Wormhole Attack Detection Methods in

Mobile Ad Hoc Networks

April /2021
 Abstract

Cyber-attacks are increased everyday due to the intense increase of attackers in the internet. One
of the serious attacks in the network is a wormhole attack. In this dissertation, we investigate the
wormhole attacks on mobile ad hoc networks and propose new detection methodologies for the
wormhole attacks. The new detection algorithms are focused on wormhole attacks using
outbound channels, precisely the tunneling, which is very common in the present cyber-attacks.
The proposed protocols will be simulated and analyzed for further investigations.
List of Tables
List of Figures
List of Abbreviations
 Chapter 1: Introduction

Chapter 2: Introduction

MANET is a collection of independent mobile nodes that can communicate to each other. There
has been a rapid growth of research interest in mobile ad hoc networking since 1990s. The
dynamic and wireless feature of mobile ad hoc networking demands a new set of improved and
advanced networking strategies to be formulated in order to achieve efficient and reliable end-to-
end communication. This, along with the diverse application of these networks in many different
areas such as disaster recovery and in security, have seen MANET’s being research by various
institutes and organizations.

In the internet, the cyber-attacks have upsurged with increase in malicious nodes in networking
systems. MANET is very common in the network space of the internet and cyber criminals are
attracted to attack them. Security has become one of the fundamental challenges in MANET due
to use of wireless medium and inherent collaborative nature of the network protocols thus
MANET has become vulnerable to various forms of attacks. The attacker can easily inject
counterfeit packets or impersonate another node in most wireless networks such as MANET. The
attacker can also capture packets and alter its content after eavesdropping on the communication
channel. Wormhole is one of hazardous and perilous trick where network attacks are launched
through packet route rather than exploiting nodes in the network.

A lot of research has been done and may protocols have been proposed in order to address
challenges which relates to the location of the node within the network system in order to detect
and tackle wormhole attack. The Ad hoc On-demand Distance Vector (AODV) protocol is well
known routing protocol in the area of wireless ad hoc networks. In the dissertation, we investigate
the modified version of AODV protocol to detect the outbound channel-based wormholes attacks.
Apart from this, we are also interested to simulate the new proposals and analyze the behavior of
the protocols at various conditions.
 2.1: Statement of the Problem

2.2: Objectives

The main objective and detailed specific objectives of our research thesis are addressed in this
section.

2.2.1: Main Objective

The main objective of our thesis is to investigate the modified version of AODV protocol to
detect the outbound channel-based wormholes attacks.

2.2.2: Specific Objective

The specific objective of our thesis work is stated below:

i) Analysis wormhole attack and its impact in MANET

ii) Addressing wormhole attack through modified version of AODV protocol.

iii) Use NS2 and NAM software to simulate the wormhole attack.

iv) Study and analyze the evaluation metrics such as packet delivery fraction

v) Review various techniques of wormhole attack detection in MANET

2.3: Scope and Limitations

This thesis paper proposed modified version of AODV protocol which can detect and prevent
wormhole attacks in MANET. This implementation will be executed with some limitations and
assumption as follows:

Scope

i) This is model deals only with wormhole attack in MANET

ii) Simulation results is going to be analyzed

Limitations

This model uses NS2 and NAM software as network simulator.

 2.4: Importance of the Research

The importance of the selected topic comes from the ever-growing need to protect MANET
against wormhole attack. This thesis paper aims to detect and prevent wormhole through
modification version of AODV with consideration of all design aspects such as cost, simplicity
and centralization among others. Therefore, this thesis helps in enhancing detection of wormhole
attack in MANET.

2.5: Thesis Organization

The rest of this thesis paper is organized as follows; In chapter two, the preliminary overview of
MANET is discussed. The related work is overviewed in chapter three, and our proposed solution
is presented in chapter four. In chapter five present results and evaluation.
 Chapter 3: BACKGROUND

3.1.1: MANET’s History and TCP/IP Implementation its layers

MANET’s are implemented based on TCP/IP structure in order to provide end-to-end

communication between the nodes. TCP/IP refers to an entire suite of data communication
protocols that derived its name from the two of protocol which belongs to it, namely, the Internet
protocol (IP) and the Transmission control protocol (TCP). Back in 1969, the Advance Research
Project Agency (ARPA) organized and funded a development and research project whose aim
was to establish techniques for providing a reliable, robust and vendor-independent data
communication systems. Techniques employ by traditional TCP/IP model was developed from
ARPAnet, which was an experimental packet-switching network. In 1975, the ARPAnet, the
experimental packet-switching network was converted from an experimental network to an
operational network following its benefits in many organizations, which it was attached to.
Therefore, the basic of traditional TCP /IP protocols was developed after ARPAnet became
operational.

In 1983, The TCP/IP protocols were adopted as Military Standards (MIL STD) and all nodes
connected to a network were required to be TCP/IP compliant since TCP/IP was adopted as a
standard. At the same time, the old ARPAnet was a new, smaller ARPAnet and MILNET, the
unclassified part of the Defense Data Network (DDN). Therefore, the term “internet” was
adopted to whole network, which comprises MILNET plus ARPAnet. The National Science
Foundation (NSF) developed NSFNet and link it up with the then-existing Internet. The original
NSFnet connected all the five NSF supercomputer centers. The creation of NSFNet formed as
significant even in the history of the Internet since it birthed out a new vision of the Internet
usage with the aim of the NSF was to distribute all engineers and scientists in the United States.
In order to distribute network effectively, NSF established a new, faster backbone and a three-
tiered network topology, which comprises of local networks, regional networks and backbones.

Today the internet has grown far beyond its original scope encompasses hundreds of thousands of
networks worldwide. Internet is no longer dependent on government support or backbone (core)
network, but it is built by commercial providers. In other words, the original network agencies
which established the internet no longer play vital role for the current networks. For instance,
infrastructures are provided by either tiers-one providers (national network providers) or regional
network providers. Similarly, user services and local access is usually provided by Internet
Service Providers. Therefore, the internet has greatly evolved from a simple backbone network to
a huge network of interconnected, distributed networks hubs through three-tiered hierarchical
structure. The size of the network has grown exponentially since 1983, TCP/IP protocol suite has
remained as incredible constant upon which current internet is built since it is key requirement for
any internet connection. TCP/IP protocol is widely used in building both Local Area Network
(LAN) and enterprise networks. Intranets is a TCP/IP-based enterprise networks which uses web
tools and internet techniques to disseminate internal corporate information. There are a number of
benefits associating to intranet as tool to disseminate internal corporate information. First,
intranet make it easier to access information since any employee is entitle to access information
whenever and anyplace. Another benefit of intranet is that it improves collaboration and feedback
among every stakeholder of an organization. Intranet also helps in building a transparent culture
by creating a platform where every stakeholder feels comfortable in sharing their thoughts and
opinions. The four benefit of intranet is that there is low cost of conveying data since there is no
cost engaged with upkeeping and printing. Finally, the use of intranet makes it easier to share
information with entire organization since everyone has access to the post being shared, the
conversation happening, the team involved, and everything trends in an organization.

TPC/IP protocol architecture may be viewed as being composed of few layers than the seven used
in the Open Systems Interconnection (OSI) model. OSI is made of seven layers, namely
Application Layer, Presentation Layer, Session Layer, Transport Layer, Network Layer, Datalink
Layer and Physical Layer. However, there is no universal agreement on how to describe TCP/IP
with a layer model. The four-level TCP/IP model is the most commonly used by the network
engineers and designers. The four-level TCP/IP model is made of four layers namely, Application
Layer, Transport Layers, Internet Layer and Network Access Layer. As in the OSI model, data is
passed up the stack when it is being received from the network, and down the stack when is it
being sent to the network. The four-level TCP/IP model is seen in way data is processed as passes
down the stack from the upper application layer to the underlying physical layer. All layers in
stack add control information to ensure proper delivery. This control information added is called
a header since it is placed in front of the data which is to be transmitted. All layers treat all the
information they receive from the layers above as data, and place they own header in front of
data. The addition of delivery information at every layer is called encapsulation. When the data is
to received, each layer strips off its header as it processes data passing it to layer above. The
process of stripping off layer’s header before the data is passed to upper layer is called
decapsulation. Each layer has its own independent data structure, and is oblivious of the data
structures used by he layers below and above it. Each layer has also its own terminology used to
describe its structure. For instance, Application using User Datagram Protocol (UDP) refer to
data as message, while applications using Transmission Control Protocol (TCP) calls data stream.
UDP refer to its data as packet, while TCP calls its data a segment. On the other hand, internet
layer refers to all its data as a block called datagrams. Most networks under TCP/IP model refer
to the transmitted data as frames or packets.

The Network access layer forms the lower layer of the TCP/IP structure hierarchy. It provides the
means to delivery and has to understand how the network transmit data from one IP address since
it contains protocols which provide a platform upon which data can be transmitted to the directly
attached nodes to the network. There are three distinct functions performed by the protocols
which reside in this layer. First, protocols at this layer perform duty of exchanging data between
the node and physical network. Protocols contain in Network access layer are also tasked with
responsibility of defining how to use the network to transmit a frame, which is the data unit
passed across the physical connections. Lastly, these protocols perform function of delivery data
between nodes on the same network. The network access layer protocols use the physical
addresses stored in the network adaptor to deliver data in local network. At this layer, systems are
interfaced to a variety of networks, and it defines how to use the network in delivering an IP
datagram. The Network access layer basically provides the functionality of the first three layers
of the OSI model, namely, Physical Layer, Data Link Layer, and Network Layer. TCP/IP
provides also a scheme of IP addressing which uniquely defines nodes connected to the network.
Network access layer basically provides the functions that encapsulate the datagrams and maps
the IP addresses to the physical addresses (MAC addresses) used by the network. Functions
performed at this network access layer include mapping of IP addresses to the MAC addresses
used by the network, and encapsulation of IP datagrams into the frames transmitted by the
network.

When two nodes on a network communicate with each other, they don’t use Internet Protocol to
do so, but they rather use protocols which are specific to the wire itself. For instance, nodes on an
Ethernet segment basically use a predefined series of electrical impulses to communicate with
each other. Whenever a node wants to send data to another node in the same network, it raises
and lowers the voltage of shared transmission media in order to generate a serios of “on” and
“off” voltage pattern. These variation in voltage are interpreted as bits by the other node on the
network. Voltage variation are dictated by protocols that are specific to various physical
networks. For instance, modems use protocols which are specific to different modem
technologies. When a node has a data which it needs to send to another node on the same wire,
the sending node has to understand the characteristics of the wire so as to prepare the information
which is usable for that particular transmission media. One of the key issues which must be
address by the Internet Protocol is the mechanisms used for the network specific addressing
which provide a way for nodes to locate each other based on addressing methods defined by the
low-level protocol. For example, a physical address is used in locating the origin of the traffic on
shared network. Ethernet network uses a 48-bit Medi Access Control (MAC) address for this
purpose, while Frame Relay network use Data-Link Connection Identifier (DLCI addresses. In
other words, the IP stack running on local node must understand the addressing mechanisms used
by the hardware, and implement it accordingly for successful data delivery.

Nodes on the same physical medium will use low-level protocols specific to that physical
medium to locate the MAC address of each other prior to data exchange amongst them. However,
each networking topology has its own addressing mechanisms which are different from the rest.
Therefore, Internet Protocol has to locate hardware addresses of every node. Since there are so
many different types of networking topologies, it is impossible for IP Protocol to be permeated
with compressive knowledge on how to build the address mappings for every node explicitly.
Instead, the address resolution protocol (ARP) is deployed as a helper to IP protocol, and is called
upon to perform the specific task of building every address mapping whenever address exchanged
is required. ARP perform its functions by issuing a broadcast on the specific medium, requesting
a node which hold a specific IP address to respond with its physical address. Once the destination
node has responded, the sending node will establish communication with the receiving node and
start to send data to the discovered physical address. The ARP requests and responses work the
physical layer of OSI and Network Access Layer of the TCP/IP protocol are embedded directly
into the frames provided by the low-level protocols in use.

Internet layer is the layer above Network Access Layer in the protocol hierarchy of the TCP/IP
structure. The Inter Protocol (IP) is the key protocol in the internet layer. IP s the heart of TCP/IP
since it provides the basic packet delivery on every TCP/IP network. In other words, all protocols
in the layers below and above IP, use the Internet Protocol to data delivery. There are five main
functions of the internet protocol (IP) as the key component of internet layer. First, IP is tasked
with the responsibility of transmitting data packets to the link layer. Another function of IP is that
it performs function of routing every data packets independently from the source to the
destination, using the optimal route. The third main function of IP is that it is task to perform
routing datagrams to remote hots. IP is tasks also with the responsibility of defining the internet
addressing scheme. Lastly, IP also performs task of fragmenting and reassembling the out-of-
order packets when they reach the destination. On the other hand, IP has also some unique
characteristics. The main feature of IP is that it is a connectionless protocol, which means that
internet protocol does not have to exchange control information in order to establish an end-to-
end connection before transmitting data. Conversely, a connection-oriented protocol basically
exchanges control information with remote network in order to validate its readiness before
transmitting any data. This change control information may sometimes be referred as handshake.
Therefore, when handshake is successful then systems are said to have established a connection.
However, IP relies on protocols in other layers to established a connection incase connection-
oriented service is required. Internet protocol also relies on some protocols in other layers in
order to provide error recovery and error detection since it contains no error detection and
recovery code. Internet protocol may sometimes be termed to as a unreliable protocol since it can
relied upon to accurately data to the connected network, but doesn’t verify whether was correctly
received.

TCP/IP was originally developed in order to transmit data over the ARPAnet, which was majorly
a packet-switching network. A packet may be defined as a block of data which carries
information necessary to be transmitted. Therefore, when an IP-enable node wants to transmit
data to another node, the data-link services on that node convert the IP datagrams into a format
usable by the local transmission network medium, and then transmit the data to the destination
network using addressing and framing mechanisms dictated by the network. These steps occur on
every network which an IP datagram traverses on its way to the destination node. For example, if
an IP datagram was sent from a dial-up network, it may have to cross another of network, but at
each strep on the way, the data would be transmitted using the low-level protocols which are
appropriate for every network being crossed. In this regard, IP provides a datagram formatting
and addressing mechanism which is not dependent upon any of the specific characteristic of the
individual networks which constitute to the global internet. Data sent to Internet Layer will be
encapsulated and transmitted according to the rules of each of the intermediary networks, with the
IP datagram being used to provide delivery clues to the sending, receiving, and intermediary
nodes. Essentially, routing occurs at Internet Layer, which delivery occurs at the Network Access
layer.

The primary design goal of IP was to allow scaling up beyond the packet-switched networks
which made up the original internet. Without moving to virtual networking protocol like IP, the
internet would still be using packet-switching networks, and there would be Wide Local Area
(WAN) connections instead of Token Ring or Ethernet. Therefore, by leveraging the virtual
nature of IP, one will be able to use any network he wants wherever he is, and the IP data will
still be delivered across the network. The main disadvantage of this design is that the IP datagram
is a separate entity from the IP packets which are being used to transmit the transmit the datagram
from the source node to the destination node. In essence, the datagram becomes a series of
packets, each of which may be delivered separately. Another interesting aspect of IP is that it
does not guarantee that any of these packets will ever get delivered at all. A node may send data,
but the data may not be received intact, or the data may be ignored by the destination node due to
high processing loads or some other reasons. Some networking topologies provide an intelligent
retransmission mechanism in case data is lost, however many of them do not. In this regard, IP
provides absolutely no guarantee of successful datagram delivery, but leaving it up to higher-
layer protocols to perform this function if required.

Concept of datagram independence is another design goal of Internet Protocol. The IP protocol
does not dictate that all datagrams must travel the same route since it allows any datagram to
travel in any network path that the nodes on the network deem most suitable. Since each
datagram is independent, it is likely that some datagrams will take different network paths to the
same destination. As such, one datagram may end up crossing fiber-optic link, while another
datagram crosses satellite link, and the third crosses fiber-optic link gain. When this happens, the
third datagram will likely to arrive in the destination node before the second datagram. In another
situation, the satellite link may experience some sort of problem which may result in the second
datagram getting sent twice. In both of these cases, the network has caused the IP datagrams to
get out of order. IP protocol will not care when this has occurred since it is simply a virtual
representation of the network. However, if sequencing is important to an application, then it can
be implemented by using other protocols such as Transmission Control Protocol (TCP). Another
related concept is fragmentation. Assume for that the transmitting network were on a high-
capacity network like Token Ring, while the receiving network were on a low-capacity dial-up
connection, since the sending network generates datagrams based on its capacity, it may generate
large datagrams which may not be handle in one frame. When this happens, the datagrams may
be split into multiple fragments, with each of the fragment being sent across the network as
independent units. Packets are capable of arriving out of sequence due to being routed separately,
or lot in transit. Therefore, all these scenarios make IP Protocol highly unreliable and
unpredictable network protocol.
From time to time, datagrams will fail to get delivered due to errors a general network outage,
datagram structure, or a delivery timeout. Since IP protocol is a highly unreliable and
unpredictable network protocol, it will not care about datagram delivery failure, however
applications care about this problem very much and will either inform the user about the problem
which has occurred, or react to a failure by taking alternative course of action. Therefore, Internet
Protocol provide error-reporting services with the help of Internet Control Message Protocol
(ICMP). When a network needs to report a problem that is preventing a delivery from occurring,
it executes it by generating an ICMP message which describe the general problem, and then
transmit back to the original sender that transmit IP packets. ICMP Messages basically are sent
when packet is lost in transit or when some other transit errors occur like delivery timeout, or
errors in the datagram structure, and a general network outage. In other words, ICMP error
messages are sent also when there is a detectable problem which is preventing specific packets
from being delivered due to a specific reason. Therefore, a sending host should probably use a
different path in transmitting packet to the destination network, or should stop sending those
kinds of packets to this specific destination network.

Internet Protocol is a unreliable network protocol by its definition, therefore even if two nodes are
able to communicate with each other, there is no guarantees that everything will work, since the
data inside the datagram may be corrupt, or packets may get lost without any ICMP errors being
generated. ICMP basically operates on top if Internet Protocol thus enabling it to traverse the
global Internet just as easily as UDP or TCP messages. Therefore, IP datagram could not be
delivered, then it may not be possible to deliverer ICMP error message back to the original sender
over IP Protocol. However, remember that most delivery errors occur due to problems on the
remote network, and that the original IP datagram at least made it as far as the network the
network that is reporting a problem. In this case, the network between host that is reporting the
problem and the original sender is likely to functioning properly. However, there are facet of
ICMP message types. For instance, there is ICMP query messages which are useful for
diagnosing and testing the network interactively. There also ICMP Echo Request and Echo Reply
message query messages, which are basically use in pinging in order to test end to end
connectivity.

Application protocols basically communicate with Internet Protocol indirectly with the help of
two transport protocols such as, Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP). In turn, these transport protocols pass data to Internet Protocol, which then
encapsulates the data into IP datagrams that get transmitted over the network. In essence, the
transport protocols deal with packet-sizing, and also shielding the network from having to
multiplex the application protocol traffic. For instance, both TCP and UDP do offer multiplexing
services to application protocols by way of application-specific port numbers. Basically, port
numbers act as virtual post office boxes messages to be delivered to within a single host, allowing
multiple applications to run on a single host. When datagrams arrive at the destination network,
they are handed off to the transport protocol specified in the datagram, which then delivers the
transport-specific message to the port number specified in the header of the message. In this
manner many different application protocols can run on the same host, using various port
numbers to identify themselves to the protocols of the transport layer.

There are two transport layer protocols which an application protocol uses and the choice is
determined by kind of the application management services and the type of the network in
question. TCP is a reliable, connection-oriented transport protocol, which provides error-
correction and flow-control services. On the other hand, UDP is an unreliable, message-centric
transport protocol provides little functionality over Internet Protocol alone. Network printer is one
of the applications which uses both TCP and UDP Protocol with many applications uses either
UDP and TCP protocol. For instance, a Network printer can use UDP protocol in sending
periodic messages such as, printer is out of paper, or messages like cover is open. Therefore,
UDP enable Network printer to notify everyone who is using a printer on various update
simultaneously, since it does not matter even if some of these updates are lost. Conversely, when
users want to print a file, they would opt to use TCP protocol because it would ensure that all the
data are received by the printer. Therefore, when users want to print, the clients’ software on their
Personal Computers (PCs) will establish a TCP session with Network printer, which sends the
data to the printer’s software, and then closes the connection once job is submitted. Network
printer will therefore accept the data, then it will employ error-correction and flow-control
services which are provided by TCP protocol in managing the data transfer. Printer users will
receive an appropriate message using existing TCP protocol when the Network printer is not
available, when the printer is paper, or when the printer has low toner. Therefore, this will ensure
that users are notified of any problem which might be preventing the print job from being
serviced.

Basically, TCP segments are usually encapsulated with IP datagrams thus will still rely on
Internet Protocol to transmit data. TCP therefore will have to keep track of connection status at all
times since Internet Protocol does not offer any guarantees regarding delivery. Essentially, TCP
keep track of connection status by the use of the acknowledgement flags and sequence numbers
which are embedded with TCP segment’s header. An acknowledgment message has to be sent for
every byte of data sent over TCP protocol. TCP will resend data when a node receiving the
segment does not acknowledge it. Therefore, this will provide error correction and recovery
functionality which are lacking in Internet Protocol. TCP protocol implement flow control by
using sequence numbers which is assigned IP segment after it has been broken down into chunks.
With the TCP, the destination network is able to notify transmitting node when it is unable to
process data quickly enough, thereby reducing the chances of data lost. TCP protocol also
provides byte-stream service for application to use whenever it wants to read or write data.
Whenever application wants to sent data, the data is sent in stream to TCP protocol, it is
segmented into manageable chunks and sent Internet Protocol. Once the datagram is received by
the destination host, the data is made available to the destination application immediately so as to
be read and processed.

TCP support a number of applications such as, Hypertext Transfer Protocol (HTTP) and Simple
Message Transport Protocol (SMTP) which require TCP’s reliable and connections services.
Without these services, mail messages transmitted over SMTP and JPEG files sent over HTTP
would not sequence smoothly, and would likely to get swilled. However, not every application
required guaranteed delivery, therefore the applications which typically do not require delivery
guarantee will use UDP for transport services. UDP protocol is just concern with transmitting
only data which it has received from application, and make no pretense towards guaranteed
delivery or flow control. There are a number of benefits which make UDP to be relevant protocol
despite of the fact that they don’t support guarantee delivery and flow control. First, UDP
provides application interface which act as a consistent environment for developers to use when
writing low-overhead network application. UDP provides also application multiplexing services
through the use of port numbers thus enabling many application protocols to operate effectively
on single host. Another benefit of UDP is that it provides a message-centric delivery model, thus
allowing chunks of data to be transported as single Internet Protocol datagrams. Conversely, TCP
protocol would require that the destination host to continually read the queue, waiting for all of
the data to arrive, and having no clear indication of when all the data for that record had arrived.
The fourth benefit of UDP is that it supports also applications which require fast turnaround or
that already have their own internal error-correction routines and can make good uses of UDP
protocol since it has low overhead. Therefore, many files transfer protocols and some database
software packages can be configured to UDP protocol since it has a light, fast, and message-
centric protocol which is much faster than TCP protocol.
Whenever application protocol wants to communicate with each other, they must do so using a
predefine set of rules which define how and the type of data to be exchanged. For these reasons,
the application protocols have to agree on the type of data to be used, also how to present that for
consistent interpretation. However, TCP/IP does not have a properly defined presentation layer,
but instead it has some informal mechanisms which act as presentation layers, with each of them
offering a specific kinds of presentation services to various applications. For instance, most of the
application protocols used on the Internet today are enjoying the deployment of Network Virtual
terminal (NVT) which provides specification for presentation services. Network Virtual terminal
are a subset of the Telnet specification, which offers a basic terminal-to-terminal session used by
applications in exchanging textual data. The NTV specification outlines a simple definition of
character to use and end-of-line markers. However, NVT does not offer much in terms of
handling complex data types such as, long integers, extended character and record markers. Some
of the popular presentation services includes IBM’s NetBIOS, Sun’s External data Representation
(XDR) service, and Distributed computing Environment’s Remote Procedure Call (DCE RPC).
IBM’s NetBIOS is one of the popular Microsoft-based applications which include as set f APIs
that offer functionality suitable for PC-based network applications. DCE RPC is also another
presentation service which provide useful mechanism for passing network-specific between
highly dissimilar end-devices, while XDR is presentation service which provides useful APIs for
passing complex data types.

Hosts on network exchange information using datagrams which include both the units of data that
contain all the information to be exchanged and the header fields which has detailed description
of information to be shared. Therefore, whenever a node wants to transmit data to another node
over the network, it will do so by creating a datagram, although the datagram is not what gets
transmitted by Internet Protocol. Instead, datagrams get transmitted as packets, which is used to
relay the datagram to the destination network, one router at a time. In other words, IP datagram
contain information which is being sent while packets are used to transmit the datagram to the
destination network. The packets are sent through the framing mechanisms which is unique to the
specific network medium in use on the local network, and are determine by the network events
like loss or fragmentation. However, the datagrams will remain as the original pieces of data
which was transmitted by the original sender, regardless of anything that happens to any of the
packets which are being used to transmit the datagrams.

The Internet Protocol header contain the IP addresses of both the source and destinations
networks. If the destination network is on the same physical network as the sending network, then
the send will make an attempt to transmit data directly to destination host. In other words, when
both the sender and the recipient is on the same network, both of them know each other so the
data transmitted directly to the recipient using the level-level protocols which are suitable for the
particular network in question. However, if sender and recipient are on different networks, then
the sender must find another node on the local network which is able to transmit the datagram to
its destination network. This intermediate system would then have to transmit the datagram in the
destination node was directly accessible, or it would have to transmit the datagram on to yet
another intermediary network for subsequent delivery. Eventually, the datagram would get to the
destination host.

Anyway, how will Internet Protocol find the remote hosts and network? Every host must have an
IP address for every network which it is connected to. When the Internet Protocol is loaded into
memory, an inventory is made of the available interfaces, and a map is built showing what
networks the system is attached to. This map has a special name, it called a routing table. A
routing table is a kind of inventory that keeps information such as network which the node is
attached to and the IP address of the network interface attached to the network. If a node has only
a single interface, then there will only be one entry mapped in the routing table, showing the local
network and the IP address attached to network interface of that particular node. However, there
will be multiple entries on the routing table when a node is connected to multiple networks, or
when it has multiple connection to the same network. Therefore, when a node wants to transmit a
datagram to another node, it looks at the routing table and find the appropriate network interface
to transmit the outbound traffic through.

There are many application protocols which can be used building routing tables and distribute
them without human intervention. The most popular of these protocols especially for private
networks is the Routing Information Protocol (RIP), which uses UDP broadcasts to distribute
routing tables at the interval of every thirty seconds. Another popular dynamic routing protocol is
Open Shortest path First (OSPF), which offers the same functionality as RIP but with less
overheads and more details. Border Gateway Protocol is another dynamic routing protocol which
is commonly used in environments where there is an external network, and neither RIP nor OSPF
will work well to support a significant number of networks. In common practice these dynamic
routing protocols are run on routers not user PCs since they tend to consume a lot of Central
Processing Unit (CPU) cycles, network bandwidth and memory. When these dynamic routing
protocols are run on the routers, then a default route will have to be defined at the hosts which
points them to the routers that serve as local network that the host is attached to. Therefore, this
model will enable hosts to keep only one entry in their routing tables, while the dedicated local
routers are task to keep track of the overall network topology.

Every network that receives a packet, final destination node, or dedicated router along the path
will always have to inspect a packet upon receiving it. Whenever a packet has become corrupt or
has experienced some other form of temporary failure, then that packet must be destroyed
immediately. If one of these transient errors occurs, the datagram will not be forwarded, but will
be destroyed immediately. However, Internet Protocol will be tasked to call upon the Internet
Control Message Protocol (ICMP) whenever a transient error occurs and the packet is not badly
affected. For instance, ICMP will be called upon when if the current node does not have a routing
table entry for the destination network, or if the packet does not match certain forwarding criteria.
ICMP will then return an error message back to the original sending sender, information it of the
failure due to transient errors. The sender will also be informed when the datagram is destroyed
by the last-hop node due to transient errors thus allowing the original sender to correct the error
which was causing the failure to occur. Transient errors are caused by miscalculation of
checksum, expiry of Time-to-Live timers, just to mention a few among other factors, while semi-
permanent failures are problems with network or packet that will always prevent delivery from
along the network path. Therefore, when semi-permanent error occurs, it is best to either notify
the application that tried to send data of the problem, or inform the sender of the problem so that
it can take whatever corrective action is required.

There are a wide number of application protocols which exist and offer standardized mechanisms
for exchange of information across vendor boundaries. Some of these application protocols
include File Transfer Protocol (FTP), HTTP, SMTP, OPP3, IMP4, Gopher, and NNTP, LDAP
and DNS, just to mention a few among others. All these applications protocols follow almost the
same basic model where a client initiate communication by sending some kind of request to a
server running on another network. The server then examines the request, acts upon it in some
form, and then possibly return some form of data back to the client. Application protocols
basically communicates with transport protocols through some predefined ports which are unique
I/O identifiers that are utilize by the transport protocols and the specific instance of the
application protocols. In other words, port offers UDP and TCP with a way to deliver data to
higher-layer applications protocols. Therefore, any time an application protocol initiates a
connection to one of the transport protocols, it will always allocate a port from the transport
protocols, which will be use for all network I/O. This means that any traffic which is destined for
a specific application protocol will be routed to relevant port in order to be handle by the
application. Every instance of every application protocol has a unique port number which is used
to identify it to the transport protocols on the local network just as every node on any network has
unique IP addresses. Consequently, every communication between the client and a server is
identified by four key elements namely, a source IP address, a source port number, a destination
address, and destination port number. Therefore, for every connection to be unique, the client
must use a different port number for each of the unique connections. However, due to the
mobility of MANET’s and the limited resources in wireless network, each layer in TCP/IP model
require modification or redefinition in order to function effectively and efficiently in MANET.

3.1.2: MANET and its Features

Wireless networking is made up of two main architectures, namely, infrastructure (single -hop)
networks and mobile ad hoc (muti-hop) networks (MANET). Infrastructure networks
encompasses wireless local area network and cellular networks. Users are typically connected
through access points or base stations and backbone networks. User can hangover between access
points or base stations and roam among various networks. However, their mobility is limited
within a given area coverage of the access points or base stations. MANETs usually eliminate the
used of a wired infrastructure, and also nodes in MANETs can form arbitrary network to
exchange data with the need of pre-existing network infrastructure. In other words, A MANET is
a decentralized wireless network without any pre-existing infrastructure, where each node can
play the role of both router as well as host. This means that MANETs can extend communication
beyond the infrastructure-based network’s limit. There are three main advantages, which are
associated with MANETs. The first advantage is that MANET has low deployment cost. Since it
can be deployed on the fly, thus requiring no expensive infrastructure such as data cables, copper
wires among others. Another advantage is that deployment process in fast in MANET than in
WLAN. MANET is very convenient and easy to deploy because it requires less manual
intervention since there is no cables which are involved. Deployment configuration is another
advantage of MANET. MANET configuration is prone to change in various scenarios, therefore,
it very easy to change network topology in MANETs as compared to Local Area Networks
(LANs).

MANAT has mainly eight faetures. The first characteristic of MANET is that it has limited
bandwidth. Since wireless links have significantly lower capacity than infrastructure networks. In
addition, the throughput of a wireless communication is usually less than a radio’s maximum
transmission rate due to several other factors such as interference, noise among others. Dynamic
topology is another feature of MANET. Dynamic topology may sometimes affect the trust
relationship among nodes. Trust among nodes also be adversely affected when some node
detected as malicious nodes. The third feature of MANET is that it also has routing overhead
since nodes are usually mobile in MANET, therefore some stale routes may be generated in the
routing table which may cause unnecessary routing overhead. Packet losses due to transmission
errors is also another feature of MANET. MANET typically experience a much higher packet
loss due to factors such as increased collision because of the presence of interference, and
unidirectional links. Present of hidden terminals, and rapid path break due to the mobile of the
node are also factors which may lead to packet losses. Another feature of MANET is that it also
hidden terminal problem. The hidden terminal problem be described as the collision of packets at
the receiving node as a result of the simultaneous transmission of those nodes which are not
within the direct transmission range of the sending node. Battery constraints is also another
feature of MANET since nodes in these networks have limitation of power source in order to
maintain, size, portability and weight of the device. Another feature of MANET is that these
networks are very unreliable due to the fact that there is no provision for a reliable
communication since all the packets are forwarded by the intermediate nodes which are basically
not reliable sources. Mobility-induced route changes is also another feature of MANET since the
network topology in these networks is highly dynamic due to the movement of nodes within these
networks. The last feature of MANET is that it has security threats since the wireless mobile
adhoc nature of MANETs basically induces new security challenges to the network design. This
is because the wireless medium is usually vulnerable to eave-dropping and adhoc functionality is
also introduced in these networks through node cooperation which intrinsically expose these
networks to security attacks.

3.1.3: MANET Applications

MANETs have several interesting applications, some include in Battlefield, rescue operation,
event coverage, classroom, and inter-group communication. For instance, in battlefield,
communication between vehicles and soldiers can be carried out by MANETs. In such cases, the
vehicle mounted devices can be equip with power sources for recharging mobile devices while
the soldier can be communicating with each other using these mobile devices. In rescue operation
such as avalanche rescue operation or firefighting, a fast deployment of nodes is required,
therefore MANETs can be used in such scenarios as a means of communication among workers.
In classroom setup, instructors and students can setup MANET where data can be shared among
them using mobile nodes such as a laptop. In event coverage such as press conference, reporters
might need MANETs to facilitate them in sharing data between various nodes such as PDAs and
Laptops.

3.1.4: MANET’s Benefits

There are several benefits which are associated with MANETs. The first MANET’s benefit is that
mobile adhoc network can be easily set up with less cost and can be used as a platform to sharing
information among participants in a classroom or conference. Therefore, MANET helps in
maintaining the unorganized network and also facilitate communication among the nodes with
help of other nodes in the network. Another MANET’s benefit is that it can be used in military
field since MANET mobile adhoc networks give room of taking advantage of infrastructure less
network in order to share information between various departments and the moving troops.
Therefore, MANET empowers the teams to easily coordinate with each other and implement
desired strategy through communication since communication is an essential part of execution
any strategy or plan without which it become very complex to reach the desired goal with
working remotely as a team. Another benefit of MANET is that it can be easily set up since it has
very less infrastructure hence can be used in emergency situations such as earthquake and floods.
MANETS can also be used in rescue operation where rapid deployment of the communication
network is required. Another MANET’s is that it supports personal area network and Bluetooth
technology which are well known in the field of communication due to their fast speed in short
range data sharing.

3.2: MANET’s Routing Protocols

Routing in MANET’s has proved to be a challenging task and has received a tremendous amount
of attention from various researchers across the globe. Therefore, the intensive research in
MANET’s has proportionately led to the development of various routing protocols for MANETs,
and each researcher proposed at least a protocol arguing that the technique proposed offers an
improvement over a number of different strategies highlighted in the literature for every network
scenario. As a result, it has been quite difficult to identity which protocols may perform best
under diverse network scenario, which involve increasing mode traffic and density.
 3.2.1: Proactive Routing Protocol

Proactive routing protocol is a kind of routing protocol which maintain both global and partial
routing information. Proactive routing protocol may also be referred as table-driven routing
protocols, as they maintain in the nodes a routing table with information about connectivity to
other nodes in the network. Proactive routing information is basically stored in various tables that
are updated periodically or when the network topology has changed. The variation between these
protocols is based on the way the routing information is updated, detected, and the type of
information which is kept at each routing table. Furthermore, each routing protocol can maintain
a different number of tables. Proactive routing protocol are the family of ad hoc network routing
protocols which are closest to wired routing protocols since most of the algorithms are inherited
from the wired network with little variation so as to fit the wireless networks. Proactive routing
protocol basically keeps the network node in ready state in order to route packets from the source
to the destination. The routing table is regularly updated through topology information which is
exchange between neighboring nodes with the intention of maintaining the route information for
every node in the network. The advantage of proactive routing protocol route discovery is that
end-to-end delay is reduced during transmission, as compared to determining routes with reactive
routing protocols. Another advantage of proactive routing protocol is that the shortest distance
between any source-to-destination pair can be found in the least time.

Proactive routing protocol may also be referred as global routing protocol, as the node have
complete information about the entire network. Proactive routing protocols are traditionally
classified into two categories, namely, lint-state-based protocols and distance-vector based
protocols. In the link-state-based routing protocol, every node in the network maintains complete
information about the network topology. This complete information about the network topology
is in terms of which node is connected to which other nodes and the condition of links amongst
them. Therefore, to maintain complete information, each node regularly broadcast the status of its
links to its surrounding nodes. In addition, every node deploys Dijkstra’s algorithm in creating its
own routing table. This means that each node can independently calculate the best path from itself
to all other nodes in the network since they all have the link state information of the network. On
the other hand, in distance-vector based protocols, every node maintains routing information that
has two major pieces of information, namely, the next node through which the packets should be
forwarded to, the distance to each node. Therefore, to maintain updated distance vector tables,
every node periodically sends its distance vector tables to all it neighboring nodes. A node on
receiving routing information from its neighboring node, it matches the entries in the received
table with its own entries. If it finds that the distance to any node is less through its neighbor, then
the distance already available in it for that specific destination node is decreased accordingly and
the route to that destination node is made through this specific neighboring node from which it
received information the updated routing information. Distance vector protocol also effectively
supports neighbor discovery, loop avoidance, and changes in the network topology.

There are several disadvantages which are associated with the table-driven proactive routing
protocol. First, this routing protocol usually reacts slowly to the dynamic network topology.
Therefore, this reacting to dynamic network topology may lead to routing failures in the case of
rapid node movements. Another disadvantage of this table-driven proactive routing protocol is
that it is not highly scalable since the routing table stored in every node becomes too large to be
to stores and maintain by the particular node. Furthermore, as all nodes broadcast information,
this leads to congestions and interference. The next disadvantage of this table-driven proactive
routing protocol is that this protocol usually utilizes resources to establish and regularly update
certain paths which no data packets has travelled and also by which there is a high possibility that
no packet will travel in the future. Lastly, as the routing table is regularly updated, the resource
utilization in terms of memory, bandwidth, processing power, and battery consumption are
usually high.

On the other hand, there are a number of table-driven proactive routing protocols. Some of them
include BAREL, Ad Hoc Wireless Distributed Service (AWDS), Better Approach to Mobile Ad
Hoc Networking (BATMAN), Destination Sequence Distance Vector (DSDV), Clusterhead
Gateway Switch Routing Protocol (CGSR), Direction Forward Routing (DFR), Distributed
Bellman-Ford Routing Protocol (DBF), Fisheye State Routing (FSR), Optimized Link State
routing Protocol (OLSR), Hierarchical State Routing Protocol (HSR), and Wireless Routing
Protocol (WRP).

There also several route updates which constitute to proactive routing protocol. The first route
update that constitute to this proactive routing protocol is global update. Basically, proactive
routing protocols using global route updates are based on the distance vector and link state
algorithms, which were originally designed for wired networks. In these protocols, every node
periodically exchanges its routing table with every other node in the network. Therefore, in order
to do this, each node transmit an update message regularly. Using these update messages, each
node then maintains its own routing table, which stores the best route or the most recent routes to
every known destination. The disadvantage of global updates is that they use significant amount
bandwidth since they do not take any measures to reduces control overheads. Consequently, data
throughput may be affected significantly, as the number of nodes in the network increases.
Another route update which constitutes to proactive routing protocol is localized updates.
Localized updates such as GSR and FSR were introduced in order to reduce the overhead in
global updates. In these strategies, route updates transmission is only limited to a localized
region. For instance, in GSR, each node exchange routing information with its immediate
neighbor only, thereby eliminating the packet flooding which is applied in global routing. FSR is
originated from GSR which is a protocol attempting to increase the scalability of GSR by
updating the nearby nodes at a higher frequency than the nodes which are located distance away.
FSR introduced the fisheye scope so as clearly define the nearby region.

Fig 2.1 Illustration of the fisheye scope in FSR

The fisheye usually covers a set of nodes which can reached within a given number of hops from
the central node as shown in the fig 2.1. Therefore, the update message with higher hop counts
are transmitted at a lower frequency which helps in reducing accuracy of the routes in remote
location thereby significantly reduces the amount of routing overhead disseminated in then
network. The mechanism behind FSR protocols is that as the data packets gets closer to the
destination, the accuracy of the routes may increase. In other words, if the packets know
approximately in what direction to travel, then as they get close to the destination, they will travel
over a better accurate route and have a better chance of landing at the exact destination. The next
route update that constitutes to proactive routing protocol is mobility-based updates. Mobility-
based updates is another strategy which can be used to reduce the number of updates in packet
transmission. This protocol is based on mechanism which propose that routing overhead can be
reduced by making the rate at which routes are transmitted to be proportional to the velocity of a
particular node. Therefore, the node which travel a higher speed disseminate more updates
packets compare to the ones that are less mobile. The advantage of this mobility-based updates is
that it producing less update packets than static interval approach such as DSDV especially in
network with low mobility. Similar to FSR, updates are sent more frequently to the nodes than
ones which are located far away.

Displacement-based updates is fourth route update that constitute to proactive routing protocol.
Displacement-based updates originated from the Wysocki and Abolhasan that attempts to
transmit route updates packets into the network when they are required, rather than transmitting
update periodically. This disseminating of route updates packets when they are required is
achieve by making the rate at which updates are transmitted to be proportional to the rate at
which a node travel from one location to another. This is to say, when a node changes location by
a threshold distance, a proportional route update is transmitted into the network. Therefore, the
required displacement can be determined by using a Global Positioning System (GPS). The key
advantage of this distanced-based update is that it is absolutely mobility based in that updates are
transmitted only when there is a chance for topology change that may alter neatwork
connectivity. Conditional or event-driven updates is update that constitute to proactive routing
protocol. This conditional or event-driven updates is very crucial when there is a need to reduce
the number of redundant updates. Therefore, in this strategy, node will only send updates if
certain different events happen at any time. Update can be triggered when a new node joins the
network or when a link becomes invalid. The key advantage of event-driven strategy is that if the
conditions or network topology are not changed, then no update packets are transmitted thereby
eliminating redundant periodic update dissemination into the network.

3.2.2: Reactive Routing Protocol

Reactive routing protocol is a strategy which determine and maintain routing information for
actives that need to send data to a particular destination, that is to active routers. Reactive Routing
Protocol may also be referred as on-demand routing protocol. Therefore, Route discovery
basically occurs by flooding a Route Request (RREQ) packet through all nodes which are
connected together. In other words, the reactive routing also has a duty to maintain the discovered
route. When a node with a specific route destination is reached, a Route Reply (RREP) is
generated and transmitted to back to the node using line reversal if the route request has travel via
bidirectional links or by piggy-backing the route in a route reply packet through flooding.
Sometime, a route become unavailable for the entire duration required to transmit the complete
set of data from the source to specific destination after it has been detected by the source node,
which may lead to transmission failure. Also, some of the intermediate nodes in the identified
route path may run out of energy or may move out of the transmission range. These missing od
the intermediate node may result in a failed links which can be detected either passively or
actively. In active path detection, acknowledgement is received back by from all the previous
hops while in passive detection, each node in the selected path is task to listens to its neighbor
through entering into promiscuous state. The information about route failure will then be channel
back to the source node. All intermediate nodes will also learn about the detected link failure they
will truncate the path beyond the failed node.

Intermediate nodes usually store discovered routes in their route caches which were identified
during the process of the route discovery from the source to the destination. There are a number
of opportunities in which the nodes can learn on route routes to other nodes. For instance, the
source node in the process of discovering the destination node can learn about the route paths to
all other intermediate nodes which are on the same path to the destination through the RREQ
packet. All the immediate nodes that receive RREQ packet from the source must learn the path
from themselves to the source node as well as paths from themselves to all other intermediate
nodes which are on the path to the source node. In the same manner, the RREQ packet will make
all the intermediate nodes aware of the route path to the destination as well as to all the
intermediate nodes which are on the path to destination node. Nodes will also learn paths in the
process of forwarding error messages to related to link failures. Lastly, nodes may also learn new
routes as they operate in promiscuous mode where they listen to their neighbors in order to test if
there is a link failure. The routes learned in the discovery process is kept in the cashes of the
nodes, which they will use in helping other nodes after their route discovery.

There several advantages which are associated with the reactive routing protocol. First, the route
learned in discovery process are stored in the route cache of the nodes thereby reducing resource
utilization during route discovery since caching of this information will hasten route discovery
process. Another advantage of reactive routing protocol is that reactive routing strategy is
bandwidth savvy since it only initiates route discovery which is on demand, searches by an
incremental method, and stops immediately on the discovery of the destination node. The third
advantage of reactive routing protocol is that there will be other routes on the network which will
never be discovered since this strategy will only discover those routes those routes where a packet
can possible be routed efficiently. Another advantage of reactive routing protocol is that multiple
routes can be possibly be traced from the source to the destination node during the process route
discovery. This is due to fresh route discovery as well as replies messages from intermediate
nodes aware of the destination via locally cached route information. Lasty, during the route
discovery process from source to the destination, the source node also again information about
the routes to the immediate nodes. The intermediate node which are involve in the process of
node discovery also learn about the routes to the destination, source and other intermediary node
which are involve in the route discovery.

On the other hand, there are also several disadvantages which are associated with reactive routing
protocol. First, there is always flooding is which is a mechanism employed to in order to speed up
the route discovery process when a path to destination has to be determined. This flooding
usually results in collision and congestion and also enhances the resource utilization in a burst
mode, leading to sudden network degradation. Another disadvantage of reactive routing protocol
is that it usually takes a relatively long time to determine a route from the source to the
destination. The third disadvantage of reactive routing protocol is that the node cache
information, which generally do not get updated automatically. Therefore, if a node replies to a
route request from its cache, it may lead to incorrect information since there is always a lot of
changes in the network topology as well as high mobility of the nodes. Another disadvantage of
reactive routing protocol is that the size of packet’s header increases with increase in the number
of the intermediary nodes between the source and destination since it the header which carries
route information. Lastly, there may be increase in collision and delay in route discovery since an
node may receive a request from more than one of its neighboring nodes at the same time, as all
the nodes might be participating in the flooding of requests for route discovery.

Reactive routing protocol can be broadly classified into two, namely, hop-by -hop routing and
source routing. In source routing on-demand protocol, each data packet carries the complete
information on source to destination address. Therefore, packets are forwarded based on
information which is stored in the header of every packet. This means that the intermediate nodes
do not have to maintain up-date information for every active route so as to forward the packet to
the destination node. Furthermore, node do not need to maintain neighbor connectivity via
periodic beaconing messages. Some of the routing protocols which are falling this category
include SSA and DSR. The key disadvantage of the source routing protocol is that it does not
perform well in large network set up. The source routing protocol does not perform very well in
large network because as the number pf intermediate node in each route grows, so does the
chances of route failure. The source routing protocol also does not perform well in a large
network because as the number of intermediate nodes in each route grows, so does the amount of
overhead which is carried in each header if every data packet. On the other hand, hop-by-hop
routing protocol is where by each data packet only carries the next-hop address and the
destination address. This means that each intermediate node in the path to the destination node
uses it routing table in forwarding each packet to the destination node. The main advantage of
hop-by-hop routing protocol is that routes are adaptive to the dynamic topology of the MANETs
since each node can update its routing table when it receives new topology information and hence
forwards the data packets over the latest and better routes. Using latest routes also means that
fewer route recalculations are needed during data transmission. The major drawback of hop-by-
hop routing protocol is that each intermediate node must store and maintain routing information
for every active route, and every node may be needed to be aware of its surrounding neighbors
through beaconing messages deployment.

Most of the on-demand routing protocols usually use a pure flooding strategy in order to discover
routes. An RREQ packet is basically flooded in throughout the entire network in a pure flooding,
which can greatly consume a significant amount of bandwidth. A number of different on-demand
routing protocols have been proposed to have a better performance in reacting routing. Some of
these reactive routing protocols includes Location Aided Routing (LAR), AODV, SSA, RDMAR,
ABR and LPAR. The features of these protocols can be identified based the strategies, which they
employ to reduce the amount of control overhead during the process of route discovery. For
instance, In RDMR and LAR, the route information stored on caches is basically used in to
control the route discovery procedure by localizing the route request in the desired region.
Another method used to minimize the number of control packets during route discovery is by
selecting stables routes. For instance, SSA and ABR usually employ selection of stable routes as
a technique to minimize the number of control packets during route discovery process. In SSA an
ABR, the destination nodes select routes based on the level of their stability. A part from
employing route stability as technique to minimize the number of control packets, ABR also
allows the deployment of shortest path route selection during route selection at the destination,
which means that only a short delay may be experienced in ABR during data transmission as
compared in SSA. LPAR also employs various different route discovery strategies, which use
both the concept of route stability and route request localization as mechanisms of reducing the
number of control packets during route discovery process. On the other hand, Cluster Based
Routing Protocol CBRP is another reactive routing protocol, which employ the technique of
hierarchical network structure as a mechanism to reduce control overhead during route discovery
phase. CBRP is a hierarchical on-demand routing protocol, which attempts to minimize control
overhead disseminated into the network by isolating networks in terms of clusters. In other
words, it will be the responsibility of cluster heads to exchange routing information rather than
intermediate node during route discovery phase. Therefore, the use of cluster heads to exchange
routing information basically will result in a significant reduction in the number of control
overhead disseminated into the network as compared to flooding algorithm. In highly mobile
networks, CBRP may introduce significant amount of processing overhead during cluster
formation and maintenance. The major drawback of CBRP protocol is that it suffers from
temporary invalid routes since the destination nodes usually travel from one cluster to another.
Therefore, this makes CBRP only to be suitable for medium sized networks, which somehow has
a slow to moderate mobility rate. CBRP protocol can also perform well where the nodes within a
cluster are likely to stay together, that is in a scenario with a group mobility.

Other examples of reactive routing protocols include Ad Hoc On-Demand Multipath Distance
Vector (AOMDV), Ad Hoc On-Demand Distance Vector (AODV), Admission-Control-Enable
On-Demand routing (ACOR), Ant-Based routing Algorithm for Mobile Ad Hoc Network (ARA),
Backup Source Routing, Cluster-Based Routing Protocol (CBRP), Caching and Multipath
Routing (CHAMP), Dynamic Manet On-Demand Routing (DYMO), Dynamic Source Routing
(DSR), Multivariate Ad Hoc On-Demand Distance Vector Routing Protocol, Flow State in
Dynamic Source Routing, SENCAST, Reliable Ad Hoc On-Demand Distance Vector routing
Protocol, and Temporally Order Routing Algorithm (TORA).
Fig 2.3a
 3.2.3: Hybrid Routing Protocol

Hybrid protocols are new generation protocols which tend to have the features of both proactive
and reactive routing protocols. Hybrid protocols are designed to improve scalability by allowing
nodes in close proximity to cooperatively work together to form some sort of backbone and also
to reduce the route discovery overhead. Therefore, improved scalability and reduced overhead
have been achieved through proactively maintaining routes to nearby nodes and determining
routes to distanced nodes using a route discovery strategy. Most hybrid protocols proposed to
today are zone based, which implies that the entire network is partitioned or regarded as group of
zones by each node. There are four hybrid routing protocols, which have been proposed for
MANET. These hybrid routing protocol include Zone Routing Protocols (ZRP), Scalable
Location Update Routing Protocol (SLURP), Zone-Based hierarchical Link State (ZHLS),
Distributed Spanning Tree Based Routing Protocol (DST).

Zone Routing Protocol (ZRP) is a kind of hybrid routing protocol where nodes have a routing
zone which defines a range through which each node uses to proactively maintain network
connectivity. In other words, routes are immediately available for nodes within the routing zone.
However, routes are determined reactively for the nodes which fall outside the routing zone and
can employ any reactive routing protocol to determine a route to the specific destination. The
main advantage of ZRP is that it has significantly reduced the effect of communication overheads
as compared to pure proactive routing protocols. Another advantage of ZRP is that it has reduced
delays which is associated with a pure reactive protocol like DSR, through hastening route
discovery process. ZRP basically has reduced delays since the route to the outside zone is
determine by using nodes on the edge of the routing zone as the boundary node proactively
maintain routes to the destination. The main drawback of ZRP is that it may behave like pure
proactive protocol when the zone radius is too large. Therefore, it important to optimize the
radius value in ZRP in order to best suit its characteristic because if the value of the radius is set
too small then ZRP will behave like a reactive protocol.

Zone-Base Hierarchical Link State (ZHLS)

In ZHLS, the network is segmented into non-overlapping zones, where each node has unique
node ID and a zone ID that are crucial when it comes to GPS calculation. ZHLS is hierarchical in
nature which means it is made up of two levels, namely, node level topology, and zone level
topology. The management has been simplified in ZHLS since there is no location manager or
cluster head used in coordination of data transmission. This means that there is no processing
overhead which is usually associated with location manager or cluster head selection as in CGSR
protocol. Therefore, the absent of cluster header or location manager implies that traffic
bottlenecks or a single point of traffic failure can be avoided in ZHLS topology. Another
advantage of ZHLS is that it has reduced communication overhead as compared to pure reactive
protocols like AODV and DSR. In ZHLS, when a route to a remote destination is required, the
source node will broadcast a zone level location request to all other zones thereby generating
significantly lower overhead as compared to the flooding approach in reactive protocols. Another
advantage of ZHLS is that its routing path is adaptive to the changing topology since only zone
ID and node ID of the destination are required for routing. The major drawback of ZHLS is that
all nodes have a preprogrammed static zone map in order to function effectively. This
preprogrammed static zone map may not be feasible in applications which encourage mobility of
node since geographical boundary of the network be highly dynamic. However, ZHLS is highly
adaptable to dynamic topologies and it also generate less overhead than pure reactive protocols,
which make it scale well in large networks.

Distributed Spanning Tree Based Routing Protocol (DST)

Here, nodes in the network are group into several trees, where each tree has two nodes, namely,
root node, and internal node. The root controls the structure of the tree and determine whether a
node can merge with another tree, while the rest of the nodes within each tree are just regular
nodes. Each node DST can fall in any of three categories, namely, router, merge or configure
depending on the type of duty it has been tasked to perform. There are two different routing
strategies which are employed in DST in order to determine a route. The first strategy is hybrid
tree-flooding (HTF) where control packets are sent to all the neighbors and adjoining bridges in
the spanning trees, and each packet is held for a period of time called the holding time. Holding
time helps in buffering and routing packets when the network connectivity has been increased and
become stable. Another strategy which is used in DST is distributed spanning tree shuttling,
which involves dissemination of the control packets from the source and rebroadcast along the
tree edges. When a control reaches down to leaf node, it is sent up the tree until a certain height is
reached, which is referred to as the shuttling level. When the shuttling level is reached, then the
control packet can be sent adjoining bridges or down the tree. The main drawback of DST is that
it depending on the root node to configure the tree, which result in a single point of failure.
Another disadvantage is that the holding time, which is used to buffer the packet may result in
extra delays into the network.
Distributed Dynamic Routing

Distributed Dynamic Routing (DDR) is also another a tree-based routing protocol. In this
strategy, trees are formed based on periodic beaconing messages which are exchanged by
neighboring nodes thereby eliminating the need to have a root node. The trees in the network
usually form a forest which are link together through gateway nodes. Each tree in the forest forms
a zone which is assigned a zone ID by the running zone naming algorithm. The network can be
viewed as several non-overlapping zones since each node can only belong to a single tree (zone).
The DDR algorithm consists of six phases, namely, preferred neighbor selection, forest
construction, intra-tree clustering, inter-tree clustering, zone naming, and zone partitioning. Each
of these phases are processed depending om the information which is received in the beacon
messages. For instance, during initialization stage, each node initiates the preferred neighbor
selection process. The preferred neighbor od a node is a node that has the greatest number of
neighbors. After preferred neighbor selection phase, a forest is constructed by connecting each
node to its preferred neighbor. Next, the intra-tree clustering algorithm is initiated to determine
the structure of the tree and to build up the intra-zone routing table. This is then followed by the
processing of the inter-tree algorithm in order the connectivity with neighboring zones. Every
zone is assigned is then assigned a name through running zone naming algorithm, then the
network is partition into several non-overlapping zones. Hybrid Ad hoc Routing Protocol
(HARP) is then used to determine routes once the zones are created. HARP employ inter-zone
and the intra-zone routing tables which are created by DDR to identify a stable route between the
source and the destination. The main advantage of DDR is that it does rely on cluster node or root
node in order to control data and control packet transmission between various zones and nodes.

Scalable Location Update Routing Protocol (SLURP)

In SLURP, the nodes are organized into several non-overlapping zones where cost of maintaining
routing information is reduced through eliminating a global route discovery. This reduction in the
cost of maintaining routing information is achieved by assigning a home region to every node in
the network. The home region for a specific region is determine by node is determine using static
mapping functions. Therefore, all node can determine the home region for each node using static
mapping function, provided they have their static mapping IDs. Every node usually maintains its
current zone with the home region through unicasting update message of its current location
towards its home region. Once the location packets lands on the home region, it is broadcasted to
all the nodes in the home region. The current location of any node can be determined through
location discovery packet which is unicasted by all node in the home region. Once the location
has been determined, the source will start transmitting data towards the destination by using most
suitable forwarding algorithm. When a data packet lands on the region in which the destination
node lies, then the packet data will be sent to the destination again using the most suitable
algorithm. The major drawback of SLURP is that it also relies on a preprogrammed static zone
map just like ZHLS.

3.2.4: Hierarchical Routing Protocol

Hierarchical Routing Protocols usually support high scalability of MANETs since as the number
of nodes increases, so does the memory requirement for storing routing tables. As the number of
node increases, both reconfiguration of routes and resource requirement for establishment will
also increase. After a given breakeven point, the network routing performance may decrease with
further increase in the number of nodes in the network due to the extensive processing and
memory requirement. Hierarchical routing protocol is suitable in scenarios where network is
divided into clusters or regions. In hierarchical routing protocols, the node within a given region
are aware of the nodes in their region and can only transmit packets to them. Therefore, for
routing of packet to other regions outside the region, the node forwards the packets to the
coordination of their cluster. The cluster coordinators are responsible for establishing
communication amongst themselves and forwarding of forwarding the packets to the coordinator
that has the destination in its region. Each cluster coordinator is only aware of existing topology
in its region. As the complexity of the network increases, the level of hierarchy may also be
raised further in order to retain flexibility and also to ease routing of packets.

Clustering can be described as the distribution of nodes into groups, which can either physical or
logical. Physical clustering is where nodes are in physical proximity, preferably within a single-
hop communication link with each other, while logical clustering is where clustering is based on
a given predefine set of relationships among the nodes. Each cluster basically select one of the
nodes within that cluster to be cluster coordinator or cluster head. All the nodes in a cluster
usually maintain information about their neighbors, the link status within the cluster, and the
topology of the cluster. The communication between two nodes in different cluster can only be
done through their coordinators. In other words, it can be said that when a packet is transmitted
from the source to the destination node, it first rises through multiple or single hop to the node
highest in the hierarchy towards the source, then moves to the destination node through multiple
or single hop in intermediate hierarchical levels.
The routing protocols used in a hierarchical routing varies depending on the level of hierarchy in
which the node reside. For instance, reactive routing may be use between the cluster heads while
proactive or flooding may be used within the cluster nodes. The hierarchical level at which a node
exist is dynamic in mature, in that a certain node be given a role of cluster coordinator and then
removed from it for a number of reasons such as regular pulling for cluster head, mobility or
energy constraints. Example of hierarchical routing protocols include Clusterhead Gateway
Switch Routing (CGSR), and Cluster-Based Routing Protocol (CBRP). The major drawback of
hierarchical routing protocol is that it is quite challenging to establish a channel between two
nodes after traversing through several intermediate nodes at different hierarchical levels. The
performance of hierarchical routing protocols decreases with increase in high number of nodes
even though it extremely efficient for huge networks. Moreover, the process of selecting a
coordinator on a cluster head also contribute to the reduction of hierarchical protocol performance
since it leads to addition of resource utilization, network complexities, point of failure and energy
depletion.

Adaptive Routing Protocols

Adaptive routing protocol basically combines the advantages of reactive and proactive routing
protocols since the routing is initiated with some proactive prospected routes and then serves the
demand from additionally activated nodes by activating reactive flooding. The benefit of this
routing protocols will depend on the number of nodes that will be activated and the reaction to
traffic demand on gradient of traffic volume. Temporally-Ordered Routing Algorithm (TORA) is
an example routing protocol. Flow-oriented Routing Protocols

In Flow-oriented routing protocol, a route on demand is determined by following the present

flows. It can be realized by consecutively unicasting when forwarding data while establishing a
new link. The major drawback of Flow-oriented routing protocol is that it takes relatively long
when exploring new routes without a priori knowledge, and may refer to entitative existing traffic
to recompense for the lack of information on routes. Multipath On-demand Routing Protocol,
QoS aware source initiated Ad Hoc routing protocol, and Preferred link-based routing protocol
are some examples of Flow-oriented routing protocols.

3.2.5: Summary of Routing Protocols in MANETs

This is sub-chapter has fully described three classes of routing protocols, namely, proactive,
reactive and hybrid routing protocols. The proactive routing protocols are derived mainly from
the traditional distance-vector or link-state algorithms. Proactive routing protocols basically
maintain network connectivity proactively and the reactive routing protocols usually determine
the routes when they are required. The hybrid routing protocols usually use both reactive and
proactive features through maintaining inter-zone information reactively, and intra-zone
information proactively.

In proactive routing protocol, flat routing structure can be easily implemented, however it is not
highly scalable, which means that it may not scale well with large networks. Proactive routing
protocol has several routing overheads, which must be reduced in order to make it more efficient.
There are a number of methods that can be employ in order to make proactive routing protocols
to be more efficient. The first method of method of improving proactive routing protocols
efficiency is through in adoption of other technologies such as GPS. For instance, DREAM
topology encourages the exchange of location information rather than the whole distance-vector
or link-state information. Another method of reducing routing overhead is through employing
conditional update rather than periodic updates. On the other hand, proactive routing protocols
which use hierarchical addressing, have reduced routing overheads by using structures, which
localizes the update message propagation. However, the major drawback of proactive routing
protocol is location management, which in turn introducing significant overheads in the network.

In reactive routing protocols, the flooding-based routing protocols like AODV and DSR also have
scalability problems. Therefore, to increase scalability in reactive routing protocols, route
maintenance and route discovery must be controlled. This can be realized through localizing the
control message propagation in order to define region where the link has been broken or the
destination node exist. For instance, in ABR, a localized broadcast query is initiated when the
link is broken. Similarly, LAR1 also localizes broadcast by propagation route request packets in
the required zone only.

Hybrid routing protocols like SLURP and ZHLS usually perform well in large networks. The
advantage of hybrid routing protocols over other hierarchical routing protocols is that they have
simplified location management system by employing GPS rather than cluster heads in packet
data transmission. As a result, a performance bottlenecks and a single point of failure are
avoidable in the network. Another advantage of hybrid routing protocols is that they are highly
adaptable to changing topology since only zone ID and node D of the destination is needed for
routing to be implemented. ZRP is another routing protocol and its main advantage is that it
proactively maintains strong network connectivity within the routing zone while determining
remote route more quickly than flooding technique. Another advantage of ZRP is that it is
compatible with other protocols in order to improve its performance. For instance, it can
incorporate LAR for inter-zone routing.

3.3: AODV Protocol

The Ad hoc On-demand Distance Vector (AODV) protocol is well known routing protocol in the
area of wireless ad hoc networks. In the dissertation, we investigate the modified version of
AODV protocol to detect the outbound channel-based wormholes attacks. Apart from this, we are
also interested to simulate the new proposals and analyze the behavior of the protocols at various
conditions.

When a source node wants to communicate with the destination node, it sends Route Request
Packet (RREQ) to all its neighboring nodes inquiring whether they have a path to the destination.
Upon receiving Route Request Packet, other nodes would search for a path to the desired
destination in their routing tables if a path exist then node reply back to the source node with the
Route Replay Packet (RREP). If the path does not exit then the source node would further flood
Route Request Packet in the MANET network again. Whenever any node finds a path to the
requested route, it sends it back with help of Route Reply Packet. Therefore, after finding a
desirable path to the destination, the source node begins data transmission straight away through
the path which has been identified. However, route paths in MANET are prone to break due to
dynamic topology of MANET networks. Therefore, whenever a node suspect route breakage, it
sends an error message to the source using Route Error Packet (RERR).

3.4: Security issues in MANET

Security is fundamental problem in MANETs is all the layers of MANETs. The security
requirement depends mainly on the operating conditions and the mission of the MANETs. Secure
vulnerabilities and threats in MANET are one of the most emerging research areas. Achieving the
foolproof security countermeasures for each layer of TCP/IP has been challenging due to unique
network features such as limited availability of resources, rapid node mobility, insecure
operational environment, and frequent topology changes. In the internet, the cyber-attacks are
increased with the increase of malicious nodes of networking systems. MANET is very common
in the network space of the internet and cyber criminals are attracted to attack them.

There are a number of vulnerabilities, which exist in MANETs. The first vulnerability is the
existence of wireless links in MANETs. The use of wireless links makes MANETs to be
susceptible to attacks such as active interference and eavesdropping. In wireless networks,
attacker does not need physical access to the network in order to attack the network, unlike in
wired network. Moreover, wireless network usually has lower bandwidths than wired network.
Therefore, an attacker can exploit wireless features like low bandwidth in order to consume all
network bandwidth with ease so as to interfere with normal communication among network
nodes. Another vulnerability in MANETs is the existence of dynamic topology in MANETs.
Typically, MANET nodes can join the network, exit, and move independently. As a result, the
MANET network topology can change rapidly. Therefore, it somehow difficult to differentiate
the normal network behavior from malicious network behavior in dynamic environment. For
instance, a node transmitting disruptive routing information can be simply using obsolete
information in good faith, or else can be a malicious node. Furthermore, mobility of nodes may
not imply that we can assume nodes especially the ones which offer critical services such as
servers to be secured in locked cabinets as in wired networks since nodes with inadequate
physical protection may often be at a risk of being compromised or captured by attackers.

On the other hand, the security management in MANETs is much tougher due to a number of
reasons. First, MANETs networks have resource constraints. Typically, wireless nodes have
limited processing power, memory and bandwidth. Therefore, due to limitations of wireless
nodes, costly security solutions may node be affordable in MANETs. Security management in
MANETs networks also much tougher due to existence of unreliable communication in wireless
networks. The unstable channel quality and shared-medium nature of wireless links may result in
re-routing instability and high packet-loss rate in MANETs. Therefore, the high packet loss rate
and re-routing instability may lead to throughput drops in multi-hop networks, which means that
the security of solutions in MANETs cannot rely on unreliable communication. Scalability is also
another factor, that may make security management in MANETs to be tougher. Scalability is a
challenge when a large network size is desirable since wireless nodes typically have limited
memory and processing power. Therefore, Strength of network security is strongly related to
performance in MANETs, which means that without satisfactory network performance, security
is meaningless. Lack of association rules is also another factor, that may make security
management in MANETs to be tougher. In MANET, since nods can join and exit the network at
any given time, if no proper authentication mechanism is used for associated nodes with
networks, attackers can easily join the network disrupt normal forwarding of packet and normal
network operation. However, establishment of authentication associated rules may be quite
challenging in MANET because it does not have central controlling point since each node can
play the role of both router as well as host. Lastly, dynamic topology and node mobility are also
factors, which make the security management in MANET to be much tougher. The network
topology in MANETs may change frequently and unpredictably over time, since the connectivity
among the nodes may vary due to nodes arrival, nodes departure and nodes mobility rate.
Therefore, this emphasizes the need for secure innovative solutions to be adaptive to dynamic
change.

There are four key elements is network security, namely, availability, data confidentiality, data
integrity, and data authentication. Security features in MANET may be considered as extra
features by some since it may impose some restriction on the availability of data. Insertion of
security may result in the depletions of storage resources and increased in energy consumptions.
Similarly, if the security of node in MANETs is compromised, or any Denial of Service (DoS)
attacks are launched, data becomes inaccessible. These make the availability of data am important
security requirement. The security protocol should consume less storage and energy, which can
be achieved by the reuse od code and making sure that there are effects of side-channel attacks
and to enhance the physical security of the nodes, however this might not be feasible solution as
the cost per node increases dramatically

Data authentication is employed in MANET networks in order to restrict or block the activities of
the unauthorized nodes. Attacker can temper with the default packets carrying information, or
inject redundant information. It is predominantly important in case of decision-making chunks of
information. Nodes that are receiving packets should ensure that the originator of packets is an
accredited source. Therefore, nodes which are communicating to share information should be
capable of recognizing and rejecting the data from the illegitimate node. Message or data
authentication can be implemented by incorporating calculation of Message Authentication Code.
However, this symmetric method may not be effective approach for multi-party communications.
Symmetric procedure employs the calculation of Message Authentication Code at the receiver
and sender ends. Therefore, authentication can be implemented in broadcasting or multi-party
communications using asymmetric authentication procedure. Data authentication in multi-party
communication requires strong trust assumptions, thus giving rise to various trust categories. For
authentication purposes, both one-way authentication and mutual method can be implemented
based on trust requirements. For instance, if a node wants to send authentic data to mutually
untrusted receivers, then symmetric Message Authentication Code is not appropriate method
since any one of the receivers already knows the Message Authentication Code key hence may
impersonate itself as the original data sender, as in the case of SPINS. Consequently, this
impersonated node can forge fake data and transmits it other receivers. On the other hand, LEAP
authentication method employs a globally shared symmetric key in order to broadcast data to the
whole group of nodes. As the group key is shared among all the nodes in MANET, procedure
must be followed so as to update this key by using rekeying in case node is compromised. LEAD
tends to be an efficient method in getting information on any compromised node.

Data integrity ensures that there is provision of data confidentiality, which stop the leaving of
data, but it is not helpful against compromising of original message by the attacker. Integrity of
data should be assured in MANETs, which solidifies that the received data has not been tampered
with or altered and that new data has not been added to packet’s original content. Quality of
channel and environmental conditions are some of the factors, which can also change the
primitive message. Therefore, data integrity in MANET can be implemented Authentication
methods such as, Message Authentication Code. In Message Authentication Code, both sender
and receiver share a secret key. Sender computes the Message Authentication Code using secret
key and data, then transmit the data together with Message Authentication Code to the receiver.
The receiver recalculates Message Authentication Code using the data and the shared secret key.
Therefore, integrity of the message will uphold if there is no irregularity in the composition of the
calculated Message Authentication Code.

Data transmission between the sender and the recipient may sometimes be routed through several
nodes. Sometimes, this data may be stored in the memory for further processing. Attacker can
access the information by eavesdropping between wireless links, or by gaining access to the
storage. However, this data may be sensitive enough to be known on the recipient and the sender.
When stored data or data on transmission is accessed by unauthorized person, then data
confidentiality has been breached. Data confidentiality means that data can only accessed, and
thus utilized by only authorized persons. Sometimes, data may be lost due to weak security
measures or negligence. This data lose may lead to identify theft, which can be described as the
use of one’s personal data for criminal purposes and without his consent. Essentially, there are
different types of identity theft such as medical, synthetic, financial and medical identity theft.
Identity theft may cause financial loss to the victim as well as damaging victim’s reputation.
Forensic Accountant may be required in order to estimate the magnitude of the damage, which
has been caused by identity theft. A forensic Accountant may be also be needed to guide the
victim on how to recover from identity, as well as in seeking criminal and civil justice. Data loss
may also lead to privacy breaching, loss of business, and many other malevolent activities.
Therefore, data confidentiality is the most important feature of any security protocol.

There are several ways of observing data confidentiality in MANETs. The first way of observing
data confidentiality in MANETs is by making sure that MANETs should not leak to any other
networks or nodes, thus retaining data completely within the network. Another method of
observing data confidentiality is by ensuring that the communication channel between the nodes
is secured since data may sometimes be routed through several nodes before reaching the
destination node. Encryption is also another method of observing data confidentiality in
MANETs. Encryption is one the most commonly used methods of implementing data
confidentiality. Critical data such as user identities and keys should be encrypted before
transmission. Moreover, crucial data can be characterized from the kind and the type of protocol
being used, that is mutual authentication, asymmetric or symmetric cryptography. Data
confidentiality can also be observed by encrypting sensitive data before keeping them in the
storage devices, since some nodes may be exposed user interaction, or in security applications.

3.5: MANET’s Routing Attacks

Security Attacks

There are a variety of attacks that are possible in MANETs. Some attacks may apply to only
wireless networks, while some may be to general network and some are specific to MANETs.
These security attacks can be classified based on various criteria such as techniques employed by
the attacker or the domain of attackers. Some of the classification of security attacks in MANETs
and all other networks include passive or active attacks, internal or external attacks, different
protocol layer attacks, stealthy or non-stealthy attacks, cryptography or non-cryptography related
attacks.

Passive attacks Versus Active attacks

A malicious node in MANETs execute a passive attack, without actively initiating malicious
actions on the nodes or network. However, the malicious node can fool other network nodes,
simply by ignoring operations. Moreover, the malicious node basically learns and collect
important information from the network by monitoring and listening on the communication
between nodes within the MANETs. For instance, passive attacker is able to recognize which has
special functionality like a router in MANETs by observing a node that receive several requests
from other nodes. After collecting some crucial information, an attacker may switch its role from
passive to active in order to put a certain node or service out of operation. For example, an
attacker may perform Denial of Service attack so as to collapse certain part of MANET or even
the whole MANET. Selfish node is another example of passive attack where node fails to forward
incoming packets despite of having stable power and operational routing protocol like other node
in the network. Other example of passive attacks includes eavesdropping, traffic monitoring and
traffic analysis. On the other hand, Active attacks basically occur subsequent to passive attacks,
for instance after malicious nodes finished eavesdropping required information on the MANETs
traffic. Active attacks encompass information fabrication, modification, or interruption, thereby
interrupting normal operation of MANETs. Some examples of active attacks include
impersonating, denial of service (DoS), jamming, modification and message replay.

Internal versus External attacks

MANETs attacks can also be classified into internal and external attacks, depending on the
domain of the attacks. Internal attacks are typically from compromised nodes, which are part of
the MANETs network while external attacks are carried by the malicious node that does not
belong to network domain. Internal attacks are more severe as compared to the external attacks
because the insider has secret and valuable data, and also possesses access rights.

Stealthy versus non-stealthy attacks

Some MANETs attacks use stealth, whereby the attack tries to hide his malicious action from
either intrusion detection system (IDS), or security specialists who monitoring MANETs.

Attacks on various layers of the Internet model

MANETs attacks can be further classified according to the layers of the Internet model. However,
some attacks can be launched in multiple layers. Some examples of attacks on Internet layers
includes repudiation, data corruption, session hijacking, SYN flooding, wormhole, Byzantine,
flooding, jamming, eavesdropping, man-in-the-middle, DoS and replay and impersonation.

Network layer attacks

There are a variety of attacks targeting the network layer, which have been heavily researched
and identified in a number of research papers. Attacker can absorb network traffic, inject himself
into the path between the source and the destination, and control the network flow, as a result of
attacking routing protocols. Attacker can initiate his malicious activities which may lead to
forwarding traffic packets to a non-optimal path, which could cause significant delay. In addition,
these traffic packets could be forwarded to a nonexistent path and get lost completely. The
attacker can also establish routing loops, which may result in channel contention and severe
network congestion some part of MANETs. Multiple colluding malicious attackers may
sometimes initiate some weird activities, which may prevent a source node from finding a path to
destination, thus causing network partitioning. Failing to get a route to the destination by the
source node may trigger excessive network traffic, which may further intensify network
congestion and performance degradation.

There are a variety of malicious routing attacks, which target routing maintenance or discovery
phase by not adhering to predefine behavior of the routing protocol. Example of routing attack
targeting the route discovery phase include routing cache poisoning, routing loop, routing table
overflow, RREQ flooding, hello flooding and acknowledge flooding. Reactive algorithms create
such as AODV and DSR, create route only they are needed, while proactive routing protocols like
OLSR and DSDV discover routing information before it is needed. Thus, proactive routing
protocols perform worse than reactive protocols since they do not accommodate the dynamic of
MANETs, and also, they require more costly broadcasts. Proactive routing protocols are more
vulnerable to routing table overflow attacks.

Routing table overflow attack

In routing table overflow attack, a malicious node advertises routing paths, which go to non-
existent node the authorized node present in the MANETs. This routing overflow attacks is
usually common in proactive routing protocols since it tends to update routing information
periodically. In other words, Proactive routing protocol are more vulnerable to table overflow
attacks since they attempt to discover routing information before they are needed. An attacker can
launch the attack by creating a lot of malicious routes in order to prevent new rout for being
created. In other words, attacker can simply transmit excessive routing information in order to
overflow the routing table of the victim.

Routing maintenance phase attack

Attack at the routing maintenance phase are attacks that are initiated by broadcasting false control
messages like link-broken error messages. These false control messages could result in the
invocation of the costly route maintenance or repairing operation. For instance, DSR and AODV
usually execute path maintenance procedures in order to repair broken routes, which was caused
by the node movement. Typically, when an intermediate node or the destination node along the
active route moves, the upstream node affected by the broken path would then broadcasts a path
error messages to all active upstream neighbors. These broadcast error messages would cause all
nodes to invalidate broken path route in their routing tables. Attacker could therefore take
advantage of this to initiate attacks by transmitting false route error messages.

Routing cache poisoning attack

Routing cache poisoning attack is where an attacker takes advantage of the promiscuous mode of
the routing table update to launch the attack. promiscuous mode of the routing table update is
where a node overhearing any packet may update its own route cache by the routing information,
which is contained in the packet header, even if that node is falling along the path. Suppose a
malicious node A wants to initiate an attack to poison routes to node Z, then this malicious node
A could broadcast spoofed packets with source path to Z through A itself thus causing
neighboring nodes which overhear packet to add routing information to their route caches.

Attacks on specific routing protocols

There also some attacks which target certain routing protocols. For instance, in DSR, the attacker
can initiate malicious activities which may modify the source route list in RREP or RREQ
packets. The attacker can also switch the order of nodes in the list, as well as deleting a node
completely from the list. In AODV, an attack can also initiate malicious activities which can
advertise a routing update with a larger sequence number, as well as invalidating mercilessly
updates from other nodes. These malicious activities on AODV, can also advertise a route with a
smaller distance metric as compared to the actual distance thus re-routing packet through the
malicious node.

Location disclosure attack

This is a kind of attack where the attacker reveals crucial information regarding the structure of
the network or the exact location of a node in the network layout. Attacker can collect
information which regard to the node location like a route map, and then use the located routing
information to launch further attacks. The attacker can also deploy traffic analysis which is one of
the subtlest attacks on MANETs in order to get more insights on network structure and more
information on node location. Attacker can also make several attempts to figure out the details of
the communication parties and analyze traffic pattern in order to visualize the network traffic
pattern so as to track changes in the traffic pattern. Therefore, the leakage of information
regarding the network structure and location of the node may be devastating in security-sensitive
environment.

Resource consumption attack

Resource consumption attack is also known as sleep deprivation attack. Resource consumption
attack is where the malicious or a compromised node may make several attempts to consume
battery life by initiating excessive forwarding of unnecessary packets, or excessive route
discovery to the targeted node.

Rushing attack

Rushing attack is where two colluded attackers may deploy the use of tunnel procedure to initiate
wormhole attack. In rushing attacks, the tunneled packets can propagate faster than those
propagated by a normal muti-hop route in case there is a fast transmission path between two ends
of wormhole attacks. Rushing attack may be viewed as an effective denial-of-service attack
against all currently proposed on-demand.

MANETs routing protocols.

Byzantine attack

Byzantine attack is where a set of compromised intermediate nodes works in collusion with other
nodes to carry out attacks such as selectively dropping packets, forwarding packets via non-
optimal paths, creating routing loops, which may cause degradation or disruption of the routing
services. Byzantine attack can also be carried by a single intermediate node, which can
exclusively initiate attack to MANETs nodes to create routing loops and forward packets through
non-optimal paths. Generally, byzantine attacks will usually lead to disruption or degradation of
the routing services.

Blackhole attack

Generally, the blackhole attack has two features. The first future of blackhole attack is that the
malicious node exploits MANET protocols like AODV in order to advertise itself as the node
with valid route to the destination, even though this route is spurious is intending to intercept
packets. Another feature of blackhole attack is that the attackers consume the intercepted packets
without forwarding any of the intercepted packets. However, the ongoing malicious activities of
attacker may be exposed and monitored by the attacker’s neighboring nodes in MANETs. There
is a certain form of blackhole attacks where attackers selectively forward some packets while
leaving the data form other nodes unaffected in order to limit the suspicion of its malicious
practice. In other words, there is another form of blackhole attack where modifies or suppress
packets originating from some node, while leaving the data from other nodes unaffected in order
to limit suspicion of its wrongdoing.

3.5.1: Wormhole Attacks

Wormhole is another significant attack where malicious nodes collude to selectively discard
relative location messages of legitimate nodes. In other words, wormhole attack is where by a
malicious node tunnel messages received in on point of the network over a low-latency link and
replays them in another region. Typically, wormhole attacker usually records packets at one
location in the network and tunnels them to another location with MANET networks. Routing can
be disrupted or rather distorted when routing control message are tunneled by the wormhole
attackers. Therefore, wormhole attack is very severe threats to MANET routing protocols. For
instance, when wormhole attacks are launched against reactive routing protocols such as AODV
and DSR, the attackers could employ malicious activities which could the discovery of any other
route other than through wormhole.

3.5.2: Wormhole example

3.5.3: Impact of Wormhole Attacks

3.5.4: Types of Wormhole Attacks

The wormhole attack is one of the considerable attacks frequently happens in the MANET. A
wormhole attack can be defined as a network attack, where two malicious nodes co-operate
together to form a communication and by-passing intended nodes in the network or falsifying the
network topology. Broadly, there are two types of wormhole attacks in the MANET: the
wormhole attacks using inbound channel and the wormhole attacks using outbound channel.
 Fig 1. Wormhole attack using inbound channel

In the former case, the malicious nodes of wormhole attacks transfer the data using the normal
network nodes of the MANET. For example, in the Figure 1, the malicious nodes P and Q use
legitimate nodes X and Y for transfer of the data between P and Q. In the case of wormhole
attacks using outbound channels, the malicious nodes use a high-speed links to create a tunnel
outside the network. For example, see the Figure 2, the malicious nodes, P and Q transfer the data
through the wormhole tunnel. During data transfer in wormhole tunnel, it is pretended that the
data transfer is done through the legitimate nodes within the MANET.

D
Q
S
P X Y
Wormhole tunnel
Fig 2. Wormhole attack using outbound channel

Chapter 4: Relation Work

D
Q
This section discusses the approaches used to determine the detection of wormhole attack in the
Wireless Network. In Ad-On-Demand Distance Vector,S the route request messagesX are sent
P Y
between adjacent nodes, rebroadcasting them to the intended destinations and the process
continuous. The simulation, deployment of nodes for implementing the wormhole attack in the
AODV routing protocol, generation of a scenario to carry out the effect of wormhole attack.
Accordingly, the results are analyzed to come up with the differences in the effects of the
wormhole attack. Later the implementation process to detect and prevent simultaneous wormhole
attacks in the AODV is done by applying the algorithm, which prevents wormhole attacks by
broadcasting safe communication. The objective is to reject the RREQ packets by picking the
fake path through the wormhole for the RREP packet.
Destination Sequenced Distance Vector (DSDV) consists of estimations in a table format. The
process contains detecting the wormhole through plotting centers beating the message from a
point X and Y whereby it will push a ricochet of one and consider a touch of one as a touch of the
other. Messages will be sent to X and Y in case of detection of an attack that avoids multiple
counts.

Optimized Link State Routing involves occasionally exchanging information topologies,

therefore controlling the wormhole attacks. In the wormhole attack system, using available
information, a topology fragmentation layout collects the learning of the different ways in which
the attack can be launched using asymmetrical relations. When the messages are sent since the
neighbors trust themselves, there can be a mistake in the information relayed, thus creating an
attack.

Secure Ad-hoc Distance Vector (SEAD) depends on a distinct hash tie to protect the structure
from Daniel of Service (DOS) attacks. This algorithm supports the estimation of source-
destination pairs, sort out the tables, and ensures that the data is sent to the intended recipient.
This kind of strategy makes an attacker more difficult to access the information of the right
recipient. Therefore, it is making it difficult to perform the attack on the wireless networks as the
SEAD replace attack on inappropriate messages from an unauthenticated source.

A Secure On-Demand Routing Protocol for Ad-hoc Networks approach ensures that the objective
center supports the source, which depends on the cryptography that is easy ensuring the path is
followed with TESLA key affiliation and controls messages through the clock synchronization. In
this algorithm, the route request uses a hashing system that depends on the confirmation code. It
supports transitional center concentration and installations in the blueprint centers. The source
supports the beginning period of individuals' data field in the RREP packet with the underwriting
code. When the RREQ is organized carefully, the flooding strikes a wormhole, thereby
preventing information loss.

Additionally, some researchers advocated for a Proposed System whose role is to detect the
wormhole attack by tightly securing the wireless network from delay, packet drop, adversaries,
misdirection of the multichip routing, and setting delays to the unintended information relays.
There is the use of trust-based Energy with an efficient network to detect the wormhole attack.

The Hop Count Analysis Method shows a jump check examination structure for the wormhole
region. The method detects the wormhole attack and then diverts through a way in which it is
clear and free from the suspected wormhole attack course. It proposes that a multipath planning
custom be used where it calculates the examination procedure, thereby preventing the wormhole
attacker from accessing any information.

Time-based structure proposed a time-based system approach to detect wormhole attacks

depending on the time estimation. The wormhole attack is recognized without G.P.S. Since the
focus is on time, there is an essential use of synchronized clocks to disseminate the time. The
clocks have to be accurate so that the Time-based mechanism can separate the wormhole by
figuring out the focus's transmission time.

Location-Based approach is used where the location of the transmissions and the neighboring
focus is known among themselves. The geological chain detects the wormhole attack in this
approach, which consists of data linked to a group. The inside focus is with their domain, while
the middle point focuses on keeping the time zones where gathering information is done. This
approach utilizes GPS or orchestral innovations.

Chapter 5: Methodology and Implementation

Chapter 6: 4. 1 Introduction

Our proposed model for detecting and preventing wormhole attack and the methodology which
apply in research is presented and explain in this paper. This chapter is organized into four main
sections. Designing aspects overview are listed in section 4.1, section 4.2 has the fundamentals
used in our projects. Section 4.3 contains a general view of our proposed model and section 4.4
present detection and prevention mechanism in greater details.

Chapter 7: 4. 2 Fundamentals

The main technique of detecting the presence of wormhole in a network is by determining

whether the node is transmitting out of its transmitting range or not. This can be determined by
identifying received packets which are not from the neighboring nodes. Therefore, this model
proposed that every node should populate a neighborhood table. A neighborhood table is made
up of node location and node IDs.

Chapter 8: 4. 3 The Modified AODV characteristics

Out modified AODV protocol has four key features. These features as listed as follows:
i) Localization procedure: The location process will help in maintaining the location of every
node for future routing.

ii) Neighborhood table: The neighborhood table will be maintained by every node in the
network.

iii) Trust factor: A trust value will be given to every node to help in determining its accuracy
and sincerity when it comes to packet forwarding mechanism

iv) Detection and Prevention procedure: The algorithm will be used to identify malicious
wormhole node and its colluding node based on the trust factor value. The Wormhole node and it
colluding node will then be blacklisted immediately after detection.

Fig 4.1 demonstrates the process of transmitting the packets from the source S to destination D,
the packet will not transverse out of its transmission range. Therefore, when a packet from S is
received by B or A directly then there could be possibility of wormhole attack in the network.

Fig 4.1 Normal packet transmission

Chapter 9: 4. 4 The Proposed Modified AODV Model

A detailed description of proposed Modified AODV Model is described in this section as follows

Chapter 10: 4. 4.1 Localization Process

The first step of modified AODV model is localization process as shown in the Fig 4.2. The
anchor node broadcast their presence immediately they are powered on. Then every node in the
communication range will be activated, and respond to the broadcast with message including own
identity. Neighboring table will then be populated after all node have responded.

Fig 4.2 Location Process

Chapter 11: 4. 4.2 Trust Factor Model

Trust factor is a new feature for our proposed routing protocol, which helps in detecting and
preventing wormhole attack in MANET. The trust factor value employs the inherent features of
the AODV protocol to compute trust levels in other nodes.

The anchor usually broadcast HELO message to determine honesty of all neighbor node for every
anchor as shown in figure Fig 4.3. True factor value of every neighbor node is typically
incremented by 0.2. The source node is task with verifying the different fields in the forwarded
route RREQ for integrity checks. The true factor value is incremented by 0.1 when the integrity
checks is passed, which proves that the node has acted in good manner.
Fig 4.3

Chapter 12: 4. 4.3 Route Establishment

All intermediate nodes that have no route to destination node normally rebroadcast RREQ
forwarded by the originator of the RREQ, especially in AODV. The intermediate or source node
keeps all information about all next neighbor from which it listens RREQ during rebroadcast.

Our proposed model uses the same techniques, however the RREQ message broadcast with
narrow direction based on destination node location

Chapter 13: 4. 4.3 Wormhole Detection and Prevention

Every node before transmitting data packets has to prove to the immediate nodes that it has a
suitable trust value to enable it take part of future routing, as shown in fig 4.4 The source node
will mark the node ID in a blacklist if the trust value is not appropriate. The blacklisted nodes will
not participate in future routing for a period of time.
Fig 4.4. Wormhole Detection and Prevention

Chapter 14: Experiment and Evaluation

Chapter 15: 5.1 Simulation Setup

For this project I have created Linux platform on Windows 10 using VMware
Workstation. I have installed and configured Ubuntu 18.04 on this VMware Workstation
as show in Fig 5.1.1
Fig 5.1.1 Showing Installed and Configured Ubuntu 18.04 on VMware Workstation

Environment for Wormhole Attack

- I have created environment for Wormhole Attack simulation on VMware

Workstation by installing and configuring the following software:
a) NS2 3.5 version
b) NAM
c) Xgraph
- I have also installed and Configured C++ Compilers because Ubuntu 18.04 have
higher version of compilers which are not supported by NS2 3.5 software, so I
had to installed lower version of gcc and g++ by using the following command:

Sudo apt install build-essential autoconf automake libxmu-dev

Sudo apt install gcc-4.8 g++-4.8

Chapter 16: 5.2 Simulation Parameter

We assume that physical layer has a fixed communication range pattern, which means that node
can directly communicate with each other in our simulations. We randomly deployed nodes
within an area of 100 x100 meter and also trust factor value is initialized to zero.

Wireless Network Simulation on NS2

- I have created simulation of Wireless network with 26 nodes as shown in the

NAM diagram. In this simulation, node 26 is the source node and node 0 is the
destination node. I have used TCP agent, where the source node is attached to
TCP and the destination node is attached to TCP sink. I have used ftp as the
application type, as shown in Fig 5.2
-
Fig 5.2 Showing the setup on NAM

Table 5.2 Simulation Environment

Chapter 17: 5.3 Performance Evaluation Metrics

The evaluation of the proposed modified AODV is measure based on the following metrics:

i) Average Hop-Count: Average hop count refers to the Total Hop Count of demands oner
Network of demands

ii) Detection rate: Detection rate refers to ratio of total detected wormhole to total wormholes.
iii) Detection Accuracy: It is the ratio of total detected wormholes to total actual wormhole

Chapter 18: 5.3 Simulation Scenarios

Simulating Normal Wireless Network with Attack

- You to need to navigate to the directory this particular file resides, then use the
following command to run it:

ns normal.tcl
- Below is the screenshot of NAM screen when normal.tcl script is running, as
Shown in Fig 5.3-1

Fig 5.3-1 Showing NAM interface normal Network packet forwarding scenario

You can see that the source node is forwarding packets through Wormhole1 node.
Wormhole node has strategically positioned itself such that the source node will
have to forward packets through it based on the existing algorithm on AODV
routing protocol. Therefore, wormhole node will then forward to node 19, then
node 19 to node 8 as show Fig 5.3-2
Fig 5.3-2 Showing NAM interface normal network packet forwarding scenario

Node 8 then forward packet to node 9 as shown Fig 5.3-

Fig 5.3-3 Showing NAM interface normal network packet forwarding scenario
 Node 9 then forward to node 10 as shown Fig 5.3-4

Fig 5.3-4 Showing NAM interface normal network packet forwarding scenario

Node 10 then forward packet to node 13 as shown Fig 5.3-5

Fig 5.3-5 Showing NAM interface normal network packet forwarding scenario
 Node 3 then forward to node 2 as shown Fig 5.3-6

Fig 5.3-6 Showing NAM interface normal network packet forwarding scenario

Node 2 then forward to node 1 as shown Fig 5.3-6

Fig 5.3-6 Showing NAM interface normal network packet forwarding scenario
 Node 1 then finally forward the packet to the destination node as shown Fig 5.3-7,
then the process of packet forwarding then repeats itself

Fig 5.3-7 Showing forward the packet to the destination node

This simulation was conducted in MANET with various sizes

Fig 5.3.7 Xgraph on normal MANET scenario

Wormhole Attack Simulation

Now, the routing path as changed, wormhole1 and wormhole2 have created a
tunnel. Packet is now being forwarded from Source Node to wormhole 1 then
wormhole 1 forward this packet to wormhole 2 as shown below
Finally, node 1 forward the packet to the destination node, as shown below
Fig 5.2.3 xgraph with two wormhole nodes in MANET scenario

Fig 5.2.3 xgraph with eight wormhole nodes in MANET scenario

Fig 5.2.5 Relationship between number of nodes and number of Hop-count

Table 5.2.3 Wormhole Detection Accuracy Rate

Fig 5.2.5 Number of Wormholes versus Wormhole Detection Accuracy Rate

Chapter 19: 5.4 Summary

The comparison-based approach of detection wormhole has been presented in this chapter. The
performance evaluation is carried on proposed modified routing protocol and Secure-AODV.
Extensive simulations have been done using NS2 to simulate various network scenarios,
involving various numbers of wormhole nodes. The comparison between proposed modified
AODV has also been done against Secure AODV and the summarized table has been presented in
this chapter. This comparison was based on rate of detection, accuracy of detection and average
hop-count.
 Chapter 20: Conclusion and Future Work

Chapter 21: 6. 1 Conclusion

Wormhole attach can significantly degrade network performance and is also a threat to network
security. MANET with high degree of confidential and authenticity can also be a victim to
wormhole attack. The malicious node in wormhole attack usually targets the routing control
messages which relates to routing information or topology. We use hop-count metric which is
inherited from routing protocol in order detect wormhole tunnels. The proposed modified AODV
is easy to deploy and it does not require any special hardware. The proposed modified AODV
also does not require any complex computation. The performance of this proposed AODV
indicates high detection rate at different network scenarios, as indicated in the table 6.1

Table 6.1 Summary of Evolution Metrics

Chapter 22: 6. 2 Future Work

This proposed modified AODV can improved in future by providing custom encryption
algorithm which provide high degree of authentication and integrity while taking into account
limitations of MANET such as computation capability, power consumption and storage
resources.

Chapter 23: 6. 2 Future Challenges

There are four areas which is likely to pose a challenge to the MANETs. These areas include
implementation of proposed MANET’s routing protocol, MANET’s quality of service (QoS),
scalable multicasting in MANET, and security in MANET. For instance, until now, most of the
proposed routing protocols have just been implemented through simulation. Therefore, even with
the several routing protocols proposed for MANET, more effort is required in investigating each
and every proposed routing protocol’s behavior in a real-world scenario. On the other hand, every
user may wish to communicate with several users at the same in MANETs. In this scenario, a
routing strategy may be required to determine multiple routes, which is referred to as multicast
routing protocol. Recently, several different multicasting protocols have been proposed for
MANET, however, the idea of scalable multicasting still call for further research. Also, offering
QoS in a MANET setting is challenging task even though a number of routing protocols proposed
to date aim at providing best-effect delivery since the dynamic nature of MANETs make the
available routing strategies less precise. Therefore, a distributed QoS routing protocol is needed,
however, only few strategies have been proposed for MANETs to implement QoS routing.
Security is most challenging research issue in MANETs since wireless communication is
susceptible to wide range of attacks such as denial-of-service, passive eavesdropping, among
others. Therefore, the next section will discuss MANET’s security in detailed.

Chapter 24: References

Abolhasan, M., Wysocki, T., Dutkiewicz, E, 2004. A review of routing protocols for mobile ad
hoc networks. Ad Hoc Networks, 2(1), pp. 1-22.

Akilarasu, G., & Shalinie, S. M. (2016). Wormhole-free routing and dos attack defense in
wireless mesh networks. Wireless Networks, 23(6), pp. 1709-1718.
https://doi.org/10.1007/s11276-016-1240-0

Amish, P., & Vaghela, V. B. (2016). Detection and Prevention of Wormhole Attack in Wireless
Sensor Network using AOMDV Protocol. Procedia Computer Science, 79, pp. 700–707.
https://doi.org/10.1016/j.procs.2016.03.092

Bera, R., Sarkar, S. K., & Chakraborty, S., 2018. Advances in communication, devices, and
networking, in Proceedings of ICCDN 2017, Springer.

Corson, M.S., Macker, J.P. and Cirincione, G.H., 1999. Internet-Based Mobile Ad Hoc
Networking. IEEE Internet Computing, 3, 63-70.
Ghasem Farjamnia, Yusif Gasimov, and Cavanshir Kazimov, 2019. Review of the techniques
against the wormhole attacks on wireless sensor networks. An International of Wireless Personal
Communications, 105(4), pp. 15611584.

Jen Shang-Ming, Laih Chi-Sung, Kuo, Wen-Chung, 2009. A Hop-Count Analysis Scheme for
Avoiding Wormhole Attacks in MANET. Sensors 9, no. 6: 5022-5039,
https://doi.org/10.3390/s90605022

Kaur, P., Kaur, D., & Mahajan, R., 2017. Wormhole attack detection technique in mobile ad hoc
networks. Wireless Personal Communications, 97(2), 2939-2950.

Louazani Ahmed, Sekhri Larbi, Kechar Bouabdellah, 2014. A security scheme against wormhole
attack in MAC layer for delay sensitive wireless sensor networks. International Journal of
Information Technology and Computer Science, 12, pp. 1-10.

Minohara, T., & Nishiyama, K. (2016). Poster: Detection of Wormhole Attack on Wireless
Sensor Networks in Duty-Cycling Operation. EWSN.

Neeta Nain, Santosh Kumar Vipparthi, 2019. 4th International Conference on the Internet of
things and connected technologies (ICIoTCT), 2019: Internet of things and connected
technologies. Springer International Publishing.

Perkins, C., Belding-Royer, E., 2003, Ad-hoc On Demand Distance Vector (AODV) Routing. In
IETF RFC 3561, Mountain View, USA.

Rubinstein M.G., Moraes I.M., Campista M.E.M., Costa L.H.M.K., Duarte O.C.M.B., 2006. A
Survey on Wireless Ad Hoc Networks. In Proceedings of IFIP International Conference on
Mobile and Wireless Communication Networks, pp. 1-33.

Sankara Narayanan S, Murugaboopathi G, 2018. Modified secure AODV protocol to prevent

wormhole attack in MANET. Concurrency Computational Practice and Experience.
https://doi.org/10.1002/cpe.5017

Santosh Kumar D, Sourav S, Nilanjan D et al, 2019. Design frameworks for wireless networks.
Lecture Notes in Networks and Systems, Springer, ISBN: 978-981-13-9573-4, pp. 1–439.
Satyanarayana D, Rao S V, 2008. Constrained Delaunay Triangulation for Ad Hoc Networks.
Journal of Computer Networks and Communications, 2008, pp. 10.
https://doi.org/10.1155/2008/160453

Swati Bhagat and Trishna Panse, 2015. A Review on Detection and Prevention of Wormhole
Attack in Wireless Sensor Network. International Journal of Computer Applications, 127(13), pp.
14.

Yih-Chun Hu, Adrian Perrig, and David B. Johnson,2006. Wormhole attacks in wireless
networks. IEEE Journal on Selected Areas in Communications, 24(2), pp. 370-380.
Chapter 25: