Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Multicast-specific security threats and counter-measures
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Secure multicast groups on ad hoc networks
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
DIPLOMA: Distributed Policy Enforcement Architecture for MANETs
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
Multicast over wireless mobile ad hoc networks: present and future directions
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
Multicast traffic, such as live audio/video streaming, is an important application for Mobile Ad Hoc Networks (MANETs), including those used by militaries and disaster recovery teams. The open nature of multicast, where any receiver can join a multicast group, and any sender can send to a multicast group, makes it an easy vehicle for launching Denial of Service (DoS) attacks in resource-constrained MANETs. In this paper, we extend our previously introduced DIPLOMA architecture to secure multicast traffic. DIPLOMA is a deny-by-default distributed policy enforcement architecture that can protect the end-host services and network bandwidth. DIPLOMA uses capabilities to provide a unified solution for sender and receiver access control to the multicast groups, as well as to limit the bandwidth usage of the multicast group. We have extended common multicast protocols, including ODMRP and PIM-SM, to incorporate DIPLOMA. We have implemented multicast DIPLOMA in Linux, without requiring any changes to existing applications and the routing substrate. We conducted an experimental evaluation of the system in the Orbit MANET testbed. The results show that the architecture incurs limited overhead in throughput, packet loss, and packet inter-arrival times. We also show that the system protects network bandwidth and the end-hosts in the presence of attackers.