Conference PaperPDF Available

Towards an Autonomic Security System for Mobile Ad Hoc Networks

Authors:
Mohamad Aljnidi at Higher Institute for Applied Sciences and Technology
Mohamad Aljnidi
Jean Leneutre at Télécom ParisTech
Jean Leneutre
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

We present our paradigm of autonomic networks through a specific model of mobile ad hoc networks. Accordingly, we define a security platform, in which we introduce basic solutions for building autonomic security systems. We then present our relevant studies about event-driven network security evolution, security-policy negotiation and enforcement, and collaboration between autonomic nodes.
Figures - uploaded by Mohamad Aljnidi
Author content
All figure content in this area was uploaded by Mohamad Aljnidi
Content may be subject to copyright.
Content uploaded by Mohamad Aljnidi
Author content
All content in this area was uploaded by Mohamad Aljnidi on Sep 13, 2015
Content may be subject to copyright.
Towards an Autonomic Security System for Mobile Ad Hoc Networks
Mohamad Aljnidi and Jean Leneutre
CNRS - UMR 5141 (LTCI)
TELECOM PARIS - INFRES Department
46, rue Barrault - 75013 Paris - France
{mohamad.aljnidi, jean.leneutre}@enst.fr
Abstract
We present our paradigm of autonomic networks through
a specific model of mobile ad hoc networks. Accordingly,
we define a security platform, in which we introduce ba-
sic solutions for building autonomic security systems. We
then present our relevant studies about event-driven net-
work security evolution, security-policy negotiation and en-
forcement, and collaboration between autonomic nodes.
1. Introduction
Human-driven administration is no more efficient in the
emerging, large-scale, complex systems. The need for self-
management solutions had already been recognized, and
many relevant initiatives were launched [8]. In our research,
which is in conformity with the Initiative of IBM [6], we
study the realization of Autonomic Computing properties
[9], to secure a type of mobile ad hoc networks, depend-
ing on high-level policies. A mobile ad hoc network can
be complex enough because of the potential employment
of many heterogeneous technologies in terms of hardware,
middleware or software. Nevertheless, we consider other
motivations in this context, such as scalability, mobility,
non-expert users and lack of infrastructure.
Different autonomic-computing aspects, such as self-
organization [4, 11], self-adaptation [14] and spontaneous
behavior [5], were already addressed in certain types of net-
works. Relatively recent studies try to define what an au-
tonomic network is [12]. For us, it is a network that can
evolve autonomously, in terms of membership and topol-
ogy, and can manage its evolution by itself, depending on
its autonomic systems. A network autonomic system can
detect network-evolution events, relevant to its context, and
can adapt itself and the network accordingly.
We use a specific model of wireless mobile ad hoc net-
works to realize our view of autonomic networks. Accord-
ing to this model, a network is created without a preex-
isting infrastructure, and evolves in an ad hoc manner in
terms of membership and topology. Its nodes are not sup-
posed to be homogeneous devices in terms of computing
and storage capabilities, networking techniques or power.
It is not supposed to have expert administrators. Besides,
subnetworks can be exported for certain periods, and rein-
tegrated in the mother network when they are back. We
consider this as a centralization functionality that we im-
pose in a supposedly-decentralized type of networks, and
we call it semi-centralization. In brief, we call MAutoNet
(Mobile Autonomic Network) a semi-centralized, wireless,
mobile, ad hoc, autonomic network of heterogeneous nodes
and non-expert users. This can be for example a home net-
work, a SOHO network, a business meeting network, an
emergency service network or a military tactic network.
MAutoNets have the same security requirements of con-
ventional networks, in addition to the security needs spe-
cific to wireless mobile ad hoc networks. However, existing
security solutions [3, 13, 15] appear to be incomplete for
MAutoNets in terms of Autonomic Computing [9], even if
they have self-management aspects [7, 10]. We are there-
fore working on new security models, architectures and pro-
tocols for MAutoNets [1, 2].
2. Security Platform
We suppose that each MAutoNet node must embed an
autonomic security architecture, which is compatible with
the heterogeneity of nodes, transparent to the end-user and
irrespective of the underlying networking techniques. Its
main components, as illustrated in figure 1, are the follow-
ing: 1) Security Agents: a set of software agents providing
security services, such as data confidentiality and integrity,
and security management services. 2) Security Manage-
ment Kit: a set of security management tools that can be
used either by an administrator, or in an autonomic context.
3) Autonomic Security Manager: the autonomic engine
which is responsible of securing communications, besides
assuming security self-management tasks. 4) Autonomic
Figure 1. Autonomic Security Architecture
Figure 2. Virtual Security Structure
Security Layer: an application-support security layer, em-
bedded in the communication stack, and encapsulating the
previous three components. 5) Security User Interface: a
set of high-level configuration and specification languages.
We propose a trust model that is built on a mutual trust
between each couple of nodes. This trust is established once
a secure relation is legally created between two nodes after
certain secure steps, as explained later in this section. The
nodes of a MAutoNet are virtually distributed on a set of
communities, so that the level of trust between two nodes of
the same community is the highest. Different levels of inter-
community trust are then defined, so that the level of trust
between two nodes is the same as the level of trust between
their communities. A variable set of MAutoNet nodes rep-
resents the board of security managers. We call them au-
thority nodes. Each community has one authority node, but
one authority node can be assigned to many communities.
This is because the authority role implies certain capabili-
ties, and a given community may not include nodes having
these capabilities. The first action to take to set up a secure
MAutoNet is to designate a qualified node as the authority
node of the first community. Afterwards, we can use this
authority node to insert other nodes in its community. We
can similarly create other communities and integrate them
in the network. The network evolves in terms of member-
ship when communities are integrated or revoked, and when
each community evolves in terms of node membership. A
node is within the security perimeter of a MAutoNet wen
it belongs to one of its communities. Figure 2 illustrates
what we call a MAutoNet virtual security structure, which is
characterized by a security perimeter delimited by the com-
munities, and encapsulating nodes and secure relations.
A mutual authentication should take place before a se-
cure relation is established between two MAutoNet nodes.
Authentication between a new node and an authority takes
place implicitly during the node insertion operation. Ac-
cording to the characteristics of the new node, the author-
ity assign it either a public-key certificate, or a secret key
shared uniquely with it. The result is an authority-node
secure relation. Similarly, authentication between two au-
thorities takes place implicitly during a community integra-
tion operation. The involved authorities exchange public-
key certificates. The result is an authority-authority secure
relation. As for authentication between two non-authority
nodes belonging to the same community, either certificates
assigned by the authority are enough, or the authority itself
intervenes as an authentication server. Finally, for authen-
tication between two non-authority nodes belonging to two
different communities, certificates assigned by relevant au-
thorities are used, and when a certificate is not available,
both authorities can intervene as authentication servers.
We categorize the MAutoNet nodes according to their
capabilities in terms of storage, computation and availabil-
ity. This categorization is configurable, but a default one
can be used, according to which a node can be a heavy-duty
device which is capable of performing asymmetric cryptog-
raphy and storing the associated materials, or a light-duty
device if not. An authority node is a heavy-duty device
which has also the required security server capabilities. Al-
though we consider automatic replacement of removed or
lost authorities, in the context of self-organization and self-
healing, an authority would rather have a limited mobility
and a long-life membership, as further characteristics. An
autonomic authority election mechanism is being studied on
this basis, as part of our autonomic security platform.
In a secure relation, cryptographic materials and access
rules depend on the trust level and the node roles and cate-
gories. Secure relations are classified accordingly. For ex-
ample, figure 2 illustrates a virtual security structure that
we already defined for a home MAutoNet [2]. In this MAu-
toNet, default node categorization is used and only two trust
levels are defined: a high trust between nodes of the same
community and a low trust between nodes of different com-
munities. A first classification, based on trust level, defines
two relation types: LTR for a Low-Trust Relation and HTR
Figure 3. Access Control Model
for a High-Trust relation. A second classification, based
on roles, defines two other types: ADR for an Authority-
Device Relation and AAR for an Authority-Authority Re-
lation. A final classification, based on categories, defines
three further types for device-device relations: HHR for a
relation between two heavy-duty devices, HLR for a rela-
tion between two devices of different categories and LLR
for a relation between two light-duty devices.
In terms of authorization rules, we define for a MAu-
toNet secure relation, a two-phase, self-organizing, access
control model illustrated in figure 3. In the first phase, ac-
cess is authorized or not according to what we call OBA
(Object-Based Authorization). Objects of a MAutoNet
node are categorized either as Private (unauthorized by de-
fault), or as accessible: Protected (shared with the author-
ity) - Friendly (authorized to the community) - Administra-
tive (shared between authorities) - Public (authorized to the
whole MAutoNet). In the second phase, we verify if the
access concerns a private object or an accessible one. In
the first case, a Discretionary Access Control (DAC), based
on the identity of the subject, is applied. DAC policy is sup-
posed to be defined by the node owner. In the second case, a
Secure-Relation-Based Access Control (SRBAC), based on
the trust level of the relation and the roles of its participants,
is applied. SRBAC is meant to be a variant of RBAC that
takes the trust level into consideration. A default SRBAC
policy is used initially, and then the autonomic security sys-
tem is responsible of enhancing and optimizing it.
3. Autonomic Security System
The autonomic security system is set up when the initial
communities are created and integrated. It is responsible of
detecting the network evolution events, related to security,
and of responding to them. In this context, it should man-
age variations in node membership (insertion, removal, ban-
ishment and reinsertion), virtual security structure (com-
munity integration, revocation, merging and splitting), net-
work scope (subnetwork exportation and reintegration, and
network merging and splitting), authority role (disposses-
sion, acquisition, delegation and retirement) and secure re-
lations (establishment and termination). We are working on
the event handling steps: monitoring, detection, analysis,
Figure 4. Security Policy System
and decision and execution of responses. We will focus in
the following on the last step, to show how authority nodes
might collaborate to execute responses to certain events.
3.1. Collaborative Delegation
Subnetworks may be exported for some specified time.
After deciding about what nodes to leave, when and for how
long, it is then up to the autonomic security system to make
of the designated subnetwork a secure MAutoNet. It should
create a virtual security structure for the subnetwork. Ex-
ported nodes can simply keep the same trust levels defined
for them in the mother network, and this will give subcom-
munities corresponding each to a community in the mother
network. The issue is in the need of those subcommunities
for authorities. The solution should not imply a lack in au-
thority nodes in the mother network. This is why one of the
security events is delegating the authority role to a node, ei-
ther to be an authority in the subnetwork or to replace an
exported authority node. Authority nodes collaborate to ac-
complish the exportation process. The collaboration allows
the synchronization of security information and materials.
It is also used here in a help for authority delegation. This
is when an authority does not find a qualified node in its
community to designate as delegated authority. The solu-
tion is to delegate the role to another delegated authority of
another participating community. This starts by a request
for delegation help, and then a negotiation is launched be-
tween involved authorities. The delegation help process is
implemented in our autonomic security system as a collab-
oration protocol called DHP (Delegation Help Protocol).
3.2. Security Policy Negotiation
We define three specification languages for security poli-
cies. The high-level language HSSI (Human / Security Sys-
tem Interface) is used by end-users to configure the security
system in general. The intermediate XML language SPML
(Security Policy Management Language) is used by admin-
istrators to perform security management tasks. The self-
management language SPLS (Security Policy Logic-based
Specification) is used by authority nodes for security pol-
icy analysis and recomposition. Each SPML instance is in-
terpreted into one or more Java applications. Enforcement
of security policies is then achieved by integrating the cor-
responding byte-code into the autonomic security system.
Figure 4 illustrates the life-cycle of a security policy ac-
cording to our security policy system. As the figure shows,
analysis and recomposition tracks have no human inputs,
which reflects the self-management behavior.
Each community of a MAutoNet has a set of network-
level security policies, which are the same in all commu-
nities, and a set of community-level security policies, of
which specific instances are enforced on different commu-
nities. Modification of security policies might be needed af-
ter some network security evolution. A need for negotiation
might then arise from conflicts with preexisting policies,
or with the security properties and configuration of certain
communities in case of changing network-level policies.
Nevertheless, there are other causes for negotiating secu-
rity policies: 1) Community integration (a new community
might have different network-level policies). 2) Delegation
termination (the returning subnetwork might have changed
its policies). 3) Merging communities (merged communi-
ties might have different community-level policies). 4) Im-
porting parts from other MAutoNets (potential differences
in any of the security policies). 5) Merging two MAutoNets
(it is necessary to negotiate the best policy specification for
the resulting network). To accomplish a security policy ne-
gotiation, each authority will analyze the SPLS instance of
the specified policy (figure 4), and accordingly launch the
negotiation module in its security management kit. SPLS-
formatted information will be then exchanged between au-
thorities in the context of a Security Policy Negotiation Pro-
tocol (SPNP). After having negotiated the specified policy,
and decided about its new specification, the autonomic re-
composition track is followed. We are working on the dif-
ferent issues of the security policy negotiation. We study
the potential assets and components of this operation, define
HSSI, SPML and SPLS languages, develop the negotiation
algorithm and specify and validate the SPNP protocol.
4. Conclusion
We defined our model of mobile autonomic networks
which we call MAutoNet. We presented its security archi-
tecture, virtual structure and models. We introduced au-
tonomic security systems. We focused on the collabora-
tion between authority nodes as a form of interoperability
between autonomic components. We introduced the rele-
vant Delegation Help Protocol (DHP), security policy sys-
tem and Security Policy Negotiation Protocol (SPNP).
We believe that autonomic behavior will be a must for
the networks of the future, and we intend to build the suit-
able framework for the future autonomic network security,
as the ultimate goal of our research.
References
[1] M. Aljnidi. S ´
ecurit´
e des r´
eseaux mobiles autonomes. In
Actes du Premier Workshop GET sur les R´
eseaux Spontan´
es,
2006.
[2] M. Aljnidi and J. Leneutre. Autonomic security for home
networks. In Proceedings of the First International Work-
shop on Self-Organizing Systems, 2006.
[3] D. Balfanz, D. Smetters, P. Stewart, and H. Wong. Talking
to strangers: Authentication in ad hoc wireless networks. In
Proceedings of the Symposium on Network and Distributed
Systems Security, 2002.
[4] A. Datta and K. Aberer. The challenges of merging two sim-
ilar structured overlays: A tale of two networks. In Proceed-
ings of the First International Workshop on Self-Organizing
Systems, 2006.
[5] L. M. Feeney, B. Ahlgren, and A. Westerlund. Spontaneous
networking: An application-oriented approach to ad hoc net-
working. IEEE Communications Magazine, 2001.
[6] P. Horn. Autonomic computing: Ibm’s perspective on the
state of information technology. Technical report, IBM Re-
search, 2001.
[7] S. L. Keoh and E. Lupu. Towards flexible credential verifi-
cation in mobile ad-hoc networks. In Proceedings of the 2nd
ACM Annual Workshop on Principles of Mobile Computing,
2002.
[8] J. O. Kephart. Research challenges of autonomic comput-
ing. In Proceedings of the 27th International Conference on
Software Engineering, 2005.
[9] J. O. Kephart and D. M. Chess. The vision of autonomic
computing. Computer, 2003.
[10] H. Luo, P. Zerfos, J. Kong, S. Lu, and L. Zhang. Self-
securing ad hoc wireless networks. In Proceedings of the
7th IEEE Symposium on Computers and Communications,
2002.
[11] T. Messerges, J. Curkier, T. Kevenaar, L. Puhl, R. Struik,
and E. Callaway. A security design for a general purpose,
self-organizing, multi-hop ad-hoc wireless network. In Pro-
ceedings of the First ACM Workshop on Security of Ad-Hoc
and Sensor Networks, 2003.
[12] S. Schmid, M. Sifalakis, and D. Hutchison. Towards auto-
nomic networks. In Proceedings of the First International
IFIP TC6 Conference on Autonomic Networking, 2006.
[13] F. Stajano and R. J. Anderson. The resurrecting duckling:
Security issues for ad-hoc wireless networks. In Proceed-
ings of the 7th International Workshop on Security Proto-
cols, 1999.
[14] S. S. Yau, Y. Yao, Z. Chen, and L. Zhu. An adaptable secu-
rity framework for service-based systems. In Proceedings of
the 10th IEEE International Workshop on Object-Oriented
Real-Time Dependable Systems, 2005.
[15] L. Zhou and Z. J. Haas. Securing ad hoc networks. IEEE
Network, 1999.
... Even if certain of the existing security solutions have self-management aspects, such as those proposed in [4,16], they generally aim at realizing an autonomic behavior in certain components or services, rather than being developed for a network built on autonomic basis. We are therefore working on new security models, architectures and protocols for MAutoNets [10,9,11], to propose a security framework for designing autonomic security systems, to be implemented in the future autonomic networks. ...
... Exportation of a subnetwork might be needed when a set of MAu-toNet nodes are supposed to leave the security perimeter for a predefined period which might be greater than the allowed maximum period of absence, and reintegration of a subnetwork is needed when such a set of nodes is back, given the fact that a subnetwork of MAutoNet may evolve as freely as an independent MAutoNet during its absence. See [11] for more details about subnetwork exportation. All the previous events might represent a security evolution as well, but we identify six more events that explicitly have such effect: the acquisition, dispossession, delegation and retirement of the authority role, and the establishment and termination of a secure relation. ...
... Authority delegation is needed in the exportation of a subnetwork, and authority retirement is needed to end an authority delegation during the reintegration of a returning subnetwork. See [11] for more details about authority delegation. Note that a human action, either normal or malicious, might be the trigger of any of the previous eighteen events, which may imply an autonomic reaction. ...
A Security Policy System for Mobile Autonomic Networks
Conference Paper
Full-text available
  • Jan 2007
An autonomic security system is indispensable for the operation of an autonomic network. Policies are basic stones in building autonomic systems. In this paper, we introduce our model of mobile autonomic networks. Accordingly, we propose a security framework for building autonomic security systems. In this framework, we discuss a trust model based on node communities, an authentication model based on node categorization, and a secure relation model based on both trust and node capabilities. A network evolution model is eventually presented as the working context of an autonomic security system. Afterwards, we explain our vision of autonomic policy systems, and relevantly present solutions for security policy representation and manipulation. Finally, we define an authorization model for mobile autonomic networks, before elaborating an example of the implementation and the negotiation of a relevant access control policy.
View
... Il s'agit d'un ensemble de bases d'un système autonome de politiques de sécurité, illustré dans la Figure 3, permettant l'analyse et l'optimisation des règles de bas niveau de sécurité. Nous avons déjà motivé l'architecture intra-noeud de sécurité autonome et le système autonome de politiques de sécurité dans des publications introductives [10,11]. ...
... The second one, which is more related to the solution we propose in this thesis, is a set of bases for a security policy system that supports autonomic analysis and respecification of low-level security rules (Figure 2.2). Our bases for an autonomic security architecture and an autonomic security policy systems were already introduced and elaborated in early publications [10,11]. ...
toward a security administration system for autonomic networks
Article
Full-text available
  • Dec 2009
It is complex enough for humans to efficiently manage security in infrastructureless netwoeks. Our goal is to make this security management autonomic. In this context, our ph.d thesis proposes an autonomic access control system. We provide a definition of autonomic networks, and a set of bases of autonomic security. Afterwards, we define a type of autonomic networks that we call iorg-autonet (infrastructureless organizational autonomic network). The nodes of an iorg-autonet are classified according to three attributes: trustworthiness, availability and capabilities. This classification allows nodes to acquire different roles, and certain roles make certain nodes able to cooperate for managing the network. We define an access control model for iorg-autonets and we call it srbac (secure relation based access control). Its policies are applied during communications between any couple of nodes already bound by a secure relation assigning certain roles to them. Srbac is an enhanced, adapted version of rbac. We eventually propose an extension of the rbac profile of the specification language xacml v2.0 for writing srbac policies. We define for srbac the administrative counterpart model asrbac to achieve our autonomic access control system. Asrbac is an extension of the distributed administrative model arbac02, which is associated to rbac. This extension adds aspects of collaboration, context-awareness, self-awareness, adaptability and autonomic computing. Asrbac is based on srbac itself, which constitutes the basis of the autonomic hehavior in our solution. An example of an srbac/asrbac system of a home network, and an enforcement model point out and validate our contributions.
View
... However, neither of them fulfills them all, and especially self-management properties. In previous works, we described how home networks can be autonomic [10], defined the different components needed in an autonomic security system [11, 12], and emphasized the need for the above access control requirements [13]. The contributions in this article consist in the definition of an access control model and its administrative counterpart fulfilling the previous requirements. ...
ASRBAC: A security administration model for Mobile Autonomic Networks (MAutoNets)
Conference Paper
Full-text available
  • Jan 2009
This article deals with access control in Mobile Autonomic Networks (MAutoNets), which are basically mobile ad-hoc networks. Our goal is to build an autonomic access control system. We define the Secure Relation Based Access Control (SRBAC) model, which is a variant of RBAC adapted to the MAutoNet environment by using context information and supporting autonomic computing properties. We also define the administrative counterpart of SRBAC, called ASRBAC, that allows the network nodes to manage the access control system by themselves. ASRBAC uses the distributed model ARBAC02 as a basis, and extends it with context-awareness, self-management and self-adaptation.
View
... Another option is to partition the network into clusters, with a single predefined authority node responsible for managing security inside each cluster [10]. For home networks, a hierarchy of device communities which may be split or merged yields a more dynamic structure [5]. In a community, the powers of the authority may be delegated, temporarily or permanently, to another node in case of failure or migration of a device away from home. ...
Architecting Adaptable Security Infrastructures for Pervasive Networks through Components
Conference Paper
Full-text available
  • Jan 2009
Security management for pervasive networks should be fundamentally flexible. The dynamic and heterogeneous character of these environments requires a security infrastructure which can be tailored to different operating conditions, at variable levels of granularity, during phases of design, deployment, and execution. This is possible with a component-based security architecture. We illustrate the benefits of this approach by presenting AMISEC, an integrated authentication and authorization middleware. Through the component paradigm, AMISEC supports different network topologies of TTPs, cryptographic algorithms, protocols, or trust management strategies, resulting in a fully à la carte security infrastructure.
View
Ad Hoc Networks Measurement Model and Methods Based on Network Tomography
Article
  • Jul 2011
The measurability of Mobile ad hoc network (MANET) is the precondition of itsmanagement, performance optimization and network resources re-allocations. However, MANET is an infrastructure-free, multi-hop, andself-organized temporary network, comprised of a group of mobile nodes with wirelesscommunication devices. Not only does its topology structure vary with time going by, butalso the communication protocol used in its network layer or data link layer is diverse andnon-standard.In order to solve the problem of interior links performance (such as packet loss rate anddelay) measurement in MANET, this thesis has adopted an external measurement basedon network tomography (NT). To the best of our knowledge, NT technique is adaptable for Ad Hoc networkmeasurement.This thesis has deeply studied MANET measurement technique based on NT. The maincontributions are:(1) An analysis technique on MANET topology dynamic characteristic based onmobility model was proposed. At first, an Ad Hoc network mobility model formalizationis described. Then a MANET topology snapshots capturing method was proposed to findand verify that MANET topology varies in steady and non-steady state in turnperiodically. At the same time, it was proved that it was practicable in theory to introduceNT technique into Ad Hoc network measurement. The fitness hypothesis verification wasadopted to obtain the rule of Ad Hoc network topology dynamic characteristic parameters,and the Markov stochastic process was adopted to analyze MANET topology dynamiccharacteristic. The simulation results show that the method above not only is valid andgenerable to be used for all mobility models in NS-2 Tool, but also could obtain thetopology state keeping experimental formula and topology state varying probabilityformula.IV(2) An analysis technique for MANET topology dynamic characteristic based onmeasurement sample was proposed. When the scenario file of mobile models could notbe obtained beforehand, End-to-End measurement was used in MANET to obtain thepath delay time. Then topology steady period of MANET is inferred by judging whetherpath delay dithering is close to zero. At the same time, the MANET topology wasidentified by using hierarchical clustering method based on measurement sample of pathperformance during topology steady period in order to support the link performanceinference. The simulation result verified that the method above could not only detect themeasurement window time of MANET effectively, but also identify the MANETtopology architecture during measurement window time correctly.(3) A MANET link performance inference algorithm based on linear analysis modelwas proposed. The relation of inequality between link and path performance, such as lossrate of MANET, was deduced according to a linear model. The phenomena thatcommunication characteristic of packets, such as delay and loss rate, is more similarwhen the sub-paths has longer shared links was proved in the document. When the rankof the routing matrix is equal to that of its augmentation matrix, the linear model wasused to describe the Ad Hoc network link performance inference method. The simulationresults show that the algorithm not only is effective, but also has short computing time.(4) A Link performance inference algorithm based on multi-objectives optimizationwas proposed. When the rank of the routing matrix is not equal to that of its augmentationmatrix, the link performance inference was changed into multi-objectives optimizationand genetic algorithm is used to infer link performance. The probability distribution oflink performance in certain time t was obtained by performing more measurements andstatistically analyzing the hypo-solutions. Through the simulation, it can be safelyconcluded that the internal link performance, such as, link loss ratio and link delay, can beinferred correctly when the rank of the routing matrix is not equal to that of itsaugmentation matrix.
View
Defeating the insider threat via autonomic network capabilities
Conference Paper
  • Feb 2011
There has been a constant growing security concern on insider attacks on network accessible computer systems. Users with power credentials can do almost anything they want with the systems they own with very little control or oversight. Most breaches occurring nowadays by power users are considered legitimate access and not necessarily intrusions. Developing a solution for such a problem is challenging because power users need flexible requirements to administer or maintain their systems. The increased usage of virtual environments, virtual systems, teleworking, and remote usage has made network access the preferred method for system administration. This paper presents (1) the Autonomic Violation Prevention System (AVPS), a framework that provides a solution to this problem and meet the above mentioned challenges, and (2) a proof-of-concept prototype that embeds self-protection capabilities into traditional Network Intrusion Prevention Systems (NIPS). AVPS focuses on self-protection against security policy violations instead of malware, vulnerability, or exploit intrusions. AVPS heavily enforces separation of duties, promotes scalability, ease of use and manageability. The proof-of-concept prototype uses Snort in-line NIPS with our own customizations.
View
Towards Autonomic Networks
Chapter
Full-text available
  • Sep 2006
  • Lect Notes Comput Sci
Autonomic networking set a challenge for the research community to engineer systems and architectures that will increase the QoS and robustness of future network architectures. However, our experience is that so far the autonomic network research community does not have a common perception of what an autonomic network is. This paper attempts to propose a generic model for autonomic systems, along with a minimum set of required properties that would render a system compliant to this model. The paper emphasises the importance of such a common model for the credibility of the research community as well as to eliminate attempts to unnecessarily overload or blur the scope of the field. KeywordsAutonomic communication-autonomic networks-autonomic system definition
View
Talking To Strangers: Authentication in Ad-Hoc Wireless Networks
Conference Paper
Full-text available
  • Feb 2002
In this paper we address the problem of secure communication and authentication in ad-hoc wireless networks. This is a difficult problem, as it involves bootstrapping trust between strangers. We present a user-friendly solution, which provides secure authentication using almost any established public-key-based key exchange protocol, as well as inexpensive hash-based alternatives. In our approach, devices exchange a limited amount of public information over a privileged side channel, which will then allow them to complete an authenticated key exchange protocol over the wireless link. Our solution does not require a public key infrastructure, is secure against passive attacks on the privileged side channel and all attacks on the wireless link, and directly captures users' intuitions that they want to talk to a particular previously unknown device in their physical proximity. We have implemented our system in Java for a variety of different devices, communication media, and key exchange protocols.
View
Towards Autonomic Networks.
Conference Paper
Full-text available
  • Jan 2006
The Internet is becoming an immense organism of composite, highly distributed, pervasive, communication intensive services. For such a system to operate effectively, a sensible dialogue between users, services and the network components must proceed constantly based on mutual observation, self-observation, and adaptive and distributed feedback control. We review issues such as network "situational awareness", self-organisation, and structure, and relate these concepts to research on autonomic communication systems. We discuss how this vision can benefit from techniques that have been experimented in the cognitive packet network (CPN) test-bed at Imperial College, which dynamically routes traffic using on-line monitoring, based on users' QoS needs and the network's objectives
View
Research challenges of autonomic computing
Conference Paper
Full-text available
  • Jan 2005
Autonomic computing is a grand-challenge vision in which computing systems manage themselves in accordance with high-level objectives specified by humans. The IT industry recognizes that meeting this challenge is imperative; otherwise, IT systems will soon become virtually impossible to administer. But meeting this challenge is also extremely difficult, and requires a worldwide collaboration among the best minds of academia and industry. In the hope of motivating researchers in relevant areas to apply their expertise to this vitally important problem, the author outlines some of the main scientific and engineering challenges that collectively make up the grand challenge of autonomic computing, and provide pointers to initial efforts to address these challenges.
View
Towards flexible credential verification in mobile ad-hoc networks
Conference Paper
Full-text available
  • Oct 2002
Ad-hoc networks facilitate interconnectivity between mobile devices without the support of a network infrastructure. In this paper we propose a flexible credential verification mechanism, which improves the likelihood that participants in an ad-hoc network can verify each other's credentials despite the lack of access to certification and attribute authorities. Users maintain Credential Assertion Statements (CASs), which are formed through extraction of X.509 and attribute certificates into an interoperable XML form. Trusted entities that can verify the credentials listed in the CAS can then issue signed Assertion Signature Statements (ASSs) to other participants in the ad-hoc network. In addition, each user maintains a key ring, which comprises the list of public-keys trusted to sign credential assertion statements. All public-keys in the ring are assigned a trustworthiness level. When a user presents his/her CAS together with matching ASSs to a verifier, the verifier checks the signatures in the ASSs against its key ring to determine whether credentials in the CAS are authentic and acceptable. Transitivity of trust is generally not allowed, but there are exceptional cases in which it is permitted.
View
Autonomic Security for Home Networks
Conference Paper
Full-text available
  • Jan 2006
Home networks are becoming prevalent and interest in their security is increasing. We introduce in this paper an autonomic security model, in which we deal with a home network as an ad hoc network in general, but also we consider its particularities. We show how autonomy is required in different aspects of the proposed solution. Above all, we address autonomy to minimize the intervention of home users, who generally lack experience, in the management of the security infrastructure.
View
The Challenges of Merging Two Similar Structured Overlays: A Tale of Two Networks
Article
Full-text available
  • Jan 2006
  • Lect Notes Comput Sci
Structured overlay networks is an important and interesting primitive that can be used by diverse peer-to-peer applications. Multiple overlays can result either because of network partitioning or (more likely) because different groups of peers build such overlays separately before coming in contact with each other and wishing to coalesce the overlays together. This paper is a first look into how multiple such overlays (all using the same protocols) can be merged – which is critical for usability and adoption of such an internet-scale distributed system. We elaborate how two networks using the same protocols can be merged, looking specifically into two different overlay design principles: (i) maintaining the ring invariant and (ii) structural replications, either of which are used in various overlay networks to guarantee functional correctness in a highly dynamic (membership changes) environment. Particularly, we show that ring based networks can not operate until the merger operation completes. In contrast, from the perspective of individual peers in structurally replicated overlays there is no disruption of service, and they can continue to discover and access resources that they could originally do before the beginning of the merger process, even though resources from the other network become visible only gradually with the progress of the merger process.
View
The resurrecting duckling: Security issues for ad-hoc wireless networks
Conference Paper
  • Jan 2000
  • Lect Notes Comput Sci
In the near future, many personal electronic devices will be able to communicate with each other over a short range wireless channel. We investigate the principal security issues for such an environment. Our discussion is based on the concrete example of a thermometer that makes its readings available to other nodes over the air. Some lessons learned from this example appear to be quite general to ad-hoc networks, and rather different from what we have come to expect in more conventional systems: denial of service, the goals of authentication, and the problems of naming all need re-examination. We present the resurrecting duckling security policy model, which describes secure transient association of a device with multiple serialised owners.
View
A security design for a general purpose, self-organizing, multihop ad hoc wireless network
Conference Paper
  • Oct 2003
We present a security design for a general purpose, self-organizing, multihop ad hoc wireless network, based on the IEEE 802.15.4 low-rate wireless personal area network standard. The design employs elliptic-curve cryptography and the AES block cipher to supply message integrity and encryption services, key-establishment protocols, and a large set of extended security services, while at the same time meeting the low implementation cost, low power, and high flexibility requirements of ad hoc wireless networks.
View
View