TY - GEN
T1 - MOBIWORP
T2 - 2006 Securecomm and Workshops
AU - Khalil, Issa
AU - Bagchi, Saurabh
AU - Shroff, Ness B.
N1 - Funding Information:
This material is based upon work supported by the National Science Foundation under Grant No. ECS-0330016 and the Indiana 21st Century Research & Technology Fund under Grant No. 512040817. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors. We would like to thank DongHoon for his verification of equation (1) .
PY - 2006
Y1 - 2006
N2 - In multihop wireless systems, the need for cooperation among nodes to relay each other's packets exposes them to a wide range of security attacks. A particularly devastating attack is the wormhole attack, where a malicious node records control traffic at one location and tunnels it to a colluding node, possibly far away, which replays it locally. This can have an adverse effect on route establishment by preventing nodes from discovering legitimate routes that are more than two hops away. Previous works on tolerating wormhole attacks have focused only on detection and used specialized hardware, such as directional antennas or extremely accurate clocks. More recent work has addressed the problem of locally isolating the malicious nodes. However, all of this work has been done in the context of static networks due to the difficulty of secure neighbor verification with mobile nodes. The existing work on secure neighbor verification has limitations in accuracy, resource requirements, and applicability to ad-hoc and sensor networks. In this paper, we present a countermeasure for the wormhole attack, called MOBIWORP, which alleviates these drawbacks and efficiently mitigates the wormhole attack in mobile networks. MOBIWorp uses a secure central authority (CA) for global tracking of node positions. Local monitoring is used to detect and isolate malicious nodes locally. Additionally, when sufficient suspicion builds up at the CA, it enforces a global isolation of the malicious node from the whole network. The effect of MOBIWORP on the data traffic and the fidelity of detection is brought out through extensive simulation using ns-2.
AB - In multihop wireless systems, the need for cooperation among nodes to relay each other's packets exposes them to a wide range of security attacks. A particularly devastating attack is the wormhole attack, where a malicious node records control traffic at one location and tunnels it to a colluding node, possibly far away, which replays it locally. This can have an adverse effect on route establishment by preventing nodes from discovering legitimate routes that are more than two hops away. Previous works on tolerating wormhole attacks have focused only on detection and used specialized hardware, such as directional antennas or extremely accurate clocks. More recent work has addressed the problem of locally isolating the malicious nodes. However, all of this work has been done in the context of static networks due to the difficulty of secure neighbor verification with mobile nodes. The existing work on secure neighbor verification has limitations in accuracy, resource requirements, and applicability to ad-hoc and sensor networks. In this paper, we present a countermeasure for the wormhole attack, called MOBIWORP, which alleviates these drawbacks and efficiently mitigates the wormhole attack in mobile networks. MOBIWorp uses a secure central authority (CA) for global tracking of node positions. Local monitoring is used to detect and isolate malicious nodes locally. Additionally, when sufficient suspicion builds up at the CA, it enforces a global isolation of the malicious node from the whole network. The effect of MOBIWORP on the data traffic and the fidelity of detection is brought out through extensive simulation using ns-2.
KW - Mobile ad-hoc networks
KW - Neighbor watch
KW - Node isolation
KW - Secure neighbor discovery
KW - Wormhole attack
UR - http://www.scopus.com/inward/record.url?scp=50049132985&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=50049132985&partnerID=8YFLogxK
U2 - 10.1109/SECCOMW.2006.359564
DO - 10.1109/SECCOMW.2006.359564
M3 - Conference contribution
AN - SCOPUS:50049132985
SN - 1424404231
SN - 9781424404230
T3 - 2006 Securecomm and Workshops
BT - 2006 Securecomm and Workshops
Y2 - 28 August 2006 through 1 September 2006
ER -