Trust and mobility-based clustering algorithm for secure mobile ad hoc networks

International audienceAn Mobile Ad-hoc network (MANET) is formed when group of mobile wireless nodes collaborate between them to communicate through wireless links in the absence of the fixed infrastructure and any centralized control. Theses characteristics make it able to adapt and operate in difficult conditions, but also vulnerable to new security attacks not present in a traditional wired network. In this paper a new approach to secure MANETs has been proposed. Our solution is based on our efficient trust model and distributed algorithm to clustering network in order to distribute role of certification authority (CA) in each cluster. We use fully self-organized security and monitoring process to supervise behaviors of nodes with low trust level. Also, we propose clustering algorithm based on the trust and mobility metric to select CA and to establish public key infrastructure (PKI) in each cluster. Furthermore, we introduce new concept Dynamic Demilitarized Zone (DDMZ) to protect CAs and avoid the single point of failure in each cluster. The DDMZ is formed by set of the dispensable nodes which must be confident and located at one-hop from the CA. Our approach can be easily extended to other hierarchical routing protocols. The simulation results include an evaluation of the stability, availability and security

A trading model and security regime for mobile e-commerce via ad hoc wireless networking

Ad hoc wireless networking offers mobile computer users the prospect of trading with others in their vicinity anywhere anytime. This thesis explores the potential for developing such trading applications. A notable difficulty in designing their security services is being unable to use trusted parties. No one can be guaranteed present in each ad hoc wireless network session. A side benefit is that their costs don't have to be paid for. A reference model is defined for ad hoc m-commerce and a threat model is for- mulated of its security vulnerabilities. They are used to elicit security objectives and requirements for such trading systems. Possible countermeasures to address the threats are critically analysed and used to design security services to mitigate them. They include a self-organised P2P identity support scheme using PGP cer- tificates; a distributed reputation system backed by sanctions; a group membership service based on membership vouchers, quorate decisions by some group members and partial membership lists; and a security warning scheme. Security analysis of the schemes shows that they can mitigate the threats to an adequate degree to meet the trading system's security objectives and requirements if users take due care when trading within it. Formal verification of the system shows that it satisfies certain safety properties

A Simulation-based Methodology for the Assessment of Server-based Security Architectures for Mobile Ad Hoc Networks (MANETs)

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonA Mobile Ad hoc Network (MANET) is typically a set of wireless mobile nodes enabled to communicate dynamically in a multi-hop manner without any pre-existing network infrastructure. MANETs have several unique characteristics in contrast to other typical networks, such as dynamic topology, intermittent connectivity, limited resources, and lack of physical security. Securing MANETs is a critical issue as these are vulnerable to many different attacks and failures and have no clear line of defence. To develop effective security services in MANETs, it is important to consider an appropriate trust infrastructure which is tailored to a given MANET and associated application. However, most of the proposed trust infrastructures do not to take the MANET application context into account. This may result in overly secure MANETs that incur an increase in performance and communication overheads due to possible unnecessary security measures. Designing and evaluating trust infrastructures for MANETs is very challenging. This stems from several pivotal overlapping aspects such as MANET constraints, application settings and performance. Also, there is a lack of practical approaches for assessing security in MANETs that take into account most of these aspects. Based on this, this thesis provides a methodological approach which consists of well-structured stages that allows the exploration of possible security alternatives and evaluates these alternatives against dimensions to selecting the best option. These dimensions include the operational level, security strength, performance, MANET contexts along with main security components in a form of a multidimensional security conceptual framework. The methodology describes interdependencies among these dimensions, focusing specifically on the service operational level in the network. To explore these different possibilities, the Server-based Security Architectures for MANETs (SSAM) simulation model has been created in the OMNeT++ simulation language. The thesis describes the conceptualisation, implementation, verification and validation of SSAM, as well as experimentation approaches that use SSAM to support the methodology of this thesis. In addition, three different real cases scenarios (academic, emergency and military domains) are incorporated in this study to substantiate the feasibility of the proposed methodology. The outcome of this approach provides MANET developers with a strategy along with guidelines of how to consider the appropriate security infrastructure that satisfies the settings and requirements of given MANET context