CollusiveHijack: A New Route Hijacking Attack and Countermeasures in Opportunistic Networks

In this paper, we first show that Hybrid Routing and Prophet protocols in Opportunistic Networks are vulnerable to the CollusiveHijack attack. In this attack, a malicious attacker, Eve, compromises a set of nodes and lies about their Inter Contact Times (ICTs). Eve claims that her nodes meet more frequently than in reality, with the goal of hijacking the routes of legitimate nodes. The CollusiveHijack enables Eve to launch more severe attacks like packet modification attack, traffic analysis attack, and incentive seeking attack. To identify the CollusiveHijack attack, we propose the Kolmogorov-Smirnov two-sample test to determine whether the statistical distribution of the packets' delays follows the derived distribution from the ICTs among the nodes. We propose two techniques to detect the CollusiveHijack attack: the Path Detection Technique (PDT) and the Hop Detection Technique (HDT), which trade off compatibility with the Bundle Security Protocol and the detection rate. We evaluated PDT and HDT through extensive simulations and a proof-of-concept system implementation. The results show that PDT and HDT are able to detect CollusiveHijack attacks with 80.0% and 99.4% detection rates, respectively (when Eve hijacks more than 60 packets) while maintaining a low false positive rate of 3.6%.