PTT: Packet Travel Time Algorithm in Mobile Ad Hoc Networks Adel Saeed Alshamrani Department of Computer Science and Engineering, Latrobe University, Melbourne, Australia Kanan_sd@hotmail.com Abstract- The wormhole attack is hard to detect and can be easily implemented. An attacker may receive packets from one location in the network and tunnel them to the other end point in a different location and re-inject them into the network. Attackers can tunnel the packets by one of the following methods: encapsulating the packets, using out-of-bound links or using high power. If there are two or more malicious nodes in the network involved in a wormhole attack, the attack becomes more powerful. There are two types of wormhole attacks: hidden mode, and exposed (participation) mode. In this paper, we present an algorithm for detecting wormhole attacks, whether in hidden or exposed mode in wireless multi-hop net-works without special hardware. Our algorithm is an improvement on another algorithm which is based on transmission time-based mechanism (TTM). Moreover, our algorithm introduces a new mechanism called Packet Travel Time (PTT). This mechanism allows each device to monitor its neighbours’ behaviour. Therefore, this mechanism can detect both hidden and exposed wormhole attacks, and can locate the wormhole in AODV, and DSR protocol. Keywords - Wormhole attack, malicious nodes, Ad- hoc network, Neighbour Node Table, and PTT i. Introduction Recently, the rapid proliferation of lightweight wireless devices such as laptops, mobile phones and PDAs, has lead to a new kind of mobile network called the ad hoc network (MANET). A MANET is an infrastructure-less network in which mobile devices communicate via wireless channels; there are no base stations, no servers and no access points, and they can be constructed anytime and anywhere. In order to communicate in mobile ad hoc networks, devices work as network routers and network hosts by forwarding packets to provide connectivity between a source and a target. An ad hoc network is highly applicable in situations such as natural disasters, emergency deployment, scientific journeys, military conflicts and video conferences for sharing resources [1]. In addition, the settings and maintenance of ad- hoc networks makes it more suitable and adaptable for applications where wired networks cannot be offered. In addition, self organisation is a powerful feature in mobile ad hoc networks. However, the previously mentioned features of MANETs may pose a threat to ad hoc networks, especially with significant advances in hacking techniques. The transient and weak relationship between participants leads to many security threats in ad-hoc networks. In mobile ad hoc networks, routing protocols are very important, and can be classified into three categories: proactive, reactive, and hybrid. Each of these routing protocols has different characteristics. For instance, in proactive protocols such as DSDV, WRP [2], hosts exchange routing information with each other to construct their own tables in advance. Reactive protocols, which are known as on-demand protocols, do not maintain information on the network topology, however, the routing information can be obtained when needed. Most on-demand protocols used are AODV and DSR [3]. The characteristics of both proactive and reactive protocols are combined to form a hybrid protocol. Examples of this type of protocol include ZRP[4], and ZHLR[5]. Although much research has been devoted to different protocols to increase the security of MANETs, they still face security vulnerabilities. Therefore, it is important to acknowledge ad-hoc network characteristics based on those for which we can develop security applications. Ad-hoc features can be summarized briefly in terms of an infrastructure- less network, dynamic topology, self-organisation, limited resources (computation and power), shared physical medium, and distribution. Moreover, there are various kinds of attacks that affect ad-hoc networks. Wormhole attack is considered to be one of the most severe attacks. Wormhole attack is hard to detect but easy for attackers to implement. An attacker receives packets at one location in the network and tunnels them to another end point in a different location to be re-played into its neighbourhood. Attackers can tunnel the packets by encapsulating them, using an out-of-bound link and high power. If there are two or more malicious nodes, the attack becomes more powerful. Moreover, wormhole attackers try to find a good place to start different attacks such as routing loops and denial of service (DoS). There are two types of wormhole attacks: hidden mode and exposed (participation) mode[6]. Section II describes a wormhole attack and presents related work on the detection of wormhole attacks. In section III, I describe my algorithm to detect and prevent wormhole attacks. Finally, section IV concludes the paper and details the proposed future work. 2011 Workshops of International Conference on Advanced Information Networking and Applications 978-0-7695-4338-3/11 $26.00 © 2011 IEEE DOI 10.1109/WAINA.2011.68 561