A Unified Wormhole Attack Detection Framework for Mobile Ad hoc Networks

The Internet is experiencing an evolution towards a ubiquitous network paradigm, via the so-called internet-of-things (IoT), where small wireless computing devices like sensors and actuators are integrated into daily activities. Simultaneously, infrastructure-less systems such as mobile ad hoc networks (MANET) are gaining popularity since they provide the possibility for devices in wireless sensor networks or vehicular ad hoc networks to share measured and monitored information without having to be connected to a base station. While MANETs offer many advantages, including self-configurability and application in rural areas which lack network infrastructure, they also present major challenges especially in regard to routing security. In a highly dynamic MANET, where nodes arbitrarily join and leave the network, it is difficult to ensure that nodes are trustworthy for multi-hop routing. Wormhole attacks belong to most severe routing threats because they are able to disrupt a major part of the network traffic, while concomitantly being extremely difficult to detect. This thesis presents a new unified wormhole attack detection framework which is effective for all known wormhole types, alongside incurring low false positive rates, network loads and computational time, for a variety of diverse MANET scenarios. The framework makes three original technical contributions: i) a new accurate wormhole detection algorithm based on packet traversal time and hop count analysis (TTHCA) which identifies infected routes, ii) an enhanced, dynamic traversal time per hop analysis (TTpHA) detection model which is adaptable to node radio range fluctuations, and iii) a method for automatically detecting time measurement tampering in both TTHCA and TTpHA. The thesis findings indicate that this new wormhole detection framework provides significant performance improvements compared to other existing solutions by accurately, efficiently and robustly detecting all wormhole variants under a wide range of network conditions

MLAMAN: a novel multi-level authentication model and protocol for preventing wormhole attack in mobile ad hoc network

© 2018, Springer Science+Business Media, LLC, part of Springer Nature. Wormhole attack is a serious security issue in Mobile Ad hoc Network where malicious nodes may distort the network topology and obtain valuable information. Many solutions, based on round trip time, packet traversal time, or hop-count, have been proposed to detect wormholes. However, these solutions were only partially successful in dealing with node high-speed mobility, variable tunnel lengths, and fake information by malicious nodes. To address those issues, this paper proposes a novel multi-level authentication model and protocol (MLAMAN) for detecting and preventing wormhole attacks reliably. MLAMAN allows all intermediate nodes to authenticate control packets on a hop-by-hop basis and at three levels: (1) the packet level where the integrity of the packets can be verified, (2) the node membership level where a public key holder-member can be certified, and (3) the neighborhood level where the neighborhood relationship between nodes can be determined. The novelty of the model is that it prevents malicious nodes from joining the network under false information and pretense. It detects wormhole nodes effectively under various scenarios including variable tunnel lengths and speeds of moving nodes. The effectiveness of our approach is confirmed by simulation results through various scenarios

Resilient networking in wireless sensor networks

This report deals with security in wireless sensor networks (WSNs), especially in network layer. Multiple secure routing protocols have been proposed in the literature. However, they often use the cryptography to secure routing functionalities. The cryptography alone is not enough to defend against multiple attacks due to the node compromise. Therefore, we need more algorithmic solutions. In this report, we focus on the behavior of routing protocols to determine which properties make them more resilient to attacks. Our aim is to find some answers to the following questions. Are there any existing protocols, not designed initially for security, but which already contain some inherently resilient properties against attacks under which some portion of the network nodes is compromised? If yes, which specific behaviors are making these protocols more resilient? We propose in this report an overview of security strategies for WSNs in general, including existing attacks and defensive measures. In this report we focus at the network layer in particular, and an analysis of the behavior of four particular routing protocols is provided to determine their inherent resiliency to insider attacks. The protocols considered are: Dynamic Source Routing (DSR), Gradient-Based Routing (GBR), Greedy Forwarding (GF) and Random Walk Routing (RWR)

TOGBAD : Ein Verfahren zur Erkennung von Routingangriffen in taktischen multi-hop Netzen

Multi-hop Netze sind seit vielen Jahren Forschungsthema. Seit einigen Jahren gibt es auch erste Realisierungen solcher Netze. Sie ermöglichen es, ohne feste Infrastruktur sich selbst organisierende Netze zu realisieren. Dies macht sie für vielfältige zivile wie taktische Szenarien interessant. In der vorliegenden Arbeit liegt der Fokus auf taktischen Szenarien, wie Szenarien der öffentlichen Sicherheit, militärischen oder Katastrophenszenarien. In solchen Szenarien kann für die Kommunikation auf der letzten Meile nicht von existierender Kommunikationsinfrastruktur ausgegangen werden. Taktische multi-hop Netze stellen eine Möglichkeit dar, die Kommunikation auf der letzen Meile trotzdem zu realisieren. Taktische multi-hop Netze sind zunächst einmal drahtlose multi-hop Netze, weisen darüber hinaus jedoch spezielle Eigenschaften auf. Diese speziellen Eigenschaften sind gruppenbasierte Bewegung, heterogene Knoten und eine hohe Relevanz von Sicherheitsbelangen. In taktischen multi-hop Netzen kann die Verletzung der Schutzziele Vertraulichkeit, Integrität und Verfügbarkeit schwerwiegende Folgen, bis hin zum Verlust von Menschenleben, haben. Eine gut und zuverlässig funktionierende Sicherheitslösung für diese Netze ist also von großer Bedeutung. Dabei ist nicht nur mit Außentätern, sondern auch mit so genannten Innentätern (also im zu schützenden Netz befindlichen Angreifern mit validem Schlüsselmaterial) zu rechnen. Die Selbstorganisationsfähigkeit taktischer multi-hop Netze wird u.a. dadurch erreicht, dass jeder Knoten im Netz in den Routingprozess eingebunden ist. Dies vereinfacht Innentätern so genannte Routingangriffe. Ziel solcher Angriffe ist es, das Netz effektiv zu stören oder abzuhören. In der vorliegenden Arbeit wird mit TOGBAD ein Verfahren zur Detektion solcher Routingangriffe in taktischen multi-hop Netzen entwickelt und bewertet. Dazu werden zunächst die wesentlichen Eigenschaften von taktischen multi-hop Netzen herausgearbeitet. Durch Ausnutzen dieser Eigenschaften und in taktischen multi-hop Netzen anzunehmender Dienste ist es TOGBAD möglich, Synergien zu nutzen, seinen Ressourcenaufwand zu minimieren und intelligent zu verteilen. Dadurch lässt sich sicherstellen, dass TOGBAD auch auf in taktischen multi-hop Netzen zu erwartender Hardware lauffähig ist. Um eine sinnvolle Leistungsbewertung durchführen zu können, wird in der vorliegenden Arbeit auf Basis der herausgearbeiteten Eigenschaften von taktischen multi-hop Netzen eine realitätsnahe Modellierung taktischer Szenarien vorgenommen. Dazu werden sinnvolle Modelle ausgewählt und angemessen parametrisiert. Auf Basis der modellierten Szenarien erfolgt eine Leistungsbewertung von TOGBAD. Teil dieser Leistungsbewertung ist der Vergleich von TOGBAD mit verwandten Arbeiten. Entsprechend wird zunächst der aktuelle Stand der Forschung dargestellt, TOGBAD in die Forschungslandschaft eingeordnet und eine verwandte Arbeit für den Vergleich mit TOGBAD ausgewählt. Das im Rahmen dieser Arbeit entwickelte Verfahren TOGBAD ist als ein Gesamtsystem mit drei Einzeldetektoren konzipiert. Dabei dient jeder Einzeldetektor zur Erkennung eines Merkmals von Routingangriffen in taktischen multi-hop Netzen. Als Gesamtsystem ist TOGBAD mittels seiner Einzeldetektoren TOGBAD-SH, TOGBAD-LQ und TOGBAD-WH in der Lage, sowohl gefälschte Topologieinformationen, als auch gefälschte Linkqualitäten und Wormholes zu erkennen. Dadurch werden alle relevanten Routingangriffe in taktischen multi-hop Netzen von TOGBAD erkannt. Insbesondere gehen die Erkennungsmöglichkeiten von TOGBAD über die verwandter Ansätze hinaus. Zusätzlich ist TOGBAD speziell auf die Gegebenheiten in taktischen multi-hop Netzen angepasst. Es minimiert gezielt ressourcenintensive Aufgaben und verlagert die nötigen ressourcenintensiven Aufgaben auf ressourcenstarke Knoten. Dadurch erreicht TOGBAD im Vergleich mit verwandten Ansätzen ein höheres Sicherheitsniveau bei gleichzeitig niedrigerem Ressourcenverbrauch. Dies wird mittels der im Rahmen der vorliegenden Arbeit durchgeführten Leistungsbewertung gezeigt. Zusätzlich zeigt die Leistungsbewertung, dass TOGBAD sehr robust gegenüber Paketverlusten ist. TOGBAD erreicht sowohl bei idealer, als auch von Paketverlusten betroffener Datenbasis, sehr gute Erkennungsleistungen bezüglich der in taktischen multi-hop Netzen relevanten Routingangriffe. Zusammenfassend lassen sich die folgenden Kernbeiträge der Dissertation benennen: Realistische Modellierung taktischer multi-hop Netze Entwicklung eines zuverlässigen, ressourcenschonenden Verfahrens zur Erkennung von Routingangriffen in taktischen multi-hop Netzen mit einzigartigen Erkennungsmöglichkeiten Leistungsbewertung des Verfahrens und alternativer Ansätze in taktischen multi-hop Netzen TOGBAD ist in sechs im Rahmen der Arbeit entstandenen Veröffentlichungen publiziert worden. Dabei ist zu jedem der Einzelverfahren TOGBAD-SH, TOGBAD-LQ und TOGBAD-WH mindestens eine Veröffentlichung und auch zum TOGBAD-Gesamtsystem eine Veröffentlichung entstanden.</p

Wormhole Attack Detection Algorithms in Wireless Network Coding Systems

Network coding has been shown to be an effective approach to improve the wireless system performance. However, many security issues impede its wide deployment in practice. Besides the well-studied pollution attacks, there is another severe threat, that of wormhole attacks, which undermines the performance gain of network coding. Since the underlying characteristics of network coding systems are distinctly different from traditional wireless networks, the impact of wormhole attacks and countermeasures are generally unknown. In this thesis, we quantify wormholes' devastating harmful impact on network coding system performance through experiments. Firstly, we propose a centralized algorithm to detect wormholes and show its correctness rigorously. For the distributed wireless network, we propose DAWN, a Distributed detection Algorithm against Wormhole in wireless Network coding systems, by exploring the change of the flow directions of the innovative packets caused by wormholes. We rigorously prove that DAWN guarantees a good lower bound of successful detection rate. We perform analysis on the resistance of DAWN against collusion attacks. We find that the robustness depends on the node density in the network, and prove a necessary condition to achieve collusion-resistance. DAWN does not rely on any location information, global synchronization assumptions or special hardware/middleware. It is only based on the local information that can be obtained from regular network coding protocols, and thus the overhead of our algorithms is tolerable. Extensive experimental results have verified the effectiveness and the efficiency of DAWN.Computer Scienc

Traffic engineering multi-layer optimization for wireless mesh network transmission a campus network routing protocol transmission performance inhancement

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel UniversityThe wireless mesh network is a potential network for the future due to its excellent inherent characteristic for dynamic self-healing, self-configuration and self-organization. It also has the advantage of easy interoperability networking and the ability to form multi-linked ad-hoc networks. It has a decentralized topology, is cheap and highly scalable. Furthermore, its ease in deployment and easy maintenance are other inherent networking qualities. These aforementioned qualities of the wireless mesh network bring advantages to transmission capability of heterogeneous networks. However, transmissions in wireless mesh network create comparative performance based challenges such as congestion, load-balancing, scalability over increasing networks and coverage capacity. Consequently, these challenges and problems in the routing and switching of packets in the wireless mesh network routing protocols led to a proposal on the resolution of these failures with a combination algorithm and a management based security for the network and its transmitted packets. There are equally contentious services like reliability of the network and quality of service for real-time multimedia traffic flows with other challenges such as path computation and selection in the wireless mesh network. This thesis is therefore a cumulative proposal to the resolution of the outlined challenges and open research areas posed by using wireless mesh network routing protocol. It advances the resolution of these challenges in the mesh environment using a hybrid optimization – traffic engineering, to increase the effectiveness and the reliability of the network. It also proffers a cumulative resolution of the diverse contributions on wireless mesh network routing protocol and transmission. Adaptation and optimization are carried out on the wireless mesh network designed network using traffic engineering mechanism and technique. The research examines the patterns of mesh packet transmission and evaluates the challenges and failures in the mesh network packet transmission. It develops a solution based algorithm for resolutions and proposes the traffic engineering based solution.. These resultant performances and analysis are usually tested and compared over wireless mesh IEEE802.11n or other older proposed documented solution. This thesis used a carefully designed campus mesh network to show a comparative evaluation of an optimal performance of the mesh nodes and routers over a normal IEE802.11n based wireless domain network to show differentiation by optimization using the created algorithms. Furthermore, the indexes of performance being the metric are used to measure the utility and the reliability, including capacity and throughput at the destination during traffic engineered transmission. In addition, the security of these transmitted data and packets are optimized under a traffic engineered technique. Finally, this thesis offers an understanding to the security contribution using traffic engineering resolution to create a management algorithm for processing and computation of the wireless mesh networks security needs. The results of this thesis confirmed, completed and extended the existing predictions with real measurement

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: vehicular ad-hoc networks, security and caching, TCP in ad-hoc networks and emerging applications. It is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security