Distributed Firewall For MANETs

Alicherry, Mansoor; Keromytis, Angelos D.; Stavrou, Angelos

Mobile Ad-hoc Networks (MANETs) are increasingly used in military tactical situations and in civil rapid-deployment networks, including emergency rescue operations and {\it ad hoc} disaster-relief networks. The flexibility of MANETs comes at a price, when compared to wired and basestation-based wireless networks: MANETs are susceptible to both insider (compromised node) and outsider attacks due to the lack of a well-defined perimeter in which to deploy firewalls, intrusion detection systems, and other mechanisms commonly used for network access and admission control. In this paper, we define a distributed firewall architecture that is designed specifically for MANETs. Our approach harnesses and extends the concept of a {\it network capability}, and is especially suited for environments where the communicating nodes have different roles and hence different communication requirements, such as in tactical networks. Our model enforces communication restrictions among MANET nodes and services, allowing hop-by-hop policy enforcement in a distributed manner. We use a ''deny-by-default'' model where compromised nodes have access only to authorized services, without the ability to disrupt or interfere with end-to-end service connectivity and nodes beyond their local communication radius. Our simulations show that our solution has minimal overhead in terms of bandwidth and latency, works well even in the presence of routing changes due to mobile nodes, and is effective in containing misbehaving nodes.



More About This Work

Academic Units
Computer Science
Department of Computer Science, Columbia University
Columbia University Computer Science Technical Reports, CUCS-
Published Here
April 26, 2011