A distributed scheme to detect wormhole attacks in mobile wireless sensor networks

Official URL: http://192.168.1.20/record=b1306620 (Table of Contents)

Wireless sensor networks are composed of sensor nodes which are small, battery-powered devices having limited resources. Sensor nodes collect data from environment, and transmit them via their radio communication medium towards a base station. Although majority of wireless sensor applications use static sensor nodes, sensor node can be mobile either by itself, or due to environmental factors such as wind, water, or deployment of sensor nodes on moving objects. It is not easy to control sensor nodes once they are deployed in a hostile environment. Due to mostly being unattended, sensor nodes become open to physical attacks such as wormhole attack, which is our focus in this thesis. In wormhole attack, an attacker tunnels messages received in one part of the network over a low-latency wormhole link and replays them in a different part of the network. By doing so, the attacker makes two distant nodes believe that they are in the communication range of each other. The low-latency tunnel attracts network traffic on the wormhole link which can empower the attacker to perform traffic analysis, denial of service attacks; collect data to compromise cryptographic material; or just selectively drop data packets through controlling these routes using the wormhole link. In this thesis, we propose a distributed wormhole detection scheme for mobile wireless sensor networks in which mobility of sensor nodes is utilized to estimate two network features (i.e. network node density, standard deviation in network node density) through using neighboring information in a local manner. Wormhole attack is detected via observing anomalies in the neighbor nodes' behaviors based on the estimated network features and the neighboring information. We analyze the performance of proposed scheme via simulations using different system parameters. The results show that our scheme achieves a detection rate up to 100% with very small false positive rate (at most 1.5%) if the system parameters are chosen accordingly. Moreover, our solution requires neither additional hardware nor tight clock synchronization which are both costly for sensor networks.