Toward an Adaptive Security Assurance Mechanism in Mobile Ad Hoc Networks

• Main Authors: Ryh-Yuh Tseng, 曾日昱
• Other Authors: Bo-Chao Cheng
• Format: Others
• Language: en_US
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/65327496946798478420

博士 === 國立中正大學 === 通訊工程學系 === 98 === Mobile Ad Hoc Networks (MANET) is a self-configuring network composed of a significant number of resource-constrained nodes without a fixed network infrastructure. MANET is very vulnerable to attacks due to factors such as being an open medium, possessing dynamically reconfigurable network topology, and functioning in the absence of a centralized authority without prior security associations. The security issues of MANET have become a primary concern in recent years. Advanced hacking techniques make the effective defense in MANET impossible. Many security solutions have been proposed by researchers and practitioners in recent years. Most of these solutions focus on how to enhance the functionality and capability of security modules, but few emphasize the assurance assessments of security modules. Security assurance intends to provide a degree of confidence instead of a true measure of how secure the system is. Security assurance should be measured and controlled in the process of Security Management Life Cycle (SMLC). A good security assurance strategy should be practical, affordable, and achievable in highly dynamic and resource-constrained networking scenarios. Therefore, this study proposes a security assurance mechanism, called IDS Security Assurance Mechanism (ISAM), to support high mobility in MANET environments. The proposed ISAM meets the security requirements in the design and operation assurance phases with three components: IDS Deployment Mechanism (IDM), IDS Intrusion Mitigation Mechanism (IMM), and IDS Intrusion Forensics Mechanism (IFM). To deploy an effective IDS for a resource-constrained MANET, the ISAM uses IDM in the design assurance phase to develop an appropriate security strategy to perform intrusion detection. The security strategy in IDM delivers security benefits while meeting the energy budget. The IDM is able to adapt to the current node context (such as residual energy, security threats, and traffic loading) for accommodating and inspecting new arriving packets. It can intelligently monitor and recognize security breach attempts while adhering to the resource budget plan over the period of the expected network lifetime. Since MANET nodes are highly mobile and the network topology may change rapidly and unpredictably, setting up IDS in MANET node is insufficient to protect the target network. The ISAM thus introduces an IDS Intrusion Mitigation Mechanism (IMM) response in the operation assurance phase to follow up management services to achieve the desired primary goal of the incident response. The IMM provides a robust MANET IDS response protocol to form a trustee immune domain in order to react to the intrusion in a timely and accurate manner. Through the IMM, each mobile node can communicate with other nodes to respond to the security incident quickly so that the extent of the malicious attack to be significantly reduced. To guarantee a certain level of quality of security assurance for network forensics, the ISAM develops an IDS Intrusion Forensics Mechanism (IFM) that produces near-optimal solutions with a reasonable forensic service requests acceptance ratio and tolerable data capture losses under resource-constrained situations. According to a storage capacity level, the IFM is able to dynamically adjust the amount of data to collect, and preserve the integrity of data and evidence. To comply with SMLC, this study has verified that the ISAM can satisfy and fulfill the security assurance strategy in the design and operation assurance phases in MANET.