Firewalls are one of the essential security elements to enforce access policies in computer networks. Open network architecture, shared wireless medium, stringent resource constraints, and highly dynamic network topology impose a new set of challenges on deploying firewalls in a mobile wireless environment. The current state-of-the-art demands for self protection by personal (i.e. local) firewalls for each node; however, this requires that all unwanted traffic travels all the way to the node before it is discarded at the destination. This wastes considerable bandwidth and power of all of the nodes in a network with multi-hop routing, specially if a node is under a denial of service (DoS) attack. In this paper, we develop a novel distributed firewalling scheme for wireless networks in which nodes collaboratively perform packet filtering to address resource squandering. The proposed scheme introduces techniques to distribute discarding rules based on both proactive and reactive routing protocols. It also proposes efficient rule placement mechanisms to maximize the number of packets discarded remotely before they reach the destination and minimize the number of unwanted packet forwardings. The scheme is evaluated through various simulation scenarios. The simulation results show that by distributing only 1% of the rules, about 42% of the unwanted traffic is discarded before it reaches the destination, which significantly saves the network resources. Saving about 30% of the wasted bandwidth can be crucial for the performance of a wireless network.
[1]
Charles E. Perkins,et al.
Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for mobile computers
,
1994,
SIGCOMM.
[2]
David A. Maltz,et al.
The Dynamic Source Routing Protocol (DSR) for Mobile Ad Hoc Networks for IPv4
,
2007,
RFC.
[3]
Charles E. Perkins,et al.
Ad hoc On-Demand Distance Vector (AODV) Routing
,
2001,
RFC.
[4]
Philippe Jacquet,et al.
Optimized Link State Routing Protocol (OLSR)
,
2003,
RFC.
[5]
Angelos D. Keromytis,et al.
DIPLOMA: Distributed Policy Enforcement Architecture for MANETs
,
2010,
2010 Fourth International Conference on Network and System Security.
[6]
Angelos D. Keromytis,et al.
Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks
,
2009,
SecureComm.
[7]
Rafael M. Gasca,et al.
Stateful Firewalling for Wireless Mesh Networks
,
2008,
2008 New Technologies, Mobility and Security.
[8]
Giorgio Ventre,et al.
Network Simulator NS2
,
2008
.
[9]
Mohamed G. Gouda,et al.
Structured firewall design
,
2007,
Comput. Networks.
[10]
Paolo Santi,et al.
The Node Distribution of the Random Waypoint Mobility Model for Wireless Ad Hoc Networks
,
2003,
IEEE Trans. Mob. Comput..
[11]
Rafael M. Gasca,et al.
Mesh Network Firewalling with Bloom Filters
,
2007,
2007 IEEE International Conference on Communications.