This is a type of network layer attack which is carried out using more that one malicious node. The nodes used to carry out this attack are superior to normal nodes and are able to establish better communication channels over long ranges. The idea behind this attack is to forward the data from one compromised node to another malicious node at the other end of the network through a tunnel. As a result the other nodes in the WSN can be tricked into believing that they are closer to other nodes than they really are which can cause problems in the routing algorithm.Also the compromised nodes may temper with the data packets.
Wormhole attack can also be combined with sinkhole attack to make it more effective.
Wormhole attack can be classified under 3 main categories:
- Open Wormhole:
In this case the data packets are first sent from the source to a wormhole which tunnels them to the other wormhole that transmits them to the destination.The other nodes in the network are ignored and not used for data transfer.
- Half-open Wormhole:
In this case the data packets are sent from the source to a wormhole which directly transmits them to the destination.
- Closed Wormhole:
In this case the data packets are directly transferred from the source to the destination in a single hop making them fictitious neighbours.
Some countermeasures against wormhole attacks are:
- Watchdog Model:
According to Watchdog model if some information is to be transmitted from one node to another through a middle node, then the sender node keeps a check on the middle node . If the middle node fails to send the data packet in the set time limit then it is declared as counterfeit and a new path is formulated to the destination nod. Although in this method the watchdog node is not always accurate in detecting a wormhole and can be fooled easily if the wormhole attack is combined with selective forwarding attack. Probability of getting false positives is also pretty high here.
- Delphi Technique:
In this method the delay per hop in a WSN is calculated and it is obvious that tunnel path will be longer than the normal path.So if delay per hop of any path is significantly greater than the average then the network is considered to be under attack. This method is not very successful if a large number of wormholes are present in the WSN as with the increase in wormholes the overall average of delay per hop will increase considerably.
- Wormhole Resistant Hybrid Technique:
This model is a combination of the Watchdog and the Delphi methods and overcomes their limitations. This method keeps tabs on both, the data loss and the delay per hop and is designed to detect every type of wormhole.
- Discovering Separate route Algorithm:
This algorithm discovers different paths between two nodes to identify a wormhole attack. It finds all the single and double hop neighbors and also most of the routes between nodes. So it is easily able to check if a node’s claim to be the shortest path to the destination is true or not.
- Packet Leashes:
Packet leashes prevent the long distance transmission of packets.
They are further divided as:
- (i) Geographical Leash – Makes sure that the data could not be transmitted beyond a particular distance in a single hop.
- (ii) Temporal Leash – Sets a boundation to the total distance a data packet can travel even with multiple hops.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.