# WormHole Attack in MANET

August 19, 2017

A wireless ad-hoc network is temporarily set network by wireless mobile computers moving arbitrary in the place that have no fixed infrastructure and all of the transmission links are established through wireless medium. MANETs are a kind of wireless ad-hoc network. Each node in a MANET is free to move independently in any direction leads to changing its links to other nodes frequently. Each node operates as an end system and also as a router to forward packets. The primary challenge in building a MANET is equipping each node to continuously maintain the information required to properly route traffic. Wireless ad-hoc network is promising in solving many challenging real-world problems like military field operation, communication in emergency response system and oil drilling and mining operation.

Wireless mobile ad-hoc networks are vulnerable to many security attacks because of shared channel, insecure operating environment, lack of central authority, limited resource availability, dynamically changing network topology, resource constraints. MANET’s open issues are like security problem, finite transmission bandwidth, abusive broadcasting messages, reliable data delivery, dynamic link establishment and restricted hardware caused processing capabilities emerges into new horizon of different research areas.

## Wormhole Attack

In MANETs, each node communicates directly with its neighboring nodes that are in its transmission range and works both as a host as well as a router. In order to communicate with non-neighbors, a node establishes indirect connection with the help of other nodes in its neighborhood in a hop-by-hop manner. Routing protocols play an important role in finding, maintaining, and repairing routes in the network. Scarcity of various resources makes wireless ad-hoc network vulnerable to several kinds of security attacks. Attacker possessing sufficiently large amount of memory space, power supply, processing abilities and capacity for high power radio transmission, results in generation of several malicious attacks in the network. Wormhole attack is a type of Denial of Service attack that misleads routing operations even without the knowledge of the encryptions methods unlike other kinds of attacks. This characteristic makes it very important to identify and to defend against it

In this section we focus of detail description on wormhole attack with its definition:

### General

Wormhole attack is a well known and one of the most serious security threats in MANETs.  Generally, two or more malicious nodes launch a wormhole attack using a private channel called tunnel, between them. The working of wormhole attack is shown in Figure 1. At one end of the tunnel, a malicious node captures a control packet and sends it to another colluding node at the other end through a private channel, which rebroadcasts the packet locally. Route for communication between source and destination is selected through the private channel because of having better metrics e.g., less number of hops or less time, as compared to packets transmitted over other normal routes. The attack normally works in two phases. In the first phase, the wormhole nodes get themselves involved in several routes. In the second phase, these malicious nodes start exploiting the packets they receive. These nodes can disrupt the network functionality in a number of ways. For example, these nodes can confuse the protocols that depend on node location or geographic proximity, or the colluding nodes may forward data packets back and forth to each other in case of virtual tunnel so as to exhaust the battery of other intermediate nodes. Wormhole nodes can drop, modify, or send data to a third party for malicious purposes.

Figure 1: Working of Wormhole Attack in MANETs.

In wormhole attack, a malicious node receives packets at one location in the network and tunnels them to another location in the network where these packets are resent into the network. This tunnelling between two colluding attackers is referred to as a wormhole. Wormhole establishment is possible through wired link between two colluding attackers. In this form of attack the attacker may create a wormhole even for packets not addressed to itself because of broadcast nature of the radio channel.

### Wormhole Attack Modes

Wormhole attacks can be launched using several modes, among these modes, we mention the following: Wormhole using Encapsulation.

• Wormhole using Packet Encapsulation
• Wormhole with Out-of-Band Channel
• Wormhole using Packet Relay.
• Wormhole using Protocol Distortion

Wormhole using Packet Encapsulation

Here several nodes exist between two malicious nodes and data packets are encapsulated between the malicious nodes. Hence it prevents nodes on way from incrementing hop counts. The packet is converted into original form by the second end point. This mode of wormhole attack is not difficult to launch since the two ends of wormhole do not need to have any cryptographic information, or special requirement such as high-power source or high bandwidth channel.

Wormhole using Out-of-Band Channel

This kind of wormhole approach has only one malicious node with much high transmission capability in the network that attracts the packets to follow path passing from it. The chances of malicious nodes present in the routes established between sender and receiver increases in this case. Also this type is referred as “black hole attack” in the literature.

Wormhole using Packet Relay

One or more malicious nodes can launch packet-relay-based wormhole attacks. In this type of attack malicious node replays data packets between two far nodes and this way fake neighbors are created. This kind of attack is also called as “replay-based attack” in the literature.

Wormhole using Protocol Distortion

In this mode of wormhole attack, single malicious node tries to attract network traffic by distorting the routing protocol. This mode does not affect the network routing much and hence is harmless. Also it is known as “rushing attack” in the literature.

The following Table summarizes different modes of the wormhole attack along with the associated requirements are given .

 Name of Mode Minimum no. of adversary nodes Requirements Packet Encapsulation Two None Out -of -band Channel Two High speed wire line link Packet relay One None Protocol Distortions One None

Table 1: Summary of Wormhole Attack Modes

#### References

[1] Muhammad Imran, Farrukh Aslam Khan, Tauseef Jamal, Muhammad Hanif Durad, “Analysis of Detection Features for Wormhole Attacks in MANETs”, International Workshop on Cyber Security and Digital Investigation (CSDI 2015), Procedia Computer Science 56 ( 2015 ) 384 – 390

[2] Saurabh Upadhyay and Aruna Bajpai, “Avoiding Wormhole Attack in MANET using Statistical Analysis Approach”, International Journal on Cryptography and Information Security(IJCIS),Vol.2, No.1,March 2012

[3] Nisha S.Raote, “Defending Wormhole Attack in Wireless Ad-hoc Network”, International Journal of Computer Science & Engineering Survey (IJCSES) Vol.2, No.3, August 2011

[4] Anal Patel, Nimisha Patel, Rajan Patel, “Defending Against Wormhole Attack in MANET”, 2015 Fifth International Conference on Communication Systems and Network Technologies, 978-1-4799-1797-6/15 \$31.00 © 2015 IEEE

[5] ACHINT GUPTA, Dr. PRIYANKA V J, SAURABH UPADHYAY, “Analysis of Wormhole Attack in AODV based MANET Using OPNET Simulator”, International Journal of Computing, Communications and Networking, Vol 1 issue 2

[6] Rutvij H. Jhaveri, Ashish D. Patel, Jatin D. Parmar, Bhavin I. Shah, “MANET Routing Protocols and Wormhole Attack against AODV”, IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.4, April 2010

[7] Reshmi Maulik and Nabendu Chaki, “A Study on Wormhole Attacks in MANET”, International Journal of Computer Information Systems and Industrial Management Applications ISSN 2150-7988 Volume 3 (2011) pp. 271-279
[8]http://resources.infosecinstitute.com/wireless-attacks-unleashed/

$${}$$