Evaluating a Collaborative Defense Architecture for MANETs
Mansoor Alicherry; Angelos D. Keromytis; Angelos Stavrou
- Evaluating a Collaborative Defense Architecture for MANETs
Keromytis, Angelos D.
- Computer Science
- Permanent URL:
- Book/Journal Title:
- 2009 IEEE International Conference on Internet Multimedia Services Architecture and Applications (IMSAA), 9-11 Dec. 2009, Bangalore, India
- Publisher Location:
- Piscataway, N.J.
- Mobile Ad-hoc Networks (MANETs) are susceptible to both insider and outsider attacks more than wired and base station-based wireless networks. This is because of the lack of a well-defined defense perimeter in MANETs, preventing the use of defenses including firewalls or intrusion detection systems. This lack of perimeter calls for implementation of security in a distributed, collaborative manner. We recently introduced a novel deny-by-default distributed security policy enforcement architecture for MANETs by harnessing and extending the concept of network capabilities. The deny-by-default principle allows compromised nodes to access only authorized services, limiting their ability to disrupt or even interfere with end-to-end connectivity and nodes beyond their local communication radius. The enforcement of policies is done hop-by-hop, in a distributed manner. In this paper we present preliminary results evaluating our architecture. Through simulation, we show that our solution incurs minimal overhead in terms of network bandwidth and latency even in the presence of cryptographic operations. Furthermore, we show that the protection remains effective even in the presence of misbehaving nodes and routing changes due to mobility. While further work is needed to fully evaluate our scheme, we believe that the notion of collaborative security in MANETs is a promising direction for future research.
- Computer science
- Item views: