In-Band Wormholes and Countermeasures in OLSR Networks

In a wormhole attack, colluding nodes create the illusion that two remote regions of a MANET are directly connected through nodes that appear to be neighbors, but are actually distant from each other. This undermines shortest-path routing calculations, allowing the attacking nodes to attract traffic, which can then be manipulated. Prior research has concentrated on out-of-band wormholes, which covertly connect the purported neighbors via a separate wireline network or RF channel. We present a detailed description of in-band wormholes in OLSR networks. These connect the purported neighbors via covert, multi-hop tunnels. In-band wormholes are an important threat because they do not require specialized hardware and can be launched by any node in the MANET. Moreover, unlike out-of-band wormholes, in-band wormholes consume network capacity, inherently degrading service. We explain the conditions under which an in-band wormhole will collapse and how it can be made collapse resilient. We identify the self-contained and extended forms of in-band wormholes and present wormhole gravitational analysis, a technique for comparing the effect of wormholes on the network. Finally, we identify potential countermeasures for preventing and detecting in-band wormholes based on packet loss rates, packet delays, and topological characteristics, and we describe the results of initial laboratory experiments to assess their effectiveness