Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Distributed Detection of Node Replication Attacks in Sensor Networks
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Detection of Denial-of-Message Attacks on Sensor Network Broadcasts
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Cost-sensitive intrusion responses for mobile ad hoc networks
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
DIPLOMA: Distributed Policy Enforcement Architecture for MANETs
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
Modelling and analysis of attacks on the MANET routing in AODV
ADHOC-NOW'06 Proceedings of the 5th international conference on Ad-Hoc, Mobile, and Wireless Networks
DEMEM: distributed evidence-driven message exchange intrusion detection model for MANET
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Intrusion detection in wireless ad hoc networks
IEEE Wireless Communications
| Hi-index | 0.00 |
Consent-based networking, which requires senders to have permission to send traffic, can protect against multiple attacks on the network. Highly dynamic networks like Mobile Ad-hoc Networks (MANETs) require destination-based consent networking, where consent needs to be given to send to a destination in any path. These networks are susceptible to multipath misuses by misbehaving nodes. In this paper, we identify the misuses in destination-based consent networking, and provide solution for detecting and recovering from the misuses. Our solution is based on our previously introduced DIPLOMA architecture. DIPLOMA is a deny-by-default distributed policy enforcement architecture that can protect the end-host services and network bandwidth. DIPLOMA uses capabilities to provide consent for sending traffic. In this paper, we identify how senders and receivers can misuse capabilities by using them in multiple paths, and provide distributed solutions for detecting those misuses. To that end, we modify the capabilities to aid in misuse detection and provide protocols for exchanging information for distributed detection. We also provide efficient algorithms for misuse detection, and protocols for providing proof of misuse. Our solutions can handle privacy issues associated with the exchange of information for misuse detection. We have implemented the misuse detection and recovery in DIPLOMA systems running on Linux operating systems, and conducted extensive experimental evaluation of the system in Orbit MANET testbed. The results show our system is effective in detecting and containing multipath misuses.