Abstract
In multihop wireless systems, the need for cooperation among nodes to relay each other's packets exposes
them to a wide range of security attacks. A particularly devastating attack is the wormhole attack, where a malicious
node records control traffic at one location and tunnels it to a colluding node, possibly far away, which replays it
locally. This can have an adverse effect on route establishment by preventing nodes from discovering legitimate
routes that are more than two hops away. Previous works on tolerating wormhole attacks have focused only on
detection and used specialized hardware, such as directional antennas or extremely accurate clocks. More recent
work has addressed the problem of locally isolating the malicious nodes. However, all of this work has been done in
the context of static networks due to the difficulty of secure neighbor discovery with mobile nodes. The existing
work on secure neighbor discovery has limitations in accuracy, resource requirements, and applicability to ad hoc
and sensor networks. In this paper, we present a countermeasure for the wormhole attack, called MOBIWORP, which
alleviates these drawbacks and efficiently mitigates the wormhole attack in mobile networks. MOBIWORP uses a
secure central authority (CA) for global tracking of node positions. Local monitoring is used to detect and isolate
malicious nodes locally. Additionally, when sufficient suspicion builds up at the CA, it enforces a global isolation of
the malicious node from the whole network. The effect of MOBIWORP on the data traffic and the fidelity of detection
is brought out through extensive simulation using ns-2. The results show that as time progresses, the data packet
drop ratio goes to zero with MOBIWORP due the capability of MOBIWORP to detect, diagnose and isolate malicious
nodes. With an appropriate choice of design parameters, MOBIWORP is shown to completely eliminate framing of a
legitimate node by malicious nodes, at the cost of a slight increase in the drop ratio. The results also show that
increasing mobility of the nodes degrades the performance of MOBIWORP.
Keywords
Mobile ad hoc networks, neighbor watch, wormhole attack, secure neighbor discovery, node isolation.