04-08-2012, 12:03 PM
A Policy Enforcing Mechanism for Trusted Ad Hoc Networks
A Policy Enforcing Mechanism.pdf (Size: 268.16 KB / Downloads: 36)
INTRODUCTION
With the maturity of short-range wireless technologies and
proliferation of mobile computing devices, building real-life
applications over mobile ad hoc networks (MANET) becomes
feasible. For instance, two potential applications are traffic monitoring
in vehicular networks and peer-to-peer file sharing in ad
hoc networks of smart phones. A key to the success of such
applications is a mechanism assuring secure communication and
proper collaboration among all participant entities. To achieve this
goal, communication policies that govern the interactions between
entities must be defined and enforced. For instance, in a traffic
monitoring application, the policy can guarantee that a car always
forwards accident alerts to cars coming behind it. Similarly, in a
peer-to-peer application, the policy can guarantee that a smart
phone can post a query only if it has made several contributions
such as publishing files or forwarding other queries.
MOTIVATION
In this section, we illustrate the challenge of enforcing even
simple policies for three MANET applications. We will show
how to solve these problems using our approach in next section.
A. Example 1: Secure Routing
Consider a group of nodes supporting Ad hoc On Demand
Distance Vector(AODV) [19] routing protocol. AODV is known
to be vulnerable to wormhole attacks [20], in which an attacker
exploits a fast tunnel to attract all network traffic through it. One
way to defeat this attack is to implement Packet Leashes [20].
For example, a geographical leash can ensure that the destination
node is within a certain distance from the source node. It is
implemented as follows:
TRUSTED MULTI-TIER NETWORKS
In this section, we first formally define the trusted multi-tier
networks. Then, we illustrate how to create the network through
an example.
A. Definition and Policy Enforcement
For some application S, we define the trusted policy enforcing
tier T0, as follows:
T0 =< N, S, P >
where N are the set of nodes communicating through S, and P
is the policy defined for S. To facilitate description, we use “.” to
represent “member of” relation, i.e., T0.N means the set of nodes
in the tier T0.
Creating a Trusted Multi-tier Network
Building a trusted multi-tier network involves establishing all
the trusted tiers it is composed of in a bottom-up fashion. For
example, to build the file sharing multi-tier network NF in Fig. 1,
the trusted AODV tier TR is first established followed by the
trusted file sharing tier TF . Fig. 2 illustrates this procedure.
A tier is created step-by-step. First, a node begins to enforce the
tier policy. It creates the tier key, which is used to authenticate intier
communications as discussed earlier. By doing so, it becomes
the first member of the tier, called originator of the tier, e.g.
node 1 in Fig. 2. The originator then broadcasts an invitation
to its neighbors, e.g. node 2 and 3, to join the newly created
tier. Assume node 2 and 3 choose to join this tier. Since node 3
enforces PR, it succeeds in joining the tier and receives the tier
key from node 1, but node 2 fails because it does not enforce PR.