research-article

Timing-based localization of in-band wormhole tunnels in MANETs

Authors:

Roshan K. Thomas,

Lang TongAuthors Info & Claims

WiSec '10: Proceedings of the third ACM conference on Wireless network security

Pages 1 - 12

https://doi.org/10.1145/1741866.1741869

Published: 22 March 2010 Publication History

Abstract

The problem of localizing in-band wormhole tunnels inMANETs is considered. In an in-band wormhole attack, colluding attackers use a covert tunnel to create the illusion that two remote network regions are directly connected. This apparent shortcut in the topology attracts traffic which the attackers can then control.

To identify the nodes participating in the attack, it is necessary to determine the path through which victims' traffic is covertly tunneled. This paper begins with binary hypothesis testing, which tests whether a suspected path is carrying tunneled traffic. The detection algorithm is presented and evaluated using synthetic voice over IP (VoIP) traffic generated in a network testbed. After that, we consider multiple hypothesis testing to find the most likely tunnel path among a large number of candidates. We present a tunnel path estimation algorithm and its numerical evaluation using Poisson traffic. A main feature of the proposed algorithms is their robustness against the presence of chaff packets (possibly introduced to avoid detection), packet loss caused by unreliable wireless links, and clock skew at different nodes.

References

[1]

Mobile Ad-hoc Network Emulator (MANE): http://cs.itd.nrl.navy.mil/work/mane/index.php.

[2]

OLSR.org: http://www.olsr.org.

[3]

RAPR -- The Real-Time Application Representative: http://cs.itd.nrl.navy.mil/work/rapr/index.php.

[4]

Virtual Tunnels over TCP/IP Networks: http://vtun.sourceforge.net.

[5]

C. Adjih, T. Clausen, A. Laouiti, P. Muhlethaler, and D. Raffo. Securing the OLSR routing protocol with or without compromised nodes in the network. Technical Report ISRN INRIAR/RR-5494, INRIA, Feb. 2005.

[6]

B. Awerbuch, R. Curtmola, D. Holmer, C. Nita-Rotaru, and H. Rubens. Mitigating Byzantine Attacks in Ad Hoc Wireless Networks. Technical Report Version 1, Department of Computer Science, Johns Hopkins University, Mar. 2004.

[7]

B. Awerbuch, R. Curtmola, D. Holmer, H. Rubens, and C. Nita-Rotaru. On the Survivability of Routing Protocols in Ad Hoc Wireless Networks. In 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm 2005), Sept. 2005.

Digital Library

[8]

A. Blum, D. Song, and S. Venkataraman. Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds. In Conference of Recent Advance in Intrusion Detection (RAID), Sophia Antipolis, French Riviera, France, September 2004.

[9]

L. Buttyan, L. Dora, and I. Vajda. Statistical Wormhole Detection in Sensor Networks. In Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrad, Hungary, July 2005.

Digital Library

[10]

T. Clausen and P. Jacquet. Optimized Link State Routing (OLSR): http://www.ietf.org/rfc/rfc3626.txt, Oct. 2003.

Digital Library

[11]

D. Donoho, A. Flesia, U. Shankar, V. Paxson, J. Coit, and S. Staniford. Multiscale stepping-stone detection: Detecting pairs of jittered interactive streams by exploiting maximum tolerable delay. In 5th International Symposium on Recent Advances in Intrusion Detection, Lecture Notes in Computer Science 2516, 2002.

Digital Library

[12]

N. Ferguson and B. Schneier. Practical Cryptography. John Wiley & Sons, Inc., Indianapolis,IN, 2003.

Digital Library

[13]

M. Gorlatova, P. Mason, M. Wang, L. Lamont, and R. Liscano. Detecting Wormhole Attacks in Mobile Ad Hoc Networks through Protocol Breaking and Packet Timing Analysis. In MILCOM 2006, Washington DC, Oct. 2006.

Digital Library

[14]

T. He and L. Tong. Detecting Encrypted Stepping-Stone Connections. IEEE Transactions on Signal Processing, 55(5):1612--1623, May 2007.

Digital Library

[15]

T. He and L. Tong. Detection of Information Flows. IEEE Trans. Inf. Theory, 54:4925--4945, Nov. 2008.

Digital Library

[16]

T. He and L. Tong. Distributed Detection of Information Flows. IEEE Trans. Inf. Forensics Security, 3:390--403, Sept. 2008.

Digital Library

[17]

Y. Hu, A. Perrig, and D. Johnson. Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks. In Proceedings of IEEE Infocom 2003, San Francisco, CA, Apr. 2003.

[18]

I. Khalil, S. Bagchi, and B. Shroff. LITEWORP: A Lightweight Countermeasure for the Wormhole Attack in Multihop Wireless Networks. In 2005 International Conference on Dependable Systems and Networks (DSN'05), Yokohama, Japan, June 2005.

Digital Library

[19]

P. Kruus, D. Sterne, R. Gopaul, M. Heyman, B. Rivera, P. Budulas, B. Luu, T. Johnson, N. Ivanic, and G. Lawler. In-Band Wormholes and Countermeasures in OLSR Networks. In 2nd International Conference on Security and Privacy in Communication Networks (SecureComm 2006), Baltimore, MD, Aug. 2006.

[20]

L. Lazos, R. Poovendran, C. Meadows, P. Syverson, and L.W. Chang. Preventing Wormhole Attacks on Wireless Ad Hoc Networks: A Graph Theoretic Approach. In IEEE Wireless Communications and Networking Conference (WCNC) 2005, New Orleans, LA, Mar. 2005.

[21]

J. Shao. Mathematical Statistics. Springer, 2003.

[22]

D. Sterne, R. Gopaul, G. Lawler, P. Kruus, B. Rivera, and K. Marcus. Countering False Accusations and Collusion in the Detection of In-Band Wormholes. In Annual Computer Security Applications Conference, Miami Beach, Florida, Dec. 2007.

[23]

X. Wang and D. Reeves. Robust correlation of encrypted attack traffic through stepping stones by manipulation of inter-packet delays. In Proc. of the 2003 ACM Conference on Computer and Communications Security, pages 20--29, 2003.

Digital Library

[24]

Y. Zhang and W. Lee. Intrusion Detection in Wireless Ad Hoc Networks. In Proceedings of The Sixth International Conference on Mobile Computing and Networking (MobiCom 2000), Boston, MA, Aug. 2000.

Digital Library

[25]

S. Zheng, T. Jiang, J.S. Baras, A. Sonalker, D. Sterne, R. Gopaul, and R. Hardy. Intrusion Detection of In-Band Wormholes in MANETs using Advanced Statistical Methods. In MILCOM 2008, San Diego, CA, Nov. 2008.

Cited By

Giri DBorah SPradhan R(2018)Approaches and Measures to Detect Wormhole Attack in Wireless Sensor Networks: A SurveyAdvances in Communication, Devices and Networking10.1007/978-981-10-7901-6_92(855-864)Online publication date: 24-May-2018
https://doi.org/10.1007/978-981-10-7901-6_92
Ji SChen TZhong S(2015)Wormhole Attack Detection Algorithms in Wireless Network Coding SystemsIEEE Transactions on Mobile Computing10.1109/TMC.2014.232457214:3(660-674)Online publication date: 1-Mar-2015
https://doi.org/10.1109/TMC.2014.2324572

Index Terms

Timing-based localization of in-band wormhole tunnels in MANETs
1. Networks
  1. Network types
    1. Mobile networks
    2. Wireless access networks

Recommendations

A countermeasure against wormhole attacks in MANETs using analytical hierarchy process methodology

Mobile ad hoc networks are vulnerable to a large group of attacks, e.g., wormhole attacks. In this paper, we propose a countermeasure to prevent wormhole attacks. We utilize analytical hierarchy process to elect some special nodes, named the local most ...
Wormhole attacks in wireless networks

As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is ...
On providing wormhole-attack-resistant localization using conflicting sets

Wormhole attack is a severe attack that can be easily mounted on a wide range of wireless networks without compromising any cryptographic entity or network node. In the wormhole attack, an attacker sniffs packets at one point in the network and tunnels ...

Reviews

Reviewer: M.A. Bhagyaveni

The issue of localizing the in-band tunnels in mobile ad hoc networks (MANETs) is addressed in this paper. It focuses entirely on a timing-based approach-the value of timing in detection is understood, as is the fact that packet headers and other auxiliary information may not be available, due to the encryption of forwarded traffic. Kim et al. present a good literature survey on wormhole attacks. They clearly explain their contributions to identifying the wormhole in the presence of chaff packets, clock skew, and packet loss, which are common characteristics of MANETs. This paper is well written, and has good technical content. Its main contributions are: a method to find chaff-to-traffic ratio (CTR); a method to find minimum CTR; a method to find minimum CTR with clock skew; and tunnel path estimation. The authors' validation testbed and methodology are impressive. Kim et al. do not address the issue of tunnel identification. Hence, the false alarm or missed alarm issues are not dealt with (they are out of the scope of the paper). Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '10: Proceedings of the third ACM conference on Wireless network security

March 2010

186 pages

ISBN:9781605589237

DOI:10.1145/1741866

General Chair:
Susanne Wetzel
Stevens Institute of Technology, USA
,
Program Chairs:
Cristina Nita-Rotaru
Purdue University, USA
,
Frank Stajano
University of Cambridge, UK

Copyright � 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 March 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC '10

Sponsor:

SIGSAC

WISEC '10: Third ACM Conference on Wireless Network Security

March 22 - 24, 2010

New Jersey, Hoboken, USA

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
338
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)1

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Giri DBorah SPradhan R(2018)Approaches and Measures to Detect Wormhole Attack in Wireless Sensor Networks: A SurveyAdvances in Communication, Devices and Networking10.1007/978-981-10-7901-6_92(855-864)Online publication date: 24-May-2018
https://doi.org/10.1007/978-981-10-7901-6_92
Ji SChen TZhong S(2015)Wormhole Attack Detection Algorithms in Wireless Network Coding SystemsIEEE Transactions on Mobile Computing10.1109/TMC.2014.232457214:3(660-674)Online publication date: 1-Mar-2015
https://doi.org/10.1109/TMC.2014.2324572

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents