Timing-based Localization of In-Band Wormhole Tunnels in MANETs

摘要

The problem of localizing in-band wormhole tunnels in MANETs is considered. In an in-band wormhole attack, colluding attackers use a covert tunnel to create the illusion that two remote network regions are directly connected. This apparent shortcut in the topology attracts traffic which the attackers can then control.rnTo identify the nodes participating in the attack, it is necessary to determine the path through which victims' traffic is covertly tunneled. This paper begins with binary hypothesis testing, which tests whether a suspected path is carrying tunneled traffic. The detection algorithm is presented and evaluated using synthetic voice over IP (VoIP) traffic generated in a network testbed. After that, we consider multiple hypothesis testing to find the most likely tunnel path among a large number of candidates. We present a tunnel path estimation algorithm and its numerical evaluation using Poisson traffic. A main feature of the proposed algorithms is their robustness against the presence of chaff packets (possibly introduced to avoid detection), packet loss caused by unreliable wireless links, and clock skew at different nodes.