2nd International ICST Conference on Security and Privacy in Comunication Networks

Research Article

In-Band Wormholes and Countermeasures in OLSR Networks

  • @INPROCEEDINGS{10.1109/SECCOMW.2006.359551,
        author={Peter  Kruus and Dan Sterne and Richard  Gopaul and Michael  Heyman and Brian  Rivera and Brian Luu and Peter  Budulas and Tommy Johnson and Natalie Ivanic and Geoff  Lawler},
        title={In-Band Wormholes and Countermeasures in OLSR Networks},
        proceedings={2nd International ICST Conference on Security and Privacy in Comunication Networks},
        keywords={Computer network security routing mobile communications reachability analysis wormhole.},
  • Peter Kruus
    Dan Sterne
    Richard Gopaul
    Michael Heyman
    Brian Rivera
    Brian Luu
    Peter Budulas
    Tommy Johnson
    Natalie Ivanic
    Geoff Lawler
    Year: 2007
    In-Band Wormholes and Countermeasures in OLSR Networks
    DOI: 10.1109/SECCOMW.2006.359551
Peter Kruus1, Dan Sterne1, Richard Gopaul2, Michael Heyman1, Brian Rivera2, Brian Luu1, Peter Budulas2, Tommy Johnson1, Natalie Ivanic2, Geoff Lawler1
  • 1: SPARTA, Inc.
  • 2: U.S. Army Research Laboratory


In a wormhole attack, colluding nodes create the illusion that two remote regions of a MANET are directly connected through nodes that appear to be neighbors, but are actually distant from each other. This undermines shortest-path routing calculations, allowing the attacking nodes to attract traffic, which can then be manipulated. Prior research has concentrated on out-of-band wormholes, which covertly connect the purported neighbors via a separate wireline network or RF channel. We present a detailed description of in-band wormholes in OLSR networks. These connect the purported neighbors via covert, multi-hop tunnels. In-band wormholes are an important threat because they do not require specialized hardware and can be launched by any node in the MANET. Moreover, unlike out-of-band wormholes, in-band wormholes consume network capacity, inherently degrading service. We explain the conditions under which an in-band wormhole will collapse and how it can be made collapse resilient. We identify the self-contained and extended forms of in-band wormholes and present wormhole gravitational analysis, a technique for comparing the effect of wormholes on the network. Finally, we identify potential countermeasures for preventing and detecting in-band wormholes based on packet loss rates, packet delays, and topological characteristics, and we describe the results of initial laboratory experiments to assess their effectiveness