Specification-Based Intrusion Detection for Mobile Ad Hoc Networks

New challenges within the area of security have arisen due to a relatively new paradigm called mobile ad hoc networks. A mobile ad hoc network consists of wireless nodes that build a radio network without any pre-existing infrastructure or centralized servers. However, these networks have inherent vulnerabilities that make them susceptible to malicious attacks such as denial of service, propagation of incorrect routing information, and physical compromise of nodes. Current security solutions for tactical radio networks, which mainly are based on cryptography, are not sufficient. A new solution for intrusion detection is needed to obtain an acceptable level of security. In this paper, we make two contributions to the area of secure mobile ad hoc networks. First, we present an entirely new architecture for intrusion detection applicable to mobile ad hoc networks. Second, we also present a specification-based approach that detects attacks against mobile ad hoc networks. 1.0 INTRODUCTION In recent years, with the rapid development and increased usage of wireless devices, security has become one of the major problems that wireless networks face. A mobile ad hoc network is a wireless network that can be rapidly deployed as a multihop radio network without using any centralized functionality or fixed infrastructure such as base stations. Applications of mobile ad hoc networks include the tactical communication in a battlefield, rescue missions, as well as civilian ad hoc situations like conferences. Securing mobile ad hoc networks is a challenge. A mobile ad hoc network has inherent vulnerabilities that make it susceptible to malicious attacks such as denial of service attacks, message replay, propagation of incorrect routing information, and physical compromise of nodes (see more on this in the following section). Therefore, the traditional way to protect radio networks by cryptographic mechanisms, such as encryption and authentication, is no longer sufficient. Cryptography can reduce the amount of successful intrusions, but cannot fully eliminate them. Encryption and authentication provide protection against some attacks from external nodes, but will not protect against attacks from inside nodes, which already have the required keys [1][2]. Furthermore, it is difficult to design and implement software systems without introducing design and programming errors that an adversary can exploit. If an adversary has adequate resources and tries hard enough, there is a risk that the adversary succeeds in infiltrating the system. Hence, to obtain an acceptable level of security in military contexts, traditional security solutions should be coupled with intrusion detection systems (IDS) that continuously monitor the network and determine whether the system (the network or any node of the network) is under attack. Once an intrusion is Hansson, E. (2006) Specification-Based Intrusion Detection for Mobile Ad Hoc Networks. In Military Communications (pp. P3-1 – P3-14). Meeting Proceedings RTO-MP-IST-054, Poster 3. Neuilly-sur-Seine, France: RTO. Available from: http://www.rto.nato.int/abstracts.asp. Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE DEC 2006 2. REPORT TYPE N/A 3. DATES COVERED 4. TITLE AND SUBTITLE Specification-Based Intrusion Detection for Mobile Ad Hoc Networks 5a. CONTRACT NUMBER