2009 Articles
Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks
Mobile Ad-hoc Networks (MANETs) are increasingly employed in tactical military and civil rapid-deployment networks, including emergency rescue operations and ad hoc disaster-relief networks. However, this flexibility of MANETs comes at a price, when compared to wired and base station-based wireless networks: MANETs are susceptible to both insider and outsider attacks. This is mainly because of the lack of a well-defined defense perimeter preventing the effective use of wired defenses including firewalls and intrusion detection systems. We introduce a novel distributed security policy enforcement architecture that is designed specifically for MANETs. Our approach harnesses and extends the concept of network capabilities and is especially suited for mobile and heterogeneous communication environments. Our model imposes communication restrictions between MANET nodes by enforcing hop-by-hop policies in a distributed manner. We use a deny-by-default principle, allowing compromised nodes to access only authorized services. This significantly limits their ability disrupt or even interfere with end-to-end connectivity and nodes beyond their local communication radius. In this short paper, we only present the overall architecture of the system.
Subjects
Files
- manet-securecomm.pdf application/pdf 152 KB Download File
Also Published In
- Title
- Security and Privacy in Communication Networks: 5th International ICST Conference, SecureComm 2009, Athens, Greece, September 14-18, 2009: Revised Selected Papers
- Publisher
- Springer
- DOI
- https://doi.org/10.1007/978-3-642-05284-2_3
More About This Work
- Academic Units
- Computer Science
- Series
- Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 19
- Published Here
- August 9, 2011