Detecting Man-in-the-Middle and Wormhole Attacks in Wireless Mesh Networks

Wireless networks are being used increasingly in industrial, health care, military and public-safety environments. In these environments security is extremely important because a successful attack against the network may pose a threat to human life. To secure such wireless networks against hostile attack requires both preventative and detective measures.In this paper we propose a novel intrusion detection mechanism that identifies man-in-the-middle and wormhole attacks against wireless mesh networks by external adversaries. A simple modification to the wireless MAC protocol is proposed to expose the presence of an adversary conducting a frame-relaying attack. We evaluate the modified MAC protocol experimentally and show the detection mechanism to have a high detection rate, no false positives and a small computational and communication overhead.

[1]  Levente Buttyán,et al.  Statistical Wormhole Detection in Sensor Networks , 2005, ESAS.

[2]  Adi Shamir,et al.  How to expose an eavesdropper , 1984, CACM.

[3]  Bharat K. Bhargava,et al.  Visualization of wormholes in sensor networks , 2004, WiSe '04.

[4]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[5]  Jason Smith,et al.  Experiences in passively detecting session hijacking attacks in IEEE 802.11 networks , 2006, ACSW.

[6]  Vallipuram Muthukkumarasamy,et al.  Detecting Security Threats in Wireless LANs Using Timing and Behavioral Anomalies , 2007, 2007 15th IEEE International Conference on Networks.

[7]  Michalis Faloutsos,et al.  TrueLink: A Practical Countermeasure to the Wormhole Attack in Wireless Networks , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[8]  Joshua Wright,et al.  Detecting Wireless LAN MAC Address Spoofing , 2003 .

[9]  Turgay Korkmaz Verifying physical presence of neighbors against replay-based attacks in wireless ad hoc networks , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[10]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[11]  Michel Barbeau,et al.  Detecting Impersonation Attacks in Future Wireless and Mobile Networks , 2005, MADNES.

[12]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[13]  Srdjan Capkun,et al.  SECTOR: secure tracking of node encounters in multi-hop wireless networks , 2003, SASN '03.

[14]  Heejo Lee,et al.  TTM: An Efficient Mechanism to Detect Wormhole Attacks in Wireless Ad-hoc Networks , 2007, 2007 4th IEEE Consumer Communications and Networking Conference.

[15]  Tzi-cker Chiueh,et al.  Sequence Number-Based MAC Address Spoof Detection , 2005, RAID.

[16]  Jean-Pierre Hubaux,et al.  Security and Cooperation in Wireless Networks , 2007, ESAS.

[17]  David R. Cheriton,et al.  Detecting identity-based attacks in wireless networks using signalprints , 2006, WiSe '06.

[18]  Tor Helleseth,et al.  Workshop on the theory and application of cryptographic techniques on Advances in cryptology , 1994 .

[19]  Yih-Chun Hu,et al.  Rushing attacks and defense in wireless ad hoc network routing protocols , 2003, WiSe '03.