Wormhole
IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 19, NO. 6, DECEMBER 2011
1787
Topological Detection on Wormholes in Wireless Ad Hoc and Sensor Networks
Dezun Dong, Member, IEEE, Mo Li, Member, IEEE, Yunhao Liu, Senior Member, IEEE, Xiang-Yang Li, Senior Member, IEEE, and Xiangke Liao
Abstract—Wormhole attack is a severe threat to wireless ad hoc and sensor networks. Most existing countermeasures either require specialized hardware devices or make strong assumptions on the network in order to capture the specific (partial) symptom induced by wormholes. Those requirements and assumptions limit the applicability of previous approaches. In this paper, we present our attempt to understand the impact and inevitable symptom of wormholes and develop distributed detection methods by making as few restrictions and assumptions as possible. We fundamentally analyze the wormhole problem using a topology methodology and propose an effective distributed approach, which relies solely on network connectivity information, without any requirements on special hardware devices or any rigorous assumptions on network properties. We formally prove the correctness of this design in continuous geometric domains and extend it into discrete domains. We evaluate its performance through extensive simulations. Index Terms—Connectivity, topological approach, wireless ad hoc and sensor networks, wormhole detection.
I. INTRODUCTION
W
ORMHOLE attack is one of the most severe security threats [1]–[15] in ad hoc and sensor networks. In wormhole attacks, the attackers tunnel the packets between distant locations in the network through an in-band or out-of-band channel. The wormhole tunnel gives two distant nodes the illusion that they are close to each other. The wormhole can attract and bypass a large amount of network traffic, and thus the attacker can collect and manipulate network traffic. The attacker is able to exploit such a position to launch a variety of attacks, such as dropping or
1787
Topological Detection on Wormholes in Wireless Ad Hoc and Sensor Networks
Dezun Dong, Member, IEEE, Mo Li, Member, IEEE, Yunhao Liu, Senior Member, IEEE, Xiang-Yang Li, Senior Member, IEEE, and Xiangke Liao
Abstract—Wormhole attack is a severe threat to wireless ad hoc and sensor networks. Most existing countermeasures either require specialized hardware devices or make strong assumptions on the network in order to capture the specific (partial) symptom induced by wormholes. Those requirements and assumptions limit the applicability of previous approaches. In this paper, we present our attempt to understand the impact and inevitable symptom of wormholes and develop distributed detection methods by making as few restrictions and assumptions as possible. We fundamentally analyze the wormhole problem using a topology methodology and propose an effective distributed approach, which relies solely on network connectivity information, without any requirements on special hardware devices or any rigorous assumptions on network properties. We formally prove the correctness of this design in continuous geometric domains and extend it into discrete domains. We evaluate its performance through extensive simulations. Index Terms—Connectivity, topological approach, wireless ad hoc and sensor networks, wormhole detection.
I. INTRODUCTION
W
ORMHOLE attack is one of the most severe security threats [1]–[15] in ad hoc and sensor networks. In wormhole attacks, the attackers tunnel the packets between distant locations in the network through an in-band or out-of-band channel. The wormhole tunnel gives two distant nodes the illusion that they are close to each other. The wormhole can attract and bypass a large amount of network traffic, and thus the attacker can collect and manipulate network traffic. The attacker is able to exploit such a position to launch a variety of attacks, such as dropping or
References: [1] P. Papadimitratos and Z. J. Haas, “Secure routing for mobile ad hoc networks,” presented at the SCS CNDS, San Antonio, TX, Jan. 27–31, 2002. [2] K. Sanzgiri, B. Dahill, B. Levine, and E. Belding-Royer, “A secure routing protocol for ad hoc networks,” in Proc. IEEE ICNP, 2002, pp. 78–87. [3] Y.-C. Hu, A. Perrig, and D. Johnson, “Packet leashes: A defense against wormhole attacks in wireless networks,” in Proc. IEEE INFOCOM, 2003, vol. 3, pp. 1976–1986. 1796 IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 19, NO. 6, DECEMBER 2011 [4] L. Hu and D. Evans, “Using directional antennas to prevent wormhole attacks,” presented at the NDSS, 2004. [5] W. Wang and B. Bhargava, “Visualization of wormholes in sensor networks,” in Proc. ACM WiSe, 2004, pp. 51–60. [6] W. Wang, B. Bhargava, Y. Lu, and X. Wu, “Defending against wormhole attacks in mobile ad hoc networks,” Wireless Commun. Mobile Comput., vol. 6, pp. 483–503, 2006. [7] J. Eriksson, S. V. Krishnamurthy, and M. Faloutsos, “Truelink: A practical countermeasure to the wormhole attack in wireless networks,” in Proc. IEEE ICNP, 2006, pp. 75–84. [8] R. Poovendran and L. Lazos, “A graph theoretic framework for preventing the wormhole attack in wireless ad hoc networks,” Wireless Netw., vol. 13, pp. 27–59, 2007. [9] R. Maheshwari, J. Gao, and S. R. Das, “Detecting wormhole attacks in wireless networks using connectivity information,” in Proc. IEEE INFOCOM, 2007, pp. 107–115. [10] S. Capkun, L. Buttyan, and J.-P. Hubaux, “Sector: Secure tracking of node encounters in multihop wireless networks,” in Proc. ACM SASN, 2003, pp. 21–32. [11] I. Khalil, S. Bagchi, and N. B. Shroff, “Liteworp: A light-weight countermeasure for the wormhole attack in multihop wireless networks,” in Proc. DSN, 2005, pp. 612–621. [12] I. Khalil, S. Bagchi, and N. B. Shroff, “Mobiworp: Mitigation of the wormhole attack in mobile multihop wireless networks,” in Proc. IEEE SecureComm, 2006, pp. 1–12. [13] N. Song, L. Qian, and X. Li, “Wormhole attack detection in wireless ad hoc networks: A statistical analysis approach,” in Proc. IEEE IPDPS, 2005. [14] L. Buttyan, L. Dora, and I. Vajda, “Statistical wormhole detection in sensor networks,” in Proc. IEEE ESAS, 2005, pp. 128–141. [15] I. Aad, J.-P. Hubaux, and E. W. Knightly, “Impact of denial of service attacks on ad hoc networks,” IEEE/ACM Trans. Netw., vol. 16, no. 4, pp. 791–802, Aug. 2008. [16] Ö. B. Akan and I. F. Akyildiz, “Event-to-sink reliable transport in wireless sensor networks,” IEEE/ACM Trans. Netw., vol. 13, no. 5, pp. 1003–1016, Oct. 2005. [17] Y. Zhang, W. Liu, W. Lou, and Y. Fang, “Location-based compromisetolerant security mechanisms for wireless sensor networks,” IEEE J. Sel. Areas Commun., vol. 24, no. 2, pp. 247–260, Feb. 2006. [18] M. Luk, G. Mezzour, A. Perrig, and V. Gligor, “MiniSec: A secure sensor network communication architecture,” in Proc. ACM/IEEE IPSN, 2007, pp. 479–488. [19] C. Karlof, N. Sastry, and D. Wagner, “TinySec: A link layer security architecture for wireless sensor networks,” in Proc. ACM SenSys, 2004, pp. 162–175. [20] A. Hatcher, Algebraic Topology. Cambridge, U.K.: Cambridge Univ. Press, 2002. [21] K. Whittlesey, “Greedy optimal homotopy and homology generators,” in Proc. ACM-SIAM SODA, 2005, pp. 1038–1046. [22] J. Erickson and S. Har-Peled, “Optimally cutting a surface into a disk,” in Proc. ACM SCG, 2002, pp. 244–253. [23] M. J. Pelsmajer, M. Schaefer, and D. Stefankovic, “Removing even crossings, continued,” in DePaul CTI 06-016, Aug. 28, 2006, pp. 1–14. [24] Y. Wang, J. Gao, and J. S. Mitchell, “Boundary recognition in sensor networks by topological methods,” in Proc. ACM MobiCom, 2006, pp. 122–133. Dezun Dong (S’09–M’10) received the B.S., M.S., and Ph.D. degrees in computer science at National University of Defense Technology (NUDT), Changsha, China, in 2002, 2004, and 2010, respectively. He was a Visiting Scholar with the Computer Science and Engineering Department, Hong Kong University of Science and Technology, Hong Kong, from November 2008 to May 2010. He is currently an Assistant Professor with the School of Computer, NUDT. His research interests are wireless networks, distributed computing, and high-performance computer systems. Mo Li (M’06) received the B.S. degree in computer science and technology from Tsinghua University, Beijing, China, in 2004, and the Ph.D. degree in computer science and engineering from Hong Kong University of Science and Technology, Hong Kong, in 2009. He is a Nanyang Assistant Professor with the Computer Science Division, School of Computer Engineering, Nanyang Technological University, Singapore. His research interests include distributed systems, wireless sensor networks, pervasive computing and RFID, and wireless and mobile systems. Yunhao Liu (M’02–SM’06) received the B.S. degree in automation from Tsinghua University, Beijing, China, in 1995, and the M.S. and Ph.D. degrees in computer science and engineering from Michigan State University, East Lansing, in 2003 and 2004, respectively. He is a Professor with the Tsinghua National Lab for Information Science and Technology, School of Software, and the Director of the MOE Key Lab for Information Security, Tsinghua University. He is also a faculty member with the Department of Computer Science and Engineering, Hong Kong University of Science and Technology, Hong Kong. Xiang-Yang Li (SM’08) received the B.S. degree from Tsinghua University, Beijing, China, in 1995, and the M.S. and Ph.D. degrees from the University of Illinois at Urbana–Champaign in 2000 and 2001, respectively, all in computer science. Currently, he is an Associate Professor with the Department of Computer Science, Illinois Institute of Technology, Chicago. His research interests span wireless ad hoc networks, computational geometry, game theory, and cryptography and network security. Xiangke Liao received the B.S. degree in computer science from Tsinghua University, Beijing, China, in 1985, and the M.S. degrees in computer science from the National University of Defense Technology (NUDT), Changsha, China, in 1988. He is now a Professor and the Dean of the School of Computer, NUDT. His research interests include parallel and distributed computing, high-performance computer systems, operating system, and networked embedded system.