http://www.iaeme.com/IJCET/index.asp
108
editor@iaeme.com
Cryptographic Hash Key Algorithm to Mitigate Wormhole Attacks and Lure Catch Algorithm
to Block the Attackers
Cite this Article: Manpreet and Dr. Anil Kumar Sharma, Cryptographic Hash
Key Algorithm to Mitigate Wormhole Attacks and Lure Catch Algorithm to
Block the Attackers, International Journal of Computer Engineering and
Technology, 7(3), 2016, pp. 108117.
http://www.iaeme.com/IJCET/issues.asp?JType=IJCET&VType=7&IType=3
INTRODUCTION
MANeT is a growing technology which is offering solution to variety of application
areas such as health care, military and industry because of its dynamicity and adaption
to changes quickly as and when required. Generally these nodes are wireless and it
also includes the sensors like GPS to broadcast their location for shortest route
discovery or highly synchronized clocks by detecting the packet sending time as well
as packet receiving time which calculates the distance with the help of network speed.
These different techniques are working perfectly in the standard situation but lacks up
to a certain limit in the presence of latency or entire area is fully covered with highly
accurate GPS devices. Along with the positivity of sensors, a negativity too involves
with sensor devices which exposed the network to variety of attacks. Conventional
security mechanisms are not suitable for MANeTs as they are usually heavy and
nodes are limited.
The importance of wormhole attacks is vital as it can occur to all types of wireless
networks. Therefore, identifying the possibility of wormhole attacks and methods to
protect against these attacks are important to the security of wireless networks as a
whole. As a wormhole attack challenges higher-level protocols, most effective
procedures to detect such attacks are based on looking for inconsistencies in
measurements performed at the physical layer. The medium for information to travel
on wireless networks is air and in a sense, without physical boundary makes wireless
networks more vulnerable than wired networks to security attacks like eavesdropping,
man-in-the-middle, etc. that might have been better protected against in wired
networks. It is also more difficult to come up with security measures of protecting
data that flows through the air.
WORMHOLE ATTACK
Wormhole attack is a relay-based attack that can disrupt the routing protocol and
therefore disrupt or breakdown a network and this is the reason the attacks are serious.
There are 4 steps to explain about a general wormhole attack.
An attacker has two trusted nodes (or two colluded attackers each has one node) in
two different locations of a network with a direct link between the two nodes.
http://www.iaeme.com/IJCET/index.asp
109
editor@iaeme.com
Packet Encapsulation: In which one malicious node encapsulates the route request
and sends it to colliding node which decapsulate it and forwards the route request
(RREQ) packet.
Out-of-Band: In Out-of-Band, two malicious nodes sends route request (RREQ)
between them by using the long range directional wireless link or direct wired link.
High-Power-Transmission: In high power transmission a malicious node get a route
request (RREQ) and broadcast that request with high power level. Any other node
that hears the high power broadcast must be a malicious node so it receives that route
request and again rebroadcast towards the destination.
Packet Relay: I n packet relay two malicious nodes relay packet between two nodes
which are far apart from each other and convenience these nodes that they are
neighbor.
In an infrastructure based wireless network, the two nodes that form the wormhole
link can be two rogue access points. A rogue access point is an access point that is not
authorized to be in a wireless network and is usually setup by an attacker to sniff the
traffic or to do with attacks that the attacker launches. The attacker has two rogue
http://www.iaeme.com/IJCET/index.asp
110
editor@iaeme.com
Cryptographic Hash Key Algorithm to Mitigate Wormhole Attacks and Lure Catch Algorithm
to Block the Attackers
access points in the infrastructure based wireless network. The essential point remains
the same and that is packets from one rogue access point will be getting to the other
rogue access point faster than other routes as to create a false idea that two end-point
devices are close to each other when they are not. The attacker has the control over
the rogue access points so he/she can launch wormhole attacks without the need to
worry about cryptographic keys or the need to compromise any legitimate node in the
network.
RELATED WORK
Maria A. Gorlatova, Peter C. Mason, Maoyu Wang, Louise Lamont, Ramiro Liscano
in Detecting Wormhole Attacks in Mobile Ad Hoc Networks through Protocol
Breaking and Packet Timing Analysis, has introduced the Wormhole attacks
detection by timing analysis. A lot of search has been done to detect and protect
against wormhole attacks and more research and protection methods are continued to
be developed. So far most of them focus on ad-hoc or sensor wireless networks.
However, there is some research done in infrastructure based wireless networks in
recent years.
X. Wang and J. Wong, In An end-to-end detection of wormhole attack in
wireless ad-hoc networks, the authors calculate the minimum number of hops to
reach the destination by measuring its geographical location using GPS.
M. Rafiqul Alam and K. S. Chan, In RTT-TC: A topological comparison based
method to detect wormhole attacks in MANeT, use the average RTT(Round Trip
Time) to identify the attack and then compare the neighbor list of the fake neighbors
in process to detect it.
E. Alata, V. Nicomette, M. Kaaniche, M. Dacier, and M. Herrb, In Lessons
learned from the deployment of a high interaction honeypot, provides a in-depth
understanding of way the attackers behave by observing their interactions with a high
interaction honeypot.
I. Mokube and M. Adams, In Honeypots: concepts, approaches, and challenges,
the authors have elucidated the different kinds of honeypot and approach to
implement them and also the legal issues and challenges to be taken into
consideration when a honeypot is implemented.
A. Prathapani, L. Santhanam, and D. Agrawal, In Intelligent honeypot agent for
blackhole attack detection in wireless mesh networks, the author has identified a
honeypot based method to find the blackhole attack in infrastructure based Wireless
Mesh Network using virtual honeypots.
Other approach which was proposed in (Rasheed & Mahapatra, 2009) uses mobile
sink ,it will be suitable for only some kinds of applications which required MS and
also applies additional hardware in order to provide its mobility. Also, it applies
multiple channel radio transmission which may not be available for all kinds of nodes.
Jakob Erikson, Shrikanth V. Krishnamurty and Michalis Faloutos proposed a
countermeasure for wormhole attack in a wireless network. They proposed TrueLink
Protocol for defending wormhole attack. It checks bidirectionality of links. It enables
a node to verify adjacency of apparent neighbor. It uses a combination of timing and
authentication. It uses together with secure routing protocol. Therefore underling this
assumption made the proposed method not suitable for many application of WSNs
which do not have reliable media to transfer neighbor list to the base. There are
methods proposed preventing wormholes like attacks in ad-hoc networks by verifying
physical presence of neighbors.
http://www.iaeme.com/IJCET/index.asp
111
editor@iaeme.com
PROPOSED SYSTEM
In order to mitigate effect of wormhole attack in MANeT network, a neighbor
discovery process has been proposed. There are some criteria to determine whether
wormhole attack is performing in the network or not. Some methods use statistical
approach. They find dramatic changes in the certain statistical patterns and then
decide on existence of wormhole in the network. Longer propagation can be another
symptom of wormhole existence. Additionally we can determine the existence of
wormhole in the network by checking the parameters such as bigger transmission
range than that of normal condition, and previous node is not a neighbor as well. The
proposed method is based on the fact that mentioned wormhole data comes from
unauthorized and illegal neighbors.
To avoid the wormhole attack in mobile ad hoc network, it is assumed that each
legitimate node shares the digital signature of every node in the network and
malicious node does not have its own digital signature. When the sender broadcast the
route request (RREQ) it also add its digital signature in signature column of packet
header, all the nodes which received that request compare the signature of sending
nodes from its database which contains the signature of all nodes in the network, If
the signature is matched that means the sender is legitimate node so receiving node
also add its signature in signature column of header and again broadcast that request.
The process is repeated again and again until that route request (RREQ) reached at
its destination. If the route request reached at destination is legal then destination node
unicast route reply following the same route through which it received route request.
If there is presence of any malicious node in the path, it receives route request and
sends it to next node. The node that receives packet from malicious node found that
signature column of packet header which either contains duplicate digital signature of
previous node or no digital signature because the malicious node does not have its
own digital signature. The node that receives the request from malicious node verifies
the request, it found any duplicity and absence of digital signature so it discard the
request and inform to all node in the network about the malicious node and all other
nodes in the network feeds that information in their database. Along with it, further
the proposed method works in two phases. They are the neighbor discovery phase and
the encryption phase. The discovery phase starts with every node in network, say A.
It sends a HELLO message to the all one hope neighbors in the network. This
broadcasted message contains source address and its own public key, which is
broadcasted to all nodes. In response to this message, every authentic neighbor sent
their own public key to A. Receiver public key of one hop neighbor sent in the
encrypted message format. This message contains source ID, public key of B
encrypted with the public key of A and destination address. When the node A want
to send data to B then A encrypt data with public key of B and this data again
encrypted with the private key of sender i.e. A. When receiver B receives data
from the sender A then first B decrypt data with public key of sender A and
remaining data is decrypted with its own private key. In this way secure
communication is done. For encryption and decryption purposes we use the RSA
technique. Every node should share its public key with its neighbors during neighbor
discovery phase. Thus the first phase helps in recognizing the neighbors. Then the
proposed system undergoes the encryption phase which comprises of another two
phases: Encryption and authentication, Decryption and Verification. Confidentiality is
the ability of hiding message to an unauthorized attacker. It means that if an illegal
and unauthorized adversary access to the message, it cannot understand it.
http://www.iaeme.com/IJCET/index.asp
112
editor@iaeme.com
Cryptographic Hash Key Algorithm to Mitigate Wormhole Attacks and Lure Catch Algorithm
to Block the Attackers
Private KeyS
Data
Data to send
E
Integrity provides a mechanism in order to know whether the message had been
tampered or not. The received data gets decrypted by the receiver using the private
key of the receiver. The hash values are compared with the public key of the sender. If
the hash values are equal then the message gets verified.
D
D(H)
Received Data
Accept if Equal
=?
Thus the combined action of the two phases eliminated pretending identity of
neighbor node completely even if attacker in present at time of neighbor discovery. If
node receives data with false digest value then it declares packet received through
wormhole node and discards packet. It also discards routing entry for wormhole node.
Further, the techniques available so far are dependable on some external sources like
GPS or highly synchronized clock system and that too in the absence of jitter and
standard conditions and they too capable of detecting the wormhole attack not
removing them from the network. So, I proposed lure and catch algorithm to remove
the malicious node from the network to avoid the attack from the same node in future,
A sample and fake data is to be sent among a predefined route with a non existing
http://www.iaeme.com/IJCET/index.asp
113
editor@iaeme.com
destination node which is set outside the network and decided among all nodes who
participated in the MANeT dynamic network so that even not in the presence of
shortest route, it follows the preferred route and no node is disturbing it to follow this
route. But is a node is malicious, it starts disturbing it to change the route of said
packet through it. But as our node is following the predefined route, malicious node
start changing its position to get closer to it and finally throws out of the network as
the destination node is not exist at all.
Source
Destination
Network
WH Node
Figure.5: Graph of Simulation Time vs Delay Values (With All Three Cases)
http://www.iaeme.com/IJCET/index.asp
114
editor@iaeme.com
Cryptographic Hash Key Algorithm to Mitigate Wormhole Attacks and Lure Catch Algorithm
to Block the Attackers
Figure.6: Graph of Simulation Time vs Packet Delivery Ratio (With All Three Cases)
Figure. 8: Comparison between percentages of genuine RREQs dropped with and without
Honeypots.
http://www.iaeme.com/IJCET/index.asp
115
editor@iaeme.com
Figure 9: Graph showing the increase in genuine RREQs delivery ratio by using Honeypots.
CONCLUSION
Wormhole attacks have been identified as attacks that can be powerful and can cause
severe damage to the network. It is not something that can be taken lightly.
Methodologies for detecting and protecting against these attacks have been proposed
mainly for ad-hoc and sensor networks. It is new for infrastructure based networks.
However, it is not less significant. Therefore it was mentioned a possible strategy in
detecting and protecting against wormhole attacks by combining the cryptography
hash code algorithm and lure catch technique to mitigate wormhole attacks, and
maybe other attacks in infrastructure based wireless networks by focusing on
identifying rogue access pints in infrastructure based wireless networks.
REFERENCES
[1]
Ali
modirkhazeni,
Saeedeh
Aghamahamoodi,
and
Naghmeh
Niknejad,Distributed Approach To Mitigate Wormhole Attack in Wireless
Sensor Network ,2011IEEE , page no. 122-128
[2]
[3]
[4]
[5]
http://www.iaeme.com/IJCET/index.asp
116
editor@iaeme.com
Cryptographic Hash Key Algorithm to Mitigate Wormhole Attacks and Lure Catch Algorithm
to Block the Attackers
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
Swati R. Salunke and Prof. S. Pratap Singh, Hybrid Cryptography Algorithms for
Secure Eaack in MANeT, International Journal of Computer Engineering and
Technology, 5(7), 2014, pp. 4347.
http://www.iaeme.com/IJCET/index.asp
117
editor@iaeme.com