UP Paper 1519 US-W-JDOWN
Detecting Wormhole Attacks in Mobile Ad Hoc Networks through Protocol Breaking and Packet Timing Analysis
Mason,PeterDefence Research & Development Canada
Wang,MaoyuCommunications Research Centre
Liscano,RamiroUniversity of Ottawa
Lamont,Louise Communications Research Centre
Gorlatova,Maria University of Ottawa
We have implemented a fully-functional wormhole attack in an IPv6 802.11b wireless Mobile Ad Hoc Network (MANET) test bed running a proactive routing protocol. Using customised analysis tools we study the traffic collected from the MANET at three different stages: i) regular operation, ii) with a "benign" wormhole joining distant parts of the network, and iii) under stress from wormhole attackers who control a link in the MANET and drop packets at random. Our focus is on detecting anomalous behaviour using timing analysis of routing traffic within the network. We first show how to identify intruders based on the protocol irregularities that their presence creates once they begin to drop traffic. More significantly, we go on to demonstrate that the mere existence of the wormhole itself can be identified, before the intruders begin the packet-dropping phase of the attack, by applying simple signal-processing techniques to the arrival times of the routing management traffic. This is done by relying on a property of proactive routing protocols-- that the stations must exchange management information on a specified, periodic basis. This exchange creates identifiable traffic patterns and an intrinsic "valid station" fingerprint that can be used for intrusion detection.
Maria Alexandrovna Gorlatova graduated from the University of Ottawa in 2004 with a Bachelor's degree in Electrical Engineering. She was awarded a prestigious NSERC Canadian Graduate Scholarship to pursue her Master's degree in Applied Science, Electrical Engineering. She has taken up this award at the University of Ottawa and is conducting her research at Defence Research & Development Canada in the Network Information Operations section under the watchful eye of Dr. Peter C. Mason, a defense scientist in the Secure Mobile Networking Group. Her work has focused on traffic analysis and intrusion detection in Mobile Ad Hoc Networks.