Wireless ad hoc and sensor networks have
gained popularity in recent
years for the ease of deployment due to their infrastructure-less
nature. One obvious use of such networks is in hostile environments for
communications, monitoring, sensing etc. But being a broadcast medium,
wireless medium offers an innate advantage to any adversary who intends
to spy in or disrupt the network. Wormhole
attacks are one of
most easy to deploy for such an
adversary and can cause great damage to the network.
launching a wormhole attack, an adversary connects two distant
points in the network using a direct low-latency communication link
called as the wormhole
The wormhole link can be established by a variety of means, e.g., by
using a ethernet cable, a long-range wireless transmission, or an
optical link. Once the wormhole link is established, the adversary
captures wireless transmissions on one end, sends them through the
wormhole link and replays them at the other end.
An example is shown in the above figure.
Here X and Y are the two end-points of the wormhole link (called as
wormholes). X replays in its neighborhood (in area A)
everything that Y hears in its own neighborhood
(area B) and vice versa. The net effect of such an attack is
that all the nodes in area A assume that nodes in
area B are their neighbors and vice versa. This, as a result,
affects routing and other connectivity based protocols in the network.
Once the new routes are established and the traffic in the network
starts using the X-Y shortcut, the wormhole nodes can start
dropping packets and cause network disruption. They can also spy on the
packets going through and use the large amount of collected information
to break any network security. The wormhole attack will also affect
connectivity-based localization algorithms and protocols based on
localization, like geographic routing, will find many inconsistencies
resulting in further network disruption.
current solutions for wormhole are limited particularly in connection
with large sensor networks, where sensor nodes carry low-cost,
relatively unsophisticated hardware and scalability is an important
design goal. This rules out use of additional hardware artifact that
several reported techniques use -- such as directional antennas ,
GPS , ultrasound , guard nodes with correct location . This
also rules out fine grain timing analysis used in several techniques
[2,5]. Also, physical-layer attacks may be immune to timing analysis
. Finally, the scalability requirements rule out global clock
synchronization  or any form of global computations .
In this project, we develop a localized algorithm for detecting
wormhole attacks that is purely based on local connectivity
information. The detection algorithm essentially looks
substructure in the connectivity graphs that should not be
present in a legal connectivity graph. Understanding of the wireless
communication model (i.e., a model that describes with some given
confidence whether a link between two nodes should exist) helps the
detection algorithm substantially, but is not strictly required. Our
simulations results show that the algorithm detects wormhole attacks
with high probability and negligible false alarm rate for various
topologies (grid, random) and various connectivity models (UDG,
Please contact if
you require the simulation code
of our work.