Trusted Application-Centric Ad-Hoc Networks

Nodes in MANETs lack the protection offered by firewalls in infrastructure-based networks because malicious nodes can roam into the vicinity of another node and start launching attacks. This paper presents a distributed mechanism that allows trusted nodes to create protected networks in MANETs. A protected network is created to run a specific application and enforce a common network access control policy associated with that application. To become a member in the protected network, a node has to demonstrate its trustworthiness by proving its ability to enforce policies. Attacks from untrusted nodes are impossible because these nodes are not allowed to establish wireless links with member nodes. Attacks from member nodes are stopped at the originators by the network policy. The trusted execution of all programs involved in policy enforcement is guaranteed by a kernel agent. We demonstrate the correctness of our solution through security analysis and its feasibility through a prototype implementation tested over an IEEE 802.11 ad hoc network.

[1]  Robert P. Goldberg,et al.  Survey of virtual machine research , 1974, Computer.

[2]  Vincent S. Tseng,et al.  Energy efficient strategies for object tracking in sensor networks: A data mining approach , 2007, J. Syst. Softw..

[3]  Deborah Estrin,et al.  Directed diffusion for wireless sensor networking , 2003, TNET.

[4]  Walter J. Franz,et al.  FLEETNET - INTERNET ON THE ROAD , 2001 .

[5]  Liviu Iftode,et al.  TrafficView: traffic data dissemination using car-to-car communication , 2004, MOCO.

[6]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[7]  Naftaly H. Minsky,et al.  The Imposition of Protocols Over Open Distributed Systems , 1991, IEEE Trans. Software Eng..

[8]  N. Asokan,et al.  Key agreement in ad hoc networks , 2000, Comput. Commun..

[9]  Morrie Gasser,et al.  The Digital Distributed System Security Architecture , 1989 .

[10]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[11]  Liviu Iftode,et al.  Spatial programming using smart messages: design and implementation , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[12]  Leonidas J. Guibas,et al.  Multi-object tracking and identity management in wireless sensor networks , 2004 .

[13]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[14]  Thu D. Nguyen,et al.  Enforcement of Communal Policies for Peer-to-Peer Systems , 2004 .

[15]  William A. Arbaugh,et al.  Security issues in IEEE 802.11 wireless local area networks: a survey , 2004, Wirel. Commun. Mob. Comput..

[16]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[17]  Tim Leinmüller,et al.  Influence of falsified position data on geographic ad-hoc routing , 2005 .

[18]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[19]  Antonio Puliafito,et al.  MANET: possible applications with PDA in wireless imaging environment , 2002, The 13th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications.

[20]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[21]  Adrian Perrig,et al.  Challenges in Securing Vehicular Networks , 2005 .

[22]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[23]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[24]  Pan Hui,et al.  Pocket switched networks and human mobility in conference environments , 2005, WDTN '05.

[25]  Jaap Haartsen,et al.  BLUETOOTH—The universal radio interface for ad hoc, wireless connectivity , 1998 .

[26]  Robert Tappan Morris,et al.  USENIX Association Proceedings of HotOS IX : The 9 th Workshop on Hot Topics in Operating Systems , 2003 .

[27]  Lars Richter,et al.  Untersuchung und Bewertung von Netzzugangssteuerungen auf Basis des Standards 802.1x (Port-Based Network Access Control) , 2005 .

[28]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[29]  David E. Culler,et al.  SPINS: security protocols for sensor networks , 2001, MobiCom '01.

[30]  Liviu Iftode,et al.  Toward a security architecture for smart messages: challenges, solutions, and open issues , 2003, 23rd International Conference on Distributed Computing Systems Workshops, 2003. Proceedings..

[31]  Jeffrey M. Voas,et al.  Certifying Software for High-Assurance Environments , 1999, IEEE Softw..

[32]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[33]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[34]  Matthias Frank,et al.  Human mobility in MANET disaster area simulation - a realistic approach , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[35]  Atul Prakash,et al.  Enforcing provisioning and authorization policy in the Antigone system , 2006, J. Comput. Secur..

[36]  Robin Kravets,et al.  MOCA : MObile Certificate Authority for Wireless Ad Hoc Networks , 2004 .

[37]  David A. Maltz,et al.  A performance comparison of multi-hop wireless ad hoc network routing protocols , 1998, MobiCom '98.

[38]  Tal Garfinkel,et al.  Understanding data lifetime via whole system simulation , 2004 .

[39]  Judith A. Furlong,et al.  Public Key Infrastructure Study , 1994 .

[40]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[41]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[42]  정 허윈 Extensible authentication protocol over local area network(eapol) proxy in a wireless network for node to node authentication , 2006 .

[43]  Ramesh Govindan,et al.  Monitoring civil structures with a wireless sensor network , 2006, IEEE Internet Computing.

[44]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[45]  Bharat K. Bhargava,et al.  Peer-to-peer file-sharing over mobile ad hoc networks , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[46]  Liviu Iftode,et al.  TrafficView: a scalable traffic monitoring system , 2004, IEEE International Conference on Mobile Data Management, 2004. Proceedings. 2004.

[47]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[48]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[49]  Leendert van Doorn,et al.  Take control of TCPA , 2003 .

[50]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[51]  Pat Hanrahan,et al.  ICrafter: A Service Framework for Ubiquitous Computing Environments , 2001, UbiComp.

[52]  Tuomas Aura,et al.  Towards a Survivable Security Architecture for Ad-Hoc Networks , 2001, Security Protocols Workshop.

[53]  L. Iftode,et al.  TrafficView: a driver assistant device for traffic monitoring based on car-to-car communication , 2004, 2004 IEEE 59th Vehicular Technology Conference. VTC 2004-Spring (IEEE Cat. No.04CH37514).

[54]  Avishai Wool,et al.  Fang: a firewall analysis engine , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[55]  Srdjan Capkun,et al.  The security and privacy of smart vehicles , 2004, IEEE Security & Privacy Magazine.

[56]  Victoria Ungureanu,et al.  Regulated Coordination in Open Distributed Systems , 1997, COORDINATION.

[57]  Ying-Dar Lin,et al.  Multihop cellular: a new architecture for wireless communications , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[58]  Günter Karjoth The Authorization Service of Tivoli Policy Director , 2001, Seventeenth Annual Computer Security Applications Conference.

[59]  Ehab Al-Shaer,et al.  Discovery of policy anomalies in distributed firewalls , 2004, IEEE INFOCOM 2004.

[60]  Srdjan Capkun,et al.  Self-Organized Public-Key Management for Mobile Ad Hoc Networks , 2003, IEEE Trans. Mob. Comput..

[61]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[62]  Alan T. Sherman,et al.  Policy-based security management for large dynamic groups: an overview of the DCCM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[63]  Simon S. Lam,et al.  A framework for distributed authorization , 1993, Conference on Computer and Communications Security.

[64]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[65]  Gang Xu,et al.  An authorization system for temporal data , 2002, Proceedings 18th International Conference on Data Engineering.

[66]  Angelos D. Keromytis,et al.  Implementing a distributed firewall , 2000, CCS.

[67]  Matt Welsh,et al.  Deploying a wireless sensor network on an active volcano , 2006, IEEE Internet Computing.

[68]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[69]  Dan Boneh,et al.  Experimenting with Shared Generation of RSA Keys , 1999, NDSS.

[70]  Charles E. Perkins,et al.  Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for mobile computers , 1994, SIGCOMM.

[71]  Pan Hui,et al.  Pocket Switched Networks: Real-world mobility and its consequences for opportunistic forwarding , 2005 .

[72]  William A. Arbaugh,et al.  Your 80211 wireless network has no clothes , 2002, IEEE Wirel. Commun..

[73]  J. Jubin,et al.  The DARPA packet radio network protocols , 1987, Proceedings of the IEEE.

[74]  Roy H. Campbell,et al.  Gaia: enabling active spaces , 2000, ACM SIGOPS European Workshop.

[75]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[76]  Carl A. Waldspurger,et al.  Memory resource management in VMware ESX server , 2002, OSDI '02.

[77]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[78]  Liviu Iftode,et al.  Guest Editors' Introduction: Intelligent Transportation and Pervasive Computing , 2006, IEEE Pervasive Computing.

[79]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[80]  Liviu Iftode,et al.  Locality driven key management architecture for mobile ad-hoc networks , 2004, 2004 IEEE International Conference on Mobile Ad-hoc and Sensor Systems (IEEE Cat. No.04EX975).

[81]  Trent Jaeger,et al.  Attestation-based policy enforcement for remote access , 2004, CCS '04.

[82]  David A. Maltz,et al.  DSR: the dynamic source routing protocol for multihop wireless ad hoc networks , 2001 .

[83]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[84]  Tzung-Shi Chen,et al.  Mobile object tracking in wireless sensor networks , 2007, Comput. Commun..

[85]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[86]  Thu D. Nguyen,et al.  Using Firewalls to Enforce Enterprise-wide Policies over Standard Client-Server Interactions , 2006, J. Comput..

[87]  Victoria Ungureanu,et al.  Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems , 2000, TSEM.

[88]  Naftaly H. Minsky,et al.  Regulating Work in Digital Enterprises: A Flexible Managerial Framework , 2002, CoopIS/DOA/ODBASE.

[89]  Liviu Iftode,et al.  Satem: Trusted Service Code Execution across Transactions , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[90]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[91]  Emil C. Lupu,et al.  PEACE : a policy-based establishment of ad-hoc communities , 2004, 20th Annual Computer Security Applications Conference.

[92]  Refik Molva,et al.  Establishment of Ad-Hoc Communities through Policy-Based Cryptography , 2007, WCAN@ICALP.

[93]  Robert Tappan Morris,et al.  CarNet: a scalable ad hoc wireless network system , 2000, ACM SIGOPS European Workshop.

[94]  Liviu Iftode,et al.  Smart Messages: A Distributed Computing Platform for Networks of Embedded Systems , 2004, Comput. J..

[95]  Victoria Ungureanu,et al.  Unified Support for Heterogeneous Security Policies in Distributed Systems , 1998, USENIX Security Symposium.