Channel Aware Detection based Network Layer Security in Wireless Mesh Networks

Transcription

1 Channel Aware Detection based Network Layer Security in Wireless Mesh Networks Anusha Bhide M 1, Mr. Annappa Swamy D.R 2 and Syed Arshad 3 1 M.Tech Student, Dept. of CSE, Mangalore Institute of Technology & Engineering, India. 2 Associate Professor, Dept. of CSE, Mangalore Institute of Technology & Engineering, India. 3 M.Tech Student, Dept. of CSE, Mangalore Institute of Technology & Engineering, India. Abstract: Wireless Mesh Networks have emerged as a potential technology for next-generation wireless networking. It is becoming a reasonable choice to offer Internet access in an inexpensive, convenient, and quick way. WMNs consist of mesh routers and mesh clients where fixed mesh routers form the multi-hop backbone of the network and it is assumed that each individual mesh client will follow the prescribed protocols. WMNs being multi-hop wireless networks are prone to most of the security attacks. They are vulnerable to several kinds of attacks because of their inherent attributes such as the open communication medium. Wireless mesh networks may be susceptible to routing protocol threats and route disruption attacks. Malicious mesh devices can launch Denial of Service (DoS) attacks such as Rushing, Worm hole, Black hole, Gray hole and Sybil attacks in Network layer of WMNs. Many of these threats require packet injection with a specialized knowledge of the routing protocol and it is very hard to detect that packet loss is due to medium access collision or bad channel quality or a network layer attack. In this paper, a Channel Aware Detection (CAD) approach is implemented to mitigate routing protocol threats and route disruption attacks by limiting the number of packets forwarded to the malicious mesh devices. It is based on two strategies, the channel based estimation and traffic monitoring. If the monitored loss rate at particular hops exceeds the estimated normal loss rate, those nodes identified will be considered as malicious. As the malicious mesh devices ensure low packet delivery, throughput and end to end latency, CAD algorithm is used to enhance the above metrics and to limit the traffic flowing to the malicious mesh devices. Keywords: wireless mesh network; channel aware detection; network layer attacks; 1. INTRODUCTION A wireless mesh network (WMN) is a communications network made up of radio nodes organized in a mesh topology. Wireless mesh networks often consist of mesh clients, mesh routers and gateways as shown in the Figure 1. The mesh clients are often laptops, cell phones and other wireless devices while the mesh routers forward traffic to and from the gateways. WMNs have emerged recently as a promising technology for next-generation wireless networking to provide better services that cannot be supported directly by other wireless networks. It consists of two types of nodes, mesh routers and mesh clients. Mesh routers form the backbone and they have minimal mobility which guarantees high connectivity, robustness etc. The mesh client nodes can be stationary or mobile. Figure 1: Multi-radio WMN architecture Self-organization and self-configuration are the desired features of WMN. These features provide many advantages like good reliability, market coverage, scalability and low upfront cost. It gained significant 723

2 attention because of the numerous applications they support for example, broadband home networking, community and neighbourhood networks, delivering video, building automation in entertainment and sporting venues etc. However, WMNs lack security guarantees in various protocol layers. This is attributed to many factors such as its open medium, distributive architecture, dynamic topologies and absence of central authority. In a WMN, the mesh clients can access the network through mesh routers or directly via other mesh clients. To support end to end communication, effective routing protocols are required. Hence routing plays an important role in the entire network and therefore focus on certain types of malicious attacks like Rushing, Worm hole, Black hole, Gray hole and Sybil attack is important (refer Table 1 for the Protocol layers and threats). To launch a Network layer attack, an attacker may have to compromise or hijack the mesh router in the network, known as internal attacks; or attack the network from outside, which is known as external attacks. Internal attacks may pose severe threats and are difficult to defend by cryptographic measures alone. So a non-cryptographic approach is used to counteract the dropping misbehaviour launched by internal attackers. All the routers must incorporate an authentication mechanism, e.g., TESLA [4], to avoid the attacks from unauthorized routers. SAODV [5], SEAD [6], ARAN [7] and Ariadne [8] are several secure routing protocols resilient to external attacks. A channel aware detection (CAD) adopts two steps, hop-by-hop loss monitoring and traffic overhearing, to identify the mesh nodes subject to the attack Table 1 Wireless Security Risks The rest of the paper is organized as follows. Section 2 describes the Related Work. Attacks on network layer of WMNs are explained in Section 3. Section 4 discusses the CAD and its design. Section 5 briefly describes the implementation details. Section 6 shows the screenshots and the results obtained during the simulation. Finally this paper is concluded in Section RELATED WORK In the last few years, several secure routing protocols resilient to external attacks, such as SAODV, SEAD, ARAN and Ariadne, were proposed. However, none of these protocols are capable in defending against internal attacks. Wireless specific attacks such as rushing attacks, worm hole attacks were recently identified and studied. These attacks can form a serious threat, because once launched the attacker can easily inject bogus packets, eavesdrop on communication or selectively drop the data packets. RAP [10] prevents the rushing attack by waiting for up to ROUTE REQUEST packets and then randomly selecting one to transmit the data packets, rather than always selecting the first ROUTE REQUEST packet for forwarding. However, RAP has significant network overhead and is ineffective if the adversary has compromised m or more nodes. Packet leashes [11] and LiteWorp [12] are two wellknown techniques to defend against wormhole attacks. The former one restricts the maximum transmission distance of the packet by using either clock synchronization or location information. The latter one uses guard nodes to overhear the communications between the neighbouring nodes and exploits the directional antenna techniques [13]. Karlofet al. [9] first proposed selective forwarding attacks and suggested that multipath forwarding can be used to counter these attacks in sensor networks. However, the algorithm fails to suggest a method to detect and isolate the attackers from the network. In [14], the authors propose a scheme that randomly selects part of the intermediate nodes along a forwarding path as checkpoint nodes which are responsible for generating acknowledgments for each packet received. If suspicious behaviour is detected, it will generate an alarm packet and deliver it to source node. Some of the key disadvantages of the scheme are: (1) The algorithm suffers from high overhead because for each received packet the intermediate nodes need to send an acknowledgment back to the source node; (2) The algorithm assumes that the channel is perfect and any packet loss is due to the presence of malicious nodes. The CAD approach proposed in this paper departs from the previous solutions. (1) CAD considers a practical scenario where a packet loss may be due to bad channel quality, medium access collisions, or purposeful packet dropping; and propose a method to discriminate attacks from those normal loss events. (2) CAD utilizes both upstream and downstream traffic monitoring for enhanced performance

3 complete denial of service or drop the packets selectively to avoid detection. 3. ATTACKS ON NETWORK LAYER OF WMNS In this section, the details of various attacks on WMN are given. The attacks on the network layer can be divided into control plane attacks and data plane attacks and can be active or passive in nature. Control plane attacks generally target the routing functionality of the network layer. The objective of the attacker is to make routes unavailable or force the network to choose sub-optimum routes. Data plane attacks affect the packet forwarding functionality of the network. The objective of the attacker is to cause the denial of service for the legitimate user by making user data undeliverable or injecting malicious data into the network. 3.1 Control Plane Attacks Rushing attacks targeting the on-demand routing protocols (e.g.: AODV) were among the first exposed attacks on the network layer of multi-hop wireless networks. Rushing attack exploits the route discovery mechanism of on-demand routing protocols. In these protocols, the node requiring the route to the destination floods the Route Request message which is identified by a sequence number. To limit the flooding, each node only forwards the first message that it receives and drops remaining messages with same sequence number. The protocols specify a specific amount of delay between receiving the Route Request message by a particular node and forwarding it, to avoid collusion of these messages. The malicious node launching the rushing attack forwards the Route Request message to the target node before any other intermediate node from source to destination. This can easily be achieved by ignoring the specified delay. Consequently, the route from source to destination includes the malicious node as intermediate hop which can then drop the packets of the flow resulting in data plane denial of service attack Wormhole attack has a similar objective but uses a different technique. During a wormhole attack, two or more malicious nodes collude together by establishing a tunnel using an efficient communication medium. During the route discovery phase of on-demand routing protocols, The Route Request messages are forwarded between the malicious nodes using the established tunnel. Therefore, the first Route Request message that reaches the destination node is the one forwarded by the malicious nodes. Consequently, the malicious nodes are added in the path from source to destination. Once the malicious nodes are included in the routing path, the malicious nodes either drop all the packets resulting in Black hole attack (or sink hole attack) is another attack that leads to denial of service in wireless mesh networks. It also exploits the route discovery mechanism of on-demand routing protocols. In a black hole attack, the malicious node always replies positively to a Route Request although it may not have a valid route to the destination. Since the malicious node does not check its routing entries, it will always be the first to reply the Route Request message. Therefore, almost all the traffic within the neighbourhood of the malicious node will be directed towards the malicious node which may drop all the packets resulting in denial of service. A more complex form of the attack is the cooperative black hole attack where multiple malicious nodes collude together resulting in complete disruption of routing and packet forwarding functionality of the network Gray hole attack is a variant of the black hole attack. In a black hole attack, the malicious node drops all the traffic that it is supposed to forward. This may lead to possible detection of the malicious node. In a gray hole attack the adversary avoids the detection by dropping the packets selectively. Gray hole attack does not lead to complete denial of service but it may go undetected for a longer duration of time. This is because the malicious packet dropping may be considered as the congestion in the network which also leads to selective packet loss Sybil Attack is the form of attack where malicious node creates multiple identities in the network, each appearing as a legitimate node. Sybil attack was first exposed in distributed computing applications where the redundancy in the system was exploited by creating multiple identities and controlling the considerable system resources. In the networking scenario, a number of services like packet forwarding, routing and collaborative security mechanisms can be disrupted by the adversary using sybil attack. Following form of the attack affects the network layer of WMN. WMN are supposed to take advantage of the path diversity in the network to increase the available bandwidth and reliability. If the malicious node creates multiple identities in the network, the legitimate nodes, assuming these identities to be distinct network nodes, will add these identities in the list of distinct paths available to a particular destination. When the packets are forwarded to these fake nodes, the malicious node, that created the identities, processes these packets. Consequently, all the distinct routing paths will pass through the malicious node. The malicious node may launch any of the above mentioned attacks. Even if no other attack is launched, the advantage of path diversity is diminished, resulting in degraded performance. In addition to the above mentioned attacks, the wireless mesh networks are also prone to network partitioning 725

4 attack and routing loop attack. In network partitioning attack, the malicious nodes collude together to disrupt the routing tables in such a way that the network is divided into non-connected partitions resulting in denial of service for certain network portion. Routing loop attacks affect the packet forwarding capability of the network where the packets keep circulating in loop until they reach the maximum hop count, at which stage the packets are simply discarded. 3.2 Data Plane Attacks Data plane attacks are primarily launched by the selfish and malicious (compromised) nodes in the network and lead to performance degradation or the denial of service for the legitimate user data traffic. The simplest of the data plane attacks is passive eavesdropping. Selfish behaviour of the participating WMN nodes is a major security issue because the WMN nodes are dependent on each other for data forwarding. The intermediate hop selfish nodes may not perform the packet forwarding functionality as per the protocol. The selfish node may drop all the data packets resulting in complete denial of service or it may drop the data packets selectively or randomly. It is hard to distinguish between such a selfish behaviour and the link failure or network congestion. On the other hand, malicious intermediate hop nodes may inject junk packets into the network. Considerable network resources (bandwidth and packet processing time) may be consumed to forward the junk packets which may lead to denial of service for the legitimate user traffic. 4. CHANNEL AWARE DETECTION A CAD algorithm is implemented in this paper, which can effectively identify the attackers by filtering out the normal channel losses. The CAD approach is based on two procedures, Channel Estimation and Traffic Monitoring. The procedure of channel estimation is to estimate the normal loss rate due to bad channel quality or medium access collision. The procedure of traffic monitoring is to monitor the actual loss rate, if the monitored loss rate at certain hops exceeds the estimated loss rate, those nodes involved will be identified as attackers. The traffic monitoring procedure at each intermediary node along a path monitors the behaviour of both its upstream and downstream neighbours. The channel estimation procedure at each node correspondingly sets an upstream detection threshold and downstream detection threshold. Each node judges the behaviour of its neighbours by comparing the upstream/downstream observations against the detection thresholds to identify the misbehaving nodes. (The thresholds will be dynamically adjusted with the normal loss rates to maintain the detection accuracy when network status changes). The channel estimation is integrated with traffic monitoring to achieve "channel-aware detection" of network layer attack, which can effectively identify misbehaviour hidden in the normal loss events due to bad channel quality or medium access collisions. In CAD, upstream and downstream traffic monitoring is combined to achieve a versatile detection method. In addition to network layer attacks, the CAD can also detect, limited transmit-power attack on-off attack and Bad mouthing attack. This algorithm is based on the "end-to-end path throughput" (path delivery rate) to detect the Network layer attacks in "Wireless mesh networks". The algorithm can trace back to one hop neighbourhood of the attacker but cannot pin-point the attacker. The algorithm also fails to identify the attacker in the presence of false reports. This scheme can be updated so that the algorithm identifies the attacker even in the presence of false reports or else the number of false reports can be reduced with some alternative settings. Analytical studies must be carried out on false alarm and missed detection probabilities for the CAD scheme. Based on the analytical model, the optimal upstream/downstream detection thresholds can be computed to minimize the summation of false alarm and missed detection probabilities. The thresholds are dynamically adjusted with the channel status to maintain the efficiency of CAD under varying network conditions. This Channel Aware Detection (CAD) is proposed by D M Shila and T Anjali [3]. It identifies intentional packet dropping from natural wireless losses. A natural packet loss can occur due to bad channel quality medium access collisions under the infinite buffer assumption. These two types of loss events are independent and are estimated as natural losses (L). In CAD; each mesh node maintains a number of packets received by it to measure the loss rate of the link. Therefore, when a node receives a packet from the upstream (Previous hop), it updates the packet count history with the corresponding packet sequence number and buffers the link layer acknowledgments (ACKs) received for each packet forwarded to downstream node (next hop).the number of packets forwarded by source S to destination D is denoted as W s and the number of packets received successfully by the intermediate node v i +1 from the upstream node vi over a time window is denoted as n vi vi+1[15]. When a router forwards a packet to the downstream node, it performs two operations: 726

5 (i) For each packet relayed to the downstream, it buffers the ACKs. (ii) It also overhears the downstream traffic and determines whether the node forwarded or tampered the packet. Based on these observations, the node maintains two parameters for its downstream node, probability of trust, P t and probability of distrust, P dt where P t = 1 P dt. Probability of distrust can be calculated as the number of packets tampered and dropped by the downstream node out of the total number of forwarded packets. Two new packets known as the PROBE packet and PROBE ACK packet are used for the detection of malicious routers. The source, S, sends a PROBE packet after every W s data packets. On receiving the PROBE, each node in the path marks the PROBE packet with the two detection parameters. This technique is known as packet marking. For each PROBE packet sent to destination, source marks the packet with the number of packets transmitted to destination (W s ) and each intermediate node v i +1 marks the packet with the number of packets received successfully from its upstream node v i. Additionally, when the packet is passed along the path, each node v i also attaches mark of its opinion to the downstream node v i +1 to indicate that the downstream node is misbehaving or not. Opinion is either 0 or 1 based on a threshold. In addition to opinion parameters, each node except the source and destination appends the parameter the behavior. Behavior represents the observation of node v i +1 about the behavior of upstream node vi and is computed by determining the packet loss rate of the link {v i, v i +1} by the node v i +1. At each node, the PROBE message is attached with a message authentication code (MAC), which is generated with the node s private key and a nonce random number. The MAC signature can protect the message from being tampered. On reception of the PROBE message, the destination makes a list of misbehaving node using information added by each node in the path. Then the destination sends a PROBE ACK message to the source for every PROBE packet it receives from source. If the source gets a negative PROBE ACK from destination the source will find another route to destination. If the source gets a positive PROBE ACK from destination the source will resume the data transmission. 4.1 Design of CAD The essence of CAD is to identify intentional dropping from normal channel losses. A normal packet loss can occur due to bad channel quality or medium access collision under the infinite buffer assumption. In CAD, each mesh node maintains a history of packet count to measure the link loss rate. When a node receives a packet from the upstream, it updates the packet count history with the corresponding packet sequence number. The CAD design requires the destination node to send a PROBE ACK message for every PROBE packet received from the source node. The PROBE ACK message is also secured with digital signature, similar to a PROBE message Negative PROBE ACK. Positive PROBE ACK PROBE ACK Timeout On receiving the PROBE, each node in the path marks the PROBE packet with its traffic monitoring information Parameters PROBE packet and PROBE ACK packet for the detection of malicious routers Normal loss rate due to channel quality or medium access collision. The channel busyness ratio is defined as the proportion of time that the channel is in the status of successful transmission or collision CAD algorithm at Source Node S Step 1: Divides the data packets to be sent in k equal parts. DATA [1,.,K]; Initialize i = 1; Comment: Chose channel window size w, If total no of data packets n then k = CAD (n/w) Step 2: Send preface(s,d,ni) message to the destination node D. Where ni is the no of data packets to be sent in current block. Step 3: Broadcast monitor (S, D, NNR) message to all its neighbors instructing neighbors to monitor next node in the route (PATH). Step 4: Starts transmitting data packets from the block Data[i] to D. Step 5: Sets timeout TS for the receipt of the preface (D, S, d_count) message containing d_count, no of data packets received by D. Step 6: If TS not expired and postlude message received, if (ni(1- μ) ) d _ count) Increment i by 1 and go to Step 8. Else Start false data removal process. Where μ is a threshold value ranges between 0 and 1 indicates the fraction of total packets gets lost due to error prone wireless channel. μ is the permissible packet loss in each node in the route then μ= 1- (1-μ)N, where N is the total no of nodes in the route (hop count). Step 7: If TS expired and preface message not received then start removal false process. Step 8: Continues from Step 2 when i less than equal to k. Step 9: Terminates S s action CAD algorithm at Destination Node D Step 1: On receiving preface (S,D,ni) message from S extracts ni Initialize d_count = 0. Step 2: Sets timeout TD for the receipt of the current data sample and waits for the data packets

6 Step 3: When TD not expired and a data packet received Update d_count += 1 Step 4: When TD expired send postlude(d, S, d_count) message to S. Step 5: Terminates D s action. This design was implemented on the existing AODV routing protocol which resulted in a Channel Aware Protocol. We have named it as Channel Aware AODV (caaodv). 5. IMPLEMENTATION The proposed Channel Aware Detection (CAD) based Network Layer Security in WMNs is implemented in NS 2.34 First a WMN of 11 wireless mesh routers (n0 to n10) is created assuming an error free network, with AODV routing protocol (set val(rp) AODV ;# routing protocol).with [new Agent/TCP] source and sinks, n0 and n11 respectively. FTP traffic is generated at n0 and the destination assigned is n11. AWK Script for calculating: Average Throughput, Start time, Stop time, Generated Packets, Received Packets, Packet Delivery Ratio, Total Dropped Packets and Average End-to-End Delay is executed to display the simulated results. Then malicious mesh routers are introduced in the same network and the simulation is performed and the Average Throughput, Start time, Stop time, Generated Packets, Received Packets, Packet Delivery Ratio, Total Dropped Packets and Average End-to-End Delay is noted down. The malicious mesh routers introduced are provided with Rushing attack, Blackhole attack as well as Grayhole attack functionalities are enabled one at a time. The proposed caaodv routing protocol is enabled on the same WMN with malicious mesh routers and again the Average Throughput, Start time, Stop time, Generated Packets, Received Packets, Packet Delivery Ratio, Total Dropped Packets and Average End-to-End Delay is noted down to compare the results. 6. SCREENSHOTS Figure 2: Wireless Mesh Network (Routing Protocol: AODV) Results of WMN 1: Average Throughput [kbps] = Stop Time = 4.95 Received Packets = 25 Packet Delivery Ratio = 100 % Total Dropped Packets = 0 Average End-to-End Delay = ms Figure 3: Wireless Mesh Network with a blackhole node (NODE#9) - (Routing Protocol: AODV) Results of WMN 2: Average Throughput [kbps] = 0 Stop Time = 5.00 Received Packets = 0 Packet Delivery Ratio = 0 % Total Dropped Packets = 25 Average End-to-End Delay = 0 ms 728

7 Figure 4: - Wireless Mesh Network with 2 sources (Node#1 and Node#5) and 2 destinations (Node#10 and Node#11) respectively and a blackhole node (NODE#9) - (Routing Protocol: AODV) Results of WMN 3: Average Throughput [kbps] = 3.98 Stop Time = 1.03 Generated Packets = 35 Received Packets = 1 Packet Delivery Ratio = % Total Dropped Packets = 34 Average End-to-End Delay = 0 ms Figure 6: - Wireless Mesh Network (Rushing attack - Byzantine Attack drops few packets on AODV) Results of WMN 5: Average Throughput [kbps] = Stop Time = 5.75 Received Packets = 20 Packet Delivery Ratio = 80 % Total Dropped Packets = 5 Average End-to-End Delay = ms Figure 5: Wireless Mesh Network with 2 sources (Node#1 and Node#5) and 2 destinations (Node#10 and Node#11) respectively and a blackhole node (NODE#9) - (Routing Protocol: caaodv) Results of WMN 4: Average Throughput[kbps] = Stop Time = 4.95 Generated Packets = 35 Received Packets = 35 Packet Delivery Ratio = 100 % Total Dropped Packets = 0 Average End-to-End Delay = ms Figure 7: - Wireless Mesh Network (Rushing attack - Byzantine attack which drops few packets - solution by caaodv) Results of WMN 6: Average Throughput[kbps] = Stop Time = 4.95 Received Packets = 25 Packet Delivery Ratio = 100 % Total Dropped Packets = 0 Average End-to-End Delay = ms 729

8 (caaodv).the particular challenging scenario here is that the intentional dropping may be interleaved with normal loss events due to wireless channel quality or medium access collisions. The proposed channel aware detection algorithm utilizes the methodologies of channel estimation and upstream/downstream traffic monitoring to discriminate the Network layer attacks from the estimated normal loss rates. caaodv can detect the attackers efficiently and there by increases the Packet Delivery Ratio of the Wireless Mesh Networks. Figure 8: - Wireless Mesh Network - 7 with 3 Grayhole nodes (NODE#5, NODE#8 and NODE#10) - (Routing Protocol: AODV) Results of WMN 7: Average Throughput [kbps] = Stop Time = 4.75 Received Packets = 12 Packet Delivery Ratio = 48 % Total Dropped Packets = 13 Average End-to-End Delay = ms Figure 9: - Wireless Mesh Network with 3 Grayhole nodes (NODE#5, NODE#8 and NODE#10) - (Routing Protocol: caaodv) Results of WMN 8: Average Throughput [kbps] = Stop Time = 4.95 Received Packets = 25 Packet Delivery Ratio = 100 % Total Dropped Packets = 0 Average End-to-End Delay = ms 7. CONCLUSION In this paper, Channel Aware Detection based Network Layer Security in Wireless Mesh Networks is proposed. The proposed idea is implemented in the existing AODV routing protocol to make it channel aware 8. REFERENCES [1] Devu Manikantan Shila, Yu Cheng and Tricha Anjali Mitigating Selective Forwarding Attacks with a Channel-Aware Approach in WMNs, IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, VOL. 9, NO. 5, MAY 2010 [2] Sushil Sarwa and Rajeev Kumar, Selective Forwarding Attack and Its Detection, International Journal of Computer, Information Science and Engineering Vol:7 No:7, 2013 [3] Devu Manikantan Shila, Tricha Anjali, Defending Selective Forwarding Attacks in WMNs, IEEE International conference on electro/information technology 2008, EIT 2008, pp , May [4] A. Perrig, R. Canetti, D. Tygar, and D Song, The TESLA Broadcast Authentication Protocol, inrsa CryptoBytes, Summer [5] M. G. Zapata and N. Asokan, Securing ad hoc routing protocols, in Proc. ACM Workshop on Wireless Security (WiSe 2002), Sept [6] Y. Hu, D. B. Johnson, and A. Perrig, SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks, Ad Hoc Networks, vol. 1, no. 1, pp , July 2003 [7] K. Sanzgiri, D. LaFlamme, B. Dahill, B. N. Levine, C. Shields, and E.M. Belding-Royer, Authenticated routing for ad hoc networks, IEEE J Sel. Areas Commun., vol. 23, no. 3, pp , Mar [8] Y. Hu, D. B. Johnson, and A. Perrig, Ariadne: a secure on-demand routing protocol for ad hoc networks, inproc. Mobicom 02, pp , 2002 [9] C. Karlof and D. Wagner, Secure routing in wireless sensor networks: attacks and countermeasures, Elsevier s AdHoc Networks J.,vol.1,no.2-3, pp , Sept [10] Y. Hu, D. B. Johnson, and A. Perrig, Rushing attacks and defense in wireless ad hoc network routing protocols, in Proc. ACM Workshop on Wireless Security (WiSe), pp , 2003 [11] Y. Hu, D. B. Johnson, and A. Perrig, Packet leashes: a defense against wormhole attacks in wireless networks, inproc. IEEE INFOCOM 2003, vol. 3, pp , Mar [12] I. Khalil, S. Bagchi, and N. B. Shroff, LiteWorp: detection and isolation of the wormhole attack in static multihop wireless networks, Computer Networks: The International J. Computer and Telecommun. Networking, vol. 51, no. 13, pp , Sept [13] L. Hu and D. Evans, Using directional antennas to prevent wormhole attacks, in Proc. Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb [14] B. Xiao, B. Yu, and C. Gao, CHEMAS: identify suspect nodes in selective forwarding attacks, J

9 Parallel and Distrib. Computing, vol.67, no. 11, pp , Nov [15] R. Curtmola and C. Nita-Rotaru, BSMR: Byzantineresilient secure multicast routing in multi-hop wireless networks, inproc. Sensor, Mesh and Ad Hoc Communications and Networks, June