Security in Infrastructure-less and Decentralized Communication Networks : Location-based Intrusion Response and User-based Cooperative Decisions
Infrastructure-less communication substrates like multi-hop wireless mobile ad hoc networks in combination with applications based on decentralized networks like peer-to-peer networks facilitate establishing digital communication services in a spontaneous way. Envisioned application scenarios includ...
Summary: | Infrastructure-less communication substrates like multi-hop wireless mobile ad hoc networks in combination with applications based on decentralized networks like peer-to-peer networks facilitate establishing digital communication services in a spontaneous way. Envisioned application scenarios include, for example, enabling communication in large-scale disaster scenarios. Here, a preexisting communication infrastructure might not be available. Thus, devices have to act both as communication endpoints and routers. Built upon the paradigm of self-organization, the functionality of both infrastructure-less and decentralized networks is based on the cooperation of the devices forming the network and on the abandonment of fixed, central instances. From the perspective of security, being able to establish selforganizing networks in a spontaneous way is, however, paid for by being dependent on the cooperation of devices from many administrative domains that are beyond a central control. Further, the availability of security policies controlling, for example, access to restricted resources can not be assumed during spontaneous interactions. In this thesis, we address two major resulting challenges of (1) maintaining the functionality of the network in presence of devices that exploit the cooperative nature of infrastructure-less networks to launch attacks on network availability and (2) achieving security objectives like authentication and access control in the absence of a central (trusted) instance and predefined security policies. Regarding Challenge (1), we present a novel, location-based intrusion response mechanism for infrastructure-less networks. Since devices in infrastructure-less networks are beyond a central control, changing network addresses of devices and, thus, circumventing conventional address-based intrusion response solutions is possible with little effort. The location-based intrusion response approach we develop within this thesis, instead, uses the physical location of devices as an identifier. Misbehaving devices are excluded from the network by establishing quarantined areas void of communication at locations where misbehavior is detected. Our results based on analytical modeling and simulation studies show that, this way, we render the intrusion response mechanism insusceptible to changes in addresses of misbehaving nodes. On the downside, benign devices located in close physical proximity to misbehaving nodes are, for the sake of overall network survivability, excluded from the network along with misbehaving nodes. To mitigate this effect, we propose two approaches based on (a) adaptive transmission power of devices to minimize the size of quarantined areas and (b) harnessing delay tolerance of applications to enable (delayed) communication of benign devices located within quarantined areas. Our results based on simulation studies show that an adaptive transmission power can improve the location-based intrusion response approach in scenarios with low node mobility. By harnessing delay tolerance, we are able to effectively support the location-based intrusion response at the cost of increased transmission delays. Regarding Challenge (2), we present user-based, cooperative decisions as a replacement for central (trusted) instances and security policies. By introducing a cooperative decision process based on threshold cryptography, we prevent that cryptographic operations like signing certificates that grant access to restricted resources can be performed by a single, possibly compromised device. By involving (authorized) users directly in the decision process, we enable decisions on security-related requests during spontaneous interactions without predefined security policies. When involving users directly in decision processes, obviously, the number of users, as well as the frequency at which one particular user is requested, have to be minimized. To achieve these requirements, we discuss different interaction schemes between a user issuing a security-related request and the (potential) users taking part in the decision process. Subsequently, we present analytical models serving as tools for governing the decision process, in order to minimize the number of users involved in a decision. Our results obtained from a prototype for user-based, cooperative decisions deployed in two testbeds show the applicability of the interaction schemes as well as the correctness of the analytical models. |
---|