Network wormhole attacks without a traditional wormhole

A prudent attacker tries to maximize profits during an attack, taking into account the investment cost for carrying out the attack; a cost which always exists. This includes the effort of information gathering, the energy and work needed to develop the attack, the risk of being exposed etc. The wormhole attack, in which a non-existent path is augmented to the network coaxing naive nodes to route traffic through the attackers, is accepted as one of the most destructive attacks in ad-hoc networks (e.g. manets, iot, wsn, uavs etc.). This research proposes a method to maximize the profit of the attack and challenges the axiomatic assumption of the wormhole attack protocol. We show that up to a specific point, there is a simpler alternative to the attack that does not require the creation of an additional fictitious link; yet, achieves optimal attack coverage. Simulating multiple network node/edge combinations in ns3, demonstrates how the benefit of every additional dedicated wormhole link is actually small and diminishes as link density increases. Our alternative, based on centrality measures, decreases the chance of being detected by ids/ips as no active topology manipulation is taking place.

Automated summary

This research proposes a method to maximize the profit of the wormhole attack and challenges the assumptions of the existing attack protocol. Simulating different combinations of network nodes and edges, it shows the effectiveness of an alternative attack method that does not require additional virtual links and decreases the chances of being detected by intrusion detection systems.