On the efficiency of establishing and maintaining security associations in tactical MANETs in group formation

摘要

It has been shown that a Security Association (SA) established by strong authentication between a node pair in a Mobile Ad Hoc Network (MANET) should not depend on link connectivity [1]. While stale (long) SAs should be renewed, SA duration should be managed by a security policy and based on a trust model regardless of link intermittence. Both the security policy and the trust model are modules of a security architecture in [2]. In this paper, we consider nodes in multiple groups using the same channel (one interface) and a hierarchical traffic pattern typical of a tactical operation. We show that the inter-group SAs, between group heads, require a different trust model than that of intra-group SAs if the overhead of authentication is to be kept manageable. We form a new trust model, apply it to the group heads, and adapt their SA duration to their hopped distance away from their authenticators. Our results show that for group heads, the number of hops is a more effective parameter to which their SA duration should be adapted than their actual link distance modeled by FER. Compared to a trust model that adapts to average system FER [2], we show that the new trust model reduces the overhead of authentication for group heads who tend to be multiple hops away from the authenticator. We also show that by relaxing the security policy one can reduce the authentication traffic so that group heads would not be easily detected by the volume of their authentication traffic. Respecting a node's role in a MANET and its traffic pattern, we show the efficiency and flexibility of the security architecture in keeping the overhead low and reducing the probability of role identification by threat of traffic analysis.