Abstract — As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a new, general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. I.

In an ad hoc network, mobile computers (or nodes) cooperate to forward packets for each other, allowing nodes to communicate beyond their direct wireless transmission range. Many proposed routing protocols for ad hoc networks operate in an on-demand fashion, as on-demand routing protocols have been shown to often have lower overhead and faster reaction time than other types of routing based on periodic (proactive) mechanisms. Significant attention recently has been devoted to developing secure routing protocols for ad hoc networks, including a number of secure ondemand routing protocols, that defend against a variety of possible attacks on network routing. In this paper, we present the rushing attack, a new attack that results in denial-of-service when used against all previous on-demand ad hoc network routing protocols. For example, DSR, AODV, and secure protocols based on them, such as Ariadne, ARAN, and SAODV, are unable to discover routes longer than two hops when subject to this attack. This attack is also particularly damaging because it can be performed by a relatively weak attacker. We analyze why previous protocols fail under this attack. We then develop Rushing Attack Prevention (RAP),a generic defense against the rushing attack for on-demand protocols. RAP incurs no cost unless the underlying protocol fails to find a working route, and it provides provable security properties even against the strongest rushing attackers.

So far, the problem of positioning in wireless networks has been mainly studied in a non-adversarial setting. In this work, we analyze the resistance of positioning techniques to position and distance spoofing attacks. We propose a mechanism for secure positioning of wireless devices, that we call Verifiable Multilateration. We then show how this mechanism can be used to secure positioning in sensor networks. We analyze our system through simulations.

Abstract — As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. We also discuss topology-based wormhole detection, and show that it is impossible for these approaches to detect some wormhole topologies. Index Terms — Ad hoc networks, computer network security, computer networks, tunneling, wireless LAN, wormhole, packet

I.A. Emerging personal, social, and urban sensing applications Application context inevitably drives the architecture design choices and the definition of services needed in a network. Over the past decade, the emergence of unanticipated applications of the Internet, such as peer-to-peer file sharing, networked gaming, podcasting, and voice telephony, has contributed to a pressing need to rethink the core Internet infrastructure and its accompanying architectural choices. To truly lay a foundation for tomorrow’s infrastructure, however, requires going beyond simply reacting to applications that have already emerged, to proactively considering the architectural implications of new classes of applications. A key area in this regard involves embedded sensing technology, presently poised to moved beyond scientific, engineering, and industrial domains into broader and more diverse citizen-initiated sensing in personal, social and urban ones. Today, applications are emerging which draw on sensed information about people, objects, and physical spaces. These applications enable new kinds of social exchange: By collecting, processing, sharing, and visualizing this information, they can offer us new and unexpected views of our communities. To achieve their potential, these applications require fundamentally new algorithms and software mechanisms, because physical inputs now become critical. The research

Abstract—The secure operation of ad hoc networks faces the novel challenge of location verification on top of the security challenges that wireline networks face. The novelty lies in the fact that a node can correctly validate who it is, but lie about its location and exploit this to create problems to the network. There are three main factors that make ad hoc networks more vulnerable: (a) nodes can overhear other nodes announcements, (b) nodes can lie about their location, and (c) nodes can avoid detection and isolation by moving. As a result, malicious nodes can fake their position and this way obstruct the routing. In this work, we explain how location and topology related malice can affect the security of wireless ad hoc networks. First, we present the most important attacks that can stem from misuse of location information. Second, we provide an overview of security routing approaches. Although several of the current techniques are promising, we conclude that there does not exist a bulletproof approach as of yet.

Abstract: Humans are social creatures that often take pleasure in sharing ideas and opinions with others. While the Internet has made this process much easier (Wikipedia, Flickr, Facebook), it has also made the assembly of such shared information into central profiles with the help of a simple online search dangerously trivial. Access control could of course be used to prevent this, yet this would also limit the sharing of such information to a much smaller set of well-known users, as well as introducing a significant administrative overhead. This paper presents FragDB, a storage concept based on localized access control, where data storage and retrieval are bound to a specific place, rather than the knowledge of a particular password or certificate. Data shared using FragDB is much harder to assemble into a profile, as a person’s activities across space and time are not centrally assembled, but require actual physical presence for querying. FragDB uses the IDs of tiny RFID tags embedded in floors, walls, or doors, to compute a local key that is used to encrypt and decrypt data in a global storage system. It is particularly suited to disseminate information pertaining to a particular location or a local group. We describe the requirements and implementation of such a system, and analyze its complexity.