The Community for Technology Leaders
RSS Icon
Issue No.03 - May/June (2011 vol.8)
pp: 321-336
Cristian Borcea , New Jersey Institute of Technology, Newark
Gang Xu , Rutgers University, Piscataway
To ensure fair and secure communication in Mobile Ad hoc Networks (MANETs), the applications running in these networks must be regulated by proper communication policies. However, enforcing policies in MANETs is challenging because they lack the infrastructure and trusted entities encountered in traditional distributed systems. This paper presents the design and implementation of a policy enforcing mechanism based on Satem, a kernel-level trusted execution monitor built on top of the Trusted Platform Module. Under this mechanism, each application or protocol has an associated policy. Two instances of an application running on different nodes may engage in communication only if these nodes enforce the same set of policies for both the application and the underlying protocols used by the application. In this way, nodes can form trusted application-centric networks. Before allowing a node to join such a network, Satem verifies its trustworthiness of enforcing the required set of policies. Furthermore, Satem protects the policies and the software enforcing these policies from being tampered with. If any of them is compromised, Satem disconnects the node from the network. We demonstrate the correctness of our solution through security analysis, and its low overhead through performance evaluation of two MANET applications.
Trusted computing, ad hoc networks, mobile computing.
Cristian Borcea, Gang Xu, "A Policy Enforcing Mechanism for Trusted Ad Hoc Networks", IEEE Transactions on Dependable and Secure Computing, vol.8, no. 3, pp. 321-336, May/June 2011, doi:10.1109/TDSC.2010.11
[1] M. Blaze, J. Feigenbaum, and J. Lacy, "Decentralized Trust Management," Proc. IEEE Conf. Privacy and Security, pp. 164-173, 1996.
[2] M. Blaze, J. Feigenbaum, J. Ioannidis, and A.D. Keromytis, "The Keynote Trust-Management System, Version 2," RFC 2704, Sept. 1999.
[3] G. Karjoth, "The Authorization Service of Tivoli Policy Director," Proc. 17th Computer Security Applications Conf. (ACSAC), p. 319, Dec. 2001.
[4] T. Woo and S. Lam, "A Framework for Distributed Authorization," Proc. First ACM Conf. Computer and Comm. Security, pp. 112-118, Nov. 1993.
[5] S. Ioannidis, A. Keromytis, S. Bellovin, and J. Smith, "Implementing a Distributed Firewall," Proc. ACM Conf. Computer and Comm. Security (CCS), pp. 190-199, 2000.
[6] T. Phan, Z. He, and T.D. Nguyen, "Using Firewalls to Enforce Enterprise-Wide Policies over Standard Client-Server Interactions," J. Computers, vol. 1, no. 1, pp. 1-12, Apr. 2006.
[7] S. Capkun, J. Hubaux, and L. Buttyán, "Mobility Helps Security in Ad Hoc Networks," Proc. ACM MobiHOC, pp. 46-56, June 2003.
[8] N. Minsky and V. Ungureanu, "Unified Support for Heterogeneous Security Policies in Distributed Systems," Proc. Seventh USENIX Security Symp., p. 10, Jan. 1998.
[9] N. Minsky and V. Ungureanu, "Law-Governed Interaction: A Coordination & Control Mechanism for Heterogeneous Distributed Systems," ACM Trans. Software Eng. and Methodology, vol. 9, no. 3, pp. 273-305, July 2000.
[10] T. Murata and N. Minsky, "Regulating Work in Digital Enterprises: A Flexible Managerial Framework," Proc. Cooperative Information Systems Conf. (CoopIS), pp. 356-372, Oct. 2002.
[11] N.M.M. Ionescu and T. Nguyen, "Enforcement of Communal Policies for Peer-to-Peer Systems," Proc. Sixth Int'l Conf. Coordination Models and Languages, Feb. 2004.
[12] J.M. McCune, T. Jaeger, S. Berger, R. Caceres, and R. Sailer, "Shamon: A System for Distributed Mandatory Access Control," Proc. 22nd Ann. Computer Security Applications Conf., 2006.
[13] S.L. Keoh, E. Lupu, and M. Sloman, "Peace: A Policy-Based Establishment of Ad-Hoc Communities," Proc. 20th Ann. Computer Security Applications Conf. (ACSAC), pp. 386-395, Sept. 2004.
[14] G. Xu, C. Borcea, and L. Iftode, "Trusted Application-Centric Ad-Hoc Networks," Proc. Fourth IEEE Int'l Conf. Mobile Ad-Hoc Networks and Sensor Systems (MASS '07), 2007.
[15] G. Xu, C. Borcea, and L. Iftode, "Satem: A Service-Aware Attestation Method toward Trusted Service Transaction," Proc. IEEE Symp. Reliable Distributed Systems (SRDS), pp. 321-336, Oct. 2006.
[16] Trusted Computing Group, "TCG 1.1b Specifications," https://www.trustedcomputinggroup.orghome , 2010.
[17] Trusted Computing Group—Mobile Phone Working Group, "Use Case Scenarios—v 2.7," Sept. 2005.
[18] "The Network Simulator—NS2,", 2010.
[19] C.E. Perkins and E.M. Royer, "Ad Hoc On-Demand Distance Vector Routing," Proc. Second IEEE Workshop Mobile Computing Systems and Applications, 1999.
[20] Y.-C. Hu, A. Perrig, and D.B. Johnson, "Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks," Proc. 22nd Ann. Joint Conf. IEEE Computer and Comm. Soc., pp. 1976-1986, Apr. 2003.
[21] S. Dashtinezhad, T. Nadeem, B. Dorohonceanu, C. Borcea, P. Kang, and L. Iftode, "Trafficview: A Driver Assistant Device for Traffic Monitoring Based on Car-to-Car Communication," Proc. 59th IEEE Semiann. Vehicular Technology Conf., pp. 2946-2950, May 2004.
[22] D.F. Brewer and M.J. Nash, "The Chinese Wall Security Policy," Proc. IEEE Conf. Privacy and Security, pp. 206-214, 1989.
[23] J.R. Douceur, "The Sybil Attack," Proc. Revised Papers from the First Int'l Workshop Peer-to-Peer Systems (IPTPS '01), pp. 251-260, 2002.
[24] http:/, 2010.
[25] S. Berkovits, S. Chokhani, J. Furlong, J. Geiter, and J. Guild, "Public Key Infrastructure Study Final Report," MITRE report, 1994.
[26] W. Bagga, S. Crosta, P. Michiardi, and R. Molva, "Establishment of Ad-Hoc Communities through Policy-Based Cryptography," Electronic Notes in Theoretical Computer Science, vol. 171, no. 1, pp. 107-120, 2007.
[27] K. Goldman, R. Perez, and R. Sailer, "Linking Remote Attestation to Secure Tunnel Endpoints," Proc. First ACM Workshop Scalable Trusted Computing, 2006.
[28] L. Zhou and Z.J. Haas, "Securing Ad Hoc Networks," IEEE Networks, vol. 13, no. 6, pp. 24-30, Nov./Dec. 1999.
[29] N. Asokan and P. Ginzboorg, "Key Agreement in Ad-Hoc Networks," Computer Comm., vol. 23, no. 17, pp. 1627-1637, 2000.
[30] J. Kong, P. Zerfos, H. Luo, S. Lu, and L. Zhang, "Providing Robust and Ubiquitous Security Support for Mobile Ad-Hoc Networks," Proc. Ninth IEEE Int'l Conf. Network Protocols (ICNP '01), p. 251, 2001.
[31] S. Capkun, L. Buttyan, and J.P. Hubaux, "Self-Organized Public-Key Management for Mobile Ad Hoc Networks," IEEE Trans. Mobile Computing, vol. 2, no. 1, pp. 52-64, Jan.-Mar. 2003.
[32] G. Xu and L. Iftode, "Locality Driven Key Management for Mobile Ad-Hoc Networks," Proc. First IEEE Int'l Conf. Mobile Ad-Hoc Networks and Sensor Systems (MASS '04), pp. 436-446, 2004.
[33] , 2010.
[34] X. Wang, Y. Yin, and H. Yu, "Finding Collisions in the Full SHA1," Proc. Int'l Conf. Advances in Cryptology (Crypto), 2005.
[35] "The netfilter/iptables Project," http:/, 2010.
[36] "Atmel TPM," http:/, 2010.
[37] J. Nzouonta, N. Rajgure, G. Wang, and C. Borcea, "Vanet Routing on City Roads Using Real-Time Vehicular Traffic Information," IEEE Trans. Vehicular Technology, vol. 58, no. 7, pp. 3609-3626, 2009.
[38] J. Broch, D.A. Maltz, D. Johnson, Y. Hu, and J. Jetcheva, "A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols," Proc. Ann. ACM/IEEE MobiCom '98, pp. 85-97, 1998.
[39] S.-Y. Ni, Y.-C. Tseng, Y.-S. Chen, and J.-P. Sheu, "The Broadcast Storm Problem in a Mobile Ad Hoc Network," Proc. Ann. ACM/IEEE MobiCom, 1999.
[40] B. Kauer, "Oslo: Improving the Security of Trusted Computing," Proc. 16th USENIX Security Symp., 2007.
[41] AMD, "Secure Virtual Machine Architecture Reference Manual," 2005.
[42] A. Baliga, P. Kamat, and L. Iftode, "Lurking in the Shadows: Identifying Systemic Threats to Kernel Data," Proc. 2007 IEEE Symp. Security and Privacy, 2007.
[43] L.S. Clair, J. Schiffman, T. Jaeger, and P. McDaniel, "Establishing and Sustaining System Integrity via Root of Trust Installation," Proc. 23rd Ann. Computer Security Applications Conf., 2007.
[44] R. Anderson, "Technical Perspective a Chilly Aense of Security," Comm. ACM, vol. 52, no. 5, p. 90, 2009.
[45] J.A. Halderman, S.D. Schoen, N. Heninger, W. Clarkson, W. Paul, J.A. Calandrino, A.J. Feldman, J. Appelbaum, and E.W. Felten, "Lest We Remember: Cold Boot Attacks on Encryption Keys," Proc. 17th USENIX Security Symp., 2008.
[46] C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman, "Linux Security Modules: General Security Support for the Linux Kernel," Proc. 11th USENIX Security Symp., 2002.
[47] P. Dinsmore, D. Balenson, M. Heyman, P. Kruus, C. Scace, and A. Sherman, "Policy-Based Security Management for Large Dynamic Groups: An Overview of the dccm Project," Proc. DARPA Information Survivability Conf. and Exposition (DISCEX '00), pp. 64-73, Jan. 2000.
[48] P. McDaniel and A. Prakash, "Enforcing Provisioning and Authorization Policy in the Antigone System," J. Computers, vol. 14, no. 6, pp. 483-511, Nov. 2006.
[49] R. Sailer, T. Jaeger, X. Zhang, and L. van Doorn, "Attestation-Based Policy Enforcement for Remote Access," Proc. 11th ACM Conf. Computer and Comm. Security, pp. 308-317, 2004.
[50] S.W. Smith and S.H. Weingart, "Building a High Performance, Programmable Secure Co-Processor," Computer Networks, special issue on computer network security, vol. 31, no. 9, pp. 831-860, Apr. 1999.
[51] S. White, S. Weingart, W. Arnold, and E. Palmer, "Introduction to the Citadel Architecture: Security in Physically Exposed Environments," Technical Report TR RC16672, IBM Thomas J. Watson Research Center, 1991.
[52] B. Yee, "Using Secure Coprocessors," PhD dissertation, School of Computer Science, Carnegie Mellon Univ., May 1994.
[53] B. Chen and R. Morris, "Certifying Program Execution with Secure Processors," Proc. Ninth Workshop Hot Topics in Operating Systems, p. 23, 2003.
[54] D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz, "Architectural Support for Copy and Tamper Resistant Software," Proc. Architectural Support for Programming Languages and Operating Systems, pp. 168-177, 2000.
[55] R. Kennell and L.H. Jamieson, "Establishing the Genuinity of Remote Computer Systems," Proc. 12th USENIX Security Symp., p. 21, 2003.
[56] A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla, "SWATT: Software-Based Attestation for Embedded Devices," Proc. 2004 IEEE Symp. Security and Privacy, 2004.
[57] A. Seshadri, M. Luk, E. Shi, A. Perrig, L.V. Doorn, and P. Khosla, "Pioneer: Verifying Integrity and Guaranteeing Execution of Code on Legacy Platforms," Proc. 20th ACM Symp. Operating Systems Principles, 2005.
[58] T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh, "Terra: A Virtual Machine-Based Platform for Trusted Computing," Proc. Ninth ACM Symp. Operating Systems Principles, pp. 193-206, 2003.
[59] Microsoft, Corp., "Next Generation Secure Computing Base,", 2010.
[60] R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn, "Design and Implementation of a TCG-Based Integrity Measurement Architecture," Proc. 13th USENIX Security Symp., p. 16, 2004.
[61] E. Shi, A. Perrig, and L. van Doorn, "Bind: A Time-of-Use Attestation Service for Secure Distributed System," Proc. IEEE Symp. Security and Privacy, pp. 154-168, 2005.
26 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool