Fig.1.Wormholeattackagainstadistancevectorbasedroutingprotocol.Ifanadv - PDF document

Fig.1.Wormholeattackagainstadistancevectorbasedroutingprotocol.Ifanadversaryhadaccesstocryptographickeys,itcouldgenerateandforgeanymessage,andinjectitbackintothenetworkwithnoassistancefromwormholes.B.WormholethreatagainstnetworkprotocolsVariouswormholeattackscenariosdisruptingnetworkpro-tocolsandapplicationsareavailablefrom[1],[4].WenowillustratehowawormholeattackcandisruptthedistancevectorbasedadhocroutingprotocolssuchasDSDV[5]orADV[6].Figure1presentsanadhocnetworkof13nodesandaworm-holelinkbetweennodes.Iftheroutingtableofnodeistunneledthroughthewormholelink,nodewillhearthebroadcastandassumethatnodeisaone-hopneighbor.willupdateandbroadcastitsroutingtableentriesforone-hopneighbornode,andnodesarenowreachableviatwohops.Similarly,otherneighborswilladjusttheirownroutingtables.NotethatnodeswillnowrouteviatoreachanyoftheHence,withminimalresources,anattackercanredirectandobservealargeamountoftrafÞcasdesired.Furthermore,bysimplyswitchingthewormholelinkonandoff,theattackercantriggerarouteoscillationwithinthenetwork,thusleadingtoadenial-of-service(DoS)attack.Fromtheseexamples,wenotethatawormholeinessencecreatesacommunicationlinkbetweenanoriginandadesti-nationpointthatcouldnotexistwiththeuseoftheregularcommunicationchannel.Hence,awormholemodiÞesthecon-nectivitymatrixofthenetworkandcanbedescribedbyagraphabstractionoftheadhocnetworkasdescribednext.C.AGraphtheoreticformulation.ConsideranadhocnetworkrandomlydeployedwithanyhavingacommunicationrangeSuchanetworkcanbemodeledasageometricrandomgraph[7],deÞnedasfollows:GeometricRandomGraph:GivenaÞnitesetofverticesfor2-dimensionalspace),wedenotebyV,rtheundirectedgraphwithvertexsetofrandomlydeployednodes,andwithundirectededgesconnectingpairsofverticesi,j,whereissomenormonnTheentriesoftheedge,orconnectivitymatrix,denotedbye,aregivenby:i,jTheexistenceofwormholelinksviolatesthegeometricgraphmodel,byallowinglinkslongerthan,thustransformingtheinitialgeometricgraphV,rintoalogicalconnectivitygraphV,E,wherearbitraryconnectionscanbeestablished.Hence,anon-trivialwormholewillalwaysincreasetheentriesoftheconnectivitymatrixofV,rAcandidatesolutionpreventingthewormholeattackshouldreconstructtheoriginalgeometricrandomgraphV,r,orbyimposingalessstrictrequirement,shouldtransformthelogicalV,EtoalogicalgraphV,E,inwhich,foranylinkbetweenapairofnodesi,j,condition1isalwayssatisÞed.Weformalizetheseideasintheorem1.Theorem1:GivenageometricrandomgraphV,rÞnedasin(1),andanarbitrarylogicalgraphV,EV,EintoalogicalV,EisasolutiontothewormholeproblemiffsetofedgesofisasubsetofthesetofedgesoftheV,rProof:Assumethatpreventsthewormholeattack.Letdenotetheconnectivitymatrixofgraph.If,thereaexistapairofnodesi,jforwhich:i,ji,j.Forsuchnodepairs,i,j,with,violatingthecommunicationrangeconstraint.Hence,inorderfortopreventthewormholeattack,itfollowsthat:Theconversefollowsimmediately.If,theni,ji,ji,j.Hence,thereisnoedgei,jsuchthati,j�r,andhence,thegraphisvoidofanywormhole. Atrivialgraphwithnolinks()satisÞestheconditionsofthetheorem1.However,toensurecommunicationbetweenallnetworknodes,weseeksolutionsthatconstructaconnectedgraph.WealsonotethatthetransformationtheknowledgeofthegeometricrandomgraphV,r,deÞnedbythelocationofthevertices,andthecommunicationrangeWhennodesdonothaveaglobalviewofthenetwork(knowthelocationofothernodes),toverifytheorem1,wemustindirectlyconstructaconnectedsubgraphofthegeometricrandomgraphV,rBeforewepresentoursolutiononconstructingsuchsubgraph,wedescribetheneedednetworkmodelassumptions.III.NETWORKNetworksetup:Weassumethatthenetworknodesareran-domlydeployedwithinaspeciÞcregion.Wealsoassumethatasmallfractionofnetworknodes,calledGuardsisassignedspecialnetworkoperations.Densityoftheregularnetworknodesisassumedtobeandthedensityoftheguardsisassumedtobe,with.Weassumethatallnodesutilizeomnidirectionalantennas.Communicationrangeofregularnodesis,whilethatofguardsis�Rr.Resourceconstraints:WeassumethatguardshaveaccesstolocationinformationthroughGPS[8]orsomeotherlocalizationmethod,thoughregularnodemayhavenolocationinformation. WealsoassumethatnodesrelyonefÞcientsymmetriccryp-tographyforencryption/decryption,authenticationandhashing.Wealsoassumethatnodescanbepre-loadedwithkeys.Statisticalnetworkmodel:Itcanbeshown[11]thattherandomdeploymentofthenodesandguardsinanareacanbemodeledafteraSpatialHomogeneousPoissonPointProcess[11].Therandomplacementofthesetofguardswithadensity denotesthecardinalityofaset)isequivalenttoasequenceofeventsfollowingahomogeneousPoissonpointprocessofrate.Therandomdeploymentofasetofnodeswithadensity ,isequivalenttoarandomsamplingofwithraterateBasedonSpatialStatisticstheory[11],ifdenotesthesetofguardsheardbyanode,theprobabilitythatanodehearsexactlyguardsisgivenbythePoissondistribution: Usingthemodelin(2),wewillanalyticallyevaluatetheperformanceofouralgorithms.IV.LROADCASTInthissection,weÞrstdeÞneLBKsandshowthatLBKscanbeusedtodefendagainstwormhole.WethenpresentdetailsofadecentralizedmechanismforestablishingLBK,followedbyaprobabilisticanalysisofthesecurityofLBKscheme.ForanodewedeÞnetheneighborhoodGivenacryptographickey,letdenotethesetofnodesthatholdkeyWeassignauniquekeycalledLBKoftoallsothatHence,bydeÞnition,allone-hopneighborsofnodepossesstheLBKofnodeWefollowtheconventionthatanymessagefromnodeisencryptedwithalinkbetweennodesi,jexistsiffTheorem2:GivenisthesetofverticesdeÞnedbynetworknodes,andanarbitrarylogicalrandomgraphV,EtheedgematrixdeÞnedby:i,jElseyieldsthedesiredwormhole-freeV,EsuchthatV,risthegeometricrandomgraphdeÞnedin(1).Proof:BythedeÞnitionof,thereexistsalinki,jifandonlyifthetwonodesholdatleastoneLBK.But,accordingtothedeÞnitionofLBK,anodeiffwhichinturnimpliesthati,jsatisfy(1),whichdeÞnesthelinksofthegeometricrandomgraphV,ri,jiff.Hence,.Accordingtotheorem1,ifatransformationresultsinagraphV,Esuchthatisawormhole-free NotethatgivenLBKsforallnodes,wormholescanbeeliminatedwithouteverhavingtoknowthelocationofanynode.However,thechallengeistoestablishLBKsinthepresenceofwormholelinksandnocentralauthority.A.DecentralizedestablishmentoflocalbroadcastkeysWepresentathree-stepalgorithmforLBKestablishment.IntheÞrststep,theguardsdistributefractionalkeysnodesviabroadcasting.Instep2,everynodebroadcaststheIdsofthefractionalkeysthatitholds.Iftwonodessharemorethanathresholdnumberoffractionalkeys,theyuseallcommonfractionalkeystogenerateapairwisekey.Instep3,everynodeusesthepairwisekeystosecurelyunicastalocalbroadcastkeytoeachneighbor.WeÞrstpresentthecryptographicmechanismsofourLBKscheme.1)CryptographicMechanismsToprotectthedistributionofthefractionalkeys,alltransmissionsfromtheguardsareencryptedwithagloballysharedsymmetrickey,pre-loadedbeforedeployment.Inaddition,everynodesharesasymmetricpairwisekeyeveryguardalsopre-loaded.Inordertosavestoragespaceattheguardside,thepairwisekeyisderivedbyamasterkeyusingapseudo-randomfunction[12]andtheunique.Hence,givenan,aguardcancomputeitspairwisekeywiththenodewheneverneeded.GuardIdauthentication:ToauthenticatethesourceofthefractionalkeysweuseefÞcientone-wayhashchains[9].Eachhasauniquepasswordblindedwiththeuseofacollision-resistanthashfunctionsuchasSHA1[12].Duetothecollisionresistanceproperty,itiscomputationallyinfeasibleforanattackertoÞnd,suchthat,PW.Thehashchainisgeneratedasfollows:beingalargenumberandneverrevealedtoanynode.Duetotheone-waypropertyitisalsoinfeasibletocomputeanyvaluesofthehashchainthathavenotbepublishedbyaguard.Eachnodeispre-loadedwithatablecontainingtheIdofeachguardandthecorrespondinghashvalue.Toreducethestorageneededattheguardside,guardsuseanefÞcientstorage/computationmethodforhashchainsoftime/storagecomplexityity2)Stepsofthekeyestablishmentscheme[Step1:]Initially,everyguardgeneratesarandomfractionalkeyandbroadcastsit.Thebroadcastmessagealsocon-tainsthecoordinatesoftheguard,thenextunpublishedvalueofthehashchain,,andthehashchainindexalsoindicateshowmanybeaconshaseachguardtransmitted).Themessageformatis:denotesconcatenationofA,Bencryptionwithkey.EverynodeveriÞesthat))=forallreceivedmessagesandstoresthe,thecoordinates,thelatestpublishedhashvalueofthehashchain, (a)(b)(c)Fig.2.(a)Guardsbroadcastfractionalkeysencryptedwiththeglobalbroadcastkey,(b)NodesannouncetheIdsofthefractionalkeysthattheyhold,(c)neighbornodesthathaveincommonatleastthreefractionalkeys()establishapairwisekey.andthehashindex[Step2:]Oncethenodeshavecollectedthefractionalkeysfromalltheguardsthattheyhear,theybroadcastamessageindicatingtheIdsofthefractionalkeysthattheyhold.Iftwoneighbornodeshaveincommonfractionalkeys...FKaboveathreshold,theyestablishapairwisekey:isacollision-resistanthashfunction[9].[Step3:]Afterpairwisekeyshavebeenestablishedwithone-hopneighbors,everynodegeneratesanLBKandunicastsittoeveryneighborencryptedwiththepairwisekey.Eachnodestoresitsownbroadcastkeyusedforencryptingitsownmessages,andalsostoresallbroadcastkeysofitsone-hopneighborsinordertodecrypttheirbroadcastmessages.InÞgure2(a)theguardsdistributethefractionalkeystonodes,encryptedwiththeglobalkey.InÞgure2(b),weshowthesetofguardsthateachnodehears.InÞgure2(c),bysettingthethresholdvalue,nodeapairwisekeywithallitsimmediateneighbors.Nodewilldistributealocalbroadcastkeytoallitsimmediateusingthepairwisekeysestablishedinstep2.InÞgure3,wesummarizeourdecentralizedlocalbroadcastkeyestablishmentscheme.Decentralizedlocalbroadcastkeyestablishmentscheme SetofguardsSetofnodesVerify))=forallforallheardby,ID�th,endifendforendforforallforallendforendfor Fig.3.Thedecentralizedlocalbroadcastkeyestablishmentscheme. 15 20 10 20 30 0.2 0.4 0.6 0.8 GHs1 | th = | GHs1 |  3 l between s1, s2 (a)(b)Fig.4.(a)Allguardslocatedintheshadedareaareheardtobothnodes,(b)keyforavariablethresholdvalueequaltoB.SettingthekeyestablishmentthresholdSincenodesandguardswillberandomlydeployedwithinthenetworkregion,speciÞcnumberofguardsheardbynodesmayvary.Hence,eachnodeneedstolocallydecidethethresholdbasedonthenumberofguardsthatithears.ConsiderÞgure4(a),andassumethatanodecanhearguards.Theprobabilitykeyhearatleastcommonguardsgiventhatguardsareheardbyisequaltotheprobabilitythatatleastguardsarelocatedwithintheshadedareagiventhatofthemarelocatedwithinthecommunicationareaof.Duetotherandomguarddeployment,ifguardsarelocatedwithinaspeciÞcregion,thoseguardsareuniformlydistributed[11].Hence,theprobabilityforoneguardtobewithin .Theprobabilitythatmorethanguardsaredeployedwithin,giventhatatotalofaredeployedkey iAc canbecomputedfromÞgure4(a)by:=cos .Using(5),(6),eachnodecandetermineitsthresholdInÞgure4(b),wepresentkeyfordifferent Fig.5.Awormholeattackagainstthebroadcastoffractionalkeys.valuesofguardsheardanddistances,forV.SECURINGTHEBROADCASTOFFRACTIONALKEYSThoughonceestablishedLBKspreventwormholes(informa-tionencryptedataneighborhoodwithanLBKbedecryptedoutside),anadversarycanmountwormholeduringthedistributionofthefractionalkeys.Wenowprovidemechanismtosecurethefractionalkeydistribution.A.WormholeattackagainstthefractionalkeydistributionConsiderÞgure5,whereanadversaryestablishesabi-directionalwormholelinkbetweennodes,withbeingseveralhopsaway.Instep1ofthelocalbroadcastkeyestablishmentscheme,guardsbroadcasttheirfractionalkeys.TheadversaryrecordsallmessagesheardbyandreplaysthemessagesheardtointhevicinityofandmessagesheardbyinthevicinityofAfterthereplay,haveacommonsetoffractionalkeysB.DetectionofthewormholeattackWenowshowhowanodecandetectawormholeattackduringthefractionalkeydistributionusingtwoproperties:Singleguardproperty:Receptionofmultiplecopiesofanidenticalmessagefromthesameguardisduetoreplayormultipatheffects.Proof:Sinceguardsincludeadifferenthashvaluefromthehashchainoneverymessagetheytransmit,ifanodereceivesanidenticalmessagemorethanonetimes,itcanonlybebecause,(a)amaliciousentityreplaysthemessageor(b)therearemultipatheffects.Ifwetreatmultipatheffectsasareplayattack,thenanynodereceivingthesametransmissionmultipletimes,assumesitisunderareplayattack. InÞgure6(a),denotestheareawhereguardsheardtoarelocated(circleofradiuscenteredattheareawhereguardsheardattheoriginpointoftheattackarelocated(circleofradiuscenteredat)andthecommonarea.AnadversarythatrecordsguardsÕtransmissionsheardatpointandreplaysthemtocanbedetectedduetothesingleguardpropertywithaprobabilityequaltotheprobabilitythatatleastoneguardlieswithin1)=1InÞgure6(b),weshowthedetectionprobabilityguarddensities,fordistances,normalizedover.Weobservethatif,thesingleguardpropertycannotdetectawormholeattack.WemakeuseofthefollowingpropertytoidentifywormholeswhenCommunicationrangeconstraintproperty:Anodeheartwoguards,thataremorethani,j,iProof:Anyguardheardbynode,hastoliewithinacircleofradius,centeredatthenode.Hence,therecannotbetwoguardswithinacircleofradius,thataremorethan Wenowcomputethedetectionprobabilitybasedonthecommunicationrangeconstraintproperty.ConsiderÞgure6(c)whereifanytwoguardswithinhaveadistancelargerthattheattackisdetected.Thoughisnoteasilycomputedanalytically,wecanextractalowerboundonasfollows.InÞgure6(c),theverticallinesdeÞningshadedareas,areperpendiculartothelineconnectings,O,andhaveaseparation.Ifthereisatleastoneguardintheshadedareaandatleastoneguardintheshaded,thenandtheattackisdetected.Notethatthiseventdoesnotincludeallpossiblecasesforwhich,andhenceityieldsalowerbound.R,g=(1where(9)followsfromthefactthattheprobabilityoftheinter-sectionoftwoeventsisalwayslessorequaltotheprobabilityofoneoftheevents,(10)followsfromthedeÞnitionoftheconditionalprobability,(11)followsfromthefactthatwhen,wealwayshaveacommunicationrangeconstraintviolation(0))=1),and(12)followsfrombeingdisjointareas.Wecanshowthatthelowerboundonismaximizedbuttheproofisomittedduetospacelimitations.InÞgure6(d),weshowthelowerboundon,bysetting=maxsuchthatNotethatforvaluesisveryclosetounityforanyvalueof.Thelowerboundwiththeincreaseofandattainsitsmaximumvalue.Forvaluesthelowerboundonisequaltothecaseof 0.5 0.02 0.04 0.06 0.08 0.1 0.4 0.6 0.8 : Single Guard Property
g 2 3 0.04 0.06 0.08 0.1 0.2 0.4 0.6 0.8 P(CR)
g (a)(b)(c)(d)Fig.6.Singleguardproperty,(a)anodecannothearmultiplecopiesofanidenticalmessage,(b)Detectionprobability.Communicationrangeconstraintviolation,(c)asensorcannotheartwoguardsthataremorethanapart,(d)DetectionprobabilityDetectionprobabilityofawormholeattack:Bycombiningthetwopreviouslypresenteddetectionmechanismswecanderivealowerboundontheprobabilityofwormholedetectionduringthebroadcastofthefractionalkeys.BysettingandmaximizingregardlessofthedistancetheareasdonotoverlapasshowninÞgure8(a).Hence,theeventsofaguardbeinglocatedatanyoftheseareasareindependentandwecanderivealowerboundon)(1)+(1Thequantityin(13)isalowerboundonsinceweusedthelowerboundon.InÞgure8(b),weshowthelowerboundonon,4R].Notethatthelowestdetectionprobabilityis,attainedatFromÞgure8(b),weobservethatawormholeattackduringthedistributionofthefractionalkeysisdetectedwithaprobabilityveryclosetounity,independentofthedistanceC.KeyestablishmentinthepresenceofwormholesAlthoughawormholecanbedetectedusingthetwodetectionmechanisms,anodeunderattackcannotdistinguishthevalidsubsetofguardsfromthereplayedones.WenowdescribetheClosestGuardAlgorithm)toresolvetheguardambiguity.CGAÐThenodebroadcastsanoncealongwithitsIdandwaitsfortheÞrstauthenticreplyfromaguardguardsthathearnoncereplywithamessagecontainingtheircoordinates,thenexthashvalueoftheirhashchainandthenonceThemessagetransmittedfromeachguardisencryptedwiththepairwisekeyonlyknowntos,gThenodeidentiÞestheguardwhosereplyarrivesÞrstastheclosestguardtoThenusingthecommunicationrangeconstraintproperty,itidentiÞesthesetasalltheguardsthatarenotmorethanawayfrom,andusesthefractionalkeysreceivedfromtoestablishpairwisekeyswithitsimmediateneighbors.ToexecuteCGA,anodemustbeabletocommunicatebi-directionallywithatleastoneguard.Theprobabilityofanodehavingabi-directionallinkis:.From,wecancomputetheprobabilitynodescanbi-directionallycommunicatewithatleastoneguard: 1 2 3 4 0.04 0.06 0.08 0.1 0.9 0.92 0.94 0.96 0.98 det: Probability of wormhole detection
g (a)(b)Fig.8.(a)Combinationofthesingleguardandcommunicationrangeconstraintproperties.(b)Wormholedetectionprobability.Foradesiredprobability,wecancompute Š1Š|S| P  Š1Š|S| P ClosestGuardAlgorithm(CGA) Broadcast3.IdentifythatrepliesÞrstwithcorrectnonce.4.Set VI.PVALUATIONSimulationsetup:WegeneratedrandomnetworktopologiesconÞnedinasquareareaofsize=10,000.Foreachnetworktopologywerandomlyplaced,(a)5,000nodeswithin,withacommunicationrange,(b)guardswithvariabledensityandcommunicationrange.Toensurestatisticalvalidity,werepeatedeachexperimentfor1,000networksandaveragedtheresults.NotethattoavoidbordereffectsweconsideredtoroidaldistanceinsteadofregularEuclideandistance[11].Keyestablishmentwithone-hopneighbors:InourÞrstexperimentweevaluatedthepercentageofone-hop(immediate)thateachnodeisabletoestablishalocalbroadcastkeywith.InÞgure7(a),wepresentforvariableguarddensity.Notethatwepreferred 0 5 10 15 20 25 30 0 0.2 0.4 0.6 0.8 1 | GH s |  th pimmed Varying
g,
s=0.5, Area=100x100
g=0.005
g=0.01
g=0.02
g=0.03
g=0.04
g=0.05 5 10 15 20 25 30 0 0.2 0.4 0.6 0.8 1 | GH s |  th pimmed Varying R,
s=0.5, Area=100x100 =8 R=10 R=12 R=15 R=20 5 15 20 25 30 10 | GH s |  th p
g,
s=0.5, Area=100x100
g
g
g
g
g
g 5 15 20 25 30 10 | GH s |  th p R,
s=0.5, Area=100x100 (a)(b)(c)(d)Fig.7.Percentageofimmediateneighborsthatsharemorethanfractionalkeysfor=10for,(a)varyingguarddensity,(b)varyingguardcommunicationrange.Percentageofnon-immediateneighborsthatsharemorethanfractionalkeysfor=10for,(c)varyingguard,(d)varyingguardcommunicationrangetoplot,insteadofvarieslocallyforeverynodedependingonWeobserveinÞgure7(a)thatanincreasein,requiresahigherdifferencetoachievethesame.Thisisduetothefactthatwhileincreasingdensityincreasesthenumberofguardsheardbymorenodes,thejointprobabilityofmanyguardsbeingheardbymultiplenodesdoesnotincreaseasmuchasHence,athresholdvalueclosetoisolateanodefrommanyofitsone-hopneighbors.Hence,weneedtoselectasigniÞcantlylowerthan.Figure7(b)presentsfordifferentguardcommunicationrange.NotethatanincreaseinrequiresasigniÞcantlylower,toavoidone-hopneighborisolation.Isolationofnon-immediateneighbors:Inoursecondexperi-mentweevaluatedthepercentageofnon-immediateneighborsthatsharemorethanfractionalkeysasvaried.Foreachnode,wetookintoaccountinthepercentagecalcu-lation,onlythoseneighborsthatheardatleastonecommonguardwiththenodeunderconsideration.InÞgure7(c),weshowbothinalogarithmicscaleforvaryingandshowhowwecanachievehigherisolationofnon-immediateneighborswiththeincrease.Thisisduetothefactthatasincreases,moreguardsareheardtoeachnodeandhence,wecanadjustthethresholdwithbetteraccuracycomparedtothecasewherealowvalue.InÞgure7(d),wepresentbothfordifferentguard-to-nodecommunicationrangeandshowhowweachievehigherisolationofnon-immediateneighborswiththeincreaseofChoosingthethresholdvalue:FromÞgures7(a)Ð(d)wecandeterminetheappropriatevalueofthresholdbasedonoursecurityconstraintandsystemparameters.Forexample,ifoursecurityconstraintrequiresanon-immediateneighborisolationabove99%,wecanachievea.Byincreasingtheguarddensitytoforthesameconstraints,wecanachieveaHence,underanysecurityconstraints,wecanselectthesystem,sothatwemaximize,whilekeepingunderthegivenconstraint.VII.CWepresentedagraphtheoreticapproachcharacterizingrecentlyreported[1]wormholeattacksonwirelessadhocnetworks.WederivedthenecessaryandsufÞcientconditionsforanytransformationtoremovewormholes,andshowedthatanycandidatesolutionpreventingawormholeattackmustproduceaconnectedsubgraphofthegeometricgraphmodelofthenet-work.Wealsoproposedacryptography-basedsolutionrelyingonlocalbroadcastkeysandprovidedadistributedmechanismforestablishingtheminrandomlydeployednetworks.Weanalyticallydeterminedthelevelofsecurityachievedbyourschemebasedonspatialstatisticstheory.WeshowedthattheappropriatechoiceofnetworkparameterseliminateswormholelinkswithaprobabilityclosetounityandveriÞedthevalidityofourresultsviasimulations.Itisourclaimthatintheabsenceoflocationordistancebounding,wemustuseprobabilistictechniquesfordealingwithwormholes.[1]Y.Hu,A.Perrig,andD.Johnson,PacketLeashes:ADefenseAgainstWormholeAttacksinWirelessAdHocNetworks,inProc.ofINFOCOMSanFrancisco,CA,USA,April2003.[2]S.Zhu,S.SetiaandS.Jahodia,LEAP:EfÞcientSecurityMechanismsforLarge-ScaleDistributedSensorNetworks,inProc.ofCCS2003,2003.[3]Yih-ChunHu,D.Johnson,A.Perrig,RushingAttacksandDefenseinWirelessAdHocNetworkRoutingProtocols,InProceedingsoftheACMWorkshoponWirelessSecurity,WiSe2003,Sep.2003.[4]L.LazosandR.Poovendran,SeRLoc:SecureRange-IndependentLocal-izationforWirelessSensorNetworks,toappearinProcofWISE2004[5]C.E.Perkins,P.Bhagwat,HighlyDynamicDestination-SequencedDistance-Vectorrouting(DSDV)formobilecomputers,inProc.oftheSIGCOMM1994August1994,pp.234-244.[6]R.V.Boppana,S.Konduru,AnAdaptiveDistanceVectorRoutingAlgo-rithmforMobileAdHocNetworks,inProc.ofINFOCOM2001,2001.[7]M.Penrose,RandomGeometricGraphs,OxfordUniversityPress,NewYork,2003.[8]B.Hofmann-Wellenhof,H.LichteneggerandJ.Collins,GlobalPositioningSystem:TheoryandPractice,FourthEdition,Springer-Verlag,1997.[9]L.Lamport,PasswordAuthenticationwithInsecureCommunication,InCommunicationsoftheACM,24(11):770-772,November1981.[10]D.CoppersmithandM.Jakobsson,Almostoptimalhashsequencetraver-sal,InProc.oftheFC2002,LectureNotesinComputerScience,IFCA,Springer-Verlag,BerlinGermany,2002.[11]N.Cressie,StatisticsforSpatialData,JohnWiley&Sons,1993.[12]D.Stinson,Cryptograhpy:TheoryandPractice,2ndedition,CRCPress, PreventingWormholeAttacksonWirelessAdHocNetworks:AGraphTheoreticApproachL.LazosR.PoovendranC.MeadowsP.SyversonL.W.ChangUniversityofWashington,Seattle,Washington,NavalResearchLaboratory,Washington,DC lazos,radha