International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 5, Issue 2, February 2016
ISSN 2319 - 4847
Detection and Prevention of Wormhole Attack
in Wireless Sensor Network
Aaditya Jain1, Shalini Sharma2, Dr. Bala Buksh3
1
2
3
M.Tech Scholar, Department of Computer Science & Engg., R. N. Modi Engineering College, Rajasthan Technical
University, Kota, Rajasthan, India
B.Tech, Department of Computer Science & Engg., R. N. Modi Engineering College, Rajasthan Technical University,
Kota, Rajasthan, India
Professor, Department of Computer Science & Engg., R. N. Modi Engineering College, Rajasthan Technical University,
Kota, Rajasthan, India
ABSTRACT
Wireless Sensor networks are comprised of many small and resource constrained sensor nodes that are deployed in an
environment for many applications which require unattended, long-term operations. They are vulnerable to many kinds of
attacks because of no specific network topology. Therefore interest in research of security in wireless sensor network has been
increasing since last several years. Wormhole attack is one of the severe attack used to destabilize or disable wireless sensor
networks. The idea behind this attack, is two or more colluding attackers record packets at one location, and tunnel them to
another location for a replay at that remote location. In this paper, the numbers of techniques dealing with detection and
prevention of wormhole attack in wireless sensor networks are surveyed.
Keywords: Wireless Sensor Network, Wormhole Attack, Wormhole Detection & Prevention, MAODV.
1. INTRODUCTION
Wireless sensor networks (WSNs) are built with a very large number of tiny light weighted and inexpensive sensor
nodes that have typically resource constrained, limited memory, with low battery backup sensors, slow embedded
processors, and low bandwidth. The technology allows nodes in a network to communicate directly with each other
using wireless transceivers without need for a fixed infrastructure. In WSN a node is capable to perform the processing,
and gathering of the sensor information for communication with all other connected nodes in the network. Sensors are
the hardware devices: they measure and produce a proper response by a physical condition like pressure or temperature.
Sensors are monitored by using a physical data parameter.
Each node of the sensor network consist of the three subsystems: the sensor subsystem which senses the environment,
the processing subsystem which performs local computations on the sensed data and the communication subsystem
which is responsible for message exchange with neighboring sensor nodes [1]. The application scenarios for WSNs are
many, including military surveillance, commercial, environment, medical, manufacturing and home automation to
name many but few. Currently, most WSN applications are designed to operate in trusted environments. However,
security issues are a major concern when WSNs are deployed in untrusted environments [2]. The vulnerability of
wormhole attack is high in WSN because it is a passive attack as it does not require the information about the
cryptographic infrastructure of the network, hence it puts an attacker in a beneficial or strong position.
2. WORMHOLE ATTACK
Wormhole attack is a devastating attack where two malicious colluding sensor nodes create a virtual tunnel in the
wireless sensor network as shown in figure1, which is used to forward message packets between the tunnel edge points
[3], [4]. This can be achieved by either compromising two or more sensor nodes of the network or adding a new set of
malicious nodes to the network. The tunnel can be established in many ways e.g. in-band and out-of-band channel. This
makes the tunneled packet arrive either sooner or with a lesser number of the hopes compared to the packets
transmitted over normal multi hop routes. This creates the illusion that the two end points of the tunnel are very close
to each other. However, the main aim behind the attack is to disrupt the correct operation of WSN’s routing protocols
[5].
Volume 5, Issue 2, February 2016
Page 138
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 5, Issue 2, February 2016
ISSN 2319 - 4847
Figure1 Basic strategy of wormhole attack[4]
3. WORMHOLE DETECTION AND PREVENTION TECHNIQUES
The main concept in detecting presence of wormhole in a network is to find out if node is transmitted out of its
transmitting range. That can be found out if the packet received is not one of its neighbors. In this paper several
wormhole detection and prevention techniques are discussed. All the techniques are having their own benefits and
limitations.
3.1 Packet leashes approach
Y. Hu et al. in [6] proposed an approach called “packet leashes”. It prevents packets from traveling farther than radio
transmission range. The wormhole attack can be detected by an unalterable and independent physical metric, such as
time delay or geographical location. It overcomes wormhole attack by restricting the maximum distance of
transmission, using either tight time synchronization or local information. Temporal leash is to ensure that the packet
has an upper bound on its lifetime. The drawback of this is that they need highly synchronized clocks. Geographical
leash is to ensure that the recipient of the packet is within a certain distance from the sender. The drawback of this
scheme is that, each node must know its own location and all nodes must have loosely synchronized clocks. Because
clock synchronization is resource demanding, and thus, packet leashes have limited applicability in wireless sensor
networks.
3.2 Directional antenna and anchor based approach
Hu and Evans in [7] have attempted to detect wormholes by equipping network nodes with directional antennas so they
can all have the same orientation. Lazos and Poovendran in [8] have applied a similar idea in their secure localization
scheme called SeRLoc. SeRLoc employs about 400 anchor nodes in a 5,000 node network. Each anchor node has a
directional antenna and knows its physical location. Other nodes in the network use anchor nodes to locate themselves.
Since a wormhole produces shortcuts in a network, the directional antennas deployed at anchor nodes help detect the
attack; nodes can then defend against the attack by discarding incorrect localization messages. However, SeRLoc is
unable to detect wormhole attacks when anchor nodes are compromised, especially nodes located near one of the ends
of a wormhole. A graph-theoretic framework in [9] has also been proposed for detecting wormhole attacks. However,
the framework relies on ‘guard nodes’, which are functionally similar to anchor nodes.
3.3 Delphi Approach
Chiu and Lui in [10] introduce a delay analysis approach called “DELPHI”. It calculates mean delay per hop of every
possible route. DELPHI applied a multi-path approach, and recorded the delay and hope counts in transmitting RREQ
and RREP through the paths. After collecting all response, the sender computes mean delay per hop of each route. The
path with the wormhole attacks, the delay would be obviously longer than the normal path with the same hop count.
Hence, the path with longer delays would not be selected to transmit data packet and wormhole nodes could be avoided.
3.4 Localization based system approach
Chen et al. in [11] have discussed about “Localization Based Systems”, which are susceptible to wormhole attacks as
they can disturb the localization procedure. For preventing the effect of wormhole attack, a ‘distance consistency based
secure location’ scheme was projected, which incorporated wormhole attack detection, valid location recognition and
self localization. To achieve secure localization in the network and shielding against wormhole attack, Chen et al. in
[12] make a ‘conflicting set’ for each node to use all differing sets of its adjacent locators for filtering out incorrect
distance measurements of its adjacent locators. But the downside of this method is that it only works properly when the
Volume 5, Issue 2, February 2016
Page 139
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 5, Issue 2, February 2016
ISSN 2319 - 4847
system has no packet loss. As the attackers may drop the packets intentionally, the packet loss is unavoidable when the
system is underneath a wormhole attack.
3.5 Trust based system approach
Ozdemir et al. in [13] used a “Trust Based Model” for the identification of wormhole in the sensor network. In trust
based systems, each source node uses its trust information to calculate the most reliable path to a particular destination
by circumventing intermediary malicious nodes. A wormhole in a system have the least trust level if that wormhole
drops all the packets and if all the packets sent reach the destination then the neighboring node of a source node will
have the highest trust level. It is a combined time and trust based model which detects the compromised nodes for false
detection. These two models run together. Malicious nodes on the path can give the wrong impression about the time
based module by providing incorrect information. To prevent this problem, trust based module always observes the first
module and calculates trust values of neighbor nodes. These values are used to modify the path next time.
Figure2 Trust based model
3.6 Secure routing protocol based approaches
Sankaran et al. in [14] proposed an approach called “SAW” and Khin Sandar Win in [15] proposed an approach called
“DAW”. Similar methodologies are discussed in both but the major difference is the use of routing protocols. SAW
approach uses AODV routing protocol [16] and DAW approach uses DSR routing protocol [17]. In both approaches,
trust based security models have been proposed and used to detect intrusion. Arithmetical methods are used to identify
the wormhole attack. If any link is found to be doubtful, then existing trust information is used to identify the wormhole
tunnel. In this trust model, nodes observe neighbors based on the pattern of their packet drop but not on the number of
packet drops. In [15], another algorithm for detecting the presence of wormhole WSN is proposed. Here, after sending
the RREQ, the source waits for the RREP. The source receives many RREP coming through different routes. The link
with very high frequency is checked and the value is checked with a previously defined threshold coefficient value. If
the number of packet drop is higher than the number of packets sent, then there is the presence of wormhole.
Chaurasia and Singh in [18] presented efficient method to detect a wormhole attack called “Modified Wormhole
Detection AODV protocol (MAODV)”. Detection of wormhole attack is performed using number of hops in different
paths from source to destination and delay of each node in different paths from source to destination. It compares the
delay per hop of every node in the normal path and a path that is under wormhole attack, finds that delay per hop of a
path that is wormhole attack is larger in comparison of normal path. Drawback is that this method does not work well
when all the paths are wormhole affected.
Parmar and Vagela in [20] proposed a technique to detect and prevent the wormhole attack in the wireless network
efficiently using “Ad Hoc on Demand Multipath Distance Vector Routing Protocol (AOMDV)”. AOMDV is an
extension to the AODV protocol to discover multiple paths between the source and the destination in every route
discovery process [19].
The idea behind the scheme in [20] is note time when the source node broadcasts a RREQ packet and when the
corresponding RREP packet is received by the source, again note the received time of the packet. By using the above
two values one can calculate the round trip time of the established route or routes. Take round trip time of each route
and divide it by respective hop count. With the help of this value say calculate the average round trip time of all the
Volume 5, Issue 2, February 2016
Page 140
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 5, Issue 2, February 2016
ISSN 2319 - 4847
routes. The value obtained is threshold round trip time. Compare the threshold value with each round trip time. If the
total round trip time is less than threshold round trip time and hop count of that particular route is equal to two than
wormhole link is present in that route else no wormhole link present in that route. Since wormhole link detected in that
route, sender detects first neighbour node as wormhole node and sends dummy RREQ packet through that route and
neighbour. At the destination end receiver receives dummy RREQ packet from its neighbour and detects neighbour as
wormhole node and routing entries are removed from the source node and broadcast to other nodes. Thus wormhole
affected link is blocked and is no more used. So, that from the next onwards whenever a source node needs a route to
that destination, first it checks in the routing table in the route established phase for a route and it will come to know
that, the route is having wormhole link and it will not take that route instead it will take another route from the routing
list of the source node which is free from wormhole link if available.
Figure3 Wormhole detection with AOMDV protocol
3.7 Topological detection approach
Dong et al. in [21] fundamentally analyze the wormhole problem using a “Topological Methodology” and propose an
effective distributed approach. This approach relies solely on network connectivity information, without any
requirements on special hardware devices or any rigorous assumptions on network properties. Collection of
homogeneous nodes deployed over a surface of terrain. Each node performs the homogeneous transmission control and
is only capable of communicating with adjacent nodes. Main idea behind the scheme is observing the inevitable
topology deviations introduced by wormholes and by detecting non separating loops, this approach can detect and
locate various wormholes.
4. CONCLUSION
Wormhole attacks in WSNs can significantly degrade network performance and threaten network security. It comes in
the category of passive attacks so difficult to detect in WSN. In this paper firstly we have discussed what wormhole
attack is actually and how it is work in WSNs. This paper also throws light on various existing wormhole detection and
prevention techniques in WSNs. All the techniques have their own advantages and limitations. But there is no detection
and prevention technique is present which detects wormhole attack perfectly in all situations, so it is still an open
challenge problem.
REFERENCES
[1] I. Akyildiz, W. Su, Y. Sankara subramaniam and E. Cayirci, “A survey of sensor networks”, IEEE
Communications, vol. 40(8), pp.102–114, 2002.
[2] Abhishek Jain, Kamal Kant, “Security Solutions for Wireless Sensor Networks”, IEEE Second International
Conference on Advanced Computing and Communication Technologies, pp 430-433, 2012.
[3] Majid Meghdadi, Suat Ozdemir and Inan Guler; “A Survey of Wormhole-based Attacks and their countermeasures
in Wireless Sensor Networks”; IETE tech. reveiw, vol. 28(2), Mar.-Apr., 2011.
[4] Priya Maidamwar and Nekita Chavhan; “A survey on Security issues to detect wormhole attack in wireless sensor
network”; IJANS vol. 2(4), Oct., 2012
[5] Yih-Chun Hu, Member, IEEE, Adrian Perrig, Member, IEEE, and David
B. Johnson, Member, IEEE,
“Wormhole Attacks in Wireless Networks”, IEEE Journal on selected areas in Communications, vol. 24, no. 2,
February2006
Volume 5, Issue 2, February 2016
Page 141
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 5, Issue 2, February 2016
ISSN 2319 - 4847
[6] Y. Hu, A. Perrig and D. Johnson, “Packet leashes: A defense against wormhole attacks in wireless networks”,
Proceedings of the Twenty Second Annual Joint Conference of the IEEE Computer and Communications Societies,
vol. 3, pp. 1976–1986, 2003.
[7] L. Hu and D. Evans, “Using directional antennas to prevent wormhole attacks”, Proceedings of the Eleventh
Network and Distributed System Security Symposium, pp. 131–141, 2004.
[8] L. Lazos and R. Poovendran, “SeRLoc: Robust localization for wireless sensor networks”, ACM Transactions on
Sensor Networks, vol. 1(1), pp. 73–100, 2005.
[9] R. Poovendran and L. Lazos, “A graph theoretic framework for preventing the wormhole attack in wireless ad hoc
networks”, Wireless Networks, vol. 13(1), pp. 27–59, 2007.
[10] H.S. Chiu and K. Lui. “DelPHI: Wormhole Detection Mechanism for Ad Hoc Wireless Networks”. In
Proceedings of Inter-national Symposium on Wireless Pervasive Computing, pp. 6-11, 2006.
[11] H. Chen, W. Lou, X. Sun, and Z. Wang. "A secure localization approach against wormhole attacks using
distance consistency," EURASIP Journal on Wireless Communication and Net-working-Special Issue on Wireless
Network Algorithms, Systems, and Applications, pp. 22−32, 2010.
[12] H. Chen, W. Lou, and Z. Wang. "Conflicting-set-based worm-hole attack resistant localization in wireless
sensor networks," Book Chapter Lecture Notes in Computer Science − Ubiquitous Intelligence and Computing,
vol. 5585/2009, pp. 296−309, 2009.
[13] S. Ozdemir, M. Meghdadi, and Ý. Guler. "A time and trust based wormhole detection algorithm for wireless
sensor net-works," (manuscript in Turkish), in 3rd Information Security and Cryptology Conference (ISC′08), pp.
139−4, 2008
[14] M.S. Sankaran, S. Poddar, P.S. Das, S.
Selvakumar. “A Novel Security model SaW: Security against
Wormhole attack in Wire-less Sensor Networks”. In Proceedings of International Conference on PDCN, 2009.
[15] Khin Sandar Win. “Analysis of Detecting Wormhole Attack in Wireless Networks”, World Academy of
Science, Engineering and Technology, 48, pp. 422-428, 2008.
[16] Aaditya Jain and Dr. Bala Buksh, “Solutions for Secure Routing in Mobile Ad Hoc Network- A Survey”,
Imperial Journal of Interdisciplinary Research Vol. 2, Issue 4 2016.
[17] Aaditya Jain, “Performance Analysis of DSR Routing Protocol With and Without the Presence of Various
Attacks in MANET”, International Journal of Engineering Research and General Science, Vol. 4, Issue 1, 2016.
[18] Umesh Chaurasia and Varsha Singh, “MAODV: Modified Wormhole Detection AODV Protocol”. IEEE
2013.Pg. 239-243.
[19] S. R. Biradar, Koushik Majumder, Subir Kumar Sarkar, Puttamadappa S.R.Biradar, “Performance Evaluation
and Comparison of AODV and AOMDV”, (IJCSE) International Journal on Computer Science and Engineering ,
Vol. 02, No. 02, 2010, Pg. 373-377.
[20] Parmar Amish and V. B. Vagela, “International Journal of Electrical and Electronics Engineers”, Vol. 07, Issue
01, Jan- June 2015.
[21] Dezun Dong, Mo Li, Yunhao Liu, Xiang- Yang Li and Xiangke Liao, “Topological Detection on Wormholes in
Wireless Ad Hoc and Sensor Networks”, IEEE Transactions on Networking, Vol. 19, No. 6, December 2011.
AUTHORS
Aaditya Jain is currently pursuing M.Tech in Computer Engg. from RMEC Kota, which is affiliated
to Rajasthan Technical University, Kota (Raj). He received B.E. degree in Computer Science & Engg.
from MIT Mandsaur which is affiliated to Rajiv Gandhi Technical University, Bhopal (MP) in 2013.
He published research papers in various International and National Journals and Conferences. His
areas of interests are Network Security, Cryptography, Ad Hoc Networks and Wireless Sensor
Networks.
Shalini Sharma is currently pursuing B.Tech final year in Computer Science & Engg. from RMEC
Kota, which is affiliated to Rajasthan Technical University, Kota (Raj). Her area of interests are
Wireless Networks and Information-Security.
Dr. Bala Buksh is the Director of RMEC Kota (Raj). He has done his MS and Ph.D. in Computer
Science from Birmingham (U.K.). He published various research papers in International and
National Journals and Conferences. His research interests are computer network, Wireless Sensor
Network and Ad hoc Network. He is Ex. General Manager from ONGC and has rendered his services
in the industry for more than 30 years. He had been pioneer in implementing enterprise wide “IT”
applications in the area of Oil & Natural Gas Exploration, Production and Drilling activities for
automation and on live availability on a single platform.
Volume 5, Issue 2, February 2016
Page 142