Impact of Sybil and Wormhole Attacks in Location Based Geographic Multicast Routing Protocol for Wireless Sensor Networks

: Problem statement: Wireless sensor networks have been used in many applications, such as home automation, military surveillances and entity tracking systems. The sensor nodes have low computational capabilities and are highly resource constrained. Routing protocols of wireless sensor networks are prone to various routing attacks, such as black hole, rushing, wormhole, Sybil and denial of service attacks. Approach: The objective of this study was to examine the effects of wormhole in conjunction with Sybil attack on a location based-Geographic Multicast Routing (GMR) protocol. Results: The NS-2 based simulation was used in analyzing the wormhole in conjunction with Sybil attack on GMR. Conclusion: It is found that, the Sybil attack degrades the network performance by 24% and the wormhole attack by 20%.


INTRODUCTION
A Wireless Sensor Network (WSN) consists of cheap and simple processing devices, called sensor nodes. The sensor nodes have the capability of sensing parameters, such as temperature, humidity and heat. The sensor nodes communicate with each other using wireless radio devices and form a wireless sensor network. The WSN has a dynamic, continuously changing network topology which makes routing difficult. Another characteristic of the WSN is its band width and power constraints. Silva et al. (2007) have implemented a traditional Multicast Ad hoc on demand Distance Vector (MAODV) on the WSN and claim that multicast routing improves the performance of the WSN. Zhang et al. (2006) have worked on a location aided multicast routing protocol. They use a cone-based forwarding area, through which it distributes the routing discovery process. Li et al. (2005) have improved the energy and reduced the delay by using spatial time division multiple access schema. Xiangli et al. (2008) have used a small rectangular region which covers all the forwarding nodes. The source node uses a minimal energy path for the forwarding nodes. The forwarding nodes broadcast the message to all the destination nodes in their multicast region. Therefore, early works on WSN's focused on providing a routing service using the minimum cost in terms of bandwidth and battery power. Zhao et al. (2008) have reduced the multicast transmission rate dividing the destinations into many clusters. The closest destination in each cluster receives the message and distributes it to its neighbors. Sencast (Peng et al., 2008) suggests a scalable, energy efficient multicast routing scheme for larger sensor groups. The works (Zhang et al., 2006;Li et al., 2005;Xiangli et al., 2008;Zhao et al., 2008;Peng et al., 2008) rely on the cooperation between the nodes. These approaches assumed that all the nodes are trustworthy and wellbehaved. However, sensor applications deploy the sensor nodes randomly, which causes the nodes to be unattended. It raises the problem of secure administration and utilization.
The attacks on the WSN are classified into active attacks and passive attacks. The monitoring and listening of the communication channel by unauthorized attackers are known as passive attacks. The attack against privacy is passive in nature. Some of the more common attacks against sensor privacy are monitoring and eavesdropping, traffic analysis and camouflage adversaries. If the unauthorized attackers monitor, listen to and modify the data stream in the communication channel, then the attack is an active one. Routing attacks such as spoofing, replay, selective forwarding, sinkhole, Sybil, wormhole and HELLO flood are active attacks. Denial of service attacks, such as neglect and greed, misdirection, black hole are also active in nature. Kannhavong et al. (2007) have handled flooding, black hole, link withholding, link spoofing, replay, wormhole and colluding misrelay attacks on Mobile Ad-hoc Network (MANET) routing protocols. Coskun and Levi (2006) deal with a secured multicast routing protocol that controls the spam attacks. The spam attacker aims at exhausting the battery power of the sensor node and causes extra delay in the network. Nguyen and Nguyen (2007) in their study, classify rushing, black hole, neighbor and jelly fish as severe routing attacks on the WSN. Viswanatham and Chari (2008) analyzed various threats in mobile ad hoc networks by a mobile agent in the AODV protocol. Bhalaji et al. (2008) have given a relationship estimator technique to enhance Dynamic Source Routing (DSR). By this trust relationship model, malicious nodes have been identified and isolated from route detection in mobile ad hoc networks. Murugam and Shanmugam (2010) have suggested a cumulative isolation technique to detect MAC and routing attacks in mobile ad hoc networks. Sharif and Ahmed (2010) have found that the existing routing protocols were more inefficient against a wormhole attack on the WSN. In the previous work (Shyamala and Valli, 2009)  This study simulates the wormhole attack in conjunction with the Sybil attack in Geographic Multicast Routing (GMR). The simulation was carried out using NS-2 and the network performance is studied with and without worm hole and Sybil attack in the WSN.

MATERIALS AND METHODS
Geographic multicast routing protocol: Depending on the network structure, routing in WSNs can be divided into flat-based routing, hierarchical-based routing and location-based routing. Sensor Protocols for Information via Negotiation (SPIN), directed diffusion and rumor routing are examples of flat routing. Low Energy Adaptive Cluster Hierarchy (LEACH), LEACH Centralized (LEACH-C), Power Efficient Gathering In Sensor Information System (PEGASIS) are hierarchical routing protocols. Sanchez et al. (2007) proposed an energy efficient routing protocol for the WSN, called the Geographic Multicast Routing Protocol (GMR). The GMR is a location based protocol. The GMR protocol can calculate the position of the sensor nodes from the Global Positioning System (GPS) (Xu et al., 2008) or it can use the virtual co-ordinates. Each sensor node communicates its position to its neighbors using periodic beacons. The GMR forms a multicast tree to send a data packet from a source to multiple destinations, using a single broadcast transmission.
In the GMR, each forwarding node selects a subset of its neighbors in the direction of the destination as relay nodes, based on the cost over progress ratio. The cost is equal to the number of selected neighbors. Progress is the reduction of the remaining distance to the destination. The cost over progress metric is explained with respect to Fig. 1. The remote source node S multicasts the message M to a set of destinations {D1, D2, D3, D4, D5}. The forwarding node C receives the message M from the source S and uses its neighbors A 1 , A 2 as the relay nodes. In the GMR, the multicasting task could be given to one neighbor or it could be split and given to several neighbors. Each neighbor could address a set of destinations.
From node C the total distance for multicasting is T 1 as given in Eq. 1. Then the node C applies the greedy partitioning algorithm and selects A 1 as the relay node responsible for D 1 , D 2 and D 3. The node A 2 is chosen as the relay node for D 4 and D 5. For the next level of the multicast tree, a new total distance T 2 is calculated as given in Eq. 2. The progress is the difference between T 1 and T 2 as given in Eq. 3. The cost over progress ratio P i for the new forwarding set {A 1, A 2 } is given by Eq. 3 .
The node C informs its neighbors that they are selected as the relay nodes through the header. The header format is given in Fig. 2. The GMR adds this header to the data message: T 2 =|A 1 D 1 |+|A 1 D 2 |+|A 1 D 3 |+|A 2 D 4 |+|A 2 D 5 | Thus the sender broadcasts a single message and it reaches the destination by selective forwarding and hence the energy and bandwidth consumption is minimized.
Sybil attack on the GMR: When the malicious node illegitimately takes on multiple identities, it is a Sybil attack (Xiao et al., 2009). A single node duplicates its ID and presents it at multiple locations. The node, which presents multiple identities to other nodes in the network, could be the malicious node. The traffic migrates into that malicious node and this can significantly reduce the effectiveness of fault tolerant schemes, such as distributed storage, dispersity and multipath. A Sybil attack has two stages. In the first stage, the node exploits the routing protocol to advertise itself as having a valid route to the destination, even though the route is spurious. In the second stage, the node consumes the intercepted packets for a replay, wormhole or sinkhole attack.
This work implements the Sybil attack in the GMR protocol. During the normal operation, the node advertises its ID and location information to its one hop neighbor by a beacon message. Since there is no authentication in the GMR, the duplicate nodes also participate in multicasting. The cost over progress ratio is calculated. The malicious node M exhibits high energy and minimal distance, as compared to the normal node. It starts the attack from the root of the multicast tree. The Greedy partitioning algorithm of the GMR (Sanchez et al., 2007) selects node M as a relay node, since it has the best cost over progress ratio. Figure 3 is the pseudo code for implementing a Sybil attack in the GMR protocol. Figure 4 is the data header format and Fig. 5 is an example of a Sybil attack.
In the following algorithm the neighbor node with the best cost over progress ratio is taken as the forwarding node for the routing. For instance, node C receives a multicast message from its neighbour node A. Node C reads the header and gets the forwarding node's ID. If it finds its ID, then it starts calculating the cost over progress ratio. Node C gets the neighbor's ID list N. Initially, the best distance between node C and all its neighbors is set high (i.e., equal to the radius of the communication range of node C). The set of all subsets of N forms a set S. In the subset, each node n i which has the same distance from C is retained in the same subset S i . D is a set of all destinations of the multicast message. Set G is equal to the set of all destinations with the same distance from node C. For each element of S i the cost over progress ratio for all the subsets of G is calculated. G i and G j are the subsets of G. Set G i is merged with G j if for any subset of S i the subsets G i and G j provide a higher improvement in the overall cost over progress ratio. This procedure is repeated for all the subsets of S and G. The resultant S forms the relay node for the set of destinations D.
The header consists of the source ID, the relay node ID and sets all destinations' IDs that can be reached via the relay node. In the GMR, the source node initiates a data message for the set of destinations. Each node requires O (D,n) 3 (where, D is the number of destinations and n is the number of neighbors of the node currently multicasting the message) forwarding node selection time, in the worst case. In a wormhole attack, the malicious node creates a Sybil attack and attracts the traffic towards it. In the next step, it rushes the data message to its neighbor, who is far away. This reduces the ability to forward a legitimate data message and exhausts the battery power for unwanted computation. It introduces a longer network delay.
Wormhole attack on the GMR: A wormhole attack (Hu et al., 2006) is one of the most sophisticated and severe attacks on the WSN. In this attack, a pair of colluding attackers records packets at one location and replays them at another location using a private high speed network. An attack launcher situated close to a base station may be able to completely disrupt the routing by creating a well-placed wormhole. An adversary could convince the nodes that would normally be at multiple hops from a base station, that they are only one or two hops away via the wormhole.
This study studies the wormhole attack in terms of its effect on the operation of the GMR.

Simulation environment:
To evaluate the effectiveness of the proposed attacks, the GMR is simulated using NS-2 (Downard, 2004). The goal of the evaluation is to test the effectiveness of the Sybil and wormhole attack variations under normal conditions. The size of the data payload is 512 bytes. The simulation is based on 200 nodes. Nodes 11-200 are simple nodes and nodes 1-10 are the malicious nodes. Table 1 shows the simulation parameters. The number of malicious nodes was varied from 2-10 and the results are given in Table 2 The network performance is evaluated using the packet delivery ratio, network throughput, packet drop ratio and energy loss metrics in the presence of Sybil and wormhole attacks.
Performance analysis: Packet delivery ratio: Packet Delivery Ratio (PDR) is defined as the ratio of the total number of data packets received by the destination node to the number of data packets sent by the source node. Figure 6 represents the packet delivery ratio of the GMR protocol. The packet delivery ratio drastically decreases, when there is a malicious node in the network. For example, the packet delivery ratio is 100% when there is no effect. From Fig. 6, due to the Sybil attack, the packet delivery ratio decreases to 77%, because some of the packets are consumed by the duplicate node. In case of a worm hole attack the PDR decreases to 85% because of fast message forwarding.
Network throughput: The network throughput represents the ratio between the number of data packets generated from the source node, to the number of data packets received at the destination in percentage in Fig.  7. The throughput of the network is 100% when there is no attack. The GMR seems to be resistant to a wormhole attack since the throughput is reduced by 15%, whereas the Sybil attack reduces the throughput by 20%. At 100 ms the Sybil attack reduces the throughput to 60% and it remains at the same value for the next 150 ms. Later than that, the throughput is regularly decreased. Once, the Sybil attack is launched it creates multiple identities. These malicious nodes take part in routing and consume the data packets. When the time proceeds these nodes are slowly removed from the routing path and hence the throughput becomes constant.
To initiate a wormhole it takes 150 ms. Once it has been launched the value of the throughput is reduced to 50% from the normal value as given in Fig. 7.

Packet drop:
Packet drop is the average number of packets dropped by the network. Figure 8, shows the results of packet loss for the wormhole and the Sybil attack.    The Sybil attack drops more number of packets at its initialization. Multiple images of the same nodes take part in routing, which observes the packets and drop it. Once the Sybil attack is on track, the packet loss is uniform for the subsequent 150 ms. The wormhole attack was commenced at 150 ms, the packet loss at that moment is about twice the value of no attack due to the malicious nodes, which tunnel the data packets from one part of the network to other. As a result, the destination nodes do not receive the sent packet.
End to end delay: Figure 9, shows the end to end delay. The average end to end delay for multicast is uniform when there is no attack. The wormhole attack in its extensiveness at 150 ms steals the message from the source node. Therefore, the average end to end delay increased to 40%. In the Sybil attack, the delay is 10% for every 50 ms when compared to the multicast with no attack. From, this result it is observed that the worm hole requires an extremely tight time synchronization between the sensor node and the base station during routing. A strong routing message authentication and encryption reduces the worm and Sybil attacks.
Energy consumption: Figure 10 shows the energy consumption of a network for the worm hole, Sybil and for the normal operation of the GMR multicast protocol. The energy consumption of the network varies from 5-1 joule in the case of no attack. For the wormhole attack the network drops its energy to 0.5 joules. From these values, it is observed that the battery power of the sensor nodes was highly drained by the malicious nodes. In the Sybil attack the duplicate nodes start troubling the routing, by which it drains the overall network energy at 100-150 ms. From 200 ms of simulation, the energy consumption of the network is 10% more than that under normal operation. Table 2-3 show the values obtained, when the numbers of the malicious nodes are 2, 4, 6, 8 and 10 respectively. The average performances of the packet delivery ratio, network delay, energy consumption, energy loss were noted. From the results it is observed that the Sybil attack degrades the performance of the GMR on a large scale, when compared to a worm hole attack. Table 2-3, show the average performance of the GMR for varying number of malicious nodes (n). For n = 2, the packet delivery ratio is high in a Sybil attack when compared to a wormhole, because, the wormhole consumes more number of packets. But, the proportional drop in the packet delivery ratio for the worm hole is less, compared to the Sybil because, the multiple identities of the Sybil node disturb the routing procedure and it consumes more number of packets. The average delay for the wormhole is low when compared to the Sybil, since a malicious node transfers the packet to other parts of network through a powerful link communication channel. In the Sybil attack, a malicious node creates multiple identities and each duplicate node consumes a packet, which causes an overall increase in average delay. The energy consumption for the Sybil and wormhole is almost the same. From this data, it is implicit that the wormhole attack causes more damage to the routing procedure of the GMR than the Sybil attack.

CONCLUSION
With developments in WSN environments, the services based on the WSN have been increased. In this study the effect of the wormhole in conjunction with the Sybil attack on the GMR have been studied. The packet delivery ratio, throughput, end-to-end delay and energy loss have been evaluated. There is a reduction in the packet delivery ratio, throughput and end to end delay as observed from the graphs. Having considered the wormhole and Sybil attacks in the GMR, it is evident that it is extremely necessary to control these routing attacks. So, the task of providing secure routing for Wireless sensor networks presents a rich field for researchers.