Content uploaded by Umashankar Ghugar
Author content
All content in this area was uploaded by Umashankar Ghugar on Oct 25, 2019
Content may be subject to copyright.
International Journal of Information Communication Technology and Digital Convergence
Vol. 4, No. 1, June 2019, pp. 32-45
ISSN: 2466-0094
Copyright ⓒ IJICTDC
A Review on Wormhole Attacks in Wireless Sensor Networks
Umashankar Ghugar1, and Jayaram Pradhan2
1,2Department of Computer Science, Berhampur University-760007(India)
E-mail: 1ughugar@gmail.com, 2jayarampradhan@hotmail.com
Abstract
Over the first few years, a wireless sensor network has a very important role over the networks.
The primary features of WSN include satellite communication, broadcast channel, hostile
environment, medical system and data gathering. There are a lot of attacks available in WSN.
Wormhole attack is one of the severe attacks, which is smoothly resolved in networks but tough to
observe. This survey paper is an experiment to observing threats and focuses on some different
technique to detecting wormhole attacks in wireless sensor networks.
Keywords: WSN, Wormhole attacks, IDS, Sensor node, MANET.
1. Introduction
Wireless sensor network (WSN) is a distributive, automatic governing network and it
consists of sensor nodes classify in a particular environment. These nodes are invigilating
the natural conditions, such as humidity, compression, heat, sound, wave and direction at
different areas [1]. A sensor node is a tiny device which has a limited measurement
resource. They are haphazardly and slowly arranged in a sensed environment [2]. WSN
are widely used in various applications such as, area observing, forest fire observing,
military surveillance, health care, home affirmation, water quality management and
satellite communication. There are number of security issues in WSN. There are some
limitations in WSN such as limited lifetime, required low power consumption and less
storage [3][4]. Based on these limitations as well as rowdy climate in which they are
arranged, WSN is highly affected and sensitive to several types of attacks [5].
Basically, sensor nodes are category by four sub-systems [13][14]. Processor and
memory, Transceiver, Sensor and Battery. Here we discussed the several types of attacks
on Wireless Sensor Networks. In WSN attacks are mainly classified by two parts. First
part is the attack against security mechanism, and another is routing mechanism. No of
attacks are listed as below but we point out the only wormhole attack.
a. Wormhole attack
b. Sybil attack
c. Black hole attack
d. Hello flood attack
e. Sinkhole attack
f. Denial of service
Thus, this survey paper basically points out on various approaches to detect wormhole
attacks. In Section–2 discussed the Intrusion Detection System in WSN; In Section –3
discussed the wormhole attack in wireless sensor networks; In Section –4 discussed
Manuscript Received: 13 Feb. 2019 / Revised: 30 Apr. 2019 / Accepted: 10 May. 2019
Corresponding Author: Umashankar Ghugar
Author’s affiliation: Department of Computer Science, Berhampur University-760007, India
E-mail: ughugar@gmail.com
IJICTDC 2019 33
3
various detection approaches of the wormhole attack in wireless sensor networks with
summary and finally in Section-5, we discussed the future research challenges and
conclusion.
2. Intrusion Detection Systems
An intrusion detection system (IDS) is a system which observes the network activities
against some nasty movement and informs the main station. The system is generally
divided into two categories: misuse IDS and anomaly IDS. In misuse IDS, the malicious
activity is evaluated from comparing the new data with the previously stored signature in
the database of the system. The abnormal activity in the anomaly IDS is detected from the
predefined normal profile [5]. Several schemes were applied for intrusion detection in
WSN. In [6], malicious node is detected by using signal’s energy in which if the energy is
collision with the originator’s position then the message transmission is considered as
suspicious. Rule-based intrusion detection schemes is used in [7][8]. In rule-based
scheme, intrusion is detected by protocols which are preventing before the detection
stage. These protocols are activated on the data with respect to the network behavior. If
the data satisfies the rule it is considered normal, else it is considered malicious. An alarm
is raised when intruder is detected. Various multipath routing techniques have also been
proposed in routing. The objective of this technique is to provide best redundancy path
with high energy efficiency [9]. In [10], the watchdog technique is used for intrusion
detection. When a node sends a data, the selected watchdog node observes the next node
to verify that whether the data is sends further or not. If watchdog node found any node
not transmitting data further, then that node is considered as a malicious node. The simple
technique used by the watchdog node to detect the malicious node in the network by
eliminating the false route entry.
3. Wormhole Attack
The wormhole attack is one of the most severe threats in WSN. Generally, two or
more malicious nodes create a private route is called tunnel. Here the attackers are
directly connected to each other’s, so that they can communicate at a high speed over the
networks with other nodes. A wormhole attacks can be freely carried out against routing
in the sensor networks. Thus, most of routing protocols do not have any mechanism to
prevent against it [11]. In other words, when the wormhole attacks occur, it is dropping all
the packets and cause network interruption. It also acts as a spy on the packets and uses
the large amount of collected information to break any network security. Wormhole attack
is also used in the form of merging of selective forward and Sybil attack [12].
Figure 1. Wormhole Attack in WSN.
34 A Review on Wormhole Attacks in Wireless Sensor Networks
In Figure 1, the data packet accepted Node D from Node A and vice versa.
3.1 Types of Wormhole Attack
Here, we categories the wormhole attack established on the several techniques.
Numbers of nodes are participating for establishing the way to establish it wormhole into
following types [15].
• Using packet encapsulation: In this type, the no of data packet and node are
encapsulated between two nasty nodes.
• Using out-of-Band channel: In this type, only single nasty node is occurring with
the high speed of communication scope.
• Using packet Relay: In this type, the nasty node gives replays to all data packets
between the sender and receiver nodes. Finally, the duplicate node is created by
nasty node.
• Using protocol Distortion: In this type, here single nasty node is tries for cracking
the attack, which is attack by the routing protocol.
3.2 Routing Protocols for Wormhole Attack
Most of the routing protocols are used in WSN. Here we discussed mostly used
routing protocols. The routing protocols are divided into two types: Proactive and
Reactive [16]. AODV, Secure-AODV and DSR are proactive routing protocols where as
DSDV, OLSR, OSPF are Reactive routing protocols.
3.2.1 AODV ROUTING PROTOCOL: The Ad-Hoc On-Demand Distance Vector
(AODV) is frequently used protocol in Wireless Sensor Network. It is also known as
dynamic reactive routing protocol [17][18], that automatically route is created on call
support. When a sender node sends a data packet to receiver node, at that time node uses
its Routing Table. If it gets recent route, then send data packet from source to destination.
If it does not get the recent route, then the node uses the route discovery process. In
AODV route discovery process has two control messages i.e. Route Request (RREQ) and
Route Reply (RREP). To deter mine the fresh route both control messages are used. After
completing the route discovery process, the sender node and receiver node can be
connected the data packets between them.
Figure 2. Routing protocols.
IJICTDC 2019 35
3
Figure 3. Connected autonomous system.
.3.2.2 SAODV Routing Protocol: AODV protocol on extension leads to SAODV
protocol [19]. This has a greater utility in the security to protect the route discovery
mechanism. From desirable asymmetric cryptosystem, each node has a couple of
signature key and it is well able to verify the assumption between given address and
public key of the same node. So SAODV has the task of key management scheme [20].
3.2.3 Dynamic Source Routing Protocol (DSR): DSR protocol is used to update the
cache memory of route by route discovery process. It updates the information about all
links between the source and destination node. In order to transmit data, a well-defined
route is considered by the route discovery process for node. This motive is achieved in
two ways i.e. Route Discovery Process and Route Maintenance Process.
• Route Discovery process: When a sender node wants to data sending process with
another node in the network, it must go through its route cache. In case of
unavailability of routes between the receiver and sender than route is discarded, and it
broadcast Route Reply (RREP). RREP is generated, when the receiver node or any
intermediate node has got the recent route to the receiver node [21].
• Route Maintenance Process: With the initiation of data transmission process, it is
the task of sender node to confirm that very next hop received both the data and
transmit the route to receiver. In case sender didn’t get a confirmation message than it
generates route error message. After that the hop again starts the route discovery
process.
3.2.4 Destination Sequenced Distance Vector Routing Protocol (DSDV): As per the
theory of Bellman algorithm, DSDV is a table-driven routing program. Here the authors
describe the concept of routing loop problem using their algorithmic this algorithm
routing table store the sequence number. Basically, the sequence number is used even
number for the active network and odd number for inactivate network. More sending
issues occurs, when the routing information circulated among inactive node [22].
3.2.5 Optimized Link State Routing Protocol (OLSR): Optimized Link State Routing
Protocol (OLSR) is an IP routing protocol [23], which is optimized for mobile ad hoc
networks and used for other ad hoc networks. It is proactive routing protocol, which uses
hello and topology control (TC) messages to identify and transmission link over the
network. Here Individual each node uses this topology information to calculate the next
hop destinations using shortest hop forwarding paths for all nodes in the networks.
3.2.6 Open Shortest Path First: Here link-state routing protocol is used to find the least
–cost path from a source node to a destination node within a group of nodes. As shown in
Figure 3, a group of routers using the same routing protocol for all introduced to an
autonomous system (AS). Upon joining the AS, a node uses the hello protocol to discover
neighboring nodes. Then it forms adjacencies with its new neighbors to exchange routing
information [24]. Above all, it is faulty for every node on a network connect to all other
node of the network. To avoid this situation, one node is treated as the destination node. It
36 A Review on Wormhole Attacks in Wireless Sensor Networks
is said to be neighboring node to all the other nodes on its network and exchanges
information with them.
Neighboring nodes that are not adjacent do not exchange information with each other.
A backup designated node is always kept up to date to ease the transaction so that if the
primary designated node crash can be replaced immediately. At the time of regular
process, each node repeatedly floods LINK STATE UPDATE messages to each of its
neighboring nodes. This message indicates its state and provides the cost, which is used in
the topological database. When flooding message are proved acknowledgement that
means system is reliable. a node can check whether the incoming link state update is older
or newer using sequence number and nodes also send these messages when a line goes up
or down or its cost changes.
Database description messages provide the sequence number for all the link state
entries which is held by sender. When the value is comparing with the sender, then
receiver can resolve the most recent values. These messages are used when a line is
delivering. Otherwise partner can request link state information from the other one by
using LINK STATE REQUEST messages. The result of this algorithm is that each pair of
neighboring nodes detects the most recent data and new information is transmitted on this
way [25][26].
4. Detection Approaches of the Wormhole Attack
In WSN, last few years several researchers have worked on detecting wormhole
attacks. Here we discuss the different technique of intrusion detection system for
wormholes attack and categorized the different technique in ascending order from year
2013 to 2016.
In [27], a wise solution is prescribed to eradicated wormhole attacks for ad-hoc
network by providing directional antenna to the nodes. Node uses the definite regions of
their antenna in establishing connection among them. Each pair of nodes has evaluated
the direction of receiving the information from either. Hence relation between consecutive
neighbors is established only if the direction of information flow of both the nodes is in
arrangement with one another. This additional information enables wormhole discovery
and introduces the network fluctuation. So that it can be smoothly spot.
In [28], the authors’ proposed a simpler tool known as “Packet leashes” accordance
with the concept of geographical and temporal leashes. The information provided to the
packets that controls the transmission distance called Leashes. The distance of sender and
the receiver is specified by the geographical leash. When the receiving nodes get the
packets, it calculates the distance and time of the transmission. The receiver analyzes now
on comparing this information can detect whether the packet has passed through
wormhole attacks or not. The temporal leash confirms that the packet has some limitation,
which is determine the distance it can cover the most. In this technique the position of
node is not that important rather than time factor plays an important role. It can access the
time calculation and its comparison up to an order of nanosecond. On each packet, the
sender mentions an authorized time bar, which is compared by the receiver and the packet
transmission distance is simply given by the product of velocity of lights and transmission
time. In case of a large time difference it indicates the presence of wormhole.
In [29], the authors put forward a “graph theoretical” approach to prevent wormhole
attacks. This concept is purely established on the “Location Aware Guard Node”
(LAGNs). When the key establishment process is used for detecting wormhole attack and
it also used the decoded message. If same message is heard from one guard or two
LAGNs are heard from different far away LAGNs then wormhole is detected.
IJICTDC 2019 37
3
In [30], the authors proposed that wormhole attacks in stationary sensor network are
investigated using network visualization. In this method, the signal strength determines
the distance. Each sensor conveys this information to the central controller. The
controllers compute the networks physical topology using sensor predicted distance. If a
wormhole attack is present then it is seen that a string pulling the network terminals, if not
then the topology is flat.
In [31], the authors adopted lightweight countermeasure for wormhole attack called
LITEWORP and this result has advantages of very quick detection of wormhole attacks
and the loss of fraction of packets is very less.
In [32], here the author’s emphasis on the “round –trip travel time” (RTT) message,
which provides the maximum times require for the transmission. When this time is
multiplied with speed of lights it gives the distanced travelled. Now this distance is to be
compared with the predicted distance. If there is a large difference, then it threats
wormhole attacks.
In [33], the authors describe that, wormhole attacks in found in multipath routing. In
case of new root requirements source excess the network with route request (RREQ) and
response is waited. The intermediate node only passes away this route request (RREQ).
On the same time the receiver will wait to get route after getting route request (RREQ).in
this paper a new technique called Statistical Analysis of Multi-path (SAM) is introduced
that use Pmax and θ which are higher if wormhole attack is present. Pmax gives the
probability of the routes out of all possible route and θ(theta) is the difference between top
two frequently papered links. If a wormholes attack is more than PMF (probability mass
function) then it gives high frequency. Here authors also analysis the multipath routing
and DSR with fine comparisons.
In [34], “a hello control message” is used to detect wormhole attacks as consent with
OLSR in particular. He used the aggregate of Hello Message Time Interval (HMTI) that
lie within a jitter. A ranger= [T-℧, T+℧] is coated. In range HMTI are considered valid or
else it is out of set of rules. In case of unusual HMTI secondary checks are done. In
addition to this an untrue positive alarm in negated in case of weak working node which
has many packets, but this is not the case of and attacking node.
In [35], the authors implemented Delay per hop indication (DelPHI) to identify
wormhole attacks. It is also work on the same principle of comparison of path time
distance and predicted distance. This process works in two phases, first is collection of
route path by the receivers and senders include a DREQ packets like the concept of SAM
and sign it before sending. On the getting the packet the receiver must include its ID and
increase the hop count by 1.the minimum delay and hope count information are utilized
for the minimum detection. In the second phase, “Round –Trip Travel Time” (RTT) is
used for the time difference between the sent information and acknowledgement received.
In this process the delay per hop value (DPH) is calculated as RTT/2h, where h is the hop
count to the definite consecutive. In normal case tiny hops have tiny RTT where as in case
of wormhole attack the tiny hops are giant RTT. If one delay per hop value (DPH) crosses
the threshold value, then all paths next to this treated as under wormholes attacks
In [36], the authors used a unique technique of radio finger printing. It initiates with
the radio signal receiving by the fingerprinting device and then the signal is converted to
the digital form. The signal passing is positioned, and its characteristics are described. A
set of characters from fingerprints is later used for apparatus identification.
In [37], the authors proposed, after sending the RREQ, the source waits for the RREP.
Out of the number of RREP received by the source. The RREP with highest frequency is
compare with the threshold value. If the packet drop number is greater than packet sent,
then it implies that wormhole is present.
38 A Review on Wormhole Attacks in Wireless Sensor Networks
In [38], the authors proposed that, two plot nodes are connected by tunnel such as
they are neighbors. The RREQ (Route request) and topology control messages (TCM) are
convey among these plot nodes through tunnels. By using the extra tunnel nodes, these
nodes have the shortest path. After the link is establishing, the attacker selects one another
as multipoint relays (MRPs). As result few topologies control messages and data packets
are leaked through the tunnel. As consequence false topology information is spread
through the networks.
In [39], the author’s proposed a trust-based model for detection in wireless sensor
networks. In trust-based system, each node has some values, which is called trust value.
By using this trust values the source node is calculated the suitable path to the destination
node. At the time of transmission in which number of packets drop ratio is high means
trust value is less and wormhole attacks is present in the network. If the trust value is high
means, all the packets which is received by the destination, it indicates that the
neighboring node of a source node have high trust level is present in between source to
destination.
In [40], the author’s proposed a distributed intelligent agent-based system. Here the
ambition is the use of generalized IDS (Intrusion Detection System) framework which is
so lightweight that it can run on the sensors node and it identifies the wormhole attacks
along with its attackers. When that attacker’s node is found in the network, then it is
informed with an indication message. After that each node makes their conclusion on the
base of consecutive node repeat.
In [41], it is assumed that behaviors of a node are control by its consecutive nodes. A
node uses its neighbor node to send RREQ (Route Request) message to the destination
node. If the sender didn’t get RREP (Route Reply) message within predicted time, then
sender conclude the presence of wormholes attack and enclose this route in the list of
wormhole attacks list. A conjugative node that is managed by every node that consists of
RREQ sequence number, Neighbor node ID, sending & receiving time of RREQ. The
maximum time limit equal to WPT/2 is waited by the sender if RREQ is delayed more
than thus it indicates the wormhole attacks and entirely it doesn’t support DSR Routing
protocol.
In [42], Al the sender’s nodes wait for ACK (Acknowledgment) message. If ACK
message is not received then the next node is attack, which is wormhole attacks. ACK
message should not retrace the path and sent between the separation by two hops. Now
Time to Live (TTL) plays a great role since the path is different. If the ACK message is
not received within TTL then wormhole attacks are detected.
In [43], the authors used two step mechanism for the detecting the wormhole attacks.
The first steps consist of two methods. In the first method, the node and his next node are
identified by using Round-trip-Time (RTT) and in the second method their list is made
and if the destination node is not in that list then it is doubt full in nature. In the second
step mechanism, after detection of doubt full link the attack is concluded using RTS/CTS
method.
In [44], the authors used AODV and DSR routing protocol. Here also a Trust based
security model is used for detecting intrusion. This model has been introduced to identify
the attacks, which is called statically method. If any connection is found to be doubtful,
then available trust information is used to check the wormhole or not. In the trust model
used, nodes monitor neighbours based on their packet drop pattern and not on the measure
of number of drops. If any node is found to be doubt then stock trust information is used
to identify the node, whether the node is affected by wormhole attack or not. In this
model, every node monitors his neighbour node based on their packet drop pattern.
IJICTDC 2019 39
3
In [45], the authors proposed Digital investigation for detecting wormhole attacks in
wireless sensor networks. WSN is explained that add generation and protects flow of
evidences about sensors node characteristics in the network. A group of detective nodes
are spread over the networks to controls the topology and datagram passing by sensor
nodes. Observation node and base station node jointly forms different WSN networks
called observation network. Frequency bands are used to establish link between observers
and the base station, but this is not supported by sensors node. The detection sensitivity of
sensor node is less than the observer.
In [46], the authors proposed a 'conflicting-set' for each node is made to filtering the
false measurement of distance but its biggest limitation was that, it works only where
there is no packet loss but when attackers’ attacks then the Packet drops is certain to
happen. So, the system is under a wormhole attack.
In [47], the authors proposed a model, which create a cluster using no of nodes in
MANET. In this paper various data structure are explained and algorithm is also
proposed. Here two layers are mention in the cluster, where one node is treated as cluster
head among several nodes. When a node is affected by a wormhole attack in the layer1,
then which informs to the cluster head of layer1.After that cluster head of layer1 will
informs the cluster head of layer2 about the malicious node. So that cluster head of layer2
indicate the message to all the cluster head of layer1, then the cluster head of layer1
inform the messages to their respective node within their cluster.
In [48], the authors proposed localization-based systems, which are vulnerable to
wormhole attacks as they manipulate the localization method to prevent the wormhole
attack, a 'distance-consistency-based secure location' scheme was implemented, this
works on the detection, exact location and trapping of wormhole attacks
In [49], the authors used a technique that involves two ways to detect the wormhole
attacks. In the first way algorithm uses hop counting method, rebuilt local maps at every
node and then a diameter features to identify by the problems due to wormhole attacks.
The evaluated round trip times (RTT) between the consecutive nodes are used to compare
in the second way. Its advantages that, it doesn’t need an additional hardware for this, and
it consume less energy as well.
In [50], the authors proposed that attackers may record the location of packets in
WSN and send them to one more location and again transmit them in to the network.
When it found the roots, the wormhole detection process is going on, which counts
difference between the neighbor node to another node? If the difference is more than the
destination node detect the wormholes.
In [51], the authors proposed the statistical analysis to detect wormhole attacks in
wireless sensor networks. Here the proposed algorithm is categories by three parties
i. Statistical Analysis Method, which is used for routing information for
detecting the wormhole attacks.
ii. Determination of the Vulnerable Wormholes.
iii. Time Constraints is used for validation in wormhole attacks.
It uses multi-path routing, time constraints and statistical analysis to verify the
vulnerable connection. It doesn’t need time synchronization, directional antenna and GPS.
In this method it can wormhole attacks with high quality of accuracy.
In [52], the authors propose the security emerges as a centrally in MANET. The
applications of MANET were deployed in various fields. Wormhole attack is one of the
serious attacks, which is smoothly resolved in networks but tough to observe. It is
possible even if the intruder has not negotiated at any situation and rest of all
communication gives security, novelty, authenticity and confidently.
40 A Review on Wormhole Attacks in Wireless Sensor Networks
In [53], the author’s addresses several types of sensor nodes and many layer attacks
must be present in the network. Wormhole attack is one of the severe attacks, which is
smoothly resolved in networks but tough to observe. Here the authors proposed a method,
which is used the Mint route protocol.
In [54], the authors address the multiple –hop Mobile ad hoc networks which
establish the routes involving with each node acting as a host and router. The wormhole
attack was serious issues in multi-hop ad hoc networks. Here the author’s uses a technique
to detect wormhole attacks without using special hardware and/or strict location or
synchronization requirements. The basic thing is to find another way from source to next
hop and finally it calculates the no of hops for detecting wormholes attacks.
In [55], it uses packet encapsulation technique. Here packets are encapsulated in
AODV protocol. In this technique, less hop count is created, and it is compared to other
normal links. MLDW maintain a big structure, which is divided by 04 parts i.e.
i. Examination layer.
ii. Disclosure layer.
iii. Reorganization layer.
iv. Segregation layer.
Here the First three layers work as a Detector and last layer works as a Preventer for
wormhole attacks in MANET using AODV protocol.
In [56], the author’s proposed a technique, which is gives secure data transmission
using neighbor node analysis concept to detect wormhole attacks in MANET. This
technique analyzes the neighboring nodes .so that it checks the reliability of the nodes for
data transmission on the network, according to this technique, a node sends a request to its
neighbor nodes and it maintain the request and response system. Here node maintains a
table for tracing the time out. If a node doesn’t get the reply time that means attacks
occurs in the network. The entire node from source to destination is analyzed to detect the
wormholes attack using AODV protocol in MANET.
In [57], the authors propose a technique, which is liable to detect wormholes attacks
in MANET using analysis of the misbehaving nodes concept. According to the authors,
the proposed technique is concentrated on the detection of the misbehaving nodes and
prevention of the wormhole attacks. The route discovery process is used, which is a
sender node want to data sending process with another node in the network, it must go
through its route cache. In case of unavailability of routes between the receiver and sender
than route is discarded, and it broadcast RREP (Route Reply). RREP (Route Reply) is
generated, when the receiver node or any intermediate node has got the recent route to the
receiver node. Another important is that DSR protocol is used to detect the nodes and the
route which contains the misbehaving nodes are simple discarded and not including into
the routing table of DSR. Here three important parameters are used for evaluating the
network performance i.e. Jitter, Throughput and Delay
In [58], here the authors used a General mechanism, which is used without hardware.
It explains the details about packet detection technique. That packet holds the information
of localization and clock synchronization for detecting affected node in MANET.
Detection Packet has four fields: Total Hop Count, Processing Bit, Count to Reach Next
Hop and Timestamp. This fields are added to the header of Detection packet.
In [59], the authors proposed a Normalized Wormhole Local Intrusion Detection
Algorithm, which is up gradation version of Local Intrusion Detection Routing Security in
MANET. In this technique an intermediate neighbor node are uses discovery mechanism
process and packet drop calculator. Based on the isolation technique, at the time of
IJICTDC 2019 41
3
transmission over the network, where each node received packet for the confirmed
Wormhole nodes.
Table1. Summary of wormhole detection approaches.
Researcher
Year
Method
Tools
Protocol
Requirements/
Commentary
H.Lu,D.
Evans [27]
2003
Directional
Antenna
-
Directional
neighbor
discovery
protocol
Directional antennas on all
nodes with both GPS and
Directional antenna
Y.C. Hu and
D.B.Jhanson[28]
2003
Packet
leashes and
end-to-end
NS2
TIK protocol
GPS Coordinator and
Loosely Synchronized clock.
L.lazos,
R.poovendram[29]
2004
Localization
-
-
Based on location aware
‘guard nodes’ (LAGNs), not
applicable to MANET
w.Wang and
B.Bhargava[30]
2004
Network
visualization
-
-
Centralized control, seems
promising, works based on
dense networks, mobility is
not studied
Issa Khalil, Saurabh
Bagchi, Ness B. Shroff
[31]
2005
LITEWORP
NS2
Key
management
protocol
Applicable only in static
networks,
A. Baruch, R. Curmola,
C. Nita-Rotaru, D.
Holmer, H. Rubens [32]
2005
Time of flight
NS2
ODSBR
Hardware enabling one-bit
messages and immediate
reply without CPU
involvement
N. Song, L. Qian, X.
Li.[33]
2005
Statistical
Approaches
NS2
MR and
DSR
Works only with multipath
on demand protocol
H.S. Chiu and K. Lui [35]
2006
Delphi
NS2
AODV
Not considered
K.B. Rasmussen and S.
Capkun [36]
2007
Radio
Fingerprinting
-
-
Fingerprinting Devices is
needed.
Khin Sandar Win.[37]
2008
DAW
NS2
DSR, LF
analysis
Delay Parameter
S. Choi, D. Kim, D. Lee,
J. Jung [41]
2008
WAP
CBR
DSR
Maximum transmission
distance is calculated
H. Vu, A. Kulkarni, K.
Sarac, N. Mittal [43]
2008
WORMEROS
-
-
Time synchronization is
required. Topological change
is not considered
M.S. Sankaran, S.
Poddar,
P.Das [44]
2009
SAW
-
AODV
Not considered
H. Chen, W. Lou, X.
Sun, and Z. Wang [48]
2010
Secure
localization
NS2
Conflicting the set-based
resistance localization,
Distributed detection system
Gupta S, Kar S,
Dharmaraja[50]
2011
WHOP
NS2
WHOP,
AODV
Do not require any hard
support and clock
synchronization
C.P.vandana,A.F.S.Devraj
[55]
2013
MLDW
NS2
AODV
It does not require any
specialized hard support and
clock synchronization
R.singh,J, Singh
,Ravindar Singh [61]
2016
WRHT
NS2
AODV
It based on the combination
of two techniques, i.e.
Watchdog and Delphi.
42 A Review on Wormhole Attacks in Wireless Sensor Networks
In [60], the authors proposed technique, which is based on Hash based Compression
Function (HCF). It is basically used for secure hash function to calculate the value of hash
field for route request (RREQ) passes over the networks. Here AODV routing protocol is
used. As per the authors. Source node starts the route discovery process for searching the
destination node. Then the source node compute the Hash based Compression Function
(HCF) and compute the value of hash field with route request (RREQ) and it passes to his
neighboring node. If the value of neighboring node is same to the value of destination
node. At that situation the destination node receives the no of route request (RREQ).
Finally, the destination node implement the Hash based Compression Function (HCF)
concept. Otherwise the others intermediate node between source to destination, they will
implement Hash based Compression Function (HCF) hash fields and passes to its next
node. If the calculated hash value is compared to append hash value and gets the same
result, then the destination node sends back route reply (RREP) message to the source.
Otherwise if calculate the hash value is not same with the append hash value then the
destination node detects the route request (RREQ) and it treated as affected node by
wormhole attackers.
In [61], the authors used a hybrid technique “Wormhole Resistant Hybrid Technique
(WRHT)”. It based on watchdog and Delhi Concept. It gives information about the packet
drop and the delay per each hop and used for the full phase route process in wireless
sensor network. Here the authors build up method which is used for wormhole detection
in every sensor device with low costs. WHRT is an extension version AODV routing
protocol. The proposed method is to allow for calculating the wormhole presence
probability (WPP) for a path in addition to hop count information in the source node over
the sensor networks. During the route discovery process, per hop time delay probability
(TDPH) and Time delay probability (TDPP) is calculated for detecting wormhole attacks.
In the next part of the WHRT, another parameter is calculated, which is called per hop
packet loss probability (PLPP). The values of PLPP and TDPP are used for decision
making, whether a path P is affected by wormhole attacks or not. So that the routing
protocol AODV is taking correct way for the transmission over the sensors network.
We presented several wormholes detection approaches and their countermeasures in
WSNs. Here we summarized the few important detection approaches of wormhole
attacks. In Tables 1, the most important detection methods and requirements are
elaborated in sequentially with respect to year.
5. Conclusion
Wormhole attacks in WSNs are one of the brutal attacks that can be implemented
easily in sensors networks. In this paper numbers of methodologies are discussed for
detecting wormhole attack. However, it is not less information. Therefore, we
believe that the analysis on this paper is helping us for developing the new method
to detect wormhole attacks in WSN. Finally, by evaluating the positive and negative
aspects of all existing techniques, till date open research challenges studied are
required for detection wormhole attacks.
References
[1] Y. Z Wang and M. L. Her, On Compact microstrip bandstop filters using stepped impedance resonator
and spur-line sections, IEE Proc. Microw. Ant. Propag. London., vol. 153, (2006), pp. 435-440.
[2] M. Tiwari, K.V. Arya, R. Choudhari, K. S. Choudhary, Designing Intrusion Detection to Detect Black
hole and Selective Forwarding Attack in WSN based on local Information, Fourth International
Conference on Computer Sciences and Convergence Information Technology, (2009).
IJICTDC 2019 43
3
[3] E. N. Huh and T. H. Hai, Lightweight Intrusion Detection for Wireless Sensor Networks. Intrusion
Detection Systems, p.233, (2011).
[4] J. Du, J. Li, A Study of Security Routing Protocol for Wireless Sensor Network, International
Conference on Instrumentation, Measurement, Computer, Communication and Control, (2011).
[5] F. Bao, I. Ray Chen, M. Jeong Chang, and J.-Hee Cho, Hierarchical Trust Management for Wireless
Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection, IEEE
Transactions On Network And Service Management, June, (2012).
[6] M. A. Rassam, M. A. Maarof and A. Zainal, A Survey of Intrusion Detection Schemes in Wireless
Sensor Networks, American Journal of Applied Sciences, (2012).
[7] W. R. P. J´unior, T. H. de Paula Figueiredo, H. C. Wong, A. A.F. Loureiro, Malicious Node Detection in
Wireless Sensor Networks, Proceedings of the 18th International Parallel and Distributed Processing
Symposium (IPDPS’04), IEEE (2004).
[8] V. K. Jatav, M. Tripathi, M S Gaur and V. Laxmi, Wireless Sensor Networks: Attack Models and
Detection, 2012 IACSIT Hong Kong Conferences IPCSIT vol. 30 (2012) © (2012) IACSIT Press,
Singapore
[9] A. Paula R. da Silva, M.H.T. Martins Bruno, P.S. Rocha, A. A.F. Loureiro, L. B. Ruiz, H. C. Wong,
Decentralized intrusion detection in wireless sensor networks, Proceedings of the 1st ACM International
Workshop on Quality of Service and Security in Wireless and Mobile Networks, (2005).
[10] G. Saravanan, P. R. Patil, M.R. Kumar, Survey on Intrusion Detection System in Heterogeneous WSN
Using Multipath Routing, IOSR Journal of Computer Engineering (IOSR-JCE), vol 16 (2), Ver. I Mar-
Apr, (2014), pp. 26-31.
[11] U. Ghugar, J. Pradhan, M. Biswal A Novel Intrusion Detection System for Detecting Black Hole
Attacks in Wireless Sensor Network using AODV Protocol, IJCSN International Journal of Computer
Science and Network, vo. 5 (4), August, (2016).
[12] Y.Sabri, N.E. Kamoun, GRPW-MuS-s: A Secure Enhanced Trust Aware Routing against Wormhole
Attacks in Wireless Sensor Networks, Communications on Applied Electronics (CAE) - ISSN : 2394 –
4714. 2016.
[13] M. Singh and R. Das, A Survey of Different Techniques for Detection of Wormhole Attack in Wireless
Sensor Network, International Journal of Scientific and Engineering Research 3(10), October (2012).
[14] A. Bharathidasan and V. A. S. Ponduru, Sensor Networks: An Overview, Technical Report, Dept. of
Computer Science, University of California at Davis (2002).
[15] M. Tubaishat and S. Madria, Sensor networks: an overview, IEEE Potentials, vol. 22, pp. 20-23, (2003).
[16] P. Maidamwar and N. Chavhan, A Survey on Security Issues to Detect wormhole Attack in Wireless
Sensor network, International Journal on Ad Hoc Networking Systems (IJANS) vol. 2 (4), pp.37-50.
[17] R.H. Khokhar, Md. A. Ngadi, S. Manda, A Review of Current Routing Attacks in Mobile Ad Hoc
Networks, International Journal of Computer Science and Security, 2 (3), pp. 18-29, 2008.
[18] K. A. Jalil, Z. Ahmad, J. L. A. Manan, Mitigation of Black Hole Attacks for AODV Routing Protocol,
International Journal on New Computer Architectures and Their Applications (IJNCAA) The Society of
Digital Information and Wireless Communications, vol. 1(2), pp.336-343.
[19] V. Kumar, Simulation and Comparison of AODV and DSR Routing Protocols in MANETs, Master
Thesis (2009).
[20] S. Lu and L. Li, SAODV: A MANET Routing Protocol that can Withstand Black Hole Attack,
International Conference on Computational Intelligence and Security, (2009).
[21] M.G. Zapata, Secure Ad hoc On-Demand Distance Vector Routing, ACM SIGMOBILE Mobile
Computing and Communications Review. Jun, (2002), vol, 6(3), pp.106-107.
[22] C. Zhu, M. J. Lee, T. Saadaw, RTT-Based Optimal Waiting Time For Best Route Selection In Ad Hoc
Routing Protocols, IEEE Military Communication Conference, Vol.2 Oct, (2003), pp1054-1059.
[23] K.U.R Khan, A.V. Reddy, R.U. Zaman, K.A Reddy, T.S Harsha, An Efficient DSDV Routing Protocol
for Wireless Mobile Ad Hoc Networks and its Performance Comparison, Second UKSIM European
Symposium on Computer Modeling and Simulation, India, (2008), pp. 506-511.
[24] B. Kannhavong, H. Nakayama, Y. Nemoto, N. Kato, A Survey Of Routing Attacks In Mobile Ad Hoc
Networks, IEEE Wireless Communication, vol. 14(5), October, (2007).
44 A Review on Wormhole Attacks in Wireless Sensor Networks
[25] A. Verma and N. Bhardwaj, A Review on Routing Information Protocol (RIP) and Open Shortest Path
First (OSPF) Routing Protocol. International Journal of Future Generation Communication and
Networking, vol. 9(4), (2016), pp. 161-170.
[26] U. Ghugar, J. Pradhan, Intrusion Detection System in Wireless Sensor Networks for Wormhole Attack
Using Trust-Based System, Handbook of Research on Information Security in Biomedical Signal
Processing, IGI Global, (2018).
[27] E. Kaffashi, A. Mousavi, H. Rahvard, A new attack on link-state database in open shortest path first
routing protocol. Journal of Electrical and Electronic Engineering, (2015); vol. 3(2-1), pp. 39-45.
[28] L. Hu, D. Evans, Using Directional Antennas to Prevent Wormhole Attacks, 14 Proceedings of the 11th
Network and Distributed System Security Symposium, pp. (2003).
[29] Y. C. Hu, A. Perrig, D. B. Johnson, Packet Leashes: A Defense Against Wormhole Attacks in Wireless
Networks, inProc. of IEEE -INFOCOM, (2003), pp. 1976-1986, vol.3
[30] L. Lazos and R. Poovendran, Serloc: Secure Range-Independent Localization for 21- 30, Wireless
Sensor Networks, Proceedings of the ACM Workshop on Wireless Security, pp. October, (2004).
[31] W. Wang, B. Bhargava., Visualization of wormholes in sensor networks, Proceedings of the 2004 ACM
workshop on Wireless Security, pp. 51-60, (2004).
[32] I. Khalil, S. Bagchi, N. B. Shroff, LITEWORP: A Lightweight Countermeasure for the Wormhole
Attack in Multi hop Wireless Networks, Proceedings of the 2005 International Conference on
Dependable Systems and Networks (DSN’05).
[33] A. Baruch, R. Curmola, C. Nita-Rotaru, D. Holmer, H. Rubens, On the Survivability of Routing
Protocols in Ad Hoc Wireless Networks. Convergence on Security and Privacy for Emerging Areas
Communications, Secure Comm 2005, September, (2005).
[34] N. Song, L. Qian, X. Li, Wormhole Attacks Detection in Wireless Ad Hoc Networks: A Statistical
Analysis Approach. In Proceedings of the 19th IEEE International Parallel and Distributed Processing
Symposium, pp. 8-15, (2005).
[35] M.A. Gorlatova, P.C. Mason, M. Wang, L. Lamont, R. Liscano, Detecting Wormhole Attacks in Mobile
Ad Hoc Networks through Protocol Breaking and Packet Timing Analysis. In IEEE Military
Communications Conference, pp. 1-7, (2006).
[36] H.S. Chiu and K. Lui, DelPHI: Wormhole Detection Mechanism for Ad Hoc Wireless Networks. In
Proceedings of International Symposium on Wireless Pervasive Computing, pp. 6-11, (2006).
[37] K.B. Rasmussen and S. Capkun, Implications of radio fingerprinting on the security of sensor networks,
Third International Conference on Security and Privacy in Communication Networks and the
Workshops, pp. 331-340, Sep, (2007).
[38] K. S. Win., Analysis of Detecting Wormhole Attack in Wireless Networks, World Academy of Science,
Engineering and Technology, 48, pp. 422-428, (2008).
[39] F. Nait-Abdesselam, B. Bensaou, T. Taleb, Detecting and Avoiding Wormhole Attacks in Wireless Ad
hoc Networks, IEEE Communications Magazine, 46 (4), pp. 127 - 133, (2008).
[40] S. Özdemir, M. Meghdadi, and Ý . Güler, A time and trust-based wormhole detection algorithm for
wireless sensor net- works, (manuscript in Turkish), in 3rd Information Security and Cryptology.
[41] I. Krontiris, T. Giannetsos, and T. Dimitriou, “LIDEA: A distributed lightweight intrusion detection
architecture for sensor networks, in SECURECOMM ’08: Fourth International Conference on Security
and Privacy for Communication Networks, Istanbul, Turkey, September 22- 25, (2008).
[42] S. Choi, D. Kim, D. Lee, J. Jung, WAP: Wormhole Attack Prevention Algorithm in Mobile Ad Hoc
Networks. In International Conference on Sensor Networks, Ubiquitous and Trustworthy Computing, pp.
343-348, (2008).
[43] S. Ö zdemir, M. Meghdadi, Ý . Güler, A time and trust-based wormhole detection algorithm for wireless
sensor networks. In 3rd Information Security and Cryptology Conference (ISC'08), pp. 139-142, (2008).
[44] H. Vu, A. Kulkarni, K. Sarac, N. Mittal, WORMEROS: A New Framework for Defending against
Wormhole Attacks on Wireless Ad Hoc Networks. In Proceedings of International Conference on
Wireless Algorithms Systems and Applications, LNCS 5258, pp. 491-502, (2008).
[45] M.S. Sankaran, S. Poddar, P.S. Das, S. Selvakumar, A Novel Security Model SaW: Security against
Wormhole attack in Wireless Sensor Networks. In Proceedings of International Conference on PDCN,
(2009).
IJICTDC 2019 45
3
[46] B.Triki, S. Rekhis, and N. Boudriga, Digital Investigation of Wormhole Attacks in Wireless Sensor
Networks, Eighth IEEE International Symposium on Network Computing and Applications, (2009).
[47] H. Chen, W. Lou, and Z. Wang, Conflicting-set-based worm- hole attack resistant localization in
wireless sensor networks, Book Chapter Lecture Notes in Computer Science − Ubiquitous Intelligence
and Computing, vol. 5585, (2009), pp. 296−309.
[48] D.B. Roy, R.Chaki, N.Chaki, A New Cluster-based Wormhole Intrusion Detection algorithm for Mobile
Adhoc Networks, International Journal of Network Security & Its Applications (IJNSA), vol. 1 (1),
April, (2009).
[49] H. Chen, W. Lou, X. Sun, and Z. Wang, A secure localization approach against wormhole attacks using
distance consistency, EURASIP Journal on Wireless Communication and Net- working- Special Issue
on Wireless Network Algorithms, Systems and Applications, pp.22−32, (2010).
[50] B. Prasannajit, Venkatesh, S. Anupama, K. Vindhykumari, S.R. Subhashini, G. Vinitha, An approach
towards Detection of Wormhole Attack in Sensor Networks, First International Conference on
Integrated Intelligent Computing (ICIIC), (2010), pp.283-289.
[51] S. Gupta, S. Kar, Dharmaraja, WHOP: Wormhole Attack Detection Protocol using Hound Packet, IEEE
International Conference on Innovations in Information Technology, (2011).
[52] Z. Zhao, B. Wei, X. Dong, L.Yao, F.Gao, Detecting Wormhole Attacks in Wireless Sensor Networks
with Statistical Analysis”,International Conference on Information Engineering(ICIE), (2010).
[53] B. Kadhiwala and H.Shah, Exploration of Wormhole Attack with its Detection and Prevention
Techniques in Wireless Ad-hoc Networks, International Conference in Recent Trends in Information
Technology and Computer Science (ICRTITCS), (2012).
[54] K.patel, T.Manoranjitham, Detection of wormhole attack in wireless sensor network, International
Journal of Engineering Research & Technology (IJERT) (2013).
[55] D.S Kushwaha, A.Khare, J. L.Rana, Improved Trustful Routing Protocol to Detect Wormhole Attack in
MANET, International Journal of Computer Applications (0975 – 8887) vol. 62(7), January, (2013).
[56] C.P.Vandana, A.F.S. Devraj, MLDW-a Multilayered Detection mechanism for Wormhole attack in
AODV based MANET , International Journal of Security, Privacy and Trust Management. Vol. 2 (3),
June (2013).
[57] S.Goyal and H.Rohil, Securing MANET against Wormhole Attack using Neighbor Node Analysis,
International Journal of Computer Applications (0975 – 8887), vol. 81 (18), November, (2013).
[58] Y. Singh, A.Khatkar, P.Rani, Wormhole Attack Avoidance Technique in Mobile Adhoc Networks,
Third International Conference on Advanced Computing & Communication Technologies, Rohtak, 6-7
April (2013).
[59] P.Nayak, A.Sahay, Y.Pandey, Detection and Prevention of Wormhole Attacks in MANETs using
Detection Packet”, International Journal of Scientific & Engineering Research, vol. 4 (6), June-(2013).
[60] N.Choudhary and S.Agrawal, Analysis of Worm-Hole Attack in MANET using AODV Routing
Protocol, SSRG International Journal of Electronics and Communication Engineering (SSRG-IJECE),
vol. 1 (10) 2014, pp. 1-6.
[61] A.Patel, N.Patel, R.Patel, Defending Against Wormhole Attack in MANET, Fifth International
Conference on Communication Systems and Network Technologies, (2015), pp. 674-678.
[62] R.Singh, J. Singh, R. Singh, WHRT: A Hybrid Technique For Detecting Of Wormhole Attack in
Wireless Sensor Networks, Mobile Information Systems, Hindawi Publishing Corporation, vol. (2016),
Article ID8354930, pp. 1-13.
