Detection of wormhole attacks on IPv6 mobility-based wireless sensor network
Lai EURASIP Journal on Wireless Communications
and Networking
Detection of wormhole attacks on IPv6 mobility-based wireless sensor network
Gu-Hsin Lai 0
0 Department of Information Management, Chinese Culture University , Taipei , Taiwan
New communication networks are composed of multiple heterogeneous types of networks including Internet, mobile networks, and sensor networks. Wireless sensor networks have been applied to various businesses and industries since the last decade. Most sensors have the ability of communication and the requirement of low power consumption. 6LoWPAN (IPv6 over Low Power Wireless Personal Area Networks) plays an important role in this convergence of heterogeneous technologies, which allows sensors to transmit information using IPv6 stack. Sensors perform critical tasks and become targets of attacks. Wormhole attack is one of the most common attacks to sensor networks, threatening the network availability by dropping data or disturbing routing paths. RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) is a standard routing protocol commonly used in sensor networks. This study proposes a RPL-based wormhole detection mechanism. The rank of a node-defined RPL is adopted to measure the distance. The proposed detection method discovers malicious wormhole nodes if unreasonable rank values are identified. The experimental results show that the proposed detection method can identify wormholes effectively under various wireless sensor networks.
Wormhole attack; Sensor networks; IPv6; RPL; Mobility
1 Introduction
Wireless sensor networks with IoT (Internet of Things)
have been applied to many applications such as ecosystem
monitoring, disaster watch, building automation, health
monitoring, object tracking, and plant control. The sensor
data carry out important information such as vital signals
or disaster alerts; transmission failure or error data might
cause system malfunction or serious incidents. The
existing Internet protocol IPv4 could only provide about 4
billion public IP addresses; the limited IP spaces constrain
the growth of wireless sensor network applications.
IPv6 is the latest version of Internet Protocol, a
communication protocol that provides an identification and
location system for the network devices in the new type
of communication networks. Many sensors and tiny
devices facilitate IPv6 to provide connectivity.
In wireless sensor networks, the network topology
could change due to a weak mobility (new nodes join
the network or hardware failure of existing devices) or
strong mobility (physical movement of nodes) [
1
]. However,
wormhole attack could also make topology change in
wireless sensor network. Therefore, building a security
mobility management mechanism is very important for
wireless sensor networks.
A typical architecture of wireless sensor networks is
illustrated in Fig. 1, where all the sensors transmit data to
the root. Wormhole attack is one of the most common
attacks in sensor networks. Figure 2 illustrates an
example of wormhole where the two malicious nodes, M1
and M2, form a wormhole tunnel T1 through which
redirects the transmissions. Some routing paths going
through the wormhole tunnel might be shorter than the
normal multi-hop routes [
2–4
]. Therefore, wormhole
attacks may change the original routing paths, and the
wormhole nodes may eavesdrop or discards the data
going through the wormhole tunnel. Furthermore, the two
wormhole end nodes consume more power energy than
others. Once their resources are exhausted, the sensor
network might not operate properly. Wormhole attacks
compromise the network availability and data privacy and
may cause serious security problem in sensor networks.
According to the wireless sensor network architecture,
each node usually is only aware of its neighbor nodes
and possesses limited resources. Centralized and
sophisticated detection methods might not be feasible
because sensor nodes only have limited computing
power. On the other hand, equipping with additional
hardware for all sensor nodes is costly. Hence,
detection systems requiring additional hardware might not
be practical.
Based on the above constraints, this study proposes a
distributed detection method by applying the standard
routing protocol IPv6 Routing Protocol for Low-Power
and Lossy Networks (RPL), available in all the sensor
nodes to identify wormhole attacks without additional
hardware. RPL [
5, 6
] is a standard routing protocol for
wireless sensor networks [7]. However, RPL is vulnerable
to wormhole attacks [
8
]. The proposed detection method
applies the rank information from RPL to estimate the
relative distance to the root node; the rank value will be
compared with that of the neighbors; if the discrepancy
exceeds a threshold value, it signals an anomaly where a
wormhole might exist.
The main contributions of this paper are as follows:
1. The proposed approach builds a security mobility
management mechanism in wireless senso (...truncated)