Bootstrapping deny-by-default access control for mobile ad-hoc networks

Zhang, Honggang; DeCleene, B.; Kurose, Jim; Towsley, Don

doi:10.1109/milcom.2008.4753174

Cited by 8 publications

(14 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This paper extends the work in [20], seeking to answer the following questions: 1) To what extent can an adversary undermine the correctness and the performance of the Bootstrap protocol? 2) To what extent can the Bootstrap protocol be improved in anticipation of an adversary?…”

Section: Introductionmentioning

confidence: 92%

“…Our previous work [20] addressed this challenge by defining (i) an axiomatic set of policies from which nodes can obtain additional policies or update outdated policies and (ii) a protocol (referred to as the Bootstrap protocol) by which nodes form, or bootstrap, the neighbor relationships among themselves in a manner consistent with current policy 1 . Along with the definition of the Bootstrap protocol as a Finite State Machine (FSM) [5] [20], we also proved its correctness (safety and liveness); however, this initial analysis neglected the possibility of nodes or wireless channel being subverted by a knowledgeable adversary.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security analysis of the Bootstrap protocol for deny-by-default Mobile Ad-hoc Networks

Zhang

Kreidl

DeCleene

et al. 2009

MILCOM 2009 - 2009 IEEE Military Communications Conference

Self Cite

View full text Add to dashboard Cite

In previous work, we proposed a "Bootstrap" protocol for establishing neighbor relationships, between two mobile nodes in a mission critical deny-by-default Mobile Ad-hoc Network. In this paper, we formally characterize the security properties of this Bootstrap protocol, striving to answer the following questions:1) To what extent can an adversary undermine the correctness and performance of the Bootstrap protocol? 2) To what extent can the Bootstrap protocol be improved in anticipation of an adversary? Our analyses employ a combination of formal logic and two standard automated model checkers, SPIN and PRISM. Two types of threats are considered, which we call the subverted node and the subverted link. In the subverted link analysis, we further categorize the adversary into two variants, which we call dark-red or light-red in correspondence with having detailed Bootstrap-protocol-specific knowledge or only generic neighbor setup knowledge, respectively. The subverted node analysis shows that the adversary cannot TCP-SYN-flood-like attack nor deadlock the good node within the Bootstrap protocol. The subverted link analysis shows that the adversary cannot undermine the correctness of the protocol, in the sense that the protocol's performance is only degraded in a bounded manner by the dark-red adversary or in a benign manner by the light-red adversary. 1 The recognition here is that routing and other higher-level network functions can be put in place only once neighbor relationships are established.

show abstract

Section: Introductionmentioning

confidence: 92%

Section: Introductionmentioning

confidence: 99%

Security analysis of the Bootstrap protocol for deny-by-default Mobile Ad-hoc Networks

Zhang

Kreidl

DeCleene

et al. 2009

MILCOM 2009 - 2009 IEEE Military Communications Conference

Self Cite

View full text Add to dashboard Cite

show abstract

“…This approach is more viable in a mesh network than a deny-by-default one: for the last one to be usable, the rule-sets must be perfectly synchronized and updated; otherwise, there is the risk of dropping legitimate traffic. In networks where a high security level is required, also deny-by-default rule-set can be used as in [16,17], but it does not match our network scenario.…”

Section: Related Work and Motivationmentioning

confidence: 99%

Waterwall: a cooperative, distributed firewall for wireless mesh networks

Maccari

Cigno

2013

J Wireless Com Network

View full text Add to dashboard Cite

Firewalls are network devices dedicated to analyzing and filtering the traffic in order to separate network segments with different levels of trust. Generally, they are placed on the network perimeter and are used to separate the intranet from the Internet. Firewalls are used to forbid some protocols, to shape the bandwidth resources, and to perform deep packet inspection in order to spot malicious or unauthorized contents passing through the network. In a wireless multihop network, the concept of perimeter is hard to identify and the firewall function must be implemented on every node together with routing. But when the network size grows, the rule-set used to configure the firewall may grow accordingly and introduce latencies and instabilities for the low-power mesh nodes. We propose a novel concept of firewall in which every node filters the traffic only with a portion of the whole rule-set in order to reduce its computational burden. Even if at each hop we commit some errors, we show that the filtering efficiency measured for the whole network can achieve the desired precision, with a positive effect on the available network resources. This approach is different from the protection of a space behind a wall: we use the term waterwall to indicate a distributed and homogeneous filtering function spread among all the nodes in the network.

show abstract

“…As in reference [10] bootstrapping of policy-based access control in a deny-by-default the researcher with codification clear politics and rules and initial setup these try to determine necessary actions the system components are allowed to do it. They with a basic rules added to own mechanism functionality an updating, adding new rules and publishing set of ability that help to nodes for connectivity with own neighbors.…”

Section: B the Nac Related Work In Manetsmentioning

confidence: 99%

Survey on network access control technology in MANETs

Amiri

Afshar

Naji

et al. 2012

2012 International Conference on Innovation Management and Technology Research

View full text Add to dashboard Cite

Using Mobile Ad hoc Networks (MANETs) is growing with advances in technology. MANETs consist of few nodes with constrict resources and without any special structure. Each node can be connected to other nodes in its own transition rate. Network access control with respect to the development of networks is very important. In this paper, we explain the Network Access Control (NAC), the mechanism of action in the networks and also compare some NAC vendors. We briefly describe four network access control protocols for MANET and also compare them in terms of efficiency, communication complexity, overhead, and the techniques which is used. In the other part we describe the attacks in MANETs.

show abstract

Bootstrapping deny-by-default access control for mobile ad-hoc networks

Cited by 8 publications

References 10 publications

Security analysis of the Bootstrap protocol for deny-by-default Mobile Ad-hoc Networks

Security analysis of the Bootstrap protocol for deny-by-default Mobile Ad-hoc Networks

Waterwall: a cooperative, distributed firewall for wireless mesh networks

Survey on network access control technology in MANETs

Contact Info

Product

Resources

About