Timing-based localization of in-band wormhole tunnels in MANETs

Authors:
Jinsub Kim;Dan Sterne;Rommie Hardy;Roshan K. Thomas;Lang Tong
Affiliations:
Cornell University, Ithaca, NY, USA;Cobham Analytic Solutions, Columbia, MD, USA;U. S. Army Research Laboratory, Adelphi, MD, USA;Cobham Analytic Solutions, Centreville, VA, USA;Cornell University, Ithaca, NY, USA
Venue:
Proceedings of the third ACM conference on Wireless network security
Year:
2010

Citing 10
Cited 0

Practical Cryptography

Practical Cryptography
Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays

Proceedings of the 10th ACM conference on Computer and communications security
LITEWORP: A Lightweight Countermeasure for the Wormhole Attack in Multihop Wireless Networks

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
On the Survivability of Routing Protocols in Ad Hoc Wireless Networks

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Multiscale stepping-stone detection: detecting pairs of jittered interactive streams by exploiting maximum tolerable delay

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Detecting wormhole attacks in mobile ad hoc networks through protocol breaking and packet timing analysis

MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Statistical wormhole detection in sensor networks

ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Detecting Encrypted Stepping-Stone Connections

IEEE Transactions on Signal Processing
Distributed Detection of Information Flows

IEEE Transactions on Information Forensics and Security
Detection of Information Flows

IEEE Transactions on Information Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

The problem of localizing in-band wormhole tunnels inMANETs is considered. In an in-band wormhole attack, colluding attackers use a covert tunnel to create the illusion that two remote network regions are directly connected. This apparent shortcut in the topology attracts traffic which the attackers can then control. To identify the nodes participating in the attack, it is necessary to determine the path through which victims' traffic is covertly tunneled. This paper begins with binary hypothesis testing, which tests whether a suspected path is carrying tunneled traffic. The detection algorithm is presented and evaluated using synthetic voice over IP (VoIP) traffic generated in a network testbed. After that, we consider multiple hypothesis testing to find the most likely tunnel path among a large number of candidates. We present a tunnel path estimation algorithm and its numerical evaluation using Poisson traffic. A main feature of the proposed algorithms is their robustness against the presence of chaff packets (possibly introduced to avoid detection), packet loss caused by unreliable wireless links, and clock skew at different nodes.