Skip to main content

Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks

  • Conference paper

Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST,volume 19)

Abstract

Mobile Ad-hoc Networks (MANETs) are increasingly employed in tactical military and civil rapid-deployment networks, including emergency rescue operations and ad hoc disaster-relief networks. However, this flexibility of MANETs comes at a price, when compared to wired and base station-based wireless networks: MANETs are susceptible to both insider and outsider attacks. This is mainly because of the lack of a well-defined defense perimeter preventing the effective use of wired defenses including firewalls and intrusion detection systems.

We introduce a novel distributed security policy enforcement architecture that is designed specifically for MANETs. Our approach harnesses and extends the concept of network capabilities and is especially suited for mobile and heterogeneous communication environments. Our model imposes communication restrictions between MANET nodes by enforcing hop-by-hop policies in a distributed manner. We use a deny-by-default principle, allowing compromised nodes to access only authorized services. This significantly limits their ability disrupt or even interfere with end-to-end connectivity and nodes beyond their local communication radius. In this short paper, we only present the overall architecture of the system.

Keywords

  • MANETs
  • Capabilities
  • Distributed Firewall

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-05284-2_3
  • Chapter length: 10 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-3-642-05284-2
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   139.00
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Akbania, R., Korkmaz, T., Raju, G.: HEAP: A packet authentication scheme for mobile ad hoc networks. In: Communications and Networking Simulation Symposium (2007)

    Google Scholar 

  2. Anderson, T., Roscoe, T., Wetherall, D.: Preventing internet denial-of-service with capabilities. In: Proc. of Hotnets-II (2003)

    Google Scholar 

  3. Blaze, M., Ioannidis, J., Keromytis, A.: Trust management for ipsec. In: Symposium on Network and Distributed Systems Security, SNDSS (2001)

    Google Scholar 

  4. Estrin, D., Mogul, J.C., Tsudik, G.: Visa protocls for controlling interorganizational datagram flow. IEEE Journal on Selected Areas in Communications (May 1989)

    Google Scholar 

  5. Ioannidis, S., Keromytis, A.D., Bellovin, S.M., Smith, J.M.: Implementing a distributed firewall, pp. 190–199 (2000)

    Google Scholar 

  6. Jaramillo, J., Srikant, R.: Darwin: Distributed and adaptive reputation mechanism for wireless ad-hoc networks. In: MOBICOM (2007)

    Google Scholar 

  7. Lee, R.: Netware 4.x performance tuning and optimization: Part 3 (October 1993), http://support.novell.com/techcenter/articles/ana19931001.html

  8. Parno, B., Wendlandt, D., Shi, E., Perrig, A., Maggs, B., Hu, Y.-C.: Portcullis: protecting connection setup from denial-of-capability attacks. SIGCOMM Comput. Commun. Rev. 37(4), 289–300 (2007)

    CrossRef  Google Scholar 

  9. Shi, E., Perrig, A.: Designing secure sensor networks. IEEE Wireless Communications (2004)

    Google Scholar 

  10. Wobber, E., Abadi, M., Burrows, M., Lampson, B.: Authentication in the taos operating system. ACM Transactions on Computer Systems 12 (February 1994)

    Google Scholar 

  11. Wu, B., Chen, J., Wu, J., Cardei, M.: A survey on attacks and countermeasures in manets. In: Wireless/Mobile Network Security, ch. 12. Springer, Heidelberg (2006)

    Google Scholar 

  12. Wu, X., Yau, D.K.Y.: Mitigating Denial-of-Service Attacks in MANET by Distributed Packet Filtering: A Game-theoretic Approach. In: ASIACCS (March 2007)

    Google Scholar 

  13. Yang, H., Luo, H., Ye, F., Lu, S., Zhang, L.: Security in mobile ad hoc networks: Challenges and solutions. IEEE Wireless Communications (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Alicherry, M., Keromytis, A.D., Stavrou, A. (2009). Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 19. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05284-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-05284-2_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-05283-5

  • Online ISBN: 978-3-642-05284-2

  • eBook Packages: Computer ScienceComputer Science (R0)