GANDHI & DAVE : SECURITY IN MOBILE AD HOC NETWORKS
 341

 

The PGP model adopts a decentralized web of trust approach where all users act as independent Certification Authority. Each user has the capability to sign and verify the keys of other users.

Resurrecting Duckling Model is based upon master-slave relationship. A slave considers first node that sends it a secret key as a master and receives all instructions and access control instructions from master. The master-slave bond can be broken either by master or in case of time-out.

There is another trust model [19] that makes use of trust agents that reside on the network nodes. The model computes the situational trust in agents based upon the general trust in the user nodes and the importance and utility of the situation in which a node finds itself. Each agent operates independently and maintains its individual perspective of trust hierarchy. Each agent performs trust derivation, quantification and computation functions.

Zheng et al [20] propose two models, one for independent ad hoc networks and another for an ad hoc network with connection to a fixed network. In both the models, Personal Trust Bubble represents an ad hoc node. In the bubble, the owner of the ad hoc device has illogically full trust on the device. Among bubbles and between the bubbles and fixed networks, logical and rational trust relationship needs to be evaluated computationally.

5.3. Intrusion Detection Systems in MANETs

An Intrusion Detection System (IDS) [22] is a defense system that detects hostile activities in a network and then tries to prevent such activities that may compromise system security. IDSs monitor audit data, look for intrusions in the system and initiate a proper response. The type of intrusion response for MANETs depends upon the type of intrusion, the network protocols and applications in use, and the confidence of the evidence. Intrusion detection can be classified as anomaly detection, misuse detection and specification based detection. Effectiveness and efficiency are the two key requirements for running IDS on MANETs. The basic model for IDS proposed in [23], runs an IDS agent on each node. It performs the local data collection and local detection. Cooperative detection and global intrusion response can be triggered when a node detects an anomaly. The data collection module gathers local audit traces and activity logs that are used by the local detection engine to detect local anomaly. Both the local and global response modules provide intrusion response actions.

  

The local response module triggers actions local to this mobile node whereas the global one co-ordinates actions among neighbouring nodes. This model has also been the basis of an intrusion detection system for securing AODV protocol.

Another kind of multilayer IDS has also been proposed in [23]. This system makes use of mobile agents. Mobile agents move around the network to execute their task. They work in parallel and facilitate implementation of robust attack-resistant IDS architectures [24]. A mobile agent can cooperate with other agent, it can copy itself and can move itself from one platform to another taking either a static or a dynamic route. The dynamic route is based on information collected from the network. The mobile agents determine autonomously when, where and
whether it to move. This decision is made by an independent active entity of the mobile agent and does not depend on the application which establishes the mobile agent. There may be specialized mobile agents that can focus on specific classes of intrusions. Such an agent can create copies of itself and then locate copies on multi-platforms for parallel detection of intrusion.

Figure 1 shows an IDS model using mobile agents [23]. It includes six layers, every layer comprises of some agents making use of services of lower layer. Agents in every layer execute special tasks by specialized agents to implement their function. Management agents are in the lowest layer and can exchange information with the others layers. From layer 2 (entrance inspection agents), an agent in a layer activates one or more agents in an upper layer by means of the message exchange mechanism.

Cluster-based Intrusion Detection System

MANET nodes typically have limited battery power, thus it is not efficient to make each MANET node always a monitoring node, especially when the threat level is low. Instead, a cluster of neighbouring MANET nodes can randomly and fairly elect a monitoring node, the cluster head, for the entire neighbourhood. In other words, the responsibility of intrusion detection is shared among nodes in the cluster. As a result, the cluster formation algorithm and clusterbased IDS schemes have been proposed in [25]. This scheme not only detects whether a particular node is malicious or not but also attempts to detect the type of attack. An anomaly is detected using across-feature analysis, where various features are compared to other features. The features selected for classification may be either traffic related (e.g. packet type, flow direction etc.) or non-traffic related (e.g. velocity, route cache
etc.).