Secure Neighborhood Creation in Wireless Ad Hoc Networks using Hop Count Discrepancies

Abstract

A fundamental requirement for nodes in ad hoc and sensor networks is the ability to correctly determine their neighborhood. Many applications, protocols, and network wide functions rely on correct neighborhood discovery. Malicious nodes that taint neighborhood information using wormholes can significantly disrupt the operation of ad hoc networks. Protocols that depend only on cryptographic techniques (e.g, authentication and encryption) may not be able to detect or prevent such attacks. In this paper we propose SECUND, a protocol for creating a SECUre NeighborhooD, that makes use of discrepancies in routing hop count information to detect “true” neighbors and remove those links to nodes that appear to be neighbors, but are not really neighbors. SECUND is simple, localized and needs no special hardware, localization, or synchronization. We evaluate SECUND using simulations and demonstrate its effectiveness in the presence of multiple and multi-ended wormholes. Lastly, we present approaches to improve the efficiency of the SECUND process.

Appendix: Detection example in a grid network

We illustrate how the detection process works with a grid network as on example. It is far easier to detect wormholes in grid networks if the topology is known a priori simply because of the increase in the number of neighbors. We use the grid network only for the purpose of illustrating the algorithm. The process works for random topologies and perturbed grids as well, as shown in Section 4. Consider Fig. 26 that shows a grid network where the grid spacing is d. If we ignore d, we can use integer coordinates for nodes in two dimensions. In Fig. 26, the bottom-leftmost node has coordinates (0,0). We assume that the ranges of nodes are such that each node has exactly four neighbors (those that are at a distance d from a node) as shown in the figure. Let a wormhole exist with its endpoints having the the same range as regular nodes. Let end-point M ₁ be located at coordinates (m _1,x , m _1,y ) such that m < m _1,x  < m + 1 and n > m _1,y  > n − 1. Let the other end-point M ₂ be located at coordinates (m _2,x , m _2,y ) such that p > m _2,x  > p + 1 and q < m _2,y  < q − 1. Since m, n, p, q can be anything, this does not lose any generality although we assume p > m and q < n by at least a few hops in what follows. We can observe the following properties for this scenario.

1. 1.

   Given a node with coordinates (m, n), it can only reach nodes at (m, n − 1), (m, n + 1), (m − 1, n) and (m + 1, n) when there is no wormhole.

2. 2.

   The true shortest path between a node at (m, n) and a node at (p, q) has |p − m| + |q − n| hops. In Fig. 26, (m, n) = (2, 8) and (p, q) = (8, 3). The shortest path between these nodes is 6 + 5 = 11 hops.

3. 3.

   The set \(N_{M_1}\) consists of nodes with coordinates (m, n), (m + 1, n), (m, n − 1), (m + 1, n − 1). The set \(N_{M_2}\) consists of nodes with coordinates (p, q), (p − 1, q), (p, q + 1), (p − 1, q + 1).

4. 4.

   The wormhole physically spans a physical distance of \(d=\sqrt{(m_{x,1} - m_{x,2})^2 + (m_{y,1} - m_{y,2})^2}\), but the minimum number of true hops between any node \(\in N_{M_1}\) and any node \(\in N_{M_2}\) is |m − p| + 2 + |n − q| + 2 hops. This is the shortest path from the node at (m + 1, n − 1) to the node at (p − 1, q + 1). In the example in Fig. 26, this is 7 hops.

Fig. 26

Example of a grid network

Let us suppose that a node A at (m, n) is checking its link with a node B at (p, q) to see if a wormhole is in its vicinity. When the node A at (m, n) initially asks for its neighbors, it gets responses from nodes at: (m, n − 1), (m, n + 1), (m − 1, n), (m + 1, n), (p, q), (p − 1, q), (p, q + 1), (p − 1, q + 1). If we identify nodes by their coordinates:

• N _A  = {(m, n − 1), (m, n + 1), (m − 1, n), (m + 1, n), (p, q), (p − 1, q), (p, q + 1), (p − 1, q + 1)}

• \(\hat{N_A} = (m,n-1), (m,n+1), (m-1,n), (m+1,n)\}\)

• \(N_A^* =\{(p,q), (p-1,q), (p,q+1), (p-1,q+1)\}\).

Similarly, N _B  = {(p, q + 1), (p, q − 1), (p − 1, q), (p + 1, q), (m, n), (m + 1, n), (m, n − 1), (m + 1, n − 1)}. From this, we can see that N _B  − N _A  = {(p + 1, q), (p, q − 1), (m + 1, n − 1)}. The target node T that is picked by A belongs to this set, i.e., T ∈ {(p + 1, q), (p, q − 1), (m + 1, n − 1)}. Node A will ask the nodes in N _A to find routes to T avoiding nodes in N _A and N _B and having at least one intermediate node. We see there are three cases:

• Case 1: If T = (p + 1, q), the lengths of routes will be as shown in Table 4 (assuming p > m and q < n—otherwise absolute values of the differences will have to be used). Unless p − m + n − q + 2 < η + 3, the wormhole will most certainly be detected.

• Case 2: If T = (p, q − 1), a similar tabulation of routes indicates that the longest route is still p − m + n − q + 2 hops long and a similar conclusion is reached. We do not tabulate the length of routes in this case.

• Case 3: If T = (m + 1, n − 1), the lengths of routes will be as shown in Table 5. In this case, the wormhole is detected as long as p − m + n − q − 3 > η + 3.

Table 4 Lengths of routes to T = (p + 1, q)

Table 5 Lengths of routes to T = (m + 1, n − 1)