TY - GEN
T1 - Trusted application-centric ad-hoc networks
AU - Xu, Gang
AU - Borcea, Cristian
AU - Iftode, Liviu
PY - 2007
Y1 - 2007
N2 - Nodes in MANETs lack the protection offered by firewalls in infrastructure-based networks because malicious nodes can roam into the vicinity of another node and start launching attacks. This paper presents a distributed mechanism that allows trusted nodes to create protected networks in MANETs. A protected network is created to run a specific application and enforce a common network access control policy associated with that application. To become a member in the protected network, a node has to demonstrate its trustworthiness by proving its ability to enforce policies. Attacks from untrusted nodes are impossible because these nodes are not allowed to establish wireless links with member nodes. Attacks from member nodes are stopped at the originators by the network policy. The trusted execution of all programs involved in policy enforcement is guaranteed by a kernel agent. We demonstrate the correctness of our solution through security analysis and its feasibility through a prototype implementation tested over an IEEE 802.11 ad hoc network.
AB - Nodes in MANETs lack the protection offered by firewalls in infrastructure-based networks because malicious nodes can roam into the vicinity of another node and start launching attacks. This paper presents a distributed mechanism that allows trusted nodes to create protected networks in MANETs. A protected network is created to run a specific application and enforce a common network access control policy associated with that application. To become a member in the protected network, a node has to demonstrate its trustworthiness by proving its ability to enforce policies. Attacks from untrusted nodes are impossible because these nodes are not allowed to establish wireless links with member nodes. Attacks from member nodes are stopped at the originators by the network policy. The trusted execution of all programs involved in policy enforcement is guaranteed by a kernel agent. We demonstrate the correctness of our solution through security analysis and its feasibility through a prototype implementation tested over an IEEE 802.11 ad hoc network.
UR - http://www.scopus.com/inward/record.url?scp=50249098765&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=50249098765&partnerID=8YFLogxK
U2 - 10.1109/MOBHOC.2007.4428672
DO - 10.1109/MOBHOC.2007.4428672
M3 - Conference contribution
AN - SCOPUS:50249098765
SN - 1424414555
SN - 9781424414550
T3 - 2007 IEEE Internatonal Conference on Mobile Adhoc and Sensor Systems, MASS
BT - 2007 IEEE Internatonal Conference on Mobile Adhoc and Sensor Systems, MASS
T2 - 2007 IEEE Internatonal Conference on Mobile Adhoc and Sensor Systems, MASS
Y2 - 8 October 2007 through 11 October 2007
ER -