AN APPROACH TO DETECT WORMHOLE ATTACK IN AODV BASED MANET A thesis submitted toward partial fulfillment of the requirements forthe degree of Master in Multimedia Development Course affiliated to Faculty of Engineering & Technology Jadavpur University Submitted by Mekhala Chattopadhyay ROLL NO: M4MMD14-22 Under the guidance of Mrs. Saswati Mukherjee Jadavpur University School of Education Technology Master in Multimedia Development course affiliated to Faculty of Engineering and Technology Jadavpur University Kolkata-700032 India 2014 Master in Multimedia Development course affiliated to Faculty of Engineering and Technology Jadavpur University Kolkata, India _________________________________________________________________ CERTIFICATE OF RECOMMENDATION This is to certify that the thesis entitled AN APPROACH TO DETECT WORMHOLE ATTACKIN AODVBASEDMANETisabonafideworkcarriedoutbyMEKHALACHATTOPADHYAY underoursupervisionandguidanceforpartialfulfillmentoftherequirementforPost Graduate Degree of Master in Multimedia Developmentduring the academic session 2013-2014. ------------------------------------- THESIS ADVISOR Mrs. Saswati Mukherjee Assistant ProfessorSchool of Education Technology, Jadavpur university,Kolkata-700 032 ------------------------------------- DIRECTOR School of Education Technology, Jadavpur University,Kolkata-700 032 ------------------------------------- DEAN Faculty Council of Interdisciplinary Studies, Law and Management Jadavpur University,Kolkata-700 032 3 School of Education Technology,Jadavpur university,Kolkata-32 Master in Multimedia Development course affiliated to Faculty of Engineering and Technology Jadavpur University Kolkata, India CERTIFICATE OF APPROVAL ** Thisforegoingthesisisherebyapprovedasacrediblestudyofanengineeringsubjectcarried outandpresentedinamannersatisfactorilytowarrantyitsacceptanceasaprerequisitetothe degree for which it has been submitted. It is understood that by this approval the undersigned do not endorse or approve any statement made or opinion expressed or conclusion drawn therein but approve the thesis only for purpose for which it has been submitted. ----------------------------------------------- Committee of final examination ----------------------------------------------- for evaluation of Thesis ----------------------------------------------- ----------------------------------------------- ** Only in case the thesis is approved. 4 School of Education Technology,Jadavpur university,Kolkata-32 DECLARATION OF ORIGINALITY AND COMPLIANCE OF ACADEMIC ETHICS Iherebydeclarethatthisthesiscontainsliteraturesurveyandoriginalresearchworkbythe undersignedcandidate,aspartofherMasterinMultimediaDevelopment(MMD)studies during academic session 2013-2014. Allinformationinthisdocumenthasbeenobtainedandpresentedinaccordancewith academic rules and ethical conduct. Ialsodeclarethat,asrequiredbythisrulesandconduct,Ihavefullycitedandreferredall material and results that are not original to this work. NAME :MEKHALA CHATTOPADHYAY

ROLL NUMBER:M4MMD14-22 THESIS TITLE : ANAPPROACHTODETECTWORMHOLE ATTACK IN AODVBASEDMANET SIGNATURE:DATE: 5 School of Education Technology,Jadavpur university,Kolkata-32 AKNOWLEDGEMENTS IfeelextremelygladinpresentingthisthesisatSchoolofEducationTechnology,Jadavpur University,Kolkata,inthepartialfulfillmentoftherequirementsfor theMasterinMultimedia development. I deem a pleasure to acknowledgemy deepsense of gratitude to Mrs. Saswati Mukherjee, who directedandguidedmewithhertimelyadviceandconstantsupport,whicheasedthetaskof completing this dissertation. I would also like to express my grateful thanks to Prof. Samar Bhattacharya, Director of School ofEducationTechnology,forhissupport,encouragementandtimelyadvices.Iamreally indebted to Dr. Matangini Chattapadhyay, Dr. Ranjan Parekh, Mr. ArunashisAchariya andMr. JoydeepMukherjeefortheircontinuoussupportduringtheentirecourseoftheproject.Their advice and support was inspirational and motivational. I would also like to take this opportunity to pay my thanks to all of my classmates of Master in MultimediaDevelopmentandM.TechIT(CoursewareEngineering)department.Idowishto thankallofourdepartmentalsupportstaffsandallofthosewhowereassociatedwithresearch contributed in some form or the others. Finally, I must say that no height is ever achieved without some sacrifice made some end and it is here I owe my special debt to my parents.

Date:------------------------------------- Place: Mekhala Chattopadhyay Exam Roll No: M4MMD14-22 Master in Multimedia Development School of Education Technology Jadavpur University Kolkata- 32 6 School of Education Technology,Jadavpur university,Kolkata-32 Executive Summary The present work proposes an algorithm to detect Wormhole attack and identify malicious nodes in Mobile Adhoc Network (MANET). Detection of wormhole attack is based on the calculation of Round Trip Time for each node. This technique detects wormhole attackduring the route set upprocedure.RTT ofeachnodeiscalculatedasthetimebetweenaRREQ(request)packetis sentandthecorrespondingRREP(response)packetreceived.Thereforemechanismdoesnot needanyspecialhardwareorsynchronizedclocks,it onlyconsidersitslocalclocktocalculate theRTT.IftheRTTvaluesbetweensuccessivenodesarealmostsimilar,therewillbeno wormholeandthepathestablishedbytheroutingalgorithmisusedforsendingandreceiving packets. Otherwise a wormhole is suspected if the RTT value between two nodes is greater than or equal to the threshold value. AlargenumberofroutingprotocolsforMANETshavebeenproposedtoenablequickand efficientnetworkcreationandrestructuring.InthisworkAd-hocOnDemandDistanceVector (AODV) routing protocol is used. It is a On-demand reactive routing protocol that creates a path betweensourceanddestinationonlywhenrequired.Wormholeattackisnormallylaunchedin AODV during the route discovery phase. 7 School of Education Technology,Jadavpur university,Kolkata-32 Table of Contents Page No 1.Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

1.1Problem Statement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.2Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 1.3 Assumptions and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.4Background Concept. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 1.4.1. Wormhole attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 1.4.2. AODV routing protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12 1.5Literature Survey. . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . 13 1.6Organization of the thesis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 2. Concept and Problem Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . 17 3.Design and Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

4.Experiments, Results and Interpretations . . . . . . . . . . . . . . . . . . . . . . . .23 5.Conclusion & Future scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 6.References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 8.Appendix - I. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . 32 8 School of Education Technology,Jadavpur university,Kolkata-32 List of Figures Figure namePage No Fig1.Example of Wormhole attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Fig2.Wormhole attack in AODV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Fig3. Flowchart for calculation of RTT . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Fig4. Screenshot of Node deployment in Java. . . . . . . . . . . . . . . . . . . . .22 Fig5. Screenshot of RTT value calculation and Wormhole node detection. . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .23 Fig6. Screenshot of Number of coming packet and Number of drop packet in wormhole attack. . . . . . . . . . . . . . . . . . . 24 Fig7.Screenshot of AODV routing with reverse path . . . . . . . . . . . . . . . .25 Fig8. Relation between number of nodes and round trip time . . . . . . .. 26 Fig9. Relation between number of malicious node and packet delivery ratio. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 9 School of Education Technology,Jadavpur university,Kolkata-32 1. Introduction : Mobileadhocnetwork(MANET)isanautonomoussystemofmobilenodesconnectedby wirelesslinks.Eachnodeoperatesnotonlyasanendsystem,butalsoasaroutertoforward packets. The nodes are free to move about and organize themselves into a network. These nodes change position frequently. As MANETs provide mobile nodes with reliable routing services in theabsenceofanetworkinfrastructure,itisappliedtoseveralpopularwirelesstechnologies includingcellularphoneservices,disasterrelief,emergencyservices,battlefieldscenarios,and other applications. One of the most popular and serious attacks in wireless ad hoc networks is wormhole attack. In the wormhole attack, an attacker tunnels messages received in one part of the network over a low latency link and replays them in a different part. Awormholeattackisusuallyperformedbytwoormoremaliciousnodesinconspiracy.Two malicious nodes at different locations send received routing messages to each other via a secrete channel.Inthisway,althoughthetwomaliciousnodesarelocatedfarfromeachother,they appeartobewithinone-hopcommunicationrange.Therefore,theroutepassingthroughthe malicious nodes is very likely to be shorter than any other regular one. The performance of network and reliability is compromised by attacks on ad hoc network routing protocols. AODV is a very famous on-demand routing protocol in MANET. Network parameters likehopcount,throughput,endtoenddelay,packetdeliveryratioareadverselyaffectedby wormhole attack launched in AODV based MANET. 1.1 Problem Statement: An Approach to Detect Wormhole Attack in AODV based Mobile Ad Hoc Network. 1.2 Objectives: The objectives of the present work are stated below: Securing MobileAd Hoc networks by calculating round trip timebetween two neighbor nodes. Detection of wormhole attack in the network. AnalysisofPacketDeliveryRatiounderwormholeattackusingAODVprotocolin MANET 10 School of Education Technology,Jadavpur university,Kolkata-32 1.3 Assumptions and Scope: The following conditions are assumed to be hold for effectiveness of the proposed algorithm. i)Application-specific detectionmechanisms deployedin adhoc network that enablenodes to observe each others behavior. . ii)Thisworkfocusesonstaticadhocnetwork,wherethenodesdonotchangetheirlocation considerably after its deployment. iii)The network is assumed to be homogeneous. All nodes are uniquely identified. . iv)AODV routing protocol is used here to detect wormhole attack. Scope of the present work is only to detect wormhole attack present in AODV based mobile ad hoc network. 1.4 Background Concept: Wireless Ad Hoc Networks have many attractive features including automaticself-configuration andself-maintenance,quickandinexpensivedeployment,andthelackoftheneedforfixed networkinfrastructuresorcentralizedadministration.Thesefeaturesleadtoimportant applications that cannot be performed by traditional wired networks. The importance of Wireless AdHocNetworksisincreasingrapidlywithadvancesintechnologythatresultinsmaller, cheaper,andpower-efficientdevices.However,besidetheadvantagesalsoWirelessAdHoc Networkshavemanysecuritychallengesbecauseoftheirlackoffixedinfrastructure, topology changing unpredictably, and broadcast nature of wireless communication. There are many kinds of attacks focusing on vulnerabilities in routing protocols for Wireless Ad Hoc Networks. One of the most popular & serious attacks in mobile adhoc network (MANET) is wormhole attack. 1.4.1. Wormhole attack: Wormhole refers to an attack on MANET routing protocols in which colluding nodes create an illusion that two remote regions of a MANET are directly connected through nodes that appear tobeneighborsbutareactuallydistantfromoneanother.Awormholeattackisaparticularly severeattackonMANETroutingwheretwoattackers,connectedbyahigh-speedoff-channel link, are strategically placed at different ends of a network. Consider Figure 1in whichnodeA sends RREQ to node B, and nodes X and Y are malicious nodes having an out-of-band channel between them. Node X tunnels the RREQ to Y, which is legitimate neighbor of B. B gets two RREQA-X-Y-BandA-C-D-E-F-B.Thefirstrouteisshorterandfaster thenthesecond,and 11 School of Education Technology,Jadavpur university,Kolkata-32 chosenbyB.Sincethetransmissionbetweentwonodeshasrelyonrelaynodes,manyrouting protocolshavebeenproposedforadhocnetwork.Inawormholeattack,attackerstunnel packetstoanotherareaofthenetworkbypassingnormalroutesasshowninFigure1.The resultingroute throughthewormholemayhavelowerhopcount thannormalroutes.Attackers using wormhole can easily manipulate the routing priority in MANET to perform eavesdropping, packet modification or perform a DOS attack. Out-of-band channel Fig1 Example of Wormhole attack Wormhole attacks can be launched using several modes 1)Wormholeusingencapsulation:Inthismodeamaliciousnodeatonepartofthenetwork and hears the RREQ packet. It tunnels it to a second colluding party at a distant location near the destination.ThesecondpartythenrebroadcaststheRREQ.Theneighborsofthesecond colluding party receive the RREQ and drop anyfurther legitimate requests that may arrivelater on legitimate multihop paths. The result is that the routes between the source and the destination go through the two colluding nodes that will be said to have formed a wormhole between them. Thispreventsnodesfromdiscoveringlegitimatepathsthataremorethantwohopsaway.This mode of the wormhole attack is easy to launch since the two ends of the wormhole do not need to have any cryptographic information, nor do they need any special capabilities, such as a high speed wire line link or a high power source. 2)WormholeOut-of-BandChannel:Thesecondmodeforthisattackistheuseofanoutof bandchannel.Thischannelcanbeachieved,forexample,byusingalongrangedirectional A C D E F B Q M P R N Y X 12 School of Education Technology,Jadavpur university,Kolkata-32 wirelesslinkoradirectwiredlink.Thismodeofattackismoredifficulttolaunchthanthe previous one since it needs specialized hardware capability. 3)WormholewithHighPowerTransmission:Anothermethodistheuseofhighpower transmission. In this mode, when a single malicious node gets a RREQ, it broadcasts the request at a high power level, a capability which is not available to other nodes in the network. Any node that hears the high-power broadcast rebroadcasts it towards the destination. By thismethod, the maliciousnodeincreasesitschancetobeintheroutesestablishedbetweenthesourceandthe destination even without the participation of a colluding node. 4)WormholeusingPacketRelay:WormholeusingPacketRelayisanothermodeofthe wormholeattackinwhichamaliciousnoderelayspacketsbetweentwodistantnodesto convincethemthattheyareneighbors.Itcanbelaunchedbyevenonemaliciousnode. Cooperationbyagreaternumberofmaliciousnodesservestoexpandtheneighborlistofa victim node to several hops. 1.4.2.AODV routing protocol: Ad-hoc On Demand Distance Vector (AODV) is a reactive protocol that reacts on demand. Itis probablythemostwell-knownprotocolinMANET.Thedemandonavailablebandwidthis significantlylessthanotherproactiveprotocolsasAODVdoesnotrequireglobalperiodic advertisements. It enables multi-hop, self-starting and dynamic routing in MANETs. In networks withlargenumberofmobilenodesAODVisveryefficientasitreliesondynamically establishingroutetableentriesatintermediatenodes.AODVneverproducesloopsasthere cannot be anyloop in the routing table of any node because of the concept of sequence number counterborrowedfromDSDV.Sequencenumbersserveastimestampsandallownodesto compare how fresh information they have for other nodes in the network. The main advantage of AODV is its least congested route instead of the shortest path. Characteristics of AODV: 1. Unicast, Broadcast, and Multicast communication. 2. On-demand route establishment with small delay. 3. Multicast trees connecting group members maintained for lifetime of multicast group. 4. Link breakages in active routes efficiently repaired. 5. All routes are loop-free through use of sequence numbers. 6. Use of Sequence numbers to track accuracy of information. 7.Only keeps track of next hop for a route instead of the entire route. 13 School of Education Technology,Jadavpur university,Kolkata-32 1.5 Literature survey: Packetleash[1]isamechanismfordetectingandthusdefendingagainstwormholeattacks.A leashisanyinformationonthatisaddedtoapacketdesignedto restrict thepacketsmaximum allowedtransmissiondistance.Themechanismproposestwotypesofleashesforthispurpose: Geographic and Temporal. In Geographic Leashes, each node knows its precise position and all nodeshavealooselysynchronizedclock.Eachnode,beforesendingapacket,appendsits currentpositionandtransmissiontimetoit.Thereceivingnode,onreceiptofthepacket, computesthedistancetothesenderandthetimeittookthepackettotraversethepath.The receiver can use this distance anytime information to deduce whether the received packet passed throughwormholeornot.InTemporalLeashes,thesenderappendsthesendingtimetothe packetandthereceivingnodecomputesatravellingdistanceofthatpacketassuming propagationat thespeedofthelightandusingthedifferencebetweenpacketsendingtimeand packet receiving time. This solution requires a fine grained synchronization among all nodes. Inoneapproach,directionalantennasareusedtopreventwormholeattacks[2].Theauthors developacooperativeprotocolwherenodessharedirectionalinformationtopreventwormhole endpointsfrommasqueradingasfalseneighborsthatneedstobecertifiedfreefromwormhole attack. However, use of directional antennas limits use of such protocols. Each node shares a secret keywitheveryother node andmaintainsan updatedlist of itsneighbors.To discoverits neighbors, a node, called the announcer, uses its directional antenna to broadcast a HELLO message in every direction. Each node that hears the HELLO message sends its identity and an encrypted message, containing theidentity of the announcer and a random challengenonce,back to the announcer. Beforetheannounceraddstherespondertoitsneighborlist,itverifiesthemessage authenticationusingthesharedkey,andthatitheardthemessageintheoppositedirectional antenna to that reported by the neighbor. This approach is suitable for secure dynamic neighbor detection.However,itonlypartiallymitigatesthewormholeproblem.Specifically,itonly preventsthekindofwormholeattacksinwhichmaliciousnodestrytodeceivetwonodesinto believing that they are neighbors. TheDelayperHopIndicator(DelPHI)[3]candetectbothhiddenandexposedwormhole attacks. In DelPHI, attempts are made to find every available disjoint route between a sender and areceiver.Then,thedelaytimeandlengthofeachroutearecalculatedandtheaveragedelay timeperhopalongeachrouteiscomputed.Thesevaluesareusedtoidentifywormhole.The route containing a wormhole link will have a greater Delay per Hop (DPH) value. Statistics based methods [4] usually obtain normal statistics from theoretical analysis and detect wormholeattackbyidentifyingthedifferencebetweenthecurrentsituationandthestatistics. Theyalwaysassumethatthereisnowormholeattackattheinitialstageofnetwork establishment. Transmissiontimebasedmechanism(TTM)used[5]todetectwormholeattack.TTMdetects wormholeattacksduringroutesetupprocedurebycomputingtransmissiontimebetweenevery twosuccessivenodesalongtheestablishedpath.Wormholeisidentifiedbaseonthefactthat 14 School of Education Technology,Jadavpur university,Kolkata-32 transmission time between two fake neighbors created by wormhole is considerably higher than thatbetweentworealneighborswhicharewithinradiorangeofeachother.TTMhasgood performance,littleoverheadandnospecialhardwareisrequired.Thistechniquetriestodetect wormholeduringroutesetupprocedurebycalculatingthetransmissiontimebetweeneachtwo successivenodesalongtheestablishedroute.Awormholewillbeidentifiedbasedonthefact thattransmissiontimebetweentwowormholenodesisconsiderablyhigherthanthatbetween two legitimate successive nodes. Inorder toavoidtheproblemofusingspecialhardwareaRoundTripTime(RTT)mechanism[6]isproposed.TheRTTisthetimethatextendsfromtheRouteRequest(RREQ)message sending time of a node A to Route Reply (RREP) message receiving time from a node B. A will calculate the RTT between A and all its neighbors. Because the RTT between two fake neighbors is higher than between two real neighbors, node A can identify both the fake and real neighbors. Inthismechanism,eachnodecalculatestheRTTbetweenitselfandallitsneighbors.This mechanism does not require any special hardware and it is easy to implement; however it cannot detect exposed attacks because fake neighbors are created in exposed attacks. SunChoietal[7]havedevelopedaWormholeAttackPrevention(WAP)methodwithoutusing specializedhardware.WAPnotonlydetectsfakeroutebutalsoadoptspreventivemeasures against action wormhole nodes from reappearing during the route discovery phase. Themechanismdevelopedin[10]calledRTT-TCisbasedonthetopologicalcomparisonand round trip timemeasurements (RTT-TC). In thismethod, a wormhole attackissuspected using RTT measurements and genuine neighbors are excluded from the suspected list using topological comparison.Inthismethod,aNeighborListincludestwosegments:Trusted(TRST)and Suspected (SUS). Two nodes suspect a wormhole tunnel between them if the RTT between them ismorethan3timesoftheircurrentRTTavg.If thereisawormholetunnel,thosetwonodes Node ID is inserted to their respective SUS lists. Wormhole detection method is triggered when a source node finds non empty SUS list. A node sends request packets to all nodes in the SUS part of its Neighbor List. In response, the recipients reply back with its TRST list to the source, which islatercomparedwiththeTRSTlistofthesourcetodetectwhetheralinkisattackedbythe wormhole.Thismethodhashigherdetectionrateanddoesnotneedanyclocksynchronization but has high message overhead. In[13],wormholesaredetectedbyconsideringthefactthatwormholeattacksconsistsof relativelylongerpacketlatencythanthenormalwirelesspropagationlatencyonasinglehop. Sincetheroutethroughwormholeseemstobeshorter,manyothermulti-hoproutesarealso channeled to the wormhole leading to longer queuing delays in wormhole. The links with delays are considered to be suspicious links, since the delay may also occur due to congestion and intra-nodal processing. The AODV protocol has been followed as the basis for routing. The authors proposed a dynamic security evaluation model [15] to decide the proper values of thresholdandupdatingthetimeofsharingthesecretkey.Theyfocusedontheinsideattack wherethemaliciousnodesparticipateinthesystemandhavetheknowledgeofthesecurity setting. Under this attack, malicious nodes could compromise threshold nodes, and then crack the security and the trust of the network. Two attack models were described: attack stream and attack 15 School of Education Technology,Jadavpur university,Kolkata-32 intensity.Theattackstreamisaprocesstocounthowmanyattackshappenedtotheentire system during T time, whereas the attack intensity is the rate of how many nodes that an attacker cracks successfully in T time. The authors assume that the attack process can be approximated by the Poisson process. Thismethod could assist anadministrator to measure the dynamic security in MANETs in time. A new mechanism called Packet Travel Time (PTT) introduces [16] to detect wormhole attack . Thismechanismallowseachdevicetomonitoritsneighboursbehaviour.Therefore,this mechanism can detect both hidden and exposed wormhole attacks, and can locate the wormhole in AODV and DSR protocol. Here each node calculates the value of RTT between itself and the destination andsendsitback to the source. This canbeimproved by usinghighmobilityin the network. The paper [17] proposes a security solutionfor manets using a pre-existing routing protocol, ad hocon-demandvectorrouting(aodv),usingpasswordsecurityforeachroutingnodeand timelinesstoupdateroutingtable.Aodvandsaodv(secureaodv)aresimulatedandthe performanceofboththeprotocolsareevaluatedforvaryingnumberofnodesandmalicious nodes.Theperformanceofsaodvwasstablewhereasthatofaodvwasfoundtobedegrading sharply with intrusion of some malicious nodes in the network. One of the most efficient routing protocolsintowhichsecuritymeasurescanbeincludedisAdhocOn-demandDistanceVector Routing.Itisobservedthatcompletebeliefofthenetworkonnodescanleadtomanyrouting attacks.Toavoidthis,securitymeasuresareaddedtoAODVtomakeitSecureAODV(hence forthcalledSAODV).InSAODV,eachnodechecksthesecurityofitsneighborsbefore forwardingrouterequests.Itwillnotforwardrouterequestpacketstoinsecureneighbors(or maliciousnodes). Thismeasure, clearly, ensures thatmaliciousnodes willnot participatein the data transfer from the source to the destination. AnewalgorithmcalledNeighbor-Probe-Acknowledge(NPA)[20]isproposedtodetect wormhole attacks on a real wireless mesh network testbed rather than using standard deviation of RTT.NPAdoesnotneedtimesynchronizationorextrahardwaresupport.Alsoitachieves higherdetectionrateandlowerfalsealarmratethanthemethodsusingRTTunderdifferent backgroundtrafficloadconditions.Thefutureworkwilldoneondynamicadjustmentof algorithm parameters and routing algorithm that is resilient to wormhole attack. 16 School of Education Technology,Jadavpur university,Kolkata-32 1.6 Organization of the Thesis: This dissertation is based on the detection ofWormhole attack over the AODV based mobile ad hoc network. The Organization of the dissertation is as follows: Section 1 introduces the thesis work and it includes introduction, problem statement, objective of the thesis,assumptions andscope, background concepts andliterature survey.Lastlyit gives the idea about how the whole thesis work is organized. Section 2 describes the overall concept sand the analysis of the problem. Section3dealswithdesignandsolution.Italsopresentsthealgorithmwhichisdesignedto detect wormhole attack. Section4explainstheimplementationdetailsandalsodescribestheresultsofseveral simulations performed and the observations from the results obtained. Section 5 concludes the present work. It also shows howthe future work can be conducted on this topic. Section 6 contains the references of this present work. Finally, Appendix I contains the sample code written in JAVA. 17 School of Education Technology,Jadavpur university,Kolkata-32 2. Concepts and Problem Analysis: The present work detect wormhole attack efficiently in MANET by calculating round trip time of each nodeandAODV routing protocol is used for this purpose. AODV uses the hop count to determine the shortest path. A malicious node can set the false hop counts. Also, it canset falsevalue of route sequencenumbers.An attacker can tunnel a request packetRREQdirectlytothedestinationnodewithoutincreasingthehop-countvalue.Thusit prevents any other routes from being discovered. It may badly disrupt communication as AODV would be unable to find routes longer than one or two hops. It is easy for the attacker to make the tunneledpacketarrivewithbettermetricthananormalmulti-hoproutefortunneleddistances longer than the typical transmission range of a single hop. Wormhole attack is normally launched inAODVduringtheroutediscoveryphasebycreatingtheillusionofonehopneighborsby wormholepeers.RouteRequest(RREQ)packets arerouted throughthesewormholetunnelsto reachthedestinationatafasterrate(lowhopcount)comparedtousualnormalpath.Asper AODVprotocol,thedestinationnodediscardsallthelaterRREQpacketsreceivedandselects thefalsewormholetunnelinfectedroutetosendtheRouteReply(RREP).Thisresultsin inclusion of wormhole tunnel in the data flow route leading to a successful launch of wormhole attack in AODV data transfer phase. RREP Wormhole link Wireless link RREQ Fig2.Wormhole attack in AODV S A C X E Y D F B G 18 School of Education Technology,Jadavpur university,Kolkata-32 WormholeattackcommonlyinvolvestworemotemaliciousnodesshownasXandYintheabovefigure.XandYbothareconnectedviaawormholelinkandtheytargettoattackthe sourcenodeS.Duringpathdiscoveryprocess,SbroadcastsRREQtoadestinationnodeD. Thus,AandC,neighbors ofS,receiveRREQandforwardRREQ to theirneighbors.Now the malicious node X that receives RREQ forwarded by A. It records and tunnels the RREQ via the high-speed wormhole link to its partner Y. Malicious node Y forwards RREQ to its neighbor B. Finally,BforwardsittodestinationD.Thus,RREQisforwardedviaS-A-X-Y-B-D.Onthe other hand, other RREQ packet is also forwarded through the path S-C-E-F-G-D. However, as X andYareconnectedviaahighspeedbus,RREQfromS-A-X-Y-B-DreachesfisttoD. Therefore, destination D ignores the RREQ that reaches later and chooses D-B-A-S to unicast an RREP packet to the source node S. As a result, S chooses S-A-B-D route to send data that indeed passes through X and Y malicious nodes that are very well placed compared to other nodes in the network.Thus,awormholeattackisnotthatdifficulttosetup,butstillcanbeimmensely harmful for a MANET. 19 School of Education Technology,Jadavpur university,Kolkata-32 3.Design and Solution: The proposed detection mechanism is only based on the RTT of route request and reply message andtheneighbornumbersofthesuspectednodes.Thismechanismdoesnotneedanyspecial hardware or synchronized clocks because it only considers its local clock to calculate the RTT. This proposed work consists of three phases. The first phase is to construct neighbor list for each node and thesecond phaseis to find the route between sources to destinationnode and thelast phase is to find the location of wormhole link. Each node sends the route request (RREQ) message to the neighbor node and save the time .The intermediate node also forwards the RREQ message and saves its sending time. When the RREQ messagereachesthedestinationnode,itsendsroutereplymessage(RREP)withthereserved path. When theintermediate node receives the RREP message,it saves the time of receiving of RREP. Then RTT is calculated by finding those time differences. Every node save the time they forward RREQ and the time they receive RREP from the destination to calculate the RTT. If there is no attack, the values of them are nearly the same. If the RTT value is higher than other successive nodes, it can be suspected as wormhole attack between this link. 20 School of Education Technology,Jadavpur university,Kolkata-32 Algorithm: A. Network deployment phase Step 1:Deploy ad hoc nodes randomly to form a network. Step 2:Neighbor list of each node is generated. B. Malicious node detection Step 1: Use local clock to calculate Round Trip Time. To calculate RTT, every node will have two time stamps values which store Forwarding time of the request from source to destination (RREQ) i.e the Route request. Receiving time of the reply to source back i.e. Route reply (RREP). Then find RTT of each node by calculate the differences between those two stored times i.eRTT = trep treq. Step 2: Compute per hop distance value using RTT values. Step 3: Every node in a path computes per hop distance with its neighbor and compares it with the prior per hop distance. Step 4: Calculate maximum and minimum values of RTT. Step 5: If (RTT max < 2 RTT min)No wormhole attack Presents in the network Else if (RTT>=threshold value) Wormhole attack detect between the following nodes. 21 School of Education Technology,Jadavpur university,Kolkata-32 Yes No No Wormhole attackIf (RTT>= threshold value) Wormhole attack End Fig 3 Flowchart for detection of wormhole attackStart Calculate treq and trep CalculateRTTRTT = treq - trep CalculateRTTmax and RTTmin If(RTTmax< 2 RTTmin )22 School of Education Technology,Jadavpur university,Kolkata-32 No Reached the neighbour Yes Check its destination Send route reply Yes No Destination path is available No Can forward to other nodes No Drop the packet End Flowchart of implementing AODV protocol Start Send request packet Send route error 23 School of Education Technology,Jadavpur university,Kolkata-32 4.Experiments, Results and Interpretations: TheperformanceoftheproposedmechanismisevaluatedusingJAVA.Inthisexperiment,thenetworkincludes31nodesdeployedrandomlyina1000600metersfieldandthe transmissionrangeisdefined100metersasadefaultnetwork.Userdefinednetworkcanbe formed by different number of nodes taken as input. Duringthesimulation,eachnodestartsitsjourneyfromarandomspottoarandomchosen destination.Oncethedestinationisreached,thenode takesarestperiod oftimeinsecondand another random destinationis chosen after that pause time. This process repeats throughout the simulation,causingcontinuouschangesinthetopologyoftheunderlyingnetwork.Different network scenario for different number of nodes and pause times are generated. Networkwithwormholeattack:Inthissimulationwormholeattackisdetectedafter completing the following steps Fig5 Screenshot of Node deployment in Java 24 School of Education Technology,Jadavpur university,Kolkata-32 Thefollowingfiguresare of the screenshot of simulation ofnode deployment, RTT calculation and wormhole detection. Here the red nodes are indicating wormhole node. Fig6 Screenshot of RTT calculation and Wormhole attack detection 25 School of Education Technology,Jadavpur university,Kolkata-32 Fig7ScreenshotofNumberofcomingpacketandnumberofdroppacketinwormhole attack 26 School of Education Technology,Jadavpur university,Kolkata-32 AODVroutingprotocolisusedinthismechanism.ThesourcenodebroadcastsanRREQ messagetoitsneighbors,whichthenforwardtherequesttotheirneighbors,andsoon. AdditionalcopiesofthesameRREQreceivedlaterarediscarded.OncetheRREQreachesthe destination or anintermediate node witha route, the respectivenoderespondsbyunicastingan RREPmessagebacktotheneighborfromwhichitfirstreceivedtheRREQ,whichrelaysthe RREP backward via the precursor nodes to the source node. Here in this simulation the pink line indicates the RREP forwarding through reverse path. Fig8 Screenshot of AODV routing with reverse path 27 School of Education Technology,Jadavpur university,Kolkata-32 Thefollowing graph represents thewormhole attack detectioninManet. In the following graph x-axis represents number of nodes and y-axis represents the calculated values of round trip time. Fig9. Relation between number of nodes and round trip time The graph shows two situations - with wormhole attack and without wormhole attack. In case of without wormhole attacks the RTT values are nearly same but in case of wormhole attack there isalargedifferencebetweenRTTvalues.TheRTTvaluesarefluctuatinglargelyincaseof wormholeattack.Thewormholeattacksituationisindicatedinthegraphbythebluelineand without attack situation is indicated by the red line in the graph. 0 1 2 3 4 5 6 7 8 9 10 135791113151719212325272931 Round Trip Time No. of nodes Wormhole attack detection Wormhole attack Without Wormhole attack 28 School of Education Technology,Jadavpur university,Kolkata-32 ThefollowinggraphrepresentstherelationshipbetweenPacketDeliveryRatio(PDR)andthe number ofmaliciousnode presentsin AODV routing protocol. X axis represents the number of malicious node and the Y axis represents Packet delivery ratio. Fig10 Relation between number of malicious node and packet delivery ratio Packetdeliveryratio(PDR)isthenumberofdatapacketsreceivedbythedestinationtothe numberofdatapacketssentbysource.Thenumberofdatapacketreceivedbyeachnodeis decreasing with the increase of the number of malicious node present in the network as malicious nodesaremainlyresponsibleforpacketdropping.Sopacketdeliveryratioisalsodecreasing. ThegraphdepictsthatPDRhasdecreasedwithincreasingnumberofmaliciousnodes.PDR evaluatestheabilityoftheprotocoltodeliverdatapacketstothedestinationinpresenceof malicious nodes. It is clear from the graph that PDR of AODV is heavily affected by presence of malicious nodes. 0 0.2 0.4 0.6 0.8 1 13579 Packet delivery ratio Number of malicious node AODV AODV 29 School of Education Technology,Jadavpur university,Kolkata-32 5. Conclusion and Future work Wormhole attacks in MANET significantly degrade network performanceand threat to network security.Inordertoprotectfromwormholes,currentsecurity-basedsolutionsproposethe establishmentofad-hocnetworksinacontrolledmanner,oftenrequiringspecializednode hardwaretofacilitatedeploymentofcryptographicmechanisms.Theapproachdetectsthe wormholeattackinmobileadhocnetworksusingAODVroutingprotocolbycalculating& comparingtheRoundTripTimebetweeneverytwosuccessivenodesduringroutesetup protocol. The considerations are the RTT between two successive nodes and in normal case all of theRTTbetweentwosuccessivenodesarenearlythesame.Thealgorithmissimple.This methoddoesnotrequireanyspecializedhardwareorsynchronizedclocks,butpinpointsthe locationofwormhole.ThealgorithmisimplementedonasmallnetworkusingJAVA.The simulation results confirms the proposed solution which successfully detects wormhole nodes. In future, node mobility and dynamic adjustment of algorithm parameters can be incorporated to improvise the proposed mechanism. 30 School of Education Technology,Jadavpur university,Kolkata-32 References [1] Y. C. Hu, A. Perrig, and D. Johnson, Packet leashes: a defense against wormhole attacks in wireless networks, IEEEINFOCOM, 2003. [2] L. Qian, N. Song, and X.-F. Li, Detecting and locating wormhole attacks in wireless ad hoc networks through statistical analysis of multipath,inIEEE WCNC, 2005. [3]R.Misra,C.R.Manda,"PerformanceComparisonofAODV/DSROn-DemandRouting Protocols for Ad Hoc Networks in Constrained Situation", IEEE ICPWC 2005. [4] N. Song, L. Qian, and X. Li. "Wormhole Attacks Detection in Wireless Ad Hoc Networks: A StatisticalAnalysisApproach",ipdps, p. 289a, 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) -Workshop 17, 2005 [5]TranVanPhuong,NgoTrongCanh,Young-KooLee,SungyoungLee,HeejoLee, TransmissionTime-basedMechanismtoDetectwormholeAttacks,2007IEEEAsia-Pacific Services Computing Conference. [6]S.Kurosawa,H.Nakayama,N.Kato,A.Jamalipour,andY.Nemoto,Detectingblackhole attackonAODV-basedmobileadhocnetworksbydynamiclearningmethod,International Journal of Network Security,vol. 5, no. 3, pp. 338346, November 2007. [7] Sun Choi, Doo-Young Kim, Do-Hyeon Lee and Jae-D Jung (2008), 'WAP: Wormhole Attack PreventionAlgorithminMobileAdhocNetworks',InProc.ofIEEEInternationalConference on Sensor Networks, Ubiquitous and Trustworthy Computing, pp.343-348. [8]M.Khabbazian,H.Mercier,V.K.Bhargava,SeverityAnalysisandCountermeasuresfor theWormholeAttackinWirelessAdHocNetworksinIEEETransactionsonWireless Communications, Vol. 8,No. 2, Feb. 2009. [9]SureshKumar,R.K.RathyandDiwakarPandey,TrafficPatternBasedPerformance ComparisonofTwoReactiveRoutingProtocolsforAd-hocNetworksusingNS2,2ndIEEE International Conference on Computer Science and Information Technology, 2009. [10]MohammadRafiqulAlamandKingSunChan,RTT-TC:ATopologicalComparison Based Method to Detect Wormhole Attacks in MANET, 12th IEEE International Conference on Communication Technology, 2010, p. 991-994. [11] Keer & Suryavanshi,To Prevent Wormhole Attacks Using Wireless Protocol in MANET, International journal on computer and communication technology [2010, IEEE]. 31 School of Education Technology,Jadavpur university,Kolkata-32 [12]Kumar,S.;Sengupta,J,AODVandOLSRroutingprotocolsforWirelessAd-hocand MeshNetworks,InternationalConferenceofcomputerandCommunicationTechnology (ICCCT),2010, IEEE. [13]RutvijH.Jhaveri,AshishD.Patel,JatinD.Parmar,BhavinI.Shah,MANETRouting ProtocolsandWormholeAttackagainstAODV,IJCSNSInternationalJournalofComputer Science and Network Security, VOL.10 No.4, April 2010. [14]AsmaTuteja,RajneeshGujral,SunilThalia,ComparativePerformanceAnalysisof DSDV,AODVandDSRRoutingProtocolsinMANETusingNS2,2010International Conference on Advances in Computer Engineering. [15]M.HaibingandZ.Changlun,Securityevaluationmodelforthresholdcryptography applications in MANET, IEEEXplore, pp. V4.209-V4.213, 2010 [16]AdelSaeedAlshamrani,PTT:PacketTravelTimeAlgorithminMobileAdHoc Networks, 2011 Workshops of International Conference on Advanced Information Networking and Applications. [17] A.Vani,D.SreenivasaRao, A SimpleAlgorithmfor Detection andRemoval ofWormhole AttacksforSecureRoutingInAdHocWirelessNetworks, InternationalJournalonComputer Science and Engineering (IJCSE), 2011, Vol. 3 No. 6, pp. 2377-2384, June 2011. [18]ReshmiMaulikandNabenduChaki,AStudyonWormholeAttacksinMANET, InternationalJournalofComputerInformationSystemsandIndustrialManagement Applications, ISSN 2150-7988 Volume 3 (2011) pp. 271-279. [19] S Kumar, V Pahal, S Garg, Wormhole attack in Mobile Ad Hoc Networks: A ReviewAn InternationalJournalonEngineeringScienceandTechnology,Vol.2,No.2,pp265-269,April 2012 [20]JieZhou,JiannongCao,JunZhang,ChishengZhangandYaoYu,Analysisand CountermeasureforWormholeAttacksinWirelessMeshNetworksonaRealTestbed,2012 26th IEEE International Conference on Advanced Information Networking and Applications. 32 School of Education Technology,Jadavpur university,Kolkata-32 Appendix-1 Routing.java importjava.util.*; importjavax.swing.*; import java.io.*; import java.awt.*; public class Routing { int source; int destination; int node1; int node2; inthop_count=0; intRREQ_packet[]=new int[4]; intrreq_id=1001;intmessage_rq[][]=new int[0][]; intRoute_through_node[][]; int queue[]; inti,front, rear, root; int visited[][]; intreverse_path[][]; introotlist[]=new int[10]; int list=0; GraphDrawingDemo g=new GraphDrawingDemo(); intno_of_node; String str2=" "; public Routing(intsrc,intdest,intno_of_nodes) { source=src; destination=dest; RREQ_packet[0]=source;//source id RREQ_packet[1]=destination; //destination id RREQ_packet[2]=hop_count; //hop count RREQ_packet[3]=rreq_id; //RREQ IDno_of_nodes=no_of_node; } public void Send_RREQ_RREP_packet(int matrix[][],intno_of_nodes,Node N[]) { 33 School of Education Technology,Jadavpur university,Kolkata-32 System.out.println("\n\nROUTE ESTABLISHMENT PHASE::::::::::AODV ROUTING::::::\n\n"); visited=new int [no_of_nodes][]; for(int i=0;i