[Show abstract][Hide abstract] ABSTRACT: A number of Intrusion Detection System (IDS) techniques for Mobile Ad Hoc Networks (MANETs) have been proposed in the research literature. These techniques include trust building and cluster-based voting schemes, statistical anomaly detection, host-based watchdogs, and finite state machines for specifying correct routing behavior. Comparing and evaluating the effectiveness of these IDS techniques has been hindered by the limited number of large-scale MANET deployments, the lack of publicly available network traces of actual MANET traffic, and the difficulty in defining typical application and mobility scenarios. Network simulation tools have allowed researchers to study MANET IDSs without purchasing mobile nodes or conducting costly and time-consuming field trial tests. These simulations, however, have been conducted using widely varying assumptions on background network traffic, mobility, previous security associations, and the type of malicious network activity. This paper describes how we use our mLab testbed to create publicly available MANET network traces. These network traces allow researchers to compare the effectiveness of different MANET IDS techniques on the same data set, and conduct offline experiments with new IDS techniques without requiring expensive hardware.
World of Wireless, Mobile and Multimedia Networks, 2007. WoWMoM 2007. IEEE International Symposium on a; 07/2007
[Show abstract][Hide abstract] ABSTRACT: Ad hoc routing protocols have been designed to efficiently reroute traffic when confronted with network congestion, faulty nodes, and dynamically changing topologies. The common design goal of reactive, proactive, and hybrid ad hoc routing protocols is to faithfully route packets from a source node to a destination node while maintaining a satisfactory level of service in a resource-constrained environment. Detecting malicious nodes in an open ad hoc network in which participating nodes have no previous security associations presents a number of challenges not faced by traditional wired networks. Traffic monitoring in wired networks is usually performed at switches, routers and gateways, but an ad hoc network does not have these types of network elements where the intrusion detection system (IDS) can collect and analyze audit data for the entire network. A number of neighbor-monitoring, trust-building, and cluster-based voting schemes have been proposed in the research to enable the detection and reporting of malicious activity in ad hoc networks. The resources consumed by ad hoc network member nodes to monitor, detect, report, and diagnose malicious activity, however, may be greater than simply rerouting packets through a different available path. This paper presents a method for determining conditions under which critical nodes should be monitored, describes the details of a critical node test implementation, presents experimental results, and offers a new approach for conserving the limited resources of an ad hoc network IDS.
Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006. SecPerU 2006. Second International Workshop on; 07/2006
[Show abstract][Hide abstract] ABSTRACT: The proliferation of wireless devices and the availability of new wireless applications and services raise new privacy and security concerns. Although network-layer anonymity protects the identities of the communication endpoints, the physical layer of many wireless communication protocols offers no such guarantee. The electromagnetic signal transmitted over an open communication medium can be monitored, captured, and analyzed in an effort to trace and identify users of wireless devices. In this paper we present preliminary results on the feasibility of identifying wireless nodes in a network by measuring distinctive electromagnetic characteristics or "signatures" of wireless local area network (WLAN) cards.
Signal Processing and Information Technology, 2005. Proceedings of the Fifth IEEE International Symposium on; 01/2006
[Show abstract][Hide abstract] ABSTRACT: Mobile ad hoc network (MANET) routing algorithms have been the focus of a great deal of research over the last few years. This research has primarily focused on the performance, energy efficiency, quality of service (QoS), trust, and security issues of these algorithms. Given the cost and complexity of performing repeatable field experiments, most researchers naturally turn to network simulators to validate their theories. Network simulators allow researchers to quickly and cost-effectively analyze the impact of new approaches under various network traffic and mobility scenarios. Simulation results, however, must be vetted in real-world conditions using commercially available hardware and software to discover the shortcomings of modeling assumptions. Real-world testing, however, can be very expensive and time-consuming and beyond the budgetary constraints of most researchers. In response, we have extended our MANET emulator testbed, mLab , to include a collection of host-based kernel network traffic monitoring modules and visualization utilities. In this paper, we present the implementation details of these host-based kernel modules and provide illustrative experimental results to demonstrate how they can be used in conjunction with mLab to capture performance metrics using repeatable and user-defined mobility and traffic scenarios. The illustrative examples are based on NIST's implementation of the AODV and DYMO ad hoc routing protocols [2,3]
Proceedings of the 3rd ACM International Workshop on Performance Evaluation of Wireless Ad Hoc, Sensor, and Ubiquitous Networks, PE-WASUN 2006, Torremolinos, Spain, October 6, 2006; 01/2006
[Show abstract][Hide abstract] ABSTRACT: The IEEE 802.11 Wireless Local Area Network (WLAN) specifications have been the subject of increased attention due to their rapid commercial adaptation and the introduction of new security and privacy concerns. The IEEE 802.1x standard was introduced in order to overcome the initial security shortcomings of the Wired Equivalent Privacy (WEP) protocol. The IEEE 802.1x standard is an extensible standard that couples 802.11 networks with various authentication services through the incorporation of an Extensible Authentication Protocol (EAP) authentication dialog. The existing implementations of EAP dialogs are based on standard cryptographic solutions for authentication and session key generation but do not, however, provide any form of user anonymity or privacy. Anonymity and privacy are currently of pressing interest, especially in the context of WLANs, which are simultaneously the best medium to provide privacy (there is no physical phone number or connection end-point with a predetermined owner) as well as the most threatening medium to user privacy, as they have the potential of disclosing not only the identity of the user, but also their physical location. At the same time, the potential "perfect hiding" capabilities of WLAN users also highlights the need to control anonymity by introducing more flexible authentication mechanisms. Moreover, payment for wireless services is completely decoupled from the above procedures, raising additional efficiency and privacy concerns. In this work we propose a new EAP authentication dialog based on anonymous electronic cash that provides for privacy, anonymity control, payment acceptance and billing, and authentication. Our solution is based on the notion of "public-key embedding e-cash," an e-cash variant we present and formalize in this paper. We present a concrete description of the new EAP authentication dialog in the context of IEEE 802.1x. We also present an effi- cient implementation of a public-key embedding e-cash scheme based on RSA blind signatures and prove its security.
First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, Athens, Greece, 5-9 September, 2005; 01/2005
[Show abstract][Hide abstract] ABSTRACT: Mobile commerce and location-aware services promise to combine the conveniences of both online and offline bricks-and-mortar
services. Just as agent-enabled desktop computers can be used to improve a user’s e-commerce experience, so can agent-enabled
mobile devices be used to improve a user’s mobile commerce experience. Agent-enabled mobile devices can perform complex and
time-consuming tasks not well-suited for the small and cumbersome user interfaces available on most mobile devices, can interact
with other mobile devices over more than one interface, and can accompany users under circumstances in which the desktop computers
cannot. Agent-enabled mobile devices, however, present new security challenges and risks. While e-commerce agents run the
risk of disclosing one’s identity in cyberspace, agent-enabled mobile devices running location-aware applications, run the
risk of disclosing one’s actual physical location in addition to other personal information. This paper outlines security
and privacy issues and provides security guidelines for agent-based location-aware mobile commerce.