A modular security architecture for managing security associations in MANETs

摘要

Maintaining security associations (SA) in mobile ad hoc networks (MANET) is challenging due to their intrinsically open, dynamic, and decentralized nature. Bandwidth limitations arising from both the physical characteristics of the wireless medium and the control overhead required to maintain routes in a network with changing topology add another level of difficulty to the problem. While establishing SAs with strong authentication is a generally accepted practice, the allowed duration of these SAs is a harder problem that may depend on a number of factors. Ideally, we would like to optimize the maintenance of the SAs to balance quality of protection (QoP) against quality of service (QoS). In this paper we propose and describe a modular security architecture to achieve this goal. The architecture consists of security policy, trust model, and state machine modules that together control the strong authentication process for establishing and maintaining SAs. We demonstrate the efficacy of this architecture through simulation of a MANET that implements a Trust-enhanced Routing Table (TRT). Our simulations use a state machine to manage the authentication process linked to a TRT previously proposed as a security extension of the optimized link state routing (OLSR) protocol. We demonstrate that this state machine, when linked to an adaptive trust model itself controlled by a security policy, can substantially outperform static models. Because the architecture is modular, the implementation can be tailored for different environments or scenarios.