Detecting Wormhole Nodes in WSN using Data Trackers

Wormhole attack can be destabilizes or disables wireless sensor networks. In a typical wormhole attack, the attacker receives packets at one point in the network and forwards them with a less latency than the network links, and relays them to another point in the network. This paper describes the taxonomy of wormhole attack and presents the several scenarios of wormhole attacks. KeywordsWireless sensor network, Wormhole detection, Ad hoc network, tunnel, latency, Wireless sensor nodes, malicious node. INTRODUCTION The basic wireless sensor network [1] consists of large number of sensor nodes which are densely deployed over a sensor field. All nodes are connected by radio frequency, infrared, or other medium without any wire connection. This type of network is called wireless sensor network Fig.1.1 is shown below.WSN contains micro-controller, circuit for interface between sensor node and battery, a radio transceiver with antenna for generating the radio waves through which they can communicate and perform operations [2]. Fig.1.1: General Wireless Sensor Network With the rapid development in wireless technology, ad hoc network have emerged to attract the attention from industrial and academic research projects. Ad hoc networks are vulnerable to attacks due to many reasons a particularly severe security attack, called the wormhole attack [3], [4], [5]. During the attack [6] an adversary receives packets at one location in the network and tunnel them to another location in the network, where the packets are resent into the network .The remainder of this paper is organized as the following way. Section II gives the taxonomy and basic definition of Wormhole attack. Section III presents survey on wormhole attack. Finally, conclusion is presented in Section IV. WORMHOLE ATTACK In the wormhole attack, an attacker receives packets in one part of the network over a low latency and tunnels them in a different part. The simplest instance of this attack is that single node is situated between two other nodes for forwarding the messages between two of them. International Journal of Engineering Research and General Science Volume 2, Issue 4, June-July, 2014 ISSN 2091-2730 289 www.ijergs.org Fig.2.1: Wormhole Attack Depending on whether the attackers are visible on the route, packets forwarding behavior of wormhole nodes as well as their tendency to hide or show the identities, wormholes are classified into three types: closed, half open, and open as shown in fig.2.2. 1. Open Wormhole In this mode, nodes (Source(S), destination (D), wormhole ends M1 and M2) are visible and A and B are kept to be hidden. The attacker is aware about the presence of malicious nodes which further include themselves in the packet header to follow the route discovery procedure. 2. Half-Open Wormhole Malicious node M1 near the source (S) is visible, while second end M2 is set hidden. To tunnel the packets from one side to another over the path S-M1-D sent by S for D, attacker does not modify the contents of the packet and rebroadcasts it. 3. Close Wormhole Identities of all the intermediate nodes (M1, A, B, M2) on path from S to D were kept hidden. In this scenario both source and destination feel themselves just one-hop away from each other. Thus fake neighbors were created. Fig.1.3: Representation of Open, Half-Open and Closed Wormhole A. Taxonomy of Wormhole Attack Wormhole attacks can be classified based on implementation technique used for launching it and the number of nodes involved in establishing wormhole into the following types: 1. Wormhole using Packet Encapsulation Nodes exist between two malicious nodes and the data packets are encapsulated between the malicious nodes. Hence, routing protocols that use hop count for path selection are particularly susceptible to encapsulation-based wormhole attacks. International Journal of Engineering Research and General Science Volume 2, Issue 4, June-July, 2014 ISSN 2091-2730 290 www.ijergs.org 2. Wormhole Using High-quality/Out-of-band Channel In this mode, the wormhole attack is launched by having a high-quality, single-hop, out-of-band link (called tunnel) between the malicious nodes. This tunnel can be achieved, for example, by using a direct wired link or a long-range directional wireless link. 3. Wormhole Using High-power Transmission Capability In this only one malicious node with high-power transmission capability increases its chance to be in the routes established between source and the destination without the interference of another malicious node. When a malicious node receives an RREQ, it broadcasts the request at a high-power level. Any node that hears the high-power broadcast rebroadcasts the RREQ towards the destination. [11]. 4. Wormhole Using Packet Relay In this attack, one or more malicious node relays data packets of two distant sensor nodes to convince them that they are neighbors. This kind of attack is also called "replay-based attack”. 5. Wormhole Using Protocol Distortion In this mode, one malicious node tries to attract network traffic by distorting the routing protocol. Routing protocols that are based on the 'shortest delay' instead of the 'smallest hop count' is at the risk of wormhole attacks by using protocol distortion.