Wormhole Attacks in Wireless Adhoc Networks and their Counter Measurements: A Survey

Preeti Nagrath

Department of Computer Science & Engineering Bharati Vidyapeeth College of Engineering

Delhi, India priti.nagrath@bharatividyapeeth.edu

Bhawna Gupta Department of Computer Science & Engineering

NC College of Engineering Panipat, India

er_bhawnagupta@yahoo.com

Abstract - A Mobile Ad Hoc Network (MANET) is a self-organizing, infrastructure less, multi-hop network. The wireless and distributed nature of MANETs poses a great challenge to system security designers. Ad hoc networks are by nature very open to anyone. Their biggest advantage is also one of their biggest disadvantages: Anyone with the proper hardware and knowledge of the network topology and protocols can connect to the network. This allows potential attackers to infiltrate the network and carry out attacks on its participants with the purpose of stealing or altering information. A specific type of attack, the Wormhole attack does not require exploiting any nodes in the network and can interfere with the route establishment process. The entire routing system in MANET can even be brought down using the wormhole attack. This paper discusses the modes of wormholes, how wormholes disrupts routing in AODV ,DSR ,OLSR and then discusses the solutions and countermeasures on wormholes.

Keywords – Wormhole; Malicious; AODV; DSR; OLSR; MAC; GPS; Counter measures

I. INTRODUCTION In a wormhole attack [10], a malicious node uses a path

outside the network to route messages to another compromised node at some other location in the net (just like a “conventional” wormhole presents a shortcut between two normally distant locations in space).

Fig. 1: Normal Network

As is clear from Fig. 1, A and B are source and

destination respectively, and C is intermediate node through which the data routes in normal network

Fig. 2: Network with wormholes

Fig. 2 shows how malicious nodes come in the way and disrupt the normal working of the network.

Wormholes are hard to detect because the path that is used to pass on information is usually not a part of the actual network. Interestingly, a wormhole itself does not have to be harmful; for it usually lowers the time it takes for a package to reach its destination. But even this behaviour could already damage the operation, since wormholes fake a route that is shorter than the original one within the network; this can confuse routing mechanisms which rely on the knowledge about distance between nodes. Wormholes are especially dangerous because they can cause damage without even knowing the protocols used or the services offered in the network. In a wireless network, it is relatively easy to eavesdrop on the communication and forward the packets to other known nodes before the packet sent within the network arrives. This, for example, might be harmful if the data within the packet is altered to contain different information than the original.

Imagine a shopping scenario: if the article list or the address is contained within a different packet than the authentication information of the buyer, a wormhole attacker could modify that packet only and send it over the faster, off-network route to the recepient before the “real” packet arrives there. Since the recepient would assume that the first packet is authentic, any subsequent packets with the real information will be dropped. Sure enough, this exploit can also be attributed to flaws in the service application, but the threat remains, and in some cases it might not be possible to prevent the possibility of such modifications on the application side. Once a wormhole is established, malicious nodes can use it to make a Denial-of-Service (DoS) attack by, for instance, dropping certain data or control packets.

II. TWO MODES OF WORMHOLES The wormhole attack can be launched in two different

modes. In the hidden mode[4], the attackers do not use their identities so they remain hidden from the legitimate nodes. In fact, the attackers act as two simple transceivers which capture messages at one end of the wormhole and replicate them at the other end. In this way, they can make a virtual link between two far-off nodes by, for example, “tunnelling” the HELLO messages. The existing wormhole detection schemes [10][7], typically consider this mode. Clearly, the attackers require no cryptographic keys to launch the wormhole attack in the hidden mode.

A B

C

Normal Node

Malicious Node

A

C

B

Normal Node

245

___________________________________ 978-1-4244 -8679-3/11/$26.00 ©2011 IEEE

In participation mode[4], the attackers can launch a more powerful attack by using valid cryptographic keys. In this mode, the attackers make no virtual links between the legitimate nodes. In fact, they participate in the routing as legitimate nodes and use the wormhole to deliver the packets sooner or with smaller number of hops. As in the hidden mode, the attackers can drop data packets after being included in the route between the source and the destination. The wormhole attack can affect network routing, data aggregation and clustering protocols, and location-based wireless security systems. Finally, the wormhole attack can be launched even As outlined in [7], in a network with or without having access to any cryptographic keys or compromising any legitimate node in the network.

III. WORMHOLE ATTACK IN AODV, DSR AND OLSR Simply we can say that wormholes compromise network

security whether they actively disrupt routing or not. In On-Demand Routing, the Route Discovery mechanism can be seriously disrupted by bypassing the normal route and forwarding the route request packets directly to the destination.

In the wormhole attack, a hostile node constantly monitors the channel, records packets overheard in its vicinity, and tunnels them to a remotely located colluding node, who will replay them in its floor. When this tunneling particularly targets routing control packets such as HELLO messages and route requests (RREQ), nodes that are close to the attackers are unable to discover the legitimate routes that originate and end in the vicinity the two attackers respectively: according to the typical wormhole attack scenario, such legitimate routes would span more hops than the one or two hops declared by the wormhole attackers. This will severely disrupt the network operation. For example, when used against an on-demand routing protocol, such as AODV (Ad hoc On demand Distance Vector protocol)[6][13] or DSR (Dynamic Source Routing) [13], this attack prevents any node from discovering routes of more than two hops. This can be done by tunneling each RREQ message, originating from a node close to the attacker, directly to the target node of the route request. Periodic protocols such as OLSR (Optimized Link State Routing Protocol and TBRPF (Topology Dissemination Based on Reverse-Path Forwarding) [1] are also vulnerable to this attack. For example, OLSR uses HELLO packets for neighbor discovery. Considering the scenario in Fig. 1, if the two colluding attackers X and Y tunnel to B all HELLO packets transmitted by A and tunnel to A all HELLO packets transmitted by B, then A and B will believe that they are direct neighbours , and select each other to route all ensuing data packets. The penultimate result of this is that a large number of data packets are directed to the wormhole, with ultimately all the side effects that this may induce such as congestion, packet loss, eavesdropping, spoofing, and so on.

In a wormhole attack, if the malicious nodes have a dedicated channel, the tunneling procedure can be conducted in real time. Since the packets are present in the exactly same way, encryption or authentication alone cannot prevent the attacks. Other nodes cannot tell whether the packets are

from the real originator or from the resender. A group of collusive attackers can form a wormhole that has as many ends as the number of malicious nodes. Wormhole attacks put severe threats to adhoc routing protocols. In the protocols that use distance vector technique, such as AODV [13] and Destination-Sequenced Distance Vector protocol (DSDV), the hop count of a path affects the choice of routes. A pair of attackers can form a long tunnel and fabricate the false scenario that a short path exists between the source and the destination. The fake path will attract the data traffic. As soon as the packets are absorbed to the wormhole, the attackers can either drop them or compromise them. The safety and effectiveness of some security enhancements for ad hoc networks would be improved if wormholes can be defended. Another example shows the impacts of such attacks on the distributed monitoring of node misbehaviours. In AODV-S [3], the neighbors collaboratively authorize a token to the node before it joins the network activities. If a wormhole exists beside the misbehaved node, the attackers can selectively tunnel the good-looking packets to the remote side. The good nodes at the remote side monitor all these packets and cannot detect any security violations. The new token will be authorized. This may conflict with the conclusion drawn by the real neighbours. This embarrassment can be settled by preventing wormholes. The classification of such attacks will facilitate the design of detection methods.

Wormhole attacks on mobile ad hoc networks were independently discovered by Dahill et al[9], Hass et al [8], and Hu et al [10].

IV. WORMHOLE ATTACK AND COUNTER MEASUREMENTS In an ad hoc network, several researchers have worked

on pretending and detecting wormhole attacks specifically. To defend against them, some efforts have been put on hardware design and signal processing techniques. One approach is, if the data bits are transferred in some special modulating method known only to the neighbor nodes, they are resistant to the closed wormholes [11].

Another approach, RF watermarking, works in the similar way. It modulates the radio waveform in a specific pattern to accomplish authentication. Both mechanisms will be compromised if the malicious nodes can accurately capture the signal patterns. Neither of them can prevent half open or open wormholes [11].

Another potential solution is to integrate the prevention methods into Intrusion Detection Systems (IDS)[19]. The traffic monitoring module of IDS will find that the ends of wormholes act as packet sinks: many data packets which are not destined to them will lose their tracks at these nodes. The joint response generated by the neighbors of the malicious node will expose the anomalous traffic pattern. Some mechanisms proposed to locate the position of a mobile node in an indoor environment can be applied to prevent wormholes. For example, both the original packet and the resent one will be captured by the location sensors and two conflicting positions of the same node will be detected. Either the good nodes or a centralized controller will

246

discover this anomalous result. However, it will not be easy to port such methods to outdoor environments.

Another approach to detect closed wormholes is Packet Leash, which was proposed by Hu, Perrig and Johnson [10]. The leash is the information added into a packet to restrict its transmission distance. In the geographical leashes, the location information and loosely synchronized clocks together verify the neighbor relation. Each node, before sending a packet, appends its current position and transmission time to it. The receiving node, on receipt of the packet, computes the distance to the sender and the time it took the packet to traverse the path. The receiver can use this distance anytime information to deduce whether the received packet passed through a wormhole or not. In temporal leashes, the packet transmission distance is calculated as the product of signal propagation time and the speed of light. Both mechanisms use lightweight hash chains to authenticate the nodes [10]. The Message Authentication Code (MAC) can be calculated in real time. One advantage of packet leashes is the low computation overhead. In Temporal Leashes, all nodes are required to maintain a tightly synchronized clock but do not rely on GPS information. When temporal leashes are used, the sending node append the time of transmission to each sent packet ts in a packet leash, and the receiving node uses its own packet reception time tr for verification. The sending node calculates an expiration time te after which a packet should not be accepted, and puts that information in the leash. To prevent a packet from travelling farther than distance L, the expiration time is set to:

where c is the speed of light and ∆ is the maximum clock

synchronization error. All sending nodes append the time of transmission to each sent packet. The receiver compares the time to its locally maintained time and assuming that the transmission propagation speed is equal to the speed of light, computes the distance to the sender. The receiver is thus able to detect, whether the packet has travelled on additional number of hops before reaching the receiver. Both types of leashes require that all nodes can obtain an authenticated symmetric key of every other node in the network. These keys enable a receiver to authenticate the location and time information in a received packet.

Another set of wormhole prevention techniques which is similar to temporal packet leashes [10], is based on the time of flight of individual packets by Capkun et al [14], propose a method called SECTOR, which use specialized hardware that enables fast sending of one-bit challenge messages without CPU involvement, as to minimize all possible processing delays. SECTOR also uses a distance-bounding algorithm to determine the distance between two communicating nodes. It can be used to prevent wormhole attacks in MANET without requiring any clock synchronization or location information. To prevent wormhole is to measure round trip travel time of a message and its acknowledgement, estimate the distance between the nodes based on this travel time, and determine whether the

calculated distance is within the maximum possible communication range. To verify distance between the nodes, each node sends a one-bit challenge to the nodes it‘encounters’, and waits for a response. A receiving node immediately sends a single-bit reply.

In order to avoid the problem of using special hardware in packet leaches, a Round Trip Time (RTT) mechanism [5] is proposed by Jane Zhen and Sampalli. The RTT is the time that extends from the Route Request (RREQ) message sending time of a node A to Route Reply (RREP) message receiving time from a node B. A will calculate the RTT between A and all its neighbors. Because the RTT between two fake neighbours is higher than between two real neighbors, node A can identify both the fake and real neighbors. In this mechanism, each node calculates the RTT between itself and all its neighbors. This mechanism does not require any special hardware and it is easy to implement; however it cannot detect exposed attacks because fake neighbors are created in exposed attacks.

Hu and Vans propose a solution to wormhole attacks for ad hoc networks in which all nodes are equipped with directional antennas in [16]. In this technique, nodes use specific ‘sectors’ of their antennas to communicate with each other. Each couple of nodes has to examine the direction of received signals from its neighbour. Hence, the neighbour relation is set only if the directions of both pairs match. This extra bit of information makes wormhole discovery and introduces substantial inconsistencies in the network, and can easily be detected. The adoption of directional antenna [16] by mobile devices can raise the security levels.

Lazos et al. [13] proposed a graph theoretic model to characterize the wormhole attack and ascertain the necessary and sufficient conditions for any candidate solution to prevent wormholes. They used a Local Broadcast Key (LBK) based method to set up a secure ad-hoc network against wormhole attacks. In other words, there are two kinds of nodes in their network: guards and regular nodes. Guards access the location information through GPS or some other localization method like SeRLoc [11] and continuously broadcast location data. Regular nodes must calculate their location relative to the guards’ beacons, thus they can distinguish abnormal transmission due to beacon retransmission by the wormhole attackers. All transmissions between node pairs have to be encrypted by the local broadcast key of the sending end and decrypted at the receiving end. As a result, the time delay accumulates per node traveled. In addition, special localization equipment has to be applied to guard nodes for detecting positions.

The Delay per Hop Indicator (DelPHI) [25] proposed by Hon Sun Chiu and King-Shan Lui, can detect both hidden and exposed wormhole attacks. In DelPHI, attempts are made to find every available disjoint route between a sender and a receiver. Then, the delay time and length of each route are calculated and the average delay time per hop along each route is computed. These values are used to identify wormhole. The route containing a wormhole link will have a greater Delay per Hop (DPH) value. This mechanism can

247

detect both types of wormhole attack; however, it cannot pinpoint the location of a wormhole. Moreover, because the lengths of the routes are changed by every node, including wormhole nodes, wormhole nodes can change the route length in a certain manner so that they cannot be detected.

Wang and Bhargava [11] introduce an approach in which network visualization is used for discovery of wormhole attacks in stationary sensor networks. In their approach, each sensor estimates the distance to its neighbours using the received signal strength. All sensors send this distance information to the central controller, which calculates the network’s physical topology based on individual sensor distance measurements. With no wormholes present, the network topology should be more or less flat, while a wormhole would be seen as a ‘string’ pulling different ends of the network together.

Khalil et al [20] propose a protocol for wormhole attack discovery in static networks they call LiteWorp. In LiteWorp, once deployed, nodes obtain full two-hop routing information from their neighbours. While in a standard ad hoc routing protocol nodes usually keep track of their neighbours are, in LiteWorp they also know who the neighbours’ neighbours are, they can take advantage of two-hop, rather than one-hop, neighbour information. This information can be exploited to detect wormhole attacks. Also, nodes observe their neighbours’ behavior to determine whether data packets are being properly forwarder by the neighbour.

Song et al [17] propose a wormhole discovery mechanism based on statistical analysis of multipath routing. Song observes that a link created by a wormhole is very attractive in routing sense, and will be selected and requested with unnaturally high frequency as it only uses routing data already available to a node. These factors allow for easy integration of this method into intrusion detection systems only to routing protocols that are both on-demand and multipath

Abdesselam , Bensaou and Taleb [22] have presented an effective method for detecting and preventing wormhole attacks in OLSR. To detect wormhole tunnels, we use a simple four-way handshaking messages exchange. The proposed solution is an easy-to-deploy solution: It does not require any time synchronization or location information. It does not require any complex computation or special hardware either. The performance of this approach shows high detection rate under various scenarios.

In [8], Kong et al. study Denial of Service (DoS) attacks, including wormhole attacks, in UWSN (Under Water Sensor Networking). Because UWSN typically uses acoustical methods to propagate messages under water, the methods in UWSN can’t be directly applied into wireless sensor networks MDS-VOW [15] allows visualization of a network to allow detection of wormholes by finding bending distortions caused by a wormhole in computed maps. The main difference between this approach and MDS-VOW is that MDS-VOW can only work in a centralized scheme, so MDS-VOW needs to have a central computer to finish its

computation. In their work, they extracted a new feature which can efficiently indicate the ends of a wormhole based only on local bending distortions caused by the ends of the wormhole. The algorithm described in the paper is computed by a distributed scheme and requires no centralized computation. A general limitation of MDS-VOW, anchor nodes that are close to an end of a wormhole, SeRLoc will still have difficulty in detecting/defending against wormhole attacks.

Wormhole Attack Prevention (WAP) by Choi, Kim, Lee, Jung [26] not only detects the fake route but also adopts preventive measures against action wormhole nodes from reappearing during the route discovery phase. This has been achieved through the use of the neighbor node monitoring method of each node and wormhole route detection method of the source node on the selected route. This mechanism is implemented based on the DSR protocol.

In another technique of Hop Count Analysis by Shang, Laih and Kuo [2], the method selects routes and “avoids” rather than “identify” the wormhole resulting in low cost and overhead. We propose a multipath routing protocol called Multipath Hop-count Analysis (MHA, for short) to avoid wormhole attacks based on a hop-count analysis scheme. It is a highly efficient protocol which does not require any special supporting hardware. Furthermore, MHA is designed to use split multipath routes, so the transmitted data is naturally split into separate route. An attacker on a particular route cannot completely intercept (and subvert) the content. The proposed scheme has high efficiency and very good performance with low overhead. In addition, this scheme does not require additional hardware or impractical assumptions of the networks. Hence, it can be directly used in MANET

The Trust Based Model by Jain and Jain [26] presents a novel trust-based scheme for identifying and isolating nodes that create a wormhole in the network without engaging any cryptographic means. In this method, trust levels are derived in neighbouring nodes based upon their sincerity in execution of the routing protocol. This derived trust is then used to influence the routing decisions, which in turn guide a node to avoid communication through the wormholes. By using Trust Based Model Packet Dropping is reduced by 15% without using any cryptography mechanism and throughput is increased up to 7-8%.

V. CONCLUSION In this paper, we have surveyed the various solutions

available for wormhole attacks in Wireless Ad hoc and sensor networks. A summary is presented in Table 1. Most of the solutions use extra hardware which increases the cost but many of them implement algorithms which can reduce cost. Some examples are Hop-Count Analysis Scheme [2], WAP: Wormhole Attack Prevention Algorithm [27] and Trust Based Model [26].These mechanisms show good performance with low overhead.

248

TABLE I. SUMMARY OF WORMHOLE ATTACKS

Methods Requirements Comments Packet Leaches Geogrophical by Hu & Perrig [10]

Loosely synchronized clocks Straightforward solution but has general limitations of GPS technology

Packet Leaches Temporal [10] Tightly synchronized clocks Required time synchronization level and cannot be used in sensor networks

Round-trip Travel Time by Capkun [14]

Hardware enabling one-bit message and immediate replies without CPU Involvement

Impractical; Requires MAC-layer modifications

Graph theoretic model by Lazos et al [12]

Requires a combination of location information and cryptography

Based on the use of Location-Aware ‘Guard’ Nodes (LAGNs) does not require time synchronization, or highly accurate clocks

Four-way handshaking messages exchange in OLSR by Abdesselam [22]

No special requirement High detection rate. Do Not require synchronization or location information, and no complex computation

LiteWorp[20] None Applicable only to static stationary networks Statistical Analysis by Song et al [17]

None For easy integration of this method into intrusion detection system

The Delay per Hop Indicator (DelPHI) by Chiu and King [25]

A novel scheme based on an intuitive method

Can detect both types of wormhole attack; however, it cannot pinpoint the location of a wormhole.

Directional Antennas by Hu and vans [16]

Nodes use specific ‘sectors’ of their antennas to communicate with each other

It is not directly applicable to other networks

Network Visualization by Wang [11]

Centralized controller Works best on dense networks; Mobility not studied

MDS-VOW by Kong et al [8] Needs to have a central computer to finish its computation

Computed by a distributed scheme

Wormhole Attack Prevention (WAP) by Choi, Kim, Lee, Jung[27]

No hardware requirement WAP not only detects the fake route but also adopts preventive measures against action wormhole nodes from reappearing during the route discovery phase.

Multipath Hop-count Analysis by Shang, Laih and Kuo [2]

Hop-count analysis scheme, does not require any special supporting hardware

Scheme has high efficiency and very good performance with low overhead

Trust Based Model by Jain and Jain [26]

No hardware requirements Effectively locate dependable routes through the network

REFERENCES [1] Manikandan K.P.; Satyaprasad R.; Rajasekhararao. Analysis and

Diminution of Security Attacks on Mobile Ad hoc Network. IJCA Special Issue on MANETs, 2010.

[2] Jen S.-M.; Laih C.-S.; Kuo W.-C. A Hop-Count Analysis Scheme for Avoiding Wormhole Attacks in MANET. Sensors. 2009.

[3] Corson and Macker “Mobile Ad Hoc Networking (MANET): Routing Protocol Performance Issues and Evaluation Considerations”, In IETF RFC 2501, January 1999.

[4] Khabbazian, Mercier, Bhargava Wormhole attacks in wireless Adhoc networks:Analysis and Countermeasures.

[5] Johnson, D.B.; Maltz, D.A.; Hu, Y.-C. The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks (DSR). In IETF MANET Working Group INTERNET-DRAFT, April 15, 2003.

[6] Perkins, C.; Belding-Royer, E. Ad Hoc On-Demand Distance Vector (AODV) Routing. In IETF RFC 3561, Mountain View, CA, USA, July 2003.

[7] Li, Z.; Kwok, Y.K. A New Multipath Routing Approach to Enhancing TCP Security in Ad Hoc Wireless Networks. In IEEE ICPPW’05, Oslo, Norway, 2005; pp. 372–379.

[8] Papadimitratos, P.; Haas, Z.J. Secure Routing for Mobile Ad Hoc Networks. In SCS CNDS, SaAntonio, TX, USA, January 2002.

[9] Sanzgiri, K.; Dahill, B.; Levine, B.N.; Shields, C.; Belding-Royer, E.M.A. A Secure Routing Protocol for Ad Hoc Networks. In Proceedings of 2002 IEEE International Conference on Network Protocols (ICNP), Paris, France, November 2002.

[10] Hu, Y.C.; Perrig, A.; Johnson, D.B. Wormhole Attacks in Wireless Networks. IEEE J. Sel. Area Comm. 2006, 24, 370–380.

[11] Wang, W.; Bhargava, B. Visualization of Wormholes in Sensor Networks. In Proceedings of the 2004 ACM workshop on Wireless Security (WiSe), ACM WiSE’04, Philadelphia, PA, USA, October 2004; pp. 51–60.

[12] Lazos, L.; Poovendran, R.; Meadows, C.; Syverson, P.; Chang, L.W. Preventing Wormhole Attacks on Wireless Ad Hoc Networks: A Graph Theoretic Approach. In IEEE WCNC 2005, Seattle, WA, USA, 2005; pp. 1193–1199.

249

[13] Georgy Sklyarenko. AODV Routing Protocol. Institut fur Informatik, Freie Universitat Berlin. July 2006

[14] S. Capkun, L. Buttyan and J. Hubaux. SECTOR: Secure tracking of node encounters in multi-hop wireless networks. Proceedings of the First ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 21-32, 2003

[15] Hu, Y.-C.; Perrig, A.; Johnson, D.B. Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks. IEEE INFOCOM. April 2003

[16] L. Hu and D. Evans. Using directional antennas to prevent wormhole attacks. In Proceedings of the Network and Distributed System Security Symposium. 2004

[17] N. Song, L. Qian, X. Li, Wormhole Attack Detection in Wireless Ad Hoc Networks: a Statistical Analysis Approach, In Proceeding of the 19th International Parallel and Distributed Processing Symposium (IPDPS). 2005.

[18] Z. Zhou and Z. Haas. Securing Ad Hoc networks. IEEE Networks, 13(6):24–30, 1999.

[19] Y. Zhang and W. Lee. Intrusion detection in wireless Ad-Hoc networks. In Proceedings of ACM MobiCom, 2000

[20] Khalil, S. Bagchi, and N. B. Shroff. LITEWORP: A lightweight countermeasure for the wormhole attack in multihop wireless networks. In Dependable Systems and Networks (DSN), pages 612–621, Jun 2005.

[21] Yang Xiao, Xuemen Shen, and Ding-Zhu Du. Wireless Network Security. Springer series on Signals and Communication Technology. 2007

[22] Abdesselam, Brahim, and Tarik. Detecting and Avoiding Wormhole Attacks in.Wireless Ad Hoc Networks. In IEEE Communication Magagine. 2008.

[23] Zhibin Zhao, Bo Wei, Xiaomei Dong, Lan Yao, Fuxiang Gao. Detecting Wormhole Attacks in Wireless Sensor Networks with Statistical Analysis. WASE International Conference on Information Engineering (ICIE), vol. 1, pp.251-254, 2010

[24] Wang and Kong. Visualisation of wormholes in underwater sensor Networks: a distributed approach. Int. J. Security and Networks, Vol. 3, No. 1, 2008

[25] H.S. Chiu and K.S. Lui. DelPHI: Wormhole Detection Mechanism for Ad Hoc Wireless Networks. In Proc. International Symposium on Wireless Pervasive Computing, Phuket, Thailand, Jan. 2006.

[26] Shalini Jain and Dr.Satbir Jain. Detection and prevention of wormhole attack in mobile adhoc networks. International Journal of Computer Theory and Engineering, Vol. 2, No. 1 February, 2010

[27] Choi, Kim, Lee and Jung. WAP: Attack Prevention Algorithm in Mobile Ad Hoc Networks. IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, June 2008

250