Public key encryption approach to mitigate wormhole attacks


Published on

Published in: Education, Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Public key encryption approach to mitigate wormhole attacks

  1. 1. International Journal on Recent and Innovation Trends in Computing and Communication ISSN: 2321-8169 704 – 707 Volume: 1 Issue: 9 ______________________________________________________________________________ PUBLIC KEY ENCRYPTION APPROACH TO MITIGATE WORMHOLE ATTACKS Asha Thomas Department of Computer Science and Engineering Sree Buddha College of Engineering Pattoor,Alappuzha Abstract— In wireless sensor network a lot of attacks can be initiated but most of them are comparatively easy to detect because of their property of dramatically changing the network data. It is very vital when considering security issues of MANET to consider wormhole attack, which is complex to detect & can spoil important data by directing to illegal nodes. In the route discovery process, a wormhole can relay route request and response messages between far-away nodes, creating the manifestation of shorter path to destination. Since the wormhole can be at anyplace along a path, a source will have to identify it when a node sets up the route. Many protocols have been proposed, their confrontation towards various types of security attacks and efficiency are key point of concern in implementing these protocols. Keywords- Wireless Sensor Network, wormhole attack, Manet. ________________________________________________________*****_____________________________________________________ I. INTRODUCTION Wireless Sensor Network (WSN) is a growing technology which is offering solution to variety of application areas such as health care, military and industry. These kinds of networks usually apply number of devices known as sensor devices. These sensors which are limited are distributed over the environment and communicate through the wireless media. They are also responsible of sensing environment and transmission information as well. Usually the transmission task is critical as there are huge amount of data and sensors devices are restricted. As sensor devices are limited the network exposed to variety of attacks. Conventional security mechanisms are not suitable for WSNs as they are usually heavy and nodes are limited. The problem of wormhole attacks can occur to all types of wireless networks. Therefore, identifying the possibility of wormhole attacks and methods to protect against these attacks are important to the security of wireless networks as a whole. As a wormhole attack challenges higher-level protocols, most effective procedures to detect such attacks are based on looking for inconsistencies in measurements performed at the physical layer. The medium for information to travel on wireless networks is air and in a sense, without physical boundary makes wireless networks more vulnerable than wired networks to security attacks like eavesdropping, man-in-the-middle, etc. that might have been better protected against in wired networks. It is also more difficult to come up with security measures of protecting data that flows through the air. Wireless sensor networks have become an integral part of the digital society of this world due to the easiness of implementation and, in general, the lower cost in comparison to the wired networks. Also, due to its ease of use and convenience, it is very popular to users and it is getting even more so that it exists in more and more places. Wireless networks have also been deployed in placed that were deemed infeasible for the deployment of wired networks and have been the preferred method in new areas. We can see wireless networks exist in all different sectors, i.e. government and private sectors, across the globe and for different types of usage. On top of that, the outburst of devices and applications that were designed to work in wireless networks are just incredible. Just look at all the hand held devices and the applications that goes with them and how the information flows seamlessly from wired to wireless devices. It is becoming the way of life and it is expected to be. II. WORMHOLE ATTACK Wormhole attack is a relay-based attack that can disrupt the routing protocol and therefore disrupt or breakdown a network and this is the reason the attacks are serious. There are 4 steps to explain about a general wormhole attack. 1. An attacker has two trusted nodes (or two colluded attackers each has one node) in two different locations of a network with a direct link between the two nodes. 2. The attacker records packets at one location of a network. 3. The attacker then tunnels the recorded packets to a different location. 4. The attacker re-transmits those packets back into the network location from step 1. Fig.1: Illustration of Wireless Sensor Network 704 IJRITCC | September 2013, Available @ ______________________________________________________________________________
  2. 2. International Journal on Recent and Innovation Trends in Computing and Communication Volume: 1 Issue: 9 697 – 699 ______________________________________________________________________________ Figure 1.1 shows an example of a wormhole attack. Let us assume that network A and B are not neighbors. However, X and Y are the wormhole nodes that are connected through a wormhole link that is created by the attacker. Due to this attack, node A and B consider them as neighbors by sending routing messages. The attacker can choose to disrupt communications between A and B. Overall, the routes in the network can be re-arranged when the attack occurs during protocol discovery phase. For example, using figure 1, we can see that packets from protocol discovery phase will get from node A to node B fastest if going through the wormhole link since it has the smallest number of hops. This causes the disruption of the routing protocol and brings severe damage to the network. In an infrastructure based wireless network, the two nodes that form the wormhole link can be two rogue access points. A rogue access point is an access point that is not authorized to be in a wireless network and is usually setup by an attacker to sniff the traffic or to do with attacks that the attacker launches. The attacker has two rogue access points in the infrastructure based wireless network. The essential point remains the same and that is packets from one rogue access point will be getting to the other rogue access point faster than other routes as to create a false idea that two end-point devices are close to each other when they are not. The attacker has the control over the rogue access points so he/she can launch wormhole attacks without the need to worry about cryptographic keys or the need to compromise any legitimate node in the network. III. RELATED WORK Wormhole attacks were introduced by Hu Dahill and Papadimitratos in their respective papers. A lot of search has been done to detect and protect against wormhole attacks and more research and protection methods are continued to be developed. So far most of them focus on ad-hoc or sensor wireless networks. However, there is some research done in infrastructure based wireless networks in recent years. Hu et al. developed the idea of packet leashes to detect wormhole attacks. This was developed for ad-hoc network but also works for the other types of networks as well. Packet leash is a detecting and defending mechanism against wormhole attacks. “A leash is any information that is added to a packet designed to restrict the packet‟s maximum allowed transmission distance.” There are two types of leashes: geographical and temporal. Extra authentication information needs to be added to the packets. Geographical leash depending on each node knows its own location and also require loose clock synchronization. Temporal leash needs to have tight clock synchronization and utilizing the speed of light. Either of these defends against wormhole by calculating distance the packets travels. When a packet is over the distance allowed limit then the receiving knows that the packet is no good and does not accept it. Temporal leashes with TIK (TESLA with Instant Key Disclosure) in conjunction with precise timestamps and tight clock synchronization offer the most efficient way of working against wormhole attacks. Since infrastructure based wireless networks are widely used and wormhole attacks can cause significant damage to the networks, it is import to have good methodologies of preventing the attacks. As we can see, most of research work related to wormhole attacks has been focusing on ad-hoc and sensor networks. However, as Sriram et al. indicated in their paper that wormhole attacks also have significant effects on infrastructure based wireless networks by using two rogue access points and a low latency link. Bogus route information can be established this way. Each access point maintains a list of its direct neighbors and their direct neighbors, which makes it easy to identify when some access point is pretending to be its neighbor. An access point will not accept a packet that is not from its neighbor or forward a packet to an access pint that is not its neighbor. Link verification starts right after the period of neighbor discovery where an access point monitors the traffic going in and out of its neighbors, in which internal attacks can be identified and prevented. Wang et al. suggested detection attacks in mobile ad-hoc network through the lifetime of the route between two end points by adding detection information to data packets. Maheshwari et al proposed an algorithm using only connectivity information between nodes to look for forbidden substructures in ad-hoc and sensor wireless networks to detect wormhole attacks. This approach is completely localized and does not require any special hardware or location information. The algorithm does not depend on wireless communication model; however, the knowledge helps estimation of a parameter in the algorithm. The method which proposed by Graaf et al relies on the use of additional devices as intrusion detection nodes. According to their assumption, deployment of the networks should be in the way that every sensor node accompany with its neighbor be monitored with at least one ID which make arrangement not suitable for dynamic deployment or scalability. Another drawback of this approach is that, active wormhole attack will often not be detected if the length of the tunnel is less than two times of ID‟s communication range and passive attacks will not be identified if the length of tunnel is greater than three times of ID‟s communication range. Other approach which was proposed in (Rasheed & Mahapatra, 2009) uses mobile sink ,it will be suitable for only some kinds of applications which required MS and also applies additional hardware in order to provide its mobility. Also, it applies multiple channel radio transmission which may not be available for all kinds of nodes. Jakob Erikson, Shrikanth V. Krishnamurty and Michalis Faloutos proposed a countermeasure for wormhole attack in a wireless network. They proposed TrueLink Protocol for defending wormhole attack. It checks bidirectionality of links. It enables a node to verify adjacency of apparent neighbor. It uses a combination of timing and authentication. It uses together with secure routing protocol. 705 IJRITCC | September 2013, Available @ ______________________________________________________________________________
  3. 3. International Journal on Recent and Innovation Trends in Computing and Communication 697 – 699 Volume: 1 Issue: 9 ______________________________________________________________________________ Therefore underling this assumption made the proposed method not suitable for many application of WSNs which do not have reliable media to transfer neighbor list to the base. encrypted data which is then encrypted with the private key of the sender. The hash of data taken contributes to authentication. There are methods proposed preventing wormholes like attacks in ad-hoc networks by verifying physical presence of neighbors. Encrypt ( KSPR Encrypt ( KRPE, D)) + Encrypt (KSPR, H(D)) IV.PROPOSED SYSTEM In order to mitigate effect of wormhole attack in wireless sensor network, a neighbor discovery process has been proposed. There are some criteria to determine whether wormhole attack is performing in the network or not. Some methods use statistical approach. They find dramatic changes in the certain statistical patterns and then decide on existence of wormhole in the network. Longer propagation can be another symptom of wormhole existence. Additionally we can determine the existence of wormhole in the network by checking the parameters such as bigger transmission range than that of normal condition, and previous node is not a neighbor as well. The proposed method is based on the fact that mentioned wormhole data comes from unauthorized and illegal neighbors. The proposed method works in two phases. They are the neighbor discovery phase and the encryption phase. The discovery phase starts with every node in network, say „A‟. It sends a HELLO message to the all one hope neighbors in the network. This broadcasted message contains source address and its own public key, which is broadcasted to all nodes. In response to this message, every authentic neighbor sent their own public key to „A‟. Receiver public key of one hop neighbor sent in the encrypted message format. This message contains source ID, public key of „B‟ encrypted with the public key of A and destination address. When the node „A‟ want to send data to „B‟ then „A‟ encrypt data with public key of „B‟ and this data again encrypted with the private key of sender i.e. „A‟. When receiver „B‟ receives data from the sender „A‟ then first „B‟ decrypt data with public key of sender A and remaining data is decrypted with its own private key. In this way secure communication is done. For encryption and decryption purposes we use the RSA technique. Every node should share its public key with its neighbors during neighbor discovery phase. Thus the first phase help in recognizing the neighbors. Then the proposed system undergoes the encryption phase which comprises of another two phases: Encryption and authentication, Decryption and Verification. Confidentiality is the ability of hiding message to an unauthorized attacker. It means that if an illegal and unauthorized adversary access to the message, it cannot understand it. Authentication is ability to identify the reliability of message origin. In encryption, the data to be sent is encrypted with the public key of the receiver and the hash of data is added with the Data Transmitted by node is in encrypted form as Where E is public key encryption function, KSPR is private key of sender node, KRPE is public key of Receiving Node, H (M) is hash function to calculate message digest. Fig 2: Encryption and Authentication Integrity provides a mechanism in order to know whether the message had been tampered or not. The received data gets decrypted by the receiver using the private key of the receiver. The hash values are compared with the public key of the sender. If the hash values are equal then the message gets verified. Fig 3: Decryption and Verification Thus the combined action of the two phases eliminated pretending identity of neighbor node completely even if attacker in present at time of neighbor discovery. If node receives data with false digest value then it declares packet received through wormhole node and discards packet. It also discards routing entry for wormhole node. V. CONCLUSION Wormhole attacks have been identified as attacks that can be powerful and can cause severe damage to the network. It is not something that can be taken lightly. Methodologies for detecting and protecting against these attacks have been proposed mainly for ad-hoc and sensor networks. It is new for infrastructure based networks. However, it is not less significant. Therefore it was mentioned a possible strategy in detecting and protecting against wormhole attacks by combining the neighbor discovery phase and encryption phase 706 IJRITCC | September 2013, Available @ ______________________________________________________________________________
  4. 4. International Journal on Recent and Innovation Trends in Computing and Communication Volume: 1 Issue: 9 697 – 699 ______________________________________________________________________________ to mitigate wormhole attacks, and maybe other attacks in infrastructure based wireless networks by focusing on identifying rogue access pints in infrastructure based wireless networks. [13]DAWWSEN: A Defense Mechanism Against Wormhole Attacks in Wireless Sensor Networks, Rouba El Kaissi, Ayman Kayssi, Ali Chehab and Zaher Dawy, 2005 [14]A Secure Routing Protocol for Ad-hoc Networks, B. Dahill, B. N. Levine, E. Royer and C. Shields, 2001 REFERENCES [1] Ali modirkhazeni, Saeedeh Aghamahamoodi, and Naghmeh Niknejad,“Distributed Approach To Mitigate Wormhole Attack in Wireless Sensor Network ”,2011IEEE , page no. 122-128 [2] Dhara Buch, Devesh Jinwala “Detection of wormhole attack in Wireless Sensor”, Proc of international conference on Advances in Recent Technologies In communication computing 2011, Page no. 7-14. [3] Prabhudatta Mohanty, Sangram Panigrahi, Nityananda Sharma and Siddhartha Sankar Satapathy,“Security Issues In Wireless Sensor Network Data Gathering Protocols : A Survey ”Journal of Theoretical & Applied Information Technology 2005-2010 JATIT, Page no. 14-27 [4] Al-Sakib Khan Pathan, Hyung –Woo Lee Choong Seon Hong,“ Security In Wireless Sensor Networks : Issues & Challenges” Feb 20-22, 2006 ICACT 2006 , ISBN 89-5519129-4, Page no. 1043-1048R. E. Sorace, V. S. Reinhardt, and S. A. Vaughn, “High-speed digital-to-RF converter,” U.S. Patent 5 668 842, Sept. 16, 1997. [15]Secure Routing for Mobile Ad Hoc Networks, P. Papadimitratos and Z. Haas, 2002 [8]Detecting and Avoiding Wormhole Attacks in Wireless Ad Hoc Networks, Farid Na¨ıt-Abdesselam, Brahim Bensaou and Tarik Taleb, 2007 [16]Defending against Wormhole attacks in Mobile Ad Hoc Networks, Weichao Wang, Bharat Bhargava, Yi Lu and Xiaoxin Wu, 2006 [17]Detecting Wormhole Attacks in Wireless networks Using Connectivity Information, Ritesh Maheshwari, Jie Gao and Samir R Das, 2007 [18]Statistical Wormhole Detection in Sensor Networks, Levente Buttyán, Lászlό Dόra and István Vajda, 2007 [5] Xiaujiang Dv, Hsiao-HWACHEN, “Security In a Wireless Sensor Network ”, IEEE Wireless Communication, August 2008, Page no. 60-66 [6] Abhishek Jain, Kamal Kant, M. R. Tripathy,“ Security Solutions For Wireless Sensor Networks ” Second International Conference In Advanced Computing and Communication Technologies, 2012 IEEE, Page no. 430-433 [7] Sanzgiri , Kimaya, “ A Secure Routing Protocol For Ad Hoc Networks ” ,2002, 10th IEEE International Conference, Page no. 78-87 [8] Gunhee Lee, Dong-kyoo Kim, Jungtaek Seo, “An Approach To Mitigate Wormhole Attack In Wireless Ad Hoc Networks”,International Conference On Information Security & Assurance, 2008 IEEE, Page no. 220-225. [9]Verifying Physical Presence of Neighbors against Replaybased Attacks in Wireless Networks, Turgay Korkmaz, 2005 [10]Methodology for Securing Wireless LANs Against Wormhole Attack, V. S. Shankar Sriram, Ashish Praptap Singh and G. Sahoo, 2009 [11]LITE WORP: A lightweight Countermeasure for the Wormhole Attack in Multihop Wireless Networks, Issa Khalil, Saurabh Bagchi and Ness B. Shroff, 2007 [12]Analysis of Detecting Wormhole Attacks in Wireless Networks, Khin Sandar Win, 2009 707 IJRITCC | September 2013, Available @ ______________________________________________________________________________