Timing-based localization of in-band wormhole tunnels in MANETs

The problem of localizing in-band wormhole tunnels inMANETs is considered. In an in-band wormhole attack, colluding attackers use a covert tunnel to create the illusion that two remote network regions are directly connected. This apparent shortcut in the topology attracts traffic which the attackers can then control. To identify the nodes participating in the attack, it is necessary to determine the path through which victims' traffic is covertly tunneled. This paper begins with binary hypothesis testing, which tests whether a suspected path is carrying tunneled traffic. The detection algorithm is presented and evaluated using synthetic voice over IP (VoIP) traffic generated in a network testbed. After that, we consider multiple hypothesis testing to find the most likely tunnel path among a large number of candidates. We present a tunnel path estimation algorithm and its numerical evaluation using Poisson traffic. A main feature of the proposed algorithms is their robustness against the presence of chaff packets (possibly introduced to avoid detection), packet loss caused by unreliable wireless links, and clock skew at different nodes.

[1]  Reza Curtmola,et al.  On the Survivability of Routing Protocols in Ad Hoc Wireless Networks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[2]  Reza Curtmola,et al.  Mitigating Byzantine Attacks in Ad Hoc Wireless Networks , 2004 .

[3]  Lang Tong,et al.  Detecting Encrypted Stepping-Stone Connections , 2007, IEEE Transactions on Signal Processing.

[4]  Peter Kruus,et al.  In-Band Wormholes and Countermeasures in OLSR Networks , 2006, 2006 Securecomm and Workshops.

[5]  Anis Laouiti,et al.  Securing the OLSR routing protocol with or without compromised nodes in the network , 2005 .

[6]  Dawn Xiaodong Song,et al.  Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds , 2004, RAID.

[7]  Yih-Chun Hu Packet Leashes : A Defense against Wormhole Attacks in Wireless Ad Hoc Networks , 2001 .

[8]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[9]  Lang Tong,et al.  Detection of Information Flows , 2008, IEEE Transactions on Information Theory.

[10]  Issa M. Khalil,et al.  LITEWORP: a lightweight countermeasure for the wormhole attack in multihop wireless networks , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[11]  M.A. Gorlatova,et al.  Detecting Wormhole Attacks in Mobile Ad Hoc Networks through Protocol Breaking and Packet Timing Analysis , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[12]  Lang Tong,et al.  Distributed Detection of Information Flows , 2008, IEEE Transactions on Information Forensics and Security.

[13]  Levente Buttyán,et al.  Statistical Wormhole Detection in Sensor Networks , 2005, ESAS.

[14]  Douglas S. Reeves,et al.  Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays , 2003, CCS '03.

[15]  Tao Jiang,et al.  Intrusion detection of in-band wormholes in MANETs using advanced statistical methods , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[16]  Bruce Schneier,et al.  Practical cryptography , 2003 .

[17]  Vern Paxson,et al.  Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay , 2002, RAID.

[18]  Radha Poovendran,et al.  Preventing wormhole attacks on wireless ad hoc networks: a graph theoretic approach , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[19]  R. F.,et al.  Mathematical Statistics , 1944, Nature.

[20]  Peter Kruus,et al.  Countering False Accusations and Collusion in the Detection of In-Band Wormholes , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).