International Conference on Recent Trends in Engineering & Technology (ICRTET2012)
ISBN: 978-81-925922-0-6
Consequences and Measures of Wormhole
Attack in MANET
Rohit Rana, Jayant Shekhar
Computer Science & Engineering Department
Subharti institute of Technology and Engineering meerut, India
rohit_rana@mail.com, jayant_shekhar@hotmail.com
ABSTRACT
A mobile ad-hoc sensor network is one that usually don’t
require any defined infrastructure that is it usually uses the
pre-established infrastructure to deliver packets in other
words a mobile ad-hoc sensor network usually consists of
large number of sensor nodes (stationary or mobile) present
over an area to be traversed. Each sensor node is a battery-
powered, self-contained device which is capable of sensing,
communication and computation and data processing to
some extent. Because of the large number of sensors present
in the network, each node must be small and inexpensive.
Mobile Ad-hoc network focuses more on single node attacks.
But attacks that involve more than two nodes (multiple
nodes) are receiving more attention as these attacks are
unanticipated and combined attacks which can affect more
than single node at the same time in a mobile ad-hoc
network. But nothing has yet been written about these kind
of attacks that is no proper categorization and definition is
available for these multi-node attacks in mobile ad-hoc
networks, beyond all this proper stats are also not available
for these attacks on mobile ad-hoc networks. We have used a
new technology network simulation software Qualnet
version 5.0 to measure the effect of Warm-hole attack on
mobile ad-hoc networks that gives a clear picture for the
throughput, packet delivery delay and end-to-end delay in
mobile ad-hoc networks when warm hole attack effects the
mobile ad-hoc network.
Key Words: CBR, WSN, MANET, AODV, ZIG-BEE.
1. INTRODUCTION
A mobile ad-hoc sensor network is one that usually don’t
require any defined infrastructure that is it usually uses
the pre-established infrastructure to deliver packets in
other words a mobile ad-hoc sensor network usually
consists of large number of sensor nodes (stationary or
mobile) present over an area to be traversed. Each sensor
node is a battery-powered, self-contained device which is
capable of sensing, communication and computation and
data processing to some extent. Due to this these
75
resources are bounded in terms of memory, bandwidth,
processing speed and energy as they have limited
constraints to perform. A wireless sensor network (WSN)
comprised of wireless computer network consisting of
spatially distributed autonomous nodes that use sensors to
simultaneously monitor the environmental and physical
conditions around, such as sound, temperature, vibration,
pressure, motion etc., at different sectors of the network.
A sensor is a device that is capable of observing and
recording any change around or within the network path.
This is termed as sensing. Sensors are used in various
applications such as air forces, automobiles, healthcare,
disaster relief, weather forecasting etc. For example,
sensors are used in cars back bumpers to sense the
distance from the object behind them while parking.
The WSN is built of "nodes" – from a few to several
hundreds or even thousands, where each node is
connected to one (or sometimes several) sensors. Each
such sensor network node has typically several parts:
a radio transceiver with an internal antenna or connection
to an external antenna, a microcontroller, an electronic
circuit for interfacing with the sensors and an energy
source, usually a battery or an embedded form of energy
harvesting. A sensor node might vary in size from that of
a shoebox down to the size of a grain of dust, although
functioning "motes" of genuine microscopic dimensions
have yet to be created. The cost of sensor nodes is
similarly variable, ranging from a few to hundreds of
dollars, depending on the complexity of the individual
sensor nodes. Size and cost constraints on sensor nodes
result in corresponding constraints on resources such as
energy, memory, computational speed and
communications bandwidth. The topology of the WSNs
can vary from a simple star network to an advanced multi-
hop wireless mesh network. The propagation technique
between the hops of the network can be routing or
flooding.
International Conference on Recent Trends in Engineering & Technology (ICRTET2012)
ISBN: 978-81-925922-0-6
Example of an AD-HOC Network
2 Architecture
The concept of wireless sensor networks is based on a
simple equation: Sensing + CPU + Radio = Thousands of
potential applications As soon as people understand the
capabilities of a wireless sensor network, hundreds of
applications spring to mind. It seems like a
straightforward combination of modern technology.
However, actually combining sensors, radios, and CPU’s
into an effective wireless sensor network requires a
detailed understanding of the both capabilities and
limitations of each of the underlying hardware
components, as well as a detailed understanding of
modern networking technologies and distributed systems
theory.
3. SECURITY ISSUE ON MOBILE AD-HOC
NETWORK
Due to the fact that mobile ad-hoc sensor network is a
group of nodes that form a temporary network without
centralized administration, the nodes have to
communicate with each other based on unconditional
trust. This characteristic leads to the consequence that
mobile ad-hoc sensor network is more susceptible to be
attacked by inside the network while comparing to other
type of networks. Practically, mobile ad-hoc sensor
network could be attacked by several ways using multiple
methods; before going to deeper investigation, it is
necessary to classify security attacks within the context of
mobile ad-hoc sensor network
The classification can be based on the behavior of the
attack (Passive vs. Active), the source of the attacks
76
(Internal vs. External), the processing capacity of the
attackers (Wired vs. Mobile) and the number of the
attackers (Single vs. Multiple).
Typically, passive attacks aim to steal valuable
information in at least two communicating nodes as or
even in the whole network. There are many variations of
passive attacks, but in mobile ad-hoc sensor network there
exist two types: eavesdropping and traffic analysis.
Practically, depending on situations, passive attacks can
be considered as legitimate or illegitimate actions. If the
purpose is benign, for example, if the administrator wants
to use some tools to probe the network traffic, in order to
troubleshoot or account the network then it is legitimate.
On the contrary, if the purpose is malicious, one attacker
can steal valuable information by probing the network
traffic such as credit card information, credential email,
and then use the information to illegally withdraw money
from bank accounts or blackmail the victims.
Roughly speaking, passive attacks do not intend to disrupt
the operation of the particular network, but active attacks
are able to alter the normal network operation. Typical
example of active attacks can be: masquerade attack,
replay attack, modification of message. We have studied
some different type of attack define below:-
3.1Black hole attack
A black hole attack occurs when a malicious node
impersonates the destination node or forging route reply
message that is sent to the source node, with no effective
route to the destination. The malicious node may generate
unwanted traffics and usually discards packets received in
the network. When this malicious node (black hole node)
has effects on one or more nodes, making them malicious
as well, then this kind of attack can be referred to as to as
multiple node attack or collaborative attack. In a black
hole attack, the malicious node presents itself as having
the shortest path to the node it is impersonating, making it
easier to intercept the message. To achieve this, the
malicious node waits and tries to get the replies from
nearby nodes in order to discover a safe and valid route.
This route could be forged, illegitimate or an imitation but
it appears genuine to the source node.
2.2 Wormhole attack
A wormhole attack is an attack in which the attacker
provides two choke-points that are used to degrade the
network or analyze traffic as preferred any time. False
impressions are used in creating these choke-points with
two or more nodes joint together. In other words,
wormhole attack creates a tunnel that records traffic data
(in bits or packets) at one network place and channels
them to another place in the network. This kind of attack
is usually against many ad hoc routing protocols and the
attacker is hidden at higher layers; thus the wormhole and
both colluding attacker nodes at each choke-point of the
wormhole are invisible in the mobile ad-hoc sensor
network out There are different adaptations of wormhole
International Conference on Recent Trends in Engineering & Technology (ICRTET2012)
ISBN: 978-81-925922-0-6
attack where in-band and out-of-band wormholes are the
two main variations.
2.2.1 In-band Wormhole
This method of wormhole attack builds up a secret
overlay tunnel within the active wireless medium. In-band
wormhole could be more dangerous than out-of-band
wormhole because it does not have any need for an extra
hardware device or node and it also utilizes the existing
communication medium in its routing. Self contained
wormhole and extended in-band wormhole are two types
of in-band wormhole. The self-contained wormhole
promotes a false link connecting the attacker nodes while
the extended in-band wormhole promotes its fake link
between two nodes, which are none attacker nodes. The
latter type produces a wormhole that goes further than the
attacker nodes, thus creating the end choke-points.
2.2.2 Out-of-band Wormhole
In this variation of wormhole, the attacker nodes create a
direct connection linking the two choke-points. This
established link is an external link that could be wired or a
kind of wireless medium. One end of the connection is
used to accept packets while it is forwarded using the
second end of the connection, thus giving room for huge
amount of data to be transmitted through the wormhole.
2.3 Sybil Attack
A Sybil attack is a situation where a malicious node acts
like two or more nodes rather than just a node like
previously mentioned attacks. The Sybil nodes are created
by series of false identities, imitations, or impersonation
of nodes in a mobile ad-hoc sensor network, and these
additional node identities could be generated by just a
physical device.
4. OVERVIEW OF CURRENT
LITERATURE
Many studies on mobile ad-hoc sensor network focus on
the protocols used their security issues such as data
encryption, authentication, trust, and cooperation among
nodes, attacks on the protocols and proposed solutions or
preventions. Most ad hoc routing protocols such as
Optimized Link State Routing (OLSR) protocol [7], Ad
hoc On-Demand Distance Vector (AODV) routing
protocol [6], Micro-mobility support with Efficient
Handoff and Route Optimization Mechanisms
(MEHROM) protocol and wireless MAC protocols, like
the 802.11 usually make assumptions about suitable and
trusted environments, giving room for malicious activities
and attackers. Distributed protocols like the link-layer
protocols and network-layer protocols used in multi-hops
wireless channels communication assume that the nodes
are cooperative in the synchronization process. However,
77
these assumptions are usually untrue in a harsh
environment. Attackers can interrupt the network by
violating the protocols requirement because mobile ad-
hoc sensor network assumes trust and cooperation; it does
not enforce node cooperation.
Despite of the different specific attacks on mobile ad-hoc
sensor network such as Denial-of-Service (DoS),
impersonation, Node hijacking and so on that have been
exposed, the attacks involving multiple nodes seem to
have received little attention. One of the possible reasons
could be that most researchers tend to adopt ideas about
security measures from wired networks to ad hoc
networks and forget that security issues regarding mobile
ad-hoc sensor network are more complicated since mobile
ad-hoc sensor network is unable to rely on pre-existing
infrastructure. In other words, all nodes are
communicating without a central authority or base station
to keep a network connected. Therefore, the existing
security solutions for wired network cannot be directly
applied to the mobile ad-hoc sensor network.
Wormhole attack is very powerful, and preventing the
attack has proven to be very difficult. A strategic
placement of the wormhole can result in a significant
breakdown in communication across a wireless network.
In such attacks two or more malicious colluding nodes
create a higher-level virtual tunnel in the network, which
is employed to transport packets between the tunnel
endpoints. These tunnels emulate shorter links in the
network and so act as benefit to unsuspecting network
nodes which by default seek shorter routes.
Basic vulnerabilities in mobile ad-hoc sensor network
have been researched previously ranging from their open
network medium, severe resource restriction, selfishness,
dynamic nature, to vulnerabilities in some protocols. In
addition, there are different categories of attacks against
mobile ad-hoc sensor network. These categories in pair
are Passive and Active attacks, Internal and External
attacks and the two categories of network-layer attacks:
Routing attacks and Packet Forwarding attacks. Our
research area on attacks against mobile ad-hoc sensor
network provides not only the consequences of
collaborative attacks but also their mitigation in mobile
ad-hoc sensor network and attack categorization. From
our perspectives, collaborative attacks are non-single
attacks; they are attacks launched in multiple malicious
nodes acting as a group. Typical examples of these kinds
of attacks are Black hole attack, Sybil attack and
Wormhole attack on nodes in a mobile ad-hoc sensor
network.
The literature survey provides a framework for
establishing the importance of the study. Within the
context of a quantitative research approach, the literature
survey occupies a substantial amount of time and effort. It
provides direction for the research questions and
hypotheses [5]. To understand the current security issues
regarding mobile ad-hoc sensor network, the literature
International Conference on Recent Trends in Engineering & Technology (ICRTET2012)
ISBN: 978-81-925922-0-6

survey was the essential starting step, which helped us
gain in-depth knowledge about different security threats
related to mobile ad-hoc sensor network. Our literature
survey helped us to understand that multiple node attacks
on mobile ad-hoc sensor network received a little
attention from research community in terms of properly
defining and categorizing such attack. We started to
formulate problem, and then defined distinct keywords
relevant with the topic in order to search the most recent
materials produced by researchers.
5. SIMULATION PARAMETER
5.1 GUI Configuration
This section describes how to configure Wormhole and
Eavesdrop in the GUI.
5.1.1 Configuring Wormhole Parameters
To configure the Wormhole parameters, perform the
following steps:
•To set properties at subnet level, go to the MAC Layer
tab of Wireless Subnet Properties Editor.
•To set properties at interface level, go to one of the
following locations:
Scenario 2 comprises of 6 nodes connected to a sub
network and a CBR application is applied between nodes
1 and 6,here we have not implemented the Mac protocol
as wormhole and thus we see that that all the packets sent
by node 1 are received by node 6.
In Scenario 3 we have taken 6 nodes connected to
different sub networks. Nodes 1 and 3 connected to sub
network 1, 2 and 4 to second and 5 and 6 to the third. The
Mac protocol for sub network 2 is made wormhole .so the
packets sent by node1 are not received by 6 rather
tunneled by wormhole nodes 2 and 4.Here we see the
effect of wormhole attack at threshold, all drop and all
pass modes of operation .In the same way we have
increased the number of nodes and analyze the effect of
wormhole attack at different operating modes.
7 SIMULATION RESULTS ANALYSIS
7.1 Running Scenario2 without Wormhole Attack

- Interface Properties Editor > Interfaces > Interface # >

MAC Layer or - Default Device Properties Editor >
Interfaces > Interface # > MAC Layer.
2. Set MAC Protocol to Wormhole.
3 If Wormhole Operation Mode is set to Threshold, set
the dependent parameter.
Scenario 1 parameter set as Wormhole:

7.2 Running Scenario 3 With Wormehole Attack

Figure 1 Parameter set as Wormhole

6. SIMULATION ENVIRONMENT
In this case we find out the attack that degrades the
network performance .Moreover, the effects of these
kinds of attacks on mobile ad-hoc sensor network have
not been well measured since each researcher tends to use
different simulators to visualize those attacks and
determine the consequences such as impact on packet
delivery ratio, throughput, and end-to end delay

78
International Conference on Recent Trends in Engineering & Technology (ICRTET2012)
ISBN: 978-81-925922-0-6

8 Graphical Result:

8.1 +Different graphical result analysis without

wormhole attack:- We have to find different result without
using the parameter wormhole:-

8.1.1 We have send total packet 300 as shown in diagram

8.2.3 Result analysis on frame Intercepted after setting

the parameter wormhole :
8.1.2 Average end to end delay:

8.2 Different graphical result analysis with wormhole 8.2.4 Result analysis on frame Replayed after setting the
attack: We have to find different result using the parameter wormhole :
parameter wormhole;

8.2.1 We have to send total packet 300 as shown in

diagram:

As shown in scenario2 we have not find the result on

setting the parameter wormhole. But in scenario 3 we
have shown some result on as setting the parameter
8.2.2 Average end to end delay: wormhole. It means we have to measure the wormhole
attack because we have find some result on parameter
wormhole.

8 CONCLUSIONS

Our aim was to analyze the effects of direct wormhole

attack on Mobile Ad-Hoc Networks. We can find it
immediately from the outcomes of the analysis that each
8.2.3 Result analysis on frame tunneled after setting the
scenario shows the packet delivery ratio, throughput and
parameter wormhole :
end-to-end delay of mobile ad-hoc sensor network under
multi-node wormhole attack drops multiple-times when
comparison to the normal mobile ad-hoc sensor network
scenarios. Not only this but the impact of negative
performance that we have measured from our

79
International Conference on Recent Trends in Engineering & Technology (ICRTET2012)
ISBN: 978-81-925922-0-6

work(simulation) can significantly prove to be a valuable [7] T. Clausen Ed. and P. Jacquet Ed., "Optimized link state routing
asset for future research to perform impactful protocol (OLSR)," IETF RFC 3626, October 2003.
comparisons of normal attacks with multi-node attacks on
mobile ad-hoc sensor network. As many schemes has
been purposed to claim that they can prevent and negate
the security threats in MANET, like but injecting an agent
in each node to monitor the suspicious acts in the mobile
networks or by using adjacent node to inform other nodes
about the suspicious act but none of them has yet
purposed anything that how they will deal with multi-
node attacks; like Warm-hole Attack. As it is clear from
several studies that each type of multi-node attack has a
defined plan to mitigate or set of mitigation plans that are
proposed to counter attack against that attack. However,
Cross-layer Active Rerouting (CARE), a routing resilient
architecture has theoretically claimed to be able to
alleviate direct collaborative attacks.

So, after analyzing our Results using industrial version of

Glomosim simulator called Qualnet (version 5.0), we
were able to show that the wormhole attack has affected
our mobile sensor ad-hoc network. Wormhole attack
chocked our MANET, and the packet delivery ratio and
throughput were significantly decreased and the end-to-
end delay time has increased many folds that verify the
attack.

References:
[1] S. A. Razak, S. M. Furnell, and P. J. Brooke, "Attacks against
Mobile Ad Hoc Networks Routing Protocols," 2004.

[2] V. Mahajan, M. Natu, and A. Sethi, “Analysis of Wormhole

Intrusion Attacks in MANETS”, In Proceeding of Military
Communications Conference, 2008. MILCO 2008. IEEE, Pages: 1-
7, ISBN: 978-1-4244-2676-839

[3]Y. Hu, A. Perrig, and D. B. Johnson, “Wormhole Attacks in Wireless

Networks”, IEEE Journal on Selected Areas in Communications, 2006,
Vol. 24, No. 2, Pages: 370-380.

[4] M. A. Gorlatova, P. C. Mason, M. Wang, L. Lamont and R. Liscano,

“Detecting Wormhole Attacks in Mobile Ad Hoc Networks through
Protocol Breaking and Packet Timing Analysis”, In Proceeding of
Military Communications Conference,2006 MILCOM 2006. IEEE, 23-
25 Oct. 2006, Pages: 1-7, ISBN: 1-4244-0617-X

[5] J. W. Creswell, Research Design: Qualitative, Quantitative and

Mixed Methods Approaches, Second Edition ed., 2003.

[6] IETF, RFC 3561 Ad hoc On-Demand Distance Vector (AODV)

Routing, 2003

80