Presentation is loading. Please wait.

Presentation is loading. Please wait.

Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information 97598039 梁紀翔 97598050 王謙志 NETLab.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information 97598039 梁紀翔 97598050 王謙志 NETLab."— Presentation transcript:

1 Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information 97598039 梁紀翔 97598050 王謙志 NETLab

2 Outline Wormhole Attack ? Wormhole Attack ? Some detecting methods and limitations Some detecting methods and limitations Using Bound distance or Time Using Bound distance or Time Using Graph theory and Geometric Using Graph theory and Geometric Using Connectivity Information Using Connectivity Information Unit Disk Graph model Unit Disk Graph model Other models Other models Wormhole removal Wormhole removal Simulation result & Conclusion Simulation result & Conclusion

3 What is Wormhole ? http://commons.wikimedia.org/wiki/File:Worm3.jpg Shortcut through space and time

4 Wormhole Attack http://www.wings.cs.sunysb.edu/~ritesh/wormhole.html

5 Threats Dropping or modifying packets Dropping or modifying packets Generating unnecessary routing activities by turning off the wormhole link periodically Generating unnecessary routing activities by turning off the wormhole link periodically Record traffic for later analysis Record traffic for later analysis Break protocol relies on geographic proximity Break protocol relies on geographic proximity

6 Bound distance or Time Use node location info. to bound the distance a packet can traverse Use node location info. to bound the distance a packet can traverse But … hard to determine “ legal ” distance But … hard to determine “ legal ” distance Use global clock to bound propagation time Use global clock to bound propagation time Useless against physical layer attacks Useless against physical layer attacks Besides … they all need additional hardware Besides … they all need additional hardware

7 Graph theory and Geometric Use combination of one-time authenticated neighbor discovery and Guard nodes to attest the source of transmission Use combination of one-time authenticated neighbor discovery and Guard nodes to attest the source of transmission What if attack begin before discovery ? What if attack begin before discovery ? Special Guard nodes knows their “ correct ” location and with higher RF power and different RF charactertics Special Guard nodes knows their “ correct ” location and with higher RF power and different RF charactertics Impractical Impractical

8 Graph theory and Geometric cont. Use Directional antennas Use Directional antennas Need a cooperative protocol share directional info. between nodes to detect wormhole Need a cooperative protocol share directional info. between nodes to detect wormhole Use neighbor distance estimation and Multi- dimensional scaling to draw a “ network layout ” Use neighbor distance estimation and Multi- dimensional scaling to draw a “ network layout ” The layout should be “ flat ” The layout should be “ flat ” Centralized computation Centralized computation Physical layer authentication in packet modulation/demodulation Physical layer authentication in packet modulation/demodulation Special RF hardware Special RF hardware

9 Limitations Additional hardware is not affordable on large scale sensor networks, such as Additional hardware is not affordable on large scale sensor networks, such as Directional antennas Directional antennas GPS GPS Ultrasound Ultrasound Guard nodes with correct location Guard nodes with correct location Global clock synchronization or computation Global clock synchronization or computation Localized algorithm is the solution Localized algorithm is the solution Use info. collected by upper layer Use info. collected by upper layer

10 Algorithm concept Looks for forbidden substructure that should not present in a legal connectivity graph Looks for forbidden substructure that should not present in a legal connectivity graph

11 Unit Disk Graph model Idealized model for multi-hop wireless network Idealized model for multi-hop wireless network Node modeled as a disk with unit radius Node modeled as a disk with unit radius Unit radius is the communication range with omni- directional antenna Unit radius is the communication range with omni- directional antenna Each node is a neighbor of all nodes within its disk Each node is a neighbor of all nodes within its disk www.it.uu.se/research/group/mobility/adhoc

12 Hardness NP-Hard to detect wormhole in UDG NP-Hard to detect wormhole in UDG Equivalence of finding UDG embedded in 2D graph Equivalence of finding UDG embedded in 2D graph Proven NP-Hard problem Proven NP-Hard problem The algorithm looks for structures that do not allow UDG embedding The algorithm looks for structures that do not allow UDG embedding Due to hardness, 100% wormhole detection will not guaranteed Due to hardness, 100% wormhole detection will not guaranteed But provides sufficiently high detection rate But provides sufficiently high detection rate

13 Disk packing In a fix region, one can not pack too many nodes without having edges in between In a fix region, one can not pack too many nodes without having edges in between Packing number - Packing number - Maximum number of points inside region S such that every pair of points is strictly more then distance r away from each other Maximum number of points inside region S such that every pair of points is strictly more then distance r away from each other

14 Disk packing cont. - A unit disk D of radius R centered at u - A unit disk D of radius R centered at u Lune - Lune - Intersection of 2 disks of radius R centered at u, v, with distance r away Intersection of 2 disks of radius R centered at u, v, with distance r away

15 Disk packing cont. Lemma 1 Lemma 1 When R = r = 1 When R = r = 1 Lemma 2 Lemma 2 for for

16 Forbidden substructure a and b (non-neighbors) have three common independent neighbor c, d, e a and b (non-neighbors) have three common independent neighbor c, d, e By Lemma 1, this can not happen By Lemma 1, this can not happen If only c, d in region B. It will fail If only c, d in region B. It will fail

17 Forbidden substructure cont. For low density case For low density case Look among k -hop neighbors Look among k -hop neighbors Find common independent k -hop neighbors of two non-neighbor nodes Find common independent k -hop neighbors of two non-neighbor nodes Forbidden substructures used in algorithm Forbidden substructures used in algorithm 3 independent common 1 -hop neighbors 3 independent common 1 -hop neighbors independent common k -hop neighbors independent common k -hop neighbors - Forbidden parameter - Forbidden parameter

18 Forbidden substructure cont. must be more than the packing number for unit distance inside the lune of two disks of radii k placed at distance 1 must be more than the packing number for unit distance inside the lune of two disks of radii k placed at distance 1 Radius k for modeling k -hop neighborhood Radius k for modeling k -hop neighborhood 1 for modeling the lower bound of distance between non-neighbors 1 for modeling the lower bound of distance between non-neighbors

19 Forbidden substructure cont. If a network has forbidden substructure If a network has forbidden substructure There must be a wormhole There must be a wormhole For a given node density with wormhole present For a given node density with wormhole present Higher k, higher detection possibility Higher k, higher detection possibility Larger neighborhood provide more nodes to work with Larger neighborhood provide more nodes to work with

20 Algorithm 1. Find the forbidden parameter 2. Each node u determines its 2k -hop neighbor list, execute following steps for each non-neighboring node v in

21 Algorithm cont. 3. u determines the set of common k -hop neighbors with v from their k -hop neighbor list can be obtained by simply exchanging lists can be obtained by simply exchanging lists 4. u determines the maximal independent set of Find maximum independent set is NP-Hard Find maximum independent set is NP-Hard Use greedy algorithm Use greedy algorithm

22 Algorithm cont. 5. If the maximal independent set size is equal or larger than, u declares the presence of a wormhole For most case, k = 1 is sufficient, with For most case, k = 1 is sufficient, with to check non-neighbor nodes in 2-hop neighborhood to check non-neighbor nodes in 2-hop neighborhood to find maximal independent set to find maximal independent set d is the average degree of nodes d is the average degree of nodes k = 2 for fairly low density cases k = 2 for fairly low density cases

23 Node distribution is theoretical worst case is theoretical worst case With known distribution, can be much smaller With known distribution, can be much smaller Smaller, higher detection rate Smaller, higher detection rate But … too small will have false positives But … too small will have false positives Unless node density is very high Unless node density is very high It ’ s unlikely to find that many common independent 2-hop neighbors It ’ s unlikely to find that many common independent 2-hop neighbors

24 Communication models UDG is overly simplified UDG is overly simplified Packet reception range is not prefect disk Packet reception range is not prefect disk For other communication models For other communication models Same algorithm applied Same algorithm applied But finding by Mathematical or Geometrical ways But finding by Mathematical or Geometrical ways

25 Known models Quasi-UDG Quasi-UDG Distance within α ≦ 1 - link Distance within α ≦ 1 - link Distance larger than 1 - no link Distance larger than 1 - no link Run simulation with target distribution to obtain connectivity graph Run simulation with target distribution to obtain connectivity graph Then estimate forbidden parameter Then estimate forbidden parameter

26 Known models cont. For any pair of non-neighboring nodes For any pair of non-neighboring nodes Find the maximal independent set among their common k -hop neighbors Find the maximal independent set among their common k -hop neighbors Take the maximum as Take the maximum as Used in simulation result to obtain tight bound Used in simulation result to obtain tight bound If model is probabilistic If model is probabilistic is also probabilistic is also probabilistic Notice that false positives still possible Notice that false positives still possible

27 Unknown model Parametric search for unknown Parametric search for unknown Use large initial value to run the algorithm Use large initial value to run the algorithm If no detection, half the value, re run If no detection, half the value, re run Until vary small fraction of nodes report wormhole Until vary small fraction of nodes report wormhole Or minimum number of tolerable false positives Or minimum number of tolerable false positives Run this search in safe part of network Run this search in safe part of network

28 Unknown model cont. If there is no safe place If there is no safe place Assume a “ threat level ” Assume a “ threat level ” Guidance for what fraction of nodes must report wormhole Guidance for what fraction of nodes must report wormhole So will not reduced any further So will not reduced any further

29 Wormhole removal Manually isolate links effected Manually isolate links effected Process for 1-hop, UDG Process for 1-hop, UDG Corrupted nodes verify its neighbor list with uncorrupted nodes Corrupted nodes verify its neighbor list with uncorrupted nodes Ignore transmission from suspicious nodes Ignore transmission from suspicious nodes

30 Simulation environment Models Models UDG UDG Quasi-UDG Quasi-UDG Model used in TOSSIM simulator Model used in TOSSIM simulator Distributions Distributions Perturbed grid (a planed sensor deployment) Perturbed grid (a planed sensor deployment) Random Random 144 nodes, single wormhole, k ≤ 2, repeat 10,000 times 144 nodes, single wormhole, k ≤ 2, repeat 10,000 times

31 Quasi-UDG Transmission radius - R Transmission radius - R Quasi-UDG factor - 0 ≤α≤ 1 Quasi-UDG factor - 0 ≤α≤ 1 Link - distance d within αR Link - distance d within αR No link - d > R No link - d > R d in [α R, R ] - link with probability d in [α R, R ] - link with probability Use α = 0.75 in simulation Use α = 0.75 in simulation TOSSIM model - link probability TOSSIM model - link probability - bit error probability - bit error probability

32 Distributions Perturbed 12×12 grid Perturbed 12×12 grid [ x-px, x+px ], [ y-py, y+py ] [ x-px, x+px ], [ y-py, y+py ] Perturbation parameter - 0.0 ≤ p ≤ 0.5 Perturbation parameter - 0.0 ≤ p ≤ 0.5 Randomly chosen x, y coordinates Randomly chosen x, y coordinates Node density Node density Change R for (Quasi-)UDG Change R for (Quasi-)UDG Change geographic area for TOSSIM Change geographic area for TOSSIM

33 Experiments Create topology Create topology Check connectivity Check connectivity Disconnected if any two node do not have route Disconnected if any two node do not have route Run algorithm to see false positive Run algorithm to see false positive Apply wormhole, run algorithm to detect Apply wormhole, run algorithm to detect

34 Results Perturbed grid Perturbed grid p = 0.2 p = 0.2 UDG Quasi-UDG TOSSIM

35 Random Random TOSSIM UDG Quasi-UDG

36 100% detecting and no false alarms when network is connected 100% detecting and no false alarms when network is connected 90% detection when 50% chance disconnected 90% detection when 50% chance disconnected Detection drop for low density cases, but network disconnected also increase Detection drop for low density cases, but network disconnected also increase Detection performance get worse as the randomness Detection performance get worse as the randomness Estimation of is more accurate if less randomness Estimation of is more accurate if less randomness

37 1 -hop dose not perform well in non-UDG cases 1 -hop dose not perform well in non-UDG cases Quasi-UDG, random distribution Quasi-UDG, random distribution 1-hop detection rate when increase 1-hop detection rate when increase

38 Parametric search for Parametric search for k = 1, quasi-UDG, Perturbed grid with p = 0.2, average degree = 6 k = 1, quasi-UDG, Perturbed grid with p = 0.2, average degree = 6 Suitable can be estimated by observing false positive probability Suitable can be estimated by observing false positive probability Detection show first before false positive Detection show first before false positive Critical value of is 4 Critical value of is 4

39 Conclusion Pros Pros Simple and localized Simple and localized Universal to node distribution and communication model Universal to node distribution and communication model Cons Cons Not suitable for frequent connectivity change (VANET, MANET) Not suitable for frequent connectivity change (VANET, MANET) Can not detect short wormhole link Can not detect short wormhole link

40 References R. Maheshwari, J. Gao and S. R. Das,“Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information,” in INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE, 2007, pp. 107-115 R. Maheshwari, J. Gao and S. R. Das,“Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information,” in INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE, 2007, pp. 107-115 Wikipedia (http://en.wikipedia.org/) Wikipedia (http://en.wikipedia.org/)http://en.wikipedia.org/ Wormhole Attack Detection in Wireless Network (http://www.wings.cs.sunysb.edu/~ritesh/wormhole.html) Wormhole Attack Detection in Wireless Network (http://www.wings.cs.sunysb.edu/~ritesh/wormhole.html)http://www.wings.cs.sunysb.edu/~ritesh/wormhole.html

41 Any Questions ? and Thanks !!

Download ppt "Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information 97598039 梁紀翔 97598050 王謙志 NETLab."

Similar presentations

The Capacity of Wireless Networks Danss Course, Sunday, 23/11/03.

The Capacity of Wireless Networks Danss Course, Sunday, 23/11/03.
Communications Research Centre (CRC) Defence R&D Canada – Ottawa 1 Properties of Mobile Tactical Radio Networks on VHF Bands Li Li & Phil Vigneron Communications.

Communications Research Centre (CRC) Defence R&D Canada – Ottawa 1 Properties of Mobile Tactical Radio Networks on VHF Bands Li Li & Phil Vigneron Communications.
* Distributed Algorithms in Multi-channel Wireless Ad Hoc Networks under the SINR Model Dongxiao Yu Department of Computer Science The University of Hong.

* Distributed Algorithms in Multi-channel Wireless Ad Hoc Networks under the SINR Model Dongxiao Yu Department of Computer Science The University of Hong.
1 S4: Small State and Small Stretch Routing for Large Wireless Sensor Networks Yun Mao 2, Feng Wang 1, Lili Qiu 1, Simon S. Lam 1, Jonathan M. Smith 2.

1 S4: Small State and Small Stretch Routing for Large Wireless Sensor Networks Yun Mao 2, Feng Wang 1, Lili Qiu 1, Simon S. Lam 1, Jonathan M. Smith 2.
A Hierarchical Multiple Target Tracking Algorithm for Sensor Networks Songhwai Oh and Shankar Sastry EECS, Berkeley Nest Retreat, Jan. 2004.

A Hierarchical Multiple Target Tracking Algorithm for Sensor Networks Songhwai Oh and Shankar Sastry EECS, Berkeley Nest Retreat, Jan
Yang Yang, Miao Jin, Hongyi Wu Presenter: Buri Ban The Center for Advanced Computer Studies (CACS) University of Louisiana at Lafayette 3D Surface Localization.

Yang Yang, Miao Jin, Hongyi Wu Presenter: Buri Ban The Center for Advanced Computer Studies (CACS) University of Louisiana at Lafayette 3D Surface Localization.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Queuing Network Models for Delay Analysis of Multihop Wireless Ad Hoc Networks Nabhendra Bisnik and Alhussein Abouzeid Rensselaer Polytechnic Institute.

Queuing Network Models for Delay Analysis of Multihop Wireless Ad Hoc Networks Nabhendra Bisnik and Alhussein Abouzeid Rensselaer Polytechnic Institute.
Minimum Energy Mobile Wireless Networks IEEE JSAC 2001/10/18.

Minimum Energy Mobile Wireless Networks IEEE JSAC 2001/10/18.
Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.

Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.
5/5/20151 Mobile Ad hoc Networks COE 549 Transmission Scheduling II Tarek Sheltami KFUPM CCSE COE www.ccse.kfupm.edu.sa/~tarek.

5/5/20151 Mobile Ad hoc Networks COE 549 Transmission Scheduling II Tarek Sheltami KFUPM CCSE COE
Rumor Routing in Sensor Networks David Braginsky and Deborah Estrin Presented By Tu Tran 1.

Rumor Routing in Sensor Networks David Braginsky and Deborah Estrin Presented By Tu Tran 1.
2011.06.01 Beyond Trilateration: On the Localizability of Wireless Ad Hoc Networks Reported by: 莫斌.

Beyond Trilateration: On the Localizability of Wireless Ad Hoc Networks Reported by: 莫斌.
Topological Hole Detection Ritesh Maheshwari CSE 590.

Topological Hole Detection Ritesh Maheshwari CSE 590.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
CPSC 689: Discrete Algorithms for Mobile and Wireless Systems Spring 2009 Prof. Jennifer Welch.

CPSC 689: Discrete Algorithms for Mobile and Wireless Systems Spring 2009 Prof. Jennifer Welch.
Interference Considerations for QoS in MANETs Rajarshi Gupta, John Musacchio, Jean Walrand {guptar, musacchj, University of California,

Interference Considerations for QoS in MANETs Rajarshi Gupta, John Musacchio, Jean Walrand {guptar, musacchj, University of California,
Differentiated Surveillance for Sensor Networks Ting Yan, Tian He, John A. Stankovic CS294-1 Jonathan Hui November 20, 2003.

Differentiated Surveillance for Sensor Networks Ting Yan, Tian He, John A. Stankovic CS294-1 Jonathan Hui November 20, 2003.
Jie Gao Joint work with Amitabh Basu*, Joseph Mitchell, Girishkumar Stony Brook Distributed Localization using Noisy Distance and Angle Information.

Jie Gao Joint work with Amitabh Basu*, Joseph Mitchell, Girishkumar Stony Brook Distributed Localization using Noisy Distance and Angle Information.
More routing protocols Alec Woo June 18 th, 2002.

More routing protocols Alec Woo June 18 th, 2002.

Similar presentations

Ads by Google