RC). Resource consumption is to consume the communication bandwidth in the network, computation resources, or storage pace at individual nodes. Severe resource consumptions usually lead to denial of service attacks. Any action that causes a potential victim node to react consumes the nodes resources. However, we are only concerned about the actions that force other valid nodes to consume much more resources than the attacking node. Atomic misuses form the foundation of compound misuses, in the following, we first perform an analysis of atomic misuses of the AODV protocol, and then study how atomic misuses and normal routing messages may be combined to launch compound misuses.

y y

Atomic Misuses of AODV:1. Atomic Misuses of RREQ Messages. (a) Atomic Misuse RREQ DR (b) Atomic Misuse RREQ MF RD (c)Atomic Misuse RREQ MF RI (d) Atomic Misuse RREQ MF NI (e) Atomic Misuse RREQ MF RC
OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 16

2. Atomic Misuses RREQ AF. a) Atomic Misuse RREQ AF RD b) Atomic Misuse RREQ AF RI c) Atomic Misuse RREQ AF NI 3. Atomic Misuses of RREP Messages. a) b) c) d) e) f) g) h) i) j) k) Atomic Misuse RREP DR Atomic Misuse RREP MF Atomic Misuse RREP MF RD Atomic Misuse RREP MF RI Atomic Misuse RREP FR Atomic Misuse RREP FR RD Atomic Misuse RREP FR RI Atomic Misuses RREP AF Atomic Misuse RREP AF RD Atomic Misuse RREP AF RD Atomic Misuse RREP AF RC

4. Atomic Misuses of RERR Messages. a) b) c) d) e) 6. Atomic Misuse RERR DR Atomic Misuse RERR MF Atomic Misuse RERR MF RD Atomic Misuse RERR AF Atomic Misuse RERR AF RD Atomic Misuses of RREP-ACK Messages.

1. Wormhole Attack:
Wormhole attack which takes place when two geographically separated adversaries create a tunnel called wormhole tunnel, as we show in figure. The tunnel can be established in many different ways, such as through an out-of-band hidden channel (e.g., a wired link), packet encapsulation, or high powered transmission.

Creation of the wormhole and poses three ways:1) Tunnelling the packets above the network layer. 2) Long Range tunnel using high power transmitters. 3) Tunnel creation via wired infrastructure.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 17

RREQ

RREQ

C
RREQ

RREQ

B
RREQ

A
WORMHOLE TUNNLE

RREQ Through wormhole RRRP Through wormhole tunnel

Y N J L D

Figure an example of wormhole attack in a MANET.

ADVERSARY NODE WIRELESS LINK RREP THROUGH WORMHOLE TUNNEL LEGITIMATE NODE RREQ

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 18

1. Attacker can tunnel a request packet RREQ directly to the destination node without
increasing the hop-count value.

2. Malicious node are connected via a high speed bus, RREQ from S-X-Y-D reaches fist
to D.

3. Therefore, destination D ignores the RREQ that reaches later and chooses D-X-Y-S to
unicast an RREP packet to the source node S.

4. As a result, S chooses S-D route to send data that indeed passes through X and Y
malicious nodes that are very well placed compared to other nodes in the network. Thus, a wormhole attack is not that difficult to set up. For launching a wormhole attack, an adversary connects two distant points in the network using a direct low-latency communication link called as the wormhole link. The wormhole link can be established by a variety of means, e.g., by using an Ethernet cable, a long-range wireless transmission, or an optical link. Once the wormhole link is established, the adversary captures wireless transmissions on one end, sends them through the wormhole link and replays them at the other end.

An example is shown in the above figure. Here X and Y are the two end-points of the wormhole link (called as wormholes). X replays in its neighbourhood (in area A) everything that Y hears in its own neighbourhood (area B) and vice versa. The net effect of such an attack is that all the nodes in area A assume that nodes in area B are their neighbours and vice versa. This, as a result, affects routing and other connectivity based protocols in the network. Once the new routes are established and the traffic in the network starts using the X-Y shortcut, the wormhole nodes can start dropping packets and cause network disruption. They
OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 19

can also spy on the packets going through and use the large amount of collected information to break any network security. The wormhole attack will also affect connectivity-based localization algorithms and protocols based on localization, like geographic routing, will find many inconsistencies resulting in further network disruption.

Wormhole Attack Classification:y Open Wormhole attack:In this type of wormhole, the attackers include themselves in the RREQ packet header following the route discovery procedure. Other nodes are aware that the malicious nodes lie on the path but they would think that the malicious nodes are direct neighbours.

y Closed Wormhole Attack: The attackers do not modify the content of the packet, even the packet in a route discovery packet. Instead, they simply tunnel the packet form one side of wormhole to another side and it rebroadcasts the packet.

y Half open wormhole attack: One side of wormhole does not modify the packet and only another side modifies the packet.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 20

Fig. Flow chart wormhole attack

Note: Tunnelled distances longer than the normal wireless.

Current Solutions:The current solutions for wormhole are limited particularly in connection with large sensor networks, where sensor nodes carry low-cost, relatively unsophisticated hardware and scalability is an important design goal. This rules out use of additional hardware artifact that several reported techniques use -- such as directional antennas GPS ultrasound guard nodes with correct location . This also rules out fine grain timing analysis used in several techniques. Also, physical-layer attacks may be immune to timing analysis. Finally, the scalability requirements rule out global clock synchronization or any form of global computations.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 21

1.

All nodes in the MANET can obtain authenticated symmetric key of every other node. The receiver can authenticate information like time and location from the received packet. Time of Flight is a technique used for prevention of wormhole attacks.

2.

3. Directional Antennas are a good solution for wormhole detection for networks relying on directional antennas. 4. If the directions of both pair match, then and then the relation is set. 5. Other types of techniques like Lifework, Localization and Network Visualization are also very useful in detecting wormhole attacks in wireless networks. NOTE: The routing information is confidential, encrypted or authenticated; it

can be very effective and damaging.

2. Sinkhole attacks:-Sinkhole attack; Hello flood attack 3. Black hole attacks:A Black hole attack is one of the active denial of services ( DoS) attacks possible in MANETs. In this attack, a malicious node sends a false RREP packet to a source node that initiated the route discovery, in order to pose itself as a destination node or an immediate neighbour to the actual destination node. In such a case, the source node would forward all of its data packets to the malicious node, which originally were intended for the genuine destination. The malicious node, eventually may never forward any of the data packets to the genuine destination. As a result, therefore, the source and the destination nodes became unable to communicate with each other In this case, the attacker introduces itself as a real destination and uses all of the generated traffic for it. In addition, attacker produces some packets and sends them to the source and in this case consumes bandwidth and create bottleneck in network. In other words, such attacker doesnt allow that all of packets arrive at real destination.

AODV Performance:Average end-to-end delay:y Variation with number of nodes: o Average end-to-end delay is very small. o Because wormhole attack provides a fast and longer range directional link for all the traffics from source to destination.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 22

Variation with tunnel length :

Average end-to-end delay is very small and further decreases on increasing the tunnel length. o On increasing tunnel length attackers become nearer to the source and destination and performance of both protocols improves as compared to shorter tunnel length. o

Frames dropped & Average throughput:y Variation with number of nodes:

o Frames dropped by wormhole attackers increases in case of both routing protocols.

y Variation with tunnel length : o On varying tunnel length frames dropped by wormhole attackers increases in case of both routing protocols.

y Variation with number of nodes:

o On increasing number of nodes throughput decreases in case of both routing protocols.

y Variation with tunnel length : o On increasing tunnel length throughput decreases in case of both routing protocols

CONCLUSION:y From the analyses of graphs obtained from simulation it can be said that for small number of nodes performance of AODV is better. y As no. of nodes increases, for AODV protocol, routing overhead in the network increases in large amount. Hence performance for AODV decreases with large network.

y The effect of wormhole attack is more for DSR than AODV protocol. y The mainly AODV protocol is having routes established on demand and that
destination sequence numbers are applied for find the latest route to the destination. The connection setup delay is lower. One disadvantage of this protocol is that intermediate nodes can lead to inconsistent routes if the source sequence number is very old and the intermediate nodes have a higher but not the latest destination sequence number, thereby having stale entries. Also, multiple Route Reply packets in response to a single Route Request packet can lead to heavy control overhead. Another disadvantage of AODV is unnecessary bandwidth consumption due to periodic beaconing.

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 23

References:y Djamel Djenouri and Lyes Khelladi, A Survey of Security Issues In Mobile Ad Hoc And Sensor Networks,IEEE COMMUNICATIONS surveys and tutorials, Volume 7, no. 4, Fourth Quarter 2005. y Hoang Lan Nguyen, Uyen Trang Nguyen, A study of different types of attacks on multicast in mobile ad hoc networks in: Proceedings of IEEE , Ad Hoc Networks 6, pp. 3246 , August 2006. y G. K. Singh, H. S. Bindra and A. L. Sangal, Performance Analysis of DSR, AODV Routing Protocols based on Wormhole Attack in Mobile Ad-hoc Network, International Journal of Computer Applications,Volume 26, no.5, pp. 38-41, July 2011. y V. Sharma and A. Baghel, Analysis of AODV and DSR in Presence of Wormhole Attack in Mobile Ad-hoc Network, International Journal of Engineering Science and Technology, vol. 2, no.11, pp. 6657-6662, April 2010. y Y.C. Hu, A. Perrig, D.B. Johnson, Ariadne: A secure on demand routing protocol for ad hoc networks, in: Proceedings of ACM MobiCom 2002, Atlanta, Georgia, September 2002. y K. P. Manikandan, R. Satyaprasad, K. Rajasekhararao, A Survey on Attacks and Defense Metrics of Routing Mechanism in Mobile Ad hoc Networks, (IJACSA) International Journal of Advanced Computer Science and Applications, vol. 2, no.3, pp. 7-12, March 2011. y R. H. Jhaveri, A. D. Patel, J. D. Parmar, B. I. Shah, MANET Routing Protocols and Wormhole Attack against AODV (IJCSNS) International Journal of Computer Science and Network Security, Vol. 10, no. 4, April 2010. y C.E. Perkins, E.M. Royer, S.R. Das, Ad hoc on demand distance vector (AODV) routing, in: Proceedings of IEEE WMCSA99, New Orleans, LA, February 1999. y Y.C. Hu, A. Perrig, D.B. Johnson, Rushing attacks and defense in wireless ad hoc network routing protocols, in: Proceedings of ACM WiSe 2003, San Diego, CA, September 2003. y D. Johnson, D. Maltz, Dynamic Source Routing in Ad Hoc Wireless Networks, Mobile Computing, Kluwer Academic Publishers., Norwell, MA, 1996, pp. 153181. y K. P. Manikandan, R. Satyaprasad, K. Rajasekhararao, A Survey on Attacks and Defense Metrics of Routing Mechanism in Mobile Ad hoc Networks, (IJACSA) International Journal of Advanced Computer Science and Applications, vol. 2, no.3, pp. 7-12, March 2011. y R. H. Jhaveri, A. D. Patel, J. D. Parmar, B. I. Shah, MANET Routing Protocols and Wormhole Attack against AODV (IJCSNS) International Journal of Computer Science and Network Security, Vol. 10, no. 4, April 2010. y C.E. Perkins, E.M. Royer, S.R. Das, Ad hoc on demand distance vector (AODV) routing, in: Proceedings of IEEE WMCSA99, New Orleans, LA, February 1999. y Y.C. Hu, A. Perrig, D.B. Johnson, Rushing attacks and defense in wireless ad hoc network routing protocols, in: Proceedings of ACM WiSe 2003, San Diego, CA, September 2003. y D. Johnson, D. Maltz, Dynamic Source Routing in Ad Hoc Wireless Networks, Mobile Computing, Kluwer Academic Publishers., Norwell, MA, 1996, pp. 153181. y (IJCSIS) International Journal of Computer Science and Information Security, Vol. 1, No. 1, May 2009

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 24

Hao Yang, Haiyun Luo. Fan Ye, Songwu Lu, and LixiaZhang. Security in mobile ad hoc networks: Challengesand solutions. IEEE Wireless Communications , February2004 Shree Murthy and J. J. Garcia-Luna-Aceves. An Efficient Routing Protocol for Wireless Networks. Mobile Networks and Applications, 1(2):183197, 1996. Charles E. Perkins and Elizabeth M. Royer. Ad-Hoc On- Demand Distance Vector Routing. In Proceedings of the Second IEEE Workshop on Mobile Computing Systems andApplications (WMCSA99), pages 90100, February 1999. Satoshi Kurosawa, Hidehisa Nakayama, Nei Kat, Abbas Jamalipour, and Yoshiaki Nemoto, Detecting Blackhole Attack on AODV-based Mobile Ad Hoc Networks by Dynamic Learning Method, International Journal of Network Security, Vol.5, No.3, P.P 338-346, Nov. 2007 C. Perkins and P. Bhagwat. Routing over multihop wireless network for mobile computers. SIGCOMM 94 : Computer Communications Review:234-244, Oct. 1994. C. E. Perkins, S.R. Das, and E. Royer, Ad-hoc on Demand Distance Vector (AODV). March 2000, http://www.ietf.org/internal-drafts/draft-ietf-manet-aodv05.txt Ioanna Stamouli, Real-time Intrusion Detection for Ad hoc Networks Masters thesis, University of Dublin, Septermber 2003. Y.-C. Hu, D.B. Johnson, and A. Perrig, SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad hoc Networks, Proc. 4th IEEE Workshop on Mobile Computing Systems and Applications, Callicoon, NY, June 2002, pp. 3-13. Y.-C. Hu, A. Perrig, and D.B. Johnson, Ariadne: A Secure On-Demand Routing Protocol for Ad hoc Networks, Proc. 8th ACM Intl. Conf. Mobile Computing and Networking (Mobicom02), Atlanta, Georgia, September 2002, pp. 12- 23. Kimaya Sanzgiti, Bridget Dahill, Brian Neil Levine, Clay shields, Elizabeth M, Belding-Royer, A secure Routing Protocol for Ad hoc networks In Proceedings of the 10th P. Radha and L .Loukas, "A Graph Theoretic Framework for Preventing the Wormhole Attack in Wireless Ad Hoc Networks," Wireless Networks Journal, vol. 13, pp. 27-59, 2007. S. Capkun, L. Buttyan, and J. Hubaux, "SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks," in ACMWorkshop on Security of Ad Hoc and Sensor Networks (SASN) Washington, USA October 2003, pp. 1-12.

y y

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 25

W. Ribeiro, P. Junior, T. Figueiredo, H. Wong, and A. Loureiro, "Malicious Node Detection in Wireless Sensor Networks," in 18thInternational Parallel and Distributed Processing Symposium (IPDPS'04), 2004. X. Wang, "Intrusion Detection Techniques in Wireless Ad Hoc Networks," in 30th Annual International Computer Software andApplications Conference (COMPSAC'06), 2006 ,pp. 347-349. W. Xia and W. Johnny, "An End-to-end Detection of Wormhole Attack in Wireless Ad-hoc Networks," in Proceedings of the 31st Annual International Computer Software and Applications Conference (COMPSAC 2007) - Volume 01, 2007, pp. 3948. F. Nat-Abdesselam, B. Bensaou, and T. Taleb, "Detecting and Avoiding Wormhole Attacks in Wireless Ad Hoc Networks," in IEEE Communications Magazine. vol. 46, April 2008, pp. 127-133. S. Khurana and N. Gupta, "FEEPVR: First End-to-End Protocol to Secure Ad Hoc Networks with Variable Ranges against Wormhole Attacks," in Second International Conference on Emerging Security Information, Systems and Technologies, secureware, 2008, pp. 74-79. Y. Zhang, W. Liu, W. Lou, and Y. Fang, "Securing Sensor Networks with LocationBased Keys," in IEEE Wireless Communications and Networking Conference (WCNC 2005 ), March 2005, pp. 1909 1914. [16] S. Ning, Q. Lijun, and L. Xiangfang, "Wormhole Attacks Detection in Wireless Ad Hoc Networks: A Statistical Analysis Approach," inProceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) Workshop 17 - Volume 18: IEEEComputer Society, 20.05 L. Buttyn, L. Dra, and I. Vajda, "Statistical Wormhole Detection in Sensor Networks," in Security and Privacy in Ad-hoc and SensorNetworks: Springer, 2005, pp. 128-141. W. Weichao and B. Bharat, "Visualization of Wormholes in Sensor Networks," in Proceedings of the 3rd ACM workshop on Wirelesssecurity, Philadelphia, PA, USA, 2004, pp. 5160. R. Maheshwari, J. Gao, and S. R. Das, "Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information," in INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE, 2007, pp. 107115.[20] C. Sun, K. Doo-young, L .Do-hyeon, and J. Jae-il, "WAP: Wormhole Attack Prevention Algorithm in Mobile Ad Hoc Networks," in Proceedings of the 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC 2008),June 2008, pp. 343-348. K. Win" ,Analysis of Detecting Wormhole Attack in Wireless Networks," in Proceedings of World Academy of Science, Engineering and Technology, Volume

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 26

36, December 2008, ISSN 2070-3740[22] F. KONG, C. LI, Q.DING, G. CUI, and B. CUI, "WAPN: A Distributed Wormhole Attack Detection Approach for WirelessSensor Networks," Journal of Zhejiang University SCIENCE A, vol.10, p. 279~289, February 2009. y [23] L. Gunhee, S. Jungtaek, and K. Dong-kyoo" , An Approach to Mitigate Wormhole Attack in Wireless Ad Hoc Networks," in Proceedings of the 2008 International Conference on InformationSecurity and Assurance (ISA 2008), 2008, pp. 220-225.
An Engineering Approach to Computer Network, S. Keshav, Addison Wesly / AT&T, 1997 Mobile Ad Hoc Networking Working Group - AODV http://www.ietf.org/internet-drafts/draft-ietf-manet-aodv-10.txt AODV Multicast Features http://www.tml.hut.fi/Opinnot/Tik-110.551/2000/papers/AODV_features/ AODV-UU routing protocol implementation created at Uppsala University http://www.docs.uu.se/~henrikl/aodv/ NIST Linux AODV http://w3.antd.nist.gov/wctg/aodv_kernel/ http://w3.antd.nist.gov/wctg/manet/AODVReadme.pdf IETF Manet Working Group AODV Draft http://www.ietf.org/internet-drafts/draft-ietf-manet-aodv-08.txt AODV Short http://www.cs.ucsb.edu/~eroyer/aodv.html AD-HOC NETWORKS http://www.cmpe.boun.edu.tr/~emre/research/msthesis/node27.html NEC ResearchIndex http://citeseer.nj.nec.com/context/485757/0 AODV code for CMU Wireless and Mobility Extensions to ns-2 http://www.ececs.uc.edu/~mmarina/aodv/ HUT AODV for IPv6 http://www.tml.hut.fi/~ajtuomin/manet/aodv/ FlyingLinux / MAD-HOC / Technical Documentation http://mad-hoc.flyinglinux.net/techdoc.ps Performance Comparison of Two On-demand Routing Protocols for Ad Hoc Networks http://www.cs.ucsb.edu/~eroyer/txt/aodv_infocom.ps 5th Annual ACM/IEEE International Conference on Mobile Computing and Networks (MOBICOM) http://www.cs.ucsb.edu/~eroyer/txt/aodv_mobicom99.pdf 2nd IEEE Workshop on Mobile Computing Systems and Applications (WMCSA) http://www.cs.ucsb.edu/~eroyer/txt/aodv_WMCSA_slides.ps An Implementation Study of the AODV Routing Protocol http://www.cs.ucsb.edu/~eroyer/txt/wcnc_impl.ps Momnet, University of California, Santa Barbara http://moment.cs.ucsb.edu/AODV/aodv-ucsb-0.1.tar.gz .

y y y y

y y y y y y

y y y

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.

P a g e | 27

OM PRAKASH VERMA M.TECH (CNE) GRAPHIC ERA INSTIUTE OF TECHNOLOGY DEHRADUN.