A Detecting and Defending Method of Wormhole Attack Based on Time Ruler

Wormhole attack is a severe attack in mobile ad hoc networks, which is particularly challenging to defend against. In this paper, a new method defined as time ruler using distance measurement for detecting wormhole attack is proposed including its hypothetical model, the concept of time ruler and the process of its establishment, storage and calibration. The feasibility of the method on theory, thus respectively deriving two discriminating inequalities with the use of sending time ruler and receiving time ruler are analyzed in detail. The performances of the method are also analyzed and its validity is evaluated with Omnet++ developing tools. Mobile Ad Hoc networks (MANETs) are self-organized, multi-hop wireless networks which are independent of fixed infrastructure, with the advantages of easy networking and not being limited with time and space. Unlike the conventional network, MANETs are characterized by numerous constraints such as lack of infrastructure, lack of resources on nodes, dynamic topology, no centralized management and control, and lack of pre-established trust relationships between nodes. Due to these, MANETs are very likely to often be run in untrusted environments and make themselves vulnerable to various security attacks, such as eavesdropping, tamper, replay, and denial-of-service. Wormhole attack is also called Tunnel attack. In MANETs, a malicious node records a packet, at one location in the network, tunnels the packet to another location, and replays it there. If the tunneled distance is longer than the normal wireless transmission range of a single hop, it takes less time or less hops to make the tunneled packet arrive sooner than other packets transmitted over a normal multi- hop route. In this case, it creates the illusion that two remote regions of a MANET are directly connected through nodes that appear to be neighbors. Since it costs less hops to travel through tunnel than by a normal route, for shortest path routing protocol, the malicious node increases its attraction to network flow, and thereby providing advantageous conditions for itself to launch further attack such as tamper or packet-loss.