Content uploaded by Ala Altaweel
Author content
All content in this area was uploaded by Ala Altaweel on Jun 29, 2023
Content may be subject to copyright.
Exposed-mode of Wormhole Aack in Opportunistic Mobile
Networks: Impact Study and Analysis
Sidra Aslam, Ala Altaweel, Ibrahim Kamel
{U21200061,aaltaweel,kamel}@sharjah.ac.ae
College of Computing and Informatics, University of Sharjah, UAE
ABSTRACT
Wormhole attack has exposed-mode (internal attack with exposed
attacker nodes identities) and hidden-mode (external attack with
hidden attacker nodes identities). In exposed-mode, the pair-wise
connected attacker nodes fool the legitimate nodes by using a hid-
den link to route packets and yield high packet delivery ratio. As
the packets reach the wormhole nodes, attackers can initiate traf-
c analysis, packet dropping, and/or packet modication attacks.
This paper studies and analyzes the impact of the exposed-mode of
wormhole attack in Opportunistic Mobile Networks (OMNs) and
the parameters aecting it. The impacts of the exposed-mode of
wormhole attack are analyzed using the amount of extra routed
packets the attacker nodes will obtain. The attack was launched
by varying dierent parameters (i.e., number of wormhole nodes,
attack frequency, and attack duration) that inuence its intensity
against four main routing protocols in OMNs (i.e., Prophet, Spray
and Wait, Epidemic, and First Contact). The simulation experi-
ments employed two widely-used mobility traces (real-world and
synthetic) in OMNs and were analyzed in terms of the most vul-
nerable routing protocol and the most inuential attack parameter.
We concluded that attackers can smartly overthrow safe communi-
cations in OMNs using deep analysis of routing mechanisms and
nodes density.
KEYWORDS
Wormhole attack, Attack Impact, OMNs, DTNs
ACM Reference Format:
Sidra Aslam, Ala Altaweel, Ibrahim Kamel. 2023. Exposed-mode of Worm-
hole Attack in Opportunistic Mobile Networks: Impact Study and Anal-
ysis. In European Interdisciplinary Cybersecurity Conference (EICC 2023),
June 14–15, 2023, Stavanger, Norway. ACM, New York, NY, USA, 7 pages.
https://doi.org/10.1145/3590777.3590781
1 INTRODUCTION
Opportunistic Mobile Networks (OMNs), also known as Delay/
Disruption Tolerant Networks (DTNs), is a wireless network of
occasionally connected mobile devices based on various mobility
characteristics of nodes (e.g., end-users). The data is transferred
between two nodes as their mobile devices connect, i.e., when
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for prot or commercial advantage and that copies bear this notice and the full citation
on the rst page. Copyrights for components of this work owned by others than the
author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or
republish, to post on servers or to redistribute to lists, requires prior specic permission
and/or a fee. Request permissions from permissions@acm.org.
EICC 2023, June 14–15, 2023, Stavanger, Norway
©2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.
ACM ISBN 978-1-4503-9829-9/23/06. . . $15.00
https://doi.org/10.1145/3590777.3590781
they come in transmission ranges of each other [
9
]. OMNs use
store-carry-forward routing mechanism that leverages hop-by-hop
carrier node detection to forward the data. In this routing mech-
anism, each data communicating node stores the packets in its
buer and carries them until a forwarding decision to select the
next carrier node is made. Once the next carrier node is detected,
the packets are forwarded to the next intermediate node until they
reach the ultimate destination node. OMNs aid in infrastructure-less
communication of data, i.e., areas with insucient telecom/power
resources or higher data communication demands such as crowded
events [
21
,
28
]. Moreover, OMNs cater on-earth, under-water, and
earth-bound data communications by exchanging the information
during the disaster scenarios [
7
] through various applications like
FireChat [10] and WaterChat [29].
OMNs are highly vulnerable to security attacks due to random
participation of carrier nodes in communication (i.e., ad-hoc nature).
One of the main security attacks in OMNs is the exposed-mode
of wormhole attack in which the attacker nodes fool the neigh-
boring legitimate nodes and use hidden channel to exchange the
packets of the legitimate nodes in OMNs. Exposed-mode refers to
the wormhole nodes’ IDs, which are exposed in OMNs (i.e., the
wormhole nodes are part of the network). The wormhole nodes aim
to inuence the routing protocols that uses (shorter) distance vector,
routing costs, and/or hop-counts lists to make packet forwarding
decisions. Whenever there is a change in routing paths, hop counts
and cost functions vary accordingly. Hence, allowing the wormhole
nodes to route the packet/s through their wormhole tunnel(s) [
4
].
Once the packets are directed towards the route formed by the
wormhole nodes, they can initiate various attacks such as eaves-
dropping, packet replay, or packet modication [
5
,
13
,
14
]. More-
over, the attackers can launch black-hole (all packets dropping) or
grey-hole (selective packet/bit dropping) attacks to compromise
the availability of packets.
This paper analyzes the impacts of the exposed-mode of worm-
hole attack using Massachusetts Institute of Technology (MIT) [
8
]
and Random Way Point (RWP) [
17
] mobility traces (details pro-
vided in Section 4). Since MIT mobility trace became available, it
has been popular and widely-used to showcase the real-time con-
nections of the nodes in OMNs (i.e., end-users moving with smart
devices) [
1
,
2
]. MIT mobility trace contributed in comparing the
impacts of the exposed-mode of wormhole attack under real-world
versus synthetic movement scenarios. The paper presents exten-
sive simulation experiments using ONE simulator [
18
] for OMNs,
which has been modied and re-compiled to include a new report
to count the carried packets for each node in the network. More-
over, in order to diversify the impact of the attack under dierent
OMNs conditions, we launched the attack against four popular
routing protocols in OMNs that have dierent packets forwarding
EICC 2023, June 14–15, 2023, Stavanger, Norway Sidra Aslam, Ala Altaweel, Ibrahim Kamel
mechanisms. Namely, Prophet, Spray and Wait, Epidemic, and FC
routing protocols. To the best of our knowledge, the impacts of
the exposed-mode of wormhole attack (in terms of the number of
attacker pairs, attack frequency, and duration) has neither been
studied nor evaluated in OMNs. Our study is evaluated based on a
fundamental metric, the amount of extra packets the attacker nodes
will obtain, which aects other essential performance measures
in OMNs such as packet delivery ratio and packet delivery delay.
After investigating the vulnerability of the routing protocols to
the exposed-mode of wormhole attack, we found that under real-
world mobility trace, Spray and Wait is the most vulnerable routing
protocol. Furthermore, attack frequency has the highest impact
(compared to number of attack pairs and attack duration). Yet, the
attack is relatively uninuential under synthetic mobility trace. The
paper provides a detailed discussions and analysis of its ndings.
2 BACKGROUND AND RELATED WORKS
This section presents a brief overview of routing protocols and
various research works for detecting and mitigating wormhole
attacks in OMNs and DTNs. Probability Routing (Prophet) pro-
tocol uses History of Encounters and Transitivity to form delivery
predictability,
𝜙
. Specically, the probability of delivering packets
to every encountered node where
𝜙∈
[0,1] [
20
].
𝜙
is calculated
using number of encounters among the nodes in order to make
routing decisions. Prophet is an unlimited replication-based pro-
tocol that relies on inter-contact time (or frequency of meeting
among the nodes) to make future forwarding decisions. Each node
selects the next forwarding node having higher probability to carry
the packets to the destination, using updated
𝜙
at each encounter.
For instance, when a node nmeets another node mfor the rst
time, the count of encounters increments by one and
𝜙
is updated
accordingly. In such case, the delivery predictability between n
and m
𝜙(𝑛,𝑚)=𝜙(𝑛,𝑚)𝑜𝑙𝑑 + (
1
−𝜙(𝑛,𝑚)𝑜𝑙 𝑑 ) × 𝜎 .
Where,
𝜎∈ [
0
,
1
]
is an initialization constant to ensure that nodes that frequently
meet have high
𝜙
.
𝜙
also has an aging factor that denes the time
elapsed between new and old encounters. That is, if nand mdo
not meet each other for a while, their
𝜙
must age and is updated
as:
𝜙(𝑛,𝑚)=𝜙(𝑛,𝑚)𝑜𝑙𝑑 ×𝛾k
. Where,
𝛾∈ [
0
,
1
)
is an aging constant
that decides the impact the aging has on
𝜙
, and kis the number
of time periods elapsed since
𝜙
was aged.
𝜙
also has a transitive
property. That is, if nmeets p, which also meets m, then,
𝜙(𝑛,𝑚)=
𝜙(𝑛,𝑚)𝑜𝑙𝑑 + [
1
−𝜙(𝑛,𝑚)𝑜𝑙 𝑑 ] × 𝜙(𝑛,𝑝 )×𝜙(𝑝 ,𝑚)×𝛽.
Where,
𝛽∈ [
0
,
1
)
is a scaling constant that decides the impact of transitivity on 𝜙.
In First-Contact (FC) routing protocol, the transmitter node
does not wait for locating the optimal data communication channel
(carrier) to forward the packet(s). Instead, the transmitter node
sends packets to the rst node it comes in contact with, and deletes
the packets afterwards without keeping their copies in its buer.
The forwarding process in this protocol follows specic routing
polices [
16
]. First-Contact protocol employs path-vector approach
in order to prevent any possibility of non-stop oscillation of packets
among a small group of nodes or delivering the packets to dead-
end [
16
]. Spray and Wait (SnW) protocol has two phases, spray
phase for packets replication and wait phase to wait until a packet
delivery receipt from the destination node is received at the sender
node [
27
]. During the replication phase, several copies of the same
packet are sent to the neighboring nodes to assure that at-least one
copy will be received at the destination. To avoid buer congestion
due to packets replication, spray phase only duplicates Lcopies for
each packet to all encountered neighboring nodes. In wait phase,
the transmitter node waits for the acknowledgement from the des-
tination (in case any copy of replicated packets is received at the
destination). If, during the wait phase, the destination is not reach-
able or acknowledgement is not received (at the transmitter node),
the intermediate nodes that carry Lcopies transmit them by follow-
ing direct delivery protocol [
26
]. That is, all Lneighboring nodes
will directly transmit the data to the destination upon the direct
contact between each node and the destination. Epidemic is a non-
intelligent protocol designed for sparse and highly dynamic OMNs.
Epidemic protocol duplicates the sent packet at every intermediate-
node until it is received by the destination [
31
]. Epidemic squeezes
the bandwidth of the network resulting in low communication per-
formance. However, its duplication process renders high packet
delivery rate and low delivery delay at the expense of consuming
high bandwidth and power resources.
X. Liang et al. proposed a Trust-Based Epidemic Routing (TBER)
mechanism to encourage the cooperation of selsh (i.e., wormhole)
nodes in DTNs to facilitate their communications [
19
]. TBER detects
the malicious nodes and keeps the record of connectivity informa-
tion, energy levels, and cooperative behaviors of the neighbor nodes.
TBER involves a ve-step hop-by-hop detection of malicious nodes,
based on the trust values assigned to each node after successful
delivery of packets on each encounter. The trust values are used as
recommendations for next carrier detection, as each sending node
selects the carrier of highest trust values among its neighbors until
the data packets are delivered to the destination. Packet delivery
ratio of TBER performed 60%and 65%better compared to Epidemic
and Prophet protocols [
20
,
31
], respectively. Y. Ren et al. proposed
a wormhole detection mechanism using the forbidden topology
in DTNs [
24
]. The authors proposed that every node maintains
an encounter list of all neighbors. For at-least two independent
nodes (say A and B), if the transmission range of a reference node
C is reduced, C can have only one of the two independent nodes
(A or B) as its neighbor at the same time. Conversely, if C nds
both A and B independent nodes at the same time, then node C
reduces its transmission range and looks again for two independent
neighbors in its encounter list. If the presence of two independent
nodes is detected again, this indicates the existence of wormhole
nodes (forbidden topology). Otherwise, no wormhole nodes exist.
The authors concluded that with higher node density the wormhole
detection time becomes shorter. Conversely, increasing the distance
between the wormhole nodes resulted with longer detection time.
An ecient wormhole detection mechanism in DTNs [
22
] was
proposed to improve the performance of a former technique [
24
].
The infrastructure contains the nodes to detect the attack through
statistical neighbor count using Machine Learning [
22
]. The pro-
posed infrastructure is divided into a network area of 16 nodes for
monitoring 16 semi-distributed small square areas (1km x 1km)
to compute the mean from neighbor number test. In the training
phase, the calculated mean is used to set a threshold for detecting
the wormhole attack. The dierence between the calculated mean
of neighbor count and the desired mean of neighbor count from
the nodes present in a square of network area is analyzed. In the
Exposed-mode of Wormhole Aack in Opportunistic Mobile Networks: Impact Study and Analysis EICC 2023, June 14–15, 2023, Stavanger, Norway
test phase, the neighbor node count is checked. If the mean exceeds
a specic threshold, a wormhole attack is detected. The technique
in [22] reduces the detection time by three compared to [24].
Rather than studying the impacts of wormhole attack and the fac-
tors aecting it in OMNs, previous works focused only on proposing
detection/mitigation mechanisms for addressing it. Therefore, in
this paper, we found that it is crucial to investigate the degree of
the attack damage and the parameters that amplify it as well as
specify which routing protocol(s) are vulnerable to the attack.
3 WORMHOLE (WH) ATTACK IN OMNS
This section presents denitions and evaluation parameters used
to analyze the exposed-mode of wormhole attack and study its
impacts. The attack is named exposed-mode as the attacker nodes’
IDs are exposed and are part of the OMNs (unlike hidden-mode
in which the IDs are hidden). In this attack, a low-latency hidden
channel (called wormhole tunnel) connects two attacker nodes sit-
uated at strategic locations, usually far from each other, to catch
more packets from neighboring nodes. In real-world scenarios, the
devices in OMNs are connected via short-range communication
paradigms (e.g., Bluetooth, Wi-Fi, Wi-Fi-direct, etc.). However, due
to the advancements in communication technologies, the mobile
devices are now capable of long-range Device-to-Device (D2D)
communication platforms [
11
], which might be employed by the
wormhole attacker nodes to launch their attack. For example, LTE
technology supports long-range connectivity of mobile devices
using base-stations, 4G [
12
], and LTE Direct D2D Proximal Dis-
covery [
23
]. Another example is the satellite phone for long-range
communications using Low Earth Orbits (LEO) [
15
], which is used
for emergency SOS on iPhone 14 and Samsung devices [
3
,
25
]. The
attackers of dierent and exposed IDs fool the far nodes in OMN
and route their packets faster via a hidden wormhole tunnel, which
is created using any long-range communication technology.
N1 E(3,4)
E(4,6)
E(3,5)
E(1,3)
E(5,6)
E(6,7)
E(2,7)
Ê(1,2)
Legitimate nodes
Wormhole nodes
Legitimate link
Wormhole link
N2
N3 N4
N5 N6
N7
Figure 1: WH attack:
exposed-mode
Once the data packets are cap-
tured by the wormhole nodes, the
attackers can breach data integrity,
condentiality, or availability. The
attacker might also reduce the rout-
ing eciency by launching Denial-
of-Service (DoS) or Man-in-the-
Middle (MitM) attacks ,i.e., packet
modication, blackhole, greyhole,
or trac analysis attacks [
6
]. Fig-
ure 1 shows the OMN graph, G =
(N,V).Nrepresents either the legit-
imate nodes (N3-N7), or the worm-
hole nodes (N1 and N2). The worm-
hole nodes aim to deliver/capture
data packets that belong to legitimate nodes.
𝐸
represents the en-
counters among any nodes (legitimate or wormhole) and
ˆ
𝐸
repre-
sents the wormhole tunnel.
𝑖
and
𝑗
indices in
𝐸
and
ˆ
𝐸
are the nodes
IDs, e.g., 𝐸(3,4)and ˆ
𝐸(1,2), as shown in Figure 1.
The attacker launches the exposed-mode of wormhole attack
with various variations or parameters, i.e., pair-wise distinct at-
tacker nodes S, attack duration D, and attack frequency F. We pro-
vide more details about these parameters in the next paragraphs.
Table 1: Attack and simulation parameters
𝑇OMN lifetime
𝐷Attack duration
𝑆A set of pair-wise distinct attacker nodes
𝐹Attack frequency
Simulation Time 604800 sec (1 week)
Time-to-Live 432000 sec (5 days)
Warm-up Time 86400 sec (1 day)
Messages 1500 message (each with 2048 Bytes)
Network Interface Bluetooth
Simulation Area 4500 ×4500 m
Pair-wise distinct attacker nodes is a set of pairs of wormhole
nodes, S, that launch the attack. The attacker compromises the nodes
in terms of distinct pairs. That is,
𝑆
=
{( 𝑁𝑖, 𝑁 𝑗),(𝑁𝑤, 𝑁𝑥), ..., (𝑁𝑦, 𝑁𝑧)}
where 𝑖≠𝑗≠𝑤≠𝑥... ≠𝑦≠𝑧.
Attack frequency is the frequency, F, at which the nodes for each
pair in
𝑆
establish the hidden channel’s connectivity. That is, let
𝑇
represents the OMN lifetime, then
𝐹
=
𝑇
𝑡
, whereas
𝑡
represents the
time period at which the attacker launches the attack as follows:
0𝑡2𝑡3𝑡𝑇−𝑡 𝑇
Attack duration is the connectivity time, D, between the nodes
for each pair in
𝑆
. That is, the connectivity time in seconds among
𝑁𝑖↔𝑁𝑗
,
𝑁𝑤↔𝑁𝑥
, ...,
𝑁𝑦↔𝑁𝑧
.
𝐷
indicates the time during
which each pair routes the data packets of legitimate nodes, i.e., the
time during which the attacker nodes remain in contact.
4 IMPACT EVALUATION AND ANALYSIS
This section presents the experimental setup and simulation results
and provides analysis of the results.
4.1 Experimental Setup
The simulation experiments were conducted in ONE simulator [
18
]
using MIT and RWP traces with the simulation parameters shown
in Table 1. MIT trace has 97 nodes with data collected from move-
ments of MIT students, faculty, and sta members [
8
]. Whereas,
RWP trace has 150 nodes with their mobility patterns generated
using ConnectivityONE Report in ONE simulator [
18
]. For MIT trace,
randomly selected node IDs from 50-97 are used to form wormhole
pairs. For RWP trace, wormhole pairs are formed randomly from
71-150 nodes IDs. The rest of node IDs (i.e., 1-49 for MIT and 1-70
for RWP) for both traces are legitimate. The experiments compare
attack and normal scenarios (i.e., with and without launching the
attack). The number of routed packets of same pairs of nodes in
both scenarios are compared. That is, by averaging the total routed
packets reported by Routed Messages Report, which we developed
for ONE simulator, for dierent pairs during the attack and normal
scenarios. Gained Packets (
𝐺𝑃
) refers to the dierence of routed
packets between both scenarios, i.e., 𝐺𝑃 =𝑀𝐴𝑡𝑡 𝑎𝑐𝑘 -𝑀𝑁 𝑜𝑟𝑚𝑎𝑙 .
The results were analyzed using the least values of the selected
parameters that fulll the requirement for the attack, i.e., pair-wise
connection of attacker nodes (
|𝑆|
=2,4,6,8,10 pairs). The selected
values of
|𝑆|
,
𝐹
, and
𝐷
, on one hand show the percentages of mali-
ciousness in the network (i.e., shown in the captions of Figures 2, 4, 5,
and 7). On the other hand, these values help in analyzing the impact
EICC 2023, June 14–15, 2023, Stavanger, Norway Sidra Aslam, Ala Altaweel, Ibrahim Kamel
2 4 6 8 10
Number of Pairs in S
0
5
10
15
20
25
30
Gained Packets
(a)
2 4 6 8 10
Number of Pairs in S
0
10
20
30
40
50
60
Gained Packets
(b)
2 4 6 8 10
Number of Pairs in S
0
1
2
3
4
5
6
7
Gained Packets
(c)
2 4 6 8 10
Number of Pairs in S
0
50
100
150
200
250
Gained Packets
(d)
Figure 2: Gained packets for
|S|=2,4,6,8,10
(i.e., with
2.06%
,
4.12%
,
6.185%
,
8.02%
,
10.3%
malicious nodes in OMNs) for MIT
trace: (a) Prophet. (b) FC. (c) SnW. (d) Epidemic.
4 6 8 10 12
Frequency F
0
10
20
30
40
50
Gained Packets
(a)
4 6 8 10 12
Frequency F
0
10
20
30
40
50
60
Gained Packets
(b)
4 6 8 10 12
Frequency F
0.0
0.5
1.0
1.5
2.0
2.5
3.0
3.5
4.0
Gained Packets
(c)
4 6 8 10 12
Frequency F
0
50
100
150
200
250
300
350
400
Gained Packets
(d)
Figure 3: Gained packets for
F=4,6,8,10,12
for MIT trace: (a)
Prophet. (b) FC. (c) SnW. (d) Epidemic.
of the attack when attacker nodes have minimal resources or put
minimal eort during the attack. The values of
𝐹
were 4,6,8,10,
12 for both traces. The values of
𝐷
, in sec, for MIT and RWP traces
were (120,240,360,480,600). When we analyzed the impact of a
specic parameter (e.g.,
|𝑆|
=6), we xed the values of others (
𝐷
and
𝐹
), and vice versa. To mathematically evaluate the impact of
the attack, we propose the vulnerability measure,
𝜌
=
𝐺𝑃
𝑀𝑁𝑜 𝑟𝑚𝑎𝑙 ×
100%, which indicates the worthiness of launching the attack.
4.2 Evaluating the Impact of Wormhole Attack
For MIT trace, Figure 2 shows the Gained Packets (
𝐺𝑃
) for all rout-
ing protocols when
|𝑆|
=2,4,6,8,10 pairs. The experiments were
run once and the results were averaged based on the pairs in S.
The percentages shown in the caption of Figure 2 represent the
120 240 360 480 600
Attack Duration (D) in sec
0
1
2
3
4
5
6
Gained Packets
(a)
120 240 360 480 600
Attack Duration (D) in sec
0
10
20
30
40
50
60
Gained Packets
(b)
120 240 360 480 600
Attack Duration (D) in sec
0.0
0.5
1.0
1.5
2.0
2.5
3.0
3.5
Gained Packets
(c)
120 240 360 480 600
Attack Duration (D) in sec
0
20
40
60
80
100
120
140
160
Gained Packets
(d)
Figure 4: Gained packets for
D=120,240,360,480,600
(i.e.,
with 0.07%,0.15%,0.23%,0.31%,0.39%ratios of Dto OMN life-
time) for MIT trace: (a) Prophet. (b) FC. (c) SnW. (d) Epidemic.
2 4 6 8 10
Number of Pairs in S
0
20
40
60
80
100
Gained Packets
(a)
2 4 6 8 10
Number of Pairs in S
0
500
1000
1500
2000
Gained Packets
(b)
2 4 6 8 10
Number of Pairs in S
0.0
0.2
0.4
0.6
0.8
1.0
Gained Packets
(c)
2 4 6 8 10
Number of Pairs in S
0
20
40
60
80
100
Gained Packets
(d)
Figure 5: Gained packets for
|S|=2,4,6,8,10
(i.e., with
1.33%
,
2.66%
,
4%
,
5.33%
,
6.66%
malicious nodes in OMNs) for RWP
trace: (a) Prophet. (b) FC. (c) SnW. (d) Epidemic.
ratios of malicious nodes in OMNs for each experiment. As shown
in Figure 2, for all routing protocols, the number of routed packets
in attack scenarios are higher as compared to the corresponding
normal scenarios (i.e.,
𝐺𝑃
> 0). Moreover, depending on the routing
protocols, the impact of wormhole attacks varies according to dier-
ent attacker pairs. For instance, in Figure 2b,
𝑀𝑁𝑜𝑟𝑚𝑎𝑙
for FC using
2 pairs is 1505 and the corresponding
𝑀𝐴𝑡𝑡𝑎𝑐𝑘
= 1532. Similar trend
is also observed in Figures 2a, 2c, and 2d for Prophet, SnW, and
Epidemic routing protocols, respectively. The vulnerability measure,
𝜌
, averaged for all pairs for each routing protocol are shown in Fig-
ure 8a. As is clear in this gure, SnW has the highest vulnerability
by casting 11.5% more routed packets in attack scenario compared
to Epidemic, FC, and Prophet (i.e., highest to lowest).
Exposed-mode of Wormhole Aack in Opportunistic Mobile Networks: Impact Study and Analysis EICC 2023, June 14–15, 2023, Stavanger, Norway
4 6 8 10 12
Frequency F
0
50
100
150
200
250
Gained Packets
(a)
4 6 8 10 12
Frequency F
0
200
400
600
800
1000
1200
Gained Packets
(b)
4 6 8 10 12
Frequency F
0.0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
Gained Packets
(c)
4 6 8 10 12
Frequency F
0
20
40
60
80
100
120
140
160
Gained Packets
(d)
Figure 6: Gained packets for
F=4,6,8,10,12
for RWP trace:
(a) Prophet. (b) FC. (c) SnW. (d) Epidemic.
120 240 360 480 600
Attack Duration (D) in sec
0
1
2
3
4
5
6
Gained Packets
(a)
120 240 360 480 600
Attack Duration (D) in sec
0
200
400
600
800
1000
1200
1400
1600
Gained Packets
(b)
120 240 360 480 600
Attack Duration (D) in sec
0.0
0.1
0.2
0.3
0.4
0.5
Gained Packets
(c)
120 240 360 480 600
Attack Duration (D) in sec
0
20
40
60
80
100
120
Gained Packets
(d)
Figure 7: Gained packets for
D=120,240,360,480,600
(i.e.,
with 0.07%,0.15%,0.23%,0.31%,0.39%ratios of Dto OMN life-
time) for RWP trace: (a) Prophet. (b) FC. (c) SnW. (d) Epidemic.
Figure 3 illustrates that higher values of
𝑀𝐴𝑡𝑡𝑎𝑐𝑘
compared to
𝑀𝑁𝑜𝑟𝑚𝑎𝑙
for dierent values of
𝐹
for all routing protocols (i.e.,
𝐺𝑃
>
0). For example, for Prophet,
𝑀𝐴𝑡𝑡𝑎𝑐𝑘
=
∼
193 compared to
𝑀𝑁𝑜𝑟𝑚𝑎𝑙
=
∼
191, when
𝐹
= 4. Similarly,
𝑀𝐴𝑡𝑡𝑎𝑐𝑘
= 177.5, 6.2, 1848.5 compared
to their corresponding
𝑀𝑁𝑜𝑟𝑚𝑎𝑙
= 117.5, 2.5, 1700.7 for FC, SnW, and
Epidemic protocols, when
𝐹
= 4 (Figures 3b, 3c, and 3d, respectively).
Figure 8b shows that SnW is the most vulnerable with
𝜌
= 146% as
compared to Prophet, FC, and Epidemic protocols.
Figure 4 shows the
𝐺𝑃
values while varying
𝐷
for all routing pro-
tocols. The percentages shown in the caption of Figure 4 represent
the ratios of
𝐷
to OMN lifetime,
𝑇
, for
|𝑆|
= 4.
𝑀𝐴𝑡𝑡𝑎𝑐𝑘
has higher
values compared to
𝑀𝑁𝑜𝑟𝑚𝑎𝑙
for Prophet, FC, SnW, and Epidemic,
as shown in Figures 4a, 4b, 4c, and 4d, respectively. For instance,
in Figure 4a,
𝑀𝐴𝑡𝑡𝑎𝑐𝑘
= 203.5 for Prophet protocol is higher than
0
2
4
6
8
10
12
14
Prophet FC SnW Epidemic
ρ (%)
3.8 4.2
11.5
9.3
(a)
0
20
40
60
80
100
120
140
160
Prophet FC SnW Epidemic
ρ (%)
33.1 32.6
146.0
15.3
(b)
0
20
40
60
80
100
120
140
160
Prophet FC SnW Epidemic
ρ (%)
1.8
50.3
150.0
8.5
(c)
0
5
10
15
20
25
30
Prophet FC SnW Epidemic
ρ (%)
0.6
25.1
0.6 0.4
(d)
0
1
2
3
4
5
Prophet FC SnW Epidemic
ρ (%)
2.1
1.3
0.7 0.8
(e)
0
5
10
15
20
25
30
Prophet FC SnW Epidemic
ρ (%)
0.6
24.6
0.5 0.9
(f)
Figure 8:
𝜌
for all protocols using MIT trace for all: (a)
|𝑆|
values. (b)
𝐹
values. (c)
𝐷
values.
𝜌
for all protocols using
RWP trace for all: (d) |𝑆|values. (e) 𝐹values. (f) 𝐷values.
𝑀𝑁𝑜𝑟𝑚𝑎𝑙
= 200.5 for
𝐷
= 360 sec. Figure 8c shows that SnW routing
protocol has highest vulnerability with
𝜌
= 150%, as compared to
Prophet, FC, and Epidemic routing protocols.
For RWP trace, the experiments were repeated ve times using
dierent locations and then averaged for each experiment. Figure 5
shows that
𝑀𝐴𝑡𝑡𝑎𝑐𝑘
is higher as compared to
𝑀𝑁𝑜𝑟𝑚𝑎𝑙
for all pro-
tocols. For instance,
𝐺𝑃
= 207.6 collectively for
|𝑆|
= 2, 4, 6, 8, 10,
for Prophet protocol. Similarly, FC, SnW, and Epidemic routing pro-
tocols show higher
𝑀𝐴𝑡𝑡𝑎𝑐𝑘
in Figures 5b, 5c, and 5d, respectively.
Figure 8d shows that FC has the highest
𝜌
= 25.0% compared to
other routing protocols. Furthermore,
𝑀𝐴𝑡𝑡𝑎𝑐𝑘
increases compared
to
𝑀𝑁𝑜𝑟𝑚𝑎𝑙
(i.e.,
𝐺𝑃 ≥
0) for all values of
𝐹
for all routing protocols,
as shown in Figure 6. For instance, in Figure 6a,
𝐺𝑃
= 673 collec-
tively for Prophet protocol. Same trend is also observed for FC, SnW,
and Epidemic protocols in Figures 6b, 6c, and 6d, respectively. In
Figure 8e,
𝜌
= 2.1% for Prophet, which is the highest, whereas SnW
showed least vulnerability compared to FC and Epidemic protocols.
Figure 7 shows that all routing protocols have higher values of
𝑀𝐴𝑡𝑡𝑎𝑐𝑘
for dierent values of
𝐷
. For instance, in Figure 7b,
𝐺𝑃
collectively for FC protocol = 6279.25, and it is also
>
0 for Prophet,
SnW, and Epidemic (Figures 7a, 7c, and 7d). Overall, the most vulner-
able protocol is FC with
𝜌
= 24.6% compared to Epidemic, Prophet,
and SnW (highest to lowest), as shown in Figure 8f.
4.3 Analyzing the Impact of Wormhole Attack
In this section, we analyze the impact of exposed-mode of wormhole
attack in OMNs from two perspectives. First, the attack variation or
parameter that has the highest impact when launching the attack.
EICC 2023, June 14–15, 2023, Stavanger, Norway Sidra Aslam, Ala Altaweel, Ibrahim Kamel
Second, the routing protocols that are more vulnerable to the attack.
Moreover, we briey identify the reasons that make the routing
protocols in OMNs vulnerable to the exposed-mode of wormhole
attack and we accordingly propose few suggestions to enhance their
resiliency against it. By analyzing the results, it is evident that the
impact of the attack varies based on the traces (mobility patterns of
nodes), nodes density in OMNs (sparse or dense networks), and the
nature (or mechanism) of targeted routing protocol by the attacker.
MIT is a real-world trace with mobility patterns that represent
the real-user movements in daily (or weekly) life basis (i.e., MIT’s
students, faculty, and sta members). We analyzed MIT trace and
observed that the mobility patterns of its users keep repeating. That
is, if two nodes meet at any instance of time, they will meet again
with high probability in the future. The aforementioned observation
was not valid for RWP trace, which employs a random mobility
for mobile users. Hence, for MIT trace, as shown in Figure 8b,
𝐹
has the highest impact, as an attack parameter, as compared to
number of pairs in
𝑆
and
𝐷
(Figures 8a and 8c). However, for RWP
trace,
𝐹
has the lowest impact, as shown in Figure 8e. Furthermore,
we analyzed both traces in terms of number of pair of nodes that
never encounter each other and found that MIT trace has more
pairs compared to RWP. Hence, OMN under RWP is more well-
connected and as a result less vulnerable to the wormhole attack.
That is, in general, the vulnerability measure,
𝜌
, is relatively small
for all routing protocols for RWP compared to MIT, as shown in
Figures 8d, 8e, 8f versus Figures 8a, 8b, 8c. The nodes in MIT are less
dense compared to RWP (97 nodes versus 150 nodes in 4500
×
4500
m area, as shown in Table 1). The nodes density in OMNs aects
the number of carried packets, i.e., compromised nodes located in
sparse areas route less packets compared to dense areas, as observed
from
𝑀𝑁𝑜𝑟𝑚𝑎𝑙
and
𝑀𝐴𝑡𝑡𝑎𝑐𝑘
values that were used to calculate the
𝐺𝑃
’s of Figures 2, 3, 4, 5, 6, and 7. In the next paragraphs, we discuss
the vulnerability of the routing protocols and analyze the impact
of exposed-mode of wormhole attack on them.
In Epidemic protocol, the nodes forward the carried packets
to all neighboring nodes. The replication of packets stops when
a threshold of time or replication criterion is met, and acknowl-
edgment is received at the sender node. The destination deletes all
other received copies of the same packet after the rst copy [
30
,
31
].
Due to this broadcasting-based forwarding nature of Epidemic, the
wormhole nodes have higher chances to get extra packets. Moreover,
in sparse networks, which are not well-connected, the wormhole
nodes get benet of forming the wormhole channel to route more
packets; however, in dense networks, there is no much benet of
forming the wormhole channel for the wormhole nodes. Further-
more, the ratios of malicious nodes in our experiments using MIT
trace are higher compared to their corresponding ratios using RWP
trace (presented in Section 4.1), hence,
𝜌
values for Epidemic in
Figures 8a, 8b, and 8c are higher compared to Figures 8d, 8e, and 8f.
In FC protocol, the sender nodes forward the carried packets to
the rst node that encounters them [
16
]. As the two attacker nodes
stay in contact with each other for a long time, i.e., repetitively
contact each other for long durations, they will exchange all their
buered packets and delete them afterwards. Thus, reducing the
chances for legitimate nodes, which might be later in contact with
the attacker nodes, to receive the buered packets from the attacker
nodes. Hence, FC protocol is vulnerable to the exposed-mode of
wormhole attack. Furthermore, due to FC’s forwarding policy (i.e.,
the carrier node forwards its carried packets to the rst node that it
meets), extending the attack duration,
𝐷
, lengthen the time duration
in which the two attacker nodes contact each other. Hence,
𝐷
,
as an attack parameter, has the highest inuence on FC protocol
compared to the number of pairs in 𝑆and 𝐹, as shown in Figure 8.
In Prophet protocol, the data forwarding decisions are based
on the delivery predictability (i.e., the probability for two nodes to
meet again), which is calculated based on the history of encoun-
ters, and the aging and transitivity proprieties, as we presented
in Section 2. Assuming
𝑛
and
𝑚
as attacker nodes, their
𝜙(𝑛, 𝑚)
increases according to the aging property,
𝜙(𝑛,𝑚)=𝜙(𝑛,𝑚)𝑜𝑙𝑑 ×𝛾k
,
as
𝑘
(the number of time periods elapsed between
𝑛
and
𝑚
en-
counters) decreases when they contact each other via the WH
channel. Moreover, the attacker nodes exploit the transitivity prop-
erty against the legitimate nodes in OMNs. Assuming
𝑝
and
𝑚
as attacker nodes, and
𝑛
as a legitimate node, the attacker nodes
exploit the transitivity property to increase
𝜙(𝑛, 𝑚)
. Specically,
𝑝
and
𝑚
increase their
𝜙(𝑝, 𝑚)
(when they contact each other
via the WH channel) in the following equation that is used by
𝑛
:
𝜙(𝑛,𝑚)=𝜙(𝑛,𝑚)𝑜𝑙𝑑 + (
1
−𝜙(𝑛,𝑚)𝑜𝑙 𝑑 ) ×𝜙(𝑛,𝑝 )×𝜙(𝑝,𝑚)×𝛽
. Hence,
𝑝
and
𝑚
successfully impel
𝑛
to forward its packets towards
𝑚
.
Based on the aforementioned discussions, the frequent (or repeti-
tive) creations of WH channel between the attacker nodes magnify
the impact of
𝐹
as an attack parameter on Prophet. That is, for
Prophet,
𝐹
has the highest inuence compared to the number of
pairs in
𝑆
and
𝐷
especially under MIT trace (with repetitive mobility
patterns) in which 𝐹gained the highest 𝜌, as shown in Figure 8.
In SnW protocol, the transmitter nodes rely on acknowledge-
ments from the destination nodes to discover the best routes in
OMNs and make future forwarding decisions [
27
], as we presented
in Section 2. Hence, after the sender node sends its packets to the
destination (in the spray phase) and waits for their acknowledge-
ments (during the wait phase), the attacker nodes use their WH
channel to route these packets to the destination and their cor-
responding acknowledgment back to the sender. Afterwards, the
sender node will use the same route (via the WH channel) to for-
ward its future packets. Thus, SnW protocol is vulnerable to the
exposed-mode of wormhole attack. Moreover, in sparse OMNs like
the experiments under MIT trace (which is not well-connected), the
low-latency wormhole tunnels outperform other legitimate paths
in terms of packets dissemination. Therefore, higher values of
𝜌
are gained for SnW under MIT trace compared to RWP trace, as
shown in Figures 8.
The aforementioned vulnerabilities of the routing protocols can
be addressed if each routed packet stores its routed locations and
forwarding times. The nodes can record the aforementioned in-
formation and exchange it during their encounter times and rely
on the regular wireless ranges of the legitimate nodes in OMNs to
detect the exposed-mode of wormhole attack and secure the routing
protocols against it. Furthermore, an already existed information
in the routing protocols can be enhanced and leveraged to address
the attack. For instance, in Epidemic and FC protocols, a unique
message identier that also involves the packet forwarding time
can be used. In Prophet protocol, the aging and transitivity equation
of
𝜙
can be modied to be signed by the involved nodes and to
Exposed-mode of Wormhole Aack in Opportunistic Mobile Networks: Impact Study and Analysis EICC 2023, June 14–15, 2023, Stavanger, Norway
Table 2: Vulnerability of routing protocols with respect to attack parameters ( : least vulnerable. : highly
vulnerable)
Routing Protocols MIT trace RWP trace
|𝑆|𝐹 𝐷 |𝑆|𝐹 𝐷
Prophet
First Contact
Spray and Wait
Epidemic
include parameters that represent routed packets’ locations and
forwarding times. In SnW protocol, the data packet from the sender
node can be augmented with its authenticated (i.e., signed) physical
location. Later, once the packet is received by the destination, it can
be tracked back based on the hop count and the signed physical
locations of the intermediate nodes to check if it has been tunneled
via any WH channel.
5 CONCLUSION AND FUTURE WORK
This paper presents extensive trace-driven simulation experiments
to study the impact of changing the number of pair-wise distinct
attacker nodes (
|𝑆|
), attack duration (
𝐷
), and attack frequency (
𝐹
)
of exposed-mode of wormhole attack in OMNs. The simulation
experiments were conducted using widely-used mobility traces and
routing protocols in OMNs. The paper concludes that the impact
of the attack varies based on the mobility patterns of the nodes in
OMNs, nodes density in OMNs (either sparse or dense networks),
and the forwarding mechanisms of routing protocols. Furthermore,
real-world mobility trace especially with
𝐹
, as an attack parameter,
is highly impacted by the attack. On the other hand, the attack is
relatively impactless under synthetic mobility trace. SnW is the
most vulnerable routing protocol using MIT trace, however, most
resilient using RWP trace. Table 2 summarizes the routing protocols
on a scale of least (1) to highly (4) vulnerable. For future work, we
plan to propose a detection mechanism for the exposed-mode of
WH attack and investigate the impact of hidden-mode of WH attack.
REFERENCES
[1]
Ala Altaweel, Radu Stoleru, Guofei Gu, and Arnab Kumar Maity. 2019. A New
Route Hijacking Attack and Countermeasures in Opportunistic Networks. IEEE
Conference on Communications and Network Security (CNS) (2019), 73–81.
[2]
Ala Altaweel, Radu Stoleru, Guofei Gu, Arnab Kumar Maity, and Suman Bhunia.
2022. On Detecting Route Hijacking Attack in Opportunistic Mobile Networks.
IEEE Transactions on Dependable and Secure Computing (2022), 1–18.
[3] Apple-14. 2023. https://support.apple.com/en-ae/HT213426.
[4]
Marianne Azer, Sherif El-Kassas, and Magdy El-Soudani. 2009. A full image of the
wormhole attacks-towards introducing complex wormhole attacks in wireless ad
hoc networks. International Journal of Computer Science and Information Security
1, 1 (May 2009), 41–52.
[5]
Paolo Baronti, Prashant Pillai, Vince W. C. Chook, Stefano Chessa, Alberto Gotta,
and Y. Fun Hu. 2007. Wireless sensor networks: A survey on the state of the art
and the 802.15.4 and ZigBee standards. Computer Communications, Elsevier 30, 7
(May 2007), 1655–1695.
[6]
Siddhartha Chatterjee, Mauparna Nandan, Ahona Ghosh, and Swarnali Banik.
2022. DTNMA: Identifying Routing Attacks in Delay-Tolerant Network. In Cyber
Intelligence and Information Retrieval. Lecture Notes in Networks and Systems.
Vol. 291. Springer, 3–15.
[7] Distressnet-NG. 2023. https://www.nist.gov/.
[8]
Nathan Eagle and (Sandy) Alex Pentland. 2006. Reality Mining: Sensing Complex
Social Systems. Personal Ubiquitous Computing, Springer 10, 4 (March 2006),
255–268.
[9]
Kevin Fall. 2003. A Delay-TolerantNetwork Architecture for Challenged Internets.
SIGCOMM ’03, Association for Computing Machinery, 27–34.
[10] Firechat. 2023. Google play store. https://play.google.com/store.
[11]
Brandon Foubert and Nathalie Mitton. 2020. Long-range wireless radio technolo-
gies: A survey. Future internet, MDPI 12, 1 (Feb. 2020).
[12]
Yanzhao Hou, Yibing Duan, Junchen Han, Yu Chen, and Xiaofeng Tao. 2016.
4G LTE-Assisted Distributed Device-to-Device Communication Using Android
Smartphones: Demo. In Proceedings of the 17th ACM International Symposium on
Mobile Ad Hoc Networking and Computing (Paderborn, Germany) (MobiHoc ’16).
Association for Computing Machinery, 359–360.
[13]
Yih-Chun Hu, Adrian Perrig, and David B. Johnson. 2003. Packet leashes: a
defense against wormhole attacks in wireless networks. In IEEE INFOCOM, Vol. 3.
IEEE Computer and Communications Societies, 1976–1986.
[14] Yih-Chun Hu, Adrian Perrig, and David B. Johnson. 2006. Wormhole attacks in
wireless networks. IEEE Journal on selected areas in communications 24, 2 (Feb.
2006), 370–380.
[15]
Iridium. 2023. https://www.iridium.com/blog/how-to-turn-your-cell-phone-into-
a-satellite-phone/.
[16]
Sushant Jain, Kevin Fall, and Rabin Patra. 2004. Routing in a delay tolerant
network. Conference on Applications, technologies, architectures, and proto-
cols for computer communications (SIGCOMM ’04), Association for Computing
Machinery, 145–158.
[17]
David B. Johnson and David A. Maltz. 1996. Dynamic source routing in ad hoc
wireless networks (The Kluwer International Series in Engineering and Computer
Science book series, Vol. 353). Springer, 153–181.
[18]
Ari Keränen, Jörg Ott, and Kärkkäinen. 2009. The ONE Simulator for Delay
Tolerant networks Protocol Evaluation. International Conference on Simulation
Tools and Techniques, Association for Computing Machinery, (March 2009), 1–10.
[19]
Xuan Liang, Junxiang Qin, Meimei Wang, Donghao Wang, and Jiangwen Wan.
2014. An Eective and Secure Epidemic Routing for Disruption-Tolerant Net-
works. In Sixth International Conference on Intelligent Human-Machine Systems
and Cybernetics, Vol. 2. IEEE, 329–333.
[20]
Anders Lindgren, Avri Doria, and Olov Schelén. 2003. Probabilistic routing in
intermittently connected networks, Vol. 7. Association for Computing Machinery,
19–20.
[21]
Luciana Pelusi, Andrea Passarella, and Marco Conti. 2006. Opportunistic net-
working: data forwarding in disconnected mobile ad hoc networks. IEEE Com-
munications Magazine 44, 11 (Nov. 2006), 134–141.
[22]
Thi N. D. Pham and Chai K. Yeo. 2014. Statistical wormhole detection and
localization in delay tolerant networks. IEEE 11th Consumer Communications
and Networking Conference, 380–385.
[23]
In Qualcomm Technologies. 2014. LTE Direct Always-on Device-to-Device
Proximal Discovery. (Aug. 2014).
[24]
Yanzhi Ren, Mooi C. Chuah, Jie Yang, and Yingying Chen. 2010. Detecting
wormhole attacks in delay-tolerant networks [Security and Privacy in Emerging
Wireless Networks. IEEE Wireless communications 14, 5 (Oct. 2010), 36–42.
[25]
Samsung. 2023. https://www.samsung.com/nz/support/mobile-devices/samsung-
sos-smart-phone-emergency-message-guide/.
[26]
Thrasyvoulos Spyropoulos, Psounis Konstantinos, and Cauligi S. Raghavendra.
2004. Single-copy routing in intermittently connected mobile networks. First
Annual IEEE Communications Society Conference on Sensor and Ad Hoc Com-
munications and Networks„ 235–244.
[27]
Thrasyvoulos Spyropoulos, Psounis Konstantinos, and Cauligi S. Raghavendra.
2005. Spray and wait: an ecient routing scheme for intermittently connected
mobile networks. Association for Computing Machinery, SIGCOMM workshop
on Delay-tolerant networking, 252–259.
[28]
Sacha Trifunovic, Sylvia T. Kouyoumdjieva, Gunnar Karlsson Bernhard Distl, Lju-
bica Pajevic, and Bernhard Plattner. 2017. A Decade of Research in Opportunistic
Networks: Challenges, Relevance, and Future Directions. IEEE Communications
Magazine 55, 1 (Feb. 2017), 168–173.
[29]
Tzu-Chieh Tsai, Ting-Shen Liu, and Chien-Chun Han. 2017. WaterChat: A Group
Chat Application Based on Opportunistic Mobile Social Networks. Journal of
Communications 12, 7 (July 2017), 405–411.
[30]
Amin Vahdat and David Becker. 2000. Epidemic routing for partially connected
ad hoc networks. Technical Report CS-200006, Duke University (March 2000).
[31]
Xiaolan Zhang, Giovanni Neglia, Jim Kurose, and Don Towsley. 2007. Perfor-
mance modeling of epidemic routing. Computer Networks, Elsevier 51, 10 (May
2007), 2867–2891.
