The wormhole attack is a severe attack against ad hoc routing protocols that is particularly challenging to defend against; it can potentially cripple a range of ad hoc network routing protocols. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them to another location, and retransmits them from there into the network. Most existing ad hoc network routing protocols that lack a mechanism to defend them against the wormhole attack would be unable to find routes longer than one or two hops, which severely disrupts communication. If a wormhole attacker tunnels all packets through the wormhole honestly and reliably, no harm is done; the attacker actually provides a useful service in connecting the network more efficiently. However, when an attacker forwards only routing control messages, this attack might severely disrupt routing. For example, when used against an on-demand routing protocol such as DSR4 or AODV, a powerful application of the wormhole attack can be mounted by tunneling each ROUTE REQUEST packet directly to the target node of the REQUEST. This attack prevents any node from discovering routes more than two hops long. Periodic protocols are also vulnerable to this kind of attack. For example, OLSR and TBRPF use HELLO packets for neighbor detection, so if an attacker tunnels to B all HELLO packets transmitted by A and tunnels to A all HELLO packets transmitted by B, then A and B will believe that they are neighbors, which would cause the routing protocol to fail to find routes when they aren’t actually neighbors. The wormhole attack is also dangerous in other wireless applications. One example is any wireless access control system that is proximity based, such as wireless car keys or proximity- and token-based access control systems for PCs. In such systems, an attacker could relay authentication exchanges to gain unauthorized access. Our solution to the wormhole attack is packet leashes. We consider specifically two types of packet leashes: geographical and temporal. The main idea is that by authenticating either an extremely precise timestamp or location information combined with a loose timestamp, a receiver can determine if the packet has traversed an unrealistic distance for the specific network technology used. Temporal leashes rely on extremely precise time synchronization and timestamps in each packet. We can approximate a packet’s travel time as the difference between the receive time and the timestamp. To be more conservative, however, a node can choose to add the maximum time synchronization error, assuming that the sender’s clock might be faster than the receiver’s.