Seyed Mohammad Safi, Ali Movaghar and
Misagh Mohammadizadeh @ Computer
Science and Engineering, 2009 page: 160 – 165, 28-30 Oct. 2009
1

• Wormhole attack
• Defense
– Packet leash – notice
– Geographical leashes
– Temporal leashes
– Geographical leashes V.S. Temporal leashes
– Packet leash authentication
– HEAP authentication
• Heap
• Summary
• Reference
2

• What is it?
– An attacker receives packets at one point in the network,
“tunnels” them to a different point in the network and then replays them from this point.
– Note: the attacker can create a wormhole for packets not addressed to itself so long as it is within hearing range
• Why is this bad?
– A node is misled to believe it is within transmission range of the sending node
3

• Example(S: source, D: destination, A: attacker)
Private tunnel 4

• Author defined general mechanism for detecting and defending against wormhole attacks.
• A Leash is any information that is added to a packet for the purpose of restricting the packet’s maximum allowed transmission distance. Two types:
– Geographical Leashes
– Temporal Leashes
5

• Require:
– Each node must know its own location.
– all nodes must have loosely synchronized clocks.
•
• The sender includes in the packet, its own location, p s
, and the time it sent the packet, t s,
The receiver compares these values to its location p r, and the time it receives the packet t r,
If the clocks of both sender and receiver are synchronized within

,and v is an upper bound on the velocity of any node, the receiver can compute an upper bound on the distance between itself and the sender, d sr is the upper bound on the distance between the sender and receiver.
d sr
 p s
 p r

2
 
( t r
 t s
 
)
 
6

• A digital signature could be used to authenticate the the location and timestamp in the received packet
7

• Definition: a temporal leash establishes an upper bound on a packet’s lifetime, which restricts the maximum travel distance
• All nodes must have tightly sync clocks
– Maximum clock error
() must be known by all nodes
– Maximum error must be on the order of microseconds or hundreds of nanoseconds
8

•
• t s
: sender’s timestamp t r
: sreceiver’s timestamp
: clock error c: propagation speed of wireless signal d sr
 c

( t r
 t s
 
)
9

Geographical Leash
• Can be used with radio propagation model
• Do not require tight time sync
• Location info increase overhead
• Can be used until max range is
2
Temporal Leash
• Highly efficient
• Require tight time sync
• Cannot be used if max range is less than c

10

• Hop-by-hop Efficient Authentication Protocol
• Role
– Outsider: a node that is not an authorized member of the MANET.
– Insider: an authorized member.
• Goal
– Packets sent by outsiders should not be allowed to propagate through the MANET.
11

• Ikey(private key): a single group key.
• Okey(public key): one pairwise key share with each 1-hop neighbors.
• Key exchange
1. When a node moves to a new neighborhood it exchanges keys with its neighbors.
2. When an existing node in the neighborhood has remained idle for too long.
3. The keys should expire after a certain amount of time.
12

Picture from reference [2]
13

• Using geographical leashes and HEAP for safety of control packets and traffic packets.
• This method created low overhead for network while it secured it against wormhole and can detect malicious nodes as far as possible.
14

15

• [1]http://www.csie.mcu.edu.tw/stuproj/97/04
/attack.htm
• [2] R. Akbani, T. Korkmaz, G.v.S Raju," HEAP: A packet authentication scheme for mobile ad hoc networks", ad hoc network, v.6 n.7, p.1134-1150, 2008.
16