Security analysis of the Bootstrap protocol for deny-by-default Mobile Ad-hoc Networks

In previous work, we proposed a “Bootstrap” protocol for establishing neighbor relationships, between two mobile nodes in a mission critical deny-by-default Mobile Ad-hoc Network. In this paper, we formally characterize the security properties of this Bootstrap protocol, striving to answer the following questions: 1) To what extent can an adversary undermine the correctness and performance of the Bootstrap protocol? 2) To what extent can the Bootstrap protocol be improved in anticipation of an adversary? Our analyses employ a combination of formal logic and two standard automated model checkers, SPIN and PRISM. Two types of threats are considered, which we call the subverted node and the subverted link. In the subverted link analysis, we further categorize the adversary into two variants, which we call dark-red or light-red in correspondence with having detailed Bootstrap-protocol-specific knowledge or only generic neighbor setup knowledge, respectively. The subverted node analysis shows that the adversary cannot TCP-SYN-flood-like attack nor deadlock the good node within the Bootstrap protocol. The subverted link analysis shows that the adversary cannot undermine the correctness of the protocol, in the sense that the protocol's performance is only degraded in a bounded manner by the dark-red adversary or in a benign manner by the light-red adversary.

[1]  John A. Clark,et al.  Threat Modelling for Mobile Ad Hoc and Sensor Networks , 2009 .

[2]  Thomas Hérault,et al.  Probabilistic Model Checking of the CSMA/CD Protocol Using PRISM and APMC , 2005, AVoCS.

[3]  Kang-Won Lee,et al.  How to Enable Policy-Based Interactions in Dynamic Wireless Networks? , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[4]  William A. Arbaugh,et al.  Bootstrapping security associations for routing in mobile ad-hoc networks , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[5]  John C. Mitchell,et al.  Security Analysis and Improvements for IEEE 802.11i , 2005, NDSS.

[6]  Vitaly Shmatikov,et al.  Probabilistic Model Checking of an Anonymity System , 2004 .

[7]  D. Towsley,et al.  Bootstrapping deny-by-default access control for mobile ad-hoc networks , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[8]  Vitaly Shmatikov Probabilistic analysis of an anonymity system , 2004, J. Comput. Secur..

[9]  Argyraki,et al.  Network Capabilities : The Good , the Bad and the Ugly Katerina , 2022 .

[10]  Mick Bauer Paranoid penguin: Introduction to SELinux, Part II , 2007 .

[11]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[12]  Sergey Bratus,et al.  Pastures: Towards Usable Security Policy Engineering , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[13]  Xiaowei Yang,et al.  A DoS-limiting network architecture , 2005, SIGCOMM '05.

[14]  Gregor von Bochmann,et al.  Formal Methods in Communication Protocol Design , 1980, IEEE Trans. Commun..

[15]  Holger Peine,et al.  Rules of Thumb for Developing Secure Software: Analyzing and Consolidating Two Proposed Sets of Rules , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[16]  Marta Z. Kwiatkowska,et al.  PRISM: Probabilistic Symbolic Model Checker , 2002, Computer Performance Evaluation / TOOLS.

[17]  Sandeep N. Bhatt,et al.  Federated security management for dynamic coalitions , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[18]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[19]  L. Kant,et al.  Performance Analysis of Drama: A Distributed Policy-Based System for Manet Management , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[20]  Angelos D. Keromytis,et al.  Implementing a distributed firewall , 2000, CCS.

[21]  Tilman Wolf Design of a network architecture with inherent data path security , 2007, ANCS '07.

[22]  Angelos D. Keromytis,et al.  The STRONGMAN architecture , 2003, Proceedings DARPA Information Survivability Conference and Exposition.