gangxu2011.pdf - IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING VOL 8 NO 3 MAY\/JUNE 2011 321 A Policy Enforcing Mechanism for Trusted Ad Hoc

gangxu2011.pdf - IEEE TRANSACTIONS ON DEPENDABLE AND SECURE...

This preview shows page 1 - 2 out of 16 pages.

A Policy Enforcing Mechanism for Trusted Ad Hoc Networks Gang Xu, Member , IEEE , Cristian Borcea, Member , IEEE , and Liviu Iftode, Senior Member , IEEE Abstract —To ensure fair and secure communication in Mobile Ad hoc Networks (MANETs), the applications running in these networks must be regulated by proper communication policies. However, enforcing policies in MANETs is challenging because they lack the infrastructure and trusted entities encountered in traditional distributed systems. This paper presents the design and implementation of a policy enforcing mechanism based on Satem, a kernel-level trusted execution monitor built on top of the Trusted Platform Module. Under this mechanism, each application or protocol has an associated policy. Two instances of an application running on different nodes may engage in communication only if these nodes enforce the same set of policies for both the application and the underlying protocols used by the application. In this way, nodes can form trusted application-centric networks. Before allowing a node to join such a network, Satem verifies its trustworthiness of enforcing the required set of policies. Furthermore, Satem protects the policies and the software enforcing these policies from being tampered with. If any of them is compromised, Satem disconnects the node from the network. We demonstrate the correctness of our solution through security analysis, and its low overhead through performance evaluation of two MANET applications. Index Terms —Trusted computing, ad hoc networks, mobile computing. Ç 1 I NTRODUCTION W ITH the maturity of short-range wireless technologies and proliferation of mobile computing devices, build- ing real-life applications over mobile ad hoc networks (MANETs) becomes feasible. For instance, two potential applications are traffic monitoring in vehicular networks and peer-to-peer file sharing in ad hoc networks of smart phones. A key to the success of such applications is a mechanism assuring secure communication and proper collaboration among all participant entities. To achieve this goal, commu- nication policies that govern the interactions between entities must be defined and enforced. For instance, in a traffic monitoring application, the policy can guarantee that a car always forwards accident alerts to cars coming behind it. Similarly, in a peer-to-peer application, the policy can guarantee that a smart phone can post a query only if it has made several contributions such as publishing files or forwarding other queries. Mechanisms to define and evaluate security policies have been well studied in traditional distributed system [1], [2]. While these methods provide sufficient expressive power to represent policies for MANET applications, the challenge is how to enforce such policies in MANETs. Most of the existing policy enforcement solutions have focused on the Internet-based systems [3], [4], [5], [6]. Unfortunately, these solutions are not fit for MANET for two reasons. First, they enforce policies on trusted “choke points” (e.g., firewall or
Image of page 1
Image of page 2

You've reached the end of your free preview.

Want to read all 16 pages?

  • Fall '19
  • Test, Public key infrastructure, File sharing, Peer-to-peer, Certificate authority, SATEM

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture