On Detecting Route Hijacking Attack in Opportunistic Mobile Networks

In this paper, we show that Hybrid Routing and Prophet protocols in Opportunistic Mobile Networks (OMNs) are vulnerable to the CollusiveHijack attack, in which a malicious attacker, Eve, compromises a set of nodes and lies about their Inter-Contact-Times (ICTs). Eve claims that her nodes meet more frequently than in reality to hijack the routes of legitimate nodes in OMNs. The CollusiveHijack attack enables Eve to launch more severe attacks like packet modification, traffic analysis, and incentive seeking attacks. To identify the CollusiveHijack attack, we propose the Kolmogorov-Smirnov two-sample test to determine whether the statistical distribution of the packets’ delays follows the derived distribution from the ICTs among the nodes. We propose three techniques to detect the CollusiveHijack attack, the Path Detection Technique (PDT), the Hop Detection Technique (HDT), and the Early Hop Detection Technique (EHDT), which trade off compatibility with the Bundle Security Protocol, the detection rate, and the detection latency. We evaluated our techniques through extensive trace-driven simulations and a proof-of-concept system implementation and show that they can detect CollusiveHijack attacks with 80.0% to 99.4% detection rates (when Eve hijacks more than 60 packets) while maintaining a low false positive rate ( $\sim$ 3.6%) and a short detection latency (7-14 hours) for EHDT (75%-85% enhancement compared to PDT and HDT).