Analysis and Countermeasure for Wormhole Attacks in Wireless Mesh Networks on a Real Testbed

The wormhole attack is a severe attack in Wireless Mesh Networks (WMNs). It involves two or more wormhole endpoints colluding to capture traffic from one place in the network and replay it to another faraway place through a secret tunnel, so as to distort network routing. It may lead to even more serious threats such as packet dropping and denial of service (DoS). Although a lot of works have been done on detecting wormhole attacks, few of them actually evaluated their solutions on a testbed to consider the real network conditions. In this paper, we set up a WMN testbed for studying wormhole attacks to fill this gap. Some existing approaches used RTT to detect wormhole attacks. However, from both theoretical analysis and experimental results, we observed that the standard deviation of round trip time (stdev(RTT)) is a more efficient metric than RTT to identify wormhole attacks. Accordingly, we propose a new algorithm called Neighbor-Probe-Acknowledge (NPA) to detect wormhole attacks. Compared with existing works, NPA does not need time synchronization or extra hardware support. Moreover, it achieves higher detection rate and lower false alarm rate than the methods using RTT under different background traffic load conditions.