Mobile traffic sensor network versus motion-MIX: tracing and protecting mobile wireless nodes
Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks
Secure data transmission on multiple paths in mobile ad hoc networks
WASA'06 Proceedings of the First international conference on Wireless Algorithms, Systems, and Applications
| Hi-index | 0.00 |
Privacy in mobile wireless networks has different semantics from the traditional notion for banking systems and the wired Internet. In addition to traditional content privacy, mobile privacy also addresses security concerns for any mobile node's identity, location, and motion pattern, namely anonymity, location privacy, and motion pattern privacy. These new security aspects are defined in a single concept of “mobile anonymity”, which is the design goal of this work. In this work mobile anonymity attacks and their countermeasures are studied in the context of mobile ad hoc networks, which can instantly establish a communication structure for civilian and military applications. Anonymity and location privacy issues are critical for ad hoc networks deployed in hostile environments, as allowing adversaries to trace network routes and infer the motion pattern of nodes at the end of those routes may pose serious threats to covert operations. The highly raised privacy demand poses challenging constraints on routing and data forwarding. A significant contribution of our work is to consider countermeasures against both external and internal adversary. The latter one is largely unaddressed in previous mobile wireless network security research. In mobile wireless networks, nodes are autonomous units that are capable of roaming independently. This means that mobile nodes with inadequate physical protection are receptive to being captured, compromised, and hijacked. We build an internal adversary model and study the impact of such adversary on mobile networking. To defend passive attacks, we propose an ideal model, Time Interval and Multi-hop Broadcast Anonymity (TIMBA), and prove that TIMBA ensures perfect mobile anonymity against passive external adversary. Then we design and simulate ANonymous On Demand Routing ( ANODR), a practical multi-hop on demand routing scheme, as a balance between the ideal TIMBA model and the real world. There is a significant distinction between TIMBA/ANODR and other schemes, such as anonymous schemes like MIX-Net and any existing routing scheme: TIMBA/ANODR is a unique scheme where no node identity is used in data forwarding and routing. This ensures perfect identity anonymity in mobile networks, even against internal adversary and active adversary. ANODR is comprised of three variants, each of them trades off security guarantees with routing performance at different level. To defend active attacks, we design and simulate partial trust community in mobile wireless networks. In the presence of internal adversary, partial trust is a fundamental problem in self-organized ad hoc networks. Each ad hoc node must make its decisions on whether to trust its ad hoc peers, and how to regulate the conferred trust. Partial trust requires that a network service to be securely distributed to a community. At the level of each individual node, the service provisioning is untrustworthy and is allowed to be disrupted. However, at the level of community, the service provisioning becomes trustworthy—even if some of community members are selfish or malicious, the service remains available and reliable. Our simulation study of two community-based secure routing protocols, namely community-based AODV and community-based ANODR, verifies the effectiveness of the partial trust community design.