Evaluating a collaborative defense architecture for MANETs

  • Authors:

  • Mansoor Alicherry;Angelos D. Keromytis;Angelos Stavrou

  • Affiliations:

  • Department of Computer Science, Columbia University;Department of Computer Science, Columbia University;Department of Computer Science, George Mason University

  • Venue:
  • IMSAA'09 Proceedings of the 3rd IEEE international conference on Internet multimedia services architecture and applications
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

Mobile Ad-hoc Networks (MANETs) are susceptible to both insider and outsider attacks more than wired and base station-based wireless networks. This is because of the lack of a well-defined defense perimeter in MANETs, preventing the use of defenses including firewalls or intrusion detection systems. This lack of perimeter calls for implementation of security in a distributed, collaborative manner. We recently introduced a novel deny-by-default distributed security policy enforcement architecture for MANETs by harnessing and extending the concept of network capabilities. The deny-by-default principle allows compromised nodes to access only authorized services, limiting their abiUty to disrupt or even interfere with end-to-end connectivity and nodes beyond their local communication radius. The enforcement of policies is done hop-by-hop, in a distributed manner. In this paper we present preliminary results evaluating our architecture. Through simulation, we show that our solution Incurs minimal overhead in terms of network bandwidth and latency even in the presence of cryptographic operations. Furthermore, we show that the protection remains effective even in the presence of misbehaving nodes and routing changes due to mobility. While further work is needed to fully evaluate our scheme, we believe that the notion of collaborative security in MANETs is a promising direction for future research.