A confident community to secure mobile ad hoc networks

International audienceProviding a security solution for mobile ad-hoc networks (MANETs) is not an easy task. This is due to the unique characteristics of MANETs, such as the lack of a pre- existent infrastructure, the dynamic topology of the network, the non-existence of a control authority and the constraints of device resources. In this paper, we introduce the monitoring and cluster manager modules to improve our distributed hierarchical architecture. Moreover, we study the concept of dynamic demilitarized zone (DDMZ) defined in our hierarchical architecture to avoid a single point of failure in MANETs. The DDMZ is formed by the dispensable nodes which belong to the confident community. The confident community is formed by sets of confident nodes which have high trust levels and collaborate with each other to ensure secure services. We propose a probabilistic model to define the direct connectivity between confident nodes in order to study the resistance degree of DDMZ against different attacks. Furthermore, we estimate the robustness and the availability of DDMZ and we also analyze the effects of direct connectivity and transmission range on the stability and security of the network

A Simulation-based Methodology for the Assessment of Server-based Security Architectures for Mobile Ad Hoc Networks (MANETs)

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonA Mobile Ad hoc Network (MANET) is typically a set of wireless mobile nodes enabled to communicate dynamically in a multi-hop manner without any pre-existing network infrastructure. MANETs have several unique characteristics in contrast to other typical networks, such as dynamic topology, intermittent connectivity, limited resources, and lack of physical security. Securing MANETs is a critical issue as these are vulnerable to many different attacks and failures and have no clear line of defence. To develop effective security services in MANETs, it is important to consider an appropriate trust infrastructure which is tailored to a given MANET and associated application. However, most of the proposed trust infrastructures do not to take the MANET application context into account. This may result in overly secure MANETs that incur an increase in performance and communication overheads due to possible unnecessary security measures. Designing and evaluating trust infrastructures for MANETs is very challenging. This stems from several pivotal overlapping aspects such as MANET constraints, application settings and performance. Also, there is a lack of practical approaches for assessing security in MANETs that take into account most of these aspects. Based on this, this thesis provides a methodological approach which consists of well-structured stages that allows the exploration of possible security alternatives and evaluates these alternatives against dimensions to selecting the best option. These dimensions include the operational level, security strength, performance, MANET contexts along with main security components in a form of a multidimensional security conceptual framework. The methodology describes interdependencies among these dimensions, focusing specifically on the service operational level in the network. To explore these different possibilities, the Server-based Security Architectures for MANETs (SSAM) simulation model has been created in the OMNeT++ simulation language. The thesis describes the conceptualisation, implementation, verification and validation of SSAM, as well as experimentation approaches that use SSAM to support the methodology of this thesis. In addition, three different real cases scenarios (academic, emergency and military domains) are incorporated in this study to substantiate the feasibility of the proposed methodology. The outcome of this approach provides MANET developers with a strategy along with guidelines of how to consider the appropriate security infrastructure that satisfies the settings and requirements of given MANET context