Topological Detection on Wormholes in Wireless Ad Hoc and Sensor Networks Dezun Dong, Member, IEEE, Mo Li, Member, IEEE, Yunhao Liu, Senior Member, IEEE, Xiang-Yang Li, Senior Member, IEEE, and Xiangke Liao Abstract—Wormhole attack is a severe threat to wireless ad hoc and sensor networks. Most existing countermeasures either require specialized hardware devices or make strong assumptions on the network in order to capture the speciﬁc (partial) symptom induced by wormholes. Those requirements and assumptions limit the applicability of previous approaches. In this paper, we present our attempt to understand the impact and inevitable symptom of wormholes and develop distributed detection methods by making as few restrictions and assumptions as possible. We fundamentally analyze the wormhole problem using a topology methodology and propose an effective distributed approach, which relies solely on network connectivity information, without any requirements on special hardware devices or any rigorous assumptions on network properties. We formally prove the correctness of this design in continuous geometric domains and extend it into discrete domains. We evaluate its performance through extensive simulations. Index Terms—Connectivity, topological approach, wireless ad hoc and sensor networks, wormhole detection.
ORMHOLE attack is one of the most severe security threats – in ad hoc and sensor networks. In wormhole attacks, the attackers tunnel the packets between distant locations in the network through an in-band or out-of-band channel. The wormhole tunnel gives two distant nodes the illusion that they are close to each other. The wormhole can attract and bypass a large amount of network trafﬁc, and thus the attacker can collect and manipulate network trafﬁc. The attacker is able to exploit such a position to launch a variety of attacks, such as dropping or corrupting the relayed packets, that signiﬁcantly imperils a lot of network protocols including routing , , localization, etc. . This paper focuses
Manuscript received October 07, 2009; revised May 16, 2010 and November 18, 2010; accepted March 29, 2011; approved by IEEE/ACM TRANSACTIONS ON NETWORKING Editor D. Agrawal. Date of publication August 22, 2011; date of current version December 16, 2011. The work of D. Dong was supported in part by the NSFC under Grants 60903223 and 60903224. This work of M. Li was supported by COE_SUG/RSS_20Aug2010_13/14 in Nanyang Technological University of Singapore. The work of X.-Y. Li was supported in part by NSF CNS-0832120 and NSF CNS-1035894. D. Dong and X. Liao are with the School of Computer and the National Laboratory for Paralleling and Distributed Processing, National University of Defense Technology (NUDT), Changsha 410073, China (e-mail: dong@nudt. edu.cn; firstname.lastname@example.org). M. Li is with the Computer Science Division, School of Computer Engineering, Nanyang Technological University, Singapore 639798, Singapore (e-mail: email@example.com). Y. Liu is with the TNLIST, School of Software, Tsinghua University, Beijing 100084, China, and also with The Hong Kong University of Science and Technology, Kowloon, Hong Kong (e-mail: firstname.lastname@example.org). X.-Y. Li is with Department of Computer Science, Illinois Institute of Technology, Chicago, IL 61606 USA (e-mail: email@example.com). Digital Object Identiﬁer 10.1109/TNET.2011.2163730
on typical wormhole attacks. The adversary is an outsider who does not have valid network identity. The establishment of wormhole attacks is independent of the general security mechanisms employed in the network. The attacker can forward each bit of a communication stream over the wormhole directly without breaking into the content of packets. Thus, the attacker does not need to compromise any node and obtain valid network identities to become part of the network. Using the wormhole links, the...