Detection and Elimination of Wormhole Attacks in a MANET

—Wormhole attacks in Mobile ad hoc networks is impermeable to traditional security measures. The attack can be launched regardless of the MAC, routing, or security protocol used in the network. Two or more malicious nodes in conspiracy usually perform the wormhole attack. Two malicious nodes at different locations send received routing messages to each other via a secrete channel. In this way, although the two malicious nodes are located far from each other, they appear to be within one-hop communications range. Wormhole nodes can successfully execute such attacks without compromising any computer, and are inevitable even though some ad hoc wireless networks provide authenticity and confidentiality protection. Practically all widespread security extensions are proposed for popular routing protocols but they do not alleviate wormhole attacks. However, since wormhole attack such a severe thread to MANET security. In this situation wormhole attack methodology presented is motivated by WARP and the same procedure and terminology is used but slight modification In this work wormhole attack is detected and eliminated by simply modifying AODV routing protocol and its performance is measured.


I.INTRODUCTION
Mobile ad hoc network formed temporarily for emergency needs and emerged with great popularity because the networks has no fixed infrastructure, dynamic and scalable.These networks mainly used for battlefield and emergency conditions and hence security is the main problem.In a MANET, a node can join a network automatically if the network is in the radio range of the node, thus it can communicate with other nodes in the network.MANET is more susceptible to attacks when no secure boundaries used.These networks exposed to attacks due to their security vulnerabilities.Wormhole attack is the one of the most serious attack that affects the availability and confidentiality security services.
Rest of the paper is organized as follows, Section I contains the introduction of Mobile ad hoc networks , Section II contain the related work of Wormhole attacks, Section III contain the methodology and procedure for proposed algorithm, Section IV describe the results and discussions and Section V presents conclusion and future scope.

II.RELATED WORK
Several solutions have been proposed in the literature for wormhole attacks in MANET.
In [1,2], who introduced wormhole attacks in ad hoc networks, suggested the use of geographical or temporal packet leashes to detect wormholes.A geographical leash (location-and time-based approach) requires each node to know its own location and all nodes to have loosely time synchronized clocks.The nodes need to securely exchange the information and have to authenticate the location and time information.S.Capkun, L.Buttyain, and J.-P.Hubaux, SECTOR: secure tracking of node encounters in multi-hop wireless networks [3].Presented a protocol (distance bounding approach) that is based on distance bounding and does not require synchronization or location information to prevent wormhole attacks.However, they depend on a secure challenge requestresponse and require accurate time measurements.They assumed that the network operates with central authority that controls the network membership and assigns unique identity to each node.
In [4], using Directional antennas to prevent worm hole attack (special hardware approach).They assumed that the antennas on all nodes are aligned (which may be difficult in practice) and share a secret key with each other Khalil et al have developed two protocols to defend against wormholes: LITEWORP [5] and MOBIWORP [49].LITEWORP (time-based and neighbor information approach) works with a static network and assumes that there is a guard node within the transmission range of any two neighboring nodes.
In [6] (centralized and connectivity information approach) presented a scheme to detect wormhole attacks based on statistical analysis.A protocol that is employing connectivity information to detect wormholes is presented in [7] In [8] (distance bounding approach) proposed a distributed technique to detect in-band wormhole attacks in mobile ad hoc networks.The protocol is based on the propagation speeds of requests and statistical profiling.
H.Vu, A.kulkarni, K. Sarac, and N.Mittal, A new framework to detect wormhole attacks in wireless ad hoc networks was proposed in [9] (time-based approach).The detection consists of two phases.The first phase is supposed to be inexpensive, referred to as "suspicion", and must detect the wormhole.Two techniques are used in this phase to detect the wormhole RTT (round trip time) and topology information.
In [10] (location-based approach) an end-to-end wormhole attack detection is proposed.Based on geographic information exchanged between the source and the destination, the source node estimates the minimum hop count to the destination.
In [11] Proposed a modified dynamic source routing protocol for mobile ad-hoc networks (DSR) [11] proposed a modified DSR protocol to defend against wormhole nodes by adopting a multi-path routing method.
In [12] Wormhole detection mechanism for ad hoc wireless networks (proposed an AODV-based routing protocol) authors proposed a wormhole detection mechanism that relies on delay measurements.
In [14] an approach to mitigate wormhole attack in wireless ad hoc networks.In this, the authors proposed a scheme in which each node must broadcast messages that can be transmitted over two hops.Each node records the neighboring list of one hop and two hops, as well as the corresponding session keys.
In [15] Detecting and avoiding wormhole attacks in optimized link state routing protocol.In this the messages are exchanged to defend against wormhole attacks in the Optimized Link State Protocol (OLSR) based routing protocol, as wormhole nodes should process a large amount of packets, causing longer delays of packets than in normal nodes.
In [16], the author proposed a modified ad hoc on demand protocol for MANET to defend against wormhole attacks.The proposed solution uses a multi-path routing method.

III.METHODOLOGY
In this, the principle used is to allow neighboring nodes of a wormhole node to notice that the wormhole node has an extreme capacity of competition in path discovery.In discovering the path, an intermediate node will attempt to make a route that does not go through a hot neighbor node, which has a route that builds route higher than the threshold.Thus, not only wormhole nodes are gradually identified and isolated by their normal neighboring nodes but traffic can also be avoided concentrating on nodes in order to achieve traffic load balance.Although a normal node may be located at a key position of connectivity in a work, and hence be isolated due to a high route-building rate, it would not be at the key position for long as the ad hoc wireless network topology is constantly changing.This is based a multi-path routing algorithm [17] it takes multiple paths for route discovery and only one path for data transmission.Wormhole node is detected using anomaly value of node after receiving route reply.The existing solution is good in terms of throughput or packet delivery ratio.However, the solution does not consider the tunneling property of wormhole node.In proposed solution, wormhole node is detected at the destination using hop count when it receives the route request and anomaly detection for route reply.Worm hole attack is detected using AODV protocol

PROPOSED SOLUTION USING MODIFIED WARP
In this, same methodology is used as in WARP [16].Wormhole attack is detected and eliminated by modifying the fields of AODV protocol format.
Wormhole attacks are avoided by considering two properties of wormhole 1.The nature of wormhole attack is to form a tunnel like channel between sources to destination that uses shortest route to destination.It uses minimum number of hop counts to reach the destination.2. The wormhole node grabs the route from neighboring nodes to send the reply to source.Wormhole attack due to tunneling is detected by using hop count limit for RREQ at destination.This attack also exists due to second property.This can be detected using anomaly detection for secure neighbor discover for Route reply (RREP).If yes, the RREQ is dropped; otherwise the destination node replies to each RREQ with an RREP along the reverse route, in spite of the values in its hop count on first-hop fields.

Procedure for Forwarding of RREP
In WARP [16], only the destination node can send RREP regardless of how many RREQs it received.The destination will reply until the sequence number or an RREQ is smaller than existing sequence number in the routing table.

Procedure for receiving an RREP-DEC
In this, an intermediate node is prohibited to reply to the RREQ with an RREP and only the destination node can send RREPs back to the originator because each node has the responsibility to monitor the anomaly values of its neighboring nodes.If one intermediate node replies to the RREQ with an RREP, none of the following nodes on the path would be able to properly accumulate the anomaly value of its next neighboring node along the route.
After receiving the RREQs, the destination node will reply to them with RREPs one by one.Unless the sequence number of an RREQ is smaller than the existing sequence number in the routing table (i.e. the RREQ is expired).Finally, the originator would use the only forward entry to transmit the RREP-DEC packet to the destination along the route.This packet has three purposes: 1. Inform the nodes on the route that they are winners in the route competitors.2. Inform the nodes on the route (including the originator) to update the anomaly value of its neighboring node (next hop to the destination) on the forward entry, and 3. Inform the destination node to delete useless reverse route entries.
In In this, an additional property of wormhole has introduced, i.e. even though this is based on multipath link disjointness wormhole uses the shortest path to reach the destination with minimum hop count.If more number of one hop neighbors are present at the destination more delay will be required to find out the reverse route to source by using anomaly value.The destination itself avoids to sends the RREP to those having minimum hop count below threshold.To do this, in RREQ route discovery each node adds hop count and node ID.In this solution, delay decreases at the cost of increased overhead.This is the one of the important requirement in real time applications such as emergency, disaster condition where fast delivery is important.

Simulation Scenario
Several scenarios have been considered to evaluate the performance evaluation.In this scenario, number of nodes, node mobility and number of malicious nodes are variable parameters.The performance metrics in each scenario and all the simulation scenarios are configured according to the table 1.In this scenario, 50 normal mobile nodes were randomly distributed in a 1200m x1200m space, with transmission range of about 250m.

V.CONCLUSION AND FUTURE SCOPE
In this study, the effects of wormhole attack in Mobile adhoc networks are analyzed.The proposed solution is implementation using an AODV protocol and the behavior of wormhole attack is simulated in NS-2.In this work security against wormhole attack provided which causes the interception and confidentiality of the ad hoc wireless networks.Proposed work is based on WARP and compared the modified WARP with WARP.Modified WARP detects and eliminates the wormhole attack.In modified WARP throughput is more, average end-to-end delay is less and.routing overhead increases slightly compared to the WARP.

FigFig 1 .Fig 2 .Fig 3 .
Fig (a) In this procedure, a node receiving RREQ first judges whether it is the destination node, if not, it is an intermediate node.For an intermediate node, if the hop count in the RREQ is larger than the hop count in the corresponding entry (having the same originator IP) of the routing table.The RREQ is directly dropped; otherwise, the node creates a new entry in the routing table (multiple reverse entries, with the same originator IP but different first-hops), copies the data of the RREQ into this entry, and then drops the RREQ for a destination node receiving a RREQ.Then it checks whether the originators sequence number of the RREQ is smaller than that of an entry with the same destination IP in the routing table.