Abstract—Wireless there is no specific infrastructure [2,3,4] existing for

Abstract—Wireless network communication has  become a vital mode of communication as it provides the users with  features like cost effectiveness ,scalability, flexibility, etc ,due which it has gained tremendous popularity. A major challenge being encountered in this technology is that of security.The network is exposed to various security threats  attacks ,however our research from various papers has found “The wormhole attack”  to be the most threatening of them all. The reason for which this attack is considered severe is its ability to launch the attack by not compromising any network node ,it can use any device like a laptop or any other wireless device to send malicious packets. In this attack one or more malign node captures a packet and re-transmit it to a  distant remote location.Through this paper we have conducted a detailed study on this attack ,have analyzed  various existing detection and prevention techniques and propose an algorithm to detect and prevent the attackKeywords— Traffic Analysis, VPN, Wireless Network, Wormhole Attack. Introduction A major issue being encountered by various implementers which has affected the throughput of the wireless network is  of security 1 . The network being  wireless in nature as there is no specific infrastructure 2,3,4 existing  for communication between network nodes.As a central access point is not required it  leaves the network susceptible and vulnerable to various attacks.Multicast RoutingThere needs to be a multicast routing protocol for constantly changing environment.Dynamic TopologyThe nodes are mobile and network is self organizing.As a result the network topology keeps changing.Quality Of Service:The need to provide constant QOS for constantly changing environment for varied multimedia services.SecurityThe goal of security if to provide solution to aspects like AvailabilityConfidentialityAuthenticationAttack classification in Wireless networkThe attacks can be categorized into two types in the network 51) Passive Attack 2) Active Attack. Wireless Attack ClassificationPassive AttackIn this  kind of an attack the malign node monitors the network  constantly and collects sensitive information  by not being discovered. The target node is  continuously monitors until the malign node  has gained enough data in order  to launch an active attack.These attacks are further classified into  two typesEavesdropping and Traffic analysis.Active AttackAfter obtaining sufficient data about the network employing a passive attack the malign nodes can  now launch an active attack. This attack can also be launched by using a large number of nodesThese attacks are further classified into  two typesRouting and Flooding the NetworkOur research has lead us to the conclusion that wormhole attack is the most severe of them all.Wormhole attackWormhole is one of the most severe attack which has the capability of disrupting the normal routing communication when placed strategically.This attack can be launched by two or more collaborating nodes which construct a low latency tunnel across the network and re-transmit the packet to different parts of the network.The network architecture exposes itself to malicious nodes which can capture the packets which are not addressed to them and re-transmit it to other cooperating malign nodes at the other. The wormhole attack is the most dangerous attack in the network. Two or more cooperating malicious nodes can launch this attack by constructing a low latency tunnel and re transmitting the captured packet to different parts of the network. The architecture of the network exposes itself to these malicious nodes which capture the packets which are not addressed to these them and re transmits it to the other collaborating malicious partner at the other end of the tunnel,  creating an illusion that these nodes are physically very close to each other.This attacks leads to the disruption  in the routing for  the nodes get an illusion  that the link comprises of one or two hops as compared to multiple hops,this attack can also  result in flooding and packet  dropping. What makes these attacks more dangerous is the fact that they are  difficult to detect as the wormhole tunnels are private and  out of bound and in nature thereby won’t be visible to the network 5.The Wormhole and black hole attacks create an illusion of rendering the shortest path and result in the entire network traffic getting diverted on this route which may also  lead to Denial of service attack.Wormhole Attack  Route Request from Source Node of Destination in presence of wormhole TunnelWormhole attack categorization and formulationThe wormhole attack can be classified into the following categories Launched by external adversaries known as external attackLaunched by internal colluding nodes known as exposed Byzantine wormholeThe later is more difficult to detect as the internal nodes can forepass the existing security constraints,It has been observed6 that a wormhole attack can disrupt 32% of the communication across the network.The wormhole attack can be formulated in the following techniques.Wormhole using EncapsulationWormhole using Out-of Band ChannelWormhole using Packet RelayWormhole using High Power TransmissionWormhole Using EncapsulationIn this techniques  malign nodes operates at one distant corners of the network .upon receiving a RREQ packet the malicious node  transmits it to the second collaborating party at distant location which is nearest to the destination 6.The colluding second party on reception of the  RREQ packet Re-broadcasts it.This results in the neighbouring nodes dropping  any other future legitimate communication request which may arrive through a legitimate path. We can observe the creation of  a wormhole tunnel ,which will now be used for communication between the source and destination will communicate. These malicious nodes will prevent the nodes from exploring the proper nodes. Let us understand the attack by analysing a scenario in which a  node A tries to send a packet to node B by discovering the shortest path in presence of two malicious nodes X and Y. On reception of a packet node  X  routes it to node Y through the existing path (U-V-W-Z), on reception of a packet node Y de-marshals it and rebroadcasts it. Now if we can  observe  the hop count hasn’t increased due to encapsulation. When the RREQ packet got transmitted from node  A to node B through the path  C-D-E node B has two paths to select from the one being (A-C-D-E-B) which contain 4 hops  and the alternate route (A-X-Y-B) gives an impression of only 3 hops. Node B will accidently choose the smaller route which in reality contains 7 hops. The network which  implements shortest path is vulnerable to these kinds of attacks.Figure 4: Wormhole Using EncapsulationOut of band ChannelIn this techniques  the  attack can be put in motion by using either a direct wired link or long-range directional wireless link..A special hardware is required to launch this attach making it  more difficult to realize this type of an attack. Two malign nodes X and Y are existent in the network possessing an out-of-band between them, when the node X  sends a RREQ packet to node Y which the neighbor of node  B, when node Y broadcast its packet B receives 2 RREQ packets  A-C-D-E-F-B and A-X-Y-B. The first path  is discarded as it appears to be longer and the second is selected. Figure 5: Wormhole Using Out of band channelPacket RelayThe malign nodes in this attack  transmits packets between two nodes which are present at a distant location and successfully establish them to be neighbors. This attack is deadly as it can be implemented using only  one node also . When a  large number of nodes are malign in nature the neighboring list can be extended  and can get expanded to several hops.Figure 6: Wormhole Using Packet RelayWormhole using high power TransmissionThe malign node on reception of  a RREQ packet broadcasts the RREQ at a very high power level; this facility is not presented to any other node. When a node listens to the broadcasted packet  it re-broadcasts toward the destination.Figure 7: Wormhole Using High Power Transmissiona brief summary of wormhole attack detection techniquesTechniques AdvantagesDisadvantagesDistance and location based approach to detect wormhole geographical and temporal Both the techniques are employed  where strict clock synchronization and global positioning system coordinate all nodesRestrict the transmission distance of packet and need the nodes to be tightly synchronized Directional Antenna Requires less synchronization. Each nodes needs to be equipped with a special hardware and may result in directional errorsLITEWORP Guard node or Observer nodes are used to detect the wormhole if one of its neighbor is behaving maliciously Not always possible to find guard node for particular link.Graph Theoretical Approach Uses  encryption techniquesGuard node uses local broadcast keys which are available only in one hop neighbors.Cluster based detection techniques.1. Guard nodes are used to inform cluster heads about the attack. 2. No special hardwires are used. Wormhole detection techniqueswormhole detection and prevention algorithmVPNThe metric which displays a decrease in the length of the routing path offered by the malicious wormhole tunnel when small improvements in the correct path results in a decrease in its strength A Virtual Private Network is a technology used to secure the network which creates an encrypted network over a less secure network, when the underlying network fails to do so. Observer NodesNetwork Nodes which are concerned with monitoring the network performance and detecting any security breaches.ClusterLarge Network is divided into smaller spaces called cluster which are monitored by individual cluster heads the Observer nodes.AssumptionsA Virtual Private Network VPN build on top of the network acting as an admin which maintains a record of all nodes present in the network and maintains a malicious list. The system contains observer nodes O1…On which are predefinednodes  which constantly monitor the clusters c1..cn network at random interval of time.VPN maintains a record of all the malicious and threshold reaching nodes. It also maintains the status of malicious threshold flag.All Nodes need to get authenticated by the VPN to enter the networkVPN assigns a unique identifier to the node and during the registration phase checks if the node was previously   Detected as malicious node and set malicious threshold flag to zero.Once the node enters the network the information is shared with the observer nodes.The observer nodes constantly monitor the individual cluster network at random time t.Once the node is detected as malicious using the wormhole detection quantifiers  it is reported to the VPN which assigns a malicious threshold flag This gets incremented whenever the observer nodes report the node to be malicious. When malicious threshold flag is greater than or equal to 1 it is removed from the network and the node With its unique identifier number gets added to the malicious node listImplementation of the algorithm using network simulatorWe have implemented the algorithm in NS2 by enhancing AODV( Ad hoc On-Demand Distance Vector Routing ) Protocol.Initial Simulation Setupset val(chan)   Channel/WirelessChannel     set val(prop)   Propagation/TwoRayGround    set val(netif)  Phy/WirelessPhy             set val(mac)    Mac/802_11                  set val(ifq)    CMUPriQueue    set val(ll)     LL                          set val(ant)    Antenna/OmniAntenna         set val(ifqlen) 50                          set val(nn)     33                          set val(rp)     AODV                        set val(x)      1100                        set val(y)      1000                        set val(stop)   20.0                         In the Initial setup the source node sends out a RREQ Route request through its neighbour nodes towards the destination node through the neighbouring nodes towards the destination node through flooding.The request on reaching the destination sends a route reply (RREP) through the same path in the reverse direction..To detect the wormhole attack the header is tweaked by adding additional fields to store the additional information When the difference between prior per hop and per hop distance is larger than the threshold value a wormhole attack is detected.VPN Header Modificationstruct header_vpn_request {request_type; request_hop_count;request_broadcast_id;            request_destination_Ip;        request_dst_seqno;   request_source_Ip ;         request_sorce_seqno;Request_timestamp} Each node performs the following tasks:Calculate the per hop distance and compare it with prior hop distanceCalculate the difference between per hop and prior per hop prior per hop distance,if it is found to be larger than the maximum allowed threshold value.when the distance is large wormhole attack is detected and informed to all other nodes.