Detecting Wormhole Attacks in Wireless Networks using Connectivity Information

Project Members



    Wireless ad hoc and sensor networks have gained popularity in recent years for the ease of deployment due to their infrastructure-less nature. One obvious use of such networks is in hostile environments for communications, monitoring, sensing etc. But being a broadcast medium, wireless medium offers an innate advantage to any adversary who intends to spy in or disrupt the network. Wormhole attacks are one of most easy to deploy for such an adversary and can cause great damage to the network.

Wormhole Attack: For launching a wormhole attack, an adversary connects two distant points in the network using a direct low-latency communication link called as the wormhole link. The wormhole link can be established by a variety of means, e.g., by using a ethernet cable, a long-range wireless transmission, or an optical link. Once the wormhole link is established, the adversary captures wireless transmissions on one end, sends them through the wormhole link and replays them at the other end.

wormhole attack example

    An example is shown in the above figure. Here X and Y are the two end-points of the wormhole link (called as wormholes). X replays in its neighborhood (in area A) everything that Y hears in its own neighborhood (area B) and vice versa. The net effect of such an attack is that all the nodes in area A assume that nodes in area B are their neighbors and vice versa. This, as a result, affects routing and other connectivity based protocols in the network. Once the new routes are established and the traffic in the network starts using the X-Y shortcut, the wormhole nodes can start dropping packets and cause network disruption. They can also spy on the packets going through and use the large amount of collected information to break any network security. The wormhole attack will also affect connectivity-based localization algorithms and protocols based on localization, like geographic routing, will find many inconsistencies resulting in further network disruption.

Current Solutions: The current solutions for wormhole are limited particularly in connection with large sensor networks, where sensor nodes carry low-cost, relatively unsophisticated hardware and scalability is an important design goal. This rules out use of additional hardware artifact that several reported techniques use -- such as directional antennas [1], GPS [2], ultrasound [3], guard nodes with correct location [4]. This also rules out fine grain timing analysis used in several techniques [2,5]. Also, physical-layer attacks may be immune to timing analysis [5]. Finally, the scalability requirements rule out global clock synchronization [2] or any form of global computations [6].

Our Approach: In this project, we develop a localized algorithm for detecting wormhole attacks that is purely based on local connectivity information. The detection algorithm essentially looks for forbidden substructure in the connectivity graphs that should not be present in a legal connectivity graph. Understanding of the wireless communication model (i.e., a model that describes with some given confidence whether a link between two nodes should exist) helps the detection algorithm substantially, but is not strictly required. Our simulations results show that the algorithm detects wormhole attacks with high probability and negligible false alarm rate for various topologies (grid, random) and various connectivity models (UDG, quasi-UDG, TOSSIM).

Please contact if you require the simulation code of our work.


Related Works
  1. L. Hu and D. Evans. Using directional antennas to prevent wormhole attacks. In Network and Distributed System Security Symposium (NDSS), 2004.
  2. Y. C. Hu, A. Perrig, and D. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. In INFOCOM, 2003.
  3. N. Sastry, U. Shankar, and D. Wagner. Secure verification of location claims. In ACM Workshop on Wireless Security (WiSe 2003), September 2003.
  4. R. Poovendran and L. Lazos. A graph theoretic framework for preventing the wormhole attack in wireless ad hoc networks. WINET, 2005
  5. J. Eriksson, S. Krishnamurthy, and M. Faloutsos. Truelink: A practical countermeasure to the wormhole attack. In ICNP, 2006.
  6. W. Wang and B. Bhargava. Visualization of wormholes in sensor networks. In WiSe ’04: Proceedings of the 2004 ACM workshop on Wireless security, pages 51–60, New York, NY, USA, 2004.