Detection and Prevention of Wormhole Attack in Wireless Sensor Network

Transcription

1 Detection and Prevention of Wormhole Attack in Wireless Sensor Network Aaditya Jain 1, Shalini Sharma 2, Dr. Bala Buksh 3 1 M.Tech Scholar, Department of Computer Science & Engg., R. N. Modi Engineering College, Rajasthan Technical University, Kota, Rajasthan, India 2 B.Tech, Department of Computer Science & Engg., R. N. Modi Engineering College, Rajasthan Technical University, Kota, Rajasthan, India 3 Professor, Department of Computer Science & Engg., R. N. Modi Engineering College, Rajasthan Technical University, Kota, Rajasthan, India ABSTRACT Wireless Sensor networks are comprised of many small and resource constrained sensor nodes that are deployed in an environment for many applications which require unattended, long-term operations. They are vulnerable to many kinds of attacks because of no specific network topology. Therefore interest in research of security in wireless sensor network has been increasing since last several years. Wormhole attack is one of the severe attack used to destabilize or disable wireless sensor networks. The idea behind this attack, is two or more colluding attackers record packets at one location, and tunnel them to another location for a replay at that remote location. In this paper, the numbers of techniques dealing with detection and prevention of wormhole attack in wireless sensor networks are surveyed. Keywords: Wireless Sensor Network, Wormhole Attack, Wormhole Detection & Prevention, MAODV. 1. INTRODUCTION Wireless sensor networks (WSNs) are built with a very large number of tiny light weighted and inexpensive sensor nodes that have typically resource constrained, limited memory, with low battery backup sensors, slow embedded processors, and low bandwidth. The technology allows nodes in a network to communicate directly with each other using wireless transceivers without need for a fixed infrastructure. In WSN a node is capable to perform the processing, and gathering of the sensor information for communication with all other connected nodes in the network. Sensors are the hardware devices: they measure and produce a proper response by a physical condition like pressure or temperature. Sensors are monitored by using a physical data parameter. Each node of the sensor network consist of the three subsystems: the sensor subsystem which senses the environment, the processing subsystem which performs local computations on the sensed data and the communication subsystem which is responsible for message exchange with neighboring sensor nodes [1]. The application scenarios for WSNs are many, including military surveillance, commercial, environment, medical, manufacturing and home automation to name many but few. Currently, most WSN applications are designed to operate in trusted environments. However, security issues are a major concern when WSNs are deployed in untrusted environments [2]. The vulnerability of wormhole attack is high in WSN because it is a passive attack as it does not require the information about the cryptographic infrastructure of the network, hence it puts an attacker in a beneficial or strong position. 2. WORMHOLE ATTACK Wormhole attack is a devastating attack where two malicious colluding sensor nodes create a virtual tunnel in the wireless sensor network as shown in figure1, which is used to forward message packets between the tunnel edge points [3], [4]. This can be achieved by either compromising two or more sensor nodes of the network or adding a new set of malicious nodes to the network. The tunnel can be established in many ways e.g. in-band and out-of-band channel. This makes the tunneled packet arrive either sooner or with a lesser number of the hopes compared to the packets transmitted over normal multi hop routes. This creates the illusion that the two end points of the tunnel are very close to each other. However, the main aim behind the attack is to disrupt the correct operation of WSN s routing protocols [5]. Volume 5, Issue 2, February 2016 Page 138

2 Figure1 Basic strategy of wormhole attack[4] 3. WORMHOLE DETECTION AND PREVENTION TECHNIQUES The main concept in detecting presence of wormhole in a network is to find out if node is transmitted out of its transmitting range. That can be found out if the packet received is not one of its neighbors. In this paper several wormhole detection and prevention techniques are discussed. All the techniques are having their own benefits and limitations. 3.1 Packet leashes approach Y. Hu et al. in [6] proposed an approach called packet leashes. It prevents packets from traveling farther than radio transmission range. The wormhole attack can be detected by an unalterable and independent physical metric, such as time delay or geographical location. It overcomes wormhole attack by restricting the maximum distance of transmission, using either tight time synchronization or local information. Temporal leash is to ensure that the packet has an upper bound on its lifetime. The drawback of this is that they need highly synchronized clocks. Geographical leash is to ensure that the recipient of the packet is within a certain distance from the sender. The drawback of this scheme is that, each node must know its own location and all nodes must have loosely synchronized clocks. Because clock synchronization is resource demanding, and thus, packet leashes have limited applicability in wireless sensor networks. 3.2 Directional antenna and anchor based approach Hu and Evans in [7] have attempted to detect wormholes by equipping network nodes with directional antennas so they can all have the same orientation. Lazos and Poovendran in [8] have applied a similar idea in their secure localization scheme called SeRLoc. SeRLoc employs about 400 anchor nodes in a 5,000 node network. Each anchor node has a directional antenna and knows its physical location. Other nodes in the network use anchor nodes to locate themselves. Since a wormhole produces shortcuts in a network, the directional antennas deployed at anchor nodes help detect the attack; nodes can then defend against the attack by discarding incorrect localization messages. However, SeRLoc is unable to detect wormhole attacks when anchor nodes are compromised, especially nodes located near one of the ends of a wormhole. A graph-theoretic framework in [9] has also been proposed for detecting wormhole attacks. However, the framework relies on guard nodes, which are functionally similar to anchor nodes. 3.3 Delphi Approach Chiu and Lui in [10] introduce a delay analysis approach called DELPHI. It calculates mean delay per hop of every possible route. DELPHI applied a multi-path approach, and recorded the delay and hope counts in transmitting RREQ and RREP through the paths. After collecting all response, the sender computes mean delay per hop of each route. The path with the wormhole attacks, the delay would be obviously longer than the normal path with the same hop count. Hence, the path with longer delays would not be selected to transmit data packet and wormhole nodes could be avoided. 3.4 Localization based system approach Chen et al. in [11] have discussed about Localization Based Systems, which are susceptible to wormhole attacks as they can disturb the localization procedure. For preventing the effect of wormhole attack, a distance consistency based secure location scheme was projected, which incorporated wormhole attack detection, valid location recognition and self localization. To achieve secure localization in the network and shielding against wormhole attack, Chen et al. in [12] make a conflicting set for each node to use all differing sets of its adjacent locators for filtering out incorrect distance measurements of its adjacent locators. But the downside of this method is that it only works properly when the Volume 5, Issue 2, February 2016 Page 139

3 system has no packet loss. As the attackers may drop the packets intentionally, the packet loss is unavoidable when the system is underneath a wormhole attack. 3.5 Trust based system approach Ozdemir et al. in [13] used a Trust Based Model for the identification of wormhole in the sensor network. In trust based systems, each source node uses its trust information to calculate the most reliable path to a particular destination by circumventing intermediary malicious nodes. A wormhole in a system have the least trust level if that wormhole drops all the packets and if all the packets sent reach the destination then the neighboring node of a source node will have the highest trust level. It is a combined time and trust based model which detects the compromised nodes for false detection. These two models run together. Malicious nodes on the path can give the wrong impression about the time based module by providing incorrect information. To prevent this problem, trust based module always observes the first module and calculates trust values of neighbor nodes. These values are used to modify the path next time. Figure2 Trust based model 3.6 Secure routing protocol based approaches Sankaran et al. in [14] proposed an approach called SAW and Khin Sandar Win in [15] proposed an approach called DAW. Similar methodologies are discussed in both but the major difference is the use of routing protocols. SAW approach uses AODV routing protocol [16] and DAW approach uses DSR routing protocol [17]. In both approaches, trust based security models have been proposed and used to detect intrusion. Arithmetical methods are used to identify the wormhole attack. If any link is found to be doubtful, then existing trust information is used to identify the wormhole tunnel. In this trust model, nodes observe neighbors based on the pattern of their packet drop but not on the number of packet drops. In [15], another algorithm for detecting the presence of wormhole WSN is proposed. Here, after sending the RREQ, the source waits for the RREP. The source receives many RREP coming through different routes. The link with very high frequency is checked and the value is checked with a previously defined threshold coefficient value. If the number of packet drop is higher than the number of packets sent, then there is the presence of wormhole. Chaurasia and Singh in [18] presented efficient method to detect a wormhole attack called Modified Wormhole Detection AODV protocol (MAODV). Detection of wormhole attack is performed using number of hops in different paths from source to destination and delay of each node in different paths from source to destination. It compares the delay per hop of every node in the normal path and a path that is under wormhole attack, finds that delay per hop of a path that is wormhole attack is larger in comparison of normal path. Drawback is that this method does not work well when all the paths are wormhole affected. Parmar and Vagela in [20] proposed a technique to detect and prevent the wormhole attack in the wireless network efficiently using Ad Hoc on Demand Multipath Distance Vector Routing Protocol (AOMDV). AOMDV is an extension to the AODV protocol to discover multiple paths between the source and the destination in every route discovery process [19]. The idea behind the scheme in [20] is note time when the source node broadcasts a RREQ packet and when the corresponding RREP packet is received by the source, again note the received time of the packet. By using the above two values one can calculate the round trip time of the established route or routes. Take round trip time of each route and divide it by respective hop count. With the help of this value say calculate the average round trip time of all the Volume 5, Issue 2, February 2016 Page 140

4 routes. The value obtained is threshold round trip time. Compare the threshold value with each round trip time. If the total round trip time is less than threshold round trip time and hop count of that particular route is equal to two than wormhole link is present in that route else no wormhole link present in that route. Since wormhole link detected in that route, sender detects first neighbour node as wormhole node and sends dummy RREQ packet through that route and neighbour. At the destination end receiver receives dummy RREQ packet from its neighbour and detects neighbour as wormhole node and routing entries are removed from the source node and broadcast to other nodes. Thus wormhole affected link is blocked and is no more used. So, that from the next onwards whenever a source node needs a route to that destination, first it checks in the routing table in the route established phase for a route and it will come to know that, the route is having wormhole link and it will not take that route instead it will take another route from the routing list of the source node which is free from wormhole link if available. Figure3 Wormhole detection with AOMDV protocol 3.7 Topological detection approach Dong et al. in [21] fundamentally analyze the wormhole problem using a Topological Methodology and propose an effective distributed approach. This approach relies solely on network connectivity information, without any requirements on special hardware devices or any rigorous assumptions on network properties. Collection of homogeneous nodes deployed over a surface of terrain. Each node performs the homogeneous transmission control and is only capable of communicating with adjacent nodes. Main idea behind the scheme is observing the inevitable topology deviations introduced by wormholes and by detecting non separating loops, this approach can detect and locate various wormholes. 4. CONCLUSION Wormhole attacks in WSNs can significantly degrade network performance and threaten network security. It comes in the category of passive attacks so difficult to detect in WSN. In this paper firstly we have discussed what wormhole attack is actually and how it is work in WSNs. This paper also throws light on various existing wormhole detection and prevention techniques in WSNs. All the techniques have their own advantages and limitations. But there is no detection and prevention technique is present which detects wormhole attack perfectly in all situations, so it is still an open challenge problem. REFERENCES [1] I. Akyildiz, W. Su, Y. Sankara subramaniam and E. Cayirci, A survey of sensor networks, IEEE Communications, vol. 40(8), pp , [2] Abhishek Jain, Kamal Kant, Security Solutions for Wireless Sensor Networks, IEEE Second International Conference on Advanced Computing and Communication Technologies, pp , [3] Majid Meghdadi, Suat Ozdemir and Inan Guler; A Survey of Wormhole-based Attacks and their countermeasures in Wireless Sensor Networks ; IETE tech. reveiw, vol. 28(2), Mar.-Apr., [4] Priya Maidamwar and Nekita Chavhan; A survey on Security issues to detect wormhole attack in wireless sensor network ; IJANS vol. 2(4), Oct., 2012 [5] Yih-Chun Hu, Member, IEEE, Adrian Perrig, Member, IEEE, and David B. Johnson, Member, IEEE, Wormhole Attacks in Wireless Networks, IEEE Journal on selected areas in Communications, vol. 24, no. 2, February2006 Volume 5, Issue 2, February 2016 Page 141

5 [6] Y. Hu, A. Perrig and D. Johnson, Packet leashes: A defense against wormhole attacks in wireless networks, Proceedings of the Twenty Second Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3, pp , [7] L. Hu and D. Evans, Using directional antennas to prevent wormhole attacks, Proceedings of the Eleventh Network and Distributed System Security Symposium, pp , [8] L. Lazos and R. Poovendran, SeRLoc: Robust localization for wireless sensor networks, ACM Transactions on Sensor Networks, vol. 1(1), pp , [9] R. Poovendran and L. Lazos, A graph theoretic framework for preventing the wormhole attack in wireless ad hoc networks, Wireless Networks, vol. 13(1), pp , [10] H.S. Chiu and K. Lui. DelPHI: Wormhole Detection Mechanism for Ad Hoc Wireless Networks. In Proceedings of Inter-national Symposium on Wireless Pervasive Computing, pp. 6-11, [11] H. Chen, W. Lou, X. Sun, and Z. Wang. "A secure localization approach against wormhole attacks using distance consistency," EURASIP Journal on Wireless Communication and Net-working-Special Issue on Wireless Network Algorithms, Systems, and Applications, pp , [12] H. Chen, W. Lou, and Z. Wang. "Conflicting-set-based worm-hole attack resistant localization in wireless sensor networks," Book Chapter Lecture Notes in Computer Science Ubiquitous Intelligence and Computing, vol. 5585/2009, pp , [13] S. Ozdemir, M. Meghdadi, and Ý. Guler. "A time and trust based wormhole detection algorithm for wireless sensor net-works," (manuscript in Turkish), in 3rd Information Security and Cryptology Conference (ISC 08), pp , 2008 [14] M.S. Sankaran, S. Poddar, P.S. Das, S. Selvakumar. A Novel Security model SaW: Security against Wormhole attack in Wire-less Sensor Networks. In Proceedings of International Conference on PDCN, [15] Khin Sandar Win. Analysis of Detecting Wormhole Attack in Wireless Networks, World Academy of Science, Engineering and Technology, 48, pp , [16] Aaditya Jain and Dr. Bala Buksh, Solutions for Secure Routing in Mobile Ad Hoc Network- A Survey, Imperial Journal of Interdisciplinary Research Vol. 2, Issue [17] Aaditya Jain, Performance Analysis of DSR Routing Protocol With and Without the Presence of Various Attacks in MANET, International Journal of Engineering Research and General Science, Vol. 4, Issue 1, [18] Umesh Chaurasia and Varsha Singh, MAODV: Modified Wormhole Detection AODV Protocol. IEEE 2013.Pg [19] S. R. Biradar, Koushik Majumder, Subir Kumar Sarkar, Puttamadappa S.R.Biradar, Performance Evaluation and Comparison of AODV and AOMDV, (IJCSE) International Journal on Computer Science and Engineering, Vol. 02, No. 02, 2010, Pg [20] Parmar Amish and V. B. Vagela, International Journal of Electrical and Electronics Engineers, Vol. 07, Issue 01, Jan- June [21] Dezun Dong, Mo Li, Yunhao Liu, Xiang- Yang Li and Xiangke Liao, Topological Detection on Wormholes in Wireless Ad Hoc and Sensor Networks, IEEE Transactions on Networking, Vol. 19, No. 6, December AUTHORS Aaditya Jain is currently pursuing M.Tech in Computer Engg. from RMEC Kota, which is affiliated to Rajasthan Technical University, Kota (Raj). He received B.E. degree in Computer Science & Engg. from MIT Mandsaur which is affiliated to Rajiv Gandhi Technical University, Bhopal (MP) in He published research papers in various International and National Journals and Conferences. His areas of interests are Network Security, Cryptography, Ad Hoc Networks and Wireless Sensor Networks. Shalini Sharma is currently pursuing B.Tech final year in Computer Science & Engg. from RMEC Kota, which is affiliated to Rajasthan Technical University, Kota (Raj). Her area of interests are Wireless Networks and Information-Security. Dr. Bala Buksh is the Director of RMEC Kota (Raj). He has done his MS and Ph.D. in Computer Science from Birmingham (U.K.). He published various research papers in International and National Journals and Conferences. His research interests are computer network, Wireless Sensor Network and Ad hoc Network. He is Ex. General Manager from ONGC and has rendered his services in the industry for more than 30 years. He had been pioneer in implementing enterprise wide IT applications in the area of Oil & Natural Gas Exploration, Production and Drilling activities for automation and on live availability on a single platform. Volume 5, Issue 2, February 2016 Page 142