On Mitigating In-band Wormhole Attacks in Mobile Ad Hoc Networks

On Mitigating In-band Wormhole Attacks in Mobile Ad Hoc Networks Colluding malicious insider nodes with no special hardware capability can use packet encapsulation and tunnelling to create bogus short-cuts (in-band wormholes) in routing paths and influence data traffic to flow through them. This is a particularly hard attack using which even a handful of malicious nodes can conduct traffic analysis of packets or disrupt connections by dropping packets when needed. Using simulations we show that a disproportionately large amount of traffic goes through routes with wormholes even when a secure routing protocol such as Ariadne is used. To mitigate this, we propose distributed techniques based on the propagation speeds of requests and statistical profiling; they do not require network-wide synchronized clocks, do not impose any additional control packet overhead, and need only simple computations by the sources or destinations of connections. We implemented our techniques in Ariadne and evaluated their effectiveness using the Glomosim simulator. Our results indicate that in-band wormhole creation and usage can be reduced by a factor of 2-10. Also, the false alarm rates of the proposed techniques are very low and have little impact on normal network operation, making them practical for MANETs.