Practical Cryptography
Proceedings of the 10th ACM conference on Computer and communications security
LITEWORP: A Lightweight Countermeasure for the Wormhole Attack in Multihop Wireless Networks
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
On the Survivability of Routing Protocols in Ad Hoc Wireless Networks
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Statistical wormhole detection in sensor networks
ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Detecting Encrypted Stepping-Stone Connections
IEEE Transactions on Signal Processing
Distributed Detection of Information Flows
IEEE Transactions on Information Forensics and Security
Detection of Information Flows
IEEE Transactions on Information Theory
Hi-index | 0.00 |
The problem of localizing in-band wormhole tunnels inMANETs is considered. In an in-band wormhole attack, colluding attackers use a covert tunnel to create the illusion that two remote network regions are directly connected. This apparent shortcut in the topology attracts traffic which the attackers can then control. To identify the nodes participating in the attack, it is necessary to determine the path through which victims' traffic is covertly tunneled. This paper begins with binary hypothesis testing, which tests whether a suspected path is carrying tunneled traffic. The detection algorithm is presented and evaluated using synthetic voice over IP (VoIP) traffic generated in a network testbed. After that, we consider multiple hypothesis testing to find the most likely tunnel path among a large number of candidates. We present a tunnel path estimation algorithm and its numerical evaluation using Poisson traffic. A main feature of the proposed algorithms is their robustness against the presence of chaff packets (possibly introduced to avoid detection), packet loss caused by unreliable wireless links, and clock skew at different nodes.