Detection and Prevention Technique for Mitigating Warmhole Attack in Wireless Sensor Network

Download Full-Text PDF Cite this Publication

Text Only Version

Detection and Prevention Technique for Mitigating Warmhole Attack in Wireless Sensor Network

NCRTS-2015 Conference Proceedings

Chaitrasree S

Post Graduation Student, Dept. of CSE,

AIT Tumkur, India,

Rakesh S

Assistant professor Dept. of CSE, AIt, Tumkur, India,

Abstract -Wireless and mobile ad-hoc networks are now considered to be the ultimate frontier in modern communications. The technology allows nodes in a network to communicate directly with each other using wireless transceivers without the need for a fixed infrastructure. This is distinctly different from the mode of operation used in traditional wireless networks, such as wireless LANs in which inter-node communication takes place through base stations. A wormhole attack could be launched in two different modes: hidden-mode and participation mode. Defending against a hidden-mode attack is particularly difficult because it can be launched even if all routing messages are authenticated and encrypted. This is because the malicious node does not need to read or modify the packets, just forward them. Although participation mode wormhole attacks are more difficult to launch (they require modification of routing packets), once launched, they are extremely difficult to detect since the malicious nodes can simply ignore the security mechanisms of the routing protocol.

Keywords- AES, Privacy, Secret key


    A Wireless Sensor Network (WSN) is a particular type of ad- hoc network. The participating nodes are smart sensors, typically the size of a coin, equipped with advanced sensing functionalities (thermal, pressure, acoustic, etc), a small processor, and a short-range wireless transceiver. The nodes exchange data in order to build a global view of the monitored region Figure 1.1. This data is typically made accessible to the user through one or more gateway nodes.

    Fig.1: Sensor nodes exchange data to build a global view of the monitored region

    WSNs have tremendous potential to provide very attractive, low cost solutions to a variety of real world problems. The application scenarios for WSNs are many, including military surveillance, commercial, environmental, medical, manufacturing and home automation, to name but a few. The past decade has witnessed an explosive growth in the use of wireless technologies. In particular, WSNs have become a very active area of research. There are many diverse and interesting aspects of this technology which demand further research to produce the innovative solutions needed to make WSNs a viable technology. Routing plays a central role in WSNs. In particular, owing to the inherent characteristics of WSNs, routing security is a hugely important area of research. In order to maintain the availability of a WSN, resilience to node failure is very important. One of the ways that a WSN node could fail is through an attack. Although many WSN routing protocols have been proposed, none have been designed with security as a main goal. WSNs are vulnerable to a variety of security attacks due to the broadcast nature of the transmission medium and the fact that sensor nodes often operate in hostile environments. Security attacks in WSNs are often classified according the layers of the OSI model. The attacks which operate at the network layer are referred to as routing attacks.

    Wormhole Attack-Wormholes are one of the most severe attacks on WSN routing. Two or more malicious nodes can collaborate in setting up a shortcut lower latency link between each other Figure 1 and through which they forward packets to each other and replay the packets there locally. The adversaries convince the neighbor nodes of these two end points that the two distant points at either end of the tunnel are actually very close to each other. An adversary situated close to a base station may be able to completely disrupt routing by convincing nodes that would normally be multiple hops from a base station that they are only one or two hops away via the wormhole. In such a scenario, the attack is similar to the sinkhole as the adversary at the other side of the tunnel advertises a better route to the base station. Wormhole and sinkhole attacks are particularly difficult to defend against, especially when the two are combined. Wormholes are hard to detect because they use a private, out-of-band channel which

    is invisible to the WSN. Packets are forwarded between the malicious nodes by encapsulation and use of additional hardware such as a wired link or a directional antenna. Wormhole attacks are more likely be used in combination with selective forwarding or eavesdropping. The wormhole attack is especially difficult to detect in WSNs when using routing protocols in which routes are decided based on advertised information such as minimum hop count to base station.

    Fig.2: Two or more malicious nodes collaborate in setting up a shortcut link between each other

    A wormhole attack could be launched in two different modes: hidden-mode and participation mode. Defending against a hidden-mode attack is particularly difficult because it can be launched even if all routing messages are authenticated and encrypted. This is because the malicious node does not need to read or modify the packets, just forward them. Although participation mode wormhole attacks are more difficult to launch (they require modification of routing packets), once launched, they are extremely difficult to detect since the malicious nodes can simply ignore the security mechanisms of the routing protocol.


    In a wormhole attack, an attacker receives packets at one point in the network, tunnels them to another point in the network, and then replays them into the network from that point. For tunneled distances longer than the normal wireless transmission range of a single hop, it is simple for the attacker to make the tunneled packet arrive with better metric than a normal multihop route, for example through use of a single long-range directional wireless link or through a direct wired link to a colluding attacker.

    It is also possible for the attacker to forward each bit over the wormhole directly, without waiting for an entire packet to be received before beginning to tunnel the bits of the packet, in order to minimize delay introduced by the wormhole. Due to the nature of wireless transmission, the attacker can create a wormhole even for packets not addressed to itself, since it can overhear them in wireless transmission and tunnel them to the colluding attacker at the opposite end of the wormhole.

    Existing System- If the attacker performs this tunneling honestly and reliably, no harm is done; the attacker actually provides a useful service in connecting the network more efficiently. However, the wormhole puts the attacker in a very powerful position relative to other nodes in the network, and the attacker could exploit this position in a variety of ways.

    The attack can also still NbeCRpeTrSfo-2r0m1e5dCeonvefenreinfcethPeronceetewdionrgks communication provides confidentiality and authenticity, and even if the attacker has no cryptographic keys. Furthermore, the attacker is invisible at higher layers; unlike a malicious node in a routing protocol, which can often easily be named, the presence of the wormhole and the two colluding attackers at either endpoint of the wormhole are not visible in the route.

    The wormhole attack is particularly dangerous against many ad hoc network routing protocols in which the nodes that hear a packet transmission directly from some node consider themselves to be in range of (and thus a neighbor of) that node. Forexample, when used against an on-demand routing protocol such as DSR or AODV, a powerful application of the wormhole attack can be mounted by tunneling each ROUTE REQUEST packet directly to the destination target node of the REQUEST. When the destination nodes neighbors hear this REQUEST packet, they will follow normal routing protocol processing to rebroadcast that copy of the REQUEST and then discard without processing all other received ROUTE REQUEST packets originating from this same Route Discovery.

    This attack thus prevents any routes other than through the wormhole from being discovered, and if the attacker is near the initiator of the Route Discovery, this attack can even prevent routes more than two hops long from being discovered. Possible ways for the attacker to then exploit the wormhole include discarding rather than forwarding all data packets, thereby creating a permanent Denial-of-Service attack (no other route to the destination can be discovered as long as the attacker maintains the wormhole for ROUTE REQUEST packets), or selectively discarding or modifying certain data packets. The neighbor discovery mechanisms of periodic (proactive) routing rely heavily on the reception of broadcast packets as a means for neighbor detection, and are also extremely vulnerable to this attack. For example, OLSR and TBRPF use HELLO packets for neighbor detection, so if an attacker tunnels through a wormhole to a colluding attacker near node B all HELLO packets transmitted by node A, and likewise tunnels back to the first attacker all HELLO packets transmitted by B, then A and B will believe that they are neighbors, which would cause the routing protocol to fail to find routes when they are not actually neighbors.


    The design of the proposed project starts with developing a new adversarial model, which will extract all the potential attack characteristics of sinkhole attack, Sybil attack, routing attack, and wormhole attack. The considered attack at network layer is the most attention seeking attack in WSN. It consists of two malicious nodes and a tunnel between malicious nodes. Several methods have been proposed for detecting wormhole attacks in ad-hoc network. However, these methods usually require that some nodes in the network be equipped with special hardware.

    The proposed model consists of building such a mechanism which would be helpful in prevention of wormhole attack in a clustered WSN using enhanced digital signatures. The

    complete network is divided into small clusters based on proximity of nodes. Each cluster has a Cluster Head (CH) which helps in maintaining the cluster and one or more Gateway (GW) nodes that form the communication links to different clusters. A node is selected to be a Cluster Head based on the number of nodes in its proximity (transmission range). Thus, every node in a cluster is one hop away from the CH. A Gateway Node can belong to only one cluster. Thus, for every interface between two clusters, two GW nodes participate, one from each cluster.

    New Adversarial Model

    New Adversarial Model

    Simulation Parameters

    handles how monitoring oNf CdRatTaSi-s20c1a5rrCieodnfoeruetnbcey Pprroecseeerdviinnggs privacy of data. The AES scheme by using secret key mechanism is considered such that until and unless he/she knows the secret key the data cannot be revealed by an attacker. This work much suits for preserving privacy of data in WSNs. The work is simulated in NetBeans environment which the results obtained are discussed using routing tables.


    1. Buch, Dhara Hitarth, and Devesh Jinwala. "Prevention of wormhole attack in wireless sensor network." arXiv preprint arXiv:1110.1928 (2011).

    2. Sharif, Lukman, and Munir Ahmed. "The Wormhole Routing Attack in Wireless Sensor Networks (WSN)." JIPS 6, no. 2 (2010): 177-184.

      Sensor Nodes

      Transmission Range

    3. Tun, Zaw, and Aung Htein Maw. "Wormhole attack detection in wireless sensor networks." In proceedings of world Academy of Science, Engineering and Technology,

      Random Node Deplyment

      vol. 36, pp. 549-554. 2008.

      (Request) Malicious Event

      Route Discovery Process

      Route Discovery Process

      Digital Signature

      Deny Access

      Fig.3: Architecture of Project


    4. Nishant Sharma, Upinderpal Singh, A Location Based Approach to Prevent Wormhole Attack in Wireless

      Data aggregation

      Data aggregation

      Sensor Networks, International Journal of Advanced Research in Computer Science and Software Engineering, Vol. 4, Issue. 1, 2014.

    5. Saurabh Ughade, R.K. Kapoor, Ankur Pandey, An Overview on Wormhole Attack in Wireless Sensor Network: Challenges, Impacts, and Detection Approach, International Journal of Recent Development in Engineering and Technology, (ISSN 2347 – 6435 (Online) Volume 2, Issue 4, April 2014)

    6. Kaur, Gurpreet, and Er Sandeep Kaur Dhanda. "Analysing the effect of Wormhole Attack on Routing Protocol in Wireless Sensor Network." International Journal of Advanced Research in Computer and Communication Engineering 2, no. 8 (2013): 3217-3223.

      For a node to communicate with a node of another cluster, it must send the Route Request (RREQ) Packet to its CH which further sends the RREQ to other clusters (if needed) through GW nodes until the RREQ reaches the CH of the cluster to which the destination node belongs. The destination node then sends a Route Reply (RREP) packet to the source via the path that was discovered the earliest. Additionally, every CH broadcasts its Public Key to all the nodes within its cluster. GW nodes belonging to the two different clusters exchange the public keys of their respective CHs. Thus each GW node has two (or more) sets of Public Keys (one of its own CH and others of its neighbors CH). The proposed algorithm will prevents nodes from routing data through the compromised routes as all communications take place through the CH and GW nodes, thereby, preventing a lethal attack.

      When a source has to send a RREQ, it sends it to its CH. The CH uses its private key to digitally sign the packet. The CH checks if the destination is a member node. If yes, it sends the signed packet to the destination node. If not, it forwards the RREQ to all of its GW nodes (multicast). The GW node checks if the packet has come from its own CH by using the public key of the CH to verify the digital sign. The GW node then forwards the RREQ to its corresponding GW node. The communication is done through Gateway and Cluster Head further until the packet is reached to Destination.


In this work, a new mechanism on designing a secure architecture for WSNs by using cryptographic actions with the help of digital signature is proposed and demonstrated. As compared to the conventional scheme the proposed scheme

  1. Guowei Wu1, Xiaojie Chen1, Lin Yao1, Youngjun Lee2, and Kangbin Yim, An Efficient Wormhole Attack Detection Method in Wireless Sensor Networks, Computer Science and Information Systems 11(3):1127 1141, , Retrived 2014

  2. El Kaissi, Rouba Zakaria, Ayman Kayssi, Ali Chehab, and Zaher Dawy. "DAWWSEN: A defense mechanism against wormhole attacks in wireless sensor networks." PhD diss., American University of Beirut, Department of Electrical and Computer Engineering, 2005.

Leave a Reply

Your email address will not be published. Required fields are marked *