The self-configuring, infrastructure-less and dynamic topological features of a MANET offer significant implementational and operational advantages including easy and fast large- scale computer network deployments in diverse applications like the IoT, military and extreme emergency environments. However, at the same time they present major challenges relating to QoS provision, connectivity management, end-to-end delay, packet loss on multi- hop routes and IP address management. Security, particularly routing security, is one of the most challenging obstacles to wide scale MANET adoption with wormhole attacks being one of the most severe routing threats. Wormholes are difficult to detect as they can be launched in different modes, with each enforcing its own distinct requirements on the detection mechanism. Many wormhole detection mechanisms have been proposed but most are based on either unrealistic assumptions about the network environment and/or their constituent devices, or exhibit limitations such as they are unable to detect certain wormhole types or are computationally very intensive. This provided the context for the research question addressed in this thesis.
Packet delay analysis based wormhole attack detection schemes have been recognized as easy to implement and low-cost solutions providing the potential to be implemented in a wide range of networks and devices and thus be an attractive viable solution to the research question. Most packet delay analysis based schemes however, are based on round trip time (RTT) analysis which is an inaccurate metric for estimating the distance of a route or a hop due to the high variability in node packet processing times.
This thesis has presented a new unified wormhole attack detection framework based on
packet traversal time (PTT) analysis. This framework is significantly more flexible and
analysis. It detects all wormhole variants, is adaptive to a range of node hardware and MANET environments, and incurs both low computational and network bandwidth overheads. The framework makes three original scientific contributions to the field of MANET routing security:
i) The most significant innovation is the new wormhole detection algorithm TTpHA that uses a dynamic threshold for the maximum permissible PTT per route hop. TTpHA can tolerate higher radio range fluctuations in node hardware and is more flexible than existing solutions, since it automatically adapts to different network environments. In outdoor environments with long radio ranges, TTpHA can be implemented using low timestamp resolution (TR) off-the-shelf wireless hardware and tolerates high node mobility during the route discovery procedure, while providing consistently high detection rates. While TTpHA is not yet sufficiently mature to be applied to low TR hardware in indoor environments which inevitably involve short radio ranges, some preliminary future research ideas have been presented to address these challenges.
ii) TTHCA was the first major contribution in the new framework and introduced the novel idea of identifying wormhole attack infected routes based on route PTT analysis. It consistently provided significant improvements in wormhole attack detection performance compared to related RTT-based solutions, while maintaining low network overheads and generating no false positives. Despite encouraging results however, TTHCA was not effective in detecting routes infected by short
participation mode (PM) out-of-band (O-B) wormholes relative to the route hop
count (HC). Furthermore, when some of the underlying system assumptions relating to line-of-sight (LOS) environments and node hardware were relaxed, high fluctuations in radio ranges led to occurrences of PM O-B wormholes remaining
undetected. The use of a fixed threshold for PTT/HC validation restricted the flexibility of TTHCA to adapt to variable network conditions including, outdoors with long radio ranges and indoors with far shorter ranges. Despite these limitations, TTHCA became a core constituent module within the more advanced TTpHA model in i).
iii) The final contribution is related to how fraudulent packet processing measurements can be successfully identified and prevented in both TTHCA and TTpHA. The prevailing conditions to successfully launch time tampering attacks were firstly analysed and shown to be complicated from an attacker’s point of view, since false measurement values had to be defined within a narrow time window. However, they are still feasible and thus considered to be a significant security threat. Time tampering is not only relevant for TTHCA and TTpHA, but equally in other packet delay based wormhole attack detection solutions, such as M-TTM, which involve collaborative time measurements at multiple nodes. A new time tampering detection extension called ∆TVE has been proposed to detect these attacks by applying statistical analysis to collected time measurement values and is the first known time tampering attack detection solution. ∆TVE is consistently able to detect time tampering in PM in-band (I-B) wormholes, but PM O-B wormholes are more challenging because their links only need a marginal increase in the time measurement values for an attack to succeed. Some initial ideas for a new distributed approach to detect time tampering in both PM I-B and O-B wormhole detection have been proposed.
In reflecting upon the framework and contrasting with existing state-of-the-art wormhole detection solutions, it offers many innovative features and benefits in terms of wormhole detection, adaptability to diverse MANET scenarios and general low complexity. Practical
issues remain in regard to timestamp resolution of existing hardware especially for indoor environments, and time tampering mechanisms for PM O-B wormholes. Rigorous testing on real MANET devices are also required before the performance and applicability of the presented framework can be fully confirmed. However, as this issue is equivalent for most state-of-the-art wormhole attack detection solutions, due to the lack of real MANET environments, it is cogently contended that the new unified framework is a noteworthy contribution in affording a flexible platform for future real-world wormhole detection solutions in MANET environments.